Cybersecurity - Final (MC)

¡Supera tus tareas y exámenes ahora con Quizwiz!

Bob would like to digitally sign a message that he is sending to Alice. What key should he use to create the digital signature?

Bob's private key

Which one of the following is an example of an attrition attack?

Brute-force password attack

In what type of attack does the attacker place more information in a memory location that is allocated for that use?

Buffer overflow

What type of attack is typically associated with the STRCPY function?

Buffer overflow

Matt wants to prevent attackers from capturing data by directly connecting to the hardware communications components of a device he is building. What should he use to make sure that communications between the processor and other chips are not vulnerable?

Bus encryption

Kathleen needs to find data contained in memory but only has an image of an offline Windows system. Where does she have the best chance of recovering the information she needs?

%SystemRoot%\MEMORY.DMP

What flag does nmap use to enable operating system identification?

-o

Angela wants to review the syslog on a Linux system. Which directory should she check to find it on most Linux distributions?

/var/log

Elaine wants to check for user logins in a Linux system. What log location should she check first?

/var/log/auth.log

Which Cisco log level is the most critical?

0

Wayne is configuring a jump box server that system administrators will connect to from their laptops. Which of the following ports should definitely not be open on the jump box?

23

What ISO standard applies to information security management controls?

27001

What is the most recent version of CVSS that is currently available?

3.1

Rick is preparing a firewall rule that will allow network traffic from external systems to a web server running the HTTPS protocol. What TCP port must he allow to pass through the firewall?

443

Alaina wants to deploy a tool that can monitor the behavior of users while correlating that behavior centrally to determine if a security incident has occurred. What type of tool should she acquire?

A UEBA tool

Ben wants to reverse-engineer a malware sample. Which of the following tools will allow him to view assembly code for the program if he only has a binary executable?

A disassembler

During an incident response process, Michelle discovers that the administrative credentials....What is this type of ticket called?

A golden ticket

Ben sets up a system that acts like a vulnerable host in order to observe attacker behavior. What type of system has he set up?

A honeypot

Frederick's organization has been informed that data must be preserved due to pending legal action. What is this type of requirement called?

A legal hold

As part of her job, Danielle sets an alarm to notify her team via email if her Windows server uses 80 percent of its memory and to send a text message if it reaches 90 percent utilization. What is this setting called?

A monitoring threshold

Jason gathers threat intelligence that tells him that an adversary his organization considers a threat likes to use USB key drops to compromise their targets. What is this an example of?

A possible attack vector

Gabby connects to a Linux web server and executes an attack that gives her access to the account that the Apache web server runs as. If her next attack is aimed at a script that runs with root privileges, what type of attack has she attempted?

A privilege escalation attack

The application that Scott is writing has a flaw that occurs when two operations are attempted at the same time, resulting in unexpected results when the two actions do not occur in the expected order. What type of flaw does the application have?

A race condition

Ric is reviewing his organization's network design and is concerned that a known flaw in the border router could let an attacker disable their Internet connectivity. Which of the following is an appropriate compensatory control?

An alternate Internet connectivity method using a different router type

Gabby wants to insert data into the response from her browser to a web application. What type of tool should she use if she wants to easily make manual changes in what her browser sends out as she interacts with the website?

An interception proxy

During her forensic copy validation process, Danielle hashed the original, cloned the image files, and received the following MD5 sums. What is likely wrong?

An unknown change or problem occured

What forensic issue might the presence of a program like CCleaner indicate?

Antiforensic activities

Bill would like to run an internal vulnerability scan on a system for PCI DSS compliance purposes. Who is authorized to complete one of these scans?

Any Qualified Individual

What is the name of the application control technology built-in to Microsoft Windows?

AppLocker

What tool can administrators use to help identify the systems present on a network prior too conducting vulnerability scans?

Asset Inventory

Susan wants to manage access based on the job titles of members of her organization's staff. What kind of access control is best suited to this requirement?

Attribute-based access control

Gavin is investigating a security incident where attackers engaged in a denial of service attack. What leg of the CIA triad did this attack target?

Availability

Vincent is responding to a security incident that compromised one of his organization's web servers. He does not believe that the attackers modified or stole any information, but they did disrupt access to the organization's website. What cybersecurity objective did this attack violate?

Availability

Avik has been asked to identify unexpected traffic on her organization's network. Which of the following is not a tecchnique she should use?

Beaconing

What term describes a system sending heartbeat traffic to a botnet command and control server?

Beaconing

What term is used to refer to connections from compromised systems to command and control servers?

Beaconing

What type of assessment is particularly useful for identifying insider threats?

Behavior

Sayed is planning to prohibit a variety of files, including games, from being installed on the Windows workstations he manages. What technology is his best option to prevent known, unwanted files from being installed or copied to machines?

Blacklisting

A coalition of Universities banded together and created a cloud computing environment that is open to all member institutions. The services provided are basis IaaS components. What term best describes this cloud model?

Community cloud

What term describes an analysis of threat information that might include details such as whether it is confirmed by multiple independent sources or has been directly confirmed?

Confidence Level

What type of tool assists with the automated validation of systems?

Configuration management

Which one of the following is not one of the five core security functions defined by the NIST cybersecurity framework?

Contain

Which one of the phases of the incident response involves primarily active undertakings designed to limit the damage that an attacker might cause?

Containment, Eradication, and Recovery

What phase of the incident response process would include measures designed to limit the damage caused by an ongoing breach?

Containment, eradication, and recovery

Authentication that uses the IP address, geographical location, and time of day to help validate the user is known as what type of authentication?

Context-based

What approach to vulnerability scanning incorporates information from agents running on the target servers?

Continuous Monitoring

Every time Susan checks code into her organization's code repository it is tested, validated, then if accepted it is immediately put into production. What is the term for this?

Continuous delivery

What two files may contain encryption keys normally stored only in memory on a Window system?

Core dumps and hibernation files

Monica discovers that an attacker posted a message in a web forum that she manages that is attacking users who visit the site. Which one of the following attack types is most likely to have occurred?

Cross-site scripting

Cindy is conducting a cybersecurity risk assessment and is considering the impact that a failure of her city's power grid might have on the organization. What type of threat is she considering?

Environmental

What Windows tool allows you to review log files?

Event Viewer

Mike is looking for information about files that were changed on a Windows endpoint system. Which of the following is least likely to contain useful information for his investigation?

Event logs

What type of data can frequently be gathered from images taken on smartphones?

Exif

Renee is responding to a security incident that resulted in the unavailability of a website critical to her company's operations. She is unsure of the amount of time and effort that it will take to recover the website. How should Renee classify the recoverability effort?

Extended

What federal law requires the use of vulnerability scanning on information systems operated by federal government agencies?

FISMA

Kevin is using a service where a cloud provider offers a platform that executes his code in response to discrete events. He is billed based on the actual resources consumed during each code execution event. What term best describes this service?

FaaS

Ian finds entries in /var/log/faillog on a Linux system. What types of events will be in the log file?

Failed login attempts

Tara recently analyzed the results of a vulnerability scan report and found that a vulnerability reported by the scanner did not exist because the system was actually patched as specified. What type of error occurred?

False Positive

Rachel recently investigated a security alert from her intrusion detection system and, after exhaustive research, determined that the alert was not the result of an intrusion. What type of error occurred?

False positive

What type of testing focuses on inserting problems into the error handling processes and paths in an application?

Fault injection

What type of network information should you capture to be able to provide a report about how much traffic systems in your network sent to remote systems?

Flow data

Which one of the following is an example of a computer security incident?

Former employee crashes a server

Tom would like to deploy consistent security settings to all of his Windows systems simultaneously. What technology can he use to achieve this goal?

GPO

What step occurs first during the attack phase of the penetration test?

Gaining Access

Which type of organization is the most likely to face a regulatory requirement to conduct vulnerability scans?

Government Agency

Joe is authorizing a document that explains to system administrators one way that they might comply with the organization's requirement to encrypt all laptops. What type of document is Joe writing?

Guideline

Which one of the following security policy framework components does not contain mandatory guidance for individuals in the organization?

Guideline

Which one of the following values for the confidentiality, integrity, or availability CVSS metric would indicate the potential for total compromise of a system?

H

What law creates cybersecurity obligations for healthcare providers and others in the health industry?

HIPAA

Organizations like Anonymous, which target governments and businesses for political reasons, are examples of what type of threat actor?

Hacktivists

What type of analysis is best suited to identify a previously unknown malware package operating on a compromised system?

Heuristic Analysis

What minimum level of impact must a system have under FISMA before the organization is required to determine what information about the system is discoverable by adversaries?

High

Gary is the system administrator for a federal agency and is responsible for a variety of information systems. Which systems must be covered by vulnerability scanning programs?

High-, Moderate-, or Low-Impact Systems

Which one of the following security controls is built in to Microsoft Windows?

Host firewall

Which cloud computing deployment model requires the use of a unifying technology platform to tie together components from different providers?

Hybrid cloud

What software component is responsible for enforcing the separation of guest systems in a virtualized infrastructure?

Hypervisor

What organization manages the global IP address space?

IANA

Which party in a federated identity service model makes assertions about identities to service providers?

IDPs

Which one of the following terms is not typically used to describe the connection of physical devices to a network?

IDS

Forensic data is most often used for what type of threat assessment data?

IOCs

What organization did the US government help create to help share knowledge between organizations in specific verticals?

ISACs

Which one of the following control models describes the five core activities associated with IT service management as service strategy, service design, service transition, service operation, and continual service improvement?

ITIL

Under the shared responsibility model, in which tier of cloud computing is the customer responsible for securing the operating system?

IaaS

In which of the following cloud categories are customers typically charged based on the number of virtual server instances dedicated to their use?

IaaS and PaaS

Ben is preparing to conduct a cybersecurity risk assessment for his organization. If he chooses to follow the standard process proposed by NIST, which of the following steps would come first?

Identity Threats

Which one of the following is not a suggested criteria for evaluating containment strategies?

Identity of attacker

Bethany is the vulnerability management specialist for a large retail organization. She completed her last PCI DSS compliance scan in March. In April, the organization upgraded their point-of-sale system, and Bethany is preparing to conduct new scans. When must she complete the new scan?

Immediately

A man-in-the-middle attack is an example of what type of threat vector?

Impersonation

What type of attack occurs when an attacker takes advantage of OAuth open redirects to take on the identity of a legitimate user?

Impersonation

Which one of the following activities is not normally conducted during the recovery validation phase?

Implement new firewall rules

During a web application test, Ben discovers that the application shows SQL code as part of an error provided to application users. What should he note in his report?

Improper error handling

What process is used to ensure that an application can handle very high numbers of concurrent users or sessions?

Load testing

While analyzing a malware injection, Joseph notes that the malware had encrypted files, thereby preventing the organization's main web application server from serving files. What type of impact has he noted?

Localized, immediate impact

Which one of the following criteria is not normally used when evaluating the appropriateness of a cybersecurity incident containment strategy?

Log records generated by the strategy

Which one of the following values for the CVSS attack complexity metric would indicate that the specified attack is the simplest to exploit?

Low

During a forensic investigation Ben asks Chris to sit with him and to sign off on the actions he has taken. What is he doing?

Maintaining chain of custody

Tony wants to check the digital signature of an email. What key does he need to verify that an email is from his friend Mal?

Mal's public key

OpenIOC uses a base set of indicators of compromise originally created and provided by which security company?

Mandiant

Carl does not have the ability to capture data from a cell phone using mobile forensic or imaging software, and the phone does not have removable storage. Fortunately, the phone was not set up with a PIN or screen lock. What is his best option to ensure he can see email and other data stored there?

Manual Access

Ben is working to classify the functional impact of an incident... How should Ben classify the functional impact of this incident according to the NIST scale? Ch. 11, 4

Medium

Kevin recently identified a new security vulnerability and computed its CVSS base score as 6.5. Which risk category would this vulnerability fall into?

Medium

Before Ben send a Word document, he uses the built-in Document Inspector to verify that the file does not contain hidden content. What is this process called?

Metadata Scrubbing

Which of the following options is the most likely used for the host listed int he dhcpd.conf entry? host db1 {option host-name "sqldb1.example.com";hardware ethernet 8a:00:83:aa:21:9ffixed address 10.1.240.10

Microsoft SQL Server

Which of the following tools does not provide real-time drive capacity monitoring for Windows?

Microsoft endpoint configuration manager

Colin would like to select a web application firewall that is open source and protects against a wide range of attacks. Which one of the following tools would be best suited to his needs?

ModSecurity

Brian is seeking to determine the appropriate impact categorization for a federal information system as he plans the vulnerability scanning controls for that system. After consulting management, he discovers that the system contains information that, if disclosed improperly, would have a serious adverse impact on the organization. How should this system be categorized?

Moderate Impact

A member of Susan's team recently fell for a phishing scam and provided his password and personal information to a scammer. What layered security approach is not an appropriate layer for Susan to implement to protect her organization from future issues?

Multitiered firewalls

Which of the following technologies is best suited to prevent wired rogue devices from connecting to a network?

NAC

Tom is reviewing a vulnerability scan report and finds that one of the servers on his network suffers from an internal IP address disclosure vulnerability. What protocol is likely in use on this network that resulted in this vulnerability?

NAT

Alfonso is connected that users might leave his organization and then share sensitive information that they retained with future employees. What security control would best protect against this risk?

NDA

What type of firewall provides the greatest degree of contextual information and can include information about users and applications in its decision-making process?

NGFW

Matt is concerned about the fact that log records from his organization contain conflicting timestamps due to unsynchronized clocks. What protocol can he use to synchronize clocks throughout the enterprise?

NTP

Advanced persistent threats are most commonly associated with which type of threat actor?

Nation-state actors

Which of the following threat actors typically has the greatest access to resources?

Nation-state actors

What tool would you use to capture IP traffic information to provide flow and volume information about a network?

Netflow

Robert's Organization has a Bring Your Own Device (BYOD) policy, and he would like to ensure that devices connected to the network under this policy have current antivirus software. What technology can best assist him with this goal?

Network Access Control

Hank is responding to a security event where the CEO of his company had her laptop stolen. The laptop was encrypted but contained sensitive information about the company's employees. How should Hank classify the information impact of this security event?

None

In which cloud computing service model does the customer share responsibility with the cloud provider for the datacenter security?

None of the above

Which of the following objectives is not one of the three main objectives that information security professionals must achieve to protect their organizations against cybersecurity threats?

Nonrepudiation

What process uses information such as the way that a system's TCP stack responds to queries, what TCP options it supports, and the initial window size it uses?

OS Detection

Which of the following is not a common attack against Kerberos?

Open redirect-based attacks

What type of firewall rule error occurs when a service is decommissioned but the related firewall rules are not removed?

Orphaned rule

Kristen wants to implement a code review but has a distributed team that works at various times during the day..... What type of review process will work best for her needs?

Over-the-shoulder

What compliance obligation applies to merchants and service providers who work with credit card information?

PCI DSS

Which one of the CVSS metrics would contain information about the number of times that an attacker must successfully authenticate to execute an attack?

PR

Chris is reviewing NetFlow logs while monitoring for systems that are participating in a botnet. Which of the following types of data will he not be able to see in his NetFlow records?

Packet payload

Gina gained access to a client's AWS account during a penetration test. She would like to determine what level of access she had to the account. Which of the following tools would best meet her need?

Pacu

Precompiled SQL statements that only require variables to be input are an example of what type of application security control?

Parameterized queries

Shelly is writing a document that describes the steps that incident response teams will follow upon first notice of a potential incident. What type of document is she creating?

Procedure

Which one of the following elements is not normally found in an incident response policy?

Procedures for rebuilding systems

Vic is planning a redesign of his organization's firewall strategy and is planning to issue an RFP for a firewall vendor. Which one of the following vendors would not be able to meet Vic's needs?

Proofpoint

Karen is responding to a security incident that resulted from an intruder stealing files from a government agency. Those files contained unencrypted information about protected critical infrastructure. How should Karen rate the information impact of this loss?

Proprietary breach

Using TLS to protect application traffic helps satisfy which of the OWASP best practices?

Protect data

Tony purchases virtual machines from Microsoft Azure and uses them exclusively for use by his organization. What model of cloud computing is this?

Public cloud

Tonya is configuring vulnerability scans for a system that is subject to the PCI DSS compliance standard. What is the minimum frequency with which she must conduct scans?

Quarterly

When performing 802.1x authentication, what protocol does thee authenticator use to communicate with the authentication server?

RADIUS

Which format does dd produce files in while disk imaging?

RAW

Kathleen wants to build a public API for a modern service-oriented architecture. What model is likely her best choice?

REST

Renee is configuring her vulnerabilty management solution to perform credentialed scans of her network. What type of account should she provide to the scanner?

Read-Only

Barry is participating in a cybersecurity wargame exercise. His role is to attempt to break into adversary systems. What team is he on?

Red Team

You notice a high number of SQL injection attacks against a web application run by your organization, and you install a web application firewall to block many of these attacks before they reach the server. How have you altered the severity of this risk?

Reduced the probability

Which of the following is not a common DNS anti-harvesting technique?

Registering Manually.

After a major patch is released for the web application that he is responsible for, Sam proceeds to run his web application security scanner against the web application to verify that it is still secure. What is the term for the process Sam is conducting?

Regression testing

After observing the attacker, Alice decides to remove the Internet connection entirely, leaving the systems running but inaccessible from outside the quarantine VLAN. What strategy is she now pursuing?

Removal

Jen identified a missing patch on a windows server that might allow an attacker to gain remote control of the system. After consulting with her manager, she applied the patch. From a risk management perspective, what has she done?

Removed the vulnerability

Which of the following activities is not part of the vulnerability management life cycle?

Reporting

Amanda would like to run a security configuration scan of her Microsoft Azure cloud environment. Which one of the following tools would be most appropriate for her needs?

ScoutSuite

Which type of Windows log is most likely to contain information about a file being deleted?

Security Logs

Alice is responding to a cybersecurity incident and notices a system that she suspects is compromised. She places this system on a quarantine VLAN with limited access to other networked systems. What containment strategy is Alice pursuing?

Segmentation

What containment strategy moves compromised systems to a separate VLAN attached to the enterprise network?

Segmentation

Ben's successful attack on an authenticated user required him to duplicate the cookies that the web application put in place to identify the legitimate user. What type of attack did Ben conduct?

Session hijacking

Which of the following conditions is not likely to trigger an alert during an automated cloud security assessment?

Sharing of API keys among different developers

Which one of the following is not a common use of formal incident reports?

Sharing with other organizations

How can Jim most effectively locate a wireless rogue access point that is causing complaints from employees in his building?

Signal strength and triangulation

What type of malware prevention is most effective against known viruses?

Signature detection

File carving is used to find file remnants found in clusters on disks that have been only partially rewritten by new files. What is the technical term for where these files are found?

Slack

Which one of the following is not an example of a vulnerability scanning tool?

Snort

During an information gathering exercise, Chris is asked to find out detailed personal information about his target's employees. What is frequently the best place to find this information?

Social Media

Kevin is reviewing netflow records from his network. Which one of the following pieces of information would those records not contain?

Source MAC address

During testing, Tiffany slowly increases the number of connections to an application until it fails. What is she doing?

Stress testing

Juan is configuring a new device that will join his organization's wireless network. The wireless network uses 802.1x authentication. What type of agent must be running on the device for it to join this network?

Supplicant

What is the piece of software running on a device that enables it to connect to a NAC-protected network?

Supplicant

Barry placed all of his organization's credit card processing systems on an isolated network dedicated to card processing. He has implemented appropriate segmentation controls to limit the scope of PCI DSS to those systems through the use of VLANs and firewalls. When Barry goes to conduct vulnerability scans for PCI DSS compliance purposes, what systems must he scan?

Systems on the Isolated Network

Cyn wants to send threat information via a standardized protocol specifically designed to exchange cyberthreat information. What should she choose?

TAXII

Beth would like to identify the processes running on her system that have active network connections. Which tool can she use?

TCP View

Betty is selecting a transport encryption protocol for use in a new public website she is creating. Which protocol should be the best choice?

TLS 1.1

What term describes a chip that is built into a computer that stores encryption keys specific to the system that is used for hardware authentication?

TPM

Which one of the following protocols should never be used on a public network?

Telnet

Selah believes that an organization she is penetration testing may have exposed information about their systems on their website in the past. What site might help her find an older copy of their website?

The Internet Archive

While reviewing a Wireshark traffic capture, Mike discovers the following information. What does he know about the user's device based on this TCP stream?

The device is a Samsung SM-N95OU

Michelle is analyzing a Wireshark traffic capture, and follows the TCP stream for a TIFF file download. What concern should she raise from the information displayed in the stream viewer?

The file is an executable

Cameron builds a malware signature using a hash of the binary that he found on an infected system. What problem is he likely to encounter with modern malware when he tries to match hashes with other infected systems?

The malware may be polymorphic

What can the MAC address of a rogue device tell you?

The manufacturer of the device

While Susan is monitoring a router via network flows, she sees a sudden drop in network traffic levels to zero, and the traffic chart flows a flat line. What has likely happened?

The monitored link failed

Which one of the following parties is not commonly the target of external communications during an incident?

The perpetrator

Jennifer wants to preform memory analysis and forensics for Windows, MacOS, and Linux systems. Which of the following is best suited to her needs?

The volatility frameork

STRIDE, PASTA, and LINDDUN are all examples of what?

Threat classification tools

What drove the creation of ISACs in the United States?

Threat information sharing for infrastructure owners

Which of the following activities follows threat data analysis in the threat intelligence cycle?

Threat intelligence dissemination

Grace is the CSIRT team leader for a business unit within NASA, a federal agency. What is the minimum amount of time that Grace must retain incident handling records?

Three years

While studying an organization's risk management process under the NIST cybersecurity framework, Rob determines that the organization adapts its cybersecurity practices based on lessons learned and predictive indicators derived from previous and current cybersecurity activities. What tier should he assign based on this measure?

Tier 4

Which one of the following data protection techniques is reversible when conducted property?

Tokenization

Which one of the following US government classification levels requires the highest degree of security control?

Top Secret

What command-line tool can be used to determine the path that traffic takes to a remote system?

Traceroute

Charles is reviewing flow logs for his organization and notices that traffic has seen a 20 percent increase on the second Thursday of each month, after which the traffic returns to normal. What type of analysis is Charles conducting?

Trend Analysis

James wants to monitor a Linux system's filesystem for unauthorized changes. What open source tool can he use to perform this task?

Tripwire

Which one of the following is a file integrity monitoring tool?

Tripwire

Gabby is designing a multifactor authentication system for her company... How many distinct factors will she have implemented when she is done?

Two

What process checks to ensure that functionality meets customer needs?

UAT

What monitoring technique focuses on the behavior of end users?

UEBA

Which of the following is not a potential issue with live imaging of a system?

Unallocated apace will be captures

Which of the following options is not a valid way to check the status of a service in Windows?

Use service --status at the command line

Which of the following is not one of the three vital statistics of endpoints?

User account activity

Which one of the following is not an example of infrastructure as code?

Using a cloud provider's web interface to provision resources

What technique should network administrators use on switches to limit the exposure of sensitive network traffic?

VLAN pruning

In what type of attack does the attacker seek to gain access to resources assigned to a different virtual machine?

VM escape

Tommy is assessing the security of several database servers in his datacenter and realizes that one of them is missing a critical Oracle security patch. What type of situation has Tommy detected?

Vulnerability

Which of the following metrics is not included in the calculation of the CVSS exploitability score?

Vulnerability Age

Kevin would like to implement a specialized firewall that can protect against SQL ijection, cross-site scripting, and similar attacks. What technology should he choose?

WAF

A cross-site scripting attack is an example of what type of threat vector?

Web

Alex wants to prohibit software that is not expressly allowed by his organization's desktop management team from being installed on workstations. What type of tool should he use?

Whitelisting

Fred wants to ensure that only software that has been preapproved runs on workstations he manages. What solution will best fit this need?

Whitelisting

Which lookup tool provides information about a domain's registrar and physical location?

Whois

Which one of the following operating systems should be avoided on production networks?

Windows Server 2003

Which one of the following tools is a protocol analyzer?

Wireshark

What language is STIX based on?

XML

What method used to replicate DNS information between DNS servers can also be used to gather large amounts of information about an organization's systems?

Zone Transfer

What technique is being used in this command? dig axfr @dns-server example.com

Zone Transfer

What method is used to replicate DNS information for DNS servers but is also a tempting exploit target for attackers?

Zone Transfers

What security control can be used to clearly communicate to users the level of protection required for different data types?

classification policies

What type of security policy often serves as a backstop for issues not addressed in other policies?

code of conduct

During an incident response, what is the highest priority of first responders?

containing the damage

Tamara is a cybersecurity analyst for a private business that is suffering a security breach. She believes the attackers have compromised a database containing sensitive information. Which one of the following activities should be Tamara's first priority?

containment

Which one of the following statements is not true about compensating controls under PCI DSS?

controls used to fulfill one PCI DSS requirement may be used to compensate for the absence of a control needed to meet another requirement

Which one of the following is not a common use of the NIST cybersecurity framework?

create specific technology requirements for an organization

A US company stores data in an EU data center and finds that it is now subject to the requirements of GDPR. This is an example of

data sovereignty

Joe would like to determine the appropriate disposition of a flash drive used to gather highly sensitive evidence during an incident response effort. He does not need to reuse the drive but wants to return it to its owner, an outside contractor. What is the appropriate disposition?

destroy

Which of the following Linux commands will show you how much disk space is in use?

df

Server logs are an example of _____ evidence.

documentary

What incident response activity focuses on removing any artifacts of the incident that may remain on the organization's network?

eradication

During what phase of continuous security monitoring does the organization define metrics?

establish

Which component of a syslog message contains the timestamp?

header

Cameron wants to be able to detect a denial-of-service attack against his web server. Which of the following tools should he avoid?

iPerf

Which one of the following is not typically found in a cybersecurity incident report?

identity of the attacker

Which one of the following tools does not provide useful information for DNS harvesting?

ifconfig

Chris wants to decrease the threat of malicious email links in email. What technique can he use to decrease their likelihood of success without having a significant business impact?

implement DNS blackholing using a DNS reputation service

Alice confers with other team members and decides that even allowing limited access to other systems is an unacceptable risk and decides instead to prevent the quarantine VLAN from accessing any other systems by putting firewall rules in place that limit access to other enterprise systems. The attacker can still control the system to allow Alice to continue monitoring the incident. What strategy is she now pursuing?

isolation

Darren is updating the organization's risk management process. What type of control is Darren creating?

managerial

Which evidence source should be collected first when considering the order of volatility?

memory contents

Sondra determines that an attacker has gained access to a server containing critical business files and wishes to ensure that the attacker cannot delete those files. Which one of the following strategies would meet Sondra's goal?

none of the above

What Linux file permissions group is used to describe the permissions assigned to any user of the system?

o

What type of investigation would typically be launched in response to a report of high network latency?

operational

Three of these choices are data elements found in NetFlow data. Which is not?

packet contents

What three options are most likely to be used to handle a memory leak?

patching, service restarts, and system reboots

What Windows tool provides detailed information including information about USB host controllers, memory usage, and disk transfers?

perfmon

Which one of the following documents must normally be approved by the CEO or similarly high-level executive?

policy

Greg recently conducted an assessment of his organization's security controls and discovered a potential gap: the organization does not use full-disk encryption on laptops. What type of control gap exists in this case?

preventive

During what phase of ediscovery does an organization share information with the other side?

production

Lynda is disposing of a drive containing sensitive information that was collected during the response to a cybersecurity incident. The information is categorized as a high security risk and she wishes to reuse the media during a future incident. What is the appropriate disposition for this information?

purge

Asa believes that her organization is taking data collected from customers for technical support and using it for marketing without their permission. What principle is most likely being violated?

purpose limitation

Which one of the following data elements would not normally be included in an evidence log?

record of handling

Ben is responding to a security incident and determines that the attacker is using systems on Ben's network to attack a third party. Which one of the following containment approaches will prevent Ben's systems from being used in this manner?

removal

Which one of the following would not normally be found in an organizations information security policy?

requirement to use AES-256 encryption

Which one of the following is not a purging activity?

resetting to factory state

Which one of the following pieces of information is most critical to conducting a solid incident recovery effort?

root cause of the attack

Which one of the following activities does CompTIA classify as part of the recovery validation effort?

scanning

What law governs the financial records of publicly traded companies?

sox

Allan is developing a document that lists the acceptable mechanisms for securely obtaining remote administrative access to servers in his organization. What type of document is Allan writing?

standard

Which of the following issues makes both cloud and virtualized environments more difficult to perform forensics on?

systems mat be ephemeral

Susan needs to capture network traffic from a Linux server that does not use a GUI. What packet capture utility is found on many Linux systems and works from the command line?

tcpdump

Tina is creating a set of firewall rules designed to block denial-of-service attacks from entering her organization's network. What type of control is Tina designing?

technical control

Juan wants to see a list of processes along with their CPU utilization in an interactive format. What built-in Linux tool should he use?

top

Ian wants to view all of the data about current memory consumption on his Linux system but wants to be able to read it one page at a time. Which of the following commands will allow him to do so?

top | more

SIEMs correlate security information received from other devices.

true

What DLP technique tags sensitive content and then watches for those tags in data leaving the organization?

watermarking

What type of technology prevents a forensic examiner from accidentally corrupting evidence while creating an image of a disk?

write blocker

What command is used to apply operating system updates on some Linux distributions?

yum

Which one of the following is not an objective of the containment, eradication, and recovery phase of incident response?

Detect an Incident in progress

Charlene executes the following command against the file shown. What entries will it return? grep -v error /var/log/boot.log

All lines without the string "error" in them

Jason has user rights on his Linux workstation, but he wants to read his department's financial reports,....What type of attack is this?

Privilege escalation

The Dirty COW attack is an example of what type of vulnerability?

Privilege escalation

Jeff is investigating a system compromise and knows that the first event was reported on October 5th. What forensic tool capability should he use to map other events found in logs and files to this date?

A timeline

Ben works with a team that includes a dozen security analysts....What type of system could he implement to ensure that releases follow the proper testing and implementation process?

A workflow orchestration system

Alice wants to copy a drive without any chance of it being modified by the copying process. What type of device should she use to ensure that this does not happen during her data acquisition process?

A write blocker

Megan is trying to prevent impersonation attacks from impacting her company but receives a "No DMARC record found" error when she checks a frequent business partner's DNS information. What do they need to do to enable DMARC? Ch. 10, 17

All of the above

Sarah would like to run an external vulnerability scan on a system for PCI DSS compliance purposes. Who is authorized to complete one of these scans?

An Approved Scanning Vendor

Angela is concerned about attackers enumerating her organization's LDAP directory. What LDAP control should she recommend to help limit the impact of this type of data gathering?

ACLs

Which tool is not commonly used to generate the hash of a forensic copy?

AES

What type of credential is commonly used to restrict access to an API?

API key

Brian is selecting a CASB for his organization and he would like to use an approach that interacts with the cloud provider directly. Which CASB approach is most appropriate for his needs?

API-based CASB

Gabby wants to select a threat framework for her organization, and identifying threat actor tactics in a standardized way is an important part of her selection process. Which threat model would be her best choice?

ATT&CK

What router technology can be used to perform basic firewall functionality?

Access control lists

Which of the following technologies is NTLM associated with?

Active Directory

During passive intelligence gathering, you are able to run netstat on a workstation located at your target's headquarters. What information would you not be able to find using netstat on a Windows system?

Active IPX Connections

Which one of the following categories of threat requires that cybersecurity analysts consider the capability, intent, and targeting of the threat source?

Adversarial

Alex is conducting a forensic examination of a Window system and wants to determine if an application was installed. Where can he find the Windows installer log files for a user named Jim?

C:\Windows\Jim\AppData\Local\Temp

Robert is finishing a draft of a proposed incident response policy for his organization. Who would be the most appropriate person to sign the policy?

CEO

Which one of the following individuals would not normally be found on the incident response team?

CEO

Jason is writing a report about a potential security vulnerability in a software product and wishes to use standardized product names to ensure that other security analysts understand the report. Which SCAP component can Jason turn to for assistance?

CPE

Which one of the following would not commonly be available as an IaaS service offering?

CRM

Jessica is reading reports from vulnerability scans run by different parts of her organization using different products. She is responsible for assigning remediation resources and is having difficulty prioritizing issues from different sources. What SCAP component can help Jessica with this task?

CVSS

Which one of the following statements about cloud computing is incorrect?

Cloud computing customers provision resources through the service provider's sales team

Renee is configuring her organization's email servers and would like to communicate security policies to other email servers about how they should handle email from her domain. Which protocol would best meet her needs?

DMARC

Susan wants to use an email security protocol to determine the authenticity of the email. Which of the following options will ensure that her organization's email server can determine if it should accept email from a sender?

DMARC

Under the shared responsibility model, which component always remains the responsibility of the customer, regardless of the cloud service model used?

Data

Tim has assigned an analyst to add third-party.......What is the analyst doing? Chapter 10 number 10

Data enrichment

Which one of the following policies would typically answer questions about when an organization should destroy records?

Data retention policy

Which one of the following is not a common source of information that may be correlated with vulnerability scan results?

Database tables

Which one of the following services is not an example of FaaS computing?

DeepLens

Which of the following measures is not commonly used to assess threat intelligence?

Detail

During his investigation, Jeff, a certified forensic examiner, is provided with a drive image created by an IT staff member and is asked to add it to his forensic case. What is the most important issue that Jeff could encounter if the case goes to court and his procedures are questioned?

Inability to certify chain of custody

Ben's organization uses an IP reputation service to block outbound access to all site that are flagged with a negative reputation score. What issue could this cause?

Inadvertent blocking of sites due to false positives

Which one of the following statements about incline CASB is incorrect?

Incline CASB solutions can monitor activity but cannot actively enforce policy

Which one of the following conditions would not result in a certificate warning during a vulnerability scan of a web server?

Inclusion of a public encryption key

Which one of the following is a characteristic of DevOps approaches to technology?

Increasing the frequency of application releases

Who is the best facilitator for a post-incident lessons-learned session?

Independent facilitator

Who is the most effective person to lead a lessons learned review?

Independent facilitator

What phase of the cyber kill chain includes creation of persistent backdoor access for attackers?

Installation

What common criticism is leveled at the cyber kill chain?

It includes actions outside the defended network

Susan needs to explain what a jump box is to a member of her team. What should she tell them?

It is a system used to access and manage systems or devices in another security zone.

What toolkit enables attackers to easily automate evil twin attacks?

KARMA

Where do published vulnerabilities fit in the Johari window?

Known to others/known to us

Which of the following technologies is not a shared authentication technology?

LDAP

Jeff is investigating a system that is running malware that he believes encrypts its data on the drive. What process should he use to have the best chance of viewing that data in an unencrypted form?

Live imaging

The 2013 Yahoo breach resulted in almost 1 billion MD5 hashed passwords being exposed. What user behavior creates the most danger when this type of breach occurs?

Password reuse

Which of the following is not a common technique used to defend against command and control (C2) capabilities deployed by attackers?

Patching against zero-day attacks

Which one of the following is an example of an operational security control?

Penetration Tests

Charles is worried about users conducting SQL injection attacks. Which of the following solutions will best address his concerns?

Performing user input validation

Chris wants to use an active monitoring approach to test his network. Which of the following techniques is appropriate?

Pinging remote systems

During what phase of penetration test should the testers obtain written authorization to conduct the test?

Planning

Which of the following is not a reason that penetration testers often perform packet capture while conducting port and vulnerability scanning?

Plausible Deniability

Tommy is the CSIRT team leader....What document is most likely to contain step-by-step instructions that he might follow in the early hours of the response effort? Ch. 11, 19

Playbook

Which one of the following document types would outline the authority of a CSIRT responding to a security incident?

Policy

Michelle has a security token that her company issues her. What type of authentication factor does she have?

Possession

During what phase of the incident response process would an organization implement defenses designed to reduce the likelihood of a security incident?

Preparation

Jim was originally hired into the helpdesk at his current employer but has since then moved into finance....What is this issue called?

Privilege creep

Chris is in charge of his organization's Windows security standard, including their Windows 7 security standard, and has recently decommissioned the organization's last Windows 7 system. What is the next step in his security standard's life cycle?

Retiring the Windows 7 standard

Which of the following methods is not an effective method for preventing brute-force password guessing attacks via login portals?

Returning an HTTP error

Susan wants to start performing intelligence gathering. Which of the following options is frequently conducted in the requirements gathering stage?

Review of security breaches or compromises your organization has faced

During a Fagan code inspection, which process can redirect to the planning stage?

Rework

What term describes an organization's willingness to tolerate risk in their comping environment?

Risk Appetite

Paul recently completed a risk assessment and determined that his network was vulnerable to hackers connecting to open ports on servers. He implemented a network firewall to reduce the likelihood of a successful attack. What risk management strategy did Paul choose to pursue?

Risk Mitigation

What security design is best suited to protect authentication and authorization for a network that uses TACACS+?

Route management traffic over a dedicated network

Ryan is planning to conduct a vulnerability scan of a business critical system using dangerous plug-ins. What would be the best approach for the initial scan?

Run the Scan in a Test Environment

Alan is responsible for developing his organization's detection and analysis capabilities... What type of system is best suited to meet Alan's security objective? Ch. 11, 3

SIEM

Which of the following is not a reason to avoid using SMS as a second factor for authentication?

SMS cannot send unique tokens

What protocol is used to transport email between servers?

SMTP

Sofia suspects that a system in her datacenter may be sending beaconing traffic to a remote system. Which of the following is not a useful tool to help verify her suspicions?

SNMP

What are SNMP alert messages called?

SNMP traps

What security technology best assists with the automation of security workflows?

SOAR

What NIST publication contains guidance on cybersecurity incident handling?

SP 800-61

What language can you use to query logs that are stored in a relational database?

SQL

Alan is reviewing web server logs after an attack and finds many records that contain semicolons and apostrophes in queries from end users. What type of attack should he suspect?

SQL injection

Helen designed a new payroll system that she offers to her customers. She hosts the payroll system in AWS and her customers access it through the web. What tier of cloud computing best describes Helen's service?

SaaS

Which one of the following tools may be used to isolate an attacker so that they may not cause damage to production systems but may still be observed by cybersecurity analysts?

Sandbox

Which of the following techniques might be used to automatically detect and block malicious software that does not match known malware signatures?

Sandboxing

Susan's team has been writing code for a major project for a year and recently released their third version of the code....What type of tool should Susan implement to help avoid this issue in the future?

Source control management

Which one of the following factors is least likely to impact vulnerability scanning schedules?

Staff Availability

Adam is conducting software testing by reviewing the source code of the application. What type of code testing is Adam conducting?

Static code analysis

Chris is responsible for monitoring his organization's file shares and security and has discovered that employees are consistently retaining access to files after they change positions. Where should he focus his efforts if his organization's account life cycle matches the following?

Step 3


Conjuntos de estudio relacionados

ENDOCRINE PROBLEMS, ACUTE & CHRONIC KIDNEY DISEASE

View Set

Environmental Science 2:1-10 Test Review

View Set

CHAPTER 4: Civil Liberties: Protecting Individual Rights

View Set

Chapter 2 Anatomy and Physiology

View Set

BIOL 25 Lecture 3 (Themes- Classification)

View Set