Q1. A user suspects someone has been accessing a home network without permission by spoofing the MAC address of an authorized system. While attempting to determine if an authorized user is logged into the home network, the user reviews the wireless router, which shows the following table for systems that are currently on the home network.

Which of the following should be the NEXT step to determine if there is an unauthorized user on the network?

A. Apply MAC filtering and see if the router drops any of the systems.

B. Physically check each of the authorized systems to determine if they are logged onto the network.

C. Deny the “unknown” host because the hostname is not known and MAC filtering is not applied to this host.

D. Conduct a ping sweep of each of the authorized systems and see if an echo response is received.

View Answer

Q2. Malicious traffic from an internal network has been detected on an unauthorized port on an application server.

Which of the following network-based security controls should the engineer consider implementing?

A. ACLs

B. HIPS

C. NAT

D. MAC filtering

View Answer

Q3. A security administrator is developing controls for creating audit trails and tracking if a PHI data breach is to occur. The administrator has been given the following requirements:

Which of the following should the administrator implement to meet the above requirements? (Select three.)

A. Eliminate shared accounts.

B. Create a standard naming convention for accounts.

C. Implement usage auditing and review.

D. Enable account lockout thresholds.

E. Copy logs in real time to a secured WORM drive.

F. Implement time-of-day restrictions.

G. Perform regular permission audits and reviews.

View Answer

Q4. Which of the following attack types BEST describes a client-side attack that is used to manipulate an HTML iframe with JavaScript code via a web browser?

A. Buffer overflow

B. MITM

C. XSS

D. SQLi

View Answer

Q5. A department head at a university resigned on the first day of the spring semester. It was subsequently determined that the department head deleted numerous files and directories from the server-based home directory while the campus was closed. Which of the following policies or procedures could have prevented this from occurring?

A. Time-of-day restrictions

B. Permission auditing and review

C. Offboarding

D. Account expiration

View Answer

Q6. When configuring settings in a mandatory access control environment, which of the following specifies the subjects that can access specific data objects?

A. Owner

B. System

C. Administrator

D. User

View Answer

Q7. A systems administrator is reviewing the following information from a compromised server:

Given the above information, which of the following processes was MOST likely exploited via a remote buffer overflow attack?

A. Apache

B. LSASS

C. MySQL

D. TFTP

View Answer

Q8. A company has three divisions, each with its own networks and services. The company decides to make its secure web portal accessible to all employees utilizing their existing usernames and passwords. The security administrator has elected to use SAML to support authentication. In this scenario, which of the following will occur when users try to authenticate to the portal? (Select two.)

A. The portal will function as a service provider and request an authentication assertion.

B. The portal will function as an identity provider and issue an authentication assertion.

C. The portal will request an authentication ticket from each network that is transitively trusted.

D. The back-end networks will function as an identity provider and issue an authentication assertion.

E. The back-end networks will request authentication tickets from the portal, which will act as the third-party service provider authentication store.

F. The back-end networks will verify the assertion token issued by the portal functioning as the identity provider.

View Answer

Q9. Which of the following explains why vendors publish MD5 values when they provide software patches for their customers to download over the Internet?

A. The recipient can verify integrity of the software patch.

B. The recipient can verify the authenticity of the site used to download the patch.

C. The recipient can request future updates to the software using the published MD5 value.

D. The recipient can successfully activate the new software patch.

View Answer

Q10. Which of the following BEST describes an important security advantage yielded by implementing vendor diversity?

A. Sustainability

B. Homogeneity

C. Resiliency

D. Configurability

View Answer