Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. A small company has a website that provides online customer support. The company requires an account recovery process so that customers who forget their passwords can regain access.
Which of the following is the BEST approach to implement this process?
A. Replace passwords with hardware tokens which provide two-factor authentication to the online customer support site.
B. Require the customer to physically come into the company’s main office so that the customer can be authenticated prior to their password being reset.
C. Web-based form that identifies customer by another mechanism and then emails the customer their forgotten password.
D. Web-based form that identifies customer by another mechanism, sets a temporary password and forces a password change upon first login.
Answer: D
Explanation:
People tend to forget their passwords, thus you should have a password recovery system for them that will not increase risk exposure. Setting a temporary password will restrict the time that the password is valid and thus decrease risk; and in addition forcing the customer to change it upon first login will make the password more secure for the customer.
Q2. Computer evidence at a crime scene is documented with a tag stating who had possession of the evidence at a given time.
Which of the following does this illustrate?
A. System image capture
B. Record time offset
C. Order of volatility
D. Chain of custody
Answer: D
Explanation:
Chain of custody deals with how evidence is secured, where it is stored, and who has access to it. When you begin to collect evidence, you must keep track of that evidence at all times and show who has it, who has seen it, and where it has been.
Q3. A set of standardized system images with a pre-defined set of applications is used to build end-user workstations. The security administrator has scanned every workstation to create a current inventory of all applications that are installed on active workstations and is documenting which applications are out-of-date and could be exploited. The security administrator is determining the:
A. attack surface.
B. application hardening effectiveness.
C. application baseline.
D. OS hardening effectiveness.
Answer: A
Explanation:
Q4. The act of magnetically erasing all of the data on a disk is known as:
A. Wiping
B. Dissolution
C. Scrubbing
D. Degaussing
Answer: D
Explanation:
Degaussing is a form a data wiping that entails the use of magnets to alter the magnetic structure of the storage medium.
Q5. Which of the following is a Data Loss Prevention (DLP) strategy and is MOST useful for securing data in use?
A. Email scanning
B. Content discovery
C. Database fingerprinting
D. Endpoint protection
Answer: D
Explanation:
Data loss prevention (DLP) systems monitor the contents of systems (workstations, servers, and networks) to make sure that key content is not deleted or removed. They also monitor who is using the data (looking for unauthorized access) and transmitting the data. DLP systems share commonality with network intrusion prevention systems. Endpoint protection provides security and management over both physical and virtual environments.
Q6. Why would a technician use a password cracker?
A. To look for weak passwords on the network
B. To change a user’s passwords when they leave the company
C. To enforce password complexity requirements
D. To change users passwords if they have forgotten them
Answer: A
Explanation:
A password cracker will be able to expose weak passwords on a network.
Q7. A computer security officer has investigated a possible data breach and has found it credible. The officer notifies the data center manager and the Chief Information Security Officer (CISO). This is an example of:
A. escalation and notification.
B. first responder.
C. incident identification.
D. incident mitigation.
Answer: A
Explanation:
Q8. A company hosts its public websites internally. The administrator would like to make some changes to the architecture.
The three goals are:
(1)
reduce the number of public IP addresses in use by the web servers
(2)
drive all the web traffic through a central point of control
(3)
mitigate automated attacks that are based on IP address scanning
Which of the following would meet all three goals?
A. Firewall
B. Load balancer
C. URL filter
D. Reverse proxy
Answer: D
Explanation:
Q9. Which of the following pseudocodes can be used to handle program exceptions?
A. If program detects another instance of itself, then kill program instance.
B. If user enters invalid input, then restart program.
C. If program module crashes, then restart program module.
D. If user’s input exceeds buffer length, then truncate the input.
Answer: C
Explanation:
Exception handling is an aspect of secure coding. When errors occur, the system should revert back to a secure state. This must be coded into the system by the programmer, and should capture all errors and exceptions that could cause the application or its modules to crash. Restarting the application or module would ensure that the application reverts back to a secure state.
Q10. Which of the following malware types typically allows an attacker to monitor a user’s computer, is characterized by a drive-by download, and requires no user interaction?
A. Virus
B. Logic bomb
C. Spyware
D. Adware
Answer: C
Explanation: Explanation Spyware is software that is used to gather information about a person or organization without their knowledge and sends that information to another entity.
Q11. The string:
‘ or 1=1-- -
Represents which of the following?
A. Bluejacking
B. Rogue access point
C. SQL Injection
D. Client-side attacks
Answer: C
Explanation:
The code in the question is an example of a SQL Injection attack. The code ‘1=1’ will always provide a value of true. This can be included in statement designed to return all rows in a SQL table.
SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker). SQL injection must exploit a security vulnerability in an application's software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database.
Q12. An administrator wants to ensure that the reclaimed space of a hard drive has been sanitized while the computer is in use. Which of the following can be implemented?
A. Cluster tip wiping
B. Individual file encryption
C. Full disk encryption
D. Storage retention
Answer: A
Explanation:
A computer hard disk is divided into small segments called clusters. A file usually spans several clusters but rarely fills the last cluster, which is called cluster tip. This cluster tip area may contain file data because the size of the file you are working with may grow or shrink and needs to be securely deleted.
Q13. An administrator is building a development environment and requests that three virtual servers are cloned and placed in a new virtual network isolated from the production network. Which of the following describes the environment the administrator is building?
A. Cloud
B. Trusted
C. Sandbox
D. Snapshot
Answer: C
Explanation:
Sandboxing is the process of isolating a system before installing new applications on it so as to restrict any potential malware that may be embedded in the new application from being able to cause harm to production systems.
Q14. Which of the following are examples of network segmentation? (Select TWO).
A. IDS
B. IaaS
C. DMZ
D. Subnet
E. IPS
Answer: C,D
Explanation:
C:
A demilitarized zone (DMZ) is a part of the network that is separated of segmented from the rest of the network by means of firewalls and acts as a buffer between the untrusted public Internet and the trusted local area network (LAN).
D.
IP subnets can be used to separate or segment networks while allowing communication between the network segments via routers.
Q15. Which of the following can BEST help prevent cross-site scripting attacks and buffer overflows on a production system?
A. Input validation
B. Network intrusion detection system
C. Anomaly-based HIDS
D. Peer review
Answer: A
Explanation:
Input validation is a defensive technique intended to mitigate against possible user input attacks, such as buffer overflows and fuzzing. Input validation checks every user input submitted to the application before processing that input. The check could be a length, a character type, a language type, or a domain.