Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. Encryption used by RADIUS is BEST described as:
A. Quantum
B. Elliptical curve
C. Asymmetric
D. Symmetric
Answer: D
Explanation:
The RADIUS server uses a symmetric encryption method.
Note: Symmetric algorithms require both ends of an encrypted message to have the same key and
processing algorithms. Symmetric algorithms generate a secret key that must be protected.
Q2. The security officer is preparing a read-only USB stick with a document of important personal phone numbers, vendor contacts, an MD5 program, and other tools to provide to employees. At which of the following points in an incident should the officer instruct employees to use this information?
A. Business Impact Analysis
B. First Responder
C. Damage and Loss Control
D. Contingency Planning
Answer: B
Explanation:
Incident response procedures involves: Preparation; Incident identification; Escalation and notification; Mitigation steps; Lessons learned; Reporting; Recover/reconstitution procedures; First responder; Incident isolation (Quarantine; Device removal); Data breach; Damage and loss control. In this scenario the security officer is carrying out an incident response measure that will address and be of benefit to those in the vanguard, i.e. the employees and they are the first responders.
Q3. Pete, the system administrator, wants to restrict access to advertisements, games, and gambling web sites. Which of the following devices would BEST achieve this goal?
A. Firewall
B. Switch
C. URL content filter
D. Spam filter
Answer: C
Explanation:
URL filtering, also known as web filtering, is the act of blocking access to a site based on all or part of the URL used to request access. URL filtering can focus on all or part of a fully qualified domain name (FQDN), specific path names, specific filenames, specific fi le extensions, or entire specific URLs. Many URL-filtering tools can obtain updated master URL block lists from vendors as well as allow administrators to add or remove URLs from a custom list.
Q4. Review the following diagram depicting communication between PC1 and PC2 on each side of a router. Analyze the network traffic logs which show communication between the two computers as captured by the computer with IP 10.2.2.10.
DIAGRAM
PC1 PC2
[192.168.1.30]--------[INSIDE 192.168.1.1 router OUTSIDE 10.2.2.1]---------[10.2.2.10] LOGS
10:30:22, SRC 10.2.2.1:3030, DST 10.2.2.10:80, SYN
10:30:23, SRC 10.2.2.10:80, DST 10.2.2.1:3030, SYN/ACK
10:30:24, SRC 10.2.2.1:3030, DST 10.2.2.10:80, ACK
Given the above information, which of the following can be inferred about the above environment?
A. 192.168.1.30 is a web server.
B. The web server listens on a non-standard port.
C. The router filters port 80 traffic.
D. The router implements NAT.
Answer: D
Explanation:
Network address translation (NAT) allows you to share a connection to the public Internet via a single interface with a single public IP address. NAT maps the private addresses to the public address. In a typical configuration, a local network uses one of the designated "private" IP address subnets. A router on that network has a private address (192.168.1.1) in that address space, and is also connected to the Internet with a "public" address (10.2.2.1) assigned by an Internet service provider.
Q5. A company wants to ensure that all credentials for various systems are saved within a central database so that users only have to login once for access to all systems. Which of the following would accomplish this?
A. Multi-factor authentication
B. Smart card access
C. Same Sign-On
D. Single Sign-On
Answer: D
Explanation:
Single sign-on means that once a user (or other subject) is authenticated into a realm, re-authentication is not required for access to resources on any realm entity. Single sign-on is able to internally translate and store credentials for the various mechanisms, from the credential used for original authentication.
Q6. Which of the following is described as an attack against an application using a malicious file?
A. Client side attack
B. Spam
C. Impersonation attack
D. Phishing attack
Answer: A
Explanation:
In this question, a malicious file is used to attack an application. If the application is running on a
client computer, this would be a client side attack. Attacking a service or application on a server
would be a server side attack.
Client-side attacks target vulnerabilities in client applications interacting with a malicious data. The
difference is the client is the one initiating the bad connection.
Client-side attacks are becoming more popular. This is because server side attacks are not as
easy as they once were according to apache.org.
Attackers are finding success going after weaknesses in desktop applications such as browsers,
media players, common office applications and e-mail clients.
To defend against client-side attacks keep-up the most current application patch levels, keep
antivirus software updated and keep authorized software to a minimum.
Q7. Which of the following BEST describes a SQL Injection attack?
A. The attacker attempts to have the receiving server pass information to a back-end database from which it can compromise the stored information.
B. The attacker attempts to have the receiving server run a payload using programming commonly found on web servers.
C. The attacker overwhelms a system or application, causing it to crash and bring the server down to cause an outage.
D. The attacker overwhelms a system or application, causing it to crash, and then redirects the memory address to read from a location holding the payload.
Answer: A
Explanation:
SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker). SQL injection must exploit a security vulnerability in an application's software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database.
Q8. A company’s chief information officer (CIO) has analyzed the financial loss associated with the company’s database breach. They calculated that one single breach could cost the company $1,000,000 at a minimum. Which of the following documents is the CIO MOST likely updating?
A. Succession plan
B. Continuity of operation plan
C. Disaster recovery plan
D. Business impact analysis
Answer: D
Explanation:
Business impact analysis (BIA) is the process of evaluating all of the critical systems in an organization to define impact and recovery plans. BIA isn’t concerned with external threats or vulnerabilities; the analysis focuses on the impact a loss would have on the organization. A BIA comprises the following: identifying critical functions, prioritizing critical business functions, calculating a timeframe for critical systems loss, and estimating the tangible impact on the organization.
Q9. Which of the following would BEST deter an attacker trying to brute force 4-digit PIN numbers to access an account at a bank teller machine?
A. Account expiration settings
B. Complexity of PIN
C. Account lockout settings
D. PIN history requirements
Answer: C
Explanation:
Account lockout settings determine the number of failed login attempts before the account gets locked and how long the account will be locked out for. For example, an account can be configured to lock if three incorrect passwords (or in this case PIN’s) are entered. The account can then be configured to automatically unlock after a period of time or stay locked until someone manually unlocks it.
Q10. A system administrator is notified by a staff member that their laptop has been lost. The laptop contains the user’s digital certificate. Which of the following will help resolve the issue? (Select TWO).
A. Revoke the digital certificate
B. Mark the key as private and import it
C. Restore the certificate using a CRL
D. Issue a new digital certificate
E. Restore the certificate using a recovery agent
Answer: A,D
Explanation:
The user's certificate must be revoked to ensure that the stolen computer cannot access
resources the user has had access to.
To grant the user access to the resources he must be issued a new certificate.
Q11. How often, at a MINIMUM, should Sara, an administrator, review the accesses and rights of the users on her system?
A. Annually
B. Immediately after an employee is terminated
C. Every five years
D. Every time they patch the server
Answer: A
Explanation:
Reviewing the accesses and rights of the users on a system at least annually is acceptable practice. More frequently would be desirable but too frequently would be a waste of administrative time.
Q12. Sara, an attacker, is recording a person typing in their ID number into a keypad to gain access to the building. Sara then calls the helpdesk and informs them that their PIN no longer works and would like to change it. Which of the following attacks occurred LAST?
A. Phishing
B. Shoulder surfing
C. Impersonation
D. Tailgating
Answer: C
Explanation:
Two attacks took place in this question. The first attack was shoulder surfing. This was the act of Sara recording a person typing in their ID number into a keypad to gain access to the building. The second attack was impersonation. Sara called the helpdesk and used the PIN to impersonate the person she recorded.
Q13. Joe, a technician at the local power plant, notices that several turbines had ramp up in cycles during the week. Further investigation by the system engineering team determined that a timed .exe file had been uploaded to the system control console during a visit by international contractors. Which of the following actions should Joe recommend?
A. Create a VLAN for the SCADA
B. Enable PKI for the MainFrame
C. Implement patch management
D. Implement stronger WPA2 Wireless
Answer: A
Explanation:
VLANs are used for traffic management. VLANs can be used to isolate traffic between network segments. This can be accomplished by not defining a route between different VLANs or by specifying a deny filter between certain VLANs (or certain members of a VLAN). Any network segment that doesn’t need to communicate with another in order to accomplish a work task/function shouldn’t be able to do so.
Q14. The security team would like to gather intelligence about the types of attacks being launched against the organization. Which of the following would provide them with the MOST information?
A. Implement a honeynet
B. Perform a penetration test
C. Examine firewall logs
D. Deploy an IDS
Answer: A
Explanation:
A honeynet is a network set up with intentional vulnerabilities; its purpose is to invite attack, so that an attacker's activities and methods can be studied and that information used to increase network security. A honeynet contains one or more honey pots, which are computer systems on the Internet expressly set up to attract and "trap" people who attempt to penetrate other people's computer systems. Although the primary purpose of a honeynet is to gather information about attackers' methods and motives, the decoy network can benefit its operator in other ways, for example by diverting attackers from a real network and its resources. The Honeynet Project, a non-profit research organization dedicated to computer security and information sharing, actively promotes the deployment of honeynets. In addition to the honey pots, a honeynet usually has real applications and services so that it seems like a normal network and a worthwhile target. However, because the honeynet doesn't actually serve any authorized users, any attempt to contact the network from without is likely an illicit attempt to breach its security, and any outbound activity is likely evidence that a system has been compromised. For this reason, the suspect information is much more apparent than it would be in an actual network, where it would have to be found amidst all the legitimate network data. Applications within a honeynet are often given names such as "Finances" or "Human Services" to make them sound appealing to the attacker.
A virtual honeynet is one that, while appearing to be an entire network, resides on a single server.
Q15. The security administrator at ABC company received the following log information from an external party:
10:45:01 EST, SRC 10.4.3.7:3056, DST 8.4.2.1:80, ALERT, Directory traversal
10:45:02 EST, SRC 10.4.3.7:3057, DST 8.4.2.1:80, ALERT, Account brute force
10:45:03 EST, SRC 10.4.3.7:3058, DST 8.4.2.1:80, ALERT, Port scan
The external party is reporting attacks coming from abc-company.com. Which of the following is the reason the ABC company’s security administrator is unable to determine the origin of the attack?
A. A NIDS was used in place of a NIPS.
B. The log is not in UTC.
C. The external party uses a firewall.
D. ABC company uses PAT.
Answer: D
Explanation:
PAT would ensure that computers on ABC’s LAN translate to the same IP address, but with a different port number assignment. The log information shows the IP address, not the port number, making it impossible to pin point the exact source.