Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks
Uploaded by CUNY Regis

26046981 (1)

advertisement 
601 Pre-Assessment Exam
Use this assessment exam to test your knowledge of the topics before
you start reading the book, and again before you take the live exam. An
answer key with explanations is available at the end of the assessment
exam.
1. Your orgaanization is planning to expand the data center to support more
systems. Management wants the plan to focus on resiliency and uptime.
Which of the following methods would best support these goals? (Select
TWO.)
A. UPS
B. Cold site
C. NIC teaming
D. Off-site backups
2. You are tasked with improving the overall security of several servers in
your data center. Which of the following are preventive controls that will
assist with this goal? (Choose TWO.)
A. Disabling unnecessary services
B. Adding cable locks
C. Monitoring logs on SIEM systems
D. Implementing a backup plan
E. Closing unneeded ports
3. Your organization houses a server room, and management wants to
increase the server room security. You are tasked with identifying some
deterrent controls that can be implemented to protect it. Which of the
following choices would BEST meet this objective?
A. Hardware locks
B. Data encryption
C. A vulnerability assessment
D. Backups
4. You suspect that a Linux computer is establishing connections with a
remote server on the Internet without any user interaction. You want to
verify this by viewing a summary of protocol statistics on a Linux system.
Which of the following commands would you use?
A. dig
B. nslookup
C. ifconfig
D. netstat
5. You are using a Linux computer to monitor network traffic. After
connecting your computer to the mirror port of a switch, you started logging
software on the computer. However, you discover that the only traffic being
collected is traffic to or from the Linux computer. You want to collect all
traffic going through the switch. Which of the following actions should you
take?
A. Run the command ifconfig eth0 promisc.
B. Run the command ipconfig eth0 promisc.
C. Connect the computer to a router.
D. Reconfigure the switch.
6. You suspect that attackers have been performing a password spraying
attack against a Linux server. Which of the following would be the BEST
method of confirming your suspicions?
A. Use the cat command to view the auth.log file.
B. Implement an account lockout policy.
C. Salt passwords to prevent the success of the spraying attack.
D. Use the logger command to view unsuccessful logins.
7. Your network includes dozens of servers. Administrators in your
organization are having problems aggregating and correlating the logs from
these servers. Which of the following provides the BEST solution for these
problems?
A. SIEM
B. Syslog
C. NetFlow
D. sFlow
8. You are comparing different types of authentication. Of the following
choices, which one uses multifactor authentication?
A. A system that requires users to enter a username and password
B. A system that checks an employee’s fingerprint and does a vein
scan
C. A cipher door lock that requires employees to enter a code to open
the door
D. A system that requires users to have a smart card and a PIN
9. The chief information officer (CIO) at your organization suspects
someone is entering the data center after normal working hours and stealing
sensitive data. Which of the following actions can prevent this?
A. Upgrade the CCTV system.
B. Require smart cards to enter the data center.
C. Implement time-based logins.
D. Enable advanced auditing.
10. A SQL database server was recently attacked. Cybersecurity
investigators discovered the attack was self-propagating through the
network. When it found the database server, it used well-known credentials
to access the database. Which of the following would be the BEST action to
prevent this from occurring again?
A. Change the default application password.
B. This describes a worm.
C. Implement 2FA.
D. Conduct a code review.
11. You are reviewing security controls and their usefulness. You notice that
account lockout policies are in place. Which of the following attacks will
these policies thwart? (Select TWO.)
A. Brute force
B. DNS poisoning
C. Dictionary
D. Replay
E. Buffer overflow
12. IT administrators created a VPN for employees to use while working
from home. The VPN is configured to provide AAA services. Which of the
following would be presented to the AAA system for identification?
A. Password
B. Permissions
C. Username identification
D. Tunneling certificate
E. Hardware token
13. After a recent attack, security investigators discovered that attackers
logged on with an administrator account. They recommend implementing a
solution that will thwart this type of attack in the future. The solution must
support the following requirements:
Allow authorized users to access the administrator account
without knowing the password.
Allow authorized users to check out the credentials when
needed.
Log each time the credentials are used.
Automatically change the password.
Which of the following answers would meet these requirements?
A. Privileged access management
B. OpenID Connect
C. MAC scheme
D. MFA
14. Lisa wants to implement a secure authentication system on a website.
However, instead of collecting and storing user passwords, she wants to use
a third-party system. Which of the following is the BEST choice to meet
this goal?
A. SAML
B. Kerberos
C. SSH
D. OAuth
15. Your organization is implementing an SDN. Management wants to use
an access control scheme that controls access based on attributes. Which of
the following is the BEST solution?
A. DAC
B. MAC
C. Role-BAC
D. ABAC
16. Lisa uses a Linux system to regularly connect to a remote server named
gcga with a secure ssh connection. However, the ssh account has a complex
password, and she wants to avoid using it without sacrificing security.
Which of the following commands would she use as a FIRST step when
creating a passwordless login with the remote system?
A. ssh-copy-id -i ~.ssh/id_rsa.pub lisa@gcga
B. chmod 644 ~/.ssh/id_rsa
C. ssh-keygen -t rsa
D. ssh root@gcga
17. Your organization plans to deploy a server in the screened subnet that
will perform the following functions:
Identify mail servers
Provide data integrity
Prevent poisoning attacks
Respond to requests for A and AAAA records
Which of the following will BEST meet these requirements?
A. DNS
B. DNSSEC
C. TLS
D. ESP
18. Your organization has added a hot site as shown in the following
graphic.
All firewalls should enforce the following requirements:
Use only secure protocols for remote management
Block cleartext web traffic
Users in the hot site are unable to access websites in the Internet. The
following graphic shows the current rules configured in Firewall 3.
You’re asked to verify the rules are configured correctly. Which rule, if any,
should be changed in Firewall 3?
A. HTTPS Outbound
B. HTTP Outbound
C. DNS
D. Telnet
E. SSH
F. None. All rules are correct.
19. Bart incorrectly wired a switch in your organization’s network. It
effectively disabled the switch as though it was a victim of a denial-ofservice attack. Which of the following should be done to prevent this
situation in the future?
A. Install an IDS.
B. Only use Layer 2 switches.
C. Install SNMPv3 on the switches.
D. Implement STP or RSTP.
20. Maggie is a sales representative for a software company. While in a
coffee shop, she uses her laptop to connect to the public Wi-Fi, check her
work emails, and upload details of a recent sale. Which of the following
would she use to prevent other devices on the public network from
accessing her laptop? (Choose the BEST two choices.)
A. TPM
B. HSM
C. Firewall
D. DLP
E. VPN
21. Your organization wants to combine some of the security controls used
to control incoming and outgoing network traffic. At a minimum, the
solution should include stateless inspection, malware inspection, and a
content filter. Which of the following BEST meets this goal?
A. VLAN
B. NAT
C. UTM
D. DNSSEC
E. WAF
22. Administrators are deploying a new Linux server in the screened subnet.
After it is installed, they want to manage it from their desktop computers
located within the organization’s private network. Which of the following
would be the BEST choice to meet this need?
A. Forward proxy server
B. Reverse proxy server
C. Web application firewall
D. Jump server
23. Attackers have recently launched several attacks against servers in your
organization’s DMZ. You are tasked with identifying a solution that will
have the best chance at preventing these attacks in the future. Which of the
following is the BEST choice?
A. An anomaly-based IDS
B. An inline IPS
C. A passive IDS
D. A signature-based IDS
24. A coffee shop recently stopped broadcasting the SSID (coffeewifi) for
its wireless network. Instead, paying customers can view it on their receipt
and use it to connect to the coffee shop’s wireless network. Today, Lisa
turned on her laptop computer, saw the SSID coffewifi, and connected to it.
Which of the following attacks is MOST likely occurring?
A. Rogue AP
B. Evil twin
C. Jamming
D. Bluejacking
25. Before personnel can enter a secure area, they must first place their
smartphones in one of several conductive metal lockboxes. The company
implemented this policy because management is concerned about risks
related to intellectual property. Which of the following represents the
GREATEST risk to intellectual property that this policy will mitigate?
A. Bluesnarfing
B. Theft of the smartphones
C. Data exfiltration over a mobile hotspot
D. To enable geofencing
26. Administrators are designing a site-to-site VPN between offices in two
different cities. Management mandated the use of certificates for mutual
authentication. Additionally, they want to ensure that internal IP addresses
are not revealed. Which of the following is the BEST choice to meet these
requirements?
A. IPsec VPN using Tunnel mode
B. IPsec VPN using Transport mode
C. L2TP VPN
D. VLAN VPN
27. Network administrators are considering adding an HSM to a server in
your network. What functions will this add to the server?
A. Provide full drive encryption
B. Reduce the risk of employees emailing confidential information
outside the organization
C. Provide webmail to clients
D. Generate and store keys used with servers
28. Bart needs to send an email to his supervisor with an attachment that
includes sensitive information. He wants to maintain the confidentiality of
this information. Which of the following choices is the BEST choice to
meet his needs?
A. Digital signature
B. Encryption
C. Data masking
D. Hashing
29. The Springfield school system stores some data in the cloud using its
own resources. The Shelbyville Nuclear Power Plant also stores some data
in the cloud using its own resources. Later, the two organizations decide to
share some data in both clouds for educational purposes. Which of the
following BEST describes the cloud created by these two organizations?
A. Community
B. Private
C. Public
D. XaaS
30. Your organization is planning to implement a CYOD deployment
model. You’re asked to provide input for the new policy. Which of the
following concepts are appropriate for this policy?
A. SCADA access
B. Storage segmentation
C. Database security
D. Embedded RTOS
31. Your organization plans to implement desktops via the cloud. Each
desktop will include an operating system and a core group of applications
needed by employees, and the cloud provider will manage the desktops.
Employees with Internet access will be able to access these desktops from
anywhere and almost any device. Which of the following BEST identifies
this service?
A. IaaS
B. CASB
C. SaaS
D. XaaS
32. A small business owner has asked you for advice. She wants to improve
the company’s security posture, but she doesn’t have any security staff.
Which of the following is the BEST solution to meet her needs?
A. SOAR
B. MSSP
C. SaaS
D. XaaS
33. Management at the Goody New Shoes retail chain decided to allow
employees to connect to the internal network using their personal mobile
devices. However, the organization is having problems with these devices,
including the following:
Employees do not keep their devices updated.
There is no standardization among the devices.
The organization doesn’t have adequate control over the
devices.
Management wants to implement a mobile device deployment model to
overcome these problems while still allowing employees to use their own
devices. Which of the following is the BEST choice?
A. BYOD
B. COPE
C. CYOD
D. IaaS
34. During a vulnerability scan, you discover some new systems in the
network. After investigating this, you verify that these systems aren’t
authorized because someone installed them without going through a
standard approval process. What does this describe?
A. Hacktivist
B. Script kiddie
C. Shadow IT
D. Authorized hacker
35. Homer recently received a phishing email with a malicious attachment.
He was curious so he opened it to see what it was. It installed malware on
his system, and quickly spread to other systems in the network. Security
investigators discovered that the malware exploited a vulnerability that
wasn’t previously known by any trusted sources. Which of the following
BEST describes this attack?
A. Open source intelligence
B. Zero-day
C. Hoax
D. DDoS
36. Lisa completed an antivirus scan on a server and detected a Trojan. She
removed the Trojan but was concerned that unauthorized personnel might
still be able to access data on the server and decided to check the server
further. Of the following choices, what is she MOST likely looking for on
this server?
A. Backdoor
B. Logic bomb
C. Rootkit
D. Botnet
37. Some network appliances monitoring incoming data have recently
started sending alerts on potentially malicious files. You discover that these
are PE32 files with the tar.gz extension, and they are being downloaded to
several user systems. After investigating further, you discover these users
previously opened an email with an infected MHT file. Which of the
following answers BEST describes this scenario?
A. The systems have joined a botnet.
B. Users installed ransomware.
C. Users installed a RAT, and it is downloading additional tools.
D. Shadow IT is running in the network.
38. Employees at the Marvin Monroe Memorial Hospital are unable to
access any computer data. Instead, they occasionally see a message
indicating that attackers encrypted all the data and it would remain
encrypted until the attackers received a hefty sum as payment. Which of the
following BEST describes this attack?
A. Criminal syndicate
B. Ransomware
C. Fileless virus
D. Rootkit
39. A SIEM system is sending several alerts indicating malware has
infected several employee computers. After examining the border firewall
and NIDS logs, IT personnel cannot identify malicious traffic entering the
network from the Internet. Additionally, they discover that all of these
employees attended a trade show during the past two days. Which of the
following is the MOST likely source of this malware?
A. A fileless virus embedded in a vCard
B. Malware on USB drives
C. A Trojan delivered from a botnet
D. Worms included in presentation media
40. Homer received an email letting him know he won the lottery. To claim
the prize, he needs to confirm his identity by providing his name, phone
number, address, and birth date. The email states he’ll receive the prize after
providing this information. What does this describe?
A. Spear phishing
B. Phishing
C. Smishing
D. Whaling
41. Some protocols include sequence numbers and timestamps. Which of
the following attacks are thwarted by using these components?
A. MAC flooding
B. Replay
C. SYN flood
D. Salting
42. You’re reviewing the logs for a web server and see several suspicious
entries. You suspect that an attacker is attempting to write more data into a
web application’s memory than it can handle. What does this describe?
A. Pointer/object dereference
B. Race condition exploit
C. DLL injection attack
D. Buffer overflow attack
43. Your organization hosts a web application selling digital products.
Customers can also post comments related to their purchases. Management
suspects that attackers are looking for vulnerabilities that they can exploit.
Which of the following will BEST test the cybersecurity resilience of this
application?
A. Fuzzing
B. Input validation
C. Error handling
D. Anti-malware
44. An attacker has launched several successful XSS attacks on a web
application hosted by your organization. Which of the following are the
BEST choices to protect the web application and prevent this attack?
(Select TWO.)
A. Dynamic code analysis
B. Input validation
C. Code obfuscation
D. WAF
E. Normalization
45. Hacker Harry has an account on a website that he uses when posting
comments. When he visits, he enters his username and password to log on,
and the site displays his username with any comments he makes. Today, he
noticed that he could enter JavaScript code as part of his username. After
entering the code, other users experienced unexpected results when
hovering over his username. What does this describe?
A. Cross-site scripting
B. Input validation
C. Privilege escalation
D. Directory traversal
46. Which of the following BEST describes the purpose of a risk register?
A. It shows risks on a plot or graph.
B. It provides a listing of risks, the risk owner, and the mitigation
measures.
C. It shows risks on a color-coded graph.
D. It evaluates the supply chain.
47. Maggie is performing a risk assessment for an organization. She
identifies the loss for the previous year due to a specific risk as $5,000.
What does this represent?
A. SLE
B. ARO
C. MTBF
D. ALE
48. Ziffcorp is developing a new technology that they expect to become a
huge success when it’s released. The CIO is concerned about someone
stealing their company secrets related to this technology. Which of the
following will help the CIO identify potential dangers related to the loss of
this technology?
A. Threat hunting
B. Vulnerability scan
C. SOAR
D. SIEM
49. Your organization hired a cybersecurity expert to perform a security
assessment. After running a vulnerability scan, she sees the following error
on a web server:
- Host IP 192.168.1.10 OS Apache httpd 2.433 Vulnerable to mod_auth
exploit
However, she verified that the mod_auth module has not been installed or
enabled on the server. Which of the following BEST explains this scenario?
A. A false negative
B. A false positive
C. The result of a credentialed scan
D. The result of a non-credentialed scan
50. You are reviewing a report created after a recent vulnerability scan.
However, it isn’t clear if the scan was run as a credentialed scan or a noncredentialed scan. Which of the following would give you the BEST
indication that the scan was a credentialed scan?
A. The report shows software versions of installed applications.
B. The report shows a large number of false positives.
C. The report shows a listing of IP addresses it discovered.
D. The report shows a listing of open ports.
51. Your IT department includes a subgroup of employees dedicated to
cybersecurity testing. Each member of this group has knowledge of known
TTPs and how to use them. Additionally, each member of this group has
knowledge of security controls that would be implemented to protect
network resources. Which of the following BEST describes members of this
team?
A. Members of the red team
B. Members of the blue team
C. Members of the purple team
D. Members of the white team
52. You suspect servers in your screened subnet are being attacked by an
Internet-based attacker. You want to view IPv4 packet data reaching these
servers from the Internet. Which of the following would be the BEST
choice to meet this need?
A. Protocol analyzer
B. IP scanner
C. Vulnerability scanner
D. Proxy server
E. Heuristic-based IDS
53. Your organization has decided to move some data to a cloud provider,
and management has narrowed their search down to three possible choices.
Management wants to ensure that the cloud provider they choose has strong
cybersecurity controls in place. Which of the following reports would they
MOST likely want the cloud provider to give to them?
A. SOC 2 Type I
B. SOC 2 Type II
C. SOC 3
D. SOC 1
54. You need to identify and mitigate potential single points of failure in
your organization’s security operations. Which of the following policies
would help you?
A. A disaster recovery plan
B. A business impact analysis
C. Annualized loss expectancy
D. Separation of duties
55. Administrators at your organization want to increase cybersecurity
resilience of key servers by adding fault tolerance capabilities. However,
they have a limited budget. Which of the following is the BEST choice to
meet these needs?
A. Alternate processing site
B. RAID-10
C. Backups
D. Faraday cage
56. Your organization’s backup policy for a file server dictates that the
amount of time needed to restore backups should be minimized. Which of
the following backup plans would BEST meet this need?
A. Full backups on Sunday and incremental backups on the other six
days of the week
B. Full backups on Sunday and differential backups on the other six
days of the week
C. Incremental backups on Sunday and differential backups on the
other six days of the week
D. Differential backups on Sunday and incremental backups on the
other six days of the week
57. A security analyst recently completed a BIA and defined the maximum
acceptable outage time for a critical system. What does this identify?
A. RTO
B. RPO
C. MTTR
D. MTBF
58. The new chief technology officer (CTO) at your organization wants to
ensure that critical business systems are protected from isolated outages.
Which of the following would let her know how often these systems will
experience outages?
A. MTTR
B. MTBF
C. RTO
D. RPO
59. The Ninth National Bank of Springfield is considering an alternate
location as part of its continuity of operations plan. It wants to identify a
site resiliency solution that provides the shortest recovery time. Which of
the following is the BEST choice?
A. Cold site
B. Warm site
C. Hot site
D. Snapshot
60. Cybersecurity experts in your organization are creating a detailed plan
identifying how to recover critical systems if these systems suffer a
complete loss. What type of plan are they MOST likely creating?
A. Backup plan
B. Incident response plan
C. Communications plan
D. Disaster recovery plan
61. Your organization is planning to expand its cloud-based services offered
to the public. In preparation, they expanded the data center. It currently has
one row of racks for servers, but they plan to add at least one more row of
racks for servers. Engineers calculated the power and HVAC requirements
and said the best way to reduce utility costs is by ensuring the two server
rows are facing in the opposite direction. What is the primary reason for
this configuration?
A. To provide fire suppression
B. To reduce power consumption from the servers
C. To create hot and cold aisles
D. To create an air gap
62. As a security administrator, you receive an antivirus alert from a server
in your network indicating one of the files has a hash of known malware.
The file was pushed to the server from the organization’s patch
management system and is scheduled to be applied to the server early the
next morning. The antivirus software indicates that the file and hash of the
malware are:
File: gcga_upgrade.exe
Hash: 518b571e26035d95e5e9232b4affbd84
Checking the logs of the patch management system, you see the
following information:
**Status
Update Name
Hash**
Pushed
gcga_upgrade.exe
518b571e26035d95e5e9232b4affbd84
Which of the following indicates what MOST likely occurred?
A. The file was infected after it was pushed out to the server.
B. The file was embedded with crypto-malware before it was pushed
to the server.
C. The file was listed in the patch management system’s blacklist.
D. The file was infected when the patch management system
downloaded it.
63. An organization requested bids for a contract and asked companies to
submit their bids via email. After winning the bid, Bizzfad realized it
couldn’t meet the requirements of the contract. Bizzfad instead stated that it
never submitted the bid. Which of the following would provide proof to the
organization that Bizzfad did submit the bid, if it was used?
A. Digital signature
B. Integrity
C. Repudiation
D. Encryption
64. An application requires users to log on with passwords. The application
developers want to store the passwords in such a way that it will thwart
rainbow table attacks. Which of the following is the BEST solution?
A. Implement salting.
B. Implement hashing.
C. Implement homomorphic encryption.
D. Implement perfect forward secrecy.
65. Your SIEM system sent an alert related to multiple failed logins.
Reviewing the logs, you notice login failures for about 100 different
accounts. The logs then show the same accounts indicate login failures
starting about three hours after the first login failure. Which of the
following BEST describes this activity?
A. A brute force attack
B. A dictionary attack
C. A spraying attack
D. An account lockout attack
66. Your organization maintains a data center to store data. Management
has decided to move a large amount of financial data into cloud storage to
reduce costs with the data center. This data is regularly accessed and
sometimes manipulated by employees, customers, and vendors around the
world. Management has mandated that the data always needs to be
encrypted while in the cloud. Which of the following is the BEST choice to
meet these requirements?
A. Symmetric encryption
B. Asymmetric encryption
C. Homomorphic encryption
D. Steganography encryption
67. Lisa and Bart need to exchange emails over the Internet using an
unsecured channel. These emails need to provide non-repudiation. They
decide to use certificates on each of their computers. What would they use
to sign their certificates?
A. CRL
B. OCSP
C. CSR
D. CA
E. DSA
68. An administrator is installing a certificate with a private key on a server.
Which of the following certificate types is he MOST likely installing?
A. DER
B. P12
C. CER
D. P7B
69. Your organization is negotiating with an outside vendor to host cloudbased resources. Management wants to ensure the vendor commits to
returning the systems to full operation after an outage within a certain time
frame. Which of the following is the organization MOST likely
negotiating?
A. MTTR
B. NDA
C. SLA
D. DLP
70. Your organization has hired outside consultants to evaluate forensic
processes used by internal security specialists. The consultants are
evaluating the tools and processes used for digital forensics to identify any
variations that may exist. Which of the following BEST describes what
these consultants are performing?
A. AUP
B. NDA
C. SLA
D. MSA
71. Your organization recently developed an incident response policy and is
beginning to implement an incident response plan. Which of the following
items is the FIRST step in an incident response process?
A. Preparation
B. Identification
C. Containment
D. Eradication
72. Security administrators have been responding to an increasing number
of incident alerts, making it harder for them to respond to each promptly.
Management wants to implement a solution that will automate the response
of some of these incidents without requiring real-time involvement by
security administrators. Which of the following will BEST meet this need?
A. SOAR
B. DLP
C. STIX
D. TAXII
73. Security administrators have isolated a Linux server after a successful
attack. A forensic analyst is tasked with creating an image of the hard drive
of this system for analysis. Which of the following will the analyst MOST
likely use to create the image?
A. tcpreplay
B. chmod
C. dd
D. Cuckoo
74. A forensic expert is preparing to analyze a hard drive. Which of the
following should the expert do FIRST?
A. Capture an image of the disk with dd.
B. Identify the order of volatility.
C. Copy the contents of memory with memdump.
D. Create a chain of custody document.
75. Your company hosts an e-commerce site that sells renewable
subscriptions for services. Customers can choose to renew their
subscription monthly or annually automatically. However, management
doesn’t want to store customer credit card information on any database or
system managed by the company. Which of the following can be used
instead?
A. Pseudo-anonymization
B. Tokenization
C. Data minimization
D. Anonymization
Related documents
LAP GUEST SURVEY
LAP GUEST SURVEY
BAL BHARATI PUBLIC SCHOOL, PITAMPURA Computer Assignment 2 - FA2
BAL BHARATI PUBLIC SCHOOL, PITAMPURA Computer Assignment 2 - FA2
Name Walk around the room and
Name Walk around the room and
Security Questions and Answers
Security Questions and Answers
Sample questions to ask online storage vendors
Sample questions to ask online storage vendors
UNIVERSITY OF SOUTHERN CALIFORNIA Systems Administrator III Job Code: 165371
UNIVERSITY OF SOUTHERN CALIFORNIA Systems Administrator III Job Code: 165371
Download
advertisement