Q1. An organization is implementing a password management application which requires that all local administrator passwords be stored and automatically managed. Auditors will be responsible for monitoring activities in the application by reviewing the logs. Which of the following security controls is the BEST option to prevent auditors from accessing or modifying passwords in the application?
A. Time of day restrictions
B. Create user accounts for the auditors and assign read-only access
C. Mandatory access control
D. Role-based access with read-only
Answer: D
Explanation:
Q2. Who should be contacted FIRST in the event of a security breach?
A. Forensics analysis team
B. Internal auditors
C. Incident response team
D. Software vendors
Answer: C
Explanation:
A security breach is an incident and requires a response. The incident response team would be better equipped to deal with any incident insofar as all their procedures are concerned. Their procedures in addressing incidents are: Preparation; Incident identification; Escalation and notification; Mitigation steps; Lessons learned; Reporting; Recover/reconstitution procedures; First responder; Incident isolation (Quarantine; Device removal); Data breach; Damage and loss control.
Q3. A company’s legacy server requires administration using Telnet. Which of the following protocols could be used to secure communication by offering encryption at a lower OSI layer? (Select TWO).
A. IPv6
B. SFTP
C. IPSec
D. SSH
E. IPv4
Answer: A,C
Explanation:
Telnet supports IPv6 connections. IPv6 is the communications protocol that provides an identification and location system for computers on networks and routes traffic across the Internet. IPsec is a protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. IPsec is a compulsory component for IPv6.
IPsec operates at Layer 3 of the OSI model, whereas Telnet operates at Layer 7.
Q4. Protecting the confidentiality of a message is accomplished by encrypting the message with which of the following?
A. Sender's private key
B. Recipient's public key
C. Sender's public key
D. Recipient's private key
Answer: B
Explanation:
Q5. A company has recently implemented a high density wireless system by having a junior technician install two new access points for every access point already deployed. Users are now reporting random wireless disconnections and slow network connectivity. Which of the following is the MOST likely cause?
A. The old APs use 802.11a
B. Users did not enter the MAC of the new APs
C. The new APs use MIMO
D. A site survey was not conducted
Answer: D
Explanation:
To test the wireless AP placement, a site survey should be performed.
Topic 2, Compliance and Operational Security
Q6. Environmental control measures include which of the following?
A. Access list
B. Lighting
C. Motion detection
D. EMI shielding
Answer: D
Explanation:
Environmental controls include HVAC, Fire Suppression, EMI Shielding, Hot and Cold Aisles, Environmental monitoring as well as Temperature and Humidity controls.
Q7. After a recent security breach, the network administrator has been tasked to update and backup all router and switch configurations. The security administrator has been tasked to enforce stricter security policies. All users were forced to undergo additional user awareness training. All of these actions are due to which of the following types of risk mitigation strategies?
A. Change management
B. Implementing policies to prevent data loss
C. User rights and permissions review
D. Lessons learned
Answer: D
Explanation:
Incident response procedures involves: Preparation; Incident identification; Escalation and notification; Mitigation steps; Lessons learned; Reporting; Recover/reconstitution procedures; First responder; Incident isolation (Quarantine; Device removal); Data breach; Damage and loss control. Described in the question is a situation where a security breach had occurred and its response which shows that lessons have been learned and used to put in place measures that will prevent any future security breaches of the same kind.
Q8. A company determines a need for additional protection from rogue devices plugging into physical ports around the building.
Which of the following provides the highest degree of protection from unauthorized wired network access?
A. Intrusion Prevention Systems
B. MAC filtering
C. Flood guards
D. 802.1x
Answer: D
Explanation:
IEEE 802.1x is an IEEE Standard for Port-based Network Access Control (PNAC). It is part of the IEEE 802.1 group of networking protocols and provides an authentication mechanism to wireless devices connecting to a LAN or WLAN.
Q9. A team of firewall administrators have access to a `master password list’ containing service account passwords. Which of the following BEST protects the master password list?
A. File encryption
B. Password hashing
C. USB encryption
D. Full disk encryption
Answer: A
Explanation:
File encryption can be used to protect the contents of individual files. It uses randomly generated symmetric encryption keys for the file and stores the key in an encrypted form using the user’s public key on the encrypted file.
Q10. Which of the following statements is MOST likely to be included in the security awareness training about P2P?
A. P2P is always used to download copyrighted material.
B. P2P can be used to improve computer system response.
C. P2P may prevent viruses from entering the network.
D. P2P may cause excessive network bandwidth.
Answer: D
Explanation:
P2P networking by definition involves networking which will reduce available bandwidth for the rest of the users on the network.