- After running a vulnerability scan on a server containing sensitive information, Mitch discovers the results shown here. What should be Mitch's highest priority?
Figure 7.1
A. Modifying encryption settings
B. Disabling the guest account
C. Disabling cached logins
D. Patching and updating software
- Gary is configuring a wireless access point that supports the WPS service. What risk exists in all implementations of WPS that he should consider?
A. Weak encryption
B. Physical access to the device
C. An offline brute force attack
D. Impossible to disable WPS
- Alan is a software developer working on a new security patch for one of his organization's products. What environment should he use when actively working on the code?
A. Production
B. Test
C. Development
D. Staging
- Bill suspects that an attacker is exploiting a zero-day vulnerability against his organization. Which one of the following attacker types is most likely to engage in this type of activity?
A. Hacktivist
B. Script kiddie
C. APT
D. White hat
- Ryan works for a firm that has a limited budget and he would like to purchase a single device that performs firewall, intrusion prevention, and content filtering functions. Which one of the following product categories is most likely to meet his needs?
A. SIEM
B. UTM
C. DLP
D. NAC
- Cole is testing a software application that must be able to handle the load of 10,000 simultaneous users each time a new product goes on sale. Which one of the following software testing techniques will best help Cole determine whether the environment will meet this requirement?
A. Fuzz testing
B. Regression testing
C. Static analysis
D. Stress testing
- Jacob's company recently implemented a new technique for securing remote access for users of BYOD mobile devices. In this approach, the user opens an application that then allows the user to connect to corporate systems. No corporate data is available outside the application. What term best describes this approach?
A. Sideloading
B. Storage segmentation
C. Full device encryption
D. Containerization
- Consider the Linux filesystem directory listing shown here. Robert has the user account "rsmith" and would like to access the secret_file.txt file. Robert is a member of the "leaders" group. What permission does Robert have for this file?
Figure 7.2
A. Robert can only read the file.
B. Robert can read and execute the file.
C. Robert can read and write the file.
D. Robert can read, write, and execute the file.
- This diagram shows the results of testing the accuracy of a biometric authentication system. In this diagram, what characteristic is designated by the arrow?
Figure 7.3
A. IRR
B. FRR
C. CER
D. FAR
- Henry would like to use a secure protocol to obtain a graphical user interface on a Windows system that he manages remotely. Which one of the following protocols would best meet his needs?
A. VPN
B. SSH
C. Telnet
D. RDP
- Rudy is configuring a router that sits at the connection between his organization's network and the internet. He is concerned about spoofed packets and would like to configure the router to perform anti-spoofing filtering. Which one of the following source IP addresses should be blocked at the router for inbound traffic?
A. 129.168.1.100
B. 12.168.1.100
C. 278.168.1.100
D. 192.168.1.100
- Julian is attempting to correlate information from the security logs of several different systems and notices that the clocks on those systems are not synchronized, making it difficult to compare log entries. Which one of the following services can best help Julian synchronize clocks?
A. LDAP
B. SMNP
C. NTP
D. RTP
- Jena is looking for a permanently situated disaster recovery option that best balances cost and recovery time. Which one of the following options should she consider?
A. Cold site
B. Warm site
C. Hot site
D. Mobile site
- Roger found the following image on a website that he administers. What type of attacker likely performed this defacement?
Figure 7.4
A. APT
B. A hacktivist
C. A nation-state
D. Organized criminals
- Frank is implementing a new VPN that will carry communications between his organization's offices around the world. His primary requirement is that the network must be able to withstand outages without disrupting communications. What term best describes Frank's requirement?
A. High latency
B. Low resiliency
C. Low latency
D. High resiliency
- Allen is building a cloud computing environment that will provide on-demand services to other administrators within his organization. What type of cloud environment is Allen creating?
A. A public cloud
B. A private cloud
C. A hybrid cloud
D. A community cloud
- Tom would like to conduct a security assessment that provides an accurate evaluation of the likelihood of an attacker gaining access to systems on his network. Which one of the following assessment tools would best meet Tom's goal?
A. A code review
B. A vulnerability scan
C. A penetration test
D. A risk assessment
- Roger is responsible for implementing a set of data quality guidelines and ensuring that they are being carried out on a day-to-day basis. Which one of the following best describes Roger's role in data governance?
A. Data custodian
B. Data owner
C. Data steward
D. Data user
- Consider the US government personal identity verification (PIV) card shown here. When the cardholder wishes to provide non-repudiation for a message, which certificate is used?
Figure 7.5
A. A PIV authentication certificate
B. An encryption certificate
C. A card authentication certificate
D. A digital signature certificate
- Which mode of cipher operation is shown here?
Figure 7.6
A. CFB
B. ECB
C. OFB
D. CBC
- Which one of the following is the most likely motivation for an attack waged by a criminal organization?
A. Financial
B. Political
C. Thrill
D. Grudge
- Ryan is configuring his organization's network firewall to allow access from the internet to the web server located in the DMZ. He would like to configure firewall rules to ensure that all access to the web server takes place over encrypted connections. What rules should he configure regarding traffic from the internet to the web server?
Figure 7.7
A. Allow both TCP ports 80 and 443
B. Allow TCP port 443 and block TCP port 80
C. Block both TCP ports 80 and 443
D. Allow TCP port 80 and block TCP port 443
- Which one of the following algorithms was approved by the US federal government for use in creating digital signatures under the Digital Signature Standard (DSS)?
A. RSA
B. DSA
C. AES
D. 3DES
- Susan is conducting a business impact analysis for her organization as part of the organization's business continuity planning initiative. During that analysis, she identifies the amount of data loss that it would be acceptable to incur while recovering a system during a disaster. What metric should she use to capture this information?
A. RPO
B. RTO
C. MTTR
D. CMTBF
- Paul is evaluating the performance of his organization's business continuity efforts and measures the amount of time that it takes to restore service when a critical router fails. What metric should Paul use to capture this information?
A. MTBF
B. MTTR
C. RTO
D. RPO
- Karl would like to take advantage of mobile devices to implement a second authentication factor for his organization's ERP system. Which one of the following approaches typically has the highest user satisfaction rate?
A. Email notifications
B. SMS notifications
C. Push notifications
D. An app-based passcode generator
- During a vulnerability scan, Bill discovers that a system running on his network has an outdated version of Linux. The system is a network appliance, and Bill can only access it through the appliance's GUI. What should Bill do next?
A. Upgrade the operating system by downloading the source files for a current version of Linux.
B. Obtain an update from the appliance manufacturer.
C. Use the yum or apt-get commands to upgrade the operating system.
D. No action is necessary.
- When performing encryption using the Triple DES algorithm, how many different keys are required to use the most secure mode of operation?
A. 1
B. 2
C. 3
D. 4
- Alison is troubleshooting a connectivity issue where the database server is unable to access a file stored on the file server. She verified that the filesystem permissions are correct. She suspects a firewall issue and examines the network diagram shown here. What is the best place for her to investigate next?
Figure 7.8
A. The web server host firewall
B. The database server host firewall
C. The hardware firewall
D. The file server host firewall
- Flo is the administrator for a server that is using RAID 5 with a six-disk array. In this approach, what is the maximum number of disks that can fail without permanent loss of data?
A. 1
B. 2
C. 3
D. 4
- April recently selected a high-quality safe that is rated as requiring at least 30 minutes for a skilled intruder to open it with appropriate tools. She selected this over a lesser-quality safe that did not provide a guaranteed rating. What type of control is this upgraded safe?
A. Corrective
B. Detective
C. Preventive
D. Compensating
- Eric would like to select a key stretching algorithm that is protected against attack by requiring a brute force attacker to use both extensive memory and CPU resources. Which one of the following algorithms would be most appropriate?
A. RIPEMD
B. PBKDF2
C. HMAC
D. Bcrypt
- When a filesystem consults an access control list (ACL), what phase of the AAA process is occurring?
A. Authentication
B. Identification
C. Authorization
D. Accounting
- Maureen is conducting a penetration attack against a website and she has gained access to a hashed password file from the site. The site does not have a strong password policy. Which one of the following techniques would be the most effective way for Maureen to exploit this file?
A. A rainbow table attack
B. A dictionary attack
C. An offline brute force attack
D. An online brute force attack
- What mode of encryption is shown here?
Figure 7.9
A. OFB
B. CFB
C. CBC
D. ECB
- Which one of the following key lengths is not supported by the AES encryption algorithm?
A. 128 bits
B. 192 bits
C. 256 bits
D. 512 bits
- Fran would like to prevent users in her organization from downloading apps from third-party app stores. Which one of the following mobile device categories provides the strongest controls against the use of third-party app stores?
A. Apple iPhone
B. Samsung Galaxy
C. Motorola Moto
D. Huawei P-series
- Consider the load-balanced servers shown in the following diagram. The load balancer is using affinity scheduling and receives a request from a client who already has an active session on Server B. Which server will receive the new request from that client?
Figure 7.10
A. Server A
B. Server B
C. Server C
D. Server D
- Lynn would like to adjust her organization's password policy to be in line with current standards published by NIST. How often should she set user passwords to expire?
A. Every 180 days
B. Every 30 days
C. Every 90 days
D. Never
- Peter is conducting a penetration test of his own organization. He has completed his reconnaissance work and is now attempting to gain access to a system with internet exposure. What phase of the test is Peter in?
A. Pivot
B. Initial exploitation
C. Escalation of privilege
D. Persistence
- Given the network diagram shown here, what is the most appropriate location to place the correlation engine for a SIEM?
Figure 7.11
A. Location 1
B. Location 2
C. Location 3
D. None of the above
- Marty is designing a new access control system for his organization. He created groups for each type of user: engineers, managers, designers, marketers, and sales. Each of these groups has different access permissions. What type of access control scheme is Marty using?
A. Role-based access control
B. Rule-based access control
C. Discretionary access control
D. Mandatory access control
- Tina is concerned that an intruder who gains access to a facility may disconnect an existing network device from the wired network and use the jack to connect a malicious device. What switch security feature would prevent this type of attack?
A. Port security
B. Flood guard
C. Loop protection
D. Traffic encryption
- Solve the exclusive or (XOR) operation shown here:
Figure 7.12
A. 1101
B. 0110
C. 1001
D. 0010
- Which one of the following security tasks would benefit the least from introducing automation?
A. Password resets
B. Firewall log analysis
C. Risk assessments
D. Configuration management
- Which one of the following mobile device deployment models allows employees to select the device they would like to use from a list of approved corporate-owned models?
A. BYOD
B. COPE
C. CYOD
D. Corporate-owned
- Glenn is designing the network security controls around a crucial system that controls the functioning of a manufacturing process. He would like to apply the strongest degree of network segmentation possible. Which one of the following controls would best achieve his objective?
A. VLAN segmentation
B. Air gap
C. Firewall zone segmentation
D. Router segmentation
- Gary is conducting a penetration test and obtains a copy of the password file for a web service. He creates a list of common passwords and uses it to try to break passwords in the file. What type of attack is Gary waging?
A. Offline brute force
B. Online brute force
C. Rainbow table
D. Dictionary
- Tom is investigating an application that slowly consumes the memory on a server until it is using all of the available resources, at which time the system hangs. After a reboot, the application uses a minimal amount of memory, but that memory consumption again grows until the next crash. What is the most likely cause of this issue?
A. Pointer dereference
B. Buffer overflow
C. Integer overflow
D. Memory leak
- Which one of the following authentication mechanisms is generally not used in smartphone devices?
A. Fingerprint scanning
B. Facial recognition
C. Passcode
D. Retinal scanning
- Laura is implementing DNSSEC to add security to her organization's Domain Name Service (DNS) infrastructure. What cipher suite must she support to ensure compatibility with other DNSSEC servers?
A. RSA/SHA-512
B. RSA/MD5
C. RSA/SHA-256
D. RSA/SHA-1
- Which one of the following attack types does NOT usually depend upon a design flaw in a web application?
A. XSRF
B. Shimming
C. XSS
D. SQL injection
- What attribute of a digital certificate indicates the specific purpose for which the certificate may be used?
A. The private key
B. The serial number
C. The public key
D. OID
- Gina's organization uses a minification function to process their JavaScript code. This results in code that uses generic variable names, no comments, and minimal spacing, such as the code shown here. What term best describes what has happened to this code from a security perspective?
Figure 7.13
A. Encryption
B. Obfuscation
C. Hashing
D. Masking
- What type of security control is shown here?
Figure 7.14
A. Mantrap
B. Faraday cage
C. Bollard
D. Fence
- What cryptographic technique does WPA use to overcome the weaknesses in the WEP algorithm?
A. TKIP
B. CCMP
C. Hashing
D. AES
- Yvonne is investigating an attack where a user visited a malicious website and the website sent an instruction that caused the browser to access the user's bank website and initiate a money transfer. The user was logged into the bank website in a different browser tab. What type of attack most likely took place?
A. Stored XSS
B. XSRF
C. Reflected XSS
D. DOM XSS
- Brianne is concerned that the logs generated by different devices on her network have inaccurate timestamps generated by the differing internal clocks of each device. What protocol can best assist her with remediating this situation?
A. NTP
B. TLS
C. SSH
D. OSCP
- Tina is investigating a security incident on a system in her organization. The user reports that he can't access any files on the device and he sees the warning message shown here. What type of attack has taken place?
Figure 7.15
A. Keylogger
B. Spyware
C. RAT
D. Ransomware
- Which one of the following systems would be most likely to detect a distributed denial-of-service attack that attempts to perform SYN flooding from across the internet to a web server on an organization's DMZ network?
A. Heuristic NIDS
B. Heuristic HIDS
C. Signature NIDS
D. Behavioral NIDS
- Mandy works for an organization that is planning an expansion into Italy and France over the next 2 years. What privacy regulation will apply to her company's operation in those countries?
A. HIPAA
B. DPD
C. GDPR
D. GLBA
- During a vulnerability assessment, Sonia discovered the issue shown here in a web server used by her organization. What is likely to be the most effective method for resolving this issue?
Figure 7.16
A. Patching Apache Tomcat
B. Patching the operating system
C. Deploying a web application firewall
D. Deploying a content filter
- Paul is conducting a penetration test and has gained a foothold on a web server used by the target organization. He is now attempting to use that web server to gain access to a file server on the organization's internal network. What stage of the penetration testing process is Paul in?
A. Reconnaissance
B. Initial exploitation
C. Pivot
D. Scoping
- Lynn examines the userPassword attribute for a variety of users of the OpenLDAP system and sees the results shown here. How are these passwords stored?
Figure 7.17
A. In unsalted form
B. In hashed form
C. In encrypted form
D. In cleartext form
- What biometric authentication technology could be used on the image shown here?
Figure 7.18
A. Facial recognition
B. Iris recognition
C. Retinal recognition
D. Fingerprint recognition
- Roland's company requires supervisors to approve payment requests entered by accounting clerks when the total amount of the payment is over $10,000. What type of control is this?
A. Least privilege
B. Separation of duties
C. Two-person control
D. Job rotation
- During a recent penetration test, the attacker dressed up in a security guard uniform identical to those used by a firm and began directing people to vacate the data center due to a security threat. What principle of social engineering BEST describes this technique?
A. Authority
B. Intimidation
C. Consensus
D. Scarcity
- Vic is the security administrator for a field engineering team that must make connections back to the home office. Engineers also must be able to simultaneously connect to systems on their customer's networks to perform troubleshooting. Vic would like to ensure that connections to the home office use a VPN. What type of VPN would best meet his needs?
A. Full tunnel
B. Split tunnel
C. TLS
D. IPsec
- What type of hypervisor is shown in the diagram?
Figure 7.19
A. Type 1 Hypervisor
B. Type 2 Hypervisor
C. Type 3 hypervisor
D. Type 4 hypervisor
Questions 70 through 73 refer to the following scenario:
Kyle is conducting a business impact assessment for his organization. As a result of his work, he identifies a single point of failure in his network, caused by an expensive network firewall that protects a big data storage environment. The organization chooses not to make the firewall redundant. Kyle estimates that the firewall will fail once every 4 years and that it will take 3 days to obtain and install a replacement if it does fail.
Kyle explains this disruption to business leaders and determines that the business cannot tolerate an outage of more than 4 hours. If there were an outage, the organization must be able to restore all of the data contained in the environment to the state it was in, at most, 1 hour prior to the failure.
- What is the MTTR in this scenario?
A. 1 hour
B. 4 hours
C. 3 days
D. 4 years
- What is the MTBF in this scenario?
A. 1 hour
B. 4 hours
C. 3 days
D. 4 years
- What is the RTO in this scenario?
A. 1 hour
B. 4 hours
C. 3 days
D. 4 years
- What is the RPO in this scenario?
A. 1 hour
B. 4 hours
C. 3 days
D. 4 years
- Consider the transitive domain relationships shown here. Joe has a user account in Domain D. Which one of the following statements is incorrect?
Figure 7.20
A. Joe can use his account in Domain A.
B. Joe can use his account in Domain B.
C. Joe can use his account in Domain C.
D. Joe can use his account in Domain D.
- Molly's organization has a shared account that they use to provide access to vendors. What is the primary security objective that is sacrificed using this model, assuming that the password is not shared with unauthorized individuals?
A. Least privilege
B. Accountability
C. Confidentiality
D. Integrity
- Donna is looking for a secure way to transfer files between systems. The systems in question are already configured for SSH connections. What file transfer method could she use that would leverage the SSH protocol?
A. SFTP
B. FTPS
C. Dropbox
D. HTTPS
- Kristen's organization recently entered into a business partnership with a new shipping vendor. She is placing a server on the network that will facilitate shipping transactions and must be accessed by both the vendor and internal users. Which network zone is the most appropriate placement for this server?
A. The guest network
B. The intranet
C. DMZ
D. The extranet
- Tonya is analyzing host firewall logs in an effort to diagnose a service that is not responding to user requests. She finds entries in the host firewall logs indicating that the traffic was allowed. What is the most likely cause of the service not responding?
A. Application failure
B. Host firewall misconfiguration
C. Network IPS misconfiguration
D. Network firewall misconfiguration
- Which one of the following security controls would be the least effective at detecting fraud committed by an employee?
A. Separation of duties
B. Job rotation
C. Mandatory vacation
D. Privileged access monitoring
- Brian is the physical security official for a data center hosting organization. While entering the building this morning, he noticed that one employee used his badge to enter the building and then held the door open for two other employees. Which one of the following situations occurred?
A. Piggybacking
B. Dumpster diving
C. Shoulder surfing
D. Impersonation
- Consider the statistics shown here for a biometric authentication system. What is the system's FRR based upon this data?
Figure 7.21
A. 2%
B. 4%
C. 5%
D. 10%
- Carl is selecting a data loss prevention (DLP) system for use in his organization. He would like to choose an approach that requires the least maintenance effort from his team. Which solution would best meet Carl's needs?
A. Host-based DLP
B. Network-based DLP
C. Cloud-based DLP
D. Signature-based DLP
- Ryan would like to restrict the use of a sensitive mobile application so that users may only use it when they are located in a building on his company's corporate campus. Which one of the following technologies can he use to best enforce this restriction?
A. Application control
B. Geofencing
C. Remote wiping
D. Containerization
- Val is conducting a black-box penetration test on a website and would like to try to gain access to a user account. If she has not yet gained access to any systems on the target network, which one of the following attacks would be most effective?
A. Rainbow table
B. Offline brute force
C. Offline dictionary
D. Online brute force
- Gayle is logging onto a website managed by a third-party vendor using credentials provided by her employer. The authentication system uses SAML-based authentication. In this scenario, who is the identity provider?
A. Gayle's web browser
B. The vendor
C. Gayle's employer
D. The certificate authority
- Corwin is beginning a penetration test and is reviewing the technical documentation provided by management that explains how the systems are designed and laid out. What type of test is Corwin most likely performing?
A. Red box
B. Grey box
C. White box
D. Black box
- Sandra would like to prevent users of her organization's mobile devices from using those devices to connect laptops and other systems to the network. What feature of mobile devices should she disable through her mobile device management platform?
A. Split tunneling
B. Tethering
C. Split horizon DNS
D. TLS
Questions 88 through 90 refer to the following scenario.
Gavin is considering different options for backing up the file server used by his organization. This server exhibits the normal usage patterns of an office file server. The four strategies he is considering are shown here:
Figure 7.22
- If Gavin's primary concern is conserving disk space, which option should he choose?
A. Option A
B. Option B
C. Option C
D. Option D
- If Gavin's primary concern is the speed of recovering the system after a failure, which option should he choose?
A. Option A
B. Option B
C. Option C
D. Option D
- If Gavin's primary concern is the amount of time required to perform the backups, which option should he choose?
A. Option A
B. Option B
C. Option C
D. Option D