Lesson 7 - 12
Vince is choosing the symmetric encryption algorithm for use in his organization. He would like to choose the strongest algorithm from the choices below. What algorithm should he choose?
AES
Brian is selecting a cloud access security broker (CASB) for his organization and he would like to use an approach that interacts with the cloud provider directly. Which CASB approach is most appropriate for his needs?
API-based CASB
Which one of the following statements about cryptographic keys is INCORRECT?
All crytographic key should be kept secret
How does technology diversity help ensure cybersecurity resilience?
All of these (vulnerability/misconfiguration/single vendor)
Which of the following statements is NOT true about type II hypervisor?
Also known as a bare-metal hypervisors operate directly on top of the underlying hardware
What type of physical security control is shown here?
An access control vestibule ( Door 1, Door 2, Secured Area)
Norm is using full-disk encryption technology to protect the contents of laptops against theft. What goal of cryptography is he attempting to achieve?
Confidentiality
What factor is a major reason organization do not use security guards?
Cost
Howard is assessing the legal risks to his organization based upon its handling of PII. The organization is based in the United States, handles the data of customers located in Europe, and stores information in Japanese datacenters. What law would be most important to Howard during his assessment?
Data sovereignty
If David wishes to digitally sign the message that he is sending Mike, what key would he use to create the digital signature?
David's private key
Alan's team needs to perform computations on sensitive personal information but does not need access to the underlying data. What technology can the team use to perform these calculations without accessing the data?
Homomorphic encryption
Which one of the following servers is almost always an offline CA in a large PKI deployment?
Root CA
Brian has deployed a system that monitors sensors and uses that data to manage the power distribution for the power company that he works for. Which of the following terms is commonly used to describe this type of control and monitoring solution?
SCADA
What type of cipher operates on one character of text at a time?
Stream cipher
Password complexity, password history, and password reuse are all examples of what?
account policies
Michelle wants to ensure that attackers who breach her network security perimeter cannot gain control of the systems that run the industrial processes her organization uses as part of their business. What type of solution is best suited to this?
an air gap
Glenn recently obtained a wildcard certificate for *. mydomain.com. Which one of the following domains would not be covered by this certificate?
dev. www . mydomain . com
Wanda is responsible for a series of seismic sensors placed at remote locations. These sensors have low-bandwidth connections and she would like to place computing power on the sensors to allow them to preprocess data before it is sent back to the cloud. What term best describes this approach?
edge computing
Which of the following is not a common constraint of an embedded system?
form factor
What component of a virtualization platform is primarily responsible for preventing VM escape attacks?
hypervisor
Sally is working to restore her organization's operations after a disaster took her datacenter offline. What critical document should she refer to as she restarts systems?
the restoration order documentation
Acme Widgets has 10 employees and they all need the ability to communicate with one another using the symmetric encryption system. The system should allow any two employees to securely communicate without other employees eavesdropping. If an 11th employee is added to the organization, how many new keys must be added to the system?
10
Olivia wants to install a host-based security package that can detect attacks against the system coming from the network, but she does not want to take the risk of blocking the attacks since she fears that she might inadvertently block legitimate traffic. What type of tool could she install that will meet this requirement?
A host-based intrusion detection system
Kevin is configuring a web server to use digital certificates. What technology can he use to allow clients to quickly verify the status of that digital certificate without contacting a remote server?
Certificate stapling
When Mike receives the digitally signed message from David, what key should he use to verify the digital signature?
David's public key
Which of the following include passwords, PINs, or the answer to a security question?
Something you know
Trevor is deploying the Google Authenticator mobile application for use in his organization. What type of one-time password system does Google Authenticator use in its default mode?
Time-based one-time passwords
Elaine wants to securely erase the contents of a tape used for backups in her organization's tape library. What is the fastest secure erase method available to her that will allow the tape to be reused?
Use a degausser
Which one of the following is NOT an example of infrastructure as code?
Using a cloud provider's web interface to provision resources
What scripting environment is native to Windows systems?
PowerShell
Elaine wants to implement an AAA system. Which of the following is an AAA system she could implement?
RADIUS
Gabby wants to implement a mirrored drive solution. What RAID level does this describe?
RAID 1
James is concerned about preventing broadcast storms on his network. Which of the following solutions is not a useful method of preventing broadcast storms on his network?
Disable ARP on all accessible ports
What type of cryptographic attack attempts to force a user to reduce the level of encryption that they use to communicate with a remote server?
Downgrade
What type of digital certificate provides the greatest level of assurance that the certificate owner is who they claim to be?
EV
Mike is sending David an encrypted message using the symmetric encryption algorithm. What key should he use to encrypt the message?
Shared secret key
Bonita has discovered that her organization is running a service on TCP port 636. What secure protocol is most likely in use?
LDAPS
Melissa is planning on implementing biometric authentication on her network. Which of the following should be a goal for any biometric solution she selects?
Low CER
Which of the following is service organization that provides information technology as a service to their customer?
MSP (Managed Service Provider)
When Mike receives the message that David encrypted for him, what key should he use to decrypt the message using an asymmetric encryption algorithm?
Mike's private key
David would like to send Mike a message using an asymmetric encryption algorithm. What key should he use to encrypt the message?
Mike's public key
Scott wants to allow users to bring their own credentials to his website so that they can log in using a Google or Microsoft account without giving him their passwords. What protocol can he use that will allow those users to grant the website access to their information?
OpenID
Which one of the following certificate formats is closely associated with Windows binary certificate files?
PFX
Gary wants to use secure protocols for email access for his end-users. Which of the following groups of protocols should he implement to accomplish this task?
POPS, IMAPS, HTTPS
Which of the following technologies is the LEASTeffective means of preventing shared accounts?
Password complexity requirements
Nina's organization uses SSH keys to provide secure access between systems. Which of the following is NOT a common security concern when using SSH keys?
WEAK ENCRYPTION
What type of NAC will provide the maximum amount of information about the systems that are connecting while also giving him the most amount of control of systems and their potential impact on other systems that are connected to the network?
agent-based, pre-admission NAC
Michelle wants to prevent unauthorized applications from being installed on a system. What type of tool can she use to allow only permitted applications to be installed?
allow list application
Florian wants to ensure that systems on a protected network cannot be attacked via the organization's network. What design technique should he use to ensure this?
an air gap
Which of the following can be used to output files to standard output (your console) or to append files to other files?
cat
Which of the following lets you set permissions on files and directories, using either a symbol or a numeric representation of the permissions that you want to set?
chmod
Which of the following is a software tool that serves as intermediaries between cloud service users and cloud service providers?
cloud access security broker
Which one of the following statements about cloud computing is INCORRECT?
cloud computing customers provision resources through the service provider's sales team
Amanda wants to securely destroy data held on DVDs. Which of the following options is NOT a suitable solution for this?
degaussing
Kathleen wants to discourage potential attackers from entering the facility she is responsible for. Which of the following is NOT a common control used for this type of preventive defense?
degaussing
biometric factor is an example of what type of factor?
something you are
What is an HSM used for?
to generate, manage and securely store crytopgraphic keys
Why are Faraday cages deployed?
to prevent EMI
Which of the following controls helps prevent insider threats?
two person control
Which of the following shows the current TCP/IP network configuration for the host they are run on?
ipconfig
Kevin discovered that his web server was being overwhelmed by traffic, causing a CPU bottleneck. Using the interface offered by his cloud service provider, he added another CPU to the server. What term best describes Kevin's action?
vertical scaling
What technique is used to ensure that DNSSEC-protected DNS information is trustworthy?
it is digitally signed
Maddy wants to implement a camera system but is concerned about the amount of storage space that the video recordings will require. What technology can help with this?
motion recognition
Randy wants to prevent DHCP attacks on his network. What secure protocol should he implement to have the greatest impact?
none of these
Connor believes that there is an issue between his organization's network and a remote web server, and he wants to verify this by checking each hop along the route. Which tool should he use if he is testing from a Windows 10 system?
pathping
Amanda is assessing a vehicle's internal network. What type of bus is she most likely to discover connecting its internal sensors and controllers?
CAN bus
Which one of the following would not be available as an IaaS service offering?
CRM
What type of security solution provides a hardware platform for the storage and management of encryption keys?
HSM
Which of the following statements about the security implications of IPv6 is not true?
IPv6's NAT implementation is insecure
Which type of multifactor authentication is considered the least secure?
SMS
Rick performs a backup that captures the changes since the last full backup. What type of backup has he performed?
a differential backup
Brian would like to limit the ability of users inside his organization to provision expensive cloud server instances without permission. What type of control would best help him achieve this goal?
resource policy
Danielle wants to capture traffic from a network so that she can analyze a VoIP conversation. Which of the following tools will allow her to review the conversation most effectively?
wireshark
Acme Widgets has 10 employees and they all need the ability to communicate with one another using the asymmetric encryption system. The system should allow any two employees to securely communicate without other employees eavesdropping. If an 11th employee is added to the organization, how many new keys must be added to the system?
2
Naomi has discovered the following TCP ports open on a system she wants to harden. Which ports are used for unsecure services and thus should be disabled to allow their secure equivalents to continue to be used? 21 22 23 80 443
21, 23, and 80
The company that Theresa works for has deployed IoT (Internet of Things) sensors that have built-in cellular modems for communication back to a central server. What issue may occur if the devices can be accessed by attackers?
Attackers may steal the SIM cards from the devices and use them for their own purposes.
What type of attack does an account lockout policy help to prevent?
Brute force
Greg would like to find a reference document that describes how to map cloud security controls to different regulatory standards. What document would best assist with this task?
CSA CCM ( Cloud security alliance cloud controls matrix)
What type of access control scheme best describes the Linux filesystem?
DAC
What term is used to describe tools focused on detecting and responding to suspicious activities occurring on endpoints like desktops, laptops, and mobile devices?
EDR
Gary identifies a third-party datacenter provider over 90 miles away to run his redundant datacenter operations. Why has he placed the datacenter that far away?
Geographic dispersal
Which cloud computing deployment model requires the use of a unifying technology platform to tie together components from different providers?
Hybrid cloud
Which of the following offerings allow customers to purchase and interact with the basic building blocks of a technology infrastructure?
IaaS
In which of the following cloud categories are customers typically charged based on the number of virtual server instances dedicated to their use?
IaaS and PaaS
Tony purchases virtual machines from Microsoft Azure and uses them exclusively for use by his organization. What model of cloud computing is this?
Public cloud
Ben wants to implement a Redundant Array of Independent (RAID) array that combines both read and write performance while retaining data integrity if a drive fails. Cost is not a concern compared to speed and resilience. What RAID type should he use?
RAID 10
Theresa wants to implement an access control scheme that sets permissions based on what the individual's job requires. Which of the following schemes is most suited to this type of implementation?
RBAC
The organization that Lynn works for wants to deploy an embedded system that needs to process data as it comes in to the device without processing delays or other interruptions. What type of solution does Lynn's company need to deploy?
RTOS
Elle is implementing a VoIP telephony system and wants to use secure protocols. If she has already implemented SIPS, which other protocol is she most likely to use?
SRTP
Which protocol is a secure version of the Real-time Protocol, a protocol designed to provide audio and video streams via networks?
SRTP
Valerie wants to replace the telnet access that she found still in use in her organization. Which protocol should she use to replace it, and what port will it run on?
SSH, port 22
Helen designed a new payroll system that she offers to her customers. She hosts the payroll system in AWS and her customers access it through the web. What tier of cloud computing best describes Helen's service?
SaaS
Brian discovers that a user suspected of stealing sensitive information is posting many image files to a message board. What technique might the individual be using to hide sensitive information in those images?
Steganography
Chris wants systems that connect to his network to report their boot processes to a server where they can be validated before being permitted to join the network. What technology should he use to do this on the workstations?
UEFI/Measured boot
Wayne is concerned that an on-path attack has been used against computers he is responsible for. What artifact is he most likely to find associated with this attack?
a browser plug-in
Charles has implemented LDAP for his organization. What type of service has he enabled?
a directory service
Ben wants to observe malicious behavior targeted at multiple systems on a network. He sets up a variety of systems and instruments to allow him to capture copies of attack tools and to document all the attacks that are conducted. What has he set up?
a honeynet
The company that Hui works for has built a device based on an Arduino and wants to standardize its deployment across the entire organization. What type of device has Hui's organization deployed, and where should Hui place her focus on securing it?
a microcontroller and on a physical security
Lucca is prototyping an embedded system and wants to use a device that can run a full Linux operating system so that he can install and use a firewall and other security software to protect a web service he will run on it. Which of the following solutions should he use?
a raspberry pi
What type of recovery site has some or most systems in place but does not have the data needed to take over operations?
a warm site
Maddy is designing a load-balancing configuration for her company and wants to keep a single node from being overloaded. What type of design will meet this need?
active/active
What does an SSL stripping attack look for to perform an on-path attack?
an unencrypted HTTP connection
Nick wants to display the ARP cache for a Windows system. What command should he run to display the cache?
arp/a
A person's name, age, location, or job title are all examples of what?
attributes
Which of the following is NOT a typical reason to use an IP addressing schema in an enterprise?
avoiding use of other organizations' IP addresses
Mike wants to stop vehicles from traveling toward the entrance of his building. What physical security control should he implement?
bollard
Which of the following biometric technologies is most broadly deployed due to its ease of use and acceptance from end users?
fingerprint scanner
Samantha wants to set an account policy that ensures that devices can be used only while the user is in the organization's main facility. What type of account policy should she set?
geofencing
Angela has chosen to federate with other organizations to allow use of services that each organization provides. What role does Angela's organization play when they authenticate their users and assert that those users are valid to other members of the federation?
identity provider
Frank's organization is preparing to deploy a data loss prevention (DLP) system. What key process should they undertake before they deploy it?
implement and use a data classification scheme
Naomi wants to deploy a tool that can allow her to scale horizontally while also allowing her to patch systems without interfering with traffic to her web servers. What type of technology should she deploy?
load balancer
Scott sends his backups to a company that keeps them in a secure vault. What type of backup solution has he implemented?
offline
Fred wants to ensure that the administrative interfaces for the switches and routers are protected so that they cannot be accessed by attackers. Which of the following solutions should he recommend as part of his organization's network design?
out-of-band management
Cynthia wants to clone a virtual machine. What should she do to capture a live machine, including the machine state?
snapshot
Michelle enables the Windows 10 picture password feature to control logins for her laptop. Which type of attribute will it provide?
something you can do
Charles wants to monitor changes to a log file via a command line in real-time. Which of the following command-line Linux tools will let him see the last lines of a log file as they change?
tail
Bart needs to assess whether a three-way TCP handshake is occurring between a Linux server and a Windows workstation. He believes that the workstation is sending an SYN but is not sure what is occurring next. If he wants to monitor the traffic, and he knows that the Linux system does not provide a GUI, what tool should he use to view that traffic?
tcpdump
Ryan is selecting a new security control to meet his organization's objectives. He would like to use it in their multicloud environment and would like to minimize the administrative work required from his fellow technologists. What approach would best meet his needs?
third-party control
Ursula would like to link the networks in her on-premises datacenter with cloud VPCs in a secure manner. What technology would help her best achieve this goal?
transit gateway
Jim configures a Windows machine with the built-in BitLocker full disk encryption tool. When is the machine least vulnerable to have data stolen from it?
when the machine is off