Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
80 Cards in this Set
- Front
- Back
Describe the importance of enacting and maintaining a clean desk policy
|
Avoid passwords and sensitive data from being unsecured
|
|
Matt, a security technician, is using TFTP. Which port number is used for TFTP?
|
69
|
|
What system implements a secure key distribution system that relies on hardcopy keys intended for individual sessions?
|
One-time pad
|
|
What, when used in conjunction with software-based encryption, enhances platform authentication by storing unique RSH Keys and provides crypto processing?
|
TPM
|
|
For what reason would Pete, a security administrator, implement Kerberos over local system authentication?
|
Authentication to multiple devices
|
|
What would Pete, a security technician, most likely use to secure the creation of cryptographic keys?
|
Trusted Platform Module
|
|
What is most likely to reduce the threat of a zero day vulnerability?
|
Disabling unnecessary services
|
|
What has the capability to perform onboard cryptographic functions?
|
Smart card
|
|
Matt, a security administrator, discovers that server1 and server2 have been compromised, and then he observers unauthorized ongoing connections from server1 to server2. On server1 there is a executable named tcpdump and several files that appear to be network dump files. Finally, there are unauthorized transactions in the database on server2. What has most likely occurred?
|
A replay attack has been used against server2
|
|
What is most relevant for Jane, a security administrator, to use when investigating a SQL injection attack?
|
Stored procedures
|
|
Pete, a system administrator, was recently laid off for compromising various accounting systems within the company. A few month later, the finance department reported their applications were not working correctly. Upon further investigation, it was determined that unauthorized accounting software was installed onto a financial system and several application exploits existed within that system. That is an example of what?
|
Trojan horse
|
|
Monitoring data streams for malicious code and behavior is a process known as
|
Content inspection
|
|
Reviewing an access control list on a firewall reveals a drop all statement at the end of the rules. What form of access control does this describe?
|
Implicit deny
|
|
An administrator is taking an image of a server and converting it to a virtual instance. What best describes the information security requirements of a virtualized server?
|
Virtual servers have the same information security requirements as physical servers
|
|
Webmail is classified under which of the following cloud-based technologies?
|
Software as a service (SAAS)
|
|
A security engineer is troubleshooting a server in the DMZ, which cannot be reached from the internet or the internal network. All other servers on the DMZ are able to communicate with this server. What is most likely the cause?
|
The server is missing the default gateway
|
|
What can cause a user, connected to a NAC-enabled network, to not be promoted for credentials?
|
The users PC is missing the authentication agent
|
|
What would be implemented to allow access to services while segmenting access to the internal network?
|
DMZ
|
|
A security administrator needs to separate two departments. What would the administrator implement to perform this?
|
VLAN
|
|
What security control is lost when using cloud computing?
|
Physical control of the data
|
|
Which of protocol should be blocked at the network perimeter to prevent host enumeration by sweep devices?
|
ICMP
|
|
What uses TCP Port 22 by default?
|
SSH, SCP, and SFTP
|
|
What allows a security administrator to set device traps?
|
SNMP
|
|
A security administrator needs to implement a site-to-site VPN tunnel between the main office and a remote branch. What protocol should be used for the tunnel?
|
IPSEC
|
|
What protocol would be the most secure method to transfer files from a host machine?
|
SFTP
|
|
What port number should be used for SCP by default?
|
22
|
|
What is the most secure method of utilizing FTP?
|
FTPS
|
|
What protocol can be implemented to monitor network devices?
|
SNMP
|
|
What protocol would an administrator most likely use to monitor the parameters of network devices?
|
SNMP
|
|
A remote office is reporting they are unable to access any of the network resources from the main office. The security administrator realized the error and corrects it. The administrator then tries to ping the router at the remote office and receives no reply; However, the technician is able to telnet to that router. What is most likely the cause of the security administrator being unable to ping the router?
|
The remote router has ICMP Blocked
|
|
A network administrator is implementing a network addressing scheme that uses a long string of both numbers and alphanumeric characters to create addressign options and avoid duplicates. What describes a protocol built for this purpose?
|
IPv6
|
|
Where would a forensic analyst look to find a hooked process?
|
BIOS
|
|
What file transfer protocol is an extension of SSH?
|
SFTP
|
|
What secure protocol is most commonly used to remotely administer UNIX/LINUX systems?
|
SSH
|
|
The security administrator notices a number of TCP connections from the development department to the test network segregation. Large volumes of data are being transmitted between the two networks only on port 22. What is most likely occurring?
|
The development team is transferring data to test systems using SFTP and SCP
|
|
An administrator who wishes to block all database ports at the firewall should include which port in the block list?
|
1433
|
|
If a security administrator wants to telnet into a router to make configuration changes, which port would need to be open by default?
|
23
|
|
Which port would a security administrator block if the administrator wanted to stop users from accessing outside SMTP services?
|
25
|
|
Which of the following describes when forensic hashing should occur on a drive
|
Before and afterthe imaging process and then hash the forensic image
|
|
What assists in identifying if a system was properly handled during transport?
|
Chain of custody
|
|
What describes the purpose of chain of custody as applied to forensic image retention?
|
To provide documentation as to who has handled the evidence
|
|
What policy would force all users to organize their areas as well as help in reducing the risk of possible data theft?
|
Clean desk policy
|
|
What will educate employees about malicious attempts from an attacker to obtain bank account information?
|
Phishing techniques
|
|
What is a reason to perform user awareness and training?
|
To minimize the organizational risk posed by users
|
|
Used in conjunction, which of the following are PII?
|
Birthday and full name
|
|
On-going annual awareness security training should be coupled with
|
Signing a user agreement
|
|
Which of the following risks may result from improper use of social networking and P2P software?
|
Information disclosure
|
|
Main reason to require data labeling
|
To ensure that staff understands what data they are handling and processing
|
|
What should DRPs contain?
|
Hierarchical list of critical systems
|
|
Recovery point objects and recovery time objectives directly relate to which BCP concept?
|
Business impact analysis
|
|
A security firm has been engaged to assess a software application. A production-like test environment, login details, production documentation and source code have been provided. What type of testing is being described?
|
White Box
|
|
Which environmental control would best be used to regulate coding within a datacenter?
|
Hot and cold aisles
|
|
Which environmental variable reduces the potential for static discharges?
|
Humidity
|
|
What should be considered when trying to prevent somebody from capturing network traffic?
|
EMI shielding
|
|
With which of the following is RAID most concerned?
|
Availability
|
|
What reduces the likelihood of a single point of failure when a server fails?
|
Clustering
|
|
What is the best way to secure data for the purpose of retention?
|
Off-site backup
|
|
A security administrator is tasked with ensuring that all servers are highly available and that hard drive failure will not affect an individual server. Which configuration will allow for high availability?
|
Hardware RAID 5
Software RAID 1 |
|
A security administrator is in charge of a datacenter, a hot site and a cold site. Due to a recent disaster, the administrator needs to ensure that their cold site is ready to go in case of a disaster. What does the administrator need to ensure is in place for a cold site?
|
Location that meets power and connectivity requirements
|
|
A critical system in the datacenter is not connected to a UPS. The security administrator has coordinated an authorized service interruption to resolve this issue. This is and example of
|
Fault tolerance
|
|
In order to ensure high availability of all critical servers, backups of the main datacenter are done in the middle of the night and then the backup tapes are taken to an offsite location. What would ensure the minimal amount of downtime in the case of a disaster?
|
Having the offsite location of tapes also be the hot site
|
|
What concept ensures that the data is only viewable to authorized users?
|
Confidentiality
|
|
A security administrator working for a health insurance company needs to protect customer data by installing an HVAC system and a man trap in the datacenter. What is being addressed?
|
Confidentiality and Availability
|
|
A bulk update process fails and writes incorrect data throughout the database. What concept describes what has been compromised?
|
Integrity
|
|
What is an unauthorized wireless router that allows access to a secure network?
|
Rouge access point
|
|
A security administrator performs several war driving routes each month and recently has noticed a certain area with a large number of unauthorized devices. Which attack types is most likely occurring?
|
Rouge access point
|
|
Proper wireless antenna placement and radio power setting reduces the success of which of the following reconnaissance methods?
|
War driving
|
|
A rouge access point with the same SSID as the production wireless network is found. Which of the following best describes this attack?
|
Evil twin
|
|
A programmer allocates 16 bytes for a string variable, but does not adequately ensure that more than 16 bytes cannot be copied into the variable. This program may be vulnerable to what type of attack?
|
Buffer overflow
|
|
What must a programmer implement to prevent cross-site scripting?
|
Validate input to remove hypertext
|
|
What web application security weakness can be mitigated by preventing the use of html taos?
|
Cross-site scripting
|
|
During analysis of malicious code, a security analyst discovers java script being used to send random data to another service on the same system. This is most likely and example of what ?
|
Buffer overflow
|
|
Which attack is manifested as an embedded html image object or javascript image tag in an e-mail?
|
Cross-site scripting
|
|
A web application has been found to be vulnerable to a SQL injection attack. What best describes the required remediation action?
|
Add input validation to forms
|
|
An application log shows that the text "test; rm -r, /etc/passwd" was entered into an html form. What describes the type of attack that was attempted?
|
Command injection
|
|
What is most relevant to a buffer overflow attack?
|
NOOP Instructions
|
|
The detection of a NOOP SLED is an indication of what attack?
|
Buffer overflow
|
|
What device best allow a security administrator to identify malicious activity after it has occurred?
|
IDS
|
|
What should be enabled to ensure only certain wireless clients can access the networks?
|
MAC filtering
|
|
What best describes an intrusion prevention system?
|
A system that stops an attack in progress
|