SANS SEC530 exam with correct answers, Exams of Nursing

Download SANS SEC530 exam with correct answers and more Exams Nursing in PDF only on Docsity!

Which |of |the |following |is |a |recommended |USB |keyboard |mitigation |for |sites |requiring |high |security?

A) |Disable |USB |ports |in |the |system.

B) |Restrict |USB |devices |with |approved |PIDs |and |VIDs.

C) |Block |the |USB |devices |physically.

D) |Restrict |USB |devices |with |approved |user |accounts. |- |correct |answer |-✔C) |Block |the |USB |devices |physically.

Which |of |the |following |Cisco |IOS |commands |is |used |to |shut |the |port |down |automatically |when |the |maximum |number |of |MAC |addresses |is |exceeded?

A) |switchport |port-security |violation |shutdown

B) |switchport |port-security |limit |rate |source-mac-shutdown

C) |switchport |port-security |violation |auto-shutdown

D) |switchport |port-security |mac-exceed-port-shutdown |- |correct |answer |-✔A) |switchport |port-security |violation |shutdown

What |is |a |common |failing |associated |with |focusing |only |on |compliance-drive |security?

A) |Compliance-driven |security |tends |to |focus |only |on |hardening |internal |systems.

B) |Compliance-driven |security |tends |to |focus |only |on |hardening |the |perimeter.

C) |Compliance-driven |security |tends |to |be |costly |in |terms |of |solutions |and |resources.

D) |Compliance-driven |security |tends |to |fail |in |the |face |of |a |persistent |adversary.

|- |correct |answer |-✔D) |Compliance-driven |security |tends |to |fail |in |the |face |of |a |persistent |adversary.

Which |of |the |following |is |described |by |Lockheed |Martin |as |a |countermeasure |action |to |the |Kill |Chain?

A) |Disrupt

B) |Prevent

C) |React

D) |Remove |- |correct |answer |-✔A) |Disrupt

What |is |an |easy |to |implement |and |effective |control |an |organization |can |leverage |to |make |pivoting |more |difficult |for |an |attacker?

A) |WPA

B) |P2P |patching

C) |Private |VLAN

D) |VPN |- |correct |answer |-✔C) |Private |VLAN

Which |type |of |private |VLAN |ports |may |only |communicate |with |promiscuous |ports?

C) |Schedule |the |CDP |patch |regularly.

D) |Enable |the |SECDP |feature |in |the |CDP |to |secure |the |CDP. |- |correct |answer |-

✔A) |Disable |the |CDP |unless |expressly |required.

Which |of |the |following |prevents |physical |access |to |the |network |when |plugging |in |an |unauthorized |device?

A) |MAC |address |filtering

B) |Packet |filtering |firewall

C) |Background |checks

D) |Two-factor |authentication |- |correct |answer |-✔A) |MAC |address |filtering

What |would |be |one |of |the |first |steps |for |a |security |architect |when |building |or |redesigning |a |security |architecture |to |secure |an |organization?

A) |Remove |unnecessary |egress |traffic

B) |Perform |a |perimeter |pen |test

C) |Deploy |patches |to |external |systems

D) |Identify |critical |assets |- |correct |answer |-✔D) |Identify |critical |assets

Which |of |the |following |is |a |method |of |detecting |a |BYOAP |problem |on |a |network?

A) |Multiple |VPN |connections |from |the |internal |network.

B) |Multiple |URL |requests |from |the |same |source |IP.

C) |Multiple |SSIDs |in |the |area.

D) |Multiple |user |agent |strings |from |the |same |IP |address. |- |correct |answer |-✔D) |Multiple |user |agent |strings |from |the |same |IP |address.

What |could |be |implemented |to |mitigate |the |risk |of |one |client |pivoting |to |another |on |the |same |network?

A) |Host-based |antipivot

B) |Next-gen |antivirus

C) |NAC |controls

D) |Private |VLANs |- |correct |answer |-✔D) |Private |VLANs

What |is |the |term |used |for |when |the |red |team |is |working |together |with |the |blue |team |through |simulation |of |specific |threat |scenarios?

A) |Purple |teaming

B) |Black-hat |teaming

C) |Defensive |teaming

D) |Multi-front |teaming |- |correct |answer |-✔A) |Purple |teaming

When |discussing |Prevention |(P), |Detection |(D), |and |Response |(R) |in |a |time- based |security |model, |which |of |the |following |must |be |true |to |achieve |a |possible |effective |security?

A) |P<D+R

B) |P=D+R

D) |System |Patch |Management |Services |- |correct |answer |-✔B) |Windows |Update |Delivery |Optimization

Which |project |documents |common |tactics, |techniques, |and |procedures |that |advanced |persistent |threat |groups |used |against |enterprise |networks?

A) |DEF3NSE

B) |DET3CT

C) |ATP&CK

D) |ATT&CK |- |correct |answer |-✔D) |ATT&CK

Which |type |of |analysis |is |less |common |and |is |based |around |presumption |of |compromise |that |the |network |is |already |owned?

A) |Perimeter |analysis

B) |Infection |analysis

C) |Risk |analysis

D) |Egress |analysis |- |correct |answer |-✔D) |Egress |analysis

Which |of |the |following |tools |is |used |by |attackers |to |perform |ARP |spoofing?

A) |Burp |Suite

B) |Aircrack

C) |Ettercap

D) |Snort |- |correct |answer |-✔C) |Ettercap

What |does |ARP |spoofing |require |that |makes |many |organizations |consider |it |low |probability |/ |low |risk?

A) |ARP |spoofing |is |an |antiquated |attack |and |is |no |longer |a |risk |for |organizations.

B) |ARP |spoofing |only |works |on |network |switches.

C) |ARP |spoofing |requires |local |Layer | 2 |access.

D) |ARP |spoofing |only |works |on |wireless |network. |- |correct |answer |-✔C) |ARP |spoofing |requires |local |Layer | 2 |access.

Which |of |the |following |strategies |can |eliminate |duplicate |flow |logs?

A) |Switching |to |NetFlow |V9.

B) |Using |SDN |fabrics.

C) |Purchasing |a |commercial |solution.

D) |Changing |flow |logs |to |only |be |on |internal |traffic. |- |correct |answer |-✔D) |Changing |flow |logs |to |only |be |on |internal |traffic.

Which |of |the |following |Cisco |commands |is |used |to |enable |DHCP |snooping |on |a |switch |to |mitigate |the |rogue |DHCP |server |attack?

A) |ip |mitigate |dhcp-snooping

B) |ip |enable |snooping

C) |ip |config |dhcp |snooping

D) |ip |dhcp |snooping |- |correct |answer |-✔D) |ip |dhcp |snooping

Which |of |the |following |components |are |required |to |collect |flow |data?

A) |Flow |exporter, |flow |collector, |flow |analyzer

B) |Flow |filter, |flow |controller, |flow |analyzer

C) |Flow |importer, |flow |exporter, |flow |collector

D) |Flow |viewer, |flow |director, |flow |filter |- |correct |answer |-✔A) |Flow |exporter, |flow |collector, |flow |analyzer

Which |wireless |communication |method |handles |authentication |by |using |802.1X |and |RADIUS?

A) |WPA

B) |WPA2 |Enterprise

C) |WPA2 |Personal

D) |WEP |- |correct |answer |-✔B) |WPA2 |Enterprise

Which |of |the |following |is |the |best |practice |for |remote |connections?

A) |Set |"ssh |authentication-retries" |to | 0 |in |the |configuration.

B) |Use |SSHv2 |and |disable |SSHv1.

C) |Use |the |RSA |key |size | 512 |bits |in |configuration.

D) |Use |telnet |or |SSHv2. |- |correct |answer |-✔B) |Use |SSHv2 |and |disable |SSHv1.

Which |of |the |following |are |a |benefit |and |a |drawback |of |SLAAC |IPv6 |address |assignments?

A) |Benefit: |SLAAC |requires |no |DHCP |infrastructure. |Drawback: |SLAAC |causes |privacy |concerns.

B) |Benefit: |SLAAC |fixes |privacy |concerns |of |IPv6. |Drawback: |SLAAC |requires |DHCP |infrastructure.

C) |Benefit: |SLAAC |eliminates |the |need |for |IPv6 |Global |Unicast |temporary |addresses. |Drawback: |SLAAC |causes |privacy |concerns.

D) |Benefit: |SLAAC |eliminates |the |need |for |IPv6 |Global |Unicast |temporary |addresses. |Drawback: |SLAAC |fixes |privacy |concerns |of |IPv6. |- |correct |answer |-

✔A) |Benefit: |SLAAC |requires |no |DHCP |infrastructure. |Drawback: |SLAAC |causes |privacy |concerns.

Which |considerations |should |guide |the |design |of |network |segmentation?

A) |Higher |segmentation |adds |complexity, |while |insufficient |segmentation |can |result |in |an |indefensible |network.

B) |Segmentation |should |be |implemented |between |systems |with |the |same |classification |levels.

C) |Higher |segmentation |increase |the |defender's |visibility, |making |it |easier |to |detect |adversaries.

D) |Segmentation |should |only |focus |on |prevention. |- |correct |answer |-✔A) |Higher |segmentation |adds |complexity, |while |insufficient |segmentation |can |result |in |an |indefensible |network.

What |type |of |proxy |allows |internal |systems |access |to |Internet |resources, |or |something |similar?

B) |Filter |TCP |port |4786, |and |disable |Smart |Install |if |not |needed.

C) |Execute |CIsco's |AutoSecure |command.

D) |Filter |UPD |port | 7468 |and |disable |Smart |Install |if |not |needed. |- |correct |answer

|-✔B) |Filter |TCP |port |4786, |and |disable |Smart |Install |if |not |needed.

What |is |a |security |consideration |regarding |web |proxy |filtering |of |HTTP/HTTPS |traffic?

A) |Brand |new |websites |should |be |allowed |to |increase |security |posture.

B) |Web |categories |are |sufficient |to |avoid |the |need |for |allow-lists.

C) |Web |category |filtering |is |difficult |to |bypass.

D) |Web |category |filtering |is |relatively |easy |to |bypass. |- |correct |answer |-✔D) |Web |category |filtering |is |relatively |easy |to |bypass.

Which |of |the |following |is |an |IPv6 |security |issue?

A) |IPv6 |cannot |use |tunneling |with |strong |protocols |like |IPSec.

B) |Some |firewalls |cannot |process |IPv6.

C) |Scanning |IPv6 |is |as |hard |as |scanning |IPv4.

D) |IPv6 |cannot |implement |authentication |header. |- |correct |answer |-✔B) |Some |firewalls |cannot |process |IPv6.

Which |of |the |following |is |a |capability |of |SMTP |proxies?

A) |Layer | 2 |monitoring

B) |Rate |limiting

C) |Port |verification

D) |Store |and |forward |- |correct |answer |-✔B) |Rate |limiting

What |is |an |effective |way |to |defend |against |and |detect |rogue |route |advertisement |attacks?

A) |Configure |RA |Guard |to |analyze |RAs |and |filter |out |RAs |that |are |sent |by |unauthorized |devices.

B) |Configure |all |routers |to |send |RA |messages |with |low |priority |and |detect |RA |messages |from |two |or |more |sources.

C) |Configure |all |routers |to |send |RA |messages |with |medium |priority |and |detect |RA |messages |from |two |or |more |sources.

D) |Configure |all |routers |to |send |RA |messages |with |critical |priority |and |detect |RA

|messages |from |one |or |more |sources. |- |correct |answer |-✔A) |Configure |RA |Guard |to |analyze |RAs |and |filter |out |RAs |that |are |sent |by |unauthorized |devices.

Which |of |the |following |is |a |criterion |for |implementing |security |zones?

A) |Open |services

B) |Threats

C) |Security |baseline

D) |Patches |- |correct |answer |-✔B) |Threats

Which |functionality |can |be |used |to |force |alignment |of |visible |"from" |in |emails?

D) |The |default |IPv6 |temporary |address |preferred |lifetime |for |most |operating

|systems |is | 1 |day. |- |correct |answer |-✔D) |The |default |IPv6 |temporary |address |preferred |lifetime |for |most |operating |systems |is | 1 |day.

What |functionality |uses |digital |signatures |to |send |an |email |that |guarantees |it |originates |from |the |owner |of |a |domain?

A) |DNS |filtering

B) |Bayesian |filter

C) |DomainKeys |Identified |Mail

D) |Sender |Policy |Framework |- |correct |answer |-✔C) |DomainKeys |Identified |Mail

An |organization |requires |SNMP |monitoring |of |Cisco |network |devices; |however, |it |does |not |have |SNMPv3 |capability. |Which |of |the |following |will |prevent |an |attacker |from |gaining |SNMP |access |that |enables |them |to |download |the |Cisco |IOS |configuration.

A) |Disabling |SNMP |read |access

B) |Changing |community |strings |frequently

C) |Disabling |SNMP |write |access

D) |Using |complex |community |strings |- |correct |answer |-✔C) |Disabling |SNMP |write |access

What |is |the |default |password |type |supported |in |Cisco |devices?

A) |Type | 8 |(PBKDF2)

B) |Type | 5 |(salted |MD5)

C) |Type | 9 |(SCRYPT)

D) |Type | 0 |(plaintext) |- |correct |answer |-✔D) |Type | 0 |(plaintext)

What |is |an |inherent |security |benefit |of |having |system |services |listening |only |on |unique |local |address |(ULA) |IPv6 |addresses |instead |of |global |unicast |addresses |(GUA)?

A) |ULA |addresses |are |used |to |fully |anonymize |the |source, |thus |improving |privacy.

B) |ULA |addresses |are |not |publicly |routed, |creating |a |layer |of |isolation |from |the |Internet.

C) |ULA |addresses |do |not |offer |an |inherent |security |improvement |over |GUA |addresses.

D) |ULA |addresses |are |used |to |fully |anonymize |the |destination, |this |improving

|privacy. |- |correct |answer |-✔B) |ULA |addresses |are |not |publicly |routed, |creating |a |layer |of |isolation |from |the |Internet.

Which |of |the |following |NIST |special |publications |brings |guidelines |for |the |secure |development |of |IPv6?

A) |NIST |SP |800-

B) |NIST |SP |800-

C) |NIST |SP |800-

D) |NIST |SP |800-68 |- |correct |answer |-✔A) |NIST |SP |800-

B) |An |NTP |amplification |attack.

C) |An |NTP |session |hijacking |attack.

D) |An |NTP |time |zone |attack. |- |correct |answer |-✔B) |An |NTP |amplification |attack.

What |does |the |NTP |monlist |command |do? |- |correct |answer |-✔The |NTP |monlist |command |requests |the |NTP |server |to |respond |with |a |list |of |up |to | 600 |NTP |client |systems |that |have |recently |queried |the |server.

Which |statement |is |true |regarding |the |Linux |Iptables |firewall?

A) |A |system |with |no |configured |output |chain |will |allow |all |outbound |traffic.

B) |Iptables |supports |INPUT, |OUTPUT, |and |FORWARD |tables.

C) |Iptables |supports |FILTER, |MANGLE, |and |NAT |chains.

D) |A |system |with |no |configured |output |chain |will |block |all |outbound |traffic. |-

|correct |answer |-✔A) |A |system |with |no |configured |output |chain |will |allow |all |outbound |traffic.

What |is |the |name |of |the |DNS |TXT |record |that |helps |validate |email |to |verify |whether |it |is |sent |from |an |authorized |source |based |on |authorized |IP |addresses?

A) |DomainKeys |Identified |Mail

B) |Mailer |Exchange

C) |Sender |Policy |Framework

D) |Host |Info |- |correct |answer |-✔C) |Sender |Policy |Framework

Which |of |the |following |network |device |configuration |auditing |tools |is |free, |currently |maintained, |and |available |for |use |by |any |organization?

A) |Nipper |Studio

B) |CISecurity's |CIS-CAT |Pro

C) |CISecurity's |Router |Audit |Tool

D) |Nipper-ng |- |correct |answer |-✔D) |Nipper-ng

Which |of |the |following |best |practices |is |applicable |to |all |versions |of |SNMP?

A) |Use |easy |to |remember |community |strings.

B) |Use |encryption.

C) |Disable |single |DES |encryption.

D) |Disable |SNMP |write |access |if |possible. |- |correct |answer |-✔D) |Disable |SNMP |write |access |if |possible.

Which |of |the |following |must |be |in |place |to |allow |an |unauthenticated |attacker |to |perform |admin |password |reset |on |a |Cisco |switch?

A) |Trunk |port |access |and |the |ability |to |cause |the |device |to |crash |or |restart.

B) |Console |port |access |and |the |ability |to |cause |the |device |to |crash |or |restart.

C) |Unauthenticated |attacker |has |no |ability |to |perform |admin |password |reset.

D) |Parallel |port |access |and |the |knowledge |of |the |default |password |reset |PIN. |-

|correct |answer |-✔B) |Console |port |access |and |the |ability |to |cause |the |device |to |crash |or |restart.