Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
44 Cards in this Set
- Front
- Back
|
Which fo the following is a directional antenna that can be used in point-to-point or point-to-multi-point WiFi communication systems? |
Backfire |
|
|
A security admin needs to implement a secure wireless authentication method that uses a remote RADIUS server for authentication. What authentication method should she use? |
LEAP (Lightweight Extensible Authentication Protocol) |
|
|
Recently the desktop support group has been performing a hardware refresh and has replaced numerous computers. An auditor discovered that a number of the new computers did not have the company's antivirus software installed on them, what could be utilized to notify the network support group when computers without the antivirus software are added to the network? |
NIDS |
|
|
What authentication services should be replaced with a more secure alternative? |
TACACS (Terminal Access Controller Access-Control System) |
|
|
Verifying the integrity of data submitted to a computer program at or during run-time, with the intent of preventing the malicious exploitation of unintentional effects in the structure for the code is BEST described as...? |
Input validation |
|
|
Several departments in a corporation have a critical need for routinely moving data from one system to another using removable storage devices. Senior management is concerned with data loss and the introduction of malware on the network. What would best mitigate the range of risks associated with the continued use of removable storage devices?
|
A policy which details controls on removable storage use. |
|
|
A security analyst is reviewing an IRC channel and notices that a malicious exploit has been created for a frequently used application. She notifies the software vendor and asks them for remediation steps, but is alarmed to find that no patches are available to mitigate this vulnerability. What BEST describes this exploit? |
ZERO-day |
|
|
In performing an authorized penetration test of an organization's system security, a penetration tester collects information pertaining to the application versions that reside on a server. Which of the following is the best way to collect this type of information? |
Banner grabbing |
|
|
A security analyst must ensure that the company's web server will not negotiate weak ciphers with connecting web browsers. Which of the following supported list of ciphers must the security analyst disable? |
SHA, DES, MD5 |
|
|
COMPANY POLICY REQUIRES EMPLOYEES TO CHANGE THEIR PASSWORD EVERY 60 DAYS. THE SECUIRTY MANAGER HAS VERIFIED ALL SYSTEMS ARE CONFIGURED TO EXPIRE PASSWORDS AFTER 60 DAYS. DESPITE THE POLICY AND TECHNICAL CONFIGURATION, WEEKLY PASSWORD AUDITS SUGGEST THAT SOME EMPLOYEES HAVE HAD THE SAME WEAK PASSWORDS IN PLACE LONGER THAN 60 DAYS. WHAT IS MOST LIKELY reconfigured. |
COMPLEXITY |
|
|
A government agency wanbts to ensure that the systems they use have been depolyed as security as possible. Which of the following technologies will enforce protections on these systems to prevent files and services from operating outside of a strict rule set? |
Host-based firewall |
|
|
A user wants to protect sensitive info on his hard drive. He uses a program that encrypted the whole hard drive. Once the hard drive is fully encrypted, he uses the same program to create a hidden volume within the encrypted hard drive and stores the sensitive info within the hidden volume. This is an example of what two things? |
Plausible deniability |
|
|
What wireless protocols could be vulnerable to a brute-force password attack? |
WPA2-PSK |
|
|
A system administrator wants to implement an internal communication system that will allow employees to send encrypted messages to each other. The system must also support non-repudiation. Which of the following implements all these requirements? |
PGP |
|
|
A security technician is implementing PKI on a Network. The technician wishes to reduce the amount of bandwidth used when verifying the validity of a certificate. What should the technician implement? |
CRL |
|
|
Searching for systems infected with malware is considered to be which phases of incident response? |
d.) Identification |
|
|
A company is rolling out a new e-commerce website. The security analyst wants to reduce the risk of the new website being comprised by confirming that system patches are up to date, application hot fixes are current and unneeded ports and services have been disabled. To do this the security analyst will have to perform a: |
Vulnerability assessment |
|
|
CIO of a major company intends to increase employee connectivity and productivity by issuing employees mobile devices with access to their enterprise email, calendar, and contacts. The solution the CIO intends to use requires a PKI that automates the enrollment of mobile device certificates. When implemented and configured securely, what will meet the CIO's requirement? |
SCEP |
|
|
Which of the following services are used to support authentication services for several local devices from a central location without the use of tokens? a.) TACACS+ b.) Smartcards c.) Biometrics d.) Kerberos |
a.) TACACS+ |
|
|
What is replayed during wireless authentication to exploit a weak key infrastructure? b.) ticket exchange c.) Initialization vectors |
b.) Ticket exchange |
|
|
An employee attempts to visit a popular social networking site but is blocked. instead, a page is displayed notifying him that this cannot be visited. Which of the following most likely blocking the employees access to this site? |
Internet content filter |
|
|
A security technician has been tasked with opening ports on a firewall to allow users to browser the internet. Which of the following ports should be opened on the firewall? |
80 443 8080 |
|
|
Which of the following attacks initiates connection by sending specially crafted packets in which multiple TCP flags are set to 1? |
Xmas |
|
|
A network technician has received comments from several users that cannot reach a particular website. Which of the following commands would provide the BEST info about the path taken across the network to this website? |
tracert |
|
|
What is true about input validation in a client-server architecture, when data integrity is critical to the organization? |
It should be performed on the server side |
|
|
Which of the following is a programming interface that allows a remote computer to run programs on a local machine? |
RPC (Remote Procedure Call) |
|
|
A project team is developing requirements of the new version of a web application used by internal and external users. The application already features username and password requirements for login, but the organization is required to implement multi factor authentication to meet regulatory requirements. What would be added requirements will satisfy the regulatory requirement? |
Digital certificate Identity verification questions Tokenized mobile device |
|
|
The SSID broadcast for a wireless router has been disabled but a network administrator notices that unauthorized users are accessing the wireless network. The admin has determined that attackers are still able to detect the presence of the wireless network despite the fact that the SSID has been disabled. What would further obscure the presence of the wireless network. |
Disable responses to a broadcast probe request. |
|
|
Users can authenticate to a company's web applications using their credentials from a popular social media site. What posses the greatest risk with this integration? |
Password breaches to the social media affect the company application as well |
|
|
What algorithms has well documents collisions? |
MD5 |
|
|
What incident response plan steps would most likely engaging business professionals with the security team to discuss changes to existing procedures? |
Lessons learned |
|
|
Which of the following is an example of the multi factor authentication? a.) Credit card and PIN b.) Username and password c.) Password and PIN d.) Fingerprint and retina scan |
a.) creditcard and PIN |
|
|
A quality assurance analyst is reviewing a new software product for security, and has complete access to the code and data structures used by the developers. This is an example of which of the following types of testing? a.) Black box b.) Penetration c.) Gray box d.) White box |
d.) White box |
|
|
A system administrator is responding to a legal order to turn over all logs from all company servers. The system administrator records the system time of all servers to ensure that: |
time offset can be calculated |
|
|
A company has proprietary mission critical devices connected to their network which are configured remotely by both employees and approved customers. The administrator wants to monitor device security without changing their baseline configuration. What should be implemented to secure the devices without risking availability? |
IDS |
|
|
A system administrator is notified by a staff member that their laptop has been lost. The laptop contains the users digital certificate. What will help to resolve this issue? |
Revoke the digital certificate Issue a new digital certificate. |
|
|
What is primarily used to provide fault tolerance at the application level? |
RAID array Server clustering |
|
|
A tech has deployed a new VPN concentration. The device needs to authenticate users based on a back end directory service. What could run on the VPN concentration to perform this authentication? |
RADIUS |
|
|
A system administrator is conducting baseline audit and determines that a web server is missing several critical updates. What actions should the admin perform first to correct the issue? |
Open a service ticket according to the patch management plan. |
|
|
What will allow the security analyst to trigger a security alert because of a tracking cookie? |
Anti-spyware software |
|
|
The new CIO of company ABC has noticed that company NBC is always one step ahead with similar products. He tasked his CSO to implement new security controls to ensure confidentiality of company ABC's proprietary data and complete accountability for all data transfers. What security controls did the CSO implement to the BEST of his requirements? |
Hashing Encryptions |
|
|
As online store wants to protect user credentials and credit card info so that customers can store their credit card info and use their card fro multiple separate transactions. What database design proves the BEST security for the online store? |
Hash the credential fields and sue encryption for the credit card field |
|
|
A security engineer is faced with competing requirements from the networking group and database admins. The database admin would like ten application servers on the same subnet for ease of admin, whereas the networking group would like to segment all applications from one another. What should the security admin do to rectify this issue? |
Recommend classifying each application into like security groups and segmenting the groups from one another. |
|
|
|
|
