EMT Practice Test

1. Question Content...


Question List

Question1: The key management organization has implemented a key escrowing function. Which of the following technologies can provide protection for the PKI's escrowed keys?

Question2: Joe, an employee is taking a taxi through a busy city and starts to receive unsolicited files sent to his Smartphone. Which of the following is this an example of?

Question3: Given a class C network a technician has been tasked with creating a separate subnet for each of the eight departments in the company. Which of the following network masks would allow for each department to have a unique network space and what is the maximum number of hosts each department could have?

Question4: Joe, a system administrator, receives reports that users attempting to reach the corporate website are arriving at an unfamiliar website instead. An investigation by a forensic analyst found that the name server log has several corporate IP addresses that were changed using Joe's credentials.
Which of the following is this attack called?

Question5: A network administrator has a separate user account with rights to the domain administrator group.
However, they cannot remember the password to this account and are not able to login to the server when needed. Which of the following is MOST accurate in describing the type of issue the administrator is experiencing?

Question6: A security administrator must implement a system that will support and enforce the following file system access control model:
FILE NAMESECURITY LABEL
Employees.docConfidential
Salary.xlsConfidential
OfficePhones.xlsUnclassified
PersonalPhones.xlsRestricted
Which of the following should the security administrator implement?

Question7: Which of the following controls mitigates the risk of Matt, an attacker, gaining access to a company network by using a former employee's credential?

Question8: The system administrator is reviewing the following logs from the company web server:
12:34:56 GET /directory_listing.php?user=admin&pass=admin1
12:34:57 GET /directory_listing.php?user=admin&pass=admin2
12:34:58 GET /directory_listing.php?user=admin&pass=1admin
12:34:59 GET /directory_listing.php?user=admin&pass=2admin
Which of the following is this an example of?

Question9: A company is looking to improve their security posture by addressing risks uncovered by a recent penetration test.
Which of the following risks is MOST likely to affect the business on a day-to-day basis?

Question10: Which of the following describes a type of malware which is difficult to reverse engineer in a virtual lab?

Question11: HOTSPOT
Select the appropriate attack from each drop down list to label the corresponding illustrated attack Instructions: Attacks may only be used once, and will disappear from drop down list if selected.
When you have completed the simulation, please select the Done button to submit.
Hot Area:

Question12: Which of the following is an effective way to ensure the BEST temperature for all equipment within a datacenter?

Question13: Joe, a network administrator, is setting up a virtualization host that has additional storage requirements.
Which of the following protocols should be used to connect the device to the company SAN? (Choose two.)

Question14: Which of the following services are used to support authentication services for several local devices from a central location without the use of tokens?

Question15: Which of the following devices will help prevent a laptop from being removed from a certain location?

Question16: During a security assessment, an administrator wishes to see which services are running on a remote server. Which of the following should the administrator use?

Question17: A company hires outside security experts to evaluate the security status of the corporate network. All of the company's IT resources are outdated and prone to crashing. The company requests that all testing be performed in a way which minimizes the risk of system failures. Which of the following types of testing does the company want performed?

Question18: Ann, a technician, received a spear-phishing email asking her to update her personal information by clicking the link within the body of the email.
Which of the following type of training would prevent Ann and other employees from becoming victims to such attacks?

Question19: While working on a new project a security administrator wants to verify the integrity of the data in the organizations archive library. Which of the following is the MOST secure combination to implement to meet this goal? (Choose two.)

Question20: Attempting to inject 50 alphanumeric key strokes including spaces into an application input field that only expects four alpha characters in considered which of the following attacks?

Question21: Prior to leaving for an extended vacation, Joe uses his mobile phone to take a picture of his family in the house living room. Joe posts the picture on a popular social media site together with the message:
"Heading to our two weeks' vacation to Italy." Upon returning home, Joe discovers that the house was burglarized.
Which of the following is the MOST likely reason the house was burglarized if nobody knew Joe's home address?

Question22: Which of the following assessments would Pete, the security administrator, use to actively test that an application's security controls are in place?

Question23: A security team has established a security awareness program. Which of the following would BEST prove the success of the program?

Question24: A computer security officer has investigated a possible data breach and has found it credible. The officer notifies the data center manager and the Chief Information Security Officer (CISO). This is an example of:

Question25: To protect corporate data on removable media, a security policy should mandate that all removable devices use the following:

Question26: When an order was submitted via the corporate website, an administrator noted special characters (e.g.,
";--" and "or 1=1 --") were input instead of the expected letters and numbers.
Which of the following is the MOST likely reason for the unusual results?

Question27: An organization is implementing a password management application which requires that all local administrator passwords be stored and automatically managed. Auditors will be responsible for monitoring activities in the application by reviewing the logs. Which of the following security controls is the BEST option to prevent auditors from accessing or modifying passwords in the application?

Question28: A security administrator has deployed all laptops with Self Encrypting Drives (SED) and enforces key encryption. Which of the following represents the greatest threat to maintaining data confidentiality with these devices?

Question29: A bank is planning to implement a third factor to protect customer ATM transactions. Which of the following could the bank implement?

Question30: An organization has an internal PKI that utilizes client certificates on each workstation. When deploying a new wireless network, the security engineer has asked that the new network authenticate clients by utilizes the existing client certificates. Which of the following authentication mechanisms should be utilized to meet this goal?

Question31: Which of the following can be used as an equipment theft deterrent?

Question32: Which of the following would be a reason for developers to utilize an AES cipher in CCM mode (Counter with Chain Block Message Authentication Code)?

Question33: A security administrator forgets their card to access the server room. The administrator asks a coworker if they could use their card for the day. Which of the following is the administrator using to gain access to the server room?

Question34: In which of the following categories would creating a corporate privacy policy, drafting acceptable use policies, and group based access control be classified?

Question35: Which of the following is built into the hardware of most laptops but is not setup for centralized management by default?

Question36: A company wants to ensure that its hot site is prepared and functioning. Which of the following would be the BEST process to verify the backup datacenter is prepared for such a scenario?

Question37: In order to maintain oversight of a third party service provider, the company is going to implement a Governance, Risk, and Compliance (GRC) system. This system is promising to provide overall security posture coverage. Which of the following is the MOST important activity that should be considered?

Question38: A forensic analyst is reviewing electronic evidence after a robbery. Security cameras installed at the site do not record any footage. Which of the following types of controls was being used?

Question39: A user has plugged in a wireless router from home with default configurations into a network jack at the office. This is known as:

Question40: A security administrator wants to deploy security controls to mitigate the threat of company employees' personal information being captured online. Which of the following would BEST serve this purpose?

Question41: Which of the following would a security administrator implement in order to discover comprehensive security threats on a network?

Question42: A network stream needs to be encrypted. Sara, the network administrator, has selected a cipher which will encrypt 8 bits at a time before sending the data across the network. Which of the following has Sara selected?

Question43: Which of the following authentication services uses a ticket granting system to provide access?

Question44: A Windows- based computer is infected with malware and is running too slowly to boot and run a malware scanner. Which of the following is the BEST way to run the malware scanner?

Question45: A security administrator is auditing a database server to ensure the correct security measures are in place to protect the data. Some of the fields consist of people's first name, last name, home address, date of birth and mothers last name. Which of the following describes this type of data?

Question46: Which of the following will allow the live state of the virtual machine to be easily reverted after a failed upgrade?

Question47: Which of the following types of data encryption would Matt, a security administrator, use to encrypt a specific table?

Question48: A network technician is configuring clients for VLAN access. The network address for the sales department is 192.168.0.64 with a broadcast address of 192.168.0.71. Which of the following IP address/subnet mask combinations could be used to correctly configure a client machine in the sales department?

Question49: A resent OS patch caused an extended outage. It took the IT department several hours to uncover the cause of the issue due to the system owner who installed the patch being out of the office. Which of the following could help reduce the likelihood of this situation occurring in the future?

Question50: A small IT security form has an internal network composed of laptops, servers, and printers. The network has both wired and wireless segments and supports VPN access from remote sites. To protect the network from internal and external threats, including social engineering attacks, the company decides to implement stringent security controls. Which of the following lists is the BEST combination of security controls to implement?

Question51: Joe, a network administrator, is able to manage the backup software console by using his network login credentials. Which of the following authentication services is the MOST likely using?

Question52: A Chief Information Security Officer (CISO) wants to implement two-factor authentication within the company. Which of the following would fulfill the CISO's requirements?

Question53: A company wants to ensure that all aspects if data are protected when sending to other sites within the enterprise. Which of the following would ensure some type of encryption is performed while data is in transit?

Question54: Users at a company report that a popular news website keeps taking them to a web page with derogatory content.
Which of the following is this an example of?

Question55: Several departments within a company have a business need to send high volumes of confidential information to customers via email. Which of the following is the BEST solution to mitigate unintentional exposure of confidential information?

Question56: Several employees clicked on a link in a malicious message that bypassed the spam filter and their PCs were infected with malware as a result. Which of the following BEST prevents this situation from occurring in the future?

Question57: A website is breached, exposing the usernames and MD5 password hashes of its entire user base. Many of these passwords are later cracked using rainbow tables. Which of the following actions could have helped prevent the use of rainbow tables on the password hashes?

Question58: Which of the following, if implemented, would improve security of remote users by reducing vulnerabilities associated with data-in-transit?

Question59: The system administrator is tasked with changing the administrator password across all 2000 computers in the organization. Which of the following should the system administrator implement to accomplish this task?

Question60: A security administrator must implement a network that is immune to ARP spoofing attacks. Which of the following should be implemented to ensure that a malicious insider will not be able to successfully use ARP spoofing techniques?

Question61: Which of the following controls would prevent an employee from emailing unencrypted information to their personal email account over the corporate network?

Question62: Which of the following can BEST help prevent cross-site scripting attacks and buffer overflows on a production system?

Question63: The librarian wants to secure the public Internet kiosk PCs at the back of the library. Which of the following would be the MOST appropriate? (Choose two.)

Question64: RC4 is a strong encryption protocol that is general used with which of the following?

Question65: A security technician wants to implement stringent security controls over web traffic by restricting the client source TCP ports allowed through the corporate firewall. Which of the following should the technician implement?

Question66: Which of the following BEST describes a protective countermeasure for SQL injection?

Question67: Upper management decides which risk to mitigate based on cost. This is an example of:

Question68: A system administrator is using a packet sniffer to troubleshoot remote authentication. The administrator detects a device trying to communicate to TCP port 49. Which of the following authentication methods is MOST likely being attempted?

Question69: After copying a sensitive document from his desktop to a flash drive, Joe, a user, realizes that the document is no longer encrypted. Which of the following can a security technician implement to ensure that documents stored on Joe's desktop remain encrypted when moved to external media or other network based storage?

Question70: Which of the following malware types is MOST likely to execute its payload after Jane, an employee, has left the company?

Question71: Which of the following is an authentication and accounting service that uses TCP for connecting to routers and switches?

Question72: A system administrator has noticed that users change their password many times to cycle back to the original password when their passwords expire. Which of the following would BEST prevent this behavior?

Question73: In order for Sara, a client, to logon to her desktop computer, she must provide her username, password, and a four-digit PIN.
Which of the following authentication methods is Sara using?

Question74: A user has unknowingly gone to a fraudulent site. The security analyst notices the following system change on the user's host:
Old `hosts' file:
127.0.0.1 localhost
New `hosts' file:
127.0.0.1 localhost
5.5.5.5 www.comptia.com
Which of the following attacks has taken place?

Question75: An investigator recently discovered that an attacker placed a remotely accessible CCTV camera in a public area overlooking several Automatic Teller Machines (ATMs). It is also believed that user accounts belonging to ATM operators may have been compromised. Which of the following attacks has MOST likely taken place?

Question76: Which of the following is a way to implement a technical control to mitigate data loss in case of a mobile device theft?

Question77: Data confidentiality must be enforced on a secure database.
Which of the following controls meets this goal? (Choose two.)

Question78: The BEST methods for a web developer to prevent the website application code from being vulnerable to cross-site request forgery (XSRF) are to ____________. (Choose two.)

Question79: Failure to validate the size of a variable before writing it to memory could result in which of the following application attacks?

Question80: A Company has recently identified critical systems that support business operations. Which of the following will once defined, be the requirement for restoration of these systems within a certain period of time?

Question81: A datacenter requires that staff be able to identify whether or not items have been removed from the facility. Which of the following controls will allow the organization to provide automated notification of item removal?

Question82: A company has a corporate infrastructure where end users manage their own certificate keys. Which of the following is considered the MOST secure way to handle master keys associated with these certificates?

Question83: Which of the following encompasses application patch management?

Question84: Which of the following would prevent a user from installing a program on a company-owned mobile device?

Question85: A network administrator has purchased two devices that will act as failovers for each other. Which of the following concepts does this BEST illustrate?

Question86: After Matt, a user, enters his username and password at the login screen of a web enabled portal, the following appears on his screen:
`Please only use letters and numbers on these fields'
Which of the following is this an example of?

Question87: Which of the following would be MOST appropriate if an organization's requirements mandate complete control over the data and applications stored in the cloud?

Question88: Which of the following is a best practice when setting up a client to use the LDAPS protocol with a server?

Question89: After recovering from a data breach in which customer data was lost, the legal team meets with the Chief Security Officer (CSO) to discuss ways to better protect the privacy of customer data.
Which of the following controls support this goal?

Question90: DRAG DROP
Determine the types of attacks below by selecting an option from the dropdown list.
Determine the types of Attacks from right to specific action.
Select and Place:

Question91: An insurance company requires an account recovery process so that information created by an employee can be accessed after that employee is no longer with the firm. Which of the following is the BEST approach to implement this process?

Question92: A security administrator is reviewing the below output from a password auditing tool:
P@ss.
@pW1.
S3cU4
Which of the following additional policies should be implemented based on the tool's output?

Question93: The Quality Assurance team is testing a new third party developed application. The Quality team does not have any experience with the application. Which of the following is the team performing?

Question94: Which of the following should be done before resetting a user's password due to expiration?

Question95: A program displays:
ERROR: this program has caught an exception and will now terminate.
Which of the following is MOST likely accomplished by the program's behavior?

Question96: Which of the following security concepts can prevent a user from logging on from home during the weekends?

Question97: A company hosts a web server that requires entropy in encryption initialization and authentication. To meet this goal, the company would like to select a block cipher mode of operation that allows an arbitrary length IV and supports authenticated encryption. Which of the following would meet these objectives?

Question98: Which of the following would Jane, an administrator, use to detect an unknown security vulnerability?

Question99: Which of the following authentication methods requires the user, service provider and an identity provider to take part in the authentication process?

Question100: Which of the following provides dedicated hardware-based cryptographic functions to an operating system and its applications running on laptops and desktops?

Question101: Which of the following is used by the recipient of a digitally signed email to verify the identity of the sender?

Question102: A team of firewall administrators have access to a `master password list' containing service account passwords. Which of the following BEST protects the master password list?

Question103: During an audit, the security administrator discovers that there are several users that are no longer employed with the company but still have active user accounts. Which of the following should be performed?

Question104: Account lockout is a mitigation strategy used by Jane, the administrator, to combat the following attacks:
(Choose two.)

Question105: Which of the following application security principles involves inputting random data into a program?

Question106: The system administrator wishes to implement a hardware-based encryption method that could also be used to sign code. They can achieve this by:

Question107: A network administrator was to implement a solution that will allow authorized traffic, deny unauthorized traffic and ensure that appropriate ports are being used for a number of TCP and UDP protocols. Which of the following network controls would meet these requirements?

Question108: A security administrator examines a network session to a compromised database server with a packet analyzer. Within the session there is a repeated series of the hex character 90 (x90).
Which of the following attack types has occurred?

Question109: A user, Ann, has been issued a smart card and is having problems opening old encrypted email. Ann published her certificates to the local windows store and to the global address list. Which of the following would still need to be performed?

Question110: A company has had several security incidents in the past six months. It appears that the majority of the incidents occurred on systems with older software on development workstations. Which of the following should be implemented to help prevent similar incidents in the future?

Question111: Which of the following is an important step in the initial stages of deploying a host-based firewall?

Question112: Jane has implemented an array of four servers to accomplish one specific task. This is BEST known as which of the following?

Question113: In the initial stages of an incident response, Matt, the security administrator, was provided the hard drives in question from the incident manager. Which of the following incident response procedures would he need to perform in order to begin the analysis? (Choose two.)

Question114: A certificate used on an e-commerce web server is about to expire.
Which of the following will occur if the certificate is allowed to expire?

Question115: Which of the following should a company implement to BEST mitigate from zero-day malicious code executing on employees' computers?

Question116: A security specialist has been asked to evaluate a corporate network by performing a vulnerability assessment. Which of the following will MOST likely be performed?

Question117: Each server on a subnet is configured to only allow SSH access from the administrator's workstation.
Which of the following BEST describes this implementation?

Question118: Ann, the system administrator, is installing an extremely critical system that can support ZERO downtime.
Which of the following BEST describes the type of system Ann is installing?

Question119: Which of the following types of application attacks would be used to specifically gain unauthorized information from databases that did not have any input validation implemented?

Question120: A systems engineer has been presented with storage performance and redundancy requirements for a new system to be built for the company. The storage solution must be designed to support the highest performance and must also be able to support more than one drive failure. Which of the following should the engineer choose to meet these requirements?

Question121: Which of the following types of security controls are visible security cameras considered to be?

Question122: Which of the following attacks could be used to initiate a subsequent man-in-the-middle attack?

Question123: The Quality Assurance team is testing a third party application. They are primarily testing for defects and have some understanding of how the application works. Which of the following is the team performing?

Question124: The incident response team has received the following email message.
From:
[email protected]
To: [email protected]
Subject: Copyright infringement
A copyright infringement alert was triggered by IP address 13.10.66.5 at 09: 50: 01 GMT.
After reviewing the following web logs for IP 13.10.66.5, the team is unable to correlate and identify the incident.
09: 45: 33 13.10.66.5 http: //remote.site.com/login.asp?user=john
09: 50: 22 13.10.66.5 http: //remote.site.com/logout.asp?user=anne
10: 50: 01 13.10.66.5 http: //remote.site.com/access.asp?file=movie.mov
11: 02: 45 13.10.65.5 http: //remote.site.com/download.asp?movie.mov=ok Which of the following is the MOST likely reason why the incident response team is unable to identify and correlate the incident?

Question125: Company policy requires employees to change their passwords every 60 days. The security manager has verified all systems are configured to expire passwords after 60 days. Despite the policy and technical configuration, weekly password audits suggest that some employees have had the same weak passwords in place longer than 60 days. Which of the following password parameters is MOST likely misconfigured?

Question126: Which of the following documents outlines the responsibility of both participants in an agreement between two organizations?

Question127: An administrator must select an algorithm to encrypt data at rest. Which of the following could be used?

Question128: Digital signatures are used for ensuring which of the following items? (Choose two.)

Question129: Which of the following technologies uses multiple devices to share work?

Question130: A switch is set up to allow only 2 simultaneous MAC addresses per switch port. An administrator is reviewing a log and determines that a switch ort has been deactivated in a conference room after it detected 3 or more MAC addresses on the same port. Which of the following reasons could have caused this port to be disabled?

Question131: Ann, a member of the Sales Department, has been issued a company-owned laptop for use when traveling to remote sites.
Which of the following would be MOST appropriate when configuring security on her laptop?

Question132: A network administrator has recently updated their network devices to ensure redundancy is in place so that:

Question133: A company needs to provide web-based access to shared data sets to mobile users, while maintaining a standardized set of security controls. Which of the following technologies is the MOST appropriate storage?

Question134: Ann is the data owner of financial records for a company. She has requested that she have the ability to assign read and write privileges to her folders. The network administrator is tasked with setting up the initial access control system and handing Ann's administrative capabilities. Which of the following systems should be deployed?

Question135: Computer evidence at a crime is preserved by making an exact copy of the hard disk. Which of the following does this illustrate?

Question136: Matt, a security administrator, wants to ensure that the message he is sending does not get intercepted or modified in transit.
Which of the following concepts relates this concern to?

Question137: A user has an Android smartphone that supports full device encryption. However, when the user plugs into a computer all of the files are immediately accessible.
Which of the following should the user do to enforce full device confidentiality should the phone be lost or stolen?

Question138: Joe, the information security manager, is tasked with calculating risk and selecting controls to protect a new system. He has identified people, environmental conditions, and events that could affect the new system. Which of the following does he need to estimate NEXT in order to complete his risk calculations?

Question139: Full disk encryption is MOST effective against the following threats:

Question140: Joe, a technician, initiated scans if the company's 10 routers and discovered that half if the routers were not changed from their default configuration prior installed on the network.
Which of the following would address this?

Question141: Which of the following types of attacks involves interception of authentication traffic in an attempt to gain unauthorized access to a wireless network?

Question142: Which of the following is an example of multifactor authentication?

Question143: Which of the following BEST describes disk striping with parity?

Question144: A security administrator looking through IDS logs notices the following entry: (where email = '[email protected]' and passwd = 'or 1==1') Which of the following attacks had the administrator discovered?

Question145: If Organization A trusts Organization B and Organization B trusts Organization C, then Organization A trusts Organization C.
Which of the following PKI concepts is this describing?

Question146: A malicious person gained access to a datacenter by ripping the proximity badge reader off the wall near the datacenter entrance. This caused the electronic locks on the datacenter door to release because the:

Question147: A penetration tester is measuring a company's posture on social engineering. The penetration tester sends a phishing email claiming to be from IT asking employees to click a link to update their VPN software immediately. Which of the following reasons would explain why this attack could be successful?

Question148: A recent spike in virus detections has been attributed to end-users visiting www.compnay.com. The business has an established relationship with an organization using the URL of www.company.com but not with the site that has been causing the infections. Which of the following would BEST describe this type of attack?

Question149: An advantage of virtualizing servers, databases, and office applications is:

Question150: Joe, a network security engineer, has visibility to network traffic through network monitoring tools.
However, he's concerned that a disgruntled employee may be targeting a server containing the company's financial records. Which of the following security mechanism would be MOST appropriate to confirm Joe's suspicion?

Question151: Vendors typically ship software applications with security settings disabled by default to ensure a wide range of interoperability with other applications and devices.
Which of the following should a security administrator perform before deploying new software?

Question152: Which of the following should be used to authenticate and log connections from wireless users connecting with EAP-TLS?

Question153: A recent online password audit has identified that stale accounts are at risk to brute force attacks. Which the following controls would best mitigate this risk?

Question154: Sara, the Chief Information Officer (CIO), has requested an audit take place to determine what services and operating systems are running on the corporate network. Which of the following should be used to complete this task?

Question155: Which of the following hardware based encryption devices is used as a part of multi-factor authentication to access a secured computing system?

Question156: A company plans to expand by hiring new engineers who work in highly specialized areas. Each engineer will have very different job requirements and use unique tools and applications in their job. Which of the following is MOST appropriate to use?

Question157: Pete, the compliance manager, wants to meet regulations. Pete would like certain ports blocked only on all computers that do credit card transactions. Which of the following should Pete implement to BEST achieve this goal?

Question158: Joe has hired several new security administrators and have been explaining the4 design of the company's network. He has described the position and descriptions of the company's firewalls, IDS sensors, antivirus server, DMZs, and HIPS. Which of the following best describes the incorporation of these elements?

Question159: Which of the following protocols provides for mutual authentication of the client and server?

Question160: The chief Risk officer is concerned about the new employee BYOD device policy and has requested the security department implement mobile security controls to protect corporate data in the event that a device is lost or stolen. The level of protection must not be compromised even if the communication SIM is removed from the device. Which of the following BEST meets the requirements? (Choose two.)

Question161: A bank Chief Information Security Officer (CISO) is responsible for a mobile banking platform that operates natively on iOS and Android. Which of the following security controls helps protect the associated publicly accessible API endpoints?

Question162: Which of the following fire suppression systems is MOST likely used in a datacenter?

Question163: A security analyst is working on a project team responsible for the integration of an enterprise SSO solution. The SSO solution requires the use of an open standard for the exchange of authentication and authorization across numerous web based applications. Which of the following solutions is most appropriate for the analyst to recommend in this scenario?

Question164: Which of the following protocols uses TCP instead of UDP and is incompatible with all previous versions?

Question165: A distributed denial of service attack can BEST be described as:

Question166: Which of the following statements is MOST likely to be included in the security awareness training about P2P?

Question167: Joe has read and write access to his own home directory. Joe and Ann are collaborating on a project, and Joe would like to give Ann write access to one particular file in this home directory. Which of the following types of access control would this reflect?

Question168: It has been discovered that students are using kiosk tablets intended for registration and scheduling to play games and utilize instant messaging. Which of the following could BEST eliminate this issue?

Question169: Joe, an end user, has received a virus detection warning.
Which of the following is the first course of action that should be taken?

Question170: A user was reissued a smart card after the previous smart card had expired. The user is able to log into the domain but is now unable to send digitally signed or encrypted email. Which of the following would the user need to perform?

Question171: After visiting a website, a user receives an email thanking them for a purchase which they did not request.
Upon investigation the security administrator sees the following source code in a pop-up window:
<HTML>
<body onload="document.getElementByID('badForm').submit()">
<form id="badForm" action="shoppingsite.company.com/purchase.php" method="post" >
<input name="Perform Purchase" value="Perform Purchase"/>
</form>
</body>
</HTML>
Which of the following has MOST likely occurred?

Question172: Which of the following is the MOST intrusive type of testing against a production system?

Question173: Joe, a technician, is tasked with finding a way to test operating system patches for a wide variety of servers before deployment to the production environment while utilizing a limited amount of hardware resources. Which of the following would provide the BEST environment for performing this testing?

Question174: An employee connects a wireless access point to the only jack in the conference room to provide Internet access during a meeting. The access point is configured to use WPA2-TKIP. A malicious user is able to intercept clear text HTTP communication between the meeting attendees and the Internet. Which of the following is the reason the malicious user is able to intercept and see the clear text communication?

Question175: Which of the following is commonly LDAP and Kerberos used for?

Question176: A major medical corporation is investigating deploying a web based portal for patients to access their medical records. The medical corporation has a long history of maintaining IT security but is considering having a third party vendor create the web portal. Which of the following areas is MOST important for the Chief Information Security Officer to focus on when reviewing proposal from vendors interested in creating the web portal?

Question177: A review of administrative access has discovered that too many accounts have been granted administrative rights. Which of the following will alert the security team when elevated access is applied?

Question178: A security administrator would like to ensure that system administrators are not using the same password for both their privileged and non-privileged accounts. Which of the following security controls BEST accomplishes this goal?

Question179: In performing an authorized penetration test of an organization's system security, a penetration tester collects information pertaining to the application versions that reside on a server. Which of the following is the best way to collect this type of information?

Question180: While troubleshooting a new wireless 802.11 ac network an administrator discovers that several of the older systems cannot connect. Upon investigation the administrator discovers that the older devices only support 802.11 and RC4. The administrator does not want to affect the performance of the newer 802.11 ac devices on the network. Which of the following should the administrator do to accommodate all devices and provide the MOST security?

Question181: Which of the following preventative controls would be appropriate for responding to a directive to reduce the attack surface of a specific host?

Question182: Which of the following common access control models is commonly used on systems to ensure a "need to know" based on classification levels?

Question183: Several employees have been printing files that include personally identifiable information of customers.
Auditors have raised concerns about the destruction of these hard copies after they are created, and management has decided the best way to address this concern is by preventing these files from being printed.
Which of the following would be the BEST control to implement?

Question184: Which of the following pseudocodes can be used to handle program exceptions?

Question185: A technician has been assigned a service request to investigate a potential vulnerability in the organization's extranet platform. Once the technician performs initial investigative measures, it is determined that the potential vulnerability was a false-alarm. Which of the following actions should the technician take in regards to the findings?

Question186: A recent audit of a company's identity management system shows that 30% of active accounts belong to people no longer with the firm. Which of the following should be performed to help avoid this scenario?
(Choose two.)

Question187: After a security incident involving a physical asset, which of the following should be done at the beginning?

Question188: An internal audit has detected that a number of archived tapes are missing from secured storage. There was no recent need for restoration of data from the missing tapes. The location is monitored by access control and CCTV systems. Review of the CCTV system indicates that it has not been recording for three months. The access control system shows numerous valid entries into the storage location during that time. The last audit was six months ago and the tapes were accounted for at that time. Which of the following could have aided the investigation?

Question189: The chief security officer (CSO) has issued a new policy to restrict generic or shared accounts on company systems. Which of the following sections of the policy requirements will have the most impact on generic and shared accounts?

Question190: A security technician is working with the network firewall team to implement access controls at the company's demarc as part of the initiation of configuration management processes. One of the network technicians asks the security technician to explain the access control type found in a firewall. With which of the following should the security technician respond?

Question191: The system administrator has deployed updated security controls for the network to limit risk of attack. The security manager is concerned that controls continue to function as intended to maintain appropriate security posture.
Which of the following risk mitigation strategies is MOST important to the security manager?

Question192: Which of the following types of logs could provide clues that someone has been attempting to compromise the SQL Server database?

Question193: Used in conjunction, which of the following are PII? (Choose two.)

Question194: Which of the following is the GREATEST security concern of allowing employees to bring in their personally owned tablets and connecting to the corporate network?

Question195: Users have been reporting that their wireless access point is not functioning. They state that it allows slow connections to the internet, but does not provide access to the internal network. The user provides the SSID and the technician logs into the company's access point and finds no issues. Which of the following should the technician do?

Question196: Which of the following could cause a browser to display the message below?
"The security certificate presented by this website was issued for a different website's address."

Question197: Which of the following types of malware, attempts to circumvent malware detection by trying to hide its true location on the infected system?

Question198: Ann, a newly hired human resource employee, sent out confidential emails with digital signatures, to an unintended group. Which of the following would prevent her from denying accountability?

Question199: An organization has introduced token-based authentication to system administrators due to risk of password compromise. The tokens have a set of numbers that automatically change every 30 seconds.
Which of the following type of authentication mechanism is this?

Question200: The use of social networking sites introduces the risk of:

Question201: Which of the following is a hardware based encryption device?

Question202: Fuzzing is a security assessment technique that allows testers to analyze the behavior of software applications under which of the following conditions?

Question203: An organization is recovering data following a datacenter outage and determines that backup copies of files containing personal information were stored in an unsecure location, because the sensitivity was unknown. Which of the following activities should occur to prevent this in the future?

Question204: Which of the following practices is used to mitigate a known security vulnerability?

Question205: Joe a company's new security specialist is assigned a role to conduct monthly vulnerability scans across the network. He notices that the scanner is returning a large amount of false positives or failed audits.
Which of the following should Joe recommend to remediate these issues?

Question206: The Chief Executive Officer (CEO) Joe notices an increase in the wireless signal in this office and thanks the IT director for the increase in network speed, Upon investigation the IT department finds an access point hidden in the dropped ceiling outside of joe's office. Which of the following types of attack is MOST likely occurring?

Question207: The act of magnetically erasing all of the data on a disk is known as:

Question208: Which of the following should Jane, a security administrator, perform before a hard drive is analyzed with forensics tools?

Question209: A user attempting to log on to a workstation for the first time is prompted for the following information before being granted access: username, password, and a four-digit security pin that was mailed to him during account registration.
Which of the following is this an example of?

Question210: Which of the following tasks should key elements of a business impact analysis include?

Question211: Although a vulnerability scan report shows no vulnerabilities have been discovered, a subsequent penetration test reveals vulnerabilities on the network. Which of the following has been reported by the vulnerability scan?

Question212: Which of the following is a best practice when a mistake is made during a forensics examination?

Question213: Several departments in a corporation have a critical need for routinely moving data from one system to another using removable storage devices. Senior management is concerned with data loss and the introduction of malware on the network. Which of the following choices BEST mitigates the range of risks associated with the continued use of removable storage devices?

Question214: The help desk is experiencing a higher than normal amount of calls from users reporting slow response from the application server. After analyzing the data from a packet capturing tool, the head of the network engineering department determines that the issue is due, in part from the increase of personnel recently hired to perform application development. Which of the following would BEST assist in correcting this issue?

Question215: Which of the following is a notification that an unusual condition exists and should be investigated?

Question216: Which of the following is the BEST concept to maintain required but non-critical server availability?

Question217: An attacker crafts a message that appears to be from a trusted source, but in reality it redirects the recipient to a malicious site where information is harvested. The message is narrowly tailored so it is effective on only a small number of victims.
Which of the following describes this?

Question218: A company recently received accreditation for a secure network, In the accreditation letter, the auditor specifies that the company must keep its security plan current with changes in the network and evolve the systems to adapt to new threats. Which of the following security controls will BEST achieve this goal?

Question219: A company would like to take electronic orders from a partner; however, they are concerned that a non- authorized person may send an order. The legal department asks if there is a solution that provides non- repudiation. Which of the following would meet the requirements of this scenario?

Question220: Which of the following means a password history value of three?

Question221: A technician wants to implement a dual factor authentication system that will enable the organization to authorize access to sensitive systems on a need-to-know basis. Which of the following should be implemented during the authorization stage?

Question222: Which of the following should be connected to the fire alarm system in order to help prevent the spread of a fire in a server room without data loss to assist in an FM-200 deployment?

Question223: Searching for systems infected with malware is considered to be the following phases of incident response:

Question224: A security administrator has concerns about new types of media which allow for the mass distribution of personal comments to a select group of people.
To mitigate the risks involved with this media, which of the following should employees receive training on?

Question225: Sara, an attacker, is recording a person typing in their ID number into a keypad to gain access to the building. Sara then calls the helpdesk and informs them that their PIN no longer works and would like to change it. Which of the following attacks occurred LAST?

Question226: Ann a new small business owner decides to implement WiFi access for her customers. There are several other businesses nearby who also have WiFi hot spots. Ann is concerned about security of the wireless network and wants to ensure that only her customers have access. Which of the following choices BEST meets her intent of security and access?

Question227: An IT security technician is actively involved in identifying coding issues for her company.
Which of the following is an application security technique that can be used to identify unknown weaknesses within the code?

Question228: Some customers have reported receiving an untrusted certificate warning when visiting the company's website. The administrator ensures that the certificate is not expired and that customers have trusted the original issuer of the certificate. Which of the following could be causing the problem?

Question229: A network administrator identifies sensitive files being transferred from a workstation in the LAN to an unauthorized outside IP address in a foreign country. An investigation determines that the firewall has not been altered, and antivirus is up-to-date on the workstation. Which of the following is the MOST likely reason for the incident?

Question230: A security technician has removed the sample configuration files from a database server. Which of the following application security controls has the technician attempted?

Question231: In order to secure additional budget, a security manager wants to quantify the financial impact of a one- time compromise. Which of the following is MOST important to the security manager?

Question232: Which of the following does full disk encryption prevent?

Question233: Users report that they are unable to access network printing services. The security technician checks the router access list and sees that web, email, and secure shell are allowed. Which of the following is blocking network printing?

Question234: Ann works at a small company and she is concerned that there is no oversight in the finance department; specifically, that Joe writes, signs and distributes paycheques, as well as other expenditures. Which of the following controls can she implement to address this concern?

Question235: A supervisor in the human resources department has been given additional job duties in the accounting department. Part of their new duties will be to check the daily balance sheet calculations on spreadsheets that are restricted to the accounting group. In which of the following ways should the account be handled?

Question236: A computer is found to be infected with malware and a technician re-installs the operating system. The computer remains infected with malware. This is an example of:

Question237: Which of the following is a common coding error in which boundary checking is not performed?

Question238: Which of the following solutions provides the most flexibility when testing new security controls prior to implementation?

Question239: A security administrator has implemented a policy to prevent data loss. Which of the following is the BEST method of enforcement?

Question240: A company is deploying a new video conferencing system to be used by the executive team for board meetings. The security engineer has been asked to choose the strongest available asymmetric cipher to be used for encryption of board papers, and chose the strongest available stream cipher to be configured for video streaming.
Which of the following ciphers should be chosen? (Choose two)

Question241: During a server audit, a security administrator does not notice abnormal activity. However, a network security analyst notices connections to unauthorized ports from outside the corporate network. Using specialized tools, the network security analyst also notices hidden processes running. Which of the following has MOST likely been installed on the server?

Question242: When considering a vendor-specific vulnerability in critical industrial control systems which of the following techniques supports availability?

Question243: An IT auditor tests an application as an authenticated user.
Which of the following types of testing is this an example of?

Question244: A risk assessment team is concerned about hosting data with a cloud service provider (CSP) which of the following findings would justify this concern?

Question245: A security administrator is responsible for performing periodic reviews of user permission settings due to high turnover and internal transfers at a corporation. Which of the following BEST describes the procedure and security rationale for performing such reviews?

Question246: After running into the data center with a vehicle, attackers were able to enter through the hole in the building and steal several key servers in the ensuing chaos. Which of the following security measures can be put in place to mitigate the issue from occurring in the future?

Question247: A security technician at a small business is worried about the Layer 2 switches in the network suffering from a DoS style attack caused by staff incorrectly cabling network connections between switches.
Which of the following will BEST mitigate the risk if implemented on the switches?

Question248: Joe, a sales employee, is connecting to a wireless network and has entered the network information correctly. His computer remains connected to the network but he cannot access any resources on the network.
Which of the following is the MOST likely cause of this issue?

Question249: Which of the following techniques can be used to prevent the disclosure of system information resulting from arbitrary inputs when implemented properly?

Question250: In which of the following scenarios would it be preferable to implement file level encryption instead of whole disk encryption?

Question251: When employing PKI to send signed and encrypted data the individual sending the data must have:
(Choose two.)

Question252: A computer supply company is located in a building with three wireless networks. The system security team implemented a quarterly security scan and saw the following.
SSIDStateChannelLevel
Computer AreUs1connected170dbm
Computer AreUs2connected580dbm
Computer AreUs3connected375dbm
Computer AreUs4connected695dbm
Which of the following is this an example of?

Question253: Based on information leaked to industry websites, business management is concerned that unauthorized employees are accessing critical project information for a major, well-known new product. To identify any such users, the security administrator could:

Question254: Which of the following concepts is a term that directly relates to customer privacy considerations?

Question255: Using a protocol analyzer, a security consultant was able to capture employee's credentials. Which of the following should the consultant recommend to the company, in order to mitigate the risk of employees credentials being captured in the same manner in the future?

Question256: HOTSPOT
For each of the given items, select the appropriate authentication category from the drop down choices.
Select the appropriate authentication type for the following items:
Hot Area:

Question257: Which of the following should be enabled in a laptop's BIOS prior to full disk encryption?

Question258: An administrator performs a risk calculation to determine if additional availability controls need to be in place. The administrator estimates that a server fails and needs to be replaced once every 2 years at a cost of $8,000. Which of the following represents the factors that the administrator would use to facilitate this calculation?

Question259: Which of the following risks could IT management be mitigating by removing an all-in-one device?

Question260: Company A submitted a bid on a contract to do work for Company B via email. Company B was insistent that the bid did not come from Company A.
Which of the following would have assured that the bid was submitted by Company A?

Question261: The security administrator generates a key pair and sends one key inside a request file to a third party.
The third party sends back a signed file. In this scenario, the file sent by the administrator is a:

Question262: A security administrator needs to determine which system a particular user is trying to login to at various times of the day. Which of the following log types would the administrator check?

Question263: A security administrator develops a web page and limits input into the fields on the web page as well as filters special characters in output.
Which of the following attacks is the administrator trying to prevent?

Question264: A workstation is exhibiting symptoms of malware and the network security analyst has decided to remove the system from the network.
Which of the following stages of the Incident Handling Response represents this?

Question265: Which of the following would provide the MOST objective results when performing penetration testing for an organization?

Question266: The main corporate website has a service level agreement that requires availability 100% of the time, even in the case of a disaster. Which of the following would be required to meet this demand?

Question267: A security analyst, Ann, is reviewing an IRC channel and notices that a malicious exploit has been created for a frequently used application. She notifies the software vendor and asks them for remediation steps, but is alarmed to find that no patches are available to mitigate this vulnerability.
Which of the following BEST describes this exploit?

Question268: Joe, an application developer, is building an external facing marketing site. There is an area on the page where clients may submit their feedback to articles that are posted. Joe filters client-side JAVA input.

Question269: A security administrator finds that an intermediate CA within the company was recently breached. The certificates held on this system were lost during the attack, and it is suspected that the attackers had full access to the system. Which of the following is the NEXT action to take in this scenario?

Question270: Which of the following results in datacenters with failed humidity controls? (Choose two.)

Question271: During an anonymous penetration test, Jane, a system administrator, was able to identify a shared print spool directory, and was able to download a document from the spool. Which statement BEST describes her privileges?

Question272: An attacker impersonates a fire marshal and demands access to the datacenter under the threat of a fine.
Which of the following reasons make this effective? (Choose two.)

Question273: The programmer confirms that there is potential for a buffer overflow on one of the data input fields in a corporate application. The security analyst classifies this as a (N).

Question274: A router was shut down as a result of a DoS attack. Upon review of the router logs, it was determined that the attacker was able to connect to the router using a console cable to complete the attack. Which of the following should have been implemented on the router to prevent this attack? (Choose two)

Question275: All of the following are valid cryptographic hash functions EXCEPT:

Question276: Which of the following tools will allow a technician to detect security-related TCP connection anomalies?

Question277: An employee recently lost a USB drive containing confidential customer data. Which of the following controls could be utilized to minimize the risk involved with the use of USB drives?

Question278: A security administrator is concerned about the strength of user's passwords. The company does not want to implement a password complexity policy. Which of the following can the security Administrator implement to mitigate the risk of an online password attack against users with weak passwords?

Question279: Which of the following assessment techniques would a security administrator implement to ensure that systems and software are developed properly?

Question280: Which of the following types of application attacks would be used to identify malware causing security breaches that have NOT yet been identified by any trusted sources?

Question281: A security technician is implementing PKI on a Network. The technician wishes to reduce the amount of bandwidth used when verifying the validity of a certificate. Which of the following should the technician implement?

Question282: A technician is configuring a switch to support VOPIP phones. The technician wants to ensure the phones do not require external power packs. Which of the following would allow the phones to be powered using the network connection?

Question283: An SSL/TLS private key is installed on a corporate web proxy in order to inspect HTTPS requests. Which of the following describes how this private key should be stored so that it is protected from theft?

Question284: A server administrator notes that a legacy application often stops running due to a memory error. When reviewing the debugging logs, they notice code being run calling an internal process to exploit the machine. Which of the following attacks does this describe?

Question285: A software security concern when dealing with hardware and devices that have embedded software or operating systems is:

Question286: Maintenance workers find an active network switch hidden above a dropped-ceiling tile in the CEO's office with various connected cables from the office. Which of the following describes the type of attack that was occurring?

Question287: Sara, an application developer, implemented error and exception handling alongside input validation.
Which of the following does this help prevent?

Question288: A security administrator suspects that an employee in the IT department is utilizing a reverse proxy to bypass the company's content filter and browse unapproved and non-work related sites while at work.
Which of the following tools could BEST be used to determine how the employee is connecting to the reverse proxy?

Question289: Several users report to the administrator that they are having issues downloading files from the file server.
Which of the following assessment tools can be used to determine if there is an issue with the file server?

Question290: Which of the following is where an unauthorized device is found allowing access to a network?

Question291: A security director has contracted an outside testing company to evaluate the security of a newly developed application. None of the parameters or internal workings of the application have been provided to the testing company prior to the start of testing. The testing company will be using:

Question292: Using a heuristic system to detect an anomaly in a computer's baseline, a system administrator was able to detect an attack even though the company signature based IDS and antivirus did not detect it. Further analysis revealed that the attacker had downloaded an executable file onto the company PC from the USB port, and executed it to trigger a privilege escalation flaw.
Which of the following attacks has MOST likely occurred?

Question293: Which of the following includes environmental control measures?

Question294: The chief information officer (CIO) of a major company intends to increase employee connectivity and productivity by issuing employees mobile devices with access to their enterprise email, calendar, and contacts. The solution the CIO intends to use requires a PKI that automates the enrollment of mobile device certificates. Which of the following, when implemented and configured securely, will meet the CIO's requirement?

Question295: Which of the following will allow Pete, a security analyst, to trigger a security alert because of a tracking cookie?

Question296: Which of the following software allows a network administrator to inspect the protocol header in order to troubleshoot network issues?

Question297: Which of the following BEST allows Pete, a security administrator, to determine the type, source, and flags of the packet traversing a network for troubleshooting purposes?

Question298: An attacker attempted to compromise a web form by inserting the following input into the username field:
admin)(|(password=*))
Which of the following types of attacks was attempted?

Question299: Ann, the network administrator, has learned from the helpdesk that employees are accessing the wireless network without entering their domain credentials upon connection. Once the connection is made, they cannot reach any internal resources, while wired network connections operate smoothly. Which of the following is MOST likely occurring?

Question300: Which of the following is a measure of biometrics performance which rates the ability of a system to correctly authenticate an authorized user?

Question301: In order to gain an understanding of the latest attack tools being used in the wild, an administrator puts a Unix server on the network with the root user's password to set root. Which of the following best describes this technique?

Question302: Which of the following is described as an attack against an application using a malicious file?

Question303: Ann, an employee, is cleaning out her desk and disposes of paperwork containing confidential customer information in a recycle bin without shredding it first. This is MOST likely to increase the risk of loss from which of the following attacks?

Question304: Which of the following attacks impact the availability of a system? (Choose two.)

Question305: A hacker has discovered a simple way to disrupt business for the day in a small company which relies on staff working remotely. In a matter of minutes, the hacker was able to deny remotely working staff access to company systems with a script. Which of the following security controls is the hacker exploiting?

Question306: Pete, a security analyst, has been tasked with explaining the different types of malware to his colleagues.
The two malware types that the group seems to be most interested in are botnets and viruses.
Which of the following explains the difference between these two types of malware?

Question307: An Information Systems Security Officer (ISSO) has been placed in charge of a classified peer-to-peer network that cannot connect to the Internet. The ISSO can update the antivirus definitions manually, but which of the following steps is MOST important?

Question308: The security manager reports that the process of revoking certificates authority is too slow and should be automated. Which of the following should be used to automate this process?

Question309: ABC company has a lot of contractors working for them. The provisioning team does not always get notified that a contractor has left the company. Which of the following policies would prevent contractors from having access to systems in the event a contractor has left?

Question310: Which of the following has a storage root key?

Question311: A user reports being unable to access a file on a network share. The security administrator determines that the file is marked as confidential and that the user does not have the appropriate access level for that file.
Which of the following is being implemented?

Question312: Which of the following devices is used for the transparent security inspection of network traffic by redirecting user packets prior to sending the packets to the intended destination?

Question313: A security administrator implements access controls based on the security classification of the data and need-to-know information. Which of the following BEST describes this level of access control?

Question314: An administrator notices an unusual spike in network traffic from many sources. The administrator suspects that:

Question315: A new network administrator is setting up a new file server for the company. Which of the following would be the BEST way to manage folder security?

Question316: An organization must implement controls to protect the confidentiality of its most sensitive data. The company is currently using a central storage system and group based access control for its sensitive information. Which of the following controls can further secure the data in the central storage system?

Question317: Jane, an IT security technician, needs to create a way to secure company mobile devices. Which of the following BEST meets this need?

Question318: Joe, the security administrator, has determined that one of his web servers is under attack. Which of the following can help determine where the attack originated from?

Question319: The Chief Security Officer (CSO) is contacted by a first responder. The CSO assigns a handler. Which of the following is occurring?

Question320: A company has just deployed a centralized event log storage system. Which of the following can be used to ensure the integrity of the logs after they are collected?

Question321: In the case of a major outage or business interruption, the security office has documented the expected loss of earnings, potential fines and potential consequence to customer service. Which of the following would include the MOST detail on these objectives?

Question322: A web administrator has just implemented a new web server to be placed in production. As part of the company's security plan, any new system must go through a security test before it is placed in production.
The security team runs a port scan resulting in the following data:
21 tcp open FTP
23 tcp open Telnet
22 tcp open SSH
25 UDP open smtp
110 tcp open pop3
443 tcp open https
Which of the following is the BEST recommendation for the web administrator?

Question323: A user has forgotten their account password. Which of the following is the BEST recovery strategy?

Question324: At the outside break area, an employee, Ann, asked another employee to let her into the building because her badge is missing. Which of the following does this describe?

Question325: An organization is required to log all user internet activity. Which of the following would accomplish this requirement?

Question326: A technician installed two ground plane antennae on 802.11n bridges connecting two buildings 500 feet apart. After configuring both radios to work at 2.4ghz and implementing the correct configuration, connectivity tests between the two buildings are unsuccessful. Which of the following should the technician do to resolve the connectivity problem?

Question327: Jane, a security administrator, has been tasked with explaining authentication services to the company's management team. The company runs an active directory infrastructure. Which of the following solutions BEST relates to the host authentication protocol within the company's environment?

Question328: A Human Resources user is issued a virtual desktop typically assigned to Accounting employees. A system administrator wants to disable certain services and remove the local accounting groups installed by default on this virtual machine.
Which of the following security best practices is the system administrator adhering to?

Question329: Symmetric encryption utilizes __________, while asymmetric encryption utilizes _________.

Question330: Pete, the security administrator, has been notified by the IDS that the company website is under attack.
Analysis of the web logs show the following string, indicating a user is trying to post a comment on the public bulletin board.
INSERT INTO message `<script>source=http://evilsite</script>
Which of the following is this an example of?

Question331: Which of the following is provided by RADIUS?

Question332: Sara, a security administrator, is noticing a slowdown in the wireless network response. Sara launches a wireless sniffer and sees a large number of ARP packets being sent to the AP. Which of the following type of attacks is underway?

Question333: A company has two server administrators that work overnight to apply patches to minimize disruption to the company. With the limited working staff, a security engineer performs a risk assessment to ensure the protection controls are in place to monitor all assets including the administrators in case of an emergency.
Which of the following should be in place?

Question334: Which of the following password attacks involves attempting all kinds of keystroke combinations on the keyboard with the intention to gain administrative access?

Question335: Ann, the security administrator, received a report from the security technician, that an unauthorized new user account was added to the server over two weeks ago. Which of the following could have mitigated this event?

Question336: A security administrator wants to deploy a physical security control to limit an individual's access into a sensitive area. Which of the following should be implemented?

Question337: The security administrator is analyzing a user's history file on a Unix server to determine if the user was attempting to break out of a rootjail. Which of the following lines in the user's history log shows evidence that the user attempted to escape the rootjail?

Question338: A security administrator is tasked with calculating the total ALE on servers. In a two-year period of time, a company has to replace five servers. Each server replacement has cost the company $4,000 with downtime costing $3,000. Which of the following is the ALE for the company?

Question339: Which of the following types of malware is designed to provide access to a system when normal authentication fails?

Question340: A security administrator wants to implement a solution which will allow some applications to run under the user's home directory and only have access to files stored within the same user's folder, while other applications have access to shared folders. Which of the following BEST addresses these requirements if the environment is concurrently shared by multiple users?

Question341: An incident response team member needs to perform a forensics examination but does not have the required hardware. Which of the following will allow the team member to perform the examination with minimal impact to the potential evidence?

Question342: Which of the following tests a number of security controls in the least invasive manner?

Question343: A network engineer is configuring a VPN tunnel connecting a company's network to a business partner.
Which of the following protocols should be used for key exchange?

Question344: A small company has recently purchased cell phones for managers to use while working outside if the office.
The company does not currently have a budget for mobile device management and is primarily concerned with deterring leaks if sensitive information obtained by unauthorized access to unattended phones. Which of the following would provide the solution that BEST meets the company's requirements?

Question345: Which statement is TRUE about the operation of a packet sniffer?

Question346: A new intern was assigned to the system engineering department, which consists of the system architect and system software developer's teams. These two teams have separate privileges. The intern requires privileges to view the system architectural drawings and comment on some software development projects.
Which of the following methods should the system administrator implement?

Question347: Employee badges are encoded with a private encryption key and specific personal information.
The encoding is then used to provide access to the network. Which of the following describes this access control type?

Question348: Which of the following should Matt, a security administrator, include when encrypting smartphones?
(Choose two.)

Question349: Which of the following can be performed when an element of the company policy cannot be enforced by technical means?

Question350: Which device monitors network traffic in a passive manner?

Question351: Which of the following provides the LEAST availability?

Question352: Ann has taken over as the new head of the IT department. One of her first assignments was to implement AAA in preparation for the company's new telecommuting policy. When she takes inventory of the organizations existing network infrastructure, she makes note that it is a mix of several different vendors.
Ann knows she needs a method of secure centralized access to the company's network resources. Which of the following is the BEST service for Ann to implement?

Question353: Which of the following, if properly implemented, would prevent users from accessing files that are unrelated to their job duties? (Choose two.)

Question354: Which of the following would a security administrator use to verify the integrity of a file?

Question355: The datacenter manager is reviewing a problem with a humidity factor that is too low. Which of the following environmental problems may occur?

Question356: Which of the following describes the process of removing unnecessary accounts and services from an application to reduce risk exposure?

Question357: During a recent investigation, an auditor discovered that an engineer's compromised workstation was being used to connect to SCADA systems while the engineer was not logged in. The engineer is responsible for administering the SCADA systems and cannot be blocked from connecting to them. The SCADA systems cannot be modified without vendor approval which requires months of testing.
Which of the following is MOST likely to protect the SCADA systems from misuse?

Question358: A business has set up a Customer Service kiosk within a shopping mall. The location will be staffed by an employee using a laptop during the mall business hours, but there are still concerns regarding the physical safety of the equipment while it is not in use. Which of the following controls would BEST address this security concern?

Question359: The Chief Information Security Officer (CISO) is concerned that users could bring their personal laptops to work and plug them directly into the network port under their desk. Which of the following should be configured on the network switch to prevent this from happening?

Question360: Which of the following may cause Jane, the security administrator, to seek an ACL work around?

Question361: An administrator is implementing a new management system for the machinery on the company's production line. One requirement is that the system only be accessible while within the production facility.
Which of the following will be the MOST effective solution in limiting access based on this requirement?

Question362: A system administrator is conducting baseline audit and determines that a web server is missing several critical updates. Which of the following actions should the administrator perform first to correct the issue?

Question363: Which of the following is a control that allows a mobile application to access and manipulate information which should only be available by another application on the same mobile device (e.g. a music application posting the name of the current song playing on the device on a social media site)?

Question364: Which of the following file systems is from Microsoft and was included with their earliest operating systems?

Question365: Various network outages have occurred recently due to unapproved changes to network and security devices. All changes were made using various system credentials. The security analyst has been tasked to update the security policy. Which of the following risk mitigation strategies would also need to be implemented to reduce the number of network outages due to unauthorized changes?

Question366: Without validating user input, an application becomes vulnerable to all of the following EXCEPT:

Question367: Which of the following controls can be used to prevent the disclosure of sensitive information stored on a mobile device's removable media in the event that the device is lost or stolen?

Question368: Use of group accounts should be minimized to ensure the following:

Question369: Which of the following technical controls helps to prevent Smartphones from connecting to a corporate network?

Question370: Encryption of data at rest is important for sensitive information because of the following:

Question371: A company uses SSH to support internal users. They want to block external SSH connections from reaching internal machines. Which of the following should be blocked on the firewall?

Question372: Which of the following provides the BEST application availability and is easily expanded as demand grows?

Question373: Which of the following may significantly reduce data loss if multiple drives fail at the same time?

Question374: A user has several random browser windows opening on their computer. Which of the following programs can be installed on his machine to help prevent this from happening?

Question375: A security analyst has a sample of malicious software and needs to know what the sample does. The analyst runs the sample in a carefully-controlled and monitored virtual machine to observe the software's behavior. The approach of malware analysis can BEST be described as:

Question376: After a number of highly publicized and embarrassing customer data leaks as a result of social engineering attacks by phone, the Chief Information Officer (CIO) has decided user training will reduce the risk of another data leak. Which of the following would be MOST effective in reducing data leaks in this situation?

Question377: Which of the following could a security administrator implement to mitigate the risk of tailgating for a large organization?

Question378: A classroom utilizes workstations running virtualization software for a maximum of one virtual machine per working station. The network settings on the virtual machines are set to bridged. Which of the following describes how the switch in the classroom should be configured to allow for the virtual machines and host workstation to connect to network resources?

Question379: In the course of troubleshooting wireless issues from users, a technician discovers that users are connecting to their home SSIDs while at work. The technician scans but detects none of those SSIDs. The technician eventually discovers a rouge access point that spoofs any SSID request. Which of the following allows wireless use while mitigating this type of attack?

Question380: A user attempts to install a new and relatively unknown software program recommended by a colleague.
The user is unable to install the program, dispute having successfully installed other programs previously.
Which of the following is MOST likely the cause for the user's inability to complete the installation?

Question381: Ann, a security administrator at a call center, has been experiencing problems with users intentionally installing unapproved and occasionally malicious software on their computers. Due to the nature of their jobs, Ann cannot change their permissions. Which of the following would BEST alleviate her concerns?

Question382: An auditor's report discovered several accounts with no activity for over 60 days. The accounts were later identified as contractors' accounts who would be returning in three months and would need to resume the activities. Which of the following would mitigate and secure the auditors finding?

Question383: The security officer is preparing a read-only USB stick with a document of important personal phone numbers, vendor contacts, an MD5 program, and other tools to provide to employees. At which of the following points in an incident should the officer instruct employees to use this information?

Question384: Pete, the Chief Executive Officer (CEO) of a company, has increased his travel plans for the next two years to improve business relations. Which of the following would need to be in place in case something happens to Pete?

Question385: After analyzing and correlating activity from multiple sensors, the security administrator has determined that a group of very well organized individuals from an enemy country is responsible for various attempts to breach the company network, through the use of very sophisticated and targeted attacks. Which of the following is this an example of?

Question386: A network administrator, Joe, arrives at his new job to find that none of the users have changed their network passwords since they were initially hired. Joe wants to have everyone change their passwords immediately. Which of the following policies should be enforced to initiate a password change?

Question387: A system administrator needs to ensure that certain departments have more restrictive controls to their shared folders than other departments. Which of the following security controls would be implemented to restrict those departments?

Question388: Which of the following provides data the best fault tolerance at the LOWEST cost?

Question389: Which of the following is an attack designed to activate based on date?

Question390: A Company transfers millions of files a day between their servers. A programmer for the company has created a program that indexes and verifies the integrity of each file as it is replicated between servers.
The programmer would like to use the fastest algorithm to ensure integrity. Which of the following should the programmer use?

Question391: Visitors entering a building are required to close the back door before the front door of the same entry room is open. Which of the following is being described?

Question392: The network security manager has been notified by customer service that employees have been sending unencrypted confidential information via email. Which of the following should the manager select to BEST detect and provide notification of these occurrences?

Question393: Which of the following was launched against a company based on the following IDS log?
122.41.15.252 - - [21/May/2012:00:17:20 +1200] "GET
/index.php?username=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAA HTTP/1.1" 200 2731 "http://www.company.com/cgibin/ forum/commentary.pl/noframes/read/209" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Hotbar 4.4.7.0)"

Question394: An attacker Joe configures his service identifier to be as an access point advertised on a billboard. Joe then conducts a denial of service attack against the legitimate AP causing users to drop their connections and then reconnect to Joe's system with the same SSID. Which of the following BEST describes this of attack?

Question395: An administrator is instructed to disable IP-directed broadcasts on all routers in an organization. Which of the following attacks does this prevent?

Question396: Which of the following is the best practice to put at the end of an ACL?

Question397: Computer evidence at a crime scene is documented with a tag stating who had possession of the evidence at a given time.
Which of the following does this illustrate?

Question398: A company requires that all wireless communication be compliant with the Advanced encryption standard.
The current wireless infrastructure implements WEP + TKIP. Which of the following wireless protocols should be implemented?

Question399: A file on a Linux server has default permissions of rw-rw-r--. The system administrator has verified that Ann, a user, is not a member of the group owner of the file. Which of the following should be modified to assure that Ann has read access to the file?

Question400: Ann, a security administrator, wants to limit access to the wireless network. Which of the following can be used to do this without using certificates?

Question401: A security administrator has just finished creating a hot site for the company.
Which of the following concepts relates this implementation to?

Question402: Which of the following is BEST utilized to actively test security controls on a particular system?

Question403: Joe needs to track employees who log into a confidential database and edit files. In the past, critical files have been edited, and no one admits to making the edits. Which of the following does Joe need to implement in order to enforce accountability?

Question404: Which of the following describes the implementation of PAT?

Question405: For high availability which of the following would be MOST appropriate for fault tolerance?

Question406: Which of the following is considered an environmental control?

Question407: A company uses port security based on an approved MAC list to secure its wired network and WPA2 to secure its wireless network. Which of the following prevents an attacker from learning authorized MAC addresses?

Question408: The security team would like to gather intelligence about the types of attacks being launched against the organization. Which of the following would provide them with the MOST information?

Question409: A network administrator is responsible for securing applications against external attacks. Every month, the underlying operating system is updated. There is no process in place for other software updates.
Which of the following processes could MOST effectively mitigate these risks?

Question410: Pete, a security auditor, has detected clear text passwords between the RADIUS server and the authenticator. Which of the following is configured in the RADIUS server and what technologies should the authentication protocol be changed to?

Question411: Joe, the chief technical officer (CTO) is concerned that the servers and network devices may not be able to handle the growing needs of the company. He has asked his network engineer to being monitoring the performance of these devices and present statistics to management for capacity planning. Which of the following protocols should be used to this?

Question412: The access control list (ACL) for a file on a server is as follows:
User: rwx
User: Ann: r- -
User: Joe: r- -
Group: rwx
Group: sales: r-x
Other: r-x
Joe and Ann are members of the Human Resources group. Will Ann and Joe be able to run the file?

Question413: A security technician wishes to gather and analyze all Web traffic during a particular time period.
Which of the following represents the BEST approach to gathering the required data?

Question414: A company has 5 users. Users 1, 2 and 3 need access to payroll and users 3, 4 and 5 need access to sales. Which of the following should be implemented to give the appropriate access while enforcing least privilege?

Question415: Sara, a security manager, has decided to force expiration of all company passwords by the close of business day. Which of the following BEST supports this reasoning?

Question416: Which of the following would a security administrator implement in order to identify a problem between two applications that are not communicating properly?

Question417: Which of the following can be used to ensure digital certificates? (Choose two.)

Question418: Which of the following are examples of detective controls?

Question419: A user commuting to work via public transport received an offensive image on their smart phone from another commuter. Which of the following attacks MOST likely took place?

Question420: Which of the following exploits either a host file on a target machine or vulnerabilities on a DNS server in order to carry out URL redirection?

Question421: Ann, a security administrator is hardening the user password policies. She currently has the following in place.
Passwords expire every 60 days
Password length is at least eight characters
Passwords must contain at least one capital letter and one numeric character Passwords cannot be reused until the password has been changed eight times She learns that several employees are still using their original password after the 60-day forced change.
Which of the following can she implement to BEST mitigate this?

Question422: A password audit has revealed that a significant percentage if end-users have passwords that are easily cracked. Which of the following is the BEST technical control that could be implemented to reduce the amount of easily "crackable" passwords in use?

Question423: A user casually browsing the Internet is redirected to a warez site where a number of pop-ups appear.
After clicking on a pop-up to complete a survey, a drive-by download occurs. Which of the following is MOST likely to be contained in the download?

Question424: Which of the following would an attacker use to generate and capture additional traffic prior to performing an IV attack?

Question425: A military base wants to incorporate biometrics into its new security measures, but the head of security does not want them to be the sole method of authentication. For unmanned entry points, which of the following solutions would work BEST?

Question426: When confidentiality is the primary concern, which of the following types of encryption should be chosen?

Question427: A thief has stolen mobile device and removed its battery to circumvent GPS location tracking. The device user is a four-digit PIN.
Which of the following is a mobile device security control that ensures the confidentiality of company data?

Question428: Which of the following concepts allows an organization to group large numbers of servers together in order to deliver a common service?

Question429: If an organization wants to implement a BYOD policy, which of the following administrative control policy considerations MUST be addressed? (Choose two)

Question430: Sara, a user, downloads a keygen to install pirated software. After running the keygen, system performance is extremely slow and numerous antivirus alerts are displayed. Which of the following BEST describes this type of malware?

Question431: Ann, a security analyst, has discovered that her company has very high staff turnover and often user accounts are not disabled after an employee leaves the company. Which of the following could Ann implement to help identify accounts that are still active for terminated employees?

Question432: An organization processes credit card transactions and is concerned that an employee may intentionally email credit card numbers to external email addresses.
Which of the following technologies should this company consider?

Question433: A security administrator is selecting an MDM solution for an organization, which has strict security requirements for the confidentiality of its data on end user devices. The organization decides to allow BYOD, but requires that users wishing to participate agree to the following specific device configurations; camera disablement, password enforcement, and application whitelisting. The organization must be able to support a device portfolio of differing mobile operating systems. Which of the following represents the MOST relevant technical security criteria for the MDM?

Question434: Which of the following is the BEST approach to perform risk mitigation of user access control rights?

Question435: A company used a partner company to develop critical components of an application. Several employees of the partner company have been arrested for cybercrime activities. Which of the following should be done to protect the interest of the company?

Question436: Which of the following BEST describes using a smart card and typing in a PIN to gain access to a system?

Question437: The internal audit group discovered that unauthorized users are making unapproved changes to various system configuration settings. This issue occurs when previously authorized users transfer from one department to another and maintain the same credentials. Which of the following controls can be implemented to prevent such unauthorized changes in the future?

Question438: Encryption used by RADIUS is BEST described as:

Question439: A user, Ann, is reporting to the company IT support group that her workstation screen is blank other than a window with a message requesting payment or else her hard drive will be formatted. Which of the following types of malware is on Ann's workstation?

Question440: A malicious individual is attempting to write too much data to an application's memory. Which of the following describes this type of attack?

Question441: A security manager requires fencing around the perimeter, and cipher locks on all entrances. The manager is concerned with which of the following security controls?

Question442: End-user awareness training for handling sensitive personally identifiable information would include secure storage and transmission of customer:

Question443: A network security administrator is trying to determine how an attacker gained access to the corporate wireless network. The network is configured with SSID broadcast disabled. The senior network administrator explains that this configuration setting would only have deterred an unsophisticated attacker because of the following:

Question444: Customers' credit card information was stolen from a popular video streaming company. A security consultant determined that the information was stolen, while in transit, from the gaming consoles of a particular vendor.
Which of the following methods should the company consider securing this data in the future?

Question445: When implementing a Public Key Infrastructure, which of the following should the sender use to digitally sign a document?

Question446: Sara, a security administrator, manually hashes all network device configuration files daily and compares them to the previous days' hashes. Which of the following security concepts is Sara using?

Question447: Which of the following are examples of network segmentation? (Choose two.)

Question448: A quality assurance analyst is reviewing a new software product for security, and has complete access to the code and data structures used by the developers.
Which of the following types of testing is this an example of?

Question449: Which of the following authentication services requires the use of a ticket-granting ticket (TGT) server in order to complete the authentication process?

Question450: A company is installing a new security measure that would allow one person at a time to be authenticated to an area without human interaction. Which of the following does this describe?

Question451: Disabling unnecessary services, restricting administrative access, and enabling auditing controls on a server are forms of the following:

Question452: A new security analyst is given the task of determining whether any of the company's servers are vulnerable to a recently discovered attack on an old version of SSH. Which of the following is the quickest FIRST step toward determining the version of SSH running on these servers?

Question453: A user has received an email from an external source which asks for details on the company's new product line set for release in one month. The user has a detailed spec sheet but it is marked "Internal Proprietary Information". Which of the following should the user do NEXT?

Question454: Allowing unauthorized removable devices to connect to computers increases the risk of the following:

Question455: A software development company has hired a programmer to develop a plug-in module to an existing proprietary application. After completing the module, the developer needs to test the entire application to ensure that the module did not introduce new vulnerabilities. Which of the following is the developer performing when testing the application?

Question456: A user tries to visit a website with a revoked certificate. In the background a server from the certificate authority only sends the browser revocation information about the domain the user is visiting.
Which of the following is being used by the certificate authority in this exchange?

Question457: Sara, a security architect, has developed a framework in which several authentication servers work together to increase processing power for an application. Which of the following does this represent?

Question458: Which of the following application attacks is used to gain access to SEH?

Question459: Which of the following is an attack vector that can cause extensive physical damage to a datacenter without physical access?

Question460: Matt, an IT administrator, wants to protect a newly built server from zero day attacks. Which of the following would provide the BEST level of protection?

Question461: A company's password and authentication policies prohibit the use of shared passwords and transitive trust. Which of the following if implemented would violate company policy? (Choose two.)

Question462: While opening an email attachment, Pete, a customer, receives an error that the application has encountered an unexpected issue and must be shut down.
Which of the following attacks could be this an example of?

Question463: Joe, a user, in a coffee shop is checking his email over a wireless network. An attacker records the temporary credentials being passed to Joe's browser. The attacker later uses the credentials to impersonate Joe and creates SPAM messages.
Which of the following attacks allows for this impersonation?

Question464: Which of the following has serious security implications for large organizations and can potentially allow an attacker to capture conversations?

Question465: An online store wants to protect user credentials and credit card information so that customers can store their credit card information and use their card for multiple separate transactions.
Which of the following database designs provides the BEST security for the online store?

Question466: A new virtual server was created for the marketing department. The server was installed on an existing host machine. Users in the marketing department report that they are unable to connect to the server.
Technicians verify that the server has an IP address in the same VLAN as the marketing department users. Which of the following is the MOST likely reason the users are unable to connect to the server?

Question467: Which of the following BEST explains the use of an HSM within the company servers?

Question468: While responding to an incident on a Linux server, the administrator needs to disable unused services.
Which of the following commands can be used to see processes that are listening on a TCP port?

Question469: A company wants to improve its overall security posture by deploying environmental controls in its datacenter. Which of the following is considered an environmental control that can be deployed to meet this goal?

Question470: A technician has implemented a system in which all workstations on the network will receive security updates on the same schedule. Which of the following concepts does this illustrate?

Question471: Which of the following is an application security coding problem?

Question472: Which of the following can be implemented if a security administrator wants only certain devices connecting to the wireless network?

Question473: A process in which the functionality of an application is tested without any knowledge of the internal mechanisms of the application is known as:

Question474: During a company-wide initiative to harden network security, it is discovered that end users who have laptops cannot be removed from the local administrator group. Which of the following could be used to help mitigate the risk of these machines becoming compromised?

Question475: A company is rolling out a new e-commerce website. The security analyst wants to reduce the risk of the new website being comprised by confirming that system patches are up to date, application hot fixes are current, and unneeded ports and services have been disabled. To do this, the security analyst will perform a:

Question476: Which of the following utilities can be used in Linux to view a list of users' failed authentication attempts?

Question477: Which of the following controls can be implemented together to prevent data loss in the event of theft of a mobile device storing sensitive information? (Choose two.)

Question478: The security manager received a report that an employee was involved in illegal activity and has saved data to a workstation's hard drive. During the investigation, local law enforcement's criminal division confiscates the hard drive as evidence. Which of the following forensic procedures is involved?

Question479: An administrator has a network subnet dedicated to a group of users. Due to concerns regarding data and network security, the administrator desires to provide network access for this group only. Which of the following would BEST address this desire?

Question480: Which of the following allows a network administrator to implement an access control policy based on individual user characteristics and NOT on job function?

Question481: An incident occurred when an outside attacker was able to gain access to network resources. During the incident response, investigation security logs indicated multiple failed login attempts for a network administrator. Which of the following controls, if in place could have BEST prevented this successful attack?

Question482: Users are utilizing thumb drives to connect to USB ports on company workstations. A technician is concerned that sensitive files can be copied to the USB drives. Which of the following mitigation techniques would address this concern? (Choose two.)

Question483: Who should be contacted FIRST in the event of a security breach?

Question484: Sara, a company's security officer, often receives reports of unauthorized personnel having access codes to the cipher locks of secure areas in the building.
Which of the following should Sara immediately implement?

Question485: A new mobile banking application is being developed and uses SSL / TLS certificates but penetration tests show that it is still vulnerable to man-in-the-middle attacks, such as DNS hijacking. Which of the following would mitigate this attack?

Question486: A company recently experienced several security breaches that resulted in confidential data being infiltrated form the network. The forensic investigation revealed that the data breaches were caused by an insider accessing files that resided in shared folders who then encrypted the data and sent it to contacts via third party email. Management is concerned that other employees may also be sending confidential files outside of the company to the same organization. Management has requested that the IT department implement a solution that will allow them to:
Track access and sue of files marked confidential, provide documentation that can be sued for investigations, prevent employees from sending confidential data via secure third party email, identify other employees that may be involved in these activities.
Which of the following would be the best choice to implement to meet the above requirements?

Question487: The IT department noticed that there was a significant decrease in network performance during the afternoon hours. The IT department performed analysis of the network and discovered this was due to users accessing and downloading music and video streaming from social sites. The IT department notified corporate of their findings and a memo was sent to all employees addressing the misuse of company resources and requesting adherence to company policy. Which of the following policies is being enforced?

Question488: Results from a vulnerability analysis indicate that all enabled virtual terminals on a router can be accessed using the same password. The company's network device security policy mandates that at least one virtual terminal have a different password than the other virtual terminals. Which of the following sets of commands would meet this requirement?

Question489: Which of the following protocols is vulnerable to man-in-the-middle attacks by NOT using end to end TLS encryption?

Question490: A recent intrusion has resulted in the need to perform incident response procedures. The incident response team has identified audit logs throughout the network and organizational systems which hold details of the security breach. Prior to this incident, a security consultant informed the company that they needed to implement an NTP server on the network. Which of the following is a problem that the incident response team will likely encounter during their assessment?

Question491: Use of a smart card to authenticate remote servers remains MOST susceptible to the following attacks:

Question492: The system administrator has been notified that many users are having difficulty connecting to the company's wireless network. They take a new laptop and physically go to the access point and connect with no problems. Which of the following would be the MOST likely cause?

Question493: Privilege creep among long-term employees can be mitigated by the following procedures:

Question494: In order to securely communicate using PGP, the sender of an email must do which of the following when sending an email to a recipient for the first time?

Question495: Joe, a web developer, wants to make sure his application is not susceptible to cross-site request forgery attacks. Which of the following is one way to prevent this type of attack?

Question496: Joe, a technician, is tasked with finding a way to test operating system patches for a wide variety of servers before deployment to the production environment while utilizing a limited amount of hardware resources.
Which of the following would provide the BEST environment for performing this testing?

Question497: A security administrator discovered that all communication over the company's encrypted wireless network is being captured by savvy employees with a wireless sniffing tool and is then being decrypted in an attempt to steal other employee's credentials. Which of the following technology is MOST likely in use on the company's wireless?

Question498: A malicious user has collected the following list of information:
192.168.1.5 OpenSSH-Server_5.8
192.168.1.7 OpenSSH-Server_5.7
192.168.1.9 OpenSSH-Server_5.7
Which of the following techniques is MOST likely to gather this type of data?

Question499: By hijacking unencrypted cookies an application allows an attacker to take over existing web sessions that do not use SSL or end to end encryption. Which of the following choices BEST mitigates the security risk of public web surfing? (Choose two.)

Question500: Which of the following policies is implemented in order to minimize data loss or theft?

Question501: Which of the following is the below pseudo-code an example of?
IF VARIABLE (CONTAINS NUMBERS = TRUE) THEN EXIT

Question502: Several users' computers are no longer responding normally and sending out spam email to the users' entire contact list.
Which of the following is this an example of?

Question503: Which of the following describes how Sara, an attacker, can send unwanted advertisements to a mobile device?

Question504: A Chief Privacy Officer, Joe, is concerned that employees are sending emails to addresses outside of the company that contain PII. He asks that the security technician to implement technology that will mitigate this risk. Which of the following would be the best option?

Question505: An attacker unplugs the access point at a coffee shop. The attacker then runs software to make a laptop look like an access point and advertises the same network as the coffee shop normally does. Which of the following describes this type of attack?

Question506: Which of the following would BEST be used to calculate the expected loss of an event, if the likelihood of an event occurring is known? (Choose two.)

Question507: Which of the following is the LEAST volatile when performing incident response procedures?

Question508: Sara, an employee, tethers her smartphone to her work PC to bypass the corporate web security gateway while connected to the LAN. While Sara is out at lunch her PC is compromised via the tethered connection and corporate data is stolen. Which of the following would BEST prevent this from occurring again?

Question509: A company would like to implement two-factor authentication for its vulnerability management database to require system administrators to use their token and random PIN codes. Which of the following authentication services accomplishes this objective?

Question510: One of the senior managers at a company called the help desk to report a problem. The manager could no longer access data on a laptop equipped with FDE. The manager requested that the FDE be removed and the laptop restored from a backup. The help desk informed the manager that the recommended solution was to decrypt the hard drive prior to reinstallation and recovery. The senior manager did not have a copy of the private key associated with the FDE on the laptop. Which of the following tools or techniques did the help desk use to avoid losing the data on the laptop?

Question511: A security analyst has been notified that trade secrets are being leaked from one of the executives in the corporation. When reviewing this executive's laptop, they notice several pictures of the employee's pets are on the hard drive and on a cloud storage network. When the analyst hashes the images on the hard drive against the hashes on the cloud network, they do not match.
Which of the following describes how the employee is leaking these secrets?

Question512: An administrator was asked to review user accounts. Which of the following has the potential to cause the MOST amount of damage if the account was compromised?

Question513: Pete's corporation has outsourced help desk services to a large provider. Management has published a procedure that requires all users, when receiving support, to call a special number.
Users then need to enter the code provided to them by the help desk technician prior to allowing the technician to work on their PC. Which of the following does this procedure prevent?

Question514: The security administrator is implementing a malware storage system to archive all malware seen by the company into a central database. The malware must be categorized and stored based on similarities in the code. Which of the following should the security administrator use to identify similar malware?

Question515: A periodic update that corrects problems in one version of a product is called a

Question516: A large corporation has data centers geographically distributed across multiple continents. The company needs to securely transfer large amounts of data between the data center. The data transfer can be accomplished physically or electronically, but must prevent eavesdropping while the data is on transit.
Which of the following represents the BEST cryptographic solution?

Question517: Which of the following is mainly used for remote access into the network?

Question518: Pete, the system administrator, is reviewing his disaster recovery plans. He wishes to limit the downtime in the event of a disaster, but does not have the budget approval to implement or maintain an offsite location that ensures 99.99% availability. Which of the following would be Pete's BEST option?

Question519: Which of the following concepts defines the requirement for data availability?

Question520: Jane has recently implemented a new network design at her organization and wishes to passively identify security issues with the new network. Which of the following should Jane perform?

Question521: Ann, the security administrator, wishes to implement multifactor security. Which of the following should be implemented in order to compliment password usage and smart cards?

Question522: A security administrator wishes to protect session leys should a private key become discovered. Which of the following should be enabled in IPSec to allow this?

Question523: Which of the following forms of software testing can best be performed with no knowledge of how a system is internally structured or functions? (Choose Two.)

Question524: In order to enter a high-security data center, users are required to speak the correct password into a voice recognition system. Ann, a member of the sales department, overhears the password and later speaks it into the system. The system denies her entry and alerts the security team. Which of the following is the MOST likely reason for her failure to enter the data center?

Question525: Jane, a security analyst, is reviewing logs from hosts across the Internet which her company uses to gather data on new malware. Which of the following is being implemented by Jane's company?

Question526: Which of the following can be implemented in hardware or software to protect a web server from cross-site scripting attacks?

Question527: What is a system that is intended or designed to be broken into by an attacker?

Question528: An attacker used an undocumented and unknown application exploit to gain access to a file server. Which of the following BEST describes this type of attack?

Question529: In regard to secure coding practices, why is input validation important?

Question530: An administrator uses a server with a trusted OS and is configuring an application to go into production tomorrow, In order to make a new application work properly, the administrator creates a new policy that labels the application and assigns it a security context within the trusted OS. Which of the following control methods is the administrator using by configuring this policy?

Question531: Establishing a method to erase or clear cluster tips is an example of securing the following:

Question532: To ensure proper evidence collection, which of the following steps should be performed FIRST?

Question533: Users in the HR department were recently informed that they need to implement a user training and awareness program which is tailored to their department. Which of the following types of training would be the MOST appropriate for this department?

Question534: Which of the following describes purposefully injecting extra input during testing, possibly causing an application to crash?

Question535: A software firm posts patches and updates to a publicly accessible FTP site. The software firm also posts digitally signed checksums of all patches and updates. The firm does this to address:

Question536: An administrator has advised against the use of Bluetooth phones due to bluesnarfing concerns.
Which of the following is an example of this threat?

Question537: Which of the following cryptographic methods is most secure for a wireless access point?

Question538: During a recent audit, the auditors cited the company's current virtual machine infrastructure as a concern.
The auditors cited the fact that servers containing sensitive customer information reside on the same physical host as numerous virtual machines that follow less stringent security guild lines. Which of the following would be the best choice to implement to address this audit concern while maintain the current infrastructure?

Question539: A network security engineer notices unusual traffic on the network from a single IP attempting to access systems on port 23. Port 23 is not used anywhere on the network. Which of the following should the engineer do to harden the network from this type of intrusion in the future?

Question540: Which of the following is true about asymmetric encryption?

Question541: A company has several public conference room areas with exposed network outlets. In the past, unauthorized visitors and vendors have used the outlets for internet access. The help desk manager does not want the outlets to be disabled due to the number of training sessions in the conference room and the amount of time it takes to get the ports either patched in or enabled. Which of the following is the best option for meeting this goal?

Question542: Which of the following concepts is used by digital signatures to ensure integrity of the data?

Question543: Suspicious traffic without a specific signature was detected. Under further investigation, it was determined that these were false indicators. Which of the following security devices needs to be configured to disable future false alarms?

Question544: Which of the following transportation encryption protocols should be used to ensure maximum security between a web browser and a web server?

Question545: A set of standardized system images with a pre-defined set of applications is used to build end-user workstations. The security administrator has scanned every workstation to create a current inventory of all applications that are installed on active workstations and is documenting which applications are out-of-date and could be exploited. The security administrator is determining the:

Question546: Which of the following is an example of a false positive?

Question547: A security analyst implemented group-based privileges within the company active directory. Which of the following account management techniques should be undertaken regularly to ensure least privilege principles?

Question548: Ann, a security analyst, is preparing for an upcoming security audit.
Which of the following would Ann use to ensure that she identifies unapplied security controls and patches without attacking or compromising the system?

Question549: The IT department has setup a website with a series of questions to allow end users to reset their own accounts. Which of the following account management practices does this help?

Question550: Which of the following types of security services are used to support authentication for remote users and devices?

Question551: Which of the following protocols is MOST likely to be leveraged by users who need additional information about another user?

Question552: Which of the following authentication services combines authentication and authorization in a use profile and use UDP?

Question553: A security analyst informs the Chief Executive Officer (CEO) that a security breach has just occurred. This results in the Risk Manager and Chief Information Officer (CIO) being caught unaware when the CEO asks for further information. Which of the following strategies should be implemented to ensure the Risk Manager and CIO are not caught unaware in the future?

Question554: A database administrator would like to start encrypting database exports stored on the SAN, but the storage administrator warns that this may drastically increase the amount of disk space used by the exports. Which of the following explains the reason for the increase in disk space usage?

Question555: Certificates are used for: (Choose two.)

Question556: A server dedicated to the storage and processing of sensitive information was compromised with a rootkit and sensitive data was extracted. Which of the following incident response procedures is best suited to restore the server?

Question557: Which of the following tools would a security administrator use in order to identify all running services throughout an organization?

Question558: Which of the following attacks allows access to contact lists on cellular phones?

Question559: Using proximity card readers instead of the traditional key punch doors would help to mitigate:

Question560: A company wishes to prevent unauthorized employee access to the data center. Which of the following is the MOST secure way to meet this goal?

Question561: A database administrator receives a call on an outside telephone line from a person who states that they work for a well-known database vendor. The caller states there have been problems applying the newly released vulnerability patch for their database system, and asks what version is being used so that they can assist. Which of the following is the BEST action for the administrator to take?

Question562: An application developer has tested some of the known exploits within a new application. Which of the following should the administrator utilize to test for unidentified faults or memory leaks?

Question563: During which of the following phases of the Incident Response process should a security administrator define and implement general defense against malware?

Question564: Mike, a user, states that he is receiving several unwanted emails about home loans.
Which of the following is this an example of?

Question565: It is important to staff who use email messaging to provide PII to others on a regular basis to have confidence that their messages are not intercepted or altered during transmission.
Which of the following types of security control are they concerned about?

Question566: An employee from the fire Marshall's office arrives to inspect the data center. The operator allows him to bypass the multi-factor authentication to enter the data center. Which of the following types of attacks may be underway?

Question567: A company has been attacked and their website has been altered to display false information. The security administrator disables the web server service before restoring the website from backup. An audit was performed on the server and no other data was altered. Which of the following should be performed after the server has been restored?

Question568: A security administrator has installed a new KDC for the corporate environment. Which of the following authentication protocols is the security administrator planning to implement across the organization?

Question569: An attacker is attempting to insert malicious code into an installer file that is available on the internet. The attacker is able to gain control of the web server that houses both the installer and the web page which features information about the downloadable file. To implement the attack and delay detection, the attacker should modify both the installer file and the:

Question570: A network inventory discovery application requires non-privileged access to all hosts on a network for inventory of installed applications. A service account is created by the network inventory discovery application for accessing all hosts. Which of the following is the MOST efficient method for granting the account non-privileged access to the hosts?

Question571: Which of the following security benefits would be gained by disabling a terminated user account rather than deleting it?

Question572: An employee's mobile device associates with the company's guest WiFi SSID, but then is unable to retrieve email. The email settings appear to be correct. Which of the following is the MOST likely cause?

Question573: Which of the following implementation steps would be appropriate for a public wireless hotspot?

Question574: In which of the following steps of incident response does a team analyze the incident and determine steps to prevent a future occurrence?

Question575: Users need to exchange a shared secret to begin communicating securely. Which of the following is another name for this symmetric key?

Question576: Data execution prevention is a feature in most operating systems intended to protect against which type of attack?

Question577: An employee attempts to go to a well-known bank site using the company-standard web browser by correctly typing in the address of the site into the web browser. The employee is directed to a website that looks like the bank's site but is not the actual bank site. The employee's user name and password are subsequently stolen.
Which of the following is this an example of?

Question578: A company's chief information officer (CIO) has analyzed the financial loss associated with the company's database breach. They calculated that one single breach could cost the company $1,000,000 at a minimum. Which of the following documents is the CIO MOST likely updating?

Question579: A network technician has received comments from several users that cannot reach a particular website.
Which of the following commands would provide the BEST information about the path taken across the network to this website?

Question580: A company with a US-based sales force has requested that the VPN system be configured to authenticate the sales team based on their username, password and a client side certificate.
Additionally, the security administrator has restricted the VPN to only allow authentication from the US territory. How many authentication factors are in use by the VPN system?

Question581: A security technician received notification of a remotely exploitable vulnerability affecting all multifunction printers firmware installed throughout the organization. The vulnerability allows a malicious user to review all the documents processed by the affected printers. Which of the following compensating controls can the security technician to mitigate the security risk of a sensitive document leak?

Question582: An internal auditing team would like to strengthen the password policy to support special characters.
Which of the following types of password controls would achieve this goal?

Question583: A large multinational corporation with networks in 30 countries wants to establish an understanding of their overall public-facing network attack surface. Which of the following security techniques would be BEST suited for this?

Question584: Which of the following devices would be the MOST efficient way to filter external websites for staff on an internal network?

Question585: Ann a security technician receives a report from a user that is unable to access an offsite SSN server. Ann checks the firewall and sees the following rules:
Allow TCP 80
Allow TCP 443
Deny TCP 23
Deny TCP 20
Deny TCP 21
Which of the following is preventing the users from accessing the SSH server?

Question586: A recent audit has revealed that several users have retained permissions to systems they should no longer have rights to after being promoted or changed job positions. Which of the following controls would BEST mitigate this issue?

Question587: Which of the following concepts describes the use of a one-way transformation in order to validate the integrity of a program?

Question588: Which of the following types of wireless attacks would be used specifically to impersonate another WAP in order to gain unauthorized information from mobile users?

Question589: A small company has a website that provides online customer support. The company requires an account recovery process so that customers who forget their passwords can regain access.
Which of the following is the BEST approach to implement this process?

Question590: Purchasing receives an automated phone call from a bank asking to input and verify credit card information. The phone number displayed on the caller ID matches the bank. Which of the following attack types is this?

Question591: A cafe provides laptops for Internet access to their customers. The cafe is located in the center corridor of a busy shopping mall. The company has experienced several laptop thefts from the cafe during peak shopping hours of the day. Corporate has asked that the IT department provide a solution to eliminate laptop theft. Which of the following would provide the IT department with the BEST solution?

Question592: Which of the following password attacks is MOST likely to crack the largest number of randomly generated passwords?

Question593: An organization's security policy states that users must authenticate using something you do. Which of the following would meet the objectives of the security policy?

Question594: Which of the following types of authentication packages user credentials in a ticket?

Question595: SIMULATION
A security administrator discovers that an attack has been completed against a node on the corporate network. All available logs were collected and stored.
You must review all network logs to discover the scope of the attack, check the box of the node(s) that have been compromised and drag and drop the appropriate actions to complete the incident response on the network. The environment is a critical production environment; perform the LEAST disruptive actions on the network, while still performing the appropriate incident responses.
Instructions: The web server, database server, IDS, and User PC are clickable. Check the box of the node (s) that have been compromised and drag and drop the appropriate actions to complete the incident response on the network. Not all actions may be used, and order is not important. If at anytime you would like to bring back the initial state of the simulation, please select the Reset button. When you have completed the simulation, please select the Done button to submit. Once the simulation is submitted, please select the Next button to continue.

Question596: Joe the system administrator has noticed an increase in network activity from outside sources. He wishes to direct traffic to avoid possible penetration while heavily monitoring the traffic with little to no impact on the current server load. Which of the following would be BEST course of action?

Question597: Which of the following relies on the use of shared secrets to protect communication?

Question598: Which of the following types of encryption will help in protecting files on a PED?

Question599: Which of the following is a hardware-based security technology included in a computer?

Question600: A datacenter has suffered repeated burglaries which led to equipment theft and arson. In the past, the thieves have demonstrated a determination to bypass any installed safeguards. After mantraps were installed to prevent tailgating, the thieves crashed through the wall of datacenter with a vehicle after normal business hours. Which of the following options could improve the safety and security of the datacenter further? (Choose two)

Question601: Which of the following is the BEST way to prevent Cross-Site Request Forgery (XSRF) attacks?

Question602: A security administrator wants to get a real time look at what attackers are doing in the wild, hoping to lower the risk of zero-day attacks. Which of the following should be used to accomplish this goal?

Question603: During a disaster recovery planning session, a security administrator has been tasked with determining which threats and vulnerabilities pose a risk to the organization.
Which of the following should the administrator rate as having the HIGHEST frequency of risk to the organization?

Question604: Which of the following documents outlines the technical and security requirements of an agreement between organizations?

Question605: Which of the following internal security controls is aimed at preventing two system administrators from completing the same tasks?

Question606: Which of the following can take advantage of man-in-the-middle techniques to prevent data exfiltration?

Question607: DRAG DROP
You have been tasked with designing a security plan for your company. Drag and drop the appropriate security controls on the floor plan-Instructions: All objects must be used and all place holders must be filled. Order does not matter. When you have completed the simulation, please select the Done button to submit.
Select and Place:

Question608: Which of the following is the best practice for error and exception handling?

Question609: A company's employees were victims of a spear phishing campaign impersonating the CEO. The company would now like to implement a solution to improve the overall security posture by assuring their employees that email originated from the CEO. Which of the following controls could they implement to BEST meet this goal?

Question610: The method to provide end users of IT systems and applications with requirements related to acceptable use, privacy, new threats and trends, and use of social networking is:

Question611: Which of the following is it MOST difficult to harden against?

Question612: During a routine configuration audit, a systems administrator determines that a former employee placed an executable on an application server. Once the system was isolated and diagnosed, it was determined that the executable was programmed to establish a connection to a malicious command and control server.
Which of the following forms of malware is best described in the scenario?

Question613: A group of users from multiple departments are working together on a project and will maintain their digital output in a single location. Which of the following is the BEST method to ensure access is restricted to use by only these users?

Question614: A system administrator has made several unauthorized changes to the server cluster that resulted in a major outage. This event has been brought to the attention of the Chief Information Office (CIO) and he has requested immediately implement a risk mitigation strategy to prevent this type of event from reoccurring.
Which of the following would be the BEST risk mitigation strategy to implement in order to meet this request?

Question615: Which of the following presents the STRONGEST access control?

Question616: Which of the following should an administrator implement to research current attack methodologies?

Question617: Which of the following attacks initiates a connection by sending specially crafted packets in which multiple TCP flags are set to 1?

Question618: Which of the following are unique to white box testing methodologies? (Choose two)

Question619: The Chief Executive Officer (CEO) receives a suspicious voice mail warning of credit card fraud. No one else received the voice mail. Which of the following BEST describes this attack?

Question620: The datacenter design team is implementing a system, which requires all servers installed in racks to face in a predetermined direction. AN infrared camera will be used to verify that servers are properly racked.
Which of the following datacenter elements is being designed?

Question621: Pete, the system administrator, has blocked users from accessing social media websites.
In addition to protecting company information from being accidentally leaked, which additional security benefit does this provide?

Question622: The information security team does a presentation on social media and advises the participants not to provide too much personal information on social media websites.
Which of the following would this advice BEST protect people from?

Question623: An administrator has successfully implemented SSL on srv4.comptia.com using wildcard certificate
*.comptia.com, and now wishes to implement SSL on srv5.comptia.com. Which of the following files should be copied from srv4 to accomplish this?

Question624: A custom PKI application downloads a certificate revocation list (CRL) once per day. Management requests the list be checked more frequently. Which of the following is the BEST solution?

Question625: Given the following set of firewall rules:
From the inside to outside allow source any destination any port any
From inside to dmz allow source any destination any port tcp-80
From inside to dmz allow source any destination any port tcp-443
Which of the following would prevent FTP traffic from reaching a server in the DMZ from the inside network?

Question626: A security technician has been asked to recommend an authentication mechanism that will allow users to authenticate using a password that will only be valid for a predefined time interval. Which of the following should the security technician recommend?

Question627: After connecting to the corporate network a user types the URL if a popular social media website in the browser but reports being redirected to a login page with the corporate logo. Which of the following is this an example of?

Question628: The call center supervisor has reported that many employees have been playing preinstalled games on company computers and this is reducing productivity.
Which of the following would be MOST effective for preventing this behavior?

Question629: A network administrator recently updated various network devices to ensure redundancy throughout the network. If an interface on any of the Layer 3 devices were to go down, traffic will still pass through another interface and the production environment would be unaffected.
Which of the following concepts represents this type of configuration?

Question630: An administrator has to determine host operating systems on the network and has deployed a transparent proxy. Which of the following fingerprint types would this solution use?

Question631: Ann a network administrator has been tasked with strengthening the authentication of users logging into systems in area containing sensitive information. Users log in with usernames and passwords, following by a retinal scan. Which of the following could she implement to add an additional factor of authorization?

Question632: A company wants to prevent unauthorized access to its secure data center. Which of the following security controls would be MOST appropriate?

Question633: Which of the following would be used when a higher level of security is desired for encryption key storage?

Question634: A network analyst received a number of reports that impersonation was taking place on the network.
Session tokens were deployed to mitigate this issue and defend against the following attacks:

Question635: Ann would like to forward some Personal Identifiable Information to her HR department by email, but she is worried about the confidentiality of the information. Which of the following will accomplish this task securely?

Question636: Which of the following would be used to identify the security posture of a network without actually exploiting any weaknesses?

Question637: Input validation is an important security defense because it:

Question638: Which of the following can be used for both encryption and digital signatures?

Question639: A company uses PGP to ensure that sensitive email is protected. Which of the following types of cryptography is being used here for the key exchange?

Question640: A forensic analyst is reviewing electronic evidence after a robbery. Security cameras installed at the site were facing the wrong direction to capture the incident. The analyst ensures the cameras are turned to face the proper direction. Which of the following types of controls is being used?

Question641: Which of the following should be considered to mitigate data theft when using CAT5 wiring?

Question642: When a communications plan is developed for disaster recovery and business continuity plans, the MOST relevant items to include would be: (Choose two.)

Question643: A company is trying to implement physical deterrent controls to improve the overall security posture of their data center. Which of the following BEST meets their goal?

Question644: A server crashes at 6 pm. Senior management has determined that data must be restored within two hours of a server crash. Additionally, a loss of more than one-hour worth of data is detrimental to the company's financial well-being.
Which of the following is the RTO?

Question645: Ann is a member of the Sales group. She needs to collaborate with Joe, a member of the IT group, to edit a file. Currently, the file has the following permissions:
Ann:read/write
Sales Group:read
IT Group:no access
If a discretionary access control list is in place for the files owned by Ann, which of the following would be the BEST way to share the file with Joe?

Question646: Joe, an administrator, installs a web server on the Internet that performs credit card transactions for customer payments. Joe also sets up a second web server that looks like the first web server.
However, the second server contains fabricated files and folders made to look like payments were processed on this server but really were not. Which of the following is the second server?

Question647: A group policy requires users in an organization to use strong passwords that must be changed every 15 days. Joe and Ann were hired 16 days ago. When Joe logs into the network, he is prompted to change his password; when Ann logs into the network, she is not prompted to change her password. Which of the following BEST explains why Ann is not required to change her password?

Question648: Which of the following security architecture elements also has sniffer functionality? (Choose two.)

Question649: Various employees have lost valuable customer data due to hard drives failing in company provided laptops. It has been discovered that the hard drives used in one model of laptops provided by the company has been recalled by the manufactory. The help desk is only able to replace the hard drives after they fail because there is no centralized record of the model of laptop given to each specific user. Which of the following could have prevented this situation from occurring?

Question650: A program has been discovered that infects a critical Windows system executable and stays dormant in memory. When a Windows mobile phone is connected to the host, the program infects the phone's boot loader and continues to target additional Windows PCs or phones. Which of the following malware categories BEST describes this program?

Question651: The Chief Technical Officer (CTO) has tasked The Computer Emergency Response Team (CERT) to develop and update all Internal Operating Procedures and Standard Operating Procedures documentation in order to successfully respond to future incidents. Which of the following stages of the Incident Handling process is the team working on?

Question652: A security technician is attempting to improve the overall security posture of an internal mail server. Which of the following actions would BEST accomplish this goal?

Question653: A company recently experienced data loss when a server crashed due to a midday power outage.
Which of the following should be used to prevent this from occurring again?

Question654: An administrator is investigating a system that may potentially be compromised, and sees the following log entries on the router.
*Jul 15 14:47:29.779:%Router1: list 101 permitted tcp 192.10.3.204(57222) (FastEthernet 0/3) -> 10.10.1.5 (6667), 3 packets.
*Jul 15 14:47:38.779:%Router1: list 101 permitted tcp 192.10.3.204(57222) (FastEthernet 0/3) -> 10.10.1.5 (6667), 6 packets.
*Jul 15 14:47:45.779:%Router1: list 101 permitted tcp 192.10.3.204(57222) (FastEthernet 0/3) -> 10.10.1.5 (6667), 8 packets.
Which of the following BEST describes the compromised system?

Question655: Matt, an administrator, is concerned about the wireless network being discovered by war driving.
Which of the following can be done to mitigate this?

Question656: Which of the following would allow users from outside of an organization to have access to internal resources?

Question657: A rogue programmer included a piece of code in an application to cause the program to halt at 2:00 PM on Monday afternoon when the application is most utilized.
Which of the following types of malware is this?

Question658: A security technician wants to improve the strength of a weak key by making it more secure against brute force attacks. Which of the following would achieve this?

Question659: A security administrator wants to check user password complexity. Which of the following is the BEST tool to use?

Question660: A company that purchased an HVAC system for the datacenter is MOST concerned with he following:

Question661: A merchant acquirer has the need to store credit card numbers in a transactional database in a high performance environment. Which of the following BEST protects the credit card data?

Question662: Mike, a security professional, is tasked with actively verifying the strength of the security controls on a company's live modem pool. Which of the following activities is MOST appropriate?

Question663: An attacker Joe configures his service identifier to be the same as an access point advertised on a billboard. Joe then conducts a denial of service attack against the legitimate AP causing users to drop their connections and then reconnect to Joe's system with the same SSID. Which of the following Best describes this type of attack?

Question664: Which of the following attacks targets high level executives to gain company information?

Question665: An administrator would like to utilize encryption that has comparable speed and strength to the AES cipher without using AES itself. The cipher should be able to operate in the same modes as AES and utilize the same minimum bit strength. Which of the following algorithms should the administrator select?

Question666: A worker dressed in a fire suppression company's uniform asks to be let into the server room to perform the annual check in the fire extinguishers. The system administrator allows the worker into the room, only to discover hours later that the worker was actually a penetration tester. Which of the following reasons allowed the penetration tester to access the server room?

Question667: A corporate wireless guest network uses an open SSID with a captive portal to authenticate guest users.
Guests can obtain their portal password at the service desk. A security consultant alerts the administrator that the captive portal is easily bypassed, as long as one other wireless guest user is on the network.
Which of the following attacks did the security consultant use?

Question668: The concept of rendering data passing between two points over an IP based network impervious to all but the most sophisticated advanced persistent threats is BEST categorized as which of the following?

Question669: A recent audit has discovered that at the time of password expiration clients are able to recycle the previous credentials for authentication. Which of the following controls should be used together to prevent this from occurring? (Choose two.)

Question670: A company has recently allowed employees to take advantage of BYOD by installing WAPs throughout the corporate office. An employee, Joe, has recently begun to view inappropriate material at work using his personal laptop. When confronted, Joe indicated that he was never told that he could not view that type of material on his personal laptop. Which of the following should the company have employees acknowledge before allowing them to access the corporate WLAN with their personal devices?

Question671: A recent audit has revealed weaknesses in the process of deploying new servers and network devices.
Which of the following practices could be used to increase the security posture during deployment?
(Choose two.)

Question672: Which of the following helps to apply the proper security controls to information?

Question673: Purchasing receives a phone call from a vendor asking for a payment over the phone. The phone number displayed on the caller ID matches the vendor's number. When the purchasing agent asks to call the vendor back, they are given a different phone number with a different area code.
Which of the following attack types is this?

Question674: A company has had their web application become unavailable several times in the past few months due to increased demand. Which of the following should the company perform to increase availability?

Question675: Which of the following is characterized by an attacker attempting to map out an organization's staff hierarchy in order to send targeted emails?

Question676: Ann an employee is visiting Joe, an employee in the Human Resources Department. While talking to Joe, Ann notices a spreadsheet open on Joe's computer that lists the salaries of all employees in her department. Which of the following forms of social engineering would BEST describe this situation?

Question677: An administrator is building a development environment and requests that three virtual servers are cloned and placed in a new virtual network isolated from the production network. Which of the following describes the environment the administrator is building?

Question678: A vulnerability assessment indicates that a router can be accessed from default port 80 and default port
22. Which of the following should be executed on the router to prevent access via these ports? (Choose two.)

Question679: Which of the following helps to establish an accurate timeline for a network intrusion?

Question680: Jane, a security administrator, needs to implement a secure wireless authentication method that uses a remote RADIUS server for authentication.
Which of the following is an authentication method Jane should use?

Question681: HOTSPOT
For each of the given items, select the appropriate authentication category from the dropdown choices.
Instructions: When you have completed the simulation, please select the Done button to submit.
Hot Area:

Question682: When a new network drop was installed, the cable was run across several fluorescent lights. The users of the new network drop experience intermittent connectivity. Which of the following environmental controls was MOST likely overlooked during installation?

Question683: Which of the following BEST explains Platform as a Service?

Question684: After Ann, a user, logs into her banking websites she has access to her financial institution mortgage, credit card, and brokerage websites as well. Which of the following is being described?

Question685: The process of making certain that an entity (operating system, application, etc.) is as secure as it can be known as:

Question686: Joe, the system administrator, has been asked to calculate the Annual Loss Expectancy (ALE) for a
$5,000 server, which often crashes. In the past year, the server has crashed 10 times, requiring a system reboot to recover with only 10% loss of data or function. Which of the following is the ALE of this server?

Question687: How often, at a MINIMUM, should Sara, an administrator, review the accesses and rights of the users on her system?

Question688: A technician is investigating intermittent switch degradation. The issue only seems to occur when the building's roof air conditioning system runs. Which of the following would reduce the connectivity issues?

Question689: A chief information security officer (CISO) is providing a presentation to a group of network engineers. In the presentation, the CISO presents information regarding exploit kits. Which of the following might the CISO present?

Question690: Sara, a hacker, is completing a website form to request a free coupon. The site has a field that limits the request to 3 or fewer coupons. While submitting the form, Sara runs an application on her machine to intercept the HTTP POST command and change the field from 3 coupons to 30.
Which of the following was used to perform this attack?

Question691: A security administrator is designing an access control system, with an unlimited budget, to allow authenticated users access to network resources. Given that a multifactor authentication solution is more secure, which of the following is the BEST combination of factors?

Question692: Joe, the system administrator, is performing an overnight system refresh of hundreds of user computers.
The refresh has a strict timeframe and must have zero downtime during business hours. Which of the following should Joe take into consideration?

Question693: Which of the following can only be mitigated through the use of technical controls rather that user security training?

Question694: Ann is starting a disaster recovery program. She has gathered specifics and team members for a meeting on site. Which of the following types of tests is this?

Question695: To mitigate the risk of intrusion, an IT Manager is concerned with using secure versions of protocols and services whenever possible. In addition, the security technician is required to monitor the types of traffic being generated. Which of the following tools is the technician MOST likely to use?

Question696: Anne, an employee, receives the following email:
From: Human Resources
To: Employee
Subject: Updated employee code of conduct
Please click on the following link: http//external.site.com/codeofconduct.exe to review the updated code of conduct at your earliest convenience.
After clicking the email link, her computer is compromised. Which of the following principles of social engineering was used to lure Anne into clicking the phishing link in the above email?

Question697: In order for network monitoring to work properly, you need a PC and a network card running in what mode?

Question698: Employees are reporting that they have been receiving a large number of emails advertising products and services. Links in the email direct the users' browsers to the websites for the items being offered. No reports of increased virus activity have been observed. A security administrator suspects that the users are the targets of:

Question699: A security technician would like an application to use random salts to generate short lived encryption leys during the secure communication handshake process to increase communication security. Which of the following concepts would BEST meet this goal?

Question700: Which of the following controls should critical application servers implement to protect themselves from other potentially compromised application services?

Question701: A server administrator notes that a fully patched application often stops running due to a memory error.
When reviewing the debugging logs, they notice code being run calling an internal process to exploit the machine.
Which of the following attacks does this describes?

Question702: Datacenter access is controlled with proximity badges that record all entries and exits from the datacenter.
The access records are used to identify which staff members accessed the data center in the event of equipment theft. Which of the following MUST be prevented in order for this policy to be effective?

Question703: Which of the following is a security concern regarding users bringing personally-owned devices that they connect to the corporate network?

Question704: A one-time security audit revealed that employees do not have the appropriate access to system resources. The auditor is concerned with the fact that most of the accounts audited have unneeded elevated permission to sensitive resources. Which of the following was implemented to detect this issue?

Question705: Which of the following security strategies allows a company to limit damage to internal systems and provides loss control?

Question706: A company has recently begun to provide internal security awareness for employees. Which of the following would be used to demonstrate the effectiveness of the training?

Question707: Which of the following data security techniques will allow Matt, an IT security technician, to encrypt a system with speed as its primary consideration?

Question708: A bank has recently deployed mobile tablets to all loan officers for use at customer sites. Which of the following would BEST prevent the disclosure of customer data in the event that a tablet is lost or stolen?

Question709: Joe analyzed the following log and determined the security team should implement which of the following as a mitigation method against further attempts?
Host 192.168.1.123
[00: 00: 01]Successful Login: 015 192.168.1.123 : local
[00: 00: 03]Unsuccessful Login: 022 214.34.56.006 : RDP 192.168.1.124
[00: 00: 04]UnSuccessful Login: 010 214.34.56.006 : RDP 192.168.1.124
[00: 00: 07]UnSuccessful Login: 007 214.34.56.006 : RDP 192.168.1.124
[00: 00: 08]UnSuccessful Login: 003 214.34.56.006 : RDP 192.168.1.124

Question710: Which of the following best describes the reason for using hot and cold aisles?

Question711: One of the most basic ways to protect the confidentiality of data on a laptop in the event the device is physically stolen is to implement the following:

Question712: Ann, a security administrator, wishes to replace their RADIUS authentication with a more secure protocol, which can utilize EAP. Which of the following would BEST fit her objective?

Question713: Which of the following BEST represents the goal of a vulnerability assessment?

Question714: Which of the following is BEST carried out immediately after a security breach is discovered?

Question715: Ann, a security administrator, is strengthening the security controls of the company's campus. Her goal is to prevent people from accessing open locations that are not supervised, such as around the receiving dock. She is also concerned that employees are using these entry points as a way of bypassing the security guard at the main entrance. Which of the following should Ann recommend that would BEST address her concerns?

Question716: Joe, a security analyst, is attempting to determine if a new server meets the security requirements of his organization. As a step in this process, he attempts to identify a lack of security controls and to identify common misconfigurations on the server. Which of the following is Joe attempting to complete?

Question717: Which of the following would a security administrator implement in order to identify change from the standard configuration on a server?

Question718: A security manager is discussing change in the security posture of the network, if a proposed application is approved for deployment. Which of the following is the MOST important the security manager must rely upon to help make this determination?

Question719: Due to issues with building keys being duplicated and distributed, a security administrator wishes to change to a different security control regarding a restricted area. The goal is to provide access based upon facial recognition. Which of the following will address this requirement?

Question720: A network administrator argues that WPA2 encryption is not needed, as MAC filtering is enabled on the access point. Which of the following would show the administrator that wpa2 is also needed?

Question721: Which of the following can be used to maintain a higher level of security in a SAN by allowing isolation of mis-configurations or faults?

Question722: Which of the following techniques describes the use of application isolation during execution to prevent system compromise if the application is compromised?

Question723: A large bank has moved back office operations offshore to another country with lower wage costs in an attempt to improve profit and productivity. Which of the following would be a customer concern if the offshore staff had direct access to their data?

Question724: A security assurance officer is preparing a plan to measure the technical state of a customer's enterprise.
The testers employed to perform the audit will be given access to the customer facility and network. The testers will not be given access to the details of custom developed software used by the customer.
However, the testers with have access to the source code for several open source applications and pieces of networking equipment used at the facility, but these items will not be within the scope of the audit.
Which of the following BEST describes the appropriate method of testing or technique to use in this scenario? (Choose two.)

Question725: Access mechanisms to data on encrypted USB hard drives must be implemented correctly otherwise:

Question726: The manager has a need to secure physical documents every night, since the company began enforcing the clean desk policy. The BEST solution would include: (Choose two.)

Question727: A technician has deployed a new VPN concentrator. The device needs to authenticate users based on a backend directory service. Which of the following services could be run on the VPN concentrator to perform this authentication?

Question728: One of the findings of risk assessment is that many of the servers on the data center subnet contain data that is in scope for PCI compliance, Everyone in the company has access to these servers, regardless of their job function. Which of the following should the administrator do?

Question729: A network administrator noticed various chain messages have been received by the company.
Which of the following security controls would need to be implemented to mitigate this issue?

Question730: Which of the following will provide data encryption, key management and secure application launching?

Question731: Which of the following disaster recovery strategies has the highest cost and shortest recovery time?

Question732: Which of the following practices reduces the management burden of access management?

Question733: A security administrator is reviewing the company's continuity plan. The plan specifies an RTO of six hours and RPO of two days. Which of the following is the plan describing?

Question734: Ann, the Chief Technology Officer (CTO), has agreed to allow users to bring their own device (BYOD) in order to leverage mobile technology without providing every user with a company owned device. She is concerned that users may not understand the company's rules, and she wants to limit potential legal concerns. Which of the following is the CTO concerned with?

Question735: Which of the following ports is used for TELNET by default?

Question736: Which of the following can be used by a security administrator to successfully recover a user's forgotten password on a password protected file?

Question737: Which of the following incident response plan steps would MOST likely engaging business professionals with the security team to discuss changes to existing procedures?

Question738: A company needs to provide a secure backup mechanism for key storage in a PKI. Which of the following should the company implement?

Question739: The information security technician wants to ensure security controls are deployed and functioning as intended to be able to maintain an appropriate security posture. Which of the following security techniques is MOST appropriate to do this?

Question740: Pete, an IT Administrator, needs to secure his server room. Which of the following mitigation methods would provide the MOST physical protection?

Question741: A security administrator wishes to prevent certain company devices from using specific access points, while still allowing them on others. All of the access points use the same SSID and wireless password.
Which of the following would be MOST appropriate in this scenario?

Question742: Ann is concerned that the application her team is currently developing is vulnerable to unexpected user input that could lead to issues within the memory is affected in a detrimental manner leading to potential exploitation. Which of the following describes this application threat?

Question743: The company's sales team plans to work late to provide the Chief Executive Officer (CEO) with a special report of sales before the quarter ends. After working for several hours, the team finds they cannot save or print the reports.
Which of the following controls is preventing them from completing their work?

Question744: An administrator, Ann, wants to ensure that only authorized devices are connected to a switch. She decides to control access based on MAC addresses. Which of the following should be configured?

Question745: The security manager wants to unify the storage of credential, phone numbers, office numbers, and address information into one system. Which of the following is a system that will support the requirement on its own?

Question746: Human Resources suspects an employee is accessing the employee salary database. The administrator is asked to find out who it is. In order to complete this task, which of the following is a security control that should be in place?

Question747: The Chief Information Officer (CIO) is concerned with moving an application to a SaaS cloud provider.
Which of the following can be implemented to provide for data confidentiality assurance during and after the migration to the cloud?

Question748: One of the servers on the network stops responding due to lack of available memory. Server administrators did not have a clear definition of what action should have taken place based on the available memory. Which of the following would have BEST kept this incident from occurring?

Question749: An administrator has concerns regarding the company's server rooms. Proximity badge readers were installed, but it is discovered this is not preventing unapproved personnel from tailgating into these areas.
Which of the following would BEST address this concern?

Question750: Which of the following access controls enforces permissions based on data labeling at specific levels?

Question751: An administrator is concerned that a company's web server has not been patched. Which of the following would be the BEST assessment for the administrator to perform?

Question752: Which of the following MOST interferes with network-based detection techniques?

Question753: Which of the following types of technologies is used by security and research personnel for identification and analysis of new security threats in a networked environment by using false data/hosts for information collection?

Question754: Which of the following application attacks is used against a corporate directory service where there are unknown servers on the network?

Question755: Which of the following concepts is enforced by certifying that email communications have been sent by who the message says it has been sent by?

Question756: Requiring technicians to report spyware infections is a step in which of the following?

Question757: A company replaces a number of devices with a mobile appliance, combining several functions.
Which of the following descriptions fits this new implementation? (Choose two.)

Question758: A webpage displays a potentially offensive advertisement on a computer. A customer walking by notices the displayed advertisement and files complaint. Which of the following can BEST reduce the likelihood of this incident occurring again?

Question759: A risk management team indicated an elevated level of risk due to the location of a corporate datacenter in a region with an unstable political climate. The chief information officer (CIO) accepts the recommendation to transition the workload to an alternate datacenter in a more stable region. Which of the following forms of risk mitigation has the CIO elected to pursue?

Question760: Which of the following is the MOST specific plan for various problems that can arise within a system?

Question761: An administrator notices that former temporary employees' accounts are still active on a domain.
Which of the following can be implemented to increase security and prevent this from happening?

Question762: Which of the following attacks involves the use of previously captured network traffic?

Question763: Which of the following can Joe, a security administrator, implement on his network to capture attack details that are occurring while also protecting his production network?

Question764: Why would a technician use a password cracker?

Question765: DRAG DROP
A security administrator is given the security and availability profiles for servers that are being deployed.
Match each RAID type with the correct configuration and MINIMUM number of drives.
Review the server profiles and match them with the appropriate RAID type based on integrity, availability, I/ O, storage requirements. Instructions:
All drive definitions can be dragged as many times as necessary
Not all placeholders may be filled in the RAID configuration boxes
If parity is required, please select the appropriate number of parity checkboxes Server profiles may be dragged only once Instructions: If at any time you would like to bring back the initial state of the simulation, please select the Reset button. When you have completed the simulation, please select the Done button to submit. Once the simulation is submitted, please select the Next button to continue.
Select and Place:

Question766: A user has called the help desk to report an enterprise mobile device was stolen. The technician receiving the call accesses the MDM administration portal to identify the device's last known geographic location.
The technician determines the device is still communicating with the MDM. After taking note of the last known location, the administrator continues to follow the rest of the checklist. Which of the following identifies a possible next step for the administrator?

Question767: Ann a new security specialist is attempting to access the internet using the company's open wireless network. The wireless network is not encrypted: however, once associated, ANN cannot access the internet or other company resources. In an attempt to troubleshoot, she scans the wireless network with NMAP, discovering the only other device on the wireless network is a firewall. Which of the following BEST describes the company's wireless network solution?

Question768: The Chief Information Officer (CIO) receives an anonymous threatening message that says "beware of the
1st of the year". The CIO suspects the message may be from a former disgruntled employee planning an attack.
Which of the following should the CIO be concerned with?

Question769: An administrator is assigned to monitor servers in a data center. A web server connected to the Internet suddenly experiences a large spike in CPU activity. Which of the following is the MOST likely cause?

Question770: Which of the following is an example of establishing a published chart of roles, responsibilities, and chain of command to be used during a disaster?

Question771: A technician reports a suspicious individual is seen walking around the corporate campus. The individual is holding a smartphone and pointing a small antenna, in order to collect SSIDs. Which of the following attacks is occurring?

Question772: Which of the following types of attacks is based on coordinating small slices of a task across multiple systems?

Question773: The ore-sales engineering team needs to quickly provide accurate and up-to-date information to potential clients. This information includes design specifications and engineering data that is developed and stored using numerous applications across the enterprise. Which of the following authentication technique is MOST appropriate?

Question774: A company executive's laptop was compromised, leading to a security breach. The laptop was placed into storage by a junior system administrator and was subsequently wiped and re-imaged. When it was determined that the authorities would need to be involved, there was little evidence to present to the investigators. Which of the following procedures could have been implemented to aid the authorities in their investigation?

Question775: A software developer wants to prevent stored passwords from being easily decrypted. When the password is stored by the application, additional text is added to each password before the password is hashed. This technique is known as:

Question776: Which of the following is the BEST reason for placing a password lock on a mobile device?

Question777: A company hosts its public websites internally. The administrator would like to make some changes to the architecture.
The three goals are:
1. reduce the number of public IP addresses in use by the web servers
2. drive all the web traffic through a central point of control
3. mitigate automated attacks that are based on IP address scanning
Which of the following would meet all three goals?

Question778: Joe is the accounts payable agent for ABC Company. Joe has been performing accounts payable function for the ABC Company without any supervision. Management has noticed several new accounts without billing invoices that were paid. Which of the following is the BEST management option for review of the new accounts?

Question779: After a production outage, which of the following documents contains detailed information on the order in which the system should be restored to service?

Question780: A security administrator has concerns regarding employees saving data on company provided mobile devices. Which of the following would BEST address the administrator's concerns?

Question781: A customer service department has a business need to send high volumes of confidential information to customers electronically. All emails go through a DLP scanner. Which of the following is the BEST solution to meet the business needs and protect confidential information?

Question782: Verifying the integrity of data submitted to a computer program at or during run-time, with the intent of preventing the malicious exploitation of unintentional effects in the structure of the code, is BEST described as the following:

Question783: Which of the following is an advantage of implementing individual file encryption on a hard drive which already deploys full disk encryption?

Question784: DRAG DROP
Drag the items on the left to show the different types of security for the shown devices. Not all fields need to be filled. Not all items need to be used.
Select and Place:

Question785: While preparing for an audit a security analyst is reviewing the various controls in place to secure the operation of financial processes within the organization. Based on the pre assessment report, the department does not effectively maintain a strong financial transaction control environment due to conflicting responsibilities held by key personnel. If implemented, which of the following security concepts will most effectively address the finding?

Question786: Highly sensitive data is stored in a database and is accessed by an application on a DMZ server. The disk drives on all servers are fully encrypted. Communication between the application server and end-users is also encrypted. Network ACLs prevent any connections to the database server except from the application server. Which of the following can still result in exposure of the sensitive data in the database server?

Question787: XYZ Corporation is about to purchase another company to expand its operations. The CEO is concerned about information leaking out, especially with the cleaning crew that comes in at night.
The CEO would like to ensure no paper files are leaked. Which of the following is the BEST policy to implement?

Question788: An internal auditor is concerned with privilege creep that is associated with transfers inside the company.
Which mitigation measure would detect and correct this?

Question789: Which of the following types of cloud computing would be MOST appropriate if an organization required complete control of the environment?

Question790: A company is starting to allow employees to use their own personal devices without centralized management. Employees must contact IT to have their devices configured to use corporate email; access is also available to the corporate cloud-based servers. Which of the following is the BEST policy to implement under these circumstances?

Question791: The security department has implemented a new laptop encryption product in the environment. The product requires one user name and password at the time of boot up and also another password after the operating system has finished loading.
Which of the following authentication types is this setup using?

Question792: Which of the following concepts is BEST described as developing a new chain of command in the event of a contingency?

Question793: A security audit identifies a number of large email messages being sent by a specific user from their company email account to another address external to the company. These messages were sent prior to a company data breach, which prompted the security audit. The user was one of a few people who had access to the leaked data. Review of the suspect's emails show they consist mostly of pictures of the user at various locations during a recent vacation. No suspicious activities from other users who have access to the data were discovered.
Which of the following is occurring?

Question794: Which of the following would MOST likely involve GPS?

Question795: A network manager needs a cost-effective solution to allow for the restoration of information with a RPO of
24 hours. The disaster recovery plan also requires that backups occur within a restricted timeframe during the week and be take offsite weekly. Which of the following should the manager choose to BEST address these requirements?

Question796: A security administrator is notified that users attached to a particular switch are having intermittent connectivity issues. Upon further research, the administrator finds evidence of an ARP spoofing attack.
Which of the following could be utilized to provide protection from this type of attack?

Question797: An attacker went to a local bank and collected disposed paper for the purpose of collecting data that could be used to steal funds and information from the bank's customers. This is an example of:

Question798: A company's BYOD policy requires the installation of a company provide mobile agent on their personally owned devices which would allow auditing when an employee wants to connect a device to the corporate email system.
Which of the following concerns will MOST affect the decision to use a personal device to receive company email?

Question799: The security consultant is assigned to test a client's new software for security, after logs show targeted attacks from the Internet. To determine the weaknesses, the consultant has no access to the application program interfaces, code, or data structures.
Which of the following types of testing is this an example of?

Question800: A way to assure data at-rest is secure even in the event of loss or theft is to use:

Question801: After viewing wireless traffic, an attacker notices the following networks are being broadcasted by local access points:
Corpnet
Coffeeshop
FreePublicWifi
Using this information, the attacker spoofs a response to make nearby laptops connect back to a malicious device. Which of the following has the attacker created?

Question802: Which of the following is the BEST method for ensuring all files and folders are encrypted on all corporate laptops where the file structures are unknown?

Question803: Jane, a security administrator, has observed repeated attempts to break into a server. Which of the following is designed to stop an intrusion on a specific server?

Question804: After an assessment, auditors recommended that an application hosting company should contract with additional data providers for redundant high speed Internet connections. Which of the following is MOST likely the reason for this recommendation? (Choose two.)

Question805: Ann, the security administrator, has been reviewing logs and has found several overnight sales personnel are accessing the finance department's network shares.
Which of the following security controls should be implemented to BEST remediate this?

Question806: A system security analyst using an enterprise monitoring tool notices an unknown internal host exfiltrating files to several foreign IP addresses. Which of the following would be an appropriate mitigation technique?

Question807: Which of the following security concepts identifies input variables which are then used to perform boundary testing?

Question808: One month after a software developer was terminated, the helpdesk started receiving calls that several employees' computers were being infected with malware. Upon further research, it was determined that these employees had downloaded a shopping toolbar. It was this toolbar that downloaded and installed the errant code. Which of the following attacks has taken place?

Question809: A company requires that a user's credentials include providing something they know and something they are in order to gain access to the network. Which of the following types of authentication is being described?

Question810: A compromised workstation utilized in a Distributed Denial of Service (DDOS) attack has been removed from the network and an image of the hard drive has been created. However, the system administrator stated that the system was left unattended for several hours before the image was created. In the event of a court case, which of the following is likely to be an issue with this incident?

Question811: Pete, the system administrator, has concerns regarding users losing their company provided smartphones.
Pete's focus is on equipment recovery. Which of the following BEST addresses his concerns?

Question812: An employee finds a USB drive in the employee lunch room and plugs the drive into a shared workstation to determine who owns the drive. When the drive is inserted, a command prompt opens and a script begins to run. The employee notifies a technician, who determines that data on a server have been compromised. This is an example of:

Question813: One of the most consistently reported software security vulnerabilities that leads to major exploits is:

Question814: Which of the following would a security administrator implement in order to identify a problem between two systems that are not communicating properly?

Question815: A company is trying to limit the risk associated with the use of unapproved USB devices to copy documents. Which of the following would be the BEST technology control to use in this scenario?

Question816: Which of the following wireless security measures can an attacker defeat by spoofing certain properties of their network interface card?

Question817: An administrator wants to ensure that the reclaimed space of a hard drive has been sanitized while the computer is in use. Which of the following can be implemented?

Question818: Users have reported receiving unsolicited emails in their inboxes, often times with malicious links embedded. Which of the following should be implemented in order to redirect these messages?

Question819: How must user accounts for exiting employees be handled?

Question820: A technician has been tasked with installing and configuring a wireless access point for the engineering department. After the AP has been installed, there have been reports the employees from other departments have been connecting to it without approval. Which of the following would BEST address these concerns?

Question821: Which of the following is used to inform users of the repercussions of releasing proprietary information?

Question822: Pete, the security engineer, would like to prevent wireless attacks on his network. Pete has implemented a security control to limit the connecting MAC addresses to a single port. Which of the following wireless attacks would this address?

Question823: The security administrator is currently unaware of an incident that occurred a week ago. Which of the following will ensure the administrator is notified in a timely manner in the future?

Question824: An administrator receives a security alert that appears to be from one of the company's vendors. The email contains information and instructions for patching a serious flaw that has not been publicly announced.
Which of the following can an employee use to validate the authenticity if the email?

Question825: Jane, an individual, has recently been calling various financial offices pretending to be another person to gain financial information. Which of the following attacks is being described?

Question826: Which of the following will help prevent smurf attacks?

Question827: A security administrator wants to ensure that the message the administrator sends out to their Chief Financial Officer (CFO) does not get changed in route. Which of the following is the administrator MOST concerned with?

Question828: Ann was reviewing her company's event logs and observed several instances of GUEST accessing the company print server, file server, and archive database. As she continued to investigate, Ann noticed that it seemed to happen at random intervals throughout the day, but mostly after the weekly automated patching and often logging in at the same time. Which of the following would BEST mitigate this issue?

Question829: After working on his doctoral dissertation for two years, Joe, a user, is unable to open his dissertation file.
The screen shows a warning that the dissertation file is corrupted because it is infected with a backdoor, and can only be recovered by upgrading the antivirus software from the free version to the commercial version. Which of the following types of malware is the laptop MOST likely infected with?

Question830: A company is about to release a very large patch to its customers. An administrator is required to test patch installations several times prior to distributing them to customer PCs.
Which of the following should the administrator use to test the patching process quickly and often?

Question831: A load balancer has the ability to remember which server a particular client is using and always directs that client to the same server. This feature is called:

Question832: After receiving the hard drive from detectives, the forensic analyst for a court case used a log to capture corresponding events prior to sending the evidence to lawyers. Which of the following do these actions demonstrate?

Question833: Timestamps and sequence numbers act as countermeasures against which of the following types of attacks?

Question834: A fiber company has acquired permission to bury a fiber cable through a famer's land. Which of the following should be in the agreement with the farmer to protect the availability of the network?

Question835: An administrator would like users to authenticate to the network using only UDP protocols. Which of the following would meet this goal?

Question836: Which of the following types of authentication solutions use tickets to provide access to various resources from a central location?

Question837: The IT department has been tasked with reducing the risk of sensitive information being shared with unauthorized entities from computers it is saved on, without impeding the ability of the employees to access the internet. Implementing which of the following would be the best way to accomplish this objective?

Question838: A security manager must remain aware of the security posture of each system. Which of the following supports this requirement?

Question839: Which of the following malware types typically allows an attacker to monitor a user's computer, is characterized by a drive-by download, and requires no user interaction?

Question840: A security administrator needs to implement a technology that creates a secure key exchange. Neither party involved in the key exchange will have pre-existing knowledge of one another. Which of the following technologies would allow for this?

Question841: An IT security technician needs to establish host based security for company workstations. Which of the following will BEST meet this requirement?

Question842: A security administrator has been tasked to ensure access to all network equipment is controlled by a central server such as TACACS+.
Which of the following risk mitigation strategies supports this type of implementation?

Question843: An encrypted message is sent using PKI from Sara, a client, to a customer. Sara claims she never sent the message. Which of the following aspects of PKI BEST ensures the identity of the sender?

Question844: A security administrator is reviewing the company's data backup plan. The plan implements nightly offsite data replication to a third party company. Which of the following documents specifies how much data can be stored offsite, and how quickly the data can be retrieved by the company from the third party?

Question845: Which of the following is a Data Loss Prevention (DLP) strategy and is MOST useful for securing data in use?

Question846: A system security analyst wants to capture data flowing in and out of the enterprise. Which of the following would MOST likely help in achieving this goal?

Question847: Physical documents must be incinerated after a set retention period is reached. Which of the following attacks does this action remediate?

Question848: A security analyst has a sample of malicious software and needs to know what the sample in a carefully controlled and monitored virtual machine to observe the software's behavior. After the software has run, the analyst returns the virtual machines OS to a pre-defined know good state using what feature of virtualization?

Question849: An outside security consultant produces a report of several vulnerabilities for a particular server. Upon further investigation, it determines that the vulnerability reported does not apply to the platform the server is running on.
Which of the following should the consultant do in order to produce more accurate results?

Question850: After a company has standardized to a single operating system, not all servers are immune to a well- known OS vulnerability. Which of the following solutions would mitigate this issue?

Question851: A company has a BYOD policy that includes tablets and smart phones. In the case of a legal investigation, which of the following poses the greatest security issues?

Question852: Which of the following attacks would cause all mobile devices to lose their association with corporate access points while the attack is underway?

Question853: A security administrator needs to image a large hard drive for forensic analysis. Which of the following will allow for faster imaging to a second hard drive?

Question854: Which of the following is the BEST practice when dealing with user accounts that will only need to be active for a limited time period?

Question855: Company XYZ has encountered an increased amount of buffer overflow attacks. The programmer has been tasked to identify the issue and report any findings. Which of the following is the FIRST step of action recommended in this scenario?

Question856: Which of the following can be used to mitigate risk if a mobile device is lost?

Question857: A server administrator discovers the web farm is using weak ciphers and wants to ensure that only stronger ciphers are accepted. Which of the following ciphers should the administrator implement in the load balancer? (Choose Two)

Question858: Which of the following MOST specifically defines the procedures to follow when scheduled system patching fails resulting in system outages?

Question859: Which of the following technologies when applied to android and iOS environments, can an organization use to add security restrictions and encryption to existing mobile applications? (Choose Two)

Question860: All executive officers have changed their monitor location so it cannot be easily viewed when passing by their offices. Which of the following attacks does this action remediate?

Question861: A company hires a penetration testing team to test its overall security posture. The organization has not disclosed any information to the penetration testing team and has allocated five days for testing. Which of the following types of testing will the penetration testing team have to conduct?

Question862: Which of the following authentication services should be replaced with a more secure alternative?

Question863: A new web server has been provisioned at a third party hosting provider for processing credit card transactions. The security administrator runs the netstat command on the server and notices that ports 80,
443, and 3389 are in a `listening' state. No other ports are open. Which of the following services should be disabled to ensure secure communications?

Question864: Speaking a passphrase into a voice print analyzer is an example of the following security concepts:

Question865: Which of the following assets is MOST likely considered for DLP?

Question866: A victim is logged onto a popular home router forum site in order to troubleshoot some router configuration issues. The router is a fairly standard configuration and has an IP address of
192.168.1.1. The victim is logged into their router administrative interface in one tab and clicks a forum link in another tab. Due to clicking the forum link, the home router reboots. Which of the following attacks MOST likely occurred?

Question867: A hospital IT department wanted to secure its doctor's tablets. The IT department wants operating system level security and the ability to secure the data from alteration. Which of the following methods would MOST likely work?

Question868: On a train, an individual is watching a proprietary video on Joe's laptop without his knowledge.
Which of the following describes this?

Question869: The Chief Information Officer (CIO) has asked a security analyst to determine the estimated costs associated with each potential breach of their database that contains customer information. Which of the following is the risk calculation that the CIO is asking for?

Question870: When Ann an employee returns to work and logs into her workstation she notices that, several desktop configuration settings have changed. Upon a review of the CCTV logs, it is determined that someone logged into Ann's workstation. Which of the following could have prevented this from happening?

Question871: Which of the following is the MOST important step for preserving evidence during forensic procedures?

Question872: Matt, the Chief Information Security Officer (CISO), tells the network administrator that a security company has been hired to perform a penetration test against his network. The security company asks Matt which type of testing would be most beneficial for him. Which of the following BEST describes what the security company might do during a black box test?

Question873: A security analyst, while doing a security scan using packet capture security tools, noticed large volumes of data images of company products being exfiltrated to foreign IP addresses. Which of the following is the FIRST step in responding to scan results?

Question874: Several employees submit the same phishing email to the administrator. The administrator finds that the links in the email are not being blocked by the company's security device. Which of the following might the administrator do in the short term to prevent the emails from being received?

Question875: After a new RADIUS server is added to the network, an employee is unable to connect to the company's WPA2-Enterprise WIFI network, which is configured to prompt for the employee's network username and password. The employee reports receiving an error message after a brief connection attempt, but is never prompted for credentials. Which of the following issues could be causing the problem?

Question876: Ann, a security administrator at a call center, has been experiencing problems with users intentionally installing unapproved and occasionally malicious software on their computers. Due to the nature of their jobs, Ann cannot change their permissions. Which of the following would BEST alleviate her concerns?

Question877: Which of the following is characterized by an attack against a mobile device?

Question878: The software developer is responsible for writing the code and promoting from the development network to the quality network. The network administrator is responsible for promoting code to the application servers.
Which of the following practices are they following to ensure application integrity?

Question879: A security administrator notices large amounts of traffic within the network heading out to an external website. The website seems to be a fake bank site with a phone number that when called, asks for sensitive information. After further investigation, the security administrator notices that a fake link was sent to several users.
Which of the following attacks is this an example of?

Question880: Ann, a software developer, has installed some code to reactivate her account one week after her account has been disabled. Which of the following is this an example of? (Choose two.)

Question881: An auditing team has found that passwords do not meet the best business practices.
Which of the following will MOST increase the security of the passwords? (Choose two.)

Question882: An application developer needs to allow employees to use their network credentials to access a new application being developed. Which of the following should be configured in the new application to enable this functionality?

Question883: An assessment too reports that the company's web server may be susceptible to remote buffer overflow.
The web server administrator insists that the finding is a false positive. Which of the following should the administrator do to verify if this is indeed a false positive?

Question884: A user authenticates to a local directory server. The user then opens a virtualization client to connect to a virtual server. Instead of supplying a username/password combination, the user simply checks a "use directory credentials" checkbox to authenticate to the virtual server. Which of the following authentication types has been utilized?

Question885: A video surveillance audit recently uncovered that an employee plugged in a personal laptop and used the corporate network to browse inappropriate and potentially malicious websites after office hours. Which of the following could BEST prevent a situation like this form occurring again?

Question886: Which of the following can Pete, a security administrator, use to distribute the processing effort when generating hashes for a password cracking program?

Question887: Which of the following is a vulnerability associated with disabling pop-up blockers?

Question888: Joe, a company's network engineer, is concerned that protocols operating at the application layer of the OSI model are vulnerable to exploitation on the network. Which of the following protocols should he secure?

Question889: After a recent breach, the security administrator performs a wireless survey of the corporate network. The security administrator notices a problem with the following output:
MACSSIDENCRYPTIONPOWERBEACONS
00:10:A1:36:12:CCMYCORPWPA2 CCMP601202
00:10:A1:49:FC:37MYCORPWPA2 CCMP709102
FB:90:11:42:FA:99MYCORPWPA2 CCMP403031
00:10:A1:AA:BB:CCMYCORPWPA2 CCMP552021
00:10:A1:FA:B1:07MYCORPWPA2 CCMP306044
Given that the corporate wireless network has been standardized, which of the following attacks is underway?

Question890: A network administrator is configuring access control for the sales department which has high employee turnover. Which of the following is BEST suited when assigning user rights to individuals in the sales department?

Question891: An email client says a digital signature is invalid and the sender cannot be verified.
Which of the following concepts is the recipient concerned with?

Question892: Matt, a security consultant, has been tasked with increasing server fault tolerance and has been given no budget to accomplish his task. Which of the following can Matt implement to ensure servers will withstand hardware failure?

Question893: An employee reports work was being completed on a company owned laptop using a public wireless hot- spot. A pop-up screen appeared and the user closed the pop-up. Seconds later the desktop background was changed to the image of a padlock with a message demanding immediate payment to recover the data. Which of the following types of malware MOST likely caused this issue?

Question894: Which of the following is a security advantage of using NoSQL vs. SQL databases in a three-tier environment?

Question895: A security researcher wants to reverse engineer an executable file to determine if it is malicious. The file was found on an underused server and appears to contain a zero-day exploit. Which of the following can the researcher do to determine if the file is malicious in nature?

Question896: A company hired Joe, an accountant. The IT administrator will need to create a new account for Joe. The company uses groups for ease of management and administration of user accounts.
Joe will need network access to all directories, folders and files within the accounting department.
Which of the following configurations will meet the requirements?

Question897: Which of the following is an attack designed to activate based on time?

Question898: Users are encouraged to click on a link in an email to obtain exclusive access to the newest version of a popular Smartphone. This is an example of.

Question899: Which of the following passwords is the LEAST complex?

Question900: The security administrator receives a service ticket saying a host based firewall is interfering with the operation of a new application that is being tested in development. The administrator asks for clarification on which ports need to be open. The software vendor replies that it could use up to 20 ports and many customers have disabled the host based firewall. After examining the system, the administrator sees several ports that are open for database and application servers that only used locally. The vendor continues to recommend disabling the host based firewall.
Which of the following is the best course of action for the administrator to take?

Question901: A chief information officer (CIO) is concerned about PII contained in the organization's various data warehouse platforms. Since not all of the PII transferred to the organization is required for proper operation of the data warehouse application, the CIO requests the in needed PII data be parsed and securely discarded. Which of the following controls would be MOST appropriate in this scenario?

Question902: Matt, a developer, recently attended a workshop on a new application. The developer installs the new application on a production system to test the functionality. Which of the following is MOST likely affected?

Question903: Ann, the IT director, wants to ensure that as hoc changes are not making their way to the production applications.

Question904: Key cards at a bank are not tied to individuals, but rather to organizational roles. After a break in, it becomes apparent that extra efforts must be taken to successfully pinpoint who exactly enters secure areas. Which of the following security measures can be put in place to mitigate the issue until a new key card system can be installed?

Question905: Joe, a security technician, is configuring two new firewalls through the web on each. Each time Joe connects, there is a warning message in the browser window about the certificate being untrusted. Which of the following will allow Joe to configure a certificate for the firewall so that firewall administrators are able to connect both firewalls without experiencing the warning message?

Question906: Which of the following is an authentication service that uses UDP as a transport medium?

Question907: The string:
'or 1=1-- -
Which of the following represents it?

Question908: A server with the IP address of 10.10.2.4 has been having intermittent connection issues. The logs show repeated connection attempts from the following IPs:
10.10.3.16
10.10.3.23
212.178.24.26
217.24.94.83
These attempts are overloading the server to the point that it cannot respond to traffic. Which of the following attacks is occurring?

Question909: Which of the following security account management techniques should a security analyst implement to prevent staff, who has switched company roles, from exceeding privileges?

Question910: Which of the following is a security risk regarding the use of public P2P as a method of collaboration?

Question911: Which of the following is the term for a fix for a known software problem?

Question912: An organizations' security policy requires that users change passwords every 30 days. After a security audit, it was determined that users were recycling previously used passwords. Which of the following password enforcement policies would have mitigated this issue?

Question913: In Kerberos, the Ticket Granting Ticket (TGT) is used for the following:

Question914: Which of the following can a security administrator implement on mobile devices that will help prevent unwanted people from viewing the data if the device is left unattended?

Question915: Which of the following is BEST used to capture and analyze network traffic between hosts on the same network segment?

Question916: Which of the following controls would allow a company to reduce the exposure of sensitive systems from unmanaged devices on internal networks?

Question917: A system administrator has concerns regarding their users accessing systems and secured areas using others' credentials. Which of the following can BEST address this concern?

Question918: Which of the following is the BEST reason to provide user awareness and training programs for organizational staff?

Question919: Several bins are located throughout a building for secure disposal of sensitive information.
Which of the following does this prevent?

Question920: Four weeks ago, a network administrator applied a new IDS and allowed it to gather baseline data. As rumors of a layoff began to spread, the IDS alerted the network administrator that access to sensitive client files had risen far above normal. Which of the following kind of IDS is in use?

Question921: Which of the following is a security benefit of providing additional HVAC capacity or increased tonnage in a datacenter?

Question922: A malicious individual used an unattended customer service kiosk in a busy store to change the prices of several products. The alteration was not noticed until several days later and resulted in the loss of several thousand dollars for the store. Which of the following would BEST prevent this from occurring again?

Question923: Which of the following functions provides an output which cannot be reversed and converts data into a string of characters?

Question924: DRAG DROP
A forensic analyst is asked to respond to an ongoing network attack on a server. Place the items in the list below in the correct order in which the forensic analyst should preserve them.
Select and Place:

Question925: Which of the following is an important implementation consideration when deploying a wireless network that uses a shared password?

Question926: After a user performed a war driving attack, the network administrator noticed several similar markings where Wi-Fi was available throughout the enterprise. Which of the following is the term used to describe these markings?

Question927: The Chief Information Officer (CIO) wants to implement a redundant server location to which the production server images can be moved within 48 hours and services can be quickly restored, in case of a catastrophic failure of the primary datacenter's HVAC. Which of the following can be implemented?

Question928: A company has purchased an application that integrates into their enterprise user directory for account authentication. Users are still prompted to type in their usernames and passwords. Which of the following types of authentication is being utilized here?

Question929: Which of the following risk concepts requires an organization to determine the number of failures per year?

Question930: A security administrator is reviewing logs and notices multiple attempts to access the HVAC controls by a workstation with an IP address from the open wireless network. Which of the following would be the best way to prevent this type of attack from occurring again?

Question931: A small business needs to incorporate fault tolerance into their infrastructure to increase data availability.
Which of the following options would be the BEST solution at a minimal cost?

Question932: A security administrator is aware that a portion of the company's Internet-facing network tends to be non- secure due to poorly configured and patched systems. The business owner has accepted the risk of those systems being compromised, but the administrator wants to determine the degree to which those systems can be used to gain access to the company intranet. Which of the following should the administrator perform?

Question933: The Chief Technology Officer (CTO) wants to improve security surrounding storage of customer passwords.
The company currently stores passwords as SHA hashes. Which of the following can the CTO implement requiring the LEAST change to existing systems?

Question934: A technician is reviewing the logical access control method an organization uses. One of the senior managers requests that the technician prevent staff members from logging on during nonworking days.
Which of the following should the technician implement to meet managements request?

Question935: After several thefts a Chief Executive Officer (CEO) wants to ensure unauthorized do not have to corporate grounds or its employees. The CEO just approved new budget line items for fences, lighting, locks and CCTVs. Which of the following is the primary focus?

Question936: Which of the following BEST describes a SQL Injection attack?

Question937: Ann is traveling for business and is attempting to use the hotel's wireless network to check for new messages. She selects the hotel's wireless SSID from a list of networks and successfully connects. After opening her email client and waiting a few minutes, the connection times out. Which of the following should Ann do to retrieve her email messages?

Question938: Which of the following protocols uses an asymmetric key to open a session and then establishes a symmetric key for the remainder of the session?

Question939: An administrator finds that non-production servers are being frequently compromised, production servers are rebooting at unplanned times and kernel versions are several releases behind the version with all current security fixes.
Which of the following should the administrator implement?

Question940: A new application needs to be deployed on a virtual server. The virtual server hosts a SQL server that is used by several employees.
Which of the following is the BEST approach for implementation of the new application on the virtual server?

Question941: Users in an organization are experiencing when attempting to access certain websites. The users report that when they type in a legitimate URL, different boxes appear on the screen, making it difficult to access the legitimate sites. Which of the following would best mitigate this issue?

Question942: Which of the following security concepts would Sara, the security administrator, use to mitigate the risk of data loss?

Question943: Which of the following can be utilized in order to provide temporary IT support during a disaster, where the organization sets aside funds for contingencies, but does not necessarily have a dedicated site to restore those services?

Question944: When implementing fire suppression controls in a datacenter it is important to:

Question945: Which of the following network devices is used to analyze traffic between various network interfaces?

Question946: A financial company requires a new private network link with a business partner to cater for realtime and batched data flows.
Which of the following activities should be performed by the IT security staff member prior to establishing the link?

Question947: Joe, a security administrator, is concerned with users tailgating into the restricted areas. Given a limited budget, which of the following would BEST assist Joe with detecting this activity?

Question948: Which of the following tools would allow Ann, the security administrator, to be able to BEST quantify all traffic on her network?

Question949: Company XYZ recently salvaged company laptops and removed all hard drives, but the Chief Information Officer (CIO) is concerned about disclosure of confidential information. Which of the following is the MOST secure method to dispose of these hard drives?

Question950: While an Internet café a malicious user is causing all surrounding wireless connected devices to have intermittent and unstable connections to the access point. Which of the following is MOST likely being used?

Question951: An application developer has coded a new application with a module to examine all user entries for the graphical user interface. The module verifies that user entries match the allowed types for each field and that OS and database commands are rejected before entries are sent for further processing within the application. These are example of:

Question952: Which of the following is true about input validation in a client-server architecture, when data integrity is critical to the organization?

Question953: A cyber security administrator receives a list of IPs that have been reported as attempting to access the network. To identify any possible successful attempts across the enterprise, which of the following should be implemented?

Question954: A system administrator is responding to a legal order to turn over all logs from all company servers. The system administrator records the system time of all servers to ensure that:

Question955: Joe wants to employ MD5 hashing on the company file server. Which of the following is Joe trying to achieve?

Question956: The new Chief Information Officer (CIO) of company ABC, Joe has noticed that company XWY is always one step ahead with similar products. He tasked his Chief Security Officer to implement new security controls to ensure confidentiality of company ABC's proprietary data and complete accountability for all data transfers. Which of the following security controls did the Chief Security Officer implement to BEST meet these requirements? (Choose Two)

Question957: Matt, a security analyst, needs to implement encryption for company data and also prevent theft of company data. Where and how should Matt meet this requirement?

Question958: Which of the following is a penetration testing method?

Question959: Which of the following is BEST described by a scenario where management chooses not to implement a security control for a given risk?

Question960: During a routine audit it is discovered that someone has been using a state administrator account to log into a seldom used server. The person used server. The person has been using the server to view inappropriate websites that are prohibited to end users. Which of the following could BEST prevent this from occurring again?

Question961: Company A and Company B both supply contractual services to a fast paced and growing auto parts manufacturer with a small local Area Network (LAN) at its local site. Company A performs in-house billing and invoices services for the local auto parts manufactacturer. Company B provides in-house parts and widgets services for the local auto parts manufacturers. Which of the following is the BEST method to mitigate security risk within the environment?

Question962: Matt, a forensic analyst, wants to obtain the digital fingerprint for a given message. The message is 160- bits long. Which of the following hashing methods would Matt have to use to obtain this digital fingerprint?

Question963: Which of the following steps in incident response procedures entails of the incident and identification of knowledge gained that can be applied to future handling of incidents?

Question964: Which of the following is the practice of marking open wireless access points called?

Question965: A system administrator wants to prevent password compromises from offline password attacks. Which of the following controls should be configured to BEST accomplish this task? (Choose two.)

Question966: The security administration team at a company has been tasked with implementing a data-at-rest solution for its company storage. Due to the large amount of storage the Chief Information Officer (CISO) decides that a 128-bit cipher is needed but the CISO also does not want to degrade system performance any more than necessary. Which of the following encryptions needs BOTH of these needs?

Question967: A user Ann has her assigned token but she forgotten her password. Which of the following appropriately categorizes the authentication factor that will fail in this scenario?

Question968: An employee in the accounting department recently received a phishing email that instructed them to click a link in the email to view an important message from the IRS which threatened penalties if a response was not received by the end of the business day. The employee clicked on the link and the machine was infected with malware. Which of the following principles BEST describes why this social engineering ploy was successful?

Question969: A security analyst performs the following activities: monitors security logs, installs surveillance cameras and analyzes trend reports. Which of the following job responsibilities is the analyst performing? (Choose two.)

Question970: When an authorized application is installed on a server, the application triggers an alert on the HIDS. This is known as a:

Question971: During the information gathering stage of a deploying role-based access control model, which of the following information is MOST likely required?

Question972: The security administrator is observing unusual network behavior from a workstation. The workstation is communicating with a known malicious destination over an encrypted tunnel. A full antivirus scan, with an updated antivirus definition file, does not show any signs of infection.
Which of the following has happened on the workstation?

Question973: Which of the following malware types may require user interaction, does not hide itself, and is commonly identified by marketing pop-ups based on browsing habits?

Question974: A system administrator has been instructed by the head of security to protect their data at-rest.
Which of the following would provide the strongest protection?

Question975: The security administrator notices a user logging into a corporate Unix server remotely as root. Which of the following actions should the administrator take?

Question976: A security administrator wants to perform routine tests on the network during working hours when certain applications are being accessed by the most people. Which of the following would allow the security administrator to test the lack of security controls for those applications with the least impact to the system?

Question977: In an environment where availability is critical such as Industrial control and SCADA networks, which of the following technologies in the MOST critical layer of defense for such systems?

Question978: A company's Chief Information Officer realizes the company cannot continue to operate after a disaster.
Which of the following describes the disaster?

Question979: Which of the following is BEST utilized to identify common misconfigurations throughout the enterprise?

Question980: A system administrator is configuring a new file server and has been instructed to configure writeable to by the department manager, and read only for the individual employee.
Which of the following is the name for the access control methodology used?

Question981: A security administrator is troubleshooting an authentication issues using a network sniffer. The security administrator reviews a packet capture of the authentication process and notices that authentication is performed using extensible markup over SOAP. Which of the following authentication services is the security administrator troubleshooting?

Question982: The IT department has set up a share point site to be used on the intranet. Security has established the groups and permissions on the site. No one may modify the permissions and all requests for access are centrally managed by the security team.
Which of the following control types is this an example of?

Question983: A computer is suspected of being compromised by malware. The security analyst examines the computer and finds that a service called Telnet is running and connecting to an external website over port 443. This Telnet service was found by comparing the system's services to the list of standard services on the company's system image. This review process depends on:

Question984: Ann has recently transferred from the payroll department to engineering. While browsing file shares, Ann notices she can access the payroll status and pay rates of her new coworkers. Which of the following could prevent this scenario from occurring?

Question985: Which of the following techniques enables a highly secured organization to assess security weaknesses in real time?

Question986: Sara, a security analyst, is trying to prove to management what costs they could incur if their customer database was breached. This database contains 250 records with PII. Studies show that the cost per record for a breach is $300. The likelihood that their database would be breached in the next year is only
5%. Which of the following is the ALE that Sara should report to management for a security breach?

Question987: What is the term for the process of luring someone in (usually done by an enforcement officer or a government agent)?

Question988: A network administrator uses an RFID card to enter the datacenter, a key to open the server rack, and a username and password to logon to a server.
Which of the following is these examples of?

Question989: A security administrator wants to test the reliability of an application which accepts user provided parameters. The administrator is concerned with data integrity and availability. Which of the following should be implemented to accomplish this task?

Question990: Pete, a developer, writes an application. Jane, the security analyst, knows some things about the overall application but does not have all the details. Jane needs to review the software before it is released to production. Which of the following reviews should Jane conduct?

Question991: Identifying a list of all approved software on a system is a step in the following practices:

Question992: A new employee has joined the accounting department and is unable to access the accounting server. The employee can access other network resources and the Internet. Other accounting employees are able to access the accounting server without any issues. Which of the following is the MOST likely issue?

Question993: Which of the following automated or semi-automated software testing techniques relies on inputting large amounts of random data to detect coding errors or application loopholes?

Question994: Users require access to a certain server depending on their job function. Which of the following would be the MOST appropriate strategy for securing the server?

Question995: A security administrator is responsible for ensuring that there are no unauthorized devices utilizing the corporate network. During a routine scan, the security administrator discovers an unauthorized device belonging to a user in the marketing department. The user is using an android phone in order to browse websites. Which of the following device attributes was used to determine that the device was unauthorized?

Question996: A customer has provided an email address and password to a website as part of the login process. Which of the following BEST describes the email address?

Question997: Which of the following would be used to allow a subset of traffic from a wireless network to an internal network?

Question998: Which of the following is being tested when a company's payroll server is powered off for eight hours?

Question999: Which of the following authentication services uses a default TCP port of 88?

Question1000: Joe uses his badge to enter the server room, Ann follows Joe entering without using her badge. It is later discovered that Ann used a USB drive to remove confidential data from a server. Which of the following principles is potentially being violated? (Choose two.)

Question1001: A company has experienced problems with their ISP, which has failed to meet their informally agreed upon level of service. However the business has not negotiated any additional formal agreements beyond the standard customer terms. Which of the following is the BEST document that the company should prepare to negotiate with the ISP?

Question1002: Two programmers write a new secure application for the human resources department to store personal identifiable information. The programmers make the application available to themselves using an uncommon port along with an ID and password only they know.
Which of the following is this an example of?

Question1003: Which of the following application security testing techniques is implemented when an automated system generates random input data?

Question1004: After a recent security breach, the network administrator has been tasked to update and backup all router and switch configurations. The security administrator has been tasked to enforce stricter security policies.
All users were forced to undergo additional user awareness training. All of these actions are due to which of the following types of risk mitigation strategies?

Question1005: Ann, the software security engineer, works for a major software vendor. Which of the following practices should be implemented to help prevent race conditions, buffer overflows, and other similar vulnerabilities prior to each production release?

Question1006: An agent wants to create fast and efficient cryptographic keys to use with Diffie-Hellman without using prime numbers to generate the keys. Which of the following should be used?

Question1007: A security administrator is tackling issues related to authenticating users at a remote site. There have been a large number of security incidents that resulted from either tailgating or impersonation of authorized users with valid credentials. The security administrator has been told to implement multifactor authentication in order to control facility access. To secure access to the remote facility, which of the following could be implemented without increasing the amount of space required at the entrance?

Question1008: The network manager has obtained a public IP address for use with a new system to be available via the internet. This system will be placed in the DMZ and will communicate with a database server on the LAN.
Which of the following should be used to allow fir proper communication between internet users and the internal systems?

Question1009: Which of the following is an indication of an ongoing current problem?

Question1010: A recently installed application update caused a vital application to crash during the middle of the workday.
The application remained down until a previous version could be reinstalled on the server, and this resulted in a significant loss of data and revenue.
Which of the following could BEST prevent this issue from occurring again?

Question1011: Which of the following would BEST deter an attacker trying to brute force 4-digit PIN numbers to access an account at a bank teller machine?

Question1012: An administrator is implementing a security control that only permits the execution of allowed programs.
Which of the following are cryptography concepts that should be used to identify the allowed programs?
(Choose two.)

Question1013: Which of the following may be used with a BNC connector?

Question1014: A company's application is hosted at a data center. The data center provides security controls for the infrastructure. The data center provides a report identifying serval vulnerabilities regarding out of date OS patches. The company recommends the data center assumes the risk associated with the OS vulnerabilities. Which of the following concepts is being implemented?

Question1015: Which of the following is the process in which a law enforcement officer or a government agent encourages or induces a person to commit a crime when the potential criminal expresses a desire not to go ahead?

Question1016: The system administrator notices that many employees are using passwords that can be easily guessed or are susceptible to brute force attacks.
Which of the following would BEST mitigate this risk?

Question1017: A company wants to ensure that all credentials for various systems are saved within a central database so that users only have to login once for access to all systems. Which of the following would accomplish this?

Question1018: A system administrator has noticed vulnerability on a high impact production server. A recent update was made available by the vendor that addresses the vulnerability but requires a reboot of the system afterwards. Which of the following steps should the system administrator implement to address the vulnerability?

Question1019: Which of the following is a black box testing methodology?

Question1020: A security engineer would like to analyze the effect of deploying a system without patching it to discover potential vulnerabilities. Which of the following practices would best allow for this testing while keeping the corporate network safe?

Question1021: Methods to test the responses of software and web applications to unusual or unexpected inputs are known as:

Question1022: The database server used by the payroll system crashed at 3 PM and payroll is due at 5 PM. Which of the following metrics is MOST important is this instance?

Question1023: The marketing department wants to distribute pens with embedded USB drives to clients. In the past this client has been victimized by social engineering attacks which led to a loss of sensitive data.
The security administrator advises the marketing department not to distribute the USB pens due to the following:

Question1024: A security administrator is using a software program to test the security of a wireless access point. After running the program for a few hours, the access point sends the wireless secret key back to the software program. Which of the following attacks is this an example of?

Question1025: A trojan was recently discovered on a server. There are now concerns that there has been a security breach that allows unauthorized people to access data. The administrator should be looking for the presence of a/an:

Question1026: A company has identified a watering hole attack. Which of the following Best describes this type of attack?

Question1027: Client computers login at specified times to check and update antivirus definitions using a dedicated account configured by the administrator. One day the clients are unable to login with the account, but the server still responds to ping requests. The administrator has not made any changed. Which of the following most likely happened?