Which course of action would be an effective temporary stopgap to secure the network until a permanent solution can be found?
John a network administrator at Northeast High School. Faculty have been complaining that although they can detect and authenticate to the faculty wireless network, they are unable to connect. While troubleshooting, John discovers that the wireless network server is out of DHCP addresses due to a large number of unauthorized...
According to attack lifecycle models, what is the attacker’s first step in compromising an organization?
According to attack lifecycle models, what is the attacker’s first step in compromising an organization?A . Privilege EscalationB . ExploitationC . Initial CompromiseD . ReconnaissanceView AnswerAnswer: D
What is a recommended defense for the CIS Control for Application Software Security?
What is a recommended defense for the CIS Control for Application Software Security?A . Keep debugging code in production web applications for quick troubleshootingB . Limit access to the web application production environment to just the developersC . Run a dedicated vulnerability scanner against backend databasesD . Display system error...
What could have been done to prevent this level of access being given to the intruder upon successful exploitation?
An Internet retailer's database was recently exploited by a foreign criminal organization via a remote attack. The initial exploit resulted in immediate root-level access. What could have been done to prevent this level of access being given to the intruder upon successful exploitation?A . Configure the DMZ firewall to block...
Which of the following approaches will meet this need?
A need has been identified to organize and control access to different classifications of information stored on a fileserver. Which of the following approaches will meet this need?A . Organize files according to the user that created them and allow the user to determine permissionsB . Divide the documents into...
Which of the following will be most effective?
An organization wants to test its procedure for data recovery. Which of the following will be most effective?A . Verifying a file can be recovered from backup mediaB . Verifying that backup process is running when it shouldC . Verifying that network backups can’t be read in transitD . Verifying...
Which of the following is a reliable way to test backed up data?
Which of the following is a reliable way to test backed up data?A . Verify the file size of the backupB . Confirm the backup service is running at the proper timeC . Compare data hashes of backed up data to original systemsD . Restore the data to a systemView...
Implementing which of the following will decrease spoofed e-mail messages?
Implementing which of the following will decrease spoofed e-mail messages?A . Finger ProtocolB . Sender Policy FrameworkC . Network Address TranslationD . Internet Message Access ProtocolView AnswerAnswer: B
Which of the following best describes the CIS Controls?
Which of the following best describes the CIS Controls?A . Technical, administrative, and policy controls based on research provided by the SANS InstituteB . Technical controls designed to provide protection from the most damaging attacks based on current threat dataC . Technical controls designed to augment the NIST 800 seriesD...
Which of the following actions is focused on correcting rather than preventing attack?
An organization has implemented a policy to detect and remove malicious software from its network. Which of the following actions is focused on correcting rather than preventing attack?A . Configuring a firewall to only allow communication to whitelisted hosts and portsB . Using Network access control to disable communication by...