Practice Test 1-1

Beschreibung

Practice Test 1-1
Arthur Casto
Quiz von Arthur Casto, aktualisiert more than 1 year ago
Arthur Casto
Erstellt von Arthur Casto vor mehr als 4 Jahre
322
0

Zusammenfassung der Ressource

Frage 1

Frage
During an IT meeting, your colleague Anne-Marie suggests that there is a single point of failure in the single load balancer in place for the company website ordering system. She suggests having two load balancers configured, with only one in service at a given time. What type of load balancing configuration is Anne-Marie recommending?
Antworten
  • Round robin
  • Active-active
  • Active-passive
  • Least Connections

Frage 2

Frage
You are a business networking consultant and have a large retail outlet as a client. Your project for them consists of configuring a wireless router at their coffee shop area. The wireless connection will be used by waiting customers to connect to the Internet. You want to ensure that wireless clients can connect to the Internet but cannot connect to internal computers owned by the retail outlet’s offices. Where will you plug in the wireless router?
Antworten
  • LAN
  • Port 24 on the switch
  • Port 1 on the switch
  • DMZ

Frage 3

Frage
The Microsoft Group Policy setting for password complexity is “Password must meet complexity requirements.” The policy states that when the setting is enabled, the user password must contain: English uppercase characters (A through Z), English lowercase characters (a through z), Digits (0 through 9), and Non-alphabetic characters (!, $, #, %). According to the policy, passwords must contain characters from how many of these different groups?
Antworten
  • Four
  • Three
  • Two
  • One

Frage 4

Frage
You are an IT consultant for a business located in a coastal area that is susceptible to storms and occasional flooding. Because of your company’s location, there is an emphasis on continued business operation. Which of the following plans focus on ensuring that personnel, customers, and IT systems are minimally affected after a disaster?
Antworten
  • Risk Management
  • Fault Tolerance
  • Disaster Recovery
  • Business Continuity

Frage 5

Frage
You are a computer security consultant, and your latest client is a military contractor who requires the utmost in security for transmitting messages during wartime. Which of the following provides the best security?
Antworten
  • AES
  • 3DES
  • One-time Pad
  • RSA

Frage 6

Frage
Which of the following types of malware delivery, usually through a Trojan, includes demands for payment?
Antworten
  • Backdoors
  • Ransomware
  • Botnets
  • Logic Bombs

Frage 7

Frage
Review the malware related compromises listed. Which type of malware can make its presence and that of its accompanying payload invisible to the system?
Antworten
  • Crypto-malware
  • Worm
  • Rootkit
  • Ransomware

Frage 8

Frage
The act of pretending to be the proper owner of an address or the provider of a service, when another system is actually the true provider, is referred to as ___________.
Antworten
  • Man in the Middle (MitM)
  • Spoofing
  • Denial of Service (DoS)
  • Zombie Attack

Frage 9

Frage
Which type of network penetration attack model requires an attacker to have the highest skill level?
Antworten
  • Black box
  • Gray box
  • White box
  • Yellow box

Frage 10

Frage
Which one of the listed tools scans for known security threats on groups of computers?
Antworten
  • Packet sniffer
  • Vulnerability Scanner
  • Risk scanner
  • Port Scanner

Frage 11

Frage
The IPsec protocol suite uses all but one of the choices listed below. Which of these is NOT relevant to IPsec?
Antworten
  • Tunnel mode
  • TLS
  • ESP
  • AH
  • Transport mode

Frage 12

Frage
You have a multilayer switch. Which layers does it operate at?
Antworten
  • 1 and 2
  • 2 and 3
  • 3 and 4
  • 5 and 6

Frage 13

Frage
Which choice listed below describes the deployment of a network device in order to conduct academic research or detect attackers inside the organization’s network perimeter?
Antworten
  • DMZ
  • Honeypot
  • IDS
  • SIRT

Frage 14

Frage
A service on a local server cannot communicate with its database server running on another machine. The database server is functioning correctly and all network connections are working properly. What is most likely causing this issue?
Antworten
  • Insider threat
  • Unauthorized software
  • UTM
  • Misconfigured firewall

Frage 15

Frage
The host-based intrusion detection system can be referred to as which of the following?
Antworten
  • NDIS
  • HDIS
  • HIDS
  • NIDS

Frage 16

Frage
A simple way to keep virus, spyware and other malware from attacking your network while allowing BYOD is to use which of the following?
Antworten
  • Application control
  • Asset tracking
  • Guest network
  • Device access controls

Frage 17

Frage
Which of the following methods would generally speaking be the most basic method to mitigate security risks on a network?
Antworten
  • Updates
  • Network segmentation and security layers
  • Application firewalls
  • Wrappers

Frage 18

Frage
Which of the following BYOD security measures would allow separation between work and personal data?
Antworten
  • Device encryption
  • Remote wipe
  • Application control
  • Storage segmentation

Frage 19

Frage
UEFI is a new technology that is starting to replace the system BIOS and has several additional features. Which of these best identifies the security standard used along with UEFI to confirm that only trusted software and firmware is used to access a trusted operating system?
Antworten
  • HSM
  • Secure Boot checking each digital certificate
  • Attestation
  • Hardware root of trust

Frage 20

Frage
Deploying least functionality along with disabling unnecessary ports and services are two methods of ________________. (Choose the best answer.)
Antworten
  • Attestation
  • HSM
  • Software trust
  • Secure system design

Frage 21

Frage
The three step process of authentication, authorization, and accounting, is usually referred to as which of the following choices below?
Antworten
  • Multifactor Authentication (MFA)
  • Ticket-granting
  • The AAA model
  • Nonrepudiation

Frage 22

Frage
Which term describes the automatic creation of a two-way relationship between child and parent domains in a Microsoft AD forest?
Antworten
  • OAuth
  • Open ID Connect
  • Transitive Trust
  • Shibboleth

Frage 23

Frage
Multifactor authentication uses at least two of three possible authentication methods to identify a user. Which of the following is not one of the generally accepted methods?
Antworten
  • Passwords
  • Biometrics
  • Digital Signatures
  • Tokens

Frage 24

Frage
Also known as LDAPS, which protocol enabled connection allows authentication to the Microsoft DC and provides additional services?
Antworten
  • LDAP +
  • XTACACS
  • Secure LDAP
  • LDAP

Frage 25

Frage
Choose the biometric authentication method that uses nodal points to identify the user.
Antworten
  • Iris scanner
  • Retinal scanner
  • Facial Recognition
  • All choices

Frage 26

Frage
Your company’s standard operating procedure for onboarding includes an agreement targeted at minimizing the security risks involving transmitted data. What is the name of this agreement?
Antworten
  • MOU
  • ISA
  • BPA
  • SLA
  • NDA

Frage 27

Frage
Which personnel management policy involves securing all sensitive data regardless of format (paper or digital) when an employee’s workspace will be unattended?
Antworten
  • Job rotation
  • Mandatory vacations
  • Separation of duties
  • None of these

Frage 28

Frage
Which risk strategy is in use if a company is NOT implementing a countermeasure to a risk while realizing the potential risk?
Antworten
  • Risk acceptance
  • Risk assessment
  • Risk transference
  • Risk mitigation

Frage 29

Frage
What is considered an acceptable level of risk?
Antworten
  • There is an industry standard risk level (RFC 1027-59b).
  • Generally there are three (3) standard risk level designations. Tier 1 has the best balance of security and accessibility.
  • The acceptable risk level is determined by each organization individually.
  • No level of risk is acceptable.

Frage 30

Frage
Which of the following is an internal threat?
Antworten
  • System failure
  • Flood
  • Fire
  • Burglar

Frage 31

Frage
In a corporation where computer utilization spikes several times a year, the Chief Information Officer (CIO) has requested a cost-effective architecture to handle the variable capacity demand. Which of the following characteristics BEST describes what the CIO has requested?
Antworten
  • Elasticity
  • Scalability
  • High availability
  • Redundancy

Frage 32

Frage
An analyst wants to implement a more secure wireless authentication for office access points. Which of the following technologies allows for encrypted authentication of wireless clients over TLS?
Antworten
  • PEAP
  • EAP
  • WPA2
  • RADIUS

Frage 33

Frage
A security technician would like to obscure sensitive data within a file so that it can be transferred without causing suspicion. Which of the following technologies would BEST be suited to accomplish this?
Antworten
  • Transport Encryption
  • Steam Encryption
  • Digital Signature
  • Steganography

Frage 34

Frage
Which of the following attack types is being carried out where a target is being sent unsolicited messages via Bluetooth?
Antworten
  • War chalking
  • Bluejacking
  • Bluesnarfing
  • Rogue tethering

Frage 35

Frage
Joe is exchanging an encrypted email with another party. Joe encrypts the initial email with a key. When Joe receives a response, he is unable to decrypt the response with the same key he initially used. Which of the following would explain this situation?
Antworten
  • An ephemeral key was used for one of the messages
  • A stream cipher was used for the initial email; a block cipher was used for the reply
  • Out-of- band key exchange has taken place
  • Asymmetric encryption is being used.

Frage 36

Frage
Which of the following would verify that a threat does exist and security controls can be easily bypassed without actively testing an application?
Antworten
  • Protocol analyzer
  • Vulnerability scan
  • Penetration test
  • Port scanner

Frage 37

Frage
Which of the following technologies would be MOST appropriate to utilize when testing a new software patch before a company-wide deployment?
Antworten
  • Clout computing
  • Virtualization
  • Redundancy
  • Application control

Frage 38

Frage
A company wants to host a publicly available server that perfoms the following functions: -Evaluates maintenance record lookup -Performs authenticated requests for A and AAA records -Uses RRSIG Which of the following should the company use to fulfill the above requirements?
Antworten
  • DNSSEC
  • SFTP
  • nslookup
  • dig
  • LDAPS

Frage 39

Frage
The chief security officer (CSO) has issued a new policy that requires that all internal websites be configured for HTTPS traffic only. The network administrator has been tasked to update all internal sites without incurring additional costs. Which of the following is the best solution for the network administrator to secure each internal website?
Antworten
  • Use certificates signed by the company CA
  • Use a signing certificate as a wild card certificate
  • Use certificates signed by a public CA
  • Use a self-signed certificate on each internal server

Frage 40

Frage
Security administrators attempted corrective action after a phishing attack. Users are still experiencing trouble logging in, as well as an increase in account lockouts. Users' email contacts complaining of an increase in spam and social networking requests. Due to the large number of affected accounts, remdiation must be accomplished quickly. Which of the following actions should be taken first? (Select two answers)
Antworten
  • Disable the compromised accounts
  • Update WAF rules to block social networks
  • Remove the compromised accounts with all AD groups
  • Change the compromised accounts' passwords
  • Disable the open relay on the email server
  • Enable sender policy framework

Frage 41

Frage
To determine the annualized loss expectancy (ALE) of a particular risk, which of the following must be calculated? (Select TWO).
Antworten
  • Annualized Rate of Occurence (ARO
  • Return on Investment (RIO)
  • Recovery Point Objective (RPO)
  • Single Loss Expectancy (SLE)
  • Recovery Time Objective (RTO)

Frage 42

Frage
A vice president at a manufacturing organization is concerned about desktops being connected to the network. Employees need to log onto the desktops' local account to verify that a product is being created within specifications; otherwise, the desktops should be as isolated as possible. Which of the following is the BEST way to accomplish this?
Antworten
  • Put the desktops in the DMZ
  • Create a separate VLAN for the desktops
  • Air gap the desktops
  • Join the desktops to an ad-hoc network

Frage 43

Frage
After attempting to harden a web server, a security analyst needs to determine if an application remains vulnerable to SQL injection attacks. Which of the following would BEST assist the analyst in making this determination?
Antworten
  • tracert
  • Fuzzer
  • nslookup
  • Nmap
  • netcat

Frage 44

Frage
A technician receives a device with the following anomalies: -Frequent pop-up ads -Show response-time switching between active programs -Unresponsive peripherals The technician reviews the following log file entries: File Name Source MD5 Target MD5 Status antivirus.exe F794F21CD33E4F57890DDEA5CF267ED2 F794F21CD33E4F57890DDEA5CF267ED2 Automatic iexplore.exe 7FAAF21CD33E4F57890DDEA5CF29CCEA AA87F21CD33E4F57890DDEAEE2197333 Automatic service.exe 77FF390CD33E4F57890DDEA5CF28881F 77FF390CD33E4F57890DDEA5CF28881F Manual USB.exe E289F21CD33E4F57890DDEA5CF28EDC0 E289F21CD33E4F57890DDEA5CF28EDC0 Stopped Based on the above output, which of the following should be reviewed?
Antworten
  • The web application firewall
  • The file integrity check
  • The data execution prevention
  • The removable media control

Frage 45

Frage
An active/passive configuration has an impact on:
Antworten
  • Confidentiality
  • Integrity
  • Availability
  • Non-repudiation

Frage 46

Frage
Company A has acquired Company B. Company A has different domains spread globally, and typically migrates its acquisitions infrastructure under its own domain infrastructure. Company B, however, cannot be merged into Company A's domain infrastructure. Which of the following methods would allow the two companies to access one another's resources?
Antworten
  • Attestation
  • Federation
  • Single Sign-on (SSO)
  • Kerberos

Frage 47

Frage
A procedure differs from a policy in that it:
Antworten
  • is a high-level statement regarding the company's position on a topic.
  • sets a minimum expected baseline of behavior.
  • provides step-by-step instructions for performing a task.
  • describes adverse actions when violations occur.

Frage 48

Frage
A security auditor is testing perimeter security in a building that is protected by badge readers. Which of the following types of attacks would MOST likely gain access?
Antworten
  • Phishing
  • Man-in-the-Middle (MitM)
  • Tailgaiting
  • Watering hole
  • Shoulder surfing

Frage 49

Frage
Which of the following encryption methods does PKI typically use to securely protect keys?
Antworten
  • Elliptic curve
  • Digital signatures
  • Asymmetric
  • Obfuscation

Frage 50

Frage
A department head at a university resigned on the first day of spring semester. It was subsequently determined that the department head deleted numerous files and directories from the server-based home directory while the campus was closed. Which of the following policies or procedures could have prevented this from occurring?
Antworten
  • Time-of-day restrictions
  • Permissions auditing and review
  • Offboarding
  • Account expiration

Frage 51

Frage
An organization wants to upgrade its enterprise-wide desktop computer solution. The organization currently has 500 PCs active on the network. the Chief Information Security Officer (CISO) suggests that the organization employ desktop imaging technology for such a large scale upgrade. Which of the following is a security benefit of implementing an imaging solution?
Antworten
  • it allows for faster deployment
  • it provides for a consistent baseline
  • it reduces the number of vulnerabilities
  • it decreases the boot time

Frage 52

Frage
A senior incident response manager receives a call about some external IPs communicating with internal computers during off hours. Which of the following types of malware is MOST likely causing this issue?
Antworten
  • Botnet
  • Ransomware
  • Polymorphic malware
  • Armored virus

Frage 53

Frage
An organization has implemented an IPSec VPN access for remote users. Which of the following IPSec modes would be the MOST secure for this organization to implement?
Antworten
  • Tunnel mode
  • Transport mode
  • AH-only mode (Authentication Header)
  • ESP-only mode (Encapsulated Security Payload)

Frage 54

Frage
A security engineer is configuring a wireless network with EAP-TLS (Extensible Authentication Protocol-Transport Layer Security). Which of the following activities is a requirement for this configuration?
Antworten
  • Setting up a TACACS+ server
  • Configuring federation between authentication servers
  • Enabling TOTP (Time-based One-time Password)
  • Deploying certificates to endpoint devices

Frage 55

Frage
Several workstations on a network are found to be on OS versions that are vulnerable to a specific attack. Which of the following is considered to be a corrective action to combat this vulnerability?
Antworten
  • Install an antivirus patch
  • Educate the workstation users
  • Leverage server isolation
  • install a vendor-supplied patch
  • install an intrusion detection system (IDS)

Frage 56

Frage
A user suspects someone has been accessing a home network without permission by spoofing the MAC address of an authorized system. While attempting to determine if an unauthorized user is logging into the home network, the user reviews the wireless router, which shows the following table for systems that are currently on the home network: Hostname IP Address MAC MAC Filter DadPC 192.168.1.15 00:1D:1A:44:17:B5 On MomPC 192.168.1.15 21:13:D6:C5:42:A2 Off JuniorPC 192.168.2.16 42:A7:D1:25:11:52 On Unknown 192.168.1.18 10:B3:22:1A:FF:21 Off Which of the following should be the NEXT step to determine if there is an unauthorized user on the network?
Antworten
  • Apply MAC filtering and see if the router drops any of the systems
  • Physically check each of the authorized systems to determine if they are logged onto the network
  • Deny the "unknown" host because the hostname is not known and MAC filtering is not applied to this host
  • Conduct a ping sweep of each of the authorized systems and see if an echo response is received

Frage 57

Frage
The POODLE attack is an MITM exploit that affects: TLS - Transport Layer Security SSL - Secure Sockers Layer
Antworten
  • TLS1.0 with Cipher Block Chaining (CBC) mode cipher
  • SSLv2.0 with Cipher Block Chaining (CBC) mode cipher
  • SSLv3.0 with Cipher Block Chaining (CBC) mode cipher
  • SSLv3.0 with Electronic Code Book (ECB) mode cipher

Frage 58

Frage
Ann, a security administrator, wants to ensure credentials are encrypted in transit when implementing a RADIUS server for SSO. Which of the following are needed given these requirements? (Select TWO)
Antworten
  • Public key
  • Shared key
  • Elliptic curve
  • Message Digest 5 (MD5)
  • Private key
  • Digital Encryption Standard (DES)

Frage 59

Frage
Which of the following allows an auditor to test proprietary-software compiled code for security flaws?
Antworten
  • Fuzzing
  • Static review
  • Code signing
  • Regression testing

Frage 60

Frage
Which of the following is the BEST reason to run an untested application is a sandbox?
Antworten
  • To allow the application to take full advantage of the host system's resources and storage
  • To utilize the host systems antivirus and firewall applications instead of running it own protection
  • To prevent the application from acquiring escalated privileges and accessing its host system
  • To increase application processing speed so the host system can perform real-time logging

Frage 61

Frage
A manager wants to distribute a report to several other managers within the company. Some of them reside in remote locations that are not connected to the domain but have a local server. Because there is sensitive data within the report and the size is beyond the limit of the email attachment size, emailing the report is not an option. Which of the following protocols should be implemented to distribute the report securely? (Select THREE)
Antworten
  • S/MIME (Secure/Multipurpose Internet Mail Extensions)
  • SSH (Secure Shell)
  • SNMPv3 (Simple Network Management Protocol)
  • FTPS (FTP over SSL)
  • SRTP (Secure Real-Time Protocol)
  • HTTPS (Hypertext Transfer Protocol over SSL/TLS)
  • LDAPS (Lightweight Directory Access Protocol)

Frage 62

Frage
A company is performing an analysis of the corporate enterprise network with the intent of identifying what will cause losses in revenue, referrals, and/or reputation when out of commission. Which of the following is an element of a Business Impact Analysis (BIA) that is being addressed?
Antworten
  • Mission-essential function
  • Single point of failure
  • Backup and restoration plans
  • Identification of critical systems

Frage 63

Frage
Ann, a user, states that her machine has been behaving erratically over the past week. She has experienced slowness and input lag and found text files that appear to contain pieces of her emails or online conversations with coworkers. The technician runs a standard virus scan but detects nothing. Which of the following types of malware has infected the machine?
Antworten
  • Ransomware
  • Rootkit
  • Backdoor
  • Keylogger

Frage 64

Frage
A security analyst is attempting to identify vulnerabilities in a customer's web application without impacting the system or its data. Which of the following BEST describes the vulnerability scanning concept performed?
Antworten
  • Aggressive scan
  • Passive scan
  • Non-credentialed scan
  • Compliance scan

Frage 65

Frage
A systems administrator wants to implement a wireless protocol that will allow the organization to authenticate mobile devices prior to providing the user with a captive portal login. Which of the following should the systems administrator configure?
Antworten
  • L2TP (Layer 2 Tunneling Protocol) with MAC filtering
  • EAP-TTLS (Extensible Authentication Protocol-Transport Layer Security)
  • WPA2-CCMP (WiFi Protected Access 2-Counter-Mode/CBC-Mac Protocol) with PSK (Pre-shared Key)
  • RADIUS (Remote Authentication Dial-in User Server) Federation

Frage 66

Frage
A user receives an email from ISP indicating malicious traffic coming from the user's home network is detected. The traffic appears to be Linux-based, and it is targeting a website that was recently featured on the news as being taken offline by an Internet attack. The only Linux device on the network is a home surveillance camera system. Which of the following BEST describes what is happening?
Antworten
  • The camera system is infected with a bot.
  • The camera system is infected with a RAT.
  • The camera system is infected with a Trojan.
  • The camera system is infected with a backdoor.

Frage 67

Frage
A company has developed a business critical system for its core automation process with a software vendor. Which of the following can provide access to the source code if the licencor declares bankruptcy?
Antworten
  • Software escrow
  • Software code review
  • Software change control
  • Software configuration management

Frage 68

Frage
An administrator is configuring a wireless network. Security policy states that deprecated cryptography should not be used when there is an alternative choice. Which of the following should the administrator use for the wireless network's cryptographic protocol?
Antworten
  • MD5 (Message Digest 5)
  • RC4 (Rivest Cipher v4)
  • TKIP (Temporal Key Integrity Protocol)
  • CCMP (Counter-Mode/CBC-Mac Protocol)
  • Diffie-Hellman

Frage 69

Frage
A security analyst is securing a Proxy Auto Configuration (PACS). One of the requirements is network isolation with no access to the Internet or networked computers. Given this scenario, which of the following should the analyst implement to BEST address this requirement?
Antworten
  • Set up a firewall rule blocking ports 80 and 443.
  • Set up an air-gapped environment.
  • Set up router and configure an ACL (Access Control List).
  • Set up a segmented VLAN (Virtual Local Area Network).

Frage 70

Frage
Which of the following are the primary differences between an incremental and differential backup? (Select TWO).
Antworten
  • Incremental backups take more time to complete.
  • Incremental backups take less time to complete.
  • Differential backups only back up files since the last full backup.
  • Differential backups use less disk space on the storage drive.
  • Incremental backups are less secure than differential backups.
  • Differential backups are faster than incremental backups.

Frage 71

Frage
When developing an application, executing a preconfigured set of instructions is known as:
Antworten
  • a code library.
  • code signing.
  • stored procedure.
  • infrastructure as code.

Frage 72

Frage
A group of developers is collaborating to write software for a company. The developers need to work in subgroups and restrict access to their modules. Which of the following access control methods is considered user-centric?
Antworten
  • Role-based
  • Mandatory
  • Rule-based
  • Discretionary

Frage 73

Frage
Which of the following BEST implements control diversity to reduce the risks associated with the authentication of employees into company resources?
Antworten
  • Enforcing the use of something you know and something you have for authentication
  • Requiring employees to sign the company's password and acceptable use policies
  • Implementing LDAP (Lightweight Directory Access Protocol) authentication for some systems and RADIUS (Remote Authentication Dial-in User Server) authentication for others
  • Publishing a password policy and enforcing password requirements via a GPO (Group Policy Object)

Frage 74

Frage
A security analyst is conducting a web application vulnerability scan against the company website. Which of the following is considered an intrusive scan?
Antworten
  • Ping sweep
  • Time-delay port scanning
  • Service identification
  • Cipher suite order

Frage 75

Frage
A company wishes to deploy a wireless network. Management insists that each individual user should have to authenticate with a unique username and password before being able to associate with the wireless access points. Which of the following wireless features would be the MOST appropriate to achieve this objective?
Antworten
  • WPA2 PSK (WiFi Protected Access 2 Pre-shared Key)
  • WEP (Wired Equivalent Privacy)
  • 802.11r
  • Captive portal
  • WPA Enterprise

Frage 76

Frage
Joe, a senior systems administrator, must leave for a family emergency. While Joe is absent, another systems administrator discovers Joe stole confidential company information. Which of the following organizational procedures would have detected this breach sooner?
Antworten
  • Background check
  • Separation of duties
  • Job rotation
  • Rules of behavior
  • Non-disclosure agreement

Frage 77

Frage
Some of the legacy systems in an organization are running old versions of the Windows OS and others are running Linux OSs, while new systems are running the latest release of the Windows OS. The systems are not running any legacy custom applications. The organization's Chief Information Officer (CIO) wishes to unify all systems to reduce cost and enhance the security posture of the organization, without losing data or causing data leakage. Which of the following would be the BEST course of action to take?
Antworten
  • Reconfigure all existing machines to have the latest release of Windows OS.
  • Restore all machines to default configurations.
  • Upgrade part of the legacy systems' infrastructure and perform OS updates.
  • Treat all legacy machines as end-of-life systems and replace them.

Frage 78

Frage
Finance department employees are reporting slow network connectivity and SSL/TLS certificate errors when they access secure websites. A security administrator suspects a computer in the finance VLAN may have been compromised and is impersonating the router's IP address using an MITM attack. Which of the following commands should the security administrator use to verify this finding?
Antworten
  • arp
  • route
  • tracert
  • nmap
  • nslookup

Frage 79

Frage
The Chief Information Security Officer (CISO) of an organization has tasked the security analysis team with researching and developing a multifactor authentication alternative to the existing single-factor version. The team decides that multifactor, for this organization, will mean three separate and distinct authentication methods. Which of the following options BEST meets this requirement?
Antworten
  • Retina scan, blood sample, token
  • Token, certificate, voice recognition
  • Fingerprint, token, challenge question
  • PIV, token, challenge question

Frage 80

Frage
A security consultant is gathering information about the frequency of a security threat's impact to an organization. Which of the following should the consultant use to label the number of times an attack can be expected to impact the organization in a 365-day period?
Antworten
  • ARO (Annualized Rate of Occurrence)
  • MTBF (Mean Time Between Failures)
  • ALE (Annualized Loss Expectancy)
  • MTTR (Mean Time to Recover or Mean Time to Repair)
  • SLA (Service Level Agreement)

Frage 81

Frage
A security specialist must confirm file backups match the original copy. Which of the following should the security specialist use to accomplish the objective?
Antworten
  • AES (Advanced Encryption Standard)
  • 3DES (Triple Digital Encryption Standard)
  • MD5 (Message Digest 5)
  • RSA (Rivest, Shamir, & Adleman)

Frage 82

Frage
Which of the following BEST describes the impact of an unremediated session timeout vulnerability?
Antworten
  • The credentials of a legitimate user could be intercepted and reused to log in when the legitimate user is offline.
  • An attacker has more time to attempt brute-force password cracking.
  • More than one user may be allowed to concurrently connect to the system, and an attacker can use one of those concurrent connections.
  • An attacker could use an existing session that has been initiated by a legitimate user.

Frage 83

Frage
The Chief Information Security Officer (CISO) of a university is concerned about potential transmission of usernames and passwords in cleartext when authenticating to a directory server. Which of the following would BEST mitigate the CISO's concerns?
Antworten
  • SFTP (Secured File Transfer Protocol)
  • SNMPv3 (Simple Network Management Protocol ver 3)
  • LDAPS (Lightweight Directory Access Protocol using SSL/TLS encryption)
  • SMB (Server Message Block)

Frage 84

Frage
A company has been experiencing many successful email phishing attacks, which have been resulting in the compromise of multiple employees' accounts when employees reply with their credentials. The security administrator has been notifying each user and resetting the account passwords when accounts become compromised. Regardless of this process, the same accounts continue to be compromised even when the users do not respond to the phishing attacks. Which of the following are MOST likely to prevent similar account compromises? (Select TWO).
Antworten
  • Enforce password reuse limitations.
  • Enable password complexity.
  • Reset the account security questions.
  • Configure account lockout.
  • implement time-of-day restrictions.

Frage 85

Frage
After an employee reported slow network speeds and application responsiveness, the help desk asked the company's security administrator to review the following firewall logs from the employee's computer: 2017-05-30 12:12:31 ALLOW TCP 192.168.1.236 192.168.1.1 30295 21 2017-05-30 12:12:32 ALLOW TCP 192.168.1.236 192.168.1.1 30296 22 2017-05-30 12:12:33 ALLOW TCP 192.168.1.236 192.168.1.1 30296 25 2017-05-30 12:12:33 ALLOW TCP 192.168.1.236 192.168.1.1 30297 80 2017-05-30 12:12:33 DROP TCP 84.176.55.103 192.168.1.236 10434 445 Which of the following can the security administrator infer and report to the help desk based on the above logs?
Antworten
  • The employee's computer is being actively scanned.
  • The employee's computer is infected with a worm.
  • The employee's computer firewall should be enabled.
  • The computer's router is actively listening to unneeded services.

Frage 86

Frage
A penetration tester uses an exploited network printer as a base of operations to expand access to various workstations. Which of the following BEST describes the tester's actions?
Antworten
  • Pivoting
  • Passive reconnaissance
  • Active reconnaissance
  • Persistence

Frage 87

Frage
A security engineer is making changes to a corporate network to facilitate the expansion of corporate connectivity to guest users. The security engineer is concerned with unauthorized users accessing sensitive systems that also require network connectivity. Given the engineer's requirements, which of the following is the BEST method of securing the sensitive systems?
Antworten
  • Place the sensitive systems in an isolated VLAN (Virtual Local Area Network).
  • Place an air gap around the sensitive systems.
  • Virtualize the guest wireless infrastructure.
  • Place the guest WAPS (wireless access point) on a honeypot.

Frage 88

Frage
A network technician must update the company's wireless configuration settings to comply with new requirements, which means the use of AES encryption. Which of the following settings would BEST ensure the requirements are met?
Antworten
  • Configure CCMP (Counter-Mode/CBC-Mac Protocol).
  • Require TKIP (Temporal Key Integrity Protocol).
  • Implement WPA (WiFi Protected Access).
  • Implement 802.1x.

Frage 89

Frage
After a significant amount of hiring, an organization would like to simplify the connection process to its wireless network for employees while ensuring maximum security. The Chief Information Officer (CIO) wants to get rid of any shared network passwords and require employees to use their company credentials when connecting. Which of the following should be implemented to BEST meet this requirement?
Antworten
  • PSK (Pre-shared Key)
  • 802.1x
  • CCMP (Counter-Mode/CBC-Mac Protocol)
  • TKIP (Temporal Key Integrity Protocol)

Frage 90

Frage
An auditor confirms the risk associated with a Windows-specific vulnerability, which was discovered by the company's security tool, does not apply due to the server running a LInux OS. Which of the following does this BEST describe?
Antworten
  • Inherent risk
  • Attack vector
  • False positive
  • Remediation

Frage 91

Frage
An employee has been writing a secure shell around software used to secure executable files. The employee has conducted the appropriate self-test and is ready to move the software into the next environment. Within which of the following environments is the employee currently working?
Antworten
  • Staging
  • Test
  • Development
  • Production

Frage 92

Frage
A security administrator wants to prevent standard users from running software they downloaded or copied to the computer. The security administrator find the following permissions on the computer: Folder Location Administrator Permissions Standard User Permissions C:\ RW RW C:\OperatingSystem\ RW R C:\Programs\ RW R C:\TEMP\ RW RW C:\ShippingDATA RW RW C:\Users\User1 R RW C:\Users\Admin RW . The administrator needs to create a policy that specifies from which folders a low-privilege user can run applications. Which of the following application whitelist configurations would BEST accomplish this task?
Antworten
  • Allow: * Block: C:\TEMP, C:\Shipping DATA, C:\Users\User1
  • Allow: C:\, C:\OperatingSystem, C:\Programs, C:\Users\User1 Block: C:\TEMP, C:\ShippingDATA, C:\Users\User1
  • Allow: C:\ Block: C:\TEMP, C:\ShippingDATA, C:\Users\User1
  • Allow: C:\OperatingSystem\, C: Programs Block: *

Frage 93

Frage
A network administrator is downloading the latest software for the organization's core switch. The downloads page allows users to view the checksum values for the available files. The network administrator is shows the following when viewing the checksum values for the TB_16.swi.file: Checksum values for the downloaded file: MD5 d50b2b04cfb168eec8 SHA1 6a49065705a43de83dfa9e94 SHA256 7123fb644fbabdda6a73f6e6bc833e2cf12 After downloading the file, the network administrator runs a command to show the following output: Algorithm Hash Patch SHA256 5fdbbfb644fbabdda000006e6bc833e2c968 C:\Users\bsmith\YB_16.swi SHA256 64ccbfbaf4fb96dda6a7373e9bcf62e3c244 C:\Users\bsmith\AA_15.swi SHA1 12fec6aabc9ce87fee654abc C:\Users\bsmith\KB_09.swi MD5 5fdbbfb644fbadda6 C:\Users\bsmith\KA_01.swi Which of the following can be determined from the above output?
Antworten
  • The download file was only hashed with SHA-256.
  • The download file has been corrupted or tampered with.
  • The download file should not be used because it was not hashed with MD5.
  • The download file should not be used because its hash differs from the hash of AA_15.swi

Frage 94

Frage
A security engineer at a manufacturing company is implementing a third-party cloud application. Rather than create users manually in the application, the engineer decides to use the SAML protocol. Which of the following is being used for this implementation?
Antworten
  • The manufacturing company is the service provider, and the cloud company is the identity provider.
  • The manufacturing company is the authorization provider, and the cloud company is the service provider.
  • The manufacturing company is the identity provider, and the cloud company is the OAuth provider.
  • The manufacturing company is the identity provider, and the cloud company is the service provider.
  • The manufacturing company is the service provider, and the cloud company is the authorization provider.

Frage 95

Frage
An energy company is in the final phase of testing its new billing service. The testing team wants to use production data in the test system for stress testing. Which of the following is the BEST way to use production data without sending false notification to the customers?
Antworten
  • Back up and archive the production data to an external source.
  • Disable notifications in the production system
  • Scrub the confidential information.
  • Encrypt the data prior to the stress test.

Frage 96

Frage
A company is looking for an authentication protocol that uses tickets and time stamps to ensure the validity of requests and prevent against replay attacks. Which of the following would be BEST suited to meet this requirement?
Antworten
  • TACACS+ (Terminal Access Controller Access Control System Plus)
  • Kerberos
  • RADUIS (Remote Authentication Dial-in User Server)
  • MSCHAP (Microsoft Challenge Handshake Authentication Protocol)

Frage 97

Frage
The payroll department has contacted the security team regarding an anomaly with amounts paid via the weekly payroll file. The security analyst is provided the following log from the server (see image). Which of the following is the MOST likely reason for the anomaly?
Antworten
  • The file was corrupted in transit.
  • The file was transferred to the wrong destination.
  • The connection was refused by the destination.
  • The file was compromised before being sent.

Frage 98

Frage
A network administrator is reviewing the following IDS logs: ALERT: 192.168.1.20:1027 -> 192.168.1.21:445 malicious payload detected ALERT: 192.168.1.20:1034 -> 192.168.1.21:445 malicious payload detected ALERT: 192.168.1.20:2041 -> 192.168.1.21:445 malicious payload detected ALERT: 192.168.1.20:1165 -> 192.168.1.21:445 malicious payload detected Based on the above information, which of the following types of malware is triggering the IDS?
Antworten
  • Worm
  • Logic Bomb
  • Rootkit
  • Backdoor

Frage 99

Frage
Which of the following security controls provides an alternative solution to a control that would be considered unpractical or excessively expensive?
Antworten
  • Deterrent
  • Compensating
  • Technical
  • Administrative

Frage 100

Frage
An organization has an account management policy that defines parameters around each type of account. The policy specifies different security attributes, such as longevity, usage auditing, password complexity, and identity proofing. The goal of the account management policy is to ensure the highest level of security while providing the greatest availability without compromising data integrity for users. Which of the following account types should the policy specify for service technicians from corporate partners?
Antworten
  • Guest account
  • User account
  • Shared account
  • Privileged user account
  • Default account
  • Service account

Frage 101

Frage
The network team has detected a large amount of traffic between workstations on the network. The traffic was initially very light, but it is increasing exponentially as the day progresses. Which of the following types of malware might be suspected?
Antworten
  • Backdoor
  • Rootkit
  • Worm
  • Spyware

Frage 102

Frage
A security analyst has been dealing with a large number of malware infections on workstations with legacy operating systems. The infections are not being detected by the current AV suite. Further analysis shows that the signatures are up-to-date and the AV engines are functioning correctly. The company is unable to afford next-generation AV that prevents these types of attacks. Which of the following methods should the security analyst employ to prevent future outbreaks?
Antworten
  • Application whitelisting
  • Patch management
  • Host-based intrusion detection
  • File integrity monitoring

Frage 103

Frage
An organization wants to ensure servers and applications can be deployed rapidly, in a consistent manner, and allow for flexible configuration changes. Which of the following should the organization use to make this process repeatable across multiple locations?
Antworten
  • Redundancy
  • Templates
  • Snapshots
  • Elasticity
  • Configuration validation

Frage 104

Frage
Which of the following staging environments is MOST likely to be a one-to-one mapping with the production environment and used for testing and validation prior to "go live"?
Antworten
  • Quality assurance
  • Development
  • Production
  • Test

Frage 105

Frage
Which of the following would be MOST effective in reducing tailgating incidents?
Antworten
  • Mantrap
  • Faraday cage
  • Motion detection
  • Bollards

Frage 106

Frage
The human resources department is outsourcing much of its operations to a third party. As part of the process, the local human resources data needs to be transmitted to the third party over the Internet. Which of the following is the BEST way to transmit the data?
Antworten
  • SFTP (Secured File Transfer Protocol)
  • DNSSEC (Domain Name System Security Extensions)
  • SNMPv3 (Simple Network Management Protocol)
  • LDAPs (Lightweight Directory Access Protocol Secure)

Frage 107

Frage
Management wishes to add another authentication factor in addition to fingerprints and passwords in order to have three-factor authentication. Which of the following would BEST satisfy this request?
Antworten
  • Retinal scan
  • Passphrase
  • Token fob
  • Security question

Frage 108

Frage
Vendor diversity is considered an architectural best practice because:
Antworten
  • it prevents vulnerabilities from spreading from device to device in a crisis.
  • it mitigates the risk of a programming flaw affecting the entire architecture.
  • it allows for more user training to be conducted on different equipment.
  • it transfers the risk associated with vulnerable devices to multiple vendors.

Frage 109

Frage
A recent audit contained significant findings for several servers, including those included on the attached table. In the future, which of the following capabilities would enable administrators to detect these issues proactively?
Antworten
  • Credentialed vulnerability scan
  • Non-credentialed vulnerability scan
  • Automatic file integrity checking
  • Manual file integrity checking
  • Log collection and correlation

Frage 110

Frage
Which of the following are used to substantially increase the computation time required to crack a password? (Select TWO).
Antworten
  • BCRYPT
  • Substitution cipher
  • ECDHE (Elliptic Curve Diffie-Hellman Ephemeral)
  • PBKDF2 (Password-based Key Derivation Function 2)
  • Diffe-Hellman

Frage 111

Frage
A security analyst wants to limit the use of USB and external drives to protect against malware, as well as protect files leaving a user's computer. Which of the following is the BEST method to use?
Antworten
  • Firewall
  • Router
  • Antivirus software
  • Data loss prevention

Frage 112

Frage
An organization would like to grant access to its wireless network to users who are visiting from another trusted organization by authenticating the visiting users at their home organization. Which of the following is the organization's BEST option?
Antworten
  • Radius Federation
  • Captive portal
  • OCSP (Online Certificate Status Protocol)
  • Certificate chaining

Frage 113

Frage
A network technician is trying to set up a secure method for managing users and groups across the enterprise. Which of the following protocols is MOST likely to be used?
Antworten
  • LDAPS (Lightweight Directory Access Protocol Secure)
  • SFTP (Secure File Transfer Protocol)
  • NTLM (New Technology LAN Manager)
  • SNMPv3 (Simple Network Management Protocol)

Frage 114

Frage
A Chief Executive Officer (CEO) of an organization receives an email stating the CEO's account may have been compromised. The email further directs the CEO to click on a link to update the account credentials. Which of the following types of attacks has MOST likely occurred?
Antworten
  • Pharming
  • Hoax
  • Whaling
  • Spear phishing

Frage 115

Frage
A security analyst identified an SQL injection attack. Which of the following is the FIRST step in remediating the vulnerability?
Antworten
  • Implement stored procedures.
  • Implement input validations.
  • Implement proper error handling.
  • Implement a WAF (Web Application Firewall).

Frage 116

Frage
To get the most accurate results on the security posture of a system, which of the following actions should the security analyst do prior to scanning?
Antworten
  • Log all users out of the system.
  • Patch the scanner.
  • Reboot the target host.
  • Update the plugins.

Frage 117

Frage
When using a cryptographic function to store a password, which of the following should be used to avoid similar output from similar passwords?
Antworten
  • Hashing
  • Field Padding
  • Salting
  • Key rotating

Frage 118

Frage
A security administrator is performing a test to determine if a server is vulnerable to compromise through unnecessary ports. Which of the following tools would assist the security administrator in gathering the required information?
Antworten
  • tcpdump
  • netcat
  • nslookup
  • nmap
  • dig

Frage 119

Frage
A security consultant wants to see what information can be obtained by banner grabbing the company's web servers. There are more than 100 web servers, and the consultant would like to perform and aggregate the information quickly. Which of the following is the MOST time-efficient way to accomplish this task?
Antworten
  • Use netcat to establish a connection to each web server.
  • Run tcpdump on each web server for the organization.
  • Use dig to return results for each web server address.
  • Run netstat on each webserver in the organization.
  • Use ssh to connect to port 80 on each web server.

Frage 120

Frage
A third-party penetration testing company was able to successfully use an ARP cache poison technique to gain root access on a server. The tester successfully moved to another server that was not in the original network. Which of the following is the MOST likely method used to gain access to the other host?
Antworten
  • Backdoor
  • Pivoting
  • Persistence
  • Logic bomb

Frage 121

Frage
A company was recently audited by a third party. The audit revealed the company's network devices were transferring files in the clear. Which of the following protocols should the company use to transfer files?
Antworten
  • HTTPS (Hypertext Transfer Protocol over SSL/TLS)
  • LDAPS (Lightweight Directory Access Protocol Secure)
  • SCP (Secure Copy)
  • SNMPv3 (Simple Network Management Protocol)

Frage 122

Frage
A security administrator is configuring a RADIUS server for wireless authentication. The configuration must ensure client credentials are encrypted end-to-end between the client and the authenticator. Which of the following protocols should be configured on the RADIUS server? (Select TWO).
Antworten
  • PAP (Password Authentication Protocol)
  • MSCHAP (Microsoft Challenge Handshake Authentication Protocol)
  • PEAP (Protected Extensible Authentication Protocol)
  • NTLM (New Technology LAN Manager)
  • SAML (Security Assertions Markup Language)

Frage 123

Frage
A security engineer is working with the CSIRT to investigate a recent breach of client data to the improper use of cloud-based tools. The engineer finds that an employee was able to access cloud-based storage platform from the office and upload data for the purposes of doing work from home after hours. Such activity is prohibited by policy, but no preventive control is in place to block such activities. Which of the following controls would have prevented this breach?
Antworten
  • Network-based IPS (Intrusion Prevention System)
  • Host-based DLP (Data Loss Prevention)
  • Host-based IDS (Intrusion Detection System)
  • NAC-based TACACS+ (Network Access Control / Terminal Access Controller Access Control System Plus)

Frage 124

Frage
A security analyst reviews the following log entry: 2017-01-13 1622CST 10.11.24.18 93242 148 TCP_HIT 200.200.0.223 _ OBSERVED POST HTTP/1.1.0. "Mozilla 1." www.dropbox.com Financial_Report_2016_CONFID.pdf, 13MB, MS-RTC LM8; .NET CLR 3.0.4509.1392, Jane.Doe Which of the following security issues can the analyst identify?
Antworten
  • Data exfiltration
  • Access violation
  • Social engineering
  • Unencrypted credentials

Frage 125

Frage
A network administrator receives a support ticket from the security operations team to implement secure access to the domain. The support ticket contains the following information: Source: 192.168.1.137 Destination: 10.113.10.8 Protocol: TCP Ports: 636 Time-of-day restriction: None Proxy bypass required: Yes Which of the following is being requested to be implemented?
Antworten
  • DNSSEC (Domain Name System Security Extensions)
  • S/MIME (Secure/Multipurpose Internet Mail Extensions)
  • LDAPS (Lightweight Directory Access Protocol Secure)
  • RDP (Remote Desktop Protocol)

Frage 126

Frage
A CSIRT has completed restoration procedures related to a breach of sensitive data and is creating documentation used to improve future response activities and coordination among team members. Which of the following information would be MOST beneficial to include in lessons learned documentation? (Select TWO).
Antworten
  • A summary of approved policy changes based on the outcome of the incident
  • Details of any communication challenges that hampered initial response times
  • Details of man-hours and related costs associated with the breach, including lost revenue
  • Details regarding system restoration activities completed during the response activity
  • Suggestions for potential areas of focus during quarterly training activities
  • Suggestions of tools that would provide improved monitoring and auditing of system access

Frage 127

Frage
A consumer purchases an exploit from the dark web. The exploit targets the online shopping cart of popular website, allowing the shopper to modify the price of an item at checkout. Which of the following BEST describes this type of user?
Antworten
  • Insider
  • Script Kiddie
  • Competitor
  • Hacktivist
  • APT

Frage 128

Frage
As part of a corporate merger, two companies are combining resources. As a result, they must transfer files through the internet in a secure manner. Which of the following protocols would BEST meet this objective? (Select Two)
Antworten
  • LDAPS (Lightweight Directory Access Protocol Secure)
  • SFTP (Secure File Transfer Protocol)
  • HTTPS (Hypertext Transfer Protocol over SSL/TLS)
  • DNSSEC (Domain Name System Security Extensions)
  • SRTP (Secure Real-Time Protocol)

Frage 129

Frage
A security analyst is doing a vulnerability assessment on a database server. The scanning tool returns the following information: Database: CustomerAccess1 Column: Password Data type: MD5 Hash Salted?: No There have been several security breaches on the web server that accesses this database. The security team is instructed to mitigate the impact of any possible breaches. The security team is also instructed to improve the security on this database by making it less vulnerable to offline attacks. Which of the following would BEST accomplish these goals? (Select TWO).
Antworten
  • Start using salts to generate MD5 password hashes.
  • Generate password hashes using SHA-256.
  • Force users to change passwords the next time they log on.
  • Limit users to five attempted logins before they are locked out.
  • Require the web server to only use TLS 1.2 encryption.

Frage 130

Frage
A user needs to transmit confidential information to a third party. Which of the following should be used to encrypt the message?
Antworten
  • AES (Advanced Encryption Standard)
  • SHA-2 (Secure Hashing Algorithm ver 2)
  • SSL (Secure Sockets Layer)
  • RSA (Rivest, Shamir, & Adleman)

Frage 131

Frage
Which of the following BEST describes the process of altering the bits of a media file to embed a hidden message?
Antworten
  • Encryption
  • Diffusion
  • Stenography
  • Hashing

Frage 132

Frage
An incident response analyst at a large corporation is reviewing proxy log data. The analyst believes a malware infection may have occurred. Upon further review, the analyst determines the computer responsible for the suspicious network traffic is used by the Chief Executive Officer (CEO). Which of the following is the best NEXT step for the analyst to take?
Antworten
  • Call the CEO directly to ensure awareness of the event.
  • Run a malware scan on the CEO's workstation.
  • Reimage the CEO's workstations.
  • Disconnect the CEO's workstation from the network.

Frage 133

Frage
An organization is providing employees on the shop floor with computers that will log their time based on when they sign on and off the network. Which of the following account types should the employee receive?
Antworten
  • Shared account
  • Privileged account
  • User account
  • Service account

Frage 134

Frage
While troubleshooting a client application connecting to the network, the security administrator notices the following error: Certificate is not valid. Which of the following is the BEST way to check if the digital certificate is valid?
Antworten
  • PKI (Public Key Infrastructure)
  • CRL (Certificate Revocation List)
  • CSR (Certificate Signing Request)
  • IPSec (Internet Protocol Security)

Frage 135

Frage
Which of the following types of embedded systems is required in manufacturing environments with life safety requirements?
Antworten
  • MFD (Multi-Function Device)
  • RTOS (Real-time Operating System)
  • SoC (System on Chip)
  • RTU

Frage 136

Frage
Which of the following access management concepts is MOST closely associated with the use of a password or PIN?
Antworten
  • Authorization
  • Authentication
  • Accounting
  • Identification

Frage 137

Frage
A security administrator wants to determine if a company's web servers have the latest operating system and application patches installed. Which of the following types of vulnerability scan should be conducted?
Antworten
  • Non-credentialed
  • Passive
  • Port
  • Credentialed
  • Red team
  • Active

Frage 138

Frage
A security analyst, who is analyzing the security of the company's web server, receives the following output: POST http://www.acme.com/AuthenticationServlet HTTP/1.1 HOST: www.acme.com accept: text/xml, application/xml, application/xhtml + xml Keep-Alive: 300 Connection: keep-alive Referer: http//acme.com/index.jsp Cookie: JSESSIONID+LvzZRJJXgwyWPWEQMhS49vtW1yJdvn78CG1Kp5jTvvChDyPknm4t ! Content-type: application/x-www-form-urlencoded Content-length: 64 delegate_service=131&user=acme1&pass=test&submit=SUBMIT Which of the following is the issue:
Antworten
  • Code signing
  • Stored procedures
  • Access violations
  • Unencrypted credentials

Frage 139

Frage
Which of the following is a compensating control that will BEST reduce the risk of weak passwords?
Antworten
  • Requiring the use of one-time tokens
  • Increasing password history retention count
  • Disable user accounts after exceeding maximum attempts
  • Setting expiration of user passwords to a shorter time

Frage 140

Frage
A DFIR analyst is collecting log data from multiple global locations. Which of the following must the DFIR analyst do to properly utilize the logs for forensic analysis?
Antworten
  • Log encryption
  • Filling out chain of custody
  • Time normalization
  • Time-sheet update

Frage 141

Frage
Which of the following access management concepts is associated with file permissions?
Antworten
  • Authentication
  • Accounting
  • Authorization
  • Identification

Frage 142

Frage
Which of the following differentiates ARP poisoning from a MAC spoofing attack?
Antworten
  • ARP (Address Resolution Protocol) poisoning uses unsolicited ARP replies.
  • ARP poisoning overflows a switch CAM table.
  • MAC spoofing uses DHCPOFFER/DHCPACK packets.
  • MAC spoofing can be performed across multiple routers.

Frage 143

Frage
A technician is evaluating malware that was found on the enterprise network. After reviewing samples of the malware binaries, the technician finds each has a different hash associated with it. Which of the following types of malware is MOST likely present in the environment?
Antworten
  • Trojan
  • Polymorphic worm
  • Logic bomb
  • Armored virus

Frage 144

Frage
An employee is having issues when attempting to access files on a laptop. The machine was previously running slow, and many files were not accessible. The employee is not able to access the hard drive the next day, and all file names were changed to some random names. Which of the following BEST represents what compromised the machine?
Antworten
  • Ransomware
  • Worm
  • Crypto-malware
  • RAT

Frage 145

Frage
An organization employee resigns without giving adequate notice. The following day, it is determined that the employee is still in possession of several company-owned mobile devices. Which of the following could have reduced the risk of this occurring? (Select TWO).
Antworten
  • Proper offboarding procedures
  • Acceptable use policies
  • Non-disclosure agreements
  • Exit interviews
  • Background checks
  • Separation of duties

Frage 146

Frage
A website form is used to register new students at a university. The form passed the unsanitized values entered by the user and uses them to directly add the student's information to several core systems. Which of the following attacks can be used to gain further access due to this practice?
Antworten
  • Cross-site request forgeries
  • XSS (Cross-site Scripting) attacks
  • MitM (Man-in-the-Middle) attacks
  • SQL (Structured Query Language) injection

Frage 147

Frage
A penetration testing team deploys a specifically crafted payload to a web server, which results in opening a new session as the web server daemon. This session has full read/write access to the file system and the admin console. Which of the following BEST describes the attack?
Antworten
  • Domain hijacking
  • Injection
  • Buffer overflow
  • Privilege escalation

Frage 148

Frage
An organization wants to move its operations to the cloud. The organization's systems administrator will still maintain control of the servers, firewalls and load balancers in the cloud environment. Which of the following models is the organization considering?
Antworten
  • SaaS (Service as a Software)
  • IaaS (infrastructure as a Service)
  • PaaS (Platform as a Service)
  • MaaS (Monitoring as a Service)

Frage 149

Frage
After a recent security breach at a hospital, it was discovered that nursing staff members, who were working the overnight shift, searched for and accessed private health information for local celebrities who were patients at the hospital. Which of the following would have enabled the hospital to discover this behavior BEFORE a breach occurred?
Antworten
  • Time-of-day restrictions
  • Usage reviews
  • Periodic permission audits
  • Location-based policy enforcement

Frage 150

Frage
To help prevent against a SQL injection, which of the following functions should the application developer implement?
Antworten
  • Error handling
  • Code signing
  • Input validation
  • Model verification

Frage 151

Frage
The Chief Executive Officer (CEO) has asked a junior technician to create a folder in which the CEO can place sensitive files. The technician later finds the information within these files is the topic of conversation around the company. When this information gets back to the CEO, the technician is called in to explain. Which of the following MOST likely occurred?
Antworten
  • Access violations
  • Permission issues
  • Data exfiltration
  • Certificate issues

Frage 152

Frage
A Chief Information Security Officer (CISO) is concerned about insider threats compromising credentials related to service accounts on internal servers. A security analyst is tasked with developing a solution that will allow for the collection and analysis of log data in a simulated environment, which represents the production environment. Which of the following solutions would BEST satisfy the CISO's requirements?
Antworten
  • Bastion host
  • Evil twin
  • Honeynet
  • Vampire tap
  • Script kiddie

Frage 153

Frage
Users are able to reach the login page of their company website from home using HTTP. A network administrator disables HTTP and implements SSL. However, after the implementation, home users cannot access the login page of the company website. Which of the following is the MOST likely reason the site is unavailable?
Antworten
  • The user's browsers are not equipped for SSL (Secure Socket Layer).
  • The company website implements HTTP (Hypertext Transfer Protocol) redirects.
  • The company firewall is blocking port 443 traffic.
  • The company web server is using an expired certificates

Frage 154

Frage
During a routine review of firewall log reports, a security technician notices multiple successful logins for the admin user during unusual hours. The technician contacts the network administrator, who confirms the logins were not related to the administrator's activities. Which of the following is the MOST likely reason for these logins?
Antworten
  • Firewall maintenance service windows were scheduled.
  • Default credentials were still in place.
  • The entries in the log were created by the file integrity monitoring system.
  • A blue team was conducting a penetration test on the firewall.

Frage 155

Frage
An organization is deploying a new system to the production environment. A security analyst discovers the system is not properly hardened or patched. Which of the following BEST describes the scenario?
Antworten
  • A secure baseline was not established early in the process.
  • User acceptance testing was not completed.
  • Integrity checks were not conducted to ensure it was in the correct system.
  • An application code error was introduced during the development phase.

Frage 156

Frage
Which of the following computer recovery sites is the least expensive and the most difficult to test at the same time?
Antworten
  • Non-mobile hot site
  • Mobile hot site
  • Warm site
  • Cold site

Frage 157

Frage
A security specialist is notified about a certificate warning that users receive when using a new internal website. After being given the URL from one of the users and seeing the warning, the security specialist inspects the certificate and realizes it has been issued to the IP address, which is how the developers reach the site. Which of the following would BEST resolve the issue?
Antworten
  • OSCP (Online Certificate Status Protocol)
  • OID (Object Identifier)
  • PEM (Privacy-enhanced Electronic Mail)
  • SAN (Alternative Name)

Frage 158

Frage
Compared to a non-credentialed scan, which of the following is a unique result of a credentialed scan?
Antworten
  • Uncommon open ports on the host
  • Outdated software versions on the host
  • Self-signed certificate on the host
  • Fully qualified domain name

Frage 159

Frage
A company is implementing an internal PKI. The design will include a CA and a subordinate CA. Which of the following CA design choices should be considered prior to implementation?
Antworten
  • Wildcard vs. standard certificate
  • Subject field vs. subject alternative name field
  • Private vs. public
  • Online vs. offline
  • Stapling vs. pinning

Frage 160

Frage
An employee in the finance department receives an email, which appears to come from the Chief Financial Officer (CFO), instructing the employee to immediately wire a large sum of money to a vendor. Which of the following BEST describes the principles of social engineering used? (Select TWO).
Antworten
  • Familiarity
  • Scarcity
  • Urgency
  • Authority
  • Consensus

Frage 161

Frage
A member of the IR team has identified an infected computer. Which of the following IR phases should the team member conduct NEXT?
Antworten
  • Eradication
  • Recovery
  • Lessons learned
  • Containment

Frage 162

Frage
A retail store recently deployed tablets for sales employees to use while assisting customers. Two of the tablets have already been lost or stolen. Which of the following would be the BEST way for the store to secure the tablets against future loss or theft?
Antworten
  • Cable locks
  • Screen filters
  • Geocaching
  • Remote wipe

Frage 163

Frage
A company has just adopted the BYOD deployment methodology. The company is unsure how to address the new trend and has requested assistance from a consultant. Given this scenario, which of the following should the consultant recommend? (Select TWO).
Antworten
  • Use password-enabled lock screens.
  • Implement an MDM solution.
  • Configure time-of-day restrictions.
  • Disable personal email.
  • Implement application whitelisting.
  • Deny access to the corporate portal.

Frage 164

Frage
A security engineer at a manufacturing company is implementing a third-party cloud application. Rather than create users manually in the application, the engineer decides to use the SAML protocol. Which of the following is being used for this implementation?
Antworten
  • The manufacturing company is the service provider, and the cloud company is the identity provider.
  • The manufacturing company is the authorization provider, and the cloud company is the service provider.
  • The manufacturing company is the identity provider, and the cloud company is the OAuth provider.
  • The manufacturing company is the identity provider, and the cloud company is the service provider.
  • The manufacturing company is the service provider, and the cloud company is the authorization provider.

Frage 165

Frage
A security engineer is configuring a wireless network. The security requirements for the network are: - Mutual authentication of wireless clients and the authentication server - Client authentication must be username and password - Cannot use a certificate on the authentication server Which of the following protocols BEST meets these requirements?
Antworten
  • EAP (Extensible Authentication Protocol)
  • EAP-TLS (Extensible Authentication Protocol-Transport Layer Security)
  • EAP-TTLS (Extensible Authentication Protocol-Tunneled Transport Layer Security)
  • EAP-FAST (Extensible Authentication Protocol-Flexible Authentication via Secure Tunneling)

Frage 166

Frage
A security administrator wants to implement least privilege access for a network share that stores sensitive company data. The organization is particularly concerned with the integrity of data and implementing discretionary access control. The following controls are available: Read = A user can read the content of an existing file. Write = A user can modify the content of an existing file and delete an existing file. Create = A user can create a new file and place data with the file. A missing control means the users does not have that access. Which of the following configurations provides the appropriate control to support the organization's requirements?
Antworten
  • Owners: Read, Write, Create Group Members: Read, Write Others: Read, Write
  • Owners: Read, Write, Create Group Members: Read, Write, Create Others: Read
  • Owners: Read, Write Group Members: Read, Create Others: Read, Create
  • Owners: Write, Create Group Members: Read, Create Others: Read, Write, Create

Frage 167

Frage
A security team has deployed a new UTM to connect different segments of the corporate network. In addition to the UTM, each host has its own firewall and HIPS. The new UTM implements many of the same protections as the host-based firewall and HIPS, but the security team plans to leave both of these protections in place. Which of the following BEST describes the reason for this redundancy?
Antworten
  • Having multiple security devices can result in faster performance.
  • The UTM cannot protect against threats from outside the network.
  • Multiple forms of protection is preferred over single points of failure.
  • A UTM cannot perform malware analysis, but a HIPS can.

Frage 168

Frage
A security consultant is gathering information about the frequency of a security threat's impact to an organization. Which of the following should the consultant use to label the number of times an attack can be expected to impact the organization in a 365-day period?
Antworten
  • ARO (Annualized Rate of Occurnce
  • MTBF (Mean Time Between Failures)
  • ALE (Annualized Loss Expectancy)
  • MTTR (Mean Time to Recover or Mean Time to Repair)
  • SLA (Service Level Agreement)

Frage 169

Frage
When sending messages using symmetric encryption, which of the following must happen FIRST?
Antworten
  • Echange encryption key
  • Establish digital signatures
  • Agree on an encryption method
  • Install digital certificate

Frage 170

Frage
While troubleshooting a client application connecting to the network, the security administrator notices the following error: Certificate is not valid. Which of the following is the BEST way to check if the digital certificate is valid?
Antworten
  • PKI (Public Key Infrastructure)
  • CRL (Certificate Revocation List)
  • CSR (Certificate Signing Request)
  • IPSec (Internet Protocol Security)

Frage 171

Frage
When attempting to secure a mobile workstation, which of the following authentication technologies rely on the user's physical characteristics? (Select TWO)
Antworten
  • MAC address table
  • Retina scan
  • Fingerprint scan
  • Two-factor authentication
  • CAPTCHA
  • Password string

Frage 172

Frage
A penetration tester has written an application that performs a bit-by-bit XOR 0xFF operation on binaries prior to transmission over untrusted media. Which of the following BEST describes the action performed by this type of application?
Antworten
  • Hashing
  • Key exchange
  • Encryption
  • Obfuscation

Frage 173

Frage
Two users must encrypt and transmit large amounts of data between them. Which of the following should they use to encrypt and transmit the data?
Antworten
  • Symmetric algorithm
  • Hash function
  • Digital signature
  • Obfuscation

Frage 174

Frage
A new Chief Information Officer (CIO) has been reviewing the badging and decides to write a policy that all employees must have their badges rekeyed at least annually. Which of the following controls BEST describes this policy?
Antworten
  • Physical
  • Corrective
  • Technical
  • Administrative

Frage 175

Frage
A security analyst is mitigating a pass-the-hash vulnerability on a Windows infrastructure. Given the requirement, which of the following should the security analyst do to MINIMIZE the risk?
Antworten
  • Enable CHAP (Challenge Handshake Authentication Protocol)
  • Disable NTLM (New Technology LAN Manager)
  • Enable Kerberos
  • Disable PAP (Password Authentication Protocol)

Frage 176

Frage
A stock trading company had the budget for enhancing its secondary datacenter approved. Since the main site is a hurricane-affected area and the disaster recovery site is 100 mi (161 km) away, the company wants to ensure its business is always operational with the least amount of man hours needed. Which of the following types of disaster recovery sites should the company implement?
Antworten
  • Hot site
  • Warm site
  • Cold site
  • Cloud-based site

Frage 177

Frage
A company wants to ensure confidential data from storage media is sanitized in such a way that the drive cannot be reused. Which of the following method should the technician use?
Antworten
  • Shredding
  • Wiping
  • Low-level formatting
  • Repartitioning
  • Overwriting

Frage 178

Frage
An active/passive configuration has an impact on:
Antworten
  • Confidentiality
  • Integrity
  • Availability
  • Non-repudiation

Frage 179

Frage
A cybersecurity analyst is looking into the payload of a random packet capture file that was selected for analysis. The analyst notices that an internal host had a socket established with another internal host over a non-standard port. Upon investigation, the origin host that initiated the socket shows this output: usera@host>history mkdir /local/usr/bin/somedirectory nc -1 192.168.5.1 -p 9856 ping -c 30 8.8.8.8 -a 600 rm /etc/dir2/somefile rm -rm /etc/dir2/ traceroute 8.8.8.8 pakill pid 9487 usera@host> Given the above output, which of the following commands would have established the questionable socket?
Antworten
  • traceroute 8.8.8.8
  • ping -1 30 8.8.8.8 -a 600
  • nc -1 192.168.5.1 -p 9856
  • pskill pid 9487

Frage 180

Frage
A company was recently audited by a third party. The audit revealed the company's network devices were transferring files in the clear. Which of the following protocols should the company use to transfer files?
Antworten
  • HTTPS (Hypertext Transfer Protocol over SSL/TLS)
  • LDAPS (Lightweight Directory Access Protocol Secure)
  • SCP (Secure Copy)
  • SNMPv3 (Simple Network Management Protocol ver 3)

Frage 181

Frage
Which of the following is used to validate the integrity of data?
Antworten
  • CBC (Cipher Block Chaining)
  • Blowfish
  • MD5 (Message Digest 5)
  • RSA (Rivest, Shamir, & Adleman)

Frage 182

Frage
A security technician has been receiving alerts from several servers that indicate load balancers have had a significant increase in traffic. The technician initiates a system scan. The scan results illustrate that the disk space on several servers has reached capacity. The scan also indicates that incoming internet traffic to the servers has increased. Which of the following is the MOST likely cause of the decreased disk space?
Antworten
  • Misconfigured devices
  • Logs and events anomalies
  • Authentication issues
  • Unauthorized software

Frage 183

Frage
A vice president at a manufacturing organization is concerned about desktops being connected to the network. Employees need to log onto the desktops' local account to verify that a product is being created within specifications; otherwise, the desktops should be as isolated as possible. Which of the following is the BEST way to accomplish this?
Antworten
  • Put the desktops in the DMZ.
  • Create a separate VLAN for the desktops.
  • Air gap the desktops.
  • Join the desktops to an ad-hoc network.

Frage 184

Frage
A security analyst is assigned to perform a penetration test for one of the company’s clients. During the scope discussion, the analyst is notified that the client is not going to share any information related to the environment to be tested. Which of the following BEST identifies this type of penetration testing?
Antworten
  • Black box
  • Grey box
  • White box
  • Blue Teaming

Frage 185

Frage
A security consultant is setting up a new electronic messaging platform and wants to ensure the platform supports message integrity validation. Which of the following protocols should the consultant recommend?
Antworten
  • S/MIME (Secure/Multipurpose Internet Mail Extensions)
  • DNSSEC (Domain Name Server Security Extension)
  • RADIUS (Remote Authentication Dial-in User Server)
  • 802.11x

Frage 186

Frage
QUESTION 148 A bank is experiencing a DoS attack against an application designed to handle 500 IP-based sessions. In addition, the perimeter router can only handle 1Gbps of traffic. Which of the following should be implemented to prevent DoS attacks in the future?
Antworten
  • Deploy multiple web servers and implement a load balancer.
  • Increase the capacity of the perimeter router to 10Gbps.
  • Implement a forwarding proxy and URL filtering for the organization's applications.
  • Implement an active/passive high availability solution.

Frage 187

Frage
A systems administrator has created network file shares for each department with associated security groups for each role within the organization. Which of the following security concepts is the administrator implementing?
Antworten
  • Separation of duties
  • Permission auditing
  • Least privilege
  • Standard naming convention

Frage 188

Frage
An organization electronically processes sensitive data within a controlled facility. The Chief Information Security Officer (CISO) wants to limit emissions from emanating from the facility. Which of the following mitigates this risk?
Antworten
  • Upgrading facility cabling to a higher standard of protected cabling to reduce the likelihood of emission spillage.
  • Hardening the facility through the use of secure cabinetry to block emissions.
  • Hardening the facility with a Faraday cage to contain emissions produced from data processing.
  • Employing security guards to ensure unauthorized personnel remain outside of the facility.

Frage 189

Frage
A security manager discovers the most recent vulnerability scan report illustrates low-level, non-critical findings. Which of the following scanning concepts would BEST report critical threats?
Antworten
  • Non-credentialed scan
  • Compliance scan
  • Intrusive scan
  • Application scan

Frage 190

Frage
A security administrator has replaced the firewall and notices a number of dropped connections. After looking at the data the security administrator sees the following information that was flagged as a possible issue: "SELECT "FROM" and '1' = '1' Which of the following can the security administrator determine from this?
Antworten
  • A SQL injection attack is being attempted.
  • Legitimate connections are being dropped.
  • A network scan is being done on the system.
  • An XSS (Cross-site Scripting) attack is being attempted.

Frage 191

Frage
A user loses a COPE (Company Owned, Personally Enabled) device. Which of the following should the user do NEXT to protect the data on the device?
Antworten
  • Call the company help desk to remotely wipe the device.
  • Report the loss to authorities.
  • Check with corporate physical security for the device.
  • Identify files that are potentially missing on the device.

Frage 192

Frage
Which of the following uses tokens between the identity provider and the service provider to authenticate and authorize users to resources?
Antworten
  • RADIUS
  • Kerberos
  • OATH
  • MSCHAP

Frage 193

Frage
Which of the following is used to encrypt web application data?
Antworten
  • RSA (Rivest, Shamir, & Adleman)
  • RC4 (Rivest Cipher version 4)
  • SHA (Secure Hashing Algorithm)
  • DHA

Frage 194

Frage
A systems administrator wants to implement a secure wireless network requiring wireless clients to pre-register with the company and install a PKI client certificate prior to being able to connect to the wireless network. Which of the following should the systems administrator configure?
Antworten
  • EAP-TTLS (Extensible Authentication Protocol - Tunneled Transport Layer Security)
  • EAP-TLS (Extensible Authentication Protocol - Transport Layer Security)
  • EAP-FAST (Extensible Authentication Protocol - Flexible Authentication via Secure Tunneling)
  • EAP (Extensible Authentication Protocol) with PEAP (Protected Extensible Authentication Protocol)
  • EAP (Extensible Authentication Protocol) with MSCHAPv2 (Microsoft Challenge Handshake Authentication Protocol ver 2)

Frage 195

Frage
During an assessment of a manufacturing plant, security analyst finds several end-of-life programmable logic controllers (PLCs), which have firmware that was last updated three years ago and have known vulnerabilities. Which of the following BEST mitigates the risks associated with the PLCs?
Antworten
  • Deploy HIDS (Host-based Intrusion Detection System) on each device.
  • Remove the PLCs from the manufacturing infrastructure.
  • Implement network segmentation to isolate the devices.
  • Perform file integrity monitoring against the devices.

Frage 196

Frage
A security administrator needs to configure remote access to a file share so it can only be accessed between the hours of 9:00 a.m. and 5:00 p.m. Files in the share can only be accessed by members of the same department as the data owner. Users should only be able to create files with approved extensions, which may differ by department. Which of the following access controls would be the MOST appropriate for this situation?
Antworten
  • RBAC (Role-based Access Control)
  • MAC (Mandatory Access Control)
  • ABAC (Attribute-based Access Control)
  • DAC (Discretionary Access Control)

Frage 197

Frage
An organization has had problems keeping track of new devices being placed on the network. Which of the following tools should be used to identify where devices reside on the network?
Antworten
  • Tcpdump
  • NSlookup
  • Nmap
  • Tracert

Frage 198

Frage
Following incident response best practices and processes, a forensic analyst compiles and selects artifacts requested by the legal team for litigation purposes. Given this scenario, which of the following steps should the analyst perform NEXT in the forensic process?
Antworten
  • Recovery procedures
  • Containment procedures
  • Eradication procedures
  • Lessons learned procedures

Frage 199

Frage
Which of the following occurs when a vulnerability scan fails to identify a existing vulnerability?
Antworten
  • False negative
  • False positive
  • True positive
  • True negative

Frage 200

Frage
A company policy regarding the shredding of proprietary documents is MOST likely designed to prevent:
Antworten
  • impersonation
  • dumpster diving
  • piggybacking
  • identity theft
Zusammenfassung anzeigen Zusammenfassung ausblenden

ähnlicher Inhalt

CCNA Security Final Exam
Maikel Degrande
Security Guard Training
Summit College
ISACA CISM Exam Glossary
Fred Jones
Security
annelieserainey
Securities Regulation
harpratap_singh
2W151 Volume 1: Safety and Security - Quiz 7
Joseph Whilden J
Security Quiz Review
Rylan Blah
Security Policies
indysingh7285
2W151 Volume 1: Safety and Security - Quiz 6
Joseph Whilden J
Security (2)
Daniel Freedman
Certified Security Compliance Specialist
jnkdmls