- Ralph is reviewing user accounts and matching up the permissions assigned to those accounts in the ERP to access requests made by managers. What activity is Ralph undertaking?
A. Credential management
B. Usage auditing
C. Privilege auditing
D. Multifactor authentication
- Tom is concerned about the fact that executives routinely leave their mobile devices unattended on their desks in the office. What control can he enforce through his MDM tool to prevent misuse of those devices?
A. Remote wipe
B. Geofencing
C. Screen locking
D. Application control
- Taylor is conducting a business impact analysis for her organization as part of the organization's business continuity planning initiative. During that analysis, she identifies the amount of time that would be acceptable for a system to be down during a disaster. What metric should she use to capture this information?
A. RPO
B. RTO
C. MTTR
D. MTBF
- George is evaluating the performance of his organization's business continuity efforts and measures the amount of time that passes between each time that a web server experiences a hard drive failure. What metric should George use to capture this information?
A. RPO
B. MTTR
C. MTBF
D. RTO
- Ralph comes across a legacy infrastructure that uses telnet to create an administrative connection between a client and a server. Even though this connection takes place over a private network link, Ralph would like to replace telnet with a secure protocol to prevent eavesdropping. What protocol would be the easiest drop-in replacement for telnet?
A. TLS
B. FTPS
C. SSL
D. SSH
- Will is selecting a new encryption algorithm for use in his organization. Which one of the following algorithms is weak and should not be considered for use?
A. DES
B. 3DES
C. AES
D. RSA
- What type of proxy server is shown in the following illustration?
Figure 8.1
A. Forward proxy
B. Reverse proxy
C. Caching proxy
D. Content filtering proxy
- Fred created a set of IP restrictions on his Cisco router using Cisco's extended access control list (ACL) functionality. What type of access control model is Fred enforcing?
A. Role-based access control
B. Rule-based access control
C. Attribute-based access control
D. Discretionary access control
- Sandy is designing a new computing environment for his company. He is contracting with XYZ Cloud Services, who will be providing him with the ability to provision servers on a self-service basis. What type of cloud provider is XYZ?
A. SaaS
B. IaaS
C. PaaS
D. SecaaS
- Tom is investigating a report from his organization's intrusion detection system. After an exhaustive investigation, he determines that the activity detected by the system was actually not an attack. What type of report took place?
A. False negative
B. True positive
C. True negative
D. False positive
- What common clause in software is used specifically for error handling?
A. Try...catch
B. If...then
C. Do...while
D. For loop
- Which one of the following EAP protocols does not take advantage of transport layer security?
A. EAP-FAST
B. EAP-IKEv2
C. EAP-TLS
D. EAP-TTLS
- Linda is investigating a security incident that took place in her organization. The attacker issued himself checks from an organization account and then created false journal entries in the accounting system to cover them up. There are no signs of unauthorized activity in IPS or firewall logs. What type of attacker most likely conducted this attack?
A. Script kiddie
B. Organized crime
C. Insider
D. Competitor
- Carla is conducting a penetration test and she has successfully gained access to a jumpbox system through the use of social engineering. Her current access is as a standard user and she is attempting to gain administrative access to the server. What penetration testing activity is Carla engaged in?
A. Initial exploit
B. Pivot
C. Persistence
D. Escalation of privilege
- Kevin is deploying a new customer relationship management (CRM) server. The services offered by this device will be accessible only to employees of Kevin's company. What network zone offers the most appropriate placement for this server?
A. DMZ
B. Extranet
C. Intranet
D. Guest network
- Samantha is the administrator of her organization's mobile devices and wants to ensure that users have current versions of the operating system firmware. Which one of the following approaches will best meet this need?
A. Administrator installation
B. OTA upgrades
C. User installation
D. Sideloading
- Which one of the following data destruction techniques produces waste material that requires wearing a respirator during exposure?
A. Pulverization
B. Wiping
C. Purging
D. Degaussing
- Tim is investigating an ARP spoofing attack that took place on his organization's network. What is the maximum scope of a single ARP spoofing attack?
A. The attacker and the victim must be using the same router.
B. The attacker and the victim must be behind the same firewall.
C. The attacker and the victim must be connected to the same switch.
D. The attacker and the victim must be sharing a switch port.
- Which one of the following is not an appropriate use of the MD5 hash function?
A. Verifying file checksums against corruption
B. Partitioning database records
C. Creating digital signatures
D. Identifying duplicate records
- What type of lock is shown here?
Figure 8.2
A. Preset lock
B. Cipher lock
C. Biometric lock
D. Smartcard lock
- What cryptographic cipher is used in the Bcrypt key stretching function?
A. 3DES
B. AES
C. Blowfish
D. RSA
- Patrick is investigating a security incident and is able to monitor an intruder's activity on one of his servers. The intruder wrote a script that is attempting to log into a web application using an administrator account. It first attempted the password aaaaaaaa, followed by aaaaaaab, aaaaaaac, and so on. What type of attack is taking place?
A. Offline brute force
B. Online brute force
C. Dictionary
D. Rainbow table
- Which one of the following activities is not a passive test of security controls?
A. Configuration analysis
B. Penetration testing
C. Network monitoring
D. Intrusion detection
- Which one of the following is an example of a privilege escalation attack against a mobile device?
A. Jailbreaking
B. Sideloading
C. Man-in-the-middle
D. Tethering
- Which one of the following is an example of a platform-as-a-service (PaaS) computing environment?
A. Amazon EC2
B. Amazon Lambda
C. Microsoft Azure Virtual Machine
D. Microsoft Azure DNS
- Which one of the following techniques is an example of dynamic code testing?
A. Fuzzing
B. Data flow analysis
C. Taint analysis
D. Lexical analysis
- David is purchasing cloud infrastructure services from Microsoft Azure. Use of the servers he purchases will be strictly limited to employees of his company. What type of cloud environment is this?
A. Hybrid cloud
B. Private cloud
C. Public cloud
D. Community cloud
- Which one of the following tools is useful in testing the security of a wireless network's encryption key?
A. nmap
B. NetStumbler
C. Aircrack
D. QualysGuard
- Frances is investigating a security incident where a former employee accessed a critical system after termination, despite the fact that the employee's account was disabled. Frances learned that the employee, a software engineer, created a dummy username and password that was hardcoded into the application and used those credentials to log in. What type of attack took place?
A. Logic bomb
B. Backdoor
C. Remote access Trojan
D. Ransomware
- Orlando is configuring his network firewall to allow access to the organization's email server, as shown in the following image. He would like to allow internet users to send emails to the organization but would like to only allow internal users to access emails on the server. What protocol(s) should Orlando allow to access the email server from the internet?
Figure 8.3
A. IMAP only
B. SMTP only
C. POP3 only
D. IMAP and POP3
- Which one of the following RADIUS messages is normally found only in situations where an organization is implementing multifactor authentication?
A. Access-Accept
B. Access-Request
C. Access-Challenge
D. Access-Reject
- Visitors to the website arifrance.com found themselves directed to a website containing discount travel information when they expected to find the Air France corporate website. What type of attack took place?
A. Typosquatting
B. Website defacement
C. Clickjacking
D. Session hijacking
- Which one of the following terms best describes the level of firewall protection that is typically found in router access control lists?
A. Stateful
B. Stateless
C. Next-generation
D. Proxying
- Norm is designing a file transfer mechanism to facilitate the flow of information between the hospital where he works and an X-ray service provider with locations around the city. Which one of the following protocols does NOT provide a secure option for these file transfers?
A. SFTP
B. SCP
C. FTP
D. FTPS
- After running a vulnerability scan of a copy machine, Tom discovers the results shown in the following screenshot. What is the most likely cause of these results?
Figure 8.4
A. The copy machine has an embedded operating system.
B. The results are false positives.
C. Tom scanned the wrong IP address.
D. The results are true negatives.
- Colleen is running two load balancers in active/active mode. What is the most significant risk that she is likely facing?
A. Servers must be manually assigned to load balancers.
B. Network traffic may be misrouted.
C. The load balancers may not have the capacity to survive the failure of one device.
D. The two load balancers may become out of sync.
- Which one of the following cipher types works on plaintext one bit or byte at a time?
A. Block cipher
B. Stream cipher
C. AES
D. Blowfish
- What mode of cipher operation is shown here?
Figure 8.6
A. CBC
B. OFB
C. ECB
D. CFB
- Which one of the following tools may be used to scan a system over the network and detect potential vulnerabilities in that system?
A. Nessus
B. Nmap
C. Jack the Ripper
D. Kismet
- Which one of the following mobile device deployment models allows employees to bring personally owned devices into the corporate environment?
A. COPE
B. CYOD
C. BYOD
D. Corporate-owned
- Roger is conducting a penetration test and has gained administrative access to a system on his target network. He is now using those administrative privileges to set up a back door. What stage of the attack is Roger in?
A. Persistence
B. Initial exploitation
C. Privilege escalation
D. Pivot
- During a web application security review, Crystal discovered that one of her organization's applications is vulnerable to SQL injection attacks. Where would be the best place for Crystal to address the root cause issue?
A. Database server configuration
B. Web server configuration
C. Application code
D. Web application firewall
- Tim is choosing a card-based control system for physical access to his facility. His primary concern is the speed of authentication. Which type of card would be most appropriate for this situation?
A. Proximity card
B. Smart card
C. Magnetic stripe card
D. Photo ID card
- Which one of the following types of access is necessary to engage in a pass-the-hash attack?
A. Access to a domain workstation
B. Access to a domain controller
C. Access to a network segment
D. Access to a public website
- This diagram shows the results of testing the accuracy of a biometric authentication system. In this diagram, what characteristic is designated by the arrow?
Figure 8.7
A. CER
B. FAR
C. IRR
D. FRR
- Gail is a software developer who recently completed the coding of a new module that will be incorporated into one of her organization's products. Now that her work is complete, she is ready to request that the code be moved to the next environment. Where should the code go next?
A. Development environment
B. Test environment
C. Staging environment
D. Production environment
- What is the primary purpose of the Diffie-Hellman (DH) algorithm?
A. Digital signatures
B. Key exchange
C. Message confidentiality
D. Authentication
- Which one of the following characteristics does not accurately describe an Agile approach to software development?
A. Features are prioritized by the value added.
B. Customers should be available throughout the project.
C. Requirements are clearly defined before beginning development.
D. Changes are welcomed in the process.
- Carl is creating an authentication system where users seeking to access web applications will be redirected to a login page, such as the one shown here. What type of authentication is Carl seeking to implement?
Figure 8.8
A. SAML
B. SSO
C. Federation
D. RADIUS
- Which one of the following wireless networking protocols makes use of a backend authentication server?
A. WPA-PSK
B. WPA-Enterprise
C. WEP-PSK
D. WPS
- Nadine recently accepted a new position as the CISO of a financial institution. What regulatory body produces information security standards that specifically apply to financial institutions?
A. FDA
B. FERC
C. FFIEC
D. FRA
- Roger recently deployed an IDS on his organization's network and tuned it to reduce the false positive rate. Which one of the following categories best describes this control?
A. Corrective
B. Preventive
C. Detective
D. Compensating
- Xavier is concerned about the security of a wireless network in his organization's conference facility that uses WPS to connect new clients. What is the best action that Xavier can take to protect this network?
A. Remove WPS stickers from wireless access points.
B. Disable WPS.
C. Use a strong WPS PIN.
D. Change the PSK.
- Bruce is investigating a security incident that involves the embezzlement of funds from his organization. Which one of the following groups should be the first focus of his investigation?
A. Script kiddies
B. APTs
C. Insiders
D. Hacktivists
- Consider the hardware passcode generator shown here. What algorithm does this token use to generate passcodes?
Figure 8.9
A. LOTP
B. TOTP
C. HOTP
D. KOTP
- Which one of the following categories of account should normally exist on a secured server?
A. Guest account
B. Service account
C. Generic account
D. Shared account
- Which encryption mode of operation is shown in the following figure?
Figure 8.10
A. CTM
B. GCM
C. ECB
D. OFB
- Roger's digital forensics team places any mobile devices collected as evidence in bags such as the one shown here. What is the primary purpose of this bag?
Figure 8.11
A. Prevent communication with the device.
B. Maintain the chain of custody.
C. Categorize the evidence.
D. Prevent others from seeing the evidence.
- Mike would like to allow users on his network to securely access their personal Gmail accounts using the service's standard interface. What protocol must he allow through his network firewall to Google's servers to allow this access?
A. IMAP
B. SMTP
C. HTTPS
D. POP3
- Taylor is building a server where data will be infrequently written but frequently read. He would like to use a redundant storage solution that maximizes read performance. Which one of the following approaches would best meet his needs?
A. RAID 0
B. RAID 1
C. RAID 3
D. RAID 5
- In the following diagram, what type of attack is Mal waging against Alice?
Figure 8.12
A. Man-in-the-middle
B. Social engineering
C. Replay attack
D. Dictionary
- Which one of the following statements is true about NTLM authentication?
A. NTLMv2 is protected against pass-the-hash attacks that exist in the original version of NTLM.
B. NTLM uses SHA-512 hashing to protect passwords.
C. NTLM and NTLMv2 are both insecure and should not be used.
D. NTLM is only available for Windows systems.
- When a certificate authority creates a digital certificate for a web server, what key does it use to apply the CA's digital signature to the certificate?
A. Server's private key
B. CA's public key
C. CA's private key
D. Server's public key
- Which one of the following authentication techniques generally provides the least degree of security for a mobile device?
A. Password authentication
B. Fingerprint authentication
C. PIN authentication
D. Facial recognition
- Mike stores some sensitive passwords in a text file called mypasswords.txt. The permissions for this file are shown here. Mike's user ID is mchapple. Which statement best describes the access permissions for this file?
Figure 8.13
A. Anyone on the system can read the file.
B. Only Mike can read the file.
C. Mike and any member of the staff group can read the file.
D. Only Mike and system administrators can read this file.
- In what type of attack does the attacker place malicious content on a website that is frequented by individuals in the target organization in the hopes that one of those individuals will visit the site with a vulnerable system and become compromised?
A. Man-in-the-middle attack
B. DDoS attack
C. Watering hole attack
D. Man-in-the-browser attack
- During a vulnerability scan of an internal web application, Christine discovers the issues shown in the following screenshot. What action should she recommend to correct the issue while minimizing cost and labor?
Figure 8.14
A. Replace the certificate with a certificate from a third-party CA.
B. Replace the certificate with a certificate from the same source.
C. No change is required. These are false positive reports.
D. Replace the certificate with a certificate supporting stronger encryption.
- Consider the statistics shown here for a biometric authentication system. What is the system's FAR based upon this data?
Figure 8.15
A. 1%
B. 2%
C. 8%
D. 16%
- Examine the digital certificate shown here. How many intermediate CAs were involved in the creation of this certificate?
Figure 8.16
A. 0
B. 1
C. 2
D. 3
- Frank is revising an application that currently stores Social Security numbers in a database. This is the only unique identifier available to him but he would like to store it in a way that nobody can determine the original Social Security numbers, but it remains useful as a unique identifier. What technology can Frank apply to best meet this requirement?
A. Steganography
B. Encryption
C. Decryption
D. Hashing
- Roger's company did not have a strong disaster recovery plan and suffered a catastrophic data center outage. With no plan in place, what option likely allows them the quickest recovery at their primary site?
A. Warm site
B. Hot site
C. Mobile site
D. Cold site
- Henrietta is concerned about the possibility that an attacker will obtain a copy of her password file and conduct a rainbow table attack against it. What technique can she use to best prevent this type of attack?
A. Salting
B. Hashing
C. Password complexity requirements
D. Encryption
- Flora is conducting a penetration test of a client and wishes to gain physical access to the building during daylight hours. Which one of the following techniques is least likely to arouse suspicion?
A. Pretexting
B. Lock picking
C. Tailgating
D. Climbing in an open window
- Andrea was investigating the IP address(es) associated with a domain name and obtained the results shown in the following screenshot. What tool did she use to obtain these results?
Figure 8.17
A. dig
B. nslookup
C. dnsquery
D. resolve
- Which one of the following objects, if successfully stolen, would be most useful in a session hijacking attack?
A. IP address
B. Public key
C. Digital certificate
D. Cookie
- Dan recently received a digitally signed message and when he attempted to verify the digital signature received an error that the hash values did not match. What can Dan conclude from this error?
A. The message was accidentally corrupted in transit.
B. The message was altered by a malicious individual after being sent.
C. Dan can't draw one of these specific conclusions.
D. There was an error creating the digital signature.
- Which one of the following technologies can be used to mitigate the effects of a denial-of-service attack on a local area network?
A. Flood guard
B. Loop prevention
C. Split horizon
D. Hold-down timers
- Melanie is the system administrator for a database containing sensitive information. She is responsible for implementing security controls to protect the contents of the database. Which term best describes her role?
A. Data owner
B. Data steward
C. Data user
D. Data custodian
- Greg visits a website and sees the error shown in the following screenshot. What is the most likely cause of this error message?
Figure 8.18
A. The certificate uses an insecure cipher, such as DES.
B. The website is using a self-signed certificate.
C. The certificate is expired.
D. The certificate does not support TLS communication.
- Brendan is helping a colleague troubleshoot a connectivity issue for two systems using the Secure File Transfer Protocol (SFTP). He would like to check whether the traffic is being blocked by his network firewall. What TCP port is used for these connections?
A. 22
B. 21
C. 20
D. 23
- Ben finds that the DNS servers in his organization are configured to allow unrestricted recursive queries. What type of attack are these servers vulnerable to as a result of this configuration?
A. ARP poisoning
B. CDNS poisoning
C. DNS amplification
D. Man-in-the-middle
- In a Kerberos authentication scheme, who provides the client with the TGS session key?
A. Authentication server
B. Ticket granting server
C. Service server
D. Key generation server
- Ron would like to implement a security control that requires that employees protect the confidentiality of corporate information, even after they leave the organization. Which one of the following agreements would best meet his needs?
A. SLA
B. NDA
C. BPA
D. ICA
- Norma has held several positions in her company and is still able to carry out system actions that were granted to her based upon her previous roles. She no longer has a job-based requirement to perform those activities. What term describes what has happened here?
A. Privileged account
B. Least privilege
C. Privilege creep
D. Privilege migration
Questions 85-90 refer to the following scenario:
Melanie is conducting a quantitative risk assessment for her organization. She is specifically focusing on the risk of an earthquake damaging her Southern California data center. After consulting geologists, she estimates that her area is likely to experience a significant earthquake once every 50 years.
Melanie asked an architect to help her develop a replacement cost estimate for the facility and determined that the cost is $5 million. She also consulted a structural engineer who estimated that a typical earthquake would cause approximately $1 million in damage to the facility. An earthquake insurance policy would require payment of a $75,000 annual premium.
- What is the asset value in this scenario?
A. $20,000
B. $75,000
C. $1,000,000
D. $5,000,000
- What is the single loss expectancy in this scenario?
A. $20,000
B. $75,000
C. $1,000,000
D. $5,000,00
- What is the annualized rate of occurrence in this scenario?
A. 0.02
B. 0.05
C. 0.20
D. 0.50
- What is the exposure factor in this scenario?
A. 0.02
B. 0.05
C. 0.20
D. 0.50
- What is the annualized loss expectancy in this scenario?
A. $20,000
B. $75,000
C. $1,000,000
D. $5,000,000
- Which one of the following statements best describes the risk situation Melanie is in?
A. Melanie should recommend that the business always purchases insurance for any risk with an ALE greater than 0.005.
B. The purchase of insurance in this scenario is not cost-effective from a purely financial viewpoint.
C. The purchase of insurance in this scenario makes good financial sense.
D. Melanie should recommend against the purchase of insurance because the SLE is less than the AV.