all questions
You are concerned with servers running outdated applications. Which command would work BEST to help identify potential vulnerabilities?
A.nmap comptia.org -p 80 -sV
A network engineer needs to restrict access to certain network segments by using layer 2 (data-link layer) security mechanisms. Of the options below, what would best meet this need? (Pick two)
ACL ( Access Control List) VLAN
A user is having problem accessing network shares. An admin investigates and finds the following on the user's computer: What attack has been performed on this computer?
ARP poisoning (Two different devices shouldn't have the same MAC addresses. Since these are dynamically learned ARP entries, it is reasonable to believe this was an ARP poisoning. Device .1 is probably the default gateway and then device .11 is the MitM.)
A web server that require both encrypted and unencrypted web traffic is utilizing default ports. Which of the follow changes should be made to the firewall below?
Allow 53 from the internet (Careful! While 25 is unencrypted and unnecessary for web traffic in general, it is already blocked)
From the options below, what type of threat actor would be described as highly skilled and well coordinated?
An advanced persistent threat
Your wireless network has had network connectivity issues, but only in the section of your building closest to your parking lot. Users are reporting being unable to connect to certain network resources and slower speeds while accessing the internet as a whole. Occasionally, users have be reporting web pages that require credentials in order to access them. What is likely the case?
An external access point is engaging in an evil-twin attack
An investigation has revealed that the worm gained access to the company SQL server using well-known credentials. It then spread throughout the network and managed to infect over a dozen systems before it was contained. What is the best preventative measure the company could take to prevent this from happening again?
Change the default application password
The following passwords were attempted to be used against the account "root": -mark, marked, marker, marsh, marshmallow, ... Which type of password attack is this?
Dictionary
Which of the following BEST describes the type of password attack the attacker is performing?
Dictionary
A technician has been asked to resolve several latency and connection issues throughout the company's new wireless infrastructure. Of the resources below, what would best help the technician prioritize their response?
Heat map
Which one of the tools below could be used to find out if the corporate server is running unnecessary services?
Nmap (network mapper)
Of the options below, which one would typically utilize steganography?
Obfuscation
A professor recently left their position at university A to take a job at a rivaling college, university B. A few months after the professor officially departed, a security analyst at university A noticed that the former professor had logged into a department server and deleted several important file shares. Of the security practices listed below, what should have been performed to prevent the important files from being deleted?
Offboarding
Which of the following pen-test teams would mimic the tactics used by hackers?
Red team
What could be used to allow for secure authentication to cloud services and third-party websites without the need to send a password?
SAML (SAML is an XML-based format used to exchange authentication information and thereby achieve identity federations (SSO). It doesn't actually send your password from one system to another in the process. Instead it tokenizes credentials across multiple parties.)
Everyone on the helpdesk team shares the same credentials for troubleshooting systems. Whenever the password is changed, the new one is emailed to everyone on the team. A security manager is looking for a solution that would mitigate the risk. Of the options below, which is the best option they should suggest?
SSO authentication
Due to a weakness in the company's currently implemented hashing algorithm a technician added a randomly generated value to the password before storing it. What is best description of this action?
Salting
An organization is worried that the SCADA network that controls the environmental systems could be compromised if the staff's WiFi network was breached. What would be the best option to mitigate this threat?
Segment the staff WiFi network from the environmental systems network (We should isolate/separate/segment those networks!)
A company needs to detect single points of failure in their security systems. Which of the following policies or concepts would assist them in this endeavor?
Separation of duties
An employee installed a new service on the domain controller without consent or approval from the IT department and change management. What specifically describes this type of threat?
Shadow IT
Due to a supply shortage over the summer not all of the company campus was upgraded with the new and faster wireless access points. While the company is waiting for more to come in, a security analyst has grown concerned that employees might bring in their own access points without permission. What type of threat is the security analyst concerned about?
Shadow IT
The data center is currently protected by two factor authentication that includes a fingerprint scanner and a pin number. What item could be added to this preexisting system to allow for three factor authentication?
Smart card
An employee received a text message (SMS) on their phone that asked for them to confirm their social security number and date of birth. Of the options below, what best describes what this employee has experienced?
Smishing
The organization's bank only calls on a predetermined landline. What best describes the MFA (multifactor authentication) attribute that the bank is attempting to utilize?
Somewhere you are
An admin logs into the domain controller and finds the following information:
Spraying
After a ransomware attack, you need to review a cryptocurrency transaction made by the victim. Which of the following you MOST likely review to trace this transaction?
The public ledger
How could you tell from the results of a vulnerability scan if the scanner had been provided valid credentials relevant to the target it was scanning?
The scan enumerated software versions of installed programs
During an incident, a malicious inside actor accessed the logs and deleted most records of the incident. However, you were able to confidently inform investigators that some other log files are available for analysis. Which of the following did you most likely utilize to assist investigators?
The syslog server
How would you describe a pentest where the attacker has no knowledge of the internal architecture of the systems being tested?
Unknown environment -Black box
Of the options below, what would best increase the security of important Linux servers?
Use SSH keys and remove generic passwords
Which of the following tools should be utilized to review a 1GB pcap (Packet Capture)?
Wireshark
As part of an investigation a forensics expert has been given a massive packet capture for analysis, full of HTTP requests. They need to view the first few requests and then search for a specific string that indicates the compromise. Which of the options below would allow them to perform this action quickly and efficiently? (Pick two)
head grep
What attack best describes the logs below:
password spraying
Which ISO standard is specifically designed for certifying privacy?
27701
An admin is deploying access points that will use PKI for authentication. What needs to be configured for this to work?
802.1x (Using PKI to authenticate into the access point will require an AAA system (a RADIUS or TACACS server must be on the network and configured properly). This process is described in the standard 802.1x, and is also referred to as "enterprise authentication".)
While deploying TLS certificates on your air-gapped private network you determine that you need the ability to check revoked certificates quickly. Which of the following would best fit these requirements?
CRL
Travis, an penetration tester, heard about a new vulnerability that affects many modern platforms. Which of the following would be BEST to consult in order to determine exactly which platforms have been affected?
CVE (Common Vulnerability Enumerations)
Which of the following would best describe the severity of a company's vulnerabilities?
CVSS
After reading the user manual for a specific brand of security camera, a hacker was able to log in and disable the cameras on the company's campus. What describes the configuration that the hacker took advantage of?
Default settings
A technician needs to create a detailed diagram that shows where all of the company access points are located in the office. What would be the best method for creating this diagram?
Foot printing (A site survey would be a great answer. Unfortunately, footprinting is the best that we have available to us.)
An international company is expanding it services and is creating several new servers to store customer data. Of the options listed below, which would likely contain an outline of roles/responsibilities for data controllers/processors that the company should follow?
GDPR
Before writing a new company policy about managing customer privacy internationally, which of the following should a CISO read and understand?
GDPR General Data Protection Regulation - A prolific EU law regarding privacy protections in and out of the EU
After entering a password a user is asked to enter an authentication code. What type of MFA factors are being used in this scenario? (pick two)
-Something you know -Something you have
An admin wanted to better understand their company's security posture from a outsider's perspective. Examine the information they gathered below. What is true based off of the admin's findings? (pick two)
-They used Whois to produce this output -The organization has too much information available in public registration.
A server certificate needs to be generated to be used for 802.1X. Which of the following is the FIRST step that will most likely accomplish this task?
Generate a CSR
The CEO would like employees to be able to work from home in the event of a disaster. However, they are concerned that staff might attempt to work from high risk countries or outsource their work if given the ability to work remotely. What controls could best mitigate the CEO's concerns? (pick two)
Geolocation Time-of-day restrictions
A security manager needs a solution for better management of privileged service accounts. The solution needs the ability to use but not know the password, automatic password changes, and the check-in and checkout of credentials. Which of the solutions below would best provide this functionality?
A PAM (privileged Account Management) system
A company's Chief Information Officer (CIO) is meeting with the Chief Information Security Officer (CISO) to plan some activities to enhance the skill levels of the company's developers. Which of the following would be MOST suitable for training the developers?
A capture-the-flag competition
An admin sees several employees all simultaneously downloading files with the .tar.gz extension. The employees say they did not initiate any of the downloads. A closer examination of the files reveals they are PE32 files. Another admin discovers all of the employees clicked on an external email containing an infected MHT file with an href link at least two weeks prior. Which of the following is MOST likely occurring?
A logic bomb was executed and is responsible for the data transfers.
After many passwords where leaked to the dark web, an admin has decided everyone must change their password at next login. What should the admin consider to minimize the likelihood that accounts are not compromised again after the reset is issued?
A password reuse policy
Sarah, the CEO of a large bank, decided it would be a good idea to post a controversial opinion to a large public social media profile. Which of the following threat actors would best match somebody who would target Sarah because of this action?
Hacktivists
The company wants to deploy MFA on desktops in the main office. They have specified that the MFA solution must be non-disruptive and as user friendly as possible. Which of the options below would be best considering these conditions?
Hardware authentication
A new E-commerce company is interested in being PCI DSS complaint. Of the options below, what is required in order to be compliant with this standard? (Pick two)
Assigning a unique ID to everyone who has computer access Testing security systems and processes regularly
Which of the following would MOST likely support the integrity of a banking application?
Blockchain
A webserver was recently overwhelmed by a sudden flood of SYN packets from multiple sources. Of the options below, which best describes this attack?
Botnet (To overwhelm a server with SYN packets we will need to utilize the combined bandwidth of a botnet. A botnet is a collection of compromised computers that act together in unison to perform a DDoS (Distributed Denial of Service). The individual computers are often called bots or zombies)
A smart switch has the ability to monitor electrical levels and shut off power to a building in the event of a power surge or other similar situations. The switch was installed on a wired network in a local office and is monitored via a cloud application. The switch is already isolated on a separate VLAN and set up a patching routine. Which of the following steps should also be taken to harden the smart switch?
Change the default password for the switch (Air gapping the device could cut it off from the cloud application, the question doesn't mention wireless so a faraday cage won't help, and a cable lock will only help prevent against physical theft which doesn't appear to be our main concern. That leaves us with (B).)
A penetration tester revealed that an end-of-life server is using 3DES to encrypt its traffic. Unfortunately, the server which is mission critical cannot be upgraded to AES, replaced, or removed. What type of control could help reduce the risk created by this server considering the company must continue to use it?
Compensation
You are configuring a vulnerability scanner for a multinational organization. You are required by contract to scan systems on a weekly basis with admin privileges, but are concerned that hackers could gain access to the account and pivot throughout the company's networks. Which of the following BEST addresses this concern?
Create different accounts for each region, limit their logon times, and alert on risky logins.
After the CEO's email account was compromised, an investigation found the following: The password the CEO used on the email account was also used on several websites, including Example.org. Example.org was recently compromised by an APT. Considering the findings, which of the following attacks was most likely used to compromise the CEO's email account?
Credential stuffing
Last month a company moved all of their corporate data to a private cloud and secured it with strong encryption and authentication mechanisms. Earlier this week, a sales manager had their laptop stolen. Today, enterprise data was stolen from a local database. Of the options below, what is the most likely cause of this data breach?
Credential stuffing
Which of the vulnerability scans below would produce the best and most accurate results?
Credentialed
An unmonitored security camera would be what type of control?
Deterrent
What type of control would a sign, like the one above, be considered?
Deterrent
Of the access control schemes below, which one allows an owner to determine an object's access policies?
Discretionary
After returning from an overseas trip with a company laptop, an employee is unable to establish a VPN on the laptop in the home office. What is the most likely explanation for why they are unable to establish a VPN connection?
Due to foreign travel, the user's laptop was isolated from the network.
After connecting the laptop to the company's SSID, an employee was prompted to enter their username and password into a popup web browser. This had never happened before, but they entered their credentials anyways. Later that day they noticed they where unable to access any of the company servers and unusual transactions where appearing on their credit card. What attack is most likely being described in this scenario?
Evil twin
Employees have reported performance issues with the Wi-Fi network. A pcap provides the following information: What attack is most likely taking place considering pcap above?
Evil twin
HD cameras located throughout the airport are going to be used to track passengers without requiring them to enroll in a biometric system. Of the biometric options below, what would be suitable for this advanced security tracking system? (pick two)
Facial Gait
Technicians have complained that they have had difficulties accessing the data center ever since the biometric scanner was installed. An admin investigates the scanner's logs and finds a high number of errors that correlate with the complaints. What best indicates the cause of the complaints?
False rejection
An attacker used a keylogger to remotely monitor a user's input, thereby harvesting important credentials. What would best mitigate or prevent this threat in the future?
Implement 2FA using push notifications
Sarah, a security tech wants to implement a layer 2 solution that can leverage Active Directory for authentication, use switches as a local fallback, and do so on equipment from multiple vendors. Given those requirements, which of the following actions should be taken?
Implement RADIUS Configure AA on the switch with local login as secondary
A data breach was discovered after a company's usernames and password were posted to a hacker website. Afterwards, an analyst discovered the company stored credentials in plain text. Which of the following would help mitigate this type of breach in the future?
Implement salting and hashing
Of the intelligence sources below, which should a security manager review that would allow them to remain proactive in understanding the types of threats that face their company?
Industry information-sharing and collaboration groups
A manager has decided that outsiders and corporate partners visiting the company campus need to sign a digital AUP before they will be allowed to access the isolated and complementary guest WiFi. What would a technician utilize to facilitate the manager's decision?
Install a captive portal
With biometric devices, for the purpose of maximum security, which is best?
Low FAR (false acceptance rate)
After logging into a switch, Bobby, an admin retrieves the following information:
MAC flooding
While preparing a demonstration for employees of your company, you need to identify a method for determining tactics, techniques, and procedures of threats against your network. Which of the following would you most likely use?
MITRE ATT&CK
An employee typical uses SSH to connect and configure a remote server. Today they got this message:
Man-in-the-middle
Which of the access control mechanisms listed below uses classification labels?
Mandatory
A new solution is needed to better mitigate future threats to the business. This solution should be able to block malicious payloads and stop network-based attacks. Considering that it must also be placed in-line, which of the options below best describes this new solution?
NIPS Since we need to prevent network attacks, we need a network device that is preventative. A Network Intrusion Prevention System (D) is thereby the way to go.)
Which of the following native tools would allow a technician to view services running on system as well the associated listening ports?
Netstat
Symmetric cryptography can efficiently
Protect large amounts of data
Before accepting credit cards on a new shopping website, what standard must a company follow?
PCI DSS = Payment Card Industry Data Security Standard
Which of the following security architecture components are integral parts of implementing WPA2-Enterprise utilizing EAP-TLS? (Pick Two)
PKI RADIUS
Employee tablets and phones have been losing WiFi connectivity in specific places within the sale offices. What should a network technician use to determine the source of the problem? (pick two)
Perform a site survey Create a heat map
Emily has received a suspicious email that claims she won a multi-million dollar sweepstake. The email instructs her to reply with her full name, birthdate, and home address so her identity can be validated before she is given the prize. What best describes this type of social engineering attack?
Phishing
Of the control type listed below, what would a mantrap (access control vestibule) or turnstile be considered?
Physical
After a security assessment is concluded, what benefit does the CVSS score provide to a company on the list of discovered vulnerabilities?
Prioritize remediation of vulnerabilities based on the possible impact.
Which of the following data sources would best provide real-time data on the latest malware threats?
Threat feeds
A security expert is looking through logs for a specific IoC (Indicator of Compromise) that they read about online. What are they doing?
Threat hunting
While browsing the internet you realize that you are on "www.patpal.com" instead of "www.paypal.com". These two websites look otherwise identical. Which of the following attacks are you encountering?
Typo squatting
A company has maintained highly detailed records of all of their authorized network devices and is planning to use Wi-Fi for all laptops that need network access. What could replace a PSK on an access point and stop a script kiddie from being able to brute force the password?
WPA-EAP (Also known as enterprise mode, or 802.1x, this would require each user to have a unique username and password. With this replacing the PSK mechanism, the script kiddie would have to know the username in addition to brute forcing the password, and that would be outside the scope of their ability.)
Which of the following should be disabled in order to improve security?
WPS
Sales employees regularly utilize the same fantasy football website as other sales associates working for other companies. Which of the following attacks is the highest concern in this scenario?
Watering-hole attack
An organization suffered a data breach as the result the SMB being accessible from the internet and use of NTLMv1. What best describes the cause of this breach?
Weak data encryption
A penetration tester has found a domain controller using 3DES to encrypt authentication messages. What problem has the penetration tester identified?
Weak encryption
The company's Chief Financial Officer received an email from a branch office manager who claims to have lost their company credit cards. They are requesting $12,000 be sent to a private bank account to cover various business expenses. What type of social engineer attack does this best illustrate?
Whaling
Which of the following tests are provided with thorough insider documentation?
White-box
A company would like to get one SSL certificate that can cover both of their application servers, [email protected] and www.example.com. Furthermore, this certificate should be able to cover any future application servers that the company may add of a similar naming convention, such as smtp.example.com. What type of SSL certificate would best fit their needs?
Wildcard
A public announcement is made about a newly discovered, rapidly spreading virus. The security team immediately updates and applies all its antivirus signatures. The security manager contacts the antivirus vendor support team to ask why one of the systems was infected. The vendor support team explains that the signature update is not available for this virus yet. Which of the following best describes the situation?
Zero day
