Not/Applicable
Test por , creado hace más de 1 año

6251808272-126_150

8
0
0
Not/Applicable
Creado por Not/Applicable hace casi 10 años
Cerrar

6251808272-126_150

Pregunta 1 de 25

1

A security administrator must implement a system to allow clients to securely negotiate encryption keys with the company's server over a public unencrypted communication channel.

Which of the following implements the required secure key negotiation? (Select TWO).

Selecciona una o más de las siguientes respuestas posibles:

  • PBKDF2

  • Symmetric encryption

  • Steganography

  • ECDHE

  • Diffie-Hellman

Explicación

Pregunta 2 de 25

1

Acme Corp has selectively outsourced proprietary business processes to ABC Services. Due to some technical issues, ABC services wants to send some of Acme Corp's debug data to a third party vendor for problem resolution. Which of the following MUST be considered prior to sending data to a third party?

Selecciona una de las siguientes respuestas posibles:

  • The data should be encrypted prior to transport

  • This would not constitute unauthorized data sharing

  • This may violate data ownership and non-disclosure agreements

  • Acme Corp should send the data to ABC Services' vendor instead

Explicación

Pregunta 3 de 25

1

An organization has introduced token-based authentication to system administrators due to risk of password compromise. The tokens have a set of numbers that automatically change every 30 seconds. Which of the following type of authentication mechanism is this?

Selecciona una de las siguientes respuestas posibles:

  • TOTP

  • Smart card

  • CHAP

  • HOTP

Explicación

Pregunta 4 de 25

1

A security technician at a small business is worried about the Layer 2 switches in the network suffering from a DoS style attack caused by staff incorrectly cabling network connections between switches.

Which of the following will BEST mitigate the risk if implemented on the switches?

Selecciona una de las siguientes respuestas posibles:

  • Spanning tree

  • Flood guards

  • Access control lists

  • Syn flood

Explicación

Pregunta 5 de 25

1

An administrator wants to establish a WiFi network using a high gain directional antenna with a narrow radiation pattern to connect two buildings separated by a very long distance. Which of the following antennas would be BEST for this situation?

Selecciona una de las siguientes respuestas posibles:

  • Dipole

  • Yagi

  • Sector

  • Omni

Explicación

Pregunta 6 de 25

1

An attacker used an undocumented and unknown application exploit to gain access to a file server. Which of the following BEST describes this type of attack?

Selecciona una de las siguientes respuestas posibles:

  • Integer overflow

  • Cross-site scripting

  • Zero-day

  • Session hijacking

  • XML injection

Explicación

Pregunta 7 de 25

1

Which of the following is an XML based open standard used in the exchange of authentication and authorization information between different parties?

Selecciona una de las siguientes respuestas posibles:

  • LDAP

  • SAML

  • TACACS+

  • Kerberos

Explicación

Pregunta 8 de 25

1

Which of the following ports and protocol types must be opened on a host with a host-based firewall to allow incoming SFTP connections?

Selecciona una de las siguientes respuestas posibles:

  • 21/UDP

  • 21/TCP

  • 22/UDP

  • 22/TCP

Explicación

Pregunta 9 de 25

1

A user, Ann, is reporting to the company IT support group that her workstation screen is blank other than a window with a message requesting payment or else her hard drive will be formatted. Which of the following types of malware is on Ann's workstation?

Selecciona una de las siguientes respuestas posibles:

  • Trojan

  • Spyware

  • Adware

  • Ransomware

Explicación

Pregunta 10 de 25

1

Which of the following controls can be implemented together to prevent data loss in the event of theft of a mobile device storing sensitive information? (Select TWO).

Selecciona una o más de las siguientes respuestas posibles:

  • Full device encryption

  • Screen locks

  • GPS

  • Asset tracking

  • Inventory control

Explicación

Pregunta 11 de 25

1

A way to assure data at-rest is secure even in the event of loss or theft is to use:

Selecciona una de las siguientes respuestas posibles:

  • Full device encryption.

  • Special permissions on the file system.

  • Trusted Platform Module integration.

  • Access Control Lists.

Explicación

Pregunta 12 de 25

1

A security audit identifies a number of large email messages being sent by a specific user from their company email account to another address external to the company. These messages were sent prior to a company data breach, which prompted the security audit. The user was one of a
few people who had access to the leaked data. Review of the suspect's emails show they consist mostly of pictures of the user at various locations during a recent vacation. No suspicious activities from other users who have access to the data were discovered.

Which of the following is occurring?

Selecciona una de las siguientes respuestas posibles:

  • The user is encrypting the data in the outgoing messages.

  • The user is using steganography.

  • The user is spamming to obfuscate the activity.

  • The user is using hashing to embed data in the emails.

Explicación

Pregunta 13 de 25

1

A security analyst is reviewing firewall logs while investigating a compromised web server. The following ports appear in the log:

22, 25, 445, 1433, 3128, 3389, 6667

Which of the following protocols was used to access the server remotely?

Selecciona una de las siguientes respuestas posibles:

  • LDAP

  • HTTP

  • RDP

  • HTTPS

Explicación

Pregunta 14 de 25

1

An organization does not want the wireless network name to be easily discovered. Which of the following software features should be configured on the access points?

Selecciona una de las siguientes respuestas posibles:

  • SSID broadcast

  • MAC filter

  • WPA2

  • Antenna placement

Explicación

Pregunta 15 de 25

1

A computer is suspected of being compromised by malware. The security analyst examines the computer and finds that a service called Telnet is running and connecting to an external website over port 443. This Telnet service was found by comparing the system's services to the list of standard services on the company's system image. This review process depends on:

Selecciona una de las siguientes respuestas posibles:

  • MAC filtering.

  • System hardening.

  • Rogue machine detection.

  • Baselining.

Explicación

Pregunta 16 de 25

1

A software developer wants to prevent stored passwords from being easily decrypted. When the password is stored by the application, additional text is added to each password before the password is hashed. This technique is known as:

Selecciona una de las siguientes respuestas posibles:

  • Symmetric cryptography.

  • Private key cryptography.

  • Salting.

  • Rainbow tables.

Explicación

Pregunta 17 de 25

1

In which of the following steps of incident response does a team analyze the incident and determine steps to prevent a future occurrence?

Selecciona una de las siguientes respuestas posibles:

  • Mitigation

  • Identification

  • Preparation

  • Lessons learned

Explicación

Pregunta 18 de 25

1

A security technician has been asked to recommend an authentication mechanism that will allow users to authenticate using a password that will only be valid for a predefined time interval. Which of the following should the security technician recommend?

Selecciona una de las siguientes respuestas posibles:

  • CHAP

  • TOTP

  • HOTP

  • PAP

Explicación

Pregunta 19 de 25

1

A security administrator must implement a wireless encryption system to secure mobile devices' communication. Some users have mobile devices which only support 56-bit encryption. Which of the following wireless encryption methods should be implemented?

Selecciona una de las siguientes respuestas posibles:

  • RC4

  • AES

  • MD5

  • TKIP

Explicación

Pregunta 20 de 25

1

After a security incident involving a physical asset, which of the following should be done at the beginning?

Selecciona una de las siguientes respuestas posibles:

  • Record every person who was in possession of assets, continuing post-incident.

  • Create working images of data in the following order: hard drive then RAM.

  • Back up storage devices so work can be performed on the devices immediately.

  • Write a report detailing the incident and mitigation suggestions.

Explicación

Pregunta 21 de 25

1

Which of the following is the GREATEST security risk of two or more companies working together under a Memorandum of Understanding?

Selecciona una de las siguientes respuestas posibles:

  • Budgetary considerations may not have been written into the MOU, leaving an entity to absorb more cost than intended at signing.

  • MOUs have strict policies in place for services performed between the entities and the penalties for compromising a partner are high.

  • MOUs are generally loose agreements and therefore may not have strict guidelines in place to protect sensitive data between the two entities.

  • MOUs between two companies working together cannot be held to the same legal standards as SLAs.

Explicación

Pregunta 22 de 25

1

Joe, a user, reports to the system administrator that he is receiving an error stating his certificate has been revoked. Which of the following is the name of the database repository for these certificates?

Selecciona una de las siguientes respuestas posibles:

  • CSR

  • OSCP

  • CA

  • CRL

Explicación

Pregunta 23 de 25

1

A software company has completed a security assessment. The assessment states that the company should implement fencing and lighting around the property. Additionally, the assessment states that production releases of their software should be digitally signed. Given the recommendations, the company was deficient in which of the following core security areas? (Select TWO).

Selecciona una o más de las siguientes respuestas posibles:

  • Fault tolerance

  • Encryption

  • Availability

  • Integrity

  • Safety

  • Confidentiality

Explicación

Pregunta 24 de 25

1

A user was reissued a smart card after the previous smart card had expired. The user is able to log into the domain but is now unable to send digitally signed or encrypted email. Which of the following would the user need to perform?

Selecciona una de las siguientes respuestas posibles:

  • Remove all previous smart card certificates from the local certificate store.

  • Publish the new certificates to the global address list.

  • Make the certificates available to the operating system.

  • Recover the previous smart card certificates.

Explicación

Pregunta 25 de 25

1

Users are encouraged to click on a link in an email to obtain exclusive access to the newest version of a popular Smartphone. This is an example of.

Selecciona una de las siguientes respuestas posibles:

  • Scarcity

  • Familiarity

  • Intimidation

  • Trust

Explicación