Security+ exam questions
An engineer enables event logging on a server. Which type of security did the engineer implement?
Detective
What type of metadata could contain permissions in the form of an Access Control List?
File metadata
Which of the following is TRUE about false negatives in relation to vulnerability scanning tools? (Select all that apply.)
Is not identified and is a high risk
What type of strategy is a blackhole? (Select all that apply.)
Isolation and Containment
Analyze and select the items demonstrating advantages Terminal Access Controller Access-Control System Plus (TACACS+) has over Remote Authentication Dial-In User Service (RADIUS). (Select all that apply.)
It is easier to detect when a server is down. It provides greater flexibility and reliability.
Which team performs the offensive role in a penetration exercise?
Red team
Where might one find operating system files during acquisition? (Select all that apply.)
Cache, Pagefile, and Random-access memory (RAM)
Which threat actor would benefit the most from industry insider knowledge of a recently acquired employee?
Competitor
Companies often update their website links to redirect users to new web pages that may feature a new promotion or to transition to a new web experience. How would an attacker take advantage of these common operations to lead users to fake versions of the website? (Select all that apply.)
Craft phishing links in email. Add redirects to .htaccess files.
An attacker used a dumpster trunk to pick up trash at the home of a successful Chief Executive Officer (CEO). What information gathering techniques is the attacker NOT using in this case? (Select all that apply.)
Credential harvesting and Network reconnaissance
Which attack types are client-side attacks that are impacted by malicious code? (Select all that apply.)
Cross-site scripting and session replay
What does the process of carving refer to?
Data recovery
What identifies the physical location of a device?
Geolocation
Analyze the methods and determine which a technician uses as a non-persistent recovery method on a server using a system baseline.
Rollback to known configuration
New users of an application created for telework purposes must enroll using their work email, cell phone number, and office symbol. Upon completion, a text message is sent to the registered number in order to provide a two-factor authentication. Which authentication method is this?
SMS
A vulnerability database loaded on a scanning tool such as Tenable Nessus will commonly show which of the following properties? (Select all that apply.)
Score and Dictionary
A consumer uses a Samsung SmartThings coordinator to turn on lights in the home and start the dishwasher. Which communications protocol is the hub using?
Zigbee
An IT hobbyist builds a script in Python to scrape web-pages for images. Recommend a command-line tool the hobbyist can use in his script to download the image files to his local drive.
curl
A support technician wants to test a system's connectivity by examining TCP and UDP ports. If the technician requires the ability to test both Linux and Windows systems, which tools qualify? (Select all that apply.)
nmap, netcat, and netstat
Identify which tools would be used to identify suspicious network activity. (Select all that apply.)
tcpreplay, Wireshark, and tcpdump
While designing a new wireless system for deployment, an engineer utilizes the newest security technology available. Analyze the security properties and conclude which will be used. (Select all that apply.)
4-way handshake authentication mechanism with a protocol based on the Diffie-Hellman key agreement. Enterprise authentication methods must use 192-bit AES, while personal authentication can use either 128-bit or 192-bit
At the Windows desktop screen, a user reports a small pop-up window that shows information about a blocked IP (Internet protocol) address before disappearing. The user fears that Internet access dropped. Describe the type of pop-up window the user reported.
A host-based firewall notification
An attacker evaded antivirus detection in a Linux kernel, as multiple threads attempted to write an object at the same memory location. What type of vulnerability did the attacker use?
A race condition
A hacker used a Man-in-the-Middle (MitM) attack to capture a user's authentication cookie. The attacker disrupted the legitimate user's session and then re-sent the valid cookie to impersonate the user and authenticate to the user's account. What type of attack is this?
A replay attack
A junior engineer joins senior level staff in implementing cloud services using infrastructure as code. The junior engineer experiences confusion with playbooks and runbooks. Which options clarify the confusion? (Select all that apply.)
A runbook automates steps of a playbook. A playbook is a checklist of actions.
An attacker exploited a vulnerability on a website frequently visited by a group of bank employees. Once the employees visit the site, the attacker's malware infects their computers. What type of attack did the employees fall for?
A watering hole attack
A user receives access to a company system through the use of a smart card. The user can then access data they have privileges to access. A record of all events the user accomplishes or attempts to is recorded in a log for administrative purposes. What access management policy does this best describe?
AAA (Authentication, Authorization, and Accounting)
A new company implements a datacenter that will hold proprietary data that is output from a daily workflow. As the company has not received any funding, no risk controls are in place. How does the company approach risk during operations?
Acceptance
A Windows firewall rule allows all programs, all protocols, and all ports within a 192.168.0.0/24 subnet to connect to the network. What type of Windows Firewall with Advanced Security is this?
Access Control List
A new administrator completed setting up an admin account on the network. The admin successfully logged on to a remote file server with the new credentials but not on a remote domain controller (DC) server. Determine the most likely cause for not being able to log in to a DC server.
Access policy
An engineer configures server systems to failover in a way that connections are maintained; however, performance is degraded. Evaluate the options and determine which type the engineer configures.
Active/active
Which failover type does an engineer configure so that all nodes are always on?
Active/active
Which of the following attacks would allow an attacker to sniff all traffic on a switched network?
Address Resolution Protocol (ARP) poisoning
A logistics facility provides transportation services globally for many clients. Clients require their planning information to be kept in a secure environment not connected to a network until the needs have been fulfilled. Which of the following solutions would be the most ideal method of meeting this requirement for the company?
Air gap
A Security Information Event System (SIEM) parses network traffic and log data from multiple sensors, appliances, and hosts to implement correlation rules on metrics derived from data sources. SIEM assists the systems admin to detect events that may be potential incidents. Define the term for notifications passed upon detection of a potential incident.
Alerts
Determine the type of code execution policy that would ensure that unrecognized software cannot run.
Allow list
Simulate the hypertext transfer protocol secure (HTTPS) protocol in use.
An encrypted TCP connection protects sensitive banking information during online transmission.
An attacker caused a software program to calculate a value that exceeded the fixed lower and upper bounds, and caused a positive number to become a negative number. What vulnerability did the attacker exploit?
An integer overflow
An accountant inadvertently and unknowingly introduced a malware to the company network by attaching a compromised Universal Serial Bus (USB) media stick to a workstation. Describe the most comparable attributes of this type of threat actor. (Select all that apply.)
An internal threat and Not capable of developing malware
Describe scenarios where containment measures, such as isolation and segmentation techniques, should be taken. (Select all that apply.)
An unauthorized user accesses a server. The investigation of a recent incident is ongoing. A worm has infected a device on the network.
Which of the following is NOT an example of improper or weak application patch management.
Application design flaw
Recommend a strategy for organizing evidence during the e-discovery process of forensic investigation.
Apply tags
A piece of data that may or may not be relevant to the investigation or incident response such as registry keys, files, time stamps, and event logs are known as what?
Artifacts
A government system uses Public Key Infrastructure to enable users to securely exchange data using both a public and private cryptographic key pair that is obtained and shared through a trusted authority. This process most likely describes which of the following?
Authentication application
Failed logins or instances of denial of access to restricted files may be indicators of compromise. Suggest where records of such incidents might be found. (Select all that apply.)
Authentication logs and Security logs
A cloud service provider (CSP) dashboard provides a view of all applicable logs for cloud resources and services. When examining the application programming interface (API) logs, the cloud engineer sees some odd metrics. Which of the following are examples that would concern the engineer? (Select all that apply.)
Average error rate of 78% and Spike in API calls
A threat actor is using which of the following techniques to circumvent the usual authentication method to a remote host?
Backdoor
A start-up company operates all of its web servers and services on a cloud platform using Platform as a Service (PaaS). The company offices run a local domain controller for directory services. Which type of attacks would the cloud service provider consider as cloud-based attacks as opposed to on-premise? (Select all that apply.)
Backdoor to virtual platforms and RAT on web servers
A system administrator ensures that the checksum on the developed code checked into the Nexus repository matches the checksum presented to the customer to ensure the finished product is what was agreed upon. This best represents which of the following processes?
Baseline configuration
List methods of containment that are based on the concept of isolation. (Select all that apply.)
Blackhole, Sandboxing, and Physical disconnection/ air gapping
A small company has set up the domain environment to prevent the installation of a list of prohibited software. Employees received this same list via email. What type of method prevents the installation of specific software on workstations?
Blacklisting
An increase in malware detection, due to certain web browsing activity in the workplace, caused the information systems security office (ISSO) to deploy a unified threat manager on the network. How would this network appliance help reduce malware on client workstations? (Select all that apply.)
Block URLs Block malware Scan web traffic
A company is renovating a new office space and is updating all Cisco routers. The up-to-date Internetwork Operating System (iOS) will provide the best protection from zero-day exploits. What other options could a network administrator configure for route security? (Select all that apply.)
Block source routed packets and message authentication.
A recent attack on the company involving a threat actor from another country prompted the security team to host regular penetration testing exercises. The recent attack involved the IT team as well as human resources because an employee's desktop was breached. In the upcoming exercise, what role would the human resource team portray along with the IT team to simulate the recent attack and its experiences?
Blue team
A network engineer is plugging in new patch cables and wants to prevent inadvertent disruptions to the network while doing so. What will the engineer prevent if a Spanning Tree Protocol (STP) is configured on the switches?
Broadcast storms
An IT department implements a software tool between the company's network and the cloud provider to monitor network traffic and enforce security policies. What software tool was implemented?
CASB (Cloud access security broker)
In a software as a service (SaaS) model, where the organization is responsible for the security and patching of the application and its components, which entity would be responsible for providing security services for the infrastructure?
CSP (cloud service provider)
Which of the following is an example of a vulnerability database that a security administrator can use with Tenable Nessus to assess the security state of servers on the network?
CVE (Common Vulnerabilities and Exposures
A web administrator notices a few security vulnerabilities that must be addressed on the company Intranet. The portal must force a secure browsing connection, mitigate script injection, and prevent caching on shared client devices. Determine the secure options to set on the web server's response headers. (Select all that apply.)
Cache-Control, HTTP strict Transport Security (HSTS), and Content Security Policy (CSP)
In a particular workplace, all user actions are recorded and accounted for. Any time a resource is updated, archived, or a user has their clearance level changed, it must be approved by a root user. Users that leave, arrive, or change jobs (roles) must have their user accounts regularly recertified, and any account changes must be approved by an administrator. What are these measures known as?
Change control
Which attack vector makes it possible for a threat actor to compromise a whole platform with just one account?
Cloud
A company leases access to resources from a service provider as agreed upon in a service level agreement. The company pays only for what is used on a monthly basis. Which of the following computing concepts is being used?
Cloud computing
An organization that is planning a move to the cloud checks to see that the chosen CSP uses a standard method for creating and following security competencies. Which method does the CSP likely implement?
Cloud controls matrix
Which control types does a systems engineer implement when an initial locking mechanism does not perform as expected? (Select all that apply.)
Compensating Preventative
A software developer enables a security feature commonly known as stack protection but does not execute the source code. Which of the following best describes what the developer is using?
Compiler
An IT company purchases a commercial off the shelf (COTS) product that allows for four developers to access and run the product against developed code for vulnerability and threat assessments. An IT audit indicates that five developers have accessed the product. Which of the following best describes what the company is in violation of?
Compliance/Licensing
Define steganography.
Concealing messages or information within other data
Security content automation protocol (SCAP) allows compatible scanners to compare computers with which of the following?
Configuration baseline
A company runs certain applications within isolated cells according to employee job functions to minimize access to resources on the operating system. This type of virtualization is which of the following?
Container
What is the best solution that Enterprise Mobility Management seeks for enterprise workspaces?
Containerization
Which coding automation concept relates to committing and testing updates often?
Continuous integration
A company implements automated tools and processes to increase the visibility and transparency of network activity to mitigate the risk of cyber-attacks and detect application performance issues. Which of the following did the company implement?
Continuous monitoring
A program office provides a mock production environment where users and test agencies can persistently test application code as it is being checked in after development. This practice ensures the product meets user acceptance testing and design goals. Which Agile product does this most likely represent?
Continuous validation
Differential, full, and incremental refer to which of the following when discussing backup types that will not collect open files?
Copy
Two companies are planning to provide their users with easier access to wireless access points at any of the company locations using personal company credentials. The companies will use Extensible Authentication Protocol (EAP) so that users are not required to memorize more passwords. How would a network administrator set up such a wireless network for these users?
Create a RADIUS federation
A user at a company executes a program that displays a threatening message. The message says "files on the computer will remain encrypted until bitcoin is paid to a virtual wallet." Which of the following best describes this type of infection?
Crypto-malware
Which of the following is designed to mitigate losses from cyber incidents such as data breaches, outages, and network damage?
Cybersecurity insurance
Server B requests a secure record exchange from Server A. Server A returns a package along with a public key that verifies the signature. What does this scenario demonstrate?
DNS Security Extensions
The local operational network consists of physical electromechanical components controlling valves, motors, and electrical switches. All devices enterprise-wide trust each other in the internal network. Which of the following attacks could overwhelm the network by targeting vulnerabilities in the headers of specific application protocols?
DNS amplification attack
A cyber security team would like to gather information regarding what type of attacks are occurring on a network. Which of the following implementations would assist in routing information on the attackers to a Honeynet?
DNS sinkhole
Which data governance role is responsible for ensuring compliance with legal and regulatory frameworks specifically related to processing, retention, and/or disclosure of personally identifiable information (PII)?
Data Privacy Officer (DPO)
A small department at a company manages a server, separate from IT, for data access and backup purposes. What role does the department fulfill?
Data custodian
An application processes and transmits sensitive data containing personally identifiable information (PII). The development team uses secure coding techniques such as encryption, obfuscation, and code signing. Which of the following is the development team concerned with?
Data exposure
A Security Information and Event Management (SIEM) system is heavily dependent on which of the following to provide meaningful information about security events and trends?
Data inputs
A visiting consultant to a company fails at trying to copy a file from a shared drive to a USB flash drive. Which security solutions block the file from being copied? (Select all that apply.)
Data loss prevention system (DLP) Endpoint protection platform (EPP)
Which de-identification method does an administrator use when choosing to replace the contents of a data field by redacting and substituting character strings?
Data masking
A retail organization documents a workflow. By doing so, it can supply evidence of why processing and storage of particular fields of customer data are required. What data collection principle does the organization practice?
Data minimization
What is it known as when a particular jurisdiction prevents or restricts processing and storage from taking place on systems that do not physically reside within that jurisdiction?
Data sovereignty
An employee at a financial firm is responsible for ensuring that data is stored in accordance with applicable laws and regulations. What role does the employee have in terms of data governance?
Data steward
A small business was robbed, and several workstations were stolen. The business stored customer data within a plain spreadsheet on one of the stolen workstations. Customer data and other business files are restored from an external hard drive soon after. Describe the issues that the business faced during this trying time. (Select all that apply.)
Data was exfiltrated from the office Business had a privacy breach
As a part of an effort toward a DevSecOps-based approach, a large tech company establishes a dedicated cyber incident response team (CIRT). The objective of the program is to exchange knowledge and insights and to work together to mitigate threats. Considering the team's need for diversity among team members, decide which type of individual they should include.
Decision maker
An application's appliance template virtual machine (VM) is running on the production network. A Linux administrator logs in to the system as the default root account to verify network settings. The appliance was deployed "out of the box" and is running healthy. A security engineer would have some concerns about which of the following configurations? (Select all that apply.)
Default template settings and Log on as superuser
After opening a third branch office in another state, the security team is having difficulty monitoring the network and managing system logs. Using a standard Security Information and Event Management (SIEM) system, what can the team do to better manage these events in a centralized way?
Deploy listeners
In which environment can multiple developers check out software code and include change management processes?
Development
A team lead oversees onboarding new system administrators in an IT company. Part of the process is explaining the complex IT infrastructure. Which of the following configuration management strategies would BEST help the team lead explain the infrastructure?
Diagrams
The IT team has purchased a few devices that are compatible with the Trusted Computing Group Security Subsystem Class called Opal. Which of these device specifications will take advantage of Opal's security features?
Disk encryption
What is the main difference between a disk image and a snapshot?
Disk images include bootloader and OS.
The 802.1x framework establishes several ways for devices and users to be securely authenticated before they are permitted access to LAN (Local Area Network) or WLAN (Wireless LAN). Identify the actual authentication mechanism established.
EAP (extensible authentication protocol)
The client wants to deploy a wireless network that uses a smart card or a certificate that can be installed on the client's PC. Which type of authentication mechanism is most suitable for this task?
EAP-TLS
A tablet uses a key-based technique for encrypting data. It focuses on a pair of public and private keys for decryption and encryption of web traffic using less power than other encryption methods. Which encryption method is this?
ECC (Elliptic curve cryptography)
A cloud service provider informs its consumers that Amazon Linux version 1 products will no longer be supported after 31 December. Consumers using these products must have a plan in place to upgrade to the newest Amazon Linux product, version 2. After the deadline, Amazon Linux 1 products will only receive critical patches. Which of the following best describes the degradation of the product.
EOL (End of life)
An unmanned aerial vehicle is equipped with a component to ensure position and movement sensors are aligned and relays information to a ground control. Which of the following computing devices does this best describe?
Embedded system
Which of the following hardening procedures can protect a multifunction printer from a cybersecurity attack? (Select all that apply.)
Enable logging, Change default password, Delete queued data
A large business works with a consulting group to develop a business continuity plan. The goal of the plan is to provide a potentially uninterrupted workflow in the event of an incident. Examine the descriptions and determine which one matches this goal.
Ensuring processing redundancy supports the workflow
A lack of which of the following measures of disorder can leave a cryptosystem vulnerable and unable to encrypt data securely?
Entropy
A severe tropical storm devastates an island where a small company stores data. Which disaster types have impacted the company? (Select all that apply.)
Environmental and External
An enterprise has recently experienced a severe malware attack. Admin has identified and removed the cause, and they are now checking the systems and bringing them back online. How would one categorize the cause with respect to incident response procedures?
Eradication
A foreign country is planning to target another country to destabilize its economy and upcoming elections. A hacktivist group and government leaders are working together using hybrid warfare tactics to accomplish their goal. What are the most effective methods the foreign country can use to carry out their plan? (Select all that apply.)
Espionage, Fake tweets and soft power
IT discovers a flaw in a web application where it allows queries without encryption. As a result, requests are being spoofed and directories containing private files are viewable. What is happening?
Extensible Markup Language (XML) injection
Which of the following protocols would secure file transfer services for an internal network?
FTPES
Government intelligence has revealed that a foreign entity is planning to cripple a major company to disrupt the economy. Hybrid warfare tactics are inevitable in this case. Which social platform would a foreign malicious group use to effectively spread inaccurate information quickly among unsuspecting family and friends? (Select all that apply.)
Facebook and Twitter
A mobile phone user smiles at the screen of the phone to unlock it for use. Which authentication method is being used?
Facial recognition
A security administrator notices port scanning from an unknown entity on the company infrastructure. The administrator sets up a router to provide erroneous information to be provided in return to protect the system from breach or attack. What is the router providing in response to the scan?
Fake telemetry
An attacker launches a vishing social engineering attack by impersonating a police officer. The attacker calls the victims and tries to exploit this behavior by demanding the victims give the attacker their name and address immediately. This type of attack does NOT demonstrate what type of social engineering principle?
Familiarity/liking
A systems administrator plans to protect a data center with various security controls and safety mechanisms. Which solution does the administrator plan based on a "triangle" principle?
Fire suppression
Devices deployed in a network and that send data to the local area network (LAN) level and process it with an Internet of things (IoT) sensor are which of the following?
Fog computing
A penetration consultant has been tasked to test a company's wireless network on the fifth floor of a commercial building. The consultant is given no privileged information about the network, essentially working in a black box environment. What would the consultant most likely do first to begin the test?
Footprint the environment.
When uploading a picture to a photo web site, it automatically loads the photo onto its interactive world map. How is it possible that the website can read the location of the uploaded picture? (Select all that apply.)
GPS Tagging and Geolocation
A group of junior systems administrators participates in an ethical hacking seminar that allows for advancement and rewards for completing challenges. Which training methods do the administrators experience?
Gamification and Capture the flag
An application requires continuity of operations within a 24 hour period due to the command and control capabilities it maintains. The failover site must be physically separated from the program office and be available within the required timeframe with live data. Which of the following redundancy solutions best meets the failover requirement?
Geographical dispersal
For security purposes, mobile devices at an organization must include location metadata on all applicable data. Which method does the policy mandate?
Geotagging
A basic installation of a web server will require which of the following to allow unauthenticated access?
Guest account
Using Unified Extensible Firmware Interface (UEFI) to boot a server, the system must also provide secure boot capabilities. Part of the secure boot process requires a secure boot platform key or self-signed certificate. Determine which of the following an engineer can use to generate keys within the server using an available Peripheral Component Interconnect Express (PCIe) slot.
Hardware security module
A network administrator can conduct a site survey to find potential placement locations of wireless access points (WAP) using which of the following? (Select all that apply.)
Heat map and WI-FI analyzer
Which account setting in Active Directory Domain Services (AD DS) domain policies must use an administrator set in order to block a certain number of passwords that a user has already used?
History
A healthcare organization was asked to share its data with an analytics company to perform research on patient well-being. Which of the following encryption methods would most likely ensure patient information during analysis?
Homomorphic
A microfabrication company recently suffered a breach of their R&D servers, from which blueprints and proprietary development documents were downloaded. What is likely the most impactful organizational consequence of this breach?
IP-theft
During which stage of the NIST Computer Security Incident Handling Guide's six stages of the incident response lifecycle should stakeholders and the point of contact for the incident response team be notified?
Identification
A military organization is evaluating its disaster recovery plan (DRP) to assess risk and in particular identify any single points of failure. Suggest an initial action for the organizations evaluation.
Identify critical systems and mission essential functions
Which of the following is the service that provisions the user account and processes authentication requests?
Identity provider
A fraudulent credit card purchase is an impact of which of the following?
Identity theft
List the terms that refer to a document that guides investigators to determine priorities and remediation plans by listing the procedures, contacts, and resources available to responders for various incident categories. (Select all that apply.)
Incident Response Plan and Runbook
Specify elements that a playbook should include. (Select all that apply.)
Incident categories and definitions, When to report compliance incidents, and Query strings to identify incident types
The financial staff at an organization works with IT and management to determine the risks associated with currently deployed systems. What measure of risk results from this analysis?
Inherent risk
Which value is the result of a quantitative or qualitative risk analysis?
Inherent risk
Describe an intrusion prevention system (IPS) that also makes it a single point of failure for network traffic if there is no fault tolerance mechanism in place.
Inline appliance
A software developer created a new application, and the software company pressured the developer to release it to the public. Which of the following helps ensure the application is secure before the release? (Select all that apply.)
Input validation error handling Proper authentication and authorization
Recommend a strategy to establish what witnesses were doing at the scene, whether they observed any suspicious behavior or activity, and to gather information about the computer system.
Interview witnesses
2Analyze and select the items demonstrating advantages Terminal Access Controller Access-Control System Plus (TACACS+) has over Remote Authentication Dial-In User Service (RADIUS). (Select all that apply.)
It provides greater flexibility and reliability. It is easier to detect when a server is down.
Which of the following describes a device that only runs administrative protocols such as secure shell (SSH) or remote desktop protocol (RDP) to securely manage application servers in a demilitarized zone (DMZ)?
Jump server
A security administrator protects systems passwords by hashing their related keys. The administrator discovers that this approach does not make the key any stronger or more difficult to crack. Analyze the different security properties and determine which one the administrator implemented.
Key stretching
A threat actor can exploit an unauthenticated access to submit arbitrary directory queries using which type of attack?
LDAP (Lightweight Directory Access Protocol) injection
Which of the following baseband radio technologies support higher bandwidth capacities?
LTE-M
When implementing a native-cloud firewall, which layer of the Open Systems Interconnection (OSI) model will require the most processing capacity to filter traffic based on content?
Layer 7
An organization suffers a breach and learns a lesson in the proper approach of maintaining archived data. An engineer writing a report focuses on which areas? (Select all that apply.)
Lessons learned Retention policies
Which of the following cryptographic algorithm standards is best suited for Internet of Things (IoT) devices?
Lightweight
A large firm uses a non-persistent operating system for its remote users. This allows the employees to access company resources while teleworking. When the computers are turned off, the operating system disappears. Which of the following operating systems is the company using?
Live boot media
What would be the highest concern for an e-commerce company whose top priority is to ensure customers can shop online 24/7?
Loss of availability
Which type of network attack involves asserting the use of an arbitrary hardware address onto a network interface card (NIC)?
MAC cloning
An insider threat gained access to a server room and proceeded with connecting a laptop to the network. The laptop was configured with a spoofed network interface card (NIC) address to remain undetected by the network intrusion detection (IDS) systems. What layer 2 attack can the insider threat perform to disrupt the network?
MAC flooding
A Cloud Service Provider (CSP) outsources the entire cyber security elements to a third party for the infrastructure in which an application resides due to lack of resources. The CSP maintains responsibility of the environment and attributes. What is this an example of?
MSSP (Managed Security Service Provider)
Which type of certificate does Secure Multipart Internet Message Extensions (S/MIME) NOT use to sign a message? (Select all that apply.)
Machine certificate, root certificate, and user certificate
An employee has authorized access to the company's system and intentionally misused the data from that system. What type of attack has occurred?
Malicious insider threat
A company allows the use of corporate apps on employee-owned mobile devices. Mobile application management (MAM) services make this possible. Examining the list of available enterprise mobility management (EMM) features in today's market, which of the following would NOT be available for use in this case? (Select all that apply.)
Manage camera use and ability to remote wipe
A system engineer can monitor and control voltage factors in a data center. The engineer can make critical decisions on the center's energy consumption and load balancing. Which device is the engineer likely using to make these decisions?
Managed PDUs (Managed power distribution unit)
An engineer configures a security control that oversees and monitors other controls for effectiveness. Which category of control does the engineer utilize?
Managerial
Which boot integrity concepts utilize the trusted platform module (TPM)? (Select all that apply.)
Measured boot and boot attestation
Two organizations plan on forming a partnership to provide systems security services. Part of the onboarding requirements for both sides includes a mutual understanding of quality management processes. Which approach details this requirement?
Measurement systems analysis (MSA)
A security firm and an organization meet and agree to begin a business relationship. While a contract is not in place yet, what do the parties use to maintain confidentiality and as an intent to work together?
Memorandum of understanding (MOU)
Mobile engineers are designing a phone that can support internal key-pair certificates for authentication and encryption/decryption capabilities for an internal organization or corporation. Which component may the engineers want to include in the design of this phone?
MicroSD HSM
What protocol alters public IP addresses to private IP addresses and vice versa, in an attempt to protect internal computers from the Internet?
NAT (Network addressing protocol)
Which of the following wireless technologies does not provide encryption and is known as a "bump"?
NFC (Near Field Communication)
Which of the following will reduce the risk of data exposure between containers on a cloud platform? (Select all that apply.)
Namespaces and Control groups
Information security and cybersecurity tasks can be classified into five functions. Which regulatory concept or entity relates to these functions?
National Institute of Standards and Technology (NIST)
Which of the following are common constraints of embedded systems? (Select all that apply.)
Network range, Cryptography capability, and Compute power
A network administrator is installing a device that uses redundant array of inexpensive disks (RAID) technologies for redundancy and provides employees remote access so that files can be accessed anywhere. The device does not require licensing and stores data at the file level. Which device is the employee likely installing in the infrastructure?
Network-attached storage (NAS)
Determine a solution that can combine with a cloud access security broker (CASB) to provide a wholly cloud-hosted platform for client access?
Next-generation secure web gateway
Select the tools that do any form of network scanning, such as port scanning, IP scanning, etc. (Select all that apply.)
Nmap, ping, and Netcat
A company stages its computing power in a centralized environment. All workstations run off of one desktop hosted in the data center. When the admin makes changes at individual workstations, the changes only get saved locally, until a user signs off, and the system then reverts back to the previous state. What technology does this represent?
Non-persistent VDE
What is the term describing a point in an investigation during which the suspect cannot deny his involvement?
Non-repudiation
Which of the following is NOT a critical profiling factor when assessing the risk that any one type of threat actor poses to an organization?
Non-repudiation
A European company that offers subscription services has recently experienced a data breach wherein private data, including personally identifiable information (PII), was compromised. What step should be taken by the company to avoid regulatory fines or lawsuits?
Notify those affected by the breach
There are several ways to check on the status of an online certificate, but some introduce privacy concerns. Consider how each of the following is structured and select the option with the best ability to hide the identity of the certificate requestor.
OCSP stapling
An aviation tracking system maintains flight records for equipment and personnel. The system is a critical command and control system that must maintain an availability rate of 99% for key parameter performance. The cloud service provider (CSP) guarantees a failover to multiple zones if an outage occurs. In addition to the multi-zonal cloud failover, what other backup solution could the system invest in order to maintain data locally?
Offline
Which of the following is TRUE about a certificate authority (CA) in a hierarchical model as opposed to a single CA model? (Select all that apply.)
Offline CA is a best practice and Intermediate CA issue certificates
A file system audit shows a malicious account was able to obtain a password database. The malicious account will be able to use the information without interacting with an authentication system. What type of attack will the malicious account be able to perform on systems?
Offline password attack
A company's infrastructure and resources are set up in a vault on the second floor of a building. The company is responsible for maintaining services and equipment. Which of the following best describes the company's cloud concept?
On-premise
The company's current network utilizes EAP-TTLS (EAP-Tunneled TLS) for supplicant clients connecting to the network. Newer model devices and systems are deployed on the network and are not compatible with EAP-TTLS. These systems require MS-CHAPv2 for authentication. Which of the following options will support these new systems?
PEAP
A user notices several new icons for unknown applications after downloading and installing a free piece of software. IT support determines that the applications are not malicious but are classified as which type of software?
PUPs (Potentially unwanted programs)
Describe what distinguishes tabletop training from walkthrough training.
Participants describe their course of action, using no computer equipment.
Password lockout commonly prohibits users from logging in after a number of failed password attempts. While this practice may protect against unauthorized users gaining access to valid user login information, what disadvantages could implementing this practice create for an organization? (Select all that apply.)
Password lockout increases the workload for security management. Password lockout is vulnerable to Denial of Service (DoS) attacks.
Conclude what type of data has high trade values in black markets, is often anonymized or deidentified for use in scientific research, and when compromised, can lead to its use in blackmail or insurance fraud, as well as cause reputational damage to the responsible organization.
Personal health information (PHI)
Customers receive a seemingly genuine email from their trusted bank, informing them that their password needs updating. However, when authenticating, an attacker captures the customers' credentials. What kind of attack did the bank customers experience?
Phishing
An application user receives an automated message after an attempt to login to a company application to verify activity. Which form of two-factor authentication is this?
Phone call
Which penetration technique allows a tester to bypass a network boundary and compromise servers on an internal network?
Pivot
A basic dictionary attack includes using which of the following?
Plaintext
An attacker is preparing a phishing email mimicking the contents of a legitimate company email. The email will include a fake invoice to request payment for medical services and an email address that looks convincing. What can the attacker modify on the email to make it more convincing?
Prepend "RE:" to the subject line.
An organization remodels an office which results in the need for higher security during construction. Placing a security guard by the data center utilizes which control types? (Select all that apply.)
Preventative and Operational
A risk management implementation begins with which of the following characteristics? (Select all that apply.)
Prioritization, Identification, and Classification
After software testing activities have been completed, a system administrator moves the .war file to an environment that allows end users to access the application. Which environment is the completed software being deployed to?
Production
A systems admin deploys a new infrastructure for an organization. Examine the given descriptions and determine which applies to the technology used with the LDAP protocol.
Provides privilege management and authorization
Verify the terminology that describes the action of isolating a system or file in order to contain a worm or virus.
Quarantine
Identify security control options that can be categorized as "corrective." (Select all that apply.)
Quarantine of infected hosts Containment of the threat
IT management wants to make it easier for users to request certificates for their devices and web services. The company has multiple intermediate certificate authorities spread out to support multiple geographic locations. In a full chain of trust, which entity would be able to handle processing certificate requests and verifying requester identity?
RA (Registration Authority)
A Local Area Network (LAN) is set up with an Authentication, Authorization, and Account (AAA) server. The AAA server allows remote supplicants to access the LAN through a Network Access Point (NAP). Which of the following best describes the type of remote authentication solution that is set up on the LAN?
RADIUS (Remote Authentication Dial-in User Service)
A connection cannot be established during a network connection test of a newly deployed WAP (Wireless Access Point) in WPA2 Enterprise (Wi-Fi Protected Access) mode. After checking the wireless controller, the 802.1x option was selected, but another configuration setting did not save. Apply knowledge of the network connection process to determine which of the following did not save.
RADIUS server settings
Evaluate the following properties and determine which set relates to Domain Name System Security Extension (DNSSEC).
RRset, Signing key
Identify the most volatile form of memory.
Random Access Memory (RAM)
A cardiovascular patient is sent home with a monitoring device that records and sends data to a healthcare provider when triggered by abnormal cardiac activity. Response time to the data is critical to patient health. Which embedded platform is the medical device using?
Real-time
Choose the components a threat actor may use to set up a distributed denial of service attack (DDoS) on a local network. (Select all that apply.)
Remote access trojan, Command and control, and Botnet
Which attack vector would an insider threat use to effectively install malicious tools on specific sets of servers for backdoor access? (Select all that apply.)
Removable media and Direct access
A hardware manufacturer has designed a smart-device for consumers to use at home. The device responds to voice commands and has interactivity with a mobile application. After several months on the market, the manufacturer discovered that the device collected personal data without consent. This caused a negative impact on sales of the device. As a result of the privacy issue, lost sales, and bad product reviews, what type of impact has occurred to the manufacturer?
Reputation
A capability delivery manager adds a configuration management plan, a failover plan, and a risk assessment to a program's documentation inventory. Which of the following best describes what controls the manager is addressing?
Response and recovery
Sometimes data is archived after it is past its usefulness for purposes of security or regulatory compliance. What is this called?
Retention
A vendor ensures that each Internet of Things (IoT) device produced uses random, unique cryptographic keys in accordance with the established certificate and key management practices found in The National Institute of Standards and Technology (NIST) publications. Which of the following constraints is the vendor preventing?
Reuse
A system administrator applies a Windows patch to the virtual machines (VM) in a virtual desktop infrastructure (VDI). After the patch is complete, the VMs no longer authenticate with the server. Which of the following is the best next step to take for the system administrator?
Revert to last known good configuration.
An electronic company wants to begin developing a better and faster way to transfer data and power devices over a single cable for general consumer use at home and via the internet. The engineers will need to review current best practices on how data and power are transferred on the wire today. Which of the following activities will provide these engineers with the best information that will support the project?
Review Request for Comments (RFC).
Recommend an immediate response that does not require generating new certificates in a scenario where an attacker has compromised a host on a network by spoofing digital certificates.
Revoke the host's certificate
A company shares an external drive that allows members to collaborate documentation and products to work simultaneously. The CIO enforces a rule that some users can download files to their local desktop while others can only view files. This is an example of which type of data protection?
Rights management
A global corporation assesses risk appetite and how risks in various regions could influence mission-critical operations. They are assessing compliance with local laws and licensing requirements to prevent financial risk or resolve security risks, and changing the risk posture and implementing risk controls to compensate. Conclude what type of assessment the team is performing.
Risk control assessment
After reading an article online, a business stakeholder is concerned about a risk associated with Denial of Service (DoS) attacks. The stakeholder requests information about what countermeasures would be taken during an attack. Where would the security analyst look to find this information?
Risk register
Users in a company complain that they cannot reach internal servers when using WiFi. IT discovers that the SSID of the broadcasted network is similar to the company's but is not legitimate. IT plans on searching the network to remove which disruptive technologies? (Select all that apply.)
Rogue access point and Evil twin
Which wireless configuration provides the most up-to-date and secure way of connecting wireless devices to an office or home network? (Select all that apply.)
SAE (Simultaneous Authentication of Equals) and WPA3( Wi-FI Protected Access 3)
A company requires a means of managing storage centrally and the ability to share the storage with multiple hosts where users can access data quickly and with little to no latency. Which of the following storage architectures would best meet the company's needs?
SAN (storage area network)
An electrical cooperative startup needs the ability to monitor energy use, collect data taken from the monitoring, and use the data to lower costs and energy waste. Which component of an industrial control system (ICS) would be the best solution for the cooperative?
SCADA (Supervisory control and data acquisition)
A system administrator is implementing an attribute-based access control (ABAC) virtualization technology to route network traffic instead of using routers and switches. Which of the following best describes what the administrator is implementing?
SDN
A company wants to implement a control model that dictates access based on attributes. The company would like to reconfigure the network by making changes from executable files instead of physically reconfiguring. Which of the following should the company implement?
SDN ( Software defined network)
A system administrator moves a file from a server to a client using Secure Shell (SSH) over port 22. Compare the protocols for file transfers to deduce the protocol utilized.
SFTP (Secure File Transfer Protocol)
An employee can conduct meetings using a corporate owned personally enabled mobile (COPE) device while on a company related work trip. The service for the device is provided by Verizon Wireless. What component of the device authenticates the device to the provider?
SIM
Evaluate the attack types and determine which are used when a high-level executive is targeted via a suspicious text message. (Select all that apply.)
SMiShing and Whaling
A network uses a framework for management and monitoring that uses the Data Encryption Standard (DES) and the Advanced Encryption Standard (AES), which encrypts the contents of traps and query responses. Analyze the types of protocols available for management and monitoring, then deduce the protocol utilized.
SNMPv3
A security consultant recently audited a company's cloud resources and web services. The consultant found ineffective secrets management and a lack of input validation mechanisms. What type of attack would the company's cloud resources be susceptible to at its current state? (Select all that apply.)
SQL injection, Resource exhaustion, and API attack
Finance representatives at an organization meet professional standards by providing reports that are highly detailed and designed to be restricted. As members of the American Institute of Certified Public Accountants (AICPA), which standards do the finance representatives follow?
SSAE SOC 2 Type II
A financial institution uses File Transfer Protocol Secure (FTPS) to transmit personally identifiable information (PII) to a receiving institution. Which encryption method would best be suitable for protecting the confidentiality of the information in transit?
SSL/TLS (Secure Socket Layer/Transport Layer Security)
Cuckoo is a software package that provides a system configuration allowing the system to be completely isolated from its host. It provides a safe environment for potentially dangerous research, such as on malware, while recording file system and registry changes, as well as network activity. What is this type of isolated system called?
Sandbox
A company desires a basic protocol for email. The owner requested that a local system store and manage email for each user. Compare the various mail protocols and recommend the best solution for the company.
Secure Post Office Protocol v3
The virtual teleconference room has a Session Initiation Protocol (SIP) endpoint for communication with remote branch offices. Company policy requires the VTC components use secure session and call data before others can use it. Which of the following protocols will provide encryption for the call data?
Secure Real-Time Transport Protocol (SRTP)
A system administrator has a file on a Linux server that needs transferring to a client. While working on the client, what tool will the system administrator likely use to complete this task?
Secure Shell
Which resource can help for a cloud consumer to evaluate a cloud service provider as services relate to integrating on-premise controls?
Security guidance
A gray hat hacker will perform which of the following when using hacking techniques on an organization or software? (Select all that apply.)
Seek a bug bounty Cleanup evidence
A data exfiltration attack at a well-known retail company exposes a great deal of private data to the public. A portion of the data details the CEO's political and religious affiliations. When considering data classification types, which has been exposed?
Sensitive
How does the General Data Protection Regulations (GDPR) classify data that can prejudice decisions, such as sexual orientation?
Sensitive
Routine analysis of technical security controls at an organization prompts a need for change. One such change is the addition of Network Intrusion Detection System (NIDS) technology. A firewall that supports this function is on order. Considering how the organization will implement NIDS, what other technology completes the solution?
Sensors
An organization receives numerous negative reviews on social media platforms in response to a recent public statement. Experts use machine learning to identify any threatening language. Which approach do the experts use to identify security risks?
Sentiment analysis
How might responsibilities be divided among individuals to prevent abuse of power in an organization?
Separation of duties
How can an attacker exploit the lack of authentication between the internal services (e.g., implicit trust) of a web host to steal service account credentials?
Server-side request forgery
A cloud service provider (CSP) offers an organization the ability to build and run applications and services without having to manage infrastructure such as provisioning, authentication, and server maintenance. This offering reduces overhead and allows the organization to focus on the product being built. What type of design pattern is this?
Serverless architecture
In regards to performing forensic investigation in public clouds, what document would contain the right to audit clause, giving the investigator the authority to audit files on the network? ANSWER
Service-level agreements (SLA)
A user calls to request assistance connecting to the company's free guest Wi-Fi access point. The user is selecting the correct "Guest WIFI" wireless name from a brand new Windows 10 laptop. How can the user gain proper access to the Internet?
Sign on to the web portal
What is an antivirus and anti-malware software capable of doing to protect a computer system? (Select all that apply.)
Signature-based detection and Detect Trojans
Select the type of incident response exercise that involves recreating system interfaces or using emulators to allow students to practice configuration tasks, or even practice with other trainees to mimic real-time attack scenarios
Simulations
Select the type of incident response exercise that involves recreating system interfaces or using emulators to allow students to practice configuration tasks, or even practice with other trainees to mimic real-time attack scenarios.
Simulations
List methods of containment based on the concept of segmentation. (Select all that apply.)
Sinkhole and Honeynet
An attacker installed a fraudulent Radio Frequency ID (RFID) reader to steal credit card numbers any time someone used a card to make a purchase. What type of attack does this describe?
Skimming
Employees use a two-factor authentication (2FA) method to log into company resources. The employees combine something they have with something they know. Which 2FA method is most likely being used to verify employee credentials?
Smart card
A developer uses a prepackaged set of tools that includes documentation, application programming interfaces (APIs), code samples, and libraries to easily integrate an application with the company Linux operating system. Which secure coding process is the developer using?
Software development kit (SDK)
A security engineer for a tech firm tests authentication mechanisms for multi-factor authentication. Which personality trait-based solution does the engineer test?
Something you exhibit
A user receives multiple emails daily from various vendors and companies. The emails seem legitimate but are overly excessive. What is the user most likely receiving?
Spam advertisements
A cloud customer prefers separating storage resources that hold different sets of data in virtual private clouds (VPCs). One of those data sets must comply with the Health Insurance Portability and Accountability Act (HIPAA) guidelines for patient data. How should the customer configure these VPCs to ensure the highest degree of network security?
Split segments between VPCs.
Which attack is a brute-force type that mixes common passwords with usernames?
Spraying
A test team performs an in-depth review of completed code and analyzes its compatibility with the environment it will be deployed to. Which of the following environments is the test occurring in?
Staging
Which of the following practices would help mitigate the oversight of applying coding techniques that will secure the code of an internal application for a company?
Static code analysis
Teams of security experts are preparing for a penetration exercise using a white box environment. The activities will be monitored in an isolated environment in the company's local datacenter. What would be the appropriate rules of engagement for this exercise? (Select all that apply.)
Steal files from file server A. Do not access production network.
Which aspect of certificate and key management should an administrator consider when trying to mitigate or prevent the loss of private keys?
Storage
A company provides smartphones to their employees. IT administrators have the ability to deploy, secure, and remove specific applications and data from the employees' smartphones. Analyze the selections and determine how IT can perform this type of control.
Storage segmentation
A stratum 2 time server obtains routinely updated time to ensure accuracy. Evaluate the Network Time Protocol (NTP) and conclude which device provided the updates.
Stratum 1
What purpose does the Linux utility grep serve?
String-match search using regex syntax
Which certificate attribute describes the computer or machine it belongs to? (Select all that apply.)
Subject alternate name and common name
A recent attack on a major retail chain reported that customers' private information, including credit card information, was stolen. The report explained that a heating, ventilation, and air conditioning (HVAC) contractor copied the information to an external hard drive while servicing an air conditioner unit, and later uploaded the data to a cloud storage resource. A security engineer would classify this type of attack as which of the following?
Supply chain attack
Which type of service account has the most privileges?
System
A company uses a DevSecOps approach for developing and maintaining software. In one environment, developers complete penetration and vulnerability scanning to ensure the system is free of bugs and coding errors early on. Which of the following best describes this environment?
Test
What are the main features that differentiate the Test Access Point (TAP) from a Switched Port Analyzer (SPAN)? (Select all that apply.)
Test access point (TAP) is a separate hardware device. Test access point (TAP) avoids frame loss.
A user cannot install an app from Google Play, referred to by a colleague. The user downloads the .apk file from a website and successfully installs the app. This process is known as sideloading. What are valid security concerns for installing software on a mobile device from a website rather than an app store? (Select all that apply.)
The .apk file may be a malicious software. The website may have an outdated version.
Identify the concepts that function as alternatives to kill chain life cycle analysis in threat intelligence. (Select all that apply.)
The Diamond Model of Intrusion Analysis and MITRE ATT&CK
An organization wants to implement a certificate on a website domain. The organization prepares for a rigorous check to prove its identity using extended validation. Evaluate the options and conclude why the certificate would not be issued.
The domain uses a wildcard.
In what way does Challenge Handshake Authentication Protocol (CHAP) protect against replay attacks?
The handshake is repeated with different challenge messages periodically throughout the session connection.
A company is looking into integrating on-premise services and cloud services with a cloud service provider (CSP) using an Infrastructure as a Service (IaaS) plan. As a cloud architect works on architectural design, which of the following statements would NOT apply in this case?
The provider is responsible for the availability of the software.
Auditing SIP (Session Initiation Protocol)-based VoIP logs can reveal evidence of Man-in-the-Middle attacks. When handling requests, what do the call manager and any intermediate servers add to the SIP log file?
Their own IP address
Which of the following is a computer that uses remote desktop protocol to run resources stored on a central server instead of a localized hard drive and provides minimal operating system services?
Thin client
Users are only allowed to work in the office. Account policies must provide login security measures. So, users are only working during normal business hours. Identify the policy that establishes the maximum amount of time an account may be logged in for at the workplace?
Time-based login policy
Unlike transport layer security (TLS), internet protocol security (IPSec) can use two modes. One mode encrypts only the payload of the IP packet, leaving the IP address unencrypted. The other mode encrypts the whole IP packet and adds a new IP header. What are these modes? (Select all that apply.)
Transport and Tunnel
Flow analysis tools, such as IPFIX or Netflow, collect metadata about network traffic without capturing each frame. Evaluate the type of analysis that uses these tools.
Trend analysis
A company that maintains a classified environment staffs the front entrance with a person to review credentials and a person to verify authorized access. Employees must pass through a faraday cage before being allowed into the classified area. Which type of physical security does this best represent?
Two-person control
A malicious actor successfully registered a domain called support247.onmicrosoft.com. This domain will be used to send emails to users to convince them to click the included links and attached files. Which social engineering technique is the malicious actor specifically using in this case?
Typosquatting
Investigators perform analysis on a breached system. When looking at data timestamps, what should be noted about any time offset? (Select all that apply.)
UTC time and Daylight savings time
Which of the following are examples of weak patch management for operating systems and device firmware in a classified network? (Select all that apply.)
Undocumented processes and Non-centralized deployment
Multiple private data sources ingest pictures to a machine learning tool on Google Cloud Platform to find specific species of butterflies. The pictures are tagged by creator names in the company before being loaded onto the various data source locations. What type of security solution can the IT team implement to prevent tainted training data from getting to the machine learning tool? (Select all that apply.)
Use SOAR (security orchestration, automation, and response) to check picture properties. and Keep ML (Machine Learning) algorithm a secret
A system administrator teaches a class to junior technicians on the principles of web server hardening. Recommend the principles to include in the training. (Select all that apply.)
Use SSH for uploading files, Use the configuration templates provided, and Secure a guest account.
Select viable methods of investigation in the case of authentication attacks. (Select all that apply.)
Use a SIEM dashboard to identify suspicious trends in user traffic. Search application logs for use of unauthorized applications. Compare authentication logs with security and network logs.
Today's hackers are keen on knowing that security teams are actively hunting for threats on the network. Hackers may use resources to trigger a diversion to keep threat hunters busy, while another attack is initiated to carry out the primary objective of the planned penetration attack. How can a security team best circumvent this strategic hacking technique?
Use a defensive maneuver.
The RADIUS server is down, and employees need immediate access to Wi-Fi routers in the office building. The WAPs (Wireless Access Points) service smartphones and tablets. After disabling Enterprise mode, how will users connect to the WAPs?
Use a pre-shared key
Suggest a way to maximize the integrity of the analysis process to ensure non-repudiation is possible. (Select all that apply.)
Use a write blocker during analysis to prevent data from being changed.
A company with offices in multiple countries deployed a cyber threat intelligence (CTI) appliance in the cloud to detect network attacks. The security team examined last week's data and spent a significant amount of time trying to better predict future attacks and ways to improve security. How can the team take advantage of cloud resources to better analyze these threats?
Use artificial intelligence
Security admins are evaluating Windows server vulnerabilities related to Dynamic Link Library (DLL) injections. Modern applications are running on these Windows servers. How would an attacker exploit these vulnerabilities? (Select all that apply.)
Use malware with administrator privilege. Evade detection through refactoring.
Consider conditional access to a system and determine which options fit the criteria. (Select all that apply.)
User Account Control (UAC) and Sudo restrictions
A threat actor logs in to a website as a free user and submits a request for a file. The request references the parent directory of the web server. This injection attack is successful by using a canonicalization attack to disguise the nature of the malicious input. How was the threat actor able to retrieve the file?
Using a directory traversal attack.
A user reported that their Excel spreadsheets delete everything except the active sheet when running a recorded task called "Unhide worksheets" on a workbook. Command prompts have also been popping up on the Windows workstation when it restarts. If the workstation was legitimately compromised, how would an attacker maliciously reconfigure a recorded task on an Excel workbook?
Using macro commands
A hacker can use Microsoft Office applications as an attack vector to automatically run multiple tasks in the background using which of the following?
VBA
The intelligence community requires tight security of classified data stored on the local servers. The area must be inaccessible to unauthorized personnel and able to withstand a blast from explosives. Which of the following is the best solution for securing the assets?
Vault
What purpose does the Linux command chmod serve?
Views or changes read and write permissions for a file or directory.
Network administrators are configuring a demilitarized zone (DMZ) to provide Internet-facing services to customers. These admins will perform minimum configuration and security to rapidly deploy two web servers that are load balanced. Which of the following will most likely be configured in this DMZ? (Select all that apply.)
Virtual IP addresses, Scheduling algorithm, and Bastion hosts
Which of the following represents a non-intrusive scanning type of framework?
Vulnerability scanning
Evaluate and select the differences between WPA and WPA2. (Select all that apply.)
WPA2 supports an encryption algorithm based on the Advanced Encryption Standard (AES) rather than the version of RC4 "patched" with the Temporal Key Integrity Protocol (TKIP). WPA2 requires entering a longer password than WPA.
While assisting a customer over the phone to connect a laptop to a new wireless router, the user suddenly reports it is connected. Upon further inquiry into how the connection occurred, the user stated they pushed a circular button. Analyze the situation and determine which button the user pressed, and how it functions. (Select all that apply.)
WPS and 8 -character PIN
A brute-force attack compromises a server in a company's data center. Security experts investigate the attack type and discover which vulnerability on the server?
Weak encryption
An application developer uses a third-party source to send cryptographic data through multiple processors to stretch the data and ensure secure algorithms. What is the developer preventing the use of?
Weak keys
A cloud service provider (CSP) offers email capability, remote desktop access, and virtual class software to its consumers. Which cloud service model does this best represent?
XaaS (Anything as a Service)
A network with two normal-working switches has several client computers connected for work and Internet access. After adding two new switches and more client computers, the new computers, as well as some of the old client computers, cannot access the network. What are most likely the cause and the solution? (Select all that apply.
a loop in the network and STP (Spanning Tree Protocol)
An Information Security Manager working for an ISP has discovered that an attacker has poisoned the DNS server cache by spamming it with recursive queries. Predict what tools the manager might use to discover whether the attacker has inserted any false records. (Select all that apply.)
nslookup/dig and dnsenum
An administrator collects server logs and decides to normalize them into a standard format for reporting. Which option does the administrator use to accomplish this?
nxlog is an open-source log normalization tool