Which of the following should be enabled in a laptop's BIOS prior to full disk encryption?
TPM
Company employees are required to have workstation client certificates to access a bank website. These certificates were backed up as a precautionary step before the new computer upgrade. After the upgrade and restoration, users state they can access the
The certificates have not been installed on the workstations
Digital Signatures provide which of the following?
Integrity
A user ID and password together provide which of the following?
Authentication
RADIUS provides which of the following?
Authentication, Authorization, Accounting
A recent intrusion has resulted in the need to perform incident response procedures. The incident response team has identified audit logs throughout the network and organizational systems which hold details of the security breach. Prior to this incident,
Record time offset
In order for network monitoring to work properly, you need a PC and a network card running in what mode?
Promiscuous
Which of the following utilities can be used in Linux to view a list of users' failed authentication attempts?
faillog
A periodic update that corrects problems in one version of a product is called a
Service pack
A user has received an email from an external source which asks for details on the company's new product line set for release in one month. The user has a detailed spec sheet but it is marked "Internal Proprietary Information". Which of the following shou
Contact the help desk and/or incident response team to determine next steps
Which of the following techniques enables a highly secured organization to assess security weaknesses in real time?
Continuous monitoring
Which of the following techniques can be used to prevent the disclosure of system information resulting from arbitrary inputs when implemented properly?
Error handling
Encryption of data at rest is important for sensitive information because of which of the following?
Prevents data from being accessed following theft of physical equipment
Which of the following is synonymous with a server's certificate?
Public key
A network administrator noticed various chain messages have been received by the company.
Which of the following security controls would need to be implemented to mitigate this issue?
Anti-spam
Which of the following types of application attacks would be used to specifically gain unauthorized information from databases that did not have any input validation implemented?
HIPS on each virtual machine
A security administrator wants to get a real time look at what attackers are doing in the wild, hoping to lower the risk of zero-day attacks. Which of the following should be used to accomplish this goal?
Honeynets
Which of the following protocols is the security administrator observing in this packet capture?
12:33:43, SRC 192.168.4.3:3389, DST 10.67.33.20:8080, SYN/ACK
RDP
Which of the following is true about asymmetric encryption?
A message encrypted with the public key can be decrypted with the private key
Which of the following is true about an email that was signed by User A and sent to User B?
User A signed with their own private key and User B verified with User A's public key.
The Chief Information Officer (CIO) is concerned with moving an application to a SaaS cloud provider. Which of the following can be implemented to provide for data confidentiality assurance during and after the migration to the cloud?
DLP policy
Which of the following protocols encapsulates an IP packet with an additional IP header?
IPSec
A program has been discovered that infects a critical Windows system executable and stays dormant in memory. When a Windows mobile phone is connected to the host, the program infects the phone's boot loader and continues to target additional Windows PCs o
Virus
A user has unknowingly gone to a fraudulent site. The security analyst notices the following system change on the user's host: Old `hosts' file:
127.0.0.1 localhost
New `hosts' file:
127.0.0.1 localhost
5.5.5.5 www.comptia.com
Which of the following attac
Pharming
An investigator recently discovered that an attacker placed a remotely accessible CCTV camera in a public area overlooking several Automatic Teller Machines (ATMs). It is also believed that user accounts belonging to ATM operators may have been compromise
Shoulder surfing
A user commuting to work via public transport received an offensive image on their smart phone from another commuter. Which of the following attacks MOST likely took place?
Bluejacking
An attacker attempted to compromise a web form by inserting the following input into the username field: admin)(|(password=*))
Which of the following types of attacks was attempted?
LDAP injection
Which of the following is BEST carried out immediately after a security breach is discovered?
Incident management
Which of the following is a hardware-based security technology included in a computer?
Trusted platform module
Pete, an employee, attempts to visit a popular social networking site but is blocked. Instead, a page is displayed notifying him that this site cannot be visited. Which of the following is MOST likely blocking Pete's access to this site?
Internet content filter
How often, at a MINIMUM, should Sara, an administrator, review the accesses and right of the users on her system?
Annually
An administrator is concerned that a company's web server has not been patched. Which of the following would be the BEST assessment for the administrator to perform?
Vulnerability scan
An administrator notices that former temporary employees' accounts are still active on a domain.
Which of the following can be implemented to increase security and prevent this from happening?
Run a last logon script to look for inactive accounts
A trojan was recently discovered on a server. There are now concerns that there has been a security breach that allows unauthorized people to access data. The administrator should be looking for the presence of a/an:
Backdoor
Which of the following protocols uses TCP instead of UDP and is incompatible with all previous versions?
TACACS+
Which of the following symmetric key algorithms are examples of block ciphers? (Select THREE).
3DES
AES
Blowfish
Which of the following must be kept secret for a public key infrastructure to remain secure?
Private key
Which of the following devices is BEST suited to protect an HTTP-based application that is susceptible to injection attacks?
Layer 7 firewall
Which of the following is best practice to put at the end of an ACL?
Implicit deny
Which of the following security concepts can prevent a user from logging on from home during the weekends?
Time of day restrictions
Which of the following would provide the STRONGEST encryption?
Random one-time pad
During a server audit, a security administrator does not notice abnormal activity. However, a network security analyst notices connections to unauthorized ports from outside the corporate network. Using specialized tools, the network security analyst also
Rootkit
A security administrator wants to ensure that the message the administrator sends out to their Chief Financial Officer (CFO) does not get changed in route. Which of the following is the administrator MOST concerned with?
Data integrity
Which of the following can be performed when an element of the company policy cannot be enforced by technical means?
User training
Timestamps and sequence numbers act as countermeasures against which of the following types of attacks?
Replay
Which of the following would be used as a secure substitute for Telnet?
SSH
Which of the following is described as an attack against an application using a malicious file?
Client side attack
Which of the following assessment techniques would a security administrator implement to ensure that systems and software are developed properly?
Design reviews
Which of the following would a security administrator implement in order to identify a problem between two applications that are not communicating properly?
Protocol analyzer
Which of the following would a security administrator implement in order to identify change from the standard configuration on a server?
Baseline review
Which of the following tools would a security administrator use in order to identify all running services throughout an organization?
Port scanner
Which of the following protocols provides transport security for virtual terminal emulation?
SSH
Based on information leaked to industry websites, business management is concerned that unauthorized employees are accessing critical project information for a major, well-known new product. To identify any such users, the security administrator could:
Set up a honeypot and place false project documentation on an unsecure share.
Which of the following is an indication of an ongoing current problem?
Alarm
Which of the following a programming interface that allows a remote computer to run programs on a local machine?
RPC
Which of the following is the term for a fix for a known software problem?
Patch
Connections using point-to-point protocol authenticate using which of the following? (Select TWO).
PAP
CHAP
Which of the following will help prevent smurf attacks?
Disabling directed broadcast on border routers
An advantage of virtualizing servers, databases, and office applications is:
Centralized management
A major security risk with co-mingling of hosts with different security requirements is:
Security policy violations
Which of the following attacks targets high level executives to gain company information?
Whaling
Which of the following can be used as an equipment theft deterrent?
Cable locks
At the outside break area, an employee, Ann, asked another employee to let her into the building because her badge is missing. Which of the following does this describe?
Tailgating
A company that has a mandatory vacation policy has implemented which of the following controls?
Risk control
Which of the following is the MOST intrusive type of testing against a production system?
Penetration testing
Which of the following devices would be MOST useful to ensure availability when there are a large number of requests to a certain website?
Load balancer
The IT department has installed new wireless access points but discovers that the signal extends far into the parking lot. Which of the following actions should be taken to correct this?
Lower the power for office coverage only
Which of the following uses port 22 by default? (Select THREE).
SSH
SFTP
SCP
Ann, a software developer, has installed some code to reactivate her account one week after her account has been disabled. Which of the following is this an example of? (Select TWO).
Logic Bomb
Backdoor
The string:
` or 1=1--
Represents which of the following?
SQL Injection
Joe, an administrator, installs a web server on the Internet that performs credit card transactions for customer payments. Joe also sets up a second web server that looks like the first web server.
However, the second server contains fabricated files and
Honeypot
Which of the following can Joe, a security administrator, implement on his network to capture attack details that are occurring while also protecting his production network?
Honeypot
Which of the following should Joe, a security manager, implement to reduce the risk of employees working in collusion to embezzle funds from his company?
Mandatory Vacations
Ann, a security technician, is reviewing the IDS log files. She notices a large number of alerts for multicast packets from the switches on the network. After investigation, she discovers that this is normal activity for her network. Which of the followin
False positives
Joe, a security analyst, asks each employee of an organization to sign a statement saying that they understand how their activities may be monitored. Which of the following BEST describes this statement? (Select TWO).
Acceptable use policy
Privacy policy
A process in which the functionality of an application is tested without any knowledge of the internal mechanisms of the application is known as:
Black box testing
Which of the following tools would allow Ann, the security administrator, to be able to BEST quantify all traffic on her network?
Protocol analyzer
Ann is starting a disaster recovery program. She has gathered specifics and team members for a meeting on site. Which of the following types of tests is this?
Structured walk through
An internal auditing team would like to strengthen the password policy to support special characters. Which of the following types of password controls would achieve this goal?
Password complexity
Ann, the software security engineer, works for a major software vendor. Which of the following practices should be implemented to help prevent race conditions, buffer overflows, and other similar vulnerabilities prior to each production release?
Code review
Ann, a security analyst, is preparing for an upcoming security audit. To ensure that she identifies unapplied security controls and patches without attacking or compromising the system, Ann would use which of the following?
Vulnerability scanning
Ann, the security administrator, received a report from the security technician, that an unauthorized new user account was added to the server over two weeks ago. Which of the following could have mitigated this event?
Routine log audits
Which of the following ports should be opened on a firewall to allow for NetBIOS communication? (Select TWO).
137
139
Joe, the systems administrator, is setting up a wireless network for his team's laptops only and needs to prevent other employees from accessing it. Which of the following would BEST address this?
Implement MAC filtering on the access point.
After Ann, a user, logs into her banking websites she has access to her financial institution mortgage, credit card, and brokerage websites as well. Which of the following is being described?
Single sign-on
Which of the following is a way to implement a technical control to mitigate data loss in case of a mobile device theft?
Disk encryption
When an order was submitted via the corporate website, an administrator noted special characters (e.g., ";--" and "or 1=1 --") were input instead of the expected letters and numbers.
Which of the following is the MOST likely reason for the unusual results
The user is sending malicious SQL injection strings in order to extract sensitive company or customer data via the website.
When a communications plan is developed for disaster recovery and business continuity plans, the MOST relevant items to include would be: (Select TWO).
A. Methods and templates to respond to press requests, institutional and regulatory reporting requirements.
B. Methods to exchange essential information to and from all response team members, employees, suppliers, and customers.
Key elements of a business impact analysis should include which of the following tasks?
Identify critical assets systems and functions, identify dependencies, determine critical downtime limit, define scenarios by type and scope of impact, and quantify loss potential
End-user awareness training for handling sensitive personally identifiable information would include secure storage and transmission of customer:
Date of birth
Which of the following risk mitigation strategies will allow Ann, a security analyst, to enforce least privilege principles?
User rights reviews
The security officer is preparing a read-only USB stick with a document of important personal phone numbers, vendor contacts, an MD5 program, and other tools to provide to employees. At which of the following points in an incident should the officer instr
First Responder
To ensure proper evidence collection, which of the following steps should be preformed FIRST?
Capture the system image
Joe, the security administrator, has determined that one of his web servers is under attack. Which of the following can help determine where the attack originated from?
Network sniffing
Joe, the system administrator, is performing an overnight system refresh of hundreds of user computers. The refresh has a strict timeframe and must have zero downtime during business hours. Which of the following should Joe take into consideration?
A back-out strategy planned out anticipating any unforeseen problems that may arise.
A program displays:
ERROR: this program has caught an exception and will now terminate.
Which of the following is MOST likely accomplished by the program's behavior?
Operating system's integrity is maintained
A security administrator wants to deploy a physical security control to limit an individual's access into a sensitive area. Which of the following should be implemented?
Guards
A network administrator uses an RFID card to enter the datacenter, a key to open the server rack, and a username and password to logon to a server. These are examples of which of the following?
Single factor authentication
Which of the following results in datacenters with failed humidity controls? (Select TWO).
Electrostatic charge
Condensation
An online store wants to protect user credentials and credit card information so that customers can store their credit card information and use their card for multiple separate transactions.
Which of the following database designs provides the BEST securi
Hash the credential fields and use encryption for the credit card field