CompTIA Security+ (SY0-601) Practice Exam #1
Dion Training has a $15,000 server that has frequently been crashing. Over the past 12 months, the server has crashed 10 times, requiring the server to be rebooted to recover from the crash. Each time, this has resulted in a 5% loss of functionality or data. Based on this information, what is the Annual Loss Expectancy (ALE) for this server? A. $15,000 B. $1,500 C. $2,500 D. $7,500
$7,500
Jamie's organization is attempting to budget for the next fiscal year. Jamie has calculated that the asset value of a database server is $120,000. Based on her analysis, she believes that a data breach to this server will occur once every four years and has a risk factor is 30%. What is the ALE for a data breach within Jamie's organization? A. $90,000 B. $9,000 C. $360,000 D. $36,000
$9,000
Your firewall is blocking outbound email traffic that is attempting to be sent. Which port should you verify is set to ALLOW in the firewall to ensure your emails are being sent? A.22 B.25 C.80 D.143
25
A small business recently experienced a catastrophic data loss due to flooding from a recent hurricane. The customer had no backups, and flooding destroyed all of the hardware associated with the small business. As part of the rebuilding process, the small business contracts with your company to help create a disaster recovery plan to ensure this never reoccurs again. Which of the following recommendations should you include as part of the disaster recovery plan? A. Backups should be conducted to a cloud-based storage solution B. Local backups should be conducted C. Purchase waterproof devices to prevent data loss D. Local backups should be verified weekly to ensure no data loss occurs
A
Dion Training is building a new data center. The group designing the facility has decided to provide additional HVAC capacity to ensure the data center maintains a consistently low temperature. Which of the following is the most likely benefit that will be achieved by increasing the designed HVAC capacity? A. Longer MTBF of hardware due to lower operating temperatures B. Increase the availability of network services due to higher throughput C. Higher data integrity due to more efficient SSD cooling D. Longer UPS run time due to increased airflow
A
Dion Training is concerned with the possibility of employees accessing another user's workstation in secured areas without their permission. Which of the following would BEST be able to prevent this from happening? A. Require biometric identification for user logins B. Require a username and a password for user logins C. Enforce a policy that requires passwords to be changed every 30 days D. Install security cameras in secure areas to monitor logins
A
Dion Training just installed a new webserver within a screened subnet. You have been asked to open up the port for secure web browsing on the firewall. Which port should you set as open to allow users to access this new server? a. 443 B. 21 C. 143 D. 80
A
James, a programmer at Apple Computers, is surfing the internet on his lunch break. He comes across a rumor site focused on providing details of the upcoming iPhone being released in a few months. James knows that Apple likes to keep its product details a secret until it is publicly announced. As James is looking over the website, he sees a blog post with an embedded picture of a PDF containing detailed specifications for the next iPhone and labeled "Proprietary Information - Internal Use Only." The new iPhone is still several months away from release. What should James do next? A. Contact the service desk or incident response team to determine what to do next B. Contact the website's owner and request they take down the PDF C. Reply to the blog post and deny the accuracy of the specifications D. Contact his team lead and ask what he should do next
A
Vulnerability scans must be conducted continuously to meet regulatory compliance requirements for the storage of PHI. During the last vulnerability scan, a cybersecurity analyst received a report of 2,592 possible vulnerabilities and was asked by the Chief Information Security Officer (CISO) for a plan to remediate all the known issues. Which of the following should the analyst do next? A. Filter the scan results to include only those items listed as critical in the asset inventory and remediate those vulnerabilities first B. Place any assets that contain PHI in a sandbox environment and then remediate all the vulnerabilities C. Attempt to identify all the false positives and exceptions, then resolve any remaining items D. Wait to perform any additional scanning until the current list of vulnerabilities have been remediated fully
A
When conducting forensic analysis of a hard drive, what tool would BEST prevent changing the hard drive contents during your analysis? A. Hardware write blocker b. Degausser c. Forensic drive duplicator d. Software write blocker
A
Which of the following actions should be done FIRST after forensically imaging a hard drive for evidence in an investigation? A. Create a hash digest of the source drive and the image file to ensure they match B. Encrypt the source drive to ensure an attacker cannot modify its contents C. Digitally sign the image file to provide non-repudiation of the collection D. Encrypt the image file to ensure it maintains data integrity Explanation
A
Which of the following vulnerabilities involves leveraging access from a single virtual machine to other machines on a hypervisor? A. VM escape B. VM migration C. VM data remnant D. VM sprawl
A
Which of the following would a virtual private cloud (VPC) infrastructure be classified as? A. Infrastructure as a Service B. Function as a Service C. Software as a Service D. Platform as a Service
A
You are conducting an incident response and want to determine if any account-based indicators of compromise (IoC) exist on a compromised server. Which of the following would you NOT search for on the server? A. Malicious processes B. Unauthorized sessions C. Failed logins D. Off-hours usage
A
You are troubleshooting a network connectivity issue and need to determine the packet's flow path from your system to the remote server. Which of the following tools would best help you identify the path between the two systems? A. tracert B. ipconfig C. nbtstat D. netstat
A
You are trying to find a rogue device on your wired network. Which of the following options would NOT help find the device? A. War walking B. Site surveys C. Port scanning D. MAC validation
A
You are working as a network administrator for Dion Training. The company has decided to allow employees to connect their devices to the corporate wireless network under a new BYOD policy. You have been asked to separate the corporate network into an administrative network (for corporate-owned devices) and an untrusted network (for employee-owned devices). Which of the following technologies should you implement to achieve this goal? A. VLAN B. MAC filtering C. WPA2 D. VPN
A
You are working as part of the server team for an online retail store. Due to the upcoming holidays, your boss is worried that the current servers may not be able to handle the increased demand during a big sale. Which of the following cloud computing concepts can quickly allow services to scale upward during busy periods and scale down during slower periods based on the changing user demand? A. Rapid elasticity B. Metered services C. On-demand D. Resource pooling
A
Your team is developing an update to a piece of code that allows customers to update their billing and shipping addresses in the web application. The shipping address field used in the database was designed with a limit of 75 characters. Your team's web programmer has brought you some algorithms that may help prevent an attacker from trying to conduct a buffer overflow attack by submitting invalid input to the shipping address field. Which pseudo-code represents the best solution to prevent this issue? A. if (shippingAddress <= 75) {update field} else exit B. if (shippingAddress != 75) {update field} else exit C. if (shippingAddress >= 75) {update field} else exit D. if (shippingAddress = 75) {update field} else exit
A
What is bracketing? A. Providing a high and low estimate in order to entice a more specific number B. Pretending to divulge confidential information in hopes of receiving confidential information in return C. Saying something wrong in the hopes that the person will correct the statement with true information D. Pretending to be ignorant of a topic in order to exploit the person's tendency to educate E. Using praise to coax a person into providing information
A. Providing a high and low estimate in order to entice a more specific number.
A firewall administrator has configured a new screened subnet to allow public systems to be segmented from the organization's internal network. The firewall now has three security zones set: Untrusted (Internet) [143.27.43.0/24]; DMZ (Screened Subnet) [161.212.71.0/24]; Trusted (Intranet) [10.10.0.0/24]. The firewall administrator has been asked to enable remote desktop access from a fixed IP on the remote network to a remote desktop server in the screened subnet for the Chief Security Officer to work from his home office after hours. The CSO's home internet uses a static IP of 143.27.43.32. The remote desktop server is assigned a public-facing IP of 161.212.71.14. What rule should the administrator add to the firewall? A. Permit 143.27.43.0/24 161.212.71.0/24 RDP 3389 B. Permit 143.27.43.32 161.212.71.14 RDP 3389 C. Permit 143.27.43.0/24 161.212.71.14 RDP 3389 D. Permit 143.27.43.32 161.212.71.0/24 RDP 3389
B
Alexa is an analyst for a large bank that has offices in multiple states. She wants to create an alert to detect if an employee from one bank office logs into a workstation located at an office in another state. What type of detection and analysis is Alexa configuring? A. Anomaly B. Behavior C. Trend D. Heuristic
B
An employee contacts the service desk because they cannot open an attachment they receive in their email. The service desk agent conducts a screen-sharing session with the user and investigates the issue. The agent notices that the attached file is named Invoice1043.pdf, and a black pop-up window appears and then disappears quickly when the attachment was double-clicked. Which of the following is most likely causing this issue? A. The file contains an embedded link to a malicious website B. The attachment is using a double file extension to mask its identity C. The email is a form of spam and should be deleted D. The user doesn't have a PDF reader installed on their computer
B
Taylor needs to sanitize hard drives from some leased workstations before returning them to a supplier at the end of the lease period. The workstations' hard drives contained sensitive corporate data. Which is the most appropriate choice to ensure that data exposure doesn't occur during this process? A. Clear the drives B. Purge, validate, and document the sanitization of the drives C. The drives must be destroyed to ensure no data loss D. Clear, validate, and document the sanitization of the drives
B
The paparazzi have found copies of pictures of a celebrity's new baby online. The celebrity states they were never publicly released but were uploaded to their cloud provider's automated photo backup. Which of the following threats was the celebrity MOST likely a victim of? A. Unintended Bluetooth pairing B. Leaked personal files C. Unauthorized camera activation D. Unauthorized root access
B
What role does the red team perform during a tabletop exercise (TTX)? A. System administrator B. Adversary C. Cybersecurity analyst D. Network defender
B
Which of the following cryptographic algorithms is classified as asymmetric? A. Twofish B. ECC C. DES D. RC4
B
Which of the following hashing algorithms results in a 160-bit fixed output? A. SHA-2 B. RIPEMD C. NTLM D. MD-5
B
Which of the following terms is used to describe the timeframe following a disaster that an individual IT system may remain offline? a. MTBF b. RTO c. RPO D. MTTR
B
Which of the following types of data breaches would require that the US Department of Health and Human Services and the media be notified if more than 500 individuals are affected by a data breach? A. Personally identifiable information B. Protected health information C. Credit card information D. Trade secret information
B
Which operating system feature is designed to detect malware that is loaded early in the system startup process or before the operating system can load itself? A. Advanced anti-malware B. Measured boot C. Master Boot Record analytics D. Startup Control
B
You are conducting threat hunting on your organization's network. Every workstation on the network uses the same configuration baseline and contains a 500 GB HDD, 4 GB of RAM, and the Windows 10 Enterprise operating system. You know from previous experience that most of the workstations only use 40 GB of space on the hard drives since most users save their files on the file server instead of the local workstation. You discovered one workstation that has over 250 GB of data stored on it. Which of the following is a likely hypothesis of what is happening, and how would you verify it? A. The host might be offline and conducted backups locally -- you should contact a system administrator to have it analyzed B. The host might use as a staging area for data exfiltration -- you should conduct volume-based trend analysis on the host's storage device C. The host might be used as a command and control node for a botnet -- you should immediately disconnect the host from the network D. The host might be the victim of a remote access trojan -- you should reimage the machine immediately
B
You have been hired as a consultant to help Dion Training develop a new disaster recovery plan. Dion Training has recently grown in the number of employees and information systems infrastructure used to support its employees. Unfortunately, Dion Training does not currently have any documentation, policies, or procedures for its student and faculty networks. What is the first action you should take to assist them in developing a disaster recovery plan? A. Conduct a vulnerability scan B. Identify the organization's assets C. Conduct a risk assessment D. Develop a data retention policy
B
What is confidential bait? A. Providing a high and low estimate in order to entice a more specific number B. Pretending to divulge confidential information in hopes of receiving confidential information in return C. Saying something wrong in the hopes that the person will correct the statement with true information D. Pretending to be ignorant of a topic in order to exploit the person's tendency to educate E. Using praise to coax a person into providing information
B. Pretending to divulge confidential information in hopes of receiving confidential information in return
A cybersecurity analyst is working at a college that wants to increase its network's security by implementing vulnerability scans of centrally managed workstations, student laptops, and faculty laptops. Any proposed solution must scale up and down as new students and faculty use the network. Additionally, the analyst wants to minimize the number of false positives to ensure accuracy in their results. The chosen solution must also be centrally managed through an enterprise console. Which of the following scanning topologies would be BEST able to meet these requirements? A. Passive scanning engine located at the core of the network infrastructure B. Combination of server-based and agent-based scanning engines C. Active scanning engine installed on the enterprise console D. Combination of cloud-based and server-based scanning engines
C
Which of the following authentication protocols was developed by Cisco to provide authentication, authorization, and accounting services? A. RADIUS B. CHAP C. TACACS+ D. Kerberos
C
Which of the following cryptographic algorithms is classified as symmetric? A. RSA B. PGP C. 3DES D. ECC
C
Which of the following functions is not provided by a TPM? A. Random number generation B. Remote attestation C. User authentication D. Secure generation of cryptographic keys Sealing D. Binding
C
Which of the following is the LEAST secure wireless security and encryption protocol? A. WPA2 B. WPA3 C. WEP D. WPA
C
You are trying to select the best device to install to detect an outside attacker trying to reach into your internal network. The device should log the event, but it should not take any action to stop it. Which of the following devices would be the BEST for you to select? A. IPS B. Authentication server C. IDS D. Proxy server
C
You are trying to select the best device to install to proactively stop outside attackers from reaching your internal network. Which of the following devices would be the BEST for you to select? A. Proxy server B. Syslog server C. IPS D. IDS
C
What is "deliberate false statements"? A. Providing a high and low estimate in order to entice a more specific number B. Pretending to divulge confidential information in hopes of receiving confidential information in return C. Saying something wrong in the hopes that the person will correct the statement with true information D. Pretending to be ignorant of a topic in order to exploit the person's tendency to educate E. Using praise to coax a person into providing information
C. Saying something wrong in the hopes that the person will correct the statement with true information
A corporate workstation was recently infected with malware. The malware was able to access the workstation's credential store and steal all the usernames and passwords from the machine. Then, the malware began to infect other workstations on the network using the usernames and passwords it stole from the first workstation. The IT Director has directed its IT staff to develop a plan to prevent this issue from occurring again. Which of the following would BEST prevent this from reoccurring? A. Install a host-based intrusion detection system on all of the corporate workstations B. Install a Unified Threat Management system on the network to monitor for suspicious traffic C. Monitor all workstations for failed login attempts and forward them to a centralized SYSLOG server D. Install an anti-virus or anti-malware solution that uses heuristic analysis
D
A customer brought in a computer that has been infected with a virus. Since the infection, the computer began redirecting all three of the system's web browsers to a series of malicious websites whenever a valid website is requested. You quarantined the system, disabled the system restore, and then perform the remediation to remove the malware. You have scanned the machine with several anti-virus and anti-malware programs and determined it is now cleaned of all malware. You attempt to test the web browsers again, but a small number of valid websites are still being redirected to a malicious website. Luckily, the updated anti-virus you installed blocked any new malware from infecting the system. Which of the following actions should you perform NEXT to fix the redirection issue with the browsers? A. Install a secondary anti-malware solution on the system B. Perform a System Restore to an earlier date before the infection C. Reformat the system and reinstall the OS D. Verify the hosts.ini file has not been maliciously modified
D
A hacker successfully modified the sale price of items purchased through your company's website. During the investigation that followed, the security analyst has verified the web server, and the Oracle database was not compromised directly. The analyst also found no attacks that could have caused this during their log verification of the Intrusion Detection System (IDS). What is the most likely method that the attacker used to change the items' sale price? A. SQL injection B. Cross-site scripting C. Buffer overflow attack D. Changing hidden form values
D
After completing an assessment, you create a chart listing the associated risks based on the vulnerabilities identified with your organization's privacy policy. The chart contains listings such as high, medium, and low. It also utilizes red, yellow, and green colors based on the likelihood and impact of a given incident. Which of the following types of assessments did you just complete? A. Privacy assessment B. Quantitative risk assessment C. Supply chain assessment D. Qualitative risk assessment
D
Fail To Pass Systems has just been the victim of another embarrassing data breach. Their database administrator needed to work from home this weekend, so he downloaded the corporate database to his work laptop. On his way home, he left the laptop in an Uber, and a few days later, the data was posted on the internet. Which of the following mitigations would have provided the greatest protection against this data breach? A. Require all new employees to sign an NDA B. Require data masking for any information stored in the database C. Require a VPN to be utilized for all telework employees D. Require data at rest encryption on all endpoints
D
TFTP SMTP HTTP DNS A. 25,80,53,69 B. 80,53,69,25 C. 53,69,25,80 D. 69,25,80,53
D
What is the biggest disadvantage of using single sign-on (SSO) for authentication? A. Systems must be configured to utilize the federation B. Users need to authenticate with each server as they log on C. The identity provider issues the authorization D. It introduces a single point of failure
D
What problem can you solve by using Wireshark? A. Tracking source code version changes B. Validating the creation dates of web pages on a server C. Resetting the administrator password on three different server D. Performing packet capture and analysis on a network
D
What should be done NEXT if the final set of security controls does not eliminate all of the risks in a given system? A. You should remove the current controls since they are not completely effective B. You should ignore any remaining risk C. You should continue to apply additional controls until there is zero risk D. You should accept the risk if the residual risk is low enough
D
What type of malware changes its binary pattern in its code on specific dates or times to avoid detection by antimalware software? A. Ransomware B. Trojan C. Logic bomb D. Polymorphic virus
D
You are conducting a code review of a program and observe the following calculation of 0xffffffff + 1 was attempted, but the result was returned as 0x0000000. Based on this, what type of exploit could be created against this program? A. Password spraying B. Impersonation C. SQL injection D. Integer overflow attack
D
You are developing your vulnerability scanning plan and attempting to scope your scans properly. You have decided to focus on the criticality of a system to the organization's operations when prioritizing the system in the scope of your scans. Which of the following would be the best place to gather the criticality of a system? A. Ask the CEO for a list of the critical systems B. Scope the scan based on IP subnets C. Conduct a nmap scan of the network to determine the OS of each system D. Review the asset inventory and BCP
D
What is feigned ignorance? A. Providing a high and low estimate in order to entice a more specific number B. Pretending to divulge confidential information in hopes of receiving confidential information in return C. Saying something wrong in the hopes that the person will correct the statement with true information D. Pretending to be ignorant of a topic in order to exploit the person's tendency to educate E. Using praise to coax a person into providing information
D. Pretending to be ignorant of a topic in order to exploit the person's tendency to educate
Your company recently suffered a small data breach caused by an employee emailing themselves a copy of the current customer's names, account numbers, and credit card limits. You are determined that something like this shall never happen again. Which of the following logical security concepts should you implement to prevent a trusted insider from stealing your corporate data? A. Firewall B. Strong passwords C. MDM D. DLP
DLP
Saying something wrong in the hopes that the person will correct the statement with true information
Denial of the obvious
What is flattery? A. Providing a high and low estimate in order to entice a more specific number B. Pretending to divulge confidential information in hopes of receiving confidential information in return C. Saying something wrong in the hopes that the person will correct the statement with true information D. Pretending to be ignorant of a topic in order to exploit the person's tendency to educate E. Using praise to coax a person into providing information
E. Using praise to coax a person into providing information
Which law requires government agencies and other organizations that operate systems on behalf of government agencies to comply with security standards? A. HIPAA B. SOX C. FISMA D. COPPA
FISMA
A competitor recently bought Dion Training's ITIL 4 Foundation training course, transcribed the video captions into a document, re-recorded the course exactly word for word as an audiobook, then published this newly recorded audiobook for sale on Audible. From Dion Training's perspective, how would you BEST classify this situation? A. IP theft B. Identity theft C. Data breach D. Mission essential function
IP theft
Which social engineering attack relies on identity theft? A. Impersonation B. Dumpster diving C. Watering hole attack D. Shoulder surfing
Impersonation
Which of the following technologies is NOT a shared authentication protocol? A. LDAP B. OpenID Connect C. OAuth D. Facebook Connect
LDAP
A new smartphone supports users' ability to transfer a photograph by simply placing their phones near each other and "tapping" the two phones together. What type of technology does this most likely rely on? A. IR B. NFC C. RF D. BT
NFC
A social engineering technique whereby attackers under disguise of a legitimate request attempt to gain access to confidential information is commonly referred to as: A. Phishing B. Privilege escalation C. Backdoor access D. Shoulder surfing
Phishing
Which of the following is used in data URL phishing? A. Prepending B. Typosquatting C. Pretexting D. Domain hijacking
Prepending
Which of the following access control methods utilizes a set of organizational roles in which users are assigned to gain permissions and access rights? A. RBAC B. ABAC C. MAC D. DAC
RBAC
Which party in a federation provides services to members of the federation? A. IDP B. SAML C. RP D. SSO
RP
Which of the following cryptographic algorithms is classified as asymmetric? A. RSA B. DES C. RC4 D. AES
RSA
What type of spam relies on text-based communication? A. PUP B. SPIM C. RAT D. SPIT
SPIM
A situation in which an unauthorized person can view another user's display or keyboard to learn their password or other confidential information is referred to as:
Shoulder surfing
which of the following answers refer to Smishing? (Select 2 answers) A. VISHING B. PHISHING C. WHALING D. SOCIAL ENGINEERING TECH E. TEXT MESSAGING
Social engineering technique Text messaging
Which of the following terms is commonly used to describe an unsolicited advertising message? A. Spyware B. Adware C. Malware D. Spam
Spam
Phishing scams targeting a specific group of people are referred to as: A. Vishing B. Spear phishing C. Spoofing D. Whaling
Spear phishing
While working as a security analyst, you have been asked to monitor the SIEM. You observed network traffic going from an external IP to an internal host's IP within your organization's network over port 443. Which of the following protocols would you expect to be in use? A. SSH B. TFTP C. HTTP D. TLS
TLS
Which of the following answers refer to the characteristic features of pharming? (Select 3 answers) A. Domain hijacking B. Traffic redirection C. Fraudulent website D. Password attack E. Credential harvesting
Traffic redirection Fraudulent website Credential harvesting
In computer security, the term "Dumpster diving" is used to describe a practice of sifting through trash for discarded documents containing sensitive data. Found documents containing names and surnames of the employees along with the information about positions held in the company and other data can be used to facilitate social engineering attacks. Having the documents shredded or incinerated before disposal makes dumpster diving less effective and mitigates the risk of social engineering attacks. A. false B. true
True
In social engineering, the term "Elicitation" describes the use of casual conversation to extract non-public information from people without giving them the feeling they are being interrogated.
True
An email message containing a warning related to a non-existent computer security threat, asking a user to delete system files falsely identified as malware, and/or prompting them to share the message with others would be an example of: A. Vishing B. Impersonation C. Virus hoax D. Phishing
Virus hoax
The practice of using a telephone system to manipulate user into disclosing confidential information is known as: A. Whaling B. Spear phishing C. Vishing D. Pharming
Vishing
Which of the terms listed below refers to a platform used for watering hole attacks? A. Mail gateways B. Websites C. PBX systems D. Web browsers
Websites
Phishing scams targeting people holding high positions in an organization or business are known as:
Whaling
You have been asked to determine if Dion Training's web server is vulnerable to a recently discovered attack on an older version of SSH. Which technique should you use to determine the current version of SSH running on their web server? A. Passive scan B. Banner grabbing C. Vulnerability scan D. Protocol analysis
banner grabbing
A cybersecurity analyst notices that an attacker is trying to crack the WPS pin associated with a wireless printer. The device logs show that the attacker tried 00000000, 00000001, 00000002 and continued to increment by 1 number each time until they found the correct PIN of 13252342. Which of the following type of password cracking was being performed by the attacker? A. Brute-force B. Hybrid C. Rainbow table D. Dictionary
brute-force
Which of the following is a common attack model of an APT attack? A. Holds an organization's data hostage using encryption B. Involves sophisticated DDoS attacks C. Quietly gathers information from compromised systems D. Relies on worms to spread laterally
c
Your company is adopting a new BYOD policy for tablets and smartphones. Which of the following would allow the company to secure the sensitive information on personally owned devices and the ability to remote wipe corporate information without the user's affecting personal data? A. Containerization B. Touch ID C. Long and complex passwords D. Face ID
containerization
Which of the following BEST describes when a third-party takes components produced by a legitimate manufacturer and assembles an unauthorized replica sold in the general marketplace? A. Entrepreneurship B. Counterfeiting C. Recycling D. Capitalism
counterfeiting
A financial services company wants to donate some old hard drives from their servers to a local charity. Still, they are concerned about the possibility of residual data being left on the drives. Which of the following secure disposal methods would you recommend the company use? A. Zero-fill B. Secure erase C. Cryptographic erase D. Overwrite
cryptographic erase
The digital certificate on the Dion Training web server is about to expire. Which of the following should Jason submit to the CA to renew the server's certificate? A. CRL B. Key escrow C. CSR D. OCSP
csr
A cybersecurity analyst is reviewing the logs of a proxy server and saw the following URL, http://test.diontraining.com/../../../../etc/shadow. What type of attack has likely occurred? A. SQL injection B. Buffer overflow C. Directory traversal D. XML injection
directory traversal
Your intrusion detection system has produced an alert based on its review of a series of network packets. After analysis, it is determined that the network packets did not contain any malicious activity. How should you classify this alert? A. True negative B. False positive C. True positive D. False negative
false positive
What regulation protects the privacy of student educational records? A. glba b. hippa c. ferpa d. sox
ferpa
A software assurance test analyst performs a dynamic assessment on an application by automatically generating random data sets and inputting them in an attempt to cause an error or failure condition. Which technique is the analyst utilizing? A. Sequential data sets B. Static code analysis C. Known bad data injection D. Fuzzing
fuzzing
What tool can be used as an exploitation framework during your penetration tests? A. Nmap B. Autopsy C. Nessus D. Metasploit
metasploit
Which of the following would NOT be useful in defending against a zero-day threat? A. Allow listing B. Patching C. Threat intelligence D. Segmentation
patching
Which type of media sanitization would you classify degaussing as? A. Clearing B. Erasing C. Destruction D. Purging
purging
Which cloud computing concept is BEST described as focusing on the replacement of applications and programs on a customer's workstation with cloud-based resources? A. SaaS B. IaaS C. DaaS D. PaaS
saas
What is the utilization of insights gained from threat research and threat modeling to proactively discover evidence of an adversarial TTP within a network or system called? A. Information assurance B. Incident response C. Penetration testing D. Threat hunting
threat hunting
A user has reported that their workstation is running very slowly. A technician begins to investigate the issue and notices a lot of unknown processes running in the background. The technician determines that the user has recently downloaded a new application from the internet and may have become infected with malware. Which of the following types of infections does the workstation MOST likely have? A. trojan B. ransomware c. rootkit D. keylogger
trojan
You need to determine the best way to test operating system patches in a lab environment before deploying them to your automated patch management system. Unfortunately, your network has several different operating systems in use, but you only have one machine available to test the patches on. What is the best environment to utilize to perform the testing of the patches before deployment? A. Purchase additional workstations B. Sandboxing C. Bypass testing and deploy patches directly into the production environment D. Virtualization
virtualization
Your company has an office in Boston and is worried that its employees may not reach the office during periods of heavy snowfall. You have been asked to select a technology that would allow employees to work remotely from their homes during poor weather conditions. Which of the following should you select? A. VLAN B. IDS C. NAT D. VPN
vpn
