Which of the following would be BEST to use to apply corporate security settings to a device? Show
On which of the following is a security technician MOST likely to find usernames? Which of the following is a way to manage operating system updates? A programmer has decided to alter the server variable in the coding of an authentication function for a proprietary sales application. Before implementing the new routine on the production application server, which of the following processes should be followed? When deploying 50 new workstations on the network, which of following should be completed FIRST? c. Apply the baseline configuration. Which of the following may be an indication of a possible system compromise? A performance monitor indicates a recent and ongoing drop in speed, disk space or memory utilization from the baseline. After implementing file auditing, which of the following logs would show unauthorized usage attempts? Which of the following would be MOST useful to determine why packets from a computer outside the network are being dropped on the way to a computer inside the network? Which of the following specifies a set of consistent requirements for a workstation or server? d. Configuration baseline A technician suspects that a piece of malware is consuming too many CPU cycles and slowing down a system. Which of the following will help determine the amount of CPU cycles that are being consumed? b. Run performance monitor to evaluate the CPU usage. An administrator has developed an OS install that will implement the tightest security controls possible. In order to quickly replicate these controls on all systems, which of the following should be established? b. Create an image from the OS install. Sending a patch through a testing and approval process is an example of which of the following? A user is convinced that someone is attempting to use their user account at night. Which of the following should an administrator check FIRST in order to prove or disprove this claim? c. The local security logs An intrusion has been detected on a companys network from the Internet. Which of the following should be checked FIRST? Configuration baselines should be taken at which of the following stages in the deployment of a new system? d. After initial configuration An administrator is running a network monitoring application that looks for behaviors on the network outside the standard baseline that has been established. This is typical of a(n): If a technician wants to know when a computer application is accessing the network, which of the following logs should be reviewed? A technician notices delays in mail delivery on the mail server. Which of the following tools could be used to determine the cause of the service degradation? Which of the following would be the easiest to use in detection of a DDoS attack? Which of the following is BEST used to determine whether network utilization is abnormal? From a security standpoint, which of the following is the BEST reason to implement performance monitoring applications on network systems? d. To detect availability degradations caused by attackers Which of the following tools will allow a technician to detect security-related TCP connection anomalies? Which of the following monitoring methodologies will allow a technician to determine when there is a security related problem that results in an abnormal condition? Which of the following describes the standard load for all systems? a. Configuration baseline A botnet zombie is using HTTP traffic to encapsulate IRC traffic. Which of the following would detect this encapsulated traffic? An administrator suspects an issue retrieving files on the network and accesses the file servers performance monitor to check the results against: a. the performance baseline. Which of the following logs shows when the workstation was last shutdown? Which of the following is a best practice auditing procedure? b. Review user access and rights Audit trails are used for which of the following? Executing proper logging procedures would facilitate which of the following requirements? b. Investigate suspicious queries to the DNS server. Which of the following is a concern when setting logging to a debug level? . The log may fill up with extraneous information. Which of the following activities commonly involves feedback from departmental managers or human resources? c. User access and rights review A technician finds that a malicious user has introduced an unidentified virus to a single file on the network. Which of the following would BEST allow for the user to be identified? A company’s accounting application requires users to be administrators for the software to function correctly. Because of the security implications of this, a network administrator builds a user profile which allows the user to still use the application but no longer requires them to have administrator permissions. Which of the following is this an example of? An administrator in an organization with 33,000 users would like to store six months of Internet proxy logs on a dedicated logging server for analysis and content reporting. The reports are not time critical, but are required by upper management for legal obligations. All of the following apply when determining the requirements for the logging server EXCEPT: c. performance baseline and audit trails. Which of the following tools would be BEST for monitoring changes to the approved system baseline? b. Enterprise performance monitoring software A periodic security audit of group policy can: d. show that unnecessary services are blocked on workstations. Which of the following is the primary purpose of an audit trail? a. To detect when a user changes security permissions Which of the following describes a common problem encountered when conducting audit log reviews? a. The timestamp for the servers are not synchronized. Which of the following is the BEST approach when reducing firewall logs? b. Discard known traffic first A technician wants to be able to add new users to a few key groups by default, which of the following would allow this? A technician gets informed that there is a worm loose on the network. Which of the following should the technician review to discover the internal source of the worm? Which of the following requires an update to the baseline after installing new software on a machine? Which of the following should be considered when implementing logging controls on multiple systems? (Select TWO). b. Systems clock synchronization Security templates are used for which of the following purposes? (Select TWO). d. To ensure that all servers start from a common security configuration Executing proper logging procedures would be the proper course of action in which of the following scenarios? (Select TWO). b. Need to know which files have been accessed Which of the following should be considered when executing proper logging procedures? (Select TWO). a. The information that is needed to reconstruct events Which of the following are recommended security measures when implementing system logging procedures? (Select TWO). b. Apply retention policies on the log files. Which of the following BEST describes actions pertaining to user account reviews? (Select TWO). a. User account reports are periodically extracted from systems and employment verification is performed. Setting a baseline is required in which of the following? (Select TWO). a. Anomaly-based monitoring Which of the following must be used when setting up a DMZ?To build a Demilitarized Zone Network, you need a firewall with three network interfaces: one for untrusted networks (Internet), one for the DMZ, and one for the internal network.
Which of the following authentication protocols makes use of a supplicant authenticator and authentication server?Which of the following authentication protocols makes use of a supplicant, authenticator, and authentication server? Cyclic Redundancy Check.
What can happen if access mechanisms to data on an encrypted USB hard drive are not implemented correctly?What can happen if access mechanisms to data on an encrypted USB hard drive are not implemented correctly? The security controls on the USB drive can be bypassed.
Which type of malware does not require a user to execute a program to distribute the software?A worm is a standalone program that replicates itself to infect other computers, without requiring action from anyone. Since they can spread fast, worms are often used to execute a payload—a piece of code created to damage a system.
|