Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. A security architect wishes to implement a wireless network with connectivity to the company’s internal network. Before they inform all employees that this network is being put in place, the architect wants to roll it out to a small test segment. Which of the following allows for greater secrecy about this network during this initial phase of implementation?
A. Disabling SSID broadcasting
B. Implementing WPA2 - TKIP
C. Implementing WPA2 - CCMP
D. Filtering test workstations by MAC address
Answer: A
Explanation:
Network administrators may choose to disable SSID broadcast to hide their network from unauthorized personnel. However, the SSID is still needed to direct packets to and from the base station, so it’s a discoverable value using a wireless packet sniffer. Thus, the SSID should be disabled if the network isn’t for public use.
Q2. To ensure proper evidence collection, which of the following steps should be performed FIRST?
A. Take hashes from the live system
B. Review logs
C. Capture the system image
D. Copy all compromised files
Answer: C
Explanation:
Capturing an image of the operating system in its exploited state can be helpful in revisiting the issue after the fact to learn more about it. This is essential since the collection of evidence process may result in some mishandling and changing the exploited state.
Q3. Various network outages have occurred recently due to unapproved changes to network and security devices. All changes were made using various system credentials. The security analyst has been tasked to update the security policy. Which of the following risk mitigation strategies would also need to be implemented to reduce the number of network outages due to unauthorized changes?
A. User rights and permissions review
B. Configuration management
C. Incident management
D. Implement security controls on Layer 3 devices
Answer: A
Explanation:
Reviewing user rights and permissions can be used to determine that all groups, users, and other accounts have the appropriate privileges assigned according to the policies of the corporation and their job descriptions. Also reviewing user rights and permissions will afford the security analyst the opportunity to put the principle of least privilege in practice as well as update the security policy
Q4. A company has 5 users. Users 1, 2 and 3 need access to payroll and users 3, 4 and 5 need access to sales. Which of the following should be implemented to give the appropriate access while enforcing least privilege?
A. Assign individual permissions to users 1 and 2 for payroll. Assign individual permissions to users 4 and 5 for sales. Make user 3 an administrator.
B. Make all users administrators and then restrict users 1 and 2 from sales. Then restrict users 4 and 5 from payroll.
C. Create two additional generic accounts, one for payroll and one for sales that users utilize.
D. Create a sales group with users 3, 4 and 5. Create a payroll group with users 1, 2 and 3.
Answer: D
Explanation:
Q5. Which of the following is the difference between identification and authentication of a user?
A. Identification tells who the user is and authentication tells whether the user is allowed to logon to a system.
B. Identification tells who the user is and authentication proves it.
C. Identification proves who the user is and authentication is used to keep the users data secure.
D. Identification proves who the user is and authentication tells the user what they are allowed to do.
Answer: B
Explanation:
Identification is described as the claiming of an identity, and authentication is described as the act of verifying or proving the claimed identity.
Q6. While rarely enforced, mandatory vacation policies are effective at uncovering:
A. Help desk technicians with oversight by multiple supervisors and detailed quality control systems.
B. Collusion between two employees who perform the same business function.
C. Acts of incompetence by a systems engineer designing complex architectures as a member of a team.
D. Acts of gross negligence on the part of system administrators with unfettered access to system and no oversight.
Answer: D
Explanation:
Least privilege (privilege reviews) and job rotation is done when mandatory vacations are implemented. Then it will uncover areas where the system administrators neglected to check all users’ privileges since the other users must fill in their positions when they are on their mandatory vacation.
Q7. On a train, an individual is watching a proprietary video on Joe's laptop without his knowledge. Which of the following does this describe?
A. Tailgating
B. Shoulder surfing
C. Interference
D. Illegal downloading
Answer: B
Explanation:
Q8. A company’s business model was changed to provide more web presence and now its ERM software is no longer able to support the security needs of the company. The current data center will continue to provide network and security services. Which of the following network elements would be used to support the new business model?
A. Software as a Service
B. DMZ
C. Remote access support
D. Infrastructure as a Service
Answer: A
Explanation:
Software as a Service (SaaS) allows for on-demand online access to specific software applications or suites without having to install it locally. This will allow the data center to continue providing network and security services.
Q9. A security administrator forgets their card to access the server room. The administrator asks a coworker if they could use their card for the day. Which of the following is the administrator using to gain access to the server room?
A. Man-in-the-middle
B. Tailgating
C. Impersonation
D. Spoofing
Answer: C
Explanation:
Impersonation is where a person, computer, software application or service pretends to be someone or something it’s not. Impersonation is commonly non-maliciously used in client/server applications. However, it can also be used as a security threat.
In this question, by using the coworker’s card, the security administrator is ‘impersonating’ the coworker. The server room locking system and any logging systems will ‘think’ that the coworker has entered the server room.
Q10. While configuring a new access layer switch, the administrator, Joe, was advised that he needed to make sure that only devices authorized to access the network would be permitted to login and utilize resources. Which of the following should the administrator implement to ensure this happens?
A. Log Analysis
B. VLAN Management
C. Network separation
D. 802.1x
Answer: D
Explanation:
802.1x is a port-based authentication mechanism. It’s based on Extensible Authentication Protocol (EAP) and is commonly used in closed-environment wireless networks. 802.1x was initially used to compensate for the weaknesses of Wired Equivalent Privacy (WEP), but today it’s often used as a component in more complex authentication and connection-management systems, including Remote Authentication Dial-In User Service (RADIUS), Diameter, Cisco System’s Terminal Access Controller Access-Control System Plus (TACACS+), and Network Access Control (NAC).
Q11. A security administrator is reviewing the below output from a password auditing tool:
P@ss.
@pW1.
S3cU4
Which of the following additional policies should be implemented based on the tool’s output?
A. Password age
B. Password history
C. Password length
D. Password complexity
Answer: C
Explanation:
The output shows that all the passwords are either 4 or 5 characters long. This is way too short, 8 characters are shown to be the minimum for password length.
Q12. Which of the following would allow the organization to divide a Class C IP address range into several ranges?
A. DMZ
B. Virtual LANs
C. NAT
D. Subnetting
Answer: D
Explanation:
Subnetting is a dividing process used on networks to divide larger groups of hosts into smaller collections.
Q13. Visitors entering a building are required to close the back door before the front door of the same entry room is open. Which of the following is being described?
A. Tailgating
B. Fencing
C. Screening
D. Mantrap
Answer: D
Explanation:
Mantraps are designed to contain an unauthorized, potentially hostile person/individual physically until authorities arrive. Mantraps are typically manufactured with bulletproof glass, high-strength doors, and locks and to allow the minimal amount of individuals depending on its size. Some mantraps even include scales that will weigh the person. The doors are designed in such a way as to open only when the mantrap is occupied or empty and not in-between. This means that the backdoor must first close before the front door will open; exactly what is required in this scenario.
Q14. A computer security officer has investigated a possible data breach and has found it credible. The officer notifies the data center manager and the Chief Information Security Officer (CISO). This is an example of:
A. escalation and notification.
B. first responder.
C. incident identification.
D. incident mitigation.
Answer: A
Explanation:
Q15. Which of the following MOST interferes with network-based detection techniques?
A. Mime-encoding
B. SSL
C. FTP
D. Anonymous email accounts
Answer: B
Explanation:
Secure Sockets Layer (SSL) is used to establish secure TCP communication between two machines by encrypting the communication. Encrypted communications cannot easily be inspected for anomalies by network-based intrusion detection systems (NIDS).