Term
| Which of the following BEST describes a protective countermeasure for SQL injection? |
|
Definition
| Validating user input in web applications |
|
|
Term
Use of a smart card to authenticate remote servers remains MOST susceptible to which of the
following attacks? |
|
Definition
| Malicious code on the local system |
|
|
Term
|
Definition
|
|
Term
| Which of the following algorithms has well documented collisions? (Select TWO). |
|
Definition
|
|
Term
| Which of the following transportation encryption protocols should be used to ensure maximum security between a web browser and a web server? |
|
Definition
|
|
Term
| Which of the following would a security administrator implement in order to discover comprehensive security threats on a network? |
|
Definition
|
|
Term
| Data execution prevention is a feature in most operating systems intended to protect against which type of attack? |
|
Definition
|
|
Term
| Privilege creep among long-term employees can be mitigated by which of the following procedures? |
|
Definition
|
|
Term
| Which of the following assessments would Pete, the security administrator, use to actively test that an application’s security controls are in place? |
|
Definition
|
|
Term
A system administrator is using a packet sniffer to troubleshoot remote authentication. The
administrator detects a device trying to communicate to TCP port 49. Which of the following authentication methods is MOST likely being attempted? |
|
Definition
|
|
Term
| Which of the following can use RC4 for encryption? (Select TWO). |
|
Definition
|
|
Term
| Which of the following protocols is used to authenticate the client and server’s digital certificate? |
|
Definition
|
|
Term
| Users at a company report that a popular news website keeps taking them to a web page with derogatory content. This is an example of which of the following? |
|
Definition
|
|
Term
| Jane, a security administrator, has observed repeated attempts to break into a server. Which of the following is designed to stop an intrusion on a specific server? |
|
Definition
|
|
Term
A security administrator implements access controls based on the security classification of the
data and need-to-know information. Which of the following BEST describes this level of access control? |
|
Definition
| Mandatory Access Controls |
|
|
Term
A security administrator has configured FTP in passive mode. Which of the following ports should
the security administrator allow on the firewall by default? |
|
Definition
|
|
Term
| Which of the following pseudocodes can be used to handle program exceptions? |
|
Definition
| If program module crashes, then restart program module. |
|
|
Term
Which of the following can Pete, a security administrator, use to distribute the processing effort
when generating hashes for a password cracking program? |
|
Definition
|
|
Term
| Which of the following protocols allows for secure transfer of files? (Select TWO). |
|
Definition
|
|
Term
| During a penetration test from the Internet, Jane, the system administrator, was able to establish a |
|
Definition
|
|
Term
Jane, a security administrator, has been tasked with explaining authentication services to the
company’s management team. The company runs an active directory infrastructure. Which of the
following solutions BEST relates to the host authentication protocol within the company’s environment? |
|
Definition
|
|
Term
Sara, the security administrator, must configure the corporate firewall to allow all public IP
addresses on the internal interface of the firewall to be translated to one public IP address on the
external interface of the same firewall. Which of the following should Sara configure? |
|
Definition
|
|
Term
| Which of the following firewall rules only denies DNS zone transfers? |
|
Definition
|
|
Term
Pete, the security engineer, would like to prevent wireless attacks on his network. Pete has
implemented a security control to limit the connecting MAC addresses to a single port. Which of the following wireless attacks would this address? |
|
Definition
|
|
Term
A security administrator has been tasked to ensure access to all network equipment is controlled
by a central server such as TACACS+. This type of implementation supports which of the following risk mitigation strategies? |
|
Definition
| User rights and permissions review |
|
|
Term
Which of the following types of authentication solutions use tickets to provide access to various
resources from a central location? |
|
Definition
|
|
Term
After a recent breach, the security administrator performs a wireless survey of the corporate
network. The security administrator notices a problem with the following output:
MACSSIDENCRYPTIONPOWERBEACONS
00:10:A1:36:12:CCMYCORPWPA2 CCMP601202
00:10:A1:49:FC:37MYCORPWPA2 CCMP709102
FB:90:11:42:FA:99MYCORPWPA2 CCMP403031
00:10:A1:AA:BB:CCMYCORPWPA2 CCMP552021
00:10:A1:FA:B1:07MYCORPWPA2 CCMP306044
Given that the corporate wireless network has been standardized, which of the following attacks is
underway? |
|
Definition
|
|
Term
The Chief Information Officer (CIO) has mandated web based Customer Relationship
Management (CRM) business functions be moved offshore to reduce cost, reduce IT overheads,
and improve availability. The Chief Risk Officer (CRO) has agreed with the CIO’s direction but has
mandated that key authentication systems be run within the organization’s network. Which of the
following would BEST meet the CIO and CRO’s requirements? |
|
Definition
|
|
Term
| Which of the following wireless security measures can an attacker defeat by spoofing certain properties of their network interface card? |
|
Definition
|
|
Term
| Which of the following offers the LEAST secure encryption capabilities? |
|
Definition
|
|
Term
| Disabling unnecessary services, restricting administrative access, and enabling auditing controls on a server are forms of which of the following? |
|
Definition
|
|
Term
A software development company wants to implement a digital rights management solution to protect its intellectual property. Which of the following should the company implement to enforce
software digital rights? |
|
Definition
| Public key infrastructure |
|
|
Term
A security administrator plans on replacing a critical business application in five years. Recently,
there was a security flaw discovered in the application that will cause the IT department to
manually re-enable user accounts each month at a cost of $2,000. Patching the application today would cost $140,000 and take two months to implement. Which of the following should the security
administrator do in regards to the application? |
|
Definition
| Accept the risk and continue to enable the accounts each month saving money |
|
|
Term
| An information bank has been established to store contacts, phone numbers and other records. A UNIX application needs to connect to the index server using port 389. Which of the following authentication services should be used on this port by default? |
|
Definition
|
|
Term
A company hires outside security experts to evaluate the security status of the corporate network.
All of the company’s IT resources are outdated and prone to crashing. The company requests that all testing be performed in a way which minimizes the risk of system failures. Which of the following types of testing does the company want performed? |
|
Definition
|
|
Term
| During a routine audit a web server is flagged for allowing the use of weak ciphers. Which of the following should be disabled to mitigate this risk? (Select TWO). |
|
Definition
|
|
Term
| All of the following are valid cryptographic hash functions EXCEPT |
|
Definition
|
|
Term
Which of the following application security testing techniques is implemented when an automated
system generates random input data? |
|
Definition
|
|
Term
| Which of the following is BEST used as a secure replacement for TELNET |
|
Definition
|
|
Term
| Which of the following technologies uses multiple devices to share work |
|
Definition
|
|
Term
Sara, a security architect, has developed a framework in which several authentication servers
work together to increase processing power for an application. Which of the following does this represent? |
|
Definition
|
|
Term
| Which of the following firewall rules only denies DNS zone transfers? |
|
Definition
|
|
Term
| Which of the following can be implemented with multiple bit strength? |
|
Definition
|
|
Term
| A network administrator needs to provide daily network usage reports on all layer 3 devices without compromising any data while gathering the information. Which of the following would be configured to provide these reports? |
|
Definition
|
|
Term
| Which of the following wireless security measures can an attacker defeat by spoofing certain properties of their network interface card? |
|
Definition
|
|
