Topic 4 Flashcards by David Tran

The help desk is receiving numerous password change alerts from users in the accounting department. These
alerts occur multiple times on the same day for each of the affected users’ accounts. Which of the following
controls should be implemented to curtail this activity?

Password Reuse
Password complexity
Password History
Password Minimum age

Password minimum age

How well did you know this?

Not at all

Perfectly

Six months into development, the core team assigned to implement a new internal piece of software must
convene to discuss a new requirement with the stake holders. A stakeholder identified a missing feature critical to the organization, which must be implemented. The team needs to validate the feasibility of the newly introduced requirement and ensure it does not introduce new vulnerabilities to the software and other applications that will integrate with it. Which of the following BEST describes what the company?

The system integration phase of the SDLC
The system analysis phase of SSDSLC
The system design phase of the SDLC
The system development phase of the SDLC

The system analysis phase of SSDSLC

How well did you know this?

Not at all

Perfectly

A security analyst has set up a network tap to monitor network traffic for vulnerabilities. Which of the
following techniques would BEST describe the approach the analyst has taken?

Compliance scanning
Credentialed scanning
Passive vulnerability scanning
Port scanning

Port scanning

How well did you know this?

Not at all

Perfectly

While performing a penetration test, the technicians want their efforts to go unnoticed for as long as possible while they gather useful data about the network they are assessing. Which of the following would be the BEST choice for the technicians?

Vulnerability scanner
Offline password cracker
Packet sniffer
Banner grabbing

Packet sniffer

How well did you know this?

Not at all

Perfectly

An organization recently moved its custom web applications to the cloud, and it is obtaining managed services of the back-end environment as part of its subscription. Which of the following types of services is this company now using?

SaaS
CASB
IaaS
PaaS

CASB (cloud access security broker)

How well did you know this?

Not at all

Perfectly

The POODLE attack is an MITM exploit that affects:

TLS1.0 with CBC mode cipher
SSLv2.0 with CBC mode cipher
SSLv3.0 with CBC mode cipher
SSLv3.0 with ECB mode cipher

SSLv3.0 with CBC mode cipher

How well did you know this?

Not at all

Perfectly

Which of the following techniques can be bypass a user or computer’s web browser privacy settings? (Select Two)

SQL injection
Session hijacking
Cross-site scripting
Locally shared objects
LDAP injection

Session hijacking

Cross-site scripting

How well did you know this?

Not at all

Perfectly

A network technician is trying to determine the source of an ongoing network based attack. Which of the
following should the technician use to view IPv4 packet data on a particular internal network segment?

Proxy
Protocol analyzer
Switch
Firewall

Protocol analyzer

How well did you know this?

Not at all

Perfectly

To determine the ALE of a particular risk, which of the following must be calculated? (Select two.)

ARO
ROI
RPO
SLE
RTO

ARO (Annual Rate of Occurrence)

SLE (Single-loss expectancy)

How well did you know this?

Not at all

Perfectly

A security administrator needs an external vendor to correct an urgent issue with an organization’s physical
access control system (PACS). The PACS does not currently have internet access because it is running a
legacy operation system.
Which of the following methods should the security administrator select the best balances security and
efficiency?

Temporarily permit outbound internet access for the pacs so desktop sharing can be set up

Have the external vendor come onsite and provide access to the PACS directly

Set up VPN concentrator for the vendor and restrict access to the PACS using desktop sharing

Set up a web conference on the administrator’s pc; then remotely connect to the pacs

Set up VPN concentrator for the vendor and restrict access to the PACS using desktop sharing

How well did you know this?

Not at all

Perfectly

An organization is trying to decide which type of access control is most appropriate for the network. The current access control approach is too complex and requires significant overhead. Management would like to simplify the access control and provide user with the ability to determine what permissions should be applied to files, document, and directories. The access control method that BEST satisfies these objectives is:

Rule-based access control
Role-based access control
Mandatory access control
Discretionary access control

Discretionary access control

How well did you know this?

Not at all

Perfectly

The IT department needs to prevent users from installing untested applications.
Which of the following would provide the BEST solution?

Job rotation
Least privilege
Account lockout
Antivirus

Least privilege

How well did you know this?

Not at all

Perfectly

A security administrator is tasked with implementing centralized management of all network devices. Network administrators will be required to logon to network devices using their LDAP credentials. All command executed by network administrators on network devices must fall within a preset list of authorized commands and must be logged to a central facility. Which of the following configuration commands should be implemented to enforce this requirement?

LDAP server 10.55.199.3
CN=company, CN=com, OU=netadmin, DC=192.32.10.233
SYSLOG SERVER 172.16.23.50
TACAS server 192.168.1.100

CN=company, CN=com, OU=netadmin, DC=192.32.10.233

How well did you know this?

Not at all

Perfectly

A malicious attacker has intercepted HTTP traffic and inserted an ASCII line that sets the referrer URL.
Which of the following is the attacker most likely utilizing?

Header manipulation
Cookie hijacking
Cross-site scripting
Xml injection

Header manipulation

How well did you know this?

Not at all

Perfectly

Which of the following would enhance the security of accessing data stored in the cloud? (Select TWO)

Block level encryption
SAML authentication
Transport encryption
Multifactor authentication
Predefined challenge
Hashing

SAML Authentication

Multifactor authentication

How well did you know this?

Not at all

Perfectly

Which of the following delineates why it is important to perform egress filtering and monitoring on Internet
connected security zones of interfaces on a firewall?

Egress traffic is more important than ingress traffic for malware prevention
To rebalance the amount of outbound traffic and inbound traffic
Outbound traffic could be communicating to known botnet sources
To prevent DDoS attacks originating from external network

To rebalance the amount of outbound traffic and inbound traffic

How well did you know this?

Not at all

Perfectly

Which of the following BEST describes a network-based attack that can allow an attacker to take full control of a vulnerable host?

Remote exploit
Amplification
Sniffing
Man-in-the-middle

Remote exploit

How well did you know this?

Not at all

Perfectly

An in-house penetration tester has been asked to evade a new DLP system. The tester plans to exfiltrate data through steganography. Discovery of which of the following would help catch the tester in the act?

Abnormally high numbers of outgoing instant messages that contain obfuscated text

Large-capacity USB drives on the tester’s desk with encrypted zip files

Outgoing emails containing unusually large image files

Unusual SFTP connections to a consumer IP address

Outgoing emails containing unusually large image files

How well did you know this?

Not at all

Perfectly

Company XYZ has decided to make use of a cloud-based service that requires mutual, certificate- based
authentication with its users. The company uses SSL-inspecting IDS at its network boundary and is concerned about the confidentiality of the mutual authentication. Which of the following model prevents the IDS from capturing credentials used to authenticate users to the new service or keys to decrypt that communication?

Use of OATH between the user and the service and attestation from the company domain
Use of active directory federation between the company and the cloud-based service
Use of smartcards that store x.509 keys, signed by a global CA
Use of a third-party, SAML-based authentication service for attestation

Use of active directory federation between the company and the cloud-based service.

How well did you know this?

Not at all

Perfectly

Which of the following can be used to control specific commands that can be executed on a network
infrastructure device?

LDAP
Kerberos
SAML
TACACS+

TACAS+

How well did you know this?

Not at all

Perfectly

A wireless network has the following design requirements:

Authentication must not be dependent on enterprise directory service
It must allow background reconnection for mobile users
It must not depend on user certificates
Which of the following should be used in the design to meet the requirements? (Choose two.)

PEAP
PSK
Open systems authentication
EAP-TLS
Captive portals

PSK

Captive portals

How well did you know this?

Not at all

Perfectly

A security analyst is updating a BIA document. The security analyst notices the support vendor’s time to
replace a server hard drive went from eight hours to two hours. Given these new metrics, which of the
following can be concluded? (Select TWO)

The MTTR is faster.
The MTTR is slower.
The RTO has increased.
The RTO has decreased.
The MTTF has increased.
The MTTF has decreased.

The MTTR is faster

The RTO has decreased

How well did you know this?

Not at all

Perfectly

A new hire wants to use a personally owned phone to access company resources. The new hire expresses
concern about what happens to the data on the phone when they leave the company. Which of the following
portions of the company’s mobile device management configuration would allow the company data to be
removed from the device without touching the new hire’s data?

Asset control
Device access control
Storage lock out
Storage segmentation

Device access control

How well did you know this?

Not at all

Perfectly

A consultant has been tasked to assess a client’s network. The client reports frequent network outages. Upon viewing the spanning tree configuration, the consultant notices that an old and law performing edge switch on the network has been elected to be the root bridge. Which of the following explains this scenario?

The switch also serves as the DHCP server
The switch has the lowest MAC address
The switch has spanning tree loop protection enabled
The switch has the fastest uplink port

The switch has spanning tree loop protection enabled

How well did you know this?

Not at all

Perfectly

A third-party penetration testing company was able to successfully use an ARP cache poison technique to gain root access on a server. The tester successfully moved to another server that was not in the original network. Which of the following is the MOST likely method used to gain access to the other host? Backdoor Pivoting Persistance Logic bomb

Pivoting

A security auditor is putting together a report for the Chief Executive Officer (CEO) on personnel security and its impact on the security posture of the whole organization. Which of the following would be the MOST important factor to consider when it comes to personnel security? ``` Insider threats Privilege escalation Hacktivist Phishing through social media Corporate espionage ```

Insider threats

Which of the following is the BEST reason for salting a password hash before it is stored in a database? To prevent duplicate values from being stored To make the password retrieval process very slow To protect passwords from being saved in readable format To prevent users from using simple passwords for their access credentials

To prevent duplicate values from being stored

An audit has revealed that database administrators are also responsible for auditing database changes and backup logs. Which of the following access control methodologies would BEST mitigate this concern? Time of day restrictions Principle of least privilege Role-based access control Separation of duties

Separation of duties

A security administrator determined that users within the company are installing unapproved software. Company policy dictates that only certain applications may be installed or ran on the user's computers without exception. Which of the following should the administrator do to prevent all unapproved software from running on the user's computer? Deploy antivirus software and configure it to detect and remove pirated software Configure the firewall to prevent the downloading of executable files Create an application whitelist and use OS controls to enforce it Prevent users from running as administrator so they cannot install software.

Create an application whitelist and use OS controls to enforce it.

Due to regulatory requirements, a security analyst must implement full drive encryption on a Windows file server. Which of the following should the analyst implement on the system to BEST meet this requirement? Enable and configure EFS on the file system. Ensure the hardware supports TPM, and enable it in the BIOS. Ensure the hardware supports VT-X, and enable it in the BIOS. Enable and configure BitLocker on the drives. Enable and configure DFS across the file system.

Ensure the hardware supports TPM, and enable it in the BIOS Enable and configured bitlocker on the drives.

A remote user (User1) is unable to reach a newly provisioned corporate windows workstation. The system administrator has been given the following log files from the VPN, corporate firewall and workstation host. Which of the following is preventing the remote user from being able to access the workstation? Network latency is causing remote desktop service request to time out User1 has been locked out due to too many failed passwords Lack of network time synchronization is causing authentication mismatches The workstation has been compromised and is accessing known malware sites The workstation host firewall is not allowing remote desktop connections

User1 has been locked out due to too many failed passwords

When generating a request for a new x.509 certificate for securing a website, which of the following is the MOST appropriate hashing algorithm? RC4 MD5 HMAC SHA

MD5

Ann, a user, states that her machine has been behaving erratically over the past week. She has experienced slowness and input lag and found text files that appear to contain pieces of her emails or online conversations with coworkers. The technician runs a standard virus scan but detects nothing. Which of the following types of malware has infected the machine? Ransomware Rootkit Backdoor Keylogger

Keylogger

When designing a web based client server application with single application server and database cluster backend, input validation should be performed: On the client Using database stored procedures On the application server Using HTTPS

On the application server

A security administrator needs to address the following audit recommendations for a public-facing SFTP server: Users should be restricted to upload and download files to their own home directories only. Users should not be allowed to use interactive shell login. Which of the following configuration parameters should be implemented? (Select TWO). ``` PermitTunnel ChrootDirectory PermitTTY AllowTcpForwarding IgnoreRhosts ```

ChrootDirectory | PermitTTY

Which of the following strategies should a systems architect use to minimize availability risks due to insufficient storage capacity? High availability Scalability Distributive allocation Load balancing

Scalability

Which of the following is the appropriate network structure used to protect servers and services that must be provided to external clients without completely eliminating access for internal users? NAC VLAN DMZ Subnet

DMZ

Ann, a security administrator, wants to ensure credentials are encrypted in transit when implementing a RADIUS server for SSO. Which of the following are needed given these requirements? (Select TWO) ``` Public key Shared key Elliptic curve MD5 Private key DES ```

Public key | Private key

Many employees are receiving email messages similar to the one shown below: From IT department To employee Subject email quota exceeded Pease click on the following link http:www.website.info/email.php?quota=1Gb and provide your username and password to increase your email quotA. Upon reviewing other similar emails, the security administrator realized that all the phishing URLs have the following common elements; they all use HTTP, they all come from .info domains, and they all contain the same URI. Which of the following should the security administrator configure on the corporate content filter to prevent users from accessing the phishing URL, while at the same time minimizing false positives? ``` A. BLOCK http://www.*.info/ B. DROP http:// "website.info/email.php?* C. Redirect http://www,*.Info/email.php?quota=*TOhttp://company.com/corporate_polict.html D. DENY http://*.info/email.php?quota=1Gb ```

D. DENY | http://*.info/email.php?quota=1Gb

A member of the admins group reports being unable to modify the "changes" file on a server. The permissions on the file are as follows: Permissions User Group File -rwxrw-r--+ Admins Admins changes Based on the output above, which of the following BEST explains why the user is unable to modify the "changes" file? The SELinux mode on the server is set to "enforcing." The SELinux mode on the server is set to "permissive." An FACL has been added to the permissions for the file. The admins group does not have adequate permissions to access the file.

An FACL has been added to the permissions for the file.

A company is deploying a new VoIP phone system. They require 99.999% uptime for their phone service and are concerned about their existing data network interfering with the VoIP phone system. The core switches in the existing data network are almost fully saturated. Which of the following options will pro-vide the best performance and availability for both the VoIP traffic, as well as the traffic on the existing data network? Put the VoIP network into a different VLAN than the existing data network. Upgrade the edge switches from 10/100/1000 to improve network speed Physically separate the VoIP phones from the data network Implement flood guards on the data network

Put the VoIP network into a different VLAN than the existing data network

A company would like to prevent the use of a known set of applications from being used on company computers. Which of the following should the security administrator implement? ``` Whitelisting Anti-malware Application hardening Blacklisting Disable removable media ```

Blacklisting

A vice president at a manufacturing organization is concerned about desktops being connected to the network. Employees need to log onto the desktops' local account to verify that a product is being created within specifications; otherwise, the desktops should be as isolated as possible. Which of the following is the BEST way to accomplish this? Put the desktops in the DMZ. Create a separate VLAN for the desktops. Air gap the desktops. Join the desktops to an ad-hoc network.

Air gap the desktops

During a recent audit, it was discovered that many services and desktops were missing security patches. Which of the following BEST describes the assessment that was performed to discover this issue? Network mapping Vulnerability scan Port Scan Protocol analysis

Vulnerability scan

A network administrator adds an ACL to allow only HTTPS connections form host 192.168.2.3 to web server 192.168.5.2. After applying the rule, the host is unable to access the server. The network administrator runs the output and notices the configuration below: Which of the following rules would be BEST to resolve the issue? Option A Option B Option C Option D

Option A

A company’s loss control department identifies theft as a recurring loss type over the past year. Based on the department’s report, the Chief Information Officer (CIO) wants to detect theft of datacenter equipment. Which of the following controls should be implemented? Biometrics Cameras Motion detectors Mantraps

Motion detectors

Which of the following penetration testing concepts is being used when an attacker uses public Internet databases to enumerate and learn more about a target? ``` Reconnaissance Initial exploitation Pivoting Vulnerability scanning White box testing ```

Reconnaissance

After a security incident, management is meeting with involved employees to document the incident and its aftermath. Which of the following BEST describes this phase of the incident response process? Lessons learned Recovery Identification Preparation

Lessons learned

A security administrator wants to implement a logon script that will prevent MITM attacks on the local LAN. Which of the following commands should the security administrator implement within the script to accomplish this task? arp - s 192.168.1.1 00-3a-d1-fa-b1-06 dig - x@192.168.1.1 mypc.comptia.com nmap - A - T4 192.168.1.1 tcpdump - lnv host 192.168.1.1 or either 00:3a:d1:fa:b1:06

arp - s 192.168.1.1 00-3a-d1-fa-b1-06

A vulnerability scan is being conducted against a desktop system. The scan is looking for files, versions, and registry values known to be associated with system vulnerabilities. Which of the following BEST describes the type of scan being performed? Non-intrusive Authenticated Credentialed Active

Credentialed

The computer resource center issued smartphones to all first-level and above managers. The managers have the ability to install mobile tools. Which of the following tools should be implemented to control the types of tools the managers install? Download manager Content manager Segmentation manager Application manager

Application manager

A security analyst is working on a project that requires the implementation of a stream cipher. Which of the following should the analyst use? Hash function Elliptic curve Symmetric algorithm Public key cryptography

Symmetric algorithm

A security analyst is investigating a security breach. Upon inspection of the audit an access logs, the analyst notices the host was accessed and the /etc/passwd file was modified with a new entry for username “gotcha” and user ID of 0. Which of the following are the MOST likely attack vector and tool the analyst should use to determine if the attack is still ongoing? (Select TWO) ``` Logic bomb Backdoor Keylogger Netstat Tracert Ping ```

Backdoor Netstat

A user needs to send sensitive information to a colleague using PKI. Which of the following concepts apply when a sender encrypts the message hash with the sender's private key? (Select TWO) ``` Non-repudiation Email content encryption Steganography Transport security Message integrity ```

Non-repudiation Message integrity

An attacker captures the encrypted communication between two parties for a week, but is unable to decrypt the messages. The attacker then compromises the session key during one exchange and successfully compromises a single message. The attacker plans to use this key to decrypt previously captured and future communications, but is unable to. This is because the encryption scheme in use adheres to: Asymmetric encryption Out-of-band key exchange Perfect forward secrecy Secure key escrow

Perfect forward secrecy

In determining when it may be necessary to perform a credentialed scan against a system instead of a noncredentialed scan, which of the following requirements is MOST likely to influence this decision? The scanner must be able to enumerate the host OS of devices scanned. The scanner must be able to footprint the network. The scanner must be able to check for open ports with listening services. The scanner must be able to audit file system permissions

The scanner must be able to audit files system permissions

Security administrators attempted corrective action after a phishing attack. Users are still experiencing trouble logging in, as well as an increase in account lockouts. Users' email contacts are complaining of an increase in spam and social networking requests. Due to the large number of affected accounts, remediation must be accomplished quickly. Which of the following actions should be taken FIRST? (Select TWO) Disable the compromised accounts Update WAF rules to block social networks Remove the compromised accounts with all AD groups Change the compromised accounts' passwords Disable the open relay on the email server Enable sender policy framework

Disable the open relay on the email server Enable sender policy framework

Which of the following is commonly done as part of a vulnerability scan? Exploiting misconfigured applications Cracking employee passwords Sending phishing emails to employees Identifying unpatched workstations

Identifying unpatched workstations

An incident involving a workstation that is potentially infected with a virus has occurred. The workstation may have sent confidential data to an unknown internet server. Which of the following should a security analyst do FIRST? Make a copy of everything in memory on the workstation. Turn off the workstation. Consult information security policy. Run a virus scan.

Make a copy of everything in memory on the workstation

A website administrator has received an alert from an application designed to check the integrity of the company's website. The alert indicated that the hash value for a particular MPEG file has changed. Upon further investigation, the media appears to be the same as it was before the alert. Which of the following methods has MOST likely been used? ``` Cryptography Time of check/time of use Man in the middle Covert timing Steganography ```

Steganography

The administrator installs database software to encrypt each field as it is written to disk. Which of the following describes the encrypted data? In-transit In-use Embedded At-rest

In-use

A security administrator wants to configure a company’s wireless network in a way that will prevent wireless clients from broadcasting the company’s SSID. Which of the following should be configured on the company’s access points? ``` Enable ESSID broadcast Enable protected management frames Enable wireless encryption Disable MAC authentication Disable WPS Disable SSID broadcast ```

Disable SSID broadcast

After surfing the Internet, Joe, a user, woke up to find all his files were corrupted. His wallpaper was replaced by a message stating the files were encrypted and he needed to transfer money to a foreign country to recover them. Joe is a victim of: a keylogger spyware ransomware a logic bomb

Ransomeware

A security engineer wants to implement a site-to-site VPN that will require SSL certificates for mutual authentication. Which of the following should the engineer implement if the design requires client MAC address to be visible across the tunnel? Tunnel mode IPSec Transport mode VPN IPSec L2TP SSL VPN

SSL VPN

A security administrator receives an alert from a third-party vendor that indicates a certificate that was installed in the browser has been hijacked at the root of a small public CA. The security administrator knows there are at least four different browsers in use on more than a thousand computers in the domain worldwide. Which of the following solutions would be BEST for the security administrator to implement to most efficiently assist with this issue? SSL CRL PKI ACL

CRL

While reviewing the security controls in place for a web-based application, a security controls assessor notices that there are no password strength requirements in place. Because of this vulnerability, passwords might be easily discovered using a brute force attack. Which of the following password requirements will MOST effectively improve the security posture of the application against these attacks? (Select two) ``` Minimum complexity Maximum age limit Maximum length Minimum length Minimum age limit Minimum re-use limit ```

Maximum complexity Minimum length

Which of the following could occur when both strong and weak ciphers are configured on a VPN concentrator? (Select TWO) An attacker could potentially perform a downgrade attack. The connection is vulnerable to resource exhaustion. The integrity of the data could be at risk. The VPN concentrator could revert to L2TP. The IPSec payload reverted to 16-bit sequence numbers.

An attacker could potentially perform a downgrade attack. The IPSec payload reverted to 16-bit sequence numbers.

The IT department is deploying new computers. To ease the transition, users will be allowed to access their old and new systems. The help desk is receive reports that users are experiencing the following error when attempting to log in to their previous system: Logon Failure: Access Denied Which of the following can cause this issue? Permission issues Access violations Certificate issues Misconfigured devices

Certificate issues

The security administrator has noticed cars parking just outside of the building fence line. Which of the following security measures can the administrator use to help protect the company's WiFi network against war driving? (Select TWO) ``` Create a honeynet Reduce beacon rate Add false SSIDs Change antenna placement Adjust power level controls Implement a warning banner ```

Change antenna placement Adjust power level controls

A security administrator is reviewing the following network capture: 192.168.20.43:2043 -> 10.234.66.21:80 POST "192.168.20.43 https://www.banksite.comJoeUsrerPassword" Which of the following malware is MOST likely to generate the above information? Keylogger Ransomware Logic bomb Adware

Keylogger

As part of a new BYOD rollout, a security analyst has been asked to find a way to securely store company data on personal devices. Which of the following would BEST help to accomplish this? Require the use of an eight-character PIN. Implement containerization of company data. Require annual AUP sign-off. Use geofencing tools to unlock devices while on the premises.

Implement containerization of company data.

A datacenter recently experienced a breach. When access was gained, an RF device was used to access an air-gapped and locked server rack. Which of the following would BEST prevent this type of attack? Faraday cage Smart cards Infrared detection Alarms

Faraday cage

An organization wants to conduct secure transactions of large data files. Before encrypting and exchanging the data files, the organization wants to ensure a secure exchange of keys. Which of the following algorithms is appropriate for securing the key exchange? ``` DES Blowfish DSA Diffie-Hellman 3DES ```

Diffie-Hellman

An administrator thinks the UNIX systems may be compromised, but a review of system log files provides no useful information. After discussing the situation with the security team, the administrator suspects that the attacker may be altering the log files and removing evidence of intrusion activity. Which of the following actions will help detect attacker attempts to further alter log files? Enable verbose system logging Change the permissions on the user's home directory Implement remote syslog Set the bash_history log file to "read only"

Implement remote syslog

A web developer improves client access to the company's REST API. Authentication needs to be tokenized but not expose the client's password. Which of the following methods would BEST meet the developer's requirements? SAML LDAP OAuth Shibboleth

SAML

A security analyst captures forensic evidence from a potentially compromised system for further investigation. The evidence is documented and securely stored to FIRST: maintain the chain of custody. preserve the data. obtain a legal hold. recover data at a later time.

Preserve the data

A global gaming console manufacturer is launching a new gaming platform to its customers. Which of the following controls reduces the risk created by malicious gaming customers attempting to circumvent control by way of modifying consoles? ``` Firmware version control Manual software upgrades Vulnerability scanning Automatic updates Network segmentation Application firewalls ```

Firmware version control and Automatic updates

Which of the following are used to increase the computing time it takes to brute force a password using an offline attack? (Select TWO) ``` XOR PBKDF2 bcrypt HMAC RIPEMD ```

PBKDF2 and bcrypt

A web server, which is configured to use TLS with AES-GCM-256, SHA-384, and ECDSA, recently suffered an information loss breach. Which of the following is MOST likely the cause? Insufficient key bit length Weak cipher suite Unauthenticated encryption method Poor implementation

Poor implementation

An attack that is using interference as its main attack to impede network traffic is which of the following? Introducing too much data to a targets memory allocation Utilizing a previously unknown security flaw against the target Using a similar wireless configuration of a nearby network Inundating a target system with SYN requests

Using a similar wireless configuration of a nearby network

Ann, a college professor, was recently reprimanded for posting disparaging remarks regrading her coworkers on a web site. Ann stated that she was not aware that the public was able to view her remarks. Which of the following security-related training could have made Ann aware of the repercussions of her actions? Data Labeling and disposal Use of social networking Use of P2P networking Role-based training

Use of social networking

A company is investigating a data compromise where data exfiltration occurred. Prior to the investigation, the supervisor terminates an employee as a result of the suspected data loss. During the investigation, the supervisor is absent for the interview, and little evidence can be provided form the role-based authentication system in use by the company. The situation can be identified for future mitigation as which of the following? Job rotation Log failure Lack of training Insider threat

Log failure

Which of the following would allow for the QUICKEST restoration of a server into a warm recovery site in a case in which server data mirroring is not enabled? Full backup Incremental backup Differential backup Snapshot

Differential backup

An actor downloads and runs a program against a corporate login page. The program imports a list of usernames and passwords, looking for a successful attempt. Which of the following terms BEST describes the actor in this situation? Script kiddie Hacktivist Cryptologist Security auditor

Script kiddie

A security analyst is reviewing the following packet capture of an attack directed at a company's server located in the DMZ: Which of the following ACLs provides the BEST protection against the above attack and any further attacks from the same IP, while minimizing service interruption? DENY TCO From ANY to 172.31.64.4 Deny UDP from 192.168.1.0/24 to 172.31.67.0/24 Deny IP from 192.168.1.10/32 to 0.0.0.0/0 Deny TCP from 192.168.1.10 to 172.31.67.4

Deny TCP from 192.168.1.10 to 172.31.67.4

Which of the following could help detect trespassers in a secure facility? (Select TWO) ``` Faraday cages Motion-detection sensors Tall, chain-link fencing Security guards Smart cards ```

Motion-detection sensors and Security guards

An organization wants to utilize a common, Internet-based third-party provider for authorization and authentication. The provider uses a technology based on OAuth 2.0 to provide required services. To which of the following technologies is the provider referring? Open ID Connect SAML XACML LDAP

Open ID Connect

A penetration tester harvests potential usernames from a social networking site. The penetration tester then uses social engineering to attempt to obtain associated passwords to gain unauthorized access to shares on a network server. Which of the following methods is the penetration tester MOST likely using? Escalation of privilege SQL injection Active reconnaissance Proxy server

Active reconnaissance

An administrator has configured a new Linux server with the FTP service. Upon verifying that the service was configured correctly, the administrator has several users test the FTP service. Users report that they are able to connect to the FTP service and download their personal files, however, they cannot transfer new files to the server. Which of the following will most likely fix the uploading issue for the users? Create an ACL to allow the FTP service write access to user directories Set the Boolean selinux value to allow FTP home directory uploads Reconfigure the ftp daemon to operate without utilizing the PSAV mode Configure the FTP daemon to utilize PAM authentication pass through user permissions

Create an ACL to allow the FTP service write access to user directories

Which of the following allows an application to securely authenticate a user by receiving credentials from a web domain? TACACS+ RADIUS Kerberos SAML

SAML

A server administrator needs to administer a server remotely using RDP, but the specified port is closed on the outbound firewall on the network. The access the server using RDP on a port other than the typical registered port for the RDP protocol? TLS MPLS SCP SSH

TLS

During a third-party audit, it is determined that a member of the firewall team can request, approve, and implement a new rule-set on the firewall. Which of the following will the audit team most l likely recommend during the audit out brief? Discretionary access control for the firewall team Separation of duties policy for the firewall team Least privilege for the firewall team Mandatory access control for the firewall team

Separation of duties policy for the firewall team

Which of the following allows an auditor to test proprietary-software compiled code for security flaws? Fuzzing Static review Code signing Regression testing

Fuzzing

An external contractor, who has not been given information about the software or network architecture, is conducting a penetration test. Which of the following BEST describes the test being performed? Black box White box Passive reconnaissance Vulnerability scan

Black box

A company recently replaced its unsecure email server with a cloud-based email and collaboration solution that is managed and insured by a third party. Which of the following actions did the company take regarding risks related to its email and collaboration services? Transference Acceptance Mitigation Deterrence

Transferance

A company is evaluating cloud providers to reduce the cost of its internal IT operations. The company's aging systems are unable to keep up with customer demand. Which of the following cloud models will the company MOST likely select? PaaS SaaS IaaS BaaS

IaaS

A security administrator suspects that data on a server has been exhilarated as a result of unauthorized remote access. Which of the following would assist the administrator in confirming the suspicions? (Select TWO) ``` Networking access control DLP alerts Log analysis File integrity monitoring Host firewall rules ```

DLP alerts and Log analysis

A datacenter manager has been asked to prioritize critical system recovery priorities. Which of the following is the MOST critical for immediate recovery? Communications software Operating system software Weekly summary reports to management Financial and production software

Operating system software

Users in a corporation currently authenticate with a username and password. A security administrator wishes to implement two-factor authentication to improve security. Which of the following authentication methods should be deployed to achieve this goal? ``` PIN Security Smart card Passphrase CAPTCHA ```

Smart card

Which of the following is the BEST choice for a security control that represents a preventive and corrective logical control at the same time? Security awareness training Antivirus Firewalls Intrusion detection system

Antivirus