Security + p2
Jamie's organization is attempting to budget for the next fiscal year. Jamie has calculated that the asset value of a database server is $120,000. Based on her analysis, she believes that a data breach to this server will occur once every four years and has a risk factor is 30%. What is the ALE for a data breach within Jamie's organization?
$9,000
A competitor recently bought Dion Training's ITIL 4 Foundation training course, transcribed the video captions into a document, re-recorded the course exactly word for word as an audiobook, then published this newly recorded audiobook for sale on Audible. How would you classify this situation as a risk to Dion Training? Which of the following terms would you use?
(IP) theft
Host based firewall, Network sniffer, cable lock, CAT 5e STP
(Sample Simulation - On the real exam for this type of question, you would have to fill in the blanks by dragging and dropping them into place.) Using the image provided, select four security features that you should use with a workstation or laptop within your organization?
A cybersecurity analyst is attempting to classify network traffic within an organization. The analyst runs the tcpdump command and receives the following output:-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-$ tcpdump -n -i eth015:01:35.170763 IP 10.0.19.121.52497 > 11.154.12.121.ssh: P 105:157(52) ack 18060 win 1654915:01:35.170776 IP 11.154.12.121.ssh > 10.0.19.121.52497: P 23988:24136(148) ack 157 win 11315:01:35.170894 IP 11.154.12.121.ssh > 10.0.19.121.52497: P 24136:24380(244) ack 157 win 113-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-Which of the following statements is true based on this output?
10.0.19.121 is a client that is accessing an SSH server over port 52497
Which of the following ports should you block at the firewall if you want to prevent a remote login to a server from occurring?
23
Which of the following policies should contain the requirements for removing a user's access when an employee is terminated?
Account management policy
What type of threat actor is highly funded and often backed by nation-states?
Advanced Persistent Threats(APT)
You are configuring the ACL for the network perimeter firewall. You have just finished adding all the proper allow and deny rules. What should you place at the end of your ACL rules?
An implicit deny statement
You are reviewing a rule within your organization's IDS. You see the following output: -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any msg: "BROWSER-IE Microsoft Internet Explorer CacheSize exploit attempt"; flow: to_client,established; file_data; content:"recordset"; offset:14; depth:9; content:".CacheSize"; distance:0; within:100; pcre:"/CacheSize\s*=\s*/"; byte_test:10,>,0x3ffffffe,0,relative,string; max-detect-ips drop, service http; reference:cve,2016-8077; classtype: attempted-user; sid:65535;rev:1; -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Based on this rule, which of the following malicious packets would this IDS alert on?
An malicious inbound TCP packet
You work as a cybersecurity analyst at a software development firm. The software developers have begun implementing commercial and open source libraries into their codebase to minimize the time it takes to develop and release a new application. Which of the following should be your biggest concern as a cybersecurity analyst?
Any security flaws present in the library will also be present in the developed application
Dion Training wants to implement technology within their corporate network to BEST mitigate the risk that a zero-day virus might infect their workstations. Which of the following should be implemented FIRST?
Application whitelisting
What type of malware is designed to be difficult for malware analysts to reverse engineer?
Armored viruses
Which of the following access control methods provides the most detailed and explicit type of access control over a resource?
Attribute-based access control (ABAC)
You have been asked to determine if Dion Training's web server is vulnerable to a recently discovered attack on an older version of SSH. Which technique should you use to determine the current version of SSH running on their web server?
Banner grabbing
Fail to Pass Systems has just become the latest victim in a large scale data breach by an APT. Your initial investigation confirms a massive exfiltration of customer data has occurred. Which of the following actions do you recommend to the CEO of Fail to Pass Systems in handling this data breach?
Conduct notification to all affected customers within 72 hours of the discovery of the breach
Which of the following describes the overall accuracy of a biometric authentication system?
Crossover Error Rate (CER)
Joseph would like to prevent hosts from connecting to known malware distribution domains. What type of solution should be used without deploying endpoint protection software or an IPS system?
DNS blackholing
During a security audit, you discovered that customer service employees have been sending unencrypted confidential information to their personal email accounts via email. What technology could you employ to detect these occurrences in the future and send an automated alert to the security team?
Data loss prevention (DLP)
When you purchase an exam voucher at diontraining.com, the system only collects your name, email, and credit card information. Which of the following privacy methods is being used by Dion Training?
Data minimization
You have been asked to provide some training to Dion Training's system administrators about the importance of proper patching of a system before deployment. To demonstrate the effects of deploying a new system without patching it first, you ask the system administrators to provide you with an image of a brand-new server they plan to deploy. How should you deploy the image to demonstrate the vulnerabilities that are being exposed while maintaining the security of the corporate network?
Deploy the system image within a virtual machine, ensure it is in an isolated sandbox environment, then scan it for vulnerabilities
You are attending a cybersecurity conference and just watched a security researcher demonstrating the exploitation of a web interface on a SCADA/ICS component. This caused the device to malfunction and be destroyed. You recognize that the same component is used throughout your company's manufacturing plants. Which of the following mitigation strategies would provide you with the most immediate protection against this emergent threat?
Evaluate the web interface must remain open for the system to function; if it isn't needed, block the web surface
Which authentication mechanism does 802.1x usually rely upon?
Extensible Authentication Protocol (EAP)
Which of the following proprietary tools is used to create forensic disk images without making changes to the original evidence?
FTK Imager
What regulation protects the privacy of student educational records?
Family Educational Rights and Privacy Act (FERPA)
Which role validates the user's identity when using SAML for authentication?
IdP
During an assessment of the POS terminals that accept credit cards, a cybersecurity analyst notices a recent Windows operating system vulnerability exists on every terminal. Since these systems are all embedded and require a manufacturer update, the analyst cannot install Microsoft's regular patch. Which of the following options would be best to ensure the system remains protected and are compliant with the rules outlined by the PCI DSS?
Identify, implement and document compensating controls
Dion Training allows its visiting business partners from CompTIA to use an available Ethernet port in their conference room to establish a VPN connection back to the CompTIA internal network. The CompTIA employees should obtain internet access from the Ethernet port in the conference room, but nowhere else in the building. Additionally, if a Dion Training employee uses the same Ethernet port in the conference room, they should access Dion Training's secure internal network. Which of the following technologies would allow you to configure this port and support both requirements?
Implement NAC
A supplier needs to connect several laptops to an organization's network as part of their service agreement. These laptops will be operated and maintained by the supplier. Victor, a cybersecurity analyst for the organization, is concerned that these laptops could contain some vulnerabilities that could weaken the network's security posture. What can Victor do to mitigate the risk to other devices on the network without having direct administrative access to the supplier's laptops?
Implement a jumpbox system
Your email client has been acting strangely recently. Every time you open an email with an image embedded within it, the image is not displayed on your screen. Which of the following is the MOST likely cause of this issue?
Incorrect security settings in the email client
Julie was just hired to conduct a security assessment of Dion Training's security policies. During her assessment, she noticed that many users were sharing group accounts to conduct their work roles. Julie recommended that the group accounts be eliminated and instead have an account created for each user. What improvement will this recommended action provide for the company?
Increase individual accountability
What control provides the best protection against both SQL injection and cross-site scripting attacks?
Input validation
What containment technique is the strongest possible response to an incident?
Isolated affected systems
Dion Training has implemented a new mandatory vacation policy to help identify any malicious insiders or employees. Which of the following control types would this policy be categorized?
Managerial
When you are managing a risk, what is considered an acceptable option?
Mitigating
What tool can be used to scan a network to perform vulnerability checks and compliance auditing?
Nessus
An attacker has issued the following command: nc -l -p 8080 | nc 192.168.1.76 443. Based on this command, what will occur?
Netcat will listen to port 8080 and output anything received to a remote connection on 192.168.1.76 port 443
Dion Training utilizes a wired network throughout the building to provide network connectivity. Jason is concerned that a visitor might plug their laptop into a CAT 5e wall jack in the lobby and access the corporate network. What technology should be utilized to prevent users from gaining access to network resources if they can plug their laptops into the network?
Network Access Control (NAC)
Your company is required to remain compliant with PCI-DSS due to the type of information processed by your systems. If there was a breach of this data, which type of disclosure would you be required to provide during your incident response efforts?
Notification to your credit card processor
Which protocol is paired with OAuth2 to provide authentication of users in a federated identity management solution?
Open ID Connect
An attacker recently compromised an e-commerce website for a clothing store. Which of the following methods did the attacker use to harvest an account's cached credentials when the user logged into an SSO system?
Pass the Hash (PtH)
Will is using a device to copy signals from cabling to a monitor port. The device doesn't interfere with network traffic so it has lower visibility and won't prevent traffic from flowing if power to the device is lost. What type of tap is Will using?
Passive
You have just completed identifying, analyzing, and containing an incident. You have verified that the company uses self-encrypting drives as part of its default configuration. As you begin the eradication and recovery phase, you must sanitize the storage devices' data before restoring the data from known-good backups. Which of the following methods would be the most efficient to use to sanitize the affected hard drives?
Perform a cryptographic erase(CE) on the storage devices
Which cloud computing concept is BEST described as focusing on replacing the hardware and software required when creating and testing new applications and programs from a customer's environment with cloud-based resources?
Platform as a Service (PaaS)
Which of the following types of data breaches would require that the US Department of Health and Human Services and the media be notified if more than 500 individuals are affected by a data breach?
Protected health information (PHI)
You have been asked to develop a solution for one of your customers. The customer is a software development company, and they need to be able to test a wide variety of operating systems to test the software applications their company is developing internally. The company doesn't want to buy a bunch of computers to install all of these operating systems for testing. Which of the following solutions would BEST meet the company's requirements?
Purchase a high-end computer that has a lot of CPU cores and RAM, install a hypervisor, and configure a virtual machine for each operating system that will be used to test the applications being developed
Taylor needs to sanitize hard drives from some leased workstations before returning them to a supplier at the end of the lease period. The workstations' hard drives contained sensitive corporate data. Which is the most appropriate choice to ensure that data exposure doesn't occur during this process?
Purge, validate, and document the sanitization of the drives
Dion Training has performed an assessment as part of their disaster recovery planning. The assessment found that the organization can only tolerate a maximum of 30 minutes of downtime for their public-facing webserver. Which of the following metrics would best represent this time period?
Recovery Time Objective (RTO)
Which of the following terms is used to describe the period of time following a disaster that an individual IT system may remain offline?
Recovery time objective (RTO)
Fail To Pass Systems has just been the victim of another embarrassing data breach. Their database administrator needed to work from home this weekend, so he downloaded the corporate database to his work laptop. On his way home, he left the laptop in an Uber, and a few days later, the data was posted on the internet. Which of the following mitigations would have provided the greatest protection against this data breach?
Require data at rest encryption on all endpoints
Which of the following biometric authentication factors uses an infrared light shone into the eye to identify the pattern of blood vessels?
Retinal scan
Which of the following attacks would most likely be used to create an inadvertent disclosure of information from an organization's database?
SQL injection
Your organization has been receiving many phishing emails recently, and you are trying to determine why they are effective in getting your users to click on their links. The latest email consists of what looks like an advertisement that is offering an exclusive early access opportunity to buy a new iPhone at a discounted price. Still, there are only 5 phones available at this price. What type of social engineering principle is being exploited here?
Scarcity
A web developer wants to protect their new web application from a man-in-the-middle attack. Which of the following controls would best prevent an attacker from stealing tokens stored in cookies?
Setting the secure attribute on the cookie
Which attack method is MOST likely to be used by a malicious employee or insider trying to obtain another user's passwords?
Shoulder surfing
What technique is most effective in determining whether or not increasing end-user security training would benefit the organization during your technical assessment of their network?
Social engineering
You just received a notification that your company's email servers have been blacklisted due to reports of spam originating from your domain. What information do you need to start investigating the source of the spam emails?
The full email header from one of the spam messages
You are conducting threat hunting on your organization's network. Every workstation on the network uses the same configuration baseline and contains a 500 GB HDD, 4 GB of RAM, and the Windows 10 Enterprise operating system. You know from previous experience that most of the workstations only use 40 GB of space on the hard drives since most users save their files on the file server instead of the local workstation. You discovered one workstation that has over 250 GB of data stored on it. Which of the following is a likely hypothesis of what is happening, and how would you verify it?
The host might use as a staging area for data exfiltration -- you should conduct volume-based trend analysis on the host's storage device
You have just received a phishing email disguised to look like it came from [email protected] asking you to send your username and password because your account has been locked out due to inactivity. Which of the following social engineering principles is being used in this email?
Trust
Which of the following vulnerabilities involves leveraging access from a single virtual machine to other machines on a hypervisor?
Virtual machine VM escape
You need to determine the best way to test operating system patches in a lab environment before deploying them to your automated patch management system. Unfortunately, your network has several different operating systems in use, but you only have one machine available to test the patches on. What is the best environment to utilize to perform the testing of the patches before deployment?
Virtualization
Smurf
Which of the following best describes the type of attack shown?
Your company has just finished replacing all of its computers with brand new workstations. Colleen, one of your coworkers, has asked the company's owner if she can have the old computers that are about to be thrown away. Colleen would like to refurbish the old computers by reinstalling a new operating system and donate them to a local community center for disadvantaged children in the neighborhood. The owner thinks this is a great idea but is concerned that the private and sensitive corporate data on the old computer's hard drives might be placed at risk of exposure. You have been asked to choose the best solution to sanitize or destroy the data while ensuring the computers will still be usable by the community center. What type of data destruction or sanitization method do you recommend?
Wiping
You are analyzing the SIEM for your company's e-commerce server when you notice the following URL in the logs of your SIEM: -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-https://www.diontraining.com/add_to_cart.php?itemId=5"+perItemPrice="0.00"+quantity="100"+/>-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-Based on this line, what type of attack do you expect has been attempted?
XML injection
Which type of threat will patches NOT effectively combat as a security control?
Zero-day attacks
What role does the red team perform during a tabletop exercise (TTX)?
adversary
Your company has created a baseline image for all of its workstations using Windows 10. Unfortunately, the image included a copy of Solitaire, and the CIO has created a policy to prevent anyone from playing the game on the company's computers. You have been asked to create a technical control to enforce the policy (administrative control) that was recently published. What should you implement?
application blacklist
Which of the following tools could be used to detect unexpected output from an application being managed or monitored?
behavior-based analysis tool
Dion Training has applied a new Group Policy to all student accounts that will lock out any account in which the student enters their password incorrectly 3 times in a row. Once the account is locked out, the student must wait 15 minutes before they can attempt to log in again. What type of attack is this mitigation strategy trying to prevent?
brute force attack
Which command on a macOS or Linux system is used to change the permissions of a file?
chmod
During your annual cybersecurity awareness training in your company, the instructor states that employees should be careful about what information they post on social media. According to the instructor, if you post too much personal information on social media, such as your name, birthday, hometown, and other personal details, it is much easier for an attacker to conduct which type of attack to break your passwords?
cognitive password attack
A financial services company wants to donate some old hard drives from their servers to a local charity. The hard drives used in the servers are self-encrypting drives. Still, they are concerned about the possibility of residual data being left on the drives. Which of the following secure disposal methods would you recommend the company use?
cryptographic erase (CE)
Dion Training's offices utilize an open concept floor plan. They are concerned that a visitor might attempt to steal an external hard drive and carry it out of the building. To mitigate this risk, the security department has recommended installing security cameras clearly visible to both employees and visitors. What type of security control do these cameras represent?
deterrent
A cybersecurity analyst has deployed a custom DLP signature to alert on any files that contain numbers in the format of a social security number (xxx-xx-xxxx). Which of the following concepts within DLP is being utilized?
exact data match (EDM)
A vulnerability scanner has reported that a vulnerability exists in the system. Upon validating the report, the analyst determines that this reported vulnerability does not exist on the system. What is the proper term for this situation?
false positive
During a penetration test, you find a hash value related to malware associated with an APT. What best describes what you have found?
indicator of compromise
You are trying to select the best device to install to detect an outside attacker trying to reach into your internal network. The device should log the event, but it should not take any action to stop it. Which of the following devices would be the BEST for you to select?
intrusion detection system(IDS)
You have been asked to help design a new architecture for Dion Training's website. The current architecture involves a single server that hosts the website in its entirety. The company's newest course has been creating a lot of interest on social media. The CIO is concerned that the single server will not be able to handle the increased demand that could result from this increased publicity. What technology should you implement in the new architecture to allow multiple web servers to serve up the courses and meet this expected increase in demand from new students?
load balancer
You are conducting an incident response and want to determine if any account-based indicators of compromise (IoC) exist on a compromised server. Which of the following would you NOT search for on the server?
malicious process
Which of the following would NOT be useful in defending against a zero-day threat?
patching
What is the lowest layer (bottom layer) of a bare-metal virtualization environment?
physical hardware
Samantha works in the human resource department in an open floorplan office. She is concerned about the possibility of someone conducting shoulder surfing to read sensitive information from employee files while accessing them on her computer. Which of the following physical security measures should she implement to protect against this threat?
privacy screen
Praveen is currently investigating activity from an attacker who compromised a host on the network. The individual appears to have used credentials belonging to a janitor. After breaching the system, the attacker entered some unrecognized commands with very long text strings and then began using the sudo command to carry out actions. What type of attack has just taken place?
privilege escalation
A computer is infected with malware that has infected the Windows kernel to hide. Which type of malware MOST likely infected this computer?
rootkit
You are working for a government contractor who requires all users to use a PIV device when sending digitally signed and encrypted emails. Which of the following physical security measures is being implemented?
smart card
Dion Training requires that the staff simulate their response to a potential data breach. During this simulation, the staff gathers in the conference room and discusses each action they would take as part of their response. This information is then analyzed to ensure the company's data breach response playbook is up to date and would work properly when needed. Which of the following best describes what the staff did?
tabletop exercise
An ethical hacker has been hired to conduct a physical penetration test of a company. During the first day of the test, the ethical hacker dresses up like a plumber and waits in the building's main lobby until an employee goes through the main turnstile. As soon as the employee enters his access number and proceeds to go through the turnstile, the ethical hacker follows them through the access gate. What type of attack did the ethical hacker utilize to access the restricted area of the building?
tailgating
Jennifer decided that the licensing cost for a piece of video editing software was too expensive. Instead, she decided to download a keygen program to generate her own license key and install a pirated version of the editing software. After she runs the keygen, a license key is created, but her system performance becomes very sluggish, and her antimalware suite begins to display numerous alerts. Which type of malware might her computer be infected with?
trojan
Which of the following must be combined with a threat to create risk?
vulnerability
A computer was recently infected with a piece of malware. Without any user intervention, the malware is now spreading throughout the corporate network and infecting other computers that it finds. Which type of malware MOST likely infected these computers?
worm
