Podcast
Questions and Answers
Which of the following must be configured to provide authentication between the switch and the TACACS+ server?
Which of the following must be configured to provide authentication between the switch and the TACACS+ server?
Which of the following is BEST suited to perform an audit of the login page of a newly developed web application to determine if default accounts have been disabled?
Which of the following is BEST suited to perform an audit of the login page of a newly developed web application to determine if default accounts have been disabled?
Which of the following is the color-coded table in the exhibit an example of?
Which of the following is the color-coded table in the exhibit an example of?
Which of the following should be implemented to prevent DoS attacks in the future for the bank experiencing a DoS attack against an application designed to handle 500 IP-based sessions, where the perimeter router can only handle 1Gbps of traffic?
Which of the following should be implemented to prevent DoS attacks in the future for the bank experiencing a DoS attack against an application designed to handle 500 IP-based sessions, where the perimeter router can only handle 1Gbps of traffic?
Signup and view all the answers
Which of the following actions should a systems administrator take when configuring a new network switch for TACACS+ management and authentication?
Which of the following actions should a systems administrator take when configuring a new network switch for TACACS+ management and authentication?
Signup and view all the answers
Which of the following actions should a security administrator take to audit the login page of a newly developed web application to determine if default accounts have been disabled?
Which of the following actions should a security administrator take to audit the login page of a newly developed web application to determine if default accounts have been disabled?
Signup and view all the answers
Which of the following is the color-coded table in the exhibit used to represent?
Which of the following is the color-coded table in the exhibit used to represent?
Signup and view all the answers
What should be implemented to prevent future DoS attacks on the bank's application that can handle 500 IP-based sessions, when the perimeter router can only handle 1Gbps of traffic?
What should be implemented to prevent future DoS attacks on the bank's application that can handle 500 IP-based sessions, when the perimeter router can only handle 1Gbps of traffic?
Signup and view all the answers
Which of the following steps should the forensic analyst perform NEXT in the forensics process, given the scenario of following incident response best practices and compiling artifacts for the legal team?
Which of the following steps should the forensic analyst perform NEXT in the forensics process, given the scenario of following incident response best practices and compiling artifacts for the legal team?
Signup and view all the answers
Which of the following would BEST resolve the vulnerability identified in the audit report that could allow unauthorized personnel access to the facility and network?
Which of the following would BEST resolve the vulnerability identified in the audit report that could allow unauthorized personnel access to the facility and network?
Signup and view all the answers
Based on the observed network traffic behavior described, where the computers in the IP Dst field start exhibiting the same behavior and making multiple outbound connection attempts, what is the MOST likely cause?
Based on the observed network traffic behavior described, where the computers in the IP Dst field start exhibiting the same behavior and making multiple outbound connection attempts, what is the MOST likely cause?
Signup and view all the answers
Which of the following steps should the forensic analyst perform NEXT in the forensics process, given the scenario of following incident response best practices and compiling artifacts for the legal team?
Which of the following steps should the forensic analyst perform NEXT in the forensics process, given the scenario of following incident response best practices and compiling artifacts for the legal team?
Signup and view all the answers
Which of the following would BEST resolve the vulnerability identified in the audit report that could allow unauthorized personnel access to the facility and network?
Which of the following would BEST resolve the vulnerability identified in the audit report that could allow unauthorized personnel access to the facility and network?
Signup and view all the answers
Based on the observed network traffic behavior described, where the computers in the IP Dst field start exhibiting the same behavior and making multiple outbound connection attempts, what is the MOST likely cause?
Based on the observed network traffic behavior described, where the computers in the IP Dst field start exhibiting the same behavior and making multiple outbound connection attempts, what is the MOST likely cause?
Signup and view all the answers
Which of the following is the BEST way to check if the digital certificate is valid?
Which of the following is the BEST way to check if the digital certificate is valid?
Signup and view all the answers
Which of the following is used to validate the integrity of data?
Which of the following is used to validate the integrity of data?
Signup and view all the answers
Which of the following was MOST likely to have been utilized to exfiltrate the proprietary data?
Which of the following was MOST likely to have been utilized to exfiltrate the proprietary data?
Signup and view all the answers
Which of the following access management concepts is associated with file permissions?
Which of the following access management concepts is associated with file permissions?
Signup and view all the answers
Which of the following was MOST likely to have been utilized to exfiltrate the proprietary data?
Which of the following was MOST likely to have been utilized to exfiltrate the proprietary data?
Signup and view all the answers
Which access management concept is associated with file permissions?
Which access management concept is associated with file permissions?
Signup and view all the answers
Which technique was used by the third-party penetration testing company to gain root access on the server?
Which technique was used by the third-party penetration testing company to gain root access on the server?
Signup and view all the answers
What did the tester do after gaining root access on the initial server?
What did the tester do after gaining root access on the initial server?
Signup and view all the answers
Based on the given information, which authentication type is being utilized?
Based on the given information, which authentication type is being utilized?
Signup and view all the answers
Which account type should the policy specify for service technicians from corporate partners?
Which account type should the policy specify for service technicians from corporate partners?
Signup and view all the answers
Which of the following are needed to ensure credentials are encrypted in transit when implementing a RADIUS server for Single Sign-On (SSO)?
Which of the following are needed to ensure credentials are encrypted in transit when implementing a RADIUS server for Single Sign-On (SSO)?
Signup and view all the answers
In which environment is the employee currently working, based on the given information?
In which environment is the employee currently working, based on the given information?
Signup and view all the answers
What is the term used to describe the situation when a vulnerability scan fails to identify an existing vulnerability?
What is the term used to describe the situation when a vulnerability scan fails to identify an existing vulnerability?
Signup and view all the answers
Which of the following is the primary goal of the account management policy mentioned in the text?
Which of the following is the primary goal of the account management policy mentioned in the text?
Signup and view all the answers
Which of the following security attributes is NOT mentioned as a parameter defined by the account management policy?
Which of the following security attributes is NOT mentioned as a parameter defined by the account management policy?
Signup and view all the answers
What is the purpose of the secure shell around software being developed by the employee?
What is the purpose of the secure shell around software being developed by the employee?
Signup and view all the answers
What is the immediate next step the technician should take after discovering a crypto-virus infection on a workstation with access to sensitive remote resources?
What is the immediate next step the technician should take after discovering a crypto-virus infection on a workstation with access to sensitive remote resources?
Signup and view all the answers
Which backup method would be the best for Joe, the backup administrator, to implement in order to reduce the restoration time of physical servers?
Which backup method would be the best for Joe, the backup administrator, to implement in order to reduce the restoration time of physical servers?
Signup and view all the answers
To comply with the new requirements mandating the use of AES encryption for the company's wireless configuration, which setting should the network technician configure?
To comply with the new requirements mandating the use of AES encryption for the company's wireless configuration, which setting should the network technician configure?
Signup and view all the answers
Which statement accurately differentiates ARP poisoning from a MAC spoofing attack?
Which statement accurately differentiates ARP poisoning from a MAC spoofing attack?
Signup and view all the answers
When downloading software for the organization's core switch, the network administrator is presented with checksum values. What is the primary purpose of checksums in this context?
When downloading software for the organization's core switch, the network administrator is presented with checksum values. What is the primary purpose of checksums in this context?
Signup and view all the answers
Which of the following best describes the difference between SaaS (Software as a Service) and IaaS (Infrastructure as a Service)?
Which of the following best describes the difference between SaaS (Software as a Service) and IaaS (Infrastructure as a Service)?
Signup and view all the answers
In the context of cloud computing models, what is the primary characteristic that differentiates a private cloud from a hybrid cloud?
In the context of cloud computing models, what is the primary characteristic that differentiates a private cloud from a hybrid cloud?
Signup and view all the answers
Which of the following is an accurate statement about MaaS (Mobility as a Service)?
Which of the following is an accurate statement about MaaS (Mobility as a Service)?
Signup and view all the answers
Which of the following is the MOST likely reason the company website is unavailable after the network administrator disables HTTP and implements SSL?
Which of the following is the MOST likely reason the company website is unavailable after the network administrator disables HTTP and implements SSL?
Signup and view all the answers
Which of the following access management concepts is associated with file permissions?
Which of the following access management concepts is associated with file permissions?
Signup and view all the answers
According to the follow-up action item from the lessons learned meeting, which of the following conditions would NOT allow authentication?
According to the follow-up action item from the lessons learned meeting, which of the following conditions would NOT allow authentication?
Signup and view all the answers
Which of the following is used to validate the integrity of data?
Which of the following is used to validate the integrity of data?
Signup and view all the answers
Which of the following statements is TRUE regarding the company website's login page?
Which of the following statements is TRUE regarding the company website's login page?
Signup and view all the answers
Which of the following is the MOST likely cause of the observed network traffic behavior where computers in the IP Dst field start exhibiting the same behavior and making multiple outbound connection attempts?
Which of the following is the MOST likely cause of the observed network traffic behavior where computers in the IP Dst field start exhibiting the same behavior and making multiple outbound connection attempts?
Signup and view all the answers
Which of the following was MOST likely utilized to exfiltrate the proprietary data?
Which of the following was MOST likely utilized to exfiltrate the proprietary data?
Signup and view all the answers
Which of the following access management concepts is associated with file permissions?
Which of the following access management concepts is associated with file permissions?
Signup and view all the answers
Which of the following is the BEST way to check if the digital certificate is valid?
Which of the following is the BEST way to check if the digital certificate is valid?
Signup and view all the answers
Which of the following is used to validate the integrity of data?
Which of the following is used to validate the integrity of data?
Signup and view all the answers
Which of the following was MOST likely to have been utilized to exfiltrate the proprietary data?
Which of the following was MOST likely to have been utilized to exfiltrate the proprietary data?
Signup and view all the answers
Which of the following access management concepts is associated with file permissions?
Which of the following access management concepts is associated with file permissions?
Signup and view all the answers
Which technique was used by the third-party penetration testing company to gain root access on the server?
Which technique was used by the third-party penetration testing company to gain root access on the server?
Signup and view all the answers
Which of the following was MOST likely to have been utilized to exfiltrate the proprietary data?
Which of the following was MOST likely to have been utilized to exfiltrate the proprietary data?
Signup and view all the answers
What did the tester do after gaining root access on the initial server?
What did the tester do after gaining root access on the initial server?
Signup and view all the answers
Which of the following access management concepts is associated with file permissions?
Which of the following access management concepts is associated with file permissions?
Signup and view all the answers
Which of the following is being described when a security professional develops and publishes a password policy specifically tailored to a company, and enforces the policy through technical means?
Which of the following is being described when a security professional develops and publishes a password policy specifically tailored to a company, and enforces the policy through technical means?
Signup and view all the answers
University A wants to partner with University B to allow its students who are taking classes at University B to sign into both university's wireless network and VPN services with their home university credentials. Which of the following should be implemented to achieve the desired results?
University A wants to partner with University B to allow its students who are taking classes at University B to sign into both university's wireless network and VPN services with their home university credentials. Which of the following should be implemented to achieve the desired results?
Signup and view all the answers
The security analyst needs to assure the head of the auditing department that the response came from the security analyst, and the contents of the response must be kept confidential. Which of the following are the LAST steps the security analyst should perform prior to electronically sending the message?
The security analyst needs to assure the head of the auditing department that the response came from the security analyst, and the contents of the response must be kept confidential. Which of the following are the LAST steps the security analyst should perform prior to electronically sending the message?
Signup and view all the answers
University A offers an AAA-based SSO service that allows students to access all wireless and VPN services with the standard university credentials. University A wants to partner with University B to allow its students who are taking classes at University B to sign into both university's wireless network and VPN services with their home university credentials. Which of the following should be implemented to achieve the desired results?
University A offers an AAA-based SSO service that allows students to access all wireless and VPN services with the standard university credentials. University A wants to partner with University B to allow its students who are taking classes at University B to sign into both university's wireless network and VPN services with their home university credentials. Which of the following should be implemented to achieve the desired results?
Signup and view all the answers
A security analyst finished drafting an official response to a security assessment report, which must be sent to the head of the auditing department. The security analyst needs to assure the head of the auditing department that the response came from the security analyst, and the contents of the response must be kept confidential. Which of the following are the LAST steps the security analyst should perform prior to electronically sending the message?
A security analyst finished drafting an official response to a security assessment report, which must be sent to the head of the auditing department. The security analyst needs to assure the head of the auditing department that the response came from the security analyst, and the contents of the response must be kept confidential. Which of the following are the LAST steps the security analyst should perform prior to electronically sending the message?
Signup and view all the answers
Which of the following is being described when a security professional develops and publishes a password policy specifically tailored to a company, and enforces the policy through technical means?
Which of the following is being described when a security professional develops and publishes a password policy specifically tailored to a company, and enforces the policy through technical means?
Signup and view all the answers
University A offers an AAA-based SSO service that allows students to access all wireless and VPN services with the standard university credentials. University A wants to partner with University B to allow its students who are taking classes at University B to sign into both university's wireless network and VPN services with their home university credentials. Which of the following should be implemented to achieve the desired results?
University A offers an AAA-based SSO service that allows students to access all wireless and VPN services with the standard university credentials. University A wants to partner with University B to allow its students who are taking classes at University B to sign into both university's wireless network and VPN services with their home university credentials. Which of the following should be implemented to achieve the desired results?
Signup and view all the answers
The security analyst finished drafting an official response to a security assessment report, which must be sent to the head of the auditing department. The security analyst needs to assure the head of the auditing department that the response came from the security analyst, and the contents of the response must be kept confidential. Which of the following are the LAST steps the security analyst should perform prior to electronically sending the message?
The security analyst finished drafting an official response to a security assessment report, which must be sent to the head of the auditing department. The security analyst needs to assure the head of the auditing department that the response came from the security analyst, and the contents of the response must be kept confidential. Which of the following are the LAST steps the security analyst should perform prior to electronically sending the message?
Signup and view all the answers
What is the primary purpose of ARP poisoning?
What is the primary purpose of ARP poisoning?
Signup and view all the answers
Which of the following is a characteristic of a hybrid cloud model?
Which of the following is a characteristic of a hybrid cloud model?
Signup and view all the answers
What is the primary purpose of using checksums when downloading software for network devices?
What is the primary purpose of using checksums when downloading software for network devices?
Signup and view all the answers
Which of the following is the MOST effective countermeasure against a distributed denial-of-service (DDoS) attack?
Which of the following is the MOST effective countermeasure against a distributed denial-of-service (DDoS) attack?
Signup and view all the answers
What is the primary purpose of implementing RADIUS for Single Sign-On (SSO)?
What is the primary purpose of implementing RADIUS for Single Sign-On (SSO)?
Signup and view all the answers
Which of the following is the MOST effective way to determine if a web application has default accounts enabled?
Which of the following is the MOST effective way to determine if a web application has default accounts enabled?
Signup and view all the answers
What is the primary purpose of the secure shell (SSH) in the context of software development?
What is the primary purpose of the secure shell (SSH) in the context of software development?
Signup and view all the answers
Which of the following is the MOST effective way to mitigate the risk of a false negative during a vulnerability scan?
Which of the following is the MOST effective way to mitigate the risk of a false negative during a vulnerability scan?
Signup and view all the answers
Which two protocols should the security technician configure to meet the requirements of sending status reports and logging details to a central management console?
Which two protocols should the security technician configure to meet the requirements of sending status reports and logging details to a central management console?
Signup and view all the answers
Based on the observation that each malware binary has a different hash, which type of malware is most likely present in the enterprise network environment?
Based on the observation that each malware binary has a different hash, which type of malware is most likely present in the enterprise network environment?
Signup and view all the answers
Which combination of factors represents multifactor authentication?
Which combination of factors represents multifactor authentication?
Signup and view all the answers
Based on the HTTP POST request containing the string userid=bob' and 1='1&request=Submit, which type of attack was attempted?
Based on the HTTP POST request containing the string userid=bob' and 1='1&request=Submit, which type of attack was attempted?
Signup and view all the answers
Which type of control allows a security guard to perform a post-incident review?
Which type of control allows a security guard to perform a post-incident review?
Signup and view all the answers
Which security concern arises from the testing team's decision to use production data in the test system for stress testing?
Which security concern arises from the testing team's decision to use production data in the test system for stress testing?
Signup and view all the answers
Which of the following is a common technique used by polymorphic malware to evade detection?
Which of the following is a common technique used by polymorphic malware to evade detection?
Signup and view all the answers
In the context of network security, what is the primary purpose of using the Syslog protocol?
In the context of network security, what is the primary purpose of using the Syslog protocol?
Signup and view all the answers
