CEIS 299 Week 8 Quiz|90 Questions and Answers||Graded A+

CEIS 299 Week 8 Quiz|90 Questions and Answers||Graded A+ CEIS 299 Week 8 Quiz|90 Questions and Answers||Graded A+ Question 1 Which authentication factor can use an authentication method based on information extracted from a packet header? Something you have Something you are Something you know Somewhere you are Question 2 Data destruction can be accomplished with all the following EXCEPT: Pulping Burying Burning Shredding Question 3 As a part of data center planning you have leased rack space in offsite datacenters: one in the US, as the site used for offsite backups and recovery, and the other in Mexico, as the failover and alternative processing site. You will maintain the datacenter at HO in US. All sites are at a distance of 1,500 miles from each other. You receive notice from legal that due to the recent award of a DOD contract, no technical specifications, nor the required encryption technology can leave the country. Which geographic consideration is properly planned for in this situation? Location selection Distance Legal implications offsite backups Question 4 A user reports that they have received an e-mail from their credit card. The e-mail states there is a problem with their account. The e-mail provides a link to follow to correct the issue; however, upon further inspection, the user notices the URL looks suspicious. Of which of the following is this MOST likely an example? Adware Pharming attack Phishing attack ARP Poisoning attack Question 5 You need to implement biometric access controls to a high security location in your office. Which biometric factor would be considered the least accurate? Voice recognition Facial recognition Fingerprints Iris pattern Question 6 You are the Network professional for a small boutique hedge fund in lower Manhattan. You depend on your servers to manage transactions at the average rate of $7,000,000 daily. Your industry is being targeted by Ransomware, which has increased the likelihood of an incident occurring over the course of a year to 40%. A successful attack will keep your servers offline for two hours. Assuming a seven-hour workday what is the ALE? $80,000 $500,000 $50,000 $800,000 Question 7 Various systems in your network environment use consistent settings. You want to be able to check the settings are accurate. What should you do? Have automated configuration validation Apply master images to the various systems Provide continuous monitoring through automation Use a template with the configuration settings Question 8 The system administrator at a small corporation is in the process of upgrading the network intrusion detection system but doesn't have time to build an extensive threat database or establish a threat threshold from scratch. Rather, the administrator chooses to rely on the cumulative data compiled by various trusted security vendors regarding known network security threats to guard against. Which monitoring methodology would be most likely to report false negatives under these circumstances? Heuristic monitoring Signature-based monitoring Behavior or anomaly-based monitoring Rule-based monitoring Question 9 You have implemented the use of request verification tokens associated with user sessions for a web server. Which type of attack will this help prevent? IP spoofing XSRF Privilege escalation Zero-day Question 10 A user is preforming a search using a popular search engine. They come across a website where they can win a sum of money by clicking on a link. When the user clicks on the link they are taken to a blank page. Later they notice that several posts have been made to their social media site containing adds. Which of the follow attacks being described? URL hijacking Typo squatting Session hijacking Clickjacking Question 11 Which of the following is a definition of “Circuit-level proxy”? Enables one proxy per service Verifies the source and destination addresses, port, and service Only verifies packet header information Maintains a table of each conversation. Question 12 An intruder phones an employee pretending to be their manager looking for confidential information. Which influence tactic is MOST likely to make this method effective? Authority Intimidation Urgency Social proof Question 13 As a network technician within your company, you have been tasked with applying changes to your corporate account management policy. You are required to ensure that users must use 20 unique passwords before an old account password can be reused. You must also ensure that their user account passwords are forced to be updated every 30 days. Which account policies should you use to meet these requirements? (Select all that apply.) Passwords must meet complexity requirements Maximum password age Minimum password age Enforce password history Question 14 You work for a company that allows employees to use their personal phones, which are not managed by the IT department. As a result, the company wants users to have phone security in mind and you have been asked to educate iPhone users on what they can do to implement a secure iOS. Which security methods would you recommend? (Select all that apply.) Least functionality Application whitelisting/blacklisting Patch management Use a trusted operating system Disabling unnecessary ports Question 15 One technology that administrators can use to prevent network traffic disruptions in ensuring data is always available, is load balancing. Load balancers are typically configured with virtual IP addresses to distribute network traffic across one or more servers. Which of the following is the definition of “Affinity”? Ensuring network traffic is distributed evenly among servers in a pool, by redirecting data traffic to a series of servers in turn. Configuring a load balancer to have a preference in terms of which servers it uses when redistributing network traffic. Scheduling a network load dynamically among several servers designated to handle traffic, depending on the load currently being handled by each allocated server. Distributing a network load among servers that are available, with others that can be designated to handle a further load, if needed. Question 16 You have received a call from a person who has identified themselves as a manager in your company. They have advised you that they have forgotten their user credentials and have asked you to provide them. Which of the following is this MOST likely an example of? Spear phishing Spim Vishing Smishing Question 17 Which of the following technologies hosts multiple desktop environments on a central server? ACL VDI VLAN VPN Question 18 A user who just received a new work computer complains that they are receiving multiple junk e-mails every day. Which of the following should they configure? Antivirus Anti-spam Anti-spyware SmartScreen filter Question 19 While testing one of your organization's applications, you have discovered that a developer has left a backdoor method to gain root access to the application. As a result, which of the following attacks is MOST likely to occur? TCP/IP hijacking Spear phishing DDoS Privilege escalation Question 20 As the application developer for your company you are concerned about ensuring that your data is stored using a fast and efficient enciphering mechanism. All else being equal, which of the following cipher mode would be the worst choice in terms of performance? ECB GCM CTR CBC Question 21 The purpose of performing vulnerability scans is to: (Select all that apply.) Escalate privilege Identify a lack of security Attempt to exploit a vulnerability Identify misconfigured software Question 22 Which Diffie-Hellman cryptographic group is the strongest and most secure? DH Group 1 DH Group 20 DH Group 5 RSA Question 23 Installing and maintaining applications on a network can lead to several issues. One of these issues deals with authentication. What are steps you can take to prevent attackers who have grabbed authentication traffic from getting into the application or database? (Select all that apply.) Use biometrics or one-time access codes Ensure that each application uses its own account Have an application whitelist in place Maintain the system Question 24 During an active incident you have data to acquire from the machine hard drives; the active RAM, the log files and the USB device suspected to have brought the malicious payload inside the network. You decide to capture the RAM first based on what procedural principle? Legal and compliance Order of volatility Data retention Order of restoration Question 25 Network proxies are a technology you can use to defend a network against threats originating from the Internet. There are several types to choose from. Match each proxy type to its description. Forward Handles requests for online content and fetches the relevant information from the Internet and presents it internally to the client device Transparent Processes requests for information on behalf of clients without requiring any intervention or software configuration on the part of the client Reverse Forwards a request for information originating from the Internet to act as an intermediary online servers and internal network servers Application or multi-purpose Filters requests for data based on configurable criteria such as the originating and destination IP address or port number Question 26 Your company has recently implemented a PKI. As part of the networking team; you have been tasked with revoking a certificate that was issued to a client. Which of the following can be used to verify that a certificate issued to a client was revoked before it expired? (Select all that apply.) CRL CSR LRA OCSP Question 27 You have been asked to build up a new PKI to internally support secure authentication and communications within your organization. Which of the following are NOT properties of a certificate? OID Subject Thumbprint Certificate Revocation List (CRL) Question 28 You need to perform a risk assessment to determine the risk impact on your organization's IT infrastructure. What should you perform? BIA PCI-DSS Vulnerability testing Penetration testing Question 29 Match each of the following attacks to their appropriate descriptions. Pass the hash Uses a NTLM or LanMan hash of a user's password to gain access to a system. Amplification An attack that is asymmetric where a small number of resources are needed to inflict a significant amount of damage. Domain hijacking An attacker gains access to registration information of a domain. Man-in-the-browser An attack where an attacker relays communication between devices to another device. Question 30 As the security administrator of your organization you have been asked to identify the specific PII that is stored on the servers your company maintains and to spell out exactly how it is protected, shared; and maintained. Which of the following describes the type of document you are generating? Privacy Threshold Assessment Incident Response Plan Corrective Action Report Privacy Impact Assessment Question 31 A company requires you to secure a small office network that consists of several Windows computers configured as a workgroup. Which authentication method would be used by default? Kerberos LDAP Secure token NTLM v2 MS-CHAP Question 32 A company is using biometric authentication. Which of the following would be used to gain access to a protected resource? (Select all that apply.) Motion sensor Retinal scanner Proximity reader Fingerprint scanner Question 33 Your organization is required to consolidate single-sign on and authorization by extending enterprise security policies to the cloud. What should be used? Multitenancy Cloud storage Security as a software Cloud access security brokers Question 34 Your company operates with a strict no BYOD policy in place, but users are still trying to connect their own equipment to the company network. You already have the network mapped out, but which tool can you use to detect any rogue systems? Configuration compliance scanner Network scanner Wireless scanner Vulnerability scanner Protocol analyzer Question 35 You are in the process of upgrading the organization's email security, both within the corporate network and for users who need to access their corporate email remotely. Which protocols can you use to accomplish this? (Select all they apply.) SNMP Secure POP/IMAP HTTPS S/MIME 802.11 Question 36 Network switches can be configured to operate at layer 2 or 3 of the network model; with each layer providing a different level of security. Match each type of protection a network switch can provide to the layer at which it operates. Passing traffic from one network segment to another based on the IP address information associated with a port on the switch Layer 3 Providing port security by associating a specific MAC address of a particular device with a port on the switch Layer 2 Configuring STP to prevent data loops Layer 2 Making forwarding decisions based on MAC addresses Layer 2 Question 37 Which solution will allow users to encrypt individual files? BitLocker VPN AppLocker EFS Question 38 Which of the following are attributes of threat actors? (Select all that apply.) Age Internal/external Gender Resources/funding Intent/motivation Level of sophistication Question 39 A new web application has been created and you have been tasked with setting up a secure environment, which includes an application server; database server, web server, and security appliances. What does this scenario describe? Answer Provisioning Deprovisioning Change management Version control Question 40 What is a minimum requirement when placing mission-critical systems in wiring closets or server rooms? Use power line conditioners to ensure that the systems are exposed only to transient noise. Install an HVAC system that maintains positive pressurization to prevent air contamination. Use electronic access control with all entry attempts logged by security systems. Install system control programs on all mission-critical systems. Question 41 Which concept is based on determining how much data an organization can afford to lose? MTBF RPO MTTR RTO Question 42 With mobile device management (MDM) a system administrator can monitor security relating to the physical attributes of mobile devices. For example; how external media may be used or whether it is okay to use GPS tagging in photos. Which other attributes need to be monitored and secured? (Select all that apply.) SMS, MMS, and Wi-Fi tethering Accessories and peripherals Camera usage Device themes USB OTG Microphone recordings Question 43 Which of the following is a function of DHE? Provides authentication Uses elliptic curves Uses static keys Provides perfect forward secrecy Question 44 You are configuring various security technologies as part of your organization unified threat management system (UTM). Match each log file example with the technology it corresponds to. Cumulative update for Windows 10 (KB3176495) Patch management tool Vendor: Ad.Myweb, Category: File, Items: HKEY_CLASSES_ROOTAction taken: Quarantined Advanced malware tool Notice: Unhandled link-local or multicast IPv6 packet dropped Web application firewall Question 45 Match each mode of operation with their description. Cipher Block Chaining (CBC) Encrypts an XORed IV with a key on a data block Counter Mode (CTM or CTR) A shared value and a key encrypts the data Electronic Codebook (ECB) The same single key encrypts each data block Cipher Feedback (CFB) Cipher text from the previous block encrypts the next block Galois Counter Mode (GCM) An authentication code used with cipher text for verifying data block integrity Question 46 Your company has some important clients visiting the office and they require temporary access to a specific resource on your network during their visit. Which type of account should you assign these users? Shared account Service account Generic account Privileged account Guest account Question 47 As the security administrator in your organization you need to export the private key and certificate from one web server to another. Which of the following file types will allow you to do so with a single file? (Select all that apply.) P12 DER PFX P7B PEM CER Question 48 A system on your network was accessed during working hours and some sensitive information was viewed by an unintended user. Which actions will help prevent this issue from occurring in the future? (Select all that apply.) Perform usage auditing and review Set time-of-day restrictions Perform permission auditing and review Implement onboarding/offboarding policies Question 49 You are attending a concert for a local band. You wish to purchase some merchandise from a vender. The vender accepts cash; but also accepts credit cards. If you use your credit card, which of the following attacks should you be concerned with? (Select all that apply.) Combination attack Replay Attack Jamming NFC Disassociation Question 50 A user clicks a link in an email which encrypts the user's workstation and all network shares the user has access to, then displays ransomware demands. The virus was able to avoid blocking by your email filters and antivirus. Which of the following is the most likely reason the virus succeeded? Resource exhaustion Improperly configured accounts Untrained users Zero-day-exploit Question 51 Which hashing algorithms are used with SSL? (Select all that apply.) MD5 RIPEMD SHA-1 HMAC Question 52 Misconfigured devices are an easy entry point into your system for unauthorized users. What are some of the main devices that must be properly configured to maintain a secure network? (Select all that apply.) Content filter E-mail Access points Firewall Question 53 Which authentication method is commonly used as part of an SSO implementation? TACACS+ LDAP MS-CHAP RADIUS Kerberos Question 54 A user reports that they have received a message on their computer saying the system was used for illegal activity. Which of the following is MOST likely the cause? Adware Botnet Ransomware Armored virus Question 55 Which of the following is a form of smart card? MAC CAC RBAC DAC Question 56 You have configured a firewall to filter external traffic entering your company's network. Which type of access control does a firewall use? Discretionary access control Role-based access control Rule-based access control Mandatory access control Attribute-based access control Question 57 As the security administrator for your organization you are concerned with loss of the data through the theft of servers, hard drives, or backups of data. You choose to use encryption technologies that ensure that the data is stored using cipher-text. This is an example of protecting what type of data? Data-in-Transit Data-in-motion Data-in-use Data-at-rest Question 58 You are configuring rules for an access control list (ACL) on a router that handles inbound traffic for your organization's network. What is the purpose of an "implicit deny all" rule? To allow the router to authorize outbound network traffic To refute the need for a network firewall To prevent the router from authorizing any inbound network traffic To ensure only authorized traffic is permitted to pass through into the network Question 59 When talking about open-source intelligence, which of the terms correctly describe its true meaning? Open-source intelligence is a slower method of intelligence gathering. Open-source intelligence is data that has been collected from publicly available sources. Open-source intelligence is a type of collection method that uses common knowledge. Open-source intelligence are open source tools used to gain information about a subject. Question 60 Which of the following technologies can assist with asset tracking and inventory control of mobile devices? Digital signatures Common Access Cards RFID tags Tokens Question 61 You work for a new tourism company that has four employees. You often need to allow Internet access for visitors coming into the building without giving out your company's network information. What should you do to meet this need with the least amount of effort? Setup an ad-hoc LAN network Have them connect online using the Guest network Create a separate wireless network for each visitor Have them connect to your Extranet Question 62 In response to an incident you capture a system image of the affected system, plan a review of network traffic and logs, capture video of the incident, record time offset, take hashes and screenshots, and schedule witness interviews These are all examples of what? Data acquisition Chain of custody Legal hold Preservation Question 63 One of your webservers has been compromised by an attacker exploiting the SUID bit set to run as the superuser. What was the most likely attack vector used? Pointer dereference Integer overflow Buffer overflow Memory leak DLL Injection Question 64 Which of the following is an example of an environmental control? Hot and cold aisles Antivirus programs Firewalls Biometrics Question 65 Which key is used by asymmetric algorithms to decrypt messages? Private key Public key Session key Secret key Question 66 When applying secure network administration principles, what should be included at the end of every firewall rule list? A program rule to block all programs A port rule to block all TCP ports A port rule to block all UDP ports An implicit deny rule Question 67 Which Group Policy setting should be configured to ensure that users are forced to use a password that does not contain their account name? Store password using reversible encryption Passwords must meet complexity requirements Enforce password history Maximum password age Question 68 When speaking about penetration testing, which of the following best describes persistence? Installing a backdoor that needs authentication Logging each key that the user presses on the keyboard The ability to survive a reboot The ability to repeatedly access a network Question 69 As a security administrator trying to manage the possible business impact of various risks you need to identify the specific services or functions that your company provides that must be either fault tolerant or able to resume quickly after a disruption. In doing this you are identifying which of the following? Mission-Essential Functions Single Points of Failure RTO Critical Systems Question 70 The secure sockets layer, or SSL, protocol can be used to encrypt network traffic between endpoints, thereby improving security overall. But such encrypted data needs to be decrypted again to ensure it’s accessible by authorized clients. Which device can be configured to act as an SSL decryptor? Firewalls Access points Mail proxies Web proxies Routers Question 71 Spoofing poses a threat to network security, especially where network routers, switches, and firewalls are concerned. Which antispoofing measures should you take to ensure the organizational remains secure? (Select all that apply.) Ensure every traffic request has an originating IP address, port number, and destination IP address Disable any interfaces that aren't being used Scan for and deny MAC or IP address duplicates Limit the IP address ranges for each router or switch to the minimum Configure the router or switch to use RPF Question 72 Your organization is placing a greater focus on security awareness and training. Which personnel management policy would be used to help prevent the leaking of sensitive information? Adverse actions Exit interviews Continuing education NDA Onboarding Acceptable use policy Question 73 Which of the following technologies will ensure that all Internet traffic is directed through the VPN connection? Full tunnel VPN Always-on VPN TLS Split tunnel VPN Question 74 Your company has setup an NIDS that receives a copy of all the traffic that is passing through your network. It logs any traffic that is suspicious. What is this an example of in this scenario? (Select all that apply.) Inline Passive Out-of-band Active In-band Question 75 You are working for a company that suspects an unauthorized user on the company network is sending classified data to another user over the Internet. What should you do to make a copy of the data to be analyzed? Use an SSL Accelerator Implement SPAN Setup a proximity sensor Introduce a correlation engine Question 76 You need to provide a username, password, and PIN to log in to a computer successfully. Which form of authentication is being used? Dual-factor authentication Kerberos authentication Single-factor authentication Multi-factor authentication Question 77 In preparation for the real incident, you schedule an exercise and have documented the incident types and category definitions. Which components are part of the incident response plan? (Select all that apply.) Reporting requirements/escalation Quantitative Testing Qualitative Testing Roles and responsibilities Cyber-incident response teams Question 78 Match each deployment model to a description. BYOD Approve personal devices for business use Corporate-owned or CYOD Issue a corporate-owned device that the user may sometimes choose COPE Issue corporate-owned devices for business and private use VDI Deploy devices that don't run any business-specific applications locally Question 79 You are a network administrator of a large company that consists of 30,000 employees. You have been tasked with designing an account management structure that requires the least amount of administrative effort for managing all current and new user accounts. Which options would BEST meet these requirements? (Select all that apply.) Assign group-based privileges Place new user accounts into a group titled New Users Assign user-based privileges Place user accounts into groups Question 80 You are working on a project that involves a new database and tables. Part way through the project you notice that redundant data about a customer is being stored in a Customer Identity table. What should be incorporated to ensure redundant data is not being stored in the Customer Identity table? Proper error handling Proper input validation Stored procedures Normalization Question 81 Which security measure is implemented to help detect fraud from internal employees? (Select all that apply.) Clean desk Mandatory vacations Job rotation Background checks Separation of duties Question 82 Which type of system is used to monitor real time data to control equipment in energy and oil plants? SCADA HVAC DAC RBAC Question 83 You have added an important document to a file share on your organization's network. You have given individual users different permission levels to access this file. Which type of access control model have you implemented? Role-based access control Rule-based access control Mandatory access control Discretionary access control Question 84 You are leading a software project in which security is one of the most important considerations. Once the project is complete there will be no changes made to the specific environment in which an application runs. This environment will specify the software and configuration of the environment needed to run the application. These are examples of which security principles? (Select all that apply.) Baselining Immutable systems Continuous integration Security automation Infrastructure as code Question 85 What is the main function of a honeypot? To create a map of a network To identify any policy violations To fool a hacker into believing he is attacking a production system To detect any insider threats to the system Question 86 Which role is responsible for processing data backups? Data custodian Information systems auditor Data owner Security administrator Question 87 Which of the following relies on out-of-band key exchanges to transport keys? Digital signatures Symmetric algorithms Hashing algorithms Asymmetric algorithms Question 88 Which type of attack can be used to intercept and alter data that is sent between hosts? Man-in-the-middle attack UDP attack Brute-force attack Replay attack Question 89 What can be used to service several secure network connections over an unsecure network? Web security gateway Content filter NAT VPN concentrator Question 90 An intruder shows interest in an employee to gain the employee's trust. Which type of influence tactic is this? Commitment Authority Liking Obligatio