Topic 4 Flashcards Preview

Sec+ > Topic 4 > Flashcards

Flashcards in Topic 4 Deck (100)
Loading flashcards...
1

The help desk is receiving numerous password change alerts from users in the accounting department. These
alerts occur multiple times on the same day for each of the affected users' accounts. Which of the following
controls should be implemented to curtail this activity?

Password Reuse
Password complexity
Password History
Password Minimum age

Password minimum age

2

Six months into development, the core team assigned to implement a new internal piece of software must
convene to discuss a new requirement with the stake holders. A stakeholder identified a missing feature critical to the organization, which must be implemented. The team needs to validate the feasibility of the newly introduced requirement and ensure it does not introduce new vulnerabilities to the software and other applications that will integrate with it. Which of the following BEST describes what the company?

The system integration phase of the SDLC
The system analysis phase of SSDSLC
The system design phase of the SDLC
The system development phase of the SDLC

The system analysis phase of SSDSLC

3

A security analyst has set up a network tap to monitor network traffic for vulnerabilities. Which of the
following techniques would BEST describe the approach the analyst has taken?

Compliance scanning
Credentialed scanning
Passive vulnerability scanning
Port scanning

Port scanning

4

While performing a penetration test, the technicians want their efforts to go unnoticed for as long as possible while they gather useful data about the network they are assessing. Which of the following would be the BEST choice for the technicians?

Vulnerability scanner
Offline password cracker
Packet sniffer
Banner grabbing

Packet sniffer

5

An organization recently moved its custom web applications to the cloud, and it is obtaining managed services of the back-end environment as part of its subscription. Which of the following types of services is this company now using?

SaaS
CASB
IaaS
PaaS

CASB (cloud access security broker)

6

The POODLE attack is an MITM exploit that affects:

TLS1.0 with CBC mode cipher
SSLv2.0 with CBC mode cipher
SSLv3.0 with CBC mode cipher
SSLv3.0 with ECB mode cipher

SSLv3.0 with CBC mode cipher

7

Which of the following techniques can be bypass a user or computer's web browser privacy settings? (Select Two)

SQL injection
Session hijacking
Cross-site scripting
Locally shared objects
LDAP injection

Session hijacking

Cross-site scripting

8

A network technician is trying to determine the source of an ongoing network based attack. Which of the
following should the technician use to view IPv4 packet data on a particular internal network segment?

Proxy
Protocol analyzer
Switch
Firewall

Protocol analyzer

9

To determine the ALE of a particular risk, which of the following must be calculated? (Select two.)

ARO
ROI
RPO
SLE
RTO

ARO (Annual Rate of Occurrence)

SLE (Single-loss expectancy)

10

A security administrator needs an external vendor to correct an urgent issue with an organization's physical
access control system (PACS). The PACS does not currently have internet access because it is running a
legacy operation system.
Which of the following methods should the security administrator select the best balances security and
efficiency?

Temporarily permit outbound internet access for the pacs so desktop sharing can be set up

Have the external vendor come onsite and provide access to the PACS directly

Set up VPN concentrator for the vendor and restrict access to the PACS using desktop sharing

Set up a web conference on the administrator's pc; then remotely connect to the pacs

Set up VPN concentrator for the vendor and restrict access to the PACS using desktop sharing

11

An organization is trying to decide which type of access control is most appropriate for the network. The current access control approach is too complex and requires significant overhead. Management would like to simplify the access control and provide user with the ability to determine what permissions should be applied to files, document, and directories. The access control method that BEST satisfies these objectives is:

Rule-based access control
Role-based access control
Mandatory access control
Discretionary access control

Discretionary access control

12

The IT department needs to prevent users from installing untested applications.
Which of the following would provide the BEST solution?

Job rotation
Least privilege
Account lockout
Antivirus

Least privilege

13

A security administrator is tasked with implementing centralized management of all network devices. Network administrators will be required to logon to network devices using their LDAP credentials. All command executed by network administrators on network devices must fall within a preset list of authorized commands and must be logged to a central facility. Which of the following configuration commands should be implemented to enforce this requirement?

LDAP server 10.55.199.3
CN=company, CN=com, OU=netadmin, DC=192.32.10.233
SYSLOG SERVER 172.16.23.50
TACAS server 192.168.1.100

CN=company, CN=com, OU=netadmin, DC=192.32.10.233

14

A malicious attacker has intercepted HTTP traffic and inserted an ASCII line that sets the referrer URL.
Which of the following is the attacker most likely utilizing?

Header manipulation
Cookie hijacking
Cross-site scripting
Xml injection

Header manipulation

15

Which of the following would enhance the security of accessing data stored in the cloud? (Select TWO)

Block level encryption
SAML authentication
Transport encryption
Multifactor authentication
Predefined challenge
Hashing

SAML Authentication

Multifactor authentication

16

Which of the following delineates why it is important to perform egress filtering and monitoring on Internet
connected security zones of interfaces on a firewall?

Egress traffic is more important than ingress traffic for malware prevention
To rebalance the amount of outbound traffic and inbound traffic
Outbound traffic could be communicating to known botnet sources
To prevent DDoS attacks originating from external network

To rebalance the amount of outbound traffic and inbound traffic

17

Which of the following BEST describes a network-based attack that can allow an attacker to take full control of a vulnerable host?

Remote exploit
Amplification
Sniffing
Man-in-the-middle

Remote exploit

18

An in-house penetration tester has been asked to evade a new DLP system. The tester plans to exfiltrate data through steganography. Discovery of which of the following would help catch the tester in the act?

Abnormally high numbers of outgoing instant messages that contain obfuscated text

Large-capacity USB drives on the tester's desk with encrypted zip files

Outgoing emails containing unusually large image files

Unusual SFTP connections to a consumer IP address

Outgoing emails containing unusually large image files

19

Company XYZ has decided to make use of a cloud-based service that requires mutual, certificate- based
authentication with its users. The company uses SSL-inspecting IDS at its network boundary and is concerned about the confidentiality of the mutual authentication. Which of the following model prevents the IDS from capturing credentials used to authenticate users to the new service or keys to decrypt that communication?

Use of OATH between the user and the service and attestation from the company domain
Use of active directory federation between the company and the cloud-based service
Use of smartcards that store x.509 keys, signed by a global CA
Use of a third-party, SAML-based authentication service for attestation

Use of active directory federation between the company and the cloud-based service.

20

Which of the following can be used to control specific commands that can be executed on a network
infrastructure device?

LDAP
Kerberos
SAML
TACACS+

TACAS+

21

A wireless network has the following design requirements:

Authentication must not be dependent on enterprise directory service
It must allow background reconnection for mobile users
It must not depend on user certificates
Which of the following should be used in the design to meet the requirements? (Choose two.)

PEAP
PSK
Open systems authentication
EAP-TLS
Captive portals

PSK

Captive portals

22

A security analyst is updating a BIA document. The security analyst notices the support vendor's time to
replace a server hard drive went from eight hours to two hours. Given these new metrics, which of the
following can be concluded? (Select TWO)

The MTTR is faster.
The MTTR is slower.
The RTO has increased.
The RTO has decreased.
The MTTF has increased.
The MTTF has decreased.

The MTTR is faster
The RTO has decreased

23

A new hire wants to use a personally owned phone to access company resources. The new hire expresses
concern about what happens to the data on the phone when they leave the company. Which of the following
portions of the company's mobile device management configuration would allow the company data to be
removed from the device without touching the new hire's data?

Asset control
Device access control
Storage lock out
Storage segmentation

Device access control

24

A consultant has been tasked to assess a client's network. The client reports frequent network outages. Upon viewing the spanning tree configuration, the consultant notices that an old and law performing edge switch on the network has been elected to be the root bridge. Which of the following explains this scenario?

The switch also serves as the DHCP server
The switch has the lowest MAC address
The switch has spanning tree loop protection enabled
The switch has the fastest uplink port

The switch has spanning tree loop protection enabled

25

A third-party penetration testing company was able to successfully use an ARP cache poison technique to gain root access on a server. The tester successfully moved to another server that was not in the original network.
Which of the following is the MOST likely method used to gain access to the other host?

Backdoor
Pivoting
Persistance
Logic bomb

Pivoting

26

A security auditor is putting together a report for the Chief Executive Officer (CEO) on personnel security and its impact on the security posture of the whole organization. Which of the following would be the MOST important factor to consider when it comes to personnel security?

Insider threats
Privilege escalation
Hacktivist
Phishing through social media
Corporate espionage

Insider threats

27

Which of the following is the BEST reason for salting a password hash before it is stored in a database?

To prevent duplicate values from being stored
To make the password retrieval process very slow
To protect passwords from being saved in readable format
To prevent users from using simple passwords for their access credentials

To prevent duplicate values from being stored

28

An audit has revealed that database administrators are also responsible for auditing database changes and
backup logs. Which of the following access control methodologies would BEST mitigate this concern?

Time of day restrictions
Principle of least privilege
Role-based access control
Separation of duties

Separation of duties

29

A security administrator determined that users within the company are installing unapproved software.
Company policy dictates that only certain applications may be installed or ran on the user's computers without
exception. Which of the following should the administrator do to prevent all unapproved software from running on the user's computer?

Deploy antivirus software and configure it to detect and remove pirated software
Configure the firewall to prevent the downloading of executable files
Create an application whitelist and use OS controls to enforce it
Prevent users from running as administrator so they cannot install software.

Create an application whitelist and use OS controls to enforce it.

30

Due to regulatory requirements, a security analyst must implement full drive encryption on a Windows file
server. Which of the following should the analyst implement on the system to BEST meet this requirement?

Enable and configure EFS on the file system.
Ensure the hardware supports TPM, and enable it in the BIOS.
Ensure the hardware supports VT-X, and enable it in the BIOS.
Enable and configure BitLocker on the drives.
Enable and configure DFS across the file system.

Ensure the hardware supports TPM, and enable it in the BIOS

Enable and configured bitlocker on the drives.