Cybersecurity Principles Final Practice Exam
You have conducted a risk analysis to protect a key company asset. You identify the following values: o Asset value = 400 o Exposure factor = 75 o Annualized rate of occurrence = 0.25 What is the annualized loss expectancy (ALE)? - 25 - 75 - 100 - 175 - 475
75
You are adding switches to your network to support additional VLANs. Unfortunately, the new switches are from a different vendor than the current switches. Which standard do you need to ensure that the switches are supported? - 802.3 - 802.1Q - 802.1x - 802.11
802.1Q
A remote access user needs to gain access to resources on the server. Which of the following processes are performed by the remote access server to control access to resources? - Authentication and authorization - Identity proofing and authentication - Authentication and accounting - Authorization and accounting - Identity proofing and authorization
Authentication and authorization
An organization's receptionist received a phone call from an individual claiming to be a partner in a high-level project and requesting sensitive information. The individual is engaging in which type of social engineering? - Social validation - Persuasive - Authority - Commitment
Authority
You have been hired as part of the team that manages an organization's network defense. which security team are you on? - White - Red - Blue - Purple
Blue
A collection of zombie computers have been set up to collect personal information. Which type of malware do the zombie computers represent? - Botnet - Logic bomb - Trojan horse - Spyware
Botnet
Which of the following attacks is a form of software exploitation that transmits or submits a longer stream of data than the input variable is designed to handle? - Data diddling - Time-of-check to time-of-use attack - Buffer overflow attack - Smurf attack
Buffer overflow attack
You want to connect a laptop computer running Windows to a wireless network. The wireless network uses multiple access points and WPA2-Personal. You want ot use the strongest authentication and encryption possible. SSID broadcast has been disabled. What should you do? - Configure the connection to use 802.1x auth and TKIP encryption - Configure the connection to use 802.1x auth and AES encryption - Configure the connection with a pre-shared key and AES encryption - Configure the connection with a pre-shared key and TKIP encryption
Configure the connection with a pre-shared key and AES encryption
You want to store your computer-generated audit logs in case they are needed in the future for examination or to be used as evidence in the event of a security incident. Which method can you use to ensure that the logs you put in storage have not been altered when you use them in the future? - Create a hash of each log - Store the logs in an offsite facility - Make two copies of each log and store each copy in a different location - Encrypt the logs
Create a hash of each log
A security administrator logs onto a Windows server on her organization's network. Then she runs a vulnerability scan on that server. Which type of scan was conducted in this scenario? - Non-credentialed scan - Non-intrusive scan - Intrusive scan - Credentialed scan
Credentialed scan
An attacker uses an exploit to push a modified hosts file to client systems. This hosts file redirects traffic from legitimate tax preparation sites to malicious sites to gather personal and financial information. Which kind of exploit has been used in this scenario? - Man-in-the-middle - Domain name kiting - Reconnaissance - DNS poinsoning
DNS poisoning
Which type of denial-of-service (DoS) attack occurs when a name server receives malicious or misleading data that incorrectly maps host names and IP addresses? - DNS poisoning - Spam - ARP poisoning - SYN flood
DNS poisoning
Which type of password attack employs a list of pre-defined passwords that it tries against a login prompt? - Downgrade attack - Collision attack - Dictionary attack - Birthday attack
Dictionary attack
When you conduct a forensic investigation, which of the following initial actions is appropriate for preserving evidence? - Stop all running processes. - Turn off the system - Document what is on the screen - Remove the hard drive
Document what is on the screen
You have been given a laptop to use for work. You connect the laptop to your company network, use it form home, and use it while traveling. You want to protect the laptop from internet-based attacks. Which solution should you use? - Proxy server - Network-based firewall - Hos-based firewall - VPN concentrator
Host-based firewall
You are concerned about attacks directed against the firewall on your network. You want to be able to identify and be notified of any attacks. In addition, you want the system to take immediate action to stop or prevent the attack, if possible. Which tool should you use? - IDS - Port scanner - Packet sniffer - IPS
IPS
To obtain a digital certificate and participate in a public key infrastructure (PKI), what must be submitted and where? - Identifying data wiht the MAC and IP address to the root certificate authority (CA) - Identifying data with the 3DES block cipher to the hosting certificate (CA) - Identifying data and a certification request to the registration authority (RA) - Identifying data and a secret key request to the subordinate distribution authority (DA)
Identifying data and a certification request to the registration authority (RA)
Which of the following describes a false positive when using an IPS device? - The source address identifying a non-existent host - Legitimate traffic being flagged as malicious - The source address matching the destination address - Malicious traffic masquerading as legitimate traffic - Malicious traffic not being identified
Legitimate traffic being flagged as malicious
The chain of custody is used for which purpose? - Listing people coming into contact with the evidence - identifying the owner of the evidence - Detailing the timeline between creation and discovery of evidence - Retaining evidence integrity
Listing people coming into contact with the evidence
Which steps in the penetration testing life cycle is accomplished suing rootkits or Trojan horse programs? - Gain access - Enumeration - Maintain access - Reconnasisance
Maintain access
You want to use a tool to scan a system for vulnerabilities, including open ports, running services, and missing patches. Which tool should you use? - Wireshark - LC4 - OVAL - Nessus
Nessus LC4 is for password cracking Wireshark is wireshark OVAL is a set of standards
Which of the following is the MOST likely to happen if the firewall managing traffic into the DMZ fails? - Nothing will happen - all devices will stay protected - The LAN is compromised but the DMZ stays protected - All devices in the DMZ and LAN will be compromised - Only the servers in the DMZ are compromised but the LAN will stay protected
Only the servers in the DMZ are compromised but the LAN will stay protected
Which of the following Security Orchestration, Automation, and Response (SOAR) system automation components is often used to document the processes and procedures that are to be used by a human during the manual interverntion? - Orchestration - Playbook - Runbook - Response
Playbook
Which of the following protocols can TLS use for key exchange? - RSA - KEA - Diffie-Hellman - ECC - IKE
RSA Diffie-Hellman
An attacker is attempting to crack a system's password by matching the password hash to a hash in a large table of hashes he or she has. Which type of attack is the attacker using? - Cracking - Brute force - Rainbow - RIPEMD
Rainbow
Your company security policy states that wireless networks are not to be used because of the potential security risk they present to your network. One day, you find that an employee has connected a wireless access point to the network in his office. Which type of security risk is this? - Man-in-the-middle attack - Physical security - Rogue access point - Phishing - Social engineering
Rogue access point
Which of the following tools can be used to see if a target has any online IoT devices without proper security? - scanless - Shodan - theHarvester - Packet sniffing
Shodan
Which term means a cryptography mechanism that hides secret communications within various forms of data? - Algorithm - Ciphertext - Cryptanalysis - Steganography
Steganography
A VPN is primarily used for which of the following pruposes? - Support secured communications over an untrusted network - Support distribution of public web documents - Allow remote systems to save on long-distance charges - Allow the use of network-attached printers
Support secured communications over an untrusted network
When using SSL auth, what does the client verify first when checking a server's identity? - The certificate must be non-expiring and self-signed by the sysadmin - All DNS resolution must point to the corporate intranet routers - The current date and time must fall within the server's certificate-validity period - Master secrets are verifiable from asymmetric keys
The current date and time must fall within the server's certificate-validity period
Which of the following best defines single loss expectancy (SLE)? - The total monetary loss associated with a single occurrence of a threat - The statistical probablility of a malicious event - The monetary value of a single employee's loss of productivity due to a successful attack - The total cost of all countermeasures associated with protecting against a given vulnerability
The total monetary loss associated with a single occurrence of a threat
Which security mechanism uses a unique list that meets the following specifications: o The list is embedded in the object itself o The list defines which subjects have access to certain objects o The list specifies the level or type of access allowed to certain objects - User ACL - Mandatory access control - Hashing - Conditional access
User ACL
You need to implement a solution to manage multiple access points in your organization. Which of the Following would you most likely use? - WLC - LWAP - SOHO - Bridge
WLC A wireless LAN controller (WLC) is used... to manage multiple access points Small Office Home Office wireless router is for small Lightweight access points are using in conjunction with a wireless controller A wireless bridge connects two wireless networks together
Which of the following are disadvantages of biometrics? (select two) - Biometric factors for identical twins are the same - They can be circumvented using a brute force attack - They require time synchronization - When used alone they are no more secure than a strong password - They have the potential to produce numerous false negatives
When used alone they are no more secure than a strong password They have the potential to produce numerous false negatives
You have been hired to perform a penetration test for an organization. You are given full knowledge of the network before the test begins. Which type of penetration test are you performing? - Bug bounty - White box - Grey box - Black box
White box
This application endpoint-protection rule implicitly denies unless added to the rule. Which of the following processes describes this? - Blacklisting - Content filtering - Quarantining - Whitelisting
Whitelisting
Which networking model is based on peer-to-peer networking? - None - Standalone - Client-server - Workgroup
Workgroup
Which of the following tools can be user to view and modify DNS server information in Linux? - tracert - route - dig - netstat
dig
What is the purpose of audit trails? - To detect security-violating events - To correct system problems - to prevent security breaches - To restore systems to normal operations
to detect security-violating events