A company was recently audited by a third party. The audit revealed the company’s network
devices were transferring files in the clear. Which of the following protocols should the company
use to transfer files? HTTPS LDAPS SCP SNMPv3.
During a monthly vulnerability scan, a server was flagged for being vulnerable to an Apache Struts
exploit. Upon further investigation, the developer responsible for the server informs the security
team that Apache Struts is not installed on the server. Which of the following BEST describes how
the security team should reach to this incident? The finding is a false positive and can be disregarded The Struts module needs to be hardened on the server The Apache software on the server needs to be patched and updated The server has been compromised by malware and needs to be quarantined.
A systems administrator wants to protect data stored on mobile devices that are used to scan and
record assets in a warehouse. The control must automatically destroy the secure container of
mobile devices if they leave the warehouse. Which of the following should the administrator
implement? (Select two.) Geofencing Remote wipe Near-field communication Push notification services Containerization.
A security analyst is performing a quantitative risk analysis. The risk analysis should show the
potential monetary loss each time a threat or event occurs. Given this requirement, which of the
following concepts would assist the analyst in determining this value? (Select two.) ALE AV ARO EF ROI.
Which of the following AES modes of operation provide authentication? (Select two.) CCM CBC GCM DSA CFB.
An audit takes place after company-wide restricting, in which several employees changed roles.
The following deficiencies are found during the audit regarding access to confidential data: Which of the following would be the BEST method to prevent similar audit findings in the future? Implement separation of duties for the payroll department. Implement a DLP solution on the payroll and human resources servers. Implement rule-based access controls on the human resources server. Implement regular permission auditing and reviews.
A security engineer is configuring a wireless network that must support mutual authentication of
the wireless client and the authentication server before users provide credentials. The wireless
network must also support authentication with usernames and passwords. Which of the following
authentication protocols MUST the security engineer select? EAP-FAST EAP-TLS PEAP EAP.
Which of the following vulnerability types would the type of hacker known as a script kiddie be
MOST dangerous against? Passwords written on the bottom of a keyboard Unpatched exploitable Internet-facing services Unencrypted backup tapes Misplaced hardware token.
An in-house penetration tester is using a packet capture device to listen in on network
communications. This is an example of: Passive reconnaissance Persistence Escalation of privileges Exploiting the switch.
A black hat hacker is enumerating a network and wants to remain covert during the process. The
hacker initiates a vulnerability scan. Given the task at hand the requirement of being covert, which
of the following statements BEST indicates that the vulnerability scan meets these requirements? The vulnerability scanner is performing an authenticated scan. The vulnerability scanner is performing local file integrity checks. The vulnerability scanner is performing in network sniffer mode. The vulnerability scanner is performing banner grabbing.
A development team has adopted a new approach to projects in which feedback is iterative and
multiple iterations of deployments are provided within an application’s full life cycle. Which of the
following software development methodologies is the development team using? Waterfall Agile Rapid Extreme.
A Chief Executive Officer (CEO) suspects someone in the lab testing environment is stealing
confidential information after working hours when no one else is around. Which of the following
actions can help to prevent this specific threat? Implement time-of-day restrictions. Audit file access times. Secretly install a hidden surveillance camera. Require swipe-card access to enter the lab.
A company hires a third-party firm to conduct an assessment of vulnerabilities exposed to the
Internet. The firm informs the company that an exploit exists for an FTP server that had a version
installed from eight years ago. The company has decided to keep the system online anyway, as
no upgrade exists form the vendor. Which of the following BEST describes the reason why the
vulnerability exists? Default configuration End-of-life system Weak cipher suite Zero-day threats.
An organization uses SSO authentication for employee access to network resources. When an
employee resigns, as per the organization’s security policy, the employee’s access to all network
resources is terminated immediately. Two weeks later, the former employee sends an email to the
help desk for a password reset to access payroll information from the human resources server.
Which of the following represents the BEST course of action? Approve the former employee’s request, as a password reset would give the former employee
access to only the human resources server. Deny the former employee’s request, since the password reset request came from an external
email address. Deny the former employee’s request, as a password reset would give the employee access to all
network resources. Approve the former employee’s request, as there would not be a security issue with the former
employee gaining access to network resources.
Joe, a user, wants to send Ann, another user, a confidential document electronically. Which of the
following should Joe do to ensure the document is protected from eavesdropping? Encrypt it with Joe’s private key Encrypt it with Joe’s public key Encrypt it with Ann’s private key Encrypt it with Ann’s public key.
A director of IR is reviewing a report regarding several recent breaches. The director compiles the
-Initial IR engagement time frame
-Length of time before an executive management notice went out
-Average IR phase completion
The director wants to use the data to shorten the response time. Which of the following would
accomplish this? CSIRT Containment phase Escalation notifications Tabletop exercise.
To reduce disk consumption, an organization’s legal department has recently approved a new
policy setting the data retention period for sent email at six months. Which of the following is the
BEST way to ensure this goal is met? Create a daily encrypted backup of the relevant emails. Configure the email server to delete the relevant emails. Migrate the relevant emails into an “Archived” folder. Implement automatic disk compression on email servers.
A security administrator is configuring a new network segment, which contains devices that will be
accessed by external users, such as web and FTP server. Which of the following represents the
MOST secure way to configure the new network segment? The segment should be placed on a separate VLAN, and the firewall rules should be configured to
allow external traffic. The segment should be placed in the existing internal VLAN to allow internal traffic only. The segment should be placed on an intranet, and the firewall rules should be configured to allow
external traffic. The segment should be placed on an extranet, and the firewall rules should be configured to allow
both internal and external traffic.
Which of the following types of attacks precedes the installation of a rootkit on a server? Pharming DDoS Privilege escalation DoS.
Which of the following cryptographic algorithms is irreversible? RC4 SHA-256 DES AES.
A workstation puts out a network request to locate another system. Joe, a hacker on the network,
responds before the real system does, and he tricks the workstation into communicating with him.
Which of the following BEST describes what occurred? The hacker used a race condition. The hacker used a pass-the-hash attack. The hacker-exploited improper key management. The hacker exploited weak switch configuration.
Audit logs from a small company’s vulnerability scanning software show the following findings:
-Server001- Internal human resources payroll server
-Server101-Internet-facing web server
-Server201- SQL server for Server101
-Server301-Jumpbox used by systems administrators accessible from the internal network
Validated vulnerabilities found:
-Server001- Vulnerable to buffer overflow exploit that may allow attackers to install software
-Server101- Vulnerable to buffer overflow exploit that may allow attackers to install software
-Server201-OS updates not fully current
-Server301- Accessible from internal network without the use of jumpbox
-Server301-Vulnerable to highly publicized exploit that can elevate user privileges
Assuming external attackers who are gaining unauthorized information are of the highest concern,
which of the following servers should be addressed FIRST? Server001 Server101 Server201 Server301.
An organization is comparing and contrasting migration from its standard desktop configuration to
the newest version of the platform. Before this can happen, the Chief Information Security Officer
(CISO) voices the need to evaluate the functionality of the newer desktop platform to ensure
interoperability with existing software in use by the organization. In which of the following
principles of architecture and design is the CISO engaging? Dynamic analysis Change management Baselining Waterfalling.
A security administrator suspects a MITM attack aimed at impersonating the default gateway is
underway. Which of the following tools should the administrator use to detect this attack? (Select
two.) Ping Ipconfig Tracert Netstat Dig Nslookup.
A user is presented with the following items during the new-hire onboarding process:
-Secure USB drive
-Hardware OTP token
-External high-capacity HDD
-Password complexity policy
-Acceptable use policy
Which of the following is one component of multifactor authentication? Secure USB drive Cable lock Hardware OTP token HASP key.
An organization requires users to provide their fingerprints to access an application. To improve
security, the application developers intend to implement multifactor authentication. Which of the
following should be implemented? Use a camera for facial recognition Have users sign their name naturally Require a palm geometry scan Implement iris recognition.
A network technician is setting up a segmented network that will utilize a separate ISP to provide
wireless access to the public area for a company. Which of the following wireless security methods
should the technician implement to provide basic accountability for access to the public network? Pre-shared key Enterprise Wi-Fi Protected setup Captive portal.
After a routine audit, a company discovers that engineering documents have been leaving the
network on a particular port. The company must allow outbound traffic on this port, as it has a
legitimate business use. Blocking the port would cause an outage. Which of the following
technology controls should the company implement? NAC Web proxy DLP ACL.
A security analyst has received the following alert snippet from the HIDS appliance:
Given the above logs, which of the following is the cause of the attack?
The TCP ports on destination are all open FIN, URG, and PSH flags are set in the packet header TCP MSS is configured improperly There is improper Layer 2 segmentation.
A company’s AUP requires:
Passwords must meet complexity requirements.
Passwords are changed at least once every six months.
Passwords must be at least eight characters long.
An auditor is reviewing the following report:
Which of the following controls should the auditor recommend to enforce the AUP?
Account lockout thresholds Account recovery Password expiration Prohibit password reuse.
An organization’s primary datacenter is experiencing a two-day outage due to an HVAC
malfunction. The node located in the datacenter has lost power and is no longer operational,
impacting the ability of all users to connect to the alternate datacenter. Which of the following BIA
concepts BEST represents the risk described in this scenario? SPoF RTO MTBF MTTR.
A security analyst notices anomalous activity coming from several workstations in the
organizations. Upon identifying and containing the issue, which of the following should the security
analyst do NEXT? Document and lock the workstations in a secure area to establish chain of custody Notify the IT department that the workstations are to be reimaged and the data restored for reuse Notify the IT department that the workstations may be reconnected to the network for the users to
continue working Document findings and processes in the after-action and lessons learned report.
An employee receives an email, which appears to be from the Chief Executive Officer (CEO),
asking for a report of security credentials for all users.
Which of the following types of attack is MOST likely occurring? Policy violation Social engineering Whaling Spear phishing.
An information security analyst needs to work with an employee who can answer questions about
how data for a specific system is used in the business. The analyst should seek out an employee
who has the role of: steward owner privacy officer systems administrator.
A group of non-profit agencies wants to implement a cloud service to share resources with each
other and minimize costs. Which of the following cloud deployment models BEST describes this
type of effort? Public Hybrid Community Private.
An administrator is configuring access to information located on a network file server named
“Bowman”. The files are located in a folder named “BalkFiles”. The files are only for use by the
“Matthews” division and should be read-only. The security policy requires permissions for shares
to be managed at the file system layer and also requires those permissions to be set according to
a least privilege model. Security policy for this data type also dictates that administrator-level
accounts on the system have full access to the files.
The administrator configures the file share according to the following table:
Which of the following rows has been misconfigured?
Row 1 Row 2 Row 3 Row 4 Row 5.
A copy of a highly confidential salary report was recently found on a printer in the IT department.
The human resources department does not have this specific printer mapped to its devices, and it
is suspected that an employee in the IT department browsed to the share where the report was
located and printed it without authorization. Which of the following technical controls would be the
BEST choice to immediately prevent this from happening again? Implement a DLP solution and classify the report as confidential, restricting access only to human
resources staff Restrict access to the share where the report resides to only human resources employees and
enable auditing Have all members of the IT department review and sign the AUP and disciplinary policies Place the human resources computers on a restricted VLAN and configure the ACL to prevent
access from the IT department.
A company is developing a new system that will unlock a computer automatically when an
authorized user sits in front of it, and then lock the computer when the user leaves. The user does
not have to perform any action for this process to occur. Which of the following technologies
provides this capability? Facial recognition Fingerprint scanner Motion detector Smart cards.
A security analyst accesses corporate web pages and inputs random data in the forms. The
response received includes the type of database used and SQL commands that the database
accepts. Which of the following should the security analyst use to prevent this vulnerability? Application fuzzing Error handling Input validation Pointer dereference.
Which of the following differentiates a collision attack from a rainbow table attack? A rainbow table attack performs a hash lookup A rainbow table attack uses the hash as a password In a collision attack, the hash and the input data are equivalent In a collision attack, the same input results in different hashes.
A help desk is troubleshooting user reports that the corporate website is presenting untrusted
certificate errors to employees and customers when they visit the website. Which of the following
is the MOST likely cause of this error, provided the certificate has not expired? The certificate was self signed, and the CA was not imported by employees or customers The root CA has revoked the certificate of the intermediate CA The valid period for the certificate has passed, and a new certificate has not been issued The key escrow server has blocked the certificate from being validated.
A security analyst is investigating a suspected security breach and discovers the following in the
logs of the potentially compromised server:
Which of the following would be the BEST method for preventing this type of suspected attack in
Implement password expirations Implement restrictions on shared credentials Implement account lockout settings Implement time-of-day restrictions on this server.
A security administrator is trying to encrypt communication. For which of the following reasons
should administrator take advantage of the Subject Alternative Name (SAM) attribute of a certificate? It can protect multiple domains It provides extended site validation It does not require a trusted certificate authority It protects unlimited subdomains.
After a merger between two companies a security analyst has been asked to ensure that the
organization's systems are secured against infiltration by any former employees that were
terminated during the transition.
Which of the following actions are MOST appropriate to harden applications against infiltration by
former employees? (Select TWO) Monitor VPN client access Reduce failed login out settings Develop and implement updated access control policies Review and address invalid login attempts Increase password complexity requirements Assess and eliminate inactive accounts.
A new mobile application is being developed in-house. Security reviews did not pick up any major
flaws, however vulnerability scanning results show fundamental issues at the very end of the
Which of the following security activities should also have been performed to discover
vulnerabilities earlier in the lifecycle? Architecture review Risk assessment Protocol analysis Code review.
A security administrator is creating a subnet on one of the corporate firewall interfaces to use as a
DMZ which is expected to accommodate at most 14 physical hosts.
Which of the following subnets would BEST meet the requirements? 192.168.0.16 255.25.255.248 192.168.0.16/28 192.168.1.50 255.255.25.240 192.168.2.32/27.
A company has a security policy that specifies all endpoint computing devices should be assigned
a unique identifier that can be tracked via an inventory management system. Recent changes to
airline security regulations have cause many executives in the company to travel with mini tablet
devices instead of laptops. These tablet devices are difficult to tag and track. An RDP application
is used from the tablet to connect into the company network.
Which of the following should be implemented in order to meet the security policy requirements? Virtual desktop infrastructure (IDI) WS-security and geo-fencing A hardware security module (HSM) RFID tagging system MDM software Security Requirements Traceability Matrix (SRTM).
The security administrator receives an email on a non-company account from a coworker stating
that some reports are not exporting correctly. Attached to the email was an example report file with
several customers' names and credit card numbers with the PIN.
Which of the following is the BEST technical controls that will help mitigate this risk of disclosing
sensitive data? Configure the mail server to require TLS connections for every email to ensure all transport data is
encrypted Create a user training program to identify the correct use of email and perform regular audits to
ensure compliance Implement a DLP solution on the email gateway to scan email and remove sensitive data or files Classify all data according to its sensitivity and inform the users of data that is prohibited to share.
A technician is configuring a wireless guest network. After applying the most recent changes the
technician finds the new devices can no longer find the wireless network by name but existing
devices are still able to use the wireless network.
Which of the following security measures did the technician MOST likely implement to cause this
Scenario? Deactivation of SSID broadcast Reduction of WAP signal output power Activation of 802.1X with RADIUS Implementation of MAC filtering Beacon interval was decreased.
A security administrator has been assigned to review the security posture of the standard
corporate system image for virtual machines. The security administrator conducts a thorough
review of the system logs, installation procedures, and network configuration of the VM image.
Upon reviewing the access logs and user accounts, the security administrator determines that
several accounts will not be used in production.
Which of the following would correct the deficiencies? Mandatory access controls Disable remote login Host hardening Disabling services.
Although a web enabled application appears to only allow letters in the comment field of a web
form, malicious user was able to carry a SQL injection attack by sending special characters
through the web comment field.
Which of the following has the application programmer failed to implement? Revision control system Client side exception handling Server side validation Server hardening.
An attacker discovers a new vulnerability in an enterprise application. The attacker takes
advantage of the vulnerability by developing new malware. After installing the malware, the
attacker is provided with access to the infected machine.
Which of the following is being described? Zero-day exploit Remote code execution Session hijacking Command injection.
A security administrator returning from a short vacation receives an account lock-out message
when attempting to log into the computer. After getting the account unlocked the security
administrator immediately notices a large amount of emails alerts pertaining to several different
user accounts being locked out during the past three days. The security administrator uses system
logs to determine that the lock-outs were due to a brute force attack on all accounts that has been
previously logged into that machine.
Which of the following can be implemented to reduce the likelihood of this attack going
undetected? Password complexity rules Continuous monitoring User access reviews Account lockout policies.
A bank requires tellers to get manager approval when a customer wants to open a new account. A
recent audit shows that there have been four cases in the previous year where tellers opened
accounts without management approval. The bank president thought separation of duties would
prevent this from happening.
In order to implement a true separation of duties approach the bank could: Require the use of two different passwords held by two different individuals to open an accou Administer account creation on a role based access control approach Require all new accounts to be handled by someone else other than a teller since they have
different duties Administer account creation on a rule based access control approach.
A security administrator has been tasked with improving the overall security posture related to
desktop machines on the network. An auditor has recently that several machines with confidential
customer information displayed in the screens are left unattended during the course of the day.
Which of the following could the security administrator implement to reduce the risk associated
with the finding? Implement a clean desk policy Security training to prevent shoulder surfing Enable group policy based screensaver timeouts Install privacy screens on monitors.
Company policy requires the use if passphrases instead if passwords.
Which of the following technical controls MUST be in place in order to promote the use of
passphrases? Reuse Length History Complexity.
During a routine audit, it is discovered that someone has been using a stale administrator account
to log into a seldom used server. The person has been using the server to view inappropriate
websites that are prohibited to end users.
Which of the following could best prevent this from occurring again? Credential management Group policy management Acceptable use policy Account expiration policy.
Which of the following should identify critical systems and components? MOU BPA ITCP BCP.
Which of the following works by implanting software on systems but delays execution until a
specific set of conditions is met? Logic bomb Trojan Scareware Ransomware.
A web application is configured to target browsers and allow access to bank accounts to siphon
money to a foreign account.
This is an example of which of the following attacks? SQL injection Header manipulation Cross-site scripting Flash cookie exploitation.
Technicians working with servers hosted at the company's datacenter are increasingly
complaining of electric shocks when touching metal items which have been linked to hard drive
Which of the following should be implemented to correct this issue? Decrease the room temperature Increase humidity in the room Utilize better hot/cold aisle configurations Implement EMI shielding.
A portable data storage device has been determined to have malicious firmware.
Which of the following is the BEST course of action to ensure data confidentiality? Format the device Re-image the device Perform virus scan in the device Physically destroy the device.
A security administrator must implement a system to ensure that invalid certificates are not used
by a custom developed application. The system must be able to check the validity of certificates
even when internet access is unavailable.
Which of the following MUST be implemented to support this requirement? CSR OCSP CRL SSH.
A technician has installed new vulnerability scanner software on a server that is joined to the
company domain. The vulnerability scanner is able to provide visibility over the patch posture of all
Which of the following is being used? Gray box vulnerability testing Passive scan Credentialed scan Bypassing security controls.
The Chief Security Officer (CISO) at a multinational banking corporation is reviewing a plan to
upgrade the entire corporate IT infrastructure. The architecture consists of a centralized cloud
environment hosting the majority of data, small server clusters at each corporate location to
handle the majority of customer transaction processing, ATMs, and a new mobile banking
application accessible from smartphones, tablets, and the Internet via HTTP. The corporation does
business having varying data retention and privacy laws.
Which of the following technical modifications to the architecture and corresponding security
controls should be implemented to provide the MOST complete protection of data? Revoke exiting root certificates, re-issue new customer certificates, and ensure all transactions are
digitally signed to minimize fraud, implement encryption for data in-transit between data centers Ensure all data is encryption according to the most stringent regulatory guidance applicable,
implement encryption for data in-transit between data centers, increase data availability by
replicating all data, transaction data, logs between each corporate location Store customer data based on national borders, ensure end-to end encryption between ATMs, end
users, and servers, test redundancy and COOP plans to ensure data is not inadvertently shifted
from one legal jurisdiction to another with more stringent regulations Install redundant servers to handle corporate customer processing, encrypt all customer data to
ease the transfer from one country to another, implement end-to-end encryption between mobile
applications and the cloud.
While reviewing the monthly internet usage it is noted that there is a large spike in traffic classified
as "unknown" and does not appear to be within the bounds of the organizations Acceptable Use
Which of the following tool or technology would work BEST for obtaining more information on this
traffic? Firewall logs IDS logs Increased spam filtering Protocol analyzer.
A network administrator wants to ensure that users do not connect any unauthorized devices to
the company network. Each desk needs to connect a VoIP phone and computer.
Which of the following is the BEST way to accomplish this? Enforce authentication for network devices Configure the phones on one VLAN, and computers on another Enable and configure port channels Make users sign an Acceptable use Agreement.
An administrator has concerns regarding the traveling sales team who works primarily from smart
phones. Given the sensitive nature of their work, which of the following would BEST prevent access to the
data in case of loss or theft? Enable screensaver locks when the phones are not in use to prevent unauthorized access Configure the smart phones so that the stored data can be destroyed from a centralized location Configure the smart phones so that all data is saved to removable media and kept separate from
the device Enable GPS tracking on all smart phones so that they can be quickly located and recovered.
A user of the wireless network is unable to gain access to the network. The symptoms are:
1.) Unable to connect to both internal and Internet resources
2.) The wireless icon shows connectivity but has no network access
The wireless network is WPA2 Enterprise and users must be a member of the wireless security
group to authenticate.
Which of the following is the MOST likely cause of the connectivity issues? The wireless signal is not strong enough A remote DDoS attack against the RADIUS server is taking place The user's laptop only supports WPA and WEP The DHCP scope is full The dynamic encryption key did not update while the user was offline.
A chief Financial Officer (CFO) has asked the Chief Information Officer (CISO) to provide
responses to a recent audit report detailing deficiencies in the organization security controls. The
CFO would like to know ways in which the organization can improve its authorization controls.
Given the request by the CFO, which of the following controls should the CISO focus on in the
report? (Select Three) Password complexity policies Hardware tokens Biometric systems Role-based permissions One time passwords Separation of duties Multifactor authentication Single sign-on Lease privilege.
A mobile device user is concerned about geographic positioning information being included in
messages sent between users on a popular social network platform. The user turns off the
functionality in the application, but wants to ensure the application cannot re-enable the setting
without the knowledge of the user.
Which of the following mobile device capabilities should the user disable to achieve the stated
goal? Device access control Location based services Application control GEO-Tagging.
A member of a digital forensics team, Joe arrives at a crime scene and is preparing to collect
system data. Before powering the system off, Joe knows that he must collect the most volatile
Which of the following is the correct order in which Joe should collect the data? CPU cache, paging/swap files, RAM, remote logging data RAM, CPU cache. Remote logging data, paging/swap files Paging/swap files, CPU cache, RAM, remote logging data CPU cache, RAM, paging/swap files, remote logging data.
An organization has hired a penetration tester to test the security of its ten web servers. The
penetration tester is able to gain root/administrative access in several servers by exploiting
vulnerabilities associated with the implementation of SMTP, POP, DNS, FTP, Telnet, and IMAP.
Which of the following recommendations should the penetration tester provide to the organization
to better protect their web servers in the future? Use a honeypot Disable unnecessary services Implement transport layer security Increase application event logging.
A security engineer is faced with competing requirements from the networking group and database
administrators. The database administrators would like ten application servers on the same subnet
Which of the following should the security administrator do to rectify this issue? Recommend performing a security assessment on each application, and only segment the
applications with the most vulnerability Recommend classifying each application into like security groups and segmenting the groups from
one another Recommend segmenting each application, as it is the most secure approach Recommend that only applications with minimal security features should be segmented to protect
A security analyst has been asked to perform a review of an organization's software development
lifecycle. The analyst reports that the lifecycle does not contain a phase in which team members
evaluate and provide critical feedback of another developer's code.
Which of the following assessment techniques is BEST described in the analyst's report? Architecture evaluation Baseline reporting Whitebox testing Peer review.
An attacker wearing a building maintenance uniform approached a company's receptionist asking
for access to a secure area. The receptionist asks for identification, a building access badge and
checks the company's list approved maintenance personnel prior to granting physical access to
the secure are.
The controls used by the receptionist are in place to prevent which of the following types of
attacks? Tailgating Shoulder surfing Impersonation Hoax.
A security administrator is tasked with conducting an assessment made to establish the baseline
security posture of the corporate IT infrastructure. The assessment must report actual flaws and
weaknesses in the infrastructure. Due to the expense of hiring outside consultants, the testing
must be performed using in-house or cheaply available resource. There cannot be a possibility of
any requirement being damaged in the test.
Which of the following has the administrator been tasked to perform? Risk transference Penetration test Threat assessment Vulnerability assessment.
A network administrator is attempting to troubleshoot an issue regarding certificates on a secure
website. During the troubleshooting process, the network administrator notices that the web
gateway proxy on the local network has signed all of the certificates on the local machine.
Which of the following describes the type of attack the proxy has been legitimately programmed to
perform? Transitive access Spoofing Man-in-the-middle Replay.
Which of the following use the SSH protocol? Stelnet SCP SNMP FTPS SSL SFTP.
Which of the following is the GREATEST risk to a company by allowing employees to physically
bring their personal smartphones to work? Taking pictures of proprietary information and equipment in restricted areas. Installing soft token software to connect to the company's wireless network. Company cannot automate patch management on personally-owned devices. Increases the attack surface by having more target devices on the company's campus.
Which of the following is the summary of loss for a given year? MTBF ALE SLA ARO.
A Security Officer on a military base needs to encrypt several smart phones that will be going into
Which of the following encryption solutions should be deployed in this situation? Elliptic curve One-time pad 3DES AES-256.
An organization relies heavily on an application that has a high frequency of security updates. At
present, the security team only updates the application on the first Monday of each month, even
though the security updates are released as often as twice a week.
Which of the following would be the BEST method of updating this application? Configure testing and automate patch management for the application. Configure security control testing for the application Manually apply updates for the application when they are released. Configure a sandbox for testing patches before the scheduled monthly update.
A technician must configure a firewall to block external DNS traffic from entering a network.
Which of the following ports should they block on the firewall? 53 110 143 443.
A software development company needs to share information between two remote servers, using
encryption to protect it. A programmer suggests developing a new encryption protocol, arguing
that using an unknown protocol with secure, existing cryptographic algorithm libraries will provide
strong encryption without being susceptible to attacks on other known protocols.
Which of the following summarizes the BEST response to the programmer's proposal? The newly developed protocol will only be as secure as the underlying cryptographic algorithms
used. New protocols often introduce unexpected vulnerabilities, even when developed with otherwise
secure and tested algorithm libraries. A programmer should have specialized training in protocol development before attempting to
design a new encryption protocol. The obscurity value of unproven protocols against attacks often outweighs the potential for
introducing new vulnerabilities.
A security technician would like to obscure sensitive data within a file so that it can be transferred
without causing suspicion. Which of the following technologies would BEST be suited to accomplish this? Transport Encryption Stream Encryption Digital Signature Steganography.
A supervisor in your organization was demoted on Friday afternoon. The supervisor had the ability
to modify the contents of a confidential database, as well as other managerial permissions. On
Monday morning, the database administrator reported that log files indicated that several records
were missing from the database.
Which of the following risk mitigation strategies should have been implemented when the
supervisor was demoted? Incident management Routine auditing IT governance Monthly user rights reviews.
Which of the following attack types is being carried out where a target is being sent unsolicited
messages via Bluetooth? War chalking Bluejacking Bluesnarfing Rogue tethering.
Joe is exchanging encrypted email with another party. Joe encrypts the initial email with a key.
When Joe receives a response, he is unable to decrypt the response with the same key he used
Which of the following would explain the situation? An ephemeral key was used for one of the messages A stream cipher was used for the initial email; a block cipher was used for the reply Out-of-band key exchange has taken place Asymmetric encryption is being used.
Recently several employees were victims of a phishing email that appeared to originate from the
company president. The email claimed the employees would be disciplined if they did not click on
a malicious link in the message.
Which of the following principles of social engineering made this attack successful? Authority Spamming Social proof Scarcity.
Which of the following is the LEAST secure hashing algorithm? SHA1 RIPEMD MD5 DES.
An employee uses RDP to connect back to the office network.
If RDP is misconfigured, which of the following security exposures would this lead to? A virus on the administrator's desktop would be able to sniff the administrator's username and
password. Result in an attacker being able to phish the employee's username and password. A social engineering attack could occur, resulting in the employee's password being extracted. A man in the middle attack could occur, resulting the employee's username and password being
Joe, the security administrator, sees this in a vulnerability scan report:
"The server 10.1.2.232 is running Apache 2.2.20 which may be vulnerable to a mod_cgi exploit.”
Joe verifies that the mod_cgi module is not enabled on 10.1.2.232. This message is an example
of: a threat. a risk. a false negative. a false positive.
An auditor has identified an access control system that can incorrectly accept an access attempt
from an unauthorized user. Which of the following authentication systems has the auditor
reviewed? Password-based Biometric-based Location-based Certificate-based.
The Chief Technology Officer (CTO) of a company, Ann, is putting together a hardware budget for
the next 10 years. She is asking for the average lifespan of each hardware device so that she is
able to calculate when she will have to replace each device.
Which of the following categories BEST describes what she is looking for? ALE MTTR MTBF MTTF.
A software developer wants to ensure that the application is verifying that a key is valid before
establishing SSL connections with random remote hosts on the Internet.
Which of the following should be used in the code? (Select TWO.) Escrowed keys SSL symmetric encryption key Software code private key Remote server public key OCSP.
A security guard has informed the Chief Information Security Officer that a person with a tablet has
been walking around the building. The guard also noticed strange white markings in different
areas of the parking lot.
The person is attempting which of the following types of attacks? Jamming War chalking Packet sniffing Near field communication.
A system administrator is configuring a site-to-site VPN tunnel. Which of the following should be configured on the VPN concentrator during the IKE phase? RIPEMD ECDHE Diffie-Hellman HTTPS.
A network operations manager has added a second row of server racks in the datacenter. These
racks face the opposite direction of the first row of racks.
Which of the following is the reason the manager installed the racks this way? To lower energy consumption by sharing power outlets To create environmental hot and cold isles To eliminate the potential for electromagnetic interference To maximize fire suppression capabilities.
Phishing emails frequently take advantage of high-profile catastrophes reported in the news.
Which of the following principles BEST describes the weakness being exploited? Intimidation Scarcity Authority Social proof.