Q611. Which of the following practices reduces the management burden of access management?
A. Password complexity policies
B. User account audit
C. Log analysis and review
D. Group based privileges
Answer: D
Explanation: Granting permissions to all members of a group is quicker than individually assigning them to each user. This means an administrator will spend less time on assigning permissions to users who require the same access privileges.
Q612. The common method of breaking larger network address space into smaller networks is known as:
A. subnetting.
B. phishing.
C. virtualization.
D. packet filtering.
Answer: A
Explanation:
Q613. Pete, a security analyst, has been tasked with explaining the different types of malware to his colleagues. The two malware types that the group seems to be most interested in are botnets and viruses. Which of the following explains the difference between these two types of malware?
A. Viruses are a subset of botnets which are used as part of SYN attacks.
B. Botnets are a subset of malware which are used as part of DDoS attacks.
C. Viruses are a class of malware which create hidden openings within an OS.
D. Botnets are used within DR to ensure network uptime and viruses are not.
Answer: B
Explanation:
A botnet is a collection of Internet-connected programs communicating with other similar programs in order to perform tasks. This can be as mundane as keeping control of an Internet Relay Chat (IRC) channel, or it could be used to send spam email or participate in distributed denial-of-service attacks. The word botnet is a combination of the words robot and network. The term is usually used with a negative or malicious connotation. Computers can be co-opted into a botnet when they execute malicious software. This can be accomplished by luring users into making a drive-by download, exploiting web browser vulnerabilities, or by tricking the user into running a Trojan horse program, which may come from an email attachment. This malware will typically install modules that allow the computer to be commanded and controlled by the botnet's operator. Many computer users are unaware that their computer is infected with bots. Depending on how it is written, a Trojan may then delete itself, or may remain present to update and maintain the modules.
Q614. Which of the following access controls enforces permissions based on data labeling at specific levels?
A. Mandatory access control
B. Separation of duties access control
C. Discretionary access control
D. Role based access control
Answer: A
Explanation:
In a MAC environment everything is assigned a classification marker. Subjects are assigned a clearance level and objects are assigned a sensitivity label.
Q615. Which of the following network architecture concepts is used to securely isolate at the boundary between networks?
A. VLAN
B. Subnetting
C. DMZ
D. NAT
Answer: C
Explanation:
A demilitarized zone (DMZ) is an area of a network that is designed specifically for public users to access. The DMZ is a buffer network between the public untrusted Internet and the private trusted LAN. Often a DMZ is deployed through the use of a multihomed firewall.
Q616. A security administrator wants to deploy a physical security control to limit an individual’s access into a sensitive area. Which of the following should be implemented?
A. Guards
B. CCTV
C. Bollards
D. Spike strip
Answer: A
Explanation:
A guard can be intimidating and respond to a situation and in a case where you want to limit an individual’s access to a sensitive area a guard would be the most effective.
Q617. Sara, an employee, tethers her smartphone to her work PC to bypass the corporate web security gateway while connected to the LAN. While Sara is out at lunch her PC is compromised via the tethered connection and corporate data is stolen. Which of the following would BEST prevent this from occurring again?
A. Disable the wireless access and implement strict router ACLs.
B. Reduce restrictions on the corporate web security gateway.
C. Security policy and threat awareness training.
D. Perform user rights and permissions reviews.
Answer: C
Explanation:
BYOD (In this case Sara’s smart phone) involves the possibility of a personal device that is infected with malware introducing that malware to the network and security awareness training will address the issue of the company’s security policy with regard to BYOD.
Q618. A cafe provides laptops for Internet access to their customers. The cafe is located in the center corridor of a busy shopping mall. The company has experienced several laptop thefts from the cafe during peak shopping hours of the day. Corporate has asked that the IT department provide a solution to eliminate laptop theft. Which of the following would provide the IT department with the BEST solution?
A. Attach cable locks to each laptop
B. Require each customer to sign an AUP
C. Install a GPS tracking device onto each laptop
D. Install security cameras within the perimeter of the café
Answer: A
Explanation:
All laptop cases include a built-in security slot in which a cable lock can be inserted to prevent it from easily being removed from the premises.
Topic 3, Threats and Vulnerabilities
Q619. Which of the following assessments would Pete, the security administrator, use to actively test that an application’s security controls are in place?
A. Code review
B. Penetration test
C. Protocol analyzer
D. Vulnerability scan
Answer: B
Explanation:
Penetration testing (also called pen testing) is the practice of testing a computer system, network or Web application to find vulnerabilities that an attacker could exploit. Pen tests can be automated with software applications or they can be performed manually. Either way, the process includes gathering information about the target before the test (reconnaissance), identifying possible entry points, attempting to break in (either virtually or for real) and reporting back the findings. The main objective of penetration testing is to determine security weaknesses. A pen test can also be used to test an organization's security policy compliance, its employees' security awareness and the organization's ability to identify and respond to security incidents. Penetration tests are sometimes called white hat attacks because in a pen test, the good guys are attempting to break in.
Pen test strategies include:
Targeted testing Targeted testing is performed by the organization's IT team and the penetration testing team working together. It's sometimes referred to as a "lights-turned-on" approach because everyone can see the test being carried out.
External testing This type of pen test targets a company's externally visible servers or devices including domain name servers (DNS), e-mail servers, Web servers or firewalls. The objective is to find out if an outside attacker can get in and how far they can get in once they've gained access.
Internal testing This test mimics an inside attack behind the firewall by an authorized user with standard access privileges. This kind of test is useful for estimating how much damage a disgruntled employee could cause.
Blind testing A blind test strategy simulates the actions and procedures of a real attacker by severely limiting the information given to the person or team that's performing the test beforehand. Typically, they may only be given the name of the company. Because this type of test can require a considerable amount of time for reconnaissance, it can be expensive.
Double blind testing Double blind testing takes the blind test and carries it a step further. In this type of pen test, only one or two people within the organization might be aware a test is being conducted. Double-blind tests can be useful for testing an organization's security monitoring and incident identification as well as its response procedures.
Q620. An attacker used an undocumented and unknown application exploit to gain access to a file server. Which of the following BEST describes this type of attack?
A. Integer overflow
B. Cross-site scripting
C. Zero-day
D. Session hijacking
E. XML injection
Answer: C
Explanation:
The vulnerability is undocumented and unknown. This is zero day vulnerability. A zero day vulnerability refers to a hole in software that is unknown to the vendor. This security hole is then exploited by hackers before the vendor becomes aware and hurries to fix it—this exploit is called a zero day attack. Uses of zero day attacks can include infiltrating malware, spyware or allowing unwanted access to user information. The term “zero day” refers to the unknown nature of the hole to those outside of the hackers, specifically, the developers. Once the vulnerability becomes known, a race begins for the developer, who must protect users.