Term
The BEST methods for a web developer to prevent the website application code from being vulnerable to cross-site request forgery (XSRF) are to: |
|
Definition
1.
validate and filter input on the server side and client side
2.
restrict and sanitize use of special characters in input and URLs
|
|
|
Term
Jane, a security administrator, needs to implement a secure wireless authentication method that uses a remote RADIUS server for authentication.Which of the following is an authentication method Jane should use? |
|
Definition
|
|
Term
A security analyst, Ann, is reviewing an IRC channel and notices that a malicious exploit has been created for a frequently used application. She notifies the software vendor and asks them for remediation steps, but is alarmed to find that no patches are available to mitigate this vulnerability.Which of the following BEST describes this exploit? |
|
Definition
|
|
Term
A network engineer is designing a secure tunneled VPN. Which of the following protocols would be the MOST secure? |
|
Definition
|
|
Term
| Which of the following implementation steps would be appropriate for a public wireless hot-spot? |
|
Definition
| Open system authentication |
|
|
Term
| Which of the following is a step in deploying a WPA2-Enterprise wireless network? |
|
Definition
| Install a digital certificate on the authentication server |
|
|
Term
Which of the following controls would allow a company to reduce the exposure of sensitive systems from unmanaged devices on internal networks? |
|
Definition
|
|
Term
Which of the following preventative controls would be appropriate for responding to a directive to
reduce the attack surface of a specific host?
|
|
Definition
| Disabling unnecessary services |
|
|
Term
A security manager must remain aware of the security posture of each system. Which of the following supports this requirement? |
|
Definition
| Establishing baseline reporting |
|
|
Term
| Deploying a wildcard certificate is one strategy to: |
|
Definition
| Reduce the certificate management burden. |
|
|
Term
The security administrator needs to manage traffic on a layer 3 device to support FTP from a new
remote site. Which of the following would need to be implemented?
|
|
Definition
|
|
Term
| Which of the following ports is used for SSH, by default? |
|
Definition
|
|
Term
A network administrator has been tasked with securing the WLAN. Which of the following cryptographic products would be used to provide the MOST secure environment for the WLAN? |
|
Definition
|
|
Term
A server with the IP address of 10.10.2.4 has been having intermittent connection issues. The logs
show repeated connection attempts from the following IPs:
10.10.3.16
10.10.3.23
212.178.24.26
217.24.94.83
These attempts are overloading the server to the point that it cannot respond to traffic. Which of the following attacks is occurring? |
|
Definition
|
|
Term
| Which of the following ciphers would be BEST used to encrypt streaming video? |
|
Definition
|
|
Term
A user attempting to log on to a workstation for the first time is prompted for the following information before being granted access: username, password, and a four-digit security pin that was mailed to him during account registration. This is an example of which of the following? |
|
Definition
| Single factor authentication |
|
|
Term
After analyzing and correlating activity from multiple sensors, the security administrator has determined that a group of very well organized individuals from an enemy country is responsible for various attempts to breach the company network, through the use of very sophisticated and targeted attacks. Which of the following is this an example of? |
|
Definition
| Advanced persistent threat |
|
|
