Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
50 Cards in this Set
- Front
- Back
|
Which of the following is the BEST approach to perform risk mitigation of user access control |
B. Perform routine user permission reviews.
|
|
|
Which of the following devices is BEST suited for servers that need to store private keys?
A. Hardware security module B. Hardened network firewall C. Solid state disk drive D. Hardened host firewall |
A. Hardware security module
|
|
|
All of the following are valid cryptographic hash functions EXCEPT:
A. RIPEMD. B. RC4. C. SHA-512. D. MD4. |
B. RC4.
|
|
|
In regards to secure coding practices, why is input validation important?
A. It mitigates buffer overflow attacks. B. It makes the code more readable. C. It provides an application configuration baseline. D. It meets gray box testing standards. |
A. It mitigates buffer overflow attacks.
|
|
|
Which of the following would be used when a higher level of security is desired for encryption key
storage? A. TACACS+ B. L2TP C. LDAP D. TPM |
D. TPM
|
|
|
A security administrator needs to determine which system a particular user is trying to login to at
various times of the day. Which of the following log types would the administrator check? A. Firewall B. Application C. IDS D. Security |
D. Security
|
|
|
Which of the following MUST be updated immediately when an employee is terminated to prevent
unauthorized access? A. Registration B. CA C. CRL D. Recovery agent |
C. CRL
|
|
|
Employee badges are encoded with a private encryption key and specific personal information.
The encoding is then used to provide access to the network. Which of the following describes this access control type? A. Smartcard B. Token C. Discretionary access control D. Mandatory access control |
A. Smartcard
|
|
|
Which of the following devices would MOST likely have a DMZ interface?
A. Firewall B. Switch C. Load balancer D. Proxy |
A. Firewall
|
|
|
Which of the following application security testing techniques is implemented when an automated
system generates random input data? A. Fuzzing B. XSRF C. Hardening D. Input validation |
A. Fuzzing
|
|
|
Which of the following can be used by a security administrator to successfully recover a user’s
forgotten password on a password protected file? A. Cognitive password B. Password sniffing C. Brute force D. Social engineering |
C. Brute force
|
|
|
A security administrator wants to check user password complexity. Which of the following is the
BEST tool to use? A. Password history B. Password logging C. Password cracker D. Password hashing |
C. Password cracker
|
|
|
Certificates are used for: (Select TWO).
A. Client authentication. B. WEP encryption. C. Access control lists. D. Code signing. E. Password hashing. |
A. Client authentication.
D. Code signing. |
|
|
Which of the following is a hardware based encryption device?
A. EFS B. TrueCrypt C. TPM D. SLE |
C. TPM
|
|
|
Which of the following BEST describes a protective countermeasure for SQL injection?
A. Eliminating cross-site scripting vulnerabilities B. Installing an IDS to monitor network traffic C. Validating user input in web applications D. Placing a firewall between the Internet and database servers |
C. Validating user input in web applications
|
|
|
Which of the following MOST interferes with network-based detection techniques?
A. Mime-encoding B. SSL C. FTP D. Anonymous email accounts |
B. SSL
|
|
|
A certificate authority takes which of the following actions in PKI?
A. Signs and verifies all infrastructure messages B. Issues and signs all private keys C. Publishes key escrow lists to CRLs D. Issues and signs all root certificates |
D. Issues and signs all root certificates
|
|
|
Use of a smart card to authenticate remote servers remains MOST susceptible to which of the
following attacks? A. Malicious code on the local system B. Shoulder surfing C. Brute force certificate cracking D. Distributed dictionary attacks |
A. Malicious code on the local system
|
|
|
Separation of duties is often implemented between developers and administrators in order to separate which of the following?
A. More experienced employees from less experienced employees B. Changes to program code and the ability to deploy to production C. Upper level management users from standard development employees D. The network access layer from the application access layer |
B. Changes to program code and the ability to deploy to production
|
|
|
A security administrator needs to update the OS on all the switches in the company. Which of the
following MUST be done before any actual switch configuration is performed? A. The request needs to be sent to the incident management team. B. The request needs to be approved through the incident management process. C. The request needs to be approved through the change management process. D. The request needs to be sent to the change management team. |
C. The request needs to be approved through the change management process.
|
|
|
Jane, an individual, has recently been calling various financial offices pretending to be another
person to gain financial information. Which of the following attacks is being described? A. Phishing B. Tailgating C. Pharming D. Vishing |
D. Vishing
|
|
|
A user in the company is in charge of various financial roles but needs to prepare for an upcoming
audit. They use the same account to access each financial system. Which of the following security controls will MOST likely be implemented within the company? A. Account lockout policy B. Account password enforcement C. Password complexity enabled D. Separation of duties |
D. Separation of duties
|
|
|
A CRL is comprised of:
A. Malicious IP addresses. B. Trusted CA’s. C. Untrusted private keys. D. Public keys. |
D. Public keys.
|
|
|
Sara, a user, downloads a keygen to install pirated software. After running the keygen, system
performance is extremely slow and numerous antivirus alerts are displayed. Which of the following BEST describes this type of malware? A. Logic bomb B. Worm C. Trojan D. Adware |
C. Trojan
|
|
|
Which of the following may significantly reduce data loss if multiple drives fail at the same time?
A. Virtualization B. RAID C. Load balancing D. Server clustering |
B. RAID
|
|
|
Which of the following should be considered to mitigate data theft when using CAT5 wiring?
A. CCTV B. Environmental monitoring C. Multimode fiber D. EMI shielding |
D. EMI shielding
|
|
|
To help prevent unauthorized access to PCs, a security administrator implements screen savers
that lock the PC after five minutes of inactivity. Which of the following controls is being described in this situation? A. Management B. Administrative C. Technical D. Operational |
C. Technical
|
|
|
Pete, a network administrator, is capturing packets on the network and notices that a large amount
of the traffic on the LAN is SIP and RTP protocols. Which of the following should he do to segment that traffic from the other traffic? A. Connect the WAP to a different switch. B. Create a voice VLAN. C. Create a DMZ. D. Set the switch ports to 802.1q mode. |
B. Create a voice VLAN.
|
|
|
Which of the following IP addresses would be hosts on the same subnet given the subnet mask
255.255.255.224? (Select TWO). A. 10.4.4.125 B. 10.4.4.158 C. 10.4.4.165 D. 10.4.4.189 E. 10.4.4.199 |
C. 10.4.4.165
D. 10.4.4.189 |
|
|
Which of the following algorithms has well documented collisions? (Select TWO).
A. AES B. MD5 C. SHA D. SHA-256 E. RSA |
B. MD5
C. SHA |
|
|
Which of the following is BEST used as a secure replacement for TELNET?
A. HTTPS B. HMAC C. GPG D. SSH |
D. SSH
|
|
|
An email client says a digital signature is invalid and the sender cannot be verified. The recipient is
concerned with which of the following concepts? A. Integrity B. Availability C. Confidentiality D. Remediation |
A. Integrity
|
|
|
Which of the following is an effective way to ensure the BEST temperature for all equipment within
a datacenter? A. Fire suppression B. Raised floor implementation C. EMI shielding D. Hot or cool aisle containment |
D. Hot or cool aisle containment
|
|
|
Which of the following transportation encryption protocols should be used to ensure maximum
security between a web browser and a web server? A. SSLv2 B. SSHv1 C. RSA D. TLS |
D. TLS
|
|
|
Developers currently have access to update production servers without going through an approval
process. Which of the following strategies would BEST mitigate this risk? A. Incident management B. Clean desk policy C. Routine audits D. Change management |
D. Change management
|
|
|
Which of the following is a difference between TFTP and FTP?
A. TFTP is slower than FTP. B. TFTP is more secure than FTP. C. TFTP utilizes TCP and FTP uses UDP. D. TFTP utilizes UDP and FTP uses TCP. |
D. TFTP utilizes UDP and FTP uses TCP.
|
|
|
Matt, an administrator, notices a flood fragmented packet and retransmits from an email server.
After disabling the TCP offload setting on the NIC, Matt sees normal traffic with packets flowing in sequence again. Which of the following utilities was he MOST likely using to view this issue? A. Spam filter B. Protocol analyzer C. Web application firewall D. Load balancer |
B. Protocol analyzer
|
|
|
Which of the following is characterized by an attacker attempting to map out an organization’s staff
hierarchy in order to send targeted emails? A. Whaling B. Impersonation C. Privilege escalation D. Spear phishing |
A. Whaling
|
|
|
Which of the following would a security administrator implement in order to discover
comprehensive security threats on a network? A. Design reviews B. Baseline reporting C. Vulnerability scan D. Code review |
C. Vulnerability scan
|
|
|
Which of the following is an example of a false positive?
A. Anti-virus identifies a benign application as malware. B. A biometric iris scanner rejects an authorized user wearing a new contact lens. C. A user account is locked out after the user mistypes the password too many times. D. The IDS does not identify a buffer overflow. |
A. Anti-virus identifies a benign application as malware.
|
|
|
Data execution prevention is a feature in most operating systems intended to protect against
which type of attack? A. Cross-site scripting B. Buffer overflow C. Header manipulation D. SQL injection |
B. Buffer overflow
|
|
|
Use of group accounts should be minimized to ensure which of the following?
A. Password security B. Regular auditing C. Baseline management D. Individual accountability |
D. Individual accountability
|
|
|
Privilege creep among long-term employees can be mitigated by which of the following
procedures? A. User permission reviews B. Mandatory vacations C. Separation of duties D. Job function rotation |
A. User permission reviews
|
|
|
In which of the following scenarios is PKI LEAST hardened?
A. The CRL is posted to a publicly accessible location. B. The recorded time offsets are developed with symmetric keys. C. A malicious CA certificate is loaded on all the clients. D. All public keys are accessed by an unauthorized user. |
C. A malicious CA certificate is loaded on all the clients.
|
|
|
Configuring the mode, encryption methods, and security associations are part of which of the
following? A. IPSec B. Full disk encryption C. 802.1x D. PKI |
A. IPSec
|
|
|
Which of the following assessments would Pete, the security administrator, use to actively test that
an application’s security controls are in place? A. Code review B. Penetration test C. Protocol analyzer D. Vulnerability scan |
B. Penetration test
|
|
|
A security administrator has just finished creating a hot site for the company. This implementation
relates to which of the following concepts? A. Confidentiality B. Availability C. Succession planning D. Integrity |
B. Availability
|
|
|
In the initial stages of an incident response, Matt, the security administrator, was provided the hard
drives in question from the incident manager. Which of the following incident response procedures would he need to perform in order to begin the analysis? (Select TWO). A. Take hashes B. Begin the chain of custody paperwork C. Take screen shots D. Capture the system image |
A. Take hashes
D. Capture the system image |
|
|
Which of the following is used to certify intermediate authorities in a large PKI deployment?
A. Root CA B. Recovery agent C. Root user D. Key escrow |
A. Root CA
|
|
|
Which of the following components MUST be trusted by all parties in PKI?
A. Key escrow B. CA C. Private key D. Recovery key |
B. CA
|
