A database server has been compromised via an unpatched vulnerability. An investigation reveals that an application crashed at the time of the compromise. Unauthorized code appeared to be running, although there were no traces of the code found on the file system. Which of the following attack types has MOST likely occurred?

A database server has been compromised via an unpatched vulnerability. An investigation reveals that an application crashed at the time of the compromise. Unauthorized code appeared to be running, although there were no traces of the code found on the file system. Which of the following attack types has MOST likely occurred?



A. Zero day exploit

B. SQL injection

C. LDAP injection

D. Buffer overflow




Answer: D

The finance department is growing and needs additional computers to support growth. The department also needs to ensure that their traffic is separated from the rest of the network. Matt, the security administrator, needs to add a new switch to accommodate this growth. Which of the following MUST Matt configure on the switch to ensure proper network separation?

The finance department is growing and needs additional computers to support growth. The department also needs to ensure that their traffic is separated from the rest of the network. Matt, the security administrator, needs to add a new switch to accommodate this growth. Which of the following MUST Matt configure on the switch to ensure proper network separation?



A. Implicit deny

B. VLAN management

C. Access control lists

D. Flood guards



Answer: B

Sara, a security administrator, has recently implemented a policy to ban certain attachments from being sent through the corporate email server. This is an example of trying to mitigate which of the following?

Sara, a security administrator, has recently implemented a policy to ban certain attachments from being sent through the corporate email server. This is an example of trying to mitigate which of the following?



A. SQL injection

B. LDAP injection

C. Cross-site scripting

D. Malicious add-ons



Answer: D

Jane, the security administrator, sets up a new AP but realizes too many outsiders are able to connect to that AP and gain unauthorized access. Which of the following would be the BEST way to mitigate this issue and still provide coverage where needed? (Select TWO).

Jane, the security administrator, sets up a new AP but realizes too many outsiders are able to connect to that AP and gain unauthorized access. Which of the following would be the BEST way to mitigate this issue and still provide coverage where needed? (Select TWO).




A. Disable the wired ports

B. Use channels 1, 4 and 7 only

C. Enable MAC filtering

D. Disable SSID broadcast

E. Switch from 802.11a to 802.11b




Answer: CD

A security administrator wants to scan an infected workstation to understand how the infection occurred. Which of the following should the security administrator do FIRST before scanning the workstation?

A security administrator wants to scan an infected workstation to understand how the infection occurred. Which of the following should the security administrator do FIRST before scanning the workstation?



A. Make a complete hard drive image

B. Remove the memory

C. Defragment the hard drive

D. Delete all temporary Internet files


Answer: A

The lead security engineer has been brought in on a new software development project. The software development team will be deploying a base software version and will make multiple software revisions during the project life cycle. The security engineer on the project is concerned with the ability to roll back software changes that cause bugs and/or security concerns. Which of the following should the security engineer suggest to BEST address this issue?

The lead security engineer has been brought in on a new software development project. The software development team will be deploying a base software version and will make multiple software revisions during the project life cycle. The security engineer on the project is concerned with the ability to roll back software changes that cause bugs and/or security concerns. Which of the following should the security engineer suggest to BEST address this issue?



A. Develop a change management policy incorporating network change control.

B. Develop a change management policy incorporating hardware change control.

C. Develop a change management policy incorporating software change control.

D. Develop a change management policy incorporating oversight of the project lifecycle.



Answer: C

A new wireless network was installed in an office building where there are other wireless networks. Which of the following can the administrator disable to help limit the discovery of the new network?

A new wireless network was installed in an office building where there are other wireless networks. Which of the following can the administrator disable to help limit the discovery of the new network?



A. DHCP

B. Default user account

C. MAC filtering

D. SSID broadcast




Answer: D

A trojan was recently discovered on a server. There are now concerns that there has been a security breach that allows unauthorized people to access data. The administrator should be looking for the presence of a/an:

A trojan was recently discovered on a server. There are now concerns that there has been a security breach that allows unauthorized people to access data. The administrator should be looking for the presence of a/an:



A. logic bomb.

B. backdoor.

C. adware application.

D. rootkit.




Answer: B

An administrator notices that former temporary employees' accounts are still active on a domain. Which of the following can be implemented to increase security and prevent this from happening?

An administrator notices that former temporary employees' accounts are still active on a domain. Which of the following can be implemented to increase security and prevent this from happening?



A. Implement a password expiration policy.

B. Implement an account expiration date for permanent employees.

C. Implement time of day restrictions for all temporary employees.

D. Run a last logon script to look for inactive accounts.



Answer: D

In an enterprise environment, which of the following would be the BEST way to prevent users from accessing inappropriate websites when AUP requirements are constantly changing?

In an enterprise environment, which of the following would be the BEST way to prevent users from accessing inappropriate websites when AUP requirements are constantly changing?



A. Deploy a network proxy server.

B. Configure Internet content filters on each workstation.

C. Deploy a NIDS.

D. Deploy a HIPS.



Answer: A

An administrator might choose to implement a honeypot in order to:

An administrator might choose to implement a honeypot in order to:



A. provide load balancing for network switches.

B. distract potential intruders away from critical systems.

C. establish a redundant server in case of a disaster.

D. monitor any incoming connections from the Internet.


Answer: B

Jane, the administrator of a small company, wishes to track people who access the secured server room, which is secured only by a simple hardware key lock. Jane does not have much of a budget or the approval to make significant construction changes. Given the limitations, which of the following can she do in the meantime?

Jane, the administrator of a small company, wishes to track people who access the secured server room, which is secured only by a simple hardware key lock. Jane does not have much of a budget or the approval to make significant construction changes. Given the limitations, which of the following can she do in the meantime?



A. Implement an access log and a security guard

B. Install a 24/7 closed-circuit camera system

C. Install a separate hardware lock with limited keys

D. Implement a cipher key lock




Answer: D

Which of the following BEST describes a SQL Injection attack?

Which of the following BEST describes a SQL Injection attack?



A. The attacker attempts to have the receiving server pass information to a back-end database from which it can compromise the stored information.

B. The attacker attempts to have the receiving server run a payload using programming commonly found on web servers.

C. The attacker overwhelms a system or application, causing it to crash and bring the server down to cause an outage.

D. The attacker overwhelms a system or application, causing it to crash, and then redirects the memory address to read from a location holding the payload.




Answer: A

A router has a single Ethernet connection to a switch. In the router configuration, the Ethernet interface has three sub-interfaces, each configured with ACLs applied to them and 802.1q trunks. Which of the following is MOST likely the reason for the sub-interfaces?

A router has a single Ethernet connection to a switch. In the router configuration, the Ethernet interface has three sub-interfaces, each configured with ACLs applied to them and 802.1q trunks. Which of the following is MOST likely the reason for the sub-interfaces?



A. The network uses the subnet of 255.255.255.128.

B. The switch has several VLANs configured on it.

C. The sub-interfaces are configured for VoIP traffic.

D. The sub-interfaces each implement quality of service.



Answer: B

A security analyst needs to ensure all external traffic is able to access the company's front-end servers but protect all access to internal resources. Which of the following network design elements would MOST likely be recommended?

A security analyst needs to ensure all external traffic is able to access the company's front-end servers but protect all access to internal resources. Which of the following network design elements would MOST likely be recommended?



A. DMZ

B. Cloud computing

C. VLAN

D. Virtualization




Answer: A

Pete, a security auditor, has detected clear text passwords between the RADIUS server and the authenticator. Which of the following is configured in the RADIUS server and what technologies should the authentication protocol be changed to?

Pete, a security auditor, has detected clear text passwords between the RADIUS server and the authenticator. Which of the following is configured in the RADIUS server and what technologies should the authentication protocol be changed to?



A. PAP, MSCHAPv2

B. CHAP, PAP

C. MSCHAPv2, NTLMv2

D. NTLM, NTLMv2




Answer: A

A network stream needs to be encrypted. Sara, the network administrator, has selected a cipher which will encrypt 8 bits at a time before sending the data across the network. Which of the following has Sara selected?

A network stream needs to be encrypted. Sara, the network administrator, has selected a cipher which will encrypt 8 bits at a time before sending the data across the network. Which of the following has Sara selected?




A. Block cipher

B. Stream cipher

C. CRC

D. Hashing algorithm



Answer: A

Pete, the system administrator, is reviewing his disaster recovery plans. He wishes to limit the downtime in the event of a disaster, but does not have the budget approval to implement or maintain an offsite location that ensures 99.99% availability. Which of the following would be Pete's BEST option?

Pete, the system administrator, is reviewing his disaster recovery plans. He wishes to limit the downtime in the event of a disaster, but does not have the budget approval to implement or maintain an offsite location that ensures 99.99% availability. Which of the following would be Pete's BEST option?



A. Use hardware already at an offsite location and configure it to be quickly utilized.

B. Move the servers and data to another part of the company's main campus from the server room.

C. Retain data back-ups on the main campus and establish redundant servers in a virtual environment.

D. Move the data back-ups to the offsite location, but retain the hardware on the main campus for redundancy.



Answer: A

Pete, the system administrator, is concerned about unauthorized access at all entrances into the building. PIN pad readers have been installed, but users have developed the habit of holding the door for others behind them. Which of the following would BEST prevent this?

Pete, the system administrator, is concerned about unauthorized access at all entrances into the building. PIN pad readers have been installed, but users have developed the habit of holding the door for others behind them. Which of the following would BEST prevent this?


A. Install mantraps at every unmanned entrance.

B. Replace the PIN pad readers with card readers.

C. Implement video and audio surveillance equipment.

D. Require users to sign conduct policies forbidding these actions.


Answer: A

Pete, the system administrator, has blocked users from accessing social media web sites. In addition to protecting company information from being accidentally leaked, which additional security benefit does this provide?

Pete, the system administrator, has blocked users from accessing social media web sites. In addition to protecting company information from being accidentally leaked, which additional security benefit does this provide?



A. No competition with the company's official social presence

B. Protection against malware introduced by banner ads

C. Increased user productivity based upon fewer distractions

D. Elimination of risks caused by unauthorized P2P file sharing



Answer: B

Pete, the system administrator, has instituted a policy banning personal digital music and video players from the company premises. Which of the following would be the BEST reason for such a policy?

Pete, the system administrator, has instituted a policy banning personal digital music and video players from the company premises. Which of the following would be the BEST reason for such a policy?



A. The company would be legally liable for any personal device that is lost on its premises.

B. It is difficult to verify ownership of offline device's digital rights management and ownership.

C. The media players may act as distractions during work hours and adversely affect user productivity.

D. If connected to a computer, unknown malware may be introduced into the environment.




Answer: D

Sara, the IT administrator, wants to control which devices can connect to the wireless network. Which of the following can she implement to accomplish this task?

Sara, the IT administrator, wants to control which devices can connect to the wireless network. Which of the following can she implement to accomplish this task?



A. WPA2 Enterprise with AES encryption

B. Decrease the WAP's power levels

C. Static IP addressing

D. MAC address filtering




Answer: D