263 Security+ Questions w/ Answers Only

Card Set Information

Author:
Pepperfly
ID:
277204
Filename:
263 Security+ Questions w/ Answers Only
Updated:
2014-06-19 15:25:57
Tags:
CompTia Security
Folders:

Description:
This card set is a compilation of other's work with typographical edits. The idea of this card set is to show you sample CompTia Security+ questions that you can derive your own answer to, else eliminate all guessing by revealing only the correct answer. By eliminating incorrect choices and drilling only the correct answers into your mind, when you see the question on an exam and presented with multiple choices you will be more apt to recognize the correct answer. This card set is best presented in "skim" or "preview" modes for study.
Show Answers:

Home > Flashcards > Print Preview

The flashcards below were created by user Pepperfly on FreezingBlue Flashcards. What would you like to do?


  1. Hardware Encryption is…?
    • Faster than Software Encryption
    • Available on computers using TPM
  2. Content Inspection is…?
    Actively monitoring data streams in search of malicious code or behavior
  3. Elliptical curve is…?
    • Cryptography Type
    • Same level of security as algorithms calculated against a finite field
    • Uses small key sizes and less computation resources
  4. SELinux is…?
    • A trusted OS implementation
    • Prevents malicious or suspicious code from executing on Linux or Unix
  5. An IT administrator want to provide 250 staff with secure remote access to the corporate network. What BEST achieves this?
    VPN Concentrator
  6. Method to prevent ad-hoc configuration mistakes?
    Implement a change management strategy
  7. Another name for a malicious attacker?
    Black hat
  8. Example of requiring uses to have a password or 16 characters or more?
    Password length requirements
  9. Which method of access, authentication and authorization is the most secure by default?
    Kerberos
  10. Best describes and intrusion prevention system?
    A system that stops an attack in progress
  11. Which security practice should occur initially in software development?
    Secure code review
  12. Webmail is classified under which of the following cloud-based technologies?
    Software as a Service (SaaS)
  13. Which of the following is Best used to prevent ARP poisoning attacks across a network?
    VLAN segregation
  14. Small Company needs new expensive DB. The budget doesn’t include the purchase of additional servers or personnel. Which solution would save money on hiring additional personnel and minimize the footprint in current datacenter?
    Software as a Service
  15. Programmer allocates 16 bytes for a string variable but does not adequately ensure that more than 16 bytes cannot be copied into the variable. This program may be vulnerable to which of the following attacks?
    Buffer overflow
  16. An administrator who wishes to block all database ports at the firewall should include which of the following ports in the block list?
    1433
  17. The server log shows 25 SSH logn session per hour.It is a large compay and admin does not know if this is normal or network attack. Where should admin look to determine if normal?
    Baseline reporting
  18. Which of the following is a technique designed to obtain info from a specific person?
    Spear phishing
  19. Which of the following is the primary difference between a virus and a worm?
    worm is self-replicating
  20. Which of the following logical controls does a flood guard protect against?
    SYN attacks
  21. In order to provide flexible working conditions, a company has decided to allow some employees remote access into corporate HQ. Which security technologies could be used to provide remote access?
    • Firewall
    • VPN
  22. Which of the following asymmetric encryption keys is used to encrypt data to ensure only the intended recipient can decrypt the ciphertext?
    Public
  23. Which of the following malware types is an antivirus scanner MOST unlikely to discover?
    • Pharming
    • Logic bomb
  24. A thumbprint scanner is used to test which of the following aspects of human authentication?
    Something a user is
  25. The security admin want to ensure messages traveling between point A and point B are encrypted and authenticated. Which of the following accomplishes this task?
    RSA
  26. Which of the following is an unauthorized wireless router that allows access to a secure network?
    Rogue access point
  27. Which of the following file transfer protocols is an extension of SSH?
    SFTP
  28. Which of the following is used when performing a qualitative risk analysis?
    Judgement
  29. Which of the following would allow traffic to be redirected through a malicious machine by sending false hardware address updates to a switch?
    ARP poisoning
  30. Which of the following protocols would an administrator MOST likely use to monitor the parameters of network devices?
    SNMP
  31. A security administrator has been receiving support tickets for an unwanted window appearing on user's workstation. Which of the following can the administrator implement to help prevent this from happening?
    Pop-up blockers
  32. Which of the following may cause a user, connected to a NAC-enabled network, to not be prompted for credentials?
    The user's PC is missing the authentication agent
  33. A network consists of various remote sites connected back to two main locations. Security Admin need to block TELNET into the network. Which, by default, would be the BEST choice to accomplish this goal?
    Block port 23 on the network firewall
  34. Which of the following should be performed if a smartphone is lost to ensure no data can be retrieved from it?
    Remote wipe
  35. Which of the following identifies some of the running services on a system?
    Determine open ports
  36. Which of the following should be performed on a computer to protect the operating system from malicious software?
    • Disable unused services
    • Update HIPS signatures
  37. A security admin wants to determine what data is allowed to be collected from users of the corporate internet-facing web application. Which of the following should be referenced?
    Privacy policy
  38. Which of the following attacks is manifested as an embedded HTML image object or JavaScript image tag in an email?
    Cross-site scripting
  39. Upon investigation, an administrator finds a suspicious system-level kernel module which modifies file system operation. this is an example of which of the following?
    Rootkit
  40. Which of the following would provide the MOST reliable proof that a datacenter was accessed at a certain time of day?
    Video surveillance
  41. An employee stores their list of passwords in a spreadsheet on their local desktop hard drive. Which of the following encryption types would protect this information from disclosure if lost or stolen?
    Mobile device (whaaat-huh)
  42. Which of the following is a detective security control?
    CCTV
  43. Centrally authenticating multiple systems and applications against federated user databases is an example of…?
    Single Sign-on
  44. Which of the following network devices would MOST likely be used to detect but not react to suspicious behavior on the network?
    NDS
  45. Which of the following describes when forensic hashing should occur on a drive?
    Before and after the imaging process and then hash the forensic image
  46. Which of the following attacks would password masking help mitigate?
    Shoulder surfing
  47. Which of the following is a requirement when implementing PKI if data loss is unacceptable?
    Key escrow
  48. Which of the following would be implemented to allow access to services while segmenting access to the internal network?
    DMZ
  49. Due to sensitive data concerns, a security admin has enacted a policy preventing the use of flash drives. Additionally, which of the following can the admin implement to reduce risk of data leakage?
    Enact a policy banning users from bringing personal music devices
  50. Which of the following has a programmer MOST likely failed to consider if a user entering improper input is able to crash a program?
    Error handling
  51. A company has remote workers with laptops that house sensitive data. which of the following can be implemented to recover the laptops if they are lost?
    GPS tracking
  52. Which of the following should be enabled to ensure only certain wireless clients can access the network?
    MAC filtering
  53. A certificate that has been compromised should be published to which of the following?
    CRL
  54. Which of the following can prevent an unauthorized employee from entering a datacenter?
    • Security guard
    • Proximity reader
  55. Which of the following penetration testing types is performed by security professionals with limited inside knowledge of the network?
    Grey box
  56. When decommissioning old hard drives, which of the following is the FIRST thing a security engineer should do?
    Perform bit level erasure or overwrite
  57. Which of the following will educate employees about malicious attempts from an attacker to obtain bank account information?
    Phishing techniques
  58. Which of the following access control technologies provides a rolling password for one-time use?
    RSA tokens
  59. Which of the following is the MOST efficient way to combat operating system vulnerabilities?
    Patch management
  60. Which of the following is MOST likely to be the last rule contained on any firewall?
    Implicit deny
  61. Which of the following is a best practice when securing a switch from physical access?
    Disable unused ports
  62. Which of the following is true about PKI?
    • When encrypting a message with the public key, only the private key can decrypt it
    • When encrypting a message with the private key, only the public key can decrypt it.
  63. Which of the following secure protocols is most commonly used to remotely administer Unix/Linux systems?
    SSH
  64. Which of the following facilitates computing for heavily utilized systems and networks?
    Provider cloud
  65. A security administrator is setting up a corporate wireless network using WPA2 with CCMP but does not want to use PSK for authentication. Which of the following could be used to support 802.1 authentication?
    RADIUS
  66. Two systems are being designed. System A has a high availability requirement. System B has a high security requirement with less emphasis on system uptime. Which of the following configurations BEST fits the need for EACH system?
    System A fails open. System B fails closed.
  67. The company encryption policy requires all encryption algorithms used on the corporate network to have a key length of 128 bits. Which of the following algorithms would adhere to company policy?
    AES
  68. WEP is seen as an unsecure protocol based on its improper use of the which of the following?
    RC4
  69. A file has been encrypted with an employee's private key. When the employee leaves the company, their account is deleted. Which of the following are the MOST likely outcomes?
    • Use the recovery agent to decrypt the file
    • The data is not recoverable
  70. An application log shows that the text 'test: rm -rf/etc/passwd" was entered into an HTML form. Which of the following describes the type of attack that was attempted?
    Command injection
  71. Which of the following risks may result from improper use of social networking and P2P software?
    Information disclosure
  72. A security admin is tasked with revoking the access of a terminated employee. Which of the following account policies must be enacted to ensure the employee no longer has access to the network?
    Account disablement
  73. A system admin could have a user level account and an admin account to prevent…?
    Escalation of privileges
  74. A security admin is in charge of a datacenter, a hot site and a cold site. Due to a recent disaster, the admin needs to ensure that their cold site is ready to go in case of a disaster. Which of the following does the administrator need to ensure is in place for a cold site?
    Location that meets power and connectivity requirements
  75. Which of the following devices provides storage for RSA or asymmetric keys and may assist in user authentication?
    • Trusted platform module
    • Hardware security module
  76. In which of the following locations would a forensic analyst look to find a hooked process?
    BIOS
  77. A security administrator needs to implement a site-to-site VPN tunnel between the main office and a remote branch. Which of the following protocols should be used for the tunnel?
    IPSec
  78. A security firm has been engaged to assess a software application. A production-like test environment, login details, production documentation and source code have been provided. Which of the following types of testing is being described?
    White box
  79. Which of the following BEST explains the security benefit of a standardized server image?
    Mandated security configurations have been made to the operating system
  80. An existing application has never been assessed from a security perspective. Which of the following is the BEST assessment technique in order to identify the application's security posture?
    Baseline reporting
  81. A security administrator with full administrative rights on the network is forced to temporarily take time off of their duties. Which of the following describes this form of access control?
    Mandatory vacation
  82. Which of the following should be installed to prevent employees from receiving unsolicited emails
    Spam filters
  83. Which of the following is the BEST way to secure data for the purpose of retention?
    Off-site backup
  84. With which of the following is RAID MOST concerned?
    Availability
  85. During incident response, which of the following procedures would identify evidence tampering by outside entities?
    Hard drive hashing
  86. Which of the following ports would a security admin block if the administrator wanted to stop users from accessing outside SMTP services?
    25
  87. An administrator is taking an image of a server and converting it to a virtual instance. Which of the following BEST describes the information security requirements of a virtualized server?
    Virtual servers have the same information security requirements as physical servers
  88. Which of the following concepts ensures that the data is only viewable to authorized users?
    Confidentiality
  89. When a certificate issuer is not recognized by a web browser, which of the following is the MOST common reason?
    Self-signed certificate
  90. Which of the following does a TPM allow for?
    Full disk encryption
  91. Which of the following allows a user to have a one-time password?
    Tokens
  92. Which of the following port numbers is used for SCP, by default?
    22
  93. Several staff members working in a datacenter have reported instances of tailgating. Which of the following could be implement to prevent this security concern?
    Mantraps
  94. By default, which of the following stops network traffic when the traffic is not identified in the firewall ruleset?
    Implicit deny
  95. Which of the following is the BEST way to mitigate data loss if a portable device is compromised?
    Full disk encryption
  96. Which of the following is a reason to perform a penetration test?
    To determine the impact of a threat against the enterprise
  97. Users of specific systems are reporting that their data has been corrupted. After a recent patch update to those systems, the users are still reporting issues of data being corrupt. Which of the following assessment techniques need to be performed to identify the issue?
    Vulnerability Scan
  98. A security admin with full admin rights on the network is forced to change roles on a quarterly basis with another security admin. Which of the following describes this form of access control?
    Job Rotation
  99. Which of the following represents the complexity of a password policy which enforces lower case password using letters from 'a' through 'z' where 'n' is the password length?
    26n
  100. A security admin finished taking a forensic image of a computer's memory. Which of the following should the admin do to ensure image integrity?
    Run the image through SHA256
  101. When configuring multiple computers for RDP on the same wireless router, it may be necessary to do which of the following?
    Forward to different RDP listening ports
  102. In order to access the network, an employee must swipe their finger on a device. Which of the following best describes this form of authentication?
    Biometrics
  103. Which of the following protocols can be implemented to monitor network devices?
    SNMP
  104. An admin identifies a security issue on the corporate web server, but does not attempt to exploit it. Which of the following describes what the administrator has done?
    Vulnerability scan
  105. Security admin wants to know which systems are more susceptible to an attack compared to others on the network. Which assessment tool would be most effective?
    Vulnerability scanner
  106. Which is the MAIN reason to require data labeling?
    To ensure staff understands what data they are handling and processing
  107. Which is MOST common a part of routine system audits?
    User rights and permissions reviews
  108. Proper wireless antenna placement and radio power setting reduces the success of which reconnaissance methods?
    Wardriving
  109. Which elements of PKI are found in a browser's trusted root CA?
    Public key
  110. Which BEST Describes the process of key escrow?
    Maintains a secured copy of a user's private key FOR THE SOLE PURPOSE OF RECOVERING THE KEY IF IT IS LOST
  111. A security administrator has discovered through a password auditing software that most passwords can be discovered by cracking the first seven characters and then cracking the second part of the password. Which is in use by the company?
    LANMAN
  112. An administrator is updating firmware on routers throughout the company. Where should the administrator document this work?
    Change Management System
  113. DRPs should contain which of the following?
    Hierarchical list of CRITICAL SYSTEMS
  114. Which reduces the likelihood of a single point of failure when a server fails?
    Clustering
  115. A penetration test shows that almost all database servers were able to be compromised through a default database user account with the default password. Which of the following is MOST likely missing from the operational procedures?
    Application hardening
  116. Which of the following is a policy that would force all users to organize their areas as well as help in reducing the risk of possible data theft?
    Clean desk policy
  117. Which of the following is the MOST secure way of storing keys of digital certificates used for decryption/encryption of SSL sessions?
    HSM
  118. Which of the following environmental controls would BEST be used to regulate cooling a data center?
    Hot and cold aisles
  119. The recovery agent is used to recover the…?
    Private key
  120. A business-critical application will be installed on an internet facing server. Which of the following is the BEST security control that should be performed in conjunction with updating the application to the MOST current version?
    Vendor-provided hardening documentation should be reviewed and applied
  121. A user reports that their 802.11n capable interface connects and disconnect frequently to an access point that was recently installed. The user has a Bluetooth enabled laptop. A company in the next building had their wireless network breached last month. Which of the following is MOST likely causing the disconnections?
    The new access point was mis-configured and is interfering with another nearby access point
  122. The security administrator is getting reports from the users that they are accessing certain websites and are unable to download anything off of those sites. The security administrator is also receiving several alarms from the IDS about suspicious traffic on the network. Which is the MOST likely cause?
    NIPT is blocking activities from those specific websites
  123. Where are revoked certificates stored?
    CRL
  124. Which of the following are the default ports for HTTP and HTTPS protocols?
    80 and 443
  125. Which of the following BEST describes the function of TPM?
    Hardware chip that stores encryption keys
  126. An admin has implemented a policy that passwords expire after 60 days and cannot match their last six previous used passwords. Users are bypassing this policy by immediately changing their passwords six times and then back to the original password. Which of the following can the admin MOST easily employ to prevent this unsecure practice with the least administrative effort?
    Create a policy that passwords cannot be changed more than once a day
  127. The fundamental difference between symmetric and asymmetric key cryptographic systems is that symmetric key cryptography uses…?
    The same key on each end of the transmission medium
  128. Which of the following is the default rule found in a corporate firewall's access control list?
    Deny all
  129. Which of the following attacks is best described as the interruption of network traffic accompanied by the insertion of malicious code?
    Man-in-the-middle
  130. A user downloads a keygen to install pirated software. After running the keygen, system performance is extremely slow and numerous antivirus alerts are displayed. Which of the following BEST describes this type of malware?
    TROJAN
  131. Which of the following is a form of photo identification used to gain access into a secure location?
    CAC
  132. Penetration testing should only be used during controlled conditions with express consent of the system owner because…?
    Penetration testing actively tests security controls and can cause system instability
  133. Which of the following is a reason to perform user awareness and training?
    To minimize the organizational risk posed by users
  134. Which of the following should be used to help prevent device theft of unused assets?
    Locking cabinet
  135. Which of the following PKI implementation elements is responsible for verifying the authenticity of certificate contents?
    CA
  136. Performing routine security audits is a form of which of the following controls?
    Detective
  137. Which of the following allows an attacker to identify vulnerabilities within a closed source software application?
    Fuzzing
  138. Reviewing an access control list on a firewall reveals a Drop ALL statement at the end of the rules. Which of the following describes this form of access control?
    Time of day restrictions
  139. Which of the following web application security weaknesses can be mitigated by preventing the use of HTML tags?
    Cross-site scripting
  140. Which of the following are BEST reasons to use a HSM?
    • Generate keys
    • Store Keys
  141. Several classified mobile devices have been stolen. Which of the following would BEST reduce the data leakage threat?
    Remotely sanitize the devices
  142. A security admin ensures that certain characters and commands entered on a web server are not interpreted as legitimate data and not passed on to backend servers. This is an example of…?
    Input Validation
  143. A purpose of LDAP authentication services is…?
    A single point of user management
  144. Which of the following software should a security admin implement if several users are stating that they are receiving unwanted email containing advertisements?
    Anti-spam
  145. A security admin is implementing a solution that can integrate with an existing server and provide encryption capabilities. Which meets this requirement?
    HSM
  146. Which of the following tools provides the ability to determine if an application is transmitting a password in clear-text?
    protocol analyzer
  147. Which environmental variables reduces potential for static discharges?
    Humidity
  148. Which is the primary purpose of using a digital signature?
    • Integrity
    • Non-repudiation
  149. MOST likely performed by a web security gateway?
    Content filtering
  150. Which would an admin apply to mobile devices to BEST ensure confidentiality of data?
    Device encryption
  151. Which protocol should be blocked at the network perimeter to prevent host enumeration by sweep devices?
    ICMP
  152. A user receives an automated call which appears to be from their bank. The recording provides details about the bank's privacy policy, security policy and requests that the user clearly state their name, birthday and enter their banking details to validate the user's identity. Which BEST describes this attack?
    Phishing
  153. I af security admin wants to TELNET into a router to make config changes, which port needs to be open by default?
    23
  154. Which of the following must a security admin do when the private key of a web server has been compromised by an intruder?
    Submit the public key to the CRL
  155. Which of the following can cause hardware based drive encryption to see slower deployment?
    A lack of management software
  156. Which of the following is a best practice to identify fraud from an employee in a sensitive position?
    Mandatory vacations
  157. Which protocol would be MOST secure method to transfer files from a host machine?
    SFTP
  158. A critical system in the datacenter is not connected to a UPS. The security admin has coordinated an authorized service interruption to resolve this issue. This is an example of…?
    Fault tolerance
  159. Which of the following is true about the CRL?
    It should be kept public
  160. A remote office is reporting they are unable to access any of the network resources from the admin office. The security admin realized the error and corrects it. The administrator then tries to ping the router at the remote office and receives no reply, however the technician is able to telnet to that router. Which MOST likes cause of the security admin not being able to ping the router?
    The remote router has ICMP blocked
  161. The security admin notices a number of TCP connections from the development department to the test network segregation. Large volumes of data are being transmitted between the two networks only on port 22. Which is MOST likely occurring?
    The development team is transferring data to test systems using SFTP and SCP
  162. An enterprise solution is currently being evaluated due to its potential to increase the company's profit margin. The product is not a threat but has potential to introduce additional vulnerabilities. What should the admin also take into consideration while evaluating this product?
    Risk assessment
  163. The security admin is tasked with authenticating users to access an encrypted database. Authentication takes place using PKI and encryption of the database uses a separate cryptographic process to decrease latency. Which would describe the use of encryption in this situation?
    Public key encryption to authenticate users and private keys to encrypt the database
  164. The security admin implemented privacy screens, password protected screensavers, and hired a secure shredding and disposal service. Which of the following attacks is the security administrator trying to mitigate?
    • Dumpster diving
    • Shoulder surfing
  165. Which would need to be configured correctly to allow remote access to the network?
    ACLs
  166. A security admin needs to separate two departments. Which would the admin need to implement?
    VLAN
  167. Logs from an IDS show that a computer has been compromised with a botnet and is actively communicating with a command and control server. If the computer is powered off, which of the following data types will be unavailable for later investigation?

    A. Swap files, system processes, and master boot record
    B. Memory, temporary file system, and archival storage
    C. System disk, email, and log files
    D. Memory, network processes, and system processes
    Logs from an IDS show that a computer has been compromised with a botnet and is actively communicating with a command and control server. If the computer is powered off, which of the following data types will be unavailable for later investigation?

    • A. Swap files, system processes, and master boot record 
    • B. Memory, temporary file system, and archival storage 
    • C. System disk, email, and log files
    • D. Memory, network processes, and system processes
  168. When examining HTTP server logs the security admin notices that the company's online store crashes after a particular search string is executed by a single external user. Which BEST describes this attack?
    DOS
  169. Which is a technical control?
    Least privilege implementation
  170. Which is used when performing a quantitative risk analysis?
    Asset value
  171. Which wireless attacks uses a counterfeit base station with the same SSID name as a nearby intended wireless network?
    Evil twin
  172. Which would be installed on a single computer to prevent intrusion?
    Host-based firewall
  173. Which of the following uses TCP port 22 by default?
    SSH
  174. A security admin is asked to email an employee their password. Which of the following account policies MUST be set to ensure the employee changes their password promptly?
    Password expiration
  175. A company needs to be able to prevent entry, at all times, to a highly sensitive area inside a public building. In order to ensure the BEST type of physical security, which should be implemented?
    Mantrap
  176. In an 802.11n network, which provides the MOST secures method of both encryption and authorization?
    WPA Enterprise
  177. Which of the following is a hardening step of an application during the SDLC?
    Secure coding concepts
  178. Risk can be managed in the following ways EXCEPT…?
    Elimination
  179. A security admin is implementing a solution that encrypts an employee's newly purchased laptop but does not require the company to purchase additional hardware or software. Which of the following could be used to meet this requirement?
    TPM
  180. Which of the following is MOST likely to result in a data loss?
    Developers copying data from production to the test environment via a USB stick
  181. A Human Resource manager is assigning access to users in their specific department performing the same job function. This is an example of…?
    Role-based access control
  182. A rogue access point with the same SSID as the production wireless network is found. Which of the following BEST describes this attack?
    Evil twin
  183. A security administrator wants to prevent users in sales from accessing their servers after 6:00 pm and prevent them from accessing accounting's network at all times. Which of the following should the admin implement to accomplish these goals?
    • Time of day restrictions
    • Access controls lists
  184. During the analysis of malicious code, a security analyst discovers JavaScripting used to send random data to another service on the same system. This is MOST likely an example of…?
    Buffer overflow
  185. Which of the following is MOST relevant to a buffer overflow attack?
    NOOP instructions
  186. Which of the following is used in conjunction with PEP to provide mutual authentication between peers?
    MSCHAPv2
  187. Which of the following should the security admin look at FIRST when implementing an AP to gain more coverage?
    Power levels
  188. Recovery Point objectives and Recovery Time Objectives directly relate to which of the following BCP concepts?
    Business impact analysis
  189. Which of the following is an example of allowing a user to perform a self-service password reset?
    password recovery
  190. Employees are required to come up with a passphrase of at least 15 characters to access the corporate net. Which account policies does this exemplify?
    Password Length
  191. Which of the following should a security admin implement to prevent users from disrupting network connectivity if a user connects both ends of a network cable to different switch ports?
    Loop protection
  192. MAC filtering is a form of which of the following?
    Network Access Control
  193. A network admin has implemented a network addressing scheme that uses a long string of both numbers and alphanumeric characters to create addressing options and avoid duplicates. Which of the following describes a protocol built for this purpose?
    IPv6
  194. Instead of giving a security admin full admin rights on the network, the administrator is given rights only to review logs and update security related network devices. Additional rights are handed out to network administrators for the areas that fall within their job description. Which of the following describes this form of access control?
    Least privilege
  195. Which of the following is a security vulnerability that can be disabled for mobile device users?
    GPS tracking
  196. A targeted email attack sent to the company's Chief Executive Officer (CEO) is known as...?
    Whaling
  197. A security engineer is troubleshooting a server in the DMZ, which cannot be reached from the Internet or the internal network. All other servers in the DMZ are able to communicate with this server. What is MOST likely cause?
    The server is missing the default gateway
  198. Upper management decides which risk to mitigate based on cost. This is…?
    Quantitative risk assessment
  199. Which device is used to optimize and distribute data workloads across multiple computers or networks?
    Load balancer
  200. The security admin observes that an employee who entered the datacenter does not match the owner of the PIN that was entered into the keypad. Which would BEST prevent this?
    Biometrics
  201. What describes a passive attempt to identify weaknesses?
    Vulnerability scanning
  202. A user is no longer able to transfer files to the FTP server. The security administrator has verified the ports are open on the network firewall. Which of the following should the security admin check?
    ACLs
  203. Which of the following MUST be implemented in conjunction with password history, to prevent a user from reusing the same password?
    Minimum age time
  204. Which of the following is a security control that is lost when using cloud computing?
    Physical control of the data
  205. A web application has been found to be vulnerable to a SQL injection attack. Which of the following BEST describes the required remediation action?
    Add input validation to forms
  206. Which of the following threats corresponds with an attacker targeting specific employees of a company?
    Spear phishing
  207. A visitor plugs their laptop into the network and receives a warning about their antivirus being out-of-date along with various patches that are missing. The visitor is unable to access the Internet or any network resources. Which of the following is MOST likely cause?
    The security posture is enabled on the network and remediation must take place before access is given to the visitor on that laptop
  208. Used in conjunction, which of the following are PII?
    • Birthday
    • Full name
  209. Which of the following would an admin do to ensure that an application is secure and all unnecessary services are disabled?
    Application hardening
  210. A company needs to reduce that risk of employees emailing confidential data outside of the company. Which of the following describes an applicable security control to mitigate this threat?
    Install a network-based-DLP device
  211. Data can potentially be stolen from a disk encrypted, screen-lock protected, smartphone by which of the following?
    Bluesnarfing
  212. Which of the following devices is often used to cache and filter content?
    Proxies
  213. When a user first moves into their residence, the user receives a key that unlocks and locks their front door. This key is only given to them but may be shared with others they trust. Which of the following cryptographic concept is illustrated?
    Symmetric key sharing
  214. Which of the following can a security admin implement to help identify smurf attacks?
    NIDS
  215. What provides the HIGHEST level of wireless network security?
    WPA2
  216. Which wireless security controls can be easily and quickly circumvented using only a network sniffer?
    • MAC filtering
    • Disabled SSID broadcast
  217. Which should be considered when trying to prevent somebody from capturing network traffic?
    EM shielding
  218. Which BEST describes the use of hiding data within other files?
    Steganography
  219. A security admin is tasked with ensuring that all servers are highly available and that hard drive failure will not affect an individual servers. Which configurations will allow for high availability?
    • Hardware RAID 5
    • Software RAID 1
  220. While browsing the internet, and admin notices their browser behaves erratically, appears to download something, and then crashes. Upon restarting the PC, the admin notices performance is extremely slow and there are hundreds of outbound connections to various websites. Which BEST describes what has occurred?
    The PC has become part of a botnet
  221. Which of the following authentication services would be used to authenticate users trying to access a network device?
    TACACS+
  222. In order to ensure high availability of all critical servers, backups of the main datacenter are done in the middle of the night and then the backup tapes are taken to an offsite location. Which of the following would ensure the minimal amount of downtime in the case of a disaster?
    Having the offsite location of tapes also be the hot site
  223. Which of the following is a removable device that may be used to encrypt in a high availability clustered environment?
    HSM
  224. Which of the following security threats does shredding mitigate?
    dumpster diving
  225. Based on logs from file servers, remote access systems, and IDS a malicious insider was stealing data using a personal laptop while connected by VPN. The affected company wants access to the laptop to determine loss, but the insider's lawyer insists the laptop cannot be identified. Which of the following would BEST be used to identify the specific computer used by the insider?
    MAC address
  226. The detection of a NOOP sled is an indication of which of the following attacks?
    Buffer overflow
  227. Which of the following MUST a programmer implement to prevent cross-site scripting?
    Validate input to remove hypertext markup
  228. Which of the following would be considered multifactor authentication?
    Pin number and a smart card
  229. Isolation mode on an AP provides which of the following functionality types?
    Segmentation of each wireless user from other wireless users
  230. Which is the MOST likely cause of a single computer communicating with an unknown IRC server and scanning other systems on the network?
    Botnet
  231. When granting access, which of the following protocols uses multiple-challenge responses for authentication, authorization and audit?
    TACACS+
  232. Which of the following is the BEST choice for encryption on a wireless network?
    WPA2-PSK
  233. A bulk update process fails and writes incorrect data throughout the database. Which of the following concepts describes what has been compromised?
    Integrity
  234. Which of the following uses tickets to identify users to the network?
    Kerberos
  235. Which of the following would be the BEST action to perform when conducting a corporate vulnerability assessment?
    Organize data based on severity and asset value
  236. Which of the following BEST describes the proper method and reason to implement port security?
    Apply security control which ties specific ports to end-device MAC addresses and prevents ADDITIONAL devices from being connected to the network.
  237. A technician needs to limit the wireless signal from reaching outside of a building. Which of the following actions should the technician take?
    Decrease the power levels on the WAP.
  238. The BEST way to protect the confidentiality of sensitive data entered in a database table is to use…?
    Hashing
  239. Which of the following is seen as non-secure based on its ability to only store seven uppercase characters of data making it susceptible to brute force attacks?
    LANMAN
  240. Which of the following is the MOST secure method of utilizing FTP?
    FTPS
  241. Which of the following devices BEST allows a security administrator to identify malicious activity after it has occurred?
    IDS
  242. Which of the following is specific to a buffer overflow attack?
    Initial vector
  243. Which of the following malware types is MOST commonly installed through the use of thumb drives to compromise systems and provide unauthorized access?
    Trojans
  244. Which of the following allows a security administrator to set device traps?
    SNMPS
  245. NTLM is an improved and substantially backwards compatible replacement for which of the following?
    passwd
  246. Which of the following assists in identifying if a system was properly handled during transport?
    Chain of custody
  247. Which of the following should be reviewed periodically to ensure a server maintains the correct security configuration?
    User rights
  248. A proximity card reader is used to test which of the following aspects of human authentication?
    Something a user has
  249. Public keys are used for…?
    Decrypting the hash of an electronic signature
  250. Which of the following cloud computing concepts is BEST described as providing an easy-to-configure OS and on-demand computing for customers?
    Platform as a Service
  251. Which of the following is an example of verifying new software changes on a test system?
    Patch management
  252. Which of the following describes the purpose of chain of custody as applied to forensic image retention?
    To provide documentation as to who has handled the evidence
  253. A security administrator working for a health insurance company needs to protect customer data by installing an HVAC system and a mantrap in the datacenter. Which of the following are being addressed?
    • Confidentiality
    • Availability
  254. Which of the following devices would allow a technician to view IP headers on a data packet?
    Protocol analyzer
  255. A company that purchases insurance to reduce risk is an example of which of the following?
    Risk transference
  256. Which of the following is a management control type?
    • Vulnerability scanning
    • Least privilege implementation
    • Baseline configuration development
    • Session locks
  257. Which of the following is an example of allowing a user physical access to a secured area without validation of their credentials?
    Tailgating
  258. A security administrator performs several war driving routes each month and recently has noticed a certain area with a large number of unauthorized devices. Which of the following attack types is MOST likely occurring?
    Rogue access points
  259. Applying detailed instructions to manage the flow of network traffic at the edge of the network, including allowing or denying traffic based on port, protocol, address, or direction is an implementation of which of the following?
    Firewall rules
  260. Which of the following requires special handling and explicit policies for data retention and data distribution?
    Personally identifiable information
  261. Which of the following protocols only encrypts password packets from client to server?
    RADIUS
  262. Which of the following protocols requires the use of a CA based authentication process?
    PEAP-TLS
  263. If a user wishes to receive a file encrypted with PGP, the user must FIRST supply the…?
    Public key

What would you like to do?

Home > Flashcards > Print Preview