Security Plus (Part 2)

Which of the following wireless security controls can be easily and quickly circumvented using only a network sniffer? (Select TWO)

MAC filtering, Disabled SSID broadcast

Which of the following is the primary purpose of using a digital signature? (Select TWO)

Integrity, Non-repudiation

A proximity card reader is used to test which of the following aspects of human authentication?

Something a user has

Centrally authenticating multiple systems and applications against a federated user database is an example of:

single sign-on

Which of the following elements of PKI are found in a browser's trusted root CA?

Public-key

A security administrator is tasked with ensuring that all servers are highly available and that hard drive failure will not affect an individual server. Which of the following configurations will allow for high availability? (Select TWO)

Hardware RAID 5, Software RAID 1

Which of the following is a security best practice that Jane, a security technician, would implement before pacing a new server online?

Host-software baselining

Which of the following is a hardening step of an application during the SDLC?

Secure coding concepts

Pete, a customer, has called a company to report that all of his computers are displaying a rival company's website when Pete types the correct URL into the browser. All of the other websites he visits work correctly and other customers are not having thi

Pete's DNS has been poisoned

Which of the following can Pete, a security technician, deploy to provide secure tunneling services?

IPv6

An employee's workstation is connected to the corporate LAN. Due to content filtering restrictions, the employee attaches a 3G internet dongle to get to websites that are blocked by the corporate gateway. Which of the following BEST describes a security i

Network bridging must be avoided otherwise it may join two networks of different classifications

If a user wishes to receive a file encrypted with PGP, the user must FIRST supply the:

public key

Which of the following should be performed if a smartphone is lost to ensure no data can be retrieved from it?

Remote wipe

Which of the following security threats does shredding mitigate?

Dumpster diving

Which of the following should Sara, a security administrator, implement on a mobile phone to help prevent a conversation from being captured?

Voice encryption

A security administrator finished taking a forensic image of a computer's memory. Which of the following should the administrator do to ensure image integrity?

Run the image through SHA256

An offsite location containing the necessary hardware without data redundancy would be an example of which of the following off-site contingency plans?

Warm site

Which of the following is a trusted OS implementation used to prevent malicious or suspicious code from executing on Linux and UNIX platforms?

SELinux

Where are revoked certificates stored?

CRL

A system administrator could have a user level account and an administrator account to prevent:

escalation of privileges

Which of the following authentication services can be used to provide router commands to enforce policies?

TACACS+

Which of the following would be implemented if Jane, a security administrator, wants a door to electronically unlock when certain employees need access to a location?

Proximity readers

Which of the following technologies is used to verify that a file was not altered?

MD5

A user is no longer able to transfer files to the FTP server. The security administrator has verified the ports are open on the network firewall. Which of the following should the security administrator check?

ACLs

A security administrator working for a health insurance company needs to protect customer data by installing an HVAC system and a mantrap in the datacenter. Which of the following are being address? (Select TWO)

Confidentiality, Availability

An administrator is updating firmware on routers throughout the company. Where should the administrator document this work?

Change management System

Which of the following methods of access, authentication and authorization is the MOST secure by default?

Kerberos

Matt, a security administrator, notices an unauthorized vehicle roaming the area on company grounds. Matt verifies that all network connectivity is up and running and that no unauthorized wireless devices are being used to authenticate other devices; howe

War driving

Which of the following is another name for a malicious attacker?

Black hat

Which of the following will educate employees about malicious attempts from an attacker to obtain bank account information?

Phishing techniques

WEP is seen as an unsecure protocol based on its improper use of which of the following?

RC4

Which of the following is the MOST appropriate risk mitigation strategy for Sara, A security administrator, to use in order to identify an unauthorized administrative account?

User's rights and permissions review

Which of the following protocols would be the MOST secure method to transfer files from a host machine?

SFTP

Which of the following security practices should occur initially in software development?

Secure code review

Which of the following is an example of requiring users to have a password of 16 characters or more?

Password length requirements

An administrator has implemented a policy that password expire after 60 days and cannot match their last six previously used passwords. Users are bypassing this policy by immediately changing their passwords six times and then back to the original passwor

Create a policy that passwords cannot be changed more than once a day

The security administrator implemented privacy screens, password protected screen savers, and hired a secure shredding and disposal service. Which of the following attacks is the security administrator trying to mitigate? (Select TWO)

Dumpster diving, shoulder surfing

A human Resource manager is assigning access to users in their specific department performing the same job function. This is an example of:

role-based access control

Which of the following threats are specifically targeted at high profile individuals?

Whaling

A security administrator needs to implement a site-to-site VPN tunnel between the main office and remote branch. Which of the following protocols should be used for the tunnel?

IPSec

Which of the following should Jane, a security administrator, check for when conducting a wireless audit? (select TWO)

Atenna placement, Encryption of wireless traffic

Which of the following tools allows a security company to identify the latest unknown attacks utilized by attackers?

Honeypots

Which of the following cryptography types provides the same level of security but uses smaller key sizes and less computational resources than logarithms which are calculated against a finite field?

Elipitical curve

Which of the following is the MOST secure way of storing keys or digital certificates used for decryption/encryption of SSL sessions?

HSM

Which of the following attacks is MOST likely prevented when a website does not allow the '<' character as the input in a web form field?

Cross-site scripting

Which of the following software should a security administrator implement if several users are stating that they are receiving unwanted email containing advertisements?

Anti-spam

Which of the following is used in conjunction with PEAP to provide mutual authentication between peers?

MSCHAPv2

Which of the following logical controls does a flood guard protect against?

SYN attacks

Which of the following is true about PKI? (Select TWO)

When encrypting a message with the public key only the private key can derypt it. When encrypting a message with the private key, only the pubic key can decrypt it.

Which of the following protocols would an administrator MOST likely use to monitor the parameters of network devices?

SNMP

An administrator is taking an image of a server and converting it to a virtual instance. Which of the following BEST describes the information security requirements of a virtualized server?

Virtual server have the same information security requirements as physical servers.

Which of the following access control methods provides the BEST protection against attackers logging on as authorized users?

Require a PIV card

The corporate NIDS keeps track of how each program acts and will alert the security administrator if it starts acting in a suspicious manner. Which of the following describes how the NIDS is functioning?

Behavior based

Which of the following is the way Pete, a security administrator, can actively test security controls on a system?

penetration testing

Which of the following is a policy that would force all users to organize their areas as well as help in reducing the risk of possible data theft?

Clean desk policy

Which of the following must Pete, a security administrator, install on a flash drive to allow for portable drive data confidentiality?

USB encryptor

The fundamental difference between symmetric and asymmetric key cryptographic systems is that symmetric key cryptography uses:

the same key on each end of the transmission medium

A rogue access point with the same SSID as the production wireless network is found. Which of the following BEST describes this attack?

Evil Twin

Which of the following reduces the likelihood of a single point of failure when a server fails?

Clustering

An administrator who wishes to block all database ports at the firewall should include which of the following ports in the block list?

1433

Which of the following allows an attacker to identify vulnerabilities within a close source software application?

Fuzzing

Actively monitoring data streams in search of malicious code or behavior is an example of:

content inspection

Which of the following ports would Sara, a security administrator, need to be open to allow TFTP by default?

69

Which of the following is true about hardware encryption? (Select TWO)

It is faster than software encryption, It is available on computers using TPM

Which of the following network devices would MOST likely be used to detect but not react to suspicious behavior on the network?

NIDS

Which of the following BEST describes an intrusion prevention system?

A system that stops an attack in progress

Which of the following is BEST used to prevent ARP poisoning attacks across a network?

VLAN segregation

Matt, a user was able to access a system when he arrived to work at 5:45 am Just before Matt left at 6:30 pm, he was unable to access the same system, even through he could ping the system. In a Kerberos realm, which of the following is the MOST likely re

Matt's ticket has expired

Which of the following devices would Jane, a security administrator, typically use at the enclave boundary to inspect, block, and re-route network traffic for security purposes?

Firewalls

Which of the following threats corresponds with an attacker targeting specific employees of a company?

Spear phishing

Which of the following is the MOST common security issue on web-based applications?

Input validation

Applying detailed instructions to manage the flow of network traffic at the edge of the network, including allowing or denying traffic based on port, protocol, address, or direction is an implementation of which of the following?

Firewall rules

Proper wireless antenna placement and radio power setting reduces the success of which of the following reconnaissance methods?

War driving

A security administrator is asked to email an employee their password. Which of the following account policies MUST be set to ensure the employee changes their password promptly?

Password expiration

Which of the following is capable of providing the HIGHEST encryption bit strength?

AES

Which of the following is a technique designed to obtain information from a specific person?

Spear phishing

Which of the following should be considered when trying to prevent somebody from capturing network traffic?

EMI shielding

Several classified mobile devices have been stolen. Which of the following would BEST reduce the data leakage threat?

Remotely sanitize the devices

Which of the following is true when Sara, a user, browsing to an HTTPS site receives the message: 'Site name mismatch'?

The certificate CN is different from the site DNS A record

Which of the following can mike, a security technician, use to prevent numerous SYN packets from being accepted by a device?

Flood guards

On-going annual awareness security training should be coupled with:

signing of a user agreement

In a public key infrastructure, a trusted third party is also known as which of the following?

Certificate authority

An online banking portal is not accessible by customers during a holiday season. Sara and Pete, network administrator, notice sustained extremely high network traffic being directed towards the web interface of the banking portal from various external net

DDoS Attack

Which of the following is a security best practice that allows Pete, a user, to have one ID and password for all systems?

SSO

Which of the following BEST describes the function of TPM?

Hareware chip that stores encryption keys

Which of the following is an account management principle for simplified user administration?

Implement access based on groups

Which of the following BEST explains the security benefit of standardized server image?

Mandated security configurations have been made to the operating system

Based on logs from file servers, remote access systems, and IDS, a malicious insider was stealing data using a personal laptop while connected by VPN. The affected company wants access to the laptop to determine loss, but the insider's lawyer insists the

MAC address

A web application has been found to be vulnerable to a SQL injection attack. Which of the following BEST describes the required remediation action?

Add input validation to forms

Which of the following describes the purpose of chain of custody as applied to forensic image retention?

To provide documentation as to who has handled the evidence

In a 802.11n network, which of the following provides the MOST secure method of both encryption and authorization?

WPA enterprise

Which of the following is the MAIN reason to require data labeling?

To ensure that staff understands what data they are handling and processing

The recovery agent is used to recover the:

private key

Which of the following MOST likely has its access controlled by TACACS+? (Select TWO)

Router, Switch

Which of the following PKI components identifies certificates that can no longer be trusted?

CRL

Which of the following can cause data loss from web based applications?

Poor error handling

A network consists of various remote sites that connect back to two main locations. The security administrator needs to block TELNET access into the network. Which of the following, by default, would be the BEST choice to accomplish this goal?

Block port 23 on the network firewall

Which of the following is the MOST likely implication of a corporate firewall rule that allows TCP port 22 from any internal IP to any external site?

Data loss can occur as an SSH tunnel may be established to home PCs

Which of the following devices BEST allows a security administrator to identify malicious activity after it has occurred?

IDS

Which of the following attacks targets high profile individuals?

Whaling

The security administrator is getting reports from users that they are accessing certain websites and are unable to download anything off of those sites. The security administrator is also receiving several alarms from the IDS about suspicious traffic on

NIPS is blocking activites from those specific websites.

Matt, a security administrator, has installed a new server and has asked a network engineer to place the server within VLAN100. This server can be reached from the internet, but Matt is unable to connect from the server to the internal company resources.

The server is in the DMZ

Which of the following allows Jane, a security administrator, to divide a network into multiple zones? (Select TWO)

Vlan, Subnetting

If a security administrator wants to TELNET into a router to make configuration changes, which of the following ports would need to be open by default?

23

The server log shows 25 SSH login sessions per hour. However, it is a large company and the administrator does not know if this is normal behavior or if the network is under attacks. Where should the administrator look to determine if this is normal behav

Baseline reporting

Pete, a security administrator, is analyzing the packet capture from an IDS triggered filter. The packet capture shows the following sting. <script>source=http://www.evilesite.co/evil.ja</script> Which of the following attacks is occurring?

Cross-site scripting

An IT administrator wants to provide 250 staff with secure remote access to the corporate network. Which of the following BEST achieves this requirement?

VPN concentrator

The decision to build a redundant datacenter MOST likely came from which of the following?

Business impact analysis

NTLM is an improved an substantially backwards compatible replacement for which of the following?

passwd

A company has remote works with laptops that house sensitive data. Which of the following can be implemented to recover the laptops if they are lost?

GPS tracking

Which of the following is the technicical implementation of a security policy?

Firewall rules

Which of the following should be performed on a computer to protect the operating system from malicious software? (Select TWO)

Disable unused services, Update HIPS signatures

A company hires a security firm to access the security of the company's network. The company does not provide the firm with any internal knowledge or documentation of the network. Which of the following should the security firm perform?

Black box

Which of the following is BEST described as a scenario where organizational management decides not to provide a service offering because it presents an unacceptable risk to the organization?

Avoidance

A user received an automated call which appears to be from their bank. The automated recording provides details about the bank's privacy policy, security policy and requests that the user clearly state their name, birthday and enter the banking details to

Vishing

Which of the following are the default ports for HTTP and HTTPS protocols? (Select TWO)

80, 443

Which of the following is the BEST way to mitigate data loss if a portable device is compromised?

Full disk encryption

A security firm has been engaged to assess a software application. A production-like test environment, login details, production documentation and source code have been provided. Which of the following types of testing is being described?

White box