Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. Joe, the system administrator, has been asked to calculate the Annual Loss Expectancy (ALE) for a $5,000 server, which often crashes. In the past year, the server has crashed 10 times, requiring a system reboot to recover with only 10% loss of data or function. Which of the following is the ALE of this server?
A. $500
B. $5,000
C. $25,000
D. $50,000
Answer: B
Explanation:
SLE × ARO = ALE, where SLE is equal to asset value (AV) times exposure factor (EF); and ARO is the annualized rate of occurrence. (5000 x 10) x 0.1 = 5000
Q2. A security administrator has implemented a policy to prevent data loss. Which of the following is the BEST method of enforcement?
A. Internet networks can be accessed via personally-owned computers.
B. Data can only be stored on local workstations.
C. Wi-Fi networks should use WEP encryption by default.
D. Only USB devices supporting encryption are to be used.
Answer: D
Explanation:
The concern for preventing data loss is the concern for maintaining data confidentiality. This can
be accomplished through encryption, access controls, and steganography.
USB encryption is usually provided by the vendor of the USB device. It is not included on all USB
devices.
Q3. The system administrator notices that their application is no longer able to keep up with the large amounts of traffic their server is receiving daily. Several packets are dropped and sometimes the server is taken offline. Which of the following would be a possible solution to look into to ensure their application remains secure and available?
A. Cloud computing
B. Full disk encryption
C. Data Loss Prevention
D. HSM
Answer: A
Explanation:
Cloud computing means hosting services and data on the Internet instead of hosting it locally. There is thus no issue when the company’s server is taken offline.
Q4. In the case of a major outage or business interruption, the security office has documented the expected loss of earnings, potential fines and potential consequence to customer service. Which of the following would include the MOST detail on these objectives?
A. Business Impact Analysis
B. IT Contingency Plan
C. Disaster Recovery Plan
D. Continuity of Operations
Answer: A
Explanation:
Business impact analysis (BIA) is the process of evaluating all of the critical systems in an organization to define impact and recovery plans. BIA isn’t concerned with external threats or vulnerabilities; the analysis focuses on the impact a loss would have on the organization. A BIA comprises the following: identifying critical functions, prioritizing critical business functions, calculating a timeframe for critical systems loss, and estimating the tangible impact on the organization.
Q5. A recent intrusion has resulted in the need to perform incident response procedures. The incident response team has identified audit logs throughout the network and organizational systems which hold details of the security breach. Prior to this incident, a security consultant informed the company that they needed to implement an NTP server on the network. Which of the following is a problem that the incident response team will likely encounter during their assessment?
A. Chain of custody
B. Tracking man hours
C. Record time offset
D. Capture video traffic
Answer: C
Explanation:
It is quite common for workstation as well as server times to be off slightly from actual time. Since a forensic investigation is usually dependent on a step-by-step account of what has happened, being able to follow events in the correct time sequence is critical. Because of this, it is imperative to record the time offset on each affected machine during the investigation. One method of assisting with this is to add an entry to a log file and note the time that this was done and the time associated with it on the system. There is no mention that this was done by the incident response team.
Q6. Which of the following is used to certify intermediate authorities in a large PKI deployment?
A. Root CA
B. Recovery agent
C. Root user
D. Key escrow
Answer: A
Explanation:
The root CA certifies other certification authorities to publish and manage certificates within the organization. In a hierarchical trust model, also known as a tree, a root CA at the top provides all of the information. The intermediate CAs are next in the hierarchy, and they trust only information provided by the root CA. The root CA also trusts intermediate CAs that are in their level in the hierarchy and none that aren’t. This arrangement allows a high level of control at all levels of the hierarchical tree. .
Q7. Purchasing receives a phone call from a vendor asking for a payment over the phone. The phone number displayed on the caller ID matches the vendor’s number. When the purchasing agent asks to call the vendor back, they are given a different phone number with a different area code.
Which of the following attack types is this?
A. Hoax
B. Impersonation
C. Spear phishing
D. Whaling
Answer: B
Explanation:
In this question, the impersonator is impersonating a vendor and asking for payment. They have managed to ‘spoof’ their calling number so that their caller ID matches the vendor’s number. Impersonation is where a person, computer, software application or service pretends to be someone or something it’s not. Impersonation is commonly non-maliciously used in client/server applications. However, it can also be used as a security threat.
Q8. Which of the following controls should critical application servers implement to protect themselves from other potentially compromised application services?
A. NIPS
B. Content filter
C. NIDS
D. Host-based firewalls
Answer: D
Explanation:
Q9. Which of the following was launched against a company based on the following IDS log?
122.41.15.252 - - [21/May/2012:00:17:20 +1200] "GET
/index.php?username=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA A
AAA HTTP/1.1" 200 2731 "http://www.company.com/cgibin/
forum/commentary.pl/noframes/read/209" "Mozilla/4.0 (compatible;
MSIE 6.0; Windows NT 5.1; Hotbar 4.4.7.0)"
A. SQL injection
B. Buffer overflow attack
C. XSS attack
D. Online password crack
Answer: B
Explanation:
The username should be just a username; instead we can see it’s a long line of text with an HTTP command in it. This is an example of a buffer overflow attack. A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information - which has to go somewhere - can overflow into adjacent buffers, corrupting or overwriting the valid data held in them. Although it may occur accidentally through programming error, buffer overflow is an increasingly common type of security attack on data integrity. In buffer overflow attacks, the extra data may contain codes designed to trigger specific actions, in effect sending new instructions to the attacked computer that could, for example, damage the user's files, change data, or disclose confidential information. Buffer overflow attacks are said to have arisen because the C programming language supplied the framework, and poor programming practices supplied the vulnerability.
Q10. What is the term for the process of luring someone in (usually done by an enforcement officer or a government agent)?
A. Enticement
B. Entrapment
C. Deceit
D. Sting
Answer: A
Explanation:
Enticement is the process of luring someone into your plan or trap.
Q11. A company would like to take electronic orders from a partner; however, they are concerned that a non-authorized person may send an order. The legal department asks if there is a solution that provides non-repudiation. Which of the following would meet the requirements of this scenario?
A. Encryption
B. Digital signatures
C. Steganography
D. Hashing
E. Perfect forward secrecy
Answer: B
Explanation:
Q12. A user attempting to log on to a workstation for the first time is prompted for the following information before being granted access: username, password, and a four-digit security pin that was mailed to him during account registration. This is an example of which of the following?
A. Dual-factor authentication
B. Multifactor authentication
C. Single factor authentication
D. Biometric authentication
Answer: C
Explanation:
Multi-factor authentication (MFA) is a method of computer access control which a user can pass by successfully presenting authentication factors from at least two of the three categories: knowledge factors ("things only the user knows"), such as passwords possession factors ("things only the user has"), such as ATM cards inherence factors ("things only the user is"), such as biometrics
In this question a username, password, and a four-digit security pin knowledge are all knowledge factors (something the user knows). Therefore, this is single-factor authentication.
Q13. A database administrator receives a call on an outside telephone line from a person who states that they work for a well-known database vendor. The caller states there have been problems applying the newly released vulnerability patch for their database system, and asks what version is being used so that they can assist. Which of the following is the BEST action for the administrator to take?
A. Thank the caller, report the contact to the manager, and contact the vendor support line to verify any reported patch issues.
B. Obtain the vendor’s email and phone number and call them back after identifying the number of systems affected by the patch.
C. Give the caller the database version and patch level so that they can receive help applying the patch.
D. Call the police to report the contact about the database systems, and then check system logs for attack attempts.
Answer: A
Explanation:
Impersonation is where a person, computer, software application or service pretends to be someone or something it’s not. Impersonation is commonly non-maliciously used in client/server applications. However, it can also be used as a security threat.
In this question, the person making the call may be impersonating someone who works for a well-known database vendor. The actions described in this answer would mitigate the risk. By not divulging information about your database system and contacting the vendor directly, you can be sure that you are talking to the right people.
Q14. A system administrator has concerns regarding their users accessing systems and secured areas using others’ credentials. Which of the following can BEST address this concern?
A. Create conduct policies prohibiting sharing credentials.
B. Enforce a policy shortening the credential expiration timeframe.
C. Implement biometric readers on laptops and restricted areas.
D. Install security cameras in areas containing sensitive systems.
Answer: C
Explanation:
Biometrics is an authentication process that makes use of physical characteristics to establish identification. This will prevent users making use of others credentials.
Q15. Which of the following provides dedicated hardware-based cryptographic functions to an operating system and its applications running on laptops and desktops?
A. TPM
B. HSM
C. CPU
D. FPU
Answer: A
Explanation:
Trusted Platform Module (TPM) is a hardware-based encryption solution that is embedded in the system’s motherboard and is enabled or disable in BIOS. It helps with hash key generation and stores cryptographic keys, passwords, or certificates.