Measure Up Practice

Your network is protected from the Internet by a firewall. You are concerned about potential risks in the firewall protection. What should you do?
Scan the firewall’s incoming ports with a port scanner.
A server application produces plain text output. The output needs to be encrypted before being delivered to local and remote client computers. Output varies in length depending on the client request. The processing requirements and the volume of data sent should be kept to a minimum. What type of cipher should be used?
Stream Cipher
What security risk is inherent in dedicated router devices?
Built-in administrative accounts and passwords.
A portion of a company’s network is shown in the item. The support forum on the website allows users to post information about product issues. A support technician posts solutions to the problem. Customers report that they have been infected with malware after visiting the support forum on the company’s website. Select the type of attack that occurred. Drag the mitigation controls that you should implement to prevent a future attack of this type. Each control can only be used once, and not all controls are used.
Attacks – XSS // Internet Clients – Disable JavaScript, Install Antimalware // Web Server – Perform input validation, Configure a WAF, Perform code review
A company uses a Layer 2 switch to segment a network. Each department is assigned to a separate network segment. The conference room contains a wireless AP. You need to ensure that when a user connects a laptop computer to the wireless AP in the conference room, the user can access only resources in their own VLAN. What should you use?
802.1x
Which firewall feature can you enable to mitigate the risk of DoS attacks against the AAA service?
Flood Guard
You suspect that someone has been using your Wi-Fi to connect to the Internet. You want to make your AP less visible to war driving. What should you do?
Disable SSID Broadcast
You are working with your company’s security team to set security standards for mobile devices. One suggestion was to disable unused features and functionality. You need to determine if a disabled feature would adversely impact security measures that are already in place. One of the security team recommends disabling GPS on all company-owned mobile phones. Which security feature would this impact?
Asset Tracking
Hackers have recently tried to gain access to a network by using valid user names and attempting to guess user passwords. You want to limit the number of times a user can enter a password before the account is disabled. Why type of policy do you need to configure?
Account Lockout
A company recently reorganized. Several employees will be working from home. They will need access to resources on the company’s network, including servers and data. You need to configure a secure solution. What should you do?
Deploy a remote access server at the company network.
Which IPSec protocol provides confidentiality?
ESP
You need to prevent access to servers on a subnet based on the IP address of the source and the port being used. Your network uses dedicated router devices throughout the network. You need to minimize the network changes necessary to configure the solution and also minimize the administrator effort necessary to maintain the solution. What should you do?
Define an ACL on the router to the subnet.
You need to choose the most appropriate algorithm for verifying that a data file did not change during transmission. How is using a hash function for this purpose different from other block cryptographic algorithms?
The value produced by a hash function cannot be decrypted, only compared.
A server is the victim of a data breach. Customer password information is exposed to the attacker. Which step in the incident response process is necessary to mitigate the risk of a reoccurrence of the attack?
Conduct a post-mortem review to identify lessons learned.
You are configuring Transport Layer Security (TLS) using a block cipher algorithm for transport encryption. You are using a key exchange that supports forward security. What is the advantage of using forward security?
The session key is not compromised even if a private key used in generating it is compromised.
A denial of service attack has occurred. Which questions should be answered during the identification phase? (Choose TWO.)
What is the impact of the business? / What servers have been compromised?
You are trying to determine ways in which your network might be vulnerable to attack by a malicious insider with detailed knowledge of your infrastructure. What type of testing should you use?
White Box
Which protocol provides compatible applications with a directory services lookup service?
LDAP
When users log on to the domain, in addition to being given access to domain file resources, they are given access to a Microsoft SQL Server database server and an internal Web site through Windows integrated authentication. This is an example of what authentication model?
SSO
You are working on a confidential report in a crowded airport terminal. What type of attack is most likely to occur?
Shoulder Surfing
You are setting up a home office wireless network. You want the network to meet all of the following requirements: Prevent eavesdropping, block unauthorized attempts to connect to the network, enable automatic connection for authorized devices. You want to keep the network as secure as possible. What should you use?
WPA2
You are preparing to delete a user account. The account is part of a working group in which each member maintains their own working files. Access permissions are managed through a group account. What is the potential risk of deleting the user?
Files associated with the user account might be lost.
A company’s SMTP server is blacklisted by several ISPs. After further investigation, it is determined that several users in the company inadvertently sent out emails to all the users on their contact list. You need to mitigate the risk that such an incident will reoccur. What should you implement?
Outbound Spam Filter
Which password policies are most significant when ensuring that users create strong passwords? (Choose TWO.)
Password Length / Password Complexity
For which of the following would you be likely to mitigate the risk of attack through use of a screened subnet?
Supervisory Control and Data Acquisition (SCADA)
A secure email client is being developed. You need to choose an appropriate method for digitally signing and encrypting messages. The method chosen must be supported across a broad base of platforms. What should you recommend?
Pretty Good Privacy (PGP)
Which of the following is designed to perform one-way encryption?
SHA
Which key is used to encrypt data in an asymmetric encryption system?
The recipient’s public key.
Users report that Web server response was slow overnight. You suspect an attempted attack against the Web server. The Web server is deployed in a perimeter network. What should you do? (Choose two.)
Review the Web server log files. / Review the firewall log files.
Which of the following can be used to prevent external electrical fields from affecting sensitive equipment?
Faraday Cage.
Your business relies on a server-based, mission-critical application. It is a commercially produced proprietary application. What actions should you take to keep the application secure? (Choose TWO.)
Keep application patches and fixes up-to-date. / Physically uninstall any unnecessary applications from the application server.
A company is concerned about protection against zero-day attacks that are initiated by a malicious script on a website that is visited by employees. Which security option will mitigate the risk of such an attack?
Heuristic Content Inspection
You are configuring a host firewall. You need to prevent files from being uploaded or downloaded in a clear text transmission. Which ports should you block? (Choose all that apply.)
TCP 21 / UDP 20 / UDP 69 / TCP 20
Company A is planning to partner with Company B on a project. The project will require an application server at Company A to access a database server at Company B. You want to document the business and compliance requirements of the connection. What should you use?
Memorandum of Understanding (MOU)
You are looking for a method to manage access to a secure area. You want to allow entry through a locked gate automatically and track individuals going into and out of the area. Which method should you use?
Proximity Reader
Your company is preparing to deploy several new computers that have the most recent version of trusted platform module (TPM) hardware installed. What is the significance of TPM being install in the computers?
The TPM will work with encryption to generate keys that require a TPM and system platform measurements for decryption.
Which attacks are DoS attacks against a Wi-Fi network? (Choose all that apply.)
Replay / Jamming
A virus is designed to format a computer’s hard disk based on a specific calendar date. What kind of threat is this?
Logic Bomb
Your network supports a DAC system to manage file access permissions. How is this information maintained on the network?
As ACLs
What should you do to ensure that messages between an SNMP management station and SNMP agents are encrypted?
Create IPSec filters for ports 161 and 162.
A standard antivirus program is based on what kind of monitoring methodology?
Signature-Based
What can be done to prevent cookie poisoning?
Encrypt cookies before transmission.
You are preparing to deploy an e-commerce Web site. The Web site uses dynamically generated Web pages based on user input. This is a requirement for the application running on the Web site. You need to design the site to prevent cross-site scripting attacks. You need to choose the most appropriate action to take. What should you do?
Implement user input validation.
A company is concerned about the impact that could occur if an employee opened a malicious hyperlink. What type of security assessment should the company use?
Internal Penetration Test
Your organization has recently seen an increase in thefts of laptop computers and other electronic equipment. You want to keep equipment as accessible as possible while trying to prevent equipment theft. User actions needed to keep the equipment secure need to be kept to a minimum. What should you do?
Secure equipment with cable locks.
Which component of PKI is necessary for a CA to know whether to accept or reject certificates from another CA? (Choose TWO.)
Certificate Revocation List (CRL) / RA
Three companies are working together to produce a movie. A subscription to a service allows them to share data related to the project and host online meetings. Each organization has some management capabilities. What does this exemplify?
Community Cloud
A database contains organizational, product, and customer data. The SAN disk storing the database file also hosts several other large files. You need to implement a solution that will protect customers’ personally identifiable information. The solution should not impact the ability to access other data from the database or degrade general data processing performance. What should you use?
Use Field-Level Encryption
You are deploying a wireless networking infrastructure within your organization. You want to provide centralized authentication and authorization support for your wireless access points (WAPs). What should you use?
Remote Authentication Dial-In User Service (RADIUS)
What type of policy is posted on a company’s website and describes how it uses and protects customer data?
Privacy Policy
You are deploying an application server on your network that will require a higher level on defense against potential software threats that other servers on your network. You want the server to be able to actively defend itself against active attacks and potential malware infections. You need to provide this protection without impacting other servers already deployed on your network. What should you use?
Host-Based Prevention System (HIPS)
Which of the following is a stand-alone algorithm that can be used for message authentication of a plaintext (non-encrypted) message?
RIPEMD
You want to use a backup scheme that does not take too much time or require very high capacity tapes each night. Because you do not have to restore data that often, you do not care if the restore process is lengthier as a result, but you do not want it to take an unreasonable amount of time. Which of the following would be the best back up scheme to meet your goals?
Perform a full backup weekly. Perform incremental backups nightly.
You are deploying a new website. You need to request an SSL certificate from a public CA. What should you do first?
Generate a public and private key pair for their server.
Your company has begun allowing employees to bring their own devices and to connect to the company network. Which mobile device policies would help prevent BYOD devices from compromising security for devices that are already running on the network? (Choose TWO.)
Patch Management / Antivirus Management
Which attacks are more effective when the attacker looks familiar to the victim? (Choose all that apply.)
Tailgating / Spear Phishing
A server has failed four times in the past year. Which measurement is used to determine the amount of time the server was operational?
MTBF (Mean Time Between Failures)
You are determine environmental control requirements for a data center that will contain several computers? What is the role of an HVAC system in this environment? (Choose TWO.)
Maintain appropriate humidity levels. / Provide an appropriate ambient temperature.
You are developing an Internet-based application. Users will need to create passwords that are eight or more characters in length for authentication. You need a secure method to store user passwords. You want a solution that is as secure as possible against brute force attacks. What algorithm should you use for creating password-based key derivations? (Choose TWO.)
PBKDF2 / Bcrypt
Your network administrator backs up the server by using an incremental backup strategy. He uses seven tapes, one tape per day, and he performs the backup at the end of each business day. He does a full back up on Friday and Tuesday and an incremental on the other days. The server crashes on Sunday morning before the opening of business. How many tapes will he use to perform the restore on Sunday?
2
What is the primary risk of an integer overflow attack?
Arbitrary Code Execution
Your company provides specialized assistance to other companies working on projects that require a high level of technical expertise. Your company’s employees are organized around work teams that contract with outside companies. You need to ensure that the employees on a team trust certificates from the contracting company. They should not trust certificates that are associate with a project if they are not part of the project team. You need to implement a PKI trust model that lets you specify which users will trust which CAs. You need to be able to end this relationship at the end of the contract. What should you use?
CTL (Certificate Trust List)
A company has an IPv6 network with three sites. Which IP address can be routed only between cooperating sites?
fc00::/7
Your company has a web server, an IPS, and a database server on the perimeter network. You need to determine if there are vulnerabilities that would permit an attacker to compromise the database server. What are the possible ramifications of performing an intrusive vulnerability scan? (Choose TWO.)
Additional vulnerabilities might be introduced. / Services might become inaccessible.
Two devices communicate using NFC. Which attack represents the greatest vulnerability?
Eavesdropping
Network users whose computers are running Windows 7 complain that the extra windows that appear when they browse the Internet are becoming a nuisance. The user is able to close the windows and they do not prevent the user from browsing the Internet. You need to prevent these windows from appearing. What should you do?
Configure the browser’s popup blocker.
An area that has an entry door that automatically locks when the exit door unlocks.
Mantrap
An environmental control that helps detect theft.
Video surveillance
An environmental control that helps detect overheated equipment.
Environmental Monitoring
A compensating control that deters unauthorized access.
Signs
You suspect that an attacker is sending damaged packets into your network as a way to compromise your firewall. You need collect as much information about network traffic as possible. What should you use?
Protocol Analyzer
You want to ensure that users are securely and accurately identified when accessing the network. Which identification method is LEAST secure?
Username
You are creating a BCP. What should you use as a guideline for determining the restoration order for servers?
BIA (Business Impact Analysis)
Which of the following best describes a digital signature?
A message hash encrypted with the sender’s private key.
You are helping an organization develop a backup plan. You need to ensure that data backups are available in case of a catastrophic failure. You need to keep the plan as inexpensive as possible. What should you do?
Back up to removable media and store a copy offsite.
You are deploying a sensitive database server on your network. You need to make sure you are alerted about anything suspicious in the network traffic in and out of the server, or any attempts to change system files on the server. What should you do?
Deploy a host-based intrusion detection system (HIDS).
You are designing security for a financial application. You need to ensure that all tasks relating to the transfer of money require actions by more than one user through a series of checks and balances. All activity must be audited and logged. On what access control method should you design your security model?
Separation of Duties
You are designing security for network servers. The design requirements call for the servers to be kept in a locked room with limited physical access. You want to ensure that physical access is controlled as tightly as possible and prevent unauthorized access. What should you do?
Secure the room with a biometric-based lock.
Your company hired a new network administrator. The administrator will also be assisting with user support. How should you set up account security for the new administrator?
Create an administrator account and a standard user account.
Client computers on a network use POP3 over SSL to receive e-mail. The e-mail service uses standard port assignments. Which port on the Internet face of the firewall should allow inbound packets?
TCP port 995
You are deploying a new server application that accepts input forms from the Web. You are concerned about injection attack against a database server that acts as the backend for the application. Which action will help prevent attacks?
Server-Side Input Validation
You encrypt your smart phone using the built-in hardware encryption. What is a potential risk of this?
Decrypting the device will result in data loss.
You want to prevent people from reusing passwords too frequently. Which password policies will prevent this? (Choose TWO.)
Password History / Password Minimum Age
Attack Vector: Attempt to request financial information by phone. Target: Cell phone users.
Vishing
Attack Vector: E-mail requesting sensitive business information. Target: Upper-level management.
Whaling
Attack Vector: Redirecting individuals to a different, similar Web site to steal customers. Target: Internet users.
Page Hijacking
Attack Vector: Rouge security software that installs malware or steals information. Target: Internet users.
Scareware
You are preparing to perform vulnerability analysis on a network. Which tools require a computer with a network adapter that can be placed in promiscuous mode? (Choose TWO.)
Protocol Analyzer / Vulnerability Scanner
A portion of the company network is shown in the exhibit. The DNS server has crashed twice in a 24-hour period. Analysis of network traffic indicates that the DNS server has been receiving ICMP packets that are larger than allowed by the IP protocol. What type of attack does this indicate?
Ping of Death
Which wireless authentication method requires certificates on both the client and the RADIUS server?
EAP-TLS (Extensible Authentication Protocol Transport Layer Security)
An individual is contracted to set up a Web farm that includes an access portal for your network. That same individual uses the information gained during that process to infiltrate your network at a later time. How is this type of attack categorized?
Malicious Insider
You have conducted a risk assessment and identified a list of possible security controls. Which security controls should you implement first?
The security controls that will mitigate the threats with the highest risk.
You discover that when network users attempt to navigate to your company’s public Web site, they are being redirected to a different Web site. This is an example of what type of attack?
DNS Poisoning
What can you prevent when you deploy wireless devices inside a TEMPEST-certified building?
War Driving
An application is being designed to digitally sign files as it publishes them for distribution. What algorithm should be used for this purpose?
RSA
A hosting company has set up an infrastructure that provides storage and applications that are targeted specifically at non-profit fundraising organizations. Only these types of organizations will be allowed to subscribe, and each organization’s data will be kept separate. Subscribers will be charged an annual fee for access. This is an example of which?
Community Cloud
A company has an Ethernet network with four switches, as well as two wireless APs. All devices that connect to either network must be authenticated using EAP. What should you use?
802.1X
Your company is deploying a claims-based identity system that will use a multifactor authentication. It includes a Security Token Service (STS) to help manage access to secure applications. What is the role of the STS?
Authenticating clients and issuing security tokens.
Which environmental control is part of TEMPEST compliance?
Shielding
A remote collection server is managed through command-line commands. Until recently, you have been using Telnet to connect to the server, but you suspect that one or more passwords have been compromised. You are going to disable Telnet connectivity on the server. You need to use a more secure method of logging in and executing commands. What should you use?
SSH
You have deployed PKI within your organization. To meet legal reporting requirements, you need to implement a way to provide decryption keys to a third party on an as-needed basis. What should you do?
Implement a key escrow arrangement.
What is the difference between continuous monitoring and continuous auditing?
Ownership of the process.
You are tasked with determining the best use of client-side and server-side validation for a new web-based application. What is a potential risk of using client-side validation?
Client-side validation can be easily bypassed.
Which method is commonly used to mitigate attack risks to game consoles?
Firmware Updates
A server application is currently under development. It has been discovered that some errors, such as a divide by zero error, can leave the application running in an unstable condition. The application needs to respond more appropriately to errors and generate an error message when they occur. What should you implement? (More than one answer may be correct, choose the BEST answer.)
Exception Handling
Some network traffic is being redirected to a client that is infected with a Trojan. The IP addresses and MAC addresses on the redirected packets do not match up correctly. All packets have the MAC address of the infected system. The IP addresses are legitimate host addresses. This is a symptom of which kind of attack?
ARP Poisoning
What entity within a PKI verifies user requests for digital certificates?
Registration Authority
How do anomaly-based monitoring methodologies identify potential incidents?
Comparing network activity to an established baseline.
A company has a 1 Gbps Ethernet network. The company wants to implement a SAN without investing in additional network infrastructure. Which protocol can they use?
Internet Small Computer System Interface (iSCSI)
A company has a database that is used to store product inventory. The cost to the company is very high if the database is not available. Which two technology controls could be used to improve the database’s availability? (Choose TWO.)
RAID / Clustering
A company performs information classification. What is the outcome of this process?
Data is categorized in terms of confidentiality, integrity, and availability requirements.
A company wants to allow users to access the network using company-issued tablets. Only approved apps can be installed on the devices. What MDM feature provides the necessary functionality to meet this requirement?
Application Whitelisting
An employee has gained unauthorized access to a company confidential file on a file server. The employee denies viewing the file. What can you use to provide nonrepudiation?
Audit Log
You need to select an appropriate authentication protocol for a Point to Point Protocol (PPP) connection with a remote server. Authentication should be based on a hash of a shared secret key. What should you use?
Challenge-Handshake Authentication Protocol (CHAP)
You need to determine the appropriate operating system (OS) platform for developing a highly secure application. The OS must have built-in support for multilevel security. The OS should be evaluated based on Common Criteria for Information Technology Security Evaluation (Common Criteria). What security designation do you need to look for in the OS?
Trusted
A computer with the IPv4 address 192.168.1.205/26 periodically sends out broadcast messages. Which computer would receive these messages?
192.168.1.225/26
Preparing a warm site that can take over business operations quickly in case of a failure is an example of which of the following?
Risk Mitigation
When calculating risk assessment for an organization, what is the role of impact assessment?
Estimating the potential costs related to a threat.
You are looking for a way to know when people approach any of several secure areas. The method must be active 24-hours a day. You want to keep recurring expenses related to the solution to a minimum. What should you use?
Video Surveillance
Your Web site has been the repeated target of cross-site request forgery (XSRF) attacks. You want to try to prevent these from occurring. What should you do?
Require a secure, user-specific token for form submissions.
You are hired as the security administrator for a financial services company. You have been directed to set up a key escrow for all encrypted data. what should you do?
Provide copies of all keys to a designated third party.
What is a potential risk associated with WEP when it is used to secure a WLAN?
Weak Encryption
Your department will be working with the United States Department of Defense (DoD). As part of this, department members must be able to provide secure authentication credentials for access to government resources. what is the standard method of managing this?
Common Access Card (CAC)
You created custom error pages for your Web site. An attacker modified the error pages through data input through a data form on the Web site. Error pages are dynamically generated when an error occurs and the page is rendered containing script that directs the user to a malicious Web site. This is an example of what type of attack?
Cross-Site Scripting (XSS)
You are configuring a server to be used as an FTPS server. You plan to use well-known port assignments. Only connections encrypted with TLS should be permitted. The host firewall is configured for implicit deny. You define the following firewall rules: Allow UDP port 989 / Allow TCP port 989. Which additional firewall rules should you define? (Choose TWO.)
Allow UDP port 990 / Allow TCP 990
What does IPsec use to determine when to create a new set of keys?
Internet Security Association and Key Management Protocol (ISAKMP)
When should a company perform a qualitative risk assessment?
When working within a limited time frame or budget.
A server has a firewall that is configured for implicit deny. You need to be able to remotely manage the server using command-line tools from a dedicated management workstation. Management traffic must be encrypted. Which port should you allow?
TCP 22
A company recently started allowing employees to use personal mobile devices to connect to the company network. Users are concerned about the discovery and use (or misuse) of personally identifiable data stored on the devices. What type of policy should the company issue?
Privacy
Your network is isolated from the Internet by a firewall that also acts as a proxy server. You suspect that a potential attacker has been probing your network looking for open ports. What should you do?
Check the firewall log.
Each of the following situations describes an organization that is looking for an Internet-based solution. Any employee with Internet access should have access to the resources described. In which of these situations would it be most appropriate to use a hybrid cloud?
An organization hosts its own applications and data, but occasionally needs additional overflow storage.
You are designing a solution to protect your network from Internet-based attacks. You need to ensure that devices that connect to the network have operating system updates and current antivirus. Devices that do not should be automatically remediated. What should you implement?
Network Access Control (NAC)
You receive a security bulletin that a patch is available for an application running on all network client computers. The application is a mission-critical application. You download the patch to a directory on a network server. What should you do next?
Test the patch on select isolated computers.
You need to identify the source of malformed network packets flooding your network. What should you use?
Protocol Analyzer
A subscription to a productivity application allows users in a company to create and share documents. The service is not hosted on a dedicated server. What is this an example of? (Choose TWO.)
Software as a Service (SaaS) / Public Cloud
You deploy a two-factor authentication system for your network computers using a smart card and PIN. Despite this, unauthorized personnel are gaining access to the network. What should you do to help prevent this in the future?
Improve user education and awareness training.
What can be done to help minimize the risk of malware infection while a mobile device is browsing the Internet from a connection that is provided by a corporate network? (Choose TWO.)
Implement patch management. / Disable unused features.
You are configuring a firewall between the Internet and your perimeter network. There are two servers on the perimeter network. Both servers host a Web application that uses TLS. Which port should you configure to allow incoming and outgoing traffic?
TCP 443
An employee uses P2P software on the company network. What are the two most likely security ramifications? (Choose TWO.)
Confidential data will be disclosed to users outside the company. / Malicious software will be installed on the user’s computer.
You need to include a RADIUS authentication server when implementing which of the following in your network configuration? (Choose all that apply.)
802.1X Network Access Control / WPA2-Enterprise
You need to allow computers on the Internet to initiate connections to a host on the internal network with the address 192.168.50.12/24. What should you use?
Port Forwarding
You install an NIPS in your perimeter network. You need to determine how effective the NIPS is against DoS attacks targeting your Web servers. What should you do?
Perform Penetration Testing
A switch becomes a victim of a MAC flooding attack and allows an attacker access to all VLANs configured on the switch. You need to mitigate the risk of the attack reoccurring. What should you do? (Choose all that apply.)
Implement Port Security / Bind a MAC address to each port.
What is the primary purpose of a Clean Desk Policy (CDP)?
Protecting the confidentiality of data.
What is the most appropriate type of fire suppression system to install in a data center computer room?
Gaseous Fire Suppression
You are preparing to conduct a vulnerability scan of an application server. You need to determine whether to conduct a credentialed scan or a non-credentialed scan? (Choose all that apply.)
A credentialed scan allows you to generate a list of USB devices that have been attached. / A credentialed scan allows you to identify missing patches.
You need to be able to prevent users on social media sites from learning your location based on the pictures you share from your smartphone. What should you do?
Disable Geotagging
What steps can you take to mitigate the risk of a DDoS attack against a web server? (Choose all that apply.)
Monitor and analyze traffic trends. / Disable unnecessary services.
Which statement best describes an SSL or TLS connection?
The client and server negotiate to determine the algorithms that will be used.
A firewall is configured to block all incoming traffic by default. This is an example of what?
Implicit Deny
Which computing environments are designed to download firmware updates exclusively and directly from the Internet? (Choose all that apply.)
Smart Appliances / Game Consoles
A port scan indicates that a computer is listening on port 80. What does this mean?
The computer is running Web server software.
You are designing a Web-based application. You design the application so that it runs under a security context that has been granted only the permissions required for the application to run. This is an example of which of the following?
Principle of Least Privilege (POLP)
What is the most cost-effective way to defend against whaling attacks?
Educate and train upper management.
A new server application is deployed on your network. This is a recently released version of the application. You need to ensure that fixes to any vulnerabilities are applied as quickly as feasible. All changes need to be documented. What should you implement?
Patch Management
Field sales personnel have product and price lists loaded on their smartphones. This is critical data for your business. You need to ensure that this data is not accidentally disclosed or compromised while salespeople are traveling or are at customer sites. What should you do?
Install and enable remote wipe. / Require passwords on mobile devices.
Users report that they lose connection to the wireless access point. You investigate and discover radio frequencies that have a similar pattern to those transmitted by the access point. What type of attack should you suspect?
Jamming
An e-mail server supports IMAP connections. You need to ensure that all IMAP traffic is encrypted. What should you do? (Choose all that apply.)
Allow traffic on TCP port 993. / Block traffic on TCP port 143.
What is a limitation of using a CRL to determine whether or not a certificate is valid?
A CRL does not provide for real-time updates.
Which statement best describes hashing?
Transforming a variable-length input into a fixed-length string.
An outgoing message is encrypted before transmission using asymmetric cryptography. What does the recipient need to decrypt the message?
The recipient’s private key.
Your boss is concerned that an administrator might accidentally introduce a security vulnerability when installing a new server. What can you use to mitigate this risk?
Change Management
You want to design your network security around multifactor authentication. Which is a valid example of multifactor authentication?
Smart card and PIN
You have six 100 GB hard disks available for data storage. Which RAID configuration will provide the most available storage with fault tolerance?
RAID-5
The following ports are open on your perimeter network firewall: 22 / 23 / 443 / 992. Which port represents the biggest security risk from an antiquated protocol?
23
A company with a UTM wants to ensure that documents with the words “confidential” or “revenue” inside them are not sent outside the company through email or copied to a cloud service. Which UTM feature should the company configure?
Data Loss Prevention (DLP)
As the number and types of clients increases on a company’s network, the company sees a eed to place greater controls on access to its mainframe. The mainframe is deployed on a screened subnet with critical network servers and bounded by a stateful firewall. You want to implement a solution that filters traffic by port, protocol, and detailed packet content. What should you use?
Application Firewall
You are a security administrator for a company that has been contracted by a local government agency for a data collection and reporting project. Data must be stored locally to your organization and the company will be issuing weekly summary reports. At some point, it may be necessary for the government agency to view the raw data, but only after receiving proper authorization from its supervising agents or through a court order. You need to ensure this capability. What should you do?
Set up a key escrow.
Company data policy states that when a hard disk is taken out of service, it should be secured against any access to the data that was originally on the disk. Drives must be in a state that they can be put back into use later, if necessary. What method should be used?
Multiple Overwrites
You discover attempts to compromise your Web site. The attacks are based on commands sent from authenticated users’ Web browsers to the Web site. The commands execute at the user’s permission level. Users who have been contacted had no idea tat the commands were being sent from their computers. What kind of attack does this represent?
Cross-Site Request Forgery (XSRF)
A company has identified the risks shown in the exhibit. Arrange the entries in the order of rank. Place the highest ranking risk at the top of the list.
XSS attack against Web server / SQL injection attack steals customer data / DoS against Web server / Fire destroys data center
A company with a UTM wants to allow employees in the Marketing department to be able to access Facebook, but prevent them from clicking links. What should the company do?
Implement the application control feature of the UTM.
At attacker discovers a user’s password by using a set of pre-computed hashes. What type of attack occurred?
Rainbow Table
Which wireless authentication protocol performs only client authentication?
EAP-MD5
You are designing a secure application environment. You need to ensure that data is kept as secure as possible. You need to select the strictest access control model. What access control model should you use?
Mandatory Access Control (MAC)
You want to create a document that describes what types of things employees are permitted to do regarding e-mail and Web usage. What should you create?
Acceptable Use Policy
You are investigating some malware that has infected a server in your company. You make a digital copy of the hard drive that you can analyze. You place the original drive in a secure cabinet. What aspect of incident response does this illustrate?
Chain of Custody
You are tasked with finding a way to ensure non-repudiation on outgoing e-mails. What should you use?
Digital Signature
Client computers need to connect with an older server through a point-to-point protocol (PPP) connection. You need to support a wide variety of operating systems and versions. You are concerned about the potential risk of replay attacks and compromise of authentication credentials. Which authentication type should you use?
Challenge-Handshake Authentication Protocol (CHAP)
Which wireless protocol provides data confidentiality and integrity using AES?
Cipher Block Chaining Message Authentication Code Protocol (CCMP)
A local theme park requires a thumbprint scan to verify identity. This is an example of which authentication factor?
Something you are.
You have deployed a mission-critical server. You have been asked to recommend a security assessment method.
Penetration Testing: Bypasses security controls, Exploits a vulnerability, Identifies the compromised data. // Vulnerability Scanning: Finds only known vulnerabilities, Creates a baseline of vulnerabilities.
A critical server application is susceptible to shell injection privilege escalation attacks. How can you minimize the potential impact of this type of attack?
Run the application with the minimum permissions required.
A supervisory control and data acquisition (SCADA) network is used to monitor and manage a utilities distribution substation. The system must be able to recovery from device failures as quickly as possible. What should you use to help ensure this?
Control redundancy and diversity.
Targeted e-mail attacks directed at a company’s senior executives is an example of what type of social engineering attack?
Whaling
On a network that uses Kerberos, what does the client computer present as authentication to the server that contains a resource?
Session Ticket
A web application accepts data from a user in an HTML form and sends that data to a web service using the following format:

1
Jane Doe 12345

An elevation of privilege attack occurs on the server that hosts the web service. What type of application attack was used?
Extensible Markup Language (XML) Injection
Identify the attack types by dragging each attack type to the box next to its common attack vector and target. Attack Vector: Locks up system and encrypts data files. / Target: Internet Users
Attack Type: Ransomware
Identify the attack types by dragging each attack type to the box next to its common attack vector and target. Attack Vector: Redirection to fake web site to steal information. Target: Internet Users
Attack Type: Pharming
Identify the attack types by dragging each attack type to the box next to its common attack vector and target. Attack Vector: E-mail requesting sensitive information such as account numbers. Target: Multiple Users
Attack Type: Phishing
Identify the attack types by dragging each attack type to the box next to its common attack vector and target. Attack Vector: Theft of data from a wireless device. Target: Wireless devices and cell phones.
Attack Type: Bluesnarfing
You are hiring a consultant to provide a social media presence for your organization. The consultant will use her own computer. What are two potential security implications that should be covered by a legally binding policy document? (Choose TWO.)
Unauthorized Data Sharing / Data Ownership for Content Created
You need to control user access to files and folders on a network file server. The ability to read, write, and modify data needs to be managed based on individual users and on the groups to which they belong. What type of security control do you need to use?
Access Control Lists (ACL)
What can you use to mitigate the risk of an evil twin attack?
Radio Frequency (RF) Monitor
One set of permissions are assigned to a user account. Other permissions are assigned to a group to which the user belongs. How are effective rights determined?
Permissions assigned to the user and group are combined.
Your network connects to the Internet through a single firewall. The internal network is configured as a single subnet. You need to deploy a public Web server to provide product information to your customers. What should you do?
Configure a Demilitarized Zone (DMZ) and deploy the Web server on the DMZ.
All computers in your organization come with Trusted Platform Module (TPM) installed. What type of data encryption most often uses keys generated from the TPM?
Full Disk Encryption
A company is looking to develop an Internet-level browser-based Single-Sign On (SSO) solution. What should they use to accomplish this?
Security Assertion Markup Language (SAML)
Which protocol can you use to ensure that a server accepts Telnet traffic only from a designated computer?
IPSec
You are installing wireless access points on a company network that is separated from the Internet by a firewall. Which two steps can you take to mitigate the risk of eavesdropping by outsiders? (Choose TWO.)
Adjust the antenna placement. / Reduce the transmission power.
A company has a main office and three branch offices. They need to meet the following security requirements: All website traffic must be scanned for malware. All email traffic must be scanned for malware. Traffic between the main office and the branch offices should be secure. Users should not be able to access sites with inappropriate content while at work. What should you implement?
UTM Appliance (Unified Threat Management)
The mail server receives a large number of packets of the type shown in the exhibit. The packets are coming from all computers in the local network. What type of attack is under way?
Smurf Attack
A port scan indicates that a computer is listening on port 137. Which service is the computer running?
Windows Internet Naming Service (WINS)
Your organization is transitioning from a wired to a wireless network infrastructure. An outside company is being brought in to perform a wireless site survey for your organization. What should you expect as the primary feedback from the survey?
Optimum Access Point (AP) Placement
Your organization has developed a fault-tolerant design to help ensure business continuity in case of a disaster. The site has mission-critical hardware already installed and connectivity already established. Data backups of critical data are on hand, but they may be up to a week old. This is an example of which of the following:
Warm Site
You are bringing in four temporary employees to work on a short-term project. Security is a major concern and much of the activity relating to the project with be audited, especially file activity. You have set up a folder with reference files needed for the project. You have also set up a project data file folder. You create a group named SpecProject that will have all project personnel, including employees and temporary personnel, as members. All users will need access to all project data files. You need to find the best way to manage security for the temporary users. What should you do? (Choose all that apply.)
Create four user accounts for temporary employees. / Assign permissions on a per-group basis.
A router has five virtual terminals. You need to ensure that all router management traffic is encrypted. You run the commands necessary to generate a certificate. Which additional commands should you run?
line vty 0 4
transport input ssh
Your recovery plan states that it will take, on average, three hours to restore services to an operational level after a catastrophic failure. This value is known as what?
Mean Time to Restore
What kinds of attacks involve intercepting network packets? (Choose all that apply.)
Man-In-The-Middle / TCP/IP Hijacking
You are designing network access control so that remote users are limited to accessing the network during normal business hours only. Policies regarding user access apply to all users. This is an example of what type of access control?
Rule-Based Access Control
Which wireless protocol uses the pre-shared key to encrypt data?
Wired Equivalent Privacy (WEP)
A company has an office on the fifth floor of a building in a city that is prone to earthquakes. Earthquakes have been identified as the most important risk to mitigate. Which risk mitigation controls would be most important to ensuring employee safety? (Choose all that apply.)
Drills / Escape Plans / Emergency Lighting
A solution vendor bills customers for access to a three-tier application based on usage. The application is deployed in the vendor’s data center as sets of clustered virtual machines. Which type of network design element is exemplified?
Infrastructure as a service.
You receive a direct message from a friend on a social network. The message tells you about an offer to receive a $100 gift card if you are one of the first 25 to respond to a survey. You click the link and become infected with malware. Which attack principles contribute to the effectiveness of this attack? (Choose all that apply.)
Trust / Scarcity
You are a member of your company’s security team and a network administrator. You arrive at the office early once Monday morning, enter the server room, and see that the cabinet holding the daily backup tapes has been forced open and tapes are spilled out onto the floor and table. You also notice that one of the servers is running a backup. What should you do first?
Secure the area.
A data analysis application will use a session key when transferring results. What will be used for encrypting data?
Symmetric Key
You are setting up a Wi-Fi infrastructure for a hotel. The hotel wants the Wi-Fi configured to redirect guests to a Web page that provides usage instructions and prompts them for authentication information before they are granted Internet access. What should you do?
Configure a Captive Portal
You need to test a program that might be a previously unknown type of malware. You need to minimize the risk while testing and also minimize the effort necessary to recover after testing. What should you do?
Test the program on a virtual machine.
You configure your firewall to support a perimeter network. You deploy two Web servers on the perimeter network. You want to deploy a security tool that can help reconfigure the network automatically in response to detected threats. What should you use?
Network Intrusion Prevention System (NIPS)
A company is doing research on highly secure key exchange. A communication partner should be able to detect if a third party eavesdrops on the key exchange. On what type of cryptography should this technology be based?
Quantum
The basic formula for calculating ALE uses what two values? (Choose TWO.)
Revenue loss from a single risk occurrence. / The number of times you can expect a risk to occur during a year.
Your company is limiting the data which mobile devices are allowed to use. This is an example of which type of device security?
Device Access Control
How does a Network Address Translation (NAT) server help protect your network?
By masking the IP addresses of internal computers from the Internet.
War Chalking is used for what purpose?
To publicize an unprotected or poorly protected access point.
Your company has started allowing personal mobile devices on the company network. When users connect to the company Wi-Fi, a screen appears that describes what they can and cannot do on the network, and prompts them to click to acknowledge their agreement. If a user does not click Yes, he or she is not allowed to connect to the network. This is an example of what?
Acceptable Use Policy (AUP)
You need to secure access to network file servers. Your first task is to determine current access permissions. What should you do?
Review effective access permissions.
You configure a computer’s personal firewall software to block Internet Control Message Protocol (ICMP) traffic. Which utility will not be able to access the computer?
Ping
Engineering department computers are deployed on a screened subnet. You need to protect the computers against malware attacks. What should you do?
Install a HIDS on each of the departmental computers.
You are selecting a security appliance to install between an internal network and the Internet. You need to prevent users from accessing gaming sites from their work computers. Which security appliance feature allows you to meet this requirement?
URL Filtering
You are developing a Public Key Infrastructure (PKI) in your domain. You want to use a hardware device separate from your Windows servers to manage and maintain cryptographic keys. What should you use?
Hardware Security Module (HSM)
You need to encrypt the contents of a USB flash drive using the strongest possible encryption. Which type of encryption should you use?
Advanced Encryption Standard (AES)
Which of the following is designed to ensure mutual authentication?
Kerberos
You are looking for ways to prevent users from copying data from their computer systems to an external drive. You have disabled all floppy disk drives, and the computers are configured with read-only CDDVD players. What else should you do? (Choose TWO.)
Disable all USB ports in the system BIOS. / Password protect the system BIOS.
A computer configured as a router protects your network from the Internet. You discover that the router has been reconfigured. How might an attacker have gained access to the router? (Choose TWO.)
By logging on to a default account. / Through a rootkit infection.
A set of programs enable administrator access to a computer and cannot be detected through normal means. What is the BEST description of this threat?
Rootkit
You are installing a new web server that will be placed on the perimeter network. You need to mitigate the risk of a zero-day attack against the server. What steps should you take prior to attaching the server to the perimeter network? Select the steps you should take.
Install all service packs. / Configure the host firewall for implicit deny. / Rename the Administrator account.
An organization hires temporary users to assist with end-of-quarter and end-of-year resources. All of the temps need access to the same domain resources when accessing the network. Temps are hired for a specific period with a set completion date. You need to ensure user accounts used by temps can only be used during the specific end-of-quarter and end-of-year periods. You need to ensure that the accounts are not available at other times. The solution should require minimal administrative effort to maintain. What should you do?
Set expiration dates for the temp user accounts.
Which protocol provides access to directory server services?
Lightweight Directory Access Protocol (LDAP)
You compare the configuration of a database server against a known secure server.
Baseline Reporting
You identify all the listening ports on a firewall.
Attack Surface Analysis
You examine an uncompiled program to identify security vulnerabilities.
Code Review
You view the proposed network design documents to identify security vulnerabilities.
Architecture Review
You set up a virtual machine (VM) for testing different versions of an application. You want to be able to return to the baseline state as quickly as possible between each test. What should you do?
Create a snapshot of the VM.
A specialized smart card designed to be used for personal identification, computer and network access, e-mail digital signing and encryption, and to control physical access is known as what?
Common Access Card
You want to deploy a centralized authentication structure that can be used to authenticate routes, servers, and switches. You want this structure to be as secure as possible. What should you use?
TACACS+
An attacker exploits a valid session to gain access to a secure network computer. This is an example of what type of attack?
TCP/IP Hijacking
What hash algorithm is used by common implementations of CHAP?
Message Digest 5 (MD5)
A web application has an HTML form that users can fill out to perform a search for objects stored on a directory server. Unauthorized access to directory data occurred and has been traced to the web application. What type of attack occurred?
Lightweight Directory Access Protocol (LDAP) Injection
A security system validates whether or not a user has permission to complete an action. This is an example of what?
Authorization
A company works with a large, volatile set of certificates to maintain security throughout the organization. The company wants to avoid the need for clients to frequently download status information about certificates. What technology does this company need to implement?
OCSP (Online Certificate Status Protocol)
A company includes security awareness training as part of the new hire process. What topics should always be covered by a security bulletin? (Choose all that apply.)
New viruses / Zero-day threats / Industry regulation changes
You discover that company confidential information is being encoded into graphics files and sent to a destination outside of the company. This is an example of what kind of cryptography?
Steganography
You are concerned about the use of ciphers that can be implemented with a weak key, resulting in an encryption that is not secure. Which of the following are ciphers with known weak keys? (Choose two.)
DES / RC4
A set of switches is used to implement a VLAN. Where should you enable loop protection?
On all ports of each switch.
What actions can be taken to protect a Web site from XSRF attacks? (Choose all that apply.)
Enforce session timeout / Require a unique value sent in a hidden form field.
Drag the type of attack that is most closely associated with each type of server to the box identifying the server type.
DNS Injection – DNS Server / SQL Injection – Database Server / DDoS – Web Server
You are considering using cloud-based storage for a secure database. What is generally accepted as the greatest risk to data in cloud storage?
Inappropriate physical access to data.
You are planning to install a monitoring device on your network. The device must see the following requirements:
*A network administrator must be immediately notified of a suspected attack.
*Normal functionality must not be disrupted due to a suspected attack.
*The number of false positives must be minimized.
Which type of device should you install?
Signature-based NIDS (Network-based Intrusion Detection System)
A user installs an application on a computer. After installing the application, the computer begins receiving a series of pop-up ads. The ads disappear after the user enables the popup blocker. What is most likely wrong?
The application installed adware on the computer.
What would a justification for deploying a credentials manager?
To make it easier for users to keep track of multiple passwords.
You are deploying a network for a small project group. Each member should be responsible for securing access to his or her own computer’s resources. What access control model should you use?
DAC (Discretionary Access Control)
Which of the following relies on both a public and private key for encryption and decryption?
Diffie-Helmman
You have several computers that use the NTLM authentication protocol for client authentication. Network policy requires user passwords with atlas 16 characters. What hash algorithm is used for password authentication?
MD5 (Message Digest Service)
How does a NAT server help protect your network?
By masking the IP addresses of internal computers from the internet.
Written security policy states that file servers in the legal department can only be accessed by client computers in the legal department and that transmitted data must be encrypted. You configure IPSec to implement this policy. Which security principle does this BEST illustrate?
Rule-based management
A user receives an unsolicited message in a social network chat window. What type of attack does this indicate?
Spim
A company has a 1 Gbps Ethernet network. The company wants to implement a SAN without investing in additional network infrastructure. Which protocol can they use?
iSCSI (Internet Small Computer System Interface)
A number of users in your company telecommute. All users have a high-speed Internet connection. You need to allow secure remote access to the company network from users’ home computers. All data sent between users’ home computers and the company network must be encrypted. What should you install?
VPN Concentrator
Your network is configured as a distributed directory environment. You want to configure an SSO environment through your Intranet. All traffic related to authentication should be encrypted. What should you use?
Secure LDAP (Lightweight Directory Access Protocol aka LDAPS)
Your company plans to maintain copies of critical business and sales analysis information on USB removable media. The information needs to be kept secure, but must be accessible from different computers running different operating systems on an as-needed basis. The media will be stored in a safe in the locked server room when not in use. What should you do?
Use drives with built-in hardware encryption.
You are deploying an application server on your network. You need to control the types of traffic coming into and out of the server. You want to keep the effort and network changes necessary to implement and manage this to a minimum. What should you do?
Install a host-based firewall on the server.
What kinds of attacks are best prevented through user education and awareness training? (Choose two.)
Phishing / Dumpster Diving
You are setting up a Wi-Fi access point. Only clients able to support WPA2-Personal should be able to connect through the access point. You want to ensure that communications with the access point are as secure as possible. What encryption method should you use?
AES
Which wireless authentication protocol is vulnerable to password cracking?
LEAP (Lightweight Extensible Authentication Protocol)
You configure a computer’s personal firewall software to block ICMP traffic. Which utility will not be able to access the computer?
Ping
An application needs to use a two-factor authentication based on a username and password plus a one-time password generated from a shared secret key and timestamp. What algorithm can provide the one-time password.
TOTP (Time-based One-time Password Algorithm)
Which type of attack works by modifying the data contained in Internet protocol (IP) packets?
Header Manipulation
When would you implement NAC? (Choose two.)
To ensure that clients are compliant before allowing network access. / To provide automatic remediation for unsecure computers.
Select the primary risk associated with each type of attack.
Bluejacking – Spam / Bluesnarfing – Unauthorized data disclosure / WPS Attack – Unauthorized data disclosure / Evil Twin – Unauthorized Data Disclosure
You are concerned about security on an older Wi-Fi network segment. The segment is configured to use WPA for access security. You need to justify migration of WPA2. What is a primary security enhancement in WPA2 compared to WPA?
Support for CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol)
Which ports do you need to allow on an Internet-facing firewall that uses NAT-T to support an L2TP/IPSec VPN connection?
IP Protocol ID 50, UDP port 500, and UDP port 4500
An authoritative DNS server must transfer zone data to six secondary DNS servers. Which configuration provides the BEST security?
Allow zone transfer only to specific IP addresses.
A portion of the network is shown in the exhibit. A firewall is configured for implicit deny. You configure the following firewall rules for Subnet B:
PERMIT any source UDP Port 53
PERMIT any source TCP Port 53
PERMIT any source TCP Port 443
PERMIT subnet A TCP Port 139
Users in Subnet A need to be able to perform the following actions:
*Access secure websites on the Web server
*Access applications hosted on the Terminal server
You need to configure the firewall to meet the requirements. Type the port number of the port you need to allow through the firewall for traffic between Subnet A and Subnet B.
3389
A company’s network is shown in the exhibit. The company wants to make the most efficient use of IP addresses. Select the IP address the administrator should assign to each subnet from the drop-down list.
15 laptops – 192-168-20-224/28 ; 20 client computers – 192.168.20.0/27 ; 4 servers – 192.168.20.240/29
You install a wireless access point in a classroom. You need to meet the following requirements:
* Classroom computers must be able to connect to the access point.
* Students must not be able to connect using their personal laptop computers or other Wi-Fi devices.
What should you do?
Configure MAC filtering.
You install a Web application on three identical servers. You need to mitigate the risk that users will be unable to access the Web application if one of the servers fails. It should also mitigate the risk of malware infection. What should you use?
UTM appliance
You have a server that hosts several different XML Web services that access a relational database using SQL. You need to install a device that can mitigate the risk of the database server being attacked through data sent in a request. What should you use?
WAF (Web Application Firewall)
Your network is separated from the Internet by a single firewall. Employees need to access the Internet as a part of their duties. Different employees often find it necessary to navigate to the same Web sites. You need to hide as much information about the internal structure and configuration of your network as possible. You also want to minimize Internet traffic. Your solution should not increase the security risk to the internal network. What should you deploy?
Proxy server
A company has four network administrators. You need to mitigate the risk of an unauthorized change to the switch configuration. What should you do? (Choose two.)
Assign each administrator a separate username and password / Monitor the authentication and authorization logs on each switch
You are deploying a corporate telephony solution. The network includes several branch offices in remote geographic locations. You need to provide VoIP support among all office locations. You need to design a network infrastructure to support communications. You need to minimize the impact on network security. You need to minimize the costs related to deploying the solution. What should you do?
Configure a DMZ in each office.
Your organization has two groups that work with confidential projects. Membership in these groups changes as project requirements change. For each group, access to and communications with the computers of the other users in the group must be managed. You need to be able to quickly reconfigure your network to control security and bandwidth usage between computers. You need to be able to reconfigure the network quickly, without having to physically relocate computers or reroute cables at the network patch panel. What should you configure?
VLAN
A company has server applications that need to be upgraded to the most recent versions. The current hardware platforms cannot support the necessary upgrade. You want to keep the number of new servers required to a minimum. Each application needs to run in an isolated environment from other applications. What should you do?
Deploy one virtual host server and deploy the upgrades as virtual machines (VMs).
An application’s executable is digitally signed using a software developer’s private key. What does this ensure?
Integrity
Which security goal is compromised by a DDoS attack?
Availability
A company needs to share some top-secret data with a partner. Which control will provide both secrecy and privacy?
Steganography
An attack has performed privilege escalation. How can you ensure that you are aware that such an attack has occurred?
Audit failed and successful account management events.
A competitor learns company secrets by examining the contents of a USB drive that he found in a trash can during a site visit. Which two steps can best mitigate this risk? (Choose two.)
Disabling USB write capability / A data disposition policy
You are devising an incident management plan. What should be the primary goal of the incident management plan for a DoS attack on the company’s ecommerce servers?
Restore normal operations as quickly as possible.
A company has implemented a BYOD policy that applies only to members of the Sales department. The company has also performed information classification. Only members of management can access information that is classified as High. Members of the Human Resources (HR) department have access to PII for the company employees. Other employees have access to only information that is classified as Medium or Low. For each type of security training, indicate whether it should be organization-wide or role-based.
Personal device policy – Role Based / Data handling policy – Role Based / Tailgating policy – Organization Wide / Proper data disposal – Role Based
Several employees received e-mails that appeared to be from an online auction site. When the users click on the link, they are prompted for personal information. When you investigate the link, you discover that it does not go to the auction site, but to a duplicate site set up by an attacker. What kind of attack has occurred?
Phishing
A company is planning to outsource the application hosting for a critical business application. You need to determine the policies that are required. Select the policy that corresponds to each definition.
An agreement that is not legally binding – MOU / An agreement that permits repetitive purchases – BPA / A legally binding agreement that defines the level of service, including uptime and performance criteria – SLA / An agreement that governs the connectivity details between systems in the organizations – ISA
An attack was launched against a Web server. You need to ensure that any evidence you discover during you investigation can be used to prosecute the attacker. What steps should you take?
Create a bit stream image of the hard disk drive / Create a hash of the hard disk drive / Create a hash of the image / Store the original drive in a sealed and locked container / Document each step you performed.
You are beginning your investigation of a server that was the victim of a DoS attack. Where should you look for evidence first?
Registers and cache
A company is devising their incident response policy. Choose the forensics procedure that relates to each statement.
Data from structured and unstructured resources – Big data analysis / Must be document prior to beginning evidence collection – Timestamp offset / Required to determine the restitution value – Log of man hours and expenses / Helps a lawyer understand digital evidence – Expert witness
A critical web server is compromised using a persistent XSS attack. Which steps would you take as part of the containment process? (Choose two.)
Create forensic image of the server. / Redirect traffic to a different web server.
What is risk mitigation?
The process of minimizing the impact of identified risks
You create a DRP. You need to verify the DRP without impacting normal operations. What should you use?
Tabletop exercise
Your datacenter servers are located on two racks that run parallel to each other. All servers face the outside walls of the server room so that the computer exhaust vents face each other. Air conditioning outlets are located along the outside walls. The air conditioning return opens toward the space between the racks. Which statement best describes the impact of this configuration?
Energy costs are decreased
You receive an email message that appears to be from the IT director at your company. The email warns you about a zero-day virus and instructs you to find and delete a certain file on your computer. When you delete the file, your computer no longer boots. Which attack methods were used?
Impersonation / Hoax
You are configuring security for a network that is isolated from the Internet by a perimeter network. Three Web servers and an NIDS are deployed in the perimeter network. You need to test the network’s ability to detect and respond to a DoS attack against the applications running on the Web servers. What should you do?
Use penetration testing.
You suspect that someone is trying to gather information about your network. Your network is isolated from the Internet by a perimeter network. You need to gather as much information about the attacker as possible. You want to prevent the attacker from knowing that the attempt has been detected. What should you do?
Deploy a honeypot in the perimeter network.
Which of the following should be performed during software development and after software release?
Code review
Which threat vector is made possible through LSOs?
User preference tracking
An attacker sniffs a cookie from the HTTP packets sent between a web server and a browser. What attack might be in progress?
Session hijacking
A portion of a company’s network is shown in the item. The web application is first deployed to the staging server. The web server receives all web application updates from the staging server. The company was the recent victim of an attack in which customer credit card data was compromised. The attacker was a company employee. Click the terminal of the attacker’s computer to show the display of the attacker’s computer. Then select the type of attack that occurred from the Attacks list. Drag the mitigation controls that are needed to correct the vulnerability to the appropriate locations. All locations do not require a mitigation control. You can add multiple instances of controls.
DMZ Web Server: Perform input validation, Configure a WAF, Call stored procedures // Attacks: SQL Injection // Company Network Database Server: Create stored procedures, Apply updates, Limit permissions, Encrypt stored data
Which of the following is a self-replicating program or bit of code?
Worm
Which of the following can be used to launch a coordinated DDoS attack?
Botnet
You discover a program running in the background on a computer. The program is collecting address and computer name information from your network and sending it to an address on the Internet. This is an example of what kind of threat?
Spyware
You download a file management application from the Internet. When you launch the application, your screen goes blank and your hard disk’s active light starts flashing. You restart the computer and discover that your hard disk partitions have been deleted. This is an example of what kind of threat?
Trojan Horse
What is the goal of a smurf attack?
To disrupt a target network by flooding it with traffic.
What can you do to prevent an Internet attacker from using a replay attack to gain access to a secure public Web site?
Timestamp session packets.
An attacker gained administrative access to a server using a brute force attack. By the time the attack was discovered, the attacker had installed a rootkit and accessed a number of confidential files. Which steps can you take to mitigate the risk of a similar attack in the future? (Choose all that apply.)
Configure audit logs to generate an alert for failed login. / Delete unused administrative accounts. / Configure password policy to require strong passwords.
Your company is implementing BYOD. The company will take advantage of cloud-based apps to synchronize data between the user’s computer and tablet. Which tasks should the company’s BYOD policy address as part of its offboarding policy? (Choose two.)
R
You are deploying an application server on your network that will require a higher level of defense against potential software threats than other servers on your network. You want the server to be able to actively defend itself against active attacks and potential malware infections. You need to provide this protection without impacting other servers already deployed on your network. what should you use?
HIPS
Match the smartphone and thin client characteristic with the related categories. Some answers may be used more than one, and not all answers are used.
SMARTPHONE – Physical security: Highly mobile, Storage Options: Remote Wipe, OS Support: iOS or Android, Network Connectivity: Wireless Only // THIN CLIENT – Physical security: Locking cable, Storage options: No storage, OS Support: Windows and Linux, Network Connectivity: Wired/Wireless
Your application development plan calls for fuzzing. What is fuzzing used to test for?
Application flaws relating to data input
What can be done at the client to mitigate the risk of XSS?
Configure the browser to disable script processing.
A company is considering the use of a NoSQL database to support a real-time processing application. In comparison to SQL databases, what security issues must be considered?
It is more difficult to filter for injection attacks.
You want to be able to issue and manage encryption keys for your network. You do not want to fully deploy a PKI on the network. What should you use?
HSM
All computers in your organization come with TPM installed. What type of data encryption most often uses keys generated from the TPM?
Full disk encryption
Your company recently updated security to include:
* Limited physical access to mainframes and critical servers.
* Multifactor authentication required for all clients.
* Certificate-based encryption when communicating with iOS and Android devices.
This is an example of what type of risk mitigation?
Security Layers
A company is looking to develop an Internet-level browser-based SSO solution. What should they use to accomplish this?
SAML (Security Assertion Markup Language)
Which protocol encrypts all authentication traffic by default?
TACACS+
Your company has three computer security professionals. Every month, a different one is assigned to auditing duties. What principle does this illustrate?
Job rotation
What is the impact of enabling single sign-on in an enterprise network?
A user logs on once and can access multiple applications and services.
You are helping design a network to link users and resources together from multiple organizations. The design should have each user’s identity stored in each organization’s identity management system. The design should be based on which principle?
Federation
Remote users who work from their homes are allowed to log onto the network only during normal business hours. The system administrator has configured remote access portals to enforce this. This is an example of what type of access control?
Rule-based access control
What is the most reliable method for recovering a secure user account?
Restore from backups.
Your company wants to force its users to create passwords that are difficult to guess. What should you do?
Configure a password complexity policy.
You need to establish a policy to help prevent users accounts from being compromised when a user is on vacation or will not be logging on for an extended period. You need to make the account available wit the same settings and with minimal effort when the user needs network access. What should you do?
Disable the account while the user is gone and enable the account when the user returns
A user is retiring in three weeks. You want to make sure that the account is unavailable at the end of the users last day. Another user will be taking over the first user’s duties. What should you do? (Choose all that apply.)
Configure account expiration. / Manually disable the account.
You need to secure traffic between SMTP servers over the Internet. You want to make sure that servers that can connect securely use a secure connection, but you do not want to lose connections with servers that cannot connect securely. Which protocol offers the best solution?
TLS
What is used to provide secure communication over a L2TP VPN connection?
IPSec
A company is developing extremely sensitive documents. You are tasked with selecting an encryption method that cannot be cracked when properly applied. What should you use?
One-time pad