Topic 6 (newest questions) Flashcards Preview

Sec+ > Topic 6 (newest questions) > Flashcards

Flashcards in Topic 6 (newest questions) Deck (241)
Loading flashcards...
1

A Chief Information Security Officer (CISO) asks the security architect to design a method for contractors to
access the company's internal wiki, corporate directory, and email services securely without allowing access to systems beyond the scope of their project. Which of the following methods would BEST fit the needs of the
CISO?

VPN
PaaS
laaS
VDI

VPN

2

A security analyst wishes to scan the network to view potentially vulnerable systems the way an attacker
would. Which of the following would BEST enable the analyst to complete the objective?

Perform a non-credentialed scan.
Conduct an intrusive scan.
Attempt escalation of privilege.
Execute a credentialed scan.

Perform a non-credentialed scan

3

A contracting company recently completed its period of performance on a government contract and would like to destroy all information associated with contract performance. Which of the following is the best NEXT step for the company to take?

Consult data disposition policies in the contract.
Use a pulper or pulverizer for data destruction
Retain the data for a period no more than one year
Burn hard copies containing Pll or PHI.

Consult data disposition policies in the contract.

4

A threat actor motivated by political goals that is active for a short period of time but has virtually unlimited
resources is BEST categorized as a:

hacktivist.
nation-state
script kiddie
APT

nation-state

5

Which of the following types of security testing is the MOST cost-effective approach used to analyze existing code and identity areas that require patching?

Black box
Gray box
White box
Red team
Blue team

White box

6

A security analyst is assessing a small company's internal servers against recommended security practices.
Which of the following should the analyst do to conduct the assessment? (Select TWO).

Compare configurations against platform benchmarks,
Confirm adherence to the company's industry-specific regulations.
Review the company's current security baseline,
Verify alignment with policy related to regulatory compliance
Run an exploitation framework to confirm vulnerabilities

Review the company's current security baseline.

and

Run an exploitation framework to confirm vulnerabilities

7

A security analyst is emailing PII in a spreadsheet file to an audit validator for after-actions related to a
security assessment. The analyst must make sure the PII data is protected with the following minimum
requirements:

*Ensure confidentiality at rest.
* Ensure the integrity of the original email message.
Which of the following controls would ensure these data security requirements are carried out?

Encrypt and sign the email using S/MIME.
Encrypt the email and send it using TLS.
Hash the email using SHA-1.
Sign the email using MD5

Encrypt and sign the email using S/MIME

8

A member of the human resources department received the following email message after sending an email containing benefit and tax information to a candidate:

"Your message has been quarantined for the following policy violation: external_potential_Pll. Please contact
the IT security administrator for further details."
Which of the following BEST describes why this message was received?

The DLP system flagged the message
The mail gateway prevented the message from being sent to personal email addresses.
The company firewall blocked the recipient's IP address.
The file integrity check failed for the attached files.

The DLP system flagged the message

9

Which of the following is the MOST likely motivation for a script kiddie threat actor?

Financial gain
Notoriety
Political expression
Corporate espionage

Notoriety

10

A Chief Information Security Officer (CISO) for a school district wants to enable SSL to protect all of the
public-facing servers in the domain. Which of the following is a secure solution that is the MOST cost
effective?

Create and install a self-signed certificate on each of the servers in the domain.
Purchase a load balancer and install a single certificate on the load balancer.
Purchase a wildcard certificate and implement it on every server.
Purchase individual certificates and apply them to the individual servers.

Purchase a load balancer and install a single certificate on the load balancer.

11

Which of the following would provide a safe environment for an application to access only the resources needed to function while not having access to run at the system level?

Sandbox
Honey pot
GPO
DMZ

Sandbox

12

Which of the following is a technical preventive control?

Two-factor authentication
DVR-supported cameras
Acceptable-use MOTD
Syslog server

Two-factor authentication

13

A security administrator is reviewing the following firewall configuration after receiving reports that users are
unable to connect to remote websites:
10 PERMIT FROM ANY TO:ANY PORT: 80
20 PERMIT FROM:ANY TO:ANY PORT: 443
30 DENY FROM: ANY TO:ANY PORT:ANY
Which of the following is the MOST secure solution the security administrator can implement to fix this issue
?

A. Add the following rule to the firewall: 5 PERMIT FROM: ANY TO:ANY PORT:53
B. Replace rule number 10 with the following rule: 10 PERMIT FROM: ANY TO:ANY PORT:22
C. Insert the following rule in the firewall: 25 PERMIT FROM ANY TO:ANY PORTS:ANY
D. Remove the following rule from the firewall: 30 DENY FROM:ANY TO:ANY PORT:ANY

B. Replace rule number 10 with the following rule: 10 PERMIT FROM: ANY TO:ANY PORT:22

14

A security analyst is hardening a large-scale wireless network. The primary requirements are the following

* Must use authentication through EAP-TLS certificates
* Must use an AAA server
* Must use the most secure encryption protocol

Given these requirements, which of the following should the analyst implement and recommend? (Select
TWO).

802.1X
802.3
LDAP
TKIP
CCMP
WPA2-PSK

802.1X

and

WPA2-PSK

15

A systems engineer is configuring a wireless network. The network must not require installation of third-party
software. Mutual authentication of the client and the server must be used. The company has an internal PKI.
Which of the following configuration should the engineer choose?

EAP-TLS
EAP-TTLS
EAP-FAST
EAP-MD5
PEAP

EAP-TLS

16

Which of the following is the MOST significant difference between intrusive and non-intrusive vulnerability scanning?

One uses credentials, but the other does not
One has a higher potential for disrupting system operations.
One allows systems to activate firewall countermeasures.
One returns service banners, including running versions

One has a higher potential for disrupting system operations

17

A systems administrator wants to configure an enterprise wireless solution that supports authentication over HTTPS and wireless encryption using AES. Which of the following should the administrator configure to support these requirements? (Select TWO).

802.1X
RADIUS federation
WPS
Captive portal
WPA2
WDS

802.1X

and

WPA2

18

A company needs to fix some audit findings related to its physical security. A key finding was that multiple
people could physically enter a location at the same time. Which of the following is the BEST control to address this audit finding?

Faraday cage
Mantrap
Biometrics
Proximity cards

Mantrap

19

During a forensics investigation, which of the following must be addressed FIRST according to the order of
volatility?

Hard drive
RAM
Network-attached storage
USB flash drive

RAM

20

During a security audit of a company's network, unsecure protocols were found to be in use. A network
administrator wants to ensure browser-based access to company switches is using the most secure protocol.
Which of the following protocols should be implemented?

SSH2
TLS1.2
SSL1.3
SNMPv3

TLS 1.2

21

A security administrator has received multiple calls from the help desk about customers who are unable to
access the organization's web server. Upon reviewing the log files the security administrator determines
multiple open requests have been made from multiple IP addresses, which is consuming system resources.
Which of the following attack types does this BEST describe?

DDoS
DoS
Zero day
Logic bomb

DDoS

22

The security administrator has installed a new firewall which implements an implicit DENY policy by default.
Click on the firewall and configure it to allow ONLY the following communication.

See PDF 374

PDF 374

23

A company utilizes 802.11 for all client connectivity within a facility. Users in one part of the building are
reporting they are unable to access company resources when connected to the company SSID. Which of the following should the security administrator use to assess connectivity?

Sniffer
Honeypot
Routing tables
Wireless scanner

Routing tables

24

A user loses a COPE device. Which of the following should the user do NEXT to protect the data on the
device?

Call the company help desk to remotely wipe the device.
Report the loss to authorities
Check with corporate physical security for the device.
Identify files that are potentially missing on the device.

Call the company help desk to remotely wipe the device

25

Which of the following represents a multifactor authentication system?

An iris scanner coupled with a palm print reader and fingerprint scanner with liveness detection.
A secret passcode that prompts the user to enter a secret key if entered correctly.
A digital certificate on a physical token that is unlocked with a secret passcode.
A one-time password token combined with a proximity badge.

A one-time password token combined with a proximity badge

26

A security team has downloaded a public database of the largest collection of password dumps on the Internet. This collection contains the cleartext credentials of every major breach for the last four years. The security team pulls and compares users' credentials to the database and discovers that more than 30% of the users were still using passwords discovered in this list. Which of the following would be the BEST combination to reduce the risks discovered?

Password length, password encryption, password complexity
Password complexity, least privilege, password reuse
Password reuse, password complexity, password expiration
Group policy, password history, password encryption

Password length, password encryption, password complexity

27

A Chief Information Officer (CIO) is concerned that encryption keys might be exfiltrated by a contractor. The CIO wants to keep control over key visibility and management. Which of the following would be the BEST solution for the CIO to implement?”

HSM
CA
SSH
SSL

HSM (hardware security module)

28

A technician has been asked to document which services are running on each of a collection of 200 servers.
Which of the following tools BEST meets this need while minimizing the work required?

Nmap
Nslookup
Netcat
Netstat

Netcat

29

Which of the following BEST describes a security exploit for which a vendor patch is not readily available?

Integer overflow
Zero-day
End of life
Race condition

Zero-day

30

A systems administrator is increasing the security settings on a virtual host to ensure users on one VM cannot access information from another VM. Which of the following is the administrator protecting against?

VM sprawl
VM escape
VM migration
VM sandboxing

VM escape