SECURITY+ – Final Exam 1

1. Your manager, Wayne, is concerned about malicious users who might compromise servers and remain undetected for a period of time. What type of threat is Wayne concerned about?
2. Which type of malicious users or groups attempt to promote a political or ideological view?
3. Your organization has deployed mission-critical applications to a public cloud service provider (CSP) platform. The CSP recently disclosed a security flaw in the underlying network switches that was exploited by malicious users. The network switches were missing a firmware update that addressed security vulnerabilities. From your organization’s perspective, what is the source of this security issue?
4. Which type of hacker has malicious intent and attempts to discover and exploit vulnerabilities?
5. You are inspecting a user’s system after she has complained about slow Internet speeds. After analyzing the system, you notice that the default gateway in the ARP cache is referencing an unknown MAC address. What type of attack has occurred?
6. Which of the following descriptions best describes a buffer overflow attack?
7. You are analyzing web traffic in transit to your web server and you notice someone logging on with a username of Bob with a password of “pass’ or 1=1--”. Which of the following describes what is happening?
8.  What type of attack involves the attacker sending too much data to a service or application that typically results in the attacker gaining administrative access to the system?
9. As a network administrator, what should you do to help prevent buffer overflow attacks from occurring on your systems?
10.  You receive many calls from customers stating that your web site seems to be slow in responding. You analyze the traffic and notice that you are receiving a number of malformed requests on that web server at a high rate. What type of attack is occurring?
11. Which cryptographic operations use an asymmetric private key? (Choose two.)
12. Your company provides remote word processing and spreadsheet file access using FTP. After a security audit, the findings suggest employing TLS to harden FTP access. Which protocol should you configure to address this concern?
13. Which cryptographic technique is often referred to as “hiding in plain sight”?
14. Which of the following RAID configurations can be configured with only two drives? (Select all that apply.)
15. Which of the following are the most important constraints that need to be considered when implementing cryptography, particularly for embedded devices? (Select three.)
16.  Which of the following are associated with critical infrastructure systems where segmentation from public networks should be strongly considered? (Select two.)
17. The aerospace company you work for is developing a highly secret new component. The computers to develop the component need to be isolated to prevent connections to the outside world. Which of the following should you put in place to provide the most secure setup?
18. Which of the following is a type of barricade used to prevent unauthorized vehicles from entering an area?
19. You are exchanging secure emails with another user. You use a key to encrypt your outbound email, but then you are unable to decrypt the email you receive in return by using the same key you used to encrypt the outbound email. Which best explains what’s happening?
20. Which statement is false?
21. Which one of the following ports would block outgoing email?
22. Why do vendors provide MD5 values for their software patches?
23.  Which of the following is a white-box testing process for detecting bugs in the early stages of program development?
24. You are consulting for an organization that has only ever required outbound Internet access. The organization now needs to deploy a web server for its customers (and it will maintain the web server) but is concerned about inbound access to the organization network. Which one of the following should you recommend?
25. You are implementing server load balancing. In which configuration is the passive server promoted to active if the active server fails?
26. Your users are all connected to a wireless access point using WPA2-PSK. Your manager wants you to confirm what cryptographic standard is being used. Which of the following is most likely?
27. As you are deploying wireless authentication protocols, a request comes up to eliminate the need for client certificates. Which of the following requires a client certificate?
28.  Which of the following enables the use of location services for applications on mobile devices?
29. As more users are using mobile devices for work, you have been tasked with supporting the compliance team by ensuring that policies can be enforced. You also need remote management capabilities of the devices. Which of the following solutions should you consider?
30. A user does not have an identity-based policy and requires access to a storage resource but is denied access. Which of the following do you need to do in order to allow him access?
31. Your organization was recently the victim of a large-scale phishing attack. Your manager has tasked you with automating response to quickly notify users and, if feasible, automatically block outbound requests to the attacker’s web page. Which of the following will accomplish this goal?
32. A security analyst identifies malware that is traced back to the IP address 93.184.216.34. Which one of the following tools might the security analyst use to determine if an active connection to that IP address still resides on the infected system?
33. Which of the following stakeholders are typically notified first when a confirmed incident has occurred? (Select two.)
34. Your administrators remotely access web servers in the DMZ only from the internal network over SSH. However, these servers have come under attack via SSH from the IP address 93.184.216.34. Which of the following should you do to stop this attack?
35. While capturing network traffic, you notice an abnormally excessive number of outbound SMTP packets. To determine whether this is an incident that requires escalation or reporting, what else should you consult?
36. Which of the following best visually illustrates the state of a running computer at the time it was seized by law enforcement?
37. Which of the following are benefits of application allow lists? (Select two.)
38. What type of evidence would be the most difficult for a perpetrator to forge?
39. You are preparing to gather evidence from a cell phone. Which of the following is false?
40. Robin works as a network technician at a stock brokerage firm. To test network forensic capturing software, she plugs her laptop into an Ethernet switch and begins capturing network traffic. During later analysis, she notices some broadcast and multicast packets as well as her own computer’s network traffic. Why was she unable to capture all network traffic on the switch?
41. An organization is increasingly subject to compliance regulations and is making strong efforts to comply with them but is still concerned about issues that might occur. Management decides to buy insurance to help cover the costs of a potential breach. Which of the following risk response techniques is the organization using?
42. Which of the following are the most compelling reasons that secure configuration baselines have been established? (Select three.)
43. Which of the following legally binding controls should you consider in order to protect sensitive information from being improperly disclosed by a third-party vendor you are hiring for consulting work in the organization?
44. You have been tasked with creating a corporate security policy regarding smart phone usage for business purposes. What should you do first?
45. Your organization currently runs an operating system for which software developed after the end of last month may no longer work or even be installable. Which of the following best describes this milestone for the operating system?
46. Which action will have the largest impact on mitigating against SQL injection attacks?
47. A recent audit revealed that most of the organization is not properly handling sensitive data correctly. To address this shortcoming, your organization is implementing computer security awareness training. What type of control is this?
48. Which of the following statements are true? (Choose two.)
49. Which data classification type contains data that would have a severe impact to the organization were it exposed, that should not be broadly shared internally or externally, and that should be tightly controlled?
50. Which of the following is the monetary loss that can be expected for an asset from risk over a year?