As company uses wireless for all laptops and keeps a very detailed record of its assets, along with a comprehensive list of devices that are authorized to be on the wireless network. The Chief Information Officer (CIO) is concerned about a script kiddie potentially using an unauthorized device to brute force the wireless PSK and obtain access to the internal network. Which of the following should the company implement to BEST prevent this from occurring?


A. A BPDU guard
B. WPA-EAP
C. IP filtering
D. A WIDS

Company engineers regularly participate in a public Internet forum with other engineers throughout the industry.
Which of the following tactics would an attacker MOST likely use in this scenario?


A. Watering-hole attack
B. Credential harvesting
C. Hybrid warfare
D. Pharming

A security analyst is performing a forensic investigation involving compromised account credentials. Using the Event Viewer, the analyst was able to detect the following message: "Special privileges assigned to new logon." Several of these messages did not have a valid logon associated with the user before these privileges were assigned. Which of the following attacks is MOST likely being detected?


A. Pass-the-hash
B. Buffer overflow
C. Cross-site scripting
D. Session replay

A vulnerability assessment report will include the CVSS score of the discovered vulnerabilities because the score allows the organization to better:


A. validate the vulnerability exists in the organization's network through penetration testing.
B. research the appropriate mitigation techniques in a vulnerability database.
C. find the software patches that are required to mitigate a vulnerability.
D. prioritize remediation of vulnerabilities based on the possible impact.

The cost of removable media and the security risks of transporting data have become too great for a laboratory.
The laboratory has decided to interconnect with partner laboratories to make data transfers easier and more secure. The Chief Security Officer (CSO) has several concerns about proprietary data being exposed once the interconnections are established. Which of the following security features should the network administrator implement to prevent unwanted data exposure to users in partner laboratories?


A. VLAN zoning with a file-transfer server in an external-facing zone
B. DLP running on hosts to prevent file transfers between networks
C. NAC that permits only data-transfer agents to move data between networks
D. VPN with full tunneling and NAS authenticating through the Active Directory

A security assessment determines DES and 3DES are still being used on recently deployed production servers.
Which of the following did the assessment identify?


A. Unsecure protocols
B. Default settings
C. Open permissions
D. Weak encryption

Which of the following is a team of people dedicated to testing the effectiveness of organizational security programs by emulating the techniques of potential attackers?


A. Red team
B. White team
C. Blue team
D. Purple team

A recent audit uncovered a key finding regarding the use of a specific encryption standard in a web application that is used to communicate with business customers. Due to the technical limitations of its customers, the company is unable to upgrade the encryption standard. Which of the following types of controls should be used to reduce the risk created by this scenario?


A. Physical
B. Detective
C. Preventive
D. Compensating

A user recently entered a username and password into a recruiting application website that had been forged to look like the legitimate site. Upon investigation, a security analyst identifies the following:
– The legitimate website's IP address is 10.1.1.20 and eRecruit.local resolves to this IP.
– The forged website's IP address appears to be 10.2.12.99, based on NetFlow records.
– All three of the organization's DNS servers show the website correctly resolves to the legitimate IP.
– DNS query logs show one of the three DNS servers returned a result of 10.2.12.99 (cached) at the
approximate time of the suspected compromise.
Which of the following MOST likely occurred?


A. A reverse proxy was used to redirect network traffic.
B. An SSL strip MITM attack was performed.
C. An attacker temporarily poisoned a name server.
D. An ARP poisoning attack was successfully executed.

A security engineer is reviewing log files after a third party discovered usernames and passwords for the organization's accounts. The engineer sees there was a change in the IP address for a vendor website one week earlier. This change lasted eight hours. Which of the following attacks was MOST likely used?


A. Man-in-the-middle
B. Spear-phishing
C. Evil twin
D. DNS poisoning