Security + SYO-501 Prep 3

INFO
STADISTICS
RECORDS
Title of test:
Security + SYO-501 Prep 3

Description:
Security +

Author:
AVATAR

Creation Date:
04/09/2019

Category:
Computers
Click 'LIKE' to follow the bests test of daypo at facebook
Last comments
No comments about this test.
Content:
New magnetic locks were ordered for an entire building. In accordance with company policy, employee safety is the top priority. In case of a fire where electricity is cut, which of the following should be taken into consideration when installing the new locks? Fail safe Fault tolerance Fail secure Redundancy.
Anne, the Chief Executive Officer (CEO), has reported that she is getting multiple telephone calls from someone claiming to be from the helpdesk. The caller is asking to verify her network authentication credentials because her computer is broadcasting across the network. This is MOST likely which of the following types of attacks? Vishing Impersonation Spim Scareware.
An administrator discovers the following log entry on a server: Nov 12 2013 00:23:45 httpd[2342]: GET /app2/prod/proc/process.php?input=change;cd%20../../../etc;cat%20shadow Which of the following attacks is being attempted? Command injection Password attack Buffer overflow Cross-site scripting.
A security team wants to establish an Incident Response plan. The team has never experienced an incident. Which of the following would BEST help them establish plans and procedures? Table top exercises Lessons learned Escalation procedures Recovery procedures.
Which of the following would verify that a threat does exist and security controls can easily be bypassed without actively testing an application? Protocol analyzer Vulnerability scan Penetration test Port scanner.
Which of the following technologies would be MOST appropriate to utilize when testing a new software patch before a company-wide deployment? Cloud computing Virtualization Redundancy Application control.
A system administrator needs to implement 802.1x whereby when a user logs into the network, the authentication server communicates to the network switch and assigns the user to the proper VLAN. Which of the following protocols should be used? RADIUS Kerberos LDAP MSCHAP.
A security administrator receives notice that a third-party certificate authority has been compromised, and new certificates will need to be issued. Which of the following should the administrator submit to receive a new certificate? CRL OSCP PFX CSR CA.
A company wants to host a publicly available server that performs the following functions: Evaluates MX record lookup Can perform authenticated requests for A and AAA records Uses RRSIG Which of the following should the company use to fulfill the above requirements? DNSSEC SFTP nslookup dig LDAPS.
A security administrator is developing training for corporate users on basic security principles for personal email accounts. Which of the following should be mentioned as the MOST secure way for password recovery? Utilizing a single Qfor password recovery Sending a PIN to a smartphone through text message Utilizing CAPTCHA to avoid brute force attacks Use a different e-mail address to recover password.
A company researched the root cause of a recent vulnerability in its software. It was determined that the vulnerability was the result of two updates made in the last release. Each update alone would not have resulted in the vulnerability. In order to prevent similar situations in the future, the company should improve which of the following? Change management procedures Job rotation policies Incident response management Least privilege access controls.
A computer on a company network was infected with a zero-day exploit after an employee accidently opened an email that contained malicious content. The employee recognized the email as malicious and was attempting to delete it, but accidently opened it. Which of the following should be done to prevent this scenario from occurring again in the future? Install host-based firewalls on all computers that have an email client installed Set the email program default to open messages in plain text Install end-point protection on all computers that access web email Create new email spam filters to delete all messages from that sender.
A company wants to ensure that the validity of publicly trusted certificates used by its web server can be determined even during an extended internet outage. Which of the following should be implemented? Recovery agent Ocsp Crl Key escrow.
An administrator intends to configure an IPSec solution that provides ESP with integrity protection, but not confidentiality protection. Which of the following AES modes of operation would meet this integrity-only requirement? HMAC PCBC CBC GCM CFB.
The chief security officer (CS0) has issued a new policy that requires that all internal websites be configured for HTTPS traffic only. The network administrator has been tasked to update all internal sites without incurring additional costs. Which of the following is the best solution for the network administrator to secure each internal website? Use certificates signed by the company CA Use a signing certificate as a wild card certificate Use certificates signed by a public ca Use a self-signed certificate on each internal server.
A security program manager wants to actively test the security posture of a system. The system is not yet in production and has no uptime requirement or active user base. Which of the following methods will produce a report which shows vulnerabilities that were actually exploited? Peer review Component testing Penetration testing Vulnerability testing.
A new intern in the purchasing department requires read access to shared documents. Permissions are normally controlled through a group called "Purchasing", however, the purchasing group permissions allow write access. Which of the following would be the BEST course of action? Modify all the shared files with read only permissions for the intern. Create a new group that has only read permissions for the files. Create a new group that has only read permissions for the files. Add the intern to the "Purchasing" group.
A business has recently deployed laptops to all sales employees. The laptops will be used primarily from home offices and while traveling, and a high amount of wireless mobile use is expected. To protect the laptops while connected to untrusted wireless networks, which of the following would be the BEST method for reducing the risk of having the laptops compromised? MAC filtering Virtualization OS hardening Application white-listing.
During a data breach cleanup, it is discovered that not all of the sites involved have the necessary data wiping tools. The necessary tools are quickly distributed to the required technicians, but when should this problem BEST be revisited? Reporting Preparation Mitigation Lessons Learned.
Joe, a technician, is working remotely with his company provided laptop at the coffee shop near his home. Joe is concerned that another patron of the coffee shop may be trying to access his laptop. Which of the following is an appropriate control to use to prevent the other patron from accessing Joe's laptop directly? full-disk encryption Host-based firewall Current antivirus definitions Latest OS updates.
An attacker uses a network sniffer to capture the packets of a transaction that adds $20 to a gift card. The attacker then user a function of the sniffer to push those packets back onto the network again, adding another $20 to the gift card. This can be done many times. Which of the following describes this type of attack? Integer overflow attack Smurf attack Replay attack Buffer overflow attack Cross-site scripting attack.
An organization is moving its human resources system to a cloud services provider. The company plans to continue using internal usernames and passwords with the service provider, but the security manager does not want the service provider to have a company of the passwords. Which of the following options meets all of these requirements? Two-factor authentication Account and password synchronization Smartcards with PINS Federated authentication.
The data backup window has expanded into the morning hours and has begun to affect production users. The main bottleneck in the process is the time it takes to replicate the backups to separate severs at the offsite data center. Which of the following uses of deduplication could be implemented to reduce the backup window? Implement deduplication at the network level between the two locations Implement deduplication on the storage array to reduce the amount of drive space needed Implement deduplication on the server storage to reduce the data backed up Implement deduplication on both the local and remote servers.
A penetration testing is preparing for a client engagement in which the tester must provide data that proves and validates the scanning tools' results. Which of the following is the best method for collecting this information? Set up the scanning system's firewall to permit and log all outbound connections Use a protocol analyzer to log all pertinent network traffic Configure network flow data logging on all scanning system Enable debug level logging on the scanning system and all scanning tools used.
Which of the following best describes the initial processing phase used in mobile device forensics? The phone should be powered down and the battery removed to preserve the state of data on any internal or removable storage utilized by the mobile device The removable data storage cards should be processed first to prevent data alteration when examining the mobile device The mobile device should be examined first, then removable storage and lastly the phone without removable storage should be examined agai The phone and storage cards should be examined as a complete unit after examining the removable storage cards separately.
Ann a security analyst is monitoring the IDS console and noticed multiple connections from an internal host to a suspicious call back domain. Which of the following tools would aid her to decipher the network traffic? Vulnerability Scanner NMAP NETSTAT Packet Analyzer.
An administrator is testing the collision resistance of different hashing algorithms. Which of the following is the strongest collision resistance test? Find two identical messages with different hashes Find two identical messages with the same hash Find a common has between two specific messages Find a common hash between a specific message and a random message.
The SSID broadcast for a wireless router has been disabled but a network administrator notices that unauthorized users are accessing the wireless network. The administer has determined that attackers are still able to detect the presence of the wireless network despite the fact the SSID has been disabled. Which of the following would further obscure the presence of the wireless network? Upgrade the encryption to WPA or WPA2 Create a non-zero length SSID for the wireless router Reroute wireless users to a honeypot Disable responses to a broadcast probe request.
Which of the following should be used to implement voice encryption? SSLv3 VDSL SRTP VoIP.
During an application design, the development team specifics a LDAP module for single sign-on communication with the company's access control database. This is an example of which of the following? Application control Data in-transit Identification Authentication.
After a merger, it was determined that several individuals could perform the tasks of a network administrator in the merged organization. Which of the following should have been performed to ensure that employees have proper access? Time-of-day restrictions Change management Periodic auditing of user credentials User rights and permission review.
A company exchanges information with a business partner. An annual audit of the business partner is conducted against the SLA in order to verify: Performance and service delivery metrics Backups are being performed and tested Data ownership is being maintained and audited Risk awareness is being adhered to and enforced.
Which of the following is the proper way to quantify the total monetary damage resulting from an exploited vulnerability? Calculate the ALE Calculate the ARO Calculate the MTBF Calculate the TCO.
A security administrator needs to implement a system that detects possible intrusions based upon a vendor provided list. Which of the following BEST describes this type of IDS? Signature base Heuristic Anomaly-based Behavior-based.
The chief Security Officer (CSO) has reported a rise in data loss but no break ins have occurred. By doing which of the following is the CSO most likely to reduce the number of incidents? Implement protected distribution Implement protected distribution Conduct security awareness training Install perimeter barricades.
Having adequate lighting on the outside of a building is an example of which of the following security controls? Deterrent Compensating Detective Preventative.
During a recent audit, it was discovered that several user accounts belonging to former employees were still active and had valid VPN permissions. Which of the following would help reduce the amount of risk the organization incurs in this situation in the future? Time-of-day restrictions User access reviews Group-based privileges Change management policies.
An organization is working with a cloud services provider to transition critical business applications to a hybrid cloud environment. The organization retains sensitive customer data and wants to ensure the provider has sufficient administrative and logical controls in place to protect its data. In which of the following documents would this concern MOST likely be addressed? Service level agreement Interconnection security agreement Non-disclosure agreement Business process analysis.
A security administrator wants to implement a company-wide policy to empower data owners to manage and enforce access control rules on various resources. Which of the following should be implemented? Mandatory access control Discretionary access control Role based access control Rule-based access control.
Which of the following BEST describes an attack where communications between two parties are intercepted and forwarded to each party with neither party being aware of the interception and potential modification to the communications? Spear phishing Main-in-the-middle URL hijacking Transitive access.
A security administrator wishes to implement a secure a method of file transfer when communicating with outside organizations. Which of the following protocols would BEST facilitate secure file transfers? (Select TWO) SCP TFTP SNMP FTP SMTP FTPS.
A technician needs to implement a system which will properly authenticate users by their username and password only when the users are logging in from a computer in the office building. Any attempt to authenticate from a location other than the office building should be rejected. Which of the following MUST the technician implement? Dual factor authentication Transitive authentication Single factor authentication Biometric authentication.
After correctly configuring a new wireless enabled thermostat to control the temperature of the company's meeting room, Joe, a network administrator determines that the thermostat is not connecting to the internet-based control system. Joe verifies that the thermostat received the expected network parameters and it is associated with the AP. Additionally, the other wireless mobile devices connected to the same wireless network are functioning properly. The network administrator verified that the thermostat works when tested at his residence. Which of the following is the MOST likely reason the thermostat is not connecting to the internet? The company implements a captive portal The thermostat is using the incorrect encryption algorithm The WPA2 shared likely is incorrect The company's DHCP server scope is full.
A Chief Security Officer (CSO) has been unsuccessful in attempts to access the website for a potential partner (www.example.net). Which of the following rules is preventing the CSO from accessing the site? Blocked sites: *.nonews.com, *.rumorhasit.net, *.mars? Rule 1: deny from inside to outside source any destination any service smtp Rule 2: deny from inside to outside source any destination any service ping Rule 3: deny from inside to outside source any destination {blocked sites} service http-htt Rule 4: deny from any to any source any destination any service any.
Malware that changes its binary pattern on specific dates at specific times to avoid detection is known as a (n): armored virus logic bomb polymorphic virus Trojan.
A company is planning to encrypt the files in several sensitive directories of a file server with a symmetric key. Which of the following could be used? RSA TwoFish Diffie-Helman NTLMv2 RIPEMD.
Which of the following is a document that contains detailed information about actions that include how something will be done, when the actions will be performed, and penalties for failure? MOU ISA BPA SLA.
Which of the following are MOST susceptible to birthday attacks? Hashed passwords Digital certificates Encryption passwords One time passwords.
Joe a computer forensic technician responds to an active compromise of a database server. Joe first collects information in memory, then collects network traffic and finally conducts an image of the hard drive. Which of the following procedures did Joe follow? Order of volatility Chain of custody Recovery procedure Incident isolation.
A system administrator wants to implement an internal communication system that will allow employees to send encrypted messages to each other. The system must also support nonrepudiation. Which of the following implements all these requirements? Bcrypt Blowfish PGP SHA.
Given the log output: Max 15 00:15:23.431 CRT: #SEC_LOGIN-5-LOGIN_SUCCESS: Login Success [user: msmith] [Source: 10.0.12.45] [localport: 23] at 00:15:23:431 CET Sun Mar 15 2015 Which of the following should the network administrator do to protect data security? Configure port security for logons Disable telnet and enable SSH Configure an AAA server Disable password and enable RSA authentication.
The firewall administrator is adding a new certificate for the company's remote access solution. The solution requires that the uploaded file contain the entire certificate chain for the certificate to load properly. The administrator loads the company certificate and the root CA certificate into the file. The file upload is rejected. Which of the following is required to complete the certificate chain? Certificate revocation list Intermediate authority Recovery agent Root of trust.
The Chief Executive Officer (CEO) of a major defense contracting company a traveling overseas for a conference. The CEO will be taking a laptop. Which of the following should the security administrator implement to ensure confidentiality of the data if the laptop were to be stolen or lost during the trip? Remote wipe Full device encryption BIOS password GPS tracking.
In an effort to reduce data storage requirements, some company devices to hash every file and eliminate duplicates. The data processing routines are time sensitive so the hashing algorithm is fast and supported on a wide range of systems. Which of the following algorithms is BEST suited for this purpose? MD5 SHA RIPEMD AES.
A Chief Security Officer (CSO) has been unsuccessful in attempts to access the website for a potential partner (www.example.net). Which of the following rules is preventing the CSO from accessing the site? Blocked sites: *.nonews.com, *.rumorhasit.net, *.mars? Rule 1: deny from inside to outside source any destination any service SMTP Rule 2: deny from inside to outside source any destination any service ping Rule 3: deny from inside to outside source any destination {blocked sites} service http-https Rule 4: deny from any to any source any destination any service any.
The firewall administrator is adding a new certificate for the company's remote access solution. The solution requires that the uploaded file contain the entire certificate chain for the certificate to load properly. The administrator loads the company certificate and the root CA certificate into the file. The file upload is rejected. Which of the following is required to complete the certificate chai Certificate revocation list Intermediate authority Recovery agent Root of trust.
The Chief Executive Officer (CEO) of a major defense contracting company a traveling overseas for a conference. The CEO will be taking a laptop. Which of the following should the security administrator implement to ensure confidentiality of the data if the laptop were to be stolen or lost during the trip? Remote wipe Full device encryption BIOS password GPS tracking.
A new security policy in an organization requires that all file transfers within the organization be completed using applications that provide secure transfer. Currently, the organization uses FTP and HTTP to transfer files. Which of the following should the organization implement in order to be compliant with the new policy? Replace FTP with SFTP and replace HTTP with TLS Replace FTP with FTPS and replaces HTTP with TFTP Replace FTP with SFTP and replace HTTP with Telnet Replace FTP with FTPS and replaces HTTP with IPSec.
A product manager is concerned about continuing operations at a facility located in a region undergoing significant political unrest. After consulting with senior management, a decision is made to suspend operations at the facility until the situation stabilizes. Which of the following risk management strategies BEST describes management's response? Deterrence Mitigation Avoidance Acceptance.
Joe notices there are several user accounts on the local network generating spam with embedded malicious code. Which of the following technical control should Joe put in place to BEST reduce these incidents? Account lockout Group Based Privileges Least privilege Password complexity.
Two users need to securely share encrypted files via email. Company policy prohibits users from sharing credentials or exchanging encryption keys. Which of the following can be implemented to enable users to share encrypted data while abiding by company policies? Key escrow Digital signatures PKI Hashing.
An information system owner has supplied a new requirement to the development team that calls for increased non-repudiation within the application. After undergoing several audits, the owner determined that current levels of non-repudiation were insufficient. Which of the following capabilities would be MOST appropriate to consider implementing is response to the new requirement? Transitive trust Symmetric encryption Two-factor authentication Digital signatures One-time passwords.
Joe a website administrator believes he owns the intellectual property for a company invention and has been replacing image files on the company's public facing website in the DMZ. Joe is using steganography to hide stolen data. Which of the following controls can be implemented to mitigate this type of inside threat? Digital signatures File integrity monitoring Access controls Change management Stateful inspection firewall.
The process of applying a salt and cryptographic hash to a password then repeating the process many times is known as which of the following? Collision resistance Rainbow table Key stretching Brute force attack.
Which of the following is commonly used for federated identity management across multiple organizations? SAML Active Directory Kerberos LDAP.
While performing surveillance activities, an attacker determines that an organization is using 802.1X to secure LAN access. Which of the following attack mechanisms can the attacker utilize to bypass the identified network security? MAC spoofing Pharming Xmas attack ARP poisoning.
A security administrator has been asked to implement a VPN that will support remote access over IPSEC. Which of the following is an encryption algorithm that would meet this requirement? MD5 AES UDP PKI.
A security administrator is evaluating three different services: radius, diameter, and Kerberos. Which of the following is a feature that is UNIQUE to Kerberos? It provides authentication services It uses tickets to identify authenticated users It provides single sign-on capability It uses XML for cross-platform interoperability.
Which of the following can affect electrostatic discharge in a network operations center? Fire suppression Environmental monitoring Proximity card access Humidity controls.
A malicious attacker has intercepted HTTP traffic and inserted an ASCII line that sets the referrer URL. Which of the following is the attacker most likely utilizing? Header manipulation Cookie hijacking Cross-site scripting Xml injection.
A company would like to prevent the use of a known set of applications from being used on company computers. Which of the following should the security administrator implement? Whitelisting Anti-malware Application hardening Blacklisting Disable removable media.
A new hire wants to use a personally owned phone to access company resources. The new hire expresses concern about what happens to the data on the phone when they leave the company. Which of the following portions of the company's mobile device management configuration would allow the company data to be removed from the device without touching the new hire's data? Asset control Device access control Storage lock out Storage segmentation.
A consultant has been tasked to assess a client's network. The client reports frequent network outages. Upon viewing the spanning tree configuration, the consultant notices that an old and law performing edge switch on the network has been elected to be the root bridge. Which of the following explains this scenario? The switch also serves as the DHCP server The switch has the lowest MAC address The switch has spanning tree loop protection enabled The switch has the fastest uplink port.
An organization is trying to decide which type of access control is most appropriate for the network. The current access control approach is too complex and requires significant overhead. Management would like to simplify the access control and provide user with the ability to determine what permissions should be applied to files, document, and directories. The access control method that BEST satisfies these objectives is: Rule-based access control Role-based access control Mandatory access control Discretionary access control.
While reviewing the security controls in place for a web-based application, a security controls assessor notices that there are no password strength requirements in place. Because of this vulnerability, passwords might be easily discovered using a brute force attack. Which of the following password requirements will MOST effectively improve the security posture of the application against these attacks? (Select two) Minimum complexity Maximum age limit Maximum length Minimum length Minimum age limit Minimum re-use limit.
A security administrator determined that users within the company are installing unapproved software. Company policy dictates that only certain applications may be installed or ran on the user's computers without exception. Which of the following should the administrator do to prevent all unapproved software from running on the user's computer? Deploy antivirus software and configure it to detect and remove pirated software Configure the firewall to prevent the downloading of executable files Create an application whitelist and use OS controls to enforce it Prevent users from running as administrator so they cannot install software.
A security administrator is tasked with implementing centralized management of all network devices. Network administrators will be required to logon to network devices using their LDAP credentials. All command executed by network administrators on network devices must fall within a preset list of authorized commands and must be logged to a central facility. Which of the following configuration commands should be implemented to enforce this requirement? LDAP server 10.55.199.3 CN=company, CN=com, OU=netadmin, DC=192.32.10.233 SYSLOG SERVER 172.16.23.50 TACAS server 192.168.1.100.
A website administrator has received an alert from an application designed to check the integrity of the company's website. The alert indicated that the hash value for a particular MPEG file has changed. Upon further investigation, the media appears to be the same as it was before the alert. Which of the following methods has MOST likely been used? Cryptography Time of check/time of use Man in the middle Covert timing Steganography.
An attacker captures the encrypted communication between two parties for a week, but is unable to decrypt the messages. The attacker then compromises the session key during one exchange and successfully compromises a single message. The attacker plans to use this key to decrypt previously captured and future communications, but is unable to. This is because the encryption scheme in use adheres to: Asymmetric encryption Out-of-band key exchange Perfect forward secrecy Secure key escrow.
Many employees are receiving email messages similar to the one shown below: From IT department To employee Subject email quota exceeded Pease click on the following link http:www.website.info/email.php?quota=1Gb and provide your username and password to increase your email quota. Upon reviewing other similar emails, the security administrator realized that all the phishing URLs have the following common elements; they all use HTTP, they all come from .info domains, and they all contain the same URI. Which of the following should the security administrator configure on the corporate content filter to prevent users from accessing the phishing URL, while at the same time minimizing false positives? BLOCK http://www.*.info/" DROP http://"website.info/email.php?* Redirect http://www,*. Info/email.php?quota=*TOhttp://company.com/corporate_polict.html DENY http://*.info/email.php?quota=1Gb.
A security analyst is reviewing the following packet capture of an attack directed at a company's server located in the DMZ: Which of the following ACLs provides the BEST protection against the above attack and any further attacks from the same IP, while minimizing service interruption? DENY TCO From ANY to 172.31.64.4 Deny UDP from 192.168.1.0/24 to 172.31.67.0/24 Deny IP from 192.168.1.10/32 to 0.0.0.0/0 Deny TCP from 192.168.1.10 to 172.31.67.4.
The IT department needs to prevent users from installing untested applications. Which of the following would provide the BEST solution? Job rotation Least privilege Account lockout Antivirus.
An attack that is using interference as its main attack to impede network traffic is which of the following? Introducing too much data to a targets memory allocation Utilizing a previously unknown security flaw against the target Using a similar wireless configuration of a nearby network Inundating a target system with SYN requests.
An organization wants to conduct secure transactions of large data files. Before encrypting and exchanging the data files, the organization wants to ensure a secure exchange of keys. Which of the following algorithms is appropriate for securing the key exchange? DES Blowfish DSA Diffie-Hellman 3DES.
Ann, a college professor, was recently reprimanded for posting disparaging remarks re-grading her coworkers on a web site. Ann stated that she was not aware that the public was able to view her remakes. Which of the following security-related trainings could have made Ann aware of the repercussions of her actions? Data Labeling and disposal Use of social networking Use of P2P networking Role-based training.
During a recent audit, it was discovered that many services and desktops were missing security patches. Which of the following BEST describes the assessment that was performed to discover this issue? Network mapping Vulnerability scan Port Scan Protocol analysis.
When generating a request for a new x.509 certificate for securing a website, which of the following is the MOST appropriate hashing algorithm? RC4 MD5 HMAC SHA.
The administrator installs database software to encrypt each field as it is written to disk. Which of the following describes the encrypted data? In-transit In-use Embedded At-rest.
Which of the following allows an application to securely authenticate a user by receiving credentials from a web domain? TACACS+ RADIUS Kerberos SAML.
A network technician is trying to determine the source of an ongoing network based attack. Which of the following should the technician use to view IPv4 packet data on a particular internal network segment? Proxy Protocol analyzer Switch Firewall.
The security administrator has noticed cars parking just outside of the building fence line. Which of the following security measures can the administrator use to help protect the company's WiFi network against war driving? (Select TWO) Create a honeynet Reduce beacon rate Add false SSIDs Change antenna placement Adjust power level controls Implement a warning banner.
A security administrator suspects that data on a server has been exhilarated as a result of unauthorized remote access. Which of the following would assist the administrator in con-firming the suspicions? (Select TWO) Networking access control DLP alerts Log analysis File integrity monitoring Host firewall rules.
A company is deploying a new VoIP phone system. They require 99.999% uptime for their phone service and are concerned about their existing data network interfering with the VoIP phone system. The core switches in the existing data network are almost fully saturated. Which of the following options will pro-vide the best performance and availability for both the VoIP traffic, as well as the traffic on the existing data network? Put the VoIP network into a different VLAN than the existing data network. Upgrade the edge switches from 10/100/1000 to improve network speed Physically separate the VoIP phones from the data network Implement flood guards on the data network.
A server administrator needs to administer a server remotely using RDP, but the specified port is closed on the outbound firewall on the network. The access the server using RDP on a port other than the typical registered port for the RDP protocol? TLS MPLS SCP SSH.
Which of the following can be used to control specific commands that can be executed on a network infrastructure device? LDAP Kerberos SAML TACACS+.
Company XYZ has decided to make use of a cloud-based service that requires mutual, certificatebased authentication with its users. The company uses SSL-inspecting IDS at its network boundary and is concerned about the confidentiality of the mutual authentication. Which of the following model prevents the IDS from capturing credentials used to authenticate users to the new service or keys to decrypt that communication? Use of OATH between the user and the service and attestation from the company domain Use of active directory federation between the company and the cloud-based service Use of smartcards that store x.509 keys, signed by a global CA Use of a third-party, SAML-based authentication service for attestation.
Six months into development, the core team assigned to implement a new internal piece of software must convene to discuss a new requirement with the stake holders. A stakeholder identified a missing feature critical to the organization, which must be implemented. The team needs to validate the feasibility of the newly introduced requirement and ensure it does not introduce new vulnerabilities to the software and other applications that will integrate with it. Which of the following BEST describes what the company? The system integration phase of the SDLC The system analysis phase of SSDSLC The system design phase of the SDLC The system development phase of the SDLC.
A company is investigating a data compromise where data exfiltration occurred. Prior to the investigation, the supervisor terminates an employee as a result of the suspected data loss. During the investigation, the supervisor is absent for the interview, and little evidence can be provided form the role-based authentication system in use by the company. The situation can be identified for future mitigation as which of the following? Job rotation Log failure Lack of training Insider threat.
A security administrator needs an external vendor to correct an urgent issue with an organization's physical access control system (PACS). The PACS does not currently have internet access because it is running a legacy operation system. Which of the following methods should the security administrator select the best balances security and efficiency? Temporarily permit outbound internet access for the pacs so desktop sharing can be set up Have the external vendor come onsite and provide access to the PACS directly Set up VPN concentrator for the vendor and restrict access to the PACS using desktop sharing Set up a web conference on the administrator's pc; then remotely connect to the pacs.
A datacenter manager has been asked to prioritize critical system recovery priorities. Which of the following is the MOST critical for immediate recovery? Communications software Operating system software Weekly summary reports to management Financial and production software.
Which of the following techniques can be bypass a user or computer's web browser privacy settings? (Select Two) SQL injection Session hijacking Cross-site scripting Locally shared objects LDAP injection.
When designing a web based client server application with single application server and database cluster backend, input validation should be performed: On the client Using database stored procedures On the application server Using HTTPS.
Which of the following delineates why it is important to perform egress filtering and monitoring on Internet connected security zones of interfaces on a firewall? Egress traffic is more important than ingress traffic for malware prevention To rebalance the amount of outbound traffic and inbound traffic Outbound traffic could be communicating to known botnet sources To prevent DDoS attacks originating from external network.
The help desk is receiving numerous password change alerts from users in the accounting department. These alerts occur multiple times on the same day for each of the affected users' accounts. Which of the following controls should be implemented to curtail this activity? Password Reuse Password complexity Password History Password Minimum age.
Which of the following would enhance the security of accessing data stored in the cloud? (Select TWO) Block level encryption SAML authentication Transport encryption Multifactor authentication Predefined challenge questions Hashing.
A remote user (User1) is unable to reach a newly provisioned corporate windows workstation. The system administrator has been given the following log files from the VPN, corporate firewall and workstation host. Which of the following is preventing the remote user from being able to access the workstation? Network latency is causing remote desktop service request to time out User1 has been locked out due to too many failed passwords Lack of network time synchronization is causing authentication mismatches The workstation has been compromised and is accessing known malware sites The workstation host firewall is not allowing remote desktop connecti.
During a third-party audit, it is determined that a member of the firewall team can request, approve, and implement a new rule-set on the firewall. Which of the following will the audit team most l likely recommend during the audit out brief? Discretionary access control for the firewall team Separation of duties policy for the firewall team Least privilege for the firewall team Mandatory access control for the firewall team.
Which of the following is the appropriate network structure used to protect servers and services that must be provided to external clients without completely eliminating access for internal users? NAC VLAN DMZ Subnet.
An administrator has configured a new Linux server with the FTP service. Upon verifying that the service was configured correctly, the administrator has several users test the FTP service. Users report that they are able to connect to the FTP service and download their personal files, however, they cannot transfer new files to the server. Which of the following will most likely fix the uploading issue for the users? Create an ACL to allow the FTP service write access to user directories Set the Boolean selinux value to allow FTP home directory uploads Reconfigure the ftp daemon to operate without utilizing the PSAV mode Configure the FTP daemon to utilize PAM authentication pass through user permissions.
An administrator thinks the UNIX systems may be compromised, but a review of system log files provides no useful information. After discussing the situation with the security team, the administrator suspects that the attacker may be altering the log files and removing evidence of intrusion activity. Which of the following actions will help detect attacker attempts to further alter log files? Enable verbose system logging Change the permissions on the user's home directory Implement remote syslog Set the bash_history log file to "read only".
Report abuse Terms of use
We use cookies to personalize your experience. If you continue browsing you will be accepting its use. More information.