Security Plus 401 Practice

A security administrator wants to implement a multifactor, location-based authentication system. The authentication system must incorporate something unique about each user. Which of the following are user authentication factors the can be used in this system? (Select THREE)

A. IP address
B. Employee ID
C. Username
D. Unique identification number
E. Keyboard timing
F. Password

A
E
F
A security administrator wishes to perform authentication, authorization, and accounting, but does not wish to use a proprietary protocol. Which of the following services would fulfill these requirements?

A. SAML
B. RADIUS
C. TACACS+
D. Kerberos

b
An employee is conducting a presentation at an out-of-town conference center using a laptop. The wireless access point at the employee’s office has an SSID of OFFICE. The laptop was set to remember wireless access point. Upon arriving at the conference, the employee powered on the laptop and noticed that it was connected to the OFFICE access point. Which of the following MOST likely occurred?

A. The laptop connected to a legitimate WAP.
B. The laptop connected as a result of an IV attack
C. The laptop connected to an evil twin WAP
D. The laptop connected as a result of near field communication

c
Which of the following businesses continuity concepts involve the selection of a new key person in the organization when there is a loss?

A. Removing single point of failure
B. Redundancy
C. Business impact analysis
D. Succession planning

d
Based on a review of the existing access policies, the network administrator determines that changes are needed to meet current regulatory requirements for the organization’s access control process. To initiate changes in the process, the network administrator should FIRST:

A. Update the affected policies and inform the user community of the changes

B. Distribute a memo stating that new accounts must follow current regulatory requirements

C. Inform senior management that changes are needed to existing policies

D. Notify the user community that non-complain accounts will be required to use the new process

c
Joe, a penetration tester, is conducting a test of an internal network and is able to extract credentials from a printer. Using those credentials, Joe is able to log onto an administrator’s workstation and elevate his privileges, then extract the administrator’s credentials. Joe then uses the administrator’s credentials to log onto a server and simulate extracting sensitive data. Which of the following did Joe use in the scenario? (Select TWO)

A. Bypass security controls
B. External foot printing
C. Source code review
D. White box testing
E. Exploiting Vulnerabilities
F. False positive

a
e
After installing new digital certificates on a company web server, the network administrator wants to securely store the keys so that no one individual is able to use the keys on any other system. Which of the following would allow the network administrator to achieve this goal?

A. Key hashing
B. Key exchange
C. Key escrow
D. Ephemeral key

c
A security administrator has been asked to actively test the security of a new hardened application server, exploiting any known vulnerabilities of the operating system. Which of the following is being performed?

A. Black box test
B. Penetration test
C. Application test
D. White box test

d
The security administrator for a growing company is concerned about the increasing prevalence of personal devices connected to the corporate WLAN. Which of the following actions should the administrator take FIRST to address this concern?

A. Implement RADIUS to centrally manage access to the corporate network over WIFI

B. Request that senior management support the development of a policy that addresses personal devices

C. Establish a guest wireless network and request that employees use it

D. Distribute a memo addressing the security risks associated with the use of personally owned devices on the corporate WLAN

b
The border firewall rules were recently modified by a network administrator to allow access to a new service on Seriver1 using the default http port. When testing the new rules internal to the company network there are no issues and when testing form the external packets. Other services hosted by Server1 are responding fine to both internal and external connection attempts. Which of the following is MOST likely configured improperly?

A. Network access control list
B. 802.1x
C. Post security
D. Implicit deny

a
The first responder to an incident has been asked to provide an after action report. Which of the following incident response procedures does this support?

A. Incident identification
B. Mitigation
C. Lessons learned
D. Escalation/notification

c
A system administrator wants to ensure that only authorized devices can connect to wired and wireless corporate systems. Unauthorized devices should be automatically places on a guest network. Which of the following MUST be implemented to support these requirements? (Select TWO)

A. Port security
B. 802.1x
C. Proxy
D. VLAN
E. NAT

b
d
An auditing organization frequently deploys field employees to customer sites worldwide. While at the customer site, the field employees often need to connect to the local network to access documents and data. Management is concerned that the field employee laptops might become infected with malware while on the customer networks. Which of the following could be deployed to decrease the amount of risk incurred by the field employees?

A. HIPS
B. HOTP
C. HIDS
D. HSM

a
An administrator is reviewing the logs for a content management system the supports the organization’s public-facing website. The administration is concerned about the number of attempted login failures for administrator accounts from other countries. Which of the following capabilities is BEST to implement if the administrator wants the system to react dynamically to such attacks?

A. Network-based rate limiting
B. Disable generic administrative accounts
C. Automated log analysis
D. Intrusion prevention system

a
A penetration tester is attempting to determine the operating system of a remote host. Which of the following methods will provide this information?

A. Protocol analyzer
B. Honeypot
C. Fuzzer
D. Banner grabbing

d
A vulnerability in the underlying SSL/TLS library used by a web server has been announced. The vulnerability allows an attacker to access the web server’s memory. Which of the following actions should be taken after the vulnerability is patched? (Select TWO)

A. Implement a web application firewall
B. Instruct website users to change their passwords
C. Replace the server’s private key
D. Reissue the SSL certificate
E. Create a new recovery agent
F. Change the Cipher order on the server

b
c
A security administrator determined that the time requested to brute force 90% of the company’s password hashes is below the acceptable threshold. Which of the following, if implemented, has the GREATEST impact in bringing this time above the acceptable threshold?

A. Use a shadow password file
B. Increase the number of PBKDF2 interactions
C. Change the algorithm used to salt all passwords
D. Use a stronger hashing algorithm for password storage

d
The Chief Security Officer (CSO) is concerned with unauthorized access at the company’s off-site datacenter. The CSO would like to enhance the security posture of the datacenter. Which of the following would BEST prevent unauthorized individuals from gaining access to the datacenter?

A. Security guard
B. Video monitoring
C. Magnetic entry cards
D. Fencing

a
19. A server technician is about the perform a major update to the operating system of a critical system. This system is currently in a virtualization environment. Which of the following actions would result in the LEAST amount of downtime if the upgrade were to fail?

A. Enable live migration in the VM settings on the virtual server
B. Cluster the storage for the server to add redundancy
C. Perform a full backup of the virtual machine
D. Take an initial snapshot of the system

d
After Ann, a security administrator, arrived at the company’s co-location facility, she was unable to access the cage holding the company’s equipment, A co-worker updated the key card server the night before. This is an example of which of the following?

A. Testing controls
B. Access signatures
C. Fault tolerance
D. Non-repudiation

a
A security analyst at a nuclear power plant needs to secure network traffic from the legacy SCADA systems. Which of the following methods could the analyst use to secure network traffic in this static environment?

A. Implement a firewall
B. Implement a HIDS
C. Implement a NIDS
D. Implement a rootjail

a
Which of the following can be used to facilitate a DNS hijacking attack on a LAN?

A. Smurf attack
B. ARP spoofing
C. Watering hole attack
D. Zone transfer request

b
After a private key had been compromised, an administrator realized that downloading a CRL once per day was not effective. The administrator wants to immediately revoke certificates. Which of the following should the administrator investigate?

A. CSR
B. PKI
C. IdP
D. OCSP

d
The SSID broadcast for a wireless router has been disabled, but a network administrator has noticed that unauthorized users are accessing the wireless network. The administrator has been determined that attackers are still able to detect the presence of the wireless network despite the fact that the SSID has been disabled. Which of the following would further obscure the presence of the wireless network?

A. Upgrade the encryption of WPA or WPA2
B. Create a non-zero length SSID for the wireless router
C. Reroute wireless users to a honeypot
D. Disable responses to a broadcast probe request

d
A company’s network is being redesigned. A network architect recommended changing from a single flat internal network to a multiple-segment network dividing the printers, clients, and servers. Additionally, the network architect recommended that access controls be put in place on the server segment to augment the policies on the edge firewall. Which of the following is the BEST description of the solution the network architect is recommending?

A. Network access control
B. Virtual local area networks
C. Defense in depth
D. Subnetting

c
Which of the following remote authentication methods use a reliable transport layer protocol for communication?

A. RADIUS
B. LDAP
C. TACTACS+
D. SAML

c
A data breach is suspected on a currently unidentified server in a datacenter. Which of the following is the BEST method of determining which server was breached?

A. Network traffic logs
B. System image capture
C. Asset inventory review
D. RAM analysis

a
Joe, a system architect, wants to implement appropriate solutions to secure the company’s distributed database. Which of the following concepts should be considered to help ensure data confidentiality? (Select TWO)

A. Data at rest
B. Data in use
C. Replication
D. Wiping
E. Retention
F. Cloud storage

a
b
Sally, a system administrator, configured a device to block network traffic from entering the network. The configuration consisted of zero-day explits awareness at the application layer of the OSI model. The exploit signatures have been seen on the internet daily. Which of the following does this describe?

A. NIDS
B. HIPS
C. HIDS
D. NIPS

d
A virtualized server was updated with the latest operating system security patch. Upon completion of the patch installation, the server automatically restarted and would not present a login screen. Which of the following would have prevented this issue?

A. The patch should have been tested for security benchmarks before installation on the server
B. The patch should have been deployed on a test system before installation on the server
C. The patch should have been implemented on a networked workstation before installation on the server
D. The patch should have been added to the white list of application for the server

b
A security administrator is tasked with securing an 802.1n network. Which of the following encryption methods would provide the HIGHEST level of protection?

A. WPA with TKIP
B. WPA2 with RC4
C. WPA2 with AES
D. PA2 with TKIP

c
The companies are partnering two big on a contract. Normally these companies are fierce competitors but for this procurement this have determined that a partnership is the only way they can win the job. Each company is concerned about unauthorized data sharing and wants to ensure other divisions within each company will not have access to proprietary data. To best protect against unauthorized data sharing they should each sign a(n):

A. NDA
B. SLA
C. MOU
D. BPA

a
The operations manager for a sales group wants to ensure that sales personnel are able to use their laptops and other portable devices throughout a building using both wireless and wired connectivity. Which of the following technologies would be MOST effective at increasing security of the network while still maintaining the level of accessibility the operations manager requested?

A. 802.1X
B. 802.11n
C. WPA2 authentication
D. VLAN isolation
E. Authenticated web proxy

a
Which of the following should mobile devices use to protect against data theft in an offline attack?

A. Application controls
B. Full device encryption
C. Storage segmentation
D. Whitelisting
E. Remote wiping

b
An attacker contacts the service desk and requests the director of operations’ CRM password rest. The service desk asks the attacker to validate the request using PII, which the attacker does not know. In an attempt to bypass security protocols, the attacker emphasizes the need for the information based on the attacker’s position within the organization. Given this scenario, which of the following principles of social engineering has the attacker attempted to exploit?

A. Authority
B. Intimidation
C. Social proof
D. Urgency

b
During a recent audit, it was discovered that the employee who deploys patches also approves them. The audit found there is no documentation supporting the patch management process, and there is no formal vetting of installed patches. Which of the following controls should be implemented to mitigate this risk? (Select TWO)

A. IT contingency planning
B. Change management policy
C. Least privilege
D. Separations of duties
E. Dual control
F. Mandatory job rotation

b
d
A Chief Information Officer (CIO) has recently expressed an interest in ensuring that critical business systems are protected from isolated outages. Which of the following would provide the CIO a measure of the frequency at which these critical business systems experience breakdowns?

A. MTTR
B. MTBF
C. MTTF
D. MTU

b
Due to the commonality of Content Management Systems (CMS) platforms, a website administrator is concerned about security for the organization’s new CMS application. Which of the following practices should the administrator implement FIRST to mitigate ricks associated with CMS platform implementations?

A. Deploy CAPTCHA features
B. Modify the default account’s password
C. Implement two-factor authentication
D. Configure DSN blacklisting
E. Configure password complexity requirements

a
A company experiencing problems with performance and downtime because application updates and patching are being conducted on production systems during business hours. Users and other information technology staff are not being notified of the updates. Which of the following needs to be instituted to BEST resolve the problems?

A. Incident management
B. Change management
C. User rights review
D. Acceptable use policy

b
A network administrator would like to reduce the vulnerabilities associated with using a wireless access point in a small office located in a building with numerous other tenants. Which of the following would allow the network administrator to achieve this goal without restricting access for new devise?

A. Disable the antenna on the device
B. Disable the SSID broadcast on the device
C. Disable WPA2 encryption on the device
D. Disable MAC filtering on the device

b
A security analyst is investigating an incident involving an internal host in the finance department that has been communicating with a C&C server. The security analyst is having difficulty determining the identity of the endpoint, the analyst is informed that the flow of the traffic from the finance department to the C&C server takes the following path: Switch A, Proxy A, Switch B, and Router A. Multiple departments also follow the same flow of traffic. The security analyst sees on RFC1918 address arriving at Router A. Which of the following administrators should be contacted FIRST in order to help aid in determining the identification of the compromised host?

A. Router A network administrator
B. Proxy A network administrator
C. Switch A network administrator
D. Switch B network administrator

b
42. Ann, a security administrator, is hardening the user password policies. She currently has the following in place:

– Passwords expire every 60 days
– Password length is at least 8 characters
– Password must contain at least one capital letter and one numeric character
– Passwords cannot be reused until the password has been changed 8 times

She learns that several employees are still using their original passwords after the 60-day forced change. Which of the following can she implement to BEST mitigate this?

A. Lower the password expiry time to every 30 days instead of every 60
B. Require that one password contains at least on capital letter, one numeric character, and on special character
C. Change the Re-usage time from 8 to 16 changed before a password can be repeated
D. Create a rule that users can only change their passwords once every two weeks

d
43. A government agency wants to ensure that the systems they use have been deployed as securely as possible. Which of the following technologies will enforce protections on these systems to prevent files and servicer from operating outside of a strict rule set?

A. Host-based detection
B. Host-bases firewall
C. Trusted OS
D. Antivirus

b
A company has noticed a recent increase in machine that have been exploited using vulnerabilities via third-party software. Which of the following would BEST help the company reducing the likelihood of vulnerabilities within the software creating future problems?

A. Patch management
B. Host-based firewall
C. Antivirus software
D. White-listing applications

d
A security administrator wishes to monitor incoming traffic to the mall server with minimal risk of disruption of services and functions. Which of the following would BEST meet this goal?

A. Implement a host-based firewall on client computers
B. Install a NIDS on the mail server network
C. Implement a proxy server in the DMZ
D. Install a mail relay server outside the DMZ

b
A major banking institution has been the victim of recurring, widespread fraud. The fraud has all occurred on the bank’s web portal. The bank recently implemented a requirement for all users to obtain credentials in person at a physical office. However, this has not reduced the amount of fraud against legitimate customers. Based on a review of the logs, most fraudulent transactions appear to be conducted with authentic credentials, which of the following controls should be strengthened to reduce the fraud through the website?

A. Authentication
B. DAC
C. Identification
D. Authorization

c
A security administrator wishes to set up a site-to-site IPsec VPN tunnel between two locations. Which of the following IPsec encryptions and hashing algorithms would be chosen for the least performance impact?

A. 3DES/SHA
B. AES/SHA
C. RSA/MD5
D. DES/MD5

a
An administrator needs to allow a third party service to authenticate users, but does not want to give the third-party access to user credentials. Which of the following allows this type of authentications?

A. LDAP
B. SAML
C. RADIUS
D. TACACS

B
Ann, a security administrator, needs to implement a transport encryption solution that will enable her to detect attempts to sniff packets off the wire. Which of the following could be implemented?

A. Elliptic curve algorithms
B. Ephemeral key
C. Quantum cryptography
D. Steganography

c
A security administrator is running an external port scan on the corporate network and notices the post scans take an extremely long time to complete. Which of the following explains why the port scans take so long?

A. The firewall is dropping packets to blocked ports
B. The firewall is delaying packets to blocked ports
C. The firewall is redirecting packets to blocked ports
D. The firewall is rejecting packets to blocked ports

a
An engineer is designing a system that needs the fastest encryption possible due to system requirements. Which of the following should the engineer use?

A. Symmetric key
B. RSA-1024
C. Rainbow tables
D. SHA-256
E. Public key encryption

a
A company uses digital signatures to sign contracts. The company requires external entities to create an account with a third-party digital signature provider and sign an agreement stating they will protect the account from unauthorized access. Which of the following security goals is the company trying to address in the given scenario?

A. Availability
B. Non-repudiation
C. Authentication
D. Confidentiality
E. Due diligence

b
A company has a proprietary device that requires access to the network be disabled. Only authorized users should have access to the device. To further protect the device from unauthorized access, which of the following would also need to be implemented?

A. Install NIPS within the company to protect all assets
B. Block port 80 and 443 on the firewall
C. Install a cable lock to prevent theft of the device
D. Install software to encrypt access to the hard drive

c
Several computers in an organization are running below the normal performance baseline. A security administrator inspects the computers and finds the following pieces of information:

– Several users have uninstalled the antivirus software
– Some users have installed unauthorized software
– Several users have installed pirated software
– Some computers have had automatic updating disabled after being deployed
– Users have experienced slow responsiveness when using the internet browser
– Users have complete control over critical system properties

Which of the following solutions would have prevented these issues from occurring? (Select TWO)
A. Using snapshots to revert unwanted user changes
B. Using an IPS instead of an antivirus
C. Placing users in appropriate security groups
D. Disabling unnecessary services
E. Utilizing an application whitelisting
F. Utilizing an applications blacklist

c
e
A network administrator is in the process of developing a new network security infrastructure. One of the requirements for the new system is the ability to perform advanced authentication, authorization, and accounting services. Which of the following technologies BEST meets the stated requirement?

A. Kerberos
B. SAML
C. TACACS+
D. LDAP

c
A security administrator suspects that an employee has altered some fields within a NoSQL database. Which of the following should the security administrator do to confirm the suspicion and identify the employee?

A. Review the video of the employee’s workstation
B. Review the database access log files
C. Capture a system image of the entire server
D. Generate file hashing of the database to compare to the last version

d
Ann, a security analyst, is monitoring the IDS console and noticed multiple connections from an internal host to a suspicious call-back domain. Which of the following tools would aid her to decipher the network traffic?

A. Vulnerability scanner
B. Nmap
C. Netstat
D. Packet analyzer

d
A company has implemented a public-facing authentication system that uses PKI and extended attributes to allow third-party, web-based application integration. Which of the following is this an example of? (Select THREE)

A. Federation
B. Two-factor authentication
C. Transitive trust
D. Trusted OS
E. Single sign-on
F. TOTP
G. MAC

a
c
e
A security administrator is reviewing the event logs for a company server. There are numerous entries for attempts to log into the telnet service with an account named “root.” After further review of the access to the server, the security administrator determines there is a business need for another server in the company to connect via telnet to the sever under review. Which of the following tasks should the security administrator perform to improve the security posture of the sever? (Select TWO)

A. Change the timeout values on the telnet service
B. Allow the telnet access to the server though the firewall
C. Configure the telnet service to only accept traffic from the other server
D. Configure the telnet service to log at the debug level
E. Disable root access within the telnet service
F. Set the telnet service to enforce password changed every 90 days

c
e
A recent policy change at an organization requires that all remote access connections to and from file servers at remote locations must be encrypted. Which of the following protocols would accomplish this new objective? (Select TWO)

A. TFTP
B. SSH
C. FTP
D. RDP
E. HTTP

b
d
Which of the following network configurations provides security analysts with the MOST information regarding threats, while minimizing the risk to internal corporate assets?

A. Configuring the wireless access point to be unencrypted
B. Increasing the logging level of internal corporate devices
C. Allow inbound traffic to a honeypot on the corporate LAN
D. Placing a NIDS between the corporate firewall and ISP

d
A PKI architect is implementing a corporate enterprise solution. The solution will incorporate key escrow and recovery agents, as well as a tiered architecture. Which of the following is required in order to implement the architecture correctly?

A. Certificate revocation list
B. Strong ciphers
C. Intermediate authorities
D. IPSec between CAs

c
Which of the following mobile device controls can be used to ensure company data is containerized in a BYOD environment?

A. Sensitive data encryption
B. Removable storage security
C. Mobile application control
D. Storage segmentation

d
An employee connects to a public wireless hotspot during a business trip. The employee attempts to go to a secure website but instead connects to an attacker who is performing a man-in-the-middle attack. Which of the following should the employee do to mitigate the vulnerability described in the scenario?

A. Connect to a VPN when using pubic wireless networks
B. Only connect to WPA2 networks regardless of whether the network is public or private
C. Ensure a host-based firewall is installed and running when using public wireless networks
D. Check the address in the web browser before entering credentials

d
A server administrator is investigating a breach and determines that an attack modified the application log to obfuscate the attack vector. During the lessons learned activity, the facilitator asks for a mitigation response to protect the integrity of the logs should a similar attack occur. Which of the following mitigations would be MOST appropriate to fulfill the requirement?

A. Host-based IDS
B. Automated log analysis
C. Enterprise SIEM
D. Real-time event correlation

C
Which of the following would be MOST appropriate for securing large amounts of data-in-motion?

A. SHA
B. RSA
C. Diffie-Hellman
D. AES

d
A finance manager is responsible for approving wire transfers and processing the transfers using the software provided by the company’s bank. A number of discrepancies have been found related to the wires in a recent financial audit and the wires appeared to be fraudulent. Which of the following controls should be implemented to reduce the likelihood of fraud related to use the wire transfers?

A. Separation of duties
B. Least privilege
C. Qualitative auditing
D. Acceptable use policy

a
A security administrator is reviewing the password security configuration of a company’s directory service domain. The administrator recognizes that the domain controller has been configure to the store LM hashes. Which of the following explains why the domain controller might be configured like this? (Select TWO)

A. Default configurations
B. Filesystem synchronization
C. Mobile device support
D. NTLMv2 support
E. Backward compatibility

a
e
A web server at an organization has been the target of distributed denial of service attacks. Which of the following, if correctly configured, would BEST mitigate these and future attacks?

A. SYN cookies
B. Implicit deny
C. Blacklisting
D. URL filter

a
A server administrator wants to securely store various personal system credentials in a secure tool that encrypts the contents in a database using a simple passphrase. Which of the following techniques is MOST likely being utilized by the tool?

A. Steganography
B. Perfect forward secrecy
C. Symmetric cryptography
D. Elliptic curve encryption

c
An administrator sees the following entry in a system log:
02:23:41AM Mar 09 2015 www: WARNING: MD5 checksum on file /ect/sudoers has changed. Please update db if this change is expected.
Which of the following describes the type of application that generated this log entry?

A. Change management
B. Security patch management
C. SELinux audit utility
D. File integrity management

d
Ann, a security administrator, needs to implement a transport encryption solution that will enable her to detect attempts to sniff packets off the wire. Which of the following could be implement?

A. Elliptic curve algorithms
B. Ephemeral keys
C. Quantum cryptography
D. Steganography

c
When implementing a new system, a systems administrator works with the information system owner to identify and document the responsibilities of various positions within the organization. Once responsibilities are identified, groups are created within the system to accommodate the various responsibilities of each position type, with users being placed in these groups. Which of the following principles of authorization is being developed?

A. Rule-based access control
B. Least privilege
C. Separation of duties
D. Access control lists
E. Role-based access controls

e
A risk management is drafting an internal national travel guideline for securing electronic devices. Which of the following are the MOST appropriate components that should be included in the guidelines with regards to physically securing devices while traveling? (Select TWO)

A. Hashing
B. Cable locks
C. Safe
D. Full-disk encryption
E. TPM
F. Memory encryption

b
c
An administrator wants to configure the security setting in the AD domain to force users to use a unique new password at least ten times before an old password can be reused. Whish of the following security controls is the administrator enforcing?

A. Password age
B. Password expiration
C. Password history
D. Password complexity

c
A forensics engineer is performing an analysis on a computer with a static IP address that is connecting to various malicious websites. The engineer wants to retain information that would otherwise be lost if the computer reboots. Which of the following outputs should the engineer capture FIRST?

A. Hostname
B. Netstat
C. Ipconfig
D. DIR

b
A software development manager needs to create several different environments for application development, testing, and quality control. Controls are being put in place to manage how software is moved into the production environment. Which of the following should the software development manager request to be put into place to implement the three new environments?

A. Application firewall
B. Network segmentation
C. Trusted computing
D. Network address translation

b
An organization that uses a cloud infrastructure to present a payment portal is using:

A. Software as a service
B. Platform as a service
C. Monitoring as a service
D. Infrastructure as a service

a
A security administrator has been tasked with hardening operating systems security on tables that will be deployed for use by floor salespeople at retail outlets. Which of the following could the administrator implement to reduce the likelihood that unauthorized users will be able to access information on the tables?

A. GPS device tracking
B. Remote wiping
C. Cable locks
D. Password protection

d
Joe is a helpdesk specialist. During a routine audit, a company discovered that is credentials were used while he was on vacation. The investigation further confirmed that joe still has his badge and it was last used to exit the facility. Which of the following access controls methods is MOST appropriate for preventing such occurrences in the future?

A. Access control where the credentials cannot be used except when the associated badge is in the facility
B. Access control where system administrators may limit which users can access their systems
C. Access controls where employee access permissions are based on job title
D. Access control system where badges are only issued to cleared personnel

a
A security administrator runs a port scan against a server and determines that the following ports are open:

TCP 22
TCP 25
TCP 80
TCP 631
TCP 995

Which of the following MOST likely describes the server?

A. It is an email server that requires secure email
transmittal
B. It is a web server that requires secure communication
C. It is a print server that requires secure authentication
D. It is an email server that requires secure email retrieval

d
82. An employee connects a wireless access point to the only jack in the conference room to provide internet access during a meeting. The access point is configured to secure its users with WPA2-TKIP. A malicious user is able to intercept clear text HTTP communication between the meeting attendees and the internet. Which of the following is the reason the malicious user is able to intercept and see the clear text communication?

A. The malicious user is running a wireless sniffer
B. The wireless access point is broadcasting the SSID
C. The malicious user is able to capture the wired communication
D. The meeting attendees are using unencrypted hard drives

c
A company uses PKI certificates stored on a smart-chip-enabled badge. The badge is used for a small number of devices that connect to a wireless network. A user’s badge was reported stolen. Which of the flowing could the security administrator implement to prevent the stolen badge from being used to compromise the wireless network?

A. Asset tracking
B. Honeynet
C. Strong PSK
D. MAC filtering

a
A company have begun construction on a new building. The construction crews have noticed that valuable materials have been stolen from the site. Which of the following preventable controls should be used by the chief Security Officer (CSO) to prevent future theft?

A. Motion sensors
B. CCTV
C. Fencing
D. Lighting

c
Which of the following represents a common approach taken to remotely render data inaccessible on mobile devices?

A. Delete FDE key
B. Hardware degausser
C. Purge running memory
D. Overwrite system files

d
A project manager is working with data owner to review information security classification requirements for a new system the organization is developing to customers requiring five-nines uptime. Which of the following classification would be MOST appropriate for the data owner to establish for the data contained in the system?

A. Integrity
B. Permanency
C. Confidentiality
D. Availability

d
A company have completed the continuity of operations plan and needs to validate that everyone knows what actions to perform. Which of the following can be performed instead of completing a full fail over validate this requirement?

A. Tabletop exercise
B. Sandboxing
C. Business impact analysis
D. Risk assessment

a
A network administrator discovers that telnet was enabled on the company’s Human Resources (HR) payroll server and that someone outside of the HR subnet has been attempting to log into the server. The network administrator has disabled tenet on the payroll server. Which of the following is a method of tracking attempts to log onto telnet without exposing important company data?

A. Banner grabbing
B. Active port monitoring
C. Honeypot
D. Passive IPS

b
Which of the following is MOST effective at cracking hashed passwords?

A. Rainbow tables
B. Dictionary attack
C. Birthday attack
D. Brute force attack

a
A forensic expert needs to be able to prove that digital evidence was not tampered with after being taken into custody. Which of the following is useful in this scenario?

A. Encryption
B. Non-repudiation
C. Hashing
D. Perfect forward security
E. Steganography

c
The network administrator sees a “%CAM-TABLE-FULL “message on the network switch. Upon investigation, the administrator notices thousands of MAC addresses associated with a single untagged port. Which of the following should be implemented to prevent this type of attack?

A. Port authority
B. BPDU guard
C. 802.1x
D. TACACS+

c
During a recent audit, it was discovered that several database services were running with local user accounts named “admin” and “dbadmin.” Which of the following controls will prevent network administrators from using these types of usernames for services in the future? (Select TWO)

A. Use shared account policies
B. Prohibit generic or default accounts
C. Perform continuous access monitoring
D. Perform user account access reviews
E. Require dedicated service accounts

b
e
The first responder to an incident has been asked to provide an after action report. Which of the following incident response procedures does this support?

A. Incident identification
B. Mitigation
C. Lessons learned
D. Escalation/notification

c
A company is hosting both sensitive and public information at a cloud provider. Prior to the company going out of business, the administrator wants to decommission all virtual servers hosted on the cloud. When wiping the virtual hard drive, which of the following should be removed?

A. Hardware specifications
B. Encrypted files
C. Data remnants
D. Encrypted keys

c
An old 802.11b wireless bridge must be configured to provide confidentiality of data in transit to include the MAC addresses of communicating endpoints. Which of the following can be implemented to meet this requirement?

A. MSCHAPv2
B. WPA2
C. WEP
D. IPsec

d
The network administrator is installing RS-485 terminal servers to provide card readers to vending machines. Which of the following should be performed to protect the terminal servers?

A. Flood guards
B. 802.1x
C. Network separation
D. Port security

b
An employee is using company time and assets to use a third-party tool to share downloadable media with other users around the world. Sharing downloadable media is not expressly forbidden in the company security policy or acceptable use policy. Which of the following BEST describes what the security staff should consider adding to these policies?

A. P2P
B. Data handling
C. Social networking
D. Mobile device management

a
A security auditor has full knowledge of company configuration and equipment. The auditor performed a test on the network, resulting in an exploitation of a zero-day vulnerability. Which of the following did the security auditor perform?

A. Gray box test
B. Vulnerability
C. Black box test
D. Penetration test

d
A Technician received a ticket from a project manager while working on an enterprise SIEM architecture deployment. The project management has requested a specific executable be authorized for use on the network. Which of the following configuration items would be MOST appropriate for the technician to modify in support of the requirement?

A. Application whitelist
B. Antivirus configuration
C. Command line interface
D. Host software baseline
E. DNS blacklist

a
A system administrator is configuring a site-to-site VPN tunnel. Which of the following should be configured on the VPN concentrator for payload encryption?

A. ECDHE
B. SHA256
C. HTTPS
D. 3DES

d
Which of the following network design components would assist in separating network traffic based on the logical location of users?

A. IPsec
B. NAC
C. VLAN
D. DMZ

c
A security analyst would like to prevent malicious users from detecting systems on the network. Which of the following protocols would the security analyst block so that a ping sweep would not reply to this type of scanning?

A. ICPM
B. DNS
C. NetBIOS
D. WINS

a
Layer 7 devices used to prevent specific types of html tags are called:

A. Firewalls
B. Content filters
C. Routers
D. NIDS

B
Which of the following is BEST at blocking and providing security at layer 7 of the OSI model?

A. WAF
B. NIDS
C. Routers
D. Switches

a
An administrator would like to review the effectiveness of existing security in the enterprise. Which of the following would be the BEST place to start?

A. Review past security incidents and their resolution
B. Rewrite the existing security policy
C. Implement an intrusion prevention system
D. Install honey pot systems

c
A review of the company’s network traffic shows that most of the malware infections are caused by users visiting gambling and gaming websites. The security manager wants to implement a solution that will block these websites, scan all web traffic for signs of malware, and block the malware before it enters the company network. Which of the following is suited for this purpose?

A. ACL
B. IDS
C. UTM
D. Firewall

c
A company has proprietary mission critical devices connected to their network which are configured remotely by both employees and approved customers. The administrator wants to monitor device security without changing their baseline configuration. Which of the following should be implemented to secure the devices without risking availability?

A. Host-based firewall
B. IDS
C. IPS
D. Honeypot

b
Which of the following firewall rules only denies DNS zone transfers?

A. deny udp any any port 53
B. deny ip any any
C. deny tcp any any port 53
D. deny all dns packets

c
Joe, a technician at the local power plant, notices that several turbines had ramp up in cycles during the week. Further investigation by the system engineering team determined that a timed .exe file had been uploaded to the system control console during a visit by international contractors. Which of the following actions should Joe recommend?

A. Create a VLAN for the SCADA
B. Enable PKI for the MainFrame
C. Implement patch management
D. Implement stronger WPA2 Wireless

a
A database administrator contacts a security administrator to request firewall changes for a connection to a new internal application. The security administrator notices that the new application uses a port typically monopolized by a virus. The security administrator denies the request and suggests a new port or service be used to complete the application’s task. Which of the following is the security administrator practicing in this example?

A. Explicit deny
B. Port security
C. Access control lists
D. Implicit deny

c
An administrator needs to connect a router in one building to a router in another using Ethernet. Each router is connected to a managed switch and the switches are connected to each other via a fiber line. Which of the following should be configured to prevent unauthorized devices from connecting to the network?

A. Configure each port on the switches to use the same VLAN other than the default one
B. Enable VTP on both switches and set to the same domain C. Configure only one of the routers to run DHCP services D. Implement port security on the switches

d
At an organization, unauthorized users have been accessing network resources via unused network wall jacks. Which of the following would be used to stop unauthorized access?

A. Configure an access list.
B. Configure spanning tree protocol.
C. Configure port security.
D. Configure loop protection.

c
A company determines a need for additional protection from rogue devices plugging into physical ports around the building. Which of the following provides the highest degree of protection from unauthorized wired network access?

A. Intrusion Prevention Systems
B. MAC filtering
C. Flood guards
D. 802.1x

d
A company has several conference rooms with wired network jacks that are used by both employees and guests. Employees need access to internal resources and guests only need access to the Internet. Which of the following combinations is BEST to meet the requirements?

A. NAT and DMZ
B. VPN and IPSec
C. Switches and a firewall
D. 802.1x and VLANs

d
A Chief Information Security Officer (CISO) is tasked with outsourcing the analysis of security logs. These will need to still be reviewed on a regular basis to ensure the security of the company has not been breached. Which of the following cloud service options would support this requirement?

A. SaaS
B. MaaS
C. IaaS
D. PaaS

b
An organization does not have adequate resources to administer its large infrastructure. A security administrator wishes to combine the security controls of some of the network devices in the organization. Which of the following methods would BEST accomplish this goal?

A. Unified Threat Management
B. Virtual Private Network
C. Single sign on
D. Role-based management

a
A security administrator is segregating all web-facing server traffic from the internal network and restricting it to a single interface on a firewall. Which of the following BEST describes this new network?

A. VLAN
B. Subnet
C. VPN
D. DMZ

d
Which of the following network architecture concepts is used to securely isolate at the boundary between networks?

A. VLAN
B. Subnetting
C. DMZ
D. NAT

c
Which of the following would allow the organization to divide a Class C IP address range into several ranges?

A. DMZ
B. Virtual LANs
C. NAT
D. Subnetting

d
A small company can only afford to buy an all-in-one wireless router/switch. The company has 3 wireless BYOD users and 2 web servers without wireless access. Which of the following should the company configure to protect the servers from the user devices? (Select TWO).

A. Deny incoming connections to the outside router interface.
B. Change the default HTTP port
C. Implement EAP-TLS to establish mutual authentication
D. Disable the physical switch ports
E. Create a server VLAN
F. Create an ACL to access the server

e
f
A network engineer is setting up a network for a company. There is a BYOD policy for the employees so that they can connect their laptops and mobile devices. Which of the following technologies should be employed to separate the administrative network from the network in which all of the employees’ devices are connected?

A. VPN
B. VLAN
C. WPA2
D. MAC filtering

b
Pete, a network administrator, is capturing packets on the network and notices that a large amount of the traffic on the LAN is SIP and RTP protocols. Which of the following should he do to segment that traffic from the other traffic?

A. Connect the WAP to a different switch.
B. Create a voice VLAN.
C. Create a DMZ.
D. Set the switch ports to 802.1q mode.

b
An administrator wishes to hide the network addresses of an internal network when connecting to the Internet. The MOST effective way to mask the network address of the users would be by passing the traffic through a:

A. stateful firewall
B. packet-filtering firewall
C. NIPS
D. NAT

d
A company’s business model was changed to provide more web presence and now its ERM software is no longer able to support the security needs of the company. The current data center will continue to provide network and security services. Which of the following network elements would be used to support the new business model?

A. Software as a Service
B. DMZ
C. Remote access support
D. Infrastructure as a Service

a
An IT director is looking to reduce the footprint of their company’s server environment. They have decided to move several internally developed software applications to an alternate environment, supported by an external company. Which of the following BEST describes this arrangement?

A. Infrastructure as a Service
B. Storage as a Service
C. Platform as a Service
D. Software as a Service

a
Which of the following technologies can store multi-tenant data with different security requirements?

A. Data loss prevention
B. Trusted platform module
C. Hard drive encryption
D. Cloud computing

d
Concurrent use of a firewall, content filtering, antivirus software and an IDS system would be considered components of:

A. Redundant systems.
B. Separation of duties.
C. Layered security.
D. Application control.

c
A network engineer is designing a secure tunneled VPN. Which of the following protocols would be the MOST secure?

A. IPsec
B. SFTP
C. BGP
D. PPTP

a
Which of the following means of wireless authentication is easily vulnerable to spoofing?

A. MAC Filtering
B. WPA – LEAP
C. WPA – PEAP
D. Enabled SSID

a
If you don’t know the MAC address of a Linux-based machine, what command-line utility can you use to ascertain it?

A. macconfig
B. ifconfig
C. ipconfig
D. config

b
An organization does not want the wireless network name to be easily discovered. Which of the following software features should be configured on the access points?

A. SSID broadcast
B. MAC filter
C. WPA2
D. Antenna placement

a
Which of the following components of an all-in-one security appliance would MOST likely be configured in order to restrict access to peer-to-peer file sharing websites?

A. Spam filter
B. URL filter
C. Content inspection
D. Malware inspection

b
A customer has provided an email address and password to a website as part of the login process. Which of the following BEST describes the email address?

A. Identification
B. Authorization
C. Access control
D. Authentication

a
Which of the following is BEST used to capture and analyze network traffic between hosts on the same network segment?

A. Protocol analyzer
B. Router
C. Firewall
D. HIPS

a
Which of the following devices is used for the transparent security inspection of network traffic by redirecting user packets prior to sending the packets to the intended destination?

A. Proxies
B. Load balancers
C. Protocol analyzer
D. VPN concentrator

a
A Windows-based computer is infected with malware and is running too slowly to boot and run a malware scanner. Which of the following is the BEST way to run the malware scanner?

A. Kill all system processes
B. Enable the firewall
C. Boot from CD/USB
D. Disable the network connection

c
The Chief Executive Officer (CEO) receives a suspicious voice mail warning of credit card fraud. No one else received the voice mail. Which of the following BEST describes this attack?

A. Whaling
B. Vishing
C. Spear phishing
D. Impersonation

a
RC4 is a strong encryption protocol that is generally used with which of the following?

A. WPA2 CCMP
B. PEAP
C. WEP
D. EAP-TLS

c
A company has two server administrators that work overnight to apply patches to minimize disruption to the company. With the limited working staff, a security engineer performs a risk assessment to ensure the protection controls are in place to monitor all assets including the administrators in case of an emergency. Which of the following should be in place?

A. NIDS
B. CCTV
C. Firewall
D. NIPS

b
A company’s Chief Information Officer realizes the company cannot continue to operate after a disaster. Which of the following describes the disaster?

A. Risk
B. Asset
C. Threat
D. Vulnerability

c
A company plans to expand by hiring new engineers who work in highly specialized areas. Each engineer will have very different job requirements and use unique tools and applications in their job. Which of the following is MOST appropriate to use?

A. Role-based privileges
B. Credential management
C. User assigned privileges
D. User access

a
Ann, the Chief Technology Officer (CTO), has agreed to allow users to bring their own device (BYOD) in order to leverage mobile technology without providing every user with a company owned device. She is concerned that users may not understand the company’s rules, and she wants to limit potential legal concerns. Which of the following is the CTO concerned with?

A. Data ownership
B. Device access control
C. Support ownership
D. Acceptable use

a
Which of the following solutions provides the most flexibility when testing new security controls prior to implementation?

A. Trusted OS
B. Host software baselining
C. OS hardening
D. Virtualization

d
Ann has recently transferred from the payroll department to engineering. While browsing file shares, Ann notices she can access the payroll status and pay rates of her new coworkers. Which of the following could prevent this scenario from occurring?

A. Credential management
B. Continuous monitoring
C. Separation of duties
D. User access reviews

d
A security administrator is tasked with ensuring that all devices have updated virus definition files before they are allowed to access network resources. Which of the following technologies would be used to accomplish this goal?

A. NIDS
B. NAC
C. DLP
D. DMZ
E. Port Security

b
The loss prevention department has purchased a new application that allows the employees to monitor the alarm systems at remote locations. However, the application fails to connect to the vendor’s server and the users are unable to log in. Which of the following are the MOST likely causes of this issue? (Select TWO).

A. URL filtering
B. Role-based access controls
C. MAC filtering
D. Port Security
E. Firewall rules

a
e
Several employees clicked on a link in a malicious message that bypassed the spam filter and their PCs were infected with malware as a result. Which of the following BEST prevents this situation from occurring in the future?

A. Data loss prevention
B. Enforcing complex passwords
C. Security awareness training
D. Digital signatures

c
Visible security cameras are considered to be which of the following types of security controls?

A. Technical
B. Compensating
C. Deterrent
D. Administrative

c
It has been discovered that students are using kiosk tablets intended for registration and scheduling to play games and utilize instant messaging. Which of the following could BEST eliminate this issue?

A. Device encryption
B. Application control
C. Content filtering
D. Screen-locks

b
User A is a member of the payroll security group. Each member of the group should have read/write permissions to a share. User A was trying to update a file but when the user tried to access the file the user was denied. Which of the following would explain why User A could not access the file?

A. Privilege escalation
B. Rights are not set correctly
C. Least privilege
D. Read only access

b
Which of the following is the primary objective of a business continuity plan (BCP)?

A. Addresses the recovery of an organizations business operations
B. Addresses the recovery of an organizations business payroll system
C. Addresses the recovery of an organizations business facilities
D. Addresses the recovery of an organizations backup site

a
A small call center business decided to install an email system to facilitate communications in the office. As part of the upgrade the vendor offered to supply anti-malware software for a cost of $5,000 per year. The IT manager read there was a 90% chance each year that workstations would be compromised if not adequately protected. If workstations are compromised it will take three hours to restore services for the 30 staff. Staff members in the call center are paid $90 per hour. If determining the risk, which of the following is the annual loss expectancy (ALE)?

A. $2,700
B. $4,500
C. $5,000
D. $7,290

d
All of the following are organizational policies that reduce the impact of fraud EXCEPT:

A. separation of duties.
B. password complexity rules.
C. job rotation.
D. escorting procedures.

b
Why would a technician use a password cracker?

A. To look for weak passwords on the network
B. To change a users passwords when they leave the company
C. To enforce password complexity requirements D. To change users passwords if they have forgotten them

a
An application developer is looking for an encryption algorithm which is fast and hard to break if a large key size is used. Which of the following BEST meets these requirements?

A. Transposition
B. Substitution
C. Symmetric
D. Asymmetric

c
Which of the following should be included in a forensic toolkit?

A. Compressed air
B. Tape recorder
C. Fingerprint cards
D. Digital camera

d
After a period of high employee turnover, which of the following should be implemented?

A. A review of NTLM hashes on the domain servers
B. A review of group policies
C. A review of user access and rights
D. A review of storage and retention policies

c
When should a technician perform penetration testing?

A. When the technician suspects that weak passwords exist on the network
B. When the technician is trying to guess passwords on a network
C. When the technician has permission from the owner of the network
D. When the technician is war driving and trying to gain access

c
A company runs a site which has a search option available to the general public. The network administrator is reviewing the site logs one day and notices an IP address filling out a specific form on the site at a rate of two submissions per second. Which of the following is the BEST option to stop this type of abuse?

A. Add a CAPTCHA feature.
B. Block the IP address.
C. Disable ActiveX.
D. Slow down the server response times.

a
A library provides automated pay per print copiers and printers. It is discovered that an employee has been embezzling money from the coin boxes for many years. Which of the following might have helped the library detect this earlier?

A. Improve employee auditing procedures
B. User education
C. Mandatory vacations
D. Acceptable use policy

a