Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. A technician is investigating intermittent switch degradation. The issue only seems to occur when the building’s roof air conditioning system runs. Which of the following would reduce the connectivity issues?
A. Adding a heat deflector
B. Redundant HVAC systems
C. Shielding
D. Add a wireless network
Answer: C
Explanation:
EMI can cause circuit overload, spikes, or even electrical component failure. In the question it is mentioned that switch degradation occurs when the building’s roof air-conditioning system is also running. All electromechanical systems emanate EMI. Thus you could alleviate the problem using EMI shielding.
Q2. Pete, a security auditor, has detected clear text passwords between the RADIUS server and the authenticator. Which of the following is configured in the RADIUS server and what technologies should the authentication protocol be changed to?
A. PAP, MSCHAPv2
B. CHAP, PAP
C. MSCHAPv2, NTLMv2
D. NTLM, NTLMv2
Answer: A
Explanation:
PAP transmits the username and password to the authentication server in plain text. MSCHAPv2 is utilized as an authentication option for RADIUS servers that are used for Wi-Fi security using the WPA-Enterprise protocol.
Q3. While opening an email attachment, Pete, a customer, receives an error that the application has encountered an unexpected issue and must be shut down. This could be an example of which of the following attacks?
A. Cross-site scripting
B. Buffer overflow
C. Header manipulation
D. Directory traversal
Answer: B
Explanation:
When the user opens an attachment, the attachment is loaded into memory. The error is caused by a memory issue due to a buffer overflow attack.
A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information - which has to go somewhere - can overflow into adjacent buffers, corrupting or overwriting the valid data held in them. Although it may occur accidentally through programming error, buffer overflow is an increasingly common type of security attack on data integrity. In buffer overflow attacks, the extra data may contain codes designed to trigger specific actions, in effect sending new instructions to the attacked computer that could, for example, damage the user's files, change data, or disclose confidential information. Buffer overflow attacks are said to have arisen because the C programming language supplied the framework, and poor programming practices supplied the vulnerability.
Q4. Which of the following represents a cryptographic solution where the encrypted stream cannot be captured by a sniffer without the integrity of the stream being compromised?
A. Elliptic curve cryptography.
B. Perfect forward secrecy.
C. Steganography.
D. Quantum cryptography.
Answer: D
Explanation:
Q5. An organization recently switched from a cloud-based email solution to an in-house email server. The firewall needs to be modified to allow for sending and receiving email. Which of the following ports should be open on the firewall to allow for email traffic? (Select THREE).
A. TCP 22
B. TCP 23
C. TCP 25
D. TCP 53
E. TCP 110
F. TCP 143
G. TCP 445
Answer: C,E,F
Explanation:
Q6. Pete, a network administrator, is implementing IPv6 in the DMZ. Which of the following protocols must he allow through the firewall to ensure the web servers can be reached via IPv6 from an IPv6 enabled Internet host?
A. TCP port 443 and IP protocol 46
B. TCP port 80 and TCP port 443
C. TCP port 80 and ICMP
D. TCP port 443 and SNMP
Answer: B
Explanation:
HTTP and HTTPS, which uses TCP port 80 and TCP port 443 respectively, is necessary for Communicating with Web servers. It should therefore be allowed through the firewall.
Q7. Which of the following should a company implement to BEST mitigate from zero-day malicious code executing on employees' computers?
A. Least privilege accounts
B. Host-based firewalls
C. Intrusion Detection Systems
D. Application white listing
Answer: D
Explanation:
Q8. Which of the following protocols is the security administrator observing in this packet capture?
12:33:43, SRC 192.168.4.3:3389, DST 10.67.33.20:8080, SYN/ACK
A. HTTPS
B. RDP
C. HTTP
D. SFTP
Answer: B
Explanation:
Remote Desktop Protocol (RDP) is a proprietary protocol developed by Microsoft, which provides
a user with a graphical interface to connect to another computer over a network connection.
Example of RDP tracing output:
No. Time Delta Source Destination Protocol Length Info
5782, 2013-01-06 09:52:15.407, 0.000 , SRC 10.7.3.187 , DST 10.0.107.58, TCP, 62, 3389 >
59193 [SYN, ACK]
Q9. The fundamental information security principals include confidentiality, availability and which of the following?
A. The ability to secure data against unauthorized disclosure to external sources
B. The capacity of a system to resist unauthorized changes to stored information
C. The confidence with which a system can attest to the identity of a user
D. The characteristic of a system to provide uninterrupted service to authorized users
Answer: B
Explanation: Confidentiality, integrity, and availability, which make up the CIA triad, are the three most important concepts in security. In this instance, the answer describes the Integrity part of the CIA triad.
Q10. A security administrator wants to ensure that the message the administrator sends out to their Chief Financial Officer (CFO) does not get changed in route. Which of the following is the administrator MOST concerned with?
A. Data confidentiality
B. High availability
C. Data integrity
D. Business continuity
Answer: C
Explanation:
Integrity is the process of ensuring that the information has not been altered during transmission. This can be accomplished by means of hashing.
Q11. The company’s sales team plans to work late to provide the Chief Executive Officer (CEO) with a special report of sales before the quarter ends. After working for several hours, the team finds they cannot save or print the reports.
Which of the following controls is preventing them from completing their work?
A. Discretionary access control
B. Role-based access control
C. Time of Day access control
D. Mandatory access control
Answer: C
Explanation:
Time of day restrictions limit when users can access specific systems based on the time of day or week. It can limit access to sensitive environments to normal business hours when oversight and monitoring can be performed to prevent fraud, abuse, or intrusion. In this case, the sales team is prevented from saving or printing reports after a certain time.
Q12. Which of the following should be deployed to prevent the transmission of malicious traffic between virtual machines hosted on a singular physical device on a network?
A. HIPS on each virtual machine
B. NIPS on the network
C. NIDS on the network
D. HIDS on each virtual machine
Answer: A
Explanation:
Host-based intrusion prevention system (HIPS) is an installed software package which monitors a single host for suspicious activity by analyzing events occurring within that host.
Q13. Which of the following risk mitigation strategies will allow Ann, a security analyst, to enforce least privilege principles?
A. User rights reviews
B. Incident management
C. Risk based controls
D. Annual loss expectancy
Answer: A
Explanation:
A least privilege policy should be used when assigning permissions. Give users only the permissions and rights that they need to do their work and no more.
Q14. A security administrator wants to get a real time look at what attackers are doing in the wild, hoping to lower the risk of zero-day attacks. Which of the following should be used to accomplish this goal?
A. Penetration testing
B. Honeynets
C. Vulnerability scanning
D. Baseline reporting
Answer: B
Explanation:
A honeynet is a network set up with intentional vulnerabilities; its purpose is to invite attack, so that an attacker's activities and methods can be studied and that information used to increase network security. A honeynet contains one or more honey pots, which are computer systems on the Internet expressly set up to attract and "trap" people who attempt to penetrate other people's computer systems. Although the primary purpose of a honeynet is to gather information about attackers' methods and motives, the decoy network can benefit its operator in other ways, for example by diverting attackers from a real network and its resources. The Honeynet Project, a non-profit research organization dedicated to computer security and information sharing, actively promotes the deployment of honeynets.
In addition to the honey pots, a honeynet usually has real applications and services so that it seems like a normal network and a worthwhile target. However, because the honeynet doesn't actually serve any authorized users, any attempt to contact the network from without is likely an illicit attempt to breach its security, and any outbound activity is likely evidence that a system has been compromised. For this reason, the suspect information is much more apparent than it would be in an actual network, where it would have to be found amidst all the legitimate network data. Applications within a honeynet are often given names such as "Finances" or "Human Services" to make them sound appealing to the attacker.
A virtual honeynet is one that, while appearing to be an entire network, resides on a single server.
Q15. A security administrator wishes to change their wireless network so that IPSec is built into the protocol and NAT is no longer required for address range extension. Which of the following protocols should be used in this scenario?
A. WPA2
B. WPA
C. IPv6
D. IPv4
Answer: C
Explanation:
IPSec security is built into IPv6.