Security+ SY0-701 - Threats, Vulnerabilities, and Mitigations - Domain 2
58. Ashley's organization has recently come under attack and has suffered a DNS outage. As she investigated, she found that requests to her DNS servers were sent to open DNS resolvers using spoofed IP addresses with requests that would result in very large responses from the DNS resolvers to the IP addresses that appeared to be making the request. What type of attack targeted Ashley's organization? A. A reflected DDoS B. A DNS flood C. A mirrored DDoS D. A supersized query attack
A. A reflected DDoS
96. Which of the following best describes a zero-day vulnerability? A. A vulnerability that the vendor is not yet aware of B. A vulnerability that has not yet been breached C. A vulnerability that can be quickly exploited (i.e., in zero days) D. A vulnerability that will give the attacker brief access (i.e., zero days)
A. A vulnerability that the vendor is not yet aware of
11. Valerie is investigating a recent incident and checks /var/log on a Linux system. She finds the audit.log file empty despite the system uptime showing over a month of uptime. What has she most likely encountered? A. A wiped log B. A recent reboot C. A system error D. Incorrect permissions to view the log
A. A wiped log
40. While performing a scan for wireless networks, Lisa discovers a network that does not use WPA- 2 or WPA- 3. What network traffic information can she recover from devices using this network? A. All network traffic B. Network packet headers, but not packet data C. Network packet data, but not headers D. DNS and DHCP queries, but not network packet data
A. All network traffic
34. Dennis uses an on- path attack to cause a system to send traffic to his system and then forwards it to the actual server the traffic is intended for. What information will be visible from his system as it passed through it? A. All traffic meant for remote systems B. All traffic meant for local systems C. Only unencrypted traffic D. Only unencrypted traffic meant for his system
A. All traffic meant for remote systems
10. Julie wants to conduct a replay attack. What type of attack is most commonly associated with successful replay attacks? A. SQL injection B. An on- path attack C. Brute force D. A DDoS
B. An on- path attack
46. Nick purchases his network devices through a gray market supplier that imports them into his region without an official relationship with the network device manufacturer. What risk should Nick identify when he assesses his supply chain risk? A. Lack of vendor support B. Lack of warranty coverage C. Inability to validate the source of the devices D. All of the above
D. All of the above
76. You are responsible for software testing at Acme Corporation. You want to check all software for bugs that might be used by an attacker to gain entrance into the software or your network. You have discovered a web application that would allow a user to attempt to put a 64- bit value into a 4- byte integer variable. What is this type of flaw? A. Memory overflow B. Buffer overflow C. Variable overflow D. Integer overflow
D. Integer overflow
32. What type of threat actors are most likely to have a profit motive for their malicious activities? A. State actors B. Hacktivists C. Unskilled attackers D. Organized crime
D. Organized crime
81. Jared's organization runs Linux servers, and recent vulnerability scans show that the servers are vulnerable to an issue that is described as follows: CVE-2018-5703: tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.14.11 allows attackers to cause a denial of service (slab out-of-bounds write) What is Jared's best option to remediate a kernel vulnerability like this? A. Patch the application. B. Install a HIPS with appropriate rules. C. Segment the systems away from the Internet to reduce risk. D. Patch the operating system.
D. Patch the operating system.
36. Jake's vulnerability scanner reports that the software his organization is running is vulnerable to a cryptographic downgrade attack. What concern should Jake have about this potential issue? A. Attackers may be able to force use of a weaker encryption algorithm, making data easier to access. B. Attackers may be able to force use of weaker hashing, making it easier to recover passwords. C. Attackers may be able to force use of older versions of the software, including previously patched vulnerabilities. D. Attackers may be able to force encryption to be turned off, causing information to be sent in plain text.
A. Attackers may be able to force use of a weaker encryption algorithm, making data easier to access.
33. You have noticed that when in a crowded area, you sometimes get a stream of unwanted text messages. The messages end when you leave the area. What describes this attack? A. Bluejacking B. Bluesnarfing C. Evil twin D. Rogue access point
A. Bluejacking
67. Allan wants to detect brute- force physical attacks. What should he do if he wants to detect the broadest range of physical attacks? A. Deploy a monitored security camera system. B. Hire a guard to patrol the facility. C. Conduct regular inspections of the facility. D. Set up an alarm system.
A. Deploy a monitored security camera system.
56. After a recent laptop theft, Jaime's organization is worried about data breaches driven by lost devices. What endpoint hardening technique is best suited to preventing this? A. Encryption B. Host-based IPS C. Disabling ports and protocols D. Changing default passwords
A. Encryption
31. What threat actor is most likely to be motivated by political beliefs? A. Hacktivists B. Organized crime C. Unskilled attackers D. Insider threats
A. Hacktivists
64. What threat vector is most impacted by how Windows handles autorun.inf files? A. Removable devices B. Open service ports C. Unsecure Wi-Fi D. Watering hole attacks
A. Removable devices
24. Alice wants to prevent server- side request forgery (SSRF) attacks. Which of the following will not be helpful for preventing them? A. Removing all SQL code from submitted HTTP queries B. Blocking hostnames like 127.0.01 and localhost C. Blocking sensitive URLs like /admin D. Applying allow list-based input filters
A. Removing all SQL code from submitted HTTP queries
49. Which of the following indicators is most commonly associated with a denial- of- service attack? A. Resource inaccessibility B. Impossible travel C. Missing logs D. Blocked content
A. Resource inaccessibility
77. The company that Keith works for uses a backoff algorithm that increases the time between when login attempts are allowed after each failed login. Keith has recently attempted to log in and found that his account is not able to log in again for 15 minutes. What should the security administrators at Keith's organization do to find potential indicators of malicious activity? A. Review authentication logs. B. Interview Keith about his recent logins. C. Change Keith's password and check error logs. D. Report an incident and start the incident response process.
A. Review authentication logs.
79. Jack's team in HR is paying for an SaaS tool using their HR expense account credit cards without the knowledge of central IT. What type of threat actor does this make Jack's HR team? A. Shadow IT B. An inadvertent threat C. Internal espionage actors D. An insider threat
A. Shadow IT
45. Scott discovers that malware has been installed on one of the systems he is responsible for. Shortly afterward passwords used by the user that the system is assigned to are discovered to be in use by attackers. What type of malicious program should Scott look for on the compromised system? A. A rootkit B. A keylogger C. A worm D. None of the above
B. A keylogger
99. Eric is conducting a penetration test and wants to release a malicious update for an organization's application. The organization uses public key encryption to sign updates. What does Eric need to deliver an update that systems will accept? A. The private key for the signing certificate B. A collision with the hashed value of a legitimate update C. The public key for the signing certificate D. A collision with the hashed value of a malicious update
A. The private key for the signing certificate
74. Dana wants to use documented and published IoCs as part of her threat- hunting activities. What should she look for to integrate with her SIEM or other security tools? A. Threat feeds B. A real- time blackhole list C. A vulnerability feed D. An IP reputation feed
A. Threat feeds
21. Coleen is the web security administrator for an online auction website. A small number of users are complaining that when they visit the website it does not appear to be the correct site. Coleen checks and she can visit the site without any problem, even from computers outside the network. She also checks the web server log and there is no record of those users ever connecting. Which of the following might best explain this? A. Typo squatting B. SQL injection C. Cross-site scripting D. Cross- site request forgery
A. Typo squatting
75. The malware that Joseph is working to counter has copied itself to workstations across his environment due to a central, shared fileshare. What type of malware is Joseph most likely fighting? A. A Trojan B. A virus C. A keylogger D. A rootkit
B. A virus
12. Jack purchases ads on a site that staff members of his target organization frequently visit in preparation for a penetration test. Once his ads start to display, he replaces the underlying code with attack code that redirects visitors to a login page that matches the organization's own internal website. What type of attack has Jack attempted? A. A misinformation attack B. A watering hole attack C. A disinformation attack D. A business website compromise attack
B. A watering hole attack
53. Paul has performed an nmap scan of a new network connected device. He notices TCP ports 22, 80, and 443 are open. If his hardening guidelines only allow encrypted management interfaces, what port or ports should he disable from this list? A. 22 B. 80 C. 22 and 80 D. 80 and 443
B. 80
51. Renee has a large number of workstations and servers in her corporate environment and wants to more effectively monitor logs for them. What solution from the following list is best suited to identifying and alerting on issues in a large- scale environment? A. Centralized logging B. A SIEM C. An IPS D. An EDR
B. A SIEM
5. Jill's organization has received an advisory about a flaw that could allow software running on a virtual machine to execute code on the system that is running the VM hypervisor. What type of vulnerability is this? A. A resource reuse issue B. A VM escape issue C. A jailbreaking issue D. A sideloading issue
B. A VM escape issue
59. What term is used to describe the problem when two files have the same hash? A. A birthday attack B. A collision C. A bingo D. A match-the-hash attack
B. A collision
71. Kathleen wants to control network traffic between subnets using her Cisco network devices. What built- in capability can she use to allow or deny traffic based on port, protocol, and IP address? A. A HIPS B. ACLs C. Least privilege lists D. VLANs
B. ACLs
15. Nick is assessing internal threat actors and considering what motivations are likely to drive them. Which of the following is the most likely motivation for an internal threat actor? A. Espionage B. Blackmail C. War D. Political beliefs
B. Blackmail
16. Yasmine is reviewing the software installed on a client's computer and notices that multiple browser toolbars, weather applications, and social media applications were preinstalled. What term is most commonly used to describe this software? A. MSPs B. Bloatware C. Ransomware D. Rootware
B. Bloatware
35. Andrea recently received a phone call claiming to be from her bank. The caller asked for information including her account number and Social Security number to validate her identity. What type of social engineering attack was Andrea the target of? A. Smishing B. Brand impersonation C. A watering hole attack D. A business email compromise attack
B. Brand impersonation
19. Jen recently received an email that appeared to be from one of her vendors asking for a change in the method of payment to another account. She normally works with mike_ [email protected], but noticed that the email was from [email protected] on further review. What type of social engineering attack is this? A. Vishing B. Business email compromise C. Smishing D. Pretexting
B. Business email compromise
100. Mike is a network administrator with a small financial services company. He has received a pop-up window that states his files are now encrypted and he must pay .5 bitcoins to get them decrypted. He tries to check the files in question, but their extensions have changed, and he cannot open them. What best describes this situation? A. Mike's machine has a rootkit. B. Mike's machine has ransomware. C. Mike's machine has a logic bomb. D. Mike's machine has been the target of whaling.
B. Mike's machine has ransomware.
14. Ben wants to conduct a credential replay attack. What should he do first to enable the attack? A. Create a phishing email. B. Conduct an on- path attack. C. Use a brute- force password attack. D. Conduct an injection attack.
B. Conduct an on- path attack.
73. What type of attack exploits the trust that a website has for an authenticated user to attack that website by spoofing requests from the trusted user? A. Cross-site scripting B. Cross- site request forgery C. Bluejacking D. Evil twin
B. Cross- site request forgery
29. Frank is a network administrator for a small college. He discovers that several machines on his network are infected with malware. That malware is sending a flood of packets to a target external to the network. What best describes this attack? A. SYN flood B. DDoS C. Botnet D. Backdoor
B. DDoS
70. Pete uses a technique that injects code into memory used by another process to allow him to control what the host program does. What is this technique called for Windows dynamically linked libraries? A. WinBuff attacks B. DLL injection C. A SYRINGE attack D. A memory traversal attack
B. DLL (Dynamically linked library) injection
62. Ines is concerned about messaging through tools like Discord and Slack as attack vectors. What can she do to most effectively limit the attack surface for threats like this? A. Deploy EDR tools to all workstations and devices. B. Deploy an organizational communication tool or instance instead of using public tools. C. Deploy messaging- aware firewalls. D. Deploy messaging- aware IPS systems.
B. Deploy an organizational communication tool or instance instead of using public tools.
88. Postings from Russian agents during the 2016 U.S. presidential campaign to Facebook and Twitter are an example of what type of effort? A. Impersonation B. Disinformation C. Asymmetric warfare D. A watering hole attack
B. Disinformation
44. What type of information is phishing not commonly intended to acquire? A. Passwords B. Email addresses C. Credit card numbers D. Personal information
B. Email addresses
87. Amanda discovers that a member of her organization's staff has installed a remote-access Trojan on their accounting software server and has been accessing it remotely. What type of threat has she discovered? A. Zero-day B. Insider threat C. Misconfiguration D. Weak encryption
B. Insider threat
47. Naomi is preparing a laptop for a traveling salesperson who frequently needs to connect to untrusted hotel networks. What hardening technique can she use to provide the greatest protection against network- based attacks on untrusted networks? A. Install an endpoint detection and response tool. B. Install a host- based firewall. C. Install an extended detection and response tool. D. Install a disk encryption tool.
B. Install a host- based firewall.
6. Helen is concerned about ransomware attacks against workstations that she is responsible for. Which of the following hardening options is best suited to protecting her organization from ransomware? A. Installing host- based firewalls B. Installing endpoint protection software C. Installing a host- based IPS software D. Removing unnecessary software
B. Installing endpoint protection software
27. How is phishing different from general spam? A. It is sent only to specific targeted individuals. B. It is intended to acquire credentials or other data. C. It is sent via SMS. D. It includes malware in the message.
B. It is intended to acquire credentials or other data.
66. Mary has discovered that a web application used by her company does not always handle multithreading properly, particularly when multiple threads access the same variable. This could allow an attacker who discovered this vulnerability to exploit it and crash the server. What type of error has Mary discovered? A. Buffer overflow B. Logic bomb C. Race conditions D. Improper error handling
C. Race conditions
20. What is the primary concern for security professionals about legacy hardware? A. Its likelihood of failure B. Lack of patches and updates C. Lack of vendor support D. Inability to support modern protocols
B. Lack of patches and updates
28. Selah includes a question in her procurement request- for- proposal process that asks how long the vendor has been in business and how many existing clients the vendor has. What common issue is this practice intended to help prevent? A. Supply chain security issues B. Lack of vendor support C. Outsourced code development issues D. System integration problems
B. Lack of vendor support
3. You are a security administrator for a medium- sized bank. You have discovered a piece of software on your bank's database server that is not supposed to be there. It appears that the software will begin deleting database files if a specific employee is terminated. What best describes this? A. Worm B. Logic bomb C. Trojan horse D. Rootkit
B. Logic bomb
61. Annie's organization has been facing negative social media campaigns for months and is struggling to address them. Numerous bot posts about the company are providing incorrect information about the company. What type of attack is Annie's company facing? A. A misinformation campaign B. A pretexting campaign C. An impersonation campaign D. A disinformation campaign
D. A disinformation campaign
80. Amanda is assessing the potential for issues with her organization's recently adopted IaaS vendor. What cloud vulnerability should she worry about if her system administrators do not effectively manage security groups in AWS? A. Insecure APIs B. Misconfigurations C. Malicious insiders D. MFA-based attacks
B. Misconfigurations
55. Which of the following protocols is most commonly associated with credential relaying attacks? A. RDP B. NTLM C. SQL D. TLS
B. NTLM
89. Which of the following threat actors is most likely to be associated with an advanced persistent threat (APT)? A. Hacktivists B. Nation-state actors C. Unskilled attacker D. Insider threats
B. Nation-state actors
69. During a regular review of logs, Jennifer notices that a regularly scheduled script that copies files to another server every hour has run multiple times within the last hour. What indicator of compromise should she categorize this as? A. Concurrent session use B. Out-of-cycle logging C. Missing logs D. Impossible travel
B. Out-of-cycle logging
94. Angela reviews the authentication logs for her website and sees attempts from many different accounts using the same set of passwords. What is this attack technique called? A. Brute forcing B. Password spraying C. Limited login attacks D. Account spinning
B. Password spraying
50. Henry wants to decommission a server that was used to store sensitive data. What step should he take to ensure the decommissioning process protects the organization's data? A. Reformat the drives as part of the decommissioning process. B. Physically destroy the drives as part of the decommissioning process. C. Remove the system from organizational inventory as part of the decommissioning process. D. Physically destroy the entire system as part of the decommissioning process.
B. Physically destroy the drives as part of the decommissioning process.
92. Which of the following human vectors are most likely to be part of a voice call-based attack? A. A watering hole attack B. Pretexting C. Disinformation D. BEC
B. Pretexting
95. Charles discovers that an attacker has used a vulnerability in a web application that his company runs and has then used that exploit to obtain root privileges on the web server. What type of attack has he discovered? A. Cross-site scripting B. Privilege escalation C. A SQL injection D. A race condition
B. Privilege escalation
65. Raj wants to reduce the attack surface for a newly purchased laptop. What hardening technique will help him reduce the possibility of remote exploits while also decreasing the amount of ongoing patch management he needs to do for the system? A. Encrypt the system's boot drive. B. Install EDR software. C. Remove unnecessary software. D. Change any default passwords.
C. Remove unnecessary software.
90. Erica wants to conduct an amplified DDoS attack against a system. What key step is required as part of her attack? A. Reversing the target's IP address B. Spoofing the target's IP address C. Conducting an on-path attack to send traffic to the target D. Spoofing responses from the amplification system to the target
B. Spoofing the target's IP address
41. Jared is responsible for network security at his company. He has discovered behavior on one computer that certainly appears to be a virus. He has even identified a file he thinks might be the virus. However, using three separate antivirus programs, he finds that none can detect the file. Which of the following is most likely to be occurring? A. The computer has a RAT. B. The computer has a zero- day exploit. C. The computer has a worm. D. The computer has a rootkit.
B. The computer has a zero- day exploit.
30. A sales manager at your company is complaining about slow performance on his computer. When you thoroughly investigate the issue, you find spyware on his computer. He insists that the only thing he has downloaded recently was a freeware stock trading application. What would best explain this situation? A. Logic bomb B. Trojan C. Rootkit D. Macro virus
B. Trojan
38. Users in your company report someone has been calling their extension and claiming to be doing a survey for a large vendor. Based on the questions asked in the survey, you suspect that this is a scam to elicit information from your company's employees. What best describes this? A. Spear phishing B. Vishing C. War dialing D. Robocalling
B. Vishing
84. What technique most effectively prevents resource reuse concerns for storage in a virtual environment? A. Firmware updates B. Volume encryption C. Minimizing cluster size D. Reformatting drives
B. Volume encryption
7. The company that Gary works for has deployed a wireless network. Which of the following network options is the most secure? A. WPA-2 Personal B. WPA-3 C. WPA-2 Enterprise D. WPA-4
B. WPA-3
85. Michelle is modeling threat actor motivation for her organization and wants to describe ransomware actors. What motivation is not commonly associated with ransomware? A. Data exfiltration B. Blackmail C. Revenge D. Financial gain
C. Revenge
93. What is the primary difference in threat vectors between agent client-based and agentless software deployments? A. Agentless software does not consume resources and thus cannot result in a resource consumption-based denial-of-service condition. B. Client-based software provides a better view of system resources and is able to manage its resource consumption better to avoid issues. C. Agentless software does not have an agent that may be potentially vulnerable to attack. D. Client-based software allows for greater security because it can be patched.
C. Agentless software does not have an agent that may be potentially vulnerable to attack.
54. The following graphic shows a network connection between two systems, and then a network- based attack. What type of attack is shown? A. A denial-of-service attack B. A SQL injection attack C. An on- path attack D. A directory traversal attack
C. An on- path attack
63. Ana's vendor has informed her that the hardware her organization uses is considered end- of- life. What should Ana do? A. Identify replacement hardware and purchase it immediately. B. Purchase an extended support contract from a third- party vendor. C. Begin plans to phase out the equipment before it reaches end- of- support. D. Install final patches and then isolate the hardware from the network.
C. Begin plans to phase out the equipment before it reaches end- of- support.
86. Which of the following is commonly used in a distributed denial-of-service (DDoS) attack? A. Phishing B. Adware C. Botnet D. Trojan
C. Botnet
42. John has discovered that an attacker is trying to get network passwords by using software that attempts a series of passwords with a minor change each time the password is tried. What type of attack is this? A. Dictionary B. Rainbow table C. Brute force D. Session hijacking
C. Brute force
52. Patrick is reviewing potential attack surfaces for his small business and recently deployed new networked printers for each of his three locations. What should his first action be to begin to properly secure their web management interfaces? A. Update the firmware. B. Change their default IP address. C. Change the default administrator password. D. Disable unnecessary services.
C. Change the default administrator password.
8. What type of attack depends on the attacker entering JavaScript into a text area that is intended for users to enter text that will be viewed by other users? A. SQL injection B. Clickjacking C. Cross-site scripting D. Bluejacking
C. Cross-site scripting
97. You have discovered that there are entries in your network's domain name server that point legitimate domains to unknown and potentially harmful IP addresses. What best describes this type of attack? A. A backdoor B. An APT C. DNS poisoning D. A Trojan horse
C. DNS poisoning
22. The organization that Mike works in finds that one of their domains is directing traffic to a competitor's website. When Mike checks, the domain information has been changed, including the contact and other administrative details for the domain. If the domain had not expired, what has most likely occurred? A. DNS hijacking B. An on- path attack C. Domain hijacking D. A zero- day attack
C. Domain hijacking
60. Kara wants to protect against the most common means of firmware- based exploits. Which of the following is not a common firmware defense mechanism for the vendors of devices that use firmware? A. Using signed firmware updates B. Using input validation for user input C. Encrypting firmware D. Code review processes for firmware
C. Encrypting firmware
4. The company that Yarif works for uses a third- party IT support company to manage their cloud- hosted web application infrastructure. How can Yarif best address concerns about potential threat vectors via the managed service provider (MSP)? A. Conduct regular vulnerability scans. B. Use shared incident response exercises to prepare. C. Ensure appropriate contractual coverage for issues. D. Require the MSP to have an annual pentest.
C. Ensure appropriate contractual coverage for issues.
83. Sarah is working with a small business and noticed that they have a consumer-grade wireless router serving their business. What common hardening checklist item should she validate first as part of securing the device? A. Removing unnecessary software B. Running a vulnerability scan C. Ensuring the default password has been changed D. Ensuring that unneeded ports have been disabled
C. Ensuring the default password has been changed
1. Brent's organization is profiling threat actors that may target their infrastructure and systems. Which of the following is most likely a motivation for a nation- state actor? A. Financial gain B. Blackmail C. Espionage D. Blackmail
C. Espionage
17. Ilya is reviewing logs and notices that one of his staff has logged in from his home location in China at 2 p.m., and then logged in from the United Kingdom an hour later. What indicator of compromise should he flag this as? A. Concurrent session usage B. Resource inaccessibility C. Impossible travel D. Segmentation
C. Impossible travel
9. Unusual outbound network traffic, geographical irregularities, and increases in database read volumes are all examples of what key element of threat intelligence? A. Predictive analysis B. OSINT C. Indicators of compromise D. Threat maps
C. Indicators of compromise
23. Lucia's organization has adopted open source software provided by a third- party vendor as part of their web application. What concern should she express about her software supply chain? A. Lack of vendor support B. Lack of code auditability C. Lack of control over open source dependencies D. Lack of updates
C. Lack of control over open source dependencies
39. As part of a zero- trust environment, Quentin is given rights that he needs only when he needs them through a checkout process and they are then removed when he is done. What mitigation technique best describes this solution? A. Segmentation B. Isolation C. Least privilege D. Configuration enforcement
C. Least privilege
43. Farès is the network security administrator for a company that creates advanced routers and switches. He has discovered that his company's networks have been subjected to a series of advanced attacks by an attacker sponsored by a government over a period of time. What best describes this attack? A. DDoS B. Brute force C. Nation-state D. Disassociation attack
C. Nation-state
68. Which of the following is not a common threat vector associated with SMS- based attacks? A. Malicious links B. SMS-based phishing C. SMS-delivered images D. MFA exploits
C. SMS-delivered images
48. While conducting a vulnerability scan of her network, Susan discovers that a marketing staff member has set up their own server running a specialized marketing tool. After inquiring about the server, which is vulnerable due to missing patches, Susan discovers that the team set it up themselves because of a need that was not met by existing tools. What type of threat actor has Susan encountered? A. An unskilled attacker B. An insider threat C. Shadow IT D. A hacktivist
C. Shadow IT
2. Ahmed is a sales manager with a major insurance company. He has received an email that is encouraging him to click on a link and fill out a survey. He is suspicious of the email, but it does mention a major insurance association, and that makes him think it might be legitimate. Which of the following best describes this attack? A. Phishing B. Social engineering C. Spear phishing D. Trojan horse
C. Spear phishing
78. Grayson's organization is concerned about environmental attacks against their datacenter. What type of monitoring is best suited to detecting environmental attacks in a scenario like this? A. Video cameras B. Intrusion alarm systems C. Temperature monitoring sensors D. Log analysis
C. Temperature monitoring sensors
13. Which of the following is not a common concern related to the hardware vendor supply chain? A. Malware preinstalled on hardware B. Lack of availability of hardware C. Third- party hardware modifications D. Malicious firmware modifications
C. Third- party hardware modifications
82. What is the likely outcome of a cryptographic collision attack? A. Attackers can decrypt a file without the private key. B. Two files that have the same encrypted output but are different files. C. Two files that both have the same hash but have different contents. D. Attackers can decrypt the file without the public key.
C. Two files that both have the same hash but have different contents.
18. Adam's organization has deployed RFID badges as part of their access control system. Adam is required to enter a 6- digit PIN when he uses his RFID badge and dislikes the additional step. What type of attack is the PIN intended to stop? A. Piggybacking B. On-path C. Concurrent access D. Badge cloning
D. Badge cloning
25. Tracy wants to protect desktop and laptop systems in her organization from network attacks. She wants to deploy a tool that can actively stop attacks based on signatures, heuristics, and anomalies. What type of tool should she deploy? A. A firewall B. Antimalware C. HIDS D. HIPS
D. HIPS
91. Daryl is investigating a recent breach of his company's web server. The attacker used sophisticated techniques and then defaced the website, leaving messages that were denouncing the company's public policies. He and his team are trying to determine the type of actor who most likely committed the breach. Based on the information provided, who was the most likely threat actor? A. A script B. A nation-state C. Organized crime D. Hacktivists
D. Hacktivists
57. Derek wants to conduct a birthday attack against a digital signature. Which of the following best describes the process he would need to take to achieve his goal? A. He needs to prepare both a correct and a malicious document and find ways to modify the correct document until its encryption matches the malicious document. B. He needs to make sure all dates match in both a correct and a malicious document. C. He needs to ensure that the file length and creation date match for both a correct document and a malicious document. D. He needs to prepare both a correct and a malicious document, then find ways to modify the malicious document until its hash matches the hash of the correct document.
D. He needs to prepare both a correct and a malicious document, then find ways to modify the malicious document until its hash matches the hash of the correct document.
37. Rick has three major categories of data and applications in use in his virtualization environment: highly sensitive; business sensitive; and unclassified, or public information. He wants to ensure that data and applications of different sensitivity are not compromised in the event of a breach. What mitigation technique is best suited to this type of requirement? A. Application allow lists B. Monitoring C. Least privilege D. Segmentation
D. Segmentation
98. What technique drives image-based threat vectors? A. Encryption B. Hashing C. Forgery D. Steganography
D. Steganography
72. What is the primary purpose of encryption as a control in enterprise environments? A. To preserve availability B. To support physical security C. To preserve least privilege D. To preserve confidentiality
D. To preserve confidentiality
26. Mahmoud is responsible for managing security at a large university. He has just performed a threat analysis for the network, and based on past incidents and studies of similar networks, he has determined that the most prevalent threat to his network are attackers who wish to breach the system, simply to prove they can or for some low- level crime, such as changing a grade. Which term best describes this type of attacker? A. Hacktivist B. Nation-state C. Insider D. Unskilled attacker
D. Unskilled attacker
