NEW QUESTION 1
An administrator has configured a new Linux server with the FTP service. Upon verifying that the service was configured correctly, the administrator has several users test the FTP service. Users report that they are able to connect to the FTP service and download their personal files, however, they cannot transfer new files to the server. Which of the following will most likely fix the uploading issue for the users?

• A. Create an ACL to allow the FTP service write access to user directories
• B. Set the Boolean selinux value to allow FTP home directory uploads
• C. Reconfigure the ftp daemon to operate without utilizing the PSAV mode
• D. Configure the FTP daemon to utilize PAM authentication pass through user permissions

Answer: A

NEW QUESTION 2
A penetration tester is crawling a target website that is available to the public. Which of the following represents the actions the penetration tester is performing?

• A. URL hijacking
• B. Reconnaissance
• C. White box testing
• D. Escalation of privilege

Answer: B

NEW QUESTION 3
Which of the following is a document that contains detailed information about actions that include how something will be done, when the actions will be performed, and penalties for failure?

• A. MOU
• B. ISA
• C. BPA
• D. SLA

Answer: D

NEW QUESTION 4
An analyst is reviewing a simple program for potential security vulnerabilities before being deployed to a Windows server. Given the following code:

Which of the following vulnerabilities is present?

• A. Bad memory pointer
• B. Buffer overflow
• C. Integer overflow
• D. Backdoor

Answer: B

NEW QUESTION 5
The Chief Security Officer (CISO) at a multinational banking corporation is reviewing a plan to upgrade the entire corporate IT infrastructure. The architecture consists of a centralized cloud environment hosting the majority of data, small server clusters at each corporate location to handle the majority of customer transaction processing, ATMs, and a new mobile banking application accessible from smartphones, tablets, and the Internet via HTTP. The corporation does business having varying data retention and privacy laws.
Which of the following technical modifications to the architecture and corresponding security controls should be implemented to provide the MOST complete protection of data?

• A. Revoke exiting root certificates, re-issue new customer certificates, and ensure all transactions are digitally signed to minimize fraud, implement encryption for data in-transit between data centers
• B. Ensure all data is encryption according to the most stringent regulatory guidance applicable, implement encryption for data in-transit between data centers, increase data availability by replicating all data, transaction data, logs between each corporate location
• C. Store customer data based on national borders, ensure end-to end encryption between ATMs, end users, and servers, test redundancy and COOP plans to ensure data is not inadvertently shifted from one legal jurisdiction to another with more stringent regulations
• D. Install redundant servers to handle corporate customer processing, encrypt all customer data to ease the transfer from one country to another, implement end-to-end encryption between mobile applications and the cloud.

Answer: C

NEW QUESTION 6
An organization wants to conduct secure transactions of large data files. Before encrypting and exchanging the data files, the organization wants to ensure a secure exchange of keys. Which of the following algorithms is appropriate for securing the key exchange?

• A. DES
• B. Blowfish
• C. DSA
• D. Diffie-Hellman
• E. 3DES

Answer: D

NEW QUESTION 7
To help prevent one job role from having sufficient access to create, modify, and approve payroll data, which of the following practices should be employed?

• A. Least privilege
• B. Job rotation
• C. Background checks
• D. Separation of duties

Answer: D

NEW QUESTION 8
A security analyst receives an alert from a WAF with the following payload: var data= “<test test test>” ++ <../../../../../../etc/passwd>”
Which of the following types of attacks is this?

• A. Cross-site request forgery
• B. Buffer overflow
• C. SQL injection
• D. JavaScript data insertion
• E. Firewall evasion script

Answer: D

NEW QUESTION 9
Which of the following vulnerability types would the type of hacker known as a script kiddie be MOST dangerous against?

• A. Passwords written on the bottom of a keyboard
• B. Unpatched exploitable Internet-facing services
• C. Unencrypted backup tapes
• D. Misplaced hardware token

Answer: B

NEW QUESTION 10
A black hat hacker is enumerating a network and wants to remain covert during the process. The hacker initiates a vulnerability scan. Given the task at hand the requirement of being covert, which of the following statements BEST indicates that the vulnerability scan meets these requirements?

• A. The vulnerability scanner is performing an authenticated scan.
• B. The vulnerability scanner is performing local file integrity checks.
• C. The vulnerability scanner is performing in network sniffer mode.
• D. The vulnerability scanner is performing banner grabbing.

Answer: C

NEW QUESTION 11
A company is developing a new system that will unlock a computer automatically when an authorized user sits in front of it, and then lock the computer when the user leaves. The user does not have to perform any action for this process to occur. Which of the following technologies provides this capability?

• A. Facial recognition
• B. Fingerprint scanner
• C. Motion detector
• D. Smart cards

Answer: A

NEW QUESTION 12
An organization plans to implement multifactor authentication techniques within the enterprise network architecture. Each authentication factor is expected to be a unique control. Which of the following BEST describes the proper employment of multifactor authentication?

• A. Proximity card, fingerprint scanner, PIN
• B. Fingerprint scanner, voice recognition, proximity card
• C. Smart card, user PKI certificate, privileged user certificate
• D. Voice recognition, smart card, proximity card

Answer: A

NEW QUESTION 13
A malicious attacker has intercepted HTTP traffic and inserted an ASCII line that sets the referrer URL. Which of the following is the attacker most likely utilizing?

• A. Header manipulation
• B. Cookie hijacking
• C. Cross-site scripting
• D. Xml injection

Answer: A

NEW QUESTION 14
A company wants to host a publicity available server that performs the following functions:
Evaluates MX record lookup
Can perform authenticated requests for A and AAA records
Uses RRSIG
Which of the following should the company use to fulfill the above requirements?

• A. LDAPS
• B. DNSSEC
• C. SFTP
• D. nslookup
• E. dig

Answer: B

NEW QUESTION 15
Which of the following encryption methods does PKI typically use to securely project keys?

• A. Elliptic curve
• B. Digital signatures
• C. Asymmetric
• D. Obfuscation

Answer: C

NEW QUESTION 16
An external contractor, who has not been given information about the software or network architecture, is conducting a penetration test. Which of the following BEST describes the test being performed?

• A. Black box
• B. White box
• C. Passive reconnaissance
• D. Vulnerability scan

Answer: A

NEW QUESTION 17
Joe, a user, has been trying to send Ann, a different user, an encrypted document via email. Ann has not received the attachment but is able to receive the header information. Which of the following is MOST likely preventing Ann from receiving the encrypted file?

• A. Unencrypted credentials
• B. Authentication issues
• C. Weak cipher suite
• D. Permission issues

Answer: B