An analyst wants to implement a more secure wireless authentication for office access points. Which of the following technologies allows for encrypted authentication of wireless clients over TLS? A. PEAP B. EAP C. WPA2 D. RADIUS.
A security analyst is hardening an authentication server. One of the primary requirements is to ensure there is mutual authentication and delegation. Given these requirements, which of the following technologies should the analyst recommend and configure? A. LDAP services B. Kerberos services C. NTLM services D. CHAP services.
A department head at a university resigned on the first day of the spring semester. It was subsequently determined that the department head deleted numerous files and directories from the server-based home directory while the campus was closed. Which of the following policies or procedures co have prevented this from occurring? A. Time-of-day restrictions B. Permission auditing and review C. Off-boarding D. Account expiration.
Despite having implemented password policies, users continue to set the same weak passwords and reuse old passwords.
Which of the following technical controls would help prevent these policy violations? (Select TWO). A. Password expiration B. Password length C. Password complexity D. Password history E. Password lockout.
Which of the following threat actors is MOST likely to steal a company's proprietary information to gain a market edge and reduce time to market? A. Competitor B. Hacktivist C. Insider D. Organized crime.
A network administrator at a small office wants to simplify the configuration of mobile clients connecting to an encrypted wireless network. Which of the following should be implemented if the administrator does not want to provide the wireless password or certificate to the employees? A. WPS B. 802.1x C. WPA2-PSK D. TKIP.
A user of the wireless network is unable to gain access to the network. The symptoms are:
1.) Unable to connect to both internal and Internet resources
2.) The wireless icon shows connectivity but has no network access
The wireless network is WPA2 Enterprise and users must be a member of the wireless security group to authenticate. Which of the following is the MOST likely cause of the connectivity issues? A. The wireless signal is not strong enough B. A remote DDoS attack against the RADIUS server is taking place C. The user's laptop only supports WPA and WEP D. The DHCP scope is full E. The dynamic encryption key did not update while the user was offline.
A security technician would like to secure sensitive data within a file so that it can be transferred without causing suspicion. Which of the following technologies would BEST be suited to accomplish this? A. Transport Encryption B. Stream Encryption C. Digital Signature D. Steganography.
Security administrators attempted corrective action after a phishing attack. Users are still experiencing trouble logging in, as well as an increase in account lockouts. Users' email contacts are complaining of an increase in spam and social networking requests. Due to the large number of affected accounts, remediation must be accomplished quickly. Which of the following actions should be taken FIRST? (Select TWO) A. Disable the compromised accounts B. Update WAF rules to block social networks C. Remove the compromised accounts with all AD groups D. Change the compromised accounts' passwords E. Disable the open relay on the email server F. Enable sender policy framework.
A company researched the root cause of a recent vulnerability in its software. It was determined that the vulnerability was the result of two updates made in the last release. Each update alone would not have resulted in the vulnerability. In order to prevent similar situations in the future, the company should improve which of the following? A. Change management procedures B. Job rotation policies C. Incident response management D. Least privilege access controls.
Which of the following attacks specifically impacts data availability? A. DDoS B. Trojan C. MITM D. Rootkit.
Which of the following cryptography algorithms will produce a fixed-length, irreversible output? A. AES B. 3DES C. RSA D. MD5.
Joe, a security administrator, needs to extend the organization's remote access functionality to be used by staff while travelling. Joe needs to maintain separate access control functionalities for internal, external, and VOIP services. Which of the following represents the BEST access technology for Joe to use? A. RADIUS B. TACACS+ C. Diameter D. Kerberos.
A dumpster diver recovers several hard drives from a company and is able to obtain confidential data from one of the hard drives. The company then discovers its information is posted online. Which of the following methods would have MOST likely prevented the data from being exposed? A. Removing the hard drive from its enclosure B. Using software to repeatedly rewrite over the disk space C. Using Blow-fish encryption on the hard drives D. Using magnetic fields to erase the data.
A company was recently audited by a third party. The audit revealed the company's network devices were transferring files in the clear. Which of the following protocols should the company use to transfer files? A. HTTPS B. LDAPS C. SCP D. SNMP3.
A security engineer is configuring a wireless network that must support mutual authentication of the wireless client and the authentication server before users provide credentials. The wireless network must also support authentication with usernames and passwords. Which of the following authentication protocols MUST the security engineer select? A. EAP-FAST B. EAP-TLS C. PEAP D. EAP.
Which of the following types of attacks precedes the installation of a rootkit on a server? A. Pharming B. DDoS C. Privilege escalation D. DoS.
Which of the following cryptographic algorithms is irreversible? A. RC4 B. SHA-256 C. DES D. AES.
A user is presented with the following items during the new-hire onboarding process:
- Laptop
- Secure USB drive
- Hardware OTP token
- External high-capacity HDD
- Password complexity policy
- Acceptable use policy
- HASP key
- Cable lock
Which of the following is one component of multifactor authentication? A. Secure USB drive B. Cable lock C. Hardware OTP token D. HASP key.
A technician needs to implement a system which will properly authenticate users by their username and password only when the users are logging in from a computer in the office building. Any attempt to authenticate from a location other than the office building should be
rejected. Which of the following MUST the technician implement? A. Dual factor authentication B. Transitive authentication C. Single factor authentication D. Biometric authentication.
The firewall administrator is adding a new certificate for the company's remote access solution. The solution requires that the uploaded file contain the entire certificate chain for the certificate to load properly. The administrator loads the company certificate and the root CA certificate into the file. The file upload is rejected. Which of the following is required to complete the certificate chain? A. Certificate revocation list B. Intermediate authority C. Recovery agent D. Root of trust.
A remote user (User1) is unable to reach a newly provisioned corporate windows workstation. The system administrator has been given the following log files from the VPN, corporate firewall and workstation host. Which of the following is preventing the remote user from being able to access the workstation? A. Network latency is causing remote desktop service request to time out B. User1 has been locked out due to too many failed passwords C. Lack of network time synchronization is causing authentication mismatches D. The workstation has been compromised and is accessing known malware sites E. The workstation host firewall is not allowing remote desktop connections.
Which of the following differentiates a collision attack from a rainbow table attack? A. A rainbow table attack performs a hash lookup B. A rainbow table attack uses the hash as a password C. In a collision attack, the hash and the input data are equivalent D. In a collision attack, the same input results in different hashes.
A penetration tester harvests potential usernames from a social networking site. The penetration tester then uses social engineering to attempt to obtain associated passwords to gain unauthorized access to shares on a network server. Which of the following methods is the
penetration tester MOST likely using? A. Escalation of privilege B. SQL injection C. Active reconnaissance D. Proxy server.
Which of the following is the BEST choice for a security control that represents a preventive and corrective logical control at the same time? A. Security awareness training B. Antivirus C. Firewalls D. Intrusion detection system.
A web developer improves client access to the company's REST API. Authentication needs to be tokenized but not expose the client's password. Which of the following methods would BEST meet the developer's requirements? A. SAML B. LDAP C. OAuth D. Shibboleth.
Which of the following could help detect trespassers in a secure facility? (Select TWO) A. Faraday cages B. Motion-detection sensors C. Tall, chain-link fencing D. Security guards E. Smart cards.
The IT department is deploying new computers. To ease the transition, users will be allowed to access their old and new systems. The help desk has received reports that users are experiencing the following error when attempting to log in to their previous system:
Logon Failure: Access Denied Which of the following can cause this issue? A. Permission issues B. Access violations C. Certificate issues D. Misconfigured devices.
A third-party penetration testing company was able to successfully use an ARP cache poison technique to gain root access on a server. The tester successfully moved to another server that was not in the original network. Which of the following is the MOST likely method used to gain access to the other host? A. Backdoor B. Pivoting C. Persistence D. Logic bomb.
A company is evaluating cloud providers to reduce the cost of its internal IT operations. The company's aging systems are unable to keep up with customer demand. Which of the following cloud models will the company MOST likely select? A. PaaS B. SaaS C. IaaS D. BaaS.
After a security incident, management is meeting with involved employees to document the incident and its aftermath. Which of the following BEST describes this phase of the incident response process? A. Lessons learned B. Recovery C. Identification D. Preparation.
Which of the following BEST describes an important security advantage yielded by implementing vendor diversity? A. Sustainability B. Homogeneity C. Resiliency D. Configurability.
A vice president at a manufacturing organization is concerned about desktops being connected to the network. Employees need to log onto the desktops' local account to verify that a product is being created within specifications; otherwise, the desktops should be as isolated as possible. Which of the following is the BEST way to accomplish this? A. Put the desktops in the DMZ. B. Create a separate VLAN for the desktops. C. Air gap the desktops. D. Join the desktops to an ad-hoc network.
A member of the admins group reports being unable to modify the "changes" file on a server. The
permissions on the file are as follows: Permissions User Group File -rwxrw-r--+ Admins Admins changes
Based on the output above, which of the following BEST explains why the user is unable to modify the "changes" file? A. The SELinux mode on the server is set to "enforcing." B. The SELinux mode on the server is set to "permissive." C. An FACL has been added to the permissions for the file. D. The admins group does not have adequate permissions to access the file.
A security administrator learns that PII, which was gathered by the organization, has been found in an open forum. As a result, several C-level executives found their identities were compromised, and they were victims of a recent whaling attack. Which of the following would prevent these problems in the future? (Select TWO). A. Implement a reverse proxy. B. Implement an email DLP. C. Implement a spam filter. D. Implement a host-based firewall. E. Implement a HIDS.
Attackers have been using revoked certificates for MITM attacks to steal credentials from employees of Company.com. Which of the following options should Company.com implement to mitigate these attacks? A. Captive portal B. Extended validation certificate C. OCSP stapling D. Object identifiers.
A company is allowing a BYOD policy for its staff. Which of the following is a best practice that
can decrease the risk of users jailbreaking mobile devices? A. Install a corporately monitored mobile antivirus on the devices. B. Prevent the installation of applications from a third-party application store. C. Build a custom ROM that can prevent jail-breaking. D. Require applications to be digitally signed.
A security analyst is securing smartphones and laptops for a highly mobile workforce. Priorities include:
Remote wipe capabilities
Geolocation services
Patch management and reporting
Mandatory screen locks
Ability to require passcodes and pins
Ability to require encryption
Which of the following would BEST meet these requirements? A. Implementing MDM software B. Deploying relevant group policies to the devices C. Installing full device encryption D. Removing administrative rights to the devices.
A security administrator is diagnosing a server where the CPU utilization is at 100% for 24 hours. The main culprit of CPU utilization is the antivirus program. Which of the following issue could occur if left unresolved? (Select TWO) A. MITM attack B. DoS attack C. DLL injection D. Buffer overflow E. Resource exhaustion.
When it comes to cloud computing if one of the requirements for a project is to have the most control over the systems in the cloud, which of the following is a service model that would be BEST suited for this goal? A. Infrastructure B. Platform C. Software D. Virtualization.
A security analyst is acquiring data from a potential network incident. Which of the following evidence is the analyst MOST likely to obtain to determine the incident? A. Volatile memory capture B. Traffic and logs C. Screenshots D. System image capture.
A cybersecurity analyst is looking into the payload of a random packet capture file that was selected for analysis. The analyst notices that an internal host had a socket established with another internal host over a non-standard port. Upon investigation, the origin host that initiated the socket shows this output:
usera@host>history
mkdir /local/usr/bin/somedirectory
nc -1 192.168.5.1 -p 9856
ping -c 30 8.8.8.8 -a 600
rm /etc/dir2/somefile
rm -rm /etc/dir2/
traceroute 8.8.8.8
pakill pid 9487
usera@host>
Given the above output, which of the following commands would have established the questionable socket? A. traceroute 8.8.8.8 B. ping -1 30 8.8.8.8 -a 600 C. nc -1 192.168.5.1 -p 9856 D. pskill pid 9487.
Which of the following solutions should an administrator use to reduce the risk from an unknown vulnerability in a third-party software application? A. Sandboxing B. Encryption C. Code signing D. Fuzzing.
An analyst receives an alert from the SIEM showing an IP address that does not belong to the assigned network can be seen sending packets to the wrong gateway. Which of the following network devices is misconfigured and which of the following should be done to remediate the issue? A. Firewall; implement an ACL on the interface B. Router; place the correct subnet on the interface C. Switch; modify the access port to trunk port D. Proxy; add the correct transparent interface.
A home invasion occurred recently in which an intruder compromised a home network and accessed a WiFI- enabled baby monitor while the baby's parents were sleeping. Which of the following BEST describes how the intruder accessed the monitor? A. Outdated antivirus B. WiFi signal strength C. Social engineering D. Default configuration.
A systems administrator wants to implement a wireless protocol that will allow the organization to authenticate mobile devices prior to providing the user with a captive portal login. Which of the following should the systems administrator configure? A. L2TP with MAC filtering B. EAP-TTLS C. WPA2-CCMP with PSK D. RADIUS federation.
A company has noticed multiple instances of proprietary information on public websites. It has also observed an increase in the number of email messages sent to random employees containing malicious links and PDFs. Which of the following changes should the company make to reduce the risks associated with phishing attacks? (Select TWO) A. Install an additional firewall B. Implement a redundant email server C. Block access to personal email on corporate systems D. Update the X.509 certificates on the corporate email server E. Update corporate policy to prohibit access to social media websites F. Review access violation on the file server.
A company is performing an analysis of the corporate enterprise network with the intent of identifying what will cause losses in revenue, referrals, and/or reputation when out of commission. Which of the following is an element of a BIA that is being addressed? A. Mission-essential function B. Single point of failure C. backup and restoration plans D. Identification of critical systems.
An incident response manager has started to gather all the facts related to a SIEM alert showing multiple systems may have been compromised. The manager has gathered these facts:
The breach is currently indicated on six user PCs
One service account is potentially compromised
Executive management has been notified
In which of the following phases of the IRP is the manager currently working? A. Recovery B. Eradication C. Containment D. Identification.
A software developer is concerned about DLL hijacking in an application being written. Which of the following is the MOST viable mitigation measure of this type of attack? A. The DLL of each application should be set individually B. All calls to different DLLs should be hard-coded in the application C. Access to DLLs from the Windows registry should be disabled D. The affected DLLs should be renamed to avoid future hijacking.
A systems administrator found a suspicious file in the root of the file system. The file contains URLs, usernames, passwords, and text from other documents being edited on the system. Which of the following types of malware would generate such a file? A. Keylogger B. Rootkit C. Bot D. RAT.
An analyst is reviewing a simple program for potential security vulnerabilities before being deployed to a Windows server. Given the following code:
void foo (char *bar)
{car random_user_input[12]; stropy (random_user_input, bar); }
Which of the following vulnerabilities is present? A. Bad memory pointer B. Buffer overflow C. Integer overflow D. Backdoor.
A security technician is configuring an access management system to track and record user actions. Which of the following functions should the technician configure? A. Accounting B. Authorization C. Authentication D. Identification.
A business sector is highly competitive, and safeguarding trade secrets and critical information is paramount. On a seasonal basis, an organization employs temporary hires and contractor personnel to accomplish its mission objectives. The temporary and contract personnel require access to network resources only when on the clock. Which of the following account management practices are the BEST ways to manage these accounts? A. Employ time-of-day restrictions. B. Employ password complexity. C. Employ a random key generator strategy. D. Employ an account expiration strategy. E. Employ a password lockout policy.
Which of the following is the proper order for logging a user into a system from the first step to the last step? A. Identification, authentication, authorization B. Identification, authorization, authentication C. Authentication, identification, authorization D. Authentication, identification, authorization E. Authorization, identification, authentication.
An external auditor visits the human resources department and performs a physical security assessment. The auditor observed documents on printers that are unclaimed. A closer look at these documents reveals employee names, addresses, ages, and types of medical and dental coverage options each employee has selected. Which of the following are the MOST appropriate actions to take? A. Flip the documents face down so no one knows these documents are PII sensitive B. Shred the documents and let the owner print the new set C. Retrieve the documents, label them with a PII cover sheet, and return them to the printer D. Report to the human resources manager that their personnel are violating a privacy policy.
Which of the following metrics are used to calculate the SLE? (Select TWO) A. ROI B. ARO C. ALE D. MTBF E. MTTF F. TCO.
Due to regulatory requirements, server in a global organization must use time synchronization. Which of the following represents the MOST secure method of time synchronization? A. The server should connect to external Stratum 0 NTP servers for synchronization B. The server should connect to internal Stratum 0 NTP servers for synchronization C. The server should connect to external Stratum 1 NTP servers for synchronization D. The server should connect to external Stratum 1 NTP servers for synchronization.
Which of the following scenarios BEST describes an implementation of non-repudiation? A. A user logs into a domain workstation and access network file shares for another department B. A user remotely logs into the mail server with another user's credentials C. A user sends a digitally signed email to the entire finance department about an upcoming meeting A user access the workstation registry to make unauthorized changes to enable functionality
within an application.
A user receives an email from ISP indicating malicious traffic coming from the user's home network is detected. The traffic appears to be Linux-based, and it is targeting a website that was recently featured on the news as being taken offline by an Internet attack. The only Linux device on the network is a home surveillance camera system. Which of the following BEST describes what is happening? A. The camera system is infected with a bot. B. The camera system is infected with a RAT. C. The camera system is infected with a Trojan. D. The camera system is infected with a backdoor.
Which of the following is an asymmetric function that generates a new and separate key every time it runs? A. RSA B. DSA C. DHE D. HMAC E. PBKDF2.
The POODLE attack is an MITM exploit that affects: A. TLS1.0 with CBC mode cipher B. SSLv2.0 with CBC mode cipher C. SSLv3.0 with CBC mode cipher D. SSLv3.0 with ECB mode cipher.
|
