Download Cybersecurity Concepts and Mitigation Strategies and more Exams Computer Science in PDF only on Docsity! Sec+ 401 High-Quality Questions with Expert Answers With Detailed Explanations and Answers Questions from World-Class Academics Diverse Questions with Correct Solutions Sara, a user, downloads a keygen to install pirated software. After running the keygen, system performance is extremely slow and numerous antivirus alerts are displayed. Which of the following BEST describes this type of malware? A. Logic bomb B. Worm C. Trojan D. Adware - -correct ans- -C Which of the following may significantly reduce data loss if multiple drives fail at the same time? A. Virtualization B. RAID C. Load balancing D. Server clustering - -correct ans- -B Which of the following should be considered to mitigate data theft when using CAT5 wiring? A. CCTV B. Environmental monitoring C. Multimode fiber D. EMI shielding - -correct ans- -D To help prevent unauthorized access to PCs, a security administrator implements screen savers that lock the PC after five minutes of inactivity. Which of the following controls is being described in this situation? A. Management B. Administrative C. Technical D. Operational - -correct ans- -C Pete, a network administrator, is capturing packets on the network and notices that a large amount of the traffic on the LAN is SIP and RTP protocols. Which of the following should he do to segment that traffic from the other traffic? A. Connect the WAP to a different switch. B. Create a voice VLAN. C. Create a DMZ. D. Set the switch ports to 802.1q mode. - -correct ans- -B Which of the following IP addresses would be hosts on the same subnet given the subnet mask 255.255.255.224? (Select TWO). A. 10.4.4.125 B. 10.4.4.158 C. 10.4.4.165 Matt, an administrator, notices a flood fragmented packet and retransmits from an email server. After disabling the TCP offload setting on the NIC, Matt sees normal traffic with packets flowing in sequence again. Which of the following utilities was he MOST likely using to view this issue? A. Spam filter B. Protocol analyzer C. Web application firewall D. Load balancer - -correct ans- -B Which of the following is characterized by an attacker attempting to map out an organization's staff hierarchy in order to send targeted emails? A. Whaling B. Impersonation C. Privilege escalation D. Spear phishing - -correct ans- -A Which of the following would a security administrator implement in order to discover comprehensive security threats on a network? A. Design reviews B. Baseline reporting C. Vulnerability scan D. Code review - -correct ans- -C Which of the following is an example of a false positive? A. Anti-virus identifies a benign application as malware. B. A biometric iris scanner rejects an authorized user wearing a new contact lens. C. A user account is locked out after the user mistypes the password too many times. D. The IDS does not identify a buffer overflow. - -correct ans- -A Data execution prevention is a feature in most operating systems intended to protect against which type of attack? A. Cross-site scripting B. Buffer overflow C. Header manipulation D. SQL injection - -correct ans- -B Use of group accounts should be minimized to ensure which of the following? A. Password security B. Regular auditing C. Baseline management D. Individual accountability - -correct ans- -D Privilege creep among long-term employees can be mitigated by which of the following procedures? A. User permission reviews B. Mandatory vacations C. Separation of duties D. Job function rotation - -correct ans- -A In which of the following scenarios is PKI LEAST hardened? A. The CRL is posted to a publicly accessible location. B. The recorded time offsets are developed with symmetric keys. C. A malicious CA certificate is loaded on all the clients. D. All public keys are accessed by an unauthorized user. - -correct ans- -C Configuring the mode, encryption methods, and security associations are part of which of the following? A. IPSec B. Full disk encryption C. 802.1x D. PKI - -correct ans- -A Which of the following assessments would Pete, the security administrator, use to actively test that an application's security controls are in place? A. Code review B. Penetration test C. Protocol analyzer D. Vulnerability scan - -correct ans- -B A security administrator has just finished creating a hot site for the company. This implementation relates to which of the following concepts? A. Confidentiality B. Availability C. WEP D. AES E. 3DES - -correct ans- -B,C Which of the following defines a business goal for system restoration and acceptable data loss? A. MTTR B. MTBF C. RPO D. Warm site - -correct ans- -C If Organization A trusts Organization B and Organization B trusts Organization C, then Organization A trusts Organization C. Which of the following PKI concepts is this describing? A. Transitive trust B. Public key trust C. Certificate authority trust D. Domain level trust - -correct ans- -A Which of the following concepts is BEST described as developing a new chain of command in the event of a contingency? A. Business continuity planning B. Continuity of operations C. Business impact analysis D. Succession planning - -correct ans- -D Which of the following allows a company to maintain access to encrypted resources when employee turnover is high? A. Recovery agent B. Certificate authority C. Trust model D. Key escrow - -correct ans- -A Which of the following devices will help prevent a laptop from being removed from a certain location? A. Device encryption B. Cable locks C. GPS tracking D. Remote data wipes - -correct ans- -B Which of the following is the MOST secure protocol to transfer files? A. FTP B. FTPS C. SSH D. TELNET - -correct ans- -B Suspicious traffic without a specific signature was detected. Under further investigation, it was determined that these were false indicators. Which of the following security devices needs to be configured to disable future false alarms? A. Signature based IPS B. Signature based IDS C. Application based IPS D. Anomaly based IDS - -correct ans- -D A company storing data on a secure server wants to ensure it is legally able to dismiss and prosecute staff who intentionally access the server via Telnet and illegally tamper with customer data. Which of the following administrative controls should be implemented to BEST achieve this? A. Command shell restrictions B. Restricted interface C. Warning banners D. Session output pipe to /dev/null - -correct ans- -C Which of the following protocols is used to authenticate the client and server's digital certificate? A. PEAP B. DNS C. TLS D. ICMP - -correct ans- -C Which of the following can be used to mitigate risk if a mobile device is lost? A. Cable lock B. Transport encryption C. Voice encryption D. Strong passwords - -correct ans- -D implement which of the following? A. Acceptable Use Policy B. Physical security controls C. Technical controls D. Security awareness training - -correct ans- -D Mike, a network administrator, has been asked to passively monitor network traffic to the company's sales websites. Which of the following would be BEST suited for this task? A. HIDS B. Firewall C. NIPS D. Spam filter - -correct ans- -C Mike, a security professional, is tasked with actively verifying the strength of the security controls on a company's live modem pool. Which of the following activities is MOST appropriate? A. War dialing B. War chalking C. War driving D. Bluesnarfing - -correct ans- -A Users at a company report that a popular news website keeps taking them to a web page with derogatory content. This is an example of which of the following? A. Evil twin B. DNS poisoning C. Vishing D. Session hijacking - -correct ans- -B An encrypted message is sent using PKI from Sara, a client, to a customer. Sara claims she never sent the message. Which of the following aspects of PKI BEST ensures the identity of the sender? A. CRL B. Non-repudiation C. Trust models D. Recovery agents - -correct ans- -B Jane, a security administrator, has observed repeated attempts to break into a server. Which of the following is designed to stop an intrusion on a specific server? A. HIPS B. NIDS C. HIDS D. NIPS - -correct ans- -A Matt, the IT Manager, wants to create a new network available to virtual servers on the same hypervisor, and does not want this network to be routable to the firewall. How could this BEST be accomplished? A. Create a VLAN without a default gateway. B. Remove the network from the routing table. C. Create a virtual switch. D. Commission a stand-alone switch - -correct ans- -C A security administrator implements access controls based on the security classification of the data and need-to-know information. Which of the following BEST describes this level of access control? A. Implicit deny B. Role-based Access Control C. Mandatory Access Controls D. Least privilege - -correct ans- -C A security administrator has configured FTP in passive mode. Which of the following ports should the security administrator allow on the firewall by default? A. 20 B. 21 C. 22 D. 23 - -correct ans- -B Which of the following could cause a browser to display the message below? "The security certificate presented by this website was issued for a different website's address." A. The website certificate was issued by a different CA than what the browser recognizes in its trusted CAs. B. The website is using a wildcard certificate issued for the company's domain. B. Server clustering C. Change management D. Forensic analysis - -correct ans- -C Which of the following can Pete, a security administrator, use to distribute the processing effort when generating hashes for a password cracking program? A. RAID B. Clustering C. Redundancy D. Virtualization - -correct ans- -B Which of the following should Jane, a security administrator, perform before a hard drive is analyzed with forensics tools? A. Identify user habits B. Disconnect system from network C. Capture system image D. Interview witnesses - -correct ans- -C Jane, an administrator, needs to make sure the wireless network is not accessible from the parking area of their office. Which of the following would BEST help Jane when deploying a new access point? A. Placement of antenna B. Disabling the SSID C. Implementing WPA2 D. Enabling the MAC filtering - -correct ans- -A Which of the following allows Pete, a security technician, to provide the MOST secure wireless implementation? A. Implement WPA B. Disable SSID C. Adjust antenna placement D. Implement WEP - -correct ans- -A Which of the following is a management control? A. Logon banners B. Written security policy C. SYN attack prevention D. Access Control List (ACL) - -correct ans- -B Which of the following security strategies allows a company to limit damage to internal systems and provides loss control? A. Restoration and recovery strategies B. Deterrent strategies C. Containment strategies D. Detection strategies - -correct ans- -C In order for Sara, a client, to logon to her desktop computer, she must provide her username, password, and a four digit PIN. Which of the following authentication methods is Sara using? A. Three factor B. Single factor C. Two factor D. Four factor - -correct ans- -B Using proximity card readers instead of the traditional key punch doors would help to mitigate: A. Impersonation B. Tailgating C. Dumpster diving D. Shoulder surfing - -correct ans- -D