question

Your network is protected from the Internet by a firewall. You are concerned about potential risks in the firewall protection. What should you do?

answer

Scan the firewall's incoming ports with a port scanner.

question

A server application produces plain text output. The output needs to be encrypted before being delivered to local and remote client computers. Output varies in length depending on the client request. The processing requirements and the volume of data sent should be kept to a minimum. What type of cipher should be used?

answer

Stream Cipher

question

What security risk is inherent in dedicated router devices?

answer

Built-in administrative accounts and passwords.

question

A portion of a company's network is shown in the item. The support forum on the website allows users to post information about product issues. A support technician posts solutions to the problem. Customers report that they have been infected with malware after visiting the support forum on the company's website. Select the type of attack that occurred. Drag the mitigation controls that you should implement to prevent a future attack of this type. Each control can only be used once, and not all controls are used.

answer

Attacks - XSS // Internet Clients - Disable JavaScript, Install Antimalware // Web Server - Perform input validation, Configure a WAF, Perform code review

question

A company uses a Layer 2 switch to segment a network. Each department is assigned to a separate network segment. The conference room contains a wireless AP. You need to ensure that when a user connects a laptop computer to the wireless AP in the conference room, the user can access only resources in their own VLAN. What should you use?

answer

802.1x

question

Which firewall feature can you enable to mitigate the risk of DoS attacks against the AAA service?

answer

Flood Guard

question

You suspect that someone has been using your Wi-Fi to connect to the Internet. You want to make your AP less visible to war driving. What should you do?

answer

Disable SSID Broadcast

question

You are working with your company's security team to set security standards for mobile devices. One suggestion was to disable unused features and functionality. You need to determine if a disabled feature would adversely impact security measures that are already in place. One of the security team recommends disabling GPS on all company-owned mobile phones. Which security feature would this impact?

answer

Asset Tracking

question

Hackers have recently tried to gain access to a network by using valid user names and attempting to guess user passwords. You want to limit the number of times a user can enter a password before the account is disabled. Why type of policy do you need to configure?

answer

Account Lockout

question

A company recently reorganized. Several employees will be working from home. They will need access to resources on the company's network, including servers and data. You need to configure a secure solution. What should you do?

answer

Deploy a remote access server at the company network.

question

Which IPSec protocol provides confidentiality?

answer

ESP

question

You need to prevent access to servers on a subnet based on the IP address of the source and the port being used. Your network uses dedicated router devices throughout the network. You need to minimize the network changes necessary to configure the solution and also minimize the administrator effort necessary to maintain the solution. What should you do?

answer

Define an ACL on the router to the subnet.

question

You need to choose the most appropriate algorithm for verifying that a data file did not change during transmission. How is using a hash function for this purpose different from other block cryptographic algorithms?

answer

The value produced by a hash function cannot be decrypted, only compared.

question

A server is the victim of a data breach. Customer password information is exposed to the attacker. Which step in the incident response process is necessary to mitigate the risk of a reoccurrence of the attack?

answer

Conduct a post-mortem review to identify lessons learned.

question

You are configuring Transport Layer Security (TLS) using a block cipher algorithm for transport encryption. You are using a key exchange that supports forward security. What is the advantage of using forward security?

answer

The session key is not compromised even if a private key used in generating it is compromised.

question

A denial of service attack has occurred. Which questions should be answered during the identification phase? (Choose TWO.)

answer

What is the impact of the business? / What servers have been compromised?

question

You are trying to determine ways in which your network might be vulnerable to attack by a malicious insider with detailed knowledge of your infrastructure. What type of testing should you use?

answer

White Box

question

Which protocol provides compatible applications with a directory services lookup service?

answer

LDAP

question

When users log on to the domain, in addition to being given access to domain file resources, they are given access to a Microsoft SQL Server database server and an internal Web site through Windows integrated authentication. This is an example of what authentication model?

answer

SSO

question

You are working on a confidential report in a crowded airport terminal. What type of attack is most likely to occur?

answer

Shoulder Surfing

question

You are setting up a home office wireless network. You want the network to meet all of the following requirements: Prevent eavesdropping, block unauthorized attempts to connect to the network, enable automatic connection for authorized devices. You want to keep the network as secure as possible. What should you use?

answer

WPA2

question

You are preparing to delete a user account. The account is part of a working group in which each member maintains their own working files. Access permissions are managed through a group account. What is the potential risk of deleting the user?

answer

Files associated with the user account might be lost.

question

A company's SMTP server is blacklisted by several ISPs. After further investigation, it is determined that several users in the company inadvertently sent out emails to all the users on their contact list. You need to mitigate the risk that such an incident will reoccur. What should you implement?

answer

Outbound Spam Filter

question

Which password policies are most significant when ensuring that users create strong passwords? (Choose TWO.)

answer

Password Length / Password Complexity

question

For which of the following would you be likely to mitigate the risk of attack through use of a screened subnet?

answer

Supervisory Control and Data Acquisition (SCADA)

question

A secure email client is being developed. You need to choose an appropriate method for digitally signing and encrypting messages. The method chosen must be supported across a broad base of platforms. What should you recommend?

answer

Pretty Good Privacy (PGP)

question

Which of the following is designed to perform one-way encryption?

answer

SHA

question

Which key is used to encrypt data in an asymmetric encryption system?

answer

The recipient's public key.

question

Users report that Web server response was slow overnight. You suspect an attempted attack against the Web server. The Web server is deployed in a perimeter network. What should you do? (Choose two.)

answer

Review the Web server log files. / Review the firewall log files.

question

Which of the following can be used to prevent external electrical fields from affecting sensitive equipment?

answer

Faraday Cage.

question

Your business relies on a server-based, mission-critical application. It is a commercially produced proprietary application. What actions should you take to keep the application secure? (Choose TWO.)

answer

Keep application patches and fixes up-to-date. / Physically uninstall any unnecessary applications from the application server.

question

A company is concerned about protection against zero-day attacks that are initiated by a malicious script on a website that is visited by employees. Which security option will mitigate the risk of such an attack?

answer

Heuristic Content Inspection

question

You are configuring a host firewall. You need to prevent files from being uploaded or downloaded in a clear text transmission. Which ports should you block? (Choose all that apply.)

answer

TCP 21 / UDP 20 / UDP 69 / TCP 20

question

Company A is planning to partner with Company B on a project. The project will require an application server at Company A to access a database server at Company B. You want to document the business and compliance requirements of the connection. What should you use?

answer

Memorandum of Understanding (MOU)

question

You are looking for a method to manage access to a secure area. You want to allow entry through a locked gate automatically and track individuals going into and out of the area. Which method should you use?

answer

Proximity Reader

question

Your company is preparing to deploy several new computers that have the most recent version of trusted platform module (TPM) hardware installed. What is the significance of TPM being install in the computers?

answer

The TPM will work with encryption to generate keys that require a TPM and system platform measurements for decryption.

question

Which attacks are DoS attacks against a Wi-Fi network? (Choose all that apply.)

answer

Replay / Jamming

question

A virus is designed to format a computer's hard disk based on a specific calendar date. What kind of threat is this?

answer

Logic Bomb

question

Your network supports a DAC system to manage file access permissions. How is this information maintained on the network?

answer

As ACLs

question

What should you do to ensure that messages between an SNMP management station and SNMP agents are encrypted?

answer

Create IPSec filters for ports 161 and 162.

question

A standard antivirus program is based on what kind of monitoring methodology?

answer

Signature-Based

question

What can be done to prevent cookie poisoning?

answer

Encrypt cookies before transmission.

question

You are preparing to deploy an e-commerce Web site. The Web site uses dynamically generated Web pages based on user input. This is a requirement for the application running on the Web site. You need to design the site to prevent cross-site scripting attacks. You need to choose the most appropriate action to take. What should you do?

answer

Implement user input validation.

question

A company is concerned about the impact that could occur if an employee opened a malicious hyperlink. What type of security assessment should the company use?

answer

Internal Penetration Test

question

Your organization has recently seen an increase in thefts of laptop computers and other electronic equipment. You want to keep equipment as accessible as possible while trying to prevent equipment theft. User actions needed to keep the equipment secure need to be kept to a minimum. What should you do?

answer

Secure equipment with cable locks.

question

Which component of PKI is necessary for a CA to know whether to accept or reject certificates from another CA? (Choose TWO.)

answer

Certificate Revocation List (CRL) / RA

question

Three companies are working together to produce a movie. A subscription to a service allows them to share data related to the project and host online meetings. Each organization has some management capabilities. What does this exemplify?

answer

Community Cloud

question

A database contains organizational, product, and customer data. The SAN disk storing the database file also hosts several other large files. You need to implement a solution that will protect customers' personally identifiable information. The solution should not impact the ability to access other data from the database or degrade general data processing performance. What should you use?

answer

Use Field-Level Encryption

question

You are deploying a wireless networking infrastructure within your organization. You want to provide centralized authentication and authorization support for your wireless access points (WAPs). What should you use?

answer

Remote Authentication Dial-In User Service (RADIUS)

question

What type of policy is posted on a company's website and describes how it uses and protects customer data?

answer

Privacy Policy

question

You are deploying an application server on your network that will require a higher level on defense against potential software threats that other servers on your network. You want the server to be able to actively defend itself against active attacks and potential malware infections. You need to provide this protection without impacting other servers already deployed on your network. What should you use?

answer

Host-Based Prevention System (HIPS)

question

Which of the following is a stand-alone algorithm that can be used for message authentication of a plaintext (non-encrypted) message?

answer

RIPEMD

question

You want to use a backup scheme that does not take too much time or require very high capacity tapes each night. Because you do not have to restore data that often, you do not care if the restore process is lengthier as a result, but you do not want it to take an unreasonable amount of time. Which of the following would be the best back up scheme to meet your goals?

answer

Perform a full backup weekly. Perform incremental backups nightly.

question

You are deploying a new website. You need to request an SSL certificate from a public CA. What should you do first?

answer

Generate a public and private key pair for their server.

question

Your company has begun allowing employees to bring their own devices and to connect to the company network. Which mobile device policies would help prevent BYOD devices from compromising security for devices that are already running on the network? (Choose TWO.)

answer

Patch Management / Antivirus Management

question

Which attacks are more effective when the attacker looks familiar to the victim? (Choose all that apply.)

answer

Tailgating / Spear Phishing

question

A server has failed four times in the past year. Which measurement is used to determine the amount of time the server was operational?

answer

MTBF (Mean Time Between Failures)

question

You are determine environmental control requirements for a data center that will contain several computers? What is the role of an HVAC system in this environment? (Choose TWO.)

answer

Maintain appropriate humidity levels. / Provide an appropriate ambient temperature.

question

You are developing an Internet-based application. Users will need to create passwords that are eight or more characters in length for authentication. You need a secure method to store user passwords. You want a solution that is as secure as possible against brute force attacks. What algorithm should you use for creating password-based key derivations? (Choose TWO.)

answer

PBKDF2 / Bcrypt

question

Your network administrator backs up the server by using an incremental backup strategy. He uses seven tapes, one tape per day, and he performs the backup at the end of each business day. He does a full back up on Friday and Tuesday and an incremental on the other days. The server crashes on Sunday morning before the opening of business. How many tapes will he use to perform the restore on Sunday?

answer

2

question

What is the primary risk of an integer overflow attack?

answer

Arbitrary Code Execution

question

Your company provides specialized assistance to other companies working on projects that require a high level of technical expertise. Your company's employees are organized around work teams that contract with outside companies. You need to ensure that the employees on a team trust certificates from the contracting company. They should not trust certificates that are associate with a project if they are not part of the project team. You need to implement a PKI trust model that lets you specify which users will trust which CAs. You need to be able to end this relationship at the end of the contract. What should you use?

answer

CTL (Certificate Trust List)

question

A company has an IPv6 network with three sites. Which IP address can be routed only between cooperating sites?

answer

fc00::/7

question

Your company has a web server, an IPS, and a database server on the perimeter network. You need to determine if there are vulnerabilities that would permit an attacker to compromise the database server. What are the possible ramifications of performing an intrusive vulnerability scan? (Choose TWO.)

answer

Additional vulnerabilities might be introduced. / Services might become inaccessible.

question

Two devices communicate using NFC. Which attack represents the greatest vulnerability?

answer

Eavesdropping

question

Network users whose computers are running Windows 7 complain that the extra windows that appear when they browse the Internet are becoming a nuisance. The user is able to close the windows and they do not prevent the user from browsing the Internet. You need to prevent these windows from appearing. What should you do?

answer

Configure the browser's popup blocker.

question

An area that has an entry door that automatically locks when the exit door unlocks.

answer

Mantrap

question

An environmental control that helps detect theft.

answer

Video surveillance

question

An environmental control that helps detect overheated equipment.

answer

Environmental Monitoring

question

A compensating control that deters unauthorized access.

answer

Signs

question

You suspect that an attacker is sending damaged packets into your network as a way to compromise your firewall. You need collect as much information about network traffic as possible. What should you use?

answer

Protocol Analyzer

question

You want to ensure that users are securely and accurately identified when accessing the network. Which identification method is LEAST secure?

answer

Username

question

You are creating a BCP. What should you use as a guideline for determining the restoration order for servers?

answer

BIA (Business Impact Analysis)

question

Which of the following best describes a digital signature?

answer

A message hash encrypted with the sender's private key.

question

You are helping an organization develop a backup plan. You need to ensure that data backups are available in case of a catastrophic failure. You need to keep the plan as inexpensive as possible. What should you do?

answer

Back up to removable media and store a copy offsite.

question

You are deploying a sensitive database server on your network. You need to make sure you are alerted about anything suspicious in the network traffic in and out of the server, or any attempts to change system files on the server. What should you do?

answer

Deploy a host-based intrusion detection system (HIDS).

question

You are designing security for a financial application. You need to ensure that all tasks relating to the transfer of money require actions by more than one user through a series of checks and balances. All activity must be audited and logged. On what access control method should you design your security model?

answer

Separation of Duties

question

You are designing security for network servers. The design requirements call for the servers to be kept in a locked room with limited physical access. You want to ensure that physical access is controlled as tightly as possible and prevent unauthorized access. What should you do?

answer

Secure the room with a biometric-based lock.

question

Your company hired a new network administrator. The administrator will also be assisting with user support. How should you set up account security for the new administrator?

answer

Create an administrator account and a standard user account.

question

Client computers on a network use POP3 over SSL to receive e-mail. The e-mail service uses standard port assignments. Which port on the Internet face of the firewall should allow inbound packets?

answer

TCP port 995

question

You are deploying a new server application that accepts input forms from the Web. You are concerned about injection attack against a database server that acts as the backend for the application. Which action will help prevent attacks?

answer

Server-Side Input Validation

question

You encrypt your smart phone using the built-in hardware encryption. What is a potential risk of this?

answer

Decrypting the device will result in data loss.

question

You want to prevent people from reusing passwords too frequently. Which password policies will prevent this? (Choose TWO.)

answer

Password History / Password Minimum Age

question

Attack Vector: Attempt to request financial information by phone. Target: Cell phone users.

answer

Vishing

question

Attack Vector: E-mail requesting sensitive business information. Target: Upper-level management.

answer

Whaling

question

Attack Vector: Redirecting individuals to a different, similar Web site to steal customers. Target: Internet users.

answer

Page Hijacking

question

Attack Vector: Rouge security software that installs malware or steals information. Target: Internet users.

answer

Scareware

question

You are preparing to perform vulnerability analysis on a network. Which tools require a computer with a network adapter that can be placed in promiscuous mode? (Choose TWO.)

answer

Protocol Analyzer / Vulnerability Scanner

question

A portion of the company network is shown in the exhibit. The DNS server has crashed twice in a 24-hour period. Analysis of network traffic indicates that the DNS server has been receiving ICMP packets that are larger than allowed by the IP protocol. What type of attack does this indicate?

answer

Ping of Death

question

Which wireless authentication method requires certificates on both the client and the RADIUS server?

answer

EAP-TLS (Extensible Authentication Protocol Transport Layer Security)

question

An individual is contracted to set up a Web farm that includes an access portal for your network. That same individual uses the information gained during that process to infiltrate your network at a later time. How is this type of attack categorized?

answer

Malicious Insider

question

You have conducted a risk assessment and identified a list of possible security controls. Which security controls should you implement first?

answer

The security controls that will mitigate the threats with the highest risk.

question

You discover that when network users attempt to navigate to your company's public Web site, they are being redirected to a different Web site. This is an example of what type of attack?

answer

DNS Poisoning

question

What can you prevent when you deploy wireless devices inside a TEMPEST-certified building?

answer

War Driving

question

An application is being designed to digitally sign files as it publishes them for distribution. What algorithm should be used for this purpose?

answer

RSA

question

A hosting company has set up an infrastructure that provides storage and applications that are targeted specifically at non-profit fundraising organizations. Only these types of organizations will be allowed to subscribe, and each organization's data will be kept separate. Subscribers will be charged an annual fee for access. This is an example of which?

answer

Community Cloud

question

A company has an Ethernet network with four switches, as well as two wireless APs. All devices that connect to either network must be authenticated using EAP. What should you use?

answer

802.1X

question

Your company is deploying a claims-based identity system that will use a multifactor authentication. It includes a Security Token Service (STS) to help manage access to secure applications. What is the role of the STS?

answer

Authenticating clients and issuing security tokens.

question

Which environmental control is part of TEMPEST compliance?

answer

Shielding

question

A remote collection server is managed through command-line commands. Until recently, you have been using Telnet to connect to the server, but you suspect that one or more passwords have been compromised. You are going to disable Telnet connectivity on the server. You need to use a more secure method of logging in and executing commands. What should you use?

answer

SSH

question

You have deployed PKI within your organization. To meet legal reporting requirements, you need to implement a way to provide decryption keys to a third party on an as-needed basis. What should you do?

answer

Implement a key escrow arrangement.

question

What is the difference between continuous monitoring and continuous auditing?

answer

Ownership of the process.

question

You are tasked with determining the best use of client-side and server-side validation for a new web-based application. What is a potential risk of using client-side validation?

answer

Client-side validation can be easily bypassed.

question

Which method is commonly used to mitigate attack risks to game consoles?

answer

Firmware Updates

question

A server application is currently under development. It has been discovered that some errors, such as a divide by zero error, can leave the application running in an unstable condition. The application needs to respond more appropriately to errors and generate an error message when they occur. What should you implement? (More than one answer may be correct, choose the BEST answer.)

answer

Exception Handling

question

Some network traffic is being redirected to a client that is infected with a Trojan. The IP addresses and MAC addresses on the redirected packets do not match up correctly. All packets have the MAC address of the infected system. The IP addresses are legitimate host addresses. This is a symptom of which kind of attack?

answer

ARP Poisoning

question

What entity within a PKI verifies user requests for digital certificates?

answer

Registration Authority

question

How do anomaly-based monitoring methodologies identify potential incidents?

answer

Comparing network activity to an established baseline.

question

A company has a 1 Gbps Ethernet network. The company wants to implement a SAN without investing in additional network infrastructure. Which protocol can they use?

answer

Internet Small Computer System Interface (iSCSI)

question

A company has a database that is used to store product inventory. The cost to the company is very high if the database is not available. Which two technology controls could be used to improve the database's availability? (Choose TWO.)

answer

RAID / Clustering

question

A company performs information classification. What is the outcome of this process?

answer

Data is categorized in terms of confidentiality, integrity, and availability requirements.

question

A company wants to allow users to access the network using company-issued tablets. Only approved apps can be installed on the devices. What MDM feature provides the necessary functionality to meet this requirement?

answer

Application Whitelisting

question

An employee has gained unauthorized access to a company confidential file on a file server. The employee denies viewing the file. What can you use to provide nonrepudiation?

answer

Audit Log

question

You need to select an appropriate authentication protocol for a Point to Point Protocol (PPP) connection with a remote server. Authentication should be based on a hash of a shared secret key. What should you use?

answer

Challenge-Handshake Authentication Protocol (CHAP)

question

You need to determine the appropriate operating system (OS) platform for developing a highly secure application. The OS must have built-in support for multilevel security. The OS should be evaluated based on Common Criteria for Information Technology Security Evaluation (Common Criteria). What security designation do you need to look for in the OS?

answer

Trusted

question

A computer with the IPv4 address 192.168.1.205/26 periodically sends out broadcast messages. Which computer would receive these messages?

answer

192.168.1.225/26

question

Preparing a warm site that can take over business operations quickly in case of a failure is an example of which of the following?

answer

Risk Mitigation

question

When calculating risk assessment for an organization, what is the role of impact assessment?

answer

Estimating the potential costs related to a threat.

question

You are looking for a way to know when people approach any of several secure areas. The method must be active 24-hours a day. You want to keep recurring expenses related to the solution to a minimum. What should you use?

answer

Video Surveillance

question

Your Web site has been the repeated target of cross-site request forgery (XSRF) attacks. You want to try to prevent these from occurring. What should you do?

answer

Require a secure, user-specific token for form submissions.

question

You are hired as the security administrator for a financial services company. You have been directed to set up a key escrow for all encrypted data. what should you do?

answer

Provide copies of all keys to a designated third party.

question

What is a potential risk associated with WEP when it is used to secure a WLAN?

answer

Weak Encryption

question

Your department will be working with the United States Department of Defense (DoD). As part of this, department members must be able to provide secure authentication credentials for access to government resources. what is the standard method of managing this?

answer

Common Access Card (CAC)

question

You created custom error pages for your Web site. An attacker modified the error pages through data input through a data form on the Web site. Error pages are dynamically generated when an error occurs and the page is rendered containing script that directs the user to a malicious Web site. This is an example of what type of attack?

answer

Cross-Site Scripting (XSS)

question

You are configuring a server to be used as an FTPS server. You plan to use well-known port assignments. Only connections encrypted with TLS should be permitted. The host firewall is configured for implicit deny. You define the following firewall rules: Allow UDP port 989 / Allow TCP port 989. Which additional firewall rules should you define? (Choose TWO.)

answer

Allow UDP port 990 / Allow TCP 990

question

What does IPsec use to determine when to create a new set of keys?

answer

Internet Security Association and Key Management Protocol (ISAKMP)

question

When should a company perform a qualitative risk assessment?

answer

When working within a limited time frame or budget.

question

A server has a firewall that is configured for implicit deny. You need to be able to remotely manage the server using command-line tools from a dedicated management workstation. Management traffic must be encrypted. Which port should you allow?

answer

TCP 22

question

A company recently started allowing employees to use personal mobile devices to connect to the company network. Users are concerned about the discovery and use (or misuse) of personally identifiable data stored on the devices. What type of policy should the company issue?

answer

Privacy

question

Your network is isolated from the Internet by a firewall that also acts as a proxy server. You suspect that a potential attacker has been probing your network looking for open ports. What should you do?

answer

Check the firewall log.

question

Each of the following situations describes an organization that is looking for an Internet-based solution. Any employee with Internet access should have access to the resources described. In which of these situations would it be most appropriate to use a hybrid cloud?

answer

An organization hosts its own applications and data, but occasionally needs additional overflow storage.

question

You are designing a solution to protect your network from Internet-based attacks. You need to ensure that devices that connect to the network have operating system updates and current antivirus. Devices that do not should be automatically remediated. What should you implement?

answer

Network Access Control (NAC)

question

You receive a security bulletin that a patch is available for an application running on all network client computers. The application is a mission-critical application. You download the patch to a directory on a network server. What should you do next?

answer

Test the patch on select isolated computers.

question

You need to identify the source of malformed network packets flooding your network. What should you use?

answer

Protocol Analyzer

question

A subscription to a productivity application allows users in a company to create and share documents. The service is not hosted on a dedicated server. What is this an example of? (Choose TWO.)

answer

Software as a Service (SaaS) / Public Cloud

question

You deploy a two-factor authentication system for your network computers using a smart card and PIN. Despite this, unauthorized personnel are gaining access to the network. What should you do to help prevent this in the future?

answer

Improve user education and awareness training.

question

What can be done to help minimize the risk of malware infection while a mobile device is browsing the Internet from a connection that is provided by a corporate network? (Choose TWO.)

answer

Implement patch management. / Disable unused features.

question

You are configuring a firewall between the Internet and your perimeter network. There are two servers on the perimeter network. Both servers host a Web application that uses TLS. Which port should you configure to allow incoming and outgoing traffic?

answer

TCP 443

question

An employee uses P2P software on the company network. What are the two most likely security ramifications? (Choose TWO.)

answer

Confidential data will be disclosed to users outside the company. / Malicious software will be installed on the user's computer.

question

You need to include a RADIUS authentication server when implementing which of the following in your network configuration? (Choose all that apply.)

answer

802.1X Network Access Control / WPA2-Enterprise

question

You need to allow computers on the Internet to initiate connections to a host on the internal network with the address 192.168.50.12/24. What should you use?

answer

Port Forwarding

question

You install an NIPS in your perimeter network. You need to determine how effective the NIPS is against DoS attacks targeting your Web servers. What should you do?

answer

Perform Penetration Testing

question

A switch becomes a victim of a MAC flooding attack and allows an attacker access to all VLANs configured on the switch. You need to mitigate the risk of the attack reoccurring. What should you do? (Choose all that apply.)

answer

Implement Port Security / Bind a MAC address to each port.

question

What is the primary purpose of a Clean Desk Policy (CDP)?

answer

Protecting the confidentiality of data.

question

What is the most appropriate type of fire suppression system to install in a data center computer room?

answer

Gaseous Fire Suppression

question

You are preparing to conduct a vulnerability scan of an application server. You need to determine whether to conduct a credentialed scan or a non-credentialed scan? (Choose all that apply.)

answer

A credentialed scan allows you to generate a list of USB devices that have been attached. / A credentialed scan allows you to identify missing patches.

question

You need to be able to prevent users on social media sites from learning your location based on the pictures you share from your smartphone. What should you do?

answer

Disable Geotagging

question

What steps can you take to mitigate the risk of a DDoS attack against a web server? (Choose all that apply.)

answer

Monitor and analyze traffic trends. / Disable unnecessary services.

question

Which statement best describes an SSL or TLS connection?

answer

The client and server negotiate to determine the algorithms that will be used.

question

A firewall is configured to block all incoming traffic by default. This is an example of what?

answer

Implicit Deny

question

Which computing environments are designed to download firmware updates exclusively and directly from the Internet? (Choose all that apply.)

answer

Smart Appliances / Game Consoles

question

A port scan indicates that a computer is listening on port 80. What does this mean?

answer

The computer is running Web server software.

question

You are designing a Web-based application. You design the application so that it runs under a security context that has been granted only the permissions required for the application to run. This is an example of which of the following?

answer

Principle of Least Privilege (POLP)

question

What is the most cost-effective way to defend against whaling attacks?

answer

Educate and train upper management.

question

A new server application is deployed on your network. This is a recently released version of the application. You need to ensure that fixes to any vulnerabilities are applied as quickly as feasible. All changes need to be documented. What should you implement?

answer

Patch Management

question

Field sales personnel have product and price lists loaded on their smartphones. This is critical data for your business. You need to ensure that this data is not accidentally disclosed or compromised while salespeople are traveling or are at customer sites. What should you do?

answer

Install and enable remote wipe. / Require passwords on mobile devices.

question

Users report that they lose connection to the wireless access point. You investigate and discover radio frequencies that have a similar pattern to those transmitted by the access point. What type of attack should you suspect?

answer

Jamming

question

An e-mail server supports IMAP connections. You need to ensure that all IMAP traffic is encrypted. What should you do? (Choose all that apply.)

answer

Allow traffic on TCP port 993. / Block traffic on TCP port 143.

question

What is a limitation of using a CRL to determine whether or not a certificate is valid?

answer

A CRL does not provide for real-time updates.

question

Which statement best describes hashing?

answer

Transforming a variable-length input into a fixed-length string.

question

An outgoing message is encrypted before transmission using asymmetric cryptography. What does the recipient need to decrypt the message?

answer

The recipient's private key.

question

Your boss is concerned that an administrator might accidentally introduce a security vulnerability when installing a new server. What can you use to mitigate this risk?

answer

Change Management

question

You want to design your network security around multifactor authentication. Which is a valid example of multifactor authentication?

answer

Smart card and PIN

question

You have six 100 GB hard disks available for data storage. Which RAID configuration will provide the most available storage with fault tolerance?

answer

RAID-5

question

The following ports are open on your perimeter network firewall: 22 / 23 / 443 / 992. Which port represents the biggest security risk from an antiquated protocol?

answer

23

question

A company with a UTM wants to ensure that documents with the words "confidential" or "revenue" inside them are not sent outside the company through email or copied to a cloud service. Which UTM feature should the company configure?

answer

Data Loss Prevention (DLP)

question

As the number and types of clients increases on a company's network, the company sees a eed to place greater controls on access to its mainframe. The mainframe is deployed on a screened subnet with critical network servers and bounded by a stateful firewall. You want to implement a solution that filters traffic by port, protocol, and detailed packet content. What should you use?

answer

Application Firewall

question

You are a security administrator for a company that has been contracted by a local government agency for a data collection and reporting project. Data must be stored locally to your organization and the company will be issuing weekly summary reports. At some point, it may be necessary for the government agency to view the raw data, but only after receiving proper authorization from its supervising agents or through a court order. You need to ensure this capability. What should you do?

answer

Set up a key escrow.

question

Company data policy states that when a hard disk is taken out of service, it should be secured against any access to the data that was originally on the disk. Drives must be in a state that they can be put back into use later, if necessary. What method should be used?

answer

Multiple Overwrites

question

You discover attempts to compromise your Web site. The attacks are based on commands sent from authenticated users' Web browsers to the Web site. The commands execute at the user's permission level. Users who have been contacted had no idea tat the commands were being sent from their computers. What kind of attack does this represent?

answer

Cross-Site Request Forgery (XSRF)

question

A company has identified the risks shown in the exhibit. Arrange the entries in the order of rank. Place the highest ranking risk at the top of the list.

answer

XSS attack against Web server / SQL injection attack steals customer data / DoS against Web server / Fire destroys data center

question

A company with a UTM wants to allow employees in the Marketing department to be able to access Facebook, but prevent them from clicking links. What should the company do?

answer

Implement the application control feature of the UTM.

question

At attacker discovers a user's password by using a set of pre-computed hashes. What type of attack occurred?

answer

Rainbow Table

question

Which wireless authentication protocol performs only client authentication?

answer

EAP-MD5

question

You are designing a secure application environment. You need to ensure that data is kept as secure as possible. You need to select the strictest access control model. What access control model should you use?

answer

Mandatory Access Control (MAC)

question

You want to create a document that describes what types of things employees are permitted to do regarding e-mail and Web usage. What should you create?

answer

Acceptable Use Policy

question

You are investigating some malware that has infected a server in your company. You make a digital copy of the hard drive that you can analyze. You place the original drive in a secure cabinet. What aspect of incident response does this illustrate?

answer

Chain of Custody

question

You are tasked with finding a way to ensure non-repudiation on outgoing e-mails. What should you use?

answer

Digital Signature

question

Client computers need to connect with an older server through a point-to-point protocol (PPP) connection. You need to support a wide variety of operating systems and versions. You are concerned about the potential risk of replay attacks and compromise of authentication credentials. Which authentication type should you use?

answer

Challenge-Handshake Authentication Protocol (CHAP)

question

Which wireless protocol provides data confidentiality and integrity using AES?

answer

Cipher Block Chaining Message Authentication Code Protocol (CCMP)

question

A local theme park requires a thumbprint scan to verify identity. This is an example of which authentication factor?

answer

Something you are.

question

You have deployed a mission-critical server. You have been asked to recommend a security assessment method.

answer

Penetration Testing: Bypasses security controls, Exploits a vulnerability, Identifies the compromised data. // Vulnerability Scanning: Finds only known vulnerabilities, Creates a baseline of vulnerabilities.

question

A critical server application is susceptible to shell injection privilege escalation attacks. How can you minimize the potential impact of this type of attack?

answer

Run the application with the minimum permissions required.

question

A supervisory control and data acquisition (SCADA) network is used to monitor and manage a utilities distribution substation. The system must be able to recovery from device failures as quickly as possible. What should you use to help ensure this?

answer

Control redundancy and diversity.

question

Targeted e-mail attacks directed at a company's senior executives is an example of what type of social engineering attack?

answer

Whaling

question

On a network that uses Kerberos, what does the client computer present as authentication to the server that contains a resource?

answer

Session Ticket

question

A web application accepts data from a user in an HTML form and sends that data to a web service using the following format: 1 Jane Doe 12345 An elevation of privilege attack occurs on the server that hosts the web service. What type of application attack was used?

answer

Extensible Markup Language (XML) Injection

question

Identify the attack types by dragging each attack type to the box next to its common attack vector and target. Attack Vector: Locks up system and encrypts data files. / Target: Internet Users

answer

Attack Type: Ransomware

question

Identify the attack types by dragging each attack type to the box next to its common attack vector and target. Attack Vector: Redirection to fake web site to steal information. Target: Internet Users

answer

Attack Type: Pharming

question

Identify the attack types by dragging each attack type to the box next to its common attack vector and target. Attack Vector: E-mail requesting sensitive information such as account numbers. Target: Multiple Users

answer

Attack Type: Phishing

question

Identify the attack types by dragging each attack type to the box next to its common attack vector and target. Attack Vector: Theft of data from a wireless device. Target: Wireless devices and cell phones.

answer

Attack Type: Bluesnarfing

question

You are hiring a consultant to provide a social media presence for your organization. The consultant will use her own computer. What are two potential security implications that should be covered by a legally binding policy document? (Choose TWO.)

answer

Unauthorized Data Sharing / Data Ownership for Content Created

question

You need to control user access to files and folders on a network file server. The ability to read, write, and modify data needs to be managed based on individual users and on the groups to which they belong. What type of security control do you need to use?

answer

Access Control Lists (ACL)

question

What can you use to mitigate the risk of an evil twin attack?

answer

Radio Frequency (RF) Monitor

question

One set of permissions are assigned to a user account. Other permissions are assigned to a group to which the user belongs. How are effective rights determined?

answer

Permissions assigned to the user and group are combined.

question

Your network connects to the Internet through a single firewall. The internal network is configured as a single subnet. You need to deploy a public Web server to provide product information to your customers. What should you do?

answer

Configure a Demilitarized Zone (DMZ) and deploy the Web server on the DMZ.

question

All computers in your organization come with Trusted Platform Module (TPM) installed. What type of data encryption most often uses keys generated from the TPM?

answer

Full Disk Encryption

question

A company is looking to develop an Internet-level browser-based Single-Sign On (SSO) solution. What should they use to accomplish this?

answer

Security Assertion Markup Language (SAML)

question

Which protocol can you use to ensure that a server accepts Telnet traffic only from a designated computer?

answer

IPSec

question

You are installing wireless access points on a company network that is separated from the Internet by a firewall. Which two steps can you take to mitigate the risk of eavesdropping by outsiders? (Choose TWO.)

answer

Adjust the antenna placement. / Reduce the transmission power.

question

A company has a main office and three branch offices. They need to meet the following security requirements: All website traffic must be scanned for malware. All email traffic must be scanned for malware. Traffic between the main office and the branch offices should be secure. Users should not be able to access sites with inappropriate content while at work. What should you implement?

answer

UTM Appliance (Unified Threat Management)

question

The mail server receives a large number of packets of the type shown in the exhibit. The packets are coming from all computers in the local network. What type of attack is under way?

answer

Smurf Attack

question

A port scan indicates that a computer is listening on port 137. Which service is the computer running?

answer

Windows Internet Naming Service (WINS)

question

Your organization is transitioning from a wired to a wireless network infrastructure. An outside company is being brought in to perform a wireless site survey for your organization. What should you expect as the primary feedback from the survey?

answer

Optimum Access Point (AP) Placement

question

Your organization has developed a fault-tolerant design to help ensure business continuity in case of a disaster. The site has mission-critical hardware already installed and connectivity already established. Data backups of critical data are on hand, but they may be up to a week old. This is an example of which of the following:

answer

Warm Site

question

You are bringing in four temporary employees to work on a short-term project. Security is a major concern and much of the activity relating to the project with be audited, especially file activity. You have set up a folder with reference files needed for the project. You have also set up a project data file folder. You create a group named SpecProject that will have all project personnel, including employees and temporary personnel, as members. All users will need access to all project data files. You need to find the best way to manage security for the temporary users. What should you do? (Choose all that apply.)

answer

Create four user accounts for temporary employees. / Assign permissions on a per-group basis.

question

A router has five virtual terminals. You need to ensure that all router management traffic is encrypted. You run the commands necessary to generate a certificate. Which additional commands should you run?

answer

line vty 0 4 transport input ssh

question

Your recovery plan states that it will take, on average, three hours to restore services to an operational level after a catastrophic failure. This value is known as what?

answer

Mean Time to Restore

question

What kinds of attacks involve intercepting network packets? (Choose all that apply.)

answer

Man-In-The-Middle / TCP/IP Hijacking

question

You are designing network access control so that remote users are limited to accessing the network during normal business hours only. Policies regarding user access apply to all users. This is an example of what type of access control?

answer

Rule-Based Access Control

question

Which wireless protocol uses the pre-shared key to encrypt data?

answer

Wired Equivalent Privacy (WEP)

question

A company has an office on the fifth floor of a building in a city that is prone to earthquakes. Earthquakes have been identified as the most important risk to mitigate. Which risk mitigation controls would be most important to ensuring employee safety? (Choose all that apply.)

answer

Drills / Escape Plans / Emergency Lighting

question

A solution vendor bills customers for access to a three-tier application based on usage. The application is deployed in the vendor's data center as sets of clustered virtual machines. Which type of network design element is exemplified?

answer

Infrastructure as a service.

question

You receive a direct message from a friend on a social network. The message tells you about an offer to receive a $100 gift card if you are one of the first 25 to respond to a survey. You click the link and become infected with malware. Which attack principles contribute to the effectiveness of this attack? (Choose all that apply.)

answer

Trust / Scarcity

question

You are a member of your company's security team and a network administrator. You arrive at the office early once Monday morning, enter the server room, and see that the cabinet holding the daily backup tapes has been forced open and tapes are spilled out onto the floor and table. You also notice that one of the servers is running a backup. What should you do first?

answer

Secure the area.

question

A data analysis application will use a session key when transferring results. What will be used for encrypting data?

answer

Symmetric Key

question

You are setting up a Wi-Fi infrastructure for a hotel. The hotel wants the Wi-Fi configured to redirect guests to a Web page that provides usage instructions and prompts them for authentication information before they are granted Internet access. What should you do?

answer

Configure a Captive Portal

question

You need to test a program that might be a previously unknown type of malware. You need to minimize the risk while testing and also minimize the effort necessary to recover after testing. What should you do?

answer

Test the program on a virtual machine.

question

You configure your firewall to support a perimeter network. You deploy two Web servers on the perimeter network. You want to deploy a security tool that can help reconfigure the network automatically in response to detected threats. What should you use?

answer

Network Intrusion Prevention System (NIPS)

question

A company is doing research on highly secure key exchange. A communication partner should be able to detect if a third party eavesdrops on the key exchange. On what type of cryptography should this technology be based?

answer

Quantum

question

The basic formula for calculating ALE uses what two values? (Choose TWO.)

answer

Revenue loss from a single risk occurrence. / The number of times you can expect a risk to occur during a year.

question

Your company is limiting the data which mobile devices are allowed to use. This is an example of which type of device security?

answer

Device Access Control

question

How does a Network Address Translation (NAT) server help protect your network?

answer

By masking the IP addresses of internal computers from the Internet.

question

War Chalking is used for what purpose?

answer

To publicize an unprotected or poorly protected access point.

question

Your company has started allowing personal mobile devices on the company network. When users connect to the company Wi-Fi, a screen appears that describes what they can and cannot do on the network, and prompts them to click to acknowledge their agreement. If a user does not click Yes, he or she is not allowed to connect to the network. This is an example of what?

answer

Acceptable Use Policy (AUP)

question

You need to secure access to network file servers. Your first task is to determine current access permissions. What should you do?

answer

Review effective access permissions.

question

You configure a computer's personal firewall software to block Internet Control Message Protocol (ICMP) traffic. Which utility will not be able to access the computer?

answer

Ping

question

Engineering department computers are deployed on a screened subnet. You need to protect the computers against malware attacks. What should you do?

answer

Install a HIDS on each of the departmental computers.

question

You are selecting a security appliance to install between an internal network and the Internet. You need to prevent users from accessing gaming sites from their work computers. Which security appliance feature allows you to meet this requirement?

answer

URL Filtering

question

You are developing a Public Key Infrastructure (PKI) in your domain. You want to use a hardware device separate from your Windows servers to manage and maintain cryptographic keys. What should you use?

answer

Hardware Security Module (HSM)

question

You need to encrypt the contents of a USB flash drive using the strongest possible encryption. Which type of encryption should you use?

answer

Advanced Encryption Standard (AES)

question

Which of the following is designed to ensure mutual authentication?

answer

Kerberos

question

You are looking for ways to prevent users from copying data from their computer systems to an external drive. You have disabled all floppy disk drives, and the computers are configured with read-only CDDVD players. What else should you do? (Choose TWO.)

answer

Disable all USB ports in the system BIOS. / Password protect the system BIOS.

question

A computer configured as a router protects your network from the Internet. You discover that the router has been reconfigured. How might an attacker have gained access to the router? (Choose TWO.)

answer

By logging on to a default account. / Through a rootkit infection.

question

A set of programs enable administrator access to a computer and cannot be detected through normal means. What is the BEST description of this threat?

answer

Rootkit

question

You are installing a new web server that will be placed on the perimeter network. You need to mitigate the risk of a zero-day attack against the server. What steps should you take prior to attaching the server to the perimeter network? Select the steps you should take.

answer

Install all service packs. / Configure the host firewall for implicit deny. / Rename the Administrator account.

question

An organization hires temporary users to assist with end-of-quarter and end-of-year resources. All of the temps need access to the same domain resources when accessing the network. Temps are hired for a specific period with a set completion date. You need to ensure user accounts used by temps can only be used during the specific end-of-quarter and end-of-year periods. You need to ensure that the accounts are not available at other times. The solution should require minimal administrative effort to maintain. What should you do?

answer

Set expiration dates for the temp user accounts.

question

Which protocol provides access to directory server services?

answer

Lightweight Directory Access Protocol (LDAP)

question

You compare the configuration of a database server against a known secure server.

answer

Baseline Reporting

question

You identify all the listening ports on a firewall.

answer

Attack Surface Analysis

question

You examine an uncompiled program to identify security vulnerabilities.

answer

Code Review

question

You view the proposed network design documents to identify security vulnerabilities.

answer

Architecture Review

question

You set up a virtual machine (VM) for testing different versions of an application. You want to be able to return to the baseline state as quickly as possible between each test. What should you do?

answer

Create a snapshot of the VM.

question

A specialized smart card designed to be used for personal identification, computer and network access, e-mail digital signing and encryption, and to control physical access is known as what?

answer

Common Access Card

question

You want to deploy a centralized authentication structure that can be used to authenticate routes, servers, and switches. You want this structure to be as secure as possible. What should you use?

answer

TACACS+

question

An attacker exploits a valid session to gain access to a secure network computer. This is an example of what type of attack?

answer

TCP/IP Hijacking

question

What hash algorithm is used by common implementations of CHAP?

answer

Message Digest 5 (MD5)

question

A web application has an HTML form that users can fill out to perform a search for objects stored on a directory server. Unauthorized access to directory data occurred and has been traced to the web application. What type of attack occurred?

answer

Lightweight Directory Access Protocol (LDAP) Injection

question

A security system validates whether or not a user has permission to complete an action. This is an example of what?

answer

Authorization

question

A company works with a large, volatile set of certificates to maintain security throughout the organization. The company wants to avoid the need for clients to frequently download status information about certificates. What technology does this company need to implement?

answer

OCSP (Online Certificate Status Protocol)

question

A company includes security awareness training as part of the new hire process. What topics should always be covered by a security bulletin? (Choose all that apply.)

answer

New viruses / Zero-day threats / Industry regulation changes

question

You discover that company confidential information is being encoded into graphics files and sent to a destination outside of the company. This is an example of what kind of cryptography?

answer

Steganography

question

You are concerned about the use of ciphers that can be implemented with a weak key, resulting in an encryption that is not secure. Which of the following are ciphers with known weak keys? (Choose two.)

answer

DES / RC4

question

A set of switches is used to implement a VLAN. Where should you enable loop protection?

answer

On all ports of each switch.

question

What actions can be taken to protect a Web site from XSRF attacks? (Choose all that apply.)

answer

Enforce session timeout / Require a unique value sent in a hidden form field.

question

Drag the type of attack that is most closely associated with each type of server to the box identifying the server type.

answer

DNS Injection - DNS Server / SQL Injection - Database Server / DDoS - Web Server

question

You are considering using cloud-based storage for a secure database. What is generally accepted as the greatest risk to data in cloud storage?

answer

Inappropriate physical access to data.

question

You are planning to install a monitoring device on your network. The device must see the following requirements: *A network administrator must be immediately notified of a suspected attack. *Normal functionality must not be disrupted due to a suspected attack. *The number of false positives must be minimized. Which type of device should you install?

answer

Signature-based NIDS (Network-based Intrusion Detection System)

question

A user installs an application on a computer. After installing the application, the computer begins receiving a series of pop-up ads. The ads disappear after the user enables the popup blocker. What is most likely wrong?

answer

The application installed adware on the computer.

question

What would a justification for deploying a credentials manager?

answer

To make it easier for users to keep track of multiple passwords.

question

You are deploying a network for a small project group. Each member should be responsible for securing access to his or her own computer's resources. What access control model should you use?

answer

DAC (Discretionary Access Control)

question

Which of the following relies on both a public and private key for encryption and decryption?

answer

Diffie-Helmman

question

You have several computers that use the NTLM authentication protocol for client authentication. Network policy requires user passwords with atlas 16 characters. What hash algorithm is used for password authentication?

answer

MD5 (Message Digest Service)

question

How does a NAT server help protect your network?

answer

By masking the IP addresses of internal computers from the internet.

question

Written security policy states that file servers in the legal department can only be accessed by client computers in the legal department and that transmitted data must be encrypted. You configure IPSec to implement this policy. Which security principle does this BEST illustrate?

answer

Rule-based management

question

A user receives an unsolicited message in a social network chat window. What type of attack does this indicate?

answer

Spim

question

A company has a 1 Gbps Ethernet network. The company wants to implement a SAN without investing in additional network infrastructure. Which protocol can they use?

answer

iSCSI (Internet Small Computer System Interface)

question

A number of users in your company telecommute. All users have a high-speed Internet connection. You need to allow secure remote access to the company network from users' home computers. All data sent between users' home computers and the company network must be encrypted. What should you install?

answer

VPN Concentrator

question

Your network is configured as a distributed directory environment. You want to configure an SSO environment through your Intranet. All traffic related to authentication should be encrypted. What should you use?

answer

Secure LDAP (Lightweight Directory Access Protocol aka LDAPS)

question

Your company plans to maintain copies of critical business and sales analysis information on USB removable media. The information needs to be kept secure, but must be accessible from different computers running different operating systems on an as-needed basis. The media will be stored in a safe in the locked server room when not in use. What should you do?

answer

Use drives with built-in hardware encryption.

question

You are deploying an application server on your network. You need to control the types of traffic coming into and out of the server. You want to keep the effort and network changes necessary to implement and manage this to a minimum. What should you do?

answer

Install a host-based firewall on the server.

question

What kinds of attacks are best prevented through user education and awareness training? (Choose two.)

answer

Phishing / Dumpster Diving

question

You are setting up a Wi-Fi access point. Only clients able to support WPA2-Personal should be able to connect through the access point. You want to ensure that communications with the access point are as secure as possible. What encryption method should you use?

answer

AES

question

Which wireless authentication protocol is vulnerable to password cracking?

answer

LEAP (Lightweight Extensible Authentication Protocol)

question

You configure a computer's personal firewall software to block ICMP traffic. Which utility will not be able to access the computer?

answer

Ping

question

An application needs to use a two-factor authentication based on a username and password plus a one-time password generated from a shared secret key and timestamp. What algorithm can provide the one-time password.

answer

TOTP (Time-based One-time Password Algorithm)

question

Which type of attack works by modifying the data contained in Internet protocol (IP) packets?

answer

Header Manipulation

question

When would you implement NAC? (Choose two.)

answer

To ensure that clients are compliant before allowing network access. / To provide automatic remediation for unsecure computers.

question

Select the primary risk associated with each type of attack.

answer

Bluejacking - Spam / Bluesnarfing - Unauthorized data disclosure / WPS Attack - Unauthorized data disclosure / Evil Twin - Unauthorized Data Disclosure

question

You are concerned about security on an older Wi-Fi network segment. The segment is configured to use WPA for access security. You need to justify migration of WPA2. What is a primary security enhancement in WPA2 compared to WPA?

answer

Support for CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol)

question

Which ports do you need to allow on an Internet-facing firewall that uses NAT-T to support an L2TP/IPSec VPN connection?

answer

IP Protocol ID 50, UDP port 500, and UDP port 4500

question

An authoritative DNS server must transfer zone data to six secondary DNS servers. Which configuration provides the BEST security?

answer

Allow zone transfer only to specific IP addresses.

question

A portion of the network is shown in the exhibit. A firewall is configured for implicit deny. You configure the following firewall rules for Subnet B: PERMIT any source UDP Port 53 PERMIT any source TCP Port 53 PERMIT any source TCP Port 443 PERMIT subnet A TCP Port 139 Users in Subnet A need to be able to perform the following actions: *Access secure websites on the Web server *Access applications hosted on the Terminal server You need to configure the firewall to meet the requirements. Type the port number of the port you need to allow through the firewall for traffic between Subnet A and Subnet B.

answer

3389

question

A company's network is shown in the exhibit. The company wants to make the most efficient use of IP addresses. Select the IP address the administrator should assign to each subnet from the drop-down list.

answer

15 laptops - 192-168-20-224/28 ; 20 client computers - 192.168.20.0/27 ; 4 servers - 192.168.20.240/29

question

You install a wireless access point in a classroom. You need to meet the following requirements: * Classroom computers must be able to connect to the access point. * Students must not be able to connect using their personal laptop computers or other Wi-Fi devices. What should you do?

answer

Configure MAC filtering.

question

You install a Web application on three identical servers. You need to mitigate the risk that users will be unable to access the Web application if one of the servers fails. It should also mitigate the risk of malware infection. What should you use?

answer

UTM appliance

question

You have a server that hosts several different XML Web services that access a relational database using SQL. You need to install a device that can mitigate the risk of the database server being attacked through data sent in a request. What should you use?

answer

WAF (Web Application Firewall)

question

Your network is separated from the Internet by a single firewall. Employees need to access the Internet as a part of their duties. Different employees often find it necessary to navigate to the same Web sites. You need to hide as much information about the internal structure and configuration of your network as possible. You also want to minimize Internet traffic. Your solution should not increase the security risk to the internal network. What should you deploy?

answer

Proxy server

question

A company has four network administrators. You need to mitigate the risk of an unauthorized change to the switch configuration. What should you do? (Choose two.)

answer

Assign each administrator a separate username and password / Monitor the authentication and authorization logs on each switch

question

You are deploying a corporate telephony solution. The network includes several branch offices in remote geographic locations. You need to provide VoIP support among all office locations. You need to design a network infrastructure to support communications. You need to minimize the impact on network security. You need to minimize the costs related to deploying the solution. What should you do?

answer

Configure a DMZ in each office.

question

Your organization has two groups that work with confidential projects. Membership in these groups changes as project requirements change. For each group, access to and communications with the computers of the other users in the group must be managed. You need to be able to quickly reconfigure your network to control security and bandwidth usage between computers. You need to be able to reconfigure the network quickly, without having to physically relocate computers or reroute cables at the network patch panel. What should you configure?

answer

VLAN

question

A company has server applications that need to be upgraded to the most recent versions. The current hardware platforms cannot support the necessary upgrade. You want to keep the number of new servers required to a minimum. Each application needs to run in an isolated environment from other applications. What should you do?

answer

Deploy one virtual host server and deploy the upgrades as virtual machines (VMs).

question

An application's executable is digitally signed using a software developer's private key. What does this ensure?

answer

Integrity

question

Which security goal is compromised by a DDoS attack?

answer

Availability

question

A company needs to share some top-secret data with a partner. Which control will provide both secrecy and privacy?

answer

Steganography

question

An attack has performed privilege escalation. How can you ensure that you are aware that such an attack has occurred?

answer

Audit failed and successful account management events.

question

A competitor learns company secrets by examining the contents of a USB drive that he found in a trash can during a site visit. Which two steps can best mitigate this risk? (Choose two.)

answer

Disabling USB write capability / A data disposition policy

question

You are devising an incident management plan. What should be the primary goal of the incident management plan for a DoS attack on the company's ecommerce servers?

answer

Restore normal operations as quickly as possible.

question

A company has implemented a BYOD policy that applies only to members of the Sales department. The company has also performed information classification. Only members of management can access information that is classified as High. Members of the Human Resources (HR) department have access to PII for the company employees. Other employees have access to only information that is classified as Medium or Low. For each type of security training, indicate whether it should be organization-wide or role-based.

answer

Personal device policy - Role Based / Data handling policy - Role Based / Tailgating policy - Organization Wide / Proper data disposal - Role Based

question

Several employees received e-mails that appeared to be from an online auction site. When the users click on the link, they are prompted for personal information. When you investigate the link, you discover that it does not go to the auction site, but to a duplicate site set up by an attacker. What kind of attack has occurred?

answer

Phishing

question

A company is planning to outsource the application hosting for a critical business application. You need to determine the policies that are required. Select the policy that corresponds to each definition.

answer

An agreement that is not legally binding - MOU / An agreement that permits repetitive purchases - BPA / A legally binding agreement that defines the level of service, including uptime and performance criteria - SLA / An agreement that governs the connectivity details between systems in the organizations - ISA

question

An attack was launched against a Web server. You need to ensure that any evidence you discover during you investigation can be used to prosecute the attacker. What steps should you take?

answer

Create a bit stream image of the hard disk drive / Create a hash of the hard disk drive / Create a hash of the image / Store the original drive in a sealed and locked container / Document each step you performed.

question

You are beginning your investigation of a server that was the victim of a DoS attack. Where should you look for evidence first?

answer

Registers and cache

question

A company is devising their incident response policy. Choose the forensics procedure that relates to each statement.

answer

Data from structured and unstructured resources - Big data analysis / Must be document prior to beginning evidence collection - Timestamp offset / Required to determine the restitution value - Log of man hours and expenses / Helps a lawyer understand digital evidence - Expert witness

question

A critical web server is compromised using a persistent XSS attack. Which steps would you take as part of the containment process? (Choose two.)

answer

Create forensic image of the server. / Redirect traffic to a different web server.

question

What is risk mitigation?

answer

The process of minimizing the impact of identified risks

question

You create a DRP. You need to verify the DRP without impacting normal operations. What should you use?

answer

Tabletop exercise

question

Your datacenter servers are located on two racks that run parallel to each other. All servers face the outside walls of the server room so that the computer exhaust vents face each other. Air conditioning outlets are located along the outside walls. The air conditioning return opens toward the space between the racks. Which statement best describes the impact of this configuration?

answer

Energy costs are decreased

question

You receive an email message that appears to be from the IT director at your company. The email warns you about a zero-day virus and instructs you to find and delete a certain file on your computer. When you delete the file, your computer no longer boots. Which attack methods were used?

answer

Impersonation / Hoax

question

You are configuring security for a network that is isolated from the Internet by a perimeter network. Three Web servers and an NIDS are deployed in the perimeter network. You need to test the network's ability to detect and respond to a DoS attack against the applications running on the Web servers. What should you do?

answer

Use penetration testing.

question

You suspect that someone is trying to gather information about your network. Your network is isolated from the Internet by a perimeter network. You need to gather as much information about the attacker as possible. You want to prevent the attacker from knowing that the attempt has been detected. What should you do?

answer

Deploy a honeypot in the perimeter network.

question

Which of the following should be performed during software development and after software release?

answer

Code review

question

Which threat vector is made possible through LSOs?

answer

User preference tracking

question

An attacker sniffs a cookie from the HTTP packets sent between a web server and a browser. What attack might be in progress?

answer

Session hijacking

question

A portion of a company's network is shown in the item. The web application is first deployed to the staging server. The web server receives all web application updates from the staging server. The company was the recent victim of an attack in which customer credit card data was compromised. The attacker was a company employee. Click the terminal of the attacker's computer to show the display of the attacker's computer. Then select the type of attack that occurred from the Attacks list. Drag the mitigation controls that are needed to correct the vulnerability to the appropriate locations. All locations do not require a mitigation control. You can add multiple instances of controls.

answer

DMZ Web Server: Perform input validation, Configure a WAF, Call stored procedures // Attacks: SQL Injection // Company Network Database Server: Create stored procedures, Apply updates, Limit permissions, Encrypt stored data

question

Which of the following is a self-replicating program or bit of code?

answer

Worm

question

Which of the following can be used to launch a coordinated DDoS attack?

answer

Botnet

question

You discover a program running in the background on a computer. The program is collecting address and computer name information from your network and sending it to an address on the Internet. This is an example of what kind of threat?

answer

Spyware

question

You download a file management application from the Internet. When you launch the application, your screen goes blank and your hard disk's active light starts flashing. You restart the computer and discover that your hard disk partitions have been deleted. This is an example of what kind of threat?

answer

Trojan Horse

question

What is the goal of a smurf attack?

answer

To disrupt a target network by flooding it with traffic.

question

What can you do to prevent an Internet attacker from using a replay attack to gain access to a secure public Web site?

answer

Timestamp session packets.

question

An attacker gained administrative access to a server using a brute force attack. By the time the attack was discovered, the attacker had installed a rootkit and accessed a number of confidential files. Which steps can you take to mitigate the risk of a similar attack in the future? (Choose all that apply.)

answer

Configure audit logs to generate an alert for failed login. / Delete unused administrative accounts. / Configure password policy to require strong passwords.

question

Your company is implementing BYOD. The company will take advantage of cloud-based apps to synchronize data between the user's computer and tablet. Which tasks should the company's BYOD policy address as part of its offboarding policy? (Choose two.)

answer

R

question

You are deploying an application server on your network that will require a higher level of defense against potential software threats than other servers on your network. You want the server to be able to actively defend itself against active attacks and potential malware infections. You need to provide this protection without impacting other servers already deployed on your network. what should you use?

answer

HIPS

question

Match the smartphone and thin client characteristic with the related categories. Some answers may be used more than one, and not all answers are used.

answer

SMARTPHONE - Physical security: Highly mobile, Storage Options: Remote Wipe, OS Support: iOS or Android, Network Connectivity: Wireless Only // THIN CLIENT - Physical security: Locking cable, Storage options: No storage, OS Support: Windows and Linux, Network Connectivity: Wired/Wireless

question

Your application development plan calls for fuzzing. What is fuzzing used to test for?

answer

Application flaws relating to data input

question

What can be done at the client to mitigate the risk of XSS?

answer

Configure the browser to disable script processing.

question

A company is considering the use of a NoSQL database to support a real-time processing application. In comparison to SQL databases, what security issues must be considered?

answer

It is more difficult to filter for injection attacks.

question

You want to be able to issue and manage encryption keys for your network. You do not want to fully deploy a PKI on the network. What should you use?

answer

HSM

question

All computers in your organization come with TPM installed. What type of data encryption most often uses keys generated from the TPM?

answer

Full disk encryption

question

Your company recently updated security to include: * Limited physical access to mainframes and critical servers. * Multifactor authentication required for all clients. * Certificate-based encryption when communicating with iOS and Android devices. This is an example of what type of risk mitigation?

answer

Security Layers

question

A company is looking to develop an Internet-level browser-based SSO solution. What should they use to accomplish this?

answer

SAML (Security Assertion Markup Language)

question

Which protocol encrypts all authentication traffic by default?

answer

TACACS+

question

Your company has three computer security professionals. Every month, a different one is assigned to auditing duties. What principle does this illustrate?

answer

Job rotation

question

What is the impact of enabling single sign-on in an enterprise network?

answer

A user logs on once and can access multiple applications and services.

question

You are helping design a network to link users and resources together from multiple organizations. The design should have each user's identity stored in each organization's identity management system. The design should be based on which principle?

answer

Federation

question

Remote users who work from their homes are allowed to log onto the network only during normal business hours. The system administrator has configured remote access portals to enforce this. This is an example of what type of access control?

answer

Rule-based access control

question

What is the most reliable method for recovering a secure user account?

answer

Restore from backups.

question

Your company wants to force its users to create passwords that are difficult to guess. What should you do?

answer

Configure a password complexity policy.

question

You need to establish a policy to help prevent users accounts from being compromised when a user is on vacation or will not be logging on for an extended period. You need to make the account available wit the same settings and with minimal effort when the user needs network access. What should you do?

answer

Disable the account while the user is gone and enable the account when the user returns

question

A user is retiring in three weeks. You want to make sure that the account is unavailable at the end of the users last day. Another user will be taking over the first user's duties. What should you do? (Choose all that apply.)

answer

Configure account expiration. / Manually disable the account.

question

You need to secure traffic between SMTP servers over the Internet. You want to make sure that servers that can connect securely use a secure connection, but you do not want to lose connections with servers that cannot connect securely. Which protocol offers the best solution?

answer

TLS

question

What is used to provide secure communication over a L2TP VPN connection?

answer

IPSec

question

A company is developing extremely sensitive documents. You are tasked with selecting an encryption method that cannot be cracked when properly applied. What should you use?

answer

One-time pad

Measure Up Practice

Unlock all answers in this set

Haven't found what you were looking for?

Search for samples, answers to your questions and flashcards