Network Security CI120 (A & B)
5 GHz Band
802.11a uses frequencies in this band.
WEP
802.11i updates the flawed security deployed in this protocol.
shell
A _________ is a command-line user interface to an operating system.
VPN
A ____________________ is a way to create a virtual network link across a public network that allows the endpoints to act as though they are on the same network.
A load balancer
A dedicated network device that can direct requests to different servers based on a variety of factors.
Router
A device that routes packets based on IP addresses
Geo-Tagging
A feature that can disclose a user's position when sharing photos.
User Habits
A foundational security tool in engaging the workforce to improve the overall security posture of an organization.
Network
A group of two or more computers linked together to share data.
Business Partnership Agreement
A legal agreement between organizations establishing the terms, conditions, and expectations of the relationship between them
Memorandum of Understanding
A legal document used to describe a bilateral agreement between parties.
Hardware Security Module (HSM)
A physical device that safeguards cryptographic keys.
Shoulder Surfing
A procedure in which attackers position themselves in such a way as to be able to observe an authorized user entering the correct access code.
Initialization Vector
A random number used in combination with a secret key as a means to encrypt data. Part of the RC4 cipher that has a weak implementation in WEP.
Tailgating
A simple tactic of following closely behind a person who has just used their access card or PIN to gain physical access to a room or building.
CCTV
A system where the camera and monitor are directly linked.
Nonrepudiation
A term used to describe the condition where a user cannot deny that an event has occurred.
10
Acme Widgets has 10 employees and they all need the ability to communicate with one another using a symmetric encryption system. The system should allow any two employees to securely communicate without other employees eavesdropping. If an 11th employee is added to the organization, how many new keys must be added to the system?
Hackers
Actors who deliberately access computer systems and networks without authorization.
Static code analysis
Adam is conducting software testing by reviewing the source code of the application. What type of code testing is Adam conducting?
Pharming
Alaina discovers that someone has set up a website that looks exactly like her organization's banking website. Which of the following terms best describes this sort of attack?
CCMP
Alaina has implemented WPA2 and uses enterprise authentication for access points in infrastructure mode. What encryption protocol is her network using?
Spam over Instant Messaging
Alaina suspects that her organization may be targeted by a SPIM attack. What technology is she concerned about?
Method of transport
Alaina wants to maintain chain of custody documentation and has created a form. Which of the following is not a common element on a chain of custody form? Item identifier number Signature of the person transferring the item Signature of the person receiving the item Method of transport
Shoulder surfing
Alan reads Susan's password from across the room as she logs in. What type of technique has he used?
Homomorphic encryption
Alan's team needs to perform computations on sensitive personal information but does not need access to the underlying data. What technology can the team use to perform these calculations without accessing the data?
A supply chain attack
Alex discovers that the network routers that his organization has recently ordered are running a modified firmware version that does not match the hash provided by the manufacturer when he compares them. What type of attack should Alex categorize this attack as?
Files will remain but file indexes will not.
Alex has been handed a flash media device that was quick-formatted and has been asked to recover the data. What data will remain on the drive? No data will remain on the drive. Files will remain but file indexes will not. File indexes will remain, but the files will be gone. Files and file indexes will remain on the drive.
Standard
Allan is developing a document that lists the acceptable mechanisms for securely obtaining remote administrative access to servers in his organization. What type of document is Allan writing?
A deny list tool
Alyssa wants to prevent a known Microsoft Word file from being downloaded and accessed on devices she is responsible for. What type of tool can she use to prevent this?
A microSD HSM
Alyssa wants to use her Android phone to store and manage cryptographic certificates. What type of solution could she choose to do this using secure hardware?
A CAN bus
Amanda is assessing a vehicle's internal network. What type of bus is she most likely to discover connecting its internal sensors and controllers? A Zigbee bus An SoC bus A CAN bus Narrowband bus
A heatmap
Amanda wants to create a view of her buildings that shows Wi-Fi signal strength and coverage. What is this type of view called? A channel overlay A PSK A heatmap A SSID chart
Degaussing
Amanda wants to securely destroy data held on DVDs. Which of the following options is not a suitable solution for this?
SSID
An Access Point uses this to advertise its existence to potential wireless clients.
Evil twin
An ________________ is a malicious fake access point that is set up to appear to be a legitimate, trusted network.
Time of Day Restriction
An access control method that would allow you to control access to records only when someone is scheduled to work.
Protocol
An agreed-upon method of exchanging information between systems.
Kerberos
An authentication model designed around the concept of using tickets for accessing objects.
Single Sign-On (SSO)
An authentication process where the user can enter their user ID and password once and then be able to move from application to application without having to supply further authentication.
Backdoor
An avenue that can be used to access a system while circumventing normal security mechanisms.
PBX (Private Branch Exchange)
An extension of the telephone service into a firm's telecommunications network.
Script Kiddie
An individual who does not have the technical expertise to develop scripts or discover new vulnerabilities in software but who has just enough understanding of computer systems to be able to download and run scripts that others have developed.
A walk-through
As part of their yearly incident response preparations, Ben's organization goes through a sample incident step by step to validate what each person will do in the incident. What type of exercise is this?\
Purpose limitation
Asa believes that her organization is taking data collected from customers for technical support and using it for marketing without their permission. What principle is most likely being violated?
Basic Authentication
Authentication that is sent in plaintext with only Base64 encoding.
Point-to-point
Bart knows that there are two common connection methods between Wi-Fi devices. Which of the following best describes ad hoc mode? Point-to-point NFC Point-to-multipoint RFID
tcpdump
Bart needs to assess whether a three-way TCP handshake is occurring between a Linux server and a Windows workstation. He believes that the workstation is sending a SYN but is not sure what is occurring next. If he wants to monitor the traffic, and he knows that the Linux system does not provide a GUI, what tool should he use to view that traffic?
Firewall
Basic packet filtering occurs here.
Dumpster diving
Ben searches through an organization's trash looking for sensitive documents, internal notes, and other useful information. What term describes this type of activity?
RAID 10
Ben wants to implement a RAID array that combines both read and write performance while retaining data integrity if a drive fails. Cost is not a concern compared to speed and resilience. What RAID type should he use?
LDAPS
Bonita has discovered that her organization is running a service on TCP port 636. What secure protocol is most likely in use?
Steganography
Brian discovers that a user suspected of stealing sensitive information is posting many image files to a message board. What technique might the individual be using to hide sensitive information in those images?
Residual risk
Brian recently conducted a risk mitigation exercise and has determined the level of risk that remains after implementing a series of controls. What term best describes this risk?
Resource policy
Brian would like to limit the ability of users inside his organization to provision expensive cloud server instances without permission. What type of control would best help him achieve this goal?
Structured Threat
Characterized by a greater amount of planning, a longer period of time to conduct the activity, more financial backing to accomplish it, and the possible corruption of, or collusion with, insiders
Performing user input validation
Charles is worried about users conducting SQL injection attacks. Which of the following solutions will best address his concerns?
Interview the individual.
Charles needs to know about actions an individual performed on a PC. What is the best starting point to help him identify those actions? Review the system log. Review the event log. Interview the individual. Analyze the system's keystroke log.
Elicitation
Charles wants to find out about security procedures inside his target company, but he doesn't want the people he is talking to realize that he is gathering information about the organization. He engages staff members in casual conversation to get them to talk about the security procedures without noticing that they have done so. What term describes this process in social engineering efforts?
tail
Charles wants to monitor changes to a log file via a command line in real time. Which of the following command-line Linux tools will let him see the last lines of a log file as they change? head logger tail chmod
Use the VM host to create a snapshot.
Charles wants to obtain a forensic copy of a running virtual machine. What technique should he use to capture the image? Run dd from within the running machine. Use FTK Imager from the virtual machine host. Use the VM host to create a snapshot. Use WinHex to create a copy from within the running machine.
The Windows Security log
Chris has turned on logon auditing for a Windows system. Which log will show them?
Integrity
Chris is responding to a security incident that compromised one of his organization's web servers. He believes that the attackers defaced one or more pages on the website. What cybersecurity objective did this attack violate? Confidentiality Nonrepudiation Integrity Availability
UEFI/Measured boot
Chris wants systems that connect to his network to report their boot processes to a server where they can be validated before being permitted to join the network. What technology should he use to do this on the workstations? BIOS/Measured boot UEFI/Measured boot BIOS/Trusted boot UEFI/Trusted boot
None of the above (which are: Use signed BGP by adopting certificates for each BGP peer/ Turn on BGP route protection/ Choose a TLS-enabled version of BGP)
Chuck wants to provide route security for his organization, and he wants to secure the BGP traffic that his routers rely on for route information. What should Chuck do?
TAXII
Cindy wants to send threat information via a standardized protocol specifically designed to exchange cyber threat information. What should she choose?
Mandatory vacations
Colin would like to implement a security control in his accounting department that is specifically designed to detect cases of fraud that are able to occur despite the presence of other security controls. Which one of the following controls is best suited to meet Colin's need?
Information Warfare
Conducted against the information and information-processing equipment used by an adversary.
pathping
Connor believes that there is an issue between his organization's network and a remote web server, and he wants to verify this by checking each hop along the route. Which tool should he use if he is testing from a Windows 10 system?
Lighting
Continuous, standby, Trip, and emergency are all types of __________
A snapshot
Cynthia wants to clone a virtual machine. What should she do to capture a live machine, including the machine state?
dd
Cynthia wants to make an exact copy of a drive using a Linux command-line tool. What command should she use?
SAE
Daniel knows that WPA3 has added a method to ensure that brute-force attacks against weak preshared keys are less likely to succeed. What is this technology called?
Wireshark
Danielle wants to capture traffic from a network so that she can analyze a VoIP conversation. Which of the following tools will allow her to review the conversation most effectively?
SOC 2 Type 1
Darren is working with an independent auditor to produce an audit report that he will share with his customers under NDA to demonstrate that he has appropriate security controls in place. The auditor will not be assessing the effectiveness of those controls. What type of audit report should Darren expect?
Role-Based Access Control (RBAC)
Designed around the type of tasks people perform.
Bridge or Switch
Distributes traffic based on MAC addresses.
Improper error handling
During a web application test, Ben discovers that the application shows SQL code as part of an error provided to application users. What should he note in his report?
Use a degausser.
Elaine wants to securely erase the contents of a tape used for backups in her organization's tape library. What is the fastest secure erase method available to her that will allow the tape to be reused? Wipe the tape by writing a random pattern of 1s and 0s to it. Wipe the tape by writing all 1s or all 0s to it. Use a degausser. Incinerate the tape.
SRTP
Elle is implementing a VoIP telephony system and wants to use secure protocols. If she has already implemented SIPS, which other protocol is she most likely to use?
An air gap
Florian wants to ensure that systems on a protected network cannot be attacked via the organization's network. What design technique should he use to ensure this?
Whether the forensic information includes a timestamp
Frank is concerned about the admissibility of his forensic data. Which of the following is not an element he should be concerned about?
Implement and use a data classification scheme.
Frank's organization is preparing to deploy a data loss prevention (DLP) system. What key process should they undertake before they deploy it? Implement and use a data classification scheme. Define data lifecycles for all nonsensitive data. Tag all data with the name of the creator or owner. Encrypt all sensitive data.
Out-of-band management
Fred wants to ensure that the administrative interfaces for the switches and routers are protected so that they cannot be accessed by attackers. Which of the following solutions should he recommend as part of his organization's network design?
Containerization
Fred's company issues devices in a BYOD model. That means that Fred wants to ensure that corporate data and applications are kept separate from personal applications on the devices. What technology is best suited to meet this need? Biometrics Full-device encryption Context-aware authentication Containerization
On disk
Gabby wants to capture the pagefile for a system. Where will she find the pagefile stored? In memory On disk In a CPU register In device firmware
RAID 1
Gabby wants to implement a mirrored drive solution. What RAID level does this describe?
POPS, IMAPS, HTTPS
Gary wants to use secure protocols for email access for his end users. Which of the following groups of protocols should he implement to accomplish this task?
RTO
Gene recently conducted an assessment and determined that his organization can be without its main transaction database for a maximum of two hours before unacceptable damage occurs to the business. What metric has Gene identified?
dev. www.mydomain.com
Glenn recently obtained a wildcard certificate for *. mydomain.com . Which one of the following domains would not be covered by this certificate?
Risk transference
Grace's company decided to install the web application firewall and continue doing business. They are still worried about other risks to the information that were not addressed by the firewall and are considering purchasing an insurance policy to cover those risks. What strategy does this use?
Supply chain
Greg believes that an attacker may have installed malicious firmware in a network device before it was provided to his organization by the supplier. What type of threat vector best describes this attack?
Network-based
Greg is implementing a data loss prevention system. He would like to ensure that it protects against transmissions of sensitive information by guests on his wireless network. What DLP technology would best meet this goal?
WinHex
Greg wants to use a tool that can directly edit disks for forensic purposes. What commercial tool could he select from this list? dd memdump WinHex df
Geographic dispersal
Gurvinder identifies a third-party datacenter provider over 90 miles away to run his redundant datacenter operations. Why has he placed the datacenter that far away?
Backups
Gurvinder wants to follow the order of volatility to guide his forensic data acquisition. Which of the following is the least volatile?
COPE
Gurvinder wants to select a mobile device deployment method that provides employees with devices that they can use as though they're personally owned to maximize flexibility and ease of use. Which deployment model should he select? CYOD COPE BYOD MOTD
A disaster recovery plan
Gwen is building her organization's documentation and processes and wants to create the plan for what the organization would do if her datacenter burned down. What type of plan would typically cover that type of scenario?
Masking
Gwen is exploring a customer transaction reporting system and discovers the table shown here. What type of data minimization has most likely been used on this table?
SaaS
Helen designed a new payroll system that she offers to her customers. She hosts the payroll system in AWS and her customers access it through the web. What tier of cloud computing best describes Helen's service?
Data processor
Helen's organization maintains medical records on behalf of its customers, who are individual physicians. What term best describes the role of Helen's organization?
Vulnerability scans
Henry wants to check to see if services were installed by an attacker. What commonly gathered organizational data can he use to see if a new service appeared on systems? Registry dumps from systems throughout his organization Firewall logs Vulnerability scans Flow logs
Autopsy
Henry wants to use an open source forensic suite. Which of the following tools should he select? Autopsy EnCase FTK WinHex
All of the above. (It ensures that a vulnerability in a single company's product will not impact the entire infrastructure. If a single vendor goes out of business, the company does not need to replace its entire infrastructure. It means that a misconfiguration will not impact the company's entire infrastructure.)
How does technology diversity help ensure cybersecurity resilience?
All should have equal weight
Howard is assessing the legal risks to his organization based upon its handling of PII. The organization is based in the United States, handles the data of customers located in Europe, and stores information in Japanese datacenters. What law would be most important to Howard during his assessment?
David's private key
If David wishes to digitally sign the message that he is sending Mike, what key would he use to create the digital signature?
Default Deny
Implicit Deny is an operationalization of this principle.
ERM
In an _______________ program, organizations take a formal approach to risk analysis
Command and Control
In the Cyber Kill Chain, this stage access allows two-way communication and continued control of the remote system. __________________
Reconnaissance
In the Cyber Kill Chain, this stage identifies targets. __________________
Risk acceptance
In the end, Grace found that the insurance policy was too expensive and opted not to purchase it. She is taking no additional action. What risk management strategy is being used in this situation?
SaaS
In what cloud security model does the cloud service provider bear the most responsibility for implementing security controls?
One system is set to an incorrect time zone.
Isaac is performing a forensic analysis on two systems that were compromised in the same event in the same facility. As he performs his analysis, he notices that the event appears to have happened almost exactly one hour earlier on one system than the other. What is the most likely issue he has encountered? The attacker took an hour to get to the second system. One system is set to an incorrect time zone. The attacker changed the system clock to throw off forensic practitioners. The forensic tool is reading the timestamps incorrectly.
PEAP
Isabelle needs to select the EAP protocol that she will use with her wireless network. She wants to use a secure protocol that does not require client devices to have a certificate, but she does want to require mutual authentication. Which EAP protocol should she use? EAP-FAST EAP-TTLS PEAP EAP-TLS
Access Tokens
Items carried by the user to allow them to be authenticated.
Disable ARP on all accessible ports
James is concerned about preventing broadcast storms on his network. Which of the following solutions is not a useful method of preventing broadcast storms on his network?
Removed the vulnerability
Jen identified a missing patch on a Windows server that might allow an attacker to gain remote control of the system. After consulting with her manager, she applied the patch. From a risk management perspective, what has she done?
A captive portal
Jerome wants to allow guests to use his organization's wireless network, but he does not want to provide a preshared key. What solution can he deploy to gather information such as email addresses or other contact information before allowing users to access his open network?
When the machine is off
Jim configures a Windows machine with the built-in BitLocker full disk encryption tool. When is the machine least vulnerable to having data stolen from it? When the machine is booted and logged in but is unlocked When the machine is booted and logged in but is locked When the machine is off When the machine is booted and logged in but is asleep
journalctl
Jim wants to view log entries that describe actions taken by applications on a CentOS Linux system. Which of the following tools can he use on the system to view those logs? logger syslog-ng journalctl tail
John the Ripper
Joanna recovers a password file with passwords stored as MD5 hashes. What tool can she use to crack the passwords?
Guideline
Joe is authoring a document that explains to system administrators one way in which they might comply with the organization's requirement to encrypt all laptops. What type of document is Joe writing?
Timing-based SQL injection
Joe is examining the logs for his web server and discovers that a user sent input to a web application that contained the string WAITFOR. What type of attack was the user likely attempting?
Directory traversal
Joe's adventures in web server log analysis are not yet complete. As he continues to review the logs, he finds the request http://www.mycompany.com/../../../etc/passwd What type of attack was most likely attempted?
Robotic sentries
Kathleen wants to discourage potential attackers from entering the facility she is responsible for. Which of the following is not a common control used for this type of preventive defense?
Elasticity
Kevin would like to ensure that his software runs on a platform that is able to expand and contract as needs change. Which one of the following terms best describes his goal?
CASB
Kira would like to implement a security control that can implement access restrictions across all of the SaaS solutions used by her organization. What control would best meet her needs?
White hat
Kolin is a penetration tester who works for a cybersecurity company. His firm was hired to conduct a penetration test against a health-care system, and Kolin is working to gain access to the systems belonging to a hospital in that system. What term best describes Kolin's work?
PSK
Laura wants to deploy a WPA2 secured wireless for her small business, but she doesn't have a RADIUS server set up. If she wants her Wi-Fi to be encrypted, what is her best option for wireless authentication? EAP PSK EAP-TLS Open Wi-Fi with a captive portal
A Raspberry Pi
Lucca is prototyping an embedded system and wants to use a device that can run a full Linux operating system so that he can install and use a firewall and other security software to protect a web service he will run on it. Which of the following solutions should he use? A Raspberry Pi An FPGA An Arduino None of the above
Text messages and multimedia messages
Madhuri disables SMS, MMS, and RCS on phones in her organization. What has she prevented from being sent?
Active/active
Madhuri is designing a load-balancing configuration for her company and wants to keep a single node from being overloaded. What type of design will meet this need?
In the photo's metadata
Madhuri wants to check a PNG-formatted photo for GPS coordinates. Where can she find that information if it exists in the photo? In the location.txt file appended to the PNG On the original camera In the photo's metadata In the photo as a steganographically embedded data field
Motion detection
Madhuri wants to implement a camera system but is concerned about the amount of storage space that the video recordings will require. What technology can help with this?
Standard Operating Procedures
Mandatory step-by-step instructions set by the organization so that in the performance of their duties employees will meet the stated security objectives of the firm.
Compare the hashes of the source and target drive.
Maria has acquired a disk image from a hard drive using dd, and she wants to ensure that her process is forensically sound. What should her next step be after completing the copy?
Managerial
Matt is updating the organization's threat assessment process. What category of control is Matt implementing?
Capability
Megan's organization uses the Diamond Model of Intrusion Analysis as part of their incident response process. A user in Megan's organization has discovered a compromised system. What core feature would help her determine how the compromise occurred?
Wireshark
Melissa wants to capture network traffic for forensic purposes. What tool should she use to capture it?
Use forensic memory acquisition techniques.
Michael wants to acquire the firmware from a running device for analysis. What method is most likely to succeed? Use forensic memory acquisition techniques. Use disk forensic acquisition techniques. Remove the firmware chip from the system. Shut down the system and boot to the firmware to copy it to a removable device.
syslog-ng
Michael wants to log directly to a database while also using TCP and TLS to protect his log information and to ensure it is received. What tool should he use? syslog rsyslog syslog-ng journalctl
An allow list application
Michelle wants to prevent unauthorized applications from being installed on a system. What type of tool can she use to allow only permitted applications to be installed?
An allow list application
Michelle wants to prevent unauthorized applications from being installed on a system. What type of tool can she use to allow only permitted applications to be installed? A HIPS A hardening application A deny list application An allow list application
A bollard
Mike wants to stop vehicles from traveling toward the entrance of his building. What physical security control should he implement?
Routing
Moving packets from source to destination across multiple networks.
21, 23, and 80
Naomi has discovered the following TCP ports open on a system she wants to harden. Which ports are used for unsecure services and thus should be disabled to allow their secure equivalents to continue to be used? 21 22 23 80 443
Right to forensic examination
Naomi is preparing to migrate her organization to a cloud service and wants to ensure that she has the appropriate contractual language in place. Which of the following is not a common item she should include?
Text message-based phishing
Naomi receives a report of smishing. What type of attack should she be looking for?
A load balancer
Naomi wants to deploy a tool that can allow her to scale horizontally while also allowing her to patch systems without interfering with traffic to her web servers. What type of technology should she deploy?
arp /a
Nick wants to display the ARP cache for a Windows system. What command should he run to display the cache?
Confidentiality
Nolan is writing an after action report on a security breach that took place in his organization. The attackers stole thousands of customer records from the organization's database. What cybersecurity principle was most impacted in this breach?
Bluesnarfing
Octavia discovers that the contact list from her phone has been acquired via a wireless attack. Which of the following is the most likely culprit?
Of the threat vectors listed here, which one is most commonly exploited by attackers who are at a distant location?
A host intrusion detection system
Olivia wants to install a host-based security package that can detect attacks against the system coming from the network, but she does not want to take the risk of blocking the attacks since she fears that she might inadvertently block legitimate traffic. What type of tool could she install that will meet this requirement? A host intrusion detection system A host firewall A host intrusion prevention system A data loss prevention tool
Peer-to-Peer Trust Model
One CA is not subordinate to another CA, and there is no established trust anchor between the CAs involved.
22
Port _____ is used for Secure Shell (SSH).
389
Port ________ is used for LDAP.
Parameterized queries
Precompiled SQL statements that only require variables to be input are an example of what type of application security control?
BIOS Passwords
Prevents an attacker from making a machine boot from its DVD drive.
$500,000
Questions 3-7 refer to the following scenario: Aziz is responsible for the administration of an e-commerce website that generates $100,000 per day in revenue for his firm. The website uses a database that contains sensitive information about the firm's customers. He expects that a compromise of that database would result in $500,000 of fines against his firm. Aziz is assessing the risk of a SQL injection attack against the database where the attacker would steal all of the customer personally identifiable information (PII) from the database. After consulting threat intelligence, he believes that there is a 5 percent chance of a successful attack in any given year. What is the asset value (AV)?
Risk mitigation
Questions 8-11 refer to the following scenario: Grace recently completed a risk assessment of her organization's exposure to data breaches and determined that there is a high level of risk related to the loss of sensitive personal information. She is considering a variety of approaches to managing this risk. Grace's first idea is to add a web application firewall to protect her organization against SQL injection attacks. What risk management strategy does this approach adopt?
None of the above (which are: SDHCP/ LDAPS/ ARPS)
Randy wants to prevent DHCP attacks on his network. What secure protocol should he implement to have the greatest impact?
2
Referring to the scenario in question 9, if Acme Widgets switched to an asymmetric encryption algorithm, how many keys would be required to add the 11th employee?
Keyspace
Refers to every possible value for a cryptographic key.
Transitive Trust
Refers to the condition where trust is extended to another domain that is already trusted.
Bootdisk
Removable media from a computer which can be booted.
Gray-hat hacking
Renee is a cybersecurity hobbyist. She receives an email about a new web-based grading system being used by her son's school and she visits the site. She notices that the URL for the site looks like this: https://www.myschool.edu/grades.php&studentID=1023425 (Links to an external site.) She realizes that 1023425 is her son's student ID number and she then attempts to access the following similar URLs: https://www.myschool.edu/grades.php&studentID=1023423 (Links to an external site.) https://www.myschool.edu/grades.php&studentID=1023424 (Links to an external site.) https://www.myschool.edu/grades.php&studentID=1023426 (Links to an external site.) https://www.myschool.edu/grades.php&studentID=1023427 (Links to an external site.) When she does so, she accesses the records of other students. She closes the records and immediately informs the school principal of the vulnerability. What term best describes Renee's work?
Hub
Repeats all data traffic across all connected ports.
Key Management
Required for symmetric encryption.
A differential backup
Rick performs a backup that captures the changes since the last full backup. What type of backup has he performed?
Third-party control
Ryan is selecting a new security control to meet his organization's objectives. He would like to use it in their multicloud environment and would like to minimize the administrative work required from his fellow technologists. What approach would best meet his needs?
The restoration order documentation
Sally is working to restore her organization's operations after a disaster took her datacenter offline. What critical document should she refer to as she restarts systems?
Exploitation
Selah is following the Cyber Kill Chain model and has completed the delivery phase. What step is next according to the Kill Chain?
Cloning
Skimming attacks are often associated with what next step by attackers?
Software-As-A-Service (SaaS)
Software-As-A-Service (SaaS) Offers software to end users from the cloud.
Retention policies
Susan has discovered that an incident took place on her network almost six months ago. As she prepares to identify useful data for the incident, which common policy is most likely to cause her difficulties during her investigation? Configuration standards Communication policies Incident response policies Retention policies PreviousNext
Remote wipe and FDE
Susan wants to ensure that the threat of a lost phone creating a data breach is minimized. What two technologies should she implement to do this?
Subnet Mask
Tells you what portion of a 32-bit IP address is being used as the Network ID and what portion is being used as the Host ID
eradication
The __________________ stage involves removing the artifacts associated with the incident.
Certificate Signing Request (CSR)
The actual request to a CA containing a public key and the requisite information needed to generate a certificate.
Certificate Authority (CA)
The actual service that issues certificates based on the data provided during the initial registration process.
Layered Defense
The architecture in which multiple methods of security defense are applied to prevent realization of threat-based risks.
Reverse Social Engineering
The attacker hopes to convince the target to initiate contact.
Audit
The board of directors of Kate's company recently hired an independent firm to review the state of the organization's security controls and certify those results to the board. What term best describes this engagement?
A microcontroller, and on physical security
The company that Hui works for has built a device based on an Arduino and wants to standardize its deployment across the entire organization. What type of device has Hui's organization deployed, and where should Hui place her focus on securing it? A GPU, and on network security An FPGA, and on network security An ICS, and on physical security A microcontroller, and on physical security
Cryptanalysis
The evaluation of a cryptosystem to test its security.
Preparation
The following figure shows the Security+ incident response cycle. What item is missing? (Hint: First step) Planning Reporting Monitoring Preparation
XOR
The function most commonly seen in cryptography. A "bitwise eXclusive OR"
MAC Address
The hardware address that uniquely identifies each device on a network.
checksum
The hash value for a drive or image can also be used as a __________________ to ensure that it has not changed.
Entropy
The measure of randomness in a system.
Biometrics
The measurement of unique biological properties such as fingerprints or irises.
Workstation
The name for a typical computer a user uses on a network.
An RTOS
The organization that Lynn works for wants to deploy an embedded system that needs to process data as it comes in to the device without processing delays or other interruptions. What type of solution does Lynn's company need to deploy? A HIPS An RTOS An MFP An SoC
Three-Way Handshake
The packet exchange sequence that initiates a TCP connection. SYN, SYN-ACK, ACK.
Economy of Mechanism
The principle in security where protection mechanisms should be kept as simple and small as possible.
Least Privilege
The principle that states that a subject has only the necessary rights and privileges to perform its task with no additional permissions.
Key Escrow
The process of giving keys to a third party so they can decrypt and read sensitive information if the need arises.
Dumpster Diving
The process of going through a target's trash searching for information that can be used in an attack or to gain knowledge about a system or network.
TEMPEST
The program to control electronic emanations from electrical equipment.
Network Address Translation (NAT)
The protocol that allows the use of private, internal IP addresses for internal traffic and public IP addresses for external traffic.
Topology
The shape or arrangement of a network, such as bus or star.
IEEE 802.11
The standard for wireless local area networks.
Registration Authority (RA)
The trusted authority for certifying individuals' identities and creating an electronic document indicating that individuals are who they say they are.
Mobile Device Management (MDM)
The type of application used to control security across multiple mobile devices in an enterprise.
Storage segmentation
Theresa has implemented a technology that keeps data for personal use separate from data for her company on mobile devices used by members of her staff. What is this concept called?
PHI
Tina works for a hospital system and manages the system's patient records. What category of personal information best describes the information that is likely to be found in those records?
Code signing
Tom is a software developer who creates code for sale to the public. He would like to assure his users that the code they receive actually came from him. What technique can he use to best provide this assurance?
AUP
Tonya discovers that an employee is running a side business from his office, using company technology resources. What policy would most likely contain information relevant to this situation?
Transit gateway
Ursula would like to link the networks in her on-premises datacenter with cloud VPCs in a secure manner. What technology would help her best achieve this goal?
Cross-Certification Certificate
Used when independent CAs establish peer-to-peer trust relationships.
Account Disablement
Used whenever an employee leaves a firm. All associated accounts should be disabled to prevent further access.
SSH, port 22
Valerie wants to replace the telnet access that she found still in use in her organization. Which protocol should she use to replace it, and what port will it run on?
IoC
Vince recently received the hash values of malicious software that several other firms in his industry found installed on their systems after a compromise. What term best describes this information?
A browser plug-in
Wayne is concerned that an on-path attack has been used against computers he is responsible for. What artifact is he most likely to find associated with this attack?
Session cookie
Wendy is a penetration tester who wishes to engage in a session hijacking attack. What information is crucial for Wendy to obtain if her attack will be successful?
API keys
Wendy is scanning cloud-based repositories for sensitive information. Which one of the following should concern her most, if discovered in a public repository?
27701
What ISO standard provides guidance on privacy controls?
Face recognition and fingerprint recognition
What are the two most commonly deployed biometric authentication solutions for mobile devices? Voice recognition and face recognition Fingerprint recognition and gait recognition Face recognition and fingerprint recognition Voice recognition and fingerprint recognition
PCI DSS
What compliance obligation applies to merchants and service providers who work with credit card information?
HIPAA
What compliance regulation most directly affects the operations of a healthcare provider?
Hypervisor
What component of a virtualization platform is primarily responsible for preventing VM escape attacks?
Tokenization
What data minimization technique replaces personal identifiers with unique identifiers that may be cross-referenced with a lookup table?
An unencrypted HTTP connection
What does an SSL stripping attack look for to perform an on-path attack?
$25,000
What is the annualized loss expectancy (ALE)?
0.05
What is the annualized rate of occurrence (ARO)?
Chain of custody
What is the document that tracks the custody or control of a piece of evidence called?
100%
What is the exposure factor (EF)?
Privacy
What is the most frequent concern that leads to GPS tagging being disabled by some companies via an MDM tool? Chain of custody The ability to support geofencing Privacy Context-aware authentication
SFlow samples only network traffic, meaning that some detail will be lost.
What is the primary concern with SFlow in a large, busy network?
$500,000
What is the single loss expectancy (SLE)?
XML
What language is STIX based on?
GDPR
What law creates privacy obligations for those who handle the personal information of European Union residents?
Center for Internet Security
What organization is known for creating independent security benchmarks covering hardware and software platforms from many different vendors?
ISACs
What organizations did the U.S. government help create to help share knowledge between organizations in specific verticals?
Identification
What phase in the incident response process leverages indicators of compromise and log analysis as part of a review of events? Preparation Containment Eradication Identification
TLS
What protocol is used to securely wrap many otherwise insecure protocols?
PowerShell
What scripting environment is native to Windows systems? Bash PowerShell Python CMD
USB-OTG
What standard allows USB devices like cameras, keyboards and flash drives to be plugged into mobile devices and used as they normally would be?
Distributing them in parking lots as though they were dropped
What technique is most commonly associated with the use of malicious flash drives by penetration testers?
Data encryption
What technology uses mathematical algorithms to render information unreadable to those lacking the required key?
Control objectives
What term best describes an organization's desired security state?
Data in motion
What term best describes data that is being sent between two systems over a network connection?
Data controller
What term is given to an individual or organization who determines the reasons for processing personal information?
EDR
What term is used to describe tools focused on detecting and responding to suspicious activities occurring on endpoints like desktops, laptops, and mobile devices? IAM FDE EDR ESC
SOAR
What tool is specifically designed to support incident responders by allowing unified, automated responses across an organization? IPS COOP SOAR IRC
Man-in-the-middle
What type of attack places an attacker in the position to eavesdrop on communications between a user and a web server?
Stream cipher
What type of cipher operates on one character of text at a time?
DOM-based XSS
What type of cross-site scripting attack would not be visible to a security professional inspecting the HTML source code in a browser?
EV
What type of digital certificate provides the greatest level of assurance that the certificate owner is who they claim to be?
A nation-state
What type of malicious actor is most likely to use hybrid warfare?
An access control vestibule
What type of physical security control is shown here? (A closed room with Door 1 which leads to Door 2, which leads to a secure area (or room).)
A warm site
What type of recovery site has some or most systems in place but does not have the data needed to take over operations?
Code of conduct
What type of security policy often serves as a backstop for issues not addressed in other policies?
False Rejection
When a biometric system (like fingerprints) fails to let you into a system when it should.
Authority
When a caller was recently directed to Amanda, who is a junior IT employee at her company, the caller informed her that they were the head of IT for her organization and that she needed to immediately disable the organization's firewall due to an ongoing issue with their e-commerce website. After Amanda made the change, she discovered that the caller was not the head of IT, and that it was actually a penetration tester hired by her company. Which social engineering principle best matches this type of attack?
Vishing
When you combine phishing with Voice over IP, it is known as:
Hybrid cloud
Which cloud computing deployment model requires the use of a unifying technology platform to tie together components from different providers?
Two-person control
Which of the following controls helps prevent insider threats?
Volatility
Which of the following is a memory forensics toolkit that includes memdump? FTK Imager WinHex dd Volatility
Form factor
Which of the following is not a common constraint of an embedded system? Form factor Network Compute Authentication
Use of weak encryption
Which of the following is not a typical security concern with MFPs? Acting as a reflector for network attacks Acting as an amplifier for network attacks Exposure of sensitive data from copies and scans Use of weak encryption
Documentation and reporting
Which of the following is not one of the four phases in COOP?
Detail
Which of the following measures is not commonly used to assess threat intelligence?
IPv6's NAT implementation is insecure.
Which of the following statements about the security implications of IPv6 is not true?
Nation-state actors
Which of the following threat actors typically has the greatest access to resources?
Top Secret
Which one of the following U.S. government classification levels requires the highest degree of security control?
Frequent flyer number
Which one of the following data elements is not commonly associated with identity theft?
Tokenization
Which one of the following data protection techniques is reversible when conducted properly?
Port scans
Which one of the following information sources would not be considered an OSINT source?
Create specific technology requirements for an organization.
Which one of the following is not a common use of the NIST Cybersecurity Framework?
Preventing injection attacks
Which one of the following is not an advantage of database normalization?
Using a cloud provider's web interface to provision resources
Which one of the following is not an example of infrastructure as code?
Contain
Which one of the following is not one of the five core security functions defined by the NIST Cybersecurity Framework?
Anonymous
Which one of the following is the best example of a hacktivist group?
Proposed revision to the security policy
Which one of the following items is not normally included in a request for an exception to security policy?
Nonrepudiation
Which one of the following objectives is not one of the three main objectives that information security professionals must achieve to protect their organizations against cybersecurity threats?
Data retention policy
Which one of the following policies would typically answer questions about when an organization should destroy records?
Guideline
Which one of the following security policy framework components does not contain mandatory guidance for individuals in the organization?
Agile
Which one of the following software development models focuses on the early and continuous delivery of software?
Controls used to fulfill one PCI DSS requirement may be used to compensate for the absence of a control needed to meet another requirement.
Which one of the following statements is not true about compensating controls under PCI DSS?
Threat map
Which one of the following threat research tools is used to visually display information about the location of threat actors?
CRM
Which one of the following would not commonly be available as an IaaS service offering?
Requirement to use AES-256 encryption
Which one of the following would not normally be found in an organization's information security policy?
Management
Which team member acts as a primary conduit to senior management on an IR team?
To prevent EMI
Why are Faraday cages deployed?
WTLS (Wireless Transport Layer Security)
Wireless Access Points use this protocol to attempt to ensure confidentiality of data.
Reduced the probability
You notice a high number of SQL injection attacks against a web application run by your organization, so you install a web application firewall to block many of these attacks before they reach the server. How have you altered the severity of this risk?
Data ownership policy
_____ clearly states the ownership of information created or used by the organization.
Password policy
_____ sets forth requirements for password length, complexity, reuse, and similar issues.
MSA
_______ provides an umbrella contract for the work that a vendor does with an organization over an extended period of time.
Procedures
_________ are detailed, step-by-step processes that individuals and organizations must follow in specific circumstances.
SCADA
_________ is a type of system architecture that combines data acquisition and control devices, computers, communications capabilities, and an interface to control and monitor an entire architecture.
SLA
__________ are written contracts that specify the conditions of service that will be provided by the vendor and the remedies available to the customer if the vendor fails to meet the SLA.
Continuous monitoring policy
__________ describes the organization's approach to monitoring and informs employees that their activity is subject to monitoring in the workplace.
Asset management
__________ describes the process an organization will follow for accepting new assets (such as computers and mobile devices) into inventory, tracking those assets over their lifetime, and properly disposing of them at the end of their useful life.
MOU
__________ is an informal mechanism that allows the parties to document their relationship to avoid future misunderstandings.
Standards
__________ provide mandatory requirements describing how an organization will carry out its information security policies.
Separation of duties
__________ requires the participation of two people to perform a single sensitive action.
Guidelines
___________ provide best practices and recommendations related to a given concept, technology, or task.
Whitelist blacklist block list
____________ and ____________ or ____________ are all terms used to describe allowing you to build a list of software, applications, and other system components that are allowed to exist or blocked from a system.
Policies
____________ are high-level statements of management intent.
AUP
____________ provides network and system users with clear direction on permissible uses of information resources.
Least privilege
____________ says that individuals should be granted only the minimum set of permissions necessary to carry out their job functions.
Preparation
____________. In this phase, you build the tools, processes, and procedures to respond to an incident.
Asset management
_____________ ___________ describe how the organization will follow for accepting new assets (such as computers and mobile devices) into inventory, tracking those assets over their lifetime, and properly disposing of them at the end of their useful life.
Embedded systems
_______________ are computer systems that are built into other devices.
Data stewards
_______________ are individuals who carry out the intent of the data controller and are delegated responsibility from the controller.
External risks
_______________ are those risks that originate from a source outside the organization.
Multi-party risks
_______________ are those that impact more than one organization.
Vulnerabilities
_______________ are weaknesses in our systems or controls that could be exploited by a threat.
Sandbox
_______________ describes an isolated environment where potentially dangerous or problematic software can be run.
Risk avoidance
_______________ is a risk management strategy where we change our business practices to completely eliminate the potential that a risk will materialize.
Risk acceptance
_______________ is the final risk management strategy and it boils down to deliberately choosing to take no other risk management strategy and to simply continue operations as normal in the face of the risk
Risk mitigation
_______________ is the process of applying security controls to reduce the probability and/or magnitude of a risk.
Risk management
_______________ is the process of systematically addressing the risks facing an organization.
Risks
_______________ occur at the intersection of a vulnerability and a threat that might exploit that vulnerability.
Legacy systems
_______________ pose a unique type of risk to organizations.
Risk identification process
_______________ requires identifying the threats and vulnerabilities that exist in your operating environment.
Port mirror
_______________ sends a copy of all the traffic sent to one switch port to another switch port for monitoring.
Qualitative risk assessments
_______________ substitute subjective judgments and categories for strict numerical analysis, allowing the assessment of risks that are difficult to quantify.
Quantitative risk assessments
_______________ use numeric data in the analysis, resulting in assessments that allow the very straightforward prioritization of risks.
802.11b
________________ Wi-Fi standard operates on the 11 Mbit/s and 2.4GHz frequency.
Load balancers
________________ are used to distribute traffic to multiple systems, provide redundancy, and allow for ease of upgrades and patching.
Network segmentation
________________ divides a network up into logical or physical groupings that are frequently based on trust boundaries, functional requirements, or other reasons that help an organization apply controls or assist with functionality.
Full disk encryption
________________ encrypts the disk and requires that the bootloader or a hardware device provide a decryption key and software or hardware to decrypt the drive for use.
EAP-TLS
________________ implements certificate-based authentication as well as mutual authentication of the device and network.
Port security
________________ is a capability that allows you to limit the number of MAC addresses that can be used on a single port
RFID
________________ is a relatively short-range (from less than a foot of some passive tags to about 100 meters for active tags) wireless technology that uses a tag and a receiver to exchange information.
Bluetooth
________________ is a short-range wireless standard limited to typically 5-30 meters.
DMZs Demilitarized zones
________________ or ________________ are network zones that contain systems that are exposed to less trusted areas.
Information security policy
_________________ contains a series of documents designed to describe the organization's cybersecurity framework.
Patch management
_________________ ensures that systems and software are up to date helps ensure endpoint security by removing known vulnerabilities.
Loop prevention
_________________ focuses on detecting loops and then disabling ports to prevent the loops from causing issues.
Right-to-audit clauses
__________________ __________________ , which are part of the contract between the cloud service and an organization.
Incident response policies
__________________ __________________ __________________ are commonly defined as part of building an IR capability.
Communication plans
__________________ __________________ are critical to incident response processes.
FTK imager
__________________ __________________ is a free tool for creating forensic images.
Disaster recovery
__________________ __________________ plans define the processes and procedures that an organization will take when a disaster occurs.
Business continuity
__________________ __________________ plans focus on keeping an organizational functional when misfortune or incidents occur.
Hardening
__________________ a system or application involves changing settings on the system to increase its overall level of security and reduce its vulnerability to attack.
Containers
__________________ have grown significantly in use and create new challenges for forensic examiners.
IoT
__________________ is a broad term that describes network-connected devices that are used for automation, sensors, security, and similar tasks.
Autopsy
__________________ is an open source forensic suite with broad capabilities.
Walk-throughs
__________________ take a team through an incident step by step.
Configuration management
__________________ tools are one of the most powerful options security professionals and system administrators have to ensure that the multitude of systems in their organizations have the right security settings and to help keep them safe.
Signature-based detection
__________________ uses a hash or other signature generation method to identify files or components of the malware that have been previously observed.
BPDU
____________________ guard protects STP by preventing ports that should not send BPDU messages from sending them.
Sanitizing drives or media
_____________________ involves wiping the data or destroying the media.
Data loss prevention tools
_____________________ protect organizational data from both theft and inadvertent exposure.
DHCP
_______________________ snooping focuses on preventing rogue DHCP servers from handing out IP addresses to clients in a managed network.
Broadcast storm prevention storm control
________________________, sometimes called __________________, prevents broadcast packets from being amplified as they traverse a network.