Practice Exam 5
Which of the following are valid concerns when migrating to a serverless architecture? (SELECT THREE) A. Protection of endpoint security B. Limited disaster recovery options C. Dependency on the cloud service provider D. Management of physical servers E. Patching of the backend infrastructure F. Management of VPC offerings
A. Protection of endpoint security B. Limited disaster recovery options C. Dependency on the cloud service provider Serverless is a modern design pattern for service delivery. With serverless, all the architecture is hosted within a cloud, but unlike "traditional" virtual private cloud (VPC) offerings, services such as authentication, web applications, and communications aren't developed and managed as applications running on servers located within the cloud. Instead, the applications are developed as functions and microservices, each interacting with other functions to facilitate client requests. There is a heavy dependency on the cloud service provider in a serverless architecture system since all of the back-end infrastructure's patching and management functions are done by them. An organization using such an architecture would still need to prevent compromise of the user endpoints, though the cloud service provider does not manage these.
Which of the following types of operational technologies is designed to be used for a single purpose or function and cannot be patched when a flaw or defect is identified? application-specific integrated circuit (ASIC) Internet of Things (IoT) field programmable gate array (FPGA) System on a Chip (SoC)
ASIC application-specific integrated circuit (ASIC) is a type of processor designed to perform a specific function.
Dion Security Group is analyzing the encryption implementation of one of its customers. An analyst has discovered that they are using an older mode of operation that would allow an attacker to use the padding validation of a cryptographic message to decrypt the ciphertext into the corresponding plaintext. Which of the following mode or modes of operation is vulnerable to this padding-oracle attack? A. Galois/counter mode B. Cipher block chaining C. Electronic codebook D. Output feedback E. Counter mode
B. Cipher block chaining C. Electronic codebook Cipher block chaining (CBC) and the electronic codebook (ECB) are simple modes of enabling symmetric block ciphers to work with large sets of data and are older methods that are vulnerable to the padding-oracle attack.
You have just completed identifying, analyzing, and containing an incident. You have verified that the company uses self-encrypting drives as part of its default configuration. As you begin the eradication and recovery phase, you must sanitize the storage devices' data before restoring the data from known-good backups. Which of the following methods would be the most efficient to use to sanitize the affected hard drives? A. Use a secure erase (SE) utility on the storage devices B. Perform a cryptographic erase (CE) on the storage devices C. Conduct zero-fill on the storage devices D. Incinerate and replace the storage devices
B. Perform a cryptographic erase (CE) on the storage devices Sanitizing a hard drive can be done using cryptographic erase (CE), secure erase (SE), zero-fill, or physical destruction. In this case, the hard drives already used data at rest. Therefore, the most efficient method would be to choose CE.
Dion Training Solutions has just installed a backup generator for their offices that use SCADA/ICS for remote monitoring of the system. The generator's control system has an embedded cellular modem that periodically connects to the generator's manufacturer to provide usage statistics. The modem is configured for outbound connections only, and the generator has no data connection with any of Dion Training's other networks. The manufacturer utilizes data minimization procedures and uses the data to recommend preventative maintenance service and ensure maximum uptime and reliability by identifying parts that need to be replaced. Which of the following cybersecurity risk is being assumed in this scenario? A. There is a high risk being assumed since the presence of a cellular modem could allow an attacker to remotely disrupt the generator B. There is a minimal risk being assumed since the cellular modem is configured for outbound connections only C. There is a critical risk being assumed since the cellular modem represents a threat to the enterprise network if an attacker exploits the generator and then pivots to the production environment D. There is a medium risk being assumed since the manufacturer could use the data for purposes other than originally agreed upon
B. There is a minimal risk being assumed since the cellular modem is configured for outbound connections only There is a minimal risk being assumed in this scenario since the cellular modem is configured for outbound connections only. This also minimizes the risk of an attacker gaining remote access to the generator.
Dion Training is updating its disaster recovery plan. Currently, the company has a small office building that contains both its offices and its data center. The company cannot afford to purchase a second location. Instead, the CEO has negotiated an MOU with Fuller Solutions to use three empty server cabinets in their data center as an alternate location for recovery from a disaster. The CEO has also approved a reserved line of accounting in the budget each year to purchase the necessary servers and equipment to restore operations at the alternate site, but this money cannot be accessed until a disaster occurs. Which of the following recovery site strategies would you recommend to BEST meet these requirements? Mobile site Warm site Cold site Hot site
Cold site A cold site is a predetermined alternative location where a network can be rebuilt after a disaster. A cold site does not have a pre-established information systems capability, but it is open and available for building out an alternate site after the disaster occurs.
A financial services company wants to donate some old hard drives from their servers to a local charity. Still, they are concerned about the possibility of residual data being left on the drives. Which of the following secure disposal methods would you recommend the company use? Zero-fill Overwrite Cryptographic erase Secure erase
Cryptographic erase The storage media is encrypted by default. The encryption key itself is destroyed during the erasing operation. CE is a feature of self-encrypting drives (SED) and is often used with solid-state devices. Cryptographic erase can be used with hard drives, as well.
You have been hired to investigate a possible insider threat from a user named Terri. Which command would you use to review all sudo commands ever issued by Terri (whose login account is terri and UID=1003) on a Linux system? (Select the MOST efficient command) A. journalctl _UID=1003 | grep -e 1003 | grep sudo B. journalctl _UID=1003 | grep -e [Tt]erri | grep -e 1003 | grep sudo C. journalctl _UID=1003 | grep -e [Tt]erri | grep sudo D. journalctl _UID=1003 | grep sudo
D. journalctl _UID=1003 | grep sudo
During the analysis of data as part of ongoing security monitoring activities, which of the following is NOT a good source of information to validate the results of an analyst's vulnerability scans of the network's domain controllers? Log files DMARC and DKIM SIEM systems Configuration management systems
DMARC and DKIM Vulnerability scans should never take place in a vacuum. Analysts should correlate scan results with other information sources, including logs, SIEM systems, and configuration management systems. DMARC (domain-based message authentication, reporting, and conformance) and DKIM (domain keys identified mail) are configurations performed on a DNS server to verify whether an email is sent by a third-party are verified to send it on behalf of the organization.
Dion Training is drafting a new business continuity plan and is trying to determine the appropriate recovery time objective for their practice exam web application. This application is used by all of Dion Training's students to prepare for their upcoming certification exams. Historically, the organization has observed that if the application is down for more than a few hours, then a large number of complaints are created by students. Which of the following roles is most qualified to determine the appropriate recovery time objective to use for this application? Data custodian Chief executive officer Cybersecurity analyst Director of student success
Director of student success "director of student success" is the person responsible for supporting the students and answering their complaints and serves as the business unit manager or director for the training of students at Dion Training.
A company's NetFlow collection system can handle up to 2 Gbps. Due to excessive load, this has begun to approach full utilization at various times of the day. If the security team does not have additional money in their budget to purchase a more capable collector, which of the following options could they use to collect useful data? Enable NetFlow compression Enable full packet capture Enable QoS Enable sampling of the data
Enable sampling of the data The organization should enable sampling of the data collected. Sampling can help them capture network flows that could be useful without collecting everything passing through the sensor.
Which law requires government agencies and other organizations that operate systems on behalf of government agencies to comply with security standards? Children's Online Privacy Protection Act (COPPA) Sarbanes-Oxley (SOX) Health Insurance Portability and Accountability Act (HIPAA) Federal Information Security Management Act (FISMA)
Federal Information Security Management Act FISMA is a United States federal law that defines a comprehensive framework to protect government information, operations, and assets against natural or human-made threats.
Dion Training is developing a new web-based practice exam test engine. The application uses REST API and TLS to communicate securely between the front end and backend servers. You have been hired as a security analyst and have been asked to provide a solution that would help secure the application from attack. Which of the following solutions should you recommend to prevent an on-path or interception attack against this web-based application? Certificate pinning Secure encrypted enclave Extended validation certificate HTTP Strict Transport Security (HSTS)
HSTS HTTP Strict Transport Security (HSTS) is configured as a response header on a web server and notifies a browser to connect to the requested website using HTTPS only. HSTS helps prevent on-path and downgrade attacks.
Dion Consulting Group has been hired to design a PKI architecture for a large organization. The organization has five main departments with around 1 million end users spread across six continents. Each user should be issued a digital certificate embedded on a smart card that is used to gain access to any network resources. To receive their smart card, each user must appear at a local registration office with proof of their identity. Based on the size and scope of this organization, which trust model do you recommend the organization utilize? Cross certification model Bridge model Hierarchical model Single CA model
Hierarchical model A hierarchical model would be best for this scenario since each department can have its own intermediate CA and then create additional subordinate CAs under its intermediate CA.
Jack is assessing the likelihood of reconnaissance activities being performed against his organization. Which of the following would best classify the likelihood of a port scan being conducted against his DMZ? Medium None High Low
High
Which of the following layers within software-defined networking focuses on providing network administrators the ability to oversee network operations, monitor traffic conditions, and display the status of the network? Control layer Management plane Infrastructure layer Application layer
Management plane The management plane is used to monitor traffic conditions, the status of the network, and allows network administrators to oversee the network and gain insight into its operations.
Which tool should a malware analyst utilize to track the registry's changes and the file system while running a suspicious executable on a Windows system? DiskMon ProcDump Autoruns Process Monitor
Process Monitor Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry, and process/thread activity.
Dion Training is drafting a new business continuity plan and is trying to determine the appropriate metric to utilize in defining the recovery requirements for their practice exam web application. This application is used by all of Dion Training's students to prepare for their upcoming certification exams. The Chief Operating Officer (COO) has decided that she can only accept a loss of up to 2 hours of student practice exam results after an incident occurs. Which of the following metrics best defines this 2-hour timeframe? Recovery time objective (RTO) Recovery point objective (RPO) Mean time to recovery (MTTR) Recovery service level (RSL)
Recovery point objective (RPO)
Dion Training performed an assessment as part of its disaster recovery planning. The assessment found that the organization can only tolerate a maximum of 60 minutes worth of data loss in the event of a disaster. Therefore, the organization has implemented a system of database snapshots that are backed up every hour. Which of the following metrics would best represent this timeframe? Recovery Time Objective (RTO) Mean Time To Repair (MTTR) Recovery point objective (RPO) Mean Time Between Failure (MTBF)
Recovery point objective (RPO) describes the timeframe in which an enterprise's operations must be restored following a disruptive event, e.g., a cyberattack, natural disaster, or communications failure.
Dion Training is developing a new digital contracting system to allow their corporate customers to create orders online. Once the customer creates their order, they will need to digitally sign the contract. The algorithm should use the complexity of factoring large numbers to protect the digital signature, and the speed of verifying the digital signature should be prioritized over the speed of generating the digital signature. Which of the following cryptographic algorithms would best meet these requirements? Rivest, Shamir, and Adleman (RSA) Password-Based Key Derivation Function 2 (PBKDF2) Elliptic-Curve Digital Signature Algorithm (ECDSA) Digital Signature Algorithm (DSA)
Rivest, Shamir, and Adleman (RSA) is an asymmetric algorithm that uses the complexity of factoring large prime numbers to provide security.
Which type of personnel control is being implemented if Kirsten must receive and inventory any items that her coworker, Bob, orders? Dual control Mandatory vacation Background checks Separation of duties
Separation of duties This organization uses separation of duties to ensure that neither Kirsten nor Bob can exploit the organization's ordering processes for their gain. Separation of duties is the concept of having more than one person required to complete a particular task to prevent fraud and error.
A software developer has just finished writing a new application. You have been contracted to conduct a scan to determine what vulnerabilities may exist. The developer provides you with the source code and the binary for the application. Which of the following should you perform FIRST? Compliance scan Dynamic application scan Vulnerability scan Static application scan
Static application scan A static application scan, or static code analysis, is the process of reviewing the source code while it is not executing. This requires the source code of the application, which in this scenario was provided.
Jason is teaching a CompTIA course at a large company, but they do not allow non-employees to connect to their network. Since Jason needs the Internet for an in-class demonstration, he connects his laptop to his iPhone using a USB cable. He essentially connects to the Internet using the smartphone as a modem. Which of the following terms best describes this configuration? Tethering Baseband update Hotspot Tunneling
Tethering Tethering is the use of a mobile device's cellular data plan to provide Internet access to a laptop or PC.
What phase of the software development lifecycle is sometimes known as the acceptance, installation, and deployment phase? Development Training and transition Disposition Operations and maintenance
Training and transition The training and transition phase ensures that end users are trained on the software and entered general use.
Which technique would provide the largest increase in security on a network with ICS, SCADA, or IoT devices? Use of a host-based IDS or IPS User and entity behavior analytics Installation of anti-virus tools Implement endpoint protection platforms
User and entity behavior analytics Since ICS, SCADA, and IoT devices often run proprietary, inaccessible, or unpatchable operating systems, the traditional tools used to detect the presence of malicious cyber activity in normal enterprise networks will not function properly. Therefore, user and entity behavior analytics (UEBA) is best suited to detect and classify known-good behavior from these systems to create a baseline.
