The help desk is receiving numerous password change alerts from users in the accounting department. These alerts occur multiple times on the same day for each of the affected users’ accounts. Which of the following controls should be implemented to curtail this activity?
A. Password Reuse B. Password complexity C. Password History D. Password Minimum age
Many employees are receiving email messages similar to the one shown below:
From IT department
Subject email quota exceeded
Please click on the following link http:www.website.info/email.php?quota=1Gb and provide your username and password to increase your email quota. Upon reviewing other similar
emails, the security administrator realized that all the phishing URLs have the following common elements; they all use HTTP, they all come from .info domains, and they all contain
the same URI.
Which of the following should the security administrator configure on the corporate content filter to prevent users from accessing the phishing URL, while at the same time minimizing false positives?
A. BLOCK http://www.*.info/” B. DROP http://”website.info/email.php?* C. Redirect http://www,*. Info/email.php?quota=*TOhttp://company.com/corporate_polict.html D. DENY http://*.info/email.php?quota=1Gb
A technician needs to implement a system which will properly authenticate users by their username and password only when the users are logging in from a computer in the office building. Any attempt to authenticate from a location other than the office building should be rejected. Which of the following MUST the technician implement?
A. Dual factor authentication B. Transitive authentication C. Single factor authentication D. Biometric authentication
A corporate wireless guest network uses an open SSID with a captive portal to authenticate guest users. Guests can obtain their portal password at the service desk. A security consultant alerts the administrator that the captive portal is easily bypassed, as long as one other wireless guest user is on the network. Which of the following attacks did the security consultant use?
A. ARP poisoning B. DNS cache poisoning C. MAC spoofing D. Rouge DHCP server
Client computers login at specified times to check and update antivirus definitions using a dedicated account configured by the administrator. One day the clients are unable to login with the account, but the server still responds to ping requests. The administrator has not made any changed. Which of the following most likely happened?
A. Group policy is blocking the connection attempts B. The administrator account has been disabled C. The switch port for the server has died D. The password on the account has expired
A project team is developing requirements of the new version of a web application used by internal and external users. The application already features username and password requirements for login, but the organization is required to implement multifactor authentication to meet regulatory requirements. Which of the following would be added requirements will satisfy the regulatory requirement? (Select THREE.)
A. Digital certificate B. Personalized URL C. Identity verification questions D. Keystroke dynamics E. Tokenized mobile device F. Time-of-day restrictions G. Increased password complexity H. Rule-based access control
In order to gain an understanding of the latest attack tools being used in the wild, an administrator puts a Unix server on the network with the root users password to set root. Which of the following best describes this technique?
A. Pharming B. Honeypot C. Gray box testing D. phishing
A security administrator wishes to prevent certain company devices from using specific access points, while still allowing them on others. All of the access points use the same SSID and wireless password. Which of the following would be MOST appropriate in this scenario?
A. Require clients to use 802.1x with EAPOL in order to restrict access B. Implement a MAC filter on the desired access points C. Upgrade the access points to WPA2 encryption D. Use low range antennas on the access points that ne4ed to be restricted