An administrator is unable to connect to a server via VNC.

Upon investigating the host firewall configuration, the administrator sees the following lines:

– A INPUT -m state –state NEW -m tcp -p tcp –dport 3389 -j DENY

– A INPUT -m state –state NEW -m tcp -p tcp –dport 22 -j DENY

– A INPUT -m state –state NEW -m tcp -p tcp –dport 10000 -j ACCEPT

– A INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j DENY

– A INPUT -m state –state NEW -m tcp -p tcp –sport 3389 -j ACCEPT

Which of the following should occur to allow VNC access to the server?

A. DENY needs to be changed to ACCEPT on one line.

B. A line needs to be added.

C. A line needs to be removed.

D. Fix the typo in one line.


Answer: B




 Company A is trying to implement controls to reduce costs and time spent on litigation.

To accomplish this, Company A has established several goals:

– Prevent data breaches from lost/stolen assets

– Reduce time to fulfill e-discovery requests

– Prevent PII from leaving the network

– Lessen the network perimeter attack surface

– Reduce internal fraud

Which of the following solutions accomplishes the MOST of these goals?

A. Implement separation of duties; enable full encryption on USB devices and cell phones, allow cell phones to remotely connect to e-mail and network VPN, enforce a 90 day data retention policy.

B. Eliminate VPN access from remote devices. Restrict junior administrators to read-only shell access on network devices. Install virus scanning and SPAM filtering. Harden all servers with trusted OS extensions.

C. Create a change control process with stakeholder review board, implement separation of duties and mandatory vacation, create regular SAN snapshots, enable GPS tracking on all cell phones and laptops, and fully encrypt all email in transport.

D. Implement outgoing mail sanitation and incoming SPAM filtering. Allow VPN for mobile devices; cross train managers in multiple disciplines, ensure all corporate USB drives are provided by Company A and de-duplicate all server storage.


Answer: A




A security architect is seeking to outsource company server resources to a commercial cloud service provider. The provider under consideration has a reputation for poorly controlling physical access to datacenters and has been the victim of multiple social engineering attacks. The service provider regularly assigns VMs from multiple clients to the same physical resources. When conducting the final risk assessment which of the following should the security architect take into consideration?

A. The ability to implement user training programs for the purpose of educating internal staff about the dangers of social engineering.

B. The cost of resources required to relocate services in the event of resource exhaustion on a particular VM.

C. The likelihood a malicious user will obtain proprietary information by gaining local access to the hypervisor platform.

D. Annual loss expectancy resulting from social engineering attacks against the cloud service provider affecting corporate network infrastructure.


Answer: C




The root cause analysis of a recent security incident reveals that an attacker accessed a printer from the Internet. The attacker then accessed the print server, using the printer as a launch pad for a shell exploit. The print server logs show that the attacker was able to exploit multiple accounts, ultimately launching a successful DoS attack on the domain controller.

Defending against which of the following attacks should form the basis of the incident mitigation plan?


B. SYN flood

C. Buffer overflow

D. Privilege escalation


Answer: D




An existing enterprise architecture included an enclave where sensitive research and development work was conducted. This network enclave also served as a storage location for proprietary corporate data and records. The initial security architect chose to protect the enclave by restricting access to a single physical port on a firewall. All downstream network devices were isolated from the rest of the network and communicated solely through the single 100mbps firewall port. Over time, researchers connected devices on the protected enclave directly to external resources and corporate data stores. Mobile and wireless devices were also added to the enclave to support high speed data research. Which of the following BEST describes the process which weakened the security posture of the enclave?

A. Emerging business requirements led to the de-perimiterization of the network.

B. Emerging security threats rendered the existing architecture obsolete.

C. The single firewall port was oversaturated with network packets.

D. The shrinking of an overall attack surface due to the additional access.



Answer: A




At one time, security architecture best practices led to networks with a limited number (1-3) of network access points. This restriction allowed for the concentration of security resources and resulted in a well defined attack surface. The introduction of wireless networks, highly portable network devices, and cloud service providers has rendered the network boundary and attack surface increasingly porous. This evolution of the security architecture has led to which of the following?

A. Increased security capabilities, the same amount of security risks and a higher TCO but a smaller corporate datacenter on average.

B. Increased business capabilities and increased security risks with a lower TCO and smaller physical footprint on the corporate network.

C. Increased business capabilities and increased security risks with a higher TCO and a larger physical footprint.

D. Decreased business capabilities and increased security risks with a lower TCO and increased logical footprint due to virtualization.


Answer: C




An administrator notices the following file in the Linux server’s /tmp directory.

-rwsr-xr-x. 4  root  root  234223  Jun  6  22:52  bash*

Which of the following should be done to prevent further attacks of this nature?

A. Never mount the /tmp directory over NFS

B. Stop the rpcidmapd service from running

C. Mount all tmp directories nosuid, noexec

D. Restrict access to the /tmp directory


Answer: C





Company ABC has entered into a marketing agreement with Company XYZ, whereby ABC will share some of its customer information with XYZ. However, XYZ can only contact ABC customers who explicitly agreed to being contacted by third parties. Which of the following documents would contain the details of this marketing agreement?






Answer: A




Company ABC has a 100Mbps fiber connection from headquarters to a remote office 200km (123 miles) away. This connection is provided by the local cable television company. ABC would like to extend a secure VLAN to the remote office, but the cable company says this is impossible since they already use VLANs on their internal network. Which of the following protocols should the cable company be using to allow their customers to establish VLANs to other sites?




D. 802.1q


Answer: C




An ecommerce application on a Linux server does not properly track the number of incoming connections to the server and may leave the server vulnerable to which of following?

A. Buffer Overflow Attack

B. Storage Consumption Attack

C. Denial of Service Attack

D. Race Condition


Answer: C



Comments are closed.