CompTIA Sec+ ITN 260 Study Guide
preparing incident response plans
Identifying the attack, containing its spread, recovering, and improving the defenses can be done by which of the following? a. Using access control lists b. Using access control schemes c. Preparing incident response plans d. Using Weak accounts
d. Controller AP
Imani has been asked to purchase wireless LAN controllers (WLCs) for the office. What type of APs must she also purchase that can be managed by a WLC? a. Fat AP b. Standalone AP c. Any type of AP can be managed by a WLC d. Controller AP
b. SAE
In WPA3, what is designed to increase security at the handshake, when keys are being exchanged, even if the password is small or weak? a. OWE b. SAE c. PEAP d. CCMP
Shimming
In a device driver manipulation attack, which of the following changes a device driver's existing code design?
Type II hypervisor
In a practical test, you are given a computer with a Windows host OS. You are asked to install a guest machine with Linux OS. What should you do? a. Use Type I hypervisor program b. Use Type II hypervisor program c. Use a container hypervisor d. Use a hardware hypervisor
Attribute-based access control
In a security meeting, you are asked to suggest access control schemes in which you have high flexibility when configuring access to the enterprise resources.Which of the following should you suggest? Mandatory access control Attribute-based access control Rule-based access control Role-based access control
A DMZ will separate the secure facilities from unknown and potentially hostile outsiders.
In a security review meeting, you proposed a demilitarized zone for one of your company's data centers. You were then asked to explain the objective of having a DMZ in the data centers. Which of the following should be your answer?
chmod
In an interview, you are asked to change the permissions of a file on a Linux system so that the file can only be accessed by its owner. Which of the following tools should you use?
A person's vein can be used to uniquely authenticate an individual.
In an interview, you are asked to compare the following statements regarding different authentication concepts and identify the correct statement. Which of the following statements is correct? A windowed token displays a static code. Physiological biometrics is relating to the way in which the mind functions. A person's vein can be used to uniquely authenticate an individual. A HMAC-based one-time password (HOTP) changes after a set period of time.
MITM
In an interview, you are given the following scenario:David sent a message to Tina saying, "There is no school today!" For some reason, the message showed up on Tina's device as, "Come to the school ASAP!" You (the candidate) are asked to name the type of attack that would cause this situation.Which of the following should you identify?
A software-defined network virtualizes parts of the physical network to be more quickly and easily reconfigured.
In an interview, you are provided the following statements regarding virtualization security. Which statement should you identify as correct? a. Software-defined visibility (SDV) is a framework that allows users to make any network structure transparent. b. A software-defined network virtualizes parts of the physical network to be more quickly and easily reconfigured. c. A user can make a sandbox before performing extensive modifications or alterations to a virtual machine (VM). d. A guest operating system that has remained dormant is updated when the underlying host operating system is updated.
The supplicant sends a request to the access point (AP). The AP prompts the user for credentials. Once credentials are entered, the AP sends an authentication request to the RADIUS server. If verified, the server sends the authentication acknowledgment to the AP. The user is then authorized to join the network.
In an interview, you were asked to explain the steps involved in a successful authentication by a RADIUS server. How should you answer? The supplicant prompts the user for the credentials. On entering the credentials, the supplicant sends a request to the access point (AP). The AP then sends an authentication request to the RADIUS server.If verified, the server sends an authentication acknowledgment to the AP. The user is then authorized to join the network. The access point (AP) prompts the user for credentials. On entering the credentials, the AP sends a request to the supplicant. The supplicant sends an authentication request to the RADIUS server.If verified, the server sends an authentication acknowledgment to the AP. The user is then authorized to join the network. The access point (AP) sends a request to the supplicant. The supplicant prompts the user for the credentials. On entering the credentials, the supplicant sends an authentication request to the RADIUS server. If verified, the server sends an authentication acknowledgment to the supplicant, and the user is authorized to join the network. The supplicant sends a request to the access point (AP). The AP prompts the user for credentials. Once credentials are entered, the AP sends an authentication request to the RADIUS server. If verified, the server sends the authentication acknowledgment to the AP. The user is then authorized to join the network.
active-active
In which of the following configurations are all the load balancers always active? a. Active-load-passive-load b. Active-passive c. Passive-active-passive d. Active-active
This is due to a buffer overflow attack.
Jennifer created an e-learning web application where a login form has to be filled by the user entering the application. Jennifer created an 8-byte buffer for the user name file while developing the application. One day, the application halted with denial of service. An attack on the web application due to the incorrect entry of input values in the login screen was then discovered.What caused the denial of service issue?
Non-intrusive Credentialed
John is appointed as a vulnerability assessment engineer in a financial organization. An audit report published by a third-party auditing firm revealed that most of the web servers have cross-site scripting and XML entity injection vulnerabilities. John has been told to perform a vulnerability assessment on these servers to verify if the audit report is valid. He is also told that he should not attempt to engage or exploit any vulnerabilities. By applying his knowledge of vulnerability assessment concepts, which type of vulnerability scanning should John use?a. Intrusive non-credentialedb. Intrusive credentialedc. Non-intrusive credentialedd. Non-intrusive non-credentialed
Downgrade attack because, in a downgrade attack, an attacker forces the system to abandon the current mode of operation and instead move it to implement a less secure mode.
Joseph, a white hat hacker, is approached by Sigma Technology to check the enterprise's security. He is told that the system is being checked to verify whether the higher-security mode of operations is moved automatically to another version during a cyberattack on the network, making it easier to attack. Which mode should Joseph use to test this vulnerability, and why?
d. Policy-based firewall
Leah is researching information on firewalls. She needs a firewall that allows for more generic statements instead of creating specific rules. What type of firewall should Leah consider purchasing that supports her need? a. Proprietary firewall b. Hardware firewall c. Content/URL filtering firewall d. Policy-based firewall
NAS
Linnea is researching a type of storage that uses a single storage device to serve files over a network and is relatively inexpensive. What type of storage is Linnea researching? a. ARI b. NAS c. RAID d. SAN
dns sinkhole
Maja has been asked to investigate DDoS mitigations. Which of the following should Maja consider? a. IP denier b. DDoS Prevention System (DPS) c. DNS sinkhole d. MAC pit
Cryptomalware
Malware to remain in place for as long as possible, quietly mining in the background.
change control policy
Margaux is reviewing the corporate policy that stipulates the processes to be followed for implementing system changes. Which policy is she reviewing? a. Change format policy b. Change modification policy c. Change management policy d. Change control policy
b. Disaster recovery planning
Mary Alice has been asked to help develop an outline of procedures to be followed in the event of a major IT incident or an incident that directly impacts IT. What type of planning is this? a. Risk IT planning b. Disaster recovery planning c. Business impact analysis planning d. IT contingency planning
d. It is a framework for transporting authentication protocols.
Maryam is explaining the Extensible Authentication Protocol (EAP). What would be the best explanation of EAP? a. It is a technology used by IEEE 802.11 for encryption. b. It is the transport protocol used in TCP/IP for authentication. c. It is a subset of WPA2. d. It is a framework for transporting authentication protocols.
MAC cloning attack
Max found someone is impersonating him after discovering that data sent to him was always being received by someone else in his enterprise network. He informed the network administrator about the issue. While inspecting the switch, the administrator discovered that the threat actor was another employee at the same enterprise.As a senior security consultant, which of the following attacks should you mention in the charge sheet?
Perform backdoor installation
Meta is a penetration testing engineer assigned to pen test the security firm's network. So far, she cannot tunnel through the network looking for additional systems accessible through advanced privileges. What should Meta do to gain repeated and long-term access to the system in the future? a. Perform privilege escalation b. Perform backdoor installation c. Perform data exfiltration d. Perform lateral movement
c. EAP-FAST
Minh has been asked to recommend an EAP for a system that uses both passwords and tokens with TLS. Which should she recommend? a. EAP-TTLS b. EAP-TLS c. EAP-FAST d. EAP-SSL
a. Network Location
Molly needs to access a setting in Microsoft Windows Group Policy to change the type of a network to which a computer is attached. Which setting must Molly change? a. Network Location b. Wi-Fi/Wired Network Policy c. Network Config d. Network Type
MFP
Multifunction Printer
c. Deprovisioning resources that are no longer necessary
Nadia has been asked to perform dynamic resource allocation on specific cloud computing resources. What action is Nadia taking? a. Creating security groups to segment computing resources into logical groupings that form network perimeters b. Decreasing the network bandwidth to the cloud c. Deprovisioning resources that are no longer necessary d. Expanding the visibility of intrusion prevention devices
web-of-trust model
Not typically used in a PKI. You'll most often see this type of model used in smaller groups or organizations, typically in those that allow individual users to generate their own public and private key pairs.
a. Bluesnarfing
Nyla is investigating a security incident in which the smartphone of the CEO was compromised and confidential data was stolen. She suspects that it was an attack that used Bluetooth. Which attack would this be? a. Bluesnarfing b. Bluejacking c. Blueswiping d. Bluestealing
PaaS
Oliwia has been given a project to manage the development of a new company app. She wants to use a cloud model to facilitate the development and deployment. Which cloud model will she choose? a. PaaS b. XaaS c. IaaS d. SaaS
Hierarchal Trust Model
Only one CA signs certificates
Transport mode (IPsec)
Only the payload of an IP packet is protected
Tainted training data for machine learning (ML)
PDC Bank is working on creating an AI application that enables customers to send SMS to the AI application to allow banking activities from their registered ID. Jane, the project engineer, has taken bank customer data from the last few years from the server and is using it to train the ML to recognize and authenticate actual users and to ensure unauthorized users are barred from entering the application.Suppose the AI application has been compromised, and the reason has been identified as compromised data being used to improve the ML accuracy. What kind of attack is the PDC Bank application subjected to? a. Adversarial artificial intelligence b. ML algorithm security c. Tainted training data for ML d. Spyware
Whaling attack
Phishing attacks that attempt to trick highly placed officials or private individuals with sizable assets into authorizing large fund wire transfers to previously unknown entities.
Spear Phishing Attack
Phishing attacks that target large groups of people. the perpetrators find out as much information about an individual as possible to improve their chances that phishing techniques will be able to obtain sensitive, personal information
PUP
Potentially Unwanted Program
Operational Tecnology
Proteus has been asked to secure endpoints that can be programmed and have an IP address so that they cannot be used in a DDoS attack. What is the name for this source of DDoS attack? a. Application b. Operational Technology c. Network d. IoT
UDP (User Datagram Protocol)
Protocol that operates instead of TCP in applications where delivery speed is important and quality can be sacrificed.
Lateral movement
Quinton has been asked to analyze the TTPs of an attack that recently occurred and prepare an SOP to hunt for future treats. When researching the recent attack, Quinton discovered that after penetrating the system, the threat actor moved through the network using elevated credentials. Which technique was the threat actor using to move through the network?
Rachel should set the least functionality for both servers and user desktops.
Rachel has taken over as a systems administrator of Creative Network, which has a network of 300 computers in two different domains. Rachel has been instructed by the CEO to ensure all employees have access to a certain set of folders on the server. The individual workstations may have the personal data of employees in a particular folder. She was informed that there have been previous instances where employees misused the machines.What policy should Rachel be setting in individual user machines and servers?
a. Data custodian/steward
Raul has been asked to serve as the individual to whom day-to-day actions have been assigned by the owner. What role is Raul taking? a. Data custodian/steward b. Data controller c. Data privacy officer d. Data processor
Removeable Media Attack Vector
Removable devices such as USBs, SD cards, and the like can be the perfect means of introducing malware into a network or extracting sensitive data from it
Something you are (Biometrics)
Ricky entered a restricted lab by scanning his finger on the fingerprint scanner outside the door. Which type of authentication credential allowed Ricky to enter the lab? a. Someone you know. b. Something you have. c. Something you are. d. Something you can do.
b. Electronic locks keep track of the accessing time and user identity.
Rob made a physical security review report of his organization in which he proposed replacing physical locks with electronic ones. Which of the following is the best justification for Rob to include in his report? a. Electronic locks are invulnerable b. Electronic locks keep track of the accessing time and user identity. c. Physical locks are time-consuming and easy to forget to lock and unlock. d. Physical locks are difficult for most users to manage.
Configure the switch so that no changes can be done once a port is assigned to a MAC address
Sansa is a network security administrator at an enterprise. She is asked to take appropriate steps to defend against a MAC address spoofing attack in the enterprise network. Which of the following methods should Sansa apply? Close all unused ports in the switch so that old MAC addresses are not allowed Configure the switch so that only one port can be assigned per MAC address Increase the capacity of CAM to allow for an increased volume of MAC addresses Configure the switch so that no changes can be done once a port is assigned to a MAC address
Credentialed Scan
Scan in which the scanning computer has an account on the computer being scanned that allows the scanner to do a more thorough check looking for problems that can not be seen from the network.
SSTP
Secure Socket Tunneling Protocol. A tunneling protocol that encrypts VPN traffic using SSL over port 443.
Initiation
Shaun is an external penetration testing consultant. The Chief Information Security Officer (CISO) of the organization he is working with indicated that none of the internal higher management executives should receive any kind of spear-phishing emails during Shaun's testing. Which part of the rules of engagement would cover this limitation?
on-premises platform
Software and technology located within the physical confines of an enterprise, which is usually consolidated in the company's data center.
Firmware
Software that is permanently stored in a chip. The BIOS on a motherboard is an example of firmware.
STIX (Structured Threat Information eXpression)
Structured language for describing cyber threat information so it can be shared, stored, and analyzed in a consistent manner. The STIX whitepaper describes the motivation and architecture behind STIX.
SCADA
Supervisory Control and Data Acquisition
b. MSSPs
The CEO is frustrated by the high costs associated with security at the organization and wants to look at a third party assuming part of their cybersecurity defenses. Nikola has been asked to look into acquiring requests for proposal (RFPs) from different third parties. What are these third-party organizations called? a. MPSs b. MSSPs c. MHerrs d. MSecs
Firmware
The company that developed the office productivity software used on both static and mobile devices by your organization has audited some code and noticed a potential security issue. To address the issue, they have released and automatically scheduled an update to ensure that all users receive it.Which of the following might still be vulnerable after the patch?
c. The system is highly resilient.
The mean time to recovery (MTTR) of a system is zero. What does this imply? a. The system is not resilient to distractions. b. The system cannot be recovered. c. The system is highly resilient. d. The system cannot be recovered quickly
Lateral movement
The process by which an attacker is able to move from one part of a computing environment to another.
Data exfiltration
The process by which an attacker takes data that is stored inside of a private network and moves it to an external network.
Sideloading
The process of copying an application package to a mobile device. It is useful for developers when testing apps, but can be risky if users sideload unauthorized apps to their device.
d. Impossible Travel
Thea has received a security alert that someone in London attempted to access the email account of Sigrid, who had accessed it in Los Angeles one hour before. What feature determined an issue and send this alert to Thea? a. Incompatible Location b. Risky IP address c. Remote IP address d. Impossible Travel
a. Only use compiled and not interpreted Python code.
Theo uses the Python programming language and does not want his code to contain vulnerabilities. Which of the following best practices would Theo NOT use? a. Only use compiled and not interpreted Python code. b. Use caution when formatting strings. c. Download only vetted libraries. d. Use the latest version of Python.
a. DNS poisoning attack
Tomaso is explaining to a colleague the different types DNS attacks. Which DNS attack would only impact a single user? a. DNS poisoning attack b. DNS hijack attack c. DNS overflow attack d. DNS resource attack
TAXII
Trusted Automated eXchange of Intelligence Information
SMishing (SMS Phishing)
Typically, certain employees of an organization get texts that update them on various IT activities. If there is a support ticket or downtime, they will receive texts to let them know about the activity. They have started to receive some messages via text instructing them to call the IT help desk at the provided number. When they call the help desk number, a recording asks them for their employee ID.Assuming that the IT department did not send those texts, which of the following social engineering attacks is this?
Wireless Attack Vector
Utilize a wireless network to modify an access point configuration, create a less-secure entry point to the network (rogue access point), perform an evil twin attack (collect authentication details), exploit protocol vulnerabilities
The port is disabled, and no traffic will be sent or received by the port.
What action does a BPDU guard take when a BPDU is received from an endpoint and not a switch? The port remains active, and no traffic will be received by the port, but it can still send traffic. The port remains active, and the traffic will be forwarded to another port. The port is disabled, and no traffic will be sent by the port while it can still receive traffic. The port is disabled, and no traffic will be sent or received by the port.
ACLs
What can be used to provide both filesystem security and database security? a. RBASEs b. CHAPs c. ACLs d. LDAps
Online UPS
What device is always running off its battery while the main power runs the battery charger? a. Backup UPS b. Secure UPS c. Offline UPS d. Online UPS
a. Copies all files changed since the last full or incremental backup
What does an incremental backup do? a. Copies all files changed since the last full or incremental backup b. Copies all files c. Copies all files since the last full backup d. Copies only user-selected files
a. Server resources of the cloud are inconspicuous to the end user.
What does the term "serverless" mean in cloud computing? a. Server resources of the cloud are inconspicuous to the end user. b. The cloud network configuration does not require any servers. c. Servers are run as VMs. d. All appliances are virtual and do not interact with physical servers.
a. The command-language interpreter for Linux/UNIX OSs
What is Bash? a. The command-language interpreter for Linux/UNIX OSs b. A substitute for SSH c. The underlying platform on which macOS is built d. The open source scripting language that contains many vulnerabilities
Deceiving Attackers
What is NOT a firewall feature? a. Packet filtering b. URL filtering c. Network address translation d. Deceiving attackers
d. The maximum length of time that can be tolerated between backups
What is a definition of RPO? a. Length of time it will take to recover data that has been backed up b. How a backup utility reads an archive bit c. The frequency that data should be backed up d. The maximum length of time that can be tolerated between backups
d. RFID is designed for paper-based tags while NFC is not
What is a difference between NFC and RFID? a. NFC devices cannot pair as quickly as RFID devices. b. NFC is based on wireless technology while RFID is not. c. RFID is faster than NFC. d. RFID is designed for paper-based tags while NFC is not
b. A thin client is a computer that runs from resources stored on a central cloud server.
What is a thin client? a. A thin client is a computing device with limited storage capacity used for latency reduction. b. A thin client is a computer that runs from resources stored on a central cloud server. c. A thin client is a type of virtualized hardware with computing capabilities. d. A thin client is a computer that runs from resources stored on the localized hard drive.
firewall that runs in the cloud
What is a virtual firewall? a. A firewall that runs in an endpoint virtual machine b. A firewall that runs in the cloud c. A firewall that blocks only incoming traffic d. A firewall appliance that runs on a LAN
b. Creating the copy of data by obfuscating sensitive elements
What is data masking? a. Encrypting of files to prevent unauthorized access b. Creating the copy of data by obfuscating sensitive elements c. Protecting sensitive data using strong authentication d. Hiding the data to prevent unauthorized access
b. Time offset
What is the amount of time added to or subtracted from Coordinated Universal Time to determine local time? a. Daylight savings time b. Time offset c. Greenwich Mean Time (GMT) d. Civil time
MTTR
What is the average amount of time that it will take a device to recover from a failure that is not a terminal failure? a. RTO b. RPO c. MTTR d. MTBF
d. DoS attacks use fewer computers than DDoS attacks.
What is the difference between a DoS and a DDoS attack? a. DoS attacks do not use DNS servers as DDoS attacks do. b. DoS attacks are faster than DDoS attacks. c. DoS attacks use more memory than DDoS attacks. d. DoS attacks use fewer computers than DDoS attacks.
c. The ARP cache is compromised.
What is the result of an ARP poisoning attack? a. Users cannot reach a DNS server. b. An internal DNS must be used instead of an external DNS. c. The ARP cache is compromised. d. MAC addresses are altered.
It is the process of running a user desktop inside a VM residing on a server.
What is virtual desktop infrastructure? a. It is the process of running a user desktop inside a VM residing on a server. b. It is the process of virtualizing hardware for different uses. c. It is the process of using a virtual network to access the cloud. d. It is the process of maintaining compliance between cloud and on-premises networks.
Quantitative
When assessing expected annual monetary loss due to risks, you found that the expected loss from your customer database was twice as high as the expected loss from your product database. You used these figures to justify allocating more resources to protect the customer database. Which risk assessment was used here? a. Risk control self-assessment b. Qualitative risk assessment c. Quantitative risk assessment d. Risk likelihood assessment
SAE
Which WPA3 security feature is designed to increase security at the time of the handshake? a. SAE b. MIT c. OWE d. WEP
MAC
Which access control scheme is the most restrictive? a. Role-Based Access Control b. MAC c. Rule-Based Access Control d. DAC
NDA non disclosure
Which agreement specifies how confidential material will be shared between certain parties but restricted to others? a. Service-level agreement b. Memorandum of understanding c. Nondisclosure agreement d. Business partnership agreement
Forward Proxy
Which application intercepts user requests from the secure internal network and then processes them on behalf of the user?
TAXII (Trusted Automated eXchange of Indicator Information)
Which application protocol is used to exchange cyber threat intelligence over HTTP?
Disassociation
Which attack creates false deauthentication management frames that appear to come from another client device, which causes the client to disconnect from AP? a. Bluesnarfing b. Disassociation c. Injecting malware d. Jamming
d. Man-in-the-browser (MITB)
Which attack intercepts communications between a web browser and the underlying OS? a. DIG b. ARP poisoning c. Interception d. Man-in-the-browser (MITB)
zero-day vulnerability
Which category of cybersecurity vulnerability is exploited by attackers before anyone else knows about it?
Impossible travel
Which cloud app security features check the last login's location and current login attempts to restrict login if found suspicious? Geo-tagging Geolocation Geofencing Impossible travel
Iaas
Which cloud model requires the highest level of IT responsibilities? a. IaaS b. Hybrid cloud c. PaaS d. SaaS
Public
Which commercial data classification level would be applied to a data set of the number of current employees at an organization and would only cause a small amount of harm if disclosed? a. Open b. Confidential c. Public d. Private
WPS
Which configuration of WLANs has the following flaws? The last PIN character is only a checksum. The PIN is divided into two shorter values. There is no lockout limit for entering PINs. a. WEP b. WPS c. MAC d. WPA
Lightweight Cryptography
Which cryptography method provides cryptographic solutions uniquely customized to low-power devices that need to manage resources instead of security constraints?
Forward proxy server
Which device intercepts internal user requests and then processes those requests on behalf of the users? a. Forward proxy server b. Intrusion prevention device c. Reverse proxy server d. Host detection server
NFC
Which devices are used as a contactless alternative to cash or a credit card payment system? a. Bluetooth b. NFC c. RFID d. WLAN
Allow
Which firewall rule action implicitly denies all other traffic unless explicitly allowed? a. Force Allow b. Force Deny c. Allow d. Bypass
Private key
Which keys are supposed to be kept confidential and not shared with anyone?
Data link layer
Which layer of the OSI model is targeted by the threat actors for layer 2 attack? a. Physical layer b. Application layer c. Data link layer d. Transport layer
SSH
Which of the below cryptographic protocol is an encrypted alternative to the Telnet protocol used to access remote computers?
Personal account
Which of the following accounts is the least vulnerable to cyberattacks? a. Generic account b. Shared account c. Personal account d. Guest account
Data Sovereignty
Which of the following are country-specific requirements that apply to data? a. Data minimization b. Data sovereignty c. Data destruction d. Data masking
Data anonymization
Which of the following are country-specific requirements that apply to data? a. Data minimization b. Data sovereignty c. Data destruction d. Data masking
A mantrap is a small space with two separate sets of interlocking doors.
Which of the following best describes a mantrap? A mantrap is a challenge given to cybersecurity experts. A mantrap separates threat actors from defenders. A mantrap cools a server room by trapping body heat. A mantrap is a small space with two separate sets of interlocking doors.
Comparing a known digest with an unknown digest
Which of the following best describes a preimage attack? Cracking picture-based passwords Cracking the password by trying all possible alphanumeric combinations Comparing a known digest with an unknown digest Embedding password-logging malware in an image file
Technology devices that may contain evidence
Which of the following best describes artifacts? a. Methods followed by attackers b. Temporary files stored in the RAM c. Technology devices that may contain evidence d. Permanent files stored on hard disks
Process spawning control
Which of the following best describes attacks due to application vulnerabilities that trick the vulnerable application(s) into producing more executable files in the system?
Movement of data from one server to another within a data center
Which of the following best describes east-west traffic? Movement of data from an unsecured endpoint to a server outside a data center Movement of data from one server to another within a data center Movement of data from one unsecured endpoint to another Movement of data from a router to an enterprise switch
Trying a common password on different user accounts
Which of the following best describes password spraying? a. Cracking the password of a user by trying all possible alphanumeric combinations b. Trying a common password on different user accounts c. Creating a wordlist using stolen passwords d. Creating a unique password using uppercase, lowercase, numerals, and special symbols
d. Prevent certain applications from launching that will consume too much power
Which of the following can a UPS NOT perform? a. Prevent any new users from logging on b. Disconnect users and shut down the server c. Notify all users that they must finish their work immediately and log off d. Prevent certain applications from launching that will consume too much power
metadata
Which of the following can be a log data source for investigating a security breach? a. rsyslog b. nxlog c. metadata d. journalctl
Windows Active Directory
Which of the following can be used to enforce strong credential policies for an organization? a. Acceptable Use Policy b. Windows Active Directory c. Windows Defender d. Windows Firewall
high interaction honey pot
Which of the following contains honeyfiles and fake telemetry? a. Attacker-interaction honeypot b. High-interaction honeypot c. Honeyserver d. Honeypotnet
Containment space
Which of the following does NOT describe an area that separates threat actors from defenders? a. Containment space b. Secure area c. DMZ d. Air gap
Stream
Which of the following encrypts one character at a time? a. ECB b. CBC c. Stream d. Block
Fingerprint
Which of the following functions does a network hardware security module NOT perform? a. Key exchange b. Random number generator c. Fingerprint authentication d. Key management
Trusted domain
Which of the following is NOT a Microsoft defense against macros? a. Protected View b. Trusted domain c. Trusted location d. Trusted documents
a. Update Active Directory to indicate the device is vulnerable.
Which of the following is NOT a NAC option when it detects a vulnerable endpoint? a. Update Active Directory to indicate the device is vulnerable. b. Connect to a quarantine network. c. Deny access to the network. d. Give restricted access to the network.
TPM includes a pseudorandom number generator
Which of the following is NOT a characteristic of a trusted platform module (TPM)? a. TPM provides cryptographic services in hardware instead of software. b. TPM generates asymmetric cryptographic public and private keys. c. TPM can easily be transported to another computer. d. TPM includes a pseudorandom number generator.
b. Visible resource pooling
Which of the following is NOT a characteristic of cloud computing? a. Metered services b. Visible resource pooling c. Immediate elasticity d. Universal client support
c. Bandwidth utilization
Which of the following is NOT a cloud computing security issue? a. System vulnerabilities b. Compliance regulations c. Bandwidth utilization d. Insecure APIs
d. Send alerts to virtual firewalls
Which of the following is NOT a feature of a next-generation SWG? a. DLP b. Analyze traffic encrypted by SSL c. Can be placed on endpoints, at the edge, or in the cloud d. Send alerts to virtual firewalls
d. Visibility
Which of the following is NOT a firewall rule parameter? a. Visibility b. Time c. Context d. Action
b. IEEE 802.iw separate
Which of the following is NOT a means by which a threat actor can perform a wireless denial of service attack? a. Disassociation b. IEEE 802.iw separate c. Jamming d. Manipulate duration field values
d. Time-stamped log data
Which of the following is NOT a problem associated with log management? a. Multiple devices generating logs b. Large volume of log data c. Different log formats d. Time-stamped log data
It can be invoked prior to system boot
Which of the following is NOT a reason that threat actors use PowerShell for attacks? a. It cannot be detected by antimalware running on the computer. b. Most applications flag it as a trusted application. c. It leaves behind no evidence on a hard drive. d. It can be invoked prior to system boot.
Robustness
Which of the following is NOT an element that should be part of a BCP? a. Diversity b. High availability c. Robustness d. Scalability
d. Containers require a full OS whenever APIs cannot be used.
Which of the following is NOT correct about containers? a. Containers start more quickly. b. Containers include components like binary files and libraries. c. Containers reduce the necessary hard drive storage space to function. d. Containers require a full OS whenever APIs cannot be used.
d. They require that specific security appliances be located on-prem so that the local data center can be considered as a qualified Zone.
Which of the following is NOT correct about high availability across zones? a. In a cloud computing environment, reliability and resiliency are achieved through duplicating processes across one or more geographical areas. b. An Availability Zone (AZ) is one or more data centers within a Region—each with redundant power, networking, and connectivity. c. They are more highly available, fault tolerant, and scalable than would be possible with a single data center. d. They require that specific security appliances be located on-prem so that the local data center can be considered as a qualified Zone.
Access
Which of the following is NOT part of the AAA framework? a. Accounting b. Authorization c. Authentication d. Access
c. It is being phased out and replaced by PowerShell.
Which of the following is NOT true about VBA? a. It is included in select non-Microsoft products. b. It is commonly used to create macros. c. It is being phased out and replaced by PowerShell. d. It is built into most Microsoft Office applications.
Geo-spatial
Which of the following is NOT used to identify or enforce what mobile devices can do based on the location of the device? a. Geo-tagging b. Geolocation c. Geo-spatial d. Geofencing
memdump
Which of the following is a Linux utility that displays the contents of system memory? a. memdump b. dd c. WinHex d. Autopsy
SSTP
Which of the following is a VPN protocol?
Policy
Which of the following is a document that outlines specific requirements or rules that must be met? a. Guideline b. Framework c. Policy d. Specification
COOP
Which of the following is a federal initiative that is designed to encourage organizations to address how critical operations will continue under a broad range of negative circumstances? a. MTBF b. COOP c. DPPR d. BIA
sFlow
Which of the following is a packet sampling protocol that gives a statistical sample instead of the actual flow of packets? a. sFlow b. IPFIX c. journalctl d. NetFlow
Industrial Camouflage
Which of the following is a physical security measure? a. Secured socket layer b. Full disk encryption c. Industrial camouflage d. Packet analysis
Keylogger
Which of the following is a snooping malware?
sn1per
Which of the following is a third-party OS penetration testing tool? a. theHarvester b. scanless c. Nessus d. sn1per
Tcpreplay
Which of the following is a tool for editing packets and then putting the packets back onto the network to observe their behavior? a. Tcpdump b. Tcpreplay c. Packetdump d. Wireshark
Gait Recognition
Which of the following is a valid biometric authentication method? a. Gait recognition b. Weight recognition c. Height recognition d. Speech recognition
DDoS attack
Which of the following is an attack that affects data availability? a. Rogue AP b. MAC address c. On-path attack d. DDoS attack
RADIUS
Which of the following is an authentication system that uses UDP over TCP? RADIUS. Shibboleth TACACS+ OAuth
enhanced boot security
Which of the following is an improvement of UEFI over BIOS?
MAC address schema
Which of the following is not a basic configuration management tool? a. Diagrams b. Standard naming convention c. Baseline configuration d. MAC address schema
Pathping
Which of the following is the Windows network analysis tool that checks the connection to each hop between source and destination?
CPU Cache
Which of the following is the most fragile and should be captured first in a forensics investigation? a. Kernel statistics b. RAM c. ARP cache d. CPU cache
Security Keys
Which of the following is the safest authentication method? a. Authentication using an SMS OTP b. Authentication using a smartphone c. Authentication using security keys d. Authentication using a smart card
a. It provides a central repository.
Which of the following is true about secrets management? a. It provides a central repository. b. It requires AES-512. c. It can only be used on-prem for security but has a connection to the cloud. d. It cannot be audited for security purposes.
Tabletop
Which of the following is typically a monthly discussion of a scenario conducted in an informal and stress-free environment to evaluate an incident response plan? a. Tabletop b. Walkthrough c. Incident Response Plan Evaluation (IRP-E) d. Simulation
Transport mode
Which of the following only encrypts the IP packet data and leaves the header unencrypted?
Online certificate status protocol (OCSP)
Which of the following performs a real-time lookup of a certificate status?
Onboarding and Offboarding
Which of the following policies propose using non-disclosure agreements (NDA)? Onboarding and offboarding Mandatory vacation Acceptable use policy Separation of duties
Acceptable Use
Which of the following policies restricts the introduction of malicious programs into an enterprise network or server? a. Asset management b. Onboarding and offboarding c. Data governance d. Acceptable use
SNMPv3
Which of the following protocols can protect network equipment from unauthorized access? a. POP3 b. IMAP c. SNMPv3 d. DNSSEC
FTK imager
Which of the following provides multiple forensic tools in a single interface? a. memdump b. winhex c. FTK imager d. GNU dd
SFTP
Which of the following provides the highest level of security? a. FTP b. SFTP c. XFTP d. FTPS
Hot site
Which of the following recovery sites is more expensive to maintain? a. Hot site b. Cold site c. Warm site d. Onsite
Jailbreaking
Which of the following refers to the method by which an iOS user can access root privileges on the device?
Proximity
Which of the following sensors can detect an object that enters the sensor's field? a. Object recognition b. IR verification c. Field detection d. Proximity
Segmentation
Which of the following should be performed in advance of an incident? a. Isolation b. Segmentation c. Containment d. Capture
Phishing
Which of the following social engineering attacks continues to be a primary weapon used by threat actors?
Hierarchical Trust Model
Which of the following trust models has only one CA signing digital certificates?
Hacktivist
Which of the following types of hackers are strongly motivated by ideology? a. Brokers b. Grey hat hackers c. Hacktivists d. Criminal syndicates
Proprietary
Which of the following typical commercial data classifications is least important? a. Private b. Proprietary c. Confidential d. Sensitive
Confidential
Which of the following typical commercial data types can be considered more highly sensitive than the others? a. Confidential b. Private c. Critical d. Public
SDN
Which of the following virtualizes parts of a physical network? a. SDV b. SDA c. SDX d. SDN
Eliminate APIs
Which of the following will NOT protect a container? a. Eliminate APIs. b. Use a hardened OS. c. Only use containers in a protected cloud environment. d. Use reduced-visibility images to limit the risk of a compromise.
a. Percentage availability of systems
Which of the following will a BIA NOT help determine? a. Percentage availability of systems b. Identification of critical systems c. Single point of failure d. Mission-essential functions
b. PIN method
Which of these Wi-Fi Protected Setup (WPS) methods is vulnerable? a. Push-button method b. PIN method c. Piconet method d. Click-to-connect method
UTM
Which of these appliances provides the broadest protection by combining several security functions?
Open Method
Which of these does not require authentication? a. PSK b. Enterprise method c. Open method d. Initialization method
c. Speed of implementation
Which of these is NOT a factor in determining restoration order? a. Alternative business practices b. Dependencies c. Speed of implementation d. Process of fundamental importance
b. Wireless endpoints must be manually approved to connect to the WLAN.
Which of these is NOT a risk when a home wireless router is not securely configured? a. An attacker can steal data from any folder with file sharing enabled. b. Wireless endpoints must be manually approved to connect to the WLAN. c. Malware can be injected into a computer connected to the WLAN. d. Usernames, passwords, credit card numbers, and other information sent over the WLAN could be captured by an attacker.
a. WNIC probe
Which of these is NOT a type of wireless AP probe? a. WNIC probe b. AP probe c. Dedicated probe d. Wireless device probe
Reporting
Which of these is NOT an incident response process step? a. Recovery b. Lessons learned c. Eradication d. Reporting
c. User experience (UX)
Which of these is NOT created and managed by a microservices API? a. Logs b. Authentication c. User experience (UX) d. Database
b. Data within the application message itself
Which of these is NOT used in scheduling a load balancer? a. Affinity b. Data within the application message itself c. The IP address of the destination packet d. Round-robin
IV
Which of these is a 24-bit value that changes each time a packet is encrypted and then is combined with a shared secret key? a. SL b. RC c. IV d. SSD
ACL
Which of these is a set of permissions that is attached to an object? a. Entity attribute (EnATT) b. Object modifier c. SRE d. ACL
d. MAC addresses are initially exchanged unencrypted.
Which of these is a vulnerability of MAC address filtering in a WLAN? a. The user must enter the MAC. b. Not all operating systems support MACs. c. APs use IP addresses instead of MACs. d. MAC addresses are initially exchanged unencrypted.
CCMP
Which of these is the encryption protocol for WPA2? a. CPB b. CMAC-RSTS c. CBD-MAC d. CCMP
Framework core
Which part of the NIST Cybersecurity frameworks defines the activities needed to attain the different cybersecurity results?
SEND
Which protocol can send cryptographic confirmation that an endpoint is who it claims to be so that ARP poisoning is hindered? a. DNSSEC b. SFTP c. SEND d. SMTP
STP
Which protocol is used to prevent looping in a switch? STP SSTP SMTP SSL
a. It dynamically assigns roles to subjects based on rules.
Which statement about Rule-Based Access Control is true? a. It dynamically assigns roles to subjects based on rules. b. It is no longer considered secure. c. It requires that a custodian set all rules. d. It is considered a real-world approach by linking a user's job function with security.
It contains servers that are used only by internal network users.
Which statement regarding a demilitarized zone (DMZ) is NOT true? a. It can be configured to have one or two firewalls. b. It contains servers that are used only by internal network users. c. It typically includes an email or web server. d. It provides an extra degree of security.
d. Wi-Fi Direct
Which technical specification of the Wi-Fi Alliance is the same as ad hoc mode in a Wi-Fi network? a. Dynamic ad hoc b. Ad hoc II c. Alliance IBSS d. Wi-Fi Direct
Diffusion
Which technique added to cryptographic algorithms can change a single character of plaintext into multiple characters of ciphertext?
ABAC
Which type of access control scheme uses predefined rules that makes it the most flexible scheme? a. DAC b. MAC c. NAC d. ABAC
d. Type I
Which type of hypervisor runs directly on the computer's hardware? a. Type IV b. Type II c. Type III d. Type I
Anomaly monitoring
Which type of monitoring methodology looks for statistical deviations from a baseline? a. Behavioral monitoring b. Anomaly monitoring c. Heuristic monitoring d. Signature-based monitoring
Hot site
Which type of site is essentially a duplicate of the production site and has all the equipment needed for an organization to continue running? a. Warm site b. Hot site c. Cold site d. Replicated site
Credentialed scan
Which type of vulnerability scan mimics the work of a threat actor who has already exploited a vulnerability and compromised credentials to access the network?
hping
Which utility sends custom TCP/IP packets? a. pingpacket b. shape c. hping d. curl
Dedicated probe
Which wireless probe is designed exclusively to monitor the airwaves for RF transmissions? a. Access point probe b. Dedicated probes c. Desktop probe d. Wireless device probe
Data custodian
Who implements access control based on the security level determined by the data owner? Data custodian Data controller Data privacy officer Data processor
a. It has a better user interface and supports remote troubleshooting.
Why is the UEFI framework considered to be better than the BIOS framework? a. It has a better user interface and supports remote troubleshooting. b. It restricts the hardware support to less than 1TB, offering better security than BIOS. c. It can identify the virus and malware in a device before the system is launched. d. It comes with additional features of OS hardening and anti-intrusion systems.
Transit gateway
Wiktoria is frustrated that her company is using so many different cloud services that span multiple cloud provider accounts and even different cloud providers. She wants to implement a technology to give full control and visibility over all the cloud resources, including network routing and security. What product does Wiktoria need? a. CASB b. Thin virtual visibility appliance (TVVA) c. Transit gateway d. SWG
A rule is set to allow all packets from 112.101.2.1 through 112.101.2.22
You are analyzing the settings for your network's firewall. There is currently a log-only rule set for the source address 112.101.2.4. Which of the following configuration may create a log entry? A rule is set to bypass all packets from 112.101.2.4. A rule is set to bypass all packets from 112.101.1.1 through 112.101.2.5. A rule is set to deny all packets from 112.101.1.1 through 112.101.2.11. A rule is set to allow all packets from 112.101.2.1 through 112.101.2.22
Cloud platform
You are hired by a startup company as a security expert. You are asked to choose an effective method to host all the enterprise's services, which must be highly secure, easily scalable, and cost-effective.Which of the following platforms is ideal in this situation?
d. You should perform a remote wipe.
You are the security administrator for an enterprise that follows the bring your own device (BYOD) deployment model. What is the first action that you should take to protect sensitive enterprise data from exposure if an employee device is stolen and can't be located? a. You should seek the help of legal authorities. b. You should search for the thief on your own. c. You should change the data access credentials. d. You should perform a remote wipe.
Virtual desktop infrastructure (VDI)
You are the security administrator in your organization and have been asked to choose a deployment method that ensures the utmost security, where the data is stored in a centralized server and can be accessed by authorized employees using their own devices. Which of the following should you choose? a. Virtual desktop infrastructure (VDI) b. Choose your own device (CYOD) c. Corporate-owned personally enabled (COPE) d. Corporate-owned devices (COD)
You should add salt to the passwords before hashing.
You are working as a security admin in an enterprise. While you were analyzing different password attacks, you found that whenever an individual user's password gets cracked, another user with the same password residing in the same password digest file also has their account compromised. How should you prevent this from happening in the future? You should add salt to the passwords before hashing. You should tell the users not to use the same passwords. You should store the digest files in a password vault. You should run key stretching algorithms on the passwords.
d. Rely on the stationary fire suppression system
You are working in a data center when you suddenly notice a small fire in the server room. Which of the following measures should you take to suppress the fire? a. Use a Faraday cage b. Use a handheld fire extinguisher c. Rely on the water sprinkler system d. Rely on the stationary fire suppression system
Change the account expiration settings
You have been hired as a security administrator. While analyzing your organization's personnel policies, you notice the presence of multiple orphaned accounts. How should you handle this situation? Change the account expiration settings Change the domain group policy for password history Change the 'accounts password ages Change the domain group policy for password complexity
b. IEEE 802.1x
You have been instructed to set up a system in a conference room where only trusted employees can access both the secure internal corporate network and the internet, and public users are restricted from accessing the internet from the same network. Which protocol or standard should you use? a. EAP-TLS b. IEEE 802.1x c. EAP-FAST d. CBC-MAC
Security Keys
You want to install a non-biometric authentication method to reduce overall costs. Which of the following is the best fit? a. Keystroke dynamics b. Face recognition c. Gait recognition d. Security keys
Password Vault
You want to use different passwords for different accounts by remembering just one password. Which of the following tools fits your need? a. Hardware module b. Password vault c. Windowed token d. PDKF2
Set up a network access control
Your enterprise network's security was breached when a non-employee connected a device to the network. In a security review meeting, you were asked to employ appropriate measures to prevent this from happening in the future while, at the same time, continuing to allow outsiders to connect to the network. Which of the following actions should you take? a. Set up a virtual private network b. Set up an access control list c. Set up a network access control d. Set up data loss prevention
b. Make a force allow rule for source address 192.168.20.73.
Your firewall is configured to deny all packets from the address range 192.110.20.30-192.110.20.100, but you want to allow packets from 192.168.20.73. How should you resolve this issue? a. Make an allow rule for the source address 192.168.20.73. b. Make a force allow rule for source address 192.168.20.73. c. Make a deny rule for source address 192.168.20.73. d. Make a log-only rule for source address 192.168.20.73.
d. Evil twin
Zariah is writing an email to an employee about a wireless attack that is designed to capture the wireless transmissions from legitimate users. Which type of attack is Zariah describing? a. Bluetooth grabber b. Rogue access point c. WEP-II d. Evil twin
c. Reduction in broadband costs
Zuzana is creating a report for her supervisor about the cost savings associated with cloud computing. Which of the following would she NOT include on her report on the cost savings? a. Scalability b. Resiliency c. Reduction in broadband costs d. Pay-per-use
Phishing
a form of social engineering that involves communication via email, phone or text requesting a user take action, such as navigating to a fake website
Keylogger
a malicious program that records keystrokes.
packet filtering
a process that uses various fields in a packet's IP and TCP headers to decide what to do with the packet
Third Party Vulnerability
a security problem detected in the third-party libraries loaded in your environment.
Wireless device probe
a standard wireless device such as a portable laptop computer, can be configured to act as a wireless probe
Supply chain vector attack
a type of cyber attack that targets organizations by focusing on weaker links in an organization's supply chain
bot attack
a type of cyber attack that uses automated scripts to disrupt a site, steal data, make fraudulent purchases, or perform other malicious actions
Rootkit attack
a type of malware program that enables cyber criminals to gain access to and infiltrate data from machines without being detected
syslog-ng
a. nxlog b. syslog-ng c. syslog d. rsyslog
backdoor installation
achieved by taking advantage of vulnerable components in a web application
black hat hackers
break into other people's computer systems and may just look around or may steal and destroy information
White-hat hackers (ethical hackers)
break into systems for non-malicious reasons, such as to test system security vulnerabilities or to expose undisclosed weaknesses
Vishing Attack
instead of using email threat actors use telephone calls
Split tunnel
ofie needs to configure the VPN to preserve bandwidth. Which configuration would she choose? a. Wide tunnel b. Full tunnel c. Narrow tunnel d. Split tunnel
TCP (Transmission Control Protocol)
provides reliable, ordered, and error-checked delivery of a stream of packets on the internet. TCP is tightly linked with IP and usually seen as TCP/IP in writing.
Control Risk
risk that a material misstatement will get through the internal control structure and into the financial statements
Spyware
software that enables a user to obtain covert information about another's computer activities by transmitting data covertly from their hard drive.
URL filtering
the ability to filter traffic based on a web address
Initial compromise
the attacker successfully executes malicious code on one or more corporate systems. This usually occurs as the result of a social engineering attack or exploitation of a vulnerability on an Internet-facing system.
Legacy platforms
used to describe systems that are no longer being marketed or supported
Functional Recovery Plan
A BIA can be a foundation for which of the following? a. Contingency reaction plan b. Resumption assessment plan c. Site risk assessment d. Functional recovery plan
PathPing
A TCP / IP command that provides information about latency and packet loss on a network.
netstat
A TCP/IP utility that shows the status of each active connection.
Forward Proxy
A computer or an application program that intercepts user requests from the internal secure network and then processes those requests on behalf of the users.
Reverse Proxy
A computer or an application program that routes incoming requests to the correct server.
grey hat hackers
A cross between black and white—they will often illegally break into systems merely to flaunt their expertise to the administrator of the system they penetrated or to attempt to sell their services in repairing security breaches.
Software vulnerability
A flaw or weakness in a computer program that hackers or malware can exploit to gain access to a system or damage it.
Type I hypervisor
A hypervisor that can run directly on a computer without an underlying host operating system.
Type II hypervisor
A hypervisor that requires a host operating system.
SSL (Secure Sockets Layer)
A method of encrypting data to provide security for communications over networks such as the Internet. TLS (Transport Layer Security) is a later version on SSL
DoS attack (Denial of Service attack)
A network attack in which an attacker disables systems that provide network services by consuming a network link's available bandwidth, consuming a single system's available resources, or exploiting programming flaws in an application or operating system.
cloud platform
A pay-per-use computing model in which customers pay only for the online computing resources they need.
Transport Layer Security (TLS)
A protocol based on SSL 3.0 that provides authentication and encryption, used by most servers for secure exchanges over the Internet.
Race condition
A race condition is an undesirable situation that occurs when a device or system attempts to perform two or more operations at the same time,
Buffer Overflow
A technique for crashing by sending too much data to the buffer in a computer's memory
Distributed trust model
A trust model that has multiple CAs that sign digital certificates.
Bridge trust model
A trust model with one CA that acts as a facilitator to interconnect all other CAs.
Intrusive scan
A vulnerability scan that attempts to employ any vulnerabilities which it finds, much like a threat actor would.
nonintrusive scan
A vulnerability scan that does not attempt to exploit the vulnerability but only records that it was discovered.
non-credentialed scan
A vulnerability scan that provides no authentication information to the tester.
Privately share their findings regarding the zero-day vulnerability with the e-commerce company.
A zero-day vulnerability has been found in an e-commerce website used to purchase electronics. Neither the website owner nor the general public knows about the vulnerability; it was discovered by a computer security specialist making a purchase. What should the specialist do? a. Make a report of the zero-day vulnerability and launch it to the public to make them aware. b. Be a broker and sell this zero-day vulnerability to the potential buyers so that they can decide for themselves what to do with it. c. Privately share their findings regarding the zero-day vulnerability with the e-commerce company. d. Ignore it; it is not the specialist's job to alert the website's owner about the vulnerability.
This is most probably a bot attack
ABC Automobiles is a large manufacturing company based in Munich, Germany. To ensure productivity, all departments like Finance, Purchase, Sales, R&D, Management, etc., are using computers, and for security, each department is placed in different physical and logical networks while interconnected. Johnson, the Vice President of IT, has requested your service in identifying a problem. Details provided by Johnson and your initial probe include the following: The problem started a few weeks ago in the sales department. Videos of six employees working on the computer are shared outside the organization without the users switching on the cameras or the webcam. Their personal phone numbers and email IDs are also found compromised from these devices. At specific times during the day, these computers exhibited substantial amounts of network traffic. Johnson removed these compromised machines from the network immediately to avoid vulnerabilities spreading in the network. He monitored these machines for any unusual behavior for 40 continuous hours. He could not find anything unusual, except that employees who were using these machines were receiving spam messages on their phones. He also scanned these computers using antivirus software but could not find any viruses. He connected these machines back to the network after these checks, but the computers showed the same behaviors. While the infected machines were off the network, a few other machines started showing similar issues, including sudden network traffic during certain times. What is your inference based on the discussion with Johnson?
Access point probe
APs can detect neighboring APs
c. Near field communication (NFC)
Aaliyah has been asked to do research in a new payment system for the retail stores that her company owns. Which technology is predominately used for contactless payment systems that she will investigate? a. Wi-Fi b. Bluetooth c. Near field communication (NFC) d. Radio frequency ID (RFID)
c. Accounting refers to recording actions of a user on enterprise resources.
Accounting is an important security concept in an enterprise environment. Which of the following best describes accounting in this context? a. Accounting refers to keeping track of all financial activities of the enterprise. b. Accounting refers to effective financial management for cybersecurity. c. Accounting refers to recording actions of a user on enterprise resources. d. Accounting refers to maintaining security devices in compliance with enterprise policies.
RFID
Adabella was asked by her supervisor to adjust the frequency spectrum settings on a new AP. She brought up the configuration page and looked through the different options. Which of the following frequency spectrum settings would she NOT be able to adjust? a. Channel width b. Frequency band c. Channel selection d. RFID spectrum
Community Cloud
Aleksandra, the company HR manager, is completing a requisition form for the IT staff to create a type of cloud that would only be accessible to other HR managers like Aleksandra who are employed at manufacturing plants. The form asks for the type of cloud that is needed. Which type of cloud would best fit Aleksandra's need? a. Group cloud b. Community cloud c. Public cloud d. Hybrid cloud
Fog
Alicja is working on a project to deploy automated guided vehicles on the industrial shop floor of the manufacturing plant in which she works. What location of computing would be best for this project? a. Remote b. Fog c. Off-premises d. Edge
SSH (Secure Shell)
Allows a user to communicate with a remote device; does use encryption.
Tunnel mode
An IPsec mode that encrypts both the header and the data portion.
Authentication Header (AH)
An IPsec protocol that authenticates that packets received were sent from the source identified in the header of the packet.
Encapsulating Security Payload (ESP)
An IPsec protocol that provides authentication, integrity, and encryption services.
Integer overflow
An application attack that attempts to use or create a numeric value that is too big for an application to handle. Input handling and error handling thwart the attack.
Privilege escalation
An attack that exploits a vulnerability in software to gain access to resources that the user normally would be restricted from accessing.
Direct Access Attack Vector
An attack vector in which a threat actor can gain direct physical access to the computer.
Integer overflow
An attack where the threat actor changes the value of the variable outside of the programmer's intended range is known as _____________.
Control risk
An enterprise's annual financial statement reported an overall profit when there was actually a loss. Which of the following risks has occurred? a. Inherent risk b. Residual risk c. Control risk d. Internal risk
API attacks
Application programming interface attacks. Attacks on an API. API attacks attempt to discover and exploit vulnerabilities in APIs.
Playbook
Blaise needs to create a document that is a linear-style checklist of required manual steps and actions needed to successfully respond to a specific type of incident. What does she need to create? a. Runbook b. Playbook c. ARC Codebook d. SIEM-book
Digital signature algorithm
Bob is sending a message to John. Which algorithm should John use to ensure that Bob is the actual sender of the message and not anyone else?
Password Spraying
Brute force attack in which multiple user accounts are tested with a dictionary of common passwords.
d. Host table and external DNS server
Calix was asked to protect a system from a potential attack on DNS. What are the locations he would need to protect? a. Web browser and browser add-on b. Reply referrer and domain buffer c. Web server buffer and host DNS server d. Host table and external DNS server
Call Manager
Check My Work What is a platform used to provide telephony, video, and web conferences that can serve as an entry point to a threat actor? a. Call manager b. SIP c. IP voice d. VoIP
a. It must be used on HTML5 compliant devices.
Check My Work Which of the following is NOT correct about L2TP? a. It must be used on HTML5 compliant devices. b. It does not offer encryption. c. It is used as a VPN protocol. d. It is paired with IPSec.
a. It is designed primarily to backup data.
Check My Work Which of the following is NOT true about RAID? a. It is designed primarily to backup data. b. It can be implemented in hardware or software. c. Nested levels can combine other RAID levels. d. The most common levels of RAID are Level 0, 1, 5, 6, and 10
a. Service account
Cheryl has been asked to set up a user account explicitly to provide a security context for services running on a server. What type of account will she create? a. Service account b. Privilege account c. Generic account d. User account
SMishing (SMS Phishing)
Combine SMS with phishing, and you have the technique called smishing. With smishing, attackers send fraudulent text messages in an attempt to gather information like credit card numbers or passwords.
Tainted Training Data for ML
Confusing machine learning with bad training
Lightweight cryptography
Cryptographic algorithms with reduced compute requirements that are suitable for use in resource-constrained environments, such as battery-powered devices.
Supply chain
David, a software engineer, recently bought a brand new laptop because his enterprise follows the BYOD (bring your own device) model. David was part of a software development project where the software code was leaked before its release. Further investigation proved that a vulnerability in David's laptop caused the exposure. David insists he never used the laptop to access any network or integrate any devices, and the laptop was kept in a vault while not in use. Which of the following attack vectors was used by the threat actor?
d. MAC flooding attack
Deacon has observed that the switch is broadcasting all packets to all devices. He suspects it is the result of an attack that has overflowed the switch MAC address table. Which type of attack is this? a. MAC overflow attack b. MAC cloning attack c. MAC spoofing attack d. MAC flooding attack
Dedicated probe
Designed to Exclusively monitor the Rf Frequency for Transmissions
Logic bomb attack
Designed to activate and execute its destructive payload when a specific condition or trigger is met
Desktop probe
Desktop computer used as probe
Shimming Attack
Develop and implement additional code in drivers to enable malicious activity
Diamond Model of Intrusion Analysis
Ella wants to research an attack framework that incorporates adversary, infrastructure, capability, and victim. Which of the following would she choose? a. Cyber Kill Chain b. Diamond Model of Intrusion Analysis c. Basic-Advanced Incident (BAI) Framework d. Mitre ATT&CK
c. Stateful packet filtering
Emilie is reviewing a log file of a new firewall. She notes that the log indicates packets are being dropped for incoming packets for which the internal endpoint did not initially create the request. What kind of firewall is this? a. Connection-aware firewall b. Packet filtering firewall c. Stateful packet filtering d. Proxy firewall
Assymetric Cryptography
Encryption that uses a Two different keys to encrypt and decrypt a message.
Symmetric cryptography
Encryption that uses a single key to encrypt and decrypt a message.
cat
Eros wants to change a configuration file on his Linux computer. He first wants to display the entire file contents. Which tool would he use? a. head b. show c. display d. cat
b. Two-person integrity/control
Estevan has recommended that the organization hire and deploy two security guards in the control room to limit the effect if one of the guards has been compromised. What is Estevan proposing? a. Dual observation protocol (DOP) b. Two-person integrity/control c. Compromise mitigation assessment (CMA) d. Multiplayer recognitiom
d. It allows an attacker to bypass network security configurations.
Fatima has just learned that employees have tried to install their own wireless router in the employee lounge. Why is installing this rogue AP a security vulnerability? a. It uses the weaker IEEE 80211i protocol. b. It requires the use of vulnerable wireless probes on all mobile devices. c. It conflicts with other network firewalls and can cause them to become disabled. d. It allows an attacker to bypass network security configurations.
a. Captive portal
Flavio visits a local coffee shop on his way to school and accesses its free Wi-Fi. When he first connects, a screen appears that requires him to agree to an acceptable use policy (AUP) before continuing. What type of AP has he encountered? a. Captive portal b. Rogue portal c. Control portal d. Authenticated portal
b. Confidentiality
For which of the following is the Encapsulating Security Protocol (ESP) applied? a. Authentication b. Confidentiality c. Key management d. Applications
Desktops
For which of the following systems is resilience through redundancy the least important? a. Desktops b. Servers c. Data d. Networks
The devices should present a cost-effective solution for consumers.
Frank is authorized to issue mandatory security guidelines for IoT device manufacturers in the United States. Which of the following guidelines should Frank NOT issue? a. The devices' embedded systems should use network protocols that have advanced security features. b. The devices should have authentication features. c. The devices should present a cost-effective solution for consumers. d. The devices should receive updates provided by the manufacturer at least once every six months.
traceroute
Gregory wants to look at the details about the patch a packet takes from his Linux computer to another device. Which Linux command-line utility will he use? a. tracert b. traceroute c. tracepacket d. trace
Hacktivists/Hactivism
Hacktivists are threat actors that are driven by a political agenda. They abuse digital technology to accomplish their goals, which may include: Demonstrations Propaganda Social change campaigns Fame
Masking
Hanna has received a request for a data set of actual data for testing a new app that is being developed. She does not want the sensitive elements of the data to be exposed. What technology should she use? a. Tokenization b. Masking c. Data Object Obfuscation (DOO) d. PII Hiding
Unified environment management (UEM) tool
Hassan has been asked to choose a mobile management tool that can provide a single management interface for application, content, and device management. Which of the following is the best solution?
c. It detects when a BPDU is received from an endpoint.
How does BPDU guard provide protection? a. BPDUs are encrypted so that attackers cannot see their contents. b. All firewalls are configured to let BPDUs pass to the external network. c. It detects when a BPDU is received from an endpoint. d. It sends BPDU updates to all routers.
