Info Tech Security Midterm
In a security review meeting, you proposed a demilitarized zone for one of your company's data centers. You were then asked to explain the objective of having a DMZ in the data centers. Which of the following should be your answer?
A DMZ will separate the secure facilities from unknown and potentially hostile outsiders.
Which of the following best describes a faraday cage?
A Faraday cage is an enclosure used to block electromagnetic fields.
Which of the following correctly differentiates between a man-in-the-middle (MITM) attack and a man-in-the-browser (MITB)?
A MITM attack occurs between two endpoints, whereas a MITB attack occurs between a browser and underlying computer.
Which of the following is a characteristic of a potentially unwanted program (PUP)?
A PUP interferes and obstructs the user with web browsing and pop-up windows.
Ian, a systems administrator, was checking systems on Monday morning when he noticed several alarms on his screen. He found many of the normal settings in his computer and programs changed, but he was sure no one had physically entered his room since Friday. If Ian did not make these changes, which of the events below is the most likely reason for the anomalies?
A backdoor was installed previously and utilized over the weekend to access the computer and the programs.
Which of the following statements correctly describes the disadvantage of a hardware-based keylogger?
A hardware-based keylogger must be physically installed and removed without detection.
Which of the following best describes a mantrap?
A mantrap is a small space with two separate sets of interlocking doors.
Which of the following is a characteristic of a vulnerability scan that is not a characteristic of a penetration test?
A vulnerability scan is usually automated.
Wilson has requested your help to suggest an encryption method that will provide the highest security against attacks. Which encryption process should you suggest?
AES
Which of the following can be used to mitigate a limitation of public sharing centers in OSINT?
AIS
Which of the following is a layer 2 attack?
ARP poisoning
What are the primary features of a security information event management (SIEM) tool?
Aggregation, correlation, event deduplication, time synchronization, and alerting
You oversee your company's physical security, and you are asked to protect their CCTV cameras. The cameras are installed along the pathway, mounted on poles. They need protection from being physically handled by potential intruders. Which of the following fencing deterrents should you use?
Anti-climb collar
ara is asked to create a controller for light sensors. When the light falls on the sensor, it needs to indicate when a particular object is moved from its original position. For this, she needs a credit card-sized motherboard with a microcontroller on it. Which option should she select?
Arduino
Which of the following is a major objective of packet analysis?
Assess and secure networks
Which cryptographic method should Susanne use to ensure that a document can be encrypted with a key and decrypted with a different key?
Asymmetric
John needs to add an algorithm for his company communication process, in which encryption uses two keys. One is the public key, and the other one is a private key. Which algorithm will be suitable to achieve this?
Asymmetric cryptographic
What is the primary goal of penetration testing?
Attempt to uncover deep vulnerabilities and then manually exploit them
Which of the following sensors help generate security alerts to physicians regarding patient health?
BAN
Which of the following best describes bash?
Bash is a command language interpreter.
Which penetration testing consultants are not given any knowledge of the network nor any elevated privileges?
Black box
Which threat actors violate computer security for personal gain?
Black hat hackers
A new e-commerce startup with global operations is looking for a method to manage its supply-chain data for production. Instead of using bar codes, scanners, paper forms, and individual databases, making the system difficult to use, which method should be used to quickly track shipments?
Blockchain
Dillip is assigned the role of a SOC developer who must build different teams under the SOC. He must build a new team that will put security defenses in place to prevent another team from penetrating the network. Which team should he build to monitor the other team's attacks and shore up security defenses as necessary?
Blue team
Japan's cybercrime control center noticed that around 200,000 Tokyo computers are infected by bots, and all these bots are remotely controlled by a single attacker. What is this attacker referred to as?
Bot herder
Jane, an IT security expert whose services are sought by XYZ Company, has recommended implementing CTR mode in the network. What is one requirement that needs to be fulfilled for computers to communicate when the CTR mode is implemented?
Both sender and receiver should have access to a counter.
Which of the following is an example of a request forgery malware?
CSRF
While Andel is logging into his email through a browser, the login window disappears. Andel attempts to log in again and is successful. Days later, he goes to log into his email, and his attempt fails. He receives a message indicating that his username and/or password are invalid. What is Andel likely a victim of?
CSRF
In which of the following mobile device connectivity methods are transmitters connected through a mobile telecommunication switching office (MTSO) that controls all of the transmitters in the cellular network and serves as the link between the cellular network and the wired telephone world?
Cellular
Sigma solutions use hash algorithms in the communications between departments while transferring confidential files. A human resource employee informed you that one of the employees' salary statements sent from her end looks tampered with and requested your help. Which of the following tasks would enable you to identify whether the file is tampered with or not, and how will you make the determination?
Check the digest of the file with the original digest. If the values are different, it can be confirmed that the file has been tampered with.
A company has its network compromised. As an expert professional, the organization has hired you to identify the probable cause of the attack and fix it. As a security professional, you have noticed the pattern of compromise is unlike anything previously seen. You are looking to find new information on vulnerabilities like the attack that occurred. Which of the following actions would help achieve this objective?
Checking the dark web
Which of the following mobile device enterprise deployment models are implemented so that employees in an organization are offered a suite of security, reliability, and durability choices that the company has already approved?
Choose your own device (CYOD)
Which attack sees an attacker attempt to determine the hash function's input strings that produce the same hash result?
Collision attack
Which type of threat actor would benefit the most from accessing your enterprise's new machine learning algorithm research and development program?
Competitors
In an interview, the interviewer introduced the following scenario: An enterprise is hosting all its computing resources on a cloud platform, and you need to identify which vulnerability is most likely to occur. Which of the following should you choose?
Configuration vulnerability
Marcus is an information security architect at a product-based IT firm. He is responsible for developing policies for the most-secure mobile device enterprise-deploying model. The company will decide the level of choice and freedom for employees. Employees are supplied company-chosen and paid-for devices that they can use for both professional and personal activities. This action is performed under which enterprise deployment model?
Corporate-owned, personally enabled (COPE)
What is the primary difference between credentialed and non-credentialed scans?
Credentialed scans use valid authentication credentials to mimic threat actors, while non-credentialed scans do not provide authentication credentials.
Blockchain relies on which cryptographic algorithm to make it computationally infeasible to try to replace a block or insert a new block of information without the approval of all entities involved?
Cryptographic hash algorithms
ABC Enterprise is a global operation. As such, it needs to send regular, confidential messages and data between offices to communicate important market information, employee decisions, financial decisions, etc., for management consideration and senior-level decision making. Since these decisions impact the local employees and global businesses, they suspect that these data may be prone to attacks from threat actors internally and externally. While one of the senior systems administrators suggested implementing steganography to achieve this objective, the IT Department head at another branch suggested implementing cryptography. The management team has now called you for expert advice to select the best method to implement in the enterprise. What should your advice be, and why?
Cryptography should be implemented because it allows information to be viewed only by authorized users and checks whether the information has been altered or changed by anybody. It also makes the information unclear, even if other users see it. Cryptography is a more advanced technology than steganography. These features make cryptography the right choice for the enterprise to implement.
During an interview, you are provided the following scenario: The enterprise that you recently joined is using the ISP DNS server to resolve domain names. You are asked which specific attack will need to be mitigated first to secure the enterprise network. Which of the following attacks should you choose?
DNS hijacking
Which specific type of attack occurs when a threat actor redirects network traffic by modifying the local host file to send legitimate traffic anywhere they choose?
DNS poisoning
Which of the following is a state of data, where data is transmitted across a network?
Data in transit
John has been appointed as a product manager at a large mobile device manufacturing company. He is designing the core features included in their flagship mobile device that will be launched during the holiday shopping season. Which of the following features should he primarily include?
Data synchronization with a remote server or separate device
You are a security expert asked to protect the webservers hosted in your building from exposure to anyone other than server admins. Which of the following physical security method should you implement to achieve this?
Demilitarized zones
Sean is an information security architect at a financial firm. As his first project, he must design and build an efficient, sure-shot, yet cost-effective solution to detect and prevent bank credit card fraud. How should Sean proceed?
Design a solution that keeps track of dates, times, locations of transactions, and geolocation of the authorized cell phone. When a user makes a purchase at a store, the bank can immediately check that the cell phone and the bank card are in the same place. If they are, the purchase is considered legitimate. But if they are not, then the payment is rejected.
Alex needs to find a method that can change a single character of plaintext into multiple characters of ciphertext. Which method should Alex use?
Diffusion
John and Sarah are working for Star Alliance. John had to send certain confidential data and messages to Sarah online. The use of which of the following will ensure that the message's sender is, in fact, John?
Digital certificate
Malik and Chris are shopping for shoes on an e-commerce website and need to enter their credit card details. Which of the following can assure them that they are using the retailer's authentic website and not an imposter's look-alike site that will steal their credit card details?
Digital certificate
hich of the following is part of the OS security configuration?
Disabling default passwords and unnecessary ports
A company has multiple CAs and intermediate CAs issuing digital certificates in different departments, with no one cross-checking their work. Which PKI trust model should the company use?
Distributed trust model
Which of the following statements about domain reputation is correct?
Domain reputation will be low if the domain is used for distributing malware or launching attacks.
Which of the following is a physical social engineering technique?
Dumpster diving
Under which of the following modes does the ciphertext depend only on the plaintext and the key, independent of the previous ciphertext blocks?
ECB
Which of following is a characteristic of electronic code book (ECB) mode?
Each block of plaintext is XORed with the previous block of ciphertext before being encrypted, making it susceptible to attacks.
What is meant by "the chain of trust" in boot security?
Each step in the boot sequence relies on the confirmation from the previous boot sequence step.
Which of the following is the most common method for delivering malware?
Which of the following is a process where a private key is split into two halves, encrypted, and stored separately for future use?
Escrow
You are a cyber forensic expert wanting to protect devices retrieved from a crime scene from being remotely wiped of evidence. Which of the following physical security equipment should you use so that inbound and outbound signals cannot be sent or received?
Faraday bags
Which of the following is physical security equipment for computer hardware?
Faraday cage
Amaya is looking for a hardware chip or integrated circuit (IC) that can be programmed by the user to carry out one or more logical operations, can be reprogrammed when needed, and can be configured by either the user or designer. Which option should Amaya select?
Field-programmable gate array (FPGA)
Which of the following is the most secure encryption solution to adopt for a Google Android mobile device?
File-based encryption
Which cookie is created by the website a user is currently browsing to store the customer's browsing preference information?
First-party cookie
Why was the BIOS framework relocated to flash memory from a complementary metal-oxide-semiconductor (CMOS) in later development?
Flash memory provides stability to the BIOS framework and makes update installation much easier than with CMOS.
Kile is assigned a role as a grey box penetration tester in the financial sector. He has to conduct a pen testing attack on all the application servers in the network. Which of the following tasks should he perform first while conducting a penetration testing attack on a network?
Footprinting
Which encryption method in BitLocker prevents attackers from accessing data by booting from another OS or placing the hard drive in another computer?
Full disk encryption
Makayla has created software for automating the accounting process at ABL Manufacturing. She completed the software development, with testing done during development at individual stages. Before putting the software into production, Mary, who is in charge of the testing software, ran the application using tools and generated a report giving the various inputs and corresponding exceptions generated by the application. What process did Mary use?
Fuzzing
You have been asked to implement a block cipher mode of operation that requires both the sender and receiver of the message to have access to a synchronous counter that adds an AAD to the transmission. Which operating block cipher mode should you use?
GCM
Which of the following sets only lists additional features of a mobile device or a computing device?
Global positioning system (GPS), microphone and/or digital camera, wireless cellular connection for voice communications, wireless personal area network interfaces such as Bluetooth or near-field-communications (NFC), removable storage media
Which of the following penetration testing consultants have limited knowledge of the network and some elevated privileges?
Gray box
Photoplethysmography uses which type of light to measure heart rate on a wearable device?
Green
While going through the network log, Sarah, a network security administrator, noticed substantial outbound network traffic. Which activity did Sarah perform?
IOC
XYZ University wants to set up a VPN network to connect to the internet and ensure that all their data is safe. They have asked you to recommend the correct communication protocol to use. Which of the following protocols should you recommend and why?
IPsec, because it authenticates that the packets received were sent from the source and ensures that no other party can view the contents. It manages the keys to ensure that they are not intercepted or used by unauthorized parties.
An unauthorized person recently accessed your enterprise network. The security team had received a call from the threat actor claiming to be a higher official. They followed the attacker's instructions to log them onto a specific webpage, leading to the exposure of enterprise network credentials. Which of the following social engineering techniques was used here?
Impersonation and phishing
What additional measure should be enacted to increase the security on a computer network after secure boot, protective measures from attacks like antimalware, and intrusion detection systems are implemented in all the computers on the network?
Implement hardening at endpoints with patch management and operating system safeguards
John is asked to design a specialized device that does not have any security features but operates on the basis of trust that assumes all other devices or users can be trusted. Which security constraint for the embedded system should John use?
Implied trust
Which of the following describes a memory leak attack?
In a memory leak attack, the threat actor takes advantage of the programming error of not freeing the memory after executing a process, taking advantage of the device's low memory conditions to attack.
Threat actors focused on financial gain often attack which of the following main target categories?
Individual users
Jordan has been asked by his organization to help them choose a mobile device communication channel for their new mobile device build. Which of the following mobile device communication channels should Jordan NOT suggest to his company?
Infrared
How can a configuration review reduce the impact of a vulnerability scan on the network's overall performance?
It ensures the scan is designed to meet its intended goals by defining scope and sensitivity levels.
Which of the following is a disadvantage of the secure boot process?
It makes third party non-vendor-approved software difficult to implement.
Kate decides to download an extension to her favorite browser to quickly store links on her spreadsheet software. While downloading the software, she ignores the opt-out check box that allows the extension to download a search toolbar. What has occurred here?
Kate has installed a potentially unwanted program (PUP).
Kia recently noticed that when she browses her favorite online shopping site, she is immediately redirected to a competitor's site. What is happening here, and what is the best option for Kia to fix this situation?
Kia must uninstall the toolbar software and the accompanying components she has recent installed on her browser.
Which of the following computing platforms is highly vulnerable to attacks?
Legacy
Terrence, an executive VP of IT at Sigma Bank, noticed that yesterday, there was a major attack on several thousands of bank employees' computers located at geographically different locations where files and data from the computers got deleted. It was also noticed that several confidential files containing customer data were deleted from the bank's server in multiple locations, and the CEO's emails were deleted from the mail server. Since the bank was compliant with cybersecurity measures, Terrence suspects an internal hand in this activity. While going through the records of all employees working in the IT security of the bank, both past and present, he notices that there is an employee, Chris, who has enough experience to launch this attack, was unhappy with his annual review last year, and had left the bank three months ago. If Terrence were able to single Chris out as the one responsible for the attack, what kind of an attack would this be?
Logic-bomb
Which of the following is a process where a key is divided into a specific number of parts and distributed to multiple people, with some of them having the same parts of the key?
M-of-N control
Max found someone is impersonating him after discovering that data sent to him was always being received by someone else in his enterprise network. He informed the network administrator about the issue. While inspecting the switch, the administrator discovered that the threat actor was another employee at the same enterprise. As a senior security consultant, which of the following attacks should you mention in the charge sheet?
MAC cloning attack
Which of the following tools allow a mobile device to be managed remotely by an organization and typically involve a server sending out management commands to mobile devices?
MDM
Walter's organization is in the beginning stages of a new project. His team is tasked with finding a tool that must have the following features, allowing it to be remotely managed by the organization: 1. It must be able to apply default device settings. 2. It must be able to approve or quarantine new mobile devices. 3. It must be able to configure emails, calendars, contacts, and Wi-Fi profile settings. 4. It must be able to detect and restrict jailbroken and rooted devices. Which tool should Walter's team suggest, and why?
MDM, because it allows remote management and over the air updates.
In an interview, you are given the following scenario: David sent a message to Tina saying, "There is no school today!" For some reason, the message showed up on Tina's device as, "Come to the school ASAP!" You (the candidate) are asked to name the type of attack that would cause this situation. Which of the following should you identify?
MITM
Which of the following is a subset of artificial intelligence?
Machine learning
A company has approached you for their product testing, and you agree to do it. First, you have to install the necessary plugins for the software through the browser, install the software, and run the software again. What procedure should you adopt to ensure that you don't compromise the browser and the computer's operating system?
Making sure that the OS's security options are deployed, run the antivirus/antispyware on the files downloaded, run the software on HSTS/HTTPS mode, and then send a secure cookie to the server.
Dan uses his personal laptop for writing the script for an upcoming high-budget, highly anticipated movie. To keep the script private, he decided not to connect his laptop to any network and updated his system with the latest virus definitions and security patches. Which of the following is Dan's laptop still vulnerable to?
Malicious USB
Which one of the following is the most appropriate explanation of photoplethysmography?
Measuring heart rate by tracking changes in green light absorption, since human blood absorbs green light
Spectrum Technologies uses SHA 256 to share confidential information. The enterprise reported a breach of confidential data by a threat actor. You are asked to verify the cause of the attack that occurred despite implementing secure cryptography in communication. Which type of attack should you consider first, and why?
Misconfiguration attack; the company should have configured a higher security hash algorithm rather than using the less-secure SHA 256.
Keily is a vulnerability assessment engineer. She is told to find surface vulnerabilities on all internet-facing web servers in the network. Which of the following are surface vulnerabilities that she should initially chase?
Missing patches, lack of OS hardening, network design flaw, lack of application hardening, weak passwords, and misconfigurations
A manager working in ABC Consulting shared a list of employees from his team who were eligible for an extra week off. Later, he claimed that he has never shared this list. Which principle or functionality of a secured communication can be used to substantiate or verify the manager's claim?
Nonrepudiation
Which feature of cryptography is used to prove a user's identity and prevent an individual from fraudulently reneging on an action?
Nonrepudiation
Simon is working in a telecom firm. Being an HOD, he was asked to suggest a lock pattern for their mobile devices with the following features: The device should have a prerecord of its user's walking and other body movement patterns, and on sensing any change in the regular movements, should be able to lock the device. Which lock pattern should Simon suggest?
On-body detection
Sheena wants to make sure that her browser activity is safe and prevent others from intercepting her data as it is transmitted over the browser. What should Sheena do to achieve this objective?
Only visit websites that are hosted over HTTPS or HSTS
Which of the following techniques is a method of passive reconnaissance?
Open Source Intelligence (OSINT)
You are a security administrator asked to create a certificate signing request (CSR) to secure your enterprise's website. Which of the following tools should you use to accomplish this?
OpenSSL
Which of the following compliance standards was introduced to provide a minimum degree of security to organizations who handle customer information such as debit card and credit card details daily?
PCIDSS
Which of the following is used to create a sequence of numbers whose output is close to a random number?
PRNG
What is an officially released software security update intended to repair a vulnerability called?
Patch
Which of the following is the advantage of penetration testing over vulnerability scanning?
Penetration testing uncovers and exploits deep vulnerabilities, while vulnerability scanning only discovers surface vulnerabilities.
Which unit is used by quantum computers, making them faster and more efficient than normal computers?
Qubit
Kainat is asked to suggest a cipher in which the entire alphabet is rotated (as in, A=N, B=O), making it difficult to identify. Which cipher should she suggest?
ROT13
What does ransomware do to an endpoint device?
Ransomware attacks the endpoint device holding it hostage by preventing it from functioning unless the user fulfills the ransom payment demanded
Fatima is responsible for conducting business transactions for XYZ Company, and she only had the stored private key. She is on leave and currently unavailable, and the organization needs to complete an urgent business transaction. Which of the following methods should enable the organization to access Fatima's private key and digital certificate?
Recovery
Which standardized framework was developed by NIST to be used as a guidance document designed to help organizations assess and manage risks to their information and systems, and are also used as a comprehensive roadmap that organizations can use to seamlessly integrate their cybersecurity?
Risk management framework (RMF)
Ronald is a software architect at MindSpace Software. He has been approached to develop a critical application for a finance company. The company has asked him to ensure that the employed coding process is secure. They have also requested that the project be completed in a few months, with a minimum version of the identified functionalities provided. The other functionalities can be developed later and added to the software while the application is live. Which development process would be ideal for Ronald to employ to achieve this objective?
Ronald can employ the SecDevOps model to meet the requirements of the client.
Which of the following digital certificates are self-signed and do not depend on the higher-level certificate authority (CA) for authentication?
Root digital certificates
Which type of malware can hide its agenda inside other processes, making it undetectable, and what is it usually used for?
Rootkit, a malware that uses the lower layers of the operating system or undocumented functions to make alterations to the operating system's processes
Sarah needs to send an email with important documents to her client. Which of the following protocols ensures that the email is secure?
S/MIME
Which of the following devices can perform cryptographic erase?
SED
A web application with an SQL server database is found to be compromised by an attacker. On examination, the email IDs of the database have been found modified. This was due to improper validation in the input fields exploited by the attacker. What is the probable attack in the above scenario?
SQL Injection
Amtel University decides to keep a record of their student data in a backup server. The administrator contacts you to identify the right command interface protocol to be used in this. Which command interface protocol should you advise?
SSH
Which of the following protocols can be used as a tool for secure network backups?
SSH
During an investigation, it was found that an attacker did the following: Intercepted the request from the user to the server and established an HTTPS connection between the attacker's computer and the server while having an unsecured HTTP connection with the user. This gave the attacker complete control over the secure webpage. Which protocol helped facilitate this attack?
SSL
Which of the following is the earliest and most general cryptographic protocol?
SSL
Which of the following terms best describes the process in which a user believes that the browser connection they are using is secure and the data sent is encrypted when in reality, the connection is insecure, and the data is sent in plaintext?
SSL stripping
In cybersecurity, a threat actor is an individual or an entity responsible for cyber incidents against the technical equipment of enterprises and users. How should you differentiate an attack by a script kiddie from that of a gray hat hacker?
Script kiddies use automated attack software created by other hackers for personal gain, whereas gray hat hackers create their own attack software to showcase vulnerabilities present in a system to the world.
What is meant by "infrastructure as code" in SecDevOps?
SecDevOps method of managing software and hardware using principles of developing code
Which of the following sets consists of only the core features of a mobile or computing device?
Small form factor, mobile operating system, wireless data network interface for internet access, app stores, local non-removable data storage
Daniel accidentally installed a vulnerable application. Which of the following system exploitations would NOT be caused by the vulnerable application?
Social engineering and phishing attacks
What is a variation of a common social engineering attack targeting a specific user?
Spear phishing
Which attack embeds malware-distributing links in instant messages?
Spim
Over the last few days, several employees in your enterprise reported seeing strange messages containing links in their company's IM account. Even though no one has clicked on the messages, they are spreading throughout the network. Which type of malicious activity is this?
Spimming
Which function in cryptography takes a string of any length as input and returns a string of any requested variable length?
Sponge
Which algorithm encrypts and decrypts data using the same key?
Symmetric cryptographic algorithm
Which of the following uses vulnerable applications to modify Microsoft registry keys?
System tampering
Which of the following protocols are used to secure HTTP?
TLS and SSL
What is a risk to data when training a machine learning (ML) application?
Tainted training data for machine learning
Which of the following correctly differentiates between Tcpreplay and Tcpdump?
Tcpdump can only be used to analyze the packets, whereas Tcpreplay can analyze, edit, and load the edited packet back to the network.
Alpha Tech started a charitable competition in which every team is asked to submit a proposal for a public health contract asking for a new viral transmission mitigation app. Which team has selected the correct option?
Team B has selected BAN.
Which of the following describes the action of an SQL injection into a database server?
The SQL injection inserts specially created structured query language statements to manipulate the database server, giving control of the database to the attacker, who can then manipulate the database.
Natasha, a network security administrator for an online travel portal, noticed that her website was the victim of an SQL injection. She decided to study the SQL queries to find which one made this vulnerability in the database, and she noticed the following SQL code piece executed on the database: 'whatever' AND email IS NULL; What has been accessed by the attacker running this SQL injection?
The attacker has determined the names of different types of fields in the database.
An attacker has changed the value of a variable used when copying files from one cloud server to a local drive. What is the most likely motive behind the attack?
The attacker is using an integer overflow attack to initiate a buffer overflow that can allow them to take over the machine.
A few computers at a high-security software firm location have been compromised. The threat actor took user videos, confidential information like bank account IDs and passwords, email IDs and passwords, and computer screenshots. These confidential data have been shared every three hours from the computers to the threat actor. Which of the following is correct, based on the evaluation of the above observation?
This is a software keylogger attack, as screenshots, video captures, and keystrokes have been routinely monitored and periodically shared.
The files in James's computer were found spreading within the device without any human action. As an engineer, you were requested to identify the problem and help James resolve it. During file code inspection, you noticed that certain types of files in the computer have similar codes. You found that the problem is coming from a set of codes that are not part of the actual files, appended at the bottom of the file. You also noticed a transfer control code written at the beginning of the files giving control to the code at the bottom of the file. Which type of infection is this a characteristic of?
This is a typical characteristic of an endpoint device infected with a file-based virus attack.
Zeda Corporation provides online training solutions to global customers. To provide e-learning solutions, it integrates with multiple vendor platforms. This ensures seamless transfer to multiple operators' solutions through sign on. Joe, an IT security administrator, noticed that a threat actor has attacked the platform and stolen the user data. The source of this vulnerability was identified as one of the integrated external applications. What type of attack is this?
This is an API attack.
Which operation is carried out by proactively searching security logs for cyber threats that have thus far gone undetected.
Threat hunting
Which of the following best describes trusted location in MS Office?
Trusted location allows you to run macros-enabled files with no security restrictions.
Which encryption is a chip on the motherboard of a computer that provides cryptographic services?
Trusted platform module
Which of the following vulnerabilities involves connecting a flash drive infected with malware to a mobile device?
USB-on-the-go (OTG)
Which of the following provides confidentiality services?
Unauthentication mode
Kelly is asked to choose a mobile management tool that provides a single management interface for all applications, content, and device management. Which of the following is the best one-step solution?
Unified environment management (UEM) tool
Alex is working for Alpha Technology as a system administrator. The enterprise's sales team uses multiple external drives, often containing confidential data, that they carry between their offices and their clients' offices. What should Alex do to ensure that data is secure if it is stolen or lost, and why?
Use encrypted USBs in the enterprise because they automatically encrypt the information and give Alex remote access to the drive to monitor and disable the user.
A vulnerability assessment engineer performed vulnerability scanning on active directory servers and discovered that the active directory server is using a lower version of Kerberos. To alert management to the risk behind using a lower version of Kerberos, he needs to explain what an attacker can do to leverage the vulnerabilities in it. Which of the following actions can the attacker perform after exploiting vulnerabilities in Kerberos?
Use privilege escalation
Maze must establish a communication channel between two data centers. After conducting a study, she came up with the idea of establishing a wired connection between them since they have to communicate in unencrypted form. Considering the security requirements, Maze proposed using an alarmed carrier PDS over a hardened carrier PDS. Why would Maze make this suggestion in her proposal?
Using a hardened carrier PDS would require someone to conduct periodic visual inspections.
Anola is the security administrator in XYZ consulting. She is asked to suggest a deployment method where the data is stored in a completely secure, centralized server and accessed by authorized employees using their own devices. Which deployment should Anola choose?
Virtual desktop infrastructure (VDI)
Juan, a cybersecurity expert, has been hired by an organization whose networks have been compromised by a malware attack. After analyzing the network systems, Juan submits a report to the company mentioning that the devices are infected with malware that uses a split infection technique on files. Which malware attack is Juan reporting?
Virus
Your enterprise experienced several technical issues over the last few days. There were multiple instances of passwords needing to be changed and other issues causing downtime. Management has started receiving voicemails regarding fraudulent activities on their accounts. While the voicemails sound authentic, the help desk concludes that they are fake. What type of malicious activity will this be considered?
Vishing
There is often confusion between vulnerability scanning and penetration testing. What is the best explanation of the difference between vulnerability scanning and penetration testing?
Vulnerability scanning is performed using an automated tool to scan a network for known vulnerability signatures. Penetration testing involves attempting to manually uncover deep vulnerabilities just as a threat actor would, and then exploiting them.
In an application development model, which of the following uses a sequential development process?
Waterfall development
Which of the following is a configuration vulnerability?
Weak encryption
William downloaded some free software to help him with photo editing. A few days later, William noticed several personal photographs were modified and posted to various social media pages with obscene comments. He also noticed that there were videos of him that were morphed and circulated on adult websites. The videos were obviously taken using his webcam. What should William do to fix his problem and prevent it from happening again in the future?
William should run an antimalware program and scan for all known RATs, then quarantine and remove the infected file(s). To prevent this in the future, he should only download software from trusted websites.
What is the inbuild application available to prevent threat actors from modifying the registry in a Windows 10 operating system?
Windows 10 tamper protection
A cybercriminal attempts to trick a computer's user into sharing their personal information by implementing content to discreetly capture user information over the actual webpage. What should the user implement to avoid this situation?
X-Frame
Which HTTP response header should be used to prevent attackers from displaying their content on a website?
X-Frame-Option
Which of the following is a standard format for digital certificates?
X.509
Your enterprise is hosting a web app that has limited security. As a security administrator, you are asked to take appropriate measures to restrict threat actors from hijacking users' sessions. Which of the following is the most appropriate action for you to take?
You should implement cryptography using OpenSSL.
A machine where the operating system runs an application on top of an operating system is called _______.
a virtual machine
In an interview, you are asked to configure a DNS server on a Linux machine. After successfully configuring the DNS server, you are asked to examine it using a client machine. After changing the nameserver of the client's machine to a newly created server, which of the following commands should you run to validate the DNS server to ensure it is working properly?
dig www.google.com
Which of the following is a third-party network analysis tool?
nmap