Sec+ SY501 Practice

A user is unable to open a file that has a grayed-out icon with a lock. The user receives a pop-up message indicating that payment must be sent in Bitcoin to unlock the file. Later in the day, other users in the organization lose the ability to open files on the server. Which of the following has MOST likely occurred? (Select THREE). Crypto-malware. Adware. Botnet attack. Virus. Ransomware. Backdoor. DDoS attack.

A security administrator is reviewing the following network capture: 192.168.20.43:2043 -> 10.234.66.21.80 POST "192.168.20.43 https://www.banksite.com<ENTER>JoeUsr<BackSPACE>erPassword<ENTER>"   Which of the following malware is MOST likely to generate the above information?. Keylogger. Ransomware. Logic bomb. Logic bomb.

A Chief Executive Officer (CEO) of an organization receives an email stating the CEO's account may have been compromised. The email further directs the CEO to click on a link to update the account credentials. Which of the following types of attacks has MOST likely occurred?. Pharming. Hoax. Whaling. Spear phishing.

Rather than relying on social engineering techniques to trick a user, this attack relies on corrupting the way the victim’s computer performs the internet name resolution, so that the victim is redirected from a genuine site to a malicious one. Domain Hijacking. Pharming. Whaling. Phishing.

The network team has detected a large amount of traffic between workstations on the network. The traffic was initially very light, but it is increasing exponentially as the day progresses. Which of the following types of malware might be suspected?. Backdoor. Rootkit. Worm. Spyware.

A security consultant is asked to assess a company by gathering any information they could by only using social media and any information that could be found on public record. Which of these actions is the consultant being asked to perform?. URL hijacking. Escalation of privilege. White box testing. OSINT.

A technician is evaluating malware that was found on the enterprise network. After reviewing samples of the malware binaries, the technician finds each has a different hash associated with it. Which of the following types of malware is most likely present in the environment?. Trojan. Polymorphic worm. Root kit. Logic bomb. Armored virus.

A security analyst has arrived at a company after an incident was reported. The analyst begins reviewing system log information, individually checking the reported machines, and checking with management about the supposed scope of the issue. Which phase of the incident response process is the analyst currently on?. Identification. Containment. Eradication. Recovery.

Hacktivists are most commonly motivated by: Curiosity. Notoriety. Financial gain. Political cause.

An employee in the finance department receives an email, which appears to come from the Chief financial Officer (CFO), instructing the employee to immediately wire a large sum of money to a vendor. Which of the following BEST describes the principles of social engineering used? (Select TWO). Familiarity. Scarcity. Urgency. Authority. Consensus.

Ann, an employee in the payroll department, has contacted the help desk citing multiple issues with her device, including: - Slow performance - Word documents, PDFs, and images no longer opening - A pop-up   Ann states the issues began after she opened an invoice that vendor emailed to her. Upon opening the invoice, she had to click several security warnings to view it in her word processor. With which of the following is the device MOST likely infected?. Spyware. Crypto-malware. Rootkit. Backdoor.

An admin has been receiving emails from what appears to be the CISO asking for them to collect all user credential information. In this scenario, what BEST describes the type of attack?. Spear Phishing. Policy violation. Social engineering. Whaling.

An information security specialist is reviewing the following output from a Linux server: user@server:~$ crontab –l 5 * * * * /usr/local/bin/backup.sh user@server:~$ cat /usr/local/bin/backup.sh #!/bin/bash if ! Grep -quiet bobuser /etc/passwd then rm -rf / fi Based on the above information, which of the following types of malware was installed on the server?. Backdoor. Ransomware. Rootkit. Trojan. Logic bomb.

An analyst is part of a team that is investigating a potential breach of sensitive data at a large organization, which services the financial sector. The organization suspects a breach occurred when proprietary data was disclosed to the public. The team finds servers were accessed using shared credentials that have been in place for some time. In addition, the team discovers undocumented firewall rules, which provided unauthorized external access to a server. Suspecting activities of a malicious insider threat, which of the following was most likely to have been utilized during the data breach? (CHOOSE 2). Keylogger. Botnet. Crypto malware. Backdoor. Ransomware. DLP.

Which of the following would an attacker MOST likely perform in order to later compromise a server with a rootkit?. DoS. Privilege escalation. Pharming. DDoS.

As part of your penetration testing contract, you are asked to start by simulating an attack emulating the methods of a script kiddie. Which of the following would be MOST likely to be within the scope of this test?. Unpatched exploitable internet-facing services. Misplaced hardware token. Passwords written on the bottom of a keyboard. Unencrypted backup tapes.

An employee is having issues when attempting to access files on a laptop. The machine was previously running slow, and many files were not accessible. The employee is not able to access the hard dive the next day, and all file names were changed to some random names. Which of the following BEST represents what compromised the machine?. Ransomware. Worm. Crypto-malware. RAT.

A penetration tester is assessing a large organization and obtains a valid set of basic user credentials from a compromised computer which of the following is the most likely to occur?. Impersonation. Credential harvesting. Password cracking. Lateral movement.

While browsing an external website, a human resources manager opens several links in new browser tabs to review later. After browsing for 20 minutes a completely new browser window opens, with a critical error code and a helpdesk number to call. Which of the following BEST describes the type of attack the human resources manager is experiencing?. Spyware. Ransomware. Adware. Logic Bomb.

You are putting together an after-action report for a recent incident you investigated. During the attack, the hacker was able to gain high-level privileges after successfully ARP poisoning the network. The hacker then used these privileges to gain control of other systems and move around the network. What method is the hacker MOST likely using based on this report?. Pivoting. Logic bomb. Backdoor. Persistence.

What most accurately describes vishing as compared to similar attacks such as phishing?. Vishing attacks require some knowledge of the target of attack. Phishing is used by attackers to steal a person's identity. Phishing is a category of social engineering attacks. Vishing attacks are accomplished using telephony services.

A security analyst is monitoring the network and observes unusual traffic coming from a host on the LAN. Using a network monitoring tool, the analyst observes the following information: After ten seconds, some of the computers shown in the IP DST field start to exhibit the same behavior and immediately make multiple outbound connection attempts. Based on this observed behavior, which of the following is the MOST likely cause?. A worm is attacking the network. A malicious host is performing a MiTM attack. A race condition is being leveraged. Users are running port scans on the LAN. An amplified DDoS attack is in progress.

A consumer purchases an exploit from the dark web. The exploit targets the online shopping cart of a popular website, allowing the shopper to modify the price of an item at checkout. Which of the following BEST describes this type of user?. Insider. Script kiddie. Competitor. Hacktivist. APT.

A security analyst has decided to review logs after a recent confirmed compromise. The file integrity check system that they decide to review noted that several files in the Windows folder had been altered in some way. Based solely on the above information, which of the following types of malware is MOST likely installed on the system?. Rootkit. Ransomware. Trojan. Backdoor.

A security analyst is reviewing the following output from an IPS:   [**] [1:2467:7] EXPLOIT SMBDie message overflow attempt [**] [Classification: Attempted Server DoS] [Priority:1] 10/05-13:08:37.218550 25.209.76.71 -> 192.168.18.22 SMB TTL: 105 TOS: 0x0 ID:2384 IpLen:45 DgmLen:347 MF Frag Offset: 0x1AFF Frag Size: 0x0EE2   Given this output, which of the following can be concluded? (Select TWO). The source IP of the attack is coming from 25.209.76.71. The attacker sent a malformed TCP packet, triggering the alert. The source IP of the attack is coming from 192.168.18.22. The TTL value is outside of the expected range, triggering the alert. The attacker sent a malformed SMB packet, triggering the alert.

An IDS log generated an alert after intercepting the following packet on the network: PROTOCOL SIG SRC.PORT DST.PORT TCP XMAS SCAN 10.10.34.78:1325 10.10.34.175:3389 TCP XMAS SCAN 10.10.34.78: 129 10.10.34.175:5980 TCP XMAS SCAN 10.10.34.78: 1267 10.10.34.175:6455 TCP XMAS SCAN 10.10.34.78: 11789 10.10.34.175:1329 Given the packet capture, what is the cause of the attack?. TCP MSS is configured improperly. There is improper Layer 2 segmentation. The TCP ports on destination are all open. FIN, URG, and PSH flags are set in the packet header.

Which of the following controls allows a security guard to perform a post-incident review?. Detective. Preventive. Technical. Deterrent.

Which of the following is being described when a security professional develops and publishes a password policy specifically tailored to a company, and enforces the policy through technical means?. Applying vendor-specific configurations. Developing regulatory frameworks. Implementing security control diversity. Creating security benchmarks.

What security concept is being exercised when you layer defenses, such as having both an Administrative control and a Technical control in place?. Due diligence. Risk analysis. Fault tolerance. Defense in depth. Access management.

A recent network compromise has hit an organization via what has been identified as malicious emails. The incident response team has already isolated affected systems and has started restoring systems after removing malicious file and reformatting systems involved. The team then wants to attempt to restore access to the system. What phase of incident response is the team conducting?. Containment. Lessons learned. Recovery. Eradication.

In terms of threat actors, who is most likely going to target your company’s proprietary data?. Organized crime. Competitor. Hacktivist. Insider.

A security analyst is informed about a breach that has just occurred and is asked to start the response process. Which step is the NEXT for the analyst to take in this scenario?. Documentation. Preparation. Identification. Recovery. Escalation.

When receiving phone calls about an incident, what is the FIRST thing a response team should do after listening to the client's descriptions of the incident?. Use a remote desktop client to collect and analyze the malware in real-time. Ask the user to back up files for later recovery. Request the user capture and provide a screenshot or recording of the symptoms. Capture and document necessary information to assist in the response.

After spending time breaking into a clients system a penetration tester has finally gotten control of their first machine. After establishing a foothold on this machine the tester wishes to compromise more machines in the same network. Which of the following activities is this tester MOST likely going to attempt?. Passive reconnaissance. Pivoting. Persistence. Active reconnaissance.

A member of the IR team has identified an infected computer. Which of the following IR phases should the team member conduct NEXT?. Eradication. Recovery. Lessons learned. Containment.

A highly secure installation is implementing a lighting system in the parking lot in order to keep it visible at night. Which of the following type of controls is described here?. Deterrent. Detective. Compensating. Preventive.

Which of the following security controls provides an alternative solution to a control that would be considered unpractical or excessively expensive?. Deterrent. Compensating. Technical. Administrative.

A technician has discovered a crypto-virus infection on a workstation that has access to sensitive remote resources. Which of the following is the immediate next step the technician should take?. Determine the source of the virus that has infected the workstation. Sanitize the workstations internal drive. Reimage the workstation for normal operation. Disable the network connections on the workstation.

A CSIRT has completed restoration procedures related to a breach of sensitive data and is creating documentation used to improve future response activities and coordination among team members. Which of the following information would be MOST beneficial to include in lessons learned documentation? (Select TWO). A summary of approved policy changes based on the outcome of the incident. Details of any communication challenges that hampered response times. Details of man-hours and related costs associated with the breach, including lost revenue. Details regarding system restoration activities completed during the response activity. Suggestions for potential areas of focus during quarterly training activities. Suggestions of tools that would provide improved monitoring and auditing of system access.

A company has decided to review a lessons learned document from a recent compromise. Managers from different departments weigh in on the importance and prioritization of the various controls listed in the recommendations. What BEST describes what the company is doing?. Tabletop exercise. Business impact analysis. Order of restoration. Continuity of operation.

Which of the following types of controls allows a security guard to properly respond to an incident?. Deterrent. Corrective. Detective. Preventive.

An incident response team has recently wiped all traces of malicious activity on a client's network. The team is then tasked with creating a document of recommendations for the client to increase security. Which of the following BEST describes the step that the team on?. Identification. Preparation. Lessons learned. Recovery.

A Chief Information Security Officer (CISO) is concerned about insider threats compromising credentials related to service accounts on internal servers. A security analyst is tasked with developing a solution that will allow for the collection and analysis of log data in a simulated environment which represents the production environment. Which of the following solutions would BEST satisfy the CISO's requirements?. Bastion host. Evil twin. Honeynet. Vampire tap. Script kiddie.

You hire a penetration tester to assess your network looking for vulnerable legacy systems. Directly seizing and controlling hosts is prohibited as well as adding new user accounts. Which of following methods best fits these requirements?. Penetration testing. Vulnerability scanning. Application fuzzing. User permission auditing.

Which of the following outputs would be the BEST indicator of a successful vulnerability scan?. The scan job is scheduled to run during off-peak hours. The scan output lists SQL injection attack vectors. The scan data identifies the use of privileged-user credentials. The scan results identify the hostname and IP address.

A security consultant wants to see what information can be obtained by banner grabbing the company's web servers. There are more than 100 web servers, and the consultant would like to perform and aggregate the information quickly, Which of the following IS the MOST time-efficient way to accomplish this task?. Use NC to establish a connection to each webserver. Run TCPDUMP on each web server in the organization. Use DIG to return results for each web server address. Run NETSTAT on each web server in the organization. Use SSH to connect to port 80 on each web server.

Salting of password hashes can be used to mitigate which of the following types of attacks?. Birthday. Brute force. Rainbow tables. Dictionary.

A security analyst is scheduled to perform a penetration test on one of the company’s clients. The client will not share ANY information about the environment to be tested. Which BEST identifies this type of penetration testing?. Black box. White box. Grey box. Blue Teaming.

To get the most accurate results on the security posture of a system, which of the following actions should the security analyst do prior to scanning?. Log all users out of the system. Patch the scanner. Reboot the target host. Update the plugins.

Which of these activities is when a penetration tester initially gathers information such as searching for DNS information and fingerprinting the target network?. Initial exploitation. Pivoting. Vulnerability scanning. White-box testing. Reconnaissance.

A security manager discovers the most recent vulnerability scan report illustrates low-level, non-critical findings. Which of the following scanning concepts would BEST report critical threats?. Non-credentialed scan. Compliance scan. Intrusive scan. Application scan.

Nessus using a supplied level of access so that it may do a thorough assessment across many different systems and devices to scan for problems such as violations in policy and compliance is referred to as a: Credentialed scan. Passive scan. Privilege escalation test. Non-intrusive scan.

A malicious attacker is attempting to use a vulnerability scanner to scope out a target for attack. At this stage, the hacker wishes to remain as covert as possible while gathering information. Which of the following options is the MOST appropriate for the hackers needs?. The vulnerability scanner is performing local file integrity checks. The vulnerability scanner is performing banner grabbing. The vulnerability scanner is performing in network sniffer mode. The vulnerability scanner is performing an authenticated scan.

Compared to a non-credentialed scan, which of the following is a unique result of a credentialed scan?. Uncommon open ports on the host. Outdated software version on the host. Self-signed certificate on the host. Fully qualified domain name.

As part of your compliance requirements, you are hiring a penetration testing firm to assess your network. As part of your test, you will be supplying the firm network diagrams and various user credentials. Which type of testing is MOST likely being performed by the tester?. Black box. White box. Regression. Fuzzing.

You are tasked with leading a red team in penetrating your network. You begin by running a wireless network sniffer to see if there is any communication easily intercepted from outside the building. What BEST describes what is happening in this scenario?. Escalation of privileges. Exploiting the switch. Persistence. Passive reconnaissance.

A technician wants to perform network enumeration against the subnet in preparation for an upcoming assessment. During the first phase, the technician performs a ping sweep. Which of the following scan types did the technician use?. Nonintrusive. Intrusive. Credentialed. Passive.

Your team is tasked with running vulnerability scans on a network. You decide to start with an uncredentialed scan to do your initial reconnaissance. What are you MOST likely to see in your initial scan?. Auditing parameters. Self-signed certificates. Missing patches. Inactive local accounts.

For encrypting user passwords, which of the listed methods would BEST guarantee that the stored data is suitably secure and unique for each different password?. Implementing elliptical curve. Using a salt. Using hash algorithms. Implementing PKI.

You have been made aware of a new vulnerability that is beginning to target similar companies as yours. Your Chief Information Officer has tasked you with assessing your systems capabilities by seeing to what extent the potential threat could effect it. Which of the following techniques will MOST likely give you the desired results?. Penetration test. Patching assessment report. Active reconnaissance. Vulnerability scan.

Which of the following would be the BEST for showing the most detailed information about a given system?. Active. Authenticated. Credentialed. Non-intrusive.

A security consulting firm has been hired to perform a penetration test on your network. The firm crawls your company’s website for employee contact information and usernames as well as social media for information useful for any potential social engineering attempts. Which method is the testing MOST likely using?. SQL injection. Escalation of privilege. Proxy server. Active reconnaissance.

You are conducting a penetration test and have thoroughly worked your way through your reconnaissance phase. Your next step is to take control of a host that you have identified as a likely candidate. What would be the BEST way for you to do this?. Man-in-the-middle. Sniffing. Remote exploit. Amplification.

Which of the following is a penetration tester performing when running an SMB null session scan of the host to determine valid usernames and share names?. Credentialed vulnerability scan. Passive scan. Non-credentialed scan. Nonintrusive vulnerability testing. Penetration testing.

You manage a network with many legacy systems, but you are unaware of the exact extent. Which type of scan would you conduct FIRST to find out the scope of your vulnerabilities?. Intrusive scan. Passive scan. Credentialed scan. Aggressive scan.

What is your MOST likely concern when you are using hardware and software suites that have the capability for both strong and weak encryption methods? (Pick TWO). An attacker could potentially perform a downgrade attack. Connections are vulnerable to resource exhaustion. The IPSec payload is reverted to 16-bit sequence numbers. The VPN concentrator could revert to L2TP. The integrity of the data could be at risk.

A cybersecurity analyst is looking into the payload of a random packet capture file that was selected for analysis. The analyst notices that an internal host had a socket established with another internal host over a non-standard port. Upon investigation, the origin host that initiated the socket shows this output: Given the output, which of the following commands would have established the questionable socket?. Traceroute 8.8.8.8. Ping -1 30 8.8.8.8. Nc -l 192.168.5.1 –p 9856. Pskill pid 9487.

Security analyst is checking the bash command history on a linux host that was involved in a data breach. The data breach stems from the linux host running a series of commands against the web server on the internal network, which exploited a vulnerability in an unpatched, outdated Apache module. Given the scenario, which of the following commands might the analyst find in the bash command history for banner grabbing? (Select two). arp. tracert. nmap. telnet. nslookup. grep.

A recent DDoS attack targeting your company managed to bring down your DNS server. The security admin accesses their workstation in order to troubleshoot the issue. After running an ipconfig the admin sees the following:   IP Address Subnet Mask Default Gateway DNS Server Address 192.168.1.26 255.255.255.0 192.168.1.254 192.168.1.254   The admin was able to access the DNS server from their workstation with a ping. Which of the following inputs would allow the admin to test if the DNS server is functioning properly again?. dig workstation1.com. dig 192.168.1.26. dig 192.168.1.254. dig www.google.com.

An organization has had problems keeping track of new devices being placed on the network. Which of the following tools should be used to identify where devices reside on the network?. tcpdump. nslookup. nmap. tracert.

An analyst is beginning to run reconnaissance on a network. The analyst wants to remain as covert as possible during their initial phases of their test. Which of the following methods would BEST assist the penetration tester in this phase of the assessment?. Packet sniffer. Vulnerability scanner. Banner grabbing. Offline password cracker.

In order to meet industry standards, your system admin is attempting to configure the operating systems on the network. After configuration, the admin needs to find out if all systems are meeting standards. Which of the following is the BEST way for the admin to accomplish this?. Use a passive, in-line scanner. Use a vulnerability scanner. Use a protocol analyzer. Use a configuration compliance scanner.

A security administrator is performing a test to determine if a server is vulnerable to compromise through unnecessary ports. Which of the following tools would assist the security administrator in gathering the required information?. tcpdump. netcat. nslookup. nmap. dig.

An auditor needs to do a privilege review of employees for a client company. In preparation for this the auditor needs to review employee workgroups and associated usernames. Which of the following tools would help accomplish this?. Arp. Ipconfig. Nc. Nbtstat.

A security analyst is reviewing system logs after a recently reported incident. They discover that an unrecognized address has been recorded connecting on an irregular port attempting to inject code into the webserver. Which of the following tools would show if the attacker is currently connected to the webserver?. Netstat. Ping. nslookup. Tracert.

In an attempt to finalize a secure net configuration a network admin is attempting to see if their website company.org is vulnerable to external Zone Transfers from example.net. Given both websites are hosted on a Linux and Windows machines, which of the following tools would help the admin in their assessment? (PICK 2). . Ifconfig eth0 down ifconfig eth0 up dhclient renew. Ipconfig /flushdns. Nslookup example.net set type=MX company.org. . Nslookup example.net set type=ANY ls -d company.org. Dig @ company.org example.net. Dig -axfr example.net@ company.org.

After running a normal vulnerability scan an admin beings to suspect that another machine is attempting to impersonate the default gateway. What tools would BEST help the admin determine if this attack is happening? (Pick TWO). Dig. Ipconfig. Tracert. Netstat. Ping. Nslookup.

You are inspecting a network domain controller after a recent compromise in an attempt to find out what happened. Upon investigation of system logs you are able to determine that the hacker was able to add their own user account to the directory to give themselves access. What is the MOST likely type exploit is happening and which tool would tell if you the attack still happening? (Pick TWO). Ping. Backdoor. Netstat. Keylogger. Tracert. Logic bomb.

Following a recent compromise, your vulnerability scanner is set to scan the following systems: Server001- Internal human resources payroll server Server002- Internet-facing web server Server010- SQL server for Server 101 Server020- Jumpbox used by systems administrators accessible from the internal network Vulnerabilities found: Server001- Vulnerable to buffer overflow exploit Server002- Vulnerable to buffer overflow exploit Sever010- OS Updates not current Server020- Unauthorized access from internal network Server020- Vulnerable to common privilege escalation exploit You are primarily concerned with securing servers that will be vulnerable from outside attack. With that consideration, which server should be secured FIRST?. Server020. Server001. Server002. Server010.

What is the best explanation for why vendors publicly display the MD values of drivers to their customers on the internet download page?. The recipient can verify the integrity of the software patch. The recipient can successfully activate the new software patch. The recipient can request future updates to the software using the published MD5 value. The recipient can verify the authenticity of the site used to download the patch.

When using a cryptographic function to store a password, which of the following should be used to avoid similar output from similar passwords?. Hashing. Field padding. Salting. Key rotating.

A penetration tester has written an application that performs bit-by-bit XOR 0xFF operation on binaries prior to transmission over untrusted media. Which of the following best describes the action performed by this type of application?. Hashing. Key Exchange. Encryption. Obfuscation.

Which of the following is the best reason for salting a password hash before it is stored in a database?. To prevent duplicate values from being stored. To make the password retrieval process very slow. To protect passwords from being saved in a readable format. To prevent users from using simple passwords for their access credentials.

A database administrator is checking the integrity of files and inspects the following: File name: stuff.txt File MD5:6a864234e172c8396d89228bec99eafb File size: 3.7Mb Created by: Henry Smith Deleted by: Henry Smith Date deleted: March 12, 2018 16:11:53 EST After checking the hash against the SIEM, the administrator finds that the same hash has been identified in other parts of the system. File hash: 6a864234e172c8396d89228bec99eafb Files found: spreadsh.xls, picture.pdf, things.doc   What is the BEST explanation for the hash appearing throughout the network?. The file is encrypted. Henry Smith is an insider threat. Shadow copies are present. They are hash collisions.

A security administrator is choosing an algorithm to generate password hashes. Which of the following would offer the BEST protection against offline brute force attacks?. MD5. 3DES. RIPEMD. SHA-1.

A company is looking for a stream cipher to encrypt it’s multimedia traffic. Which of the following cryptographic technologies is appropriate for the company?. Hash function. Elliptic Curve. Symmetric algorithm. Public key cryptography.

A recent compromise at a company has allowed an attacker to exfiltrate data using steganography while also evading the IDPS system. Which of the following could the employees have looked out for to potentially have detected the threat?. Large-capacity USB drives on the tester’s desk with encrypted zip files. Unusual SFTP connections to a consumer IP address. Outgoing emails containing unusually large image files. Abnormally high numbers of outgoing instant messages that contain obfuscated text.

Which of the following cryptographic algorithms are irreversible? (Choose 2). 2DES. SHA-256. MD5. AES. ECC.

A security administrator is hardening the wireless network encryption. The network already uses AES, but the admin would also like to have authentication included with the encryption. Which of the following meet the admins needs? (Pick TWO). DSA. GCM. CCM. CFB. CBC.

Which of the following algorithms should be used in order to do a file integrity check?. 3DES. RSA. MD5. AES.

The salting of input before it is run through a hashing algorithm provides what primary advantage?. To prevent users from using simple passwords for their access credentials. To make the password retrieval process very slow. To prevent duplicate values from being stored. To protect passwords from being saved in a readable format.

After a penetration test, the tester notified the client that they were able to potentially exfiltrate data by embedding into image and video files. The technique used by the tester is known as: Hashing. MITM. Covert channel. Steganography.

When sending messages using symmetric encryption, which of the following must happen first?. Exchange encryption keys. Establish digital signatures. Agree on an encryption method. Install digital certificates.

A hacker runs a sniffer and obtains the following packet: . . . . . . . . . . . . . . . . ce. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 . . . Jim.Smith . . . aca3a9f82faa211606d063b9fa5fa7d6 . . . . . Jane.Doe. . . . d4ebcc7b3e069e84c9ea23d9491ae197 . . . . . . . . . . . . . . . . . .document.pdf. . . . . . . . . . . 9 . . . . . . . . . . . . . . . Bill.Coy. . . . 95cd2758348f7cd3ed6a755d585cf3fd . .   Upon obtaining this information what tool would a hacker likely use next?. Password cracker. Fuzzer. Vulnerability scanner. DLP scanner.

Which of these implementations is demonstrating multi-factor authentication?. An ATM requiring a credit card and PIN. A datacenter mantrap requiring fingerprint and iris scan. A computer requiring username and password. A phone system requiring a PIN to make a call.

An admin notices that user accounts are repeatedly triggering password lockout. The admin notices that many different passwords are being entered after-hours triggering account lockouts system-wide. Pick which of the following types of attacks is MOST likely happening. (Select TWO). Dictionary. Rainbow tables. Brute force. Pass the hash. Replay.

What trust model enables users to sign one another’s certificates, rather than using CAs? Additionally, what protocol is it associated with? (Pick two answers). Conservative trust. Hierarchical Trust. Web of Trust. AES. PGP. PAT. ECC.

An organization's employees currently use three different sets of credentials to access multiple internal resources. Management wants to make this process less complex. Which of the following would be the BEST option to meet this goal?. Transitive trust. Single sign-on. Federation. Secure token.

The security engineer must install the same X.509 certificate on servers in three different domains. The client application that connects to the server performs a check to ensure the certificate matches the hostname. Which of the following should security engineer use?. Wildcard certificate. Extended validation certificate. Certificate chaining. Certificate utilizing the essay and field.

Which of the following are used to increase the computing time it takes to brute force password using an off-line attack? (Select 2). XOR. PBKDF2. BCRYPT. HMAC. RIPEMD.

What are the key differences between a brute force attack and rainbow table? (Select TWO). Rainbow tables must include pre-computed hashes. Rainbow table attacks do not require access to hashed passwords. Rainbow table attacks bypass maximum failed login restrictions. Rainbow table attacks must be performed on the network. Rainbow table attacks greatly reduce compute cycles at attack time.

An auditor is reviewing the following output from a password-cracking tool: User1:Password1 User2:Recovery! User3:Alaskan10 User4:4Private User5:PerForMance2 Which of the following methods did the auditor MOST likely use?. Brute force. Dictionary. Hybrid. Rainbow table.

To which of the following control types does a Retina Scanner belong to?. Detective. Administrative. Logical. Physical. Deterrent. Corrective.

Users have been contacting your service desk reporting they’re receiving an error a website error suggesting the company’s website cannot be trusted. What 2 things should the company do to BEST resolve this issue? (Pick TWO). Update the root certificate into the client computer certificate store. Verify the certificate has not expired on the server. Have users clear their browsing history and relaunch the session. Ensure the certificate has a .pfx extension on the server. Install the update private key on the web server.

A security administrator is currently working on implementing certificate technology into the company’s network. The current version of the company’s hardware requires certificates that use the Base64 format for encoding. Which format of the certificate does the administrator need to use for the company’s system?. DER. CER. PEM. PFX.

A security technician is configuring an access management system to track and record user actions. Which of the following functions should the technician configure?. Accounting. Authorization. Authentication. Identification.

Your company is concerned with the control they been monitoring that has been allowing building access to persons that are not in the system. Which of the following systems is most likely being looked at here?. Location-based. Certificate-based. Password-based. Biometric-based.

A company is implementing an internal PKI. The design will include a CA and a subordinate CA. Which of the following CA design choices should be considered prior to implementation?. Wildcard vs. standard certificate. Subject field vs subject alternative name field. Private vs. public. Online vs. offline. Stapling vs- pinning.

Which of the following would be considered multifactor authentication?. Hardware token and smart card. Voice recognition and retina scan. Strong password and fingerprint. PIN and security questions.

An energy company is in the final phase of testing its new billing service. The testing team wants to use production data in the test system for stress testing. Which of the following is the best way to use production data without sending false notification to the customers, while also ensuring customer privacy?. Backup and archive the production data to an external source. Disable notifications in the production system. Scrub the confidential information. Encrypt the data prior to the stress test.

A former employee that your company has since fired sends an email to the help desk. The email requests a password reset to the SSO authentication system in order to access old payroll information store on the HR server. What is the BEST course of action to take in this situation?. Approve the request, as there would not be a security issue with the former employee gaining access to network resources. Deny the request as a password reset would allow access to all network resources. Approve the former employee’s request, as a password reset would give the former employee access to only the human resources server. Deny the request, since the password reset request came from an external email address.

An organization employee resigns without giving adequate notice. The following day, it is determined that the employee is still in possession of several company-owned mobile devices. Which of the following could have reduced the risk of this occurring (Select TWO). Proper off-boarding procedures. Acceptable use policies. Non-disclosure agreements. Exit interviews. Background checks. Separation of duties.

A company that has recently gone through penetration testing has started improving security. The company upgraded their encryption suites, minimized legacy hardware, keep all systems up to date and various other recommendations from the previous lessons-learned report. The company however becomes the victim of a compromise shortly after. What is the most likely reason for this?. Poor implementation. Insufficient key bit length. Unauthenticated encryption method. Weak cipher suite.