Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. The practice of marking open wireless access points is called which of the following?
A. War dialing
B. War chalking
C. War driving
D. Evil twin
Answer: B
Explanation:
War chalking is the act of making chalk marks on outdoor surfaces (walls, sidewalks, buildings, sign posts, trees) to indicate the existence of an open wireless network connection, usually offering an Internet connection so that others can benefit from the free wireless access. The open connections typically come from the access points of wireless networks located within buildings to serve enterprises. The chalk symbols indicate the type of access point that is available at that specific spot.
Q2. A network technician is on the phone with the system administration team. Power to the server room was lost and servers need to be restarted. The DNS services must be the first to be restarted. Several machines are powered off. Assuming each server only provides one service, which of the following should be powered on FIRST to establish DNS services?
A. Bind server
B. Apache server
C. Exchange server
D. RADIUS server
Answer: A
Explanation:
BIND (Berkeley Internet Name Domain) is the most widely used Domain Name System (DNS) software on the Internet. It includes the DNS server component contracted for name daemon. This is the only option that directly involves DNS.
Q3. A compromised workstation utilized in a Distributed Denial of Service (DDOS) attack has been removed from the network and an image of the hard drive has been created. However, the system administrator stated that the system was left unattended for several hours before the image was created. In the event of a court case, which of the following is likely to be an issue with this incident?
A. Eye Witness
B. Data Analysis of the hard drive
C. Chain of custody
D. Expert Witness
Answer: C
Explanation:
Chain of custody deals with how evidence is secured, where it is stored, and who has access to it. When you begin to collect evidence, you must keep track of that evidence at all times and show who has it, who has seen it, and where it has been. The evidence must always be within your custody, or you’re open to dispute about possible evidence tampering.
Q4. Which of the following is a management control?
A. Logon banners
B. Written security policy
C. SYN attack prevention
D. Access Control List (ACL)
Answer: B
Explanation:
Management control types include risk assessment, planning, systems and Services Acquisition as well as Certification, Accreditation and Security Assessment; and written security policy falls in this category.
Q5. A computer is put into a restricted VLAN until the computer’s virus definitions are up-to-date.
Which of the following BEST describes this system type?
A. NAT
B. NIPS
C. NAC
D. DMZ
Answer: C
Explanation:
Network Access Control (NAC) means controlling access to an environment through strict adherence to and implementation of security policies. The goals of NAC are to prevent/reduce zero-day attacks, enforce security policy throughout the network, and use identities to perform access control.
Q6. Which of the following controls can be used to prevent the disclosure of sensitive information stored on a mobile device’s removable media in the event that the device is lost or stolen?
A. Hashing
B. Screen locks
C. Device password
D. Encryption
Answer: D
Explanation:
Encryption is used to ensure the confidentiality of information.
Q7. Which of the following is a control that allows a mobile application to access and manipulate information which should only be available by another application on the same mobile device (e.g. a music application posting the name of the current song playing on the device on a social media site)?
A. Co-hosted application
B. Transitive trust
C. Mutually exclusive access
D. Dual authentication
Answer: B
Explanation:
Q8. The security manager wants to unify the storage of credential, phone numbers, office numbers, and address information into one system. Which of the following is a system that will support the requirement on its own?
A. LDAP
B. SAML
C. TACACS
D. RADIUS
Answer: A
Explanation:
Q9. A security administrator is responsible for performing periodic reviews of user permission settings due to high turnover and internal transfers at a corporation. Which of the following BEST describes the procedure and security rationale for performing such reviews?
A. Review all user permissions and group memberships to ensure only the minimum set of permissions required to perform a job is assigned.
B. Review the permissions of all transferred users to ensure new permissions are granted so the employee can work effectively.
C. Ensure all users have adequate permissions and appropriate group memberships, so the volume of help desk calls is reduced.
D. Ensure former employee accounts have no permissions so that they cannot access any network file stores and resources.
Answer: A
Explanation:
Reviewing user permissions and group memberships form part of a privilege audit is used to determine that all groups, users, and other accounts have the appropriate privileges assigned according to the policies of the corporation.
Q10. Which of the following is used to verify data integrity?
A. SHA
B. 3DES
C. AES
D. RSA
Answer: A
Explanation:
SHA stands for "secure hash algorithm". SHA-1 is the most widely used of the existing SHA hash
functions, and is employed in several widely used applications and protocols including TLS and
SSL, PGP, SSH, S/MIME, and IPsec. It is used to ensure data integrity.
Note:
A hash value (or simply hash), also called a message digest, is a number generated from a string
of text. The hash is substantially smaller than the text itself, and is generated by a formula in such
a way that it is extremely unlikely that some other text will produce the same hash value.
Hashes play a role in security systems where they're used to ensure that transmitted messages
have not been tampered with. The sender generates a hash of the message, encrypts it, and sends it with the message itself. The recipient then decrypts both the message and the hash, produces another hash from the received message, and compares the two hashes. If they're the same, there is a very high probability that the message was transmitted intact. This is how hashing is used to ensure data integrity.
Q11. RADIUS provides which of the following?
A. Authentication, Authorization, Availability
B. Authentication, Authorization, Auditing
C. Authentication, Accounting, Auditing
D. Authentication, Authorization, Accounting
Answer: D
Explanation:
The Remote Authentication Dial In User Service (RADIUS) networking protocol offers centralized Authentication, Authorization, and Accounting (AAA) management for users who make use of a network service. It is for this reason that A, B, and C: are incorrect.
References: http://en.wikipedia.org/wiki/RADIUS
Q12. Which of the following would Pete, a security administrator, do to limit a wireless signal from penetrating the exterior walls?
A. Implement TKIP encryption
B. Consider antenna placement
C. Disable the SSID broadcast
D. Disable WPA
Answer: B
Explanation: Cinderblock walls, metal cabinets, and other barriers can reduce signal strength significantly. Therefore, antenna placement is critical.
Q13. When an order was submitted via the corporate website, an administrator noted special characters (e.g., ";--" and "or 1=1 --") were input instead of the expected letters and numbers.
Which of the following is the MOST likely reason for the unusual results?
A. The user is attempting to highjack the web server session using an open-source browser.
B. The user has been compromised by a cross-site scripting attack (XSS) and is part of a botnet performing DDoS attacks.
C. The user is attempting to fuzz the web server by entering foreign language characters which are incompatible with the website.
D. The user is sending malicious SQL injection strings in order to extract sensitive company or customer data via the website.
Answer: D
Explanation:
The code in the question is an example of a SQL Injection attack. The code ‘1=1’ will always provide a value of true. This can be included in statement designed to return all rows in a SQL table.
SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker). SQL injection must exploit a security vulnerability in an application's software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database.
Q14. A customer has provided an email address and password to a website as part of the login process. Which of the following BEST describes the email address?
A. Identification
B. Authorization
C. Access control
D. Authentication
Answer: A
Q15. A security engineer is reviewing log data and sees the output below:
POST: /payload.php HTTP/1.1 HOST: localhost Accept: */* Referrer: http://localhost/ ******* HTTP/1.1 403 Forbidden Connection: close
Log: Access denied with 403. Pattern matches form bypass Which of the following technologies was MOST likely being used to generate this log?
A. Host-based Intrusion Detection System
B. Web application firewall
C. Network-based Intrusion Detection System
D. Stateful Inspection Firewall
E. URL Content Filter
Answer: B
Explanation:
A web application firewall is a device, server add-on, virtual service, or system filter that defines a strict set of communication rules for a website and all visitors. It’s intended to be an application-specific firewall to prevent cross-site scripting, SQL injection, and other web application attacks.