ITSY 1342 Final exam
Which of the following documents provide alternative modes of operation for interrupted business activities?
Business continuity plan
Which of the following best describes skimming?
Capturing information from the magnetic stripe of a smartcard
You are a data steward. You have been asked to restrict User A, who has an access clearance of "top secret" in a MAC-enabled network, from accessing files with the access label "secret." This, in turn, does not affect any other user.
Change the access clearance of User A to "confidential"
In a multifactor authentication-enabled facility, you are asked the following question: "What type of food was served on your child's first birthday?" Which of the following is the authentication method used here?
Cognitive Biometrics
Which of the following best describes a preimage attack?
Comparing a known digest with an unknown digest
In an interview, Tom was asked to give a brief on how containers perform virtualization. How should Tom reply?
Containers use OS components for virtualization
Which of the following is a network set up with intentional vulnerabilities?
Honeynet
Which of the following can be done to obfuscate sensitive data?
Masking
You are a cloud administrator, and you are asked to configure a VPC such that backend servers are not publicly accessible. What should you do to achieve this goal?
Use private subnets for backend servers
Pat is asked to automate critical security functions like responding to detected threat patterns in an enterprise network. Which of the following should be done by Pat?
Use software-device visibility
Which of the following outlines the process of a proxy server?
User - forward proxy - Internet - reverse proxy - user
Which of the following best describes VBA?
VBA is an event-driven programming language
Which of the following human characteristic is used for authentication?
Veins
As a cybersecurity expert, you are asked to take adequate measures to mitigate DDoS attacks on your enterprise servers. Which of the following techniques should you apply?
You should set up a DNS sinkhole.
The head of cybersecurity at your enterprise has asked you to set up an IDS that can create the baseline of all system activities and raise an alarm whenever any abnormal activities take place, without waiting to check the underlying cause. Which of the following actions should you take?
You should set up an IDS with anomaly-based monitoring methodology.
Which of the following correctly differentiates between a man-in-the-middle (MITM) attack and a man-in- the-browser (MITB)?
A MITM attack occurs between two endpoints, whereas a MITB attack occurs between a browser and underlying computer.
In a security meeting, you are asked to suggest access control schemes in which you have high flexibility when configuring access to the enterprise resources. Which of the following should you suggest?
Attribute-based access control
You are working as a security administrator. Your enterprise has asked you to choose an access control scheme in which a user is authorized to access the resources if the user has a specific attribute and denied if they don't. Which of the following access control schemes should you choose?
Attribute-based access control
Which of the following types of risk control occurs during an attack?
Detective control
Which control discourages security violations before their occurrence?
Deterrent control
Which of the following access management controls best fits a home network?
Discretionary access control
. Which of the following statements about domain reputation is correct?
Domain reputation will be low if the domain is used for distributing malware or launching attacks
Which of the following contains the field that indicates the function of the packet and an identifier field used to match requests and responses and the type of data being transported along with the data itself?
EAP
In which type of RFID attack can unauthorized users listen to communications between RFID tags and readers?
Eavesdropping
What is the difference between protecting against eavesdropping and protecting against a man-in-the-middle (MITM) attack?
Eavesdropping can be prevented by being aware of one's surroundings while using NFC technology, while MITM attack can be prevented by configuring in a pairing method so only one side can send and the other can receive it at a time
Which type of wireless attack is designed to capture wireless transmissions coming from legitimate users?
Evil Twin
In an interview, you are asked about the role played by virtual machines in load balancing. Which of the following should be your reply?
If the virtual machine's load increases, the virtual machine can be migrated to another physical machine with more capabilities.
You are working as a cloud administrator, and are asked to migrate a virtual machine to a more capable physical machine, as the demand for the service hosted on the VM increased past its limit. As your enterprise still uses conventional switches, migration took time and resulted in customer dissatisfaction. How should you mitigate this issue in the future?
Implement a software-defined network
Several quantitative tools like mean time between failure (MTBF), mean time to recovery (MTTR), mean time to failure (MTTF), and failure in time (FIT) can be used to predict the likelihood of the risk. Which of these tools perform similar functions?
MTBF and FIT
As a senior security consultant, which of the following attacks should you mention in the charge sheet?
Mac Cloning attack
In an interview, you are given the following scenario: David sent a message to Tina saying, "There is no school today!" For some reason, the message showed up on Tina's device as, "Come to the school ASAP!" You (the candidate) are asked to name the type of attack that would cause this situation. Which of the following should you identify?
Man in the Middle
Why are jamming attacks generally rare?
They require expensive, sophisticated equipment
Which of the following is NOT a part of business continuity planning?
Contingency actions
What type of APs can be managed by wireless LAN controllers (WLCs)?
Controller AP
Marnus is working as a cloud administrator, and he has been asked to perform segmentation on specific cloud networks. Which of the following should be done by Marnus?
Create network rules for the services permitted between accessible zones to make sure endpoints belonging to other approved zones can reach them
In a practical test, Steve was asked to securely connect different on-premises computing devices with a database deployed in the cloud. What action is Steve taking?
Creating a Virtual Network
Your enterprise recently approved using fingerprint scanners to authenticate employees who access restricted areas. You are assigned to conduct a study on how secure fingerprint authentication is. Which of the following should you report?
Fingerprint scanners can be used for trickery in rare cases.
Which of the following is the most versatile cloud model?
IaaS
While analyzing a security breach, you found the attacker followed these attack patterns:The attacker initially tried the commonly used password "passw0rd" on all enterprise user accounts and then started trying various intelligible words like "passive," "partner," etc. Which of the following attacks was performed by the attacker?
Initially, a password spraying attack and then a brute force attack.
In a security review meeting, you are asked to implement a detective control to ensure enhanced security during an attack. Which of the following actions should you take?
Install motion detection sensors in strategic areas
In an interview, you are asked to explain how gamification contributes to enterprise security. How should you reply
Instructional gaming can train employees on the details of different security risks while keeping them engaged
In a security review meeting, you are asked to calculate the single loss expectancy (SLE) of an enterprise building worth $100,000,000, 75% of which is likely to be destroyed by a flood. Flood insurance data suggest that a severe flood is likely to occur once every 100 years. Which formula should you use to calculate the SLE?
100,000,000 * 0.75/.01
Which of the following best describes a host-based firewall?
A host-based firewall is a software firewall that protects a single endpoint device.
Which of the following best describes a network address translation?
A network address translation (NAT) enables a private IP network to connect to the internet.
You are analyzing the settings for your network's firewall. There is currently a log-only rule set for the source address 112.101.2.4. Which of the following has created a log entry in the firewall?
A rule is set to allow all packets from 112.101.2.1 through 112.101.2.22.
Which of the following is a layer 2 attack?
ARP poisoning
You are asked to configure your firewall in such a way that the traffic from source address range 117.112.10.25 through 117.112.15.100 is allowed, while traffic from 117.112.12.25 through 117.112.13.25 is denied, and traffic from 117.112.12.200 through 117.112.13.10 is allowed. How should you configure the firewall?
Allow 117.112.10.25 through 117.112.15.100; deny 117.112.12.25 through 117.112.13.25; force- allow 117.112.12.200 through 117.112.13.10
Which of the following statements correctly defines jamming?
An attacker intentionally floods the RF spectrum with extraneous RF signal "noise" that creates interference and prevents communications.
While talking to a new client, the client asked you why access control is mostly used in enterprise networks rather than home networks. How should you reply?
An enterprise network will have more sensitive and confidential information.
You are asked to construct a server cluster to provide resilience to the webserver hosted by your enterprise. Which of the following clustering systems should you implement to ensure the standby server only works when the other server fails?
Asymmetric
Which of the following best describes bash?
Bash is a command language interpreter.
Which type of attack can give an attacker access to a device and allow them to copy personal information using an unauthorized radio frequency connection?
Bluesnarfing
During an interview, you are provided the following scenario: The enterprise that you recently joined is using the ISP DNS server to resolve domain names. You are asked which specific attack will need to be mitigated first to secure the enterprise network. Which of the following attacks should you choose?
DNS Hijacking
Tyler is a cybersecurity expert assigned to look after the security of a public DNS server. One day, during his usual inspection of the DNS server, he found that the DNS table has been altered, resulting in URL redirection for some users.
DNS Hijacking
Which specific type of attack occurs when a threat actor redirects network traffic by modifying the local host file to send legitimate traffic anywhere they choose?
DNS poisoning
Which of the following can be achieved using availability zones in cloud computing?
Fault Tolerance
Which type of intrusion detection system can also block attacks?
Inline
Which of the following types of risk would organizations being impacted by an upstream organization's vulnerabilities be classified as?
Multiparty risk
An attacker collected many usernames from a website and tried to login into the accounts using the password "passw0rd". What type of attack was this?
Password spraying
Which risk remains after additional controls are applied?
Residual risk
The following data is being used for a password attack: "?u ?l ?l ?l ?l ?d ?d ?d ?d." Which of the following types of attack is this?
Rule attack
Which of the following is a deception instrument?
Sinkhole
Which site survey tool is used to visually represent wireless network details such as channel bandwidth, channel coverage, data rate, and interference, among others
WiFi analyzers
Which of the following attacks is considered easy, allowing threat actors to access user data and read through passwords and PINs, and why is it considered so?
A WLAN consumer attack, because many users fail to properly configure security on their home WLANs.
Which of the following best describes the cloud access security broker?
CASB ensures the security policies of the enterprise comply with the cloud.
Who implements access control based on the security level determined by the data owner?
Data Custodian
Who ensures the enterprise complies with data privacy laws and its own privacy policies?
Data privacy officer
After a disaster disrupted your organization's functioning, you were assigned to determine the sequence for reinstating systems. Which of the following documents should you refer to when deciding the restoration order?
Data recovery plan
Which of the following is a feature of secrets management?
Default Encryption
Which of the following access control schemes is most secure?
Mandatory access control
Dave is preparing a COOP for his company. In it, he included how and where employees and resources will be relocated in case of a natural disaster, how data will be recovered in case a terrorist attack shuts down public networks, and how the company's critical services and processes will be affected by an IT system failure. Did Dave compile the COOP correctly?
No. Dave's COOP plan should not include how critical services and processes will be affected by an IT system failure.
Sam is working as a cybersecurity expert. An enterprise that manages nuclear powerplants approached Sam's company to install an authentication facility for its employees when they access the nuclear plant. The enterprise is demanding multifactor authentication with high security, lowest false acceptance rate, and lowest false rejection rates. Which of the following authentication methods should Sam apply?
Pin and gait recognition
What do servers connected in a cluster use to communicate with each other?
Private cluster connection
Which of the following can prevent macros attacks?
Protected View
Which of the following RAID configurations have no fault tolerance?
RAID 0
You are working as a cybersecurity expert in an enterprise. While examining the newly established enterprise network, you found that when a request to write data to the drive is made, the controller sends that request to each drive. When a read action is required, the data is read twice, once from each drive. Which type of RAID is used in the newly established network?
Raid level 1
One of the important systems in your organization was accidentally exposed to malware. Which of the following features should you use to manage the risk of malware?
Revert to a known state
You are a cyber forensic specialist, and you are asked to retrieve the password of an employee account suspected of being an imposter. As you are provided with the enterprise's strong password policy, which of the following methods will be the easiest for you to use when retrieving the password?
Rule Attack
You are working as a security admin in an enterprise and have been asked to choose an access control method so that all users can access multiple systems without crossing their limit of access. Which of the following access control methods is the best fit?
Rule-based access control
You are asked to choose a secure authentication method other than a username and password for the employees to access your enterprise's database. Which of the following should you choose?
Security key authentication
Which of the following best describes a Fake RAID?
Software RAID
In an interview, Max was asked to tell one difference between a software firewall and a virtual firewall. How should Max answer?
Software firewalls are locally installed on a device, whereas virtual firewalls run in the cloud.
You are a security admin for an enterprise, and you were asked to ensure high availability of data using redundancy. Which of the following action should you perform?
Store the same data in different devices across different locations
David is asked to test a new configuration on a virtual machine; if it does not work, it should roll back to the older state. What should David do before testing the new configuration so he can roll it back to the previous state if needed?
Take a snapshot of the virtual machine before testing the configuration
The risk of DDoS attacks, SQL injection attacks, phishing, etc., is classified under which threat category?
Technical
Your company has hired a contractor to build fences surrounding the office building perimeter and install signs that say "premises under 24-hour video surveillance." When do these controls occur?
The fence and the signs should both be installed before an attack
In an interview, you are asked to explain the major objective of having resilience in an organization. How should you respond?
The major objective of resilience in an organization is to provide uninterrupted services.
You work at the headquarters of an enterprise known for unethical practices. The company has many remote sites, but most functions are performed at one location. Your enterprise recently hired a third-party vendor known for high-accuracy business impact analyses. The BIA performed by the vendor has since proved wrong, as an incident impacted the business significantly more than forecast. You are assigned to conduct a study on the BIA's misconception and submit a report. What should you investigate as the possible reason for the BIA's inaccuracy?
The vendor overlooked the organization's remote sites.
Windows switches to Secure Desktop Mode when the UAC prompt appears. What is the objective of Secure Desktop Mode?
To prevent malware from tricking users by spoofing what appears on the screen
Which of the following best describes trusted location in MS Office?
Trusted location allows you to run macros-enabled files with no security restrictions.
The devices in your enterprise are configured with mandatory access control in which salaries.xlsx is labeled "secret," transactions.xlsx is labeled "top secret," and employees.xlsx is labeled "confidential." You were asked to configure the user clearance so that User A can access all three files, while User B can only access employees.xlsx.
User A: top secret; User B: confidential
In which of the following attacks do attackers use intentional interference to flood the RF spectrum with enough interference to prevent a device from effectively communicating with the AP?
Wireless denial of service attacks
Which wireless probe is designed to scan and record wireless signals within its range at regular intervals and report the information to a centralized database?
Wireless device probe
Your enterprise is hosting a web app that has limited security. As a security administrator, you are asked to take appropriate measures to restrict threat actors from hijacking users' sessions. Which of the following is the most appropriate action for you to take?
You should implement cryptography using OpenSSL
You want to implement an authentication method so that different password attacks, like dictionary attacks, brute force attacks, etc., will not result in unauthorized access to the web application hosted by your enterprise. You want to do this by not using any specialized hardware or making any changes to the user's activity during the authentication process. Which of the following methods should you apply?
You should implement keystroke dynamics
You are the cybersecurity chief of an enterprise. A risk analyst new to your company has come to you about a recent report compiled by the team's lead risk analyst. According to the new analyst, the report overemphasizes the risk posed by employees who currently have broad network access and puts too much weight on the suggestion to immediately limit user access as much as possible. According to the new analyst, not only does the report not mention the risk posed by a hacktivist group that has successfully attacked other companies in the same industry, it doesn't mention data points related to those breaches and your company's risk of being a future target of the group. How should you address this issue so that future reports and risk analyses are more accurate and cover as many risks as needed?
You should implement risk control self-assessment.
As a cybersecurity specialist, you are asked to defend the web app hosted by your enterprise from web application attacks like cross-site scripting, SQL injections, etc. Which of the following actions should you take?
You should install a WAF
In an interview, you were asked to crack a password and told that the password is a commonly used word. Which of the following methods should you apply?
You should perform a dictionary attack
You are a senior security admin in your enterprise. You have been asked to perform an incident response exercise so that you and your colleagues can analyze every possible scenario in case of an attack in the most realistic manner. Which of the following actions should you take?
You should run a plausible simulated attack on the network.
In 2016, your enterprise issued an end-of-life notice for a product. In 2020, an end-of-service notice was issued for the same product. What does this mean?
Your company stopped manufacturing a product in 2016, and all maintenance services for the product stopped in 2020.