Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. A security administrator must implement a network authentication solution which will ensure encryption of user credentials when users enter their username and password to authenticate to the network.
Which of the following should the administrator implement?
A. WPA2 over EAP-TTLS
B. WPA-PSK
C. WPA2 with WPS
D. WEP over EAP-PEAP
Answer: D
Explanation:
D: Wired Equivalent Privacy (WEP) is designed to provide security equivalent to that of a wired network. WEP has vulnerabilities and isn’t considered highly secure. Extensible Authentication Protocol (EAP) provides a framework for authentication that is often used with wireless networks. Among the five EAP types adopted by the WPA/ WPA2 standard are EAP-TLS, EAP-PSK, EAP-MD5, as well as LEAP and PEAP. PEAP is similar in design to EAP-TTLS, requiring only a server-side PKI certificate to create a secure TLS tunnel to protect user authentication, and uses server-side public key certificates to authenticate the server. It then creates an encrypted TLS tunnel between the client and the authentication server. In most configurations, the keys for this encryption are transported using the server's public key. The ensuing exchange of authentication information inside the tunnel to authenticate the client is then encrypted and user credentials are safe from eavesdropping.
Q2. NO: 81
A company is about to release a very large patch to its customers. An administrator is required to test patch installations several times prior to distributing them to customer PCs.
Which of the following should the administrator use to test the patching process quickly and often?
A. Create an incremental backup of an unpatched PC
B. Create an image of a patched PC and replicate it to servers
C. Create a full disk image to restore after each installation
D. Create a virtualized sandbox and utilize snapshots
Answer: D
Explanation:
Sandboxing is the process of isolating a system before installing new applications or patches on it
so as to restrict the software from being able to cause harm to production systems.
Before the patch is installed, a snapshot of the system should be taken. Snapshots are backups
that can be used to quickly recover from poor updates, and errors arising from newly installed
applications.
Q3. Sara, a security administrator, manually hashes all network device configuration files daily and compares them to the previous days’ hashes. Which of the following security concepts is Sara using?
A. Confidentiality
B. Compliance
C. Integrity
D. Availability
Answer: C
Explanation:
Integrity means the message can’t be altered without detection.
Q4. Several departments in a corporation have a critical need for routinely moving data from one system to another using removable storage devices. Senior management is concerned with data loss and the introduction of malware on the network. Which of the following choices BEST mitigates the range of risks associated with the continued use of removable storage devices?
A. Remote wiping enabled for all removable storage devices
B. Full-disk encryption enabled for all removable storage devices
C. A well defined acceptable use policy
D. A policy which details controls on removable storage use
Answer: D
Explanation:
Q5. A security analyst has been tasked with securing a guest wireless network. They recommend the company use an authentication server but are told the funds are not available to set this up.
Which of the following BEST allows the analyst to restrict user access to approved devices?
A. Antenna placement
B. Power level adjustment
C. Disable SSID broadcasting
D. MAC filtering
Answer: D
Explanation:
A MAC filter is a list of authorized wireless client interface MAC addresses that is used by a WAP to block access to all unauthorized devices.
Q6. A periodic update that corrects problems in one version of a product is called a A. Hotfix
B. Overhaul
C. Service pack
D. Security update
Answer: C
Explanation:
A service pack is a collection of updates and hotfixes that address a number of software issues, as well as new software features. It is released periodically by the vendor.
Q7. Which of the following utilities can be used in Linux to view a list of users’ failed authentication attempts?
A. badlog
B. faillog
C. wronglog
D. killlog
Answer: B
Explanation:
var/log/faillog - This Linux log fi le contains failed user logins. You’ll find this log useful when
tracking attempts to crack into your system.
/var/log/apport.log This log records application crashes. Sometimes these can reveal attempts to
compromise the system or the presence of a virus or spyware.
Q8. Which of the following concepts are included on the three sides of the "security triangle"? (Select THREE).
A. Confidentiality
B. Availability
C. Integrity
D. Authorization
E. Authentication
F. Continuity
Answer: A,B,C
Explanation:
Confidentiality, integrity, and availability are the three most important concepts in security. Thus they form the security triangle.
Q9. Which of the following can only be mitigated through the use of technical controls rather that user security training?
A. Shoulder surfing
B. Zero-day
C. Vishing
D. Trojans
Answer: B
Explanation:
A zero day vulnerability is an unknown vulnerability in a software application. This cannot be prevented by user security training. A zero day vulnerability refers to a hole in software that is unknown to the vendor. This security hole is then exploited by hackers before the vendor becomes aware and hurries to fix it—this exploit is called a zero day attack. Uses of zero day attacks can include infiltrating malware, spyware or allowing unwanted access to user information. The term “zero day” refers to the unknown nature of the hole to those outside of the hackers, specifically, the developers. Once the vulnerability becomes known, a race begins for the developer, who must protect users.
Q10. An internal auditor is concerned with privilege creep that is associated with transfers inside the company. Which mitigation measure would detect and correct this?
A. User rights reviews
B. Least privilege and job rotation
C. Change management
D. Change Control
Answer: A
Explanation:
A privilege audit is used to determine that all groups, users, and other accounts have the appropriate privileges assigned according to the policies of an organization. This means that a user rights review will reveal whether user accounts have been assigned according to their ‘new’ job descriptions , or if there are privilege creep culprits after transfers has occurred.
Q11. A security administrator must implement a firewall rule to allow remote employees to VPN onto the company network. The VPN concentrator implements SSL VPN over the standard HTTPS port. Which of the following is the MOST secure ACL to implement at the company's gateway firewall?
A. PERMIT TCP FROM ANY 443 TO 199.70.5.25 443
B. PERMIT TCP FROM ANY ANY TO 199.70.5.23 ANY
C. PERMIT TCP FROM 199.70.5.23 ANY TO ANY ANY
D. PERMIT TCP FROM ANY 1024-65535 TO 199.70.5.23 443
Answer: D
Explanation:
Q12. A security administrator notices large amounts of traffic within the network heading out to an external website. The website seems to be a fake bank site with a phone number that when called, asks for sensitive information. After further investigation, the security administrator notices that a fake link was sent to several users. This is an example of which of the following attacks?
A. Vishing
B. Phishing
C. Whaling
D. SPAM
E. SPIM
Answer: B
Explanation:
Phishing is the act of sending an email to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. Phishing email will direct the user to visit a website where they are asked to update personal information, such as a password, credit card, social security, or bank account numbers, that the legitimate organization already has. The website, however, is bogus and set up only to steal the information the user enters on the page. Phishing emails are blindly sent to thousands, if not millions of recipients. By spamming large groups of people, the "phisher" counts on the email being read by a percentage of people who actually have an account with the legitimate company being spoofed in the email and corresponding webpage. Phishing, also referred to as brand spoofing or carding, is a variation on "fishing," the idea being that bait is thrown out with the hopes that while most will ignore the bait, some will be tempted into biting.
Q13. Which of the following techniques can be used to prevent the disclosure of system information resulting from arbitrary inputs when implemented properly?
A. Fuzzing
B. Patch management
C. Error handling
D. Strong passwords
Answer: C
Explanation:
Exception handling is an aspect of secure coding. When errors occur, the system should revert back to a secure state. This must be coded into the system by the programmer, and should capture errors and exceptions so that they could be handled by the application.
Q14. Which of the following describes a type of malware which is difficult to reverse engineer in a virtual lab?
A. Armored virus
B. Polymorphic malware
C. Logic bomb
D. Rootkit
Answer: A
Explanation:
An armored virus is a type of virus that has been designed to thwart attempts by analysts from examining its code by using various methods to make tracing, disassembling and reverse engineering more difficult. An Armored Virus may also protect itself from antivirus programs, making it more difficult to trace. To do this, the Armored Virus attempts to trick the antivirus program into believing its location is somewhere other than where it really is on the system.
Q15. A bank has recently deployed mobile tablets to all loan officers for use at customer sites. Which of the following would BEST prevent the disclosure of customer data in the event that a tablet is lost or stolen?
A. Application control
B. Remote wiping
C. GPS
D. Screen-locks
Answer: B
Explanation:
Remote wipe is the process of deleting data on a device in the event that the device is stolen. This is performed over remote connections such as the mobile phone service or the internet connection and helps ensure that sensitive data is not accessed by unauthorized people.