50 questions
A company hires a third-party firm to conduct an assessment of vulnerabilities exposed to the Internet. The firm informs the company that an exploit exists for an FTP server that had a version installed from eight years ago. The company has decided to keep the system online anyway, as no upgrade exists form the vendor. Which of the following BEST describes the reason why the vulnerability exists?
Default configuration
End-of-life system
Weak cipher suite
Zero-day threats
An organization uses SSO authentication for employee access to network resources. When an employee resigns, as per the organization's security policy, the employee's access to all network resources is terminated immediately. Two weeks later, the former employee sends an email to the help desk for a password reset to access payroll information from the human resources server. Which of the following represents the BEST course of action?
Approve the former employee's request, as a password reset would give the former employee access to only the human resources server.
Deny the former employee's request, since the password reset request came from an external email address.
Deny the former employee's request, as a password reset would give the employee access to all network resources
Approve the former employee's request, as there would not be a security issue with the former employee gaining access to network
Joe, a user, wants to send Ann, another user, a confidential document electronically. Which of the following should Joe do to ensure the document is protected from eavesdropping?
Encrypt it with Joe's private key.
Encrypt it with Joe's public key.
Encrypt it with Ann's private key.
Encrypt it with Ann's public key.
To reduce disk consumption, an organization's legal department has recently approved a new policy setting the data retention period for sent email at six months. Which of the following is the BEST way to ensure this goal is met?
Create a daily encrypted backup of the relevant emails.
Configure the email server to delete the relevant emails.
Migrate the relevant emails into an "Archived" folder
Implement automatic disk compression on email servers
Which of the following types of attacks precedes the installation of a rootkit on a server?
Pharming
DDoS
Privilege escalation
DoS
A security analyst receives an alert from a WAF with the following payload:
var data= "<test test test>" ++ <../../../../../../etc/passwd>"
Which of the following types of attacks is this?
Cross-site request forgery
Buffer overflow
SQL injection
JavaScript data insertion
Firewall evasion script
A workstation puts out a network request to locate another system. Joe, a hacker on the network, responds before the real system does, and he tricks the workstation into communicating with him. Which of the following BEST describes what occurred?
The hacker used a race condition
The hacker used a pass-the-hash attack.
The hacker-exploited importer key management
The hacker-exploited weak switch configuration.
A development team has adopted a new approach to projects in which feedback is iterative and multiple iterations of deployments are provided within an application's full life cycle. Which of the following software development methodologies is the development team using?
Waterfall
Agile
Rapid
Extreme
The SSID broadcast for a wireless router has been disabled but a network administrator notices
that unauthorized users are accessing the wireless network. The administor has determined that
attackers are still able to detect the presence of the wireless network despite the fact the SSID
has been disabled. Which of the following would further obscure the presence of the wireless
network?
Upgrade the encryption to WPA or WPA2
Create a non-zero length SSID for the wireless router
Reroute wireless users to a honeypot
Disable responses to a broadcast probe request
After a merger, it was determined that several individuals could perform the tasks of a network
administrator in the merged organization. Which of the following should have been performed to
ensure that employees have proper access?
Time-of-day restrictions
Change management
Periodic auditing of user credentials
User rights and permission review
A company exchanges information with a business partner. An annual audit of the business
partner is conducted against the SLA in order to verify:
Performance and service delivery metrics
Backups are being performed and tested
Data ownership is being maintained and audited
Risk awareness is being adhered to and enforced
Which of the following is the proper way to quantify the total monetary damage resulting from an
exploited vulnerability?
Calculate the ALE
Calculate the ARO
Calculate the MTBF
Calculate the TCO
A security administrator needs to implement a system that detects possible intrusions based upon
a vendor provided list. Which of the following BEST describes this type of IDS?
Signature based
Heristic
Anomaly based
Behavior based
The chief Security Officer (CSO) has reported a rise in data loss but no break ins have occurred.
By doing which of the following is the CSO most likely to reduce the number of incidents?
Implement protected distribution
Empty additional firewalls
Conduct security awareness training
Install perimeter barricades
A system administrator wants to provide balance between the security of a wireless network and
usability. The administrator is concerned with wireless encryption compatibility of older devices
used by some employees. Which of the following would provide strong security and backward
compatibility when accessing the wireless network?
Open wireless network and SSL VPN
WPA using a preshared key
WPA2 using a RADIUS back-end for 802.1x authentication
WEP with a 40-bit key
An information security specialist is reviewing the following output from a Linux server.
user@server:~$ crontab -1
5 ****/user/local/bin/backup.sh
user@server:~ cat/usr/local/bin/backup.sh
#!/bin/bash
if!grep - - quiet joeuser/etc/passwd
then rm -rf/
fi
Based on the above information, which of the following types of malware was installed on the
server? / local/
Logic bomb
Trojan
Backdoor
Ransomware
In terms of encrypting data, which of the following is BEST described as a way to safeguard
password data by adding random data to it in storage?
Using salt
Using hash algorithms
Implementing elliptical curve
Implementing PKI
An incident responder receives a call from a user who reports a computer is exhibiting symptoms consistent with a malware infection. Which of the following steps should the responder perform NEXT?
Capture and document necessary information to assist in the response.
Request the user capture and provide a screenshot or recording of the symptoms.
Use a remote desktop client to collect and analyze the malware m real time.
Ask the user to back up files for later recovery
An organization wishes to provide better security for its name resolution services. Which of the following technologies BEST supports the deployment DNSSEC at the organization?
LDAP
TPM
TLS
SSL
PW
A company is using a mobile device deployment model in which employees use their personal devices for work at their own discretion. Some of the problems the company is encountering include the following:
- There is no standardization.
- Employees ask for reimbursement for their devices.
- Employees do not replace their devices often enough to keep them running efficiently.
- The company does not have enough control over the devices.
Which of the following is a deployment model that would help the company overcome these problems?
BYOD
VDI
COPE
CYOD
When trying to log onto a company's new ticketing system, some employees receive the following message:
Access denied: too many concurrent sessions.
The ticketing system was recently installed on a small VM with only the recommended hardware specifications. Which of the following is the MOST likely cause for this error message?
Network resources have been exceeded.
The software is out of licenses
The VM does not have enough processing power.
The firewall is misconfigured
A company is developing a new secure technology and requires computers being used for development to be isolated. Which of the following should be implemented to provide the MOST secure environment?
A perimeter firewall and IDS
An air gapped compiler network
A honeypot residing in a DMZ
An ad hoc network with NAT
A bastion host
Which of the following explains why vendors publish MD5 values when they provide software patches for their customers to download over the Internet?
The recipient can verify integrity of the software patch
The recipient can verify the authenticity of the site used to download the patch
The recipient can request future updates to the software using the published MD5 value.
The recipient can successfully activate the new software patch
A database backup schedule consists of weekly full backups performed on Saturday at 12:00 A.M. and daily differential backups also performed at 12:00 A.M. If the database is restored on Tuesday afternoon, which of the following is the number of individual backups that would need to be applied to complete the database recovery?
1
2
3
4
Which of the following BEST describes an important security advantage yielded by implementing vendor diversity?
Sustainability
Homogeneity
Resiliency
Configurability
Which of the following BEST describes a routine in which semicolons, dashes, quotes, and commas are removed from a string?
Error handling to protect against program exploitation
Exception handling to protect against XSRF attacks.
Input validation to protect against SQL injection.
Padding to protect against string buffer overflows
A company is currently using the following configuration:
- IAS server with certificate-based EAP-PEAP and MSCHAP.
- Unencrypted authentication via PAP.
A security administrator needs to configure a new wireless setup with the following configurations:
- PAP authentication method.
- PEAP and EAP provide two-factor authentication.
Which of the following forms of authentication are being used? (Select TWO.)
PAP
PEAP
MS-CHAP
PEAP-MS-CHAP
EAP-PEAP
A security administrator is trying to encrypt communication. For which of the following reasons should administrator take advantage of the Subject Alternative Name (SAM) attribute of a certificate?
It can protect multiple domains
It provides extended site validation.
It does not require a trusted certificate authority.
It protects unlimited subdomains
A new mobile application is being developed in-house. Security reviews did not pick up any major flaws, however vulnerability scanning results show fundamental issues at the very end of the project cycle. Which of the following security activities should also have been performed to discover vulnerabilities earlier in the lifecycle?
Architecture review
Risk assessment
Protocol analysis
Code review
A security administrator is creating a subnet on one of the corporate firewall interfaces to use as a DMZ which is expected to accommodate at most 14 physical hosts. Which of the following subnets would BEST meet the requirements?
192.168.0.16 255.25.255.248
192.168.0.16/28
192.168.1.50 255.255.25.240
92.168.2.32/27
A company has a security policy that specifies all endpoint computing devices should be assigned a unique identifier that can be tracked via an inventory management system. Recent changes to airline security regulations have cause many executives in the company to travel with mini tablet devices instead of laptops. These tablet devices are difficult to tag and track. An RDP application is used from the tablet to connect into the company network. Which of the following should be implemented in order to meet the security policy requirements?
Virtual desktop infrastructure (IDI)
WS-security and geo-fencing
A hardware security module (HSM)
RFID tagging system
MDM software
The security administrator receives an email on a non-company account from a coworker stating that some reports are not exporting correctly. Attached to the email was an example report file with several customers' names and credit card numbers with the PIN. Which of the following is the BEST technical controls that will help mitigate this risk of disclosing sensitive data?
Configure the mail server to require TLS connections for every email to ensure all transport data is encrypted
Create a user training program to identify the correct use of email and perform regular audits to ensure compliance.
Implement a DLP solution on the email gateway to scan email and remove sensitive data or files
Classify all data according to its sensitivity and inform the users of data that is prohibited to share
A security administrator has been assigned to review the security posture of the standard corporate system image for virtual machines. The security administrator conducts a thorough review of the system logs, installation procedures, and network configuration of the VM image. Upon reviewing the access logs and user accounts, the security administrator determines that several accounts will not be used in production. Which of the following would correct the deficiencies?
Mandatory access controls
Disable remote login
Host hardening
Disabling services
Although a web enabled application appears to only allow letters in the comment field of a web form, malicious user was able to carry a SQL injection attack by sending special characters through the web comment field. Which of the following has the application programmer failed to implement?
Revision control system
Client side exception handling
Server side validation
Server hardening
A security administrator returning from a short vacation receives an account lock-out message when attempting to log into the computer. After getting the account unlocked the security administrator immediately notices a large amount of emails alerts pertaining to several different user accounts being locked out during the past three days. The security administrator uses system logs to determine that the lock-outs were due to a brute force attack on all accounts that has been previously logged into that machine. Which of the following can be implemented to reduce the likelihood of this attack going undetected?
Password complexity rules
Continuous monitoring
User access reviews
Account lockout policies
A bank requires tellers to get manager approval when a customer wants to open a new account. A recent audit shows that there have been four cases in the previous year where tellers opened accounts without management approval. The bank president thought separation of duties would prevent this from happening. In order to implement a true separation of duties approach the bank could do what?
Require the use of two different passwords held by two different individuals to open an account
Administer account creation on a role based access control approach
Require all new accounts to be handled by someone else other than a teller since they have different duties
Administer account creation on a rule based access control approach
You are looking for a method to manage access to a secure area. You want to allow entry through a locked
gate that unlocks automatically and track individuals going into and out of the area, Which method should
you use?
Video surveillance
Motion detector
Access list
Proximity reader
Your company has three computer security professionals. Every month, a different one is assigned to
auditing duties.
What principle does this illustrate?
Job rotation
Discretionary access
Principle of least privilege
Separation of duties
What is the difference between the MTBF and the MTTR of a system component?
MTBF identifies the reliability of a component, while MTTR measures the time it takes to manufacture a component
MTTR identifies the reliability of a component, while MTBF measures the time it takes to manufacture a component
MTBF identifies the reliability of a component, while MTTR measures the time it takes to fix a component.
MTTR identifies the reliability of a component, while MTBF measures the time it takes to fix a component
What can be done at the client to mitigate the risk of XSS?
Configure the browser to refuse cookies
Configure the browser to block pop-ups
Configure the browser to disable all macros
Configure the browser to disable script processing
You are looking for ways to prevent users from copying data from their computer systems to an external
drive. You have disabled all floppy disk drives, and the computers are configured with read-only CD\DVD
players.
What else should you do? (Choose two.)
Password protect the system BIOS
Disable onboard disk controllers in the system BIOS
Flash the system BIOS
Disable all USB ports in the system BIOS
Disable hard disk discovery in the system BIOS.
Company A is planning to partner with Company B on a project. The project w ill require an application
server at Company A to access a database server at Company B. You need to document the business and compliance requirements of the connection.
What should you use?
ISA
BPA
MOU
SLA
Users report that they lose connection to the wireless access point. You investigate and discover radio
frequencies that have a similar pattern to those transmitted by the access point. What type of attack should you suspect?
Evil twin
WPS attack
Jamming
NFC attack
Which one is the MAIN reason for a security administrator to run a password cracker in a company
To reset a password for a user
To check a hash of a password
To identify weak passwords
To identify hashed passwords
Which two types of attacks rely mainly on the attacker seeming to be familiar to the victim for their
effectiveness? (Choose two,)
Spear phishing
Pharming
Whaling
Tailgating
A company has completed a security audit, which has highlighted some gaps. The report has recommended
upgrading some network components. The company has provided the following requirements:
* Implement a security device that consolidates multiple functions to protect the network, filter malicious
websites, and stop SPAM messages.
* Implement a tool to identify malware and security incidents using real-time and historical analysis.
Which of the following set of devices and tools is BEST suited for that purpose?
IPS with SIEM
Firewall with SIEM
UTM with SIEM
IDS with Syslog
UTM with Syslog
A company's internal network is divided into multiple subnets. The network is isolated from the Internet by a
perimeter network, The perimeter network is bounded by routers. Subnets are defined using routers, Layer 3 switches, and Wi-Fi routers.
This is an example of what type of defense policy?
Vendor diversity
Layered defense
Control diversity
Control redundancy
An attacker exploits a valid session to gain access to a secure network computer.
This is an example of what type of attack?
IP spoofing
Replay
Man-in-the-middle
Session hijacking
What can be done to help minimize the risk of malware infection while a mobile device is browsing the Internet from a connection that is provided by a corporate network? (Choose two,)
Implement patch management
Disable unused features
Enable screen lock
Implement lock
Use storage segmentation
A security analyst has enabled a protocol analyzer to capture and analyse network traffic. The report has
recommended disabling a weak protocol on one device based on the following capture:
Transmission Control Protocol , Src Port: 1251, Ost Port: 23, Seq: 199, Ack: 133, Len: 0
Transmission Control Protocol , Src Port: 23, Ost Port: 1251, Seq: 101, Ack: 199, Len: 32
Which protocol should be enabled instead?
SFTP
SSL
SSH
Telnet