Software and Systems Security
Which of the following would be good for multiple domains and subdomains?
A (SAN) certificate (Subject Alternative Name) A.K.A. Multi-Domain Certificate
Closed-circuit television can be used as both a preventative tool (to monitor live events) or as an investigative tool (to record events for later playback). Which camera is more vandal-resistant than other cameras?
A dome camera
User-Mode-Linux (UML) is an open-source tool used to create virtual machines. It's efficient for deploying honeypots. One of the big issues with UML is that it doesn't use a real hard disk but a fake IDE device called /dev/ubd* instead. How can an attacker find a UML system?
Attackers look at the /etc/fstab file or execute the mount command.
Which of the following works with IDS software to detour suspected malicious traffic to a honeypot that mirrors the real network without alerting the attacker?
Bait and Switch
Which of the following cloud security controls includes backups, space availability, and continuity of services?
Computation and storage
Where should an organization's web server be placed?
DMZ (Demilitarized Zone) (The DMZ is a network that contains publicly accessible resources.)
Implementing emergency lighting that runs on protected power and automatically switches on when the main power goes off is part of which physical control?
Employee and visitor safety
Which of the following BEST describes a physical barrier used to deter an aggressive intruder?
Large flowerpots
You entered your password on a website and are sent a code to your cell phone. Which of the following is this an example of?
MFA (Multi-Factor Authentication)
Which protocol is used in the Bluetooth pairing process?
OBEX
Where should VM administration occur?
On the hypervisor and virtual machine
What is the process of connecting two Bluetooth devices together called?
Pairing
Which of the following occurs during the deployment phase of the IT asset life cycle?
Recording of asset tag information
Julie is looking for a honeypot detection tool that is capable of packet manipulation. Which of the following tools should she use?
Snort Inline
Which of the following BEST describes a federation?
Stores a user's credentials so that trusted third parties can authenticate using those credentials without actually seeing them.
Converting the word ATTACK to \u0041 \u0054 \u0054 \u0041 \u0043 \u004b is an example of what technique?
Unicode evasion
Which software facilitates communication between different virtual machines by checking data packets before moving them to a destination?
vSwitch
Your company has decided to use a Pentbox honeypot to learn which types of attacks may be targeting your site. They have asked you to install and configure the honeypot. You have already installed Pentbox. Which menu allows you to configure the honeypot?
2- Network tools
Which of the following BEST describes a honeypot?
A honeypot's purpose is to look like a legitimate network resource.
Which of the following BEST describes Central Policy?
A program that checks for the correct attributes in an attribute-based system.
What does a router use to protect a network from attacks and to control which types of communications are allowed on a network?
Access control list
Which of the following is true about an access control list (ACL)?
An ACL can describe a specific traffic type to allow or deny.
Which of the following operating systems is the most prevalent on the smartphone market?
Android
Mary is using her laptop at the local coffee shop. Before being allowed to their wireless internet, she was prompted to agree to the terms and conditions of using the network. Which wireless access method is the coffee shop using?
Captive portal
Robyn, a new employee, needs to choose a password to log into the system. She doesn't want to forget it, but she needs to meet certain criteria required by security. What should she do?
Choose a password that's easy to remember but doesn't include any personal information.
Joe, a bookkeeper, works in a cubicle environment and is often called away from his desk. Joe doesn't want to sign out of his computer each time he leaves. Which of the following is the BEST solution for securing Joe's workstation?
Configure the screen saver to require a password.
Which of the following technologies is a hypervisor substitute that separates resources at the operating system level?
Containerization
Robin, an IT technician, has implemented identification and detection techniques based on the ability to distinguish legitimate traffic from illegitimate traffic over the network. Which of the following is he trying to achieve?
Defend the network against IDS evasions.
Which of the following certification types has the lowest level of certificate assurance?
Domain
Which EAP protocol provides authentication using a protected access credential?
EAP-FAST
Which of the following is an advantage of setting up a federation?
Employees have easier onboarding.
Which of the following is an example of IAM?
Entering a PIN
A speaker was invited to a company-wide training meeting. When he arrived, he identified himself at the front desk, and the receptionist gave him directions on how to find the conference room. What important step did the receptionist miss?
Escorting him to the conference room
Which of the following validations require an extensive verification process, shows a padlock, business name, and country code?
Extended
Which of the following honeypot interaction levels can't be compromised completely and is generally set to collect information about attacks, like network probes and worms?
Low
Which of the following honeypot interaction levels simulates a real OS, its applications, and its services?
Medium
Which Bluetooth security mode uses Diffie-Hellman techniques for key exchange and generation?
Mode 4
An older technique for defeating honeypots is to use tarpits, which sometimes operate at different levels of the OSI model, depending on their function. Which of the following layers of the OSI model do tarpits work at?
OSI Layers 2 (Data Link layer), 4 (Transport layer), and 7 (Application layer)
Why is security for VMs more important than security for a physical machine?
One bad configuration could be replicated across your network.
What are multiple RADIUS servers that communicate with each other after establishing a trust relationship called?
RADIUS federation
Which method is used to limit and identify suspicious traffic by separating a network into manageable chunks?
Segmentation
Which of the following BEST describes signing in without single sign-on?
The website must have its own database of user credentials.
A honeypot is used for which purpose?
To delay intruders in order to gather auditing data
Which of the following tools enables security professionals to audit and validate the behavior of security devices?
Traffic IQ Professional
Which of the following BEST describes this image?
iOS operating system stack
Which of the following is an entity that issues digital certificates?
CA (Certificate Authority)
You are a cybersecurity specialist. ACME, Inc. has hired you to install and configure their wireless network. As part of your installation, you have decided to use Wi-Fi Protected Access 2 (WPA2) security on all of your wireless access points. You want to ensure that the highest level of security is used. Which of the following encryption protocols should you use to provide the highest level of security?
CCMP (Counter Mode Cipher Block Chaining Message Authentication Code Protocol)
An attacker is attempting to determine whether a system is a honeypot. Which of the following actions should the attacker take?
Craft a malicious probe packet to scan for services.
Manually adjusting the signal strength of a WAP can help mitigate which Wi-Fi vulnerability?
Data emanation
Which of the following is a trust relationship that exists between different organizations or applications?
Federation
The receptionist receives a call from a customer who asks for the customer support manager's name and email address to send them a thank you email. How should the receptionist proceed?
Forward the call to the help desk
Which of the following malware analysis approaches uses artificial intelligence and machine learning to run algorithms based on risk determined by if/then rules and looks for code similar to known malware code, which it flags and tests in a sandbox?
Heuristic-based analysis
Which of the following honeypot interaction levels simulates all services and applications and can be completely compromised by attackers to gain full access to a system in a controlled area?
High
Which of the following is a popular honeypot that can be used to create thousands of other honeypots?
Honeyd
Which of the following is a physical or virtual network device set up to masquerade as a legitimate network resource?
Honeypot
Which of the following should be designed to look and function like a real resource in order attract attackers?
Honeypot
What is the name of a computer on which a hypervisor runs to provide one or more virtual machines?
Host
Each user on a network must have a unique digital identity. Which of the following is this known as?
Identity and access management (IAM)
Which of the following is true regarding containerization?
If an attacker gains access to the operating system, they will have access to all containers.
Your company has had a problem with users getting hacked even though you have established strong password policies. What is the next logical step to increase your company's security?
Implement two or more methods of authentication.
According to OWASP, what is the number one risk for mobile devices?
Improper platform usage
You have many tools that are used when performing security audits, penetration testing, or other security-related tasks. Some of these tools are viewed as malicious software by Windows. You need to copy these tools to your Windows machine into the C:\Tools directory but need to prevent Microsoft Defender AV scans from quarantining the files you put there. What do you need to do to accomplish this?
In Windows Virus & threat protection settings, go to Manage settings and select Add or remove exclusions. Then ensure that the C:\Tools directory is added as an exclusion
Which of the following malware detection methods establishes a baseline for a system and then alerts the user if any suspicious changes occur? (This method cannot distinguish if a change is from malware, a system failure, or another cause.)
Integrity checking
A user might enter a password and then be prompted to enter a security code that's sent to his or her mobile device. Which of the following is this an example of?
Multi-factor authentication
During which phase of the IT asset life cycle do you perform maintenance, such as installing system updates and patches?
Operations
Which of the following is true regarding a screened subnet (demilitarized zone)?
Packet filters on the inner firewall of the screened subnet prevent unauthorized traffic from reaching the private network.
During pairing, what is exchanged between two devices to confirm the correct devices are being paired?
Passkey
Which devices are responsible for forwarding packets in a virtual network?
Physical networking devices
You are tasked with changing the certificate authority to require that all requests be placed in the pending state until processed by an administrator. You have started certsrv (the certificate authority console) and are looking at the certificate authority's properties. Which tab would you select to change the way certificate requests are handled?
Policy Module
During which phase of the IT asset life cycle do you determine what impact a new asset will have on the existing network and users?
Procurement
Which type of honeypot is a high-interaction honeypot that is deployed by research institutes, governments, or military organizations to gain detailed knowledge about the actions of intruders?
Research honeypot
Drag the vulnerability to the appropriate mitigation technique.
Run all processes using the least privileged account. Use secure web permissions and access control mechanisms. - Unused User Accounts and Services Disable the directory listing option and remove the ability to load non-web files from a URL. - File and Directory Management Use scripts and systems to compare file hash values with the master value to detect possible changes. - Website Changes Remove user input fields when possible. - HTTP Response Splitting Attacks
Which of the following allows users to sign into a single trusted account, such as Google or Facebook?
SSO (Single Sign-On)
Which of the following is a best practice for implementing security patches?
Security patches should be tested and implemented in a sandbox before being applied to all active systems.
After detecting a security incident that may have left your systems vulnerable to outside attack, you determine that a change is necessary. You want to reduce the impact of the threat as soon as possible, but you also want to follow your organization's change management procedures. Which of the following would be the BEST approach to this scenario?
Submit a high-priority change request and wait for the necessary approvals before making changes to the system.
You created a honeypot server using Pentbox. After a while, you go back to the honeypot server to see what it has been capturing. Which of the following can be gleaned from the results shown?
The operating system used by the attacker
A Windows web server that was reported as being compromised has been scanned, patched, and appears to be running properly with no indications that it is still compromised. The server is back in production, but users are complaining that they receive certificate errors when connecting to it. You did not perform the quarantine on the machine (a coworker did). They also performed the patching and scanning before putting it back to work in production. What might be causing the certificate errors?
The server certificate was revoked since the private key may have been compromised.
Which of the following BEST describes signing in with single sign-on?
The website's authentication server verifies the credentials.
Which of the following BEST describes steps in an active defense against DDoS attacks?
Train staff for warning signs, allow only necessary outside access to servers, and configure network devices' preexisting mitigation settings, like router throttling.
Which of the following is a benefit to implementing a virtual honeypot?
It is cost-effective.
Which of the following BEST describes an organization validation?
It shows a padlock icon next to the company's name.
Which of the following statements BEST describes VDI?
It starts a minimal operating system for a remote user to access.
Which of the following would BEST describe a multi-domain/subject alternative certificate?
Good for multiple domains and subdomains at a time
Each virtual machine created by a hypervisor is called a:
Guest
A company is in the process of hiring Jill, a new technician. HR has checked the background and references of the candidate. What are some next steps in the hiring process that HR should take?
Have her sign an NDA and AUPs. (Non-Disclosure Agreement and Acceptable Use Policies)
As an administrator, you may need to access internal company servers from home or from another location. Which of the following would be the most secure solution?
Install a dedicated jump server inside the firewall.
Which of the following web server countermeasures is implemented to fix known vulnerabilities, eliminate bugs, and improve performance?
Install patches and updates.
Roger, a security analyst, wants to tighten up privileges to make sure each user has only the privileges they need to do their work. Which of the following additional countermeasures could he take?
Instigate multi-factor authentication and authorization.
The ACME company has decided to implement wireless technology to help improve productivity. As the cybersecurity specialist for this company, you have the responsibility of ensuring that the wireless network is as secure as possible. Which of the following BEST describes one of the first countermeasures that should be used to ensure wireless security?
Use a Wi-Fi predictive planning tool to determine where to place your access points.
You want to properly dispose of papers with sensitive content. You want to ensure that it's nearly impossible for a dumpster diver to put the information back together. What should you do?
Use a crosscut shredder
Using sniffers has become one way for an attacker to view and gather network traffic. If an attacker overcomes your defenses and obtains network traffic, which of the following is the BEST countermeasure for securing the captured network traffic?
Use encryption for all sensitive traffic.
You have implemented a regular backup schedule for a Windows system, backing up data files every night and creating a system image backup once per week. For security reasons, your company has decided not to store a redundant copy of the backup media at an off-site location. Which of the following would be the best backup and storage option?
Use incremental backups and store them in a locked, fireproof safe. (Incremental backups back up every file that's changed since the last full or incremental backup)
Which of the following can be run as traditional software on a virtual machine?
VFA (Virtual Firewall Appliance)
Which of the following can be used to segment a network and group hosts by user, department, or function regardless of physical proximity while confining its traffic to its own network?
VLAN
Frank, a penetration tester, has gained access to your network. He decides to cause an illegal instruction to watch the timing. Which of the following is he testing for?
Virtual machine
You have outlined a new approach to IT security in your organization, pushing heavily for an active defense design. Which of the following tools and methods should you use? (Select two.)
- Implement anti-malware defenses. - Use honey pots to learn attackers' capabilities.
Members of the executive team have asked for an explanation as to why the bit size of an encryption key needs to be higher than the 56-bit RC4 they are using. They show you a screenshot of the research they've done on the powerful desktop computer they run, saying that none of the keys they are using will be in production for more than a year. They want to just keep using the smaller keys. How would you answer them?
A cluster or use of cloud computing could break this in a very short period of time.
Which cybersecurity approach seeks to asymmetrically put the odds in the security analyst's favor by using maneuverability of sensitive data, honeypots, and anti-malware programs?
Active defense approach
On rare occasions, an individual computer contains information that is highly confidential and must remain separated from both internal and external networks. Which of the following segmentation solutions would BEST achieve this goal?
Air gap
You are working for a company that has one domain and multiple subdomains. Which certificate type would you need?
Wildcard