Luis EZ
Test por , creado hace más de 1 año

Test sobre Cassie 151-175, creado por Luis EZ el 22/05/2017.

6
0
0
Luis EZ
Creado por Luis EZ hace más de 7 años
Cerrar

Cassie 151-175

Cassie 151-175

Pregunta 1 de 25

1

The helpdesk is receiving multiple calls about slow and intermittent Internet access from the
finance department. The following information is compiled:
Caller 1, IP 172.16.35.217, NETMASK 255.255.254.0
Caller 2, IP 172.16.35.53, NETMASK 255.255.254.0
Caller 3, IP 172.16.35.173, NETMASK 255.255.254.0
All callers are connected to the same switch and are routed by a router with five built-in interfaces.
The upstream router interface’s MAC is 00-01-42-32-ab-1a

A packet capture shows the following:
09:05:15.934840 arp reply 172.16.34.1 is-at 00:01:42:32:ab:1a (00:01:42:32:ab:1a)
09:06:16.124850 arp reply 172.16.34.1 is-at 00:01:42:32:ab:1a (00:01:42:32:ab:1a)
09:07:25.439811 arp reply 172.16.34.1 is-at 00:01:42:32:ab:1a (00:01:42:32:ab:1a)
09:08:10.937590 IP 172.16.35.1 > 172.16.35.255: ICMP echo request, id 2305, seq 1, length
65534
09:08:10.937591 IP 172.16.35.1 > 172.16.35.255: ICMP echo request, id 2306, seq 2, length
65534
09:08:10.937592 IP 172.16.35.1 > 172.16.35.255: ICMP echo request, id 2307, seq 3, length
65534

Which of the following is occurring on the network?

Selecciona una de las siguientes respuestas posibles:

  • A man-in-the-middle attack is underway on the network

  • An ARP flood attack is targeting at the router.

  • The default gateway is being spoofed on the network

  • A denial of service attack is targeting at the router

Explicación

Pregunta 2 de 25

1

An organization recently upgraded its wireless infrastructure to support 802.1x and requires all
clients to use this method. After the upgrade, several critical wireless clients fail to connect
because they are only pre-shared key compliant. For the foreseeable future, none of the affected
clients have an upgrade path to put them into compliance with the 802.1x requirement. Which of
the following provides the MOST secure method of integrating the non-compliant clients into the
network?

Selecciona una de las siguientes respuestas posibles:

  • Create a separate SSID and require the use of dynamic encryption keys.

  • Create a separate SSID with a pre-shared key to support the legacy clients and rotate the key at
    random intervals.

  • Create a separate SSID and pre-shared WPA2 key on a new network segment and only allow
    required communication paths.

  • Create a separate SSID and require the legacy clients to connect to the wireless network using
    certificate-based 802.1x.

Explicación

Pregunta 3 de 25

1

The following has been discovered in an internally developed application:
Error - Memory allocated but not freed:
char *myBuffer = malloc(BUFFER_SIZE);
if (myBuffer != NULL) {
*myBuffer = STRING_WELCOME_MESSAGE;
printf(“Welcome to: %s\n”, myBuffer);

}
exit(0);
Which of the following security assessment methods are likely to reveal this security weakness?
(Select TWO).

Selecciona una o más de las siguientes respuestas posibles:

  • Static code analysis

  • Memory dumping

  • Manual code review

  • Application sandboxing

  • Penetration testing

  • Black box testing

Explicación

Pregunta 4 de 25

1

A medical device manufacturer has decided to work with another international organization to
develop the software for a new robotic surgical platform to be introduced into hospitals within the
next 12 months. In order to ensure a competitor does not become aware, management at the
medical device manufacturer has decided to keep it secret until formal contracts are signed. Which
of the following documents is MOST likely to contain a description of the initial terms and
arrangement and is not legally enforceable?

Selecciona una de las siguientes respuestas posibles:

  • OLA

  • BPA

  • SLA

  • SOA

  • MOU

Explicación

Pregunta 5 de 25

1

After the install process, a software application executed an online activation process. After a few
months, the system experienced a hardware failure. A backup image of the system was restored
on a newer revision of the same brand and model device. After the restore, the specialized
application no longer works. Which of the following is the MOST likely cause of the problem?

Selecciona una de las siguientes respuestas posibles:

  • The binary files used by the application have been modified by malware.

  • The application is unable to perform remote attestation due to blocked ports.

  • The restored image backup was encrypted with the wrong key.

  • The hash key summary of hardware and installed software no longer match

Explicación

Pregunta 6 de 25

1

A bank is in the process of developing a new mobile application. The mobile client renders content
and communicates back to the company servers via REST/JSON calls. The bank wants to ensure
that the communication is stateless between the mobile application and the web services gateway.
Which of the following controls MUST be implemented to enable stateless communication?

Selecciona una de las siguientes respuestas posibles:

  • Generate a one-time key as part of the device registration process

  • Require SSL between the mobile application and the web services gateway

  • The jsession cookie should be stored securely after authentication

  • Authentication assertion should be stored securely on the client

Explicación

Pregunta 7 de 25

1

The network administrator at an enterprise reported a large data leak. One compromised server
was used to aggregate data from several critical application servers and send it out to the Internet
using HTTPS. Upon investigation, there have been no user logins over the previous week and the
endpoint protection software is not reporting any issues. Which of the following BEST provides
insight into where the compromised server collected the information?

Selecciona una de las siguientes respuestas posibles:

  • Review the flow data against each server’s baseline communications profile

  • Configure the server logs to collect unusual activity including failed logins and restarted services

  • Correlate data loss prevention logs for anomalous communications from the server.

  • Setup a packet capture on the firewall to collect all of the server communications

Explicación

Pregunta 8 de 25

1

Wireless users are reporting issues with the company’s video conferencing and VoIP systems.
The security administrator notices internal DoS attacks from infected PCs on the network causing
the VoIP system to drop calls. The security administrator also notices that the SIP servers are
unavailable during these attacks. Which of the following security controls will MOST likely mitigate
the VoIP DoS attacks on the network? (Select TWO).

Selecciona una o más de las siguientes respuestas posibles:

  • Install a HIPS on the SIP servers

  • Configure 802.1X on the network

  • Update the corporate firewall to block attacking addresses

  • Configure 802.11e on the network

  • Configure 802.1q on the network

Explicación

Pregunta 9 de 25

1

During a new desktop refresh, all hosts are hardened at the OS level before deployment to comply
with policy. Six months later, the company is audited for compliance to regulations. The audit
discovers that 40 percent of the desktops do not meet requirements. Which of the following is the
MOST likely cause of the noncompliance?

Selecciona una de las siguientes respuestas posibles:

  • The devices are being modified and settings are being overridden in production

  • The patch management system is causing the devices to be noncompliant after issuing the latest
    patches.

  • The desktop applications were configured with the default username and password.

  • 40 percent of the devices use full disk encryption

Explicación

Pregunta 10 de 25

1

A company that must comply with regulations is searching for a laptop encryption product to use
for its 40,000 end points. The product must meet regulations but also be flexible enough to
minimize overhead and support in regards to password resets and lockouts. Which of the following
implementations would BEST meet the needs?

Selecciona una de las siguientes respuestas posibles:

  • A partition-based software encryption product with a low-level boot protection and authentication

  • A container-based encryption product that allows the end users to select which files to encrypt

  • A full-disk hardware-based encryption product with a low-level boot protection and authentication

  • A file-based encryption product using profiles to target areas on the file system to encrypt

Explicación

Pregunta 11 de 25

1

A company decides to purchase commercially available software packages. This can introduce
new security risks to the network. Which of the following is the BEST description of why this is
true?

Selecciona una de las siguientes respuestas posibles:

  • Commercially available software packages are typically well known and widely available.
    Information concerning vulnerabilities and viable attack patterns are never revealed by the
    developer to avoid lawsuits.

  • Commercially available software packages are often widely available. Information concerning
    vulnerabilities is often kept internal to the company that developed the software.

  • Commercially available software packages are not widespread and are only available in limited
    areas. Information concerning vulnerabilities is often ignored by business managers.

  • Commercially available software packages are well known and widely available. Information
    concerning vulnerabilities and viable attack patterns are always shared within the IT community.

Explicación

Pregunta 12 de 25

1

A firm’s Chief Executive Officer (CEO) is concerned that IT staff lacks the knowledge to identify
complex vulnerabilities that may exist in a payment system being internally developed. The
payment system being developed will be sold to a number of organizations and is in direct
competition with another leading product. The CEO highlighted that code base confidentiality is of
critical importance to allow the company to exceed the competition in terms of the product’s
reliability, stability, and performance. Which of the following would provide the MOST thorough
testing and satisfy the CEO’s requirements?

Selecciona una de las siguientes respuestas posibles:

  • Sign a MOU with a marketing firm to preserve the company reputation and use in-house resources
    for random testing.

  • Sign a BPA with a small software consulting firm and use the firm to perform Black box testing and
    address all findings

  • Sign a NDA with a large security consulting firm and use the firm to perform Grey box testing and
    address all findings

  • Use the most qualified and senior developers on the project to perform a variety of White box
    testing and code reviews.

Explicación

Pregunta 13 de 25

1

A company provides on-demand cloud computing resources for a sensitive project. The company
implements a fully virtualized datacenter and terminal server access with two-factor authentication
for customer access to the administrative website. The security administrator at the company has
uncovered a breach in data confidentiality. Sensitive data from customer A was found on a hidden
directory within the VM of company B. Company B is not in the same industry as company A and
the two are not competitors. Which of the following has MOST likely occurred?

Selecciona una de las siguientes respuestas posibles:

  • Both VMs were left unsecured and an attacker was able to exploit network vulnerabilities to
    access each and move the data

  • A stolen two factor token was used to move data from one virtual guest to another host on the
    same network segment.

  • A hypervisor server was left un-patched and an attacker was able to use a resource exhaustion
    attack to gain unauthorized access.

  • An employee with administrative access to the virtual guests was able to dump the guest memory
    onto a mapped disk.

Explicación

Pregunta 14 de 25

1

A system worth $100,000 has an exposure factor of eight percent and an ARO of four. Which of
the following figures is the system’s SLE?

Selecciona una de las siguientes respuestas posibles:

  • $2,000

  • $8,000

  • $12,000

  • $32,000

Explicación

Pregunta 15 de 25

1

VPN users cannot access the active FTP server through the router but can access any server in the data center.
Additional network information:
DMZ network – 192.168.5.0/24 (FTP server is 192.168.5.11)
VPN network – 192.168.1.0/24
Datacenter – 192.168.2.0/24
User network - 192.168.3.0/24
HR network – 192.168.4.0/24\
Traffic shaper configuration:

VLAN Bandwidth Limit (Mbps)
VPN50
User175
HR250
Finance250
Guest0
Router ACL:
ActionSourceDestination

Permit192.168.1.0/24192.168.2.0/24
Permit192.168.1.0/24192.168.3.0/24
Permit192.168.1.0/24192.168.5.0/24
Permit192.168.2.0/24192.168.1.0/24
Permit192.168.3.0/24192.168.1.0/24
Permit192.168.5.1/32192.168.1.0/24
Deny192.168.4.0/24192.168.1.0/24
Deny192.168.1.0/24192.168.4.0/24
Denyanyany

Which of the following solutions would allow the users to access the active FTP server?

Selecciona una de las siguientes respuestas posibles:

  • Add a permit statement to allow traffic from 192.168.5.0/24 to the VPN network

  • Add a permit statement to allow traffic to 192.168.5.1 from the VPN network

  • IPS is blocking traffic and needs to be reconfigured

  • Configure the traffic shaper to limit DMZ traffic

  • Increase bandwidth limit on the VPN network

Explicación

Pregunta 16 de 25

1

Company policy requires that all company laptops meet the following baseline requirements:
Software requirements:
Antivirus
Anti-malware
Anti-spyware
Log monitoring
Full-disk encryption
Terminal services enabled for RDP
Administrative access for local users

Hardware restrictions:
Bluetooth disabled
FireWire disabled
WiFi adapter disabled

Ann, a web developer, reports performance issues with her laptop and is not able to access any
network resources. After further investigation, a bootkit was discovered and it was trying to access
external websites. Which of the following hardening techniques should be applied to mitigate this
specific issue from reoccurring? (Select TWO).

Selecciona una o más de las siguientes respuestas posibles:

  • Group policy to limit web access

  • Restrict VPN access for all mobile users

  • Remove full-disk encryption

  • Remove administrative access to local users

  • Restrict/disable TELNET access to network resources

  • Perform vulnerability scanning on a daily basis

  • Restrict/disable USB access

Explicación

Pregunta 17 de 25

1

A security manager looked at various logs while investigating a recent security breach in the data
center from an external source. Each log below was collected from various security devices
compiled from a report through the company’s security information and event management server.
Logs:
Log 1:
Feb 5 23:55:37.743: %SEC-6-IPACCESSLOGS: list 10 denied 10.2.5.81 3 packets
Log 2:
HTTP://www.company.com/index.php?user=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

Log 3:
Security Error Alert
Event ID 50: The RDP protocol component X.224 detected an error in the protocol stream and has
disconnected the client
Log 4:
Encoder oe = new OracleEncoder ();
String query = “Select user_id FROM user_data WHERE user_name = ‘ ”
+ oe.encode ( req.getParameter(“userID”) ) + “ ‘ and user_password = ‘ “
+ oe.encode ( req.getParameter(“pwd”) ) +” ‘ “;

Vulnerabilities
Buffer overflow
SQL injection
ACL
XSS
Which of the following logs and vulnerabilities would MOST likely be related to the security
breach? (Select TWO).

Selecciona una o más de las siguientes respuestas posibles:

  • Log 1

  • Log 2

  • Log 3

  • Log 4

  • Buffer overflow

  • ACL

  • XSS

  • SQL injection

Explicación

Pregunta 18 de 25

1

A storage as a service company implements both encryption at rest as well as encryption in transit
of customers’ data. The security administrator is concerned with the overall security of the
encrypted customer data stored by the company servers and wants the development team to
implement a solution that will strengthen the customer’s encryption key. Which of the following, if
implemented, will MOST increase the time an offline password attack against the customers’ data
would take?

Selecciona una de las siguientes respuestas posibles:

  • key = NULL ; for (int i=0; i<5000; i++) { key = sha(key + password) }

  • password = NULL ; for (int i=0; i<10000; i++) { password = sha256(key) }

  • password = password + sha(password+salt) + aes256(password+salt)

  • key = aes128(sha256(password), password))

Explicación

Pregunta 19 de 25

1

After reviewing a company’s NAS configuration and file system access logs, the auditor is advising
the security administrator to implement additional security controls on the NFS export. The
security administrator decides to remove the no_root_squash directive from the export and add
the nosuid directive. Which of the following is true about the security controls implemented by the
security administrator?

Selecciona una de las siguientes respuestas posibles:

  • The newly implemented security controls are in place to ensure that NFS encryption can only be controlled by the root user.

  • Removing the no_root_squash directive grants the root user remote NFS read/write access to
    important files owned by root on the NAS.

  • Users with root access on remote NFS client computers can always use the SU command to
    modify other user’s files on the NAS

  • Adding the nosuid directive disables regular users from accessing files owned by the root user
    over NFS even after using the SU command.

Explicación

Pregunta 20 de 25

1

An IT auditor is reviewing the data classification for a sensitive system. The company has
classified the data stored in the sensitive system according to the following matrix:
DATA TYPECONFIDENTIALITYINTEGRITYAVAILABILITY
----------------------------------------------------------------------------------------------------------------
FinancialHIGHHIGHLOW
Client nameMEDIUMMEDIUMHIGH
Client addressLOWMEDIUMLOW
-----------------------------------------------------------------------------------------------------------------
AGGREGATEMEDIUMMEDIUMMEDIUM

The auditor is advising the company to review the aggregate score and submit it to senior
management. Which of the following should be the revised aggregate score?

Selecciona una de las siguientes respuestas posibles:

  • HIGH, MEDIUM, LOW

  • MEDIUM, MEDIUM, LOW

  • HIGH, HIGH, HIGH

  • MEDIUM, MEDIUM, MEDIUM

Explicación

Pregunta 21 de 25

1

A security auditor suspects two employees of having devised a scheme to steal money from the
company. While one employee submits purchase orders for personal items, the other employee
approves these purchase orders. The auditor has contacted the human resources director with
suggestions on how to detect such illegal activities. Which of the following should the human
resource director implement to identify the employees involved in these activities and reduce the
risk of this activity occurring in the future?

Selecciona una de las siguientes respuestas posibles:

  • Background checks

  • Job rotation

  • Least privilege

  • Employee termination procedures

Explicación

Pregunta 22 de 25

1

During an incident involving the company main database, a team of forensics experts is hired to
respond to the breach. The team is in charge of collecting forensics evidence from the company’s
database server. Which of the following is the correct order in which the forensics team should
engage?

Selecciona una de las siguientes respuestas posibles:

  • Notify senior management, secure the scene, capture volatile storage, capture non-volatile
    storage, implement chain of custody, and analyze original media

  • Take inventory, secure the scene, capture RAM, capture had drive, implement chain of custody,
    document, and analyze the data.

  • Implement chain of custody, take inventory, secure the scene, capture volatile and non-volatile
    storage, and document the findings.

  • Secure the scene, take inventory, capture volatile storage, capture non-volatile storage, document,
    and implement chain of custody.

Explicación

Pregunta 23 de 25

1

A security administrator has noticed that an increased number of employees’ workstations are
becoming infected with malware. The company deploys an enterprise antivirus system as well as
a web content filter, which blocks access to malicious web sites where malware files can be
downloaded. Additionally, the company implements technical measures to disable external
storage. Which of the following is a technical control that the security administrator should
implement next to reduce malware infection?

Selecciona una de las siguientes respuestas posibles:

  • Implement an Acceptable Use Policy which addresses malware downloads.

  • Deploy a network access control system with a persistent agent.

  • Enforce mandatory security awareness training for all employees and contractors

  • Block cloud-based storage software on the company network

Explicación

Pregunta 24 de 25

1

Company policy requires that all unsupported operating systems be removed from the network.
The security administrator is using a combination of network based tools to identify such systems
for the purpose of disconnecting them from the network. Which of the following tools, or outputs
from the tools in use, can be used to help the security administrator make an approximate
determination of the operating system in use on the local company network? (Select THREE).

Selecciona una o más de las siguientes respuestas posibles:

  • Passive banner grabbing

  • Password cracker

  • http://www.company.org/documents_private/index.php?search=string#&topic=windows&tcp=pack
    et%20capture&cookie=wokdjwalkjcnie61lkasdf2aliser4

  • 443/tcp open http

  • dig host.company.com

  • 09:18:16.262743 IP (tos 0x0, ttl 64, id 9870, offset 0, flags [none], proto TCP (6), length 40)
    192.168.1.3.1051 > 10.46.3.7.80: Flags [none], cksum 0x1800 (correct), win 512, length 0

  • Nmap

Explicación

Pregunta 25 de 25

1

A new IT company has hired a security consultant to implement a remote access system, which
will enable employees to telecommute from home using both company issued as well as personal
computing devices, including mobile devices. The company wants a flexible system to provide
confidentiality and integrity for data in transit to the company’s internally developed application
GUI. Company policy prohibits employees from having administrative rights to company issued
devices. Which of the following remote access solutions has the lowest technical complexity?

Selecciona una de las siguientes respuestas posibles:

  • RDP server

  • Client-based VPN

  • IPSec

  • Jump box

  • SSL VPN

Explicación

Anterior
Revisar respuesta
Siguiente