Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. Which of the following utilities can be used in Linux to view a list of users’ failed authentication attempts?
A. badlog
B. faillog
C. wronglog
D. killlog
Answer: B
Explanation:
var/log/faillog - This Linux log fi le contains failed user logins. You’ll find this log useful when
tracking attempts to crack into your system.
/var/log/apport.log This log records application crashes. Sometimes these can reveal attempts to
compromise the system or the presence of a virus or spyware.
Q2. An IT security manager is asked to provide the total risk to the business. Which of the following calculations would he security manager choose to determine total risk?
A. (Threats X vulnerability X asset value) x controls gap
B. (Threats X vulnerability X profit) x asset value
C. Threats X vulnerability X control gap
D. Threats X vulnerability X asset value
Answer: D
Explanation:
Threats X vulnerability X asset value is equal to asset value (AV) times exposure factor (EF). This is used to calculate a risk.
Q3. Which of the following is a management control?
A. Logon banners
B. Written security policy
C. SYN attack prevention
D. Access Control List (ACL)
Answer: B
Explanation:
Management control types include risk assessment, planning, systems and Services Acquisition as well as Certification, Accreditation and Security Assessment; and written security policy falls in this category.
Q4. A software developer is responsible for writing the code on an accounting application. Another software developer is responsible for developing code on a system in human resources. Once a year they have to switch roles for several weeks.
Which of the following practices is being implemented?
A. Mandatory vacations
B. Job rotation
C. Least privilege
D. Separation of duties
Answer: B
Explanation:
A job rotation policy defines intervals at which employees must rotate through positions.
Q5. An IT auditor tests an application as an authenticated user. This is an example of which of the following types of testing?
A. Penetration
B. White box
C. Black box
D. Gray box
Answer: D
Explanation:
In this question, the tester is testing the application as an authenticated user. We can assume from this that the tester has at least limited knowledge of the application. This meets the criteria of a grey-box test. Gray box testing, also called gray box analysis, is a strategy for software debugging in which the tester has limited knowledge of the internal details of the program. A gray box is a device, program or system whose workings are partially understood. Gray box testing can be contrasted with black box testing, a scenario in which the tester has no knowledge or access to the internal workings of a program, or white box testing, a scenario in which the internal particulars are fully known. Gray box testing is commonly used in penetration tests. Gray box testing is considered to be non-intrusive and unbiased because it does not require that the tester have access to the source code. With respect to internal processes, gray box testing treats a program as a black box that must be analyzed from the outside. During a gray box test, the person may know how the system components interact but not have detailed knowledge about internal program functions and operation. A clear distinction exists between the developer and the tester, thereby minimizing the risk of personnel conflicts.
Q6. Due to issues with building keys being duplicated and distributed, a security administrator wishes to change to a different security control regarding a restricted area. The goal is to provide access based upon facial recognition. Which of the following will address this requirement?
A. Set up mantraps to avoid tailgating of approved users.
B. Place a guard at the entrance to approve access.
C. Install a fingerprint scanner at the entrance.
D. Implement proximity readers to scan users’ badges.
Answer: B
Explanation:
A guard can be instructed to deny access until authentication has occurred will address the situation adequately.
Q7. A network administrator recently updated various network devices to ensure redundancy throughout the network. If an interface on any of the Layer 3 devices were to go down, traffic will still pass through another interface and the production environment would be unaffected. This type of configuration represents which of the following concepts?
A. High availability
B. Load balancing
C. Backout contingency plan
D. Clustering
Answer: A
Explanation:
High availability (HA) refers to the measures used to keep services and systems operational during an outage. In short, the goal is to provide all services to all users, where they need them and when they need them. With high availability, the goal is to have key services available 99.999 percent of the time (also known as five nines availability).
Q8. While opening an email attachment, Pete, a customer, receives an error that the application has encountered an unexpected issue and must be shut down. This could be an example of which of the following attacks?
A. Cross-site scripting
B. Buffer overflow
C. Header manipulation
D. Directory traversal
Answer: B
Explanation:
When the user opens an attachment, the attachment is loaded into memory. The error is caused by a memory issue due to a buffer overflow attack.
A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information - which has to go somewhere - can overflow into adjacent buffers, corrupting or overwriting the valid data held in them. Although it may occur accidentally through programming error, buffer overflow is an increasingly common type of security attack on data integrity. In buffer overflow attacks, the extra data may contain codes designed to trigger specific actions, in effect sending new instructions to the attacked computer that could, for example, damage the user's files, change data, or disclose confidential information. Buffer overflow attacks are said to have arisen because the C programming language supplied the framework, and poor programming practices supplied the vulnerability.
Q9. Customers’ credit card information was stolen from a popular video streaming company. A security consultant determined that the information was stolen, while in transit, from the gaming consoles of a particular vendor. Which of the following methods should the company consider to secure this data in the future?
A. Application firewalls
B. Manual updates
C. Firmware version control
D. Encrypted TCP wrappers
Answer: D
Explanation:
Wrapping sensitive systems with a specific control is required when protecting data in transit. TCP wrappers are also security controls. TCP Wrapper is a host-based networking ACL system, used to filter network access to Internet Protocol servers on (Unix-like) operating systems such as Linux
or BSD. It allows host or subnetwork IP addresses, names and/or inetd query replies, to be used
as tokens on which to filter for access control purposes.
TCP Wrapper should not be considered a replacement for a properly configured firewall. Instead,
TCP Wrapper should be used in conjunction with a firewall and other security enhancements in
order to provide another layer of protection in the implementation of a security policy.
Q10. The systems administrator notices that many employees are using passwords that can be easily guessed or are susceptible to brute force attacks. Which of the following would BEST mitigate this risk?
A. Enforce password rules requiring complexity.
B. Shorten the maximum life of account passwords.
C. Increase the minimum password length.
D. Enforce account lockout policies.
Answer: A
Explanation:
Password complexity often requires the use of a minimum of three out of four standard character types for a password. The more characters in a password that includes some character complexity, the more resistant it is to brute force attacks.
Q11. An organization has introduced token-based authentication to system administrators due to risk of password compromise. The tokens have a set of numbers that automatically change every 30 seconds. Which of the following type of authentication mechanism is this?
A. TOTP
B. Smart card
C. CHAP
D. HOTP
Answer: A
Explanation:
Time-based one-time password (TOTP) tokens are devices or applications that generate passwords at fixed time intervals. In this case, it’s every 30 seconds.
Q12. A security administrator needs a locally stored record to remove the certificates of a terminated employee. Which of the following describes a service that could meet these requirements?
A. OCSP
B. PKI
C. CA
D. CRL
Answer: D
Explanation:
A CRL is a locally stored record containing revoked certificates and revoked keys.
Q13. Which of the following can be implemented in hardware or software to protect a web server from cross-site scripting attacks?
A. Intrusion Detection System
B. Flood Guard Protection
C. Web Application Firewall
D. URL Content Filter
Answer: C
Explanation:
Cross-site scripting (XSS) is a form of malicious code-injection attack on a web server in which an attacker injects code into the content sent to website visitors. XSS can be mitigated by implementing patch management on the web server, using firewalls, and auditing for suspicious activity.
Q14. Which of the following types of attacks involves interception of authentication traffic in an attempt to gain unauthorized access to a wireless network?
A. Near field communication
B. IV attack
C. Evil twin
D. Replay attack
Answer: B
Explanation:
An initialization vector is a random number used in combination with a secret key as a means to encrypt data. This number is sometimes referred to as a nonce, or “number occurring once,” as an encryption program uses it only once per session. An initialization vector is used to avoid repetition during the data encryption process, making it impossible for hackers who use dictionary attack to decrypt the exchanged encrypted message by discovering a pattern. This is known as an IV attack. A particular binary sequence may be repeated more than once in a message, and the more it appears, the more the encryption method is discoverable. For example if a one-letter word exists in a message, it may be either “a” or “I” but it can’t be “e” because the word “e” is non-sensical in English, while “a” has a meaning and “I” has a meaning. Repeating the words and letters makes it possible for software to apply a dictionary and discover the binary sequence corresponding to
each letter.
Using an initialization vector changes the binary sequence corresponding to each letter, enabling
the letter “a” to be represented by a particular sequence in the first instance, and then represented
by a completely different binary sequence in the second instance.
WEP (Wireless Equivalent Privacy) is vulnerable to an IV attack. Because RC4 is a stream cipher,
the same traffic key must never be used twice. The purpose of an IV, which is transmitted as plain
text, is to prevent any repetition, but a 24-bit IV is not long enough to ensure this on a busy
network. The way the IV was used also opened WEP to a related key attack. For a 24-bit IV, there
is a 50% probability the same IV will repeat after 5000 packets.
Q15. Matt, the Chief Information Security Officer (CISO), tells the network administrator that a security company has been hired to perform a penetration test against his network. The security company asks Matt which type of testing would be most beneficial for him. Which of the following BEST describes what the security company might do during a black box test?
A. The security company is provided with all network ranges, security devices in place, and logical maps of the network.
B. The security company is provided with no information about the corporate network or physical locations.
C. The security company is provided with limited information on the network, including all network diagrams.
D. The security company is provided with limited information on the network, including some subnet ranges and logical network diagrams.
Answer: B
Explanation:
The term black box testing is generally associated with application testing. However, in this question the term is used for network testing. Black box testing means testing something when you have no knowledge of the inner workings.
Black-box testing is a method of software testing that examines the functionality of an application without peering into its internal structures or workings. This method of test can be applied to virtually every level of software testing: unit, integration, system and acceptance. It typically comprises most if not all higher level testing, but can also dominate unit testing as well. Specific knowledge of the application's code/internal structure and programming knowledge in general is not required. The tester is aware of what the software is supposed to do but is not aware of how it does it. For instance, the tester is aware that a particular input returns a certain, invariable output but is not aware of how the software produces the output in the first place.