midterm compTIA Security module 1-3
In which of the following mobile device deployment models are employees supplied a chosen device paid for by their company for both professional and personal use?
. COPE
Which of the following is true for KRI?
A KRI exceeding its normal bounds is not always an indicator of compromise.
In an interview, you were asked to analyze the following statements regarding secure network designs and choose the correct one. Which of the following should you choose?
A NAC examines an endpoint before it can connect to the network, denying access to any device that does not meet specific criteria.
What is the difference between a Trojan and a RAT?
A RAT gives the attacker unauthorized remote access to the victim's computer
What is a firewall?
A firewall is a network security system that monitors and controls all incoming and outgoing traffic.
Which of the following is technology that imitates human abilities?
AI
What is another name for footprinting?
Active reconnaissance
Which tool is most commonly associated with state actors?
Advanced Persistent Threat (APT)
Which of the following ensures that only authorized parties can view protected information?
Authorization
Which of the following is NOT a characteristic of a penetration test?
Automated
What penetration testing level name is given to testers who have no knowledge of the network and no special privileges?
Black box
Gabriel's sister called him about a message that suddenly appeared on her screen that says her software license has expired and she must immediately pay $500 to have it renewed before control of the computer will be returned to her. What type of malware has infected her computer?
Blocking ransomware
What is the category of threat actors that sell their knowledge of vulnerabilities to other attackers or governments?
Brokers
which of the following attacks take more time
Brute force attack
Which type of memory vulnerability attack manipulates the "return address" of the memory location of a software program?
Buffer overflow attack
Your organization is planning to be a part of the CISCP program as a partner. As an information security expert in your company, you are approached by your CEO, who wants to understand how the speed limit of public information centers like CISCP is handled. How should you explain how this speed limit is handled to him?
CISCP implements AIS, which resolves the speed limit issue of public information centers.
Which group is responsible for the Cloud Controls Matrix?
CSA
Which of the following attacks is based on the principle that when a user is currently authenticated on a website and then loads another webpage, the new page inherits the identity and privileges of the first website?
CSRF
Which of the following contains the set of rules that govern the operation of a PKI?
Certificate policy (CP)
Which of the following is NOT a means by which a bot communicates with a C&C device?
Command sent through Twitter post
Marius's team leader has just texted him that an employee, who violated company policy by bringing in a file on her USB flash drive, has just reported that her computer is suddenly locked up with cryptomalware. Why would Marius consider this a dangerous situation?
Cryptomalware can encrypt all files on any network that is connected to the employee's computer
You are assigned to hunt for traces of a dangerous DNS attack in a network. You need to capture DNS attacks that can compromise the command-and-control activities of all devices in the network. What type of DNS attack should you look for?
DNS hijacking
Which of the following is NOT a characteristic of malware?
Diffusion
Which of the following attacks targets the external software component that is a repository of both code and data?
Dynamic-link library (DLL) injection attack
What word is used today to refer to network-connected hardware devices?
Endpoint
Which feature of a security information and event management (SIEM) tool can help filter multiple alerts detected by different devices for the same event into a single alarm?
Event duplication
Luna is reading a book about the history of cybercrime. She read that the very first cyberattacks that occurred were mainly for what purpose?
Fame
Which type of malware relies on LOLBins?
Fileless virus
Which of the following is a tool used for making a physical copy?
GNU dd
Ramesh is very active on social media. He visits a lot of pages and views a lot of photos. He also uploads most of his photos to social media sites such as Facebook and Instagram. By doing this, he can become a victim of which of the following risks?
GPS tagging
An enterprise's application server and web server are hosted by a cloud service provider, and their database server is in their cloud establishment. Which type of cloud is used by the enterprise?
Hybrid cloud
Which ISO contains controls for managing and controlling risk?
ISO 31000
Which of the following is not something that a SIEM can perform?
Incident response
Your enterprise ran out of computing resources due to the increasingly high rate of stored data. You are asked to choose a cloud model in which your enterprise can have the most control over the hardware. Which model should you choose?
Infrastructure as a service
Which of the following of the CIA Triad ensures that the information is correct, and no unauthorized person has altered it
Integrity
Josh is researching the different types of attacks that can be generated through a botnet. Which of the following would NOT be something distributed by a botnet?
LOLBins
When researching how an attack recently took place, Nova discovered that the threat actor, after penetrating the system, started looking to move through the network with their elevated position. What is the name of this technique?
Lateral movement
Which of the following is NOT an advantage of crowdsourced penetration testing?
Less expensive
Which of the following is not used to describe those who attack computer systems?
Malicious agent
Which of the following is not a reason why a legacy platform has not been updated?
No compelling reason for any updates
Which of the following is not a recognized attack vector?
On-prem
You conducted workshops to help train users to identify different risks. What control category does this fall within?
Operational
Which of the following is a standard for the handling of customer card information?
PCI DSS
Randall's roommate is complaining to him about all of the software that came pre-installed on his new computer. He doesn't want the software because it slows down the computer. What type of software is this?
PUP
Which of the following is not an issue with patching
Patches address zero-day vulnerabilities
John needs to identify public key systems that generate different, random public keys for each session and, even if a key gets stolen, should not reveal more than one message. Which public key system should John suggest?
Perfect forward secrecy
Seo-jun is a bug bounty hunter. He was hired by an industrial organization to damage the network's security defenses as much as possible. Seo-jun gained initial access to a system in the network by sending a spear-phishing email into the network that installed a virus. What sequence of actions should he perform to achieve repeated and long-term access to multiple systems in the network with a highly privileged account?
Perform privilege escalation, then lateral movement, and then perform backdoor installation
Ebba has received a new initiative for her security team to perform an in-house penetration test. What is the first step that Ebba should undertake?
Planning
Linnea has requested to be placed on the penetration testing team that scans for vulnerabilities to exploit them. Which team does she want to be placed on?
Red team
What term refers to changing the design of existing code?
Refactoring
Which of the following are developed by established professional organizations or government agencies using the expertise of seasoned security professionals?
Regulations
Which is the final rule of engagement that would be conducted in a pen test?
Reporting
What are documents that are authored by technology bodies employing specialists, engineers, and scientists who are experts in those areas?
Requests for comments (RFCs)
Which of the following can automate an incident response?
SOAR
Tuva's supervisor wants to share a recent audit outside the organization. Tuva warns him that this type of audit can only be read by those within the organization. What audit does Tuva's supervisor want to distribute?
SSAE SOC 2 Type II
Which of the following manipulates the trusting relationship between web servers?
SSRF
Tilde is working on a contract with the external penetration testing consultants. She does not want any executives to receive spear-phishing emails. Which rule of engagement would cover this limitation?
Scope
Which of the following groups have the lowest level of technical knowledge?
Script kiddies
ABC Manufacturing Company is located in Hiroshima, Japan. Being prone to earthquakes, the company decided to implement a backup of their data on a Singapore server. The IT administrator contacted you to identify the optimal command interface protocol for this backup. Which command interface protocol should you advise?
Secure shell
After Bella earned her security certification, she was offered a promotion. As she reviewed the job responsibilities, she saw that in this position she will report to the CISO and will be a supervisor over a group of security technicians. Which of these generally recognized security positions has she been offered?
Security Manager
Which of the following is true regarding the relationship between security and convenience?
Security and convenience are inversely proportional.
Which of the following is not true regarding security?
Security is a war that must be won at all costs
Which of these would NOT be considered the result of a logic bomb?
Send an email to Rowan's inbox each Monday morning with the agenda of that week's department meeting.
Which of the following denotes a "pass the hash?"
Sending the hash to get authenticated
Your organization has been developing a new product for the last three years. The technical specifications of the product were leaked before the product's official release. As a result of the leak, your company's main competitor is changing the specifications of their own product, releasing it earlier than your product, and planning on acquiring the manufacturer your company uses to create vital digital circuits. News of the competitor's plans has caused the majority of investors to pull their funding from your company. Which data classification level was breached?
Sensitive
You work in an enterprise that provides various services to other enterprises. After successfully negotiating terms with a new client, you were asked to issue an agreement that specifies the responsibilities of each party and guarantee of services. Which of the following agreements should you issue?
Service-level agreement
A threat actor employed by the victimized organization is referred to as which of the following?
Shadow IT
Which statement regarding a keylogger is NOT true?
Software keyloggers are generally easy to detect
Which of the following groups use Advanced Persistent Threats?
State actors
Which of the following processes can conceal a file, message, image, or a video within another file, message, image, or a video?
Steganography
What is the term used to describe the connectivity between an organization and a third party?
System integration
Which of the following is false about the CompTIA Security+ certification?
The Security+ certification is a vendor-neutral credential.
Which of the following best defines the recovery point objective?
The maximum tolerable length of time between backups
Lykke's supervisor is evaluating whether to use internal security employees to conduct a penetration test. Lykke does not consider this a good idea and has created a memo with several reasons they should not be used. Which of the following would NOT be part of that memo?
They would have to stay overnight to perform the test.
How do vendors decide which should be the default settings on a system?
Those settings that provide the means by which the user can immediately begin to use the product.
Which premise is the foundation of threat hunting?
Threat actors have already infiltrated our network.
What race condition can result in a NULL pointer/object dereference?
Time of check/time of use race condition
You are a cybersecurity trainer, and the following are the objectives of an incident response plan listed by a student in a cybersecurity exam. Which of the following is a correct statement?
To contain the spread of the attack
What is an objective of state-sponsored attackers?
To spy on citizens
Smith installed new meeting-scheduling software that automatically sends emails and reminders to the recipient's computer. Smith noticed that after installation, the software was also tracking other applications he accessed on his computer. What is this attack called?
Trojan
Sara keeps sensitive data on her work phone, which she frequently uses to make business calls while driving to different client sites. Which of the following actions should Sara take to limit the threat of bluejacking and bluesnarfing attacks on her work phone?
Turn off her phone's Bluetooth connection when she is not using it
Which of the following is NOT a general information source that can provide valuable in-depth information on cybersecurity?
Alex works for Alpha Consultancy, where employees are only allowed to use the company's intranet resources using static IT devices connected through a physical network connection. But their clients' teams frequently travel to Alpha Consultancy and require intranet connections for their mobile devices and laptops. One client team has members from various departments who visit at different times. Alex has been told to implement a solution that can be easily configured for visiting team use while ensuring that these visiting teams can access the intranet without compromising network security. Which protocol should Alex implement?
WPS
Your company's Accounts Payable department reports that an invoice was marked as paid, but the vendor has shown proof they never received any of the $783,296 payment. Accounts Payable confirms that the amount was deducted from the company's accounts, but the recipient account number does not match the vendor's. After an investigation, you discover that the invoice was paid by the Chief Financial Officer. He says he paid the invoice after receiving an after-hours, past-due invoice from the vendor claiming that they would be filing a civil action in court the next morning. Rather than wait for Accounts Payable to come in the next day and verify the invoice date, the CFO immediately paid the full amount. Which type of social engineering attack was your company most likely the victim of?
Whaling
Which type of hacker will probe a system for weaknesses and then privately provide that information back to the organization?
White hat hackers
Which of the following tools has a graphical user interface (GUI)
Wireshark
Which of the following is known as a network virus?
Worm
What is an attack on a NoSQL database compromised by data manipulation when the input is not sanitized by the application?
XML injection
Which of the following attacks is based on a website accepting user input without sanitizing it?
XSS
Complete this definition of information security: That which protects the integrity, confidentiality, and availability of information _____.
through products, people, and procedures on the devices that store, manipulate, and transmit the information
