Boson Review
A company allows its employees to user their own devices for work. However, the devices that the employees elect to use for work must be approved. Which of the following policies has the company deployed? a. CYOD b. BYOD c. VDI d. COPE
a. CYOD
Authenticates RRs by using a chain of trust established from public keys. a. DNSSEC b. DMARC c. DKIM d. SPF
a. DNSSEC
What protocol do these correspond to? A client certificate is mandatory. WEP keys are provided dynamically. Mutual authentication is provided. a. EAP-TLS b. EAP-TTLS c. EAP-MD5
a. EAP-TLS
Which of the following transport encryption protocols is typically used to provide confidentiality for information that is transmitted over a L2TP tunnel? a. ESP b. SSL c. AH d. TLS
a. ESP Encapsulating Security Payload (ESP) is typically used to provide confidentiality for information that is transmitted over a Layer 2 Tunneling Protocol (L2TP) tunnel. L2TP tunnels transmit data in clear text. ESP is part of the Internet Protocol Security (IPSec) suite and is typically used to encrypt traffic over a tunnel. ESP in transport mode encrypts only the data that is sent over a tunnel; the headers are not encrypted. By contrast, ESP in tunnel mode encrypts the entire packet, including the headers.
A security analyst wants to legally bind a cloud-based service provider to a specific level of encryption when data from the analyst's privately owned company is transmitted between the company network and the service provider's network. Which of the following agreements should the analyst establish with the service provider? a. ISA b. NDA c. MOU d. SLA e. IAA
a. ISA An Interconnection Security Agreement (ISA) is a type of service agreement that establishes the tecnical controls that each party is required to use in order to protect the confidentiality of data that is exchanged between them
Your company hires a third party to provide cloud-based processing and storage that will house multiple virtual hosts configured in a variety of ways. a. Iaas b. Paas c. Saas d. Cloud Storage
a. Iaas
You want to determine whether traffic to TCP port 25 from a single wired Microsoft Windows host within your organization is legitimate. Which of the following tools is likely to provide the most specific information with the least amount of administrative overhead? a. Netstat b. WIreshark c. NetStumbler d. Nmap
a. Netstat
Your company is developing a public-facing app that integrates with multiple social media sites. The app obtains a limited amount of user information from the social media sites with which it integrates, but it requires the user's permission to obtain some of that data. Which of the following technologies is the app MOST likely using to integrate with social media sites? a. OAuth 2.0 b. OpenID c. RADIUS d. Shibboleth
a. OAuth 2.0 OAuth 2.0 is the technology that your company's app is most likely using to integrate with social media sites. It uses tokens to enable limited information access between websites.
Which of the following RAID levels does NOT provide fault tolerance? a. RAID 0 b. RAID 4 c. RAID 5 d. RAID 1
a. RAID 0
A protocol derived from SSLv3 that is commonly used to protect traffic between a web browser and a web server. a. TLS b. MD5 c. RC4 d. AES
a. TLS
Which of the following web-based attacks is LEAST likely to be mitigated by using input validation and sanitization? a. XSRF b. XML injection c. SSRF d. SQL injection
a. XSRF
You have configured two VLANS to keep data from two different departments separate. However, users in each department will occasionally need access to resources on the other VLAN. Which of the following devices can you use to provide end-user access to multiple VLANs? (select 2 choices) a. a multilayer switch b. a router c. a Layer 2 switch d. a repeater e. a hub
a. a multilayer switch b. a router
Which of the following data access control types are LEAST likely to rely on explicit rights and permissions? (select 2 choices) a. a role-based access control b. an access control list c. a mandatory access control d a discretionary access control e. an attribute-based access control
a. a role-based access control c. a mandatory access control
Which of the following types of agreements establishes the technical controls that each party is required to use in order to protect the confidentiality of data that is exchanged between them? a. an ISA b. an MOU c. an SLA d. an NDA
a. an ISA Interconnection Security Agreement
Which of the following BEST describes a TPM? a. an independent cryptographic processor embedded into computers b. a system used to provide services on demand from remote locations c. a system of assigning data to various categories d. a process of remotely initiating the deletion of data stored on a device
a. an independent cryptographic processor embedded into computers
Which of the following is a CVSS metric group that can be set by end-user organizations? a. environmental metric group b. base metric group c. threat metric group d. temporal metric group
a. environmental metric group
Which of the following is a Cisco EDR capability that relies on sandboxing? a. investigation b. detection c. elimination d. containment
a. investigation
Which of the following statements are true regarding an IDS? (select 2 choices) a. it cannot mitigate single-packet attacks b. it must have two or more monitoring interfaces c. it does not have an IP address assigned to its monitoring port d. none of its physical interfaces can be in promiscuous mode e. it does not have a MAC address assigned to its monitoring port
a. it cannot mitigate single-packet attacks c. it does not have an IP address assigned to its monitoring port
Which of the following BEST describes DEP? a. it prevents an application from executing without user consent b. it is software that monitors the transmission of files from a system c. it is a list of allowed applications on a workstation d. it is a combination of security devices that protect a network
a. it prevents an application from executing without user consent Data Execution Prevention (DEP) is a technology that prevents an application that is installed on a workstation from executing without user or administrator consent.
ST&E (Security Testing & Evaluation) control category: Perform a risk assessment every year. Ensure that an inventory exists for all hardware. a. management controls b. operational controls c. technical controls
a. management controls
Which of the following are features of NAC? (select 2 choices) a. redirecting HTTP requests from a host b. providing a secure tunnel for communications from a host to a server c. quarantining a host that does not comply with a security policy d. detecting a DoS attack on a host e. scanning a host for viruses
a. redirecting HTTP requests from a host c. quarantining a host that does not comply with a security policy
Which of the following commands scans packets from the first interface on a host and writes the captured packets to a human-readable file? a. tcpdump -i 1 -l > /tmp/afile b. tcpdump -i 1 -w /timp/afile c. tcpdump -r /tmp/afile d. tcpdump -F /tmp/afile
a. tcpdump -i 1 -l > /tmp/afile
Which of the following uses GARP messages to corrupt the IP address-to-MAC address bindings on a target host? a. IP spoofing b. ARP spoofing c. MAC flooding d. MAC spoofing
b. ARP spoofing
Your company is developing a public-facing app. Your supervisor wants users to be able to register and log in to the new app by using their existing account credentials from third-party services like Amazon, FaceBook, Google, and Microsoft. Which of the following technologies are LEAST likely to achieve this goal? (select 3 choices) a. Shibboleth b. CHAP c. RADIUS d. OpenID e. LDAP
b. CHAP c. RADIUS e. LDAP
Which of the following software vulnerabilities is MOST likely to cause a web browser to send a request that the browser's user does not intend to send? a. XSS b. CSRF c. buffer overflow d. SQL injection
b. CSRF Cross-Site Request Forgery
Specifies a policy for handling both authenticated and unauthenticated email. a. DNSSEC b. DMARC c. DKIM d. SPF
b. DMARC
What protocol do these correspond to? A client certificate is optional. WEP keys are provided dynamically. Mutual authentication is provided. a. EAP-TLS b. EAP-TTLS c. EAP-MD5
b. EAP-TTLS
An algorithm used to produce a one-way hash for the purpose of ensuring data integrity. a. TLS b. MD5 c. RC4 d. AES
b. MD5
Which of the following are MOST likely to be used to provide SSO services across the internet? (select 2 choices) a. LDAP b. OpenID c. CHAP d. Shibboleth e. RADIUS
b. OpenID d. Shibboleth
Which of the following is an open framework for sharing threat intelligence that is intended to be combined with human deductive reasoning? a. TAXII b. OpenIOC c. OpenC2 d. STIX
b. OpenIOC
Your company obtains a subscription to use a third party's infrastructure, programming tools, and programming languages to develop and serve cloud-based applications. a. Iaas b. Paas c. Saas d. Cloud Storage
b. PaaS
Which of the following RAID levels provides striping for a set of mirrored disks? a. RAID 3 b. RAID 10 c. RAID 4 d. RAID 0
b. RAID 10
You want to use the ssh-keygen command on a Linux host to generate an SSH key that will be used for password-less access to a Linux server. Which of the following key types will be generated if you issue the command without any parameters? a. DSA b. RSA c. ECDSA d. ED25519
b. RSA
Which of the following is a security intelligence source providing weekly updates that analysts can use to be proactive in understanding the biggest potential threats against their organizations? a. STIX b. Talos c. TAXII d. MITRE
b. Talos
Which of the following can be used to cache webpages? a. an IDS b. a proxy server c. load balancing d. port mirroring
b. a proxy server A proxy server works as an intermediary between a web browser and the internet. if a proxy server has been configured for a network, when a computer on the internal network attempts to connect to the internet, the computer first connects to the proxy server. Then the proxy server performs one of the following actions: relays the request to the internet, blocks the traffic, or returns a cached version of the requested webpage to the computer.
Which of the following describes the default action taken for traffic if split tunneling is not enabled for a VPN connection? a. all traffic is split evenly between two tunnels that are sent over the VPN connection b. all traffic is tunneled over the VPN connection c. no traffic is tunneled over the VPN connection d. fifty-percent of the traffic is tunneled, and the other fifty percent is not tunneled
b. all traffic is tunneled over the VPN connection
Which of the following access controls is an example of a technical compensating access control? a. a written company policy that defines acceptable use of the internet b. an automatic log of user internet activity that records noncompliance with a written company policy c. a guard dog that can be seen from outside an exterior door d. a password prompt on an FTP server
b. an automatic log of user internet activity that records noncompliance with a written company policy
Your company's CIO is concerned that some information in an employee database is too closely associated with employee identities. You have been asked to implement technology that will dissociate all sensitive data that can be used to identify an employee in the database. Which of the following have you been asked to perform? a. tokenization b. anonymization c. encryption d. data masking
b. anonymization
Which of the following is a job that is performed by the data custodian MAC role? a. creating the company's information security program b. backing up the company's data c. protecting all of the company's assets d. classifying the company's data
b. backing up the company's data
A network engineer has configured multiple web hosts as subdomains of the engineer's company's parent domain. Each host has been configured with the same wildcard certificate. Which of the following attack is this configuration LEAST likely to facilitate? a. phishing b. brute-force cracking c. impersonation d. eavesdropping
b. brute-force cracking
You are investigating the leaking of your company's confidential information to a competitor. You suspect that a user's company smart phone might contain images, text messages, and confidential emails that have been sent to another individual outside your company. Which of the following should you MOST likely do next? a. ask the user to surrender the smart phone b. confiscate the smart phone c. obtain a warrant to search the smartphone d. obtain a subpoena to get access to the smart phone
b. confiscate the smart phone
Which of the following Hashcat core attack modes is commonly referred to as "straight" mode? a. brute-force attack b. dictionary attack c. hybrid attack d. combinator attack
b. dictionary attack
ST&E (Security Testing & Evaluation) control category: Ensure that all users have signed an acceptable use policy. Implement a computer security training program. a. management controls b. operational controls c. technical controls
b. operational controls
Which of the following security incident responses involves creating an incident response strategy? a. containment, eradication, and recovery b. prevention c. post-incident activity d. detection and analysis
b. prevention
Which of the following statements BEST describes PCI DSS Requirement 11? a. develop and maintain secure systems and applications b. regularly test security systems and processes c. encrypt transmission of cardholder data across open, public networks d. protect stored cardholder data e. use and regularly update antivirus software of programs
b. regularly test security systems and processes
Which of the following statements BEST describes PCI DSS Requirement 11? a. develop and maintain secure systems and applications b. regularly test security systems and processes c. encrypt transmission of cardholder data across open, public networks d. protect stored cardholder data e. use and regularly update antivirus software or programs
b. regularly test security systems and processes
Which of the following statements is true regarding a table-top exercise? a. employees are relocated to the disaster recovery plan's recovery location b. the disaster recovery team gathers to role-play the disaster recovery plan in person and is given a disaster scenario known only to the gathering's moderator c. disaster recovery plan documents are reviewed to ensure familiarity with the plan, to identify obsolete or erroneous material, and to identify any disaster recovery plan roles that are missing personnel assignments d. a full shutdown of operations occurs at the primary location
b. the disaster recovery team gathers to role-play the disaster recovery plan in person and is given a disaster scenario known only to the gathering's moderator
Which of the following is primarily true of SEM systems? a. they focus on policy and standards compliance b. they perform real-time analysis and detection c. they consolidate logs to a central server d. they analyze log data and report findings
b. they perform real-time analysis and detection
In which phase of the software secure development life cycle might fuzz testing be performed? a. design b. verification c. implementation d. requirements
b. verification Fuzz testing is performed during the verification phase of the secure software development life cycle. Fuzz testing involves entering random malformed data as input so that developers can discover how an application will respond to garbage data.
Digitally signs the message body and parts of the SMTP header to mitigate forged sender addresses. a. DNSSEC b. DMARC c. DKIM d. SPF
c. DKIM
What protocol do these correspond to? Only client authentication is provided. Client certificates are unsupported. WEP keys are static. a. EAP-TLS b. EAP-TTLS c. EAP-MD5
c. EAP-MD5
A VPN tunnel must be created between two sites. You decide to use IPSec with AH and ESP. Which of the following encrypts only the data that is sent over the tunnel? a. AH in tunnel mode b. AH in transport mode c. ESP in transport mode d. ESP in tunnel mode
c. ESP in transport mode
Which of the following security standards recommends security controls based on industry best practices and aims to help organizations develop their own information security management guidelines? a. ISO 27701 b. ISO 9001 c. ISO 27002 d. ISO 27001
c. ISO 27002
Which of the following techniques could be used to bypass a wireless network address filter that is operating at Layer 2? a. IP address spoofing b. DNS spoofing c. MAC spoofing d. ARP spoofing
c. MAC spoofing
Which of the following is MOST likely to be combined with 802.1X to provide federated wireless access for a building? a. Shibboleth b. OAuth c. RADIUS d. OpenID
c. RADIUS RADIUS is an Authentication, Authorization, and Accounting (AAA) technology that can be configured to operate within small groups known as federated networks. In a federated network, different systems maintain autonomy but share some amount of trust between them so that users of each member system can access resources on other member systems.
A stream cipher that has been widely used to secure wireless, web, and VPN traffic. a. TLS b. MD5 c. RC4 d. AES
c. RC4
Your company licenses a third party's office suite, including email service, that is delivered to the end user through a web browser. a. Iaas b. Paas c. Saas d. Cloud Storage
c. SaaS
Which of the following attacks is characterized by the CAM table space being used up, thereby forcing a switch to transmit traffic out all ports? a. an ARP spoofing attack b. a SYN flood attack c. a MAC flood attack d. a switch spoofing attack e. a Smurf attack
c. a MAC flood attack
Which of the following authentication method combinations is considered to be the MOST secure within the context of MFA for gaining access to a secure environment? a. a password, a PIN, and a hard token b. a key card, a retinal scan, and an SMS code c. a key card, a fingerprint, and a PIN d. an SMS code, a fingerprint, and a retinal scan
c. a key card, a fingerprint, and a PIN
Which of the following types of service agreements is MOST likely to formally establish QoS between two parties? a. an NDA b. an ISA c. an SLA d. an MOU
c. an SLA
Your company's CSO informs you that several user names and passwords have been stolen as a result of an undetected Evil Twin attack. Which of the following BEST describes this attack? a. it is a form of DDoS attack b. it is a form of phishing c. it is a form of eavesdropping d. it is a form of spoofing e. it is a form of replay attack
c. it is a form of eavesdropping Evil Twin attacks, which are accomplished by using rogue WAP's, can be used to eavesdrop on wireless clients.
Which of the following statements is true regarding an SED? a. it is unlikely to be an SSD b. It contains a TPM c. it is preconfigured to encrypt data at rest d. it uses software-based encryption
c. it is preconfigured to encrypt data at rest Self-Encrypting Drive
Which of the following statements is true regarding OWASP? a. it is exclusively a North American nonprofit organization b. it endorses products from HP and Symantec c. it releases security materials under FLOSS licenses d. it requires membership to download security tools such as ZAP
c. it releases security materials under FLOSS licenses The Open Web Application Security Project (OWASP) releases security materials under Free/Libre and Open Source Software (FLOSS) licenses. OWASP is a multinational, not-for-profit organization that provides frameworks, documentation, tools, and community forums with a focus on web application security.
Which of the following statements is NOT true when the ssh-copy-id command has been issued on a Linux server? a. it creates an .ssh directory for the user if one does not already exist b. it detects whether the key already exists on the server c. it uses the FTP protocol to upload the key to the server d. it edits the authorized_keys file on the server e. it ensures that key files have the appropriate permissions
c. it uses the FTP protocol to upload the key to the server
Which of the following is NOT an intellectual property attack? a. piracy b. counterfeiting c. ransomware d. cybersquatting e. typosquatting
c. ransomware Ransomware is a social engineering attack
ST&E (Security Testing & Evaluation) control category: Display a warning message during the logon process. Configure all systems to require a password change every 90 days. a. management controls b. operational controls c. technical controls
c. technical controls
A block cipher that was selected by the NIST to replace DES. a. TLS b. MD5 c. RC4 d. AES
d. AES
Your company moves all company-wide policy documents to an internet-based file system hosted by a third party. a. Iaas b. Paas c. Saas d. Cloud Storage
d. Cloud Storage
Which of the following privacy policies was created by the U.S. Department of Commerce and European Commission to enable companies in the United States to process the personal information of individuals in EU member nations? a. PCI DSS b. U.S. Privacy Act c. EU GDPR d. EU-U.S. Privacy Shield Framework
d. EU-U.S. Privacy Shield Framework
Which of the following indicates the amount of data loss or system unavailability, measured in units of time, that a business can endure? a. MTBF b. RTO c. MTTR d. RPO
d. RPO Recovery Point Objective
Which of the following indicates the maximum amount of time that a business can survive without a particular service? a. RPO b. MTBF c. MTTR d. RTO
d. RTO Recovery Time Objective
Which of the following web-based languages is the MOST likely to be used to exchange security information in a web-based SSO system? a. XML b. HTML c. Java d. SAML
d. SAML Security Assertion Markup Language (SAML)
Authenticates messages by validating the sending system against the domain in the message header. a. DNSSEC b. DMARC c. DKIM d. SPF
d. SPF
Which of the following transport encryption protocols was discovered to be vulnerable to the POODLE attack in 2014? a. TLS b. ESP c. AH d. SSL
d. SSL
Which of the following statements are true regarding the differences between TACACS+ and RADIUS? (select 2 choices) a. TACACS+ uses UDP, whereas RADIUS uses TCP b. TACACS+ combines authorization and authentication functions, whereas RADIUS separates authentication, authorization, and accounting features c. TACACS+ is an IETF standard protocol, whereas RADIUS was developed by CISCO d. TACACS+ encrypts the entire body of a packet, whereas RADIUS encrypts only the password e. TACACS+ provides router command authorization capabilities, whereas RADIUS does not provide router command authorization capabilities
d. TACACS+ encrypts the entire body of a packet, whereas RADIUS encrypts only the password e. TACACS+ provides router command authorization capabilities, whereas RADIUS does not provide router command authorization capabilities.
Which of the following wireless authentication methods NEVER uses PSK? a. WEP b. WPA2 Personal c. WPA d. WPS
d. WPS Wi-Fi Protected Setup (WPS) never uses a preshared key (PSK). WPS enables a user to connect to a wireless network by using an eight-digit personal identification number. However, the PIN can be cracked by brute-force within hours.
Several users have contacted the help desk to report that their systems have started behaving irregularly. The help desk staff has determined that many of these users claim to have received USB flash drives containing music from an up-and-coming local artist while walking in from the corporate parking area. Further analysis has shown that these flash drives appear to have contained a worm that has propagated throughout the local subnet. Which of the following devices is most likely to have detected the presence of malware on the USB flash drives? a. a NIPS b. a NIDS c. a firewall d. a HIDS
d. a HIDS A HIDS is an application that is installed on a host device and analyzes changes made to the device.
Which of the following is a client-based technology that uses a sandbox as a security control? a. an ActiveX control b. a SAML document c. an XML document d. a Java applet
d. a Java applet
Which of the following types of computing platforms is MOST likely to rely on centralized security? a. middleware b. an embedded system c. a distributed system d. a mainframe
d. a mainframe
Which of the following types of failure cannot be mitigated by implementing SFT (Switch Fault Tolerance) on a server? a. an access layer switch failure b. a physical media failure c. a server NIC failure d. a server power failure
d. a server power failure
Which of the following BEST describes shadow IT? a. a threat actor who attacks an organization to promote a political agenda b. a threat actor who attacks an organization of which the actor is an employee or member c. a threat actor who is typically low-skilled or has no skills and is motivated by either personal gain or the desire to prove themselves to communities of actors with more skills d. a threat actor who may inadvertently expose a host or network to vulnerability by installing unauthorized applications or systems
d. a threat actor who may inadvertently expose a host or network to vulnerabilities by installing unauthorized applications or systems
Put these password in the order of least complex to most complex: a. aB3......z b. L7$21#a! c. A010100a d. aBdCfEYz
d. aBdCfEYz c. A010100a b. L7$21#a! a. aB3......z
Which of the following BEST describes an SSL striping attack? a. it downgrades an HTTP connection to an HTTPS connection b. it downgrades an SSL connection to a TLS connection c. it downgrades a TLS connection to an SSL connection d. it downgrades an HTTPS connection to an HTTP connection
d. it downgrades an HTTPS connection to an HTTP connection
Which of the following BEST describes a parameter-tampering attack? a. inserting a malicious SQL query into a form field b. tricking a user into visiting a malicious site c. overwhelming a site with traffic d. modifying a value in a query string
d. modifying a value in a query string
Which of the following is the process of evaluating assets to ascertain the amount of vulnerability they represent to a company? a. network hardening b. vulnerability scanning c. penetration testing d. risk assessment
d. risk assessment
Your company's SOC analysts encounter a security alert that has never before been detected by your company's sensors or security personnel. Which of the following actions will the SOC analysts MOST likely perform? a. the analysts will update the playbook as the incident unfolds and throughout incident response b. if the playbook contains no appropriate response, the analysts will label the alert as false positive c. the analysts will ignore the playbook completely and update it after the incident is resolved d. the analysts will use the playbook to eliminate distractions and execute incident response
d. the analysts will use the playbook to eliminate distractions and execute incident response
Your supervisor asks you to purchase cloud-based application development tools from a PaaS provider. Which of the following BEST describes what you should purchase? a. virtual hardware to run development tools on an as-needed basis b. virtual storage from a provider on which to store source code c. virtual software from the provider without application development tools d. virtual development tools and storage but without the underlying infrastructure management
d. virtual development tools and storage but without the underlying infrastructure management
In which of the following situations is it MOST appropriate to configure IPSec over TCP for a VPN connection? a. when secure unit authentication has been enabled b. when a clientless VPN portal has been configured c. when split tunneling has been enabled d. when VPN traffic must traverse a firewall
d. when VPN traffic must traverse a firewall
You boot a computer from an Ubuntu Live CD and then issue the following commands from a Terminal session: sudo mkdir /media/sda1 sudo mount /dev/sda1 /media/sda1 sudo chroot /media/sda1 passwd D4n3wp4$$ ubuntu Which of the following actions have you performed? a. you have reset a Microsoft Windows user's password b. you have reset the Ubuntu Live password c. you have checked a file system for errors d. you have reset a Linux user's password on the host system
d. you have reset a Linux user's password on the host system
Which of the following can a network security manager rely on to function as a trusted third party when PKI is used to secure communication between a client and an online banking website? a. a CSR b. an ARL c. an OCSP d. an RA e. a CA
e. a CA (certificate authority)