Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. An organization processes credit card transactions and is concerned that an employee may intentionally email credit card numbers to external email addresses. This company should consider which of the following technologies?
A. IDS
B. Firewalls
C. DLP
D. IPS
Answer: C
Explanation:
Q2. Joe, a security analyst, asks each employee of an organization to sign a statement saying that they understand how their activities may be monitored. Which of the following BEST describes this statement? (Select TWO).
A. Acceptable use policy
B. Risk acceptance policy
C. Privacy policy
D. Email policy
E. Security policy
Answer: A,C
Explanation:
Privacy policies define what controls are required to implement and maintain the sanctity of data privacy in the work environment. Privacy policy is a legal document that outlines how data collected is secured. It should encompass information regarding the information the company collects, privacy choices you have based on your account, potential information sharing of your data with other parties, security measures in place, and enforcement. Acceptable use policies (AUPs) describe how the employees in an organization can use company systems and resources, both software and hardware.
Q3. A security administrator is tasked with calculating the total ALE on servers. In a two year period of time, a company has to replace five servers. Each server replacement has cost the company $4,000 with downtime costing $3,000. Which of the following is the ALE for the company?
A. $7,000
B. $10,000
C. $17,500
D. $35,000
Answer: C
Explanation:
SLE × ARO = ALE, where SLE is equal to asset value (AV) times exposure factor (EF); and ARO is the annualized rate of occurrence. SLE =($4000 + $3000) x 5 = $35000 ARO = 2 years Thus per year it would be 50% = 0,5 The ALE is thus $35000 x 0.5 = $17500
Q4. Suspicious traffic without a specific signature was detected. Under further investigation, it was determined that these were false indicators. Which of the following security devices needs to be configured to disable future false alarms?
A. Signature based IPS
B. Signature based IDS
C. Application based IPS
D. Anomaly based IDS
Answer: D
Explanation:
Most intrusion detection systems (IDS) are what is known as signature-based. This means that they operate in much the same way as a virus scanner, by searching for a known identity - or signature - for each specific intrusion event. And, while signature-based IDS is very efficient at sniffing out known s of attack, it does, like anti-virus software, depend on receiving regular signature updates, to keep in touch with variations in hacker technique. In other words, signature-based IDS is only as good as its database of stored signatures. Any organization wanting to implement a more thorough - and hence safer - solution, should consider what we call anomaly-based IDS. By its nature, anomaly-based IDS is a rather more complex creature. In network traffic terms, it captures all the headers of the IP packets running towards the network. From this, it filters out all known and legal traffic, including web traffic to the organization's web server, mail traffic to and from its mail server, outgoing web traffic from company employees and DNS traffic to and from its DNS server.
There are other equally obvious advantages to using anomaly-based IDS. For example, because it detects any traffic that is new or unusual, the anomaly method is particularly good at identifying sweeps and probes towards network hardware. It can, therefore, give early warnings of potential intrusions, because probes and scans are the predecessors of all attacks. And this applies equally to any new service installed on any item of hardware - for example, Telnet deployed on a network router for maintenance purposes and forgotten about when the maintenance was finished. This makes anomaly-based IDS perfect for detecting anything from port anomalies and web anomalies to mis-formed attacks, where the URL is deliberately mis-typed.
Q5. An employee connects a wireless access point to the only jack in the conference room to provide Internet access during a meeting. The access point is configured to use WPA2-TKIP. A malicious user is able to intercept clear text HTTP communication between the meeting attendees and the Internet. Which of the following is the reason the malicious user is able to intercept and see the clear text communication?
A. The malicious user has access to the WPA2-TKIP key.
B. The wireless access point is broadcasting the SSID.
C. The malicious user is able to capture the wired communication.
D. The meeting attendees are using unencrypted hard drives.
Answer: C
Explanation:
Q6. Which of the following is an authentication and accounting service that uses TCP for connecting to routers and switches?
A. DIAMETER
B. RADIUS
C. TACACS+
D. Kerberos
Answer: C
Explanation:
TACACS+ is an authentication, authorization, and accounting (AAA) service that makes us of TCP only.
Q7. Which of the following passwords is the LEAST complex?
A. MyTrain!45
B. Mytr@in!!
C. MyTr@in12
D. MyTr@in#8
Answer: B
Explanation:
Password policies often enforce a minimum of three out of four standard character types, which includes uppercase and lowercase letters, numbers, and symbols. Although this option includes three of the four character types, it does not include numbers, which makes it less complex than the other options.
Q8. In order to prevent and detect fraud, which of the following should be implemented?
A. Job rotation
B. Risk analysis
C. Incident management
D. Employee evaluations
Answer: A
Explanation:
A job rotation policy defines intervals at which employees must rotate through positions. Similar in purpose to mandatory vacations, it helps to ensure that the company does not become too dependent on one person and it does afford the company with the opportunity to place another person in that same job and in this way the company can potentially uncover any fraud perhaps committed by the incumbent.
Q9. The security manager received a report that an employee was involved in illegal activity and has saved data to a workstation’s hard drive. During the investigation, local law enforcement’s criminal division confiscates the hard drive as evidence. Which of the following forensic procedures is involved?
A. Chain of custody
B. System image
C. Take hashes
D. Order of volatility
Answer: A
Explanation:
Chain of custody deals with how evidence is secured, where it is stored, and who has access to it. When you begin to collect evidence, you must keep track of that evidence at all times and show who has it, who has seen it, and where it has been.
Q10. A company hires outside security experts to evaluate the security status of the corporate network. All of the company’s IT resources are outdated and prone to crashing. The company requests that all testing be performed in a way which minimizes the risk of system failures. Which of the following types of testing does the company want performed?
A. Penetration testing
B. WAF testing
C. Vulnerability scanning
D. White box testing
Answer: C
Explanation:
Vulnerability scanning has minimal impact on network resource due to the passive nature of the scanning.
A vulnerability scan is the process of scanning the network and/or I.T. infrastructure for threats and vulnerabilities. The threats and vulnerabilities are then evaluated in a risk assessment and the necessary actions taken to resolve and vulnerabilities. A vulnerability scan scans for known weaknesses such as missing patches or security updates.
A vulnerability scan is the automated process of proactively identifying security vulnerabilities of computing systems in a network in order to determine if and where a system can be exploited and/or threatened. While public servers are important for communication and data transfer over the Internet, they open the door to potential security breaches by threat agents, such as malicious hackers. Vulnerability scanning employs software that seeks out security flaws based on a database of known flaws, testing systems for the occurrence of these flaws and generating a report of the findings that an individual or an enterprise can use to tighten the network's security.
Q11. An overseas branch office within a company has many more technical and non-technical security incidents than other parts of the company. Which of the following management controls should be introduced to the branch office to improve their state of security?
A. Initial baseline configuration snapshots
B. Firewall, IPS and network segmentation
C. Event log analysis and incident response
D. Continuous security monitoring processes
Answer: D
Explanation:
Q12. A security technician is attempting to access a wireless network protected with WEP. The technician does not know any information about the network. Which of the following should the technician do to gather information about the configuration of the wireless network?
A. Spoof the MAC address of an observed wireless network client
B. Ping the access point to discover the SSID of the network
C. Perform a dictionary attack on the access point to enumerate the WEP key
D. Capture client to access point disassociation packets to replay on the local PC’s loopback
Answer: A
Explanation:
With ARP spoofing (also known as ARP poisoning), the MAC (Media Access Control) address of the data is faked. By faking this value, it is possible to make it look as if the data came from a network that it did not. This can be used to gain access to the network, to fool the router into sending data here that was intended for another host, or to launch a DoS attack. In all cases, the address being faked is an address of a legitimate user, and that makes it possible to get around such measures as allow/deny lists. Note: As an example, the initialization vector (IV) that WEP uses for encryption is 24-bit, which is quite weak and means that IVs are reused with the same key. By examining the repeating result, it was easy for attackers to crack the WEP secret key. This is known as an IV attack.
Q13. Which of the following protocols is MOST likely to be leveraged by users who need additional information about another user?
A. LDAP
B. RADIUS
C. Kerberos
D. TACACS+
Answer: A
Explanation:
Q14. Which of the following would provide the STRONGEST encryption?
A. Random one-time pad
B. DES with a 56-bit key
C. AES with a 256-bit key
D. RSA with a 1024-bit key
Answer: A
Explanation:
One-time pads are the only truly completely secure cryptographic implementations.
They are so secure for two reasons. First, they use a key that is as long as a plaintext message.
That means there is no pattern in the key application for an attacker to use. Also, one-time pad
keys are used only once and then discarded. So even if you could break a one-time pad cipher,
that same key would never be used again, so knowledge of the key would be useless.
Q15. A user casually browsing the Internet is redirected to a warez site where a number of pop-ups appear. After clicking on a pop-up to complete a survey, a drive-by download occurs. Which of the following is MOST likely to be contained in the download?
A. Backdoor
B. Spyware
C. Logic bomb
D. DDoS
E. Smurf
Answer: B
Explanation: Explanation Spyware is software that is used to gather information about a person or organization without their knowledge and sends that information to another entity. Whenever spyware is used for malicious purposes, its presence is typically hidden from the user and can be difficult to detect. Some spyware, such as keyloggers, may be installed by the owner of a shared, corporate, or public computer intentionally in order to monitor users.