test b CNT
Uses an authenticator to block communications between unauthorized users or workstations and the local network Requires the use of EAP and an authentication server Centrally secures access to server resources deployed within or across a non-secure network Restricts access to a LAN via a WAN link
802.1x 802.1x kerbeos PPP with chap
An administrator sets up a new virtualization server with virtual machines intended to run instances of a web-based application while following secure configuration guides from CIS for the operating system, hypervisor, webserver, and application server. What can the administrator use to confirm that all efforts to secure these components were successful or to find out what steps are recommended to bridge any gaps that might exist?
A benchmark
What is an example of IP theft?
A competitor's unauthorized use of your organization's original engineering documents
What is the main purpose of CCM that is designed from CSA?
A framework for cloud computing security controls that mitigate the risks associated with the adoption of cloud computing technology
Which statement about physical security controls is most accurate?
A security guard is an example of physical security control.
Which of the following statements about types of security controls is most accurate?
A single security control can be characterized as multiple control types.
Which of the following is an example of a corrective and compensating control?
A tape disk backup system that a regulatory agency approved for use in lieu of a required fault-tolerance solution for a period not to exceed six months
What connection type is very similar to Bluetooth but used by more specialized devices, such as sensors and fitness trackers?
ANT
When mitigating the effects of a cybersecurity incident, what can be done to achieve isolation through segmentation? Each correct answer represents a complete solution. Choose two.
Add a router or L3 switch Change firewall rules.
What could most easily be compromised by the mishandling of forensic material?
Admissibilityand
You have a lingering problem with mobile users who connect to untrusted Wi-Fi networks without enabling their VPN, out of forgetfulness or lack of technical knowledge. What technology might help solve the problem?
Always-on VPN
Among the options listed, which mitigation technique is known most for increasing security at the expense of flexibility?
Application whitelisting
How can web cookies be securely protected by a web application during transmission to a client? Each correct answer represents a complete solution. Choose all that apply.
By sending the Cookie HTTP header over a TLS session By setting the Secure attribute in the cookie
What is the industry term for a user-training method that pits teams against one another to see which one can most quickly and accurately accomplish the objectives of the competition?
CTF
While doing forensic investigation and gathering evidence, which of the following should you keep in mind?
Classify available evidence according to its order of volatility.
You're configuring a router and want it to check the properties of incoming traffic before passing it on. What will this require, at a minimum?
Configuring ACLs
Which part of the incident response process is represented by removing all but one data connection from an Ethernet switch, keeping only the compromised system attached?
Containment
Which of the following tools is used to sandbox suspected malware and report on what occurred during its execution?
Cuckoo
Click to select the encryption ciphers, and then drag them into the correct order of weakest to the strongest.
DES 3DES Blowfish AES
Your organization has a critical database full of customer PII, and a new employee was just authorized to use it. How would you best describe the role of the system administrator who configures user permissions in the database software?
Data custodian
Which privacy-enhancing technology cannot be reversed and, yet, has the distinguishing capability of either replacing private data in the database or retaining it and replacing it only when each record is read from the database, usually while keeping the format and structure of the fields it impacts?
Data masking
Click and drag the secure application-development environments into the order in which they are utilized during the creation and deployment process. Each item must be moved or clicked before submitting. Do not click Submit until each item is labeled with a number.
Development Test Staging Production
Which product of the BIA process should be consulted after a major outage caused by a meteorological event that affected Internet access and destroyed portions of the on-premises corporate data center after operations have been transferred to an offsite data center?
Disaster recovery plan
Which of the following factors has no effect on chain of custody, with regard to digital evidence that is presented to the court?
Documentation of the presiding judge and opposing counsel
During the investigation of the breach of a server, a security admin, working off the assumption that the attacker cracked the strongest encryption the organization has ever deployed, was surprised to discover that the attack succeeded through the compromise of a much weaker algorithm. Which of the following cryptographic attacks is characterized by these symptoms?
Downgrade
Concerning the rules of engagement of a penetration test, which statements accurately represent key concepts that should be covered? Each correct answer represents a complete solution. Choose three.
Duration and impact on operations Testing targets, including personnel for social engineering Communication expectations on the part of the teams
While conducting a penetration test, you've just managed to get access to a critical server. You are concerned, however, because you gained access through a session-hijacking attack that took both luck and precise timing and that you might be cut off at any time. Given potentially limited time, what should your next step be?
Establish persistence
One server closet has particularly sensitive equipment that's suffering network-data loss from EMI caused by a nearby electrical motor. You can't move either the equipment or the motor, so what option might help?
Faraday cage
After finishing a full antimalware scan on all drives in a server, a technician is convinced an infection of some sort persists. Which of the following malware variants would have evaded the scan that was performed?
Fileless virus
27701 27001 31000 27002
Focuses on personal data and privacy Details the steps to implement a compliant ISMS A framework for enterprise risk management Defines the various security controls in greater detail
Which of the following is a data analytics solution that strikes a compromise between requiring more powerful end devices to perform analysis on their own data and requiring more overall network bandwidth as the same raw data instead of regularly submitting to the cloud for analysis?
Fog computing
Recently, all mobile devices, including laptops and corporate-owned mobile phones were tagged with an RFID transponder. Now, whenever one of these devices leaves the corporate grounds, a log entry is created, and the mobile device of record for the responsible party, usually the user, receives an SMS message to alert them of the situation. What account policy has been enacted and put into production for these events to occur?
Geofencing
Which member role of the CSIRT/CIRT/CERT is most responsible for advising the team on matters regarding actions to be taken directly against offending or involved employees?
HR
Which solution is most likely to work in situations where VPN clients are unable to be installed on web-enabled systems and in environments where there are constraints against the deployment of robust VPN technologies?
HTML5
What are the benefits of a job rotation policy? Each correct answer represents a complete solution. Choose two.
Helps detect fraudulent activity over time Trains employees more broadly
What's one of the best ways to reduce the threat associated with dead code?
Implementing version control
ACLs that are secure by default are based on which assumption?
Implicit Deny
What is a valid comparison or difference between a reissued (revoked and replaced) and a renewed SSL certificate?
In either case, a new certificate is issued and must be installed on the server.
You have been asked to explain a few information security principles to a network infrastructure technician who has been in the industry for just a couple of years. After chatting a little while about threat actors, you decide to mention some of the attributes that differentiate attackers from one another, and which can help explain the types of attacks that can be expected from them. Which of the following might you decide to include in the conversation? Each correct answer represents a complete solution. Choose three.
Internal vs. externaland Well-funded vs. poorly-fundedand Motivation
Also known as after-action meetings and reports, what alternate name for these bears evidence to the importance of discussing and documenting the outcome of an incident response-team activation?
Lessons learned
What area of compliance requirements is part of all of the following regulations? HIPAA PCI DSS SOX GLBA FISMA
Log retention
If conducting a risk analysis results in a concerning discovery that an extremely valuable asset is subject to a threat vector that is capable of producing an impact nearly equal in value to that of the asset itself, which factor will positively affect your final assessment of risk for that asset?
Low likelihood of occurrence
Which tool can your organization use to remotely wipe a lost mobile phone when BYOD has been implemented in the enterprise?
MDM
What could you use to help with building a specific and detailed defense methodology against the recent attacks on your corporate network that rely on various forms of privilege escalation for success? You are looking for information on the nature of the attacks and how to detect them to be sure you are attempting to defend against the correct threat, in addition to actual mitigation techniques and advice.
MITRE ATT&CK
What solution is a good fit for small-to-medium-sized non-regulated businesses that find themselves in an unexpected growth spurt that leads to their confident, professional broad-scale security management in the extremely short term?
MSSP
In which category do security controls such as policies, employee training, and posted signs fall?
Managerial
Which of the following is an example of a detective control?
Motion sensor
You require your users to log on using a user name, password, and rolling 6-digit code sent to a keyfob device. They are then allowed computer, network, and email access. What type of authentication have you implemented? Each correct answer represents a part of the solution. Choose two.
Multifactor authentication Single sign-on
Which aspect of digital forensics is most concerned with the definitive and indisputable identification of the source of admissible evidence?
Non-repudiation
Which organization offers freely accessible top-ten lists and cheat sheets in the field of secure development of web applications?
OWASP
Which weak configuration concern is responsible for allowing an attacker's port scan traffic that targets HTTP to reach an intranet server from the Internet?
Open ports and services
What certificate formats commonly use the web-of-trust model?
OpenPGP
After a security incident, you rush to take a screenshot of a telltale running process before you leisurely take a backup of suspicious files on the hard drive. What forensic principle are you exercising?
Order of volatility
Bollards have recently been installed as a corrective control right outside your corporate office building. Under which category or type of control do bollards fall?
Physical
Which of the following techniques allows a threat actor to engage more in the act of eliciting information than in interview and interrogation of the victim?
Pretexting
Which privacy-enhancing technology performs a reversible substitution of PII, storing the private data elsewhere, reducing the likelihood that a breach of the records containing the non-private substituted information will lead to legal jeopardy for the organization entrusted with the PII?
Pseudo-anonymization
Your wireless network is configured in Enterprise mode based on 802.1X. What kind of server does it most likely use as a backend?
RADIUS
What application vulnerability can be exploited by providing a series of standard data inputs with a specific sequence and timing?
Race condition
Which authentication method allows a trusted system to vouch for the secure hardware and software configuration of another?
Remote attestation
What might be a less-expected intangible consequence to an organization's involvement in the breach of private information, even as a victim?
Reputation damage
What kind of proxy would you use to mediate communications between Internet-based clients and LAN-based servers?
Reverse
What is the difference between a playbook and a runbook?
Runbooks contain conditional steps for clearly defined processes, while playbooks are more broad and procedural, often containing multiple runbooks.
Which of the following are application attacks that directly target the database programs sitting behind web servers? Each correct answer represents a complete solution. Choose two.
SQL injectionand XML injection
What organization or cybersecurity framework specifies the Service Organization Control 2 (SOC2) Type I and Type II IT-security reports, which focus on security, confidentiality, privacy, integrity, and availability when storing and processing customer data, and that must be considered hig
SSAE
What category of attackers are defined by their limited sophistication and funding and a reliance on pre-packaged tools?
Script kiddies
What kind of attack is most likely when you're doing sensitive work on your laptop at a coffee shop?
Shoulder surfing
What class of attacks are access control vestibules designed to mitigate?
Social engineering
What authentication factor or attribute works well as a form of non-repudiation because, although it is sometimes able to be hidden, often the subject doesn't realize it can be detected?
Something you exhibit
Which of the following is a risk associated with storing data with a cloud provider vs. storing the same data on-premises?
Sovereignty
Which of the following statements about legacy platforms is the least accurate?
Surrounding legacy systems with newer ones creates a more secure digital environment.
Which of the following statements concerning Syslog and SIEM is most accurate?
Syslog offers central log collection; SIEM draws upon those log entries for analysis.
What cryptographic tool is commonly built into a motherboard?
TPM
Why might an administrator decide to employ an enterprise MDM solution to deny support for USB OTG on mobile devices?
The connector on the mobile devices is used simultaneously for charging and for data transfer.
Which of the following statements about wireless disassociation attacks is accurate?
The only information that the attacker requires is the MAC addresses of the AP and victim's station.
A manufacturer that relies on purchasing various components for the fabrication of their finished products made the decision to work only with suppliers that use a particular blockchain solution to track individual items along the supply chain. What is the key feature of a private blockchain that assures the manufacturer that the status transformation of any given component along its journey cannot be forged or corrupted, ensuring all status updates are verified accurately?
The public ledger
In order to get a better mental picture of the operating environment of a critical enterprise server, you perform a manual review of three separate lists labeled System, Application, and Security. What is the purpose of these lists that you have decided to review in this way?
They are log files that you can use to inspect the various severity levels of the entries as well as their attributable sources.
If a policy requires regular password changes, why would you set a minimum password age?
To keep users from bypassing history requirements
An e-commerce vendor that accepts payment by credit and debit cards hired a consultant to look evidence for a data breach; the vendor suspects that it impacted customer PII used during return-customer transactions. Upon completing a thorough analysis, the consultant informs the vendor that there was indeed an exfiltration of private customer information. Furthermore, the consultant reveals that the information that was harvested was not adequately secured according to PCI DSS requirements because the primary account numbers (PANs) were hashed using MD5 and placed in local unencrypted storage locations. What technique might the consultant recommend for compliant storage of customer payment-card information?
Tokenization
Which of the following is an example of technology diversity?
Use of Windows, Linux, and Mac systems
What would be an example of a lateral movement attack?
Using credentials discovered while on one system against another
What solution does Amazon Web Services (AWS) offer for entirely private in-cloud communications between a virtual server and certain AWS cloud services, which avoids such risks as the need to communicate across the Internet with public IP addresses and availability issues?
VPC endpoints
Which of the following attacks are characterized by maliciously looking for wireless signals? Each correct answer represents a complete solution. Choose two.
Wardriving war flying
A co-worker issued the tcpdump udp -w example.pcapng command. You received an email on your Windows system with the example.pcapng file attached. Trusting the source and understanding the behavior of .pcapng files, you chose to double-click the attachment to open the file. What most likely happened next?
Wireshark opened with the UDP datagrams captured in the example.pcapng file displayed in the packet list pane.
A forensic specialist discovered that an intruder infiltrated a system as a standard user and was therefore unable to remove evidence of their attack to evade detection. The specialist found log entries and inconsistent version-tracking metadata. What is the collective term for the various sources of evidence that an attacker might leave behind?
artifacts
You've traced some anomalous network activity to malware that's infected a whole department's computers. The computers are processing a distributed task using spare CPU cycles, communicating with a remote server, and sending emails to random targets. What kind of malware is it?
botnet
Which common utility for creating complete disk images was enhanced by the Defense Computer Forensics Lab to include features valuable to the field of forensics, such as hashing on-the-fly and image verification?
dd
Which tool allows you to see the log entries that have been created on the local system and output them to one of a variety of standard log formats?
journalctl
A user is having difficulty accessing the Internet. After a bit of investigating, you find there are more users who are having problems. You determine that all of the affected systems are on a set of subnets that use the same pair of DNS servers. Users whose systems do not use those DNS servers have no trouble accessing the Internet as they normally do. You want to query a public DNS server from the same subnet having issues for an FQDN that the user's system failed to resolve. Which CLI tools could you use to accomplish this goal?
nslookup dig
Which of the following social engineering tactics are employed by the familiar "Act now! Supplies are limited!" phrases commonly heard during television and radio infomercials? Each correct answer represents a part of the solution. Choose two.
scarcity urgency
Which of the following Linux commands or command sets copies the existing SSH public key of the default identity of the currently logged workstation account, alice@WS01, to the necessary server location under the alice@SERVER01 account to establish remote access without a password from the alice@WS01 account to the alice@SERVER01 account, which already exists and allows remote password access?
ssh-copy-id alice@SERVER01