Security+ – College

Flashcard maker : Kieran Carr
Which type of IDS is more ambitious and informative than the other types?
HIDS

The U.S. National Institute of Standard and Technology (NIST) specifies three types of security controls. These controls are important in the federal information systems certification and accreditation process?
Management, operational, and technical.

An authoritative DNS server must transfer zone data to six secondary DNS servers. What configuration provides the best security?
Allow zone transfer only to specific IP addresses.

You need to restrict the Web sites that network users can visit. Users connect to the Internet through a perimeter network. What should you do?
Use Internet content filters.

You are part of an incident response team. You change the passwords relating to all affected systems. You also back up the affected systems. These are exampes of which part of the incident handling procedure?
Containment

In which type of PKI model do trusted parties issue certificate to each other?
Web of trust

What is the defining charateristic of a trusted operating system?
Data cannot be altered or moved and access rights are required to view data.

You need to prevent access to servers on subnet based on the IP address of the source and the port being used. Your network uses dedicated router devices throughout the network. You need to minimize the network changes necessary to configure the solution and also minimize the administrator effort necessary to maintain the solution. What should you do?
Define an ACL on the router to the subnet.

What is a limitation of using a CRL to determine whether or not a certificate is valid?
A CRL does not provide for real-time updates.

You need to encrypt the contents of a USB flashdrive. Which type of encryption should you use?
AES

You have a server that hosts several different XML Web services. You need to install a device that can mitigate the risk of the Web server being attacked through data sent in a request. What should you use?
Web application firewall

You are responsible for implementing a Data Loss Prevention (DLP) solution for your organization. You need to control access to secure data files and prevent unauthorized users from viewing file content. Data should be protected whether it is directly accessed or distributed outside the network. What should you use?
RMS – rights management service

You are deploying an application server on your network that will require a higher level of defense against potential software threats than other servers on your network. You want the server to actively defend itself against active attacks and potential malware infections. You need to provide this protection without impacting other servers already deployed on your network. What should you use?
HIPS – host-based intrusion prevention system

Your business uses instant messaging to enable technical support personnel to communicate easily with customers. What should you do to secure technical support computers against potential instant messaging security risks?
Install up-to-date antivirus software

You are preparing to perform vulnerability analysis on a network. Which tools require a computer with a network adapter that can be placed in promiscuous mode? (Pick two)
Vulnerability scanner and Port scanner

You want to be able to identify changes in activity in critical Windows servers that might identify attempts to compromise the server or its data. You have installed antivirus software on the server and have locked down server configurations. What should you do next?
Use Performance Monitor to establish a performance baseline for each server.

What entity within a PKI is able to provide digital keys to an authorized third party?
Key Escrow

Which statement best describes hashing?
Transforming a variable-length input into a fixed-length string

You are deploying a corporate telephony solution. The network includes several branch offices in remote geographical locations. You need provide VoIP support among all office locations. You need to design a network infrustructure to support communications. You need to minimize the impact on network security. You need to minimize the cost related to deploying the solution. What should you do?
Configure a DMZ in each office.

Which of the following is designed to perform one-way encryption?
SHA
AES
RSA
DES
SHA

Which key is used to encrypt data in an asymmetric encryption system?
The recipient’s public key

Why should you require the sender to digitally sign sensitive e-mail message? (Pick two)
To provide nonrepudiation and to validate the sender.

What hash algorithm is used by common implementations of CHAP?
MD5

What is the most reliable method for recovering a secure user account?
Restore from backups

What form of biometric authentication is the least secure?
Keystroke dynamics

What can you use to reveal both known and unknown attacks without affecting normal operations?
Firewall log analysis.

You are configuring antispam software for network computers. What should you have antispam software do when it identifies an e-mail as spam?
Save the message in a separate folder

You want to ensure that your network mail system is designed to minimized the risk that an outside attacker could use your mail system to send malicious e-mails. Your mail system includes several mail clients and an SMTP mail server. What should you do?
Disable open relay at the SMTP server.

A computer configured as a router protects your network from the Internet. You discover that the router has been reconfigured. How might an attacker have gained access to the router? (Pick two)
By logging on to a default account and through a rootkit infection.

You are deploying an application server on your network. You need to control the types of traffic into and out of the server. You want to keep the effort and network changes necessary to implement and manage this to a minimum. What should you do?
Install a host-based firewall on the server.

What type if IDS reports possible attacks when it detects contions that match the conditions contained in a database of attacks?
Signature-based

Client computers on a network use POP3 over SSL to received e-mail. The e-mail service uses standard port assignment. What port on the Internet face of the firewall should allow inbound packets?
995

Which type of reporting is most useful in predicting the possibility of an event occurring for security planning purposes?
Trend report

Which ports do you need to allow on an Internet-facing firewall that uses NAT-T to support an L2TP/IPSec VPN connection?
IP Protocol ID 50, UDP port 500, and UDP port 4500

Users occasionally need to take files with them to remote locations. You need to minimize the risk that the data might be comprised. Employees are required to provide their own devices. You want to keep the cost incurred by the employess to a minimum. What should you do?
Require data encryption at the destination device.

Which component of PKI is necessary for a CA to know whether to accept or reject certificates from another CA? (Pick two)
CRL and Registration Authority (RA)

A set of switches is used to implement a VLAN. Where should you enable loop protection?
On all ports of the switch.

Your boss is concerned that an administrator might accidently introduce a security vulnerability when installing a new server. What can you use to mitigate the risk?
Change management

When is it appropriate to use vulnerability scanning to identify potential holes in a security design?
When testing to identify known potential security risks inherent to the design and corrective actions.

Which of the following can be used to prevent external electrical fields from effecting sensitive equipment?

Faraday cage
Halon
UPS
HVAC

Faraday cage

Which vulnerability is created by establishing a network bridge between DSL connection to the Internet and an Ethernet connection to the LAN?
Users on the Internet can access files on the LAN.

What is used to provide secure communication over a L2TP VPN connection?
IPSec

Which DNS record is used to identify an IPv6 host?
AAAA

The basic formula for calculating ALE uses what two values?
The number of times you can expect a risk to occur during a year.
Revenue loss from a single risk occurrence.

What can be done to prevent cookie poisoning?
Encrypt cookies before transmission

You are configuring a host firewall. You need to prevent files from being updated or downloaded in clear text. Which ports should you block?
20, 21, 69

What entity within PKI verifies user requests for digital certificates?
Registration Authority

Which statement best describe an SSL and TLS connection?
The client and server negotiate to determine the algorithms that will be used.

War chalking is used for what purpose?
To gain access to an unprotected or poorly protected access point.

What does IPSec use to determine when to create a new set of keys?
ISAKMP (Internet Security Association and Key Management Protocol)

A solution vendor bills customers for access to a three-tier application based on usage. The application is deployed in the vendor’s data center as sets of clustered virtual machines. Which type of network design element is exemplified?
IaaS – Infrastructure as a service

What does an implicit deny on an ACL do?
It denies any traffic not specifically allowed.

Engineering department computers are deployed on a screened subnet. You need to protect the computers against malware attacks. What should you do?
Install a HIDS on each of the department’s computers.

You are looking for a method to manage access to a secure area. You want to allow entry through a locked gate automatically and track individuals going into and out of the area. Which method should you use?
Proximity reader

Which of the following allows you to configure NAT tables that allow computers on the Internet to initiate connections to hosts on an internal network with private IP address?
Static NAT

You are investigating some malware that has infected a server in your company. You make a digital copy of the hard drive that you can analyze. You place the original drive in a secure cabinet. What aspect of incident response does this illustrate?
Chain of custody

You are deploying a network for a small project group. Each group member should be responsible for securing access to his or her own computer’s resource. What access control model should you use?
DAC

You discover attempts to comprise your Web site. The attacks are based on commands sent from authenticated users’ Web browser to the Web site. The commands execute at the user’s permission level. Users who have been contacted had no idea that the commands were being sent from their computers. What kind of attack does this represent?
Cross-site request forgery (CSRF or XSRF)

For what purpose would you install voice encryption on a mobile computer?
To support secure VoIP communication

Your network is configured as a Windows Server 2008 Active Directory domain. The network includes two file servers FS0 and FS1. Folders from both file servers are shared to the network. You need to configure the same access permissions for 20 domain users to folders shared from FS0 to FS1. The users that need access to this set of folders may change over time. You need to minimize the effort needed to deploy and maintain this solution. What should you do?
Create one domain security group

What are the dangers of virus hoaxes? (Pick two)
Users spread them by forwarding them and overburden e-mail systems. Also, the message includes instructions to do something damaging.

Which IPSec protocol provides confidentiality?
Encapsulating Security Payload (ESP)

ESP also provides integrity.

You have a server that hosts several different XML Web services. You need to install a device that can mnitigate the risk of the Web server being attacked through data sent in a request. What should you use?
Web application firewall

You are designing a solution to protect your network from Internet-based attacks. You need to provide:
* Pre-admission security checks
* Automated remediation
The solution should integrate existing network infrastructure devices. What should you do?
Implement NAC

Your network has servers that are configured as member servers in a Windows Active Directory domain. You need to minimize the risk of unauthorized persons logging on locally to the servers. The solution should have minimal impact on local management and administration and should not limit administrator access.
What should you do? (Choose two.)
Rename the local default accounts.
Require strong passwords.

Your network connects to the Internet through a single firewall. The internal network is configured as a single subnet. You need to deploy a public Web server to provide product information to your customers. What should you do?
Configure a DMZ and deploy the Web server on the DMZ.

You are determining environmental control requirements for a data center that will contain several computers? What is the role of an HVAC system in this environment? (Choose two.)
Provide isolation in case of a fire.
Maintain appropriate humidity levels.

What can you prevent when you deploy wireless devices inside a TEMPEST-certified building?
War driving

When should a company perform a qualitative risk assessment?
When working within a limited time frame or budget

Inserting invalid information into a name resolution server’s database is known as what? (Choose two)
DNS poisoning.
DNS spoofing.

You created a mirror image of the data needed for forensic investigation. You need to be able to quickly determine if your investigative procedures cause the data to change. What should you use to determine this?
Hashes

What type of malware is often used to facilitate using unsuspecting users’ computers to launch DDoS attacks?
Trojan

You suspect an attacker is sending damaged packets into your network as a way to compromise your firewall. You need to collect as much information about network traffic as possible. What should you use?
Protocol analyzer

Your Web site has been the repeated target of cross-site request forgery (XSRF) attacks. You want to try to prevent these from occurring. What should you do?
Require a secure, user-specific token for form submissions.

What access control method is most commonly used to control access to resources in a peer-to-peer network?
ACL

Which wireless authentication protocol is vulnerable to password cracking?
LEAP – Lightweight Extensible Authentication Protocol

SSL is used to provide encryption for which communication protocol?
HTTP

Which is a set of rules that defines which connections to a network are accepted or rejected?
Remote access policy

Which is designed to ensure mutual authentication?
Kerberos

Making sure that proper procedures are followed during an investigation during a security incident and that the rights of the suspect are respected is known as:
Due process

You are developing a Web application that will be accessible to the public. Users will be entering data that will be visible to other users. You want to design the application to minimize the possibility of cross-site scripting (XSS). What should you do?
Implement user-input filters.

What kind of encryption method can be implemented at the Network layer of the OSI model?
IPSec

When designing network and device security plans, what capability is enhanced by GPS tracking?
Device physical location

What are the minimum requirements for implementing TLS on a Web site?
A PKI certificate must be installed on the Web server.

What type of data loss prevention system is most susceptible to a cold boot attack?
Full disk encryption

You suspect an attempted attack against a data server running Microsoft Windows. You need to monitor real-time performance to compare it to the baseline data you collected when the server was deployed. What should you use?
Performance monitor

You need to ensure that Active Directory domain user Alice does not have read access to the folder named Graphics. The Graphics folder is shared to the network from the server named FS0. The disk partition on which Graphics is located is formatted as NTFS. What should you do?
Explicitly deny read access to the folder to Alice through local access security.

Which wireless protocol uses the pre-shared key to encrypt data?
WEP

What should you do to ensure that messages between an SNMP management station and SNMP agents are encrypted?
Create IPSec filters for ports 161 and 162.

Which wireless protocol provides data confidentiality and integrity using AES?
CCMP – Counter Mode with Cipher Block Chaining Message Authentication Code Protocol.

A HIDS that recognizes possible attacks by monitoring attempts to make unauthorized changes to files is an example of what kind of monitoring methodology?
Behavior-based

An attacker exploits a valid session to gain access to a secure network computer. This is an example of what type of attack?
TCP/IP hijacking

You plan to use Windows BitLocker to Go to automatically encrypt a USB flash drive. You want to be able to retrieve the encrypted data from any laptop computer. What should you do?
Configure BitLocker to Go with the Use A Password To Unlock This Drive option.

What is the most accurate form of biometric authentification in common use?
Retinal scan

What should be performed during software development and after software release?
Code Review

Which type of attacks works by modifying the data contained in IP packets?
Header Manipulation

Fault tolerant design that includes data backups and duplicate hardware is an example of:
Operational continuity planning

You install a Web pplication on three identical servers. You need to mitigate the risk that users will be unable to access the Web application if one of the servers fails or is compromised by malware. What should you use?
Load balancer

Which security goal is compromised by a DDoS attack?
Availability

When should you perform a penetration test on your network?
To determine threat detection and alert effectiveness

Get an explanation on any task
Get unstuck with the help of our AI assistant in seconds
New