CTS 601
In an interview, you are provided the following statements regarding virtualization security. Which statement should you identify as correct?
A software-defined network virtualizes parts of the physical network to be more quickly and easily reconfigured.
What is a thin client?
A thin client is a computer that runs from resources stored on a central cloud server.
Accounting is an important security concept in an enterprise environment. Which of the following best describes accounting in this context?
Accounting refers to recording actions of a user on enterprise resources.
What is data masking?
Creating the copy of data by obfuscating sensitive elements
Which configuration of WLANs has the following flaws?
WPS
Which of the following is the safest authentication method?
Authentication using security keys
Which type of vulnerability scan mimics the work of a threat actor who has already exploited a vulnerability and compromised credentials to access the network?
Credentialed scan
Which layer of the OSI model is targeted by the threat actors for layer 2 attack?
Data link layer
Which of the following are country-specific requirements that apply to data?
Data sovereignty
Which wireless probe is designed exclusively to monitor the airwaves for RF transmissions?
Dedicated probes
Which part of the NIST Cybersecurity frameworks defines the activities needed to attain the different cybersecurity results?
Framework core
Which of the following types of hackers are strongly motivated by ideology?
Hacktivists
Which agreement specifies how confidential material will be shared between certain parties but restricted to others?
Nondisclosure agreement
You want to use different passwords for different accounts by remembering just one password. Which of the following tools fits your need?
Password vault
Which of the following is the Windows network analysis tool that checks the connection to each hop between source and destination?
Pathping
Meta is a penetration testing engineer assigned to pen test the security firm's network. So far, she cannot tunnel through the network looking for additional systems accessible through advanced privileges. What should Meta do to gain repeated and long-term access to the system in the future?
Perform backdoor installation
Which of the following accounts is the least vulnerable to cyberattacks?
Personal account
Which of the following classifications of data is least important?
Proprietary
Which of the following is a VPN protocol?
SSTP
Your enterprise network's security was breached when a non-employee connected a device to the network. In a security review meeting, you were asked to employ appropriate measures to prevent this from happening in the future while, at the same time, continuing to allow outsiders to connect to the network. Which of the following actions should you take?
Set up a network access control
Which of the following encrypts one character at a time?
Stream
Which of the following best describes artifacts?
Technology devices that may contain evidence
Which of the following only encrypts the IP packet data and leaves the header unencrypted?
Transport mode
Which of the following best describes password spraying?
Trying a common password on different user accounts
For which of the following is the encapsulating security payload (ESP) protocol applied?
Confidentiality
Ricky entered a restricted lab by scanning his finger on the fingerprint scanner outside the door. Which type of authentication credential allowed Ricky to enter the lab?
Something you are.
The mean time to recovery (MTTR) of a system is zero. What does this imply?
The system is highly resilient.
Which of the following is an improvement of UEFI over BIOS?
enhanced boot security
An enterprise's annual financial statement reported an overall profit when there was actually a loss. Which of the following risks has occurred?
Control risk
Which of the following can be a log data source for investigating a security breach?
metadata
Which of the following is a snooping malware?
Keylogger
John is appointed as a vulnerability assessment engineer in a financial organization. An audit report published by a third-party auditing firm revealed that most of the web servers have cross-site scripting and XML entity injection vulnerabilities. John has been told to perform a vulnerability assessment on these servers to verify if the audit report is valid. He is also told that he should not attempt to engage or exploit any vulnerabilities. By applying his knowledge of vulnerability assessment concepts, which type of vulnerability scanning should John use?
Credentialed
Bob is sending a message to John. Which algorithm should John use to ensure that Bob is the actual sender of the message and not anyone else?
Digital signature algorithm
Which attack creates false deauthentication management frames that appear to come from another client device, which causes the client to disconnect from AP?
Disassociation
Rob made a physical security review report of his organization in which he proposed replacing physical locks with electronic ones. Which of the following is the best justification for Rob to include in his report?
Electronic locks keep track of the accessing time and user identity.
Which of the following provides multiple forensic tools in a single interface?
FTK imager
The company that developed the office productivity software used on both static and mobile devices by your organization has audited some code and noticed a potential security issue. To address the issue, they have released and automatically scheduled an update to ensure that all users receive it. Which of the following might still be vulnerable after the patch?
Firmware
Which application intercepts user requests from the secure internal network and then processes them on behalf of the user?
Forward proxy
Which of the following trust models has only one CA signing digital certificates?
Hierarchical trust model
Which of the following is a physical security measure?
Industrial camouflage
Shaun is an external penetration testing consultant. The Chief Information Security Officer (CISO) of the organization he is working with indicated that none of the internal higher management executives should receive any kind of spear-phishing emails during Shaun's testing. Which part of the rules of engagement would cover this limitation?
Internal targets
Which of the following refers to the method by which an iOS user can access root privileges on the device?
Jailbreaking
Quinton has been asked to analyze the TTPs of an attack that recently occurred and prepare an SOP to hunt for future treats. When researching the recent attack, Quinton discovered that after penetrating the system, the threat actor moved through the network using elevated credentials. Which technique was the threat actor using to move through the network?
Lateral movement
Which cryptography method provides cryptographic solutions uniquely customized to low-power devices that need to manage resources instead of security constraints?
Lightweight cryptography
Which of the following systems combines the functions of a printer, copier, scanner, fax machine, and special-purpose computer with a CPU?
MFP
Your firewall is configured to deny all packets from the address range 192.110.20.30-192.110.20.100, but you want to allow packets from 192.168.20.73. How should you resolve this issue?
Make a force allow rule for source address 192.168.20.73.
Which devices are used as a contactless alternative to cash or a credit card payment system?
NFC
Which of the following performs a real-time lookup of a certificate status?
Online certificate status protocol (OCSP)
Identifying the attack, containing its spread, recovering, and improving the defenses can be done by which of the following?
Preparing incident response plans
A zero-day vulnerability has been found in an e-commerce website used to purchase electronics. Neither the website owner nor the general public knows about the vulnerability; it was discovered by a computer security specialist making a purchase. What should the specialist do?
Privately share their findings regarding the zero-day vulnerability with the e-commerce company.
Which of the following best describes attacks due to application vulnerabilities that trick the vulnerable application(s) into producing more executable files in the system?
Process spawning control
David, a software engineer, recently bought a brand new laptop because his enterprise follows the BYOD (bring your own device) model. David was part of a software development project where the software code was leaked before its release. Further investigation proved that a vulnerability in David's laptop caused the exposure. David insists he never used the laptop to access any network or integrate any devices, and the laptop was kept in a vault while not in use. Which of the following attack vectors was used by the threat actor?
Supply chain
Which application protocol is used to exchange cyber threat intelligence over HTTP?
TAXII
PDC Bank is working on creating an AI application that enables customers to send SMS to the AI application to allow banking activities from their registered ID. Jane, the project engineer, has taken bank customer data from the last few years from the server and is using it to train the ML to recognize and authenticate actual users and to ensure unauthorized users are barred from entering the application. Suppose the AI application has been compromised, and the reason has been identified as compromised data being used to improve the ML accuracy. What kind of attack is the PDC Bank application subjected to?
Tainted training data for ML
Frank is authorized to issue mandatory security guidelines for IoT device manufacturers in the United States. Which of the following guidelines should Frank NOT issue?
The devices should present a cost-effective solution for consumers.
Jennifer created an e-learning web application where a login form has to be filled by the user entering the application. Jennifer created an 8-byte buffer for the user name file while developing the application. One day, the application halted with denial of service. An attack on the web application due to the incorrect entry of input values in the login screen was then discovered. What caused the denial of service issue?
This is due to a buffer overflow attack.
Hassan has been asked to choose a mobile management tool that can provide a single management interface for application, content, and device management. Which of the following is the best solution?
Unified environment management (UEM) tool
In a practical test, you are given a computer with a Windows host OS. You are asked to install a guest machine with Linux OS. What should you do?
Use Type II hypervisor program
You are the security administrator in your organization and have been asked to choose a deployment method that ensures the utmost security, where the data is stored in a centralized server and can be accessed by authorized employees using their own devices. Which of the following should you choose?
Virtual desktop infrastructure (VDI)
Which of the following can be used to enforce strong credential policies for an organization?
Windows Active Directory
Which category of cybersecurity vulnerability is exploited by attackers before anyone else knows about it?
Zero day
You have been instructed to set up a system in a conference room where only trusted employees can access both the secure internal corporate network and the internet, and public users are restricted from accessing the internet from the same network. Which protocol or standard should you use?You have been instructed to set up a system in a conference room where only trusted employees can access both the secure internal corporate network and the internet, and public users are restricted from accessing the internet from the same network. Which protocol or standard should you use?
IEEE 802.1x
What is virtual desktop infrastructure?
It is the process of running a user desktop inside a VM residing on a server.
When assessing risks, you found that a customer database in your enterprise has a higher risk calculation than a product database and allocated more resources to protect the customer database. Which risk assessment was used here?
Quantitative risk assessment
Rachel has taken over as a systems administrator of Creative Network, which has a network of 300 computers in two different domains. Rachel has been instructed by the CEO to ensure all employees have access to a certain set of folders on the server. The individual workstations may have the personal data of employees in a particular folder. She was informed that there have been previous instances where employees misused the machines. What policy should Rachel be setting in individual user machines and servers?
Rachel should set the least functionality for both servers and user desktops.
In a device driver manipulation attack, which of the following changes a device driver's existing code design?
Refactoring
In WPA3, what is designed to increase security at the handshake, when keys are being exchanged, even if the password is small or weak?
SAE
Which protocol can send cryptographic confirmation that an endpoint is who it claims to be so that ARP poisoning is hindered?
SEND
Which of the following protocols can protect network equipment from unauthorized access?
SNMP
Which of the below cryptographic protocol is an encrypted alternative to the Telnet protocol used to access remote computers?
Secure shell (SSH)
