Security+ CompTIA Exam Questions
Which of the following answers refers to a broadband cellular network technology?
4G/5G
A strong password that meets the password complexity requirement should contain: (Select the best answer)
A combination of characters from at least 3 character groups
Which access control model defines access control rules with the use of statements that closely resemble natural language?
ABAC
Which of the cryptographic algorithms listed below is the least vulnerable to attacks?
AES
What is the PKI role of Registration Authority (RA)? (Select 2 answers)
Accepting requests for digital certificates AND Authenticating the entity making the request
Which of the account policies listed below provides a countermeasure against malicious users attempting to determine an account password by trial and error?
Account lockout
Context-aware authentication strengthens the authentication process by requiring the standard user credentials (username and password) to be coupled with additional items that can be used in the authentication process, such as:
All of the above
Examples of properties used for defining access policies in Attribute-Based Access Control (ABAC) model include:
All of the above
Examples of social media threat vectors include:
All of the above
In the context of implementing secure network designs, the term "Port security" may apply to:
All of the above
NFC is vulnerable to:
All of the above
RFID is vulnerable to:
All of the above
Which of the answers listed below refer to examples of PKI trust models?
All of the above
Which of the following measures can be used in the hardening process?
All of the above
Which of the following does not have an application in the authentication process?
All of the above can be used in the authentication process
Which of the following is not used in the process of biometric authentication?
All of the above can be used in the biometric authentication process
In active-active mode, load balancers distribute network traffic across:
All servers
Which of the following answers can be used to describe the category of managerial security controls? (Select 3 answers)
Also known as administrative controls AND Focused on managing risk AND Documented in written policies
In cybersecurity exercises, red team takes on the role of:
An attacker
Due to added functionality in its plug, malicious USB cable can be used for:
Any of the above
What are the characteristic features of Elliptic Curve Cryptography (ECC)? (Select 3 answers)
Asymmetric encryption AND Low processing power requirements AND Suitable for small wireless devices
Which of the following answers refers to a key document governing the relationship between two business organizations?
BPA
Which of the following answers refers to an STP frame?
BPDU
A mobile device deployment model that allows employees to use private mobile devices for accessing company's restricted data and applications is known as:
BYOD
Which of the following terms falls into the category of unauthorized hacking activities?
Black hat
A type of trusted third party that issues digital certificates used for creating digital signatures and public-private key pairs is known as:
CA
Which of the following answers refers to a security policy enforcement software tool or service placed between cloud service users and cloud applications?
CASB
The practice of modifying a mobile device's operation in such a way that it can be used with any service provider is called:
Carrier unlocking
In forensic procedures, a chronological record outlining persons in possession of an evidence is referred to as:
Chain of custody
What is the function of the Linux chmod command?
Changes file/directory access permissions
In wireless networks, a situation where multiple channels share the frequency band causing interference and performance degradation for devices operating on channels that are too close to each other is known as:
Channel overlapping
A sticky note with a password kept on sight in user's cubicle would be a violation of which of the following policies?
Clean desk policy
The practice of making an unauthorized copy of a payment card is referred to as:
Cloning
Which of the following terms illustrate the security through obscurity concept? (Select all that apply)
Code obfuscation AND Steganography AND SSID broadcast suppression
A disaster recovery facility that provides only the physical space for recovery operations is called:
Cold site
What is STIX?
Common language for describing cyber threat information
A type of redundant source code producing an output not used anywhere in the application is commonly referred to as:
Dead code
Which password attack takes advantage of a predefined list of words?
Dictionary attack
Which of the following terms applies to the concept of non-repudiation?
Digital certificate
The process of searching, collecting, and securing electronic data with the intent of using it in a legal proceeding or investigation is known as:
E-discovery
Which of the EAP methods listed below relies on client-side and server-side certificates for authentication?
EAP-TLS
Which of the following EAP methods offers the highest level of security?
EAP-TLS
Which of the following block cipher modes is the simplest/weakest and therefore not recommended for use?
ECB
Which cryptographic solution would be best suited for low-power devices?
ECC
Which of the following answers refers to an endpoint security solution that provides the capability for detection, analysis, response, and real-time monitoring of cyber threats?
EDR
POP3 is used for:
Email retrieval
What is Metasploit?
Exploitation framework
A SOAR playbook implements the runbook checklist by automatically performing actions outlined in the runbook.
False
A SOAR runbook is a checklist of actions that need to be performed to detect and respond to a security incident.
False
A dynamic code analysis allows for detecting application flaws without the need for actual execution of the application code.
False
A situation where a cryptographic hash function produces two different digests for the same data input is referred to as a hash collision.
False
Code obfuscation techniques rely on encryption to protect the source code against unauthorized access.
False
Examples of techniques used for encrypting information include symmetric encryption (also called public-key encryption) and asymmetric encryption (also called secret-key encryption, or session-key encryption.)
False
FTPS is an extension to the Secure Shell (SSH) protocol and runs by default on port number 22.
False
High MTBF value indicates that a component or system provides low reliability and is more likely to fail.
False
In a differential backup strategy, restoring data from backup requires only a working copy of the last full backup.
False
In cybersecurity exercises, purple team combines the roles of all other teams (i.e. red, blue, and white).
False
In penetration testing, active reconnaissance involves gathering any type of publicly available information that can be used later for exploiting vulnerabilities found in the targeted system.
False
In penetration testing, passive reconnaissance relies on gathering information on the targeted system with the use of various non-invasive software tools and techniques, such as pinging, port scanning, or OS fingerprinting.
False
In the context of IT security, the term "Data minimization" refers to the process of removing all unnecessary characters from the source code to make it less intelligible for humans and faster to process by machines.
False
Stateless inspection is a firewall technology that keeps track of the state of network connections and based on that data determines which network packets to allow through the firewall.
False
Symmetric encryption algorithms require large amounts of processing power for both encryption and decryption of data which makes them much slower in comparison to asymmetric encryption ciphers.
False
The lack of entropy in the process of generating cryptographic keys improves the security of cryptographic algorithms.
False
The term "DHCP snooping" refers to an exploit that enables operation of a rogue DHCP network server.
False
The term "Non-repudiation" describes the inability to deny responsibility for performing a specific action. In the context of data security, non-repudiation ensures data confidentiality, provides the proof of data integrity, and proof of data origin.
False
The term "Static code analysis" refers to the process of discovering application run-time errors.
False
Which of the following terms refers to a situation where no alarm is raised when an attack has taken place?
False negative
An antivirus software identifying non-malicious file as a virus due to faulty virus signature file is an example of:
False positive error
An authentication subsystem in which a single set of authentication credentials provides access to multiple systems across different organizations is called:
Federation
GitHub is an example of:
File/code repository
Which type of malware resides only in RAM?
Fileless virus
Which of the following answers can be used to describe the category of operational security controls (Select 3 answers)
Focused on the day-to-day procedures of an organization AND Used to ensure that the equipment continues to work as specified AND Primarily implemented and executed by people (as opposed to systems)
Which of the following statements does not apply to dark web?
Forms a large part of the deep web
The practice of finding vulnerabilities in an application by feeding it incorrect input is called:
Fuzzing
Which of the following passwords is the most complex?
G$L3tU8wY@z
Which of the following terms falls into the category of semi-authorized hacking activities?
Gray hat
Which of the following terms is used to describe a penetration test in which the person conducting the test has a limited access to information on the internal workings of the targeted system?
Gray-box testing
Which statements best describe the attributes of an APT? (Select 3 answers)
High level of technical sophistication AND Extensive amount of resources/funding AND Typically funded by governments/nation states
Which of the following enables processing data in an encrypted form?
Homomorphic encryption
A monitored host holding no valuable data specifically designed to detect unauthorized access attempts and divert attacker's attention from the actual network is known as:
Honeypot
Which of the following is a common firewall type used for protecting a single computer? (Select 2 answers)
Host-based firewall AND Software firewall
Which of the following answers refers to a family of standards providing principles and guidelines for risk management?
ISO/IEC 31000
Which of the following answers refers to a cloud computing service model in which clients, instead of buying all the hardware and software, purchase computing resources as an outsourced service from suppliers who own and maintain all the necessary equipment and software?
IaaS
Which of the following answers refers to a trusted third-party service for validating user identity in a federated identity system?
IdP
Vulnerability scanning: (Select all that apply)
Identifies lack of security controls AND Identifies common misconfigurations AND Passively tests security controls
Which social engineering attack relies on identity theft?
Impersonation
Which of the following is an example of a risk mitigation strategy?
Implementation of security controls
Which of the three states of digital data requires data to be processed in an unencrypted form?
In processing
Which of the following statements are not true? (Select 2 answers)
Inherent risk is the remaining risk after implementing controls AND Residual risk is the original level of risk that exist before implementing any controls
Which of the following answers refers to a countermeasure against code injection?
Input validation
Which of the programming aspects listed below are critical in secure application development process? (Select 2 answers)
Input validation AND Error and exception handling
Which programming aspects are critical for secure application development process? (Select 2 answers)
Input validation AND Error and exception handling
Examples of password-cracking utilities include: (Select 2 answers)
John the Ripper AND Cain & Abel
A type of hardened server used as a secure gateway for remote administration of devices placed in a different security zone is known as:
Jump server
Which of the following servers would be best suited to act as an intermediary between an intranet and a screened subnet?
Jump server
Malicious code activated by a specific event is called:
Logic bomb
Which of the following forensic utilities enables the extraction of RAM contents?
Memdump
A situation in which an application fails to properly release memory allocated to it or continually requests more memory than required is known as:
Memory leak
Which of the following solutions is used to hide the internal IP addresses by modifying IP address information in IP packet headers while in transit across a traffic routing device?
NAT
A legal contract between the holder of confidential information and another person to whom that information is disclosed prohibiting that other person from disclosing the confidential information to any other party is known as:
NDA
A very short-range communication method where a wireless signal is sent between two devices that are touching or nearly touching each other is a characteristic feature of:
NFC
What is the name of a technology used for contactless payment transactions?
NFC
Which of the following answers refers to a firewall type that improves upon first- and second-generation firewalls by offering additional features, such as more in-depth inspection of network traffic and application-level inspection?
NGFW
The process of combining multiple physical network adapters into a single logical interface for increased throughput and redundancy is called:
NIC teaming
Which protocol ensures the reliability of the Kerberos authentication process?
NTP
Which of the following is a secure implementation of a protocol used for synchronizing clocks over a computer network?
NTPsec
What is the most common form of a DDoS attack?
Network-based
The process of removing redundant entries from a database is known as:
Normalization
What is the fastest way for checking the validity of a digital certificate?
OCSP
URL redirection is a characteristic feature of:
Pharming
A social engineering technique whereby attackers under disguise of a legitimate request attempt to gain access to confidential information is commonly referred to as:
Phishing
Protection provided by security personnel is an example of:
Physical security control
Which of the following answers refer(s) to the characteristic feature(s) of Faraday cage? (Select all that apply)
Physical security control type AND Provides protection against RFI AND Provides protection against EMI
Which of the following answers refers to a deprecated security mechanism designed to defend HTTPS websites against impersonation attacks performed with the use of fraudulent digital certificates?
Pinning
Which of the following allows an administrator to inspect traffic passing through a network switch?
Port mirroring
Bracketing
Providing a high and low estimate in order to entice a more specific number
One of the best practices for malware removal involves the process of isolation of files and applications suspected of containing malware to prevent further execution and potential harm to the user's system. This process is referred to as:
Quarantine
A mandatory IT security and risk management framework for U.S. federal government developed by NIST is known as:
RMF
A type of OS characterized by low delay between the execution of tasks required in specific applications, such as in military missile guidance systems or in automotive braking systems, is known as:
RTOS
A malfunction in a preprogrammed sequential access to a shared resource is described as:
Race condition
Malware that restricts access to a computer system by encrypting files or locking the entire system down until the user performs requested action is known as:
Ransomware
Which of the following is an example of cryptomalware?
Ransomware
Examples of embedded systems include: (Select all that apply)
Raspberry Pi AND Arduino AND Field Programmable Gate Array (FPGA)
In the Kerberos-based authentication process, the purpose of the client's timestamp is to provide countermeasure against:
Replay attacks
Hardware RAID Level 0: (Select all that apply)
Requires a minimum of 2 drives to implement AND Is also known as disk striping AND Decreases reliability (failure of any disk in the array destroys the entire array) AND Is suitable for systems where performance has higher priority than fault tolerance
Hardware RAID Level 10 (a.k.a. RAID 1+0): (Select 3 answers)
Requires a minimum of 4 drives to implement AND Is referred to as stripe of mirrors, i.e. a combination of RAID 1 (disk mirroring) and RAID 0 (disk striping) AND Offers increased performance and fault tolerance (failure of one drive in each mirrored pair of disk drives does not destroy the array)
What is the purpose of a DoS attack?
Resource exhaustion
Which of the following acronyms refers to a client authentication method used in WPA3 Personal mode?
SAE
Which of the following answers refers to a non-proprietary cryptographic network protocol for secure data communication, remote command-line login, remote command execution, and other secure network services?
SSH
Which of the following answers refers to a deprecated encryption protocol?
SSL
An authentication subsystem that enables a user to access multiple, connected system components (such as separate hosts on a network) after a single login on only one of the components is known as:
SSO
LDAPS is an example of:
Secure directory access protocol
Which type of user account violates the concept of non-repudiation?
Shared account
Which of the following alters the external behavior of an application and at the same time does not introduce any changes to the application's code?
Shimming
A situation in which an unauthorized person can view another user's display or keyboard to learn their password or other confidential information is referred to as:
Shoulder surfing
Allowing "Unknown Sources" in Android Security Settings enables:
Sideloading
An integrated circuit combining components normally found in a standard computer system is referred to as:
SoC
Which password attack bypasses account-lockout policies?
Spraying attack
Which of the terms listed below refers to the dynamic packet filtering concept?
Stateful inspection
A mobile security solution that enables separate controls over the user and enterprise data is called:
Storage segmentation
A mobile device's capability to share its Internet connection with other devices is referred to as:
Tethering
Which of the following answers refers to a methodology framework for intrusion analysis developed by U.S. government intelligence community?
The Diamond Model of Intrusion Analysis
Which of the following terms refers to a vulnerability caused by race conditions?
Time-of-check to time-of-use
Which of the following privacy-enhancing technologies replaces actual data with a substitute that holds a reference to it but by itself does not represent any valuable information that could be used by an attacker?
Tokenization
Which of the following security solutions can be used to protect database contents? (Select all that apply)
Tokenization AND Salting AND Hashing
Which of the following answers refer to the characteristic features of pharming? (Select 3 answers)
Traffic redirection AND Fraudulent website AND Credential harvesting
An IPsec mode providing encryption only for the payload (the data part of the packet) is known as:
Transport mode
A Secure Web Gateway (SWG) is a software component or a hardware device designed to prevent unauthorized traffic from entering an internal network of an organization. An SWG implementation may include various security services, such as packet filtering, URL/content filtering, malware inspection, application controls, Acceptable Use Policy (AUP) enforcement, or Data Loss Prevention (DLP).
True
A cloud deployment model consisting of two or more interlinked cloud infrastructures (private, community, or public) is referred to as a hybrid cloud.
True
A common implementation of identity and access controls used in federated SSO systems includes OpenID Connect and Oauth 2.0 used in conjunction to provide authentication and authorization services.
True
A web server and a client exchange data through HTTP messages. The two types of HTTP messages include: request from client to server (an HTTP request) and response from server to client (an HTTP response). An HTTP header is a name-value pair separated by a colon. It forms a part of the HTTP message and enables transferring additional information between the client and the server with the request or the response. Some HTTP headers can be used to improve security. As an example, for a website that has a valid SSL certificate (can be accessed via HTTPS), HTTP Strict Transport Security (HSTS) response header (if set) will block communication via HTTP and force the browser to use only secure HTTPS.
True
An HTML5 VPN portal is an example of clientless VPN implementation where an HTML5-compliant web browser along with TLS encryption can be used instead of a dedicated VPN client software.
True
An IP address that doesn't correspond to any actual physical network interface is called a virtual IP address (VIP/VIPA).
True
An authenticator application is a software that generates additional authentication token (in the form of a random code) used in multi-step verification process.
True
File timestamp is a metadata that contains information about a file and reflects when the file was created, last accessed, and last modified. In digital forensics, timestamps can be used for example to validate the integrity of an access log file (i.e. to check whether the file has been tampered with to mask unauthorized access attempt). Because different systems might be set to different time zones, in order to determine the chronological order of events during a security incident it is also important to take into account time offset which denotes the difference between the timestamp and a chosen reference time (a.k.a. time normalization).
True
From the security standpoint, the job rotation policy enables detection of fraudulent activity within the company/organization.
True
In IT security, the term "Shadow IT" is used to describe software and hardware used within an organization, but outside of the organization's official IT infrastructure.
True
In a digital certificate, the Common Name (CN) field describes a device, an individual, an organization, or any other entity the certificate has been issued for. In an SSL certificate, CN refers to the Fully Qualified Domain Name (FQDN), which is the domain name of the server protected by the SSL certificate.
True
In software engineering, the term "Microservice" describes independent and self-contained code components that can be put together to form an application.
True
Of the three existing versions of the Simple Network Management Protocol (SNMP), versions 1 and 2 (SNMPv1 and SNMPv2) offer authentication based on community strings sent in an unencrypted form (in cleartext). SNMPv3 provides packet encryption, authentication, and hashing mechanisms that allow for checking whether data has changed in transit (i.e. validation of data integrity).
True
One of the goals behind the mandatory vacations policy is to mitigate the occurrence of fraudulent activity within the company/organization.
True
One of the measures for bypassing the failed logon attempt account lockout policy is to capture any relevant data that might contain the password and brute force it offline.
True
Secure File Transfer Protocol (SFTP) is an extension to the FTP protocol that adds support for the Transport Layer Security (TLS) and the Secure Sockets Layer (SSL) cryptographic protocols.
True
Setting up hot and cold aisles in a server room allows for more efficient management of air flow.
True
The importance of changing default usernames and passwords can be illustrated on the example of certain network devices (such as routers) which are often shipped with default and well-known admin credentials that can be looked up on the web.
True
The term "Mobile hotspot" refers to a type of WLAN that enables network access through a mobile device that acts as a portable WAP.
True
The term "Push notification" is used to describe information delivery from a server to a client performed without a specific request from the client.
True
Unified Extensible Firmware Interface (UEFI) is a firmware interface designed as a replacement for BIOS. UEFI offers a variety of improvements over BIOS, including Graphical User Interface (GUI), mouse support, or secure boot functionality designed to prevent the loading of malware and unauthorized operating systems during the computer startup process.
True
Unlike stream ciphers which process data by encrypting individual bits, block ciphers divide data into separate fragments and encrypt each fragment separately.
True
Which of the IPsec modes provides entire packet encryption?
Tunnel
Which of the following statements does not match a typical description of nation states or state-funded groups identified as threat actors?
Typically classified as an internal threat
Flattery
Using praise to coax a person into providing information
Which of the acronyms listed below refers to a firewall controlling access to a web server?
WAF
Which of the following wireless encryption schemes offers the highest level of protection?
WPA3
A Linux command that allows to create, view, and concatenate files is called:
cat
Which of the following commands in Linux displays the last part (by default its 10 last lines) of a file?
tail
Which of the following fragments of input might indicate an XML injection attack attempt?
... p@$$w0rd</password></user><user><name>attacker</name> ....
What are the characteristic features of the Personal Information Exchange (PFX) and P12 digital certificate format? (Select 3 answers)
.pfx and .p12 file extensions AND Generally used for Microsoft windows servers AND Encoded in binary format
Which of the following answers lists the filename extension of a Microsoft PowerShell script file?
.ps1
Which of the following answers refers to a filename extension used in a cross-platform, general-purpose programming language?
.py
Files with this filename extension are used in a scripting language based on the Microsoft's Visual Basic programming language.
.vbs
What is a PUP? (Select 3 answers)
A type of computer program not explicitly classified as malware by AV software AND A type of software that may adversely affect the computer's security and performance, compromise user's privacy, or display unsolicited ads AND An application downloaded and installed with the user's consent (legal app)
Which of the following are the characteristic features of a session ID? (Select 3 answers)
A unique identifier assigned by the website to a specific user AND A piece of data that can be stored in a cookie, or embedded as an URL parameter AND Stored in a visitor's browser
A rule-based access control mechanism implemented on routers, switches, and firewalls is called:
ACL
Which of the acronyms listed below refers to a set of rules that specify which users or system processes are granted access to objects as well as what operations are allowed on a given object?
ACL
Which of the algorithms listed below does not fall into the category of asymmetric encryption?
AES
Which of the following encryption schemes is used in WiFi Protected Access 2 (WPA2)?
AES-CCMP
For the purpose of encryption, WiFi Protected Access 3 (WPA3) takes advantage of: (Select 2 answers)
AES-GCMP AND AES-CCMP
Which part of the IPsec protocol suite provides authentication and integrity?
AH
Which of the following terms refers to a US government initiative for real-time sharing of cyber threat indicators?
AIS
Which of the acronyms listed below refers to a risk assessment formula defining probable financial loss due to a risk over a one-year period?
ALE
Which of the following answers refers to the correct formula for calculating probable financial loss due to a risk over a one-year period?
ALE = ARO x SLE
Which of the following enables the exchange of information between computer programs?
API
An estimate based on the historical data of how often a threat would be successful in exploiting a vulnerability is known as:
ARO
In quantitative risk assessment, this term is used for estimating the likelihood of occurrence of a future threat.
ARO
An attacker managed to associate his/her MAC address with the IP address of the default gateway. In result, a targeted host is sending network traffic to the attacker's IP address instead of the IP address of the default gateway. Based on the given info, which type of attack is taking place in this scenario?
ARP poisoning
A type of document stipulating rules of behavior to be followed by users of computers, networks, and associated resources is referred to as:
AUP
Which of the following answers refer to the Rule-Based Access Control (RBAC) model? (Select 2 answers)
Access to resources granted or denied depending on Access Control List (ACL) entries AND Implemented in network devices such as firewalls to control inbound and outbound traffic based on filtering rules
In the AAA security architecture, the process of tracking accessed services as well as the amount of consumed resources is called:
Accounting
A type of hierarchical database structure used in Windows Server environments that enables centralized management of users, devices and resources on a network is known as:
Active Directory (AD)
Which of the following statements does not apply to the concept of OSINT?
Active reconnaissance in penetration testing
Which of the following statements describe the function of a forward proxy? (Select 2 answers)
Acts on behalf of a client AND Hides the identity of a client
Which of the physical security control types listed below provides isolation from external computer networks?
Air gap
Restoring data from an incremental backup requires: (Select 2 answers)
All copies of incremental backups made since the last full backup AND Copy of the last full backup
Which of the following statements can be used to describe the characteristics of an on-path attack? (Select all that apply)
An on-path attack is also known as MITM attack AND In an on-path attack, attackers place themselves on the communication route between two devices AND In an on-path attack, attackers intercept or modify packets sent between two communicating devices
The term "Rooting" refers to the capability of gaining administrative access to the operating system and system applications on:
Android devices
Which of the following URLs is a potential indicator of a directory traversal attack?
Any of the above
OpenID Connect is a protocol used for:
Authentication
Which part of the AAA security architecture deals with the verification of the identity of a person or process?
Authentication
Which of the following is an example of a soft authentication token?
Authenticator app
OAuth is an open standard for:
Authorization
Which of the answers listed below refers to the process of granting or denying access to resources?
Authorization
Which of the following answers refers to an open-source forensics platform that allows to examine the contents of a hard drive or mobile device and recover evidence from it?
Autopsy
Which of the following refers to an undocumented (and often legitimate) way of gaining access to a program, online service, or an entire computer system?
Backdoor
Which of the following power redundancy solutions would be best suited for providing long-term emergency power during an unexpected main power source outage?
Backup generator
Which of the following answers refer to compensating security controls? (Select all that apply)
Backup power system AND Sandboxing AND Temporary port blocking AND Temporary service disablement
Which of the following terms is used to describe a text message containing system information details displayed after connecting to a service on a server?
Banner
The practice of connecting to an open port on a remote host to gather more information about its configuration is known as:
Banner grabbing
Which of the following answers describe the features of TOTP? (Select 3 answers)
Based on a shared secret key and current time AND Not vulnerable to replay attacks AND Valid for only one login session
Examples of key stretching algorithms include: (Select 2 answers)
Bcrypt AND PBKDF2
Which cryptographic attack relies on the concepts of probability theory?
Birthday
In cybersecurity exercises, the defending team is referred to as:
Blue team
The practice of sending unsolicited messages over Bluetooth is known as:
Bluejacking
Gaining unauthorized access to a Bluetooth device is referred to as:
Bluesnarfing
A popular, 2.4 GHz short-range wireless technology used for connecting various personal devices in a WPAN is known as:
Bluetooth
A malware-infected network host under remote control of a hacker is commonly referred to as:
Bot
Which of the following applies to a collection of intermediary compromised systems that can be used as a platform for a DDoS attack?
Botnet
What is the function of a C2 server?
Botnet control
An attack against encrypted data that relies heavily on computing power to check all possible keys and passwords until the correct one is found is known as:
Brute-force attack
A situation in which an application writes to an area of memory it is not supposed to have access to is referred to as:
Buffer overflow
A type of exploit that relies on overwriting contents of memory to cause unpredictable results in an application is called:
Buffer overflow
Penetration testing: (Select all that apply)
Bypasses security controls AND Actively tests security controls AND Exploits vulnerabilities
Which of the following answers refers to a cybersecurity control framework for cloud computing?
CCM
Which of the answers listed below refers to a type of metric used for evaluation of a biometric security system's accuracy?
CER
Which of the following answers refers to a nonprofit organization focused on developing globally-recognized best practices for securing IT systems and data against cyberattacks?
CIS
Which of the following answers refers to a U.S. government initiative that provides the details on how to ensure continued performance of essential functions during unexpected events?
COOP
In which of the mobile device deployment models employees can use corporate-owned devices both for work-related tasks and personal use?
COPE
Which of the following solutions allow to check whether a digital certificate has been revoked? (Select 2 answers)
CRL AND OCSP
Which of the following answers refers to a nonprofit organization promoting best security practices related to cloud computing environments?
CSA
Which of the following answers refers to a NIST's voluntary framework outlining best practices for computer security?
CSF
Which of the answers listed below refers to a method for requesting a digital certificate?
CSR
Which of the following answers refer to vulnerability databases? (Select 2 answers)
CVE AND NVD
An industry standard for assessing the severity of computer system security vulnerabilities is known as:
CVSS
A mobile device deployment model in which employees select devices for work-related tasks from a company-approved device list is known as:
CYOD
Which of the following provides physical security measure against laptop theft?
Cable lock
Which memory type provides a CPU with the fastest access to frequently used data?
Cache memory
Which of the following answers refers to an example order of volatility for a typical computer system?
Cache memory -> RAM -> Swap/Pagefile -> Temporary files -> Disk files -> Archival media
Which of the following answers refers to a security solution that allows administrators to block network access for users until they perform required action?
Captive portal
Which of the following terms best describes threat actors that engage in illegal activities to get the know-how and gain market advantage?
Competitors
A type of code that has already been translated from a high-level programming language into a low-level programming language and converted into a binary executable file is referred to as:
Compiled code
Which of the following examples fall into the category of operational security controls? (Select 3 answers)
Configuration management AND Data backups AND Awareness programs
What is the purpose of code signing? (Select 2 answers)
Confirms the application's source of origin AND Validates the application's integrity
While conducting a web research that would help in making a better purchasing decision, a user visits series of Facebook pages and blogs containing fake reviews and testimonials in favor of a paid app intentionally infected with malware. Which social engineering principle applies to this attack scenario?
Consensus
In the context of MDM, the isolation of corporate applications and data from other parts of the mobile device is referred to as:
Containerization
Which of the following terms refers to the concept of virtualization on an application level?
Containerization
Which functionality allows a DLP system to fulfill its role?
Content inspection
The purpose of PCI DSS is to provide protection for:
Credit cardholder data
Which of the following terms best describes threat actors whose sole intent behind breaking into a computer system or network is monetary gain?
Criminal syndicates
Which of the following answers refers to an anti-malware tool that enables automated analysis of suspicious files in a sandbox environment?
Cuckoo
Which of the following terms refers to a modified mobile device equipped with software features that were not originally designed by the device manufacturer?
Custom firmware
Which of the following answers refers to a 7-step military model adopted by Lockheed Martin to identify the phases of a cyberattack?
Cyber Kill Chain
A network protocol providing an alternative solution to the manual allocation of IP addresses is called:
DHCP
A security feature of a network switch that provides countermeasures against rogue DHCP servers is called:
DHCP snooping
A collection of precompiled functions designed to be used by more than one Microsoft Windows application simultaneously to save system resources is known as:
DLL
Which of the following describes an application attack that relies on executing a library of code?
DLL injection
A software or hardware-based security solution designed to detect and prevent unauthorized use and transmission of confidential information outside of the corporate network (data exfiltration) is known as:
DLP
Which of the following acronyms refers to software or hardware-based security solutions designed to detect and prevent unauthorized use and transmission of confidential information?
DLP
Which of the following would prevent using a mobile device for data exfiltration via cable connection?
DLP
Remapping a domain name to a rogue IP address is an example of what kind of exploit?
DNS poisoning
Which of the following is an example of fake telemetry?
DNS sinkhole
A suite of security extensions for an Internet service that translates domain names into IP addresses is known as:
DNSSEC
Replacing password characters in a password field with a series of asterisks is an example of:
Data masking
A wireless disassociation attack is a type of: (Select 2 answers)
Deauthentication attack AND Denial-of-Service (DoS) attack
Which of the following methods provides the most effective way for permanent removal of data stored on a magnetic drive?
Degaussing
A wireless jamming attack is a type of:
Denial-of-Service (DoS) attack
A dot-dot-slash attack is also referred to as:
Directory traversal attack
Netstat is a command-line utility used for: (Select 2 answers)
Displaying active TCP/IP connections AND Displaying network protocol statistics
Which of the following factors has the biggest impact on domain reputation?
Distribution of spam
What are the characteristic features of a transparent proxy? (Select all that apply)
Doesn't require client-side configuration AND Redirects client's requests and responses without modifying them AND Clients might be unaware of the proxy service
A type of cryptographic attack that forces a network protocol to revert to its older, less secure version is known as:
Downgrade attack
SSL stripping is an example of: (Select 2 answers)
Downgrade attack AND On-path attack
Which of the following would add power redundancy on a server box?
Dual-power supply
Which of the terms listed below refer to a product/service that no longer receives continuing support? (Select 2 answers)
EOL AND EOSL
Which part of IPsec provides authentication, integrity, and confidentiality?
ESP
Which of the following answers refers to network traffic within a data center, a.k.a. server-to-server traffic?
East-west
Which of the following solutions would be best suited for situations where response time in data processing is of critical importance?
Edge computing
Which of the following answers refers to a privacy-related security risk connected with public sharing of pictures taken with smartphones?
Embedded geotag
What are the characteristic features of the Distinguished Encoding Rules (DER) digital certificate format? (Select 3 answers)
Encoded in binary format AND .der and .cer file extensions AND Generally used for Java servers
Which of the following answers refer to the P7B digital certificate format? (Select 3 answers)
Encoded in text (ASCII Base64) format AND .p7b file extension AND Generally used for Microsoft windows and Java Tomcat servers
Which of the following answers refer to the Privacy Enhanced Email (PEM) digital certificate format? (Select 3 answers)
Encoded in text (ASCII Base64) format AND .pem, .crt, .cer and .key file extensions AND Generally used for Apache servers or similar configurations
Which of the following terms applies to the concept of confidentiality?
Encryption
Which of the answers listed below refer to examples of technical security controls? (Select 3 answers)
Encryption protocols AND Firewall ACLs AND Authentication protocols
What are the characteristics of TACACS+? (Select 3 answers)
Encrypts the entire payload of the access-request packet AND Primarily used for device administration AND Separates authentication and authorization
An asymmetric encryption key designed to be used only for a single session or transaction is known as:
Ephemeral key
Which of the following answers can be used to describe characteristics of a cross-site scripting attack? (Select 3 answers)
Exploits the trust a user's web browser has in a website AND A malicious script is injected into a trusted website AND User's browser executes attacker's script
Which of the following answers can be used to describe characteristics of a cross-site request forgery attack? (Select 3 answers)
Exploits the trust a website has in the user's web browser AND A user is tricked by an attacker into submitting unauthorized web requests AND Website executes attacker's requests
A private network's segment made available for a trusted third party is an example of:
Extranet
Which of the following answers refers to a rule-based access control mechanism associated with files and/or directories?
FACL
A measure of the likelihood that a biometric security system will incorrectly accept an access attempt by an unauthorized user is known as:
FAR
A software technology designed to provide confidentiality for an entire data storage device is known as:
FDE
A measure of the likelihood that a biometric security system will incorrectly reject an access attempt by an authorized user is referred to as:
FRR
Which of the following answers refers to a tool for creating forensic images of computer data?
FTK imager
Which of the following protocols allow(s) for secure file transfer? (Select all that apply)
FTPS AND SFTP
Which of the block cipher modes listed below provides both data integrity and confidentiality?
GCM
Which of the following regulates personal data privacy of the European Union (EU) citizens?
GDPR
A mobile device's built-in functionality enabling the usage of locator applications is called:
GPS
What is tailgating?
Gaining unauthorized access to restricted areas by following another person
A type of technology that provides control over the usage of a mobile device within a designated area is referred to as:
Geofencing
Which of the following answers refers to a piece of hardware and associated software/firmware designed to provide cryptographic functions?
HSM
What is the name of a network protocol that secures web traffic via SSL/TLS encryption?
HTTPS
Which of the protocols listed below enables remote access to another computer on the network via web browser?
HTTPS
Which of the following terms refers to an environmental control system?
HVAC
A person who breaks into a computer network or system for a politically or socially motivated purpose is usually described as a(n):
Hacktivist
Examples of MFA attributes include: (Select all that apply)
Handwritten signature AND Gait analysis AND GPS reading AND Chain of trust
Which firewall would provide the best protection for an ingress/egress point of a corporate network? (Select 2 answers)
Hardware firewall AND Network-based firewall
Which of the following refers to the contents of a rainbow table entry?
Hash/Password
Which of the following terms applies to the concept of data integrity?
Hashing
Which of the following can be used to validate the origin (provenance) of digital evidence? (Select 2 answers)
Hashing AND Checksums
An administrator needs to adjust the placement of multiple Access Points (APs) to ensure the best wireless signal coverage for the network. Which of the following would be of help while identifying areas of low signal strength?
Heat map
A NIDS/NIPS that detects intrusions by comparing network traffic against the previously established baseline can be classified as: (Select all that apply)
Heuristic AND Anomaly-based AND Behavioral
Which of the statements listed below describe the function of a reverse proxy? (Select 2 answers)
Hides the identity of a server AND Acts on behalf of a server
What is the purpose of steganography?
Hiding data within another piece of data
Which alternate site allows for fastest disaster recovery?
Hot site
Which of the following terms refers to a duplicate of the original site, with fully operational computer systems as well as near-complete backups of user data?
Hot site
Which of the following answers illustrates the difference between passive and active network security breach response?
IDS vs. IPS
Which of the following examples do not fall into the category of physical security controls? (Select 3 answers)
IDS/IPS AND Encryption protocols AND Firewall ACLs
Which of the following answers refers to an IEEE standard that can be implemented in a situation where an Ethernet switch acts as an authenticator for devices that intend to connect to a network through one of its ports?
IEEE 802.1X
The arp command can be used to perform what kind of resolution?
IP to MAC
An IETF specification that defines how IP flow information is to be formatted and transferred from an exporter to a collector is called:
IPFIX
Which of the answers listed below refer to examples of corrective security controls? (Select all that apply)
IPS AND Backups and system recovery AND Alternate site AND Fire suppression system
Examples of protocols used for implementing secure VPN tunnels include: (Select all that apply)
IPsec AND TLS AND L2TP
Which of the answers listed below refers to a short distance, line-of-sight technology used for example in home remote controls?
IR
Which of the following terms refers to a group of experts designated to handle a natural disaster or an interruption of business operations?
IRT
An ISO/IEC standard defining requirements for information security management systems is known as:
ISO/IEC 27001
Which of the following answers refers to an ISO/IEC standard providing code of practice for information security controls?
ISO/IEC 27002
An extension to the ISO/IEC 27001 standard that focuses on privacy data management is called:
ISO/IEC 27701
A situation in which a web form field accepts data other than expected (e.g. server commands) is an example of:
Improper input validation
Which term best describes a disgruntled employee abusing legitimate access to company's internal resources?
Insider threat
Which of the terms listed below describes a programming error where an application tries to store a numeric value in a variable that is too small to hold it?
Integer overflow
Digital signatures provide: (Select 3 answers)
Integrity AND Authentication AND Non-repudiation
A type of private network for a corporation or organization accessible only to its employees or authorized members is referred to as:
Intranet
A type of forensic evidence that can be used to detect unauthorized access attempts or other malicious activities is called:
IoC
An emerging field of innovative technologies, such as wearable tech or home automation is known as:
IoT
Which of the following terms is used to describe the process of removing software restrictions imposed by Apple on its iOS operating system?
Jailbreaking
During a password reminder procedure the system asks security question that covers personal details that should be known only to the user (e.g. user's favorite holiday destination). This type of authentication method is an example of:
KBA
Assigning a unique encrypted key, called a ticket, to each user that logs on to the network is a characteristic feature of:
Kerberos
Which of the following authentication protocols can be used to enable SSO in Windows-based network environments?
Kerberos
A trusted third-party storage solution providing backup source for cryptographic keys is referred to as:
Key escrow
Which of the following are examples of hardware authentication tokens? (Select 3 answers)
Key fob AND RFID badge AND Smart card
Which of the following is an example of spyware?
Keylogger
Which of the following answers refer to the concept of non-persistence? (Select 3 answers)
Last known-good configuration AND Live boot media AND Known state reversion
A collection of commonly used programming functions designed to speed up software development process is known as:
Library
Which of the answers listed below refers to a type of removable storage media that contains a portable, non-persistent OS?
Live boot media
A network hardware or software solution designed for managing the optimal distribution of workloads across multiple computing resources is known as:
Load balancer
Which of the following answers refer to examples of detective security controls (Select all that apply)
Log monitoring AND Security audits AND CCTV AND IDS
Which of the following account management security measures narrows down a user's computer access to specified hours?
Login time restrictions
Which statements best describe the attributes of a script kiddie? (Select 2 answers)
Low level of technical sophistication AND Lack of extensive resources/funding
Which of the following access control models enforces the strictest set of access rules?
MAC
Which of the following fall(s) into the category of Layer 2 attacks? (Select all that apply)
MAC cloning AND ARP poisoning AND MAC flooding AND MAC spoofing
What is the name of a network security access control method in which a 48-bit physical address assigned to each network card is used to determine access to the network?
MAC filtering
An attack that relies on altering the burned-in address of a NIC to assume the identity of a different network host is known as: (Select 2 answers)
MAC spoofing AND MAC cloning
Which of the following answers refers to a dedicated mobile app management software?
MAM
Which of the following facilitates the enforcement of mobile device policies and procedures?
MDM
Which type of software enables a centralized administration of mobile devices?
MDM
Which of the following terms applies to the authentication process?
MFA
Which of the following answers refer to an office equipment that combines the functionality of multiple devices? (Select 2 answers)
MFD AND MFP
A globally accessible knowledge base of Adversary Tactics, Techniques, and Procedures (TTPs) based on observations from real-world attacks is known as:
MITRE ATT&CK
An AI feature that enables it to accomplish tasks based on training data without explicit human instructions is called:
ML
Which of the following answers refer to a general document established between two or more parties to define their respective responsibilities and expectations in accomplishing a particular goal or mission? (Select 2 answers)
MOU AND MOA
A type of agreement that specifies generic terms to simplify the negotiation of future contracts between the signing parties is called:
MSA
Which of the following would be the best solution for a company that needs IT services but lacks any IT personnel?
MSP
Which of the following terms refers to a third-party vendor offering IT security management services? (Select best answer)
MSSP
Which of the following terms is used to describe an average time required to repair a failed component or device?
MTTR
Which of the following answers refers to a sequential-access backup media?
Magnetic tapes
Which of the following answers does not relate to a direct access threat vector?
Malicious URL
Harmful programs used to disrupt computer operation, gather sensitive information, or gain unauthorized access to computer systems are commonly referred to as:
Malware
Which of the following answers refers to a device designed to distribute (and monitor the quality of) electric power to multiple outlets?
Managed Power Distribution Unit (Managed PDU)
A nontransparent proxy: (Select 2 answers)
Modifies client's requests and responses AND Requires client-side configuration
A dedicated storage appliance that can be added to a local network is known as:
NAS
A solution that alleviates the problem of depleting IPv4 address space by allowing multiple hosts on the same private LAN to share a single public IP address is known as:
NAT
Which of the following is a cross-platform log-managing tool?
NXLog
Which of the following tools offers the functionality of a configuration compliance scanner?
Nessus
Which of the following is a Cisco-designed IP traffic collection method that by default does not offer packet sampling?
NetFlow
Which of the following answers refer(s) to wireless threat vector(s)? (Select all that apply)
Network protocol vulnerabilities (WEP/WPA) AND Rogue AP / Evil twin AND Default security configurations AND Vulnerabilities in network security standards (WPS)
In a round-robin load balancing method, each consecutive request is handled by: (Select best answer)
Next server in a cluster
Which of the following terms describes an attempt to read a variable value from an invalid memory address?
Null-pointer dereference
Which of the following terms refers to threat intelligence gathered from publicly available sources?
OSINT
Which type of DDoS attack targets industrial equipment and infrastructure?
OT
Mobile device updates delivered over a wireless connection are known as:
OTA
Which technology enables establishing direct communication links between two USB devices?
OTG
Which of the following terms refers to a nonprofit organization focused on software security?
OWASP
Which of the following answers refer to IMAP? (Select 2 answers)
Offers improved functionality in comparison to POP3 AND Serves the same function as POP3
Which of the following answers refers to a common antenna type used as a standard equipment on most Access Points (APs) for indoor Wireless Local Area Network (WLAN) deployments?
Omnidirectional antenna
Which wireless antenna type provides a 360-degree horizontal signal coverage?
Omnidirectional antenna
Which of the following answers refers to a specification for SEDs?
Opal
Which of the following answers refers to a software library used to implement encrypted connections?
OpenSSL
In forensic procedures, a sequence of steps in which different types of evidence should be collected is known as:
Order of volatility
Which of the following examples fall into the category of managerial security controls? (Select 3 answers)
Organizational security policy AND Risk assessments AND Vulnerability assessments
A security solution that provides control over elevated (i.e. administrative type) accounts is known as:
PAM
Which of the answers listed below refers to an obsolete authentication protocol that sends passwords in cleartext?
PAP
Which of the following answers refers to a solution designed to strengthen the security of session keys?
PFS
The US Health Insurance Portability and Accountability Act (HIPAA) provides privacy protection for: (Select best answer)
PHI
Which of the following acronyms refers to any type of information pertaining to an individual that can be used to uniquely identify that person?
PII
Which of the following fall into the category of MFA factors? (Select 3 answers)
PIN AND USB token AND Retina scan
Which of the following answers refers to a security feature used in Bluetooth device pairing?
PIN code
Which of the following answers refers to a hierarchical system for the creation, management, storage, distribution, and revocation of digital certificates?
PKI
Which of the following answers refers to a deprecated method for implementing Virtual Private Networks (VPNs)?
PPTP
Which of the following acronyms refers to a client authentication method used in WPA2 Personal mode?
PSK
Which cloud service model would provide the best solution for a web developer intending to create a web app?
PaaS
Which of the following can be used as an extension of RAM? (Select 2 answers)
Pagefile AND Swap partition
A technique that allows an attacker to authenticate to a remote server without extracting cleartext password from a digest is called:
Pass the hash
A security administrator configured a NIDS to receive traffic from network switch via port mirroring. Which of the following terms can be used to describe the operation mode of the NIDS? (Select 2 answers)
Passive AND Out-of-band
Which of the following examples meets the requirement of multifactor authentication?
Password and biometric scan
An account policy setting that forces users to come up with a new password every time they are required to change their old password is called:
Password history
Which of the account policy settings prevents users from reusing old passwords?
Password history
The two factors that are considered important for creating strong passwords are: (Select 2 answers)
Password length AND Password complexity
802.1X is an IEEE standard for implementing:
Port-based NAC
According to predictions, the most future-proof cryptographic solution should be:
Post-quantum cryptography
Which of the following is used in data URL phishing?
Prepending
Feigned ignorance
Pretending to be ignorant of a topic in order to exploit the person's tendency to educate
Confidential bait
Pretending to divulge confidential information in hopes of receiving confidential information in return
What are the characteristic features of RADIUS? (Select 3 answers)
Primarily used for network access AND Combines authentication and authorization AND Encrypts only the password in the access-request packet
A type of contactless smart card that can be read at a close range from a reader device is commonly referred to as:
Proximity card
What type of preventive physical access controls would provide a basic means for securing a door access? (Select 2 answers)
Proximity card reader AND Smart card reader
In computer networking, a computer system or an application that acts as an intermediary between another computer and the Internet is commonly referred to as:
Proxy
What is the name of a cloud computing deployment model in which the cloud infrastructure is provisioned for open use by the general public?
Public cloud
Which of the following answers refers to a cross-platform, general-purpose programming language?
Python
Assessment of risk probability and its impact based on subjective judgment falls into the category of:
Qualitative risk assessment
Which of the following solutions is used for controlling network resources and assigning priority to different types of traffic?
Quality of Service (QoS)
A calculation of the Single Loss Expectancy (SLE) is an example of:
Quantitative risk assessment
An emerging field of advanced computing technologies based on the principles of physics is known as:
Quantum computing
Which of the following RAID levels does not offer fault tolerance?
RAID 0
Which of the solutions listed below add(s) redundancy in areas identified as single points of failure? (Select all that apply)
RAID AND Dual-power supply AND Failover clustering AND Load balancing
Which type of Trojan enables unauthorized remote access to a compromised system?
RAT
Group-based access control in MS Windows environments is an example of:
RBAC
Which of the following answers refers to a technology designated as a successor to SMS and MMS?
RCS
A type of formal document that describes the specifications for a particular technology is known as:
RFC
Which of the following wireless technologies enables identification and tracking of tags attached to objects?
RFID
A type of identification badge that can be held within a certain distance of a reader device to authenticate its holder is called:
RFID badge
Which of the following answers refer(s) to (an) example(s) of physical authentication token(s)? (Select all that apply)
RFID badge AND Password key AND Key fob AND Smart card
In Business Continuity Planning (BCP), the maximum tolerable point in time to which systems and data must be recovered after an outage is called:
RPO
Which of the algorithms listed below does not belong to the category of symmetric ciphers?
RSA
Which of the acronyms listed below refers to a maximum tolerable period of time required for restoring business functions after a failure or disaster?
RTO
A dedicated data storage solution that combines multiple disk drive components into a single logical unit to increase volume size, performance, or reliability is referred to as:
Redundant Array of Independent Disks (RAID)
The practice of modifying an application's code without changing its external behavior is referred to as:
Refactoring
Which of the following terms refer to software/hardware driver manipulation techniques? (Select 2 answers)
Refactoring AND Shimming
Which VPN type is used for connecting computers to a network? (Select all that apply)
Remote access AND Client-to-site
Which of the following allows to erase data on a lost or stolen mobile device?
Remote wipe
Hardware RAID Level 1: (Select 3 answers)
Requires at least 2 drives to implement AND Offers improved reliability by creating identical data sets on each drive (failure of one drive does not destroy the array as each drive contains identical copy of the data) AND Is also referred to as disk mirroring
Hardware RAID Level 5: (Select 2 answers)
Requires at least 3 drives to implement AND Offers increased performance and fault tolerance (single drive failure does not destroy the array and lost data can be re-created by the remaining drives)
Hardware RAID Level 6: (Select 2 answers)
Requires at least 4 drives to implement AND Offers increased performance and fault tolerance (failure of up to 2 drives does not destroy the array and lost data can be re-created by the remaining drives)
Which of the following terms relates closely to the concept of residual risk?
Risk acceptance
Disabling certain system functions or shutting down the system when risks are identified is an example of:
Risk avoidance
Which of the following answers refer to an assessment tool used for prioritizing the severity of different risks? (Select 2 answers)
Risk heat map AND Risk matrix
Which of the following answers refers to a document containing detailed information on potential cybersecurity risks?
Risk register
Contracting out a specialized technical component when the company's employees lack the necessary skills is an example of:
Risk transference
Cybersecurity insurance is an example of which risk management strategy?
Risk transference
A collection of software tools used by a hacker to mask intrusion and obtain administrator-level access to a computer or computer network is known as:
Rootkit
An access control model in which access to resources is granted or denied depending on the contents of Access Control List (ACL) entries is called:
Rule-Based Access Control
Which of the answers listed below refers to an XML-based markup language for exchanging authentication and authorization data?
SAML
A dedicated local network consisting of devices providing data access is called:
SAN
Which of the following answers refer to industrial and manufacturing control systems? (Select 2 answers)
SCADA AND ICS
Which of the acronyms listed below refers to a specialized suite of software tools used for developing applications for a specific platform?
SDK
Which of the following answers refer to software technologies designed to simplify network infrastructure management? (Select 2 answers)
SDV AND SDN
A type of mobile OS implementing more strict, Linux-based access security controls is known as:
SEAndroid
Which of the following answers refers to a data storage device equipped with hardware-level encryption functionality?
SED
Which of the following indicates an SQL injection attack attempt?
SELECT * FROM users WHERE userName = 'Alice' AND password = '' OR '1' = '1';
A network protocol for secure file transfer over Secure Shell (SSH) is called:
SFTP
A security solution designed to detect anomalies in the log and event data collected from multiple network devices is called:
SIEM
A technology that enables real-time analysis of security alerts generated by network hardware and applications is known as:
SIEM
A correlation engine used for processing various types of log data into an actionable information is a feature of:
SIEM dashboard
Which of the following answers refers to a protocol used for managing real-time sessions that include voice, video, application sharing, or instant messaging services?
SIP
An agreement between a service provider and users defining the nature, availability, quality, and scope of the service to be provided is known as:
SLA
Which of the following terms refers to an agreement that specifies performance requirements for a vendor?
SLA
Which term describes the predicted loss of value to an asset based on a single security incident?
SLE
Which of the answers listed below refers to a deprecated TLS-based method for securing SMTP?
SMTPS
Which version(s) of the SNMP protocol offer(s) authentication based on community strings sent in an unencrypted form? (Select all that apply)
SNMPv1 AND SNMPv2
Which of the following tools enables automated response to security incidents?
SOAR
What type of spam relies on text-based communication?
SPIM
Which protocol enables secure, real-time delivery of audio and video over an IP network?
SRTP
Which type of exploit allows an attacker to take control over a server and use it as a proxy for unauthorized actions?
SSRF
Which of the following protocols provide protection against broadcast storms and switching loops? (Select 2 answers)
STP AND RSTP
A cloud computing service model offering remote access to applications based on monthly or annual subscription fee is called:
SaaS
Pseudo-random data added to a password before hashing is called:
Salt
Which of the following answers refers to a type of additional input that increases password complexity and provides better protection against brute-force, dictionary, and rainbow table attacks?
Salt
Which of the following provide randomization during encryption process? (Select 2 answers)
Salting AND Initialization Vector (IV)
In computer security, a mechanism for safe execution of untested code or untrusted applications is referred to as:
Sandboxing
What are the countermeasures against VM escape? (Select 2 answers)
Sandboxing AND Patch management
Deliberate false statements
Saying something wrong in the hopes that the person will correct the statement with true information
Denial of the obvious
Saying something wrong in the hopes that the person will correct the statement with true information
The capability of a hardware or software system to process increasing workload without decrease in performance is known as:
Scalability
An attacker impersonating a software beta tester replies to a victim's post in a forum thread discussing the best options for affordable productivity software. A while later, he/she follows up by sending the victim private message mentioning the discussion thread and offering free access to a closed beta version of a fake office app. Which social engineering principles apply to this attack scenario? (Select 3 answers)
Scarcity AND Familiarity AND Trust
A user interface element controlling access to a mobile device after the device is powered on is called:
Screen lock
A lightly protected subnet (previously known as a DMZ) consisting of publicly available servers placed on the outside of the company's firewall is called:
Screened subnet
What are the characteristic features of the secure version of IMAP? (Select all that apply)
Secure Sockets Layer (SSL) AND TCP port 993 AND Transport Layer Security (TLS)
Which of the following answers refer(s) to POP3S encrypted communication? (Select all that apply)
Secure Sockets Layer (SSL) AND TCP port 995 AND Transport Layer Security (TLS)
What are the examples of preventive security controls? (Select 3 answers)
Security guards AND System hardening AND Separation of duties
Which of the following terms applies to the concept of obfuscation?
Security through obscurity
Which SIEM dashboard configuration setting provides a countermeasure against false positive/negative errors?
Sensitivity levels
Which of the answers listed below refers to a concept of having more than one person required to complete a given task?
Separation of duties
In active-passive mode, load balancers distribute network traffic across:
Servers marked as active
Which of the following account types is not designed for an end user use?
Service account
Which of the terms listed below refers to a method that ignores the load balancing algorithm by consistently passing requests from a given client to the same server?
Session affinity
A type of encryption scheme where the same key is used to encrypt and decrypt data is referred to as: (Select 3 answers)
Session-key encryption AND Symmetric encryption AND Secret-key encryption
Which of the following destruction tools/methods allow(s) for secure disposal of physical documents? (Select all that apply)
Shredding AND Burning
Installing mobile apps from websites and app stores other than the official marketplaces is referred to as:
Sideloading
Which type of VPN enables connectivity between two networks?
Site-to-site
Which of the following answers does not refer to an email communication threat vector?
Skimming
Which of the following terms is used to describe the theft of personal data from a payment card?
Skimming
Which of the following answers refers to an example implementation of certificate-based authentication?
Smart card
Which of the following devices best illustrates the concept of edge computing?
Smartwatch
A file-based representation of the state of a virtual machine at a given point in time is called:
Snapshot
What type of backups are commonly used with virtual machines?
Snapshot backups
Which of the following answers refer to smishing? (Select 2 answers)
Social engineering technique AND Text messaging
Which of the following answers can be used to describe the category of technical security controls (Select 3 answers)
Sometimes called logical security controls AND Executed by computer systems (instead of people) AND Implemented with technology
Which of the following terms is commonly used to describe an unsolicited advertising message?
Spam
Phishing scams targeting a specific group of people are referred to as:
Spear phishing
Which of the terms listed below describes a type of VPN that alleviates bottlenecks and conserves bandwidth by enabling utilization of both the VPN and public network links?
Split tunnel
A short list of commonly used passwords tried against large number of user accounts is a characteristic feature of:
Spraying attack
Malicious software collecting information about users without their knowledge/consent is known as:
Spyware
Which of the following allows for checking digital certificate revocation status without contacting Certificate Authority (CA)?
Stapling
Which of the following terms refers to an automated or manual code review process aimed at discovering logic and syntax errors in the application's source code?
Static code analysis
What are the countermeasures against SQL injection attacks? (Select 2 answers)
Stored procedures AND Input validation
A digital certificate which allows multiple domains to be protected by a single certificate is known as:
Subject Alternative Name (SAN) certificate
What are the characteristic features of WPA2/WPA3 Enterprise mode? (Select 3 answers)
Suitable for large corporate networks AND IEEE 802.1X AND Requires RADIUS authentication server
A type of file that an OS uses to hold parts of programs and data files that cannot be stored in RAM due to insufficient memory space is called: (Select 2 answers)
Swap file AND Pagefile
Which type of server is used for collecting diagnostic and monitoring data from networked devices?
Syslog server
An exact copy of the entire state of a computer system is known as:
System image
Which of the following facilitate(s) privilege escalation attacks? (Select all that apply)
System/application vulnerability AND Social engineering techniques AND System/application misconfiguration
Which of the following terms refers to a dedicated transport mechanism for cyber threat information?
TAXII
Which of the following terms refers to an embedded cryptoprocessor that can be found on the motherboards of newer PCs and laptops?
TPM
Which of the following answers list examples of hardware root of trust? (Select 2 answers)
TPM AND HSM
Which of the following describes the behavior of a threat actor?
TTPs
A monitoring port on a network device is referred to as:
Tap
Which of the following answers refers to a Command-Line Interface (CLI) packet-crafting tool?
Tcpreplay
Which of the following tools enables sending custom packets that can be used to evaluate the security of a network device?
Tcpreplay
A common example of channel overlapping in wireless networking would be the 2.4 GHz band used in 802.11, 802.11b, 802.11g, and 802.11n networks, where the 2.401 - 2.473 GHz frequency range is used for allocating 11 channels, each taking up a 22-MHz portion of the available spectrum. Setting up a wireless network to operate on a non-overlapping channel (1, 6, and 11 in this case) allows multiple networks to coexist in the same area without causing interference.
True
A general characteristics of a standard user account is that it provides access to basic system resources but does not allow the user to make system changes.
True
A hash function allows for mapping large amount of data content to a small string of characters. The result of hash function provides the exact "content in a nutshell" (in the form of a string of characters) derived from the original data content. In case there is any change to the data after the original hash was taken, the next time when hash function is applied, the resulting hash value calculated after content modification will be different from the original hash.
True
A network replay attack occurs when an attacker intercepts sensitive user data and resends it to the receiver with the intent of gaining unauthorized access or tricking the receiver into unauthorized operations.
True
A penetration test of a computer system performed without the prior knowledge on how the system that is to be tested works is referred to as a black-box testing.
True
A type of NIDS/NIPS that relies on predetermined attack patterns to detect intrusions is referred to as a signature-based NIDS/NIPS.
True
A type of software that performs unwanted and harmful actions in disguise of a legitimate and useful program is known as a Trojan horse. This type of malware may act like a legitimate program and have all the expected functionalities, but apart from that it will also contain a portion of malicious code that the user is unaware of.
True
As opposed to the simple Denial of Service (DoS) attacks that usually are performed from a single system, a Distributed Denial of Service (DDoS) attack uses multiple compromised computer systems to perform the attack against its target. The intermediary systems that are used as platform for the attack are the secondary victims of the DDoS attack; they are often referred to as zombies, and collectively as a botnet.
True
Authentication process can be based on various categories of authentication factors and attributes. Authentication factors include unique physical traits of each individual such as fingerprints ("something you are"), physical tokens such as smart cards ("something you have"), or usernames and passwords ("something you know"). The categories of authentication attributes include geolocation ("somewhere you are"), user-specific activity patterns, such as keyboard typing style ("something you can do"), revealing something about an individual, e.g. wearing an ID badge ("something you exhibit"), or proving the relation with a trusted third party ("someone you know"). Multifactor authentication systems require implementation of authentication factors from two or more distinct categories.
True
Challenge Handshake Authentication Protocol (CHAP) is a remote access authentication protocol that periodically re-authenticates client at random intervals to prevent session hijacking.
True
Code-signing certificates are used to verify the authenticity and integrity of software. Self-signed certificates have a lower level of trustworthiness, because they are not signed by a Certificate Authority (CA). Computer certificates (a.k.a. machine certificates) are used to prove the identity of devices. S/MIME certificates are used to encrypt and digitally sign email messages. User digital certificates provide improved security during authentication and authorization of individuals. Root certificates are self-signed certificates that identify a root Certificate Authority (CA). Domain validation certificates prove a user's ownership rights to a domain. Extended Validation (EV) certificates provide the highest level of trust and protection.
True
Copies of lost private encryption keys can be retrieved from a key escrow by recovery agents. Recovery agent is an individual with access to key database and permission level allowing him/her to extract keys from escrow.
True
Discretionary Access Control (DAC) is an access control model based on user identity. In DAC, every object has an owner who at his/her own discretion determines what kind of permissions other users can have to that object.
True
Extensible Authentication Protocol (EAP) is an authentication framework frequently used in wireless networks and point-to-point connections. EAP provides an authentication framework, not a specific authentication mechanism. There are many authentication mechanisms (referred to as EAP methods) that can be used with EAP. Wireless networks take advantage of several EAP methods, including PEAP, EAP-FAST, EAP-TLS, and EAP-TTLS.
True
FTP, HTTP, IMAP, POP, SMTP, and Telnet are all examples of cleartext (i.e. unencrypted) network protocols.
True
Implementing full device encryption is one of the methods for securing sensitive data on a smartphone. When enabled, this type of encryption works in conjunction with the phone's screen lock, i.e. to decrypt the phone (which stays encrypted whenever the phone is locked), a user must first unlock the screen. On Android devices, the unlocking methods include entering a PIN, password, or swipe pattern. Apple devices use passcode and biometric fingerprint sensor (a.k.a. Touch ID).
True
In MS Windows environments, Guest account is an account for users who do not have a permanent account on a Windows computer or domain. People using this type of account cannot install software or hardware, change settings, create passwords, or access protected files and folders. However, because the Guest account allows the user to log on to a network, browse the Internet, and shut down the computer, it is recommended to keep it disabled when it isn't being used.
True
In a session replay attack, an attacker steals a valid session ID of a user and resends it to the server with the intent of gaining unauthorized access or tricking the server into unauthorized operations.
True
In a weighted round-robin load balancing method, each consecutive request is handled in a rotational fashion, but servers with higher specs are designated to process more workload.
True
In asymmetric encryption, any message encrypted with the use of a public key can only be decrypted by applying the same algorithm and a matching private key (and vice versa).
True
In client-server model, the term "Thin client" refers to a networked computer equipped with the minimum amount of hardware and software components. As opposed to thick client, which runs applications locally from its own hard drive, thin client relies on network resources provided by a remote server performing most of the data processing and storage functions.
True
In computer networking, the term "Out-of-band management" refers to a network device management technique that enables device access through a dedicated communication channel separate from the network where a given device operates. Managing access can be established either locally by installing an out-of-band management card on the device, or remotely by establishing a dedicated connection to the device with the use of a modem or console router.
True
In computer security, the term "Biometrics" refers to physical characteristics of the human body that can be used for identification and access control purposes.
True
In computer security, the term "Dumpster diving" is used to describe a practice of sifting through trash for discarded documents containing sensitive data. Found documents containing names and surnames of the employees along with the information about positions held in the company and other data can be used to facilitate social engineering attacks. Having the documents shredded or incinerated before disposal makes dumpster diving less effective and mitigates the risk of social engineering attacks.
True
In cryptography, the number of bits in a key used by a cryptographic algorithm is referred to as a key size or key length. The key length determines the maximum number of combinations required to break the encryption algorithm, therefore typically a longer key means stronger cryptographic security.
True
In cryptography, the term "Key stretching" refers to a mechanism for extending the length of a cryptographic key to make it more secure against brute-force attacks.
True
In cryptography, the term "Plaintext" is used to describe data in an unencrypted form.
True
In social engineering, the term "Elicitation" describes the use of casual conversation to extract non-public information from people without giving them the feeling they are being interrogated.
True
In the field of data security, the term "Tokenization" refers to the process of replacing sensitive data with nonsensitive information which holds a reference to the original data and enables its processing but has no value when breached.
True
In web application programming, the term "Backend" typically refers to the part of a computer system or application that is not directly accessed by the user (for example a web server). On the opposite side, "Frontend" means software that can be accessed by the user locally (an example of this would be user's web browser). Code execution and input validation that take place in the backend are referred to as server-side operations, the frontend equivalent of this is known as client-side operations.
True
Installing mobile apps from trusted sources (e.g. Apple's App Store for iOS devices, or Google Play for Android devices) instead of third-party application stores decreases malware-related security risks.
True
Media Access Control (MAC) flooding is a network attack that compromises the security of a network switch by overflowing its memory used to store the MAC address table.
True
MicroSD HSM is an example of a dedicated cryptographic processor residing on a miniature flash memory card. MicroSD HSM can be used to create, manage, and store cryptographic keys on any device with a matching card slot.
True
Multipurpose Internet Mail Extensions (MIME) specification extends the email message format beyond simple text, enabling the transfer of graphics, audio, and video files over the Internet mail system. Secure MIME (S/MIME) is an enhanced version of the MIME protocol that enables email security features by providing encryption, authentication, message integrity, and other related services.
True
Network Access Control (NAC) defines a set of rules enforced in a network that the clients attempting to access the network must comply with. With NAC, policies can be enforced before (pre-admission NAC) and/or after end-stations gain access to the network (post-admission NAC). NAC can be implemented with the use of agent software which can be installed on the client machine permanently (this type of software is referred to as permanent agent) or used only temporarily during checks (this type of software is known as dissolvable agent). Another implementation option is agentless NAC, where checks are performed remotely without the need for any client software agents. In agentless NAC, the client machine is checked by external security device with the use of either passive or active network discovery methods.
True
One of the ways of confirming that a software application comes from a trusted source is the verification of its digital signature. A digitally signed software proves the identity of the developer and guarantees that the application code has not been tampered with since it was signed. The authenticity and integrity of the application's code can be verified by comparing results of a cryptographic hash function (original hash published by the application developer vs. hash obtained from a downloaded app).
True
One of the ways to prevent data recovery from a hard drive is to overwrite its contents. The data overwriting technique is used by drive wipe utilities which might employ different methods (including multiple overwriting rounds) to decrease the likelihood of data retrieval. As an example, a disk sanitization utility might overwrite the data on the drive with the value of one in the first pass, change that value to zero in the second pass, and finally perform five more passes, overwriting the contents with random characters (the Schneier method).
True
Physical and logical network diagrams provide visual representation of network architecture. A physical network diagram contains information on hardware devices and physical links between them. A logical network diagram describes the actual traffic flow on a network and provides information related to IP addressing schemes, subnets, device roles, or protocols that are in use on the network.
True
Private Branch Exchange (PBX) is an internal telephone exchange or switching system implemented in a business or office. PBX allows for handling of internal communications without the use of paid Public Switched Telephone Network (PSTN) service, also known as Plain Old Telephone Service (POTS). A Voice over Internet Protocol (VoIP) PBX, which takes advantage of existing LAN cables, can further reduce costs by removing the need for separate telephone cabling infrastructure in a building or office. VoIP endpoints are specialized hardware devices or application programs that enable VoIP calls from computing devices. VoIP gateways are network devices that convert voice and fax calls, in real time, between an IP network and PSTN/POTS.
True
Rainbow tables are lookup tables used to speed up the process of password guessing.
True
Statement on Standards for Attestation Engagements 18 (SSAE 18) is a standard from the American Institute of Certified Public Accountants (AICPA). The standard defines three types of System and Organization Controls (SOC) audit reports that review different aspects of a company's operations. A SOC 2 audit report provides detailed information and assurance about a service organization's security, availability, processing integrity, confidentiality and/or privacy controls, based on their compliance with the AICPA's TSC (Trust Services Criteria). Furthermore, a SOC 2 Type I audit provides a snapshot of the organization's control landscape in a specific point in time, SOC 2 Type II audit evaluates the effectiveness of controls over a period of time of at least six consecutive calendar months (in simple terms, "SOC" defines the scope of the audit, "Type" defines the time covered during the audit).
True
The "Run as administrator" option in MS Windows allows users with lower-level permissions to perform tasks reserved for system administrators. This feature requires providing Administrator account credentials and temporarily elevates the current user's privileges to perform a given task. A Linux command that temporarily modifies security privileges to allow an execution of a single command that requires root access permissions is called sudo.
True
The difference between static KBA and dynamic KBA is that in the case of static KBA authentication process relies on pre-determined security questions and answers chosen in advance by the user during the account creation process. On the other hand, setting up dynamic KBA does not require user input, i.e. users are not asked to choose security questions during the account creation process. Instead, dynamic KBA relies on various public and private data sources that pertain to the user which makes it a more secure authentication method.
True
The term "Always-on VPN" refers to a type of persistent VPN connection the starts automatically as soon as the computer detects a network link.
True
The term "Anonymized data" refers to data that is made anonymous in such a way that the original subject or person described by the data can no longer be identified. This type of privacy-enhancing technology is used for example during mass population surveys to protect the identity of participants. Pseudo-anonymization (a.k.a. pseudonymization) replaces personal data with artificial identifiers (a.k.a. pseudonyms). The main difference between anonymization and pseudo-anonymization is that in case of the latter the original data can be restored to its original state with the use of additional reference information enabling the identification of the original subject or person the data pertains to.
True
The term "Blockchain" refers to a decentralized digital ledger system (i.e. a specific type of a distributed database) stored across multiple computers in a P2P network.
True
The term "Certificate chaining" refers to the process of verifying authenticity of a newly received digital certificate. Such process involves checking all the certificates in the chain of certificates from a trusted root CA, through any intermediate CAs, down to the certificate issued to the end user. A new certificate can only be trusted if each certificate in that certificate's chain is properly issued and valid.
True
The term "Domain hijacking" refers to a situation in which domain registrants due to unlawful actions of third parties lose control over their domain names.
True
The term "Evil twin" refers to a rogue Wireless Access Point (WAP) set up for eavesdropping or stealing sensitive user data. Evil twin replaces the legitimate access point and by advertising its own presence with the same Service Set Identifier (SSID, a.k.a. network name) appears as a legitimate access point to connecting hosts.
True
The term "Fog computing" refers to a local network infrastructure between IoT devices and the cloud designed to speed up data transmission and processing.
True
The term "Forensic artifact" is used to describe an unintentional trace of an attacker activity that can be identified on a host or network. Forensic artifacts include information that can be extracted from (among other sources) registry keys (applies to MS Windows), event logs, timestamps, web browser search history, or files left in the system trash folder.
True
The term "Intrusion Detection System" (IDS) refers to a device or application designed to detect malicious activities and violations of security policies on a network or computer host. An IDS designed to monitor networks is known as Network Intrusion Detection System (NIDS), an IDS installed on a host monitoring only that host is called Host Intrusion Detection System (HIDS). IDSs do not take any active steps to prevent or stop the intrusion relying only on passive response which may include sending an alert to a management console or saving information about the event in logs.
True
The term "Mantrap" (a.k.a. access control vestibule) refers to a physical security access control system used to prevent unauthorized users from gaining access to restricted areas by following another person. An example mantrap could be a two-door entrance point connected to a guard station wherein a person entering mantrap from the outside remains locked inside until he/she provides authentication token required to unlock the inner door.
True
The term "Measured Boot" refers to a security mechanism first introduced by Microsoft in Windows 8. Measured Boot checks system startup components and stores the resulting boot configuration log in the Trusted Platform Module (TPM). The log is then sent for remote attestation to a trusted server on the network to verify the integrity of the Windows startup process. Measured Boot allows for neutralization of hard-to-detect malware and rootkits which are run before the OS.
True
The term "Metadata" refers to a type of data that provides information about other data, but not the content of the data. This type of data can be viewed, but by default it is not visible to the user. The basic metadata related to email communication comes from email headers and includes detailed information about the sender and recipient of the message as well as the path that a message went through. Examples of mobile device metadata include device model, geolocation, information about the camera used to take a photo, Internet, phone, text messaging, and application usage statistics, as well as metadata from different types of files stored on the device. In web browsing, metadata comes from HTML meta tags placed in the head section of a web page. In case of files, the basic metadata examples include information about the author (e.g. the person who created the file), file type, size, creation date and time, last modification date and time.
True
The term "Multipath I/O" refers to a framework that improves fault tolerance and performance by enabling additional, alternate routes for data that is being transferred to and from storage devices.
True
The term "Password vault" refers to a credential manager program that stores usernames and passwords in an encrypted form. Password vault requires a single master password for accessing a number of different passwords used for different websites or services.
True
The term "Secure cookie" refers to a type of HTTP cookie that has Secure attribute set. The Secure attribute prevents the transmission of a cookie over an unencrypted channel (i.e. the cookie is not sent over HTTP; HTTPS is used instead).
True
The term "URL hijacking" (a.k.a. "Typosquatting") refers to a practice of registering misspelled domain name closely resembling other well established and popular domain name in hopes of getting Internet traffic from users who would make errors while typing in the URL in their web browsers.
True
The term "Unified Threat Management" (UTM) refers to a network security solution, commonly in the form of a dedicated device (called UTM appliance or web security gateway), which combines the functionality of a firewall with additional features such as URL filtering, content inspection, spam filtering, gateway antivirus protection, IDS/IPS function, or malware inspection.
True
The term "VM escape" refers to the process of breaking out of the boundaries of a guest operating system installation to access the primary hypervisor controlling all the virtual machines on the host machine.
True
The term "VM sprawl" is used to describe a situation in which large number of deployed virtual machines lack proper administrative controls.
True
The term "Zero Trust" in the context of network security means that none of the devices operating within the boundaries of a given network can be trusted by default even if they were previously verified.
True
Which of the following answers refers to a software tool that provides a single management interface for mobile devices, PCs, printers, IoT devices and wearables?
UEM
What is the name of a device that can provide short-term emergency power during an unexpected main power source outage?
UPS
Examples of application software designed to selectively block access to websites include: (Select 2 answers)
URL filter AND Content filter
Which of the following physical security controls can be implemented as DLP solution?
USB data blocker
An attacker impersonates a company's managing staff member to manipulate a lower rank employee into disclosing confidential data. The attacker informs the victim that the information is essential for a task that needs to be completed within the business hours on the same day and mentions potential financial losses for the company in case the victim refuses to comply. Which social engineering principles apply to this attack scenario? (Select 3 answers)
Urgency AND Authority AND Intimidation
Which of the following security measures can be used to prevent VM sprawl? (Select 2 answers)
Usage audit AND Asset documentation
What are the characteristic features of a session key? (Select 2 answers)
Used during a single session AND Symmetric key
Examples of static authentication methods include: (Select 2 answers)
User-generated password AND Personal Identification Number (PIN)
Which of the following can be used to verify the identity of a client while establishing a session over TCP port 22? (Select all that apply)
Username and password AND SSH key
Which of the following answers list the characteristic features of the Mandatory Access Control (MAC) model? (Select 3 answers)
Users are not allowed to change access policies at their own discretion AND Labels and clearance levels can only be applied and changed by an administrator AND Every resource has a sensitivity label matching a clearance level assigned to a user
Which of the following enables running macros in Microsoft Office applications?
VBA
In which of the mobile device deployment models a mobile device acts as a terminal for accessing data and applications hosted on a remote server?
VDI
A logical grouping of computers that allow computer hosts to act as if they were attached to the same broadcast domain regardless of their physical location is known as:
VLAN
In cloud computing, users on an on-premises network take advantage of a transit gateway to connect to:
VPC
Which of the answers listed below refers to a dedicated device for managing encrypted connections established over an untrusted network, such as the Internet?
VPN concentrator
Which of the following answers refer to the characteristics of HOTP? (Select 3 answers)
Valid for only one login session AND Based on a cryptographic hash function and a secret cryptographic key AND Not vulnerable to replay attacks
Which of the following mitigates the risk of supply chain attacks?
Vendor/intermediary checks
What type of IP address would be assigned to a software-based load balancer to handle an Internet site hosted on several web servers, each with its own private IP address?
Virtual IP address
An email message containing a warning related to a non-existent computer security threat, asking a user to delete system files falsely identified as malware, and/or prompting them to share the message with others would be an example of:
Virus hoax
The practice of using a telephone system to manipulate user into disclosing confidential information is known as:
Vishing
Which of the following would be of help in troubleshooting wireless signal loss and low wireless network signal coverage? (Select 2 answers)
WAP power level controls AND WiFi analyzer
Which of the wireless security protocols listed below has been deprecated in favor of newer standards due to known vulnerabilities resulting from implementation flaws?
WEP
Which of the following would be the best solution for securing a small network that lacks an authentication server?
WPA3-SAE
A solution that simplifies configuration of new wireless networks by allowing non-technical users to easily configure network security settings and add new devices to an existing network is known as:
WPS
Which of the wireless technologies listed below are deprecated and should not be used due to their known vulnerabilities? (Select 2 answers)
WPS AND WEP
An optimal Wireless Access Point (WAP) antenna placement provides a countermeasure against:
War driving
Examples of deterrent security controls include: (Select 3 answers)
Warning signs AND Lighting AND Login banners
Which of the terms listed below refers to a platform used for watering hole attacks?
Websites
Phishing scams targeting people holding high positions in an organization or business are known as:
Whaling
Which of the following terms fall into the category of authorized hacking activities? (Select 2 answers)
White hat AND Blue hat
In cybersecurity exercises, the role of an event overseer (i.e. the referee) is delegated to:
White team
A penetration test performed by an authorized professional with the full prior knowledge on how the system that is to be tested works is called:
White-box testing
A 2.4/5.0 GHz frequency range wireless network technology implemented in the IEEE 802.11 series of standards is commonly referred to as:
WiFi
Which technology enables establishing direct communication links between two wireless devices without an intermediary Wireless Access Point (WAP)?
WiFi Direct
Which of the following answers refers to a diagnostic tool that can be used for measuring wireless signal strength?
WiFi analyzer
Which digital certificate type allows multiple subdomains to be protected by a single certificate?
Wildcard certificate
Which of the following answers refers to a multi-function disk and binary data editor used for low-level data processing, data recovery, and digital forensics?
WinHex
A type of extended command-line shell and a scripting language designed to simplify administrative tasks in Microsoft Windows is known as:
Windows PowerShell
Which of the following answers refers to an advanced cross-platform packet-capturing tool equipped with a Graphical User Interface (GUI)?
WireShark
The process of planning and designing new WLANs for optimal performance, security and compliance typically involves:
Wireless site survey
A standalone malicious computer program that typically propagates itself over a computer network to adversely affect system resources and network bandwidth is called:
Worm
A type of attack aimed at exploiting vulnerability that is present in already released software but unknown to the software developer is called:
Zero-day attack
Which of the answers listed below refers to an IoT technology designed to provide communication between appliances in a home automation network?
Zigbee
Which of the following fragments of input might indicate an LDAP injection attack attempt? (Select 2 answers)
administrator)(&)) AND search.aspx?name=userName)(zone=*)
Which of the following answers refers to a command-line tool used to download or upload data to a server via any of the supported protocols, such as FTP, HTTP, SMTP, IMAP, POP3, or LDAP?
curl
A Linux command-line utility that can be used in the forensic process for creating and copying image files is called:
dd
Which of the following answers refer to network administration command-line utilities used for DNS queries? (Select 2 answers)
dig AND nslookup
Which of the following tools would be best suited for gathering information about a domain?
dnsenum
A Linux command-line command that enables searching files for lines containing a match to a given text pattern is called:
grep
A Linux command that allows to display the beginning of a file (by default its first 10 lines) is known as:
head
Which of the following enables client-side URL redirection?
hosts
Which of the following answers refers to a command-line tool used for security auditing and testing of firewalls and networks?
hping
The Linux command-line utility for network interface configuration is called:
ifconfig
What is the name of a Windows command-line utility that can be used to display TCP/IP configuration settings?
ipconfig
Which of the following answers refers to a Linux utility for querying and displaying logs that are stored in binary form?
journalctl
Which of the following commands enables adding messages to the /var/log/syslog file in Linux?
logger
Which of the following answers refers to a network debugging and exploration tool that can read and write data across TCP or UDP connections?
netcat
A Linux command-line command for displaying routing table contents is called:
netstat -r
Which of the following command-line tools is used for discovering hosts and services on a network?
nmap
Which network command-line utility in MS Windows combines the features of ping and tracert?
pathping
A command-line utility used for checking the reachability of a remote network host is known as:
ping
Which of the following command-line commands in MS Windows displays the contents of a routing table?
route print
Which of the following answers refers to a cross-platform IP traffic collection method that takes advantage of packet sampling to optimize bandwidth and hardware resources usage?
sFlow
Which of the following tools hides attacker's identity by utilizing a proxy for port scanning?
scanless
Which of the following answers refers to a script file type designed to be run in Unix command line?
sh
Which of the following answers refers to an advanced network exploration and penetration testing tool integrating functionalities from multiple other tools, such as ping, whois, or nmap?
sn1per
Examples of utilities that enable logging of data from different types of systems in a central repository include: (Select all that apply)
syslog AND rsyslog AND syslog-ng AND NXLog
Which of the following are log managing utilities for Unix and Unix-like systems that implement the basic syslog protocol and extend it with additional functionalities? (Select 2 answers)
syslog-ng AND rsyslog
Which of the following is a Command-Line Interface (CLI) packet-capturing tool used in Unix-like operating systems?
tcpdump
Which of the following tools is used for gathering OSINT?
theHarvester
A Linux command-line utility for displaying intermediary points (routers) the IPv4 packet is passed through on its way to another network node is known as:
traceroute
A network command-line utility in MS Windows that tracks and displays the route taken by IPv4 packets on their way to another host is called:
tracert
