1.
#101 Which of the following must be intact for evidence to be admissible in court?
Correct Answer
A. A. Chain of custody
Explanation
In order for evidence to be admissible in court, the chain of custody must be intact. This refers to the chronological documentation of the custody, control, transfer, analysis, and disposition of physical or electronic evidence. It ensures that the evidence has not been tampered with or altered in any way, and establishes its authenticity and reliability. The chain of custody is crucial in maintaining the integrity of the evidence and ensuring that it can be trusted as accurate and reliable in court proceedings.
2.
102 # A vulnerability scanner that uses its running service's access level to better assess vulnerabilities across multiple assets within an organization is performing a:
Correct Answer
A. A. Credentialed scan.
Explanation
A vulnerability scanner that uses its running service's access level to better assess vulnerabilities across multiple assets within an organization is performing a credentialed scan. This type of scan requires the scanner to have valid credentials (such as username and password) to authenticate with the target systems. By doing so, the scanner can access more detailed information about the system's configuration and installed software, allowing for a more accurate assessment of vulnerabilities. This type of scan is often preferred for internal network assessments where the scanner has legitimate access to the systems being scanned.
3.
103 # Which of the following cryptography algorithms will produce a fixed-length, irreversible output?
Correct Answer
D. D. MD5
Explanation
MD5 is a cryptographic algorithm that produces a fixed-length, irreversible output. It is commonly used for verifying the integrity of files and detecting duplicate data. MD5 generates a 128-bit hash value, which is a fixed-length output that cannot be reversed to obtain the original input. This makes it suitable for tasks such as password hashing, where it is important to store passwords securely without being able to retrieve the original plaintext password. However, it is worth noting that MD5 is considered to be weak for cryptographic purposes due to its vulnerability to collision attacks.
4.
104 # A technician suspects that a system has been compromised. The technician reviews the following log entry:
WARNING- hash mismatch: C:\Window\SysWOW64\user32.dll
WARNING- hash mismatch: C:\Window\SysWOW64\kernel32.dll
Based solely on the above information, which of the following types of malware is MOST likely installed on the system?
Correct Answer
A. A. Rootkit
Explanation
The log entry indicates a hash mismatch for system files, specifically user32.dll and kernel32.dll. This suggests that these files have been modified, which is a common behavior of rootkits. Rootkits are a type of malware that are designed to hide their presence on a system by modifying or replacing important system files. Therefore, based on the given information, the most likely type of malware installed on the system is a rootkit.
5.
105# A new firewall has been placed into service at an organization. However, a configuration has not been entered on the firewall. Employees on the network segment covered by the new firewall report they are unable to access the network. Which of the following steps should be completed to BEST resolve the issue?
Correct Answer
A. A. The firewall should be configured to prevent user traffic from matching the implicit deny rule.
Explanation
The correct answer is A. The firewall should be configured to prevent user traffic from matching the implicit deny rule. When a new firewall is placed into service without any configuration, it typically has an implicit deny rule in place, which means that all traffic is denied by default. In order for employees on the network segment covered by the firewall to access the network, the firewall needs to be configured to allow their traffic to pass through. By configuring the firewall to prevent user traffic from matching the implicit deny rule, the employees will be able to access the network.
6.
A security analyst is testing both Windows and Linux systems for unauthorized DNS zone transfers within a LAN on comptia.org from example.org. Which of the following commands should the security analyst use? (Select two.)
Correct Answer(s)
A. A.
C. C. dig ""axfr comptia.org @example.org
Explanation
The security analyst should use the "dig" command with the "axfr" option to test for unauthorized DNS zone transfers. This command allows the analyst to request a full zone transfer from the DNS server at example.org for the domain comptia.org. This will help the analyst determine if any unauthorized transfers are occurring within the LAN.
7.
107# Which of the following are the MAIN reasons why a systems administrator would install security patches in a staging environment before the patches are applied to the production server? (Select two.)
Correct Answer(s)
A. A. To prevent server availability issues
D. D. To allow users to test functionality
Explanation
The main reason why a systems administrator would install security patches in a staging environment before applying them to the production server is to prevent server availability issues. By testing the patches in a controlled environment first, any potential issues or conflicts can be identified and resolved before they impact the live production server. Additionally, installing patches in a staging environment allows users to test the functionality of the system after the patches are applied, ensuring that there are no unexpected issues or disruptions in the production environment.
8.
108 # A Chief Information Officer (CIO) drafts an agreement between the organization and its employees. The agreement outlines ramifications for releasing information without consent and/or approvals. Which of the following BEST describes this type of agreement?
Correct Answer
B. B. NDA
Explanation
The agreement described in the question is a Non-Disclosure Agreement (NDA). An NDA is a legal contract between two or more parties that outlines confidential information that the parties agree not to disclose to third parties. In this case, the agreement drafted by the CIO is specifically addressing the release of information without consent and/or approvals, which aligns with the purpose of an NDA. ISA (Information Sharing Agreement), MOU (Memorandum of Understanding), and SLA (Service Level Agreement) are not appropriate descriptions for this type of agreement.
9.
109 # Which of the following would meet the requirements for multifactor authentication?
Correct Answer
B. B. Fingerprint and password
Explanation
The combination of a fingerprint and password meets the requirements for multifactor authentication because it combines something the user is (biometric fingerprint) with something the user knows (password). This ensures that the user's identity is verified using both a physical characteristic and a secret piece of information, making it more secure than using a single factor for authentication.
10.
110 # A manager suspects that an IT employee with elevated database access may be knowingly modifying financial transactions for the benefit of a competitor. Which of the following practices should the manager implement to validate the concern?
Correct Answer
A. A. Separation of duties
Explanation
Implementing separation of duties would help validate the concern because it involves dividing critical tasks and responsibilities among different individuals. This ensures that no single employee has complete control over a process, reducing the risk of fraud or malicious activity. By separating the duties of accessing and modifying financial transactions, the manager can mitigate the risk of the IT employee being able to manipulate transactions for the benefit of a competitor.
11.
111 # A penetration tester finds that a company's login credentials for the email client were being sent in cleartext. Which of the following should be done to provide encrypted logins to the email server?
Correct Answer
D. D. Enable an SSL certificate for IMAP services.
Explanation
Enabling an SSL certificate for IMAP services would provide encrypted logins to the email server. SSL (Secure Sockets Layer) is a protocol that encrypts data transmitted between a client and a server, ensuring that the information cannot be intercepted or read by unauthorized individuals. By enabling an SSL certificate for IMAP services, the company can secure the login credentials for the email client, preventing them from being sent in cleartext and enhancing the overall security of the system.
12.
112 # Before an infection was detected, several of the infected devices attempted to access a URL that was similar to the company name but with two letters transposed. Which of the following BEST describes the attack vector used to infect the devices?
Correct Answer
C. C. Typo squatting
Explanation
The correct answer is C. Typo squatting. Typo squatting is a technique used by attackers to register domain names that are similar to legitimate domain names but with slight misspellings or transposed letters. In this case, the infected devices attempted to access a URL that was similar to the company name but with two letters transposed, indicating that the attack vector used was typo squatting.
13.
113# A systems administrator is reviewing the following information from a compromised server:
Given the above information, which of the following processes was MOST likely exploited via a remote buffer overflow attack?
Correct Answer
A. A. Apache
Explanation
The correct answer is A. Apache. The information provided states that the server is running Apache version 2.4.7, which is a web server software. Web servers like Apache are commonly targeted by remote buffer overflow attacks, where an attacker sends more data than a buffer can handle, causing it to overflow and potentially allowing the attacker to execute malicious code on the server. Therefore, it is most likely that Apache was exploited in this scenario.
14.
114# Joe, a security administrator, needs to extend the organization's remote access functionality to be used by staff while traveling. Joe needs to maintain separate access control functionalities for internal, external, and VOIP services. Which of the following represents the BEST access technology for Joe to use?
Correct Answer
B. B. TACACS+
Explanation
TACACS+ is the best access technology for Joe to use because it provides separate access control functionalities for internal, external, and VOIP services. TACACS+ allows for granular control over user access and authentication, making it ideal for maintaining security while allowing remote access for traveling staff. RADIUS, Diameter, and Kerberos do not offer the same level of control and functionality as TACACS+.
15.
115# The availability of a system has been labeled as the highest priority. Which of the following should be focused on the MOST to ensure the objective?
Correct Answer
B. B. HVAC
Explanation
The availability of a system refers to its ability to be operational and accessible when needed. HVAC (Heating, Ventilation, and Air Conditioning) is important for maintaining the proper temperature and humidity levels in a system's environment. This is crucial for preventing overheating or damage to the system's components, which can lead to downtime and affect its availability. Therefore, focusing on HVAC ensures that the system remains operational and available for use.
16.
116# As part of the SDLC, a third party is hired to perform a penetration test. The third-party will have access to the source code, integration tests, and network diagrams. Which of the following BEST describes the assessment being performed?
Correct Answer
C. C. White box
Explanation
The assessment being performed in this scenario is a white box assessment. This is because the third party has access to the source code, integration tests, and network diagrams, which means they have full knowledge of the internal workings of the system. In a white box assessment, the tester has complete knowledge and understanding of the system being tested, allowing them to identify vulnerabilities and potential security issues more effectively.
17.
117# A dumpster diver recovers several hard drives from a company and is able to obtain confidential data from one of the hard drives. The company then discovers its information is posted online. Which of the following methods would have MOST likely prevented the data from being exposed?
Correct Answer
D. D. Using magnetic fields to erase the data
Explanation
Using magnetic fields to erase the data would have most likely prevented the data from being exposed. This method involves using strong magnetic fields to completely erase the data on the hard drives, making it impossible for anyone to recover the confidential information. By erasing the data in this way, the dumpster diver would not have been able to retrieve the confidential data and post it online.
18.
118# Which of the following are methods to implement HA in a web application server environment? (Select two.)
Correct Answer(s)
A. A. Load balancers
B. B. Application layer firewalls
Explanation
Load balancers and application layer firewalls are both methods to implement high availability (HA) in a web application server environment. Load balancers distribute incoming network traffic across multiple servers to ensure efficient utilization and prevent overload. This helps to improve availability by ensuring that if one server fails, others can handle the traffic. Application layer firewalls, on the other hand, provide an additional layer of security by monitoring and filtering network traffic at the application layer. This helps to protect the web application server from various attacks and vulnerabilities, thereby enhancing its availability and reliability.
19.
119# An application developer is designing an application involving secure transports from one service to another that will pass over port 80 for a request.
Which of the following secure protocols is the developer MOST likely to use?
Correct Answer
C. C. SSL
Explanation
The developer is most likely to use SSL (Secure Sockets Layer) as the secure protocol for the application. SSL is commonly used for secure communication over the internet and can provide encryption and authentication for data transmission. Port 80 is typically used for HTTP communication, and SSL can be implemented on top of HTTP to secure the data being transmitted. FTPS and SFTP are secure protocols for file transfer, LDAPS is used for secure LDAP communication, and SSH is used for secure remote access, but SSL is the most suitable choice for secure transport over port 80 in this scenario.
20.
120# Which of the following precautions MINIMIZES the risk from network attacks directed at multifunction printers, as well as the impact on functionality at the same time?
Correct Answer
A. A. Isolating the systems using VLANs
Explanation
Isolating the systems using VLANs helps to minimize the risk from network attacks directed at multifunction printers by creating separate virtual networks for different devices or groups of devices. This prevents unauthorized access to the printers and limits the potential impact of an attack on the functionality of the printers. VLANs provide a level of network segmentation and control, allowing organizations to better protect their devices and data.
21.
121# After an identified security breach, an analyst is tasked to initiate the IR process. Which of the following is the NEXT step the analyst should take?
Correct Answer
B. B. Identification
Explanation
After an identified security breach, the analyst should take the next step of identification. This involves gathering information and evidence to determine the scope and nature of the breach. By identifying the specific details of the breach, the analyst can then proceed with the appropriate actions in the incident response process, such as containment, eradication, and recovery.
22.
122# A company was recently audited by a third party. The audit revealed the company's network devices were transferring files in the clear. Which of the following protocols should the company use to transfer files?
Correct Answer
C. C. SCP
Explanation
The company should use SCP (Secure Copy Protocol) to transfer files. The audit revealed that the files were being transferred in the clear, which means they were not encrypted and could be intercepted by unauthorized individuals. SCP is a secure file transfer protocol that uses SSH (Secure Shell) for encryption and authentication, ensuring that files are transferred securely and cannot be easily intercepted or tampered with. HTTPS (Hypertext Transfer Protocol Secure) is used for secure web communication, LDAPS (LDAP over SSL) is used for secure LDAP communication, and SNMPv3 (Simple Network Management Protocol version 3) is used for secure network management, but none of these protocols are specifically designed for secure file transfer like SCP.
23.
123# During a monthly vulnerability scan, a server was flagged for being vulnerable to an Apache Struts exploit. Upon further investigation, the developer responsible for the server informs the security team that Apache Struts is not installed on the server. Which of the following BEST describes how the security team should reach this incident?
Correct Answer
A. A. The finding is a false positive and can be disregarded
Explanation
Based on the information provided, the developer responsible for the server states that Apache Struts is not installed on the server. This indicates that the vulnerability scan may have produced a false positive result, meaning that it incorrectly flagged the server as vulnerable to an Apache Struts exploit. Therefore, the security team should disregard the finding as it is not a legitimate vulnerability.
24.
124#
A systems administrator wants to protect data stored on mobile devices that are used to scan and record assets in a warehouse. The control must automatically destroy the secure container of mobile devices if they leave the warehouse. Which of the following should the administrator implement?
Correct Answer(s)
A. A. Geofencing
E. E. Containerization
Explanation
The administrator should implement geofencing and containerization to protect the data stored on the mobile devices. Geofencing allows the administrator to set up virtual boundaries around the warehouse, and if the devices leave this area, the secure container on the devices will be automatically destroyed. Containerization, on the other hand, provides a secure and isolated environment for the storage and processing of data on the devices, ensuring that the data is protected even if the devices are lost or stolen.
25.
125# A security analyst is performing a quantitative risk analysis. The risk analysis should show the potential monetary loss each time a threat or event occurs. Given this requirement, which of the following concepts would assist the analyst in determining this value? (Select two.)
Correct Answer(s)
B. B. AV
D. D. EF
Explanation
The analyst needs to determine the potential monetary loss each time a threat or event occurs. The concept of AV (Annualized Loss Expectancy) would assist in calculating the expected monetary loss per year, while the concept of EF (Exposure Factor) would assist in determining the percentage of asset loss that would occur if a threat or event happens.
26.
126# Which of the following AES modes of operation provide authentication? (Select two.)
Correct Answer(s)
A. A. CCM
C. C. GCM
Explanation
CCM and GCM are both AES modes of operation that provide authentication. CCM (Counter with CBC-MAC) is a mode that combines counter mode encryption with CBC-MAC authentication. It provides both confidentiality and authentication. GCM (Galois/Counter Mode) is another mode that combines counter mode encryption with Galois field multiplication-based authentication. It also provides both confidentiality and authentication. DSA (Digital Signature Algorithm) is a digital signature algorithm and not an AES mode of operation. CBC (Cipher Block Chaining) and CFB (Cipher Feedback) are AES modes of operation that provide confidentiality but not authentication.
27.
127# An audit takes place after company-wide restricting, in which several employees changed roles. The following deficiencies are found during the audit regarding access to confidential data:
Which of the following would be the BEST method to prevent similar audit findings in the future?
Correct Answer
A. A. Implement separation of duties for the payroll department.
Explanation
Implementing separation of duties for the payroll department would be the best method to prevent similar audit findings in the future. This means assigning different tasks and responsibilities to different individuals within the department, ensuring that no single employee has complete control over the payroll process. By implementing separation of duties, it reduces the risk of fraud or unauthorized access to confidential data, as multiple employees would need to collaborate to carry out any malicious activities. This control measure enhances accountability, transparency, and reduces the likelihood of errors or intentional misconduct.
28.
128# A security engineer is configuring a wireless network that must support mutual authentication of the wireless client and the authentication server before users provide credentials. The wireless network must also support authentication with usernames and passwords. Which of the following authentication protocols MUST the security engineer select?
Correct Answer
C. C. PEAP
Explanation
PEAP (Protected Extensible Authentication Protocol) is the correct answer because it is an authentication protocol that supports mutual authentication between the wireless client and the authentication server. It also allows for authentication with usernames and passwords. EAP-FAST and EAP-TLS are also authentication protocols, but they do not specifically mention support for mutual authentication or authentication with usernames and passwords. EAP, on the other hand, is a general term for Extensible Authentication Protocol and does not specify a particular authentication method.
29.
129# A system administrator has finished configuring firewall ACL to allow access to a new webserver.
The security administrator confirms form the following packet capture that there is network traffic from the internet to the web server:
The company's internal auditor issues a security finding and requests that immediate action be taken. With which of the following is the auditor MOST concerned?
Correct Answer
B. B. Clear text credentials
Explanation
The auditor is most concerned with clear text credentials because this means that sensitive information such as usernames and passwords are being transmitted over the network in plain text, making it easy for attackers to intercept and steal this information. This is a serious security risk as it can lead to unauthorized access to the web server and potentially compromise the company's data and systems.
30.
130# Which of the following vulnerability types would the type of hacker known as a script kiddie be MOST dangerous against?
Correct Answer
B. B. Unpatched exploitable Internet-facing services
Explanation
A script kiddie is typically an inexperienced hacker who relies on pre-existing tools and scripts to carry out attacks. They do not possess advanced hacking skills or knowledge. Among the given vulnerability types, unpatched exploitable Internet-facing services would be the most vulnerable to attacks from script kiddies. These hackers can easily find and use automated tools to exploit known vulnerabilities in such services without requiring much technical expertise.
31.
131# An in-house penetration tester is using a packet capture device to listen in on network communications. This is an example of:
Correct Answer
A. A. Passive reconnaissance
Explanation
An in-house penetration tester using a packet capture device to listen in on network communications is an example of passive reconnaissance. Passive reconnaissance involves gathering information about a target system or network without actively engaging with it. In this case, the penetration tester is simply observing and collecting data from the network communications without actively interacting or attempting to exploit any vulnerabilities.
32.
132# A black hat hacker is enumerating a network and wants to remain covert during the process. The hacker initiates a vulnerability scan. Given the task at hand the requirement of being covert, which of the following statements BEST indicates that the vulnerability scan meets these requirements?
Correct Answer
C. C. The vulnerability scanner is performing in network sniffer mode.
33.
133# A development team has adopted a new approach to projects in which feedback is iterative and multiple iterations of deployments are provided within an application's full life cycle. Which of the following software development methodologies is the development team using?
Correct Answer
B. B. Agile
Explanation
The correct answer is B. Agile. Agile is a software development methodology that emphasizes iterative and incremental development, allowing for multiple iterations of deployments within an application's full life cycle. This approach encourages feedback and collaboration from stakeholders throughout the development process, resulting in a more flexible and adaptable approach to project management.
34.
134# A Chief Executive Officer (CEO) suspects someone in the lab testing environment is stealing confidential information after working hours when no one else is around. Which of the following actions can help to prevent this specific threat?
Correct Answer
D. D. Require swipe-card access to enter the lab.
Explanation
Requiring swipe-card access to enter the lab can help prevent the specific threat of stealing confidential information after working hours. By implementing swipe-card access, the CEO can track and monitor who enters the lab during non-working hours, making it easier to identify any unauthorized individuals. This measure adds an extra layer of security and accountability, deterring potential thieves and ensuring that only authorized personnel have access to the lab and its confidential information.
35.
135# A company hires a third-party firm to conduct an assessment of vulnerabilities exposed to the Internet. The firm informs the company that an exploit exists for an
FTP server that had a version installed from eight years ago. The company has decided to keep the system online anyway, as no upgrade exists from the vendor.
Which of the following BEST describes the reason why the vulnerability exists?
Correct Answer
B. B. End-of-life system
Explanation
The vulnerability exists because the company is using an FTP server version that is eight years old and there is no upgrade available from the vendor. This indicates that the system is at the end of its life cycle and is no longer supported by the vendor, leaving it vulnerable to known exploits.
36.
136# An organization uses SSO authentication for employee access to network resources. When an employee resigns, as per the organization's security policy, the employee's access to all network resources is terminated immediately. Two weeks later, the former employee sends an email to the help desk for a password reset to access payroll information from the human resources server. Which of the following represents the BEST course of action?
Correct Answer
C. C. Deny the former employee's request, as a password reset would give the employee access to all network resources.
Explanation
The best course of action is to deny the former employee's request for a password reset. This is because, according to the organization's security policy, the employee's access to all network resources is terminated immediately upon resignation. Granting a password reset would allow the former employee to regain access to all network resources, which is against the organization's security policy. Therefore, denying the request is the most appropriate action to ensure the security of the network resources.
37.
137# Joe, a user, wants to send Ann, another user, a confidential document electronically. Which of the following should Joe do to ensure the document is protected from eavesdropping?
Correct Answer
D. D. Encrypt it with Ann's public key
Explanation
Joe should encrypt the document with Ann's public key to ensure that it is protected from eavesdropping. By encrypting it with Ann's public key, only Ann will be able to decrypt and access the document using her private key. This ensures that only the intended recipient can read the confidential information and prevents unauthorized access or eavesdropping by others.
38.
138# A director of IR is reviewing a report regarding several recent breaches. The director compiles the following statistic's
-Initial IR engagement time frame
-Length of time before an executive management notice went out
-Average IR phase completion
The director wants to use the data to shorten the response time. Which of the following would accomplish this?
Correct Answer
D. D. Tabletop exercise
Explanation
A tabletop exercise is a simulated scenario where key stakeholders gather together to discuss and practice their response to a potential incident. By conducting tabletop exercises, the director can identify any gaps or weaknesses in the response process and make necessary improvements. This practice helps to familiarize the team with their roles and responsibilities, improves communication and coordination, and allows for the development of more efficient response strategies. Ultimately, by regularly conducting tabletop exercises, the director can enhance the team's preparedness and shorten the response time in real incidents.
39.
139# To reduce disk consumption, an organization's legal department has recently approved a new policy setting the data retention period for sent email at six months.
Which of the following is the BEST way to ensure this goal is met?
Correct Answer
A. A. Create a daily encrypted backup of the relevant emails.
Explanation
Creating a daily encrypted backup of the relevant emails is the best way to ensure the goal of reducing disk consumption and meeting the data retention period for sent emails. By creating encrypted backups, the organization can securely store the relevant emails while minimizing disk space usage. This allows the organization to meet legal requirements and retain the necessary data without cluttering the email server or compromising security.
40.
140# A security administrator is configuring a new network segment, which contains devices that will be accessed by external users, such as web and FTP server.
Which of the following represents the MOST secure way to configure the new network segment?
Correct Answer
D. D. The segment should be placed on an extranet, and the firewall rules should be configured to allow both internal and external traffic.
Explanation
Placing the new network segment on an extranet and configuring the firewall rules to allow both internal and external traffic is the most secure way to configure the segment. An extranet is a controlled extension of an organization's internal network that allows external users limited access. By placing the segment on an extranet, the organization can provide access to external users while still maintaining a level of security. Configuring the firewall rules to allow both internal and external traffic ensures that the necessary communication can occur while still protecting the network from unauthorized access.
41.
#141 Which of the following types of attacks precedes the installation of a rootkit on a server?
Correct Answer
C. C. Privilege escalation
Explanation
Privilege escalation is the type of attack that occurs before the installation of a rootkit on a server. Privilege escalation involves gaining unauthorized access to higher levels of privileges or permissions than originally granted. By exploiting vulnerabilities or weaknesses in the system, an attacker can elevate their privileges and gain administrative control over the server. Once they have gained higher privileges, they can proceed with the installation of a rootkit, which is a malicious software that provides unauthorized access and control over the server.
42.
142# Which of the following cryptographic algorithms is irreversible?
Correct Answer
B. B. SHA-256
Explanation
SHA-256 is an irreversible cryptographic algorithm. It is a widely used hash function that generates a fixed-size output (256 bits) from any input data. The output, also known as the hash value, is unique to the input data, meaning that even a small change in the input will result in a completely different hash value. This makes it computationally infeasible to reverse-engineer the original input from the hash value. Therefore, SHA-256 is considered irreversible, making it suitable for various security applications such as password storage and digital signatures.
43.
143# A security analyst receives an alert from a WAF with the following payload: var data= "<test test test>" ++ <../../../../../../etc/passwd>"
Which of the following types of attacks is this?
Correct Answer
D. D. JavaScript data insertion
Explanation
The given payload includes JavaScript code that tries to insert data from the file "/etc/passwd" into the webpage. This type of attack is known as JavaScript data insertion, where an attacker tries to inject malicious code or data into a webpage using JavaScript. This can be used to steal sensitive information or perform unauthorized actions on the website.
44.
144# A workstation puts out a network request to locate another system. Joe, a hacker on the network, responds before the real system does, and he tricks the workstation into communicating with him. Which of the following BEST describes what occurred?
Correct Answer
D. D. The hacker exploited weak switch configuration.
45.
145# Audit logs from a small company's vulnerability scanning software show the following findings:
Destinations scanned:
-Server001- Internal human resources payroll server
-Server101-Internet-facing web server
-Server201- SQL server for Server101
-Server301-Jumpbox used by systems administrators accessible from the internal network
Validated vulnerabilities found:
-Server001- Vulnerable to buffer overflow exploit that may allow attackers to install software
-Server101- Vulnerable to buffer overflow exploit that may allow attackers to install software
-Server201-OS updates not fully current
-Server301- Accessible from internal network without the use of jumpbox
-Server301-Vulnerable to highly publicized exploit that can elevate user privileges
Assuming external attackers who are gaining unauthorized information are of the highest concern, which of the following servers should be addressed FIRST?
Correct Answer
B. B. Server101
Explanation
Server101 should be addressed first because it is the only server that is both internet-facing and vulnerable to a buffer overflow exploit. This means that external attackers have the potential to exploit this vulnerability and gain unauthorized access to the server. Addressing this vulnerability will help mitigate the risk of unauthorized information being accessed by external attackers.
46.
146# A security analyst wants to harden the company's VoIP PBX. The analyst is worried that credentials may be intercepted and compromised when IP phones authenticate with the BPX. Which of the following would best prevent this from occurring?
Correct Answer
D. D. Require SIPS on connections to the PBX.
Explanation
Requiring SIPS (Secure Internet Protocol Session) on connections to the PBX would best prevent interception and compromise of credentials during authentication. SIPS is a secure version of the Session Initiation Protocol (SIP) used for VoIP communications. By using SIPS, the communication between the IP phones and the PBX is encrypted, ensuring that any intercepted data is unreadable and secure. This helps to protect the authentication process and prevents unauthorized access to the PBX system. Implementing SRTP (Secure Real-time Transport Protocol) between the phones and the PBX would also provide encryption, but it does not specifically address the authentication process. Placing the phones and PBX in their own VLAN and restricting phone connections to the PBX can provide some level of network segregation and control, but they do not directly address the security of the authentication process.
47.
147# An organization is comparing and contrasting migration from its standard desktop configuration to the newest version of the platform. Before this can happen, the
Chief Information Security Officer (CISO) voices the need to evaluate the functionality of the newer desktop platform to ensure interoperability with existing software in use by the organization. In which of the following principles of architecture and design is the CISO engaging?
Correct Answer
B. B. Change management
Explanation
The CISO is engaging in change management, which involves evaluating the functionality of the newer desktop platform to ensure interoperability with existing software in use by the organization. Change management is the process of managing and controlling changes to a system or environment to minimize disruption and ensure that changes are implemented smoothly and effectively. In this case, the CISO is concerned about the impact of migrating to the new platform on the organization's existing software and wants to assess the compatibility before proceeding with the migration.
48.
148# A security administrator suspects a MITM attack aimed at impersonating the default gateway is underway. Which of the following tools should the administrator use to detect this attack? (Select two.)
Correct Answer(s)
B. B. Ipconfig
C. C. Tracert
Explanation
The security administrator should use the "Ipconfig" tool to check the IP configuration of the system and verify if the default gateway has been tampered with. They should also use the "Tracert" tool to trace the route to the default gateway and identify any unexpected hops or deviations. Both of these tools can help the administrator detect and confirm a MITM attack targeting the default gateway.
49.
149# A user is presented with the following items during the new-hire on boarding process:
-Laptop
-Secure USB drive
-Hardware OTP token
-External high-capacity HDD
-Password complexity policy
-Acceptable use policy
-HASP key
-Cable lock
Which of the following is one component of multifactor authentication?
Correct Answer
C. C. Hardware OTP token
Explanation
One component of multifactor authentication is a Hardware OTP token. Multifactor authentication requires the use of multiple factors to verify the identity of a user. In this case, the Hardware OTP token serves as a second factor, in addition to a password or another form of authentication. It generates a unique one-time password that is used for authentication purposes, adding an extra layer of security to the login process. The other options listed, such as the Secure USB drive, Cable lock, and HASP key, are not typically used as factors in multifactor authentication.
50.
150# An organization requires users to provide their fingerprints to access an application. To improve security, the application developers intend to implement multifactor authentication. Which of the following should be implemented?
Correct Answer
B. B. Have users sign their name naturally
Explanation
Having users sign their name naturally can be a form of biometric authentication. Each person's signature is unique, and by verifying the signature, the application can confirm the user's identity. This adds an additional layer of security to the authentication process, making it a suitable choice for implementing multifactor authentication. Facial recognition, palm geometry scan, and iris recognition are also forms of biometric authentication, but they are not mentioned in the question and therefore not the correct answer.