Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
76 Cards in this Set
- Front
- Back
|
A forensic analyst is reviewing electronic evidence after a robbery. Security cameras installed at the site were facing the wrong direction to capture the incident. The analyst ensures the cameras are turned to face the proper direction. Which of the following types of controls is being used? |
Corrective |
|
|
A company with a US-based sales force has requested that the VPN system be configured to authenticate the sales team based on their username, password and a client side certificate. Additionally, the security administrator has restricted the VPN to only allow authentication from the US territory. How many authentication |
3 |
|
|
The Chief Information Officer (CIO) wants to implement a redundant server location to which the production server images can be moved within 48 hours and services can be quickly restored, in case of a catastrophic failure of the primary datacenter's HVAC. Which of the following can be implemented? |
Warm site |
|
|
Users are unable to connect to the web server at IP 192.168.0.20. Which of the following can be inferred of a firewall that is configured ONLY with the following ACL? |
It implements an implicit deny. |
|
|
A network administrator has recently updated their network devices to ensure redundancy is in place so that: |
single points of failure are removed. |
|
|
Which of the following network architecture concepts is used to securely isolate at the boundary between networks? |
DMZ |
|
|
After a user performed a war driving attack, the network administrator noticed several similar markings where WiFi was available throughout the enterprise. Which of the following is the term used to describe these markings? |
War chalking |
|
|
A company has purchased an application that integrates into their enterprise user directory for account authentication. Users are still prompted to type in their usernames and passwords. Which of the following types of authentication is being utilized here? |
Same sign-on |
|
|
Which of the following types of encryption will help in protecting files on a PED? |
Mobile device encryption |
|
|
The information security team does a presentation on social media and advises the participants not to provide too much personal information on social media web sites. This advice would BEST protect people from which of the following? |
Cognitive passwords attacks |
|
|
How often, at a MINIMUM, should Sara, an administrator, review the accesses and right of the users on her system? |
Annually |
|
|
A user has unknowingly gone to a fraudulent site. The security analyst notices the following system change on the user's host: |
Pharming |
|
|
Which of the following assets is MOST likely considered for DLP? |
B. USB mass storage devices |
|
|
A security analyst has been notified that trade secrets are being leaked from one of the executives in the corporation. When reviewing this executive's laptop they notice several pictures of the employee's pets are on the hard drive and on a cloud storage network. When the analyst hashes the images on the hard drive against the hashes on the cloud network they do not match. How is the employee leaking these secrets?
|
Steganography |
|
|
A user has received an email from an external source which asks for details on the company's new product line set for release in one month. The user has a detailed spec sheet but it is marked "Internal Proprietary Information". What should the user do next? |
Contact the help desk and/or incident response team to determine next steps |
|
|
Digital signatures provide what? |
Integrity |
|
|
Mandatory vacations are a security control which can be used to uncover what? |
Fraud committed by a system administrator |
|
|
A network stream needs to be encrypted. Sara, the network administrator, has selected a cipher which will encrypt 8 bits at a time before sending the data across the network. Which cypher has Sara selected? |
Block cypher |
|
|
A hacker has discovered a simple way to disrupt business for the day in a small company which relies on staff working remotely. In a matter of minutes the hacker was able to deny remotely working staff access to company systems with a script. Which security controls is the hacker exploiting? |
Account lockout |
|
|
A security administrator plans on replacing a critical business application in five years. |
Accept the risk and continue to enable the accounts each month saving money |
|
|
An administrator is concerned that a company's web server has not been patched. What would be the BEST assessment for the administrator to perform? |
Vulnerability scan |
|
|
Sara, a security manager, has decided to force expiration of all company passwords by the close of business day. What BEST supports this reasoning? |
A recent security breach in which passwords were cracked. |
|
|
Disabling unnecessary services, restricting administrative access, and enabling auditing controls on a server are forms of what? |
System hardening |
|
|
What techniques enables a highly secured organization to assess security weaknesses in real time? |
Continuous monitoring |
|
|
The security administrator is observing unusual network behavior from a workstation. The workstation is communicating with a known malicious destination over an encrypted tunnel. A full antivirus scan, with an updated antivirus definition file, does not show any signs of infection. What has happened on the workstation? |
Zero-day attack |
|
|
A recent computer breach has resulted in the incident response team needing to perform a forensics examination. Upon examination, the forensics examiner determines that they cannot tell which captured hard |
Evidence labeling |
|
|
A user commuting to work via public transport received an offensive image on their smart phone from another commuter. What attacks MOST likely took place? |
Bluejacking |
|
|
Encryption of data at rest is important for sensitive information because of what? |
Prevents data from being accessed following theft of physical equipment |
|
|
What can be implemented with multiple bit strength? |
AES |
|
|
A trojan was recently discovered on a server. There are now concerns that there has been a security breach that allows unauthorized people to access data. The administrator should be looking for the presence of a/an: |
Backdoor |
|
|
Matt, a security analyst, needs to implement encryption for company data and also prevent theft of company data. Where and how should Matt meet this requirement? |
Matt should implement DLP and encrypt the company database. |
|
|
What is the LEAST volatile when performing incident response procedures? |
Hard drive |
|
|
What does full disk encryption prevent? |
Clear text access |
|
|
Sara, an application developer, implemented error and exception handling alongside input validation. What does this help prevent? |
Cross-site scripting |
|
|
What services are used to support authentication services for several local devices from a central location without the use of tokens? |
TACACS+ |
|
|
What presents the STRONGEST access control? |
MAC |
|
|
During a security assessment, an administrator wishes to see which services are running on a remote server. What should the administrator use? |
Port scanner |
|
|
A router has a single Ethernet connection to a switch. In the router configuration, the Ethernet interface has three sub-interfaces, each configured with ACLs applied to them and 802.1q trunks. What is MOST likely the reason for the sub-interfaces? |
The switch has several VLANs configured on it. |
|
|
What types of application attacks would be used to specifically gain unauthorized information from databases that did not have any input validation implemented? |
SQL injection |
|
|
A security administrator wishes to change their wireless network so that IPSec is built into the protocol and NAT is no longer required for address range extension. What protocols should be used in this scenario? |
IPv6 |
|
|
Pete, an employee, is terminated from the company and the legal department needs documents from his encrypted hard drive. What should be used to accomplish this task? (select two) |
Recover Agent |
|
|
What protocols allows for secure transfer of files? (Select TWO). |
SFTP |
|
|
After a recent internal audit, the security administrator was tasked to ensure that all credentials must be changed within 90 days, cannot be repeated, and cannot contain any dictionary words or patterns. All credentials will remain enabled regardless of the number of attempts made. What types of user account options were enforced? (Select TWO). |
Password expiration |
|
|
In the initial stages of an incident response, Matt, the security administrator, was provided the hard drives in from the incident manager. What incident response procedures would he need to perform in order to begin the analysis? (Select TWO). |
Take hashes |
|
|
The manager has a need to secure physical documents every night, since the company began enforcing the clean desk policy. The BEST solution would include: (Select TWO). |
Fire- or water-proof safe |
|
|
Which two algorithms has well documented collisions? |
MD5 |
|
|
What can use RC4 for encryption? (Select TWO). |
SSL |
|
|
What can be used on a smartphone to BEST protect against sensitive data loss if the device is stolen? (Select TWO). |
Remote wipe |
|
|
What concepts are included on the three sides of the "security triangle"? (Select THREE). |
Confidentiality |
|
|
What symmetric key algorithms are examples of block ciphers? (Select THREE). |
3DES AES Blowfish |
|
|
An achievement in providing worldwide Internet security was the signing of certificates associated with which protocols? |
SSL |
|
|
A Chief Information Security Officer (CISO) wants to implement two-factor authentication within the company. What would fulfill the CISO's requirements? |
USB token and PIN |
|
|
What can a security administrator implement on mobile devices that will help prevent unwanted people from viewing the data if the device is left unattended? |
Screen lock |
|
|
What would a security administrator implement in order to identify a problem between two systems that are not communicating properly? |
Protocol analyzer |
|
|
What can result in significant administrative overhead from incorrect reporting? |
False positives |
|
|
A security administrator wants to perform routine tests on the network during working hours when certain applications are being accessed by the most people. What would allow the security administrator to test the lack of security controls for those applications with the least impact to the system? |
Vunlerability test |
|
|
What risk concepts requires an organization to determine the number of failures per year? |
ALE |
|
|
A system security analyst using an enterprise monitoring tool notices an unknown internal host exfiltrating files to several foreign IP addresses. What would be an appropriate mitigation technique? |
Rogue machine detection |
|
|
Three of the primary security control types that can be implemented are. |
Operational, technical, and management |
|
|
The helpdesk reports increased calls from clients reporting spikes in malware infections on their systems. |
Identification |
|
|
What protocols operates at the HIGHEST level of the OSI model? |
SCP |
|
|
Joe, the system administrator, has been asked to calculate the Annual Loss Expectancy (ALE) for a $5,000 server, which often crashes. In the past year, the server has crashed 10 times, requiring a system reboot to recover with only 10% loss of data or function. What is the ALE of this server? |
$5000 |
|
|
What should an administrator implement to research current attack methodologies? |
Honeypot |
|
|
What can be implemented in hardware or software to protect a web server from cross-site scripting attacks? |
Web application firewall |
|
|
What means of wireless authentication is easily vulnerable to spoofing? |
MAC filtering |
|
|
Jane, a security administrator, needs to implement a secure wireless authentication method that uses a remote RADIUS server for authentication. |
LEAP |
|
|
Computer evidence at a crime scene is documented with a tag stating who had possession of the evidence at |
Chain of custody |
|
|
A network administrator is configuring access control for the sales department which has high employee turnover. What is BEST suited when assigning user rights to individuals in the sales |
Group based priveleges |
|
|
What is being tested when a company's payroll server is powered off for eight hours? |
Continuity of operations plan |
|
|
A security analyst, Ann, is reviewing an IRC channel and notices that a malicious exploit has been created for a frequently used application. She notifies the software vendor and asks them for remediation steps, but is alarmed to find that no patches are available to mitigate this vulnerability. |
Zero-day |
|
|
A security administrator has concerns about new types of media which allow for the mass distribution of personal comments to a select group of people. To mitigate the risks involved with this media, employees should receive training on what? |
Social networking |
|
|
A network administrator is responsible for securing applications against external attacks. Every month, the underlying operating system is updated. There is no process in place for other software updates. |
Application patch management |
|
|
A software developer is responsible for writing the code on an accounting application. Another software developer is responsible for developing code on a system in human resources. Once a year they have to switch roles for several weeks. |
Job rotation |
|
|
A network engineer is designing a secure tunneled VPN. What protocols would be the MOST secure?
|
IPsec |
|
|
What implementation steps would be appropriate for a public wireless hot- spot? |
Open system authentication |
|
|
What is a step in deploying a WPA2-Enterprise wireless network? |
Install a digital certificate on the authentication server |
