Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. Which of the following concepts is BEST described as developing a new chain of command in the event of a contingency?
A. Business continuity planning
B. Continuity of operations
C. Business impact analysis
D. Succession planning
Answer: D
Explanation:
Succession planning outlines those internal to the organization who have the ability to step into positions when they open. By identifying key roles that cannot be left unfilled and associating internal employees who can step into these roles, you can groom those employees to make sure that they are up to speed when it comes time for them to fill those positions.
Q2. Which of the following can Joe, a security administrator, implement on his network to capture attack details that are occurring while also protecting his production network?
A. Security logs
B. Protocol analyzer
C. Audit logs
D. Honeypot
Answer: D
Explanation:
A honeypot is a system whose purpose it is to be attacked. An administrator can watch and study
the attack to research current attack methodologies.
According to the Wepopedia.com, a Honeypot luring a hacker into a system has several main
purposes:
The administrator can watch the hacker exploit the vulnerabilities of the system, thereby learning
where the system has weaknesses that need to be redesigned.
The hacker can be caught and stopped while trying to obtain root access to the system.
By studying the activities of hackers, designers can better create more secure systems that are
potentially invulnerable to future hackers.
There are two main types of honeypots:
Production - A production honeypot is one used within an organization's environment to help
mitigate risk.
Research – A research honeypot add value to research in computer security by providing a platform to study the threat.
Q3. A security administrator discovers an image file that has several plain text documents hidden in the file. Which of the following security goals is met by camouflaging data inside of other files?
A. Integrity
B. Confidentiality
C. Steganography
D. Availability
Answer: C
Explanation:
Steganography is the process of concealing a file, message, image, or video within another file, message, image, or video. Note: The advantage of steganography over cryptography alone is that the intended secret message does not attract attention to itself as an object of scrutiny. Plainly visible encrypted messages, no matter how unbreakable will arouse interest, and may in themselves be incriminating in countries where encryption is illegal. Thus, whereas cryptography is the practice of protecting the contents of a message alone, steganography is concerned with concealing the fact that a secret message is being sent, as well as concealing the contents of the message.
Q4. The company’s sales team plans to work late to provide the Chief Executive Officer (CEO) with a special report of sales before the quarter ends. After working for several hours, the team finds they cannot save or print the reports.
Which of the following controls is preventing them from completing their work?
A. Discretionary access control
B. Role-based access control
C. Time of Day access control
D. Mandatory access control
Answer: C
Explanation:
Time of day restrictions limit when users can access specific systems based on the time of day or week. It can limit access to sensitive environments to normal business hours when oversight and monitoring can be performed to prevent fraud, abuse, or intrusion. In this case, the sales team is prevented from saving or printing reports after a certain time.
Q5. Jane, a VPN administrator, was asked to implement an encryption cipher with a MINIMUM effective security of 128-bits. Which of the following should Jane select for the tunnel encryption?
A. Blowfish
B. DES
C. SHA256
D. HMAC
Answer: A
Explanation:
Blowfish is an encryption system that performs a 64-bit block cipher at very fast speeds. It is a symmetric block cipher that can use variable-length keys (from 32 bits to 448 bits). Among the alternatives listed above, it is the only cipher that can use a 128-bit key and which does provide additional security through a symmetric key.
Q6. An auditor’s report discovered several accounts with no activity for over 60 days. The accounts were later identified as contractors’ accounts who would be returning in three months and would need to resume the activities. Which of the following would mitigate and secure the auditors finding?
A. Disable unnecessary contractor accounts and inform the auditor of the update.
B. Reset contractor accounts and inform the auditor of the update.
C. Inform the auditor that the accounts belong to the contractors.
D. Delete contractor accounts and inform the auditor of the update.
Answer: A
Explanation:
A disabled account cannot be used. It is ‘disabled’. Whenever an employee leaves a company, the employee’s user account should be disabled. The question states that the accounts are contractors’ accounts who would be returning in three months. Therefore, it would be easier to keep the accounts rather than deleting them which would require that the accounts are recreated in three months time. By disabling the accounts, we can ensure that the accounts cannot be used; in three months when the contractors are back, we can simply re-enable the accounts.
Q7. An administrator would like to review the effectiveness of existing security in the enterprise. Which of the following would be the BEST place to start?
A. Review past security incidents and their resolution
B. Rewrite the existing security policy
C. Implement an intrusion prevention system
D. Install honey pot systems
Answer: C
Explanation:
The main functions of intrusion prevention systems are to identify malicious activity, log information about this activity, attempt to block/stop it, and report it
Q8. Which of the following protocols is the security administrator observing in this packet capture?
12:33:43, SRC 192.168.4.3:3389, DST 10.67.33.20:8080, SYN/ACK
A. HTTPS
B. RDP
C. HTTP
D. SFTP
Answer: B
Explanation:
Remote Desktop Protocol (RDP) is a proprietary protocol developed by Microsoft, which provides
a user with a graphical interface to connect to another computer over a network connection.
Example of RDP tracing output:
No. Time Delta Source Destination Protocol Length Info
5782, 2013-01-06 09:52:15.407, 0.000 , SRC 10.7.3.187 , DST 10.0.107.58, TCP, 62, 3389 >
59193 [SYN, ACK]
Q9. A technician wants to implement a dual factor authentication system that will enable the organization to authorize access to sensitive systems on a need-to-know basis. Which of the following should be implemented during the authorization stage?
A. Biometrics
B. Mandatory access control
C. Single sign-on
D. Role-based access control
Answer: A
Explanation:
This question is asking about “authorization”, not authentication.
Mandatory access control (MAC) is a form of access control commonly employed by government and military environments. MAC specifies that access is granted based on a set of rules rather than at the discretion of a user. The rules that govern MAC are hierarchical in nature and are often called sensitivity labels, security domains, or classifications.
MAC can also be deployed in private sector or corporate business environments. Such cases typically involve the following four security domain levels (in order from least sensitive to most sensitive):
Public Sensitive Private Confidential
A MAC environment works by assigning subjects a clearance level and assigning objects a sensitivity label—in other words, everything is assigned a classification marker. Subjects or users are assigned clearance levels. The name of the clearance level is the same as the name of the sensitivity label assigned to objects or resources. A person (or other subject, such as a program or a computer system) must have the same or greater assigned clearance level as the resources they wish to access. In this manner, access is granted or restricted based on the rules of classification (that is, sensitivity labels and clearance levels). MAC is named as it is because the access control it imposes on an environment is mandatory. Its assigned classifications and the resulting granting and restriction of access can’t be altered by users. Instead, the rules that define the environment and judge the assignment of sensitivity labels and clearance levels control authorization. MAC isn’t a very granularly controlled security environment. An improvement to MAC includes the use of need to know: a security restriction where some objects (resources or data) are restricted unless the subject has a need to know them. The objects that require a specific need to know are assigned a sensitivity label, but they’re compartmentalized from the rest of the objects with the same sensitivity label (in the same security domain). The need to know is a rule in and of itself, which states that access is granted only to users who have been assigned work tasks that require access to the cordoned-off object. Even if users have the proper level of clearance, without need to know, they’re denied access. Need to know is the MAC equivalent of the principle of least privilege from DAC
Q10. HOTSPOT
For each of the given items, select the appropriate authentication category from the dropdown choices.
Instructions: When you have completed the simu-lation, please select the Done button to submit.
Answer:
Q11. A small company wants to employ PKI. The company wants a cost effective solution that must be simple and trusted. They are considering two options: X.509 and PGP. Which of the following would be the BEST option?
A. PGP, because it employs a web-of-trust that is the most trusted form of PKI.
B. PGP, because it is simple to incorporate into a small environment.
C. X.509, because it uses a hierarchical design that is the most trusted form of PKI.
D. X.509, because it is simple to incorporate into a small environment.
Answer: B
Explanation:
Q12. Which of the following malware types is MOST likely to execute its payload after Jane, an employee, has left the company?
A. Rootkit
B. Logic bomb
C. Worm
D. Botnet
Answer: B
Explanation:
This is an example of a logic bomb. The logic bomb is configured to ‘go off’ or when Jane has left the company. A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met. For example, a programmer may hide a piece of code that starts deleting files should they ever be terminated from the company. Software that is inherently malicious, such as viruses and worms, often contain logic bombs that execute a certain payload at a pre-defined time or when some other condition is met. This technique can be used by a virus or worm to gain momentum and spread before being noticed. Some viruses attack their host systems on specific dates, such as Friday the 13th or April Fool's Day. Trojans that activate on certain dates are often called "time bombs". To be considered a logic bomb, the payload should be unwanted and unknown to the user of the software. As an example, trial programs with code that disables certain functionality after a set time are not normally regarded as logic bombs.
Q13. A security administrator must implement a system that will support and enforce the following file system access control model: FILE NAME SECURITY LABEL Employees.doc Confidential Salary.xls Confidential
OfficePhones.xls Unclassified
PersonalPhones.xls Restricted
Which of the following should the security administrator implement?
A. White and black listing
B. SCADA system
C. Trusted OS
D. Version control
Answer: C
Explanation:
Q14. A security administrator has configured FTP in passive mode. Which of the following ports should the security administrator allow on the firewall by default?
A. 20
B. 21
C. 22
D. 23
Answer: B
Explanation:
When establishing an FTP session, clients start a connection to an FTP server that listens on TCP port 21 by default.
Q15. Which of the following attacks targets high level executives to gain company information?
A. Phishing
B. Whaling
C. Vishing
D. Spoofing
Answer: B
Explanation:
Whaling is a specific kind of malicious hacking within the more general category of phishing, which involves hunting for data that can be used by the hacker. In general, phishing efforts are focused on collecting personal data about users. In whaling, the targets are high-ranking bankers, executives or others in powerful positions or job titles. Hackers who engage in whaling often describe these efforts as "reeling in a big fish," applying a familiar metaphor to the process of scouring technologies for loopholes and opportunities for data theft. Those who are engaged in whaling may, for example, hack into specific networks where these powerful individuals work or store sensitive data. They may also set up keylogging or other malware on a work station associated with one of these executives. There are many ways that hackers can pursue whaling, leading C-level or top-level executives in business and government to stay vigilant about the possibility of cyber threats.