Final Exam

Task Manager

A technician notices that an application is not responding to commands and that the computer seems to respond slowly when applications are opened. What is the best administrative tool to force the release of system resources from the unresponsive application? Event Viewer Task Manager Add or Remove Programs System Restore

action on objectives

A threat actor has gained administrative access to a system and achieved the goal of controlling the system for a future DDoS attack by establishing a communication channel with a CnC owned by the threat actor. Which phase in the Cyber Kill Chain model describes the situation? delivery command and control exploitation action on objectives

reporting

According to NIST, which step in the digital forensics process involves preparing and presenting information that resulted from scrutinizing data? collection examination analysis reporting

read

Based on the command output shown, which file permission or permissions have been assigned to the other user group for the data.txt file? ls -l data.txt -rwxrw-r-- sales staff 1028 May 28 15:50 data.txt read, write full access read, write, execute read

authorization

Because of implemented security controls, a user can only access a server with FTP. Which AAA component accomplishes this? accessibility auditing accounting authentication authorization

The iFrame allows the browser to load a web page from another source.

How do cybercriminals make use of a malicious iFrame? The attacker redirects traffic to an incorrect DNS server. The attacker embeds malicious content in business appropriate files. The iFrame allows multiple DNS subdomains to be used. The iFrame allows the browser to load a web page from another source.

The data is open and free to the public. Data is in a format that allows for manipulation.

What are two advantages of using the community VERIS database? (Choose two.) The data is open and free to the public. The data sets are compact for easy download. The database is sponsored and backed by governments. The access fee is minimal. Data is in a format that allows for manipulation.

Normal traffic is correctly ignored and erroneous alerts are not being issued.

What is indicated by a true negative security alert classification? Normal traffic is correctly ignored and erroneous alerts are not being issued. An alert is verified to be an actual security incident. An alert is incorrectly issued and does not indicate an actual security incident. Exploits are not being detected by the security systems that are in place.

The code has not been modified since it left the software publisher. The code is authentic and is actually sourced by the publisher.

What two assurances does digital signing provide about code that is downloaded from the Internet? (Choose two.) The code has not been modified since it left the software publisher. The code was encrypted with both a private and public key. The code contains no viruses. The code is authentic and is actually sourced by the publisher. The code contains no errors.

ps

Which Linux command could be used to discover the process ID (PID) for a specific process before using the kill command? chkrootkit ls ps grep

system logs

Which Windows Event Viewer log includes events regarding the operation of drivers, processes, and hardware? security logs system logs setup logs application logs

Ethernet switch access point

Which two roles are typically performed by a wireless router that is used in a home or small business? (Choose two.) RADIUS authentication server Ethernet switch WLAN controller repeater access point

A virus can be dormant and then activate at a specific time or date. A virus typically requires end-user activation.

Which two statements are characteristics of a virus? (Choose two.) A virus has an enabling vulnerability, a propagation mechanism, and a payload. A virus replicates itself by independently exploiting vulnerabilities in networks. A virus can be dormant and then activate at a specific time or date. A virus typically requires end-user activation. A virus provides the attacker with sensitive data, such as passwords.

memory registers

Which type of data would be considered an example of volatile data? temp files log files web browser cache memory registers

to avoid detection by the target

Why would threat actors prefer to use a zero-day attack in the Cyber Kill Chain weaponization phase? to launch a DoS attack toward the target to avoid detection by the target to gain faster delivery of the attack on the target to get a free malware package

Surveil or deny service from outside the corporate network.

How might DNS be used by a threat actor to create mayhem? Surveil or deny service from outside the corporate network. Collect personal information and encode the data in outgoing DNS queries. Intercept and decrypt network traffic. Change the timestamp on network messages in order to conceal the cyberattack.

DNS

Which protocol translates a website name such as www.cisco.com into a network address? FTP DHCP HTTP DNS

encryption

Which technique is necessary to ensure a private transfer of data using a VPN? encryption scalability authorization virtualization

It can be acquired at no charge.

Why would a network administrator choose Linux as an operating system in the Security Operations Center (SOC)? The administrator has control over specific security functions, but not standard applications. It is easier to use than other server operating systems. It can be acquired at no charge. More network applications are created for this environment.

AES 3DES

A company implements a security policy that ensures that a file sent from the headquarters office to the branch office can only be opened with a predetermined code. This code is changed every day. Which two algorithms can be used to achieve this task? (Choose two.) MD5 HMAC SHA-1 AES 3DES

further investigating security incidents

A network security professional has applied for a Tier 2 position in a SOC. What is a typical job function that would be assigned to a new employee? further investigating security incidents serving as the point of contact for a customer monitoring incoming alerts and verifying that a true security incident has occurred hunting for potential security threats and implementing threat detection tools

human attack surface

As described by the SANS Institute, which attack surface includes the use of social engineering? software attack surface Internet attack surface network attack surface human attack surface

It is used to determine the default gateway of the router that has the ACL applied.

How is a source IP address used in a standard ACL? It is used to determine the default gateway of the router that has the ACL applied. It is the address to be used by a router to determine the best path to forward packets. It is the address that is unknown, so the ACL must be placed on the interface closest to the source address. It is the criterion that is used to filter traffic.

The Windows firewall is blocking the ping.

In a networking class, the instructor tells the students to ping the other computers in the classroom from the command prompt. Why do all pings in the class fail? A virus is on the classroom computers. The computers are on different networks. Port 25 is blocked and preventing the echo request from being transmitted. The Windows firewall is blocking the ping.

A network administrator connects to a Cisco router with SSH.

In which situation is an asymmetric key algorithm used? A network administrator connects to a Cisco router with SSH. An office manager encrypts confidential files before saving them to a removable device. User data is transmitted across the network after a VPN is established. Two Cisco routers authenticate each other with CHAP.

directing packets towards the destination network meeting the reliability requirements of applications, if any multiplexing multiple communication streams from many users or applications on the same network

What are three responsibilities of the transport layer? (Choose three.) formatting data into a compatible form for receipt by the destination devices multiplexing multiple communication streams from many users or applications on the same network directing packets towards the destination network identifying the applications and services on the client and server that should handle transmitted data meeting the reliability requirements of applications, if any conducting error detection of the contents in frames

NTFS supports larger partitions. NTFS provides more security features.

What are two advantages of the NTFS file system compared with FAT32? (Choose two.) NTFS supports larger partitions. NTFS allows the automatic detection of bad sectors. NTFS provides more security features. NTFS allows faster access to external peripherals such as a USB drive. NTFS allows faster formatting of drives. NTFS is easier to configure.

rootkit pivot

What are two evasion techniques that are used by hackers? (Choose two.) Trojan horse phishing rootkit reconnaissance pivot

financial gain

What commonly motivates cybercriminals to attack networks as compared to hactivists or state-sponsored hackers? fame seeking status among peers financial gain political reasons

Symmetric encryption algorithms use pre-shared keys. Asymmetric encryption algorithms use different keys to encrypt and decrypt data.

What is a difference between symmetric and asymmetric encryption algorithms? Symmetric encryption algorithms are used to encrypt data. Asymmetric encryption algorithms are used to decrypt data. Symmetric algorithms are typically hundreds to thousands of times slower than asymmetric algorithms. Symmetric encryption algorithms are used to authenticate secure communications. Asymmetric encryption algorithms are used to repudiate messages. Symmetric encryption algorithms use pre-shared keys. Asymmetric encryption algorithms use different keys to encrypt and decrypt data.

provides a message format for communication between network device managers and agents

What is a function of SNMP? provides statistical analysis on packets flowing through a Cisco router or multilayer switch captures packets entering and exiting the network interface card synchronizes the time across all devices on the network provides a message format for communication between network device managers and agents

a passive device that forwards all traffic and physical layer errors to an analysis device

What is a network tap? a feature supported on Cisco switches that enables the switch to copy frames and forward them to an analysis device a technology used to provide real-time reporting and long-term analysis of security events a Cisco technology that provides statistics on packets flowing through a router or multilayer switch a passive device that forwards all traffic and physical layer errors to an analysis device

Apply disciplinary measures if an incident is caused by an employee.

What is the responsibility of the human resources department when handling a security incident? Apply disciplinary measures if an incident is caused by an employee. Coordinate the incident response with other stakeholders and minimize the damage of the incident. Review the incident policies, plans, and procedures for local or federal guideline violations. Perform actions to minimize the effectiveness of the attack and preserve evidence.

The devices introduce processing delays and privacy issues.

What is the result of using security devices that include HTTPS decryption and inspection services? The devices introduce processing delays and privacy issues. The devices require continuous monitoring and fine tuning. Monthly service contracts with reputable web filtering sites can be costly. The devices must have preconfigured usernames and passwords for all users.

firewall

Which device in a layered defense-in-depth approach denies connections initiated from untrusted networks to internal networks, but allows internal users within an organization to connect to untrusted networks? firewall internal router IPS access layer switch

use SSH and disable the root account access over SSH

Which method can be used to harden a device? maintain use of the same passwords allow default services to remain enabled use SSH and disable the root account access over SSH allow USB auto-detection

Exploitability

Which metric class in the CVSS Basic Metric Group identifies the impacts on confidentiality, integrity, and availability? Exploitability Impact Exploit Code Maturity Modified Base

The internal emails related to the handling of an environmental disaster by a petroleum company appear on multiple websites.

Which scenario is probably the result of activities by a group of hacktivists? The central database of student grades is accessed and a few grades are modified illegally. The major power grid in a country is experiencing frequent attacks from another country. The sales record files of recent years in a large company suddenly cannot be opened and an offer comes forward promising that the data could be restored for a hefty fee. The internal emails related to the handling of an environmental disaster by a petroleum company appear on multiple websites.

It compares the operations of a host against well-defined security rules.

Which statement describes the policy-based intrusion detection approach? It compares the signatures of incoming traffic to a known intrusion database. It compares the antimalware definitions to a central repository for the latest updates. It compares the behaviors of a host to an established baseline to identify potential intrusion. It compares the operations of a host against well-defined security rules.

The TACACS+ protocol allows for separation of authentication from authorization.

Which statement identifies an important difference between the TACACS+ and RADIUS protocols? The TACACS+ protocol allows for separation of authentication from authorization. The RADIUS protocol encrypts the entire packet transmission. TACACS+ provides extensive accounting capabilities when compared to RADIUS. RADIUS can cause delays by establishing a new TCP session for each authorization request.

cloud computing

Which technology might increase the security challenge to the implementation of IoT in an enterprise environment? data storage CPU processing speed network bandwidth cloud computing

people processes technologies

Which three are major categories of elements in a security operations center? (Choose three.) people data center Internet connection database engine processes technologies

vulnerability tracking security monitoring intrusion prevention

Which three technologies should be included in a security information and event management system in a SOC? (Choose three.) firewall appliance intrusion prevention vulnerability tracking threat intelligence security monitoring VPN connection

is self-replicating travels to new computers without any intervention or knowledge of the user

Which two characteristics describe a worm? (Choose two.) infects computers by attaching to software code hides in a dormant state until needed by an attacker executes when software is run on a computer is self-replicating travels to new computers without any intervention or knowledge of the user

net share net use

Which two net commands are associated with network resource sharing? (Choose two.) net accounts net share net start net use net stop

usage-based network billing network monitoring

Which two services are provided by the NetFlow tool? (Choose two.) log analysis QoS configuration access list monitoring usage-based network billing network monitoring

Trust exploitation attacks often involve the use of a laptop to act as a rogue access point to capture and copy all network traffic in a public location, such as a wireless hotspot. Password attacks can be implemented by the use of brute-force attack methods, Trojan horses, or packet sniffers.

Which two statements describe access attacks? (Choose two.) Trust exploitation attacks often involve the use of a laptop to act as a rogue access point to capture and copy all network traffic in a public location, such as a wireless hotspot. To detect listening services, port scanning attacks scan a range of TCP or UDP port numbers on a host. Buffer overflow attacks write data beyond the allocated buffer memory to overwrite valid data or to exploit systems to execute malicious code. Password attacks can be implemented by the use of brute-force attack methods, Trojan horses, or packet sniffers. Port redirection attacks use a network adapter card in promiscuous mode to capture all network packets that are sent across a LAN.

Trojan horse

Which type of security threat would be responsible if a spreadsheet add-on disables the local software firewall? brute-force attack Trojan horse DoS buffer overflow

Most data traffic is encrypted using asymmetrical algorithms.

Why is Diffie-Hellman algorithm typically avoided for encrypting data? The large numbers used by DH make it too slow for bulk data transfers. DH requires a shared key which is easily exchanged between sender and receiver. DH runs too quickly to be implemented with a high level of security. Most data traffic is encrypted using asymmetrical algorithms.