Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. TION NO: 74
Which of the following can be used as an equipment theft deterrent?
A. Screen locks
B. GPS tracking
C. Cable locks
D. Whole disk encryption
Answer: C
Explanation:
Cable locks are theft deterrent devices that can be used to tether a device to a fixed point keep smaller devices from being easy to steal.
Q2. Which of the following are examples of detective controls?
A. Biometrics, motion sensors and mantraps.
B. Audit, firewall, anti-virus and biometrics.
C. Motion sensors, intruder alarm and audit.
D. Intruder alarm, mantraps and firewall.
Answer: C
Explanation:
Q3. A recent review of accounts on various systems has found that after employees' passwords are required to change they are recycling the same password as before. Which of the following policies should be enforced to prevent this from happening? (Select TWO).
A. Reverse encryption
B. Minimum password age
C. Password complexity
D. Account lockouts
E. Password history
F. Password expiration
Answer: B,E
Explanation:
Q4. Which of the following must a user implement if they want to send a secret message to a coworker by embedding it within an image?
A. Transport encryption
B. Steganography
C. Hashing
D. Digital signature
Answer: B
Explanation:
Steganography is the process of concealing a file, message, image, or video within another file, message, image, or video. Note: The advantage of steganography over cryptography alone is that the intended secret message does not attract attention to itself as an object of scrutiny. Plainly visible encrypted messages, no matter how unbreakable will arouse interest, and may in themselves be incriminating in countries where encryption is illegal. Thus, whereas cryptography is the practice of protecting the contents of a message alone, steganography is concerned with concealing the fact that a secret message is being sent, as well as concealing the contents of the message.
Q5. When implementing fire suppression controls in a datacenter it is important to:
A. Select a fire suppression system which protects equipment but may harm technicians.
B. Ensure proper placement of sprinkler lines to avoid accidental leakage onto servers.
C. Integrate maintenance procedures to include regularly discharging the system.
D. Use a system with audible alarms to ensure technicians have 20 minutes to evacuate.
Answer: B
Explanation:
Water-based systems can cause serious damage to all electrical equipment and the sprinkler lines in a fire suppression control system should be placed in such a way so as not to leak onto computers when it do get activated because it works with overhead nozzles.
Q6. Jane, a security administrator, has observed repeated attempts to break into a server. Which of the following is designed to stop an intrusion on a specific server?
A. HIPS
B. NIDS
C. HIDS
D. NIPS
Answer: A
Explanation:
This question is asking which of the following is designed to stop an intrusion on a specific server. To stop an intrusion on a specific server, you would use a HIPS (Host Intrusion Prevention System). The difference between a HIPS and other intrusion prevention systems is that a HIPS is a software intrusion prevention systems that is installed on a ‘specific server’.
Intrusion prevention systems (IPS), also known as intrusion detection and prevention systems (IDPS), are network security appliances that monitor network and/or system activities for malicious activity. The main functions of intrusion prevention systems are to identify malicious activity, log information about this activity, attempt to block/stop it, and report it.
A HIPS (Host Intrusion Prevention System) is software installed on a host which monitors the host for suspicious activity by analyzing events occurring within that host with the aim of detecting and preventing intrusion.
Q7. When reviewing a digital certificate for accuracy, which of the following would Matt, a security administrator, focus on to determine who affirms the identity of the certificate owner?
A. Trust models
B. CRL
C. CA
D. Recovery agent
Answer: C
Explanation:
A certificate authority (CA) is an organization that is responsible for issuing, revoking, and distributing certificates. The CA affirms the identity of the certificate owner.
Q8. Joe analyzed the following log and determined the security team should implement which of the following as a mitigation method against further attempts?
Host 192.168.1.123
[00:00:01]Successful Login: 015 192.168.1.123 : local
[00:00:03]Unsuccessful Login: 022 214.34.56.006 :RDP 192.168.1.124
[00:00:04]UnSuccessful Login: 010 214.34.56.006 :RDP 192.168.1.124
[00:00:07]UnSuccessful Login: 007 214.34.56.006 :RDP 192.168.1.124
[00:00:08]UnSuccessful
Login: 003 214.34.56.006 :RDP 192.168.1.124
A. Reporting
B. IDS
C. Monitor system logs
D. Hardening
Answer: D
Explanation:
Q9. A distributed denial of service attack can BEST be described as:
A. Invalid characters being entered into a field in a database application.
B. Users attempting to input random or invalid data into fields within a web browser application.
C. Multiple computers attacking a single target in an organized attempt to deplete its resources.
D. Multiple attackers attempting to gain elevated privileges on a target system.
Answer: C
Explanation:
A Distributed Denial of Service (DDoS) attack is an attack from several different computers targeting a single computer. One common method of attack involves saturating the target machine with external communications requests, so much so that it cannot respond to legitimate traffic, or responds so slowly as to be rendered essentially unavailable. Such attacks usually lead to a server overload.
A distributed denial-of-service (DDoS) attack occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. Such an attack is often the result of multiple compromised systems (for example a botnet) flooding the targeted system with traffic. When a server is overloaded with connections, new connections can no longer be accepted. The major advantages to an attacker of using a distributed denial-of-service attack are that multiple machines can generate more attack traffic than one machine, multiple attack machines are harder to turn off than one attack machine, and that the behavior of each attack machine can be stealthier, making it harder to track and shut down. These attacker advantages cause challenges for defense mechanisms. For example, merely purchasing more incoming bandwidth than the current volume of the attack might not help, because the attacker might be able to simply add more attack machines. This after all will end up completely crashing a website for periods of time. Malware can carry DDoS attack mechanisms; one of the better-known examples of this was MyDoom. Its DoS mechanism was triggered on a specific date and time. This type of DDoS involved hardcoding the target IP address prior to release of the malware and no further interaction was necessary to launch the attack.
Q10. An administrator is investigating a system that may potentially be compromised, and sees the following log entries on the router.
*Jul 15 14:47:29.779:%Router1: list 101 permitted tcp 192.10.3.204(57222) (FastEthernet 0/3) ->
10.10.1.5 (6667), 3 packets.
*Jul 15 14:47:38.779:%Router1: list 101 permitted tcp 192.10.3.204(57222) (FastEthernet 0/3) ->
10.10.1.5 (6667), 6 packets.
*Jul 15 14:47:45.779:%Router1: list 101 permitted tcp 192.10.3.204(57222) (FastEthernet 0/3) ->
10.10.1.5 (6667), 8 packets.
Which of the following BEST describes the compromised system?
A. It is running a rogue web server
B. It is being used in a man-in-the-middle attack
C. It is participating in a botnet
D. It is an ARP poisoning attack
Answer: C
Explanation:
Q11. Corporate IM presents multiple concerns to enterprise IT. Which of the following concerns should Jane, the IT security manager, ensure are under control? (Select THREE).
A. Authentication
B. Data leakage
C. Compliance
D. Malware
E. Non-repudiation
F. Network loading
Answer: B,C,D
Explanation:
In a joint enterprise, data may be combined from both organizations. It must be determined, in advance, who is responsible for that data and how the data backups will be managed. Data leakage, compliance and Malware issues are all issues concerning data ownership and backup which are both impacted on by corporate IM.
Q12. Which of the following encompasses application patch management?
A. Configuration management
B. Policy management
C. Cross-site request forgery
D. Fuzzing
Answer: A
Explanation:
Patch management is the process of maintaining the latest source code for applications and operating systems by applying the latest vendor updates. This helps protect a systems from newly discovered attacks and vulnerabilities. A part of patch management is testing the effects of vendor updates on a test system first to ensure that the updates do not have detrimental effects on the system and its configuration, and, should the updates have no detrimental effects on the test systems, backing up the production systems before applying the updates on a production system.
Q13. The security administrator has been tasked to update all the access points to provide a more secure connection. All access points currently use WPA TKIP for encryption. Which of the following would be configured to provide more secure connections?
A. WEP
B. WPA2 CCMP
C. Disable SSID broadcast and increase power levels
D. MAC filtering
Answer: B
Explanation:
CCMP makes use of 128-bit AES encryption with a 48-bit initialization vector. This initialization vector makes cracking a bit more difficult.
Q14. Symmetric encryption utilizes __________, while asymmetric encryption utilizes _________.
A. Public keys, one time
B. Shared keys, private keys
C. Private keys, session keys
D. Private keys, public keys
Answer: D
Explanation:
Symmetrical systems require the key to be private between the two parties. With asymmetric
systems, each circuit has one key.
In more detail:
*
Symmetric algorithms require both ends of an encrypted message to have the same key and processing algorithms. Symmetric algorithms generate a secret key that must be protected. A symmetric key, sometimes referred to as a secret key or private key, is a key that isn’t disclosed to people who aren’t authorized to use the encryption system.
*
Asymmetric algorithms use two keys to encrypt and decrypt data. These asymmetric keys are referred to as the public key and the private key. The sender uses the public key to encrypt a message, and the receiver uses the private key to decrypt the message; what one key does, the other one undoes.
Q15. The call center supervisor has reported that many employees have been playing preinstalled games on company computers and this is reducing productivity.
Which of the following would be MOST effective for preventing this behavior?
A. Acceptable use policies
B. Host-based firewalls
C. Content inspection
D. Application whitelisting
Answer: D
Explanation:
Application whitelisting is a form of application security which prevents any software from running on a system unless it is included on a preapproved exception list.