Final for Tech

Samira is installing a new clean agent fire suppression system in the server room. Which of the following is not one of the methods that her system will use? A. Reducing heat B. Removing or isolating oxygen C. Inhibiting the chemical reaction D. Dispersing water

D. Dispersing water

William sends you a text message to ask if you sent him an email message today identical to one you sent yesterday. You respond that you did not send the email message and ask him to disregard it. Which type of attack has most likely happened? A. Replay attack B. Man-in-the-browser C. ARP poisoning D. DNS poisoning

A. Replay attack

Lisa notices that all the loT security cameras in the building report that they cannot access the cloud-based storage backup where footage is normally stored. The cloud storage capacity is not full. Which of the following is most likely happening? A. DoS attack B. DDoS attack C. DNS hijacking D. ARP poisoning

B. DDoS attack

Tyler is concerned about installing macros to perform tasks in Microsoft Excel. Which of the following is not on of the Microsoft protections that you can tell Tyler about? A. Protected view B. PowerShell C. Trusted documents D. Trusted location

B. PowerShell

A BIA can be a foundation for which of the following? a. Functional recovery plan b. Site risk assessment c. Contingency reaction plan d. Resumption assessment plan

a. A BIA can be the foundation for a functional recovery plan that addresses the steps to be taken to restore those processes if necessary.

Which of the following can a UPS NOT perform? a. Prevent certain applications from launching that will consume too much power b. Disconnect users and shut down the server c. Prevent any new users from logging on d. Notify all users that they must finish their work immediately and log off

a. A UPS cannot prevent specific applications from launching to limit power consumption.

Cheryl has been asked to set up a user account explicitly to provide a security context for services running on a server. What type of account will she create? a. Generic account b. Service account c. User account d. Privilege account

b. A service account is a user account that is created explicitly to provide a security context for services running on a server

Willa wants to use a stronger password and asks you for help in determining what she should use. Which of the following would be considered the strongest password? a. Puppy b. OnceUpon@MidnightDreary c. asdfghjklqwertyopzxcv d. Puppy!12345

b. OnceUpon@MidnightDreary

Which of the following control categories includes conducting workshops to help users resist phishing attacks? a. Managerial b. Operational c. Technical d. Administrative

b. Operational controls may include conducting workshops.

Katie signs in with her Google account and has access to her email, calendar, messages, and many other services. What is this an example of? a. OAuth b. Proprietary single sign-on c. Open ID d. Shibboleth

b. Proprietary single sign-on

Which of these is NOT an incident response process step? a. Recovery b. Reporting c. Eradication d. Lessons learned

b. Reporting is not a separate step in the process.

Which of the following is NOT an element that should be part of a BCP? a. High availability b. Robustness c. Diversity d. Scalability

b. Robustness is not part of a BCP.

Which of the following is a packet sampling protocol that gives a statistical sample instead of the actual flow of packets? a. NetFlow b. sFlow c. IPFIX d. journalct

b. sFlow is a packet sampling protocol that gives a statistical sampling instead of the actual flow of packets.

Which of the following is not a legally enforceable agreement but is still more formal than an unwritten agreement? a. BPA b. SLA c. MOU d. MSA

c. A memorandum of understanding (MOU) describes an agreement between two or more parties. It demonstrates a "convergence of will" between the parties so that they can work together. An MOU generally is not a legally enforceable agreement but is more formal than an unwritten agreement.

Which of the following is the most fragile and should be captured first in a forensics investigation? a. ARP cache b. Kernel statistics c. CPU cache d. RAM

c. CPU cache and registers are the most fragile.

Beatrix plans to implement an authentication server at an organization. The server needs to authenticate network devices and send communications in an encrypted manner. Which of the following would you recommend? a. RADIUS b. EAP c. TACACS+ d. Kerberos

c. TACACS+

Dallas wants to implement biometric scanners as part of the authentication process for employees in the organization. Which of the following is not a disadvantage of implementing them? a. Cost b. Efficacy rate c. The false acceptance rate is always high d. Biometric scanners can be tricked

c. The false acceptance rate is always high

Which of the following is NOT a threat classification category? a. Compliance b. Financial c. Tactical d. Strategic

c. This is fictitious and does not exist

Which access control scheme is the most restrictive? a. Role-Based Access Control b. DAC c. Rule-Based Access Control d. MAC

d. The opposite of DAC is the most restrictive access control scheme, Mandatory Access Control (MAC). MAC assigns users' access controls strictly according to the custodian's desires. This is considered the most restrictive access control scheme because the user has no freedom to set any controls or distribute access to other subjects.

What is the amount of time added to or subtracted from Coordinated Universal Time to determine local time? a. Greenwich Mean Time (GMT) b. Civil time c. Daylight savings time d. Time offset

d. The time offset is the amount of time added to or subtracted from Coordinated Universal Time (UTC) to arrive at the current "actual" (called civil) time, which may be affected by daylight savings time and different regional time zones.

Joan is working in Linux. She wants to display the last 10 lines of a log file. Which command would you recommend that she use? A. Tail B. Head C. Cat D. Grep

A. Tail

You have installed Wireshark on a physical computer at your organization. However, you notice that you are receiving limited packets in you captures. Which of the following is the most likely reason? A. You have installed Wireshark on a PC that is not connected to the network at all. B. You have installed Wireshark, but the PC is connected to a switch, so you are only seeing packets that are sent or received by that individual PC. C. You have installed Wireshark, but the PC is connected to a hub, so you are only seeing packets that a5re sent or received by that individual PC. D. You have installed Wireshark, but the PC Is connected to a hub, so you are seeing all packets connected to all computers on the hub.

B. You have installed Wireshark, but the PC is connected to a switch, so you are only seeing packets that are sent or received by that individual PC.

Donald would like to secure his laptop so that it becomes much more difficult to steal. However, he wants to use the laptop while it is secured. Which of the following would you recommend to him? A. Safe B. Vault C. Cable lock D. Mantrap

C. Cable lock

Pablo is interested in network tools that allow him to learn more about a network and its connected devices. He wants to know only about tools that work on Windows computers. Which of the following would not be a tool that you would suggest to him? A. ping B. ipconfig C. curl D. tracert

C. curl

Kimberly is interested in replacing the physical locks on the doors to the server room. Which of the following would be the best option to recommend to her? A. Classroom commercial door lock B. Communicating double cylinder door lock C. Electronic lock with keypad D. Electronic screen lock with randomized number placement

D. Electronic screen lock with randomized number placement

Chen has noticed that her browser, Microsoft Edge, is redirecting her to a different website when she tries to navigate to the company's internal site by name. She has asked around, and no one else has this problem. What should she check first? A. She should open the /etc/ directory and look at the config file. B. She should open the C:\Windows\System32\drivers\etc directory and look at the lmhosts.sam file. C. she should open the /etc/ directory and look at the hosts file. D. she should open the C:\Windows\System32\dirvers\etc directory and look at the host file.

D. she should open the C:\Windows\System32\dirvers\etc directory and look at the host file.

Raul has been asked to serve as the individual to whom day-to-day actions have been assigned by the owner. What role is Raul taking? a. Data custodian/steward b. Data privacy officer c. Data controller d. Data processor

a. A data custodian/steward is an individual to whom day-to-day actions have been assigned by the owner.

Simona needs to research a control that attempts to discourage security violations before they occur. Which control will she research? a. Deterrent control b. Preventive control c. Detective control d. Corrective control

a. A deterrent control attempts to discourage security violations before they occur.

Blaise needs to create a document that is a linear-style checklist of required manual steps and actions needed to successfully respond to a specific type of incident. What does she need to create? a. Playbook b. Runbook c. SIEM-book d. ARC Codebook

a. A playbook is a linear-style checklist of required steps and actions needed to successfully respond to specific incident types and threats. These playbooks give a top-down step-by-step approach to incident response by establishing formalized incident response processes and procedures. A playbook can help ensure that required steps are systematically followed, particularly when it is necessary to comply with regulatory frameworks.

Enzo is reviewing the financial statements and has discovered a serious misstatement. What type of risk has he found? a. Control risk b. Financial risk c. Reporting risk d. Monetary risk

a. A specific type of risk is a control risk or the probability that financial statements are materially misstated because of failures in the system of controls used by an organization. When there are significant control failures, a business's financial statements may reveal a profit when there is actually a loss.

Jayana wants to make an account more secure by implementing two-factor authentication. Which of the following is considered two-factor authentication? a. An RFID card and password b. A password and a PIN c. A retina scan and a fingerprint d. An RFID card and a finger print

a. An RFID card and password

Which of these is a set of permissions that is attached to an object? a. ACL b. SRE c. Object modifier d. Entity attribute (EnATT)

a. An access control list (ACL) is a set of permissions that is attached to an object. This list specifies which subjects are allowed to access the object and what operations they can perform on it. When a subject requests permission to perform an operation on an object, the system checks the ACL for an approved entry in order to decide if the operation is allowed.

Which of the following threats would be classified as the actions of a hactivist? a. External threat b. Internal threat c. Environmental threat d. Compliance threat

a. An external risk is from the outside (like the actions of a hactivist).

What does an incremental backup do? a. Copies all files changed since the last full or incremental backup b. Copies only user-selected files c. Copies all files d. Copies all files since the last full backup

a. An incremental backup copies all files changed since the last full or incremental backup

Which type of access control scheme uses predefined rules that makes it the most flexible scheme? a. ABAC b. DAC c. MAC d. NAC

a. Attribute-Based Access Control (ABAC) uses more flexible policies that can combine attributes. These policies can take advantage of many different types of attributes, such as object attributes, subject attributes, and environment attributes. ABAC rules can be formatted using an If-Then-Else structure, so that a policy can be created such as "If this subject has the role of manager, then grant access; else deny access."

Kan receives a notification that his account was locked out after too man incorrect tries. He was not trying to log in himself. Which of the following is most likely happening? a. Brute force attack b. Dictionary attack c. Multifactor authentication d. Skimming

a. Brute force attack

In which of the following threat classifications would a power blackout be classified? a. Operational b. Managerial c. Technical d. Strategic

a. Operational threats are events that impact the daily business of the organization

Which commercial data classification level would be applied to a data set of the number of current employees at an organization and would only cause a small amount of harm if disclosed? a. Public b. Open c. Private d. Confidential

a. Public data is the least sensitive and would only cause limited harm if disclosed.

What is a definition of RPO? a. The maximum length of time that can be tolerated between backups b. Length of time it will take to recover data that has been backed up c. The frequency that data should be backed up d. How a backup utility reads an archive bit

a. Recovery point objective (RPO) is the maximum length of time that an organization can tolerate between backups. Simply put, RPO is the "age" of the data that an organization wants the ability to restore in the event of a disaster

Ella wants to research an attack framework that incorporates adversary, infrastructure, capability, and victim. Which of the following would she choose? a. Diamond Model of Intrusion Analysis b. Cyber Kill Chain c. Mitre ATT&CK d. Basic-Advanced Incident (BAI) Framework

a. The Diamond Model of Intrusion Analysis is a framework for examining network intrusion events. This framework derives its name and shape from the four core interconnected elements that comprise any event: adversary, infrastructure, capability, and victim. Analyzing security incidents involves piecing together the Diamond using information collected about these four facets to understand the threat in its full context.

Thea has received a security alert that someone in London attempted to access the email account of Sigrid, who had accessed it in Los Angeles one hour before. What feature determined an issue and send this alert to Thea? a. Impossible Travel b. Incompatible Location c. Remote IP address d. Risky IP address

a. The Microsoft Cloud App Security feature Impossible Travel can deny a second login and generate a security alert because it is not possible for someone to travel a long distance within a short time between two login attempts.

What is the average amount of time that it will take a device to recover from a failure that is not a terminal failure? a. MTTR b. RTO c. RPO d. MTBF

a. The goal of redundancy is to reduce a variable known as the mean time to recovery (MTTR). Some systems are designed to have a MTTR of zero, which means they have redundant components that can take over the instant the primary component fails.

Which of the following is NOT used to identify or enforce what mobile devices can do based on the location of the device? a. Geo-spatial b. Geolocation c. Geo-tagging d. Geofencing

a. This is fictitious and does not exist.

Linnea is researching a type of storage that uses a single storage device to serve files over a network and is relatively inexpensive. What type of storage is Linnea researching? a. SAN b. NAS c. RAID d. ARI

b. A network-attached storage (NAS) is a single storage device that serves files over the network and is relatively inexpensive.

Which of the following is a document that outlines specific requirements or rules that must be met? a. Guideline b. Policy c. Framework d. Specification

b. A policy is a document that outlines specific requirements or rules that must be met.

Which of the following should be performed in advance of an incident? a. Containment b. Segmentation c. Isolation d. Capture

b. A secure network design takes advantage of network segmentation based upon the principle of zero trust, which is a strategic initiative about secure network design and has been performed in advance of an attack.

Which of the following is NOT part of the AAA framework? a. Authentication b. Access c. Authorization d. Accounting

b. Access is not part of the AAA framework.

Which of the following uses data anonymization? a. Tokenization b. Data masking c. Data minimization d. Data obfuscation sanitization (DOS)

b. Data masking involves creating a copy of the original data but obfuscating (making unintelligible) any sensitive elements such as a user's name or Social Security number. Data masking should replace all actual information that is not absolutely required. Because data masking involves replacing data elements, it is also called data anonymization: there is not a means to reverse the process to restore the data back to its original state.

Which of the following approaches to risk calculation typically assigns a numeric value (1-10) or label (High, Medium, or Low) to represent a risk? a. Quantitative risk calculation b. Qualitative risk calculation c. Rule-based risk calculation d. Policy-based risk calculation

b. Qualitative risk assessment uses an "educated guess" based on observation. For example, if it is observed that the customer database contains important information, it would be assigned a high asset value. Also, if it is observed that this database has been frequently the target of attacks, it would be assigned a high-risk value as well.

Giovanni is completing a report on risks. To which risk option would he classify the action that the organization has decided not to construct a new a data center because it would be located in an earthquake zone? a. Transference b. Avoidance c. Rejection d. Prevention

b. Risk avoidance involves identifying the risk but making the decision to not engage in the activity. An organization may decide that after an analysis, building a new plant in another location is not feasible.

Ramesh is concerned with protecting the password digests on a device. Which of the following would you recommend to him? a. Password vaults b. Salts c. Password Keys d. Hardware modules

b. Salts

Emiliano needs to determine the expected monetary loss every time a risk occurs. Which formula will he use? a. AV b. SLE c. ARO d. ALE

b. The Single Loss Expectancy (SLE) is the expected monetary loss every time a risk occurs. The SLE is computed by multiplying the Asset Value (AV) by the Exposure Factor (EF), which is the proportion of an asset's value that is likely to be destroyed by a particular risk (expressed as a percentage).

Which of these is NOT a factor in determining restoration order? a. Dependencies b. Speed of implementation c. Process of fundamental importance d. Alternative business practices

b. This is fictitious and does not exist.

What is a platform used to provide telephony, video, and web conferences that can serve as an entry point to a threat actor? a. SIP b. VoIP c. Call manager d. IP voice

c. A call manager is a platform used to provide telephony, video, and web conferences.

Which type of site is essentially a duplicate of the production site and has all the equipment needed for an organization to continue running? a. Cold site b. Warm site c. Hot site d. Replicated site

c. A hot site is generally run by a commercial disaster recovery service that allows a business to continue computer and network operations to maintain business continuity. A hot site is essentially a duplicate of the production site and has all the equipment needed for an organization to continue running, including office space and furniture, telephone jacks, computer equipment, and a live telecommunications link.

What is a list of potential threats and associated risks? a. Risk assessment b. Risk matrix c. Risk register d. Risk portfolio

c. A risk register is a list of potential threats and associated risks. Often shown as a table, a risk register can help provide a clear snapshot of vulnerabilities and risks.

Which of the following is NOT true about RAID? a. It can be implemented in hardware or software. b. Nested levels can combine other RAID levels. c. It is designed primarily to backup data. d. The most common levels of RAID are Level 0, 1, 5, 6, and 10

c. Although all levels of RAID except Level 0 can offer protection from a single drive failure, RAID is not intended to replace data backups but only to provide increased reliability and performance.

Angelo has received notification that a business partner will no longer sell or update a specific product. What type of notification is this? a. EOA b. EOP c. EOL d. EOS

c. End of life (EOL) is a term used by a manufacturer to indicate that a product has reached the end of its "useful life" and the manufacturer will no longer market, sell, or update it after a specified date. The manufacturer may still offer maintenance options but at a premium price.

Which of the following is NOT true about data sovereignty? a. Data sovereignty is a concept that until recently was less of an issue. b. Generally, data is subject to the laws of the country in which it is collected or processed. c. Governments cannot force companies to store data within specific countries. d. Regulations are not necessarily on where an organization is headquartered.

c. Governments can force companies to store data within specific countries.

Sergio has been asked to make a set of data that was once restricted now available to any users. What data type will Sergio apply to this set of data? a. Open b. Unrestricted c. Public d. Available

c. Public has no risk associated with its release.

Which of the following is typically a monthly discussion of a scenario conducted in an informal and stress-free environment to evaluate an incident response plan? a. Walkthrough b. Simulation c. Tabletop d. Incident Response Plan Evaluation (IRP-E)

c. Tabletop is a discussion of a scenario in an information environment.

Which statement about Rule-Based Access Control is true? a. It requires that a custodian set all rules. b. It is no longer considered secure. c. It dynamically assigns roles to subjects based on rules. d. It is considered a real-world approach by linking a user's job function with security.

c. The Rule-Based Access Control scheme, also called the Rule-Based Role-Based Access Control (RB-RBAC) scheme or automated provisioning, can dynamically assign roles to subjects based on a set of rules defined by a custodian (called conditional access). Each resource object contains a set of access properties based on the rules. When a user attempts to access that resource, the system checks the rules contained in that object to determine if the access is permissible.

Which of the following is NOT a concern for users regarding the usage of their privacy data? a. Associations with groups b. Individual inconveniences and identity theft c. Timeliness of data d. Statistical inferences

c. This is fictitious and does not exist.

Which of the following is NOT a consequence to an organization that has suffered a data security breach? a. Reputation damage b. IP theft c. De-escalation of reporting requirements d. Monetary fine

c. This is fictitious and does not exist.

Which of these is NOT a response to risk? a. Mitigation b. Transference c. Resistance d. Avoidance

c. This is fictitious and does not exist.

Mary Alice has been asked to help develop an outline of procedures to be followed in the event of a major IT incident or an incident that directly impacts IT. What type of planning is this? a. Business impact analysis planning b. IT contingency planning c. Disaster recovery planning d. Risk IT planning

c. Whereas a BCP looks at the needs of the business as a whole in recovering from a catastrophe, a subset of it focuses on continuity in the context of IT. This is called a disaster recovery plan (DRP), which is involved with restoring IT functions and services.

Margaux is reviewing the corporate policy that stipulates the processes to be followed for implementing system changes. Which policy is she reviewing? a. Change management policy b. Change format policy c. Change modification policy d. Change control policy

d. A change control policy stipulates the processes to be followed for implementing system changes. It involves communicating the changes to relevant stakeholders and reviewing the processes for validating a change.

What can be used to provide both filesystem security and database security? a. RBASEs b. LDAPs c. CHAPs d. ACLs

d. ACLs provide filesystem permissions for protecting files managed by the OS. ACLs have also been ported to SQL and relational database systems so that ACLs can provide database security as well.

Bob needs to create an agreement between his company and a third-party organization that demonstrates a "convergence of will" between the parties so that they can work together. Which type of agreement will Bob use? a. SLA b. BPA c. ISA d. MOU

d. An MOU is a document that describes an agreement between two or more parties.

What device is always running off its battery while the main power runs the battery charger? a. Secure UPS b. Backup UPS c. Offline UPS d. Online UPS

d. An online UPS is always running off its battery while the main power runs the battery charger. An advantage of an online UPS is that it is not affected by dips or sags in voltage. An online UPS can clean the electrical power before it reaches the server to ensure that a correct and constant level of power is delivered to the server. The online UPS also can serve as a surge protector, which keeps intense spikes of electrical current—common during thunderstorms—from reaching systems.

Which of the following data types has the highest level of data sensitivity? a. Private b. Secure c. Sensitive d. Confidential

d. Confidential is the highest level.

Which of the following is a federal initiative that is designed to encourage organizations to address how critical operations will continue under a broad range of negative circumstances? a. DPPR b. BIA c. MTBF d. COOP

d. Continuity of operation planning (COOP) is a federal initiative that is intended to encourage organizations (and departments with an organization) to address how critical operations will continue under a broad range of negative circumstances. A COOP plan addresses emergencies from an "all-hazards approach" instead of focusing more narrowly on a specific event.

Ciara tries to log in to an account with her fingerprint, but the system says it is incorrect. What is this an example of? a. False positive b. True positive c. True negative d. False negative

d. False negative

Which of the following is a Linux utility that displays the contents of system memory? a. Autopsy b. WinHex c. dd d. memdump

d. Memdump is a Linux utility that "dumps" system memory

Molly needs to access a setting in Microsoft Windows Group Policy to change the type of a network to which a computer is attached. Which setting must Molly change? a. Wi-Fi/Wired Network Policy b. Network Config c. Network Type d. Network Location

d. Network Location can indicate the type of network to which a device is attached.

Which of the following will a BIA NOT help determine? a. Mission-essential functions b. Identification of critical systems c. Single point of failure d. Percentage availability of systems

d. This is fictitious and does not exist.

Jaxsen has a key fob that changes the token displayed every 30 seconds. What kind of password is this? a. HMAC-based one-time password b. Smartphone authentication app c. Smart card d. Time-based one-time password

d. Time-based one-time password

Which of the following is NOT a problem associated with log management? a. Multiple devices generating logs b. Large volume of log data c. Different log formats d. Time-stamped log data

d. Time-stamped log data is not a problem but is an advantage of logs

John wants to increase his password strength and asks you for advice. Which of the following is not a recommendation that you should give him? a. Longer passwords are more secure b. Don't use the same password for multiple accounts c. Change your password as soon as possible after a known breach d. Use a common password

d. Use a common password

Which tool is an open source utility for UNIX devices that includes content filtering? a. syslog b. nxlog c. rsyslog d. syslog-ng

d. syslog-ng is an open source utility for UNIX devices that includes content filtering.