Arthur Casto
Test por , creado hace más de 1 año

Practice Test 1-3

39
0
0
Arthur Casto
Creado por Arthur Casto hace más de 4 años
Cerrar

Practice Test 1-3

Pregunta 1 de 108

1

A security analyst is diagnosing an incident in which a system was compromised from an external IP address. The socket identified on the firewall was traced to 207.46.130.0:6666. Which of the following should the security analyst do to determine if the compromised system still has an active connection?

Selecciona una de las siguientes respuestas posibles:

  • tracert

  • netstat

  • ping

  • nslookup

Explicación

Pregunta 2 de 108

1

A security engineer is configuring a system that requires the X.509 certificate information to be pasted into a form field in Base64 encoded format to import it into the system. Which of the following certificate formats should the engineer use to obtain the information in the required format?

Selecciona una de las siguientes respuestas posibles:

  • PFX

  • PEM

  • DER

  • CER

Explicación

Pregunta 3 de 108

1

An organization has determined it can tolerate a maximum of three hours of downtime. Which of the following has been specified?

Selecciona una de las siguientes respuestas posibles:

  • RTO

  • RPO

  • MTBF

  • MTTR

Explicación

Pregunta 4 de 108

1

A company is currently using the following configuration:
✑ IAS server with certificate-based EAP-PEAP and MSCHAP
✑ Unencrypted authentication via PAP
A security administrator needs to configure a new wireless setup with the following configurations:
✑ PAP authentication method
✑ PEAP and EAP provide two-factor authentication
Which of the following forms of authentication are being used? (Select two.)

Selecciona una o más de las siguientes respuestas posibles:

  • PAP

  • PEAP

  • MSCHAP

  • PEAP-MSCHAP

  • EAP

  • EAP-PEAP

Explicación

Pregunta 5 de 108

1

An auditor wants to test the security posture of an organization by running a tool that will display the following:

JIMS <00> UNIQUE Registered
WORKGROUP <00> GROUP Registered
JIMS <00> UNIQUE Registered

Which of the following commands should be used?

Selecciona una de las siguientes respuestas posibles:

  • nbtstat

  • nc

  • arp

  • ipconfig

Explicación

Pregunta 6 de 108

1

An organization wishes to provide better security for its name resolution services. Which of the following technologies BEST supports the deployment of DNSSEC at the organization?

Selecciona una de las siguientes respuestas posibles:

  • LDAP

  • TPM

  • TLS

  • SSL

  • PKI

Explicación

Pregunta 7 de 108

1

A system administrator wants to provide balance between the security of a wireless network and usability. The administrator is concerned with wireless encryption compatibility of older devices used by some employees. Which of the following would provide strong security and backward compatibility when accessing the wireless network?

Selecciona una de las siguientes respuestas posibles:

  • Open wireless network and SSL VPN

  • WPA using a preshared key

  • WPA2 using RADIUS back-end for 8021.1 authentication

  • WEP with a 40-bit key

Explicación

Pregunta 8 de 108

1

When considering a third-party cloud service provider, which of the following criteria would be the BEST to include in the security assessment process? (Select two.)

Selecciona una o más de las siguientes respuestas posibles:

  • Use of performance analytics

  • Adherence to regulatory compliance

  • Data retention policies

  • Size of the corporation

  • Breadth of applications support

Explicación

Pregunta 9 de 108

1

A new firewall has been places into service at an organization. However, a configuration has not been entered on the firewall. Employees on the network segment covered by the new firewall report they are unable to access the network. Which of the following steps should be completed to BEST resolve the issue?

Selecciona una de las siguientes respuestas posibles:

  • The firewall should be configured to prevent user traffic from matching the implicit deny rule.

  • The firewall should be configured with access lists to allow inbound and outbound traffic.

  • The firewall should be configured with port security to allow traffic.

  • The firewall should be configured to include an explicit deny rule.

Explicación

Pregunta 10 de 108

1

Which of the following are the MAIN reasons why a systems administrator would install security patches in a staging environment before the patches are applied to the production server? (Select two.)

Selecciona una o más de las siguientes respuestas posibles:

  • To prevent server availability issues

  • To verify the appropriate patch is being installed

  • To generate a new baseline hash after patching

  • To allow users to test functionality

  • To ensure users are trained on new functionality

Explicación

Pregunta 11 de 108

1

After a merger between two companies a security analyst has been asked to ensure that the organization's systems are secured against infiltration by any former employees that were terminated during the transition. Which of the following actions are MOST appropriate to harden applications against infiltration by former employees? (Select TWO)

Selecciona una o más de las siguientes respuestas posibles:

  • Monitor VPN client access

  • Reduce failed log-in/log-out settings

  • Develop and implement updated access control policies

  • Review and address invalid login attempts

  • Increase password complexity requirements

  • Access and eliminate inactive accounts

Explicación

Pregunta 12 de 108

1

Company policy requires the use if passphrases instead if passwords.Which of the following technical controls MUST be in place in order to promote the use of passphrases?

Selecciona una de las siguientes respuestas posibles:

  • Reuse

  • Length

  • History

  • Complexity

Explicación

Pregunta 13 de 108

1

Which of the following should identify critical systems and components?

Selecciona una de las siguientes respuestas posibles:

  • MOU

  • BPA

  • ITCP

  • BCP

Explicación

Pregunta 14 de 108

1

While reviewing the monthly internet usage it is noted that there is a large spike in traffic classified as "unknown" and does not appear to be within the bounds of the organizations Acceptable Use Policy. Which of the following tool or technology would work BEST for obtaining more information on this traffic?

Selecciona una de las siguientes respuestas posibles:

  • Firewall logs

  • IDS logs

  • Increased spam filtering

  • Protocol analyzer

Explicación

Pregunta 15 de 108

1

A mobile device user is concerned about geographic positioning information being included in messages sent between users on a popular social network platform.
The user turns off the functionality in the application, but wants to ensure the application cannot re-enable the setting without the knowledge of the user. Which of the following mobile device capabilities should the user disable to achieve the stated goal?

Selecciona una de las siguientes respuestas posibles:

  • Device access control

  • Location based services

  • Application control

  • GEO-Tagging

Explicación

Pregunta 16 de 108

1

Which of the following use the SSH protocol?

Selecciona una o más de las siguientes respuestas posibles:

  • Stelnet

  • SCP

  • SNMP

  • FTPS

  • SSL

  • SFTP

Explicación

Pregunta 17 de 108

1

The Chief Technology Officer (CTO) of a company, Ann, is putting together a hardware budget for the next 10 years. She is asking for the average lifespan of each hardware device so that she is able to calculate when she will have to replace each device.
Which of the following categories BEST describes what she is looking for?

Selecciona una de las siguientes respuestas posibles:

  • ALE

  • MTTR

  • MTBF

  • MTTF

Explicación

Pregunta 18 de 108

1

A software developer wants to ensure that the application is verifying that a key is valid before establishing SSL connections with random remote hosts on the
Internet. Which of the following should be used in the code? (Select TWO.)

Selecciona una o más de las siguientes respuestas posibles:

  • Escrowed keys

  • SSL symmetric encryption key

  • Software code private key

  • Remote server public key

  • OCSP

Explicación

Pregunta 19 de 108

1

A security administrator receives notice that a third-party certificate authority has been compromised, and new certificates will need to be issued. Which of the following should the administrator submit to receive a new certificate?

Selecciona una de las siguientes respuestas posibles:

  • CRL

  • OSCP

  • PFX

  • CSR

  • CA

Explicación

Pregunta 20 de 108

1

he chief security officer (CS0) has issued a new policy that requires that all internal websites be configured for HTTPS traffic only. The network administrator has been tasked to update all internal sites without incurring additional costs. Which of the following is the best solution for the network administrator to secure each internal website?

Selecciona una de las siguientes respuestas posibles:

  • Use certificates signed by the company CA

  • Use a signing certificate as a wild card certificate

  • Use certificates signed by a public CA

  • Use a self-signed certificate on each internal server

Explicación

Pregunta 21 de 108

1

Which of the following are MOST susceptible to birthday attacks?

Selecciona una de las siguientes respuestas posibles:

  • Hashed passwords

  • Digital certificates

  • Encryption passwords

  • One-time passwords

Explicación

Pregunta 22 de 108

1

A system administrator wants to implement an internal communication system that will allow employees to send encrypted messages to each other. The system must also support non- repudiation. Which of the following implements all these requirements?

Selecciona una de las siguientes respuestas posibles:

  • Bcrypt

  • Blowfish

  • PGP

  • SHA

Explicación

Pregunta 23 de 108

1

While performing surveillance activities, an attacker determines that an organization is using 802.1X to secure LAN access. Which of the following attack mechanisms can the attacker utilize to bypass the identified network security?

Selecciona una de las siguientes respuestas posibles:

  • MAC spoofing

  • Pharming

  • Xmas attack

  • ARP poisoning

Explicación

Pregunta 24 de 108

1

A malicious attacker has intercepted HTTP traffic and inserted an ASCII line that sets the referrer URL. Which of the following is the attacker most likely utilizing?

Selecciona una de las siguientes respuestas posibles:

  • Rule-based access control

  • Role-based access control

  • Mandatory access control

  • Discretionary access control

Explicación

Pregunta 25 de 108

1

When generating a request for a new x.509 certificate for securing a website, which of the following is the MOST appropriate hashing algorithm?

Selecciona una de las siguientes respuestas posibles:

  • RC4

  • MD5

  • HMAC

  • SHA

Explicación

Pregunta 26 de 108

1

Which of the following allows an application to securely authenticate a user by receiving credentials from a web domain?

Selecciona una de las siguientes respuestas posibles:

  • TACACS+

  • RADIUS

  • Kerberos

  • SAML

Explicación

Pregunta 27 de 108

1

A company is investigating a data compromise where data exfiltration occurred. Prior to the investigation, the supervisor terminates an employee as a result of the suspected data loss. During the investigation, the supervisor is absent for the interview, and little evidence can be provided form the role-based authentication system in use by the company. The situation can be identified for future mitigation as which of the following?

Selecciona una de las siguientes respuestas posibles:

  • Job rotation

  • Log failure

  • Lack of training

  • Insider threat

Explicación

Pregunta 28 de 108

1

When designing a web based client server application with single application server and database cluster backend, input validation should be performed:

Selecciona una de las siguientes respuestas posibles:

  • On the client

  • Using database stored procedures

  • On the application server

  • Using HTTPS

Explicación

Pregunta 29 de 108

1

Which of the following delineates why it is important to perform egress filtering and monitoring on Internet connected security zones of interfaces on a firewall?

Selecciona una de las siguientes respuestas posibles:

  • Egress traffic is more important than ingress traffic for malware prevention

  • To rebalance the amount of outbound traffic and inbound traffic

  • Outbound traffic could be communicating to known botnet sources

  • To prevent DDoS attacks originating from external network

Explicación

Pregunta 30 de 108

1

Which of the following is the appropriate network structure used to protect servers and services that must be provided to external clients without completely eliminating access for internal users?

Selecciona una de las siguientes respuestas posibles:

  • NAC

  • VLAN

  • DMZ

  • Subnet

Explicación

Pregunta 31 de 108

1

A global gaming console manufacturer is launching a new gaming platform to its customers. Which of the following controls reduces the risk created by malicious gaming customers attempting to circumvent control by way of modifying consoles?

Selecciona una o más de las siguientes respuestas posibles:

  • Firmware version control

  • Manual software updates

  • Vulnerability scanning

  • Automatic updates

  • Network segmentation

  • Application firewalls

Explicación

Pregunta 32 de 108

1

An audit has revealed that database administrators are also responsible for auditing database changes and backup logs. Which of the following access control methodologies would BEST mitigate this concern?

Selecciona una de las siguientes respuestas posibles:

  • Time of day restrictions

  • Principle of least privilege

  • Role-based access control

  • Separation of duties

Explicación

Pregunta 33 de 108

1

A security analyst has set up a network tap to monitor network traffic for vulnerabilities. Which of the following techniques would BEST describe the approach the analyst has taken?

Selecciona una de las siguientes respuestas posibles:

  • Compliance scanning

  • Credentialed scanning

  • Passive vulnerability scanning

  • Port scanning

Explicación

Pregunta 34 de 108

1

The Chief Information Security Officer (CISO) is asking for ways to protect against zero-day exploits. The CISO is concerned that an unrecognized threat could compromise corporate data and result in regulatory fines as well as poor corporate publicity. The network is mostly flat, with split staff/guest wireless functionality. Which of the following equipment MUST be deployed to guard against unknown threats?

Selecciona una de las siguientes respuestas posibles:

  • Cloud-based antivirus solution, running as local admin, with push technology for definition updates

  • Implementation of an off-site datacenter hosting all company data, as well as deployment of VDI for all client computing needs

  • Host-based heuristic IPS, segregated on a management VLAN, with direct control of the perimeter firewall ACLs

  • Behavior-based IPS with a communication link to a cloud-based vulnerability and threat feed

Explicación

Pregunta 35 de 108

1

A security administrator learns that PII, which was gathered by the organization, has been found in an open forum. As a result, several C-level executives found their identities were compromised, and they were victims of a recent whaling attack.
Which of the following would prevent these problems in the future? (Select TWO).

Selecciona una o más de las siguientes respuestas posibles:

  • Implement a reverse proxy.

  • Implement an email DLP.

  • Implement a spam filter.

  • Implement a host-based firewall.

  • Implement a HIDS.

Explicación

Pregunta 36 de 108

1

A systems administrator wants to generate a self-signed certificate for an internal website.
Which of the following steps should the systems administrator complete prior to installing the certificate on the server?

Selecciona una de las siguientes respuestas posibles:

  • Provide the private key to a public CA.

  • Provide the public key to the internal CA.

  • Provide the public key to a public CA.

  • Provide the private key to the internal CA.

  • Provide the public/private key pair to the internal CA.

  • Provide the public/private key pair to the public CA.

Explicación

Pregunta 37 de 108

1

A security engineer must install the same x.509 certificate on three different servers. The client application that connects to the server performs a check to ensure the certificate matches the host name. Which of the following should the security engineer use?

Selecciona una de las siguientes respuestas posibles:

  • Wildcard certificate

  • Extended validation certificate

  • Certificate chaining

  • Certificate utilizing the SAN file

Explicación

Pregunta 38 de 108

1

An active/passive configuration has an impact on:

Selecciona una de las siguientes respuestas posibles:

  • confidentiality

  • integrity

  • availability

  • non-repudiation

Explicación

Pregunta 39 de 108

1

A security analyst is attempting to identify vulnerabilities in a customer's web application without impacting the system or its data. Which of the following BEST describes the vulnerability scanning concept performed?

Selecciona una de las siguientes respuestas posibles:

  • Aggressive scan

  • Passive scan

  • Non-credentialed scan

  • Compliance scan

Explicación

Pregunta 40 de 108

1

Joe, a user, has been trying to send Ann, a different user, an encrypted document via email. Ann has not received the attachment but is able to receive the header information. Which of the following is MOST likely preventing Ann from receiving the encrypted file?

Selecciona una de las siguientes respuestas posibles:

  • Unencrypted credentials

  • Authentication issues

  • Weak cipher suite

  • Permission issues

Explicación

Pregunta 41 de 108

1

A security analyst is reviewing patches on servers. One of the servers is reporting the following error message in the WSUS management console:
The computer has not reported status in 30 days. Given this scenario, which of the following statements BEST represents the issue with the output above?

Selecciona una de las siguientes respuestas posibles:

  • The computer in question has not pulled the latest ACL policies for the firewall.

  • The computer in question has not pulled the latest GPO policies from the management server.

  • The computer in question has not pulled the latest antivirus definitions from the antivirus program.

  • The computer in question has not pulled the latest application software updates.

Explicación

Pregunta 42 de 108

1

A systems administrator is deploying a new mission essential server into a virtual environment. Which of the following is BEST mitigated by the environment's rapid elasticity characteristic?

Selecciona una de las siguientes respuestas posibles:

  • Data confidentiality breaches

  • VM escape attacks

  • Lack of redundancy

  • Denial of Service

Explicación

Pregunta 43 de 108

1

A group of developers is collaborating to write software for a company. The developers need to work in subgroups and control who has access to their modules. Which of the following access control methods is considered user-centric?

Selecciona una de las siguientes respuestas posibles:

  • Time-based

  • Mandatory

  • Rule-based

  • Discretionary

Explicación

Pregunta 44 de 108

1

A security administrator is creating a risk assessment with regard to how to harden internal communications in transit between servers. Which of the following should the administrator recommend in the report?

Selecciona una de las siguientes respuestas posibles:

  • Configure IPSec in transport mode.

  • Configure server-based PKI certificates.

  • Configure the GRE tunnel.

  • Configure a site-to-site tunnel.

Explicación

Pregunta 45 de 108

1

Which of the following types of keys is found in a key escrow?

Selecciona una de las siguientes respuestas posibles:

  • Public

  • Private

  • Shared

  • Session

Explicación

Pregunta 46 de 108

1

Which of the following network vulnerability scan indicators BEST validates a successful, active scan?

Selecciona una de las siguientes respuestas posibles:

  • The scan job is scheduled to run during off-peak hours.

  • The scan outputs lists SQL injection attack vectors.

  • The scan data identifies the use of privileged-user credentials.

  • The scan results identify the hostname and IP address.

Explicación

Pregunta 47 de 108

1

Malicious traffic from an internal network has been detected on an unauthorized port on an application server. Which of the following network-based security controls should the engineer consider implementing?

Selecciona una de las siguientes respuestas posibles:

  • ACLs

  • HIPS

  • NAT

  • MAC Filtering

Explicación

Pregunta 48 de 108

1

A user has attempted to access data at a higher classification level than the user’s account is currently authorized to access. Which of the following access control models has been applied to this user’s account?

Selecciona una de las siguientes respuestas posibles:

  • MAC

  • DAC

  • RBAC

  • ABAC

Explicación

Pregunta 49 de 108

1

Which of the following technologies employ the use of SAML?

Selecciona una o más de las siguientes respuestas posibles:

  • Single sign-on

  • Federation

  • LDAP

  • Secure tokens

  • RADIUS

Explicación

Pregunta 50 de 108

1

A network administrator wants to implement a method of securing internal routing. Which of the following should the administrator implement?

Selecciona una de las siguientes respuestas posibles:

  • DMZ

  • NAT

  • VPN

  • PAT

Explicación

Pregunta 51 de 108

1

A security analyst is hardening a server with the directory services role installed. The analyst must ensure LDAP traffic cannot be monitored or sniffed and
maintains compatibility with LDAP clients. Which of the following should the analyst implement to meet these requirements? (Select two.)

Selecciona una o más de las siguientes respuestas posibles:

  • Generate an X.509-compliant certificate that is signed by a trusted CA.

  • Install and configure an SSH tunnel on the LDAP server.

  • Ensure port 389 is open between the clients and the servers using the communication.

  • Ensure port 636 is open between the clients and the servers using the communication.

  • Remote the LDAP directory service role from the server.

Explicación

Pregunta 52 de 108

1

Adhering to a layered security approach, a controlled access facility employs security guards who verify the authorization of all personnel entering the facility. Which of the following terms BEST describes the security control being employed?

Selecciona una de las siguientes respuestas posibles:

  • Administrative

  • Corrective

  • Deterrent

  • Compensating

Explicación

Pregunta 53 de 108

1

A security analyst wants to harden the company’s VoIP PBX. The analyst is worried that credentials may be intercepted and compromised when IP phones authenticate with the BPX. Which of the following would best prevent this from occurring?

Selecciona una de las siguientes respuestas posibles:

  • Implement SRTP between the phones and the PBX.

  • Place the phones and PBX in their own VLAN.

  • Restrict the phone connections to the PBX.

  • Require SIPS on connections to the PBX.

Explicación

Pregunta 54 de 108

1

A web application is configured to target browsers and allow access to bank accounts to siphon money to a foreign account. This is an example of which of the following attacks?

Selecciona una de las siguientes respuestas posibles:

  • SQL injection

  • Header manipulation

  • Cross-site scripting

  • Flash cookie exploitation

Explicación

Pregunta 55 de 108

1

After a merger between two companies a security analyst has been asked to ensure that the organization's systems are secured against infiltration by any former employees that were terminated during the transition. Which of the following actions are MOST appropriate to harden applications against infiltration by former employees? (Select TWO)

Selecciona una o más de las siguientes respuestas posibles:

  • Monitor VPN client access

  • Reduce failed login logout settings

  • Develop and implement updated access control policies

  • Review and address invalid login attempts

  • Increase password complexity requirements

  • Assess and eliminate inactive accounts

Explicación

Pregunta 56 de 108

1

Which of the following are methods to implement HA in a web application server environment? (Select two.)

Selecciona una o más de las siguientes respuestas posibles:

  • Load balancers

  • Application layer firewalls

  • Reverse proxies

  • VPN concentrators

  • Routers

Explicación

Pregunta 57 de 108

1

During a routine audit, it is discovered that someone has been using a stale administrator account to log into a seldom used server. The person has been using the server to view inappropriate websites that are prohibited to end users. Which of the following could best prevent this from occurring again?

Selecciona una de las siguientes respuestas posibles:

  • Credential management

  • Group policy management

  • Acceptable use policy

  • Account expiration policy

Explicación

Pregunta 58 de 108

1

A security analyst accesses corporate web pages and inputs random data in the forms. The response received includes the type of database used and SQL commands that the database accepts. Which of the following should the security analyst use to prevent this vulnerability?

Selecciona una de las siguientes respuestas posibles:

  • Application fuzzing

  • Error handling

  • Input validation

  • Pointer dereference

Explicación

Pregunta 59 de 108

1

A system administrator is configuring a site-to-site VPN tunnel. Which of the following should be configured on the VPN concentrator during the IKE phase?

Selecciona una de las siguientes respuestas posibles:

  • RIPEMD

  • ECDHE

  • Diffie-Hellman

  • HTTPS

Explicación

Pregunta 60 de 108

1

The chief security officer (CS0) has issued a new policy that requires that all internal websites be configured for HTTPS traffic only. The network administrator has been tasked to update all internal sites without incurring additional costs. Which of the following is the best solution for the network administrator to secure each internal website?

Selecciona una de las siguientes respuestas posibles:

  • Use certificates signed by the company CA

  • Use a signing certificate as a wild card certificate

  • Use certificates signed by a public CA

  • Use a self-signed certificate on each internal server

Explicación

Pregunta 61 de 108

1

A software developer wants to ensure that the application is verifying that a key is valid before establishing SSL connections with random remote hosts on the Internet. Which of the following should be used in the code? (Select TWO.)

Selecciona una o más de las siguientes respuestas posibles:

  • Escrowed keys

  • SSL symmetric encryption key

  • Software code private key

  • Remote server public key

  • OCSP

Explicación

Pregunta 62 de 108

1

While performing surveillance activities, an attacker determines that an organization is using 802.1X to secure LAN access. Which of the following attack mechanisms can the attacker utilize to bypass the identified network security?

Selecciona una de las siguientes respuestas posibles:

  • MAC spoofing

  • Pharming

  • Xmas attack

  • ARP poisoning

Explicación

Pregunta 63 de 108

1

A supervisor in your organization was demoted on Friday afternoon. The supervisor had the ability to modify the contents of a confidential database, as well as other managerial permissions. On Monday morning, the database administrator reported that log files indicated that several records were missing from the database. Which of the following risk mitigation strategies should have been implemented when the supervisor was demoted?

Selecciona una de las siguientes respuestas posibles:

  • Incident management

  • Routine auditing

  • IT governance

  • Monthly user rights reviews

Explicación

Pregunta 64 de 108

1

The firewall administrator is adding a new certificate for the company's remote access solution. The solution requires that the uploaded file contain the entire certificate chain for the certificate to load properly. The administrator loads the company certificate and the root CA certificate into the file. The file upload is rejected. Which of the following is required to complete the certificate chain?

Selecciona una de las siguientes respuestas posibles:

  • Certificate revocation list

  • Intermediate authority

  • Recovery agent

  • Root of trust

Explicación

Pregunta 65 de 108

1

In determining when it may be necessary to perform a credentialed scan against a system instead of a non-credentialed scan, which of the following requirements is MOST likely to influence this decision?

Selecciona una de las siguientes respuestas posibles:

  • The scanner must be able to enumerate the host OS of devices scanned.

  • The scanner must be able to footprint the network.

  • The scanner must be able to check for open ports with listening services.

  • The scanner must be able to audit file system permissions.

Explicación

Pregunta 66 de 108

1

A consultant has been tasked to assess a client's network. The client reports frequent network outages. Upon viewing the spanning tree configuration, the consultant notices that an old and law performing edge switch on the network has been elected to be the root bridge. Which of the following explains this scenario?

Selecciona una de las siguientes respuestas posibles:

  • The switch also serves as the DHCP server

  • The switch has the lowest MAC address

  • The switch has spanning tree loop protection enabled

  • The switch has the fastest uplink port

Explicación

Pregunta 67 de 108

1

Company XYZ has decided to make use of a cloud-based service that requires mutual, certificate- based authentication with its users. The company uses SSLinspecting
IDS at its network boundary and is concerned about the confidentiality of the mutual authentication. Which of the following model prevents the IDS from capturing credentials used to authenticate users to the new service or keys to decrypt that communication?

Selecciona una de las siguientes respuestas posibles:

  • Use of OATH between the user and the service and attestation from the company domain

  • Use of active directory federation between the company and the cloud-based service

  • Use of smartcards that store x.509 keys, signed by a global CA

  • Use of a third-party, SAML-based authentication service for attestation

Explicación

Pregunta 68 de 108

1

An organization recently moved its custom web applications to the cloud, and it is obtaining managed services of the back-end environment as part of its subscription. Which of the following types of services is this company now using?

Selecciona una de las siguientes respuestas posibles:

  • SaaS

  • CASB

  • IaaS

  • PaaS

Explicación

Pregunta 69 de 108

1

An administrator thinks the UNIX systems may be compromised, but a review of system log files provides no useful information. After discussing the situation with the security team, the administrator suspects that the attacker may be altering the log files and removing evidence of intrusion activity. Which of the following actions will help detect attacker attempts to further alter log files?

Selecciona una de las siguientes respuestas posibles:

  • Enable verbose system logging

  • Change the permissions on the user's home directory

  • Implement remote syslog

  • Set the bash_history log file to "read only"

Explicación

Pregunta 70 de 108

1

A technician is configuring a load balancer for the application team to accelerate the network performance of their applications. The applications are hosted on multiple servers and must be redundant. Given this scenario, which of the following would be the BEST method of configuring the load balancer?

Selecciona una de las siguientes respuestas posibles:

  • Round-robin

  • Weighted

  • Least Connection

  • Locality-based

Explicación

Pregunta 71 de 108

1

When trying to log onto a companys new ticketing system, some employees receive the following message: Access denied: too many concurrent sessions. The ticketing system was recently installed on a small VM with only the recommended hardware specifications. Which of the following is the MOST likely cause for this error message?

Selecciona una de las siguientes respuestas posibles:

  • Network resources have been exceeded.

  • The software is out of licenses.

  • The VM does not have enough processing power.

  • The firewall is misconfigured.

Explicación

Pregunta 72 de 108

1

Malicious traffic from an internal network has been detected on an unauthorized port on an application server. Which of the following network-based security controls should the engineer consider implementing?

Selecciona una de las siguientes respuestas posibles:

  • ACLs

  • HIPS

  • NAT

  • MAC Filtering

Explicación

Pregunta 73 de 108

1

Which of the following encryption methods does PKI typically use to securely protect keys?

Selecciona una de las siguientes respuestas posibles:

  • Elliptic curve

  • Digital signatures

  • Asymmetric

  • Obfuscation

Explicación

Pregunta 74 de 108

1

An attacker compromises a public CA and issues unauthorized X.509 certificates for Company.com. In the future, Company.com wants to mitigate the impact of similar incidents. Which of the following would assist Company.com with its goal?

Selecciona una de las siguientes respuestas posibles:

  • Certificate pinning

  • Certificate stapling

  • Certificate chaining

  • Certificate with extended validation

Explicación

Pregunta 75 de 108

1

When configuring settings in a mandatory access control environment, which of the following specifies the subjects that can access specific data objects?

Selecciona una de las siguientes respuestas posibles:

  • Owner

  • System

  • Administrator

  • User

Explicación

Pregunta 76 de 108

1

Which of the following technologies employ the use of SAML? (Select two.)

Selecciona una o más de las siguientes respuestas posibles:

  • Single sign-on

  • Federation

  • LDAP

  • Secure token

  • RADIUS

Explicación

Pregunta 77 de 108

1

A company has three divisions, each with its own networks and services. The company decides to make its secure web portal accessible to all employees utilizing their existing usernames and passwords. The security administrator has elected to use SAML to support authentication. In this scenario, which of the following will occur when users try to authenticate to the portal? (Select two.)

Selecciona una o más de las siguientes respuestas posibles:

  • The portal will function as a service provider and request an authentication assertion.

  • The portal will function as an identity provider and issue an authentication assertion.

  • The portal will request an authentication ticket from each network that is transitively trusted.

  • The back-end networks will function as an identity provider and issue an authentication assertion.

  • The back-end networks will request authentication tickets from the portal, which will act as the third-party service provider authentication store.

  • The back-end networks will verify the assertion token issued by the portal functioning as the identity provider.

Explicación

Pregunta 78 de 108

1

Which of the following would MOST likely appear in an uncredentialed vulnerability scan?

Selecciona una de las siguientes respuestas posibles:

  • Self-signed certificates

  • Missing patches

  • Auditing parameters

  • Inactive local accounts

Explicación

Pregunta 79 de 108

1

When considering a third-party cloud service provider, which of the following criteria would be the BEST to include in the security assessment process? (Select two.)

Selecciona una o más de las siguientes respuestas posibles:

  • Use of performance analytics

  • Adherence to regulatory compliance

  • Data retention policies

  • Size of the corporation

  • Breadth of applications support

Explicación

Pregunta 80 de 108

1

Which of the following occurs when the security of a web application relies on JavaScript for input validation?

Selecciona una de las siguientes respuestas posibles:

  • The integrity of the data is at risk.

  • The security of the application relies on antivirus.

  • A host-based firewall is required.

  • The application is vulnerable to race conditions.

Explicación

Pregunta 81 de 108

1

An analyst is reviewing a simple program for potential security vulnerabilities before being deployed to a Windows server. Given the following code:

void foo (char *bar)
{
char random_user_input [12];
strcpy (random_user_input, bar);
}

Which of the following vulnerabilities is present?

Selecciona una de las siguientes respuestas posibles:

  • Bad memory pointer

  • Buffer overflow

  • Integer overflow

  • Backdoor

Explicación

Pregunta 82 de 108

1

Which of the following development models entails several iterative and incremental software development methodologies such as Scrum?

Selecciona una de las siguientes respuestas posibles:

  • Spiral

  • Waterfall

  • Agile

  • Rapid

Explicación

Pregunta 83 de 108

1

A network administrator is brute forcing accounts through a web interface. Which of the following would provide the BEST defense from an account password being discovered?

Selecciona una de las siguientes respuestas posibles:

  • Password history

  • Account lockout

  • Account expiration

  • Password complexity

Explicación

Pregunta 84 de 108

1

A systems administrator has implemented multiple websites using host headers on the same server. The server hosts two websites that require encryption and other websites where encryption is optional. Which of the following should the administrator implement to encrypt web traffic for the required websites?

Selecciona una de las siguientes respuestas posibles:

  • Extended domain validation

  • TLS host certificate

  • OCSP stapling

  • Wildcard certificate

Explicación

Pregunta 85 de 108

1

Which of the following are considered among the BEST indicators that a received message is a hoax? (Choose two.)

Selecciona una o más de las siguientes respuestas posibles:

  • Minimal use of uppercase letters in the message

  • Warnings monetary loss to the receiver

  • No valid signature from a known security organization

  • Claims of possible damage to computer hardware

  • Embedded URLs

Explicación

Pregunta 86 de 108

1

A customer calls a technician and needs to remotely connect to a web server to change some code manually. The technician needs to configure the users machine with protocols to connect to the Unix web server, which is behind a firewall. Which of the following protocols does the technician MOST likely need to configure?

Selecciona una de las siguientes respuestas posibles:

  • SSH

  • SFTP

  • HTTPS

  • SNMP

Explicación

Pregunta 87 de 108

1

To get the most accurate results on the security posture of a system, which of the following actions should the security analyst do prior to scanning?

Selecciona una de las siguientes respuestas posibles:

  • Log all users out of the system

  • Patch the scanner

  • Reboot the target host

  • Update the web plugins

Explicación

Pregunta 88 de 108

1

A company has purchased a new SaaS application and is in the process of configuring it to meet the companys needs. The director of security has requested that the SaaS application be integrated into the companys IAM processes. Which of the following configurations should the security administrator set up in order to complete this request?

Selecciona una de las siguientes respuestas posibles:

  • LDAP

  • RADIUS

  • SAML

  • NTLM

Explicación

Pregunta 89 de 108

1

An organization wants to implement a method to correct risks at the system/application layer. Which of the following is the BEST method to accomplish this goal?

Selecciona una de las siguientes respuestas posibles:

  • IDS/IPS

  • IP Tunneling

  • Web application firewall

  • Patch management

Explicación

Pregunta 90 de 108

1

When considering IoT systems, which of the following represents the GREATEST ongoing risk after a vulnerability has been discovered?

Selecciona una de las siguientes respuestas posibles:

  • Difficult-to-update firmware

  • Tight integration to existing systems

  • IP address exhaustion

  • Not using industry standards

Explicación

Pregunta 91 de 108

1

If two employees are encrypting traffic between them using a single encryption key, which of the following agorithms are they using?

Selecciona una de las siguientes respuestas posibles:

  • RSA

  • 3DES

  • DSA

  • SHA-2

Explicación

Pregunta 92 de 108

1

A security administrator needs to configure remote access to a file share so it can only be accessed between the hours of 9:00 a.m. and 5:00 p.m. Files in the share can only be accessed by members of the same department as the data owner. Users should only be able to create files with approved extensions, which may differ by department. Which of the following access controls would be the MOST appropriate for this situation?

Selecciona una de las siguientes respuestas posibles:

  • RBAC

  • MAC

  • ABAC

  • DAC

Explicación

Pregunta 93 de 108

1

A company is planning to build an internal website that allows for access to outside contracts and partners. A majority of the content will only be to internal employees with the option to share. Which of the following concepts is MOST appropriate?

Selecciona una de las siguientes respuestas posibles:

  • VPN

  • Proxy

  • DMZ

  • Extranet

Explicación

Pregunta 94 de 108

1

Which of the following uses tokens between the identity provider and the service provider to authenticate and authorize users to resources?

Selecciona una de las siguientes respuestas posibles:

  • RADIUS

  • SSH

  • OAuth

  • MSCHAP

Explicación

Pregunta 95 de 108

1

A user needs to transmit confidential information to a third party. Which of the following should be used to encrypt the message?

Selecciona una de las siguientes respuestas posibles:

  • AES

  • SHA-2

  • SSL

  • RSA

Explicación

Pregunta 96 de 108

1

A company wants to implement a wireless network with the following requirements:
– All wireless users will have a unique credential.
– User certificates will not be required for authentication.
– The companys AAA infrastructure must be utilized.
– Local hosts should not store authentication tokens.

Which of the following should be used in the design to meet the requirements?

Selecciona una de las siguientes respuestas posibles:

  • EAP-TLS

  • WPS

  • PSK

  • PEAP

Explicación

Pregunta 97 de 108

1

A security administrator is creating a risk assessment with regard to how to harden internal communications in transit between servers. Which of the following should the administrator recommend in the report?

Selecciona una de las siguientes respuestas posibles:

  • Configure IPSec in transport mode.

  • Configure server-based PKI certificates.

  • Configure the GRE tunnel.

  • Configure a site-to-site VPN.

Explicación

Pregunta 98 de 108

1

A company is executing a strategy to encrypt and sign all proprietary data in transit. The company recently deployed PKI services to support this strategy. Which of the following protocols supports the strategy and employs certificates generated by the PKI? (Choose three.)

Selecciona una o más de las siguientes respuestas posibles:

  • S/MIME

  • TLS

  • SFTP

  • SAML

  • SIP

  • IPSec

  • Kerberos

Explicación

Pregunta 99 de 108

1

A systems administrator is configuring a new network switch for TACACS+ management and authentication. Which of the following must be configured to provide authentication between the switch and the TACACS+ server?

Selecciona una de las siguientes respuestas posibles:

  • 802.1x

  • SSH

  • Shared secret

  • SNMPv3

  • CHAP

Explicación

Pregunta 100 de 108

1

When accessing a popular website, a user receives a warming that the certificate for the website is not valid. Upon investigation, it was noted that the certificate is not revoked and the website is working fine for other users. Which of the following is the MOST likely cause for this?

Selecciona una de las siguientes respuestas posibles:

  • The certificate is corrupted on the server.

  • The certificate was deleted from the local machine.

  • The user needs to restart the machine.

  • The system date on the users device is out of sync.

Explicación

Pregunta 101 de 108

1

A company is performing an analysis of which corporate units are most likely to cause revenue loss in the event the unit is unable to operate. Which of the following is an element of the BIA that this action is addressing?

Selecciona una de las siguientes respuestas posibles:

  • Critical system inventory

  • Single point of failure

  • Continuity of operations

  • Mission-essential functions

Explicación

Pregunta 102 de 108

1

Which of the following can occur when a scanning tool cannot authenticate to a server and has to rely on limited information obtained from service banners?

Selecciona una de las siguientes respuestas posibles:

  • False positive

  • Passive reconnaissance

  • Access violation

  • Privilege escalation

Explicación

Pregunta 103 de 108

1

A company is planning to utilize its legacy desktop systems by converting them into dummy terminals and moving all heavy applications and storage to a centralized server that hosts all of the company's required desktop applications. Which of the following describes the BEST deployment method to meet these requirements?

Selecciona una de las siguientes respuestas posibles:

  • IaaS

  • VM sprawl

  • VDI

  • PaaS

Explicación

Pregunta 104 de 108

1

An application developer has neglected to include input validation checks in the design of the company's new web application. An employee discovers that repeatedly submitting large amounts of data, including custom code, to an application will allow the execution of the custom code at the administrator level. Which of the following BEST identifies this application attack?

Selecciona una de las siguientes respuestas posibles:

  • Cross-site scripting

  • Clickjacking

  • Buffer overflow

  • Replay

Explicación

Pregunta 105 de 108

1

Which of the following identity access methods creates a cookie on the first login to a central authority to allow logins to subsequent applications without re-entering credentials?

Selecciona una de las siguientes respuestas posibles:

  • Multifactor authentication

  • Transitive trust

  • Federated access

  • Single sign-on

Explicación

Pregunta 106 de 108

1

A network technician is designing a network for a small company. The network technician needs to implement an email server and web server that will be accessed by both internal employees and external customers. Which of the following would BEST secure the internal network and allow access to the needed servers?

Selecciona una de las siguientes respuestas posibles:

  • Implementing a site-to-site VPN for server access.

  • Implementing a DMZ segment for the server.

  • Implementing a NAT addressing for the servers.

  • Implementing a sandbox to contain the servers.

Explicación

Pregunta 107 de 108

1

A security administrator is choosing an algorithm to generate password hashes. Which of the following would offer the BEST protection against offline brute force attacks?

Selecciona una de las siguientes respuestas posibles:

  • MD5

  • 3DES

  • AES

  • SHA-1

Explicación

Pregunta 108 de 108

1

A security administrator is investigating many recent incidents of credential theft for users accessing the company's website, despite the hosting web server requiring HTTPS for access. The servers logs show the website leverages the HTTP POST method for carrying user authentication details. Which of the following is the MOST likely reason for compromise?

Selecciona una de las siguientes respuestas posibles:

  • The HTTP POST method is not protected by HTTPS.

  • The web server is running a vulnerable SSL configuration

  • The HTTP response is susceptible to sniffing.

  • The company doesn't support DNSSEC.

Explicación