Archive for November 2017

Jane, the security administrator, is having issues with unauthorized users connecting to the wireless network. For administrative reasons, she cannot implement any wireless encryption methods. Which of the following can she implement to prevent unauthorized users from connecting to the network?

Jane, the security administrator, is having issues with unauthorized users connecting to the wireless network. For administrative reasons, she cannot implement any wireless encryption methods. Which of the following can she implement to prevent unauthorized users from connecting to the network?




A. NIPS

B. Disable unused ports

C. MAC filtering

D. WEP




Answer: C

Pete, the security engineer, would like to prevent wireless attacks on his network. Pete has implemented a security control to limit the connecting MAC addresses to a single port. Which of the following wireless attacks would this address?

Pete, the security engineer, would like to prevent wireless attacks on his network. Pete has implemented a security control to limit the connecting MAC addresses to a single port. Which of the following wireless attacks would this address?



A. Interference

B. Man-in-the-middle

C. ARP poisoning

D. Rogue access point





Answer: D

Pete's corporation has outsourced help desk services to a large provider. Management has published a procedure that requires all users, when receiving support, to call a special number. Users then need to enter the code provided to them by the help desk technician prior to allowing the technician to work on their PC. Which of the following does this procedure prevent?

Pete's corporation has outsourced help desk services to a large provider. Management has published a procedure that requires all users, when receiving support, to call a special number. Users then need to enter the code provided to them by the help desk technician prior to allowing the technician to work on their PC. Which of the following does this procedure prevent?



A. Collusion

B. Impersonation

C. Pharming

D. Transitive Access




Answer: B

The information security team does a presentation on social media and advises the participants not to provide too much personal information on social media web sites. This advice would BEST protect people from which of the following?

The information security team does a presentation on social media and advises the participants not to provide too much personal information on social media web sites. This advice would BEST protect people from which of the following?



A. Rainbow tables attacks

B. Brute force attacks

C. Birthday attacks

D. Cognitive passwords attacks




Answer: D

Sara, a security manager, has decided to force expiration of all company passwords by the close of business day. Which of the following BEST supports this reasoning?

Sara, a security manager, has decided to force expiration of all company passwords by the close of business day. Which of the following BEST supports this reasoning?



A. A recent security breach in which passwords were cracked.

B. Implementation of configuration management processes.

C. Enforcement of password complexity requirements.

D. Implementation of account lockout procedures.




Answer: A

Pete, a security analyst, has been informed that the development team has plans to develop an application which does not meet the company's password policy. Which of the following should Pete do NEXT?

Pete, a security analyst, has been informed that the development team has plans to develop an application which does not meet the company's password policy. Which of the following should Pete do NEXT?



A. Contact the Chief Information Officer and ask them to change the company password policy so that the application is made compliant.

B. Tell the application development manager to code the application to adhere to the company's password policy.

C. Ask the application development manager to submit a risk acceptance memo so that the issue can be documented.

D. Inform the Chief Information Officer of non-adherence to the security policy so that the developers can be reprimanded.




Answer: B

Matt, a security analyst, needs to implement encryption for company data and also prevent theft of company data. Where and how should Matt meet this requirement?

Matt, a security analyst, needs to implement encryption for company data and also prevent theft of company data. Where and how should Matt meet this requirement?



A. Matt should implement access control lists and turn on EFS.

B. Matt should implement DLP and encrypt the company database.

C. Matt should install Truecrypt and encrypt the company server.

D. Matt should install TPMs and encrypt the company database.





Answer: B

Which of the following BEST explains the use of an HSM within the company servers?

Which of the following BEST explains the use of an HSM within the company servers?





A. Thumb drives present a significant threat which is mitigated by HSM.

B. Software encryption can perform multiple functions required by HSM.

C. Data loss by removable media can be prevented with DLP.

D. Hardware encryption is faster than software encryption.




Answer: D

Pete, a security analyst, has been tasked with explaining the different types of malware to his colleagues. The two malware types that the group seems to be most interested in are botnets and viruses. Which of the following explains the difference between these two types of malware?

Pete, a security analyst, has been tasked with explaining the different types of malware to his colleagues. The two malware types that the group seems to be most interested in are botnets and viruses. Which of the following explains the difference between these two types of malware?




A. Viruses are a subset of botnets which are used as part of SYN attacks.

B. Botnets are a subset of malware which are used as part of DDoS attacks.

C. Viruses are a class of malware which create hidden openings within an OS.

D. Botnets are used within DR to ensure network uptime and viruses are not.



Answer: B

Pete, a security analyst, has been tasked with explaining the different types of malware to his colleagues. The two malware types that the group seems to be most interested in are backdoors and logic bombs. Which of the following differentiates these two types of malware?

Pete, a security analyst, has been tasked with explaining the different types of malware to his colleagues. The two malware types that the group seems to be most interested in are backdoors and logic bombs. Which of the following differentiates these two types of malware?




A. A backdoor is a coding issue that can be discovered by proper configuration management processes.

B. A logic bomb is typically hidden within the boot sector of the hard drive and is used to cause DDoS.

C. A backdoor is a third generation attack which is typically low risk because only highly trained staff can achieve it.

D. A logic bomb is undetectable by current antivirus signatures because a patch has not been issued.




Answer: A

Matt works for an organization that requires data to be recovered in the shortest amount of time possible. Which of the following backup types would BEST meet the organization's needs?

Matt works for an organization that requires data to be recovered in the shortest amount of time possible. Which of the following backup types would BEST meet the organization's needs?



A. Full backups daily

B. Differential backups monthly

C. Full backups weekly

D. Incremental backups monthly





Answer: A

Sara, a security technician, has been asked to design a solution which will enable external users to have access to a Web server, while keeping the internal network unaffected by this access. Which of the following would BEST meet this objective?

Sara, a security technician, has been asked to design a solution which will enable external users to have access to a Web server, while keeping the internal network unaffected by this access. Which of the following would BEST meet this objective?



A. Place the Web server on a VLAN

B. Place the Web server inside of the internal firewall

C. Place the Web server in a DMZ

D. Place the Web server on a VPN




Answer: C

Sara, a security analyst, is trying to prove to management what costs they could incur if their customer database was breached. This database contains 250 records with PII. Studies show that the cost per record for a breach is $300. The likelihood that their database would be breached in the next year is only 5%. Which of the following is the ALE that Sara should report to management for a security breach?

Sara, a security analyst, is trying to prove to management what costs they could incur if their customer database was breached. This database contains 250 records with PII. Studies show that the cost per record for a breach is $300. The likelihood that their database would be breached in the next year is only 5%. Which of the following is the ALE that Sara should report to management for a security breach?



A. $1,500

B. $3,750

C. $15,000

D. $75,000




Answer: B

Pete, a security administrator, has implemented SSH across all network infrastructure devices in the enterprise. Which of the following protocols will be used to exchange keying material within SSH?

Pete, a security administrator, has implemented SSH across all network infrastructure devices in the enterprise. Which of the following protocols will be used to exchange keying material within SSH?



A. Transport layer protocol

B. IPSec

C. Diffie-Hellman

D. Secure socket layer




Answer: C

Jane, a security administrator, is reviewing the company's official documentation to mitigate the risk of data loss due to personally owned devices being connected to perform company related work. Which of the following documentation should Jane MOST likely review and update?

Jane, a security administrator, is reviewing the company's official documentation to mitigate the risk of data loss due to personally owned devices being connected to perform company related work. Which of the following documentation should Jane MOST likely review and update?



A. Acceptable risk

B. Data retention policy

C. Acceptable use policy

D. End user license agreement




Answer: C

Sara, the security administrator, must configure the corporate firewall to allow all public IP addresses on the internal interface of the firewall to be translated to one public IP address on the external interface of the same firewall. Which of the following should Sara configure?

Sara, the security administrator, must configure the corporate firewall to allow all public IP addresses on the internal interface of the firewall to be translated to one public IP address on the external interface of the same firewall. Which of the following should Sara configure?




A. PAT

B. NAP

C. DNAT

D. NAC



Answer: A

Jane, the security engineer, is tasked with hardening routers. She would like to ensure that network access to the corporate router is allowed only to the IT group and from authorized machines. Which of the following would MOST likely be implemented to meet this security goal? (Select TWO).

Jane, the security engineer, is tasked with hardening routers. She would like to ensure that network access to the corporate router is allowed only to the IT group and from authorized machines. Which of the following would MOST likely be implemented to meet this security goal? (Select TWO).




A. SNMP

B. HTTPS

C. ACL

D. Disable console

E. SSH

F. TACACS+




Answer: CF

The lobby of the hotel allows users to plug in their laptops to access the Internet. This network is also used for the IP based phones in the hotel lobby. Mike, the security engineer, wants to secure the phones so that guests cannot electronically eavesdrop on other guests. Which of the following would Mike MOST likely implement?

The lobby of the hotel allows users to plug in their laptops to access the Internet. This network is also used for the IP based phones in the hotel lobby. Mike, the security engineer, wants to secure the phones so that guests cannot electronically eavesdrop on other guests. Which of the following would Mike MOST likely implement?



A. VLAN

B. Port security

C. MPLS

D. Separate voice gateway




Answer: A

Jane, a security architect, is implementing security controls throughout her organization. Which of the following BEST explains the vulnerability in the formula that a Risk = Threat x Vulnerability x Impact?

Jane, a security architect, is implementing security controls throughout her organization. Which of the following BEST explains the vulnerability in the formula that a Risk = Threat x Vulnerability x Impact?



A. Vulnerability is related to the risk that an event will take place.

B. Vulnerability is related to value of potential loss.

C. Vulnerability is related to the probability that a control will fail.

D. Vulnerability is related to the probability of the event.





Answer: C

A security technician is working with the network firewall team to implement access controls at the company's demarc as part of the initiation of configuration management processes. One of the network technicians asks the security technician to explain the access control type found in a firewall. With which of the following should the security technician respond?

A security technician is working with the network firewall team to implement access controls at the company's demarc as part of the initiation of configuration management processes. One of the network technicians asks the security technician to explain the access control type found in a firewall. With which of the following should the security technician respond?



A. Rule based access control

B. Role based access control

C. Discretionary access control

D. Mandatory access control




Answer: A

Which of the following BEST describes a demilitarized zone?

Which of the following BEST describes a demilitarized zone?



A. A buffer zone between protected and unprotected networks.

B. A network where all servers exist and are monitored.

C. A sterile, isolated network segment with access lists.

D. A private network that is protected by a firewall and a VLAN.




Answer: A

Matt, an account manager, arrives at work early in the morning and cannot log into his workstation. He calls the help desk an hour later to open a trouble ticket, but they tell him there is nothing wrong with his account. Matt tries his login once more and is granted access. Which of the following control types BEST explains this anomaly?

Matt, an account manager, arrives at work early in the morning and cannot log into his workstation. He calls the help desk an hour later to open a trouble ticket, but they tell him there is nothing wrong with his account. Matt tries his login once more and is granted access. Which of the following control types BEST explains this anomaly?



A. Discretionary access control

B. Time of day restrictions

C. Separation of duties

D. Single sign-on





Answer: B

A company is experiencing an extraordinary amount of web traffic that is crippling the server. The web traffic suddenly stops. The mail server experiences the same amount of traffic as before then crashes. Which of the following attacks would this BEST describe?

A company is experiencing an extraordinary amount of web traffic that is crippling the server. The web traffic suddenly stops. The mail server experiences the same amount of traffic as before then crashes. Which of the following attacks would this BEST describe?



A. DoS

B. Spam

C. Man-in-the-middle

D. Replay





Answer: A

A database server containing personal information and a file server containing non-critical information must be secured. Which of the following would be a BEST practice to secure the servers? (Select TWO).

A database server containing personal information and a file server containing non-critical information must be secured. Which of the following would be a BEST practice to secure the servers? (Select TWO).




A. Place the file server behind a door requiring biometric authorization.

B. Place both servers under the system administrator's desk.

C. Place the database server behind a door with a cipher lock.

D. Place the file server in an unlocked rack cabinet.

E. Place the database server behind a door requiring biometric authorization.




Answer: AE

Jane has recently implemented a new network design at her organization and wishes to passively identify security issues with the new network. Which of the following should Jane perform?

Jane has recently implemented a new network design at her organization and wishes to passively identify security issues with the new network. Which of the following should Jane perform?



A. Vulnerability assessment

B. Black box testing

C. White box testing

D. Penetration testing




Answer: A

While opening an email attachment, Pete, a customer, receives an error that the application has encountered an unexpected issue and must be shut down. This could be an example of which of the following attacks?

While opening an email attachment, Pete, a customer, receives an error that the application has encountered an unexpected issue and must be shut down. This could be an example of which of the following attacks?



A. Cross-site scripting

B. Buffer overflow

C. Header manipulation

D. Directory traversal





Answer: B

A security administrator has installed a new KDC for the corporate environment. Which of the following authentication protocols is the security administrator planning to implement across the organization?

A security administrator has installed a new KDC for the corporate environment. Which of the following authentication protocols is the security administrator planning to implement across the organization?



A. LDAP

B. RADIUS

C. Kerberos

D. XTACACS





Answer: C

Pete has obtained a highly sensitive document and has placed it on a network drive which has been formatted with NTFS and is shared via CIFS. Which of the following access controls apply to the sensitive file on the server?

Pete has obtained a highly sensitive document and has placed it on a network drive which has been formatted with NTFS and is shared via CIFS. Which of the following access controls apply to the sensitive file on the server?



A. Discretionary

B. Rule based

C. Role based

D. Mandatory





Answer: A

Matt, a security consultant, has been tasked with increasing server fault tolerance and has been given no budget to accomplish his task. Which of the following can Matt implement to ensure servers will withstand hardware failure?

Matt, a security consultant, has been tasked with increasing server fault tolerance and has been given no budget to accomplish his task. Which of the following can Matt implement to ensure servers will withstand hardware failure?





A. Hardware load balancing

B. RAID

C. A cold site

D. A host standby




Answer: B

A company has asked Pete, a penetration tester, to test their corporate network. Pete was provided with all of the server names, configurations, and corporate IP addresses. Pete was then instructed to stay off of the Accounting subnet as well as the company web server in the DMZ. Pete was told that social engineering was not in the test scope as well. Which of the following BEST describes this penetration test?

A company has asked Pete, a penetration tester, to test their corporate network. Pete was provided with all of the server names, configurations, and corporate IP addresses. Pete was then instructed to stay off of the Accounting subnet as well as the company web server in the DMZ. Pete was told that social engineering was not in the test scope as well. Which of the following BEST describes this penetration test?



A. Gray box

B. Black box

C. White box

D. Blue box




Answer: C

Sara, the Chief Security Officer (CSO), has had four security breaches during the past two years. Each breach has cost the company $3,000. A third party vendor has offered to repair the security hole in the system for $25,000. The breached system is scheduled to be replaced in five years. Which of the following should Sara do to address the risk?

Sara, the Chief Security Officer (CSO), has had four security breaches during the past two years. Each breach has cost the company $3,000. A third party vendor has offered to repair the security hole in the system for $25,000. The breached system is scheduled to be replaced in five years. Which of the following should Sara do to address the risk?



A. Accept the risk saving $10,000.

B. Ignore the risk saving $5,000.

C. Mitigate the risk saving $10,000.

D. Transfer the risk saving $5,000.



Answer: D

Which of the following BEST describes the weakness in WEP encryption?

Which of the following BEST describes the weakness in WEP encryption?






A. The initialization vector of WEP uses a crack-able RC4 encryption algorithm. Once enough packets are captured an XOR operation can be performed and the asymmetric keys can be derived.

B. The WEP key is stored in plain text and split in portions across 224 packets of random data. Once enough packets are sniffed the IV portion of the packets can be removed leaving the plain text key.

C. The WEP key has a weak MD4 hashing algorithm used. A simple rainbow table can be used to generate key possibilities due to MD4 collisions.

D. The WEP key is stored with a very small pool of random numbers to make the cipher text. As the random numbers are often reused it becomes easy to derive the remaining WEP key.




Answer: D

Jane, an IT security technician, receives a call from the vulnerability assessment team informing her that port 1337 is open on a user's workstation. Which of the following BEST describes this type of malware?

Jane, an IT security technician, receives a call from the vulnerability assessment team informing her that port 1337 is open on a user's workstation. Which of the following BEST describes this type of malware?



A. Logic bomb

B. Spyware

C. Backdoor

D. Adware




Answer: C

During a penetration test from the Internet, Jane, the system administrator, was able to establish a connection to an internal router, but not successfully log in to it. Which ports and protocols are MOST likely to be open on the firewall? (Select FOUR).

During a penetration test from the Internet, Jane, the system administrator, was able to establish a connection to an internal router, but not successfully log in to it. Which ports and protocols are MOST likely to be open on the firewall? (Select FOUR).


A. 21

B. 22

C. 23

D. 69

E. 3389

F. SSH

G. Terminal services

H. Rlogin

I. Rsync

J. Telnet



Answer: BCFJ

Sara, a security administrator, is configuring a new firewall. She has entered statements into the firewall configuration as follows:

Sara, a security administrator, is configuring a new firewall. She has entered statements into the firewall configuration as follows:


Allow all Web traffic

Deny all Telnet traffic

Allow all SSH traffic

Mike, a user on the network, tries unsuccessfully to use RDP to connect to his work computer at home. Which of the following principles BEST explains why Mike's attempt to connect is not successful?



A. Explicit deny

B. Loop protection

C. Implicit deny

D. Implicit permit





Answer: C

Sara, the Chief Executive Officer (CEO) of a corporation, wishes to receive her corporate email and file attachments on her corporate mobile computing device. If the device is lost or stolen, the BEST security measure to ensure that sensitive information is not comprised would be:

Sara, the Chief Executive Officer (CEO) of a corporation, wishes to receive her corporate email and file attachments on her corporate mobile computing device. If the device is lost or stolen, the BEST security measure to ensure that sensitive information is not comprised would be:



A. to immediately file a police report and insurance report.

B. the ability to remotely wipe the device to remove the data.

C. to immediately issue a replacement device and restore data from the last backup.

D. to turn on remote GPS tracking to find the device and track its movements.




Answer: B

Which of the following BEST describes a directory traversal attack?

Which of the following BEST describes a directory traversal attack?




A. A malicious user can insert a known pattern of symbols in a URL to access a file in another section of the directory.

B. A malicious user can change permissions or lock out user access from a webroot directory or subdirectories.

C. A malicious user can delete a file or directory in the webroot directory or subdirectories.

D. A malicious user can redirect a user to another website across the Internet.



Answer: A

Jane, a security analyst, wants to ensure that data is being stored encrypted, in the event that a corporate laptop is stolen. Which of the following encryption types will accomplish her goal?

Jane, a security analyst, wants to ensure that data is being stored encrypted, in the event that a corporate laptop is stolen. Which of the following encryption types will accomplish her goal?




A. IPSec

B. Secure socket layer

C. Whole disk

D. Transport layer security



Answer: C

Sara, a senior programmer for an application at a software development company, has also assumed an auditing role within the same company. She will be assessing the security of the application. Which of the following will she be performing?

Sara, a senior programmer for an application at a software development company, has also assumed an auditing role within the same company. She will be assessing the security of the application. Which of the following will she be performing?



A. Blue box testing

B. Gray box testing

C. Black box testing

D. White box testing





Answer: D

Which of the following is true concerning WEP security?

Which of the following is true concerning WEP security?



A. WEP keys are transmitted in plain text.

B. The WEP key initialization process is flawed.

C. The pre-shared WEP keys can be cracked with rainbow tables.

D. WEP uses the weak RC4 cipher.




Answer: B

In planning for a firewall implementation, Pete, a security administrator, needs a tool to help him understand what traffic patterns are normal on his network. Which of the following tools would help Pete determine traffic patterns?

In planning for a firewall implementation, Pete, a security administrator, needs a tool to help him understand what traffic patterns are normal on his network. Which of the following tools would help Pete determine traffic patterns?




A. Syslog

B. Protocol analyzer

C. Proxy server

D. Firewall




Answer: B

Which of the following is a management control?

Which of the following is a management control?



A. Logon banners

B. Written security policy

C. SYN attack prevention

D. Access Control List (ACL)




Answer: B

Mike, a user, receives an email from his grandmother stating that she is in another country and needs money. The email address belongs to his grandmother. Which of the following attacks is this?

Mike, a user, receives an email from his grandmother stating that she is in another country and needs money. The email address belongs to his grandmother. Which of the following attacks is this?




A. Man-in-the-middle

B. Spoofing

C. Relaying

D. Pharming



Answer: B

Pete, the security administrator, wants to ensure that traffic to the corporate intranet is secure using HTTPS. He configures the firewall to deny traffic to port 80. Now users cannot connect to the intranet even through HTTPS. Which of the following is MOST likely causing the issue?

Pete, the security administrator, wants to ensure that traffic to the corporate intranet is secure using HTTPS. He configures the firewall to deny traffic to port 80. Now users cannot connect to the intranet even through HTTPS. Which of the following is MOST likely causing the issue?



A. The web server is configured on the firewall's DMZ interface.

B. The VLAN is improperly configured.

C. The firewall's MAC address has not been entered into the filtering list.

D. The firewall executes an implicit deny.



Answer: D

A company had decided to assign employees laptops instead of desktops to mitigate the risk of company closures due to disasters. Which of the following is the company trying to ensure?

A company had decided to assign employees laptops instead of desktops to mitigate the risk of company closures due to disasters. Which of the following is the company trying to ensure?



A. Succession planning

B. Fault tolerance

C. Continuity of operations

D. Removing single points of failure



Answer: C

Pete, an employee, is terminated from the company and the legal department needs documents from his encrypted hard drive. Which of the following should be used to accomplish this task? (Select TWO).

Pete, an employee, is terminated from the company and the legal department needs documents from his encrypted hard drive. Which of the following should be used to accomplish this task? (Select TWO).



A. Private hash

B. Recovery agent

C. Public key

D. Key escrow

E. CRL



Answer: B & D.

Enforcing data encryption of removable media ensures that the:

Enforcing data encryption of removable media ensures that the:



A. lost media cannot easily be compromised.

B. media can be identified.

C. location of the media is known at all times.

D. identification of the user is non-repudiated.



Answer: A

Jane, an administrator, hears reports of circles being drawn in the parking lot. Because the symbols fall within range of the company's wireless AP, the MOST likely concern is:

Jane, an administrator, hears reports of circles being drawn in the parking lot. Because the symbols fall within range of the company's wireless AP, the MOST likely concern is:



A. that someone has used war chalking to help others access the company's network.

B. that the symbols indicate the presence of an evil twin of a legitimate AP.

C. that someone is planning to install an AP where the symbols are, to cause interference.

D. that a rogue access point has been installed within range of the symbols.




Answer: A
Subscribe to: Posts (Atom)