Measure Up Practice
Unlock all answers in this set
Unlock answersquestion
Your network is protected from the Internet by a firewall. You are concerned about potential risks in the firewall protection. What should you do?
answer
Scan the firewall's incoming ports with a port scanner.
question
A server application produces plain text output. The output needs to be encrypted before being delivered to local and remote client computers. Output varies in length depending on the client request. The processing requirements and the volume of data sent should be kept to a minimum. What type of cipher should be used?
answer
Stream Cipher
question
What security risk is inherent in dedicated router devices?
answer
Built-in administrative accounts and passwords.
question
A portion of a company's network is shown in the item. The support forum on the website allows users to post information about product issues. A support technician posts solutions to the problem. Customers report that they have been infected with malware after visiting the support forum on the company's website. Select the type of attack that occurred. Drag the mitigation controls that you should implement to prevent a future attack of this type. Each control can only be used once, and not all controls are used.
answer
Attacks - XSS // Internet Clients - Disable JavaScript, Install Antimalware // Web Server - Perform input validation, Configure a WAF, Perform code review
question
A company uses a Layer 2 switch to segment a network. Each department is assigned to a separate network segment. The conference room contains a wireless AP. You need to ensure that when a user connects a laptop computer to the wireless AP in the conference room, the user can access only resources in their own VLAN. What should you use?
answer
802.1x
question
Which firewall feature can you enable to mitigate the risk of DoS attacks against the AAA service?
answer
Flood Guard
question
You suspect that someone has been using your Wi-Fi to connect to the Internet. You want to make your AP less visible to war driving. What should you do?
answer
Disable SSID Broadcast
question
You are working with your company's security team to set security standards for mobile devices. One suggestion was to disable unused features and functionality. You need to determine if a disabled feature would adversely impact security measures that are already in place. One of the security team recommends disabling GPS on all company-owned mobile phones. Which security feature would this impact?
answer
Asset Tracking
question
Hackers have recently tried to gain access to a network by using valid user names and attempting to guess user passwords. You want to limit the number of times a user can enter a password before the account is disabled. Why type of policy do you need to configure?
answer
Account Lockout
question
A company recently reorganized. Several employees will be working from home. They will need access to resources on the company's network, including servers and data. You need to configure a secure solution. What should you do?
answer
Deploy a remote access server at the company network.
question
Which IPSec protocol provides confidentiality?
answer
ESP
question
You need to prevent access to servers on a subnet based on the IP address of the source and the port being used. Your network uses dedicated router devices throughout the network. You need to minimize the network changes necessary to configure the solution and also minimize the administrator effort necessary to maintain the solution. What should you do?
answer
Define an ACL on the router to the subnet.
question
You need to choose the most appropriate algorithm for verifying that a data file did not change during transmission. How is using a hash function for this purpose different from other block cryptographic algorithms?
answer
The value produced by a hash function cannot be decrypted, only compared.
question
A server is the victim of a data breach. Customer password information is exposed to the attacker. Which step in the incident response process is necessary to mitigate the risk of a reoccurrence of the attack?
answer
Conduct a post-mortem review to identify lessons learned.
question
You are configuring Transport Layer Security (TLS) using a block cipher algorithm for transport encryption. You are using a key exchange that supports forward security. What is the advantage of using forward security?
answer
The session key is not compromised even if a private key used in generating it is compromised.
question
A denial of service attack has occurred. Which questions should be answered during the identification phase? (Choose TWO.)
answer
What is the impact of the business? / What servers have been compromised?
question
You are trying to determine ways in which your network might be vulnerable to attack by a malicious insider with detailed knowledge of your infrastructure. What type of testing should you use?
answer
White Box
question
Which protocol provides compatible applications with a directory services lookup service?
answer
LDAP
question
When users log on to the domain, in addition to being given access to domain file resources, they are given access to a Microsoft SQL Server database server and an internal Web site through Windows integrated authentication. This is an example of what authentication model?
answer
SSO
question
You are working on a confidential report in a crowded airport terminal. What type of attack is most likely to occur?
answer
Shoulder Surfing
question
You are setting up a home office wireless network. You want the network to meet all of the following requirements: Prevent eavesdropping, block unauthorized attempts to connect to the network, enable automatic connection for authorized devices. You want to keep the network as secure as possible. What should you use?
answer
WPA2
question
You are preparing to delete a user account. The account is part of a working group in which each member maintains their own working files. Access permissions are managed through a group account. What is the potential risk of deleting the user?
answer
Files associated with the user account might be lost.
question
A company's SMTP server is blacklisted by several ISPs. After further investigation, it is determined that several users in the company inadvertently sent out emails to all the users on their contact list. You need to mitigate the risk that such an incident will reoccur. What should you implement?
answer
Outbound Spam Filter
question
Which password policies are most significant when ensuring that users create strong passwords? (Choose TWO.)
answer
Password Length / Password Complexity
question
For which of the following would you be likely to mitigate the risk of attack through use of a screened subnet?
answer
Supervisory Control and Data Acquisition (SCADA)
question
A secure email client is being developed. You need to choose an appropriate method for digitally signing and encrypting messages. The method chosen must be supported across a broad base of platforms. What should you recommend?
answer
Pretty Good Privacy (PGP)
question
Which of the following is designed to perform one-way encryption?
answer
SHA
question
Which key is used to encrypt data in an asymmetric encryption system?
answer
The recipient's public key.
question
Users report that Web server response was slow overnight. You suspect an attempted attack against the Web server. The Web server is deployed in a perimeter network. What should you do? (Choose two.)
answer
Review the Web server log files. / Review the firewall log files.
question
Which of the following can be used to prevent external electrical fields from affecting sensitive equipment?
answer
Faraday Cage.
question
Your business relies on a server-based, mission-critical application. It is a commercially produced proprietary application. What actions should you take to keep the application secure? (Choose TWO.)
answer
Keep application patches and fixes up-to-date. / Physically uninstall any unnecessary applications from the application server.
question
A company is concerned about protection against zero-day attacks that are initiated by a malicious script on a website that is visited by employees. Which security option will mitigate the risk of such an attack?
answer
Heuristic Content Inspection
question
You are configuring a host firewall. You need to prevent files from being uploaded or downloaded in a clear text transmission. Which ports should you block? (Choose all that apply.)
answer
TCP 21 / UDP 20 / UDP 69 / TCP 20
question
Company A is planning to partner with Company B on a project. The project will require an application server at Company A to access a database server at Company B. You want to document the business and compliance requirements of the connection. What should you use?
answer
Memorandum of Understanding (MOU)
question
You are looking for a method to manage access to a secure area. You want to allow entry through a locked gate automatically and track individuals going into and out of the area. Which method should you use?
answer
Proximity Reader
question
Your company is preparing to deploy several new computers that have the most recent version of trusted platform module (TPM) hardware installed. What is the significance of TPM being install in the computers?
answer
The TPM will work with encryption to generate keys that require a TPM and system platform measurements for decryption.
question
Which attacks are DoS attacks against a Wi-Fi network? (Choose all that apply.)
answer
Replay / Jamming
question
A virus is designed to format a computer's hard disk based on a specific calendar date. What kind of threat is this?
answer
Logic Bomb
question
Your network supports a DAC system to manage file access permissions. How is this information maintained on the network?
answer
As ACLs
question
What should you do to ensure that messages between an SNMP management station and SNMP agents are encrypted?
answer
Create IPSec filters for ports 161 and 162.
question
A standard antivirus program is based on what kind of monitoring methodology?
answer
Signature-Based
question
What can be done to prevent cookie poisoning?
answer
Encrypt cookies before transmission.
question
You are preparing to deploy an e-commerce Web site. The Web site uses dynamically generated Web pages based on user input. This is a requirement for the application running on the Web site. You need to design the site to prevent cross-site scripting attacks. You need to choose the most appropriate action to take. What should you do?
answer
Implement user input validation.
question
A company is concerned about the impact that could occur if an employee opened a malicious hyperlink. What type of security assessment should the company use?
answer
Internal Penetration Test
question
Your organization has recently seen an increase in thefts of laptop computers and other electronic equipment. You want to keep equipment as accessible as possible while trying to prevent equipment theft. User actions needed to keep the equipment secure need to be kept to a minimum. What should you do?
answer
Secure equipment with cable locks.
question
Which component of PKI is necessary for a CA to know whether to accept or reject certificates from another CA? (Choose TWO.)
answer
Certificate Revocation List (CRL) / RA
question
Three companies are working together to produce a movie. A subscription to a service allows them to share data related to the project and host online meetings. Each organization has some management capabilities. What does this exemplify?
answer
Community Cloud
question
A database contains organizational, product, and customer data. The SAN disk storing the database file also hosts several other large files. You need to implement a solution that will protect customers' personally identifiable information. The solution should not impact the ability to access other data from the database or degrade general data processing performance. What should you use?
answer
Use Field-Level Encryption
question
You are deploying a wireless networking infrastructure within your organization. You want to provide centralized authentication and authorization support for your wireless access points (WAPs). What should you use?
answer
Remote Authentication Dial-In User Service (RADIUS)
question
What type of policy is posted on a company's website and describes how it uses and protects customer data?
answer
Privacy Policy
question
You are deploying an application server on your network that will require a higher level on defense against potential software threats that other servers on your network. You want the server to be able to actively defend itself against active attacks and potential malware infections. You need to provide this protection without impacting other servers already deployed on your network. What should you use?
answer
Host-Based Prevention System (HIPS)
question
Which of the following is a stand-alone algorithm that can be used for message authentication of a plaintext (non-encrypted) message?
answer
RIPEMD
question
You want to use a backup scheme that does not take too much time or require very high capacity tapes each night. Because you do not have to restore data that often, you do not care if the restore process is lengthier as a result, but you do not want it to take an unreasonable amount of time. Which of the following would be the best back up scheme to meet your goals?
answer
Perform a full backup weekly. Perform incremental backups nightly.
question
You are deploying a new website. You need to request an SSL certificate from a public CA. What should you do first?
answer
Generate a public and private key pair for their server.
question
Your company has begun allowing employees to bring their own devices and to connect to the company network. Which mobile device policies would help prevent BYOD devices from compromising security for devices that are already running on the network? (Choose TWO.)
answer
Patch Management / Antivirus Management
question
Which attacks are more effective when the attacker looks familiar to the victim? (Choose all that apply.)
answer
Tailgating / Spear Phishing
question
A server has failed four times in the past year. Which measurement is used to determine the amount of time the server was operational?
answer
MTBF (Mean Time Between Failures)
question
You are determine environmental control requirements for a data center that will contain several computers? What is the role of an HVAC system in this environment? (Choose TWO.)
answer
Maintain appropriate humidity levels. / Provide an appropriate ambient temperature.
question
You are developing an Internet-based application. Users will need to create passwords that are eight or more characters in length for authentication. You need a secure method to store user passwords. You want a solution that is as secure as possible against brute force attacks. What algorithm should you use for creating password-based key derivations? (Choose TWO.)
answer
PBKDF2 / Bcrypt
question
Your network administrator backs up the server by using an incremental backup strategy. He uses seven tapes, one tape per day, and he performs the backup at the end of each business day. He does a full back up on Friday and Tuesday and an incremental on the other days. The server crashes on Sunday morning before the opening of business. How many tapes will he use to perform the restore on Sunday?
answer
2
question
What is the primary risk of an integer overflow attack?
answer
Arbitrary Code Execution
question
Your company provides specialized assistance to other companies working on projects that require a high level of technical expertise. Your company's employees are organized around work teams that contract with outside companies. You need to ensure that the employees on a team trust certificates from the contracting company. They should not trust certificates that are associate with a project if they are not part of the project team. You need to implement a PKI trust model that lets you specify which users will trust which CAs. You need to be able to end this relationship at the end of the contract. What should you use?
answer
CTL (Certificate Trust List)
question
A company has an IPv6 network with three sites. Which IP address can be routed only between cooperating sites?
answer
fc00::/7
question
Your company has a web server, an IPS, and a database server on the perimeter network. You need to determine if there are vulnerabilities that would permit an attacker to compromise the database server. What are the possible ramifications of performing an intrusive vulnerability scan? (Choose TWO.)
answer
Additional vulnerabilities might be introduced. / Services might become inaccessible.
question
Two devices communicate using NFC. Which attack represents the greatest vulnerability?
answer
Eavesdropping
question
Network users whose computers are running Windows 7 complain that the extra windows that appear when they browse the Internet are becoming a nuisance. The user is able to close the windows and they do not prevent the user from browsing the Internet. You need to prevent these windows from appearing. What should you do?
answer
Configure the browser's popup blocker.
question
An area that has an entry door that automatically locks when the exit door unlocks.
answer
Mantrap
question
An environmental control that helps detect theft.
answer
Video surveillance
question
An environmental control that helps detect overheated equipment.
answer
Environmental Monitoring
question
A compensating control that deters unauthorized access.
answer
Signs
question
You suspect that an attacker is sending damaged packets into your network as a way to compromise your firewall. You need collect as much information about network traffic as possible. What should you use?
answer
Protocol Analyzer
question
You want to ensure that users are securely and accurately identified when accessing the network. Which identification method is LEAST secure?
answer
Username
question
You are creating a BCP. What should you use as a guideline for determining the restoration order for servers?
answer
BIA (Business Impact Analysis)
question
Which of the following best describes a digital signature?
answer
A message hash encrypted with the sender's private key.
question
You are helping an organization develop a backup plan. You need to ensure that data backups are available in case of a catastrophic failure. You need to keep the plan as inexpensive as possible. What should you do?
answer
Back up to removable media and store a copy offsite.
question
You are deploying a sensitive database server on your network. You need to make sure you are alerted about anything suspicious in the network traffic in and out of the server, or any attempts to change system files on the server. What should you do?
answer
Deploy a host-based intrusion detection system (HIDS).
question
You are designing security for a financial application. You need to ensure that all tasks relating to the transfer of money require actions by more than one user through a series of checks and balances. All activity must be audited and logged. On what access control method should you design your security model?
answer
Separation of Duties
question
You are designing security for network servers. The design requirements call for the servers to be kept in a locked room with limited physical access. You want to ensure that physical access is controlled as tightly as possible and prevent unauthorized access. What should you do?
answer
Secure the room with a biometric-based lock.
question
Your company hired a new network administrator. The administrator will also be assisting with user support. How should you set up account security for the new administrator?
answer
Create an administrator account and a standard user account.
question
Client computers on a network use POP3 over SSL to receive e-mail. The e-mail service uses standard port assignments. Which port on the Internet face of the firewall should allow inbound packets?
answer
TCP port 995
question
You are deploying a new server application that accepts input forms from the Web. You are concerned about injection attack against a database server that acts as the backend for the application. Which action will help prevent attacks?
answer
Server-Side Input Validation
question
You encrypt your smart phone using the built-in hardware encryption. What is a potential risk of this?
answer
Decrypting the device will result in data loss.
question
You want to prevent people from reusing passwords too frequently. Which password policies will prevent this? (Choose TWO.)
answer
Password History / Password Minimum Age
question
Attack Vector: Attempt to request financial information by phone. Target: Cell phone users.
answer
Vishing
question
Attack Vector: E-mail requesting sensitive business information. Target: Upper-level management.
answer
Whaling
question
Attack Vector: Redirecting individuals to a different, similar Web site to steal customers. Target: Internet users.
answer
Page Hijacking
question
Attack Vector: Rouge security software that installs malware or steals information. Target: Internet users.
answer
Scareware
question
You are preparing to perform vulnerability analysis on a network. Which tools require a computer with a network adapter that can be placed in promiscuous mode? (Choose TWO.)
answer
Protocol Analyzer / Vulnerability Scanner
question
A portion of the company network is shown in the exhibit. The DNS server has crashed twice in a 24-hour period. Analysis of network traffic indicates that the DNS server has been receiving ICMP packets that are larger than allowed by the IP protocol. What type of attack does this indicate?
answer
Ping of Death
question
Which wireless authentication method requires certificates on both the client and the RADIUS server?
answer
EAP-TLS (Extensible Authentication Protocol Transport Layer Security)
question
An individual is contracted to set up a Web farm that includes an access portal for your network. That same individual uses the information gained during that process to infiltrate your network at a later time. How is this type of attack categorized?
answer
Malicious Insider
question
You have conducted a risk assessment and identified a list of possible security controls. Which security controls should you implement first?
answer
The security controls that will mitigate the threats with the highest risk.
question
You discover that when network users attempt to navigate to your company's public Web site, they are being redirected to a different Web site. This is an example of what type of attack?
answer
DNS Poisoning
question
What can you prevent when you deploy wireless devices inside a TEMPEST-certified building?
answer
War Driving
question
An application is being designed to digitally sign files as it publishes them for distribution. What algorithm should be used for this purpose?
answer
RSA
question
A hosting company has set up an infrastructure that provides storage and applications that are targeted specifically at non-profit fundraising organizations. Only these types of organizations will be allowed to subscribe, and each organization's data will be kept separate. Subscribers will be charged an annual fee for access. This is an example of which?
answer
Community Cloud
question
A company has an Ethernet network with four switches, as well as two wireless APs. All devices that connect to either network must be authenticated using EAP. What should you use?
answer
802.1X
question
Your company is deploying a claims-based identity system that will use a multifactor authentication. It includes a Security Token Service (STS) to help manage access to secure applications. What is the role of the STS?
answer
Authenticating clients and issuing security tokens.
question
Which environmental control is part of TEMPEST compliance?
answer
Shielding
question
A remote collection server is managed through command-line commands. Until recently, you have been using Telnet to connect to the server, but you suspect that one or more passwords have been compromised. You are going to disable Telnet connectivity on the server. You need to use a more secure method of logging in and executing commands. What should you use?
answer
SSH
question
You have deployed PKI within your organization. To meet legal reporting requirements, you need to implement a way to provide decryption keys to a third party on an as-needed basis. What should you do?
answer
Implement a key escrow arrangement.
question
What is the difference between continuous monitoring and continuous auditing?
answer
Ownership of the process.
question
You are tasked with determining the best use of client-side and server-side validation for a new web-based application. What is a potential risk of using client-side validation?
answer
Client-side validation can be easily bypassed.
question
Which method is commonly used to mitigate attack risks to game consoles?
answer
Firmware Updates
question
A server application is currently under development. It has been discovered that some errors, such as a divide by zero error, can leave the application running in an unstable condition. The application needs to respond more appropriately to errors and generate an error message when they occur. What should you implement? (More than one answer may be correct, choose the BEST answer.)
answer
Exception Handling
question
Some network traffic is being redirected to a client that is infected with a Trojan. The IP addresses and MAC addresses on the redirected packets do not match up correctly. All packets have the MAC address of the infected system. The IP addresses are legitimate host addresses. This is a symptom of which kind of attack?
answer
ARP Poisoning
question
What entity within a PKI verifies user requests for digital certificates?
answer
Registration Authority
question
How do anomaly-based monitoring methodologies identify potential incidents?
answer
Comparing network activity to an established baseline.
question
A company has a 1 Gbps Ethernet network. The company wants to implement a SAN without investing in additional network infrastructure. Which protocol can they use?
answer
Internet Small Computer System Interface (iSCSI)
question
A company has a database that is used to store product inventory. The cost to the company is very high if the database is not available. Which two technology controls could be used to improve the database's availability? (Choose TWO.)
answer
RAID / Clustering
question
A company performs information classification. What is the outcome of this process?
answer
Data is categorized in terms of confidentiality, integrity, and availability requirements.
question
A company wants to allow users to access the network using company-issued tablets. Only approved apps can be installed on the devices. What MDM feature provides the necessary functionality to meet this requirement?
answer
Application Whitelisting
question
An employee has gained unauthorized access to a company confidential file on a file server. The employee denies viewing the file. What can you use to provide nonrepudiation?
answer
Audit Log
question
You need to select an appropriate authentication protocol for a Point to Point Protocol (PPP) connection with a remote server. Authentication should be based on a hash of a shared secret key. What should you use?
answer
Challenge-Handshake Authentication Protocol (CHAP)
question
You need to determine the appropriate operating system (OS) platform for developing a highly secure application. The OS must have built-in support for multilevel security. The OS should be evaluated based on Common Criteria for Information Technology Security Evaluation (Common Criteria). What security designation do you need to look for in the OS?
answer
Trusted
question
A computer with the IPv4 address 192.168.1.205/26 periodically sends out broadcast messages. Which computer would receive these messages?
answer
192.168.1.225/26
question
Preparing a warm site that can take over business operations quickly in case of a failure is an example of which of the following?
answer
Risk Mitigation
question
When calculating risk assessment for an organization, what is the role of impact assessment?
answer
Estimating the potential costs related to a threat.
question
You are looking for a way to know when people approach any of several secure areas. The method must be active 24-hours a day. You want to keep recurring expenses related to the solution to a minimum. What should you use?
answer
Video Surveillance
question
Your Web site has been the repeated target of cross-site request forgery (XSRF) attacks. You want to try to prevent these from occurring. What should you do?
answer
Require a secure, user-specific token for form submissions.
question
You are hired as the security administrator for a financial services company. You have been directed to set up a key escrow for all encrypted data. what should you do?
answer
Provide copies of all keys to a designated third party.
question
What is a potential risk associated with WEP when it is used to secure a WLAN?
answer
Weak Encryption
question
Your department will be working with the United States Department of Defense (DoD). As part of this, department members must be able to provide secure authentication credentials for access to government resources. what is the standard method of managing this?
answer
Common Access Card (CAC)
question
You created custom error pages for your Web site. An attacker modified the error pages through data input through a data form on the Web site. Error pages are dynamically generated when an error occurs and the page is rendered containing script that directs the user to a malicious Web site. This is an example of what type of attack?
answer
Cross-Site Scripting (XSS)
question
You are configuring a server to be used as an FTPS server. You plan to use well-known port assignments. Only connections encrypted with TLS should be permitted. The host firewall is configured for implicit deny. You define the following firewall rules: Allow UDP port 989 / Allow TCP port 989. Which additional firewall rules should you define? (Choose TWO.)
answer
Allow UDP port 990 / Allow TCP 990
question
What does IPsec use to determine when to create a new set of keys?
answer
Internet Security Association and Key Management Protocol (ISAKMP)
question
When should a company perform a qualitative risk assessment?
answer
When working within a limited time frame or budget.
question
A server has a firewall that is configured for implicit deny. You need to be able to remotely manage the server using command-line tools from a dedicated management workstation. Management traffic must be encrypted. Which port should you allow?
answer
TCP 22
question
A company recently started allowing employees to use personal mobile devices to connect to the company network. Users are concerned about the discovery and use (or misuse) of personally identifiable data stored on the devices. What type of policy should the company issue?
answer
Privacy
question
Your network is isolated from the Internet by a firewall that also acts as a proxy server. You suspect that a potential attacker has been probing your network looking for open ports. What should you do?
answer
Check the firewall log.
question
Each of the following situations describes an organization that is looking for an Internet-based solution. Any employee with Internet access should have access to the resources described. In which of these situations would it be most appropriate to use a hybrid cloud?
answer
An organization hosts its own applications and data, but occasionally needs additional overflow storage.
question
You are designing a solution to protect your network from Internet-based attacks. You need to ensure that devices that connect to the network have operating system updates and current antivirus. Devices that do not should be automatically remediated. What should you implement?
answer
Network Access Control (NAC)
question
You receive a security bulletin that a patch is available for an application running on all network client computers. The application is a mission-critical application. You download the patch to a directory on a network server. What should you do next?
answer
Test the patch on select isolated computers.
question
You need to identify the source of malformed network packets flooding your network. What should you use?
answer
Protocol Analyzer
question
A subscription to a productivity application allows users in a company to create and share documents. The service is not hosted on a dedicated server. What is this an example of? (Choose TWO.)
answer
Software as a Service (SaaS) / Public Cloud
question
You deploy a two-factor authentication system for your network computers using a smart card and PIN. Despite this, unauthorized personnel are gaining access to the network. What should you do to help prevent this in the future?
answer
Improve user education and awareness training.
question
What can be done to help minimize the risk of malware infection while a mobile device is browsing the Internet from a connection that is provided by a corporate network? (Choose TWO.)
answer
Implement patch management. / Disable unused features.
question
You are configuring a firewall between the Internet and your perimeter network. There are two servers on the perimeter network. Both servers host a Web application that uses TLS. Which port should you configure to allow incoming and outgoing traffic?
answer
TCP 443
question
An employee uses P2P software on the company network. What are the two most likely security ramifications? (Choose TWO.)
answer
Confidential data will be disclosed to users outside the company. / Malicious software will be installed on the user's computer.
question
You need to include a RADIUS authentication server when implementing which of the following in your network configuration? (Choose all that apply.)
answer
802.1X Network Access Control / WPA2-Enterprise
question
You need to allow computers on the Internet to initiate connections to a host on the internal network with the address 192.168.50.12/24. What should you use?
answer
Port Forwarding
question
You install an NIPS in your perimeter network. You need to determine how effective the NIPS is against DoS attacks targeting your Web servers. What should you do?
answer
Perform Penetration Testing
question
A switch becomes a victim of a MAC flooding attack and allows an attacker access to all VLANs configured on the switch. You need to mitigate the risk of the attack reoccurring. What should you do? (Choose all that apply.)
answer
Implement Port Security / Bind a MAC address to each port.
question
What is the primary purpose of a Clean Desk Policy (CDP)?
answer
Protecting the confidentiality of data.
question
What is the most appropriate type of fire suppression system to install in a data center computer room?
answer
Gaseous Fire Suppression
question
You are preparing to conduct a vulnerability scan of an application server. You need to determine whether to conduct a credentialed scan or a non-credentialed scan? (Choose all that apply.)
answer
A credentialed scan allows you to generate a list of USB devices that have been attached. / A credentialed scan allows you to identify missing patches.
question
You need to be able to prevent users on social media sites from learning your location based on the pictures you share from your smartphone. What should you do?
answer
Disable Geotagging
question
What steps can you take to mitigate the risk of a DDoS attack against a web server? (Choose all that apply.)
answer
Monitor and analyze traffic trends. / Disable unnecessary services.
question
Which statement best describes an SSL or TLS connection?
answer
The client and server negotiate to determine the algorithms that will be used.
question
A firewall is configured to block all incoming traffic by default. This is an example of what?
answer
Implicit Deny
question
Which computing environments are designed to download firmware updates exclusively and directly from the Internet? (Choose all that apply.)
answer
Smart Appliances / Game Consoles
question
A port scan indicates that a computer is listening on port 80. What does this mean?
answer
The computer is running Web server software.
question
You are designing a Web-based application. You design the application so that it runs under a security context that has been granted only the permissions required for the application to run. This is an example of which of the following?
answer
Principle of Least Privilege (POLP)
question
What is the most cost-effective way to defend against whaling attacks?
answer
Educate and train upper management.
question
A new server application is deployed on your network. This is a recently released version of the application. You need to ensure that fixes to any vulnerabilities are applied as quickly as feasible. All changes need to be documented. What should you implement?
answer
Patch Management
question
Field sales personnel have product and price lists loaded on their smartphones. This is critical data for your business. You need to ensure that this data is not accidentally disclosed or compromised while salespeople are traveling or are at customer sites. What should you do?
answer
Install and enable remote wipe. / Require passwords on mobile devices.
question
Users report that they lose connection to the wireless access point. You investigate and discover radio frequencies that have a similar pattern to those transmitted by the access point. What type of attack should you suspect?
answer
Jamming
question
An e-mail server supports IMAP connections. You need to ensure that all IMAP traffic is encrypted. What should you do? (Choose all that apply.)
answer
Allow traffic on TCP port 993. / Block traffic on TCP port 143.
question
What is a limitation of using a CRL to determine whether or not a certificate is valid?
answer
A CRL does not provide for real-time updates.
question
Which statement best describes hashing?
answer
Transforming a variable-length input into a fixed-length string.
question
An outgoing message is encrypted before transmission using asymmetric cryptography. What does the recipient need to decrypt the message?
answer
The recipient's private key.
question
Your boss is concerned that an administrator might accidentally introduce a security vulnerability when installing a new server. What can you use to mitigate this risk?
answer
Change Management
question
You want to design your network security around multifactor authentication. Which is a valid example of multifactor authentication?
answer
Smart card and PIN
question
You have six 100 GB hard disks available for data storage. Which RAID configuration will provide the most available storage with fault tolerance?
answer
RAID-5
question
The following ports are open on your perimeter network firewall: 22 / 23 / 443 / 992. Which port represents the biggest security risk from an antiquated protocol?
answer
23
question
A company with a UTM wants to ensure that documents with the words "confidential" or "revenue" inside them are not sent outside the company through email or copied to a cloud service. Which UTM feature should the company configure?
answer
Data Loss Prevention (DLP)
question
As the number and types of clients increases on a company's network, the company sees a eed to place greater controls on access to its mainframe. The mainframe is deployed on a screened subnet with critical network servers and bounded by a stateful firewall. You want to implement a solution that filters traffic by port, protocol, and detailed packet content. What should you use?
answer
Application Firewall
question
You are a security administrator for a company that has been contracted by a local government agency for a data collection and reporting project. Data must be stored locally to your organization and the company will be issuing weekly summary reports. At some point, it may be necessary for the government agency to view the raw data, but only after receiving proper authorization from its supervising agents or through a court order. You need to ensure this capability. What should you do?
answer
Set up a key escrow.
question
Company data policy states that when a hard disk is taken out of service, it should be secured against any access to the data that was originally on the disk. Drives must be in a state that they can be put back into use later, if necessary. What method should be used?
answer
Multiple Overwrites
question
You discover attempts to compromise your Web site. The attacks are based on commands sent from authenticated users' Web browsers to the Web site. The commands execute at the user's permission level. Users who have been contacted had no idea tat the commands were being sent from their computers. What kind of attack does this represent?
answer
Cross-Site Request Forgery (XSRF)
question
A company has identified the risks shown in the exhibit. Arrange the entries in the order of rank. Place the highest ranking risk at the top of the list.
answer
XSS attack against Web server / SQL injection attack steals customer data / DoS against Web server / Fire destroys data center
question
A company with a UTM wants to allow employees in the Marketing department to be able to access Facebook, but prevent them from clicking links. What should the company do?
answer
Implement the application control feature of the UTM.
question
At attacker discovers a user's password by using a set of pre-computed hashes. What type of attack occurred?
answer
Rainbow Table
question
Which wireless authentication protocol performs only client authentication?
answer
EAP-MD5
question
You are designing a secure application environment. You need to ensure that data is kept as secure as possible. You need to select the strictest access control model. What access control model should you use?
answer
Mandatory Access Control (MAC)
question
You want to create a document that describes what types of things employees are permitted to do regarding e-mail and Web usage. What should you create?
answer
Acceptable Use Policy
question
You are investigating some malware that has infected a server in your company. You make a digital copy of the hard drive that you can analyze. You place the original drive in a secure cabinet. What aspect of incident response does this illustrate?
answer
Chain of Custody
question
You are tasked with finding a way to ensure non-repudiation on outgoing e-mails. What should you use?
answer
Digital Signature
question
Client computers need to connect with an older server through a point-to-point protocol (PPP) connection. You need to support a wide variety of operating systems and versions. You are concerned about the potential risk of replay attacks and compromise of authentication credentials. Which authentication type should you use?
answer
Challenge-Handshake Authentication Protocol (CHAP)
question
Which wireless protocol provides data confidentiality and integrity using AES?
answer
Cipher Block Chaining Message Authentication Code Protocol (CCMP)
question
A local theme park requires a thumbprint scan to verify identity. This is an example of which authentication factor?
answer
Something you are.
question
You have deployed a mission-critical server. You have been asked to recommend a security assessment method.
answer
Penetration Testing: Bypasses security controls, Exploits a vulnerability, Identifies the compromised data. // Vulnerability Scanning: Finds only known vulnerabilities, Creates a baseline of vulnerabilities.
question
A critical server application is susceptible to shell injection privilege escalation attacks. How can you minimize the potential impact of this type of attack?
answer
Run the application with the minimum permissions required.
question
A supervisory control and data acquisition (SCADA) network is used to monitor and manage a utilities distribution substation. The system must be able to recovery from device failures as quickly as possible. What should you use to help ensure this?
answer
Control redundancy and diversity.
question
Targeted e-mail attacks directed at a company's senior executives is an example of what type of social engineering attack?
answer
Whaling
question
On a network that uses Kerberos, what does the client computer present as authentication to the server that contains a resource?
answer
Session Ticket
question
A web application accepts data from a user in an HTML form and sends that data to a web service using the following format: 1 Jane Doe 12345 An elevation of privilege attack occurs on the server that hosts the web service. What type of application attack was used?
answer
Extensible Markup Language (XML) Injection
question
Identify the attack types by dragging each attack type to the box next to its common attack vector and target. Attack Vector: Locks up system and encrypts data files. / Target: Internet Users
answer
Attack Type: Ransomware
question
Identify the attack types by dragging each attack type to the box next to its common attack vector and target. Attack Vector: Redirection to fake web site to steal information. Target: Internet Users
answer
Attack Type: Pharming
question
Identify the attack types by dragging each attack type to the box next to its common attack vector and target. Attack Vector: E-mail requesting sensitive information such as account numbers. Target: Multiple Users
answer
Attack Type: Phishing
question
Identify the attack types by dragging each attack type to the box next to its common attack vector and target. Attack Vector: Theft of data from a wireless device. Target: Wireless devices and cell phones.
answer
Attack Type: Bluesnarfing
question
You are hiring a consultant to provide a social media presence for your organization. The consultant will use her own computer. What are two potential security implications that should be covered by a legally binding policy document? (Choose TWO.)
answer
Unauthorized Data Sharing / Data Ownership for Content Created
question
You need to control user access to files and folders on a network file server. The ability to read, write, and modify data needs to be managed based on individual users and on the groups to which they belong. What type of security control do you need to use?
answer
Access Control Lists (ACL)
question
What can you use to mitigate the risk of an evil twin attack?
answer
Radio Frequency (RF) Monitor
question
One set of permissions are assigned to a user account. Other permissions are assigned to a group to which the user belongs. How are effective rights determined?
answer
Permissions assigned to the user and group are combined.
question
Your network connects to the Internet through a single firewall. The internal network is configured as a single subnet. You need to deploy a public Web server to provide product information to your customers. What should you do?
answer
Configure a Demilitarized Zone (DMZ) and deploy the Web server on the DMZ.
question
All computers in your organization come with Trusted Platform Module (TPM) installed. What type of data encryption most often uses keys generated from the TPM?
answer
Full Disk Encryption
question
A company is looking to develop an Internet-level browser-based Single-Sign On (SSO) solution. What should they use to accomplish this?
answer
Security Assertion Markup Language (SAML)
question
Which protocol can you use to ensure that a server accepts Telnet traffic only from a designated computer?
answer
IPSec
question
You are installing wireless access points on a company network that is separated from the Internet by a firewall. Which two steps can you take to mitigate the risk of eavesdropping by outsiders? (Choose TWO.)
answer
Adjust the antenna placement. / Reduce the transmission power.
question
A company has a main office and three branch offices. They need to meet the following security requirements: All website traffic must be scanned for malware. All email traffic must be scanned for malware. Traffic between the main office and the branch offices should be secure. Users should not be able to access sites with inappropriate content while at work. What should you implement?
answer
UTM Appliance (Unified Threat Management)
question
The mail server receives a large number of packets of the type shown in the exhibit. The packets are coming from all computers in the local network. What type of attack is under way?
answer
Smurf Attack
question
A port scan indicates that a computer is listening on port 137. Which service is the computer running?
answer
Windows Internet Naming Service (WINS)
question
Your organization is transitioning from a wired to a wireless network infrastructure. An outside company is being brought in to perform a wireless site survey for your organization. What should you expect as the primary feedback from the survey?
answer
Optimum Access Point (AP) Placement
question
Your organization has developed a fault-tolerant design to help ensure business continuity in case of a disaster. The site has mission-critical hardware already installed and connectivity already established. Data backups of critical data are on hand, but they may be up to a week old. This is an example of which of the following:
answer
Warm Site
question
You are bringing in four temporary employees to work on a short-term project. Security is a major concern and much of the activity relating to the project with be audited, especially file activity. You have set up a folder with reference files needed for the project. You have also set up a project data file folder. You create a group named SpecProject that will have all project personnel, including employees and temporary personnel, as members. All users will need access to all project data files. You need to find the best way to manage security for the temporary users. What should you do? (Choose all that apply.)
answer
Create four user accounts for temporary employees. / Assign permissions on a per-group basis.
question
A router has five virtual terminals. You need to ensure that all router management traffic is encrypted. You run the commands necessary to generate a certificate. Which additional commands should you run?
answer
line vty 0 4 transport input ssh
question
Your recovery plan states that it will take, on average, three hours to restore services to an operational level after a catastrophic failure. This value is known as what?
answer
Mean Time to Restore
question
What kinds of attacks involve intercepting network packets? (Choose all that apply.)
answer
Man-In-The-Middle / TCP/IP Hijacking
question
You are designing network access control so that remote users are limited to accessing the network during normal business hours only. Policies regarding user access apply to all users. This is an example of what type of access control?
answer
Rule-Based Access Control
question
Which wireless protocol uses the pre-shared key to encrypt data?
answer
Wired Equivalent Privacy (WEP)
question
A company has an office on the fifth floor of a building in a city that is prone to earthquakes. Earthquakes have been identified as the most important risk to mitigate. Which risk mitigation controls would be most important to ensuring employee safety? (Choose all that apply.)
answer
Drills / Escape Plans / Emergency Lighting
question
A solution vendor bills customers for access to a three-tier application based on usage. The application is deployed in the vendor's data center as sets of clustered virtual machines. Which type of network design element is exemplified?
answer
Infrastructure as a service.
question
You receive a direct message from a friend on a social network. The message tells you about an offer to receive a $100 gift card if you are one of the first 25 to respond to a survey. You click the link and become infected with malware. Which attack principles contribute to the effectiveness of this attack? (Choose all that apply.)
answer
Trust / Scarcity
question
You are a member of your company's security team and a network administrator. You arrive at the office early once Monday morning, enter the server room, and see that the cabinet holding the daily backup tapes has been forced open and tapes are spilled out onto the floor and table. You also notice that one of the servers is running a backup. What should you do first?
answer
Secure the area.
question
A data analysis application will use a session key when transferring results. What will be used for encrypting data?
answer
Symmetric Key
question
You are setting up a Wi-Fi infrastructure for a hotel. The hotel wants the Wi-Fi configured to redirect guests to a Web page that provides usage instructions and prompts them for authentication information before they are granted Internet access. What should you do?
answer
Configure a Captive Portal
question
You need to test a program that might be a previously unknown type of malware. You need to minimize the risk while testing and also minimize the effort necessary to recover after testing. What should you do?
answer
Test the program on a virtual machine.
question
You configure your firewall to support a perimeter network. You deploy two Web servers on the perimeter network. You want to deploy a security tool that can help reconfigure the network automatically in response to detected threats. What should you use?
answer
Network Intrusion Prevention System (NIPS)
question
A company is doing research on highly secure key exchange. A communication partner should be able to detect if a third party eavesdrops on the key exchange. On what type of cryptography should this technology be based?
answer
Quantum
question
The basic formula for calculating ALE uses what two values? (Choose TWO.)
answer
Revenue loss from a single risk occurrence. / The number of times you can expect a risk to occur during a year.
question
Your company is limiting the data which mobile devices are allowed to use. This is an example of which type of device security?
answer
Device Access Control
question
How does a Network Address Translation (NAT) server help protect your network?
answer
By masking the IP addresses of internal computers from the Internet.
question
War Chalking is used for what purpose?
answer
To publicize an unprotected or poorly protected access point.
question
Your company has started allowing personal mobile devices on the company network. When users connect to the company Wi-Fi, a screen appears that describes what they can and cannot do on the network, and prompts them to click to acknowledge their agreement. If a user does not click Yes, he or she is not allowed to connect to the network. This is an example of what?
answer
Acceptable Use Policy (AUP)
question
You need to secure access to network file servers. Your first task is to determine current access permissions. What should you do?
answer
Review effective access permissions.
question
You configure a computer's personal firewall software to block Internet Control Message Protocol (ICMP) traffic. Which utility will not be able to access the computer?
answer
Ping
question
Engineering department computers are deployed on a screened subnet. You need to protect the computers against malware attacks. What should you do?
answer
Install a HIDS on each of the departmental computers.
question
You are selecting a security appliance to install between an internal network and the Internet. You need to prevent users from accessing gaming sites from their work computers. Which security appliance feature allows you to meet this requirement?
answer
URL Filtering
question
You are developing a Public Key Infrastructure (PKI) in your domain. You want to use a hardware device separate from your Windows servers to manage and maintain cryptographic keys. What should you use?
answer
Hardware Security Module (HSM)
question
You need to encrypt the contents of a USB flash drive using the strongest possible encryption. Which type of encryption should you use?
answer
Advanced Encryption Standard (AES)
question
Which of the following is designed to ensure mutual authentication?
answer
Kerberos
question
You are looking for ways to prevent users from copying data from their computer systems to an external drive. You have disabled all floppy disk drives, and the computers are configured with read-only CDDVD players. What else should you do? (Choose TWO.)
answer
Disable all USB ports in the system BIOS. / Password protect the system BIOS.
question
A computer configured as a router protects your network from the Internet. You discover that the router has been reconfigured. How might an attacker have gained access to the router? (Choose TWO.)
answer
By logging on to a default account. / Through a rootkit infection.
question
A set of programs enable administrator access to a computer and cannot be detected through normal means. What is the BEST description of this threat?
answer
Rootkit
question
You are installing a new web server that will be placed on the perimeter network. You need to mitigate the risk of a zero-day attack against the server. What steps should you take prior to attaching the server to the perimeter network? Select the steps you should take.
answer
Install all service packs. / Configure the host firewall for implicit deny. / Rename the Administrator account.
question
An organization hires temporary users to assist with end-of-quarter and end-of-year resources. All of the temps need access to the same domain resources when accessing the network. Temps are hired for a specific period with a set completion date. You need to ensure user accounts used by temps can only be used during the specific end-of-quarter and end-of-year periods. You need to ensure that the accounts are not available at other times. The solution should require minimal administrative effort to maintain. What should you do?
answer
Set expiration dates for the temp user accounts.
question
Which protocol provides access to directory server services?
answer
Lightweight Directory Access Protocol (LDAP)
question
You compare the configuration of a database server against a known secure server.
answer
Baseline Reporting
question
You identify all the listening ports on a firewall.
answer
Attack Surface Analysis
question
You examine an uncompiled program to identify security vulnerabilities.
answer
Code Review
question
You view the proposed network design documents to identify security vulnerabilities.
answer
Architecture Review
question
You set up a virtual machine (VM) for testing different versions of an application. You want to be able to return to the baseline state as quickly as possible between each test. What should you do?
answer
Create a snapshot of the VM.
question
A specialized smart card designed to be used for personal identification, computer and network access, e-mail digital signing and encryption, and to control physical access is known as what?
answer
Common Access Card
question
You want to deploy a centralized authentication structure that can be used to authenticate routes, servers, and switches. You want this structure to be as secure as possible. What should you use?
answer
TACACS+
question
An attacker exploits a valid session to gain access to a secure network computer. This is an example of what type of attack?
answer
TCP/IP Hijacking
question
What hash algorithm is used by common implementations of CHAP?
answer
Message Digest 5 (MD5)
question
A web application has an HTML form that users can fill out to perform a search for objects stored on a directory server. Unauthorized access to directory data occurred and has been traced to the web application. What type of attack occurred?
answer
Lightweight Directory Access Protocol (LDAP) Injection
question
A security system validates whether or not a user has permission to complete an action. This is an example of what?
answer
Authorization
question
A company works with a large, volatile set of certificates to maintain security throughout the organization. The company wants to avoid the need for clients to frequently download status information about certificates. What technology does this company need to implement?
answer
OCSP (Online Certificate Status Protocol)
question
A company includes security awareness training as part of the new hire process. What topics should always be covered by a security bulletin? (Choose all that apply.)
answer
New viruses / Zero-day threats / Industry regulation changes
question
You discover that company confidential information is being encoded into graphics files and sent to a destination outside of the company. This is an example of what kind of cryptography?
answer
Steganography
question
You are concerned about the use of ciphers that can be implemented with a weak key, resulting in an encryption that is not secure. Which of the following are ciphers with known weak keys? (Choose two.)
answer
DES / RC4
question
A set of switches is used to implement a VLAN. Where should you enable loop protection?
answer
On all ports of each switch.
question
What actions can be taken to protect a Web site from XSRF attacks? (Choose all that apply.)
answer
Enforce session timeout / Require a unique value sent in a hidden form field.
question
Drag the type of attack that is most closely associated with each type of server to the box identifying the server type.
answer
DNS Injection - DNS Server / SQL Injection - Database Server / DDoS - Web Server
question
You are considering using cloud-based storage for a secure database. What is generally accepted as the greatest risk to data in cloud storage?
answer
Inappropriate physical access to data.
question
You are planning to install a monitoring device on your network. The device must see the following requirements: *A network administrator must be immediately notified of a suspected attack. *Normal functionality must not be disrupted due to a suspected attack. *The number of false positives must be minimized. Which type of device should you install?
answer
Signature-based NIDS (Network-based Intrusion Detection System)
question
A user installs an application on a computer. After installing the application, the computer begins receiving a series of pop-up ads. The ads disappear after the user enables the popup blocker. What is most likely wrong?
answer
The application installed adware on the computer.
question
What would a justification for deploying a credentials manager?
answer
To make it easier for users to keep track of multiple passwords.
question
You are deploying a network for a small project group. Each member should be responsible for securing access to his or her own computer's resources. What access control model should you use?
answer
DAC (Discretionary Access Control)
question
Which of the following relies on both a public and private key for encryption and decryption?
answer
Diffie-Helmman
question
You have several computers that use the NTLM authentication protocol for client authentication. Network policy requires user passwords with atlas 16 characters. What hash algorithm is used for password authentication?
answer
MD5 (Message Digest Service)
question
How does a NAT server help protect your network?
answer
By masking the IP addresses of internal computers from the internet.
question
Written security policy states that file servers in the legal department can only be accessed by client computers in the legal department and that transmitted data must be encrypted. You configure IPSec to implement this policy. Which security principle does this BEST illustrate?
answer
Rule-based management
question
A user receives an unsolicited message in a social network chat window. What type of attack does this indicate?
answer
Spim
question
A company has a 1 Gbps Ethernet network. The company wants to implement a SAN without investing in additional network infrastructure. Which protocol can they use?
answer
iSCSI (Internet Small Computer System Interface)
question
A number of users in your company telecommute. All users have a high-speed Internet connection. You need to allow secure remote access to the company network from users' home computers. All data sent between users' home computers and the company network must be encrypted. What should you install?
answer
VPN Concentrator
question
Your network is configured as a distributed directory environment. You want to configure an SSO environment through your Intranet. All traffic related to authentication should be encrypted. What should you use?
answer
Secure LDAP (Lightweight Directory Access Protocol aka LDAPS)
question
Your company plans to maintain copies of critical business and sales analysis information on USB removable media. The information needs to be kept secure, but must be accessible from different computers running different operating systems on an as-needed basis. The media will be stored in a safe in the locked server room when not in use. What should you do?
answer
Use drives with built-in hardware encryption.
question
You are deploying an application server on your network. You need to control the types of traffic coming into and out of the server. You want to keep the effort and network changes necessary to implement and manage this to a minimum. What should you do?
answer
Install a host-based firewall on the server.
question
What kinds of attacks are best prevented through user education and awareness training? (Choose two.)
answer
Phishing / Dumpster Diving
question
You are setting up a Wi-Fi access point. Only clients able to support WPA2-Personal should be able to connect through the access point. You want to ensure that communications with the access point are as secure as possible. What encryption method should you use?
answer
AES
question
Which wireless authentication protocol is vulnerable to password cracking?
answer
LEAP (Lightweight Extensible Authentication Protocol)
question
You configure a computer's personal firewall software to block ICMP traffic. Which utility will not be able to access the computer?
answer
Ping
question
An application needs to use a two-factor authentication based on a username and password plus a one-time password generated from a shared secret key and timestamp. What algorithm can provide the one-time password.
answer
TOTP (Time-based One-time Password Algorithm)
question
Which type of attack works by modifying the data contained in Internet protocol (IP) packets?
answer
Header Manipulation
question
When would you implement NAC? (Choose two.)
answer
To ensure that clients are compliant before allowing network access. / To provide automatic remediation for unsecure computers.
question
Select the primary risk associated with each type of attack.
answer
Bluejacking - Spam / Bluesnarfing - Unauthorized data disclosure / WPS Attack - Unauthorized data disclosure / Evil Twin - Unauthorized Data Disclosure
question
You are concerned about security on an older Wi-Fi network segment. The segment is configured to use WPA for access security. You need to justify migration of WPA2. What is a primary security enhancement in WPA2 compared to WPA?
answer
Support for CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol)
question
Which ports do you need to allow on an Internet-facing firewall that uses NAT-T to support an L2TP/IPSec VPN connection?
answer
IP Protocol ID 50, UDP port 500, and UDP port 4500
question
An authoritative DNS server must transfer zone data to six secondary DNS servers. Which configuration provides the BEST security?
answer
Allow zone transfer only to specific IP addresses.
question
A portion of the network is shown in the exhibit. A firewall is configured for implicit deny. You configure the following firewall rules for Subnet B: PERMIT any source UDP Port 53 PERMIT any source TCP Port 53 PERMIT any source TCP Port 443 PERMIT subnet A TCP Port 139 Users in Subnet A need to be able to perform the following actions: *Access secure websites on the Web server *Access applications hosted on the Terminal server You need to configure the firewall to meet the requirements. Type the port number of the port you need to allow through the firewall for traffic between Subnet A and Subnet B.
answer
3389
question
A company's network is shown in the exhibit. The company wants to make the most efficient use of IP addresses. Select the IP address the administrator should assign to each subnet from the drop-down list.
answer
15 laptops - 192-168-20-224/28 ; 20 client computers - 192.168.20.0/27 ; 4 servers - 192.168.20.240/29
question
You install a wireless access point in a classroom. You need to meet the following requirements: * Classroom computers must be able to connect to the access point. * Students must not be able to connect using their personal laptop computers or other Wi-Fi devices. What should you do?
answer
Configure MAC filtering.
question
You install a Web application on three identical servers. You need to mitigate the risk that users will be unable to access the Web application if one of the servers fails. It should also mitigate the risk of malware infection. What should you use?
answer
UTM appliance
question
You have a server that hosts several different XML Web services that access a relational database using SQL. You need to install a device that can mitigate the risk of the database server being attacked through data sent in a request. What should you use?
answer
WAF (Web Application Firewall)
question
Your network is separated from the Internet by a single firewall. Employees need to access the Internet as a part of their duties. Different employees often find it necessary to navigate to the same Web sites. You need to hide as much information about the internal structure and configuration of your network as possible. You also want to minimize Internet traffic. Your solution should not increase the security risk to the internal network. What should you deploy?
answer
Proxy server
question
A company has four network administrators. You need to mitigate the risk of an unauthorized change to the switch configuration. What should you do? (Choose two.)
answer
Assign each administrator a separate username and password / Monitor the authentication and authorization logs on each switch
question
You are deploying a corporate telephony solution. The network includes several branch offices in remote geographic locations. You need to provide VoIP support among all office locations. You need to design a network infrastructure to support communications. You need to minimize the impact on network security. You need to minimize the costs related to deploying the solution. What should you do?
answer
Configure a DMZ in each office.
question
Your organization has two groups that work with confidential projects. Membership in these groups changes as project requirements change. For each group, access to and communications with the computers of the other users in the group must be managed. You need to be able to quickly reconfigure your network to control security and bandwidth usage between computers. You need to be able to reconfigure the network quickly, without having to physically relocate computers or reroute cables at the network patch panel. What should you configure?
answer
VLAN
question
A company has server applications that need to be upgraded to the most recent versions. The current hardware platforms cannot support the necessary upgrade. You want to keep the number of new servers required to a minimum. Each application needs to run in an isolated environment from other applications. What should you do?
answer
Deploy one virtual host server and deploy the upgrades as virtual machines (VMs).
question
An application's executable is digitally signed using a software developer's private key. What does this ensure?
answer
Integrity
question
Which security goal is compromised by a DDoS attack?
answer
Availability
question
A company needs to share some top-secret data with a partner. Which control will provide both secrecy and privacy?
answer
Steganography
question
An attack has performed privilege escalation. How can you ensure that you are aware that such an attack has occurred?
answer
Audit failed and successful account management events.
question
A competitor learns company secrets by examining the contents of a USB drive that he found in a trash can during a site visit. Which two steps can best mitigate this risk? (Choose two.)
answer
Disabling USB write capability / A data disposition policy
question
You are devising an incident management plan. What should be the primary goal of the incident management plan for a DoS attack on the company's ecommerce servers?
answer
Restore normal operations as quickly as possible.
question
A company has implemented a BYOD policy that applies only to members of the Sales department. The company has also performed information classification. Only members of management can access information that is classified as High. Members of the Human Resources (HR) department have access to PII for the company employees. Other employees have access to only information that is classified as Medium or Low. For each type of security training, indicate whether it should be organization-wide or role-based.
answer
Personal device policy - Role Based / Data handling policy - Role Based / Tailgating policy - Organization Wide / Proper data disposal - Role Based
question
Several employees received e-mails that appeared to be from an online auction site. When the users click on the link, they are prompted for personal information. When you investigate the link, you discover that it does not go to the auction site, but to a duplicate site set up by an attacker. What kind of attack has occurred?
answer
Phishing
question
A company is planning to outsource the application hosting for a critical business application. You need to determine the policies that are required. Select the policy that corresponds to each definition.
answer
An agreement that is not legally binding - MOU / An agreement that permits repetitive purchases - BPA / A legally binding agreement that defines the level of service, including uptime and performance criteria - SLA / An agreement that governs the connectivity details between systems in the organizations - ISA
question
An attack was launched against a Web server. You need to ensure that any evidence you discover during you investigation can be used to prosecute the attacker. What steps should you take?
answer
Create a bit stream image of the hard disk drive / Create a hash of the hard disk drive / Create a hash of the image / Store the original drive in a sealed and locked container / Document each step you performed.
question
You are beginning your investigation of a server that was the victim of a DoS attack. Where should you look for evidence first?
answer
Registers and cache
question
A company is devising their incident response policy. Choose the forensics procedure that relates to each statement.
answer
Data from structured and unstructured resources - Big data analysis / Must be document prior to beginning evidence collection - Timestamp offset / Required to determine the restitution value - Log of man hours and expenses / Helps a lawyer understand digital evidence - Expert witness
question
A critical web server is compromised using a persistent XSS attack. Which steps would you take as part of the containment process? (Choose two.)
answer
Create forensic image of the server. / Redirect traffic to a different web server.
question
What is risk mitigation?
answer
The process of minimizing the impact of identified risks
question
You create a DRP. You need to verify the DRP without impacting normal operations. What should you use?
answer
Tabletop exercise
question
Your datacenter servers are located on two racks that run parallel to each other. All servers face the outside walls of the server room so that the computer exhaust vents face each other. Air conditioning outlets are located along the outside walls. The air conditioning return opens toward the space between the racks. Which statement best describes the impact of this configuration?
answer
Energy costs are decreased
question
You receive an email message that appears to be from the IT director at your company. The email warns you about a zero-day virus and instructs you to find and delete a certain file on your computer. When you delete the file, your computer no longer boots. Which attack methods were used?
answer
Impersonation / Hoax
question
You are configuring security for a network that is isolated from the Internet by a perimeter network. Three Web servers and an NIDS are deployed in the perimeter network. You need to test the network's ability to detect and respond to a DoS attack against the applications running on the Web servers. What should you do?
answer
Use penetration testing.
question
You suspect that someone is trying to gather information about your network. Your network is isolated from the Internet by a perimeter network. You need to gather as much information about the attacker as possible. You want to prevent the attacker from knowing that the attempt has been detected. What should you do?
answer
Deploy a honeypot in the perimeter network.
question
Which of the following should be performed during software development and after software release?
answer
Code review
question
Which threat vector is made possible through LSOs?
answer
User preference tracking
question
An attacker sniffs a cookie from the HTTP packets sent between a web server and a browser. What attack might be in progress?
answer
Session hijacking
question
A portion of a company's network is shown in the item. The web application is first deployed to the staging server. The web server receives all web application updates from the staging server. The company was the recent victim of an attack in which customer credit card data was compromised. The attacker was a company employee. Click the terminal of the attacker's computer to show the display of the attacker's computer. Then select the type of attack that occurred from the Attacks list. Drag the mitigation controls that are needed to correct the vulnerability to the appropriate locations. All locations do not require a mitigation control. You can add multiple instances of controls.
answer
DMZ Web Server: Perform input validation, Configure a WAF, Call stored procedures // Attacks: SQL Injection // Company Network Database Server: Create stored procedures, Apply updates, Limit permissions, Encrypt stored data
question
Which of the following is a self-replicating program or bit of code?
answer
Worm
question
Which of the following can be used to launch a coordinated DDoS attack?
answer
Botnet
question
You discover a program running in the background on a computer. The program is collecting address and computer name information from your network and sending it to an address on the Internet. This is an example of what kind of threat?
answer
Spyware
question
You download a file management application from the Internet. When you launch the application, your screen goes blank and your hard disk's active light starts flashing. You restart the computer and discover that your hard disk partitions have been deleted. This is an example of what kind of threat?
answer
Trojan Horse
question
What is the goal of a smurf attack?
answer
To disrupt a target network by flooding it with traffic.
question
What can you do to prevent an Internet attacker from using a replay attack to gain access to a secure public Web site?
answer
Timestamp session packets.
question
An attacker gained administrative access to a server using a brute force attack. By the time the attack was discovered, the attacker had installed a rootkit and accessed a number of confidential files. Which steps can you take to mitigate the risk of a similar attack in the future? (Choose all that apply.)
answer
Configure audit logs to generate an alert for failed login. / Delete unused administrative accounts. / Configure password policy to require strong passwords.
question
Your company is implementing BYOD. The company will take advantage of cloud-based apps to synchronize data between the user's computer and tablet. Which tasks should the company's BYOD policy address as part of its offboarding policy? (Choose two.)
answer
R
question
You are deploying an application server on your network that will require a higher level of defense against potential software threats than other servers on your network. You want the server to be able to actively defend itself against active attacks and potential malware infections. You need to provide this protection without impacting other servers already deployed on your network. what should you use?
answer
HIPS
question
Match the smartphone and thin client characteristic with the related categories. Some answers may be used more than one, and not all answers are used.
answer
SMARTPHONE - Physical security: Highly mobile, Storage Options: Remote Wipe, OS Support: iOS or Android, Network Connectivity: Wireless Only // THIN CLIENT - Physical security: Locking cable, Storage options: No storage, OS Support: Windows and Linux, Network Connectivity: Wired/Wireless
question
Your application development plan calls for fuzzing. What is fuzzing used to test for?
answer
Application flaws relating to data input
question
What can be done at the client to mitigate the risk of XSS?
answer
Configure the browser to disable script processing.
question
A company is considering the use of a NoSQL database to support a real-time processing application. In comparison to SQL databases, what security issues must be considered?
answer
It is more difficult to filter for injection attacks.
question
You want to be able to issue and manage encryption keys for your network. You do not want to fully deploy a PKI on the network. What should you use?
answer
HSM
question
All computers in your organization come with TPM installed. What type of data encryption most often uses keys generated from the TPM?
answer
Full disk encryption
question
Your company recently updated security to include: * Limited physical access to mainframes and critical servers. * Multifactor authentication required for all clients. * Certificate-based encryption when communicating with iOS and Android devices. This is an example of what type of risk mitigation?
answer
Security Layers
question
A company is looking to develop an Internet-level browser-based SSO solution. What should they use to accomplish this?
answer
SAML (Security Assertion Markup Language)
question
Which protocol encrypts all authentication traffic by default?
answer
TACACS+
question
Your company has three computer security professionals. Every month, a different one is assigned to auditing duties. What principle does this illustrate?
answer
Job rotation
question
What is the impact of enabling single sign-on in an enterprise network?
answer
A user logs on once and can access multiple applications and services.
question
You are helping design a network to link users and resources together from multiple organizations. The design should have each user's identity stored in each organization's identity management system. The design should be based on which principle?
answer
Federation
question
Remote users who work from their homes are allowed to log onto the network only during normal business hours. The system administrator has configured remote access portals to enforce this. This is an example of what type of access control?
answer
Rule-based access control
question
What is the most reliable method for recovering a secure user account?
answer
Restore from backups.
question
Your company wants to force its users to create passwords that are difficult to guess. What should you do?
answer
Configure a password complexity policy.
question
You need to establish a policy to help prevent users accounts from being compromised when a user is on vacation or will not be logging on for an extended period. You need to make the account available wit the same settings and with minimal effort when the user needs network access. What should you do?
answer
Disable the account while the user is gone and enable the account when the user returns
question
A user is retiring in three weeks. You want to make sure that the account is unavailable at the end of the users last day. Another user will be taking over the first user's duties. What should you do? (Choose all that apply.)
answer
Configure account expiration. / Manually disable the account.
question
You need to secure traffic between SMTP servers over the Internet. You want to make sure that servers that can connect securely use a secure connection, but you do not want to lose connections with servers that cannot connect securely. Which protocol offers the best solution?
answer
TLS
question
What is used to provide secure communication over a L2TP VPN connection?
answer
IPSec
question
A company is developing extremely sensitive documents. You are tasked with selecting an encryption method that cannot be cracked when properly applied. What should you use?
answer
One-time pad