Final Review
• A(n) ____ is an event that prevents a critical business function (CBF) from operating for a period greater than the maximum tolerable downtime (MTD).
◦ Disaster
• Which document would be the most important for the people assigned to bring a data center back to production for normal business operations after a natural disaster?
◦ Disaster Recovery Plan
• Lin is conducting an audit of an identity management system. Which question is not likely to be in the scope of her audit?
◦ Does the firewall properly block unsolicited network connection attempts?
• In the Windows Group Policy Management Console, a forest is a collection of ____.
◦ Domains
• Which term describes the process that requires an organization to preserve and not alter evidence that may be used in court? This process can help ensure that normal data-handling procedures do not contaminate or even delete data that may be needed for a case.
◦ E-discovery
• How do multiple clients access the same folder on an NFS server?
◦ Each NFS client has access to the same copy of the files on the NFS server
• What type of security monitoring tool would be most likely to identify an unauthorized change to a computer system?
◦ System Integrity Monitoring
• Susan is a digital forensic examiner. She is investigating a case in which a driver has been accused of vehicular homicide. She has the driver's mobile device and cellular records. What type of mobile device evidence is most likely to reveal whether the driver was actively using a mobile device when the incident occurred?
◦ Texting
• How does the autopsy timeline view of events help an analyst?
◦ The timeline can help establish a sequence of events among different sources of data
• What is the purpose of a suppression list in Snort?
◦ To surpress alerts from specific rules in a ruleset
• True or False? A salt value is a set of random characters you can combine with an input key to create an encryption key.
◦ True
• Which of the following is least likely to be needed when rebuilding systems that were damaged during a disaster?
◦ Ensuring there are adequate operating licenses
• Biyu is a network administrator. She is developing the compliance aspect of her company's security policy. Currently, she is focused on the records of actions that the organization's operating system or application software creates. What aspect of compliance is Biyu focusing on?
◦ Event Logs
• True or False? During an IT audit, security controls are checked to ensure they are effective, reliable, and functioning as required and expected.
◦ True
• True or False? Elliptic curve cryptography (ECC) relies on algebraic structures of elliptic curves over finite fields.
◦ True
• True or False? Even if a mobile device is deemed not to be a direct part of a crime or incident, its ability to record the environment of an attacker during the incident could be material.
◦ True
• True or False? Examples of major disruptions include extreme weather, application failure, and criminal activity.
◦ True
• True or False? Fault-tolerance options are not replacements for data backups.
◦ True
• True or False? Forensic labs may use both open source and commercial software for digital analysis.
◦ True
• True or False? Generally, once evidence becomes inadmissible, it cannot be fixed.
◦ True
• True or False? ISO 27002 is a best-practices document that gives guidelines for information security management.
◦ True
• True or False? In an incremental backup, you start with a full backup when network traffic is light Then, each night, you back up only that day's changes.
◦ True
• True or False? In cryptography, a keyspace is the number of possible keys to a cipher.
◦ True
• True or False? Patching computers and devices with the latest security fixes makes them more resistant to many types of attacks.
◦ True
• True or False? Policies that cover data management should cover transitions throughout the data's life cycle.
◦ True
• True or False? Procedures help enforce the intent of a policy.
◦ True
• Asymmetric cryptography provides ___ of the ___.
◦ Authentication ; Sender
• Symmetric cryptography provides ___ and ___.
◦ Confidentiality ; Integrity
• True or False? A private key cipher is also called an asymmetric key cipher.
◦ False
• You have been given logs for a system that was identified as having unusual network activity. After analyzing the logs, you determined that there were many failed login attempts by multiple usernames, most of which were invalid accounts. There were no log entries for successful logins from external addresses, and the system integrity logs indicate that no files were tampered with. Which incident type best describes this situation?
• Reconnaissance
• Which Linux log file would be most useful for identifying failed login attempts?
◦ /var/log/secure
• Susan performs a full backup of her server every Sunday at 1:00 a.m. and differential backups on Monday through Fridays at 1:00 a.m. Her server fails at 9:00 a.m on Wednesday. How many backups does Susan need to restore?
◦ 2
• Which of the following pieces of information from a PCAP file obtained on a company's LAN would be a strong indication that data was being set to an outside agent?
◦ A destination IP address outside the company's address range
• Mark is considering outsourcing security functions to a third-party service provider. What benefit is he most likely to achieve?
◦ Access to a higher level of expertise
• Which service needs to be offline before a Windows server can be restored?
◦ Active Directory
• Janette is the director of her company's network infrastructure group She is explaining to the business owners the advantages and disadvantages of outsourcing network security. One consideration she presents is the question of who would be responsible for the data, media, and infrastructure. What consideration is she describing?
◦ Adherence
• Alice would like to send a message to Bob using a digital signature. What cryptographic key does Alice use to create the digital signature?
◦ Alice's private key
• Bob received a message from Alice that contains a digital signature. What cryptographic key does Bob use to verify the digital signature?
◦ Alice's public key
• Hajar is responsible for keeping her banking institution's servers operating 24/7/365. Her recovery strategy is to have fully redundant or duplicate operations and synchronized data and to operate the site continuously. Which strategy has she selected?
◦ Alternate processing center or mirrored site
• What is not a privacy principle created by the Oranisation for Economic Co-operation and Development (OECD)?
◦ An organization should share its information
• Takako is a security engineer for her company's IT department. She has been tasked with developing a security monitoring system for the company's infrastructure to determine when any network activity occurs outside the norm. What essential technique does she start with?
◦ Baselines
• Tonya would like to protect her users and the network when users browse to known dangerous sites. She plans to maintain a list of those sites and drop messages from those websites. What type of approach is Tonya advocating?
◦ Blacklisting
• Hacking groups create ___ to launch attacks whereby they infect vulnerable machines with agents that perform various function sat the command of the controller.
◦ Botnets
• Which document provides information about the estimated risks and the effects of those risks on the ability of an organization to continue doing business when key processes or technology become unavailable?
◦ Business Impact Analysis
• Implementing ___ administration of Windows Defender through Active Directory allows administrators to make a change in antivirus policy once and deploy it to all computers in the domain.
◦ Central
• How can the percentage of requests handled by a back-end server adjusted in the HAProxy load balancer?
◦ Changing the weight of the server in the back-end server pool
• Which cryptographic attack is relevant in only asymmetric key systems and hash functions?
◦ Chosen Ciphertext
• Oscar is a digital forensic specialist. He has been given a suspect hard disk that has been physically damaged. He wants to try to recover data. What is the first step he should take?
◦ Cisco Certified Network Associate (CCNA)
• Rylie is a newly hired cybersecurity expert for a government agency. Rylie used to work in the private sector. She has discovered that, whereas private sector companies often had confusing hierarchies for data classification, the government's classifications are well known and standardized. As part of her training, she is researching data that requires special authorization beyond normal classification. What is this type of data called?
◦ Compartmentalized
• A Microsoft-issued Windows Security Baseline is a group of recommended secure ____ settings that can be imported directly into the Microsoft Group Policy Management Console and edited to meet an organization's needs.
◦ Configuration
• What does the Tripwire site passphrase protect?
◦ Configuration and Policy Files
• Which principle of effective digital forensic investigations helps to ensure data in memory is not lost?
◦ Consider Data Volatility
• Which of the following should you avoid during a disaster and recovery?
◦ Continue normal processes, such as separation of duties or spending limits
• Donnelly is an IT specialist. He is in charge of the server and network appliances inventory. The infrastructure roadmap calls for a network systems reconfiguration in the next six months. Adina, the security expert, asks Donnelly to prepare a standardized list of all current and proposed equipment and then to present it to her in a hardware configuration chart. What does Adina tell Donnelly that the chart should include?
◦ Copies of all software configurations for routers and switches.
• Your incident response team has followed the response plan and isolated all the machines involved in a network breach. The initial analysis was completed based on network activity logs, and a report about the incident was created. Following the initial report, your team has had time to properly image all the drives and perform a more detailed analysis. You are given the task of creating a report to update the situation. What is the best approach?
◦ Create an update-only report similar to the original report; provide detailed information on new or changed conclusions. Identify unchanged conclusions.
• The malicious insertion of code to extract data or modify a website's code, application, or content is known as a ___ attack.
◦ Cross-Site Scripting
• Larry recently viewed an auction listing on a website. As a result, his computer executed code that popped up a window that asked for his password. What type of attack has Larry likely encountered?
◦ Cross-site Scripting (XSS)
• What program, released in 2013, is an example of ransomware?
◦ CryptoLocker
• Which form of injection allows a payload to run in memory under another process, undetected and without writing to hard drives?
◦ DLL Injection
• Which type of injection attack does not use the web server but instead involves only the user's web browser?
◦ DOM XSS attack
• Maria receives a ciphertext message from her colleague Wen. What type of function does Maria need to use to read the plaintext message?
◦ Decryption
• Which types of evidence helps explain other evidence and includes visual aids such as charts and graphs?
◦ Demonstrate
• Which type of evidence is information collected from individuals that support and helps to interpret other types of data?
◦ Demonstrative Evidence
• A hash of data can be identified with ___ attacks, so it is customary to add ___ to a hash to ensure that the hash value appears to be different each time it is used.
◦ Dictionary ; a Salt
• Alice and Bob would like to communicate with each other using a session key, but they do not already have a shared secret key. Which algorithm can they use to exchange a secret key?
◦ Diffe-Hellman
• What is not a symmetric encryption algorithm?
◦ Diffie-Hellman
• Which process creates symmetric secret keys for use in a hybrid cryptography method?
◦ Diffie-Hellman Key Exchange
• In the Group Policy Management editor's Turn off real-time protection Setting, which you would choose to ensure that Windows Defender's real-time protection is always on and cannot be overridden by other users, including local administrators.
◦ Disabled
• Omar is an infrastructure security professional. After reviewing a set of professional ethics issued by his company, he is learning and adopting ethical boundaries in an attempt to demonstrate them to others. What is this called?
◦ Encouraging the adoption of ethical guidelines and standards
• Which of the following is not an objective of cryptanalysis, the process of breaking codes?
◦ Encrypt the plaintext of a target message
• Which of the following password policies would be used to prohibit users from re-using their seven most recent passwords?
◦ Enforce Password History
• Which of the following was developed by researchers at the Center for Education and Research in Information Assurance and Security (CERIAS) at Purdue University?
◦ Event-Based Digital Forensic Investigation Framework
• An effective audit report gets right to the point and often begins with a summary followed by the details. Because the summary may find its way outside the organization's leadership, what should auditors take care not to do?
◦ Expose security weaknesses
• True or False? A block cipher encrypts one byte (or bit) at a time, whereas a stream cipher encrypts an entire block of data at a time.
◦ False
• True or False? A business impact analysis (BIA) details the steps to recover from a disruption and restore the infrastructure necessary for normal business operations.
◦ False
• True or False? A digitized signature is a combination of a strong hash of a message and a secret key.
◦ False
• True or False? A product cipher is an encryption algorithm that has no corresponding decryption algorithm.
◦ False
• True or False? A smurf attack tricks users into providing logon information on what appears to be legitimate website but is in fact a website set up by an attacker to obtain this information.
◦ False
• True or False? All types of disaster recovery sites are available in the cloud.
◦ False
• True or False? Change does not create risk for a business.
◦ False
• True or False? Clustering comprises multiple disk drives that appear as a single disk drive but actually store multiple copies of data in case a disk drive in the array fails.
◦ False
• True or False? Committee of Sponsoring Organizations (COSO) is a set of best practices for IT management.
◦ False
• True or False? Configuration changes can be made at any time during a system life cycle, and no process is required.
◦ False
• True or False? Cyberterrorism is the use of online media and assets to harass individuals.
◦ False
• True or False? During a simulation test of a contingency plan, you must shut down the original system at the primary site for the duration.
◦ False
• True or False? Operating systems remove data when a file is deleted.
◦ False
• True or False? Regarding log monitoring, false negatives are alerts that seem malicious but are not real security events.
◦ False
• True or False? Signature-based intrusion detection systems (IDSs) compare current activity with stored profiles of normal (expected) activity.
◦ False
• True or False? Spyware does not use cookies.
◦ False
• True or False? Stealth viruses attack countermeasures, such as antivirus signature files or integrity databases, by searching for these data files and deleting or altering them.
◦ False
• True or False? System infectors are viruses that attack document files containing embedded macro programming capabilities.
◦ False
• True or False? Testimonial evidence is often the most important evidence in court because it provides relevance for other types of evidence.
◦ False
• True or False? The U.S. government currently has no standard for creating cryptographic keys for classified applications.
◦ False
• True or False? The macOS operating system uses the ext3 or ext4 file systems.
◦ False
• True or False? The process of collecting evidence is called evidence preservation.
◦ False
• True or False? The term "data owner" refers to the person or group that manages an IT infrastructure.
◦ False
• True or False? The term "firmware" indicates that software is stored on a separate storage unit within a file system, as opposed to directly in the hardware.
◦ False
• True or False? The waterfall software development model works well in very dynamic environments where requirements change and are often revisited.
◦ False
• True or False? When outsourcing operations to a cloud service provider, the client is responsible for determining the best fault tolerance implementations to meet their service level-agreement (SLA) availability requirements.
◦ False
• True or False? Worms operate by encrypting important files or even the entire storage device and making them inaccessible.
◦ False
• True or False? You must always use the same algorithm to encrypt information and decrypt the same information.
◦ False
• Antonio is responsible for turning his organization's intrusion detection system. He notices that the system reports an intrusion alert each time that an administrator connects to a server using Secure Shell (SSH). What type of error is occurring?
◦ False Positive Error
• Some ciphers, regardless of type, rely on the difficulty of solving certain mathematical problems, which is the basis for asymmetric key cryptography. Which of the following is a branch of mathematics that involves multiplicative inverses that these ciphers use?
◦ Field Theory
• Which of the following methods would help narrow the log entries to show failed login attempts?
◦ Filter the events by EventID
• In a ___ attack, the victim triggers an attack through data that is stored on the targeted web server. In a ____ attack, the attacker triggers an attack through the use of scripting commands in a website's URL or a web form.
◦ Persistent XSS ; non-persistent XSS
• Cherilyn is a security consultant hired by a company to develop its system auditing protocols. She and the company's chief information officer (CIO) agree that audits are an important consideration. In her report the CIO and other C-level officers of the corporation, she recommends that the security policy include audit categories and ____ for conducting audits.
◦ Frequency Requirements
• Policies related to acceptable use, antivirus, email, firewalls, wireless, or mobile device security are examples of a ____ policy, which provides direction to management in specific areas.
◦ Functional
• Microsoft's ____ allows you to implement password protection policies through Active Directory on a Windows Domain Controller.
◦ GPMC
• Which cryptographical technique could be used to determine whether a file has changed?
◦ Hashing
• What is a set of concepts and policies for managing IT infrastructure, development, and operations? The information is published in a series of books, each covering a separate IT management topic.
◦ IT Infrastructure Library (ITIL)
• During which step of the incident-handling process is the goal to contain the incident?
◦ Identification
• Bob is sending a message to Alice. He wants to ensure that nobody tampers with the message while it is in transit. What goal of cryptography is Bob attempting to achieve?
◦ Integrity
• Digitally signing a document guarantees ____ due to its use of hashing.
◦ Integrity
• Rodrigo has just received an email at work from an unknown person. The sender claims to have incriminating evidence against Rodrigo and threatens to release it to his employer and his family unless he discloses certain confidential information about his employer's company. Rodrigo does not know that several other people in the organization received the same email. What form of social engineering has occurred?
◦ Intimidation
• Which is not true of data backup options?
◦ It is faster to create incremental weekday backups than differential backups
• Lin is a digital forensic specialist who works in a forensic lab. She is evaluating diagnostic forensic software to add to the lab's toolkit. She wants a tool that is open source that can also be used for penetration testing. Which tool should she choose?
◦ Kali Linux
• Allison is a security professional. A user reports that, after opening an email attachment, every document he saves is in a template format and other Microsoft Word documents will not open. After investigating the issue, Allison determines that the user's Microsoft Office normal.dot template has been damaged, as well as many Word files. What type of virus is most likely cause?
◦ Macro Virus
• Which of the following is a digital forensics specialist least likely to need in-depth knowledge of?
◦ Mainframes
• Isabella is a digital forensic specialist. She wants to recover deleted data from a computer disk. The computer is currently running. Which process should she take to do so without accidentally overwriting any deleted data?
◦ Make an image of memory, shut down the computer, attach the disk drive to a forensic lab device, and read the data from the disk.
• Isabella is an IT security manager for a state agency. The agency can survive for nine hours without a functioning data center. If the power goes out in her data center, Isabella estimates it will take six hours to move data center operations to an alternate site. Which of the following describes how long the agency can survive without a functioning data center?
◦ Maximum Tolerable Downtime (MTD)
• What is the average time a device will function before it fails?
◦ Mean time to Failure
• Which of the following is a payload that allows a thread actor to control an exploited targeted through shell commands?
◦ Meterpreter
• A mobile device policy states the ___ security settings required for a device to connect to an organization's networks.
◦ Minimal
• A(n) ____ may include security settings that specify parameters for running antivirus scans, installing security updates, enabling lock screen functionality, or encrypting your personal tablet if you use it in a work setting.
◦ Mobile Security Policy
• Which of the following is not true of mobile devices and forensics?
◦ Mobile devices do not need to follow ordinary chain of custody techniques
• Security controls place limits on activities that might poses a risk to an organization. Ricky, a security engineer for his company, is performing a review and measurement of all controls to capture changes to any environment component. What is this called?
◦ Monitoring
• How can NFS be used to improve the availability of a web service?
◦ NFS can provide storage for multiple redundant web servers
• Hajar is a network engineer. She is creating a system of access involving clearance and classification based on users and the objects they need in a secure network. She is restricting access to secure objects by users based on least privilege and which of the following?
◦ Need to know
• In which type of computer crime do cybercriminals engage in activities to either impersonate victims or to convince victims to carry out transactions that benefit the criminals, with a focus on extracting revenue from victims?
◦ Online Fraud
• What components of the system are included in a System State backup?
◦ Operating system files, application data, and the registry
• Leola is a cybersecurity consultant hired by a company to test the effectiveness of its network's defenses. She has something in common with the malicious people who would perform the same tasks involved in _____, except that, unlike Leola, they would not have consent to perform this action against the system.
◦ Penetration Testing
• A security ___ states the goals of a security ____ by communicating what the leadership desires, which defines what security means to an organization.
◦ Policy ; Strategy
• Jermaine is a security administrator for his company. He is developing a defense against attacks based on network-mapping methods. He prevents the Internet Control Message Protocol (ICMP) from operating to stop attackers from using ping packets to discover the network layout, but he must also guard against operating system fingerprinting since many attacks are tailored for specific operating systems. What must Jermaine be concerned about?
◦ Port Mapping
• During which step of the incident-handling process do you develop a formal communication plan and identify all key stakeholders?
◦ Preparation
• What is the least likely goal of an information security awareness program?
◦ Punish users who violate policy
• Which approach to cryptography uses highly parallel algorithms that could solve problems in a fraction of the time needed by conventional computers?
◦ Quantum Cryptography
• Which type of evidence is any physical object that you can touch or otherwise directly observe, such as a hard drive?
◦ Real
• In hybrid cryptography, the recipient uses the ___ to decrypt the initial message and symmetric key from the sender.
◦ Recipient's public key
• A Windows server was corrupted due to a malware attack. A system State backup is available from before the attack occurred, when the server was fully operational. What steps will be needed after recovery from the backup to return the machine to its operational state?
◦ Recovery will return the system to its operational state
• Karen is a hacker. She wants to access a server and control it remotely. The tool she plans to use is a type of Trojan. What tool will Karen use for this purpose?
◦ Remote Access Tool (RAT)
• What is the correct order of change control procedures regarding changes to systems and networks?
◦ Request, Impact Assessment, Approval, Build/Test, Implement, Monitor
• During which step of the incident-handling process does triage take place?
◦ Response
• You have correctly updated /etc/rsyslog.conf to send log messages to a remote server. However, the remote server is not receiving any messages yet. What still needs to be done?
◦ Restart the rsyslog service
• Which of the following is a common DDoS technique that creates half-open connections to the target and may not overwhelm only the target but also the router between the attack system and target?
◦ SYN Flood Attack
• Isaac is responsible for performing log reviews for his organization in an attempt to identify security issues. He has a massive amount of data to review. What type of tool would best assist him with this work?
◦ Security Information and Event Management (SIEM) System
• Aditya is a network technician. He is collecting system data for an upcoming internal system audit. He is currently performing vulnerability testing to determine what weaknesses may exist in the network's security. What form of assessment is he conducting?
◦ Security Testing
• Mia is her company's network security professional. She is developing access policies based on personnel security principles. As part of this effort, she is devising a method of taking high-security tasks and splitting them among several different employees so that no one person is responsible for knowing and performing the entire task. What practice is she developing?
◦ Separation of duties
• Emily is the information security director for a large company that handles sensitive personal information. She is hiring an auditor to conduct an assessment demonstrating that her firm is satisfying requirements regarding customer private data What type of assessment should she request?
◦ Service Organization Control (SOC) 3
• What are bash and zsh?
◦ Shells
• Which intrusion detection system strategy relies on pattern matching?
◦ Signature Detection
• Arturo discovers a virus on his system that resides only in the computer's memory and not in a file. What type of virus has he discovered?
◦ Slow Virus
• Which of the following is a risk that becomes important when using automatic blocking rules in Snort?
◦ Some legitimate activity may be blocked
• The chief executive officer (CEO) of a company recently fell victim to an attack. The attackers sent the CEO an email that appeared to come from the company's attorney. The email informed the CEO that his company was being sued and he needed to view a subpoena at a court website. When visiting the website, malicious code was downloaded onto the CEO's computer. What type of attack took place?
◦ Spear Phishing
• Which attack method best describes a spam email campaign that targets the head of an organization?
◦ Spear Phishing
• Bob is developing a web application that depends on a backend database. What type of attack could a malicious individual use to send commands through his web application to the database?
◦ Structured Query Language (SQL) Injection
• Joe is responsible for the security of the systems that control and monitor devices for a power plant. What type of system does Joe likely administer?
◦ Supervisory Control and Data Acquisition (SCADA)
• Which set of characteristics describes the Caesar cipher accurately?
◦ Symmetric, Stream, Substitution
• Which of the following is a type of denial of service (DoS) attack?
◦ Synchronize (SYN) Flood
• Which type of virus targets computer hardware and software startup functions?
◦ System Infector
• Analysis of a compromised hard drive image found an email message that was sent from a company employee to an external email address. The message contains information that is private to the company. What conclusion can you draw from this?
◦ The employee's computer was used to send proprietary information outside the company. More investigation is needed to determine who is responsible.
• Aditya is attempting to classify information regarding a new project that his organization will undertake in secret. Which characteristic is not normally used to make these types of classification decisions?
◦ Threat
• What is the primary purpose of the analysis step of an incident response?
◦ To determine the root cause and reconstruct the events of an incident.
• What is the purpose of a disaster recovery plan (DRP)
◦ To enable an organization to make critical decisions ahead of time so personnel can manage and review decisions without the urgency of an actual disaster.
• Why would an analyst use a tool like NetWitness with network data from a PCAP file?
◦ To relate high-level user actions to raw network traffic
• True or False? A Faraday bag stops any electromagnetic emanations from passing into or out of the bag, preventing a mobile device from communicating with the outside world.
◦ True
• True or False? A backdoor is a hidden way to bypass access controls and allow access to a system or resource.
◦ True
• True or False? A blanket purchase agreement (BPA) creates preapproved accounts with qualified suppliers to fulfill recurring orders for products or services.
◦ True
• True or False? A functional policy declares an organization's management direction for security in such specific functional areas as email use, remote access, and Internet interaction (including social media).
◦ True
• True or False? A hash function is a mathematical function that takes arbitrary data as input and returns a fixed-length output (number).
◦ True
• True or False? A host-based intrusion detection system (HIDS) can recognize an anomaly that is specific to a particular machine or user.
◦ True
• True or False? A keyword mixed alphabet cipher uses a cipher alphabet that consists of a keyword, minus duplicates, followed by the remaining letters of the alphabet.
◦ True
• True or False? A parallel test of a contingency plan is the same as a full-interruption test except that processing does not stop at the primary site.
◦ True
• True or False? A primary concern for collected evidence is the preservation of its collected state, which means assurance that evidence remains unchanged from its state when it was collected.
◦ True
• True or False? A rootkit is a type of malware that modifies or replaces one or more existing programs to hide the fact that a computer has been compromised.
◦ True
• True or False? A security awareness program should address the requirements and expectations of an organization's security policy.
◦ True
• True or False? A successful business impact analysis (BIA) maps the context, the critical business functions (CBFs), and the processes on which they rely.
◦ True
• True or False? After audit activities are completed, auditors perform data analysis.
◦ True
• True or False? American Institute of Certified Public Accountants (AICPA) Service Organization Control (SOC) 2 reports are commonly implemented for service providers, hosted data centers, and managed cloud computing providers.
◦ True
• True or False? An American Institute of Certified Public Accountants (AICPA) Service Organization Control (SOC) 1 report is commonly implemented for organizations that must comply with Sarbanes-Oxley (SOX) or the Gramm-Leach-Bliley Act (GLBA)
◦ True
• True or False? An algorithm is a repeatable process that produces the same result when it receives the same input.
◦ True
• True or False? An auditing benchmark is the standard by which a system is compared to determine whether it is securely configured.
◦ True
• True or False? Attackers have established thousands of botnets, which they use to distribute malware and spam and to launch denial of service (DoS) attacks against organizations or even countries.
◦ True
• True or False? Attacks against confidentiality and privacy, data integrity, and availability of services are all ways malicious code can threaten businesses.
◦ True
• True or False? Because people inside an organization generally have more detailed knowledge of the IT infrastructure than outsiders do, they can place logic bombs more easily.
◦ True
• True or False? Business continuity management includes business continuity planning, disaster recovery planning, crisis management, incident response management, and risk management.
◦ True
• True or False? Change control is the management of changes to the configuration of a system.
◦ True
• True or False? Classification scope determines what data to classify; classification process determines how to handle classified data.
◦ True
• True or False? Company-related classifications are not standard; therefore, there may be some differences of meaning between the terms "private" and "confidential" in different companies.
◦ True
• True or False? Data loss prevention (DLP) uses business rules to classify sensitive information to prevent unauthorized end users from sharing it.
◦ True
• True or False? Defense in depth is the practice of layering defenses to increase overall security and provide more reaction time to respond to incidents.
◦ True
• True or False? Digital forensics is the process of using well-defined analytical and investigative techniques to guide the processes of collecting and examining evidence related to a computer security incident.
◦ True
• True or False? Regarding an intrusion detection system (IDS), stateful matching looks for specific sequences appearing across several packets in a traffic stream, rather than just in individual packets.
◦ True
• True or False? Revocation is a security measure that stops authorization for access to data.
◦ True
• True or False? Security breaches perpetrated by current and former employees often go undetected due to weak personnel and security policies or ineffective countermeasures.
◦ True
• True or False? Standards are mandated requirements for hardware and software solutions used to address security risk throughout an organization.
◦ True
• True or False? The Common Criteria is a set of system procurement standards used by several countries.
◦ True
• True or False? The U.S. Department of Defense (DoD) Cyber Crime Center (DC3) sets standards for digital evidence processing, analysis, and diagnostics.
◦ True
• True or False? The emergency operations center (EOC) is the place where an organization's recovery team will meet and work during a disruption.
◦ True
• True or False? The goal of a command injection is to execute commands on a host operating system.
◦ True
• True or False? The idea that users should be granted only the levels of permissions they need to perform their duties is called the principle of least privilege.
◦ True
• True or False? The purpose of a security audit is to make sure computing environments and security controls work as expected.
◦ True
• True or False? The success of Trojans is due to their reliance on social engineering to spread and operate; they have to trick users into running them.
◦ True
• True or False? The term "computer crime" typically refers to crimes that target computer resources, either data that computers store or the services they provide (or both).
◦ True
• True or False? The term "web defacement" refers to someone gaining unauthorized access to a web server and altering the index page of a site on the server.
◦ True
• True or False? Transport Layer Security (TLS) is an example of a transport encryption protocol.
◦ True
• True or False? Two common methods to protect evidence during imaging are to use forensic software that forces read-only mode or connect the evidence using a hardware interface that blocks any write operations.
◦ True
• True or False? Using the names of superiors to convince another person that a higher authority has allowed access to information is a form of social engineering.
◦ True
• True or False? When planning an IT audit, one must ensure that the areas not reviewed in the current audit will be subject to another audit.
◦ True
• True or False? Whereas a cipher performs a particular task, a key gives the specific directions for how to do it.
◦ True
• True or False? While running business operations at an alternate site, you must continue to make backups of data and systems.
◦ True
• True or False? You can break a cipher by analyzing the ciphertext to find the plaintext or key or by analyzing the ciphertext and its associated plaintext to find the key.
◦ True
• What is not a typical sign of virus activity on a system?
◦ Unexpected power failures
• Juan is a wireless security professional He is selecting a standard for wireless encryption protocols for access points and devices for his agency. For the highest security, which protocol should Juan choose?
◦ Wi-Fi Protected Access Version 3 (WPA3)
• Which tool aggregates application and system events in a Windows environment?
◦ Windows Event Viewer
• Which of the following backup and recovery solutions would be used to back up a Windows server?
◦ Windows Server Backup
• Which information security objective verifies the action to create an object or verifies an object's existence by an entity other than the creator?
◦ Witnessing
• To perform DDoS with a botnet, it is useful to set up a C2 server via ____, which allows machine-to-machine communication in an anonymized manner.
◦ an IRC channel
• To create a digital signature for a message, first calculate a hash value of the message and then ____.
◦ encrypt the hash value with the sender's private key
• Which tool is helpful for finding entries that match a specified pattern in Linux system logs?
◦ grep