CompTIA Security+ Percipio Study Cards
Annualized Loss Expectancy (ALE) is the product of which of the following two factors? A) Annualized Rate of Occurrence and Single Loss Expectancy B) Single Loss Expectancy and Asset Value C) Single Loss Expectancy and Exposure Factor D) Exposure Factor and Annualized Rate of Occurrence
A) Annualized Rate of Occurrence and Single Loss Expectancy
In which of the following situations, creating a manual snapshot of an operating system is recommended? A) Before updates or major system changes B) During security configuration C) After an update or a major system change D) Periodically at various times
A) Before updates or major system changes This allows you to back up in case of failures
A user enables the Bluetooth in a mobile and receives an unsolicited message from an unknown source. What type of wireless attack has happened in this scenario? A) Bluejacking B) Bluebugging C) Bluesnarfing D) Bluetoothing
A) Bluejacking Not to be confused with Bluetoothing, which is similar but with a different purpose (usually to flirt).
Which of the following attack is possible on cellular devices? A) Bluesnarfing B) Snapping C) Bluejacking D) Hijacking
A) Bluesnarfing Of the listed options, Bluesnarfing is the only attack that is possible on cellular devices, and it is possible through a Bluetooth connection.
To produce a different cipher text for the same message every time, a developer decides to use an initialization vector (IV) with the encryption function. How can the developer create the IV? A) By using a pseudo-random number generator B) By using the Advanced Encryption Standard algorithm C) By using the Digital Signature Algorithm D) By using the Data Encryption Standard algorithm
A) By using a pseudo-random number generator Although not perfect (nothing is ever TRULY random, but we can get as close as possible), the pseudo-RNG is the best option to help create an IV
Consider a scenario where there are three parties, say A, B, and C, in a two-key communication system. B sends a message to A that is encrypted with A's public key, whose size is 128 bits. C is in possession of A's public key and tries to decrypt B's message that was sent to A. However, C fails to decrypt the message. Which of the following is a valid reason for the failed decryption? A) C should use A's private key to decrypt the message B) C should use B's public key to decrypt the message C) C should use C's private key to decrypt the message D) The public key of A that C possesses may be corrupt
A) C should use A's private key to decrypt the message In a two-key (asymmetric algorithm) communication, the sender uses the receiver's public key to encrypt the message, which then must be decrypted using the receiver's private key. Any attempt to use an invalid key will fail.
You use a backup tool to perform a weekly backup on Friday evening. You also take an incremental backup daily. You want to ensure that you can restore the backup with minimum efforts, but the backup must be the latest one. What should you do? A) Change the incremental backup to differential backup B) Continue with the same backup method C) Only take the full backups D) Do only one incremental backup on Thursday
A) Change the incremental backup to differential backup You need to continue taking the full back up on Friday but change the incremental backup to differential backup. Differential backups take longer than incremental backups but less than the full backup.
Which of the following factors are considered to determine the components for which redundancy should be provided? [Choose three that apply.] A) Cost B) Size and weight C) Likelihood of failure D) Criticality E) Scalability
A) Cost C) Likelihood of failure D) Criticality Providing redundancy for every component is not an option. Important factors to consider are criticality, the likelihood of failure, and the cost of the component. Size and weight of the component are usually not considered while deciding for redundancy. Scalability is also not considered when planning for redundancy.
An online store has a requirement that its website is 100% available, even in case of disasters. The area in which the data center is implemented is seismic-sensitive. Which of the following solutions should the organization consider? A) Create a redundant data center at a different geographical site B) Move the data center to another country C) Install a redundant web server in the same data center D) Move the data center to a safe location
A) Create a redundant data center at a different geographical site Installing a redundant web server in the same data center will not be a good solution in case of a disaster. Moving the data center to a safe location will be an expensive solution and will also not guarantee 100% uptime. Moving the data center to another country will again be an expensive solution and will not ensure 100% availability.
An application is supplied with input data that exceeds the allocated memory for that data. The application is not configured to handle the excess data. What impact the vulnerability discussed in the given scenario may produce? [Choose all that apply.] A) Denial of service B) Zero-day attack C) Data loss D) Privilege escalation E) Theft of data
A) Denial of service C) Data loss D) Privilege escalation The vulnerability discussed in the scenario is a buffer overflow. A buffer overflow occurs when an application attempts to write data outside the allocated memory. This can eventually overwrite the existing data in the outside memory, thus resulting in data loss. A buffer overflow may also cause the running application to crash, thus leading to a denial of service situations. In addition, when malicious users use buffer overflow vulnerabilities in programs that run with system privileges, they can write illicit code in the memory and can attempt to perform privilege escalation.
The security administrator notices that there is a large amount of file transfer taking place between a few systems on the network. The security administrator discovers that these systems are transferring these files using a P2P application. This is causing the network to slow down. Which of the following security issues is the network prone to? [Choose all that apply.] A) Denial-of-service B) The spread of malicious code C) XSS attack D) Outdated application E) Exposure of sensitive information
A) Denial-of-service B) The spread of malicious code E) Exposure of sensitive information The key is the P2P (Peer to Peer) applications. In this scenario, there is a chance that an internal botnet is running within the network. They can be difficult to trace down.
The security administrator has been assigned to scan the network to discover the following: A definitive list of missing patches Client-side vulnerabilities Bluetooth devices attached to the hosts being scanned Password policies What should the security administrator do to get the required information? A) Execute a credentialed scan B) Run the antivirus scan C) Perform a penetration test D) Run a discovery scan
A) Execute a credentialed scan A credentialed scan does a more thorough scan of the system than most other types of scans. Only a credentialed scan can get the required info in this scenario.
Recently, a user attempted to gain unauthorized access to the company's Web server that is hosted on the internal network. The user attempted to gain access using a program that was installed on the user's system. You want to prevent such unauthorized access to the Web server in the future. Which of the following should you implement? A) HIPS B) NIPS C) NIDS D) HIDS
A) HIPS You need to implement HIPS, which is the Host Intrusion Prevention System. It will not only detect but also prevent any unauthorized attempt to access the Web server. HIPS is specific to the local system and can only monitor and prevent where it is installed. HIDS can only detect but not prevent any unauthorized attempt to the Web server. NIPS can monitor, detect, and protect a network against suspicious and malicious traffic. NIDS is mainly designed to detect malicious traffic in a network.
You have to isolate kiosks systems from the rest of the network. You do not want the visitors to access the corporate network from the kiosk systems, which are used for Internet browsing. What should you do? [Choose two that apply.] A) Implement airgap between the corporate network and kiosk systems B) Keep the kiosk systems disconnected from the network C) Create a new restricted VLAN for the kiosk systems D) Use firewall policies to restrict the traffic to and from the kiosk systems
A) Implement airgap between the corporate network and kiosk systems C) Create a new restricted VLAN for the kiosk systems Airgap is the separation of the secure corporate network and the less secure network, which is kiosk systems in this scenario. Another method to segregate them is to create a restricted VLAN for the kiosk systems. You cannot keep the kiosk systems disconnected from the network as they required Internet access. Firewall policies may not provide full proof protection. If the firewall goes down, then the access will be open for the corporate network.
You have recently joined an organization as an IT Manager. Your organization uses generic accounts for specific roles. The sales team executives have a generic account, SalesExec. Similar accounts exist in other departments. You decide to assign each user a user account with their name and discontinue the generic accounts. What is the purpose of creating individual accounts? A) In case of an incident, you will be able to trace the responsible user. B) Organizational data privacy is at risk with generic accounts. C) Users must ensure the safety of the organization's data. D) User data is likely to get corrupt with multiple users using a single account.
A) In case of an incident, you will be able to trace the responsible user. When multiple users use the same account, in case of an incident, you will never be able to trace the person responsible for the incident. If they are using their own accounts, then you can identify who did what. For example, if a user using a generic account deletes a file, it will be difficult to trace who deleted it.
Which of the following devices are likely to implement home automation? A) IoT B) Windows Embedded Compact C) RTOS D) Raspberry Pi E) HVAC
A) IoT IoT devices include Smart devices (i.e., smart TV, Roomba, Alexa, Google Home)
Which of the following statements about the testing environment is true? A) It is isolated from the development environment. B) It is deployed within the organization's DMZ. C) It is the live environment that runs the application. D) It is used to test all the installation, configuration, and migration scripts and procedures.
A) It is isolated from the development environment. A test environment is isolated from the development environment using methods such as a firewall or VLAN segmentation.
An administrator has installed a dedicated crypto-processor for cryptographic operations on the system. What could be the outcome of this action? A) Low latency B) High resiliency C) Non-repudiation D) Integrity
A) Low latency Think of it this way: having dedicated hardware almost always make a process faster (lower latency).
Which of the following physical controls helps prevent tailgating and may snare the intruder who is trying to tailgate? A) Mantrap B) Surveillance devices C) Intrusion Prevention System D) Motion sensors
A) Mantrap Mantraps are designed in such a way that it has two access doors for anyone to enter the organization. The first door gets locked automatically before the intruder gains access through the second door. So any intruder who is successful in tailgating through the first gate will get trapped in between, as the second gate will provide access to only one person at any given time and that person will need to have the required authorization to gain entry.
Which of the following measures are implemented to ensure high availability? [Choose three that apply.] A) Mirroring B) Failover C) Elasticity D) Scalability E) Redundancy
A) Mirroring B) Failover E) Redundancy Measures such as redundancy, failover, and mirroring help keep services and systems operational during an outage. Scalability is a property of a system to add resources when workload increases. Elasticity refers to the capability of the system to add resources when the workload increases and remove resources when the workload decreases.
Which of the following distinguishes a rainbow table attack from a brute force attack? [Choose two that apply.] A) More storage space B) More computer processing time C) Less storage space D) Less computer processing time
A) More storage space D) Less computer processing time A rainbow table is used to crack password hashes and reverse cryptographic hashes. A rainbow table takes up more storage space but reduces the processing time. A brute force attack, on the other hand, calculates the hash on every attempt, which increases the computer processing time. A brute attack generates hashes on the fly, and therefore, takes negligible storage as compared to the rainbow table.
You have executed a command to query the DNS server for the domain, www.google.com. When you run this command, you get the following information: Non-authoritative answer: Name: www.google.com Address: 172.217.166.36 Which command would have you executed to get this output? A) Nslookup B) netcat C) tracert D) netstat
A) Nslookup The nslookup command helps to query the DNS server for the domain. The non-authoritative answer is the returned IP address for www.google.com.
You need to enable the Guest account on a system. You want to control how the account can be used carefully. To be able to achieve this, which of the following should you do? [Choose all that apply.] A) Prevent the Guest account from viewing event logs B) Ensure that the Guest account cannot be used over the network C) Set a secure password for the Guest account D) Prevent the Guest account from writing any data on the system E) Prevent the Guest account from shutting down the computer F) Prevent the Guest account from accessing the Internet
A) Prevent the Guest account from viewing event logs B) Ensure that the Guest account cannot be used over the network C) Set a secure password for the Guest account E) Prevent the Guest account from shutting down the computer
PLAB Inc. network consists of Windows 10 systems and Windows Server 2016 servers. All users are part of the PLAB.com domain. The network administrator discovers that several users have installed pirated applications on their systems. Which of these methods can the network administrator use to prevent users from installing pirated applications? [Choose two that apply.] A) Remove administrative privileges B) Use AppLocker C) Use Software Restriction Policies D) Create restricted user accounts in the domain for users E) Encrypt the hard drives using BitLocker
A) Remove administrative privileges B) Use AppLocker The network administrator can use one of the two methods: 1) Use AppLocker to prevent unauthorized application installation. With AppLocker, the network administrator can either create a whitelist to allow specific applications for installations or use a blacklist to prevent specific applications from installation. AppLocker can be used through Group Policy to enforce software installation restrictions. 2) Another simpler method would simply remove the users' administrative privileges from their systems. This will prevent users from installing any kind of application. This can also be achieved through Group Policy.
Identify the methods that a security administrator can use to prevent an Advanced Persistent Threat (APT). [Choose all that apply.] A) Restrict the administrative privileges on servers, desktops, and applications B) Use application whitelisting C) Patch applications, operating systems, and firmware of systems and network devices D) Install and configure an Intrusion Prevention System (IPS) E) Run the applications in the sandboxed environment
A) Restrict the administrative privileges on servers, desktops, and applications B) Use application whitelisting C) Patch applications, operating systems, and firmware of systems and network devices
Which of the following are described by the secure baseline? [Choose two that apply.] A) Security controls required to ensure the basic security of the user computers on the organizational network B) Risks related to the organizational network C) Risks related to the user computers on the organizational network D) Security controls required for the basic security of the organizational network
A) Security controls required to ensure the basic security of the user computers on the organizational network D) Security controls required for the basic security of the organizational network A secure baseline defines a plan and implementation strategy for the basic essential security standards for an organization. These standards include detailed policies and procedures, implementation of security controls for the IT infrastructure and facility, and proper training of all personnel.
A newly joined security administrator is entrusted the responsibility of maintaining security solutions of a company without proper training on the company's security policies or techniques. What type of threat may this situation present to the organization? A) Social engineering B) Code injection C) Privilege escalation D) Vulnerable business process
A) Social engineering Though an organization implements the best technology, if the employees are not trained properly, they can fall prey to social engineering attacks leading to undesirable consequences. With no proper implementation of business processes and policies, employers may tend to appoint untrained resources to manage security solutions. Hence, a vulnerable business process can be stated as the main cause of the entrusting system security to untrained users. However, it cannot be the impact produced by these users.
Which of the following multifactor authentication measures does a USB security token use? [Choose two that apply.] A) Something you have B) Something you know C) Something you are D) Something you do E) Somewhere you are
A) Something you have B) Something you know You "have" the token and you "know" its PIN
Your organization has multiple public IP addresses. You need to host multiple Web sites on the Internet. You want all the Websites to use the public IP addresses with one to one mapping and still be accessible on the intranet with their private IP addresses. Which of the following method should you use to configure this? A) Static NAT B) Dynamic NAT C) Masquerading D) Single-Address NAT
A) Static NAT You need to implement static NAT in this scenario because you have multiple public IP addresses, and each one can be mapped with one private IP address. There is one to one mapping, but it is static. In the dynamic NAT, there is a pool of public IP Addresses, and when there is outgoing traffic, the available public IP address is used for NAT.
When exposing a Web service, you get the following errors:The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel What could be the probable cause? [Choose all that apply.] A) The Certificate Root Authority that issued the certificate is not trusted by the server. B) There is a connectivity issue. C) The hostname used in the URL doesn't match the name on the certificate. D) The certificate name is not included in the CRL. E) The certificate is self-signed. F) The certificate has expired.
A) The Certificate Root Authority that issued the certificate is not trusted by the server. C) The hostname used in the URL doesn't match the name on the certificate. E) The certificate is self-signed. F) The certificate has expired.
Recently, you have installed Mozilla Firefox on your system. When you attempt to open any secure Website using HTTPS, you get the following error: SEC_ERROR_UNKNOWN_ISSUER What could be the probable cause? [Choose all that apply.] A) The certificate on your system is not trusted by Firefox. B) The certificate on your system is replaced with another certificate by malware. C) The certificate is self-signed. D) The certificate on your system is replaced with another certificate by an antivirus tool. E) The hostname used in the URL doesn't match the name on the certificate.
A) The certificate on your system is not trusted by Firefox. B) The certificate on your system is replaced with another certificate by malware. D) The certificate on your system is replaced with another certificate by an antivirus tool. When one website shows this error, it is probably A). When multiple websites show this error, it can be either B) or D).
Most of the desktops in your organization use wireless keyboards and mouse. Recently, another user was able to remotely gain access to one of the systems with a wireless mouse and keyboard and type in various commands. What could have possibly happened? [Choose two that apply.] A) The system was not updated with the latest patches B) The keylogger was installed on the system. C) Attacker connected to the system using Bluetooth. D) The USB dongle was exploited for remote access.
A) The system was not updated with the latest patches D) The USB dongle was exploited for remote access. The question does not specifically mention Bluetooth (although wireless keyboards and mice CAN use Bluetooth technology to connect to the dongle).
After the Eradication phase, you are in the Recovery phase. Before you put the systems back in the production, which of the following decisions should you make? [Choose all that apply.] A) Time and date to restore operations B) Test and verify that the compromised systems are clean and fully-functional C) The duration of monitoring to observe for abnormal behaviors D) The tools that can prevent future occurrences
A) Time and date to restore operations B) Test and verify that the compromised systems are clean and fully-functional C) The duration of monitoring to observe for abnormal behaviors In this phase, you do not need to think about the tools that will prevent the future occurrences of an incident.
Your organization identifies a third-party service provider to secure the information in the cloud. Which of the following risk response technique is performed by your organization here? A) Transfer B) Mitigate C) Contingency D) Accept
A) Transfer This scenario depicts Risk Transference. Specifically, your organization transfers the risk onto the third-party provider.
You need to configure an encrypted E-mail for users within the network. The E-mail must be in its secure form so that it is not transmitted in the clear-text form using a messaging client. What should you do? A) Use the S/MIME protocol B) Install SSL/TLS certificates on the messaging server C) Configure HTTPS D) Install the SSL/TLS certificate on all user systems
A) Use the S/MIME protocol S/MIME (Secure/Multipurpose Internet Mail Extensions) Is used to encrypt emails at client side. S/MIME is a standard for public key encryption and signing of MIME data.
You have recently formatted your system after detecting a remote access trojan (RAT). You want to ensure that the RAT is no longer able to get into your system. Which of the following methods should you use? (Select all that apply) A) Keep the antivirus up to date B) Avoid downloading unknown programs C) Avoid opening e-mail attachments from unknown senders D) Block unused ports and shut down unwanted services E) Monitor outgoing traffic regularly
All of them (A, B, C, D, E) are standard information security practices.
Which of the following are used to measure integrity of an application? (Select all that apply) A) Quality B) Confidentiality C) Maintainability D) Reliability
All of them are used (A,B,C,D)
You have enforced a new policy in which all employees from Manager and above need to go on two weeks mandatory vacation. Which type of security control have you applied? A) Operational B) Administrative C Technical D) Logical
B) Administrative This is an example of Administrative control. During this period, audits are usually performed on said administrators.
Which of the following options differentiates Twofish from Blowfish? [Choose two that apply.] A) Encryption type B) Complexity C) Encryption speed D) Availability
B) Complexity C) Encryption speed Twofish and Blowfish are symmetric encryption ciphers. Both are freely available in the public domain. Both are secure algorithms. The differentiating factor is that the Twofish algorithm uses a more complex key schedule compared to the blowfish. Also, Twofish algorithms take less time to encrypt the contents than Blowfish.
Which of the following are used by a vulnerability scanner to identify vulnerabilities? [Choose two that apply.] A) Digital signature B) Dictionary scanning C) Database scanning D) Virus signature
B) Dictionary scanning C) Database scanning A vulnerability scanner scans a system and uses a database and/or a dictionary to identify publicly known vulnerabilities.
The security administrator at PLAB Inc. needs to ensure that the laptops on the network must not attack each other and must be prevented from doing so. All laptops are connected to switches. Which of the following should the security administrator use to meet this goal? A) Network Intrusion Detection Systems (NIDS) B) Host Intrusion Prevention System (HIPS) C) Network Intrusion Prevention Systems (NIPS) D) Host Intrusion Detection Systems (HIDS)
B) Host Intrusion Prevention System (HIPS) The administrator should use HIPS in this scenario, which states that the attacks need to be prevented at the host level.
Due to the shortage of resources in the team, the CIO has decided to use the cloud computing to extend the company's infrastructure. Going forward, the servers, databases, and storage will be deployed online in the cloud computing environment. Using these resources, the CIO requires his team to be able to: * create virtual machines (VMs) * install operating systems on each VM * deploy middleware * create storage buckets To meet these goals, which type of cloud computing model would be most appropriate? A) SaaS (Software-as-a-Service) B) IaaS (Infrastructure-as-a-Service) C) IaaS (Integration-as-a-service) D) PaaS (Platform-as-a-Service)
B) IaaS (Infrastructure-as-a-Service)
Your organization uses an in-house developed application for project management. This application is being used by various partners from different organizations. You receive an e-mail from an unknown person about discovering a vulnerability in the application. The person demands money to disclose the vulnerability. Further, there is a threat that if money is not paid, details of the vulnerability will be shared with various hackers. What are the possible methods to handle this situation? [Choose two that apply.] A) Run the antivirus on the application to attempt to discover the vulnerability B) Pay money to the person and get details of the vulnerability C) Perform thorough security tests on the application and discover the vulnerability D) Change the mode of operation of the application to offline
B) Pay money to the person and get details of the vulnerability C) Perform thorough security tests on the application and discover the vulnerability To handle this situation, there are two possible methods: Pay money to the person and get the details of the vulnerability - most security researchers earn their living in this manner. It is the quickest method to get the details of the vulnerability. Perform thorough security tests on the application and discover the vulnerability - This is a possible method, but it will take time, and there is the risk that you may or may not discover the vulnerability.
A forensic expert finds a hidden encrypted file that is useful for legal proceedings. Which of the following actions is performed by the expert here? A) Collecting the evidence B) Recovery of the evidence C) Keeping legal hold of the evidence D) Preservation of the evidence
B) Recovery of the evidence
The IT helpdesk has been receiving complaints that when they connect their laptops through the Wi-Fi connection, they are not able to access the organizational network. However, they can access the Internet. On conducting a security scan, the IT helpdesk engineer notices that the users are being routed to an access point that has not been installed by the organization. Which of the following wireless attack does this scenario depict? A) Jamming B) Rogue AP C) Packet sniffing D) Evil Twin
B) Rogue AP Rouge Access Point (Rouge AP) is a wireless threat that bypasses all wired security measures (firewalls, for example) by providing access to a wired enterprise network. Rogue access points could potentially allow unchallenged access to the network by any wireless user or client in the physical vicinity.
You have multiple Layer 3 switches on your network. You want to collect their daily usage report without compromising the data. Which of the following should you use? A) SIEM B) SNMPv3 C) SNMPv2 D) SYSLOG
B) SNMPv3 In this scenario, SNMPv3 (Simple Network Management Protocol v3) is the only possible answer. SNMPv2 does not provide security. SIEM and SYSLOG are mainly used for collecting events from network devices.
You have an E-commerce application that is hosted on a server in the DMZ zone. The database server is on the internal network and stores highly sensitive data. The application stores the data in the database hosted on the database server. To ensure the security of the data, you have encrypted all drives on both the servers and communication between the database, and the application server is also encrypted. The application is hosted using HTTPS. A firewall between the database server and application server prevents any unauthorized access to the database with the appropriate access control list. With such configuration, an attacker was still able to get inside the application and access data from the database server. Which attack did the attacker perform? A) Privilege Escalation B) SQL Injection C) HTTP response splitting D) Cross-site scripting
B) SQL Injection Unauthorized access to the environment directly will not be possible in this scenario. However, an attacker can still use SQL Injection to input malicious SQL Queries into the fields that accept user inputs. (DR. WATSON SAYS: ALWAYS SANITIZE YOUR INPUTS!!)
Recently, a malicious internal user compromised the internal DNS server and changed the DNS records to point to a malicious URL. You need to secure the integrity of the DNS records. What should you do? A) Limit the DNS replication between known servers B) Sign the DNS zones with DNSSEC C) Encrypt the DNS communication using IPSec D) Add a certificate on the DNS server
B) Sign the DNS zones with DNSSEC DNSSEC (Domain Name System Security Extensions) is a suite of Internet Engineering Task Force (IETF) specifications for securing certain kinds of information provided by the Domain Name System (DNS) as used on Internet Protocol (IP) networks.
A startup organization is yet to install a mail server in-house. The number of employees being few, the organization has subscribed to an online email service provider to provide official email accounts to all the employees. Which cloud service has the organization subscribed to? A) Monitoring-as-a-Service B) Software-as-a-Service C) Platform-as-a-Service D) Infrastructure-as-a-Service
B) Software-as-a-Service Software as a Service (SaaS) is a cloud service that provides access to various software or applications. In this case, the software or application is managed centrally by the cloud provider, and the customer can use the software or application. In the given scenario, the organization is using the email service provided by the cloud provider.
Your organization uses Exchange Server 2016 for messaging. You have configured Outlook 2016 as the E-mail client. When you attempt to login, the authentication fails. You use IMAP to connect to your E-mail account. The password that you are using is of your domain account, and you have been able to log on to your system. What could be the probable cause? A) IMAP is incompatible with Outlook 2016. B) The password contains Unicode characters. C) Exchange Server does not support IMAP. D) The Outlook profile is corrupt.
B) The password contains Unicode characters. IMAP fails to authenticate a user if the password contains Unicode characters. As a workaround, you can change your password, use a different protocol, such as POP3, or downgrade the Outlook 2016 to 2013. The same password will then work.
Why is it important to implement proper access control on devices, such as printers and multifunction devices (MFDs)? [Choose two that apply.] A) They are highly susceptible to remote attacks. B) They communicate using various ports and protocols. C) They let any user print, scan, and copy documents. D) They are computing devices with a hard drive and operating system.
B) They communicate using various ports and protocols. D) They are computing devices with a hard drive and operating system. Printers and MFDs are actual computers with a hard drive and an embedded operating system. They also communicate using various ports and protocols. These features make them susceptible to the same attacks as any other network device. Therefore, proper access control on these devices is required.
You have a root domain with multiple sub-domains. You need to use certificates with the domain and its sub-domains using a recommended solution. What should you do? A) Use Domain Validation certificates B) Use a single wildcard certificate for domain and sub-domains C) Use individual certificates for domain and sub-domains D) Use a single root certificate for domain and sub-domains
B) Use a single wildcard certificate for domain and sub-domains
Which of the following test identifies weaknesses while ensuring that normal operations are not affected by this testing? A) Black box test B) Vulnerability scan C) Gray box test D) White box test
B) Vulnerability scan Vulnerability scan uses passive attempt to identify vulnerability and ensures that the normal operations are not affected by this testing. In white box testing, the tester needs to look into the source code to identify the piece of code that is performing inappropriately. Black box and gray box tests are penetration tests and are active invasive tests that can compromise a system.
An internal user has been able to gain access to another user's internal Website password and logged to his account. How would you classify this event as? A) Event Anomaly B) Security Misconfiguration C) Access Violation D) Invalid Login attempt
C) Access Violation The user is using another person's credentials to access the internal website. You should NEVER give your password out to anyone (or use someone else's credentials).
You have an e-commerce application that needs to be implemented. Implementing the application includes allowing access to external users on the Internet. You want to ensure the application is protected from cross-site scripting (XSS) and SQL injection. You also want to prevent OSI Layer 7 traffic. To meet the criteria in the scenario, which of the following should you implement along with the application? A) URL filtering B) Network Intrusion Detection System (NIDS) C) Application Firewall D) Network Firewall
C) Application Firewall To meet the criteria in the given scenario, the only possible option is an application firewall, also known as a Web application firewall (WAF). It is designed to prevent an application from the XSS as well as SQL injection attacks. WAF works at OSI Layer 7 protecting HTTP and HTTPS traffic.
In a substitution cipher, the word 'WELL DONE' is encrypted as 'DVOO WLMV.' Which of the following substitution ciphers is used here? A) ROT13 B) Caesar C) Atbash D) XOR
C) Atbash Atbash uses the reverse order of the alphabet to encode. (Optional info below - may not be useful to you, but it helped me) A good way to recognize that Atbash may have been used is to look at the encrypted message and see if any letters in it are also in the unencrypted message. If so, check if the letter found in the encrypted message encrypts to the original letter you first checked. (Example, the W and D. WELL DONE translated to DVOO WLMV, and we can see that the W translated to D, which is in the original message. From there, we see that the D translated to W. We then are hinted that something's up, so check for Atbash's encryption method.)
A user enables the Bluetooth in a mobile and their private information is stolen. What type of wireless attack has happened in this scenario? A) Bluejacking B) Bluebugging C) Bluesnarfing D) Bluetoothing
C) Bluesnarfing Not to be confused with Bluebugging, which results in the device being in complete control of the hacker.
A user's laptop has crashed and has gone in for repairs. While the laptop is being repaired, the system administrator hands over a Live CD for the user to work on. Which of the tasks can the user perform on the Live CD? A) Save files B) Install new applications C) Browse the Internet D) Customize settings
C) Browse the Internet When a live boot CD is used on a computer, the computer boots from the CD and the entire live environment, including the operating system and the applications, run from the CD in the RAM of the computer. The operating system and applications are not installed on the computer. With a live boot CD, users can browse the internet. However, it is a read-only media, and therefore, cannot be used to install new applications, save files, or customize settings.
An organization is responsible for formulating strategies for the defense of the country. Which of the following security measures must the organization adopt to ensure the safety of the lives of their employees? [Choose all that apply.] A) GPS Tracking B) Digital signature C) CCTV D) Escape routes E) Certificates F) Fencing
C) CCTV D) Escape routes F) Fencing Digital signatures and certificates are used to protect data. GPS tracking is used to protect physical devices from theft.
You have a single server VLAN that contains servers with sensitive information. Each server is hardened with company security guidelines. You need to deploy multiple virtual machines that will contain generic folder shares and will be accessed by the users on the network. These virtual machines are not hardened as per company policy. You must ensure that sensitive information is not at risk. What should you do? A) Enable a firewall on each virtual machine B) Host the virtual machines on the same segment and restrict their network only to the host C) Create a new VLAN, install a server, host the virtual machines, and restrict access on the VLAN D) Move the virtual machine to a server without any network connectivity
C) Create a new VLAN, install a server, host the virtual machines, and restrict access on the VLAN Since the virtual machines are not hardened, it is better to move them to a new VLAN and restrict access to the VLAN. With the limited access to the virtual machines, there are fewer chances of an impact on the sensitive data on the servers.
A symmetric algorithm is used by an organization to generate a 64-bit key. In that 64-bits, 8-bits are used for error correction. Which of the following symmetric algorithms is implemented by the organization? A) Advanced Encryption Standard B) RC4 C) Data Encryption Standard D) Twofish
C) Data Encryption Standard Data Encryption Standard (DES) produces a 64-bit key. However, only 56-bits are used as a key; the remaining 8 bits are used for error correction. AES uses three different key lengths - 128, 192, and 256-bits. Twofish accepts key length up to 256-bits. RC4 uses key size from 40 to 2048 bits.
You are performing a security audit of a client network. You notice that several user accounts are still active even though the users have left the organization. You warn your client about this issue. What should be your solution to fix this issue? A) Perform a regular vulnerability testing B) Configure account expiration on each account C) Define a routine audit mechanism D) Implement an account management policy
C) Define a routine audit mechanism An audit mechanism will help you track accounts that are unused but still active. The others will not really help the situation.
Which of the following differentiates Cipher Block Chaining from Electronic Code Book? A) Usage of plain text and key B) Usage of counters C) Dependency on previous cipher text block D) Block cipher mode of operation
C) Dependency on previous cipher text block Cipher Block Chaining (CBC) and Electronic Code Book (ECB) are the most commonly used block cipher modes of operation. Both do not use counters. Both divide the plaintext into blocks and encrypt them using keys. However, the differentiating factor is that CBC additionally depends on the previous cipher text block to encrypt the next plaintext block.
You have installed multiple cameras in your office. The cameras' output is being recorded 24/7. Which of the security control have you implemented? A) Compensating B) Corrective C) Deterrent D) Recovery E) Detective
C) Deterrent Cameras are installed as deterrent control, which is design to discourage any violation that a person, otherwise, may have intended.
Which of the following example depicts a transitive trust? A) Domain A trusts Domain B, Domain B trusts Domain A B) Domain A trusts Domain B, Domain C trusts Domain A, Domain C trusts Domain B C) Domain A trusts Domain B, Domain B trusts Domain C, Domain A trusts Domain C D) Domain A trusts Domain B, Domain B trusts Domain C, Domain C trusts Domain A
C) Domain A trusts Domain B, Domain B trusts Domain C, Domain A trusts Domain C When Domain A trusts Domain B, and Domain B trusts Domain C, Domain A transitively trusts Domain C. The direction of flow of trust is A>B>C. However, this doesn't necessarily mean that Domain B or C will also trust Domain A.
You are the IT administrator for your organization. One day while collecting a print out from the printer, you notice that the dustbin is full of old printed papers. When you go through the papers, you find that several papers included user accounts, E-mail address, and their banking information. What would have happened if these papers were thrown away without being properly shredded? A) Intellectual Property Theft B) Impersonation C) Dumpster diving D) Social Engineering
C) Dumpster diving Hackers can easily go dumpster diving for PII or other compromising information that has not been disposed of properly.
As part of a recovery drill, an organization decides to move to a warm site, until the primary location is back in action. Which of the following business continuity plan is performed here? A) Alternate business process B) Tabletop exercise C) Failover D) Location selection
C) Failover Failover is a process of switching over to another option when the primary option becomes unavailable.
An unauthorized user attempted to authenticate himself with the fingerprint scanner and got authenticated. Which of the following has just occurred? A) False rejection rate B) True acceptance rate C) False acceptance rate D) Crossover rate
C) False acceptance rate In a False acceptance rate, an unauthorized user is authenticated as a genuine user. In the false rejection rate, a genuine user is rejected, and authentication fails. Crossover error rate is the point at which one error rate is reduced to the smallest point that does not increase the other error rate. There is nothing called the true acceptance rate.
You have recently joined a startup company that has approximately 50 employees; each has laptops. Each laptop uses Windows 10, and all servers are running with Windows Server 2016. You want to ensure that all client and server operating systems are not a victim of any vulnerability. You must be able to track if the systems are vulnerable. Since you are alone, you need to minimize your effort. What should you do? A) Configure each laptop and server to run Windows Update regularly B) Harden each operating system with a new baseline image for laptop and servers C) Install a WSUS server and update each laptop and server D) Configure firewall on each laptop and server
C) Install a WSUS server and update each laptop and server In this scenario, the best possible solution is to install a WSUS (Windows Server Update Services) server and update each laptop and server. Using this method, you will be able to roll out updates at once. You can push the updates through Group Policy and get updates from the WSUS dashboard on the number of systems updated or not updated.
You have been asked to store the logs on the write-once drives. After you configure the write-once drives to store the logs, what will you achieve? A) Confidentiality B) Encryption C) Integrity D) Availability
C) Integrity When you write something on write-once drives, you cannot erase or overwrite them. This ensures the integrity of the logs as they are written on write-once, they cannot be tampered with. The write-once drives do not provide confidentiality, encryption, or availability. If the write-once disk is lost or stolen the confidentiality along with availability is in question. It does not provide encryption on the data.
For which of the following reasons is RAID implemented? [Choose two that apply.] A) Security against virus B) Data nesting C) Performance improvement D) Data redundancy
C) Performance improvement D) Data redundancy RAID is mainly implemented for data redundancy and performance improvement. It doesn't provide data nesting or security against the virus.
You have recently setup SFTP that your partner organization will be using for file transfer. However, when they try to access, they are not able to connect. You internally test the connection over the network and can connect using the same account. What could be the probable cause? A) Port 21 on the firewall is blocked. B) The account being used does not have enough permissions. C) Port 22 on the firewall is blocked. D) SFTP service is in a hang state.
C) Port 22 on the firewall is blocked. Since the SFTP account is internally working, the only possible problem in this scenario can be that SFTP port, which is 22, is blocked on the firewall. Therefore, the users are not able to connect from outside the network. Port 21 is FTP, not SFTP.
You need to develop a database-driven application. You have been asked to use stored procedures to protect the SQL code within the database. You have been told that stored procedures are safe to use. If you decide to use stored procedures, which type of attack are you trying to prevent? A) XSS B) Privilege Escalation C) SQL Injection D) Data Exposure
C) SQL Injection You can prevent SQL injection with the use of stored procedures, which are pre-compiled before they are used. Therefore, inserting a piece of malicious code is not that easy unless stored procedure uses dynamic SQL that is not handled properly.
Which of the following statements about the hybrid cloud are true? [Choose two that apply.] A) The interoperability of private cloud and public cloud ensures high performance of the hybrid cloud. B) The initial cost of deploying a hybrid cloud is low, while the operational cost is high. C) The organization's workload is handled by the private cloud, and any spikes in resource usage are handled by the public cloud. D) The organization needs to pay only for those portions of the public cloud that they use.
C) The organization's workload is handled by the private cloud, and any spikes in resource usage are handled by the public cloud. D) The organization needs to pay only for those portions of the public cloud that they use.
You are configuring an application that requires a service account. Before you create this account, which of the following practices must you be aware of? [Choose two that apply.] A) The service account has administrative privileges. B) The service account is set to be used only for a limited time. C) The password of the service account is set to never expire. D) The service account has a strong password.
C) The password of the service account is set to never expire. D) The service account has a strong password.
Which of the following security protocol is used by EAP-FAST? A) Kerberos B) RADIUS C) Transport Layer Security (TLS) D) Diameter
C) Transport Layer Security (TLS) FAST (Flexible Authentication via Secure Tunneling) uses TLS to perform authentication.
An attacker gained access to a user's system. The user had administrative privileges on multiple application and database servers. Using the user's credentials, the attacker was able to gain access to these servers. You want to prevent this in the future. Which of the following methods should you enforce? [Choose all that apply.] A) Use separation of duties B) Enforce mandatory vacations C) Use the principle of least privileges D) Use account expiration E) Use complex passwords
C) Use the principle of least privileges D) Use account expiration E) Use complex passwords In this scenario, you should use three methods: Use the principle of least privileges - to ensure that the user has limited permissions and therefore, privilege escalation can be performed to a limited level Use account expiration - because an account will have limited life, it will expire, and therefore, the attacker will not be able to use it anymore. Complex passwords will also help to stop attackers in the future from gaining access to a user's account easily by using social engineering, brute force or dictionary attack methods.
The helpdesk technician is attempting to install a client provided-application on a user system. The antivirus on the system flags this as malware. The helpdesk technician has verified the hash of the application after downloading it from the client's portal, and therefore, is sure that it is not a malware. The user needs the application to be able to use it in the upcoming project. Which of the following two methods can helpdesk technician use to install the application without making a change in the system's baseline configuration? [Choose two that apply.] A) Uninstall the antivirus, install the application and then reinstall the antivirus B) Install the application in the compatibility mode C) Disable the antivirus and install the application D) Add an exception in the antivirus and install the application E) Install the application in the sandbox environment
D) Add an exception in the antivirus and install the application E) Install the application in the sandbox environment
A user downloads a file from the Internet. When the user attempts to open the file, the download asks to allow the installation of an add-in to view the file type. Which of the following is likely to be installed on the system after this? A) Worm B) Spyware C) Logic bomb D) Adware E) Rootkit
D) Adware In this scenario, a user is most likely to install adware by downloading and installing the add-in. In most of the cases, such add-ins open the doors for popups and are generally known as adware.
You need to install IBM WebSphere on your network. You have ensured that all the pre-requisites are completed. After the installation, what should you do? A) Apply the security hardening B) Update the application with latest patches C) Change the default admin password D) All of the mentioned choices
D) All of the mentioned choices
You have recently configured a wireless access point. All users with laptops now connect to the wireless network. You usually have visitors coming in for meetings who demand wireless connectivity. As per the IT Security Policy, you cannot connect the visitors to the corporate network. You need to still ensure that they are given access to the Internet and with minimum administrative effort and without additional cost. What should you do? A) Purchase a new DSL line and configure a new wireless access point on the same B) Purchase separate Internet dongles from a service provider C) Install another wireless access point for visitors D) Create a guest zone in the existing wireless access point
D) Create a guest zone in the existing wireless access point
You are creating a new network. You want to break the network into smaller networks using routers so that you can control what traffic can enter or leave each of the networks. What should you do? A) Create multiple VLANs B) Create multiple collision domains C) Create an airgap D) Create multiple broadcast domains
D) Create multiple broadcast domains A broadcast domain is a collection of network devices that receive broadcast traffic from each other. https://networklessons.com/cisco/ccna-routing-switching-icnd1-100-105/broadcast-domain
Which is the first stage of deployment in which you create the design of the solution? A) Production B) Staging C) Test D) Development
D) Development Following is the sequence of four phases of deployment: * Development * Test * Staging * Production
You are using software comfortably over a period, and suddenly the software slows down, and you are not receiving any updates or support services. Which of the following vulnerabilities has occurred in this case? A) Resource exhaustion B) False positive C) False negative D) End-of-life system
D) End-of-life system The End-of-life system is the time when the support services of a product, is stopped by the vendor.
You need to implement a wireless network that is in the most secure form. You also want to integrate digital certificates in this implementation. What should you do? A) Implement the wireless network in the pre-shared key mode with a RADIUS server B) Implement the wireless network in the pre-shared key mode C) Implement the wireless network in the open mode D) Implement the wireless network in the enterprise mode
D) Implement the wireless network in the enterprise mode You should implement the wireless network in the enterprise mode, in which a RADIUS server is used for authenticating the user. In this implementation, encrypted session keys are sent to the server from the RADIUS server. To make it more secure, certificates can be integrated with private/public key pair.
An organization initiates a privacy compliance process, and after proper analysis determines that a Privacy Impact Assessment (PIA) is required. Which of the following compliance process has helped to determine this requirement? A) Log Analysis B) Conceptual Analysis C) Personally Identifiable Information D) Privacy Threshold Assessment
D) Privacy Threshold Assessment Privacy Threshold Assessment (PTA) is the compliance tool used by organizations to determine if the Privacy Impact Assessment (PIA) is necessary.
As an HR Manager, you hold everyone's personal information along with their social security numbers. What does the social security number classify to be? A) Public B) Proprietary C) Confidential D) Private
D) Private A social security number is always private information
What would a secret formula for a medicine classify as? A) Private B) Public C) Confidential D) Proprietary
D) Proprietary It is YOUR formula that YOU own, so it is YOUR property.
There are millions of products that are displayed on the Amazon website. What does their information classify to be? A) Private B) Confidential C) Proprietary D) Public
D) Public
You log into your webmail account to send a mail to your team. You send the mail and log out from the account. In some time, you receive a call from one of your colleagues that they have received a mail from you with a URL, but the mail does not specify any details. You tell your colleague that you have not sent any such emails. You confirm the same by logging into your account. Which of the following methods did of the attacker use to hack into your account? A) Session fixation B) Malware C) Cross-site scripting D) Session sidejacking
D) Session sidejacking Session sidejacking method uses packet sniffing to read network traffic between two users and steals the session cookie to impersonate the user.
You use your chip-based credit card to make a payment at a retail outlet. After some time, you receive an alert from the credit card company about a large transaction done another retail outlet, which you have never visited. What kind of attack was you a victim of? A) Mac spoofing B) IP spoofing C) Jamming D) Shimming
D) Shimming In this given scenario, a shimming attack is performed by the attacker. In a shimming attack, the attacker places a small device in the card reader device (in this case, the POS). This device captures all the information stored on the chip. The captured personal details can then be used for malicious activities.
Which of the following can help to identify a computer hoax? A) Circuit-level gateways B) Packet-filtering firewall C) Application-level gateways D) Spam filter
D) Spam filter Common spam filters will identify and help prevent hoaxes
The Sales team in your organization is provided with mobile phones. Some of the Sales team members have rooted their phones to get the latest Android updates. You want to restrict them to install applications only from the company's official app store. You also want to monitor, manage, and secure these mobile devices. What should you do? A) Install the Android Device Manager on each phone B) Configure sideloading on their phones C) Configure each phone with guest access to the Sales team D) Use MDM to manage their devices
D) Use MDM to manage their devices MDM (Mobile Device Manager) can block rooting (aka, jailbreaking) or any other feature that you do not wish for your Users to use. MDM can also configure, control, update, and secure remote mobile devices.
You are developing an application that will be hosted on your network but will be exposed on the Internet. You want to limit the amount of data that is exposed from your application. What should you do? A) Use Camouflage B) Use Obfuscation C) Store the data in tables in a database D) Use public methods to interact with the data
D) Use public methods to interact with the data Think of the data as being stored in an Object that has private data (adheres to the OOP principle of Encapsulation)
You need to connect two laptops using their wireless network adapter and share data between them. There is no network or wireless network available to connect both the laptops. You must perform this task with minimum administrative effort. What should you do? A) Use MANET B) Configure the Infrastructure mode C) Configure the Wi-Fi Direct D) Use the Ad Hoc mode
D) Use the Ad Hoc mode In the ad hoc mode, devices connect in a mesh network as a group of peers. There is a direct one to one connection between two devices to share information, as required in the scenario. Infrastructure mode is controlled by the administrator, and all the traffic passes through an access point. It is mainly implemented in the enterprise wireless network. In the Wi-Fi Direct mode, the devices can communicate with each other without an access point for sharing files and media. MANET is a mobile ad hoc network that is used for on-the-fly communication. Every device becomes a router. It is mainly used with mobile devices.
You receive a call from your credit card company stating that you have 10,000 points available on your credit card, and if you did not redeem it, the points would lapse. The caller also offers to assist you in redeeming the points. You agree and provide the caller credit card details to the caller. Soon after the call, you get an alert from the credit card company about a large shopping payment made using your credit card. Which technique did the attacker use in this scenario? A) Whaling B) Spear Phishing C) Phishing D) Vishing
D) Vishing Vishing is also a variant of a phishing attack in which the attacker uses phone calls to extract personal and sensitive information from individuals.
An employee of an organization shares a directory with an unauthorized user. Which of the following tests can detect this action? A) Black box test B) Pentest C) White box test D) Vulnerability test
D) Vulnerability test Vulnerability scan looks for known vulnerabilities in a system, improper security controls, and common misconfigurations such as default directories and scripts that can be dangerous. The vulnerability scan uses software to detect the security flaws based on a database of the known flaws. In this case, sharing of files/folders to unauthorized users can be added to the database as a flaw.
An unauthorized user alters a management procedure to gain undue benefits without the knowledge of the organization. Which of the following vulnerability is being exploited here? A) Race condition B) Zero-day C) Weak cipher suite D) Vulnerable business process
D) Vulnerable business process Vulnerable business processes are exploited by the attacker in the given scenario. The organization is unaware of the business process compromise and believes that the process is proceeding as normal.
You need to deploy alarms that would be triggered if anyone forcefully attempts to enter the server room or attempts to break its lock. Which type of security control are you implementing? A) Compensating B) Deterrent C) Corrective D) Preventative E) Detective F) Recovery
E) Detective This is an example of detective control, which is going to detect when someone attempts to break the lock of the server room.
What is database normalization?
Normalization is the process of organizing the columns (attributes) and tables (relations) of a relational database to reduce data redundancy and improve data integrity.
