ITS Cybersecurity Practice Exam

Warning Information Success audit Error Failure audit

A storage device runs low on free space. A network driver loads successfully. A user logs into the system. A service fails to load during startup. A user unsuccessfully tries to access a network drive.

The BYOD policy at your company requires the strongest encryption standard for guest access to your wireless networks. When scanning the guest device, which encryption method should be verified as enabled?

AES

An attacker on the local network is forwarding packets that associate the MAC address of the attacker's computer with the IP address of a legitimate server. Which type of attack is taking place?

ARP Spoofing

Which symmetric encryption algorithm would provide the strongest data protection?

Advanced Encryption Standard (AES)

You discover malware that has been collecting data and forwarding it to another server in a different country for several months. Which type of attack is this?

Advanced persistent threat

For each statement, select Yes if the statement is a valid reason to implement security techniques to protect or hide IP addresses from a hacker or No if the statement is not a valid reason for protecting or hiding an IP Address.

An IP address uniquely identifies a device on the network or the internet. Yes IP addresses are only used internally and must not be exposed outside of your network. No IPv4 addresses are outdated and no longer supported. No

What are the two classes of encryption algorithms? (Choose 2.)

Asymmetric Symmetric

Which term refers to the combined sum of all potential threat vectors in defense-in-depth security?

Attack surface

Which term describes a pathway that is used to illegally access a computer system?

Attack vector

An independent examination of records and activities to determine if controls exist to ensure compliance with established security policies. Documentation which provides a high degree of confidence that adequate network and data security measures are in place. Processes and procedures to evaluate the security of an entire system or in response to a single event. Real-time and ongoing awareness of activity on the network and the attached devices in order to look for anomalies.

Audit process Information assurance Security assessment System monitoring

What are the three components of the AAA concept in cybersecurity? (Choose 3.)

Authorization Accounting Authentication

A major power surge occurs in the middle of making authorized changes to the company payroll server which results in equipment failure. The equipment is replaced and the data is restored from a previous, good backup. Which part of the CIA Triad was preserved?

Availability

Which Windows tool or feature can an administrator use to ensure that the data on employee laptops is secure in the event of theft or loss?

BitLocker

Which three characteristics describe both IDS and IPS devices? (Choose 3.)

Both compare traffic to a database of known malicious activity. Both devices use signatures to detect malicious traffic. Both use sensors to read network traffic.

Which type of incident response plan is broad and specifies how to keep critical business functions running in the event of a disaster?

Business Continuity Plan

You are configuring an access control list that must permit secure shell access to a server with IP address 10.0.0.1 from the 172.17.1.128/28 network. All other IP traffic to the host must be blocked. In addition, only web traffic is permitted to other hosts on the network. To meet these requirements, in what order should you enter the following access list entries? A) access-list 110 deny ip any any B) access-list 110 deny ip any host 10.0.0.1 C) access-list 110 permit tcp 172.17.1.128 0.0.0.15 host 10.0.0.1 eq 22 D) access-list 110 permit tcp any any eq 80

CBDA

Which term describes the process for ensuring that evidence has not been altered or fabricated after it was collected?

Chain of custody

Your team needs to update the preventive disaster recovery controls that are used in your organization. What should you do?

Conduct end-user security training.

Which part of the ClA Triad is exploited when shoulder surfing occurs?

Confidentiality

You receive an email from your teacher that has a link to a class poll for a pizza party. You click the link which takes you to the school portal to log in. Later, you discover this was a phishing email and your credentials were stolen. Which part of the CIA Triad was compromised in this attack?

Confidentiality

In which order should you collect digital evidence from a computer system?

Contents of RAM, Contents of Fixed Disk, Archived Backup

An attacker has connected a laptop to a wireless network and attempts to lease all available IP addresses from the DHCP server. Which type of attack is occurring?

DHCP Starvation

Which attack involves an attacker setting up a rogue server on the network which provides network hosts with incorrect IP address configuration information?

DHCP spoofing

Which technology allows users to access an untrusted network without compromising the internal network?

DMZ

Which type of attack occurs when an attacker compromises a company's server so that it reroutes a specific domain name to a fraudulent website?

DNS Spoofing

Which two states of data domains would require encryption and hashing to secure the data? (Choose 2.)

Data at rest Data in transit

In which phase of the NIST Incident Response Life Cycle do you investigate network intrusion detection sensor alerts?

Detection & Analysis Phase

A fire occurred in the data center of your organization. Which document will security staff consult after the fire?

Disaster Recovery Plan

Employees in the finance department are reporting slow traffic and poor performance on an internal webserver. As a junior cybersecurity analyst, you review the output of some event logs and packet captures and notice numerous packets from the same IP address are flooding the network. What should you do first?

Escalate the issue to a more senior analyst for further investigation

Which compliance act provides a framework for US federal agencies and contractors to adhere to in order to protect their data?

FISMA

Which network intelligence organization maintains a risk assessment tool that assigns a numeric score to describe the severity of a vulnerability?

Forum of Incident Response and Security Teams (FIRST)

A company manages the personal data of citizens from several Eastern Union (EU) countries. Which compliance act must they adhere to when investigating security incidents involving EU citizens?

GDPR

Which compliance act must a hospital located in the U.S. adhere to when investigating security incidents involving patients' personal medical information?

HIPAA

An attacker has overwhelmed a server by sending more GET requests than the server can process. This results in a successful DoS attack. Which type of attack has occurred?

HTTP flooding

Which two communication protocols use encryption to secure data in transit? (Choose 2.)

HTTPS SSH

Which type of attack substitutes a source IP address to impersonate a legitimate computer system?

IP Spoofing

When setting up a home network, which security benefit does SSID cloaking provide?

It requires the SSID to be manually configured.

Condition should be corrected immediately. An error may occur if the situation is not remedied. Unusual event but not an error. Normal operation. Situation requires no intervention.

Level 1 (Alert) Level 4 (Warning) Level 5 (Notice) Level 6 (Informational)

You are reviewing Windows security logs and notice a series of suspicious failed login attempts against the Administrator user. You believe these attempts might be from a brute force attack. Which password policy should you review and modify to protect the Windows systems from this attack?

Limit the number of login retries.

A company gives each employee a mobile tablet device to work from home. The company security policy specifies all endpoint computing devices be assigned a unique identifier so the device can be tracked. What would help the company remain compliant with the security policy?

MDM software

Which framework provides a knowledge base for the tactics, techniques, and procedures used by adversaries from real-world observations?

MITRE ATT&CK

Which kind of attack intercepts and alters data sent between two hosts?

Man-in-the-middle

Which network penetration tool is used t0 exploit an asset to determine it it is vulnerable

Metasploit

A cybersecurity technician needs to ensure that remote workers who have limited bandwidth can download critical patches and security updates for Windows but not feature updates. Which Windows feature will allow for this?

Metered connections

Your company has a DoS vulnerability. Which security process reduces the likelihood of a DoS attack?

Mitigation

A technician needs to identity the unsigned drivers that are installed on the system. Which three native Windows 10 tools will accomplish this task? (Choose 3.)

Msinfo32 Sigverif Driverquery

Which technology should a company use to enforce corporate policies on BYOD devices connecting to the network?

NAC

Enforcing policies for users and devices joining the network. Blocking malicious traffic from entering the private network. Securing traffic flows over an unsecured network.

NAC Firewall VPN

You are hired by a company to perform a penetration test. You begin by conducting reconnaissance and gathering information about the company's internet domain. Which command-line utility should you use to determine the public IP addresses that are mapped to the company's domain name?

Nslookup

What is used to locate potential vulnerabilities in a computer system?

Penetration testing

_____ is used to find vulnerabilities within a computer system.

Penetration testing

You are a junior cybersecurity analyst. An employee reports to you that her laptop was stolen. For which three reasons should you escalate this event to the Computer Security Incident Response Team (CSIRT)? (Choose 3.)

Potential network disruption or denial of service Exposure of sensitive or confidential information Unauthorized use of resources

Establish the incident response team. Determine if an incident has occurred. Validate the IP address of the attacking host. Hold a lessons learned meeting.

Preparation Phase Detection & Analysis Phase Containment, Eradication, and Recovery Phase Post-Incident Activity Phase

You are implementing an 802.1x network access control solution to authenticate users and devices attempting to access the network. Which type of server is required to perform authentication for network access?

RADIUS

A cybersecurity technician is concerned that one of the corporate systems in the company may have been compromised by an advanced persistent threat (APT) type of malware. The cybersecurity technician has quarantined the infected system and unplugged it from the network. What should the technician do next?

Reinstall the operating systems and applications and then restore the data from known good backups.

Which three types of threat intelligence data do threat intelligence platforms collect? (Choose 3)

Reputation information Tools, techniques, and procedures Indicators of compromise

What is the term for a collection of software tools used by an attacker to obtain administrator-level access to a computer?

Rootkit

You are a part of your company's cybersecurity team. You suspect that someone is trying to hack into the company network through one of the applications on the network. You want to use Netstat to audit all the applications on the network and their TCP connections. What should you do?

Run the netstat -o command

You are a part of your company's cybersecurity team. The company's DNS server has been generating errors because it has been unable to resolve connections. You need to use NSLookup to tell the DNS server to check other servers if it doesn't have the information. What should you do?

Run the nslookup set recurse command.

You need to use tcpdump to capture a specified number of packets from the network. What should you do?

Run the tcpdump -c command.

Which algorithm is a one-way mathematical function that is used to provide data integrity?

SHA-2

Something you have Something you know Something you are

SMS token PIN number Facial recognition

Which solution allows cybersecurity incident response teams to automate incident responses?

SOAR

Automates security operations, threat intelligence, and incident response. Analyzes and aggregates log data from different IT systems to identify security threats. Automates system vulnerability management and security compliance evaluation.

SOAR SIEM SCAP

Which two components are required to enable clients to connect to a wireless network using the WPA2-Enterprise security protocol? (Choose 2.)

SSID RADIUS

An attacker has launched a DoS attack on a target server. The attack prevents the server from responding to client requests because it is waiting to close half-open Layer 4 sessions with the attacker's computer. Which type of attack is this?

SYN flood

A new cybersecurity technician suspects that one of their network servers experienced a brute force attack. Which Windows log files should be examined to provide evidence of this attack?

Security logs

An attacker targets all hosts on a network segment by sending traffic to a specific port to see if it is active on any of the hosts. Which scanning technique is the attacker using?

Sweep scan

Which network intelligence organization provides security training, certifications, and free news resources?

SysAdmin, Audit, Network, Security (SANS) Institute

Which type of physical attack involves entry into a restricted building or area?

Tailgating

Your friend wants to use your home Wi-Fi network to access the Internet from their smartphone. What are two potential security checks to verify before allowing your friend's device on your network? (Choose 2.)

Their device was scanned with the latest antivirus/anti-malware definition update. Your important or sensitive files, devices, and peripherals are on a private network.

Why is it important to block incoming IP broadcast addresses and reserved private IP addresses from entering your network?

These types of addresses are easier to use for IP spoofing attacks.

Which statement is True about advanced persistent threat (APT) attacks?

They are used to steal data.

Threat Risk Vulnerability

Threat: A phishing email is received by an employee. Malware is installed on a system. Vulnerability: A bug is discovered in a software application. An encryption algorithm is susceptible to cracking.

What are two goals of an information security change management policy: (Choose 2.)

To ensure that modifications to systems do not negatively impact security. To ensure that documentation is updated when systems are installed or modified.

You are a part of a cyber forensics team that needs to examine a hard drive for evidence. Your supervisor tells you to first make a duplicate of the hard drive. What is the purpose of making a duplicate of the hard drive?

To preserve the original state of the hard drive.

A program that appears to be useful or harmless but contains hidden code that can compromise the target system on which it runs is called a _____.

Trojan horse

For the following statement, select True or False. Threat intelligence services use the data of their subscribers to stay current with the threat landscape

True

Which classification of alert should be escalated to security investigators?

True positive

Which threat intelligence organization provides the Automated Indicator Sharing (AlS) service to governmental and private sector organizations?

U.S. Department of Homeland Security (DHS)

Minimizes attacks from automatic execution of malicious code and viruses from rogue websites Reduces risk of exposed or misused sensitive data if the device is stolen Allows the company to access, restore, and secure important features and applications in the event of theft

Unnecessary browser functions are disabled File encryption is enabled and functioning Devices are remotely managed by the CSIRT team

A company has a network policy for updating Windows 10 using a list of preset compliance guidelines. Which strategy would accomplish this?

Use Windows Update Baseline.

Which technology should be implemented to protect traffic as it crosses an unsecured network?

VPN

A technician needs to install a recently developed patch for one of the company applications running in a mixed Windows environment. Before installing the patch on the production server, the technician needs to test it in different environments . Which solution provides the method to test the patch in different environments?

Virtualized sandbox

Which attack method requires the use of a phone to obtain personal or sensitive information?

Vishing

Which social engineering attack targets high-ranking individuals in order to compromise personal or sensitive data?

Whaling

Which two network vulnerability assessment tools are used to scan networks? (Choose 2.)

Wireshark Nessus

Which two options are network security monitoring tools? (Choose 2.)

Wireshark SIEM

You need to use Netstat to display a list of only the UDP connections. What should you do?

You should run the netstat -p command.

In a DNS __ attack, threat actors use publicly accessible open DNS servers to flood a target with DNS response traffic.

amplification

You need to edit the default Linux permissions on a file to remove the write and execute permission for all users except the file's owner. Which command would change the permissions as needed?

chmod og-wx filename

For each server type, select Yes if it is typically located in a company's demilitarized zone (DMZ) or No if it is not

email yes web yes directory services no print no

In a DNS __ attack, threat actors change the A record for your domain's IP address to point to a predetermined address of their choice.

hijacking

In a DHCP __ attack, threat actors configure a fake DHCP server on the network to issue DHCP addresses to clients.

spoofing

In a DHCP __ attack, threat actors flood the DHCP server with DHCP requests to use up all the available IP addresses that the legitimate DHCP server can issue.

starvation

A(n) _____ is the possibility of an attack on a computer system or network.

threat

A computer can run multiple _____ that run their own operating systems and applications. A _____ is a virtualized application that consists of its dependencies. A _____ is software that enables multiple operating systems to run on the same physical machine.

virtual machines container hypervisor

A computer malware code that replicates itself on the target computer and spreads through the network causing damage and distributing additional harmful payloads is called a _____.

virus

A self-propagating malicious code that can propagate to other systems on the network and consume resources that could lead to a denial-of-service attack is called a _____.

worm