Sec + final

Guidance for setting up and operating computer systems to a secure level that is understood and documented can be obtained from which of the following? (Choose all that apply.) CIS Vendors/manufacturers Government sources ISO

CIS Vendors/manufacturers Government sources

A company is using a mobile device deployment model in which employees use their personal devices for work at their own discretion. Some of the problems the company is encountering include the following: There is no standardization. Employees ask for reimbursement for their devices. Employees do not replace their devices often enough to keep them running efficiently. The company does not have enough control over the devices. Which of the following is a deployment model that would help the company overcome these problems? CYOD VDI COPE BYOD

CYOD

A network technician is setting up a segmented network that will utilize a separate ISP to provide wireless access to the public area for a company. Which of the following wireless security methods should the technician implement to provide basic accountability for access to the public network? Enterprise Pre-shared key Wi-Fi Protected setup Captive portal

Captive portal

Which of the following best describes what CVE is? A place to report errors and vulnerabilities A list of known vulnerabilities A list of systems that have vulnerabilities A measure of the severity of a vulnerability

A list of known vulnerabilities

Malicious traffic from an internal network has been detected on an unauthorized port on an application server. Which of the following network-based security controls should the engineer consider implementing? ACLs MAC filtering NAT HIPS

ACLs

When connected to a secure WAP, which of the following encryption technologies is MOST likely to be configured when connecting to WPA2-PSK? MD5 AES DES WEP

AES

An administrator notices there are several user accounts on the local network generating spam with embedded malicious code. Which of the following technical control should be put in place to BEST reduce these incidents? Account lockout Least privilege Group Based Privileges Password complexity

Account lockout

Which type of policy sets the direction for the security team to manage who can access what resources in a system? Time-based login policies Time-of-day restriction policies Account permissions policy Password policies

Account permissions policy

Which of the following is not associated typically with SIEM processes? Log capture Applications Log aggregation Syslog

Applications

A web application you are reviewing has an input field for username and indicates the username should be between 6 and 12 characters. You've discovered that if you input a username that's 150 characters or more in length, the application crashes. What is this is an example of? Integer overflow Directory traversal Memory leak Buffer overflow

Buffer overflow

Which of the following are the three modes supported by Bluetooth 4.0? Synchronous, High Speed, Low Energy Enhanced Data Rate, Backward Compatible, High Energy Classic, High Speed, Low Energy Classic, Low Speed, High Energy

Classic, High Speed, Low Energy

Which is the most critical element in understanding your current cloud security posture? Application security Cloud service agreement Networking security controls Encryption

Cloud service agreement

You wish to create an access control scheme that enables the CFO to access financial data from his machine, but not from the machine in the reception area of the lobby. Which access control model is best suited for this? Mandatory access control Conditional access control Discretionary access control Role-based access control

Conditional access control

Having an expired certificate is an example of what type of error? Mobile device management Configuration Application whitelisting Content filter/URL filter

Configuration

You have been directed by upper management to block employees from accessing Facebook from the corporate machines. Which would be the easiest way to exercise this control? Application allow list Application block list DLP Content filtering

Content filtering

Which of the following is not part of the Diamond Model of Intrusion Analysis? Victim Infrastructure Adversary Vulnerability

Correct Answer Vulnerability

Which of the following is the appropriate network structure used to protect servers and services that must be provided to external clients without completely eliminating access for internal users? NAC VLAN Subnet DMZ

DMZ

A company wants to host a publicly available server that performs the following functions: Which of the following should the company use to fulfill the above requirements? SFTP DNSSEC nslookup dig

DNSSEC

Which of the following is not a privacy-enhancing technology? Data masking Data minimization Tokenization Data disclosure

Data disclosure

An intrusion detection system is an example of what control type? Operational Technical Compensating Detective

Detective

Which phase of the incident response process involves removing the problem? Eradication Identification Mitigation Recovery

Eradication

Which of the following is not a PCI DSS control objective? Establish a CSO position Build and maintain a secure network Maintain a vulnerability management program Implement strong access control measures

Establish a CSO position

What is the primary use of near field communication (NFC)? Establishing radio communications over a short proximity Long-distance connectivity Communication in noisy industrial environments Communication in sparsely populated areas

Establishing radio communications over a short proximity

What kind of device provides tamper protection for encryption keys? IPSec HSM HTML5 Jump server

HSM

Which of the following performs a function similar to the familiar parity bits, checksum, or cyclic redundancy check? Authentication code Hashing algorithm Record offset Cryptographic algorithm

Hashing algorithm

Which of these is not associated with syslog files? Journalctl NXLog IPFIX SIP CTL

IPFIX

Which ISO standard covers risk management activities? ISO 27001 ISO 31000 ISO 27002 ISO 27701

ISO 31000

Which of the following precautions MINIMIZES the risk from network attacks directed at multifunction printers, as well as the impact on functionality at the same time? Isolating the systems using VLANs Implementing a unique user PIN access functions Installing a software-based IPS on all devices Enabling full disk encryption

Isolating the systems using VLANs

What is a disadvantage of infrared (IR) technology? It has a high data rate. It can penetrate walls. It cannot penetrate solid objects. It uses a slow encryption technology. Yes, A disadvantage of IR technology is that it cannot penetrate solid objects

It cannot penetrate solid objects.

What does a privacy impact assessment do? It determines what companies hold information on a specific person. It determines the damage caused by a breach of privacy. It's a corporate procedure to safeguard PII. It determines the gap between a company's privacy practices and required actions.

It determines the gap between a company's privacy practices and required actions.

Which of the following are the best reasons for an organization to have a job rotation policy? (Choose all that apply.) It ensures all important operations can still be accomplished should budget cuts result in the termination of a number of employees. It eliminates the need to rely on one individual for security expertise. Since security is often of secondary concern to people in their jobs, rotating individuals through security positions can result in a much wider understanding of the organization's security problems. It helps to maintain a high level of employee morale.

It eliminates the need to rely on one individual for security expertise. Since security is often of secondary concern to people in their jobs, rotating individuals through security positions can result in a much wider understanding of the organization's security problems.

What tool can be used to read system log data in Linux systems? Any text editor Journalctl Protocol analyzer Web browser

Journalctl

When you update your browser, you get a warning about a plugin not being compatible with the new version. You do not recognize the plugin, and you aren't sure what it does. Why is it important to understand plugins? What attack vector can be involved in plugins? Domain hijacking attack URL redirection attack Man in the browser attack Man in the middle attack

Man in the browser attack

A business has recently deployed laptops to all sales employees. The laptops will be used primarily from home offices and while traveling, and a high amount of wireless mobile use is expected. To protect the laptops while connected to untrusted wireless networks, which of the following would be the BEST method for reducing the risk of having the laptops compromised? Virtualization MAC filtering OS hardening Application white-listing

OS hardening

When designing a web based client server application with single application server and database cluster backend, input validation should be performed: On the client Using HTTPS On the application server Using database stored procedures

On the application server

You have to implement an OpenID solution. What is the typical relationship with existing systems? OpenID only works with Kerberos. OpenID is used for authorization, OAuth is used for authentication. OpenID is not compatible with OAuth. OpenID is used for authentication, OAuth is used for authorization.

OpenID is used for authentication, OAuth is used for authorization.

Which of the following are not U.S. laws associated with cybersecurity? (Choose all that apply.) CFAA Sarbanes Oxley (SOX) PCI DSS GDPR

PCI DSS GDPR

A mantrap is an example of which type security control? (Choose all that apply.) Preventative Physical Administrative Corrective

Preventative Physical

What are accounts with greater than "normal" user access called? System accounts Audit accounts Superuser accounts Privileged accounts

Privileged accounts

Which of the following is not a PCI DSS control objective? Implement strong access control measures Build and maintain a secure network Purchasing cybersecurity insurance Maintain a vulnerability management program

Purchasing cybersecurity insurance

Which team involves members who emulate both attackers and defenders? Blue team Purple team Gold team White team

Purple team

What is the best tool to ensure network traffic priorities for video conferencing are maintained? Network segmentation VLAN Next-generation firewall QoS

QoS

Which of the following terms is used to describe the target time that is set for the resumption of operations after an incident? RPO RTO MTBF MTTR

RTO

Which of the following elements is not part of the Root of Trust? Digital signatures UEFI TPM PCR Registry

Registry

What is a weakness of the DNS protocol? Its encryption capabilities are slow. Requests and replies are sent in plaintext. TCP can be used for large transfers such as zone transfers. It doesn't provide billing standardization in cloud infrastructures.

Requests and replies are sent in plaintext.

An administrator is configuring access to information located on a network file server named "Bowman". The files are located in a folder named "BalkFiles". The files are only for use by the "Matthews" division and should be read-only. The security policy requires permissions for shares to be managed at the file system layer and also requires those permissions to be set according to a least privilege model. Security policy for this data type also dictates that administrator-level accounts on the system have full access to the files. The administrator configures the file share according to the following table: Which of the following rows has been misconfigured? Row 4 Row 1 Row 3 Row 2 Row 5

Row 4

What is the most important first step in a penetration test? Privilege escalation Rules of engagement OSINT Reconnaissance

Rules of engagement

A system-focused set of predetermined automation steps is an example of what? Playbook Firewall rules Isolation Runbook

Runbook

Which of the following should be used to implement voice encryption? VoIP SSLv3 VDSL SRTP

SRTP

Which of these accounts represents the greater risk due to outside hacker infiltration? Third-party accounts Service accounts Temporary accounts User accounts

Service accounts

You use a "golden disk" to provision new machines from your vendors. As part of the incident response, you have discovered that the source of the malware you are seeing comes from this golden disk. This is an example of what vector? Direct access Removeable media Insider Supply chain

Supply chain

Understanding how an attacker operates so that you can develop a defensive posture is done through the use of which of the following? Predictive analysis TTPs Automated Indicator Sharing Threat maps

TTPs

Which category of control is most likely to be automated? Corrective Compensating Operational Technical

Technical

Which of the following is the best description of risk? Damage that is the result of unmitigated risk The chance of something not working as planned The cost associated with a realized risk The level of concern one places on the well-being of people

The chance of something not working as planned

You have a database full of very sensitive data. Salespeople need to access some of this sensitive data when onsite with a customer. The best method to prevent leakage of critical data during these access sessions would be to employ which of the following? Salting Tokenization Hashing Block list

Tokenization

A network administrator wants to implement a method of securing internal routing. Which of the following should the administrator implement? DMZ VPN PAT NAT

VPN

Which of the following technologies would be MOST appropriate to utilize when testing a new software patch before a company-wide deployment? Cloud computing Redundancy Virtualization Application control

Virtualization

Common sources of vulnerability issues for systems include which of the following? (Choose all that apply.) Data loss Correct! Weak configurationsImproper or weak patch management and weak configurations are defined as common sources for vulnerabilities. You Answered Identity theft Correct! Weak patch management

Weak configurationsImproper or weak patch management and weak configurations are defined as common sources for vulnerabilities. Weak patch management

A user in your organization is having issues with her laptop. Every time she opens a web browser, she sees different pop-up ads every few minutes. It doesn't seem to matter which websites are being visited—the pop-ups still appear. What type of attack does this sound like? Virus Ransomware Worm A potentially unwanted program (PUP)

A potentially unwanted program (PUP)

Proper use of separation of duties with respect to privileged users on your systems is a defense against which type of hacker? Insider Criminal syndicate All of the above Nation-state actor

All of the above

Correlation does what with SIEM data? Determines causes Provides background contextual information Allows rule-based interpretation of data All of the above

Allows rule-based interpretation of data

Once an organization's security policies have been established, what is the single most effective method of countering potential social engineering attacks? An active security awareness program Implementing access control cards and the wearing of security identification badges A separate physical access control mechanism for each department in the organization Frequent testing of both the organization's physical security procedures and employee telephone practices

An active security awareness program

A company is developing a new secure technology and requires computers being used for development to be isolated. Which of the following should be implemented to provide the MOST secure environment? An ad hoc network with NAT A bastion host An air gapped computer network A honeypot residing in a DMZ A perimeter firewall and IDS

An air gapped computer network

Which of the following is a representation of the frequency of an event, measured in a standard year? Annualized rate of occurrence (ARO) Single-loss expectancy (SLE) Annual loss expectancy (ALE) Annualized expectancy of occurrence (AEO)

Annualized rate of occurrence (ARO)

As a security professional, what should you do to address weak configurations that pose security risks to your organization? (Choose all that apply.) Change default usernames and passwords Disable unnecessary services. Open all ports so that everything can be scanned. Remove unnecessary apps.

Change default usernames and passwords. Disable unnecessary services Remove unnecessary apps.

Covering one's tracks to prevent discovery is also known as what? Correct! Cleanup OSINT Lateral movement Pivoting

Cleanup

While port-scanning your network for unauthorized systems, you notice one of your file servers has TCP port 61337 open. When you use Wireshark and examine the packets, you see encrypted traffic, in single packets, going back and forth every five minutes. The external connection is a server outside of your organization. What is this connection? Backdoor Remote login External backup location \Command and control

Command and control

Which of the following types of cloud infrastructures would allow several organizations with similar structures and interests to realize the benefits of shared storage and resources? Community Hybrid Private Public

Community

Which type of security control is used to meet a requirement when the requirement cannot be directly met? Physical Deterrent Preventative Compensating

Compensating

Threat hunting involves which of the following? (Choose all that apply.) Compliance reporting Analysis of adversarial actions Understanding how data flows in an enterprise Interpretation of threats to other companies

Compliance reporting Analysis of adversarial actions Understanding how data flows in an enterprise

A systems administrator wants to protect data stored on mobile devices that are used to scan and record assets in a warehouse. The control must automatically destroy the secure container of mobile devices if they leave the warehouse. Which of the following should the administrator implement? (Select two.) Containerization Geofencing Push notification services Near-field communication Remote wipe

Containerization Geofencing

A systems administrator wants to protect data stored on mobile devices that are used to scan and record assets in a warehouse. The control must automatically destroy the secure container of mobile devices if they leave the warehouse. Which of the following should the administrator implement? (Select two.) Remote wipe Correct! Containerization Correct! Geofencing Near-field communication Push notification services

Containerization Geofencing

In which phase of the incident response process are actions taken to constrain the incident to the minimal number of machines? Identification Recovery Eradication Containment

Containment

You have been directed by upper management to block employees from accessing Facebook from the corporate machines. Which would be the easiest way to exercise this control? Content filtering DLP Application allow list Application block list

Content filtering

What is the term for the set of steps needed to develop a comprehensive plan to enact during a situation where normal operations are interrupted? Restoration of business functions planning Disaster recovery Incident response planning Continuity of operations planning

Continuity of operations planning

Anti-malware software fails to detect a ransomware attack that is supposed to be within its capabilities of detecting. What is this an example of? False positive Measurement error False negative Analysis failure

False negative

If a system sends an alert that a user account is being hacked because of too many password failures, but analysis shows that the person's device had cached an old password, triggering the failures, what is this an example of? Analysis failure False positive Measurement error False negative

False positive

Which of the following impacts is in many ways the final arbiter of all activities because it is how we "keep score"? Finance Life Safety Reputation

Finance

Which of the following are critical in cloud security? (Choose all that apply.) Firewalls Encryption Integration and auditing Secrets management

Firewalls Encryption Integration and auditing Secrets management

Which of the following is used to identify when a device is within a specified distance of a location? Geodistance Geotagging Geoproximity Geofencing

Geofencing

During a routine audit, it is discovered that someone has been using a stale administrator account to log into a seldom used server. The person has been using the server to view inappropriate websites that are prohibited to end users. Which of the following could best prevent this from occurring again? Account expiration policy Acceptable use policy Group policy management Credential management

Group policy management

Your company has had bad press concerning its support (or lack of support) for a local social issue. Which type of hacker would be the most likely threat to attack or deface your website with respect to this issue? State actor Hacktivist Black hat Competitor

Hacktivist

Why is pinning more important on mobile devices? It uses elliptic curve cryptography. It uses less power for pinned certificate requests. It allows caching of a known good certificate when roaming to low-trust networks. It reduces network bandwidth usage by combining multiple CA requests into one.

It allows caching of a known good certificate when roaming to low-trust networks.

What is the main security concern with Universal Serial Bus (USB) technology? It uses proprietary encryption. It connects to cell phones for easy charging. It uses older encryption technology. It automounts and acts like a hard drive attached to the computer.

It automounts and acts like a hard drive attached to the computer.

What is the purpose of geofencing? It can enforce device locking with a strong password. It makes securing the mobile device simpler. It enables devices to be recognized by location and have actions taken. It can be used to remotely wipe a lost device.

It enables devices to be recognized by location and have actions taken.

What is the Secure Shell (SSH) protocol? It is an encrypted remote terminal connection program used for remote connections to a server. It provides snapshots of physical machines at a point in time. It provides Software as a Service (SaaS). It provides dynamic network address translation.

It is an encrypted remote terminal connection program used for remote connections to a server.

What is the purpose of the Secure/Multipurpose Internet Mail Extensions (S/MIME) protocol? It encrypts HTTP traffic. It optimizes the use of ports 80 and 443. It provides cryptographic protections to e-mails. It is used in audio encryption.

It provides cryptographic protections to e-mails.

What is the purpose of Lightweight Directory Access Protocol Secure (LDAPS)? It uses an SSL/TLS tunnel to connect LDAP services. It leverages encryption protections of SSH to secure FTP transfers. It digitally signs DNS records. It provides both symmetric and asymmetric encryption.

It uses an SSL/TLS tunnel to connect LDAP services.

A software development company needs to share information between two remote servers, using encryption to protect it. A programmer suggests developing a new encryption protocol, arguing that using an unknown protocol with secure, existing cryptographic algorithm libraries will provide strong encryption without being susceptible to attacks on other known protocols. Which of the following summarizes the BEST response to the programmer's proposal? New protocols often introduce unexpected vulnerabilities, even when developed with otherwise secure and tested algorithm libraries. The obscurity value of unproven protocols against attacks often outweighs the potential for introducing new vulnerabilities. A programmer should have specialized training in protocol development before attempting to design a new encryption protocol. The newly developed protocol will only be as secure as the underlying cryptographic algorithms used.

New protocols often introduce unexpected vulnerabilities, even when developed with otherwise secure and tested algorithm libraries.

To test your systems against weak passwords, you as an admin (with proper permissions) test all the accounts using the top 100 commonly used passwords. What is this test an example of? Dictionary Rainbow tables Password spraying Online

Password spraying

Your firm has 200 desktops in three sites, split among a dozen business departments. Which of the following would be the first that you should ensure is working correctly to reduce risk? Patch Management Application security Secure cookies Secure Boot

Patch Management

You are a security admin for XYZ company. You suspect that company e-mails using the default POP and IMAP e-mail protocols and ports are getting intercepted while in transit. Which of the following ports should you consider using? Ports 53 and 22 Ports 161 and 16240 Ports 995 and 993 Ports 110 and 143

Ports 995 and 993

Which of the following represents a method of transferring risk to a third party? Applying controls that reduce risk impact Creating a record of information about identified risks Purchasing cybersecurity insurance Developing and forwarding the results of a risk matrix/heat map

Purchasing cybersecurity insurance

Although a web enabled application appears to only allow letters in the comment field of a web form, malicious user was able to carry a SQL injection attack by sending special characters through the web comment field. Which of the following has the application programmer failed to implement? Revision control system Client side exception handling Server side validation Server hardening

Server side validation

A consultant has been tasked to assess a client's network. The client reports frequent network outages. Upon viewing the spanning tree configuration, the consultant notices that an old and law performing edge switch on the network has been elected to be the root bridge. Which of the following explains this scenario? The switch has the fastest uplink port The switch has the lowest MAC address The switch also serves as the DHCP server The switch has spanning tree loop protection enabled

The switch has spanning tree loop protection enabled

A common data element needed later in the forensics process is an accurate system time with respect to an accurate external time source. A record time offset is calculated by measuring system time with an external clock such as a Network Time Protocol (NTP) server. Which of the following must be considered relative to obtaining a record time offset? The record time offset can be lost if the system is powered down, so it is best collected while the system is still running. External clock times may vary as much as 2 to 3 seconds, so it is best to obtain the time from several NTP servers to gain a more accurate reading. The internal clock may not be recorded to the same level of accuracy, so conversions may be necessary. Recording time to track man-hours is a legal requirement.

The record time offset can be lost if the system is powered down, so it is best collected while the system is still running.

War flying is a term to describe which of the following? The use of pen testing techniques against the Defense Department The use of aerial platforms to gain access to wireless networks Pen testing networks on commercial planes Driving around and sampling open Wi-Fi network

The use of aerial platforms to gain access to wireless networks

You are asked by the senior system administrator to refresh the SSL certificates on the web servers. The process is to generate a certificate signing request (CSR), send it to a third party to be signed, and then apply the return information to the CSR. What is this an example of? Third-party trust model Borrowed authority Pinning Stapling

Third-party trust model

What is the purpose of a white team? To represent parties that are targets in a pen test To provide judges to score or rule on a test To provide a set of team members with offense and defensive skills (all stars) To represent senior management

To provide judges to score or rule on a test

Which of the following delineates why it is important to perform egress filtering and monitoring on Internet connected security zones of interfaces on a firewall? To prevent DDoS attacks originating from external network Egress traffic is more important than ingress traffic for malware prevention To rebalance the amount of outbound traffic and inbound traffic Outbound traffic could be communicating to known botnet sources

To rebalance the amount of outbound traffic and inbound traffic

You have a helpdesk ticket for a system that is acting strangely. Looking at the system remotely, you see the following in the browser cache: www.micros0ft.com/office. What type of attack are you seeing? Domain hijacking Disassociation PowerShell URL redirection

URL redirection

A security analyst wishes to increase the security of an FTP server. Currently, all trails to the FTP server is unencrypted. Users connecting to the FTP server use a variety of modem FTP client software. The security analyst wants to keep the same port and protocol, while also still allowing unencrypted connections. Which of the following would BEST accomplish these goals? Use implicit TLS on the FTP server. Use SSH tunneling to encrypt the FTP traffiC. Use explicit FTPS for the connections. Require the SFTP protocol to connect to the file server.

Use explicit FTPS for the connections.

A network administrator at a small office wants to simplify the configuration of mobile clients connecting to an encrypted wireless network. Which of the following should be implemented in the administrator does not want to provide the wireless password or he certificate to the employees? TKIP 802.1x WPS WPA2-PSK

WPS

A network administrator at a small office wants to simplify the configuration of mobile clients connecting to an encrypted wireless network. Which of the following should be implemented in the administrator does not want to provide the wireless password or he certificate to the employees? TKIP WPA2-PSK 802.1x WPS

WPS

A judge has issued an order for all e-mail to be preserved and that order is in effect. Which of the following statements is correct? You should continue archiving all e-mail. You can delete old e-mail after the standard retention period. You should have the legal department determine which records must be saved. You can delete the e-mail after making a copy to save for e-discovery.

You should continue archiving all e-mail.

Which of the following is not a packet capture/analysis tool? tcpreplay dd Wireshark tcpdump

dd

To search through a system to find files containing a phrase, what would the best tool be? chmod logger grep curl

grep

You desire to prove a vulnerability can be a problem. The best method would be to use a(n) _____________ scan? intrusive non-intrusive credentialed non-credentialed

intrusive

user in your organization is having issues with her laptop. Every time she opens a web browser, she sees different pop-up ads every few minutes. It doesn't seem to matter which websites are being visited—the pop-ups still appear. What type of attack does this sound like? Worm Ransomware A potentially unwanted program (PUP) Virus

potentially unwanted program (PUP)

To secure communications during remote access of a system, one can use which of the following tools? tcpdump OpenSSL dd SSH

SSH

A certificate authority consists of which of the following? Policies and procedures All of the above People who manage certificates Hardware and software

All of the above

A user reports to the help desk that he is getting "cannot resolve address" error messages from his browser. Which port is likely a problem on his firewall? 553 22 440 53

53

Which of the following is a description of a business partnership agreement (BPA)? A legal agreement between entities establishing the terms, conditions, and expectations of the relationship between the entities A negotiated agreement between parties detailing the expectations between a customer and a service provider A specialized agreement between organizations that have interconnected IT systems, the purpose of which is to document the security requirements associated with the interconnection A written agreement expressing a set of intended actions between the parties with respect to some common pursuit or goal

A legal agreement between entities establishing the terms, conditions, and expectations of the relationship between the entities

A user wants to know if the network is down because she is unable to connect to anything. While troubleshooting, you notice the MAC address for her default gateway setting doesn't match the MAC address of your organization's router. What type of attack has been used against this user? Rogue access point MAC cloning Disassociation ARP poisoning

ARP poisoning

Your organization is revamping its account management policies and you've been asked to clarify the difference between account disablement and account lockout. Which of the following statements best describes that difference? Account lockout is permanent; account disablement is easily reversible. Account disablement removes the user and all their data files; account lockout does not. Account disablement requires administrative privileges to execute; account lockout can be performed by any user. Account lockout typically only affects the ability to log in; account disablement removes all privileges.

Account lockout typically only affects the ability to log in; account disablement removes all privileges.

When configuring settings in a mandatory access control environment, which of the following specifies the subjects that can access specific data objects? Administrator System User Owner

Administrator

A development team has adopted a new approach to projects in which feedback is iterative and multiple iterations of deployments are provided within an application's full life cycle. Which of the following software development methodologies is the development team using? Rapid Extreme Waterfall Agile

Agile

While port-scanning your network for unauthorized systems, you notice one of your file servers has TCP port 31337 open. When you connect to the port with the security tool netcat, you see a prompt that reads, "Enter password for access:". Your server may be infected with what type of malware? Backdoor PUP Fileless virus Man in the middle attack

Backdoor

Which statement is false regarding cryptographic practices and weak encryption? Cryptographic algorithms become trusted only after years of scrutiny and repelling attacks. Developing your own cryptographic algorithm is considered an insecure practice. The ability to use ever-faster hardware has enabled attackers to defeat some cryptographic methods. Correct! Because TLS is deprecated, SSL should be used instead.

Because TLS is deprecated, SSL should be used instead.

A new intern in the purchasing department requires read access to shared documents. Permissions are normally controlled through a group called "Purchasing", however, the purchasing group permissions allow write access. Which of the following would be the BEST course of action? Modify all the shared files with read only permissions for the intern. Remove all permissions for the shared files. Add the intern to the "Purchasing" group. Create a new group that has only read permissions for the files.

Create a new group that has only read permissions for the files.

You have been tasked with assisting in the forensic investigation of an incident relating to employee misconduct. The employee's supervisor believes evidence of this misconduct can be found on the employee's assigned workstation. Which of the following choices best describes what should be done? Examine log file entries under the user's profile. Sign in as the user and search through their recent efforts. Copy the user profile to reduce the search space. Create a timeline of events related to the scope.

Create a timeline of events related to the scope.

A security administrator determined that users within the company are installing unapproved software. Company policy dictates that only certain applications may be installed or ran on the user's computers without exception. Which of the following should the administrator do to prevent all unapproved software from running on the user's computer? Configure the firewall to prevent the downloading of executable files Create an application whitelist and use OS controls to enforce it Deploy antivirus software and configure it to detect and remove pirated software Prevent users from running as administrator so they cannot install software.

Create an application whitelist and use OS controls to enforce it

You think a file is malware. What is the first tool you should invoke? OpenSSL Autopsy. WinHex Cuckoo

Cuckoo

Which of the following is not PII? Customer ID number Customer Social Security number or taxpayer identification number Customer birth date Customer name

Customer ID number

Your e-commerce site is crashing under an extremely high traffic volume. Looking at the traffic logs, you see tens of thousands of requests for the same URL coming from hundreds of different IP addresses around the world. What type of attack are you facing? Domain hijacking URL redirection DDoS DNS poisoning

DDoS

While examining a laptop infected with malware, you notice the malware loads on startup and also loads a file called netutilities.dll each time Microsoft Word is opened. This is an example of which of the following? DLL injection Race condition Memory overflow System infection

DLL injection

Which of the following are issues that need to be determined as part of setting up a SIEM solution? (Choose all that apply.) DNS logging Log files and relevant fields Desired alert conditions Sensor placement

DNS logging Log files and relevant fields Desired alert conditions Sensor placement

A technician is configuring a wireless guest network. After applying the most recent changes the technician finds the new devices can no longer find the wireless network by name but existing devices are still able to use the wireless network. Which of the following security measures did the technician MOST likely implement to cause this Scenario? Implementation of MAC filtering Deactivation of SSID broadcast Activation of 802.1X with RADIUS Beacon interval was decreased Reduction of WAP signal output power

Deactivation of SSID broadcast

The SSID broadcast for a wireless router has been disabled but a network administrator notices that unauthorized users are accessing the wireless network. The administer has determined that attackers are still able to detect the presence of the wireless network despite the fact the SSID has been disabled. Which of the following would further obscure the presence of the wireless network? Create a non-zero length SSID for the wireless router Disable responses to a broadcast probe request Upgrade the encryption to WPA or WPA2 Reroute wireless users to a honeypot

Disable responses to a broadcast probe request

All of the wireless users on the third floor of your building are reporting issues with the network. Every 15 minutes, their devices disconnect from the network. Within a minute or so they are able to reconnect. What type of attack is most likely underway in this situation? Evil twin Jamming Disassociation Domain hijacking

Disassociation

A security administrator wants to implement a company-wide policy to empower data owners to manage and enforce access control rules on various resources. Which of the following should be implemented? Role based access control Rule-based access control Discretionary access control Mandatory access control

Discretionary access control

Coming into your office, you overhear a conversation between two security guards. One guard is telling the other she caught several people digging through the trash behind the building early this morning. The security guard says the people claimed to be looking for aluminum cans, but only had a bag of papers—no cans. What type of attack has this security guard witnessed? Spear phishing Pharming Rolling refuse Dumpster diving

Dumpster diving

Which code analysis method is performed while the software is executed, either on a target system or an emulated system? Static analysis Dynamic analysis Sandbox analysis Runtime analysis

Dynamic analysis

High availability is dependent on which of the following? Dynamic resource allocation Container security CASB Secrets management

Dynamic resource allocation

A penetration tester finds that a company's login credentials for the email client were being sent in clear text. Which of the following should be done to provide encrypted logins to the email server? You Answered Enable an SSL certificate for IMAP services. Enable SSH and LDAP credentials. Enable IPSec and configure SMTP. Enable MIME services and POP3.

Enable MIME services and POP3.

A company hires a third-party firm to conduct an assessment of vulnerabilities exposed to the Internet. The firm informs the company that an exploit exists for an FTP server that had a version installed from eight years ago. The company has decided to keep the system online anyway, as no upgrade exists form the vendor. Which of the following BEST describes the reason why the vulnerability exists? Zero-day threats Weak cipher suite Default configuration End-of-life system

End-of-life system

A network administrator wants to ensure that users do not connect any unauthorized devices to the company network. Each desk needs to connect a VoIP phone and computer. Which of the following is the BEST way to accomplish this? Configure the phones on one VLAN, and computers on another Enforce authentication for network devices Enable and configure port channels Make users sign an Acceptable use Agreement

Enforce authentication for network devices

Which of the following is important to ensure privacy release concerns are properly handled when discovered by an incident response team? Privacy impact analysis Privacy-enhancing technologies Public disclosure and notification. Escalation

Escalation

Which of the following statements are true in regard to a clean desk policy for security? (Choose all that apply.) Even leaving the desk area and going to the bathroom can leave information exposed and subject to compromise. While a clean desk policy makes for a pleasant work environment, it actually has very little impact on security. A clean desk policy should identify and prohibit things that are not obvious upon first glance, such as passwords on sticky notes under keyboards and mouse pads. Sensitive information must not be left unsecured in the work area when the worker is not present to act as custodian.

Even leaving the desk area and going to the bathroom can leave information exposed and subject to compromise. A clean desk policy should identify and prohibit things that are not obvious upon first glance, such as passwords on sticky notes under keyboards and mouse pads. Sensitive information must not be left unsecured in the work area when the worker is not present to act as custodian.

You notice a new custodian in the office, working much earlier than normal, emptying trash cans, and moving slowly past people working. You ask him where the normal guy is, and in very broken English he says, "Out sick," indicating a cough. What is happening? Impersonation Identity fraud Watering hole attack Prepending

Impersonation

An administrator thinks the UNIX systems may be compromised, but a review of system log files provides no useful information. After discussing the situation with the security team, the administrator suspects that the attacker may be altering the log files and removing evidence of intrusion activity. Which of the following actions will help detect attacker attempts to further alter log files? Change the permissions on the user's home directory Set the bash_history log file to "read only" Enable verbose system logging Implement remote syslog

Implement remote syslog

When a new login request comes from a geographically distant location, for a user with a history of recent local logins, what policy can best help address legitimacy? Impossible travel time Time-of-day restrictions Geolocation Network location

Impossible travel time

Which of the following is not part of SIEM processes? Data collection Event correlation Incident investigation Alerting/reporting

Incident investigation

What is the term used to describe the steps an organization performs after any situation determined to be abnormal in the operation of a computer system? Backup restoration and reconfiguration Cyber event response Incident response plan Computer/network penetration incident plan

Incident response plan

Technicians working with servers hosted at the company's datacenter are increasingly complaining of electric shocks when touching metal items which have been linked to hard drive failures. Which of the following should be implemented to correct this issue? Implement EMI shielding Increase humidity in the room Utilize better hot/cold aisle configurations Decrease the room temperature

Increase humidity in the room

Which of the following are specifically used to spread influence, alter perceptions, and sway people toward a position favored by those spreading it? Hoaxes, eliciting information, urgency Identity fraud, invoice scams, credential harvesting Influence campaigns, social media, hybrid warfare Authority, intimidation, consensus

Influence campaigns, social media, hybrid warfare

Data that is labeled "proprietary" typically pertains to what category? Personal data PHI and PII together Information to be safeguarded by business partners because it contains business secrets Information under legal hold

Information to be safeguarded by business partners because it contains business secrets

Which of the following are part of the Cyber Kill Chain? (Choose all that apply.) Correct Answer Installation You Answered Anti-forensics Correct Answer Reconnaissance Correct Answer Weaponization

Installation Reconnaissance Weaponization

You are preparing an e-mail to send to a colleague at work, and because the message information is sensitive, you decide you should encrypt it. When you attempt to apply the certificate that you have for the colleague, the encryption fails. The certificate was listed as still valid for another year, and the certificate authority is still trusted and working. What happened to this user's key? The third-party trust model failed. You are querying the incorrect certificate authority. It was revoked. It was using the wrong algorithm.

It was revoked.

What tool can be used to read system log data in Linux systems? Journalctl Web browser Any text editor Protocol analyzer

Journalctl

A ticket-granting server is an important element in which of the following authentication models? TACACS+ RADIUS Kerberos 802.1X

Kerberos

You need to design an authentication system where users who have never connected to the system can be identified and authenticated in a single process. Which is the best solution? RADIUS Knowledge-based authentication Password vault-based authentication TPM-based authentication

Knowledge-based authentication

Financial risks associated with vulnerabilities can include which of the following? (Choose all that apply.) Loss of revenue due to downtime Loss of data Regulatory fines and penalties Business reputation loss

Loss of revenue due to downtime Regulatory fines and penalties

You wish to keep people from using the internal mobile network to play games on their personal phones. What would be the best method of managing this? Application block list Content filter MDM Segmentation

MDM

Your organization needs a system for restricting access to files based on the sensitivity of the information in those files. You might suggest which of the following access control systems? Discretionary access control Mandatory access control File-based access control Confidential access control

Mandatory access control

A company is deploying a new VoIP phone system. They require 99.999% uptime for their phone service and are concerned about their existing data network interfering with the VoIP phone system. The core switches in the existing data network are almost fully saturated. Which of the following options will pro-vide the best performance and availability for both the VoIP traffic, as well as the traffic on the existing data network? Upgrade the edge switches from 10/100/1000 to improve network speed Implement flood guards on the data network Physically separate the VoIP phones from the data network Put the VoIP network into a different VLAN than the existing data network.

Put the VoIP network into a different VLAN than the existing data network.

Which of the following is the process of subjectively determining the impact of an event that affects a project, program, or business? Quantitative risk assessment Qualitative risk assessment Likelihood of occurrence Functional recovery plan

Qualitative risk assessment

Several desktops in your organization are displaying a red screen with the message "Your files have been encrypted. Pay 1 bitcoin to recover them." These desktops have most likely been affected by what type of malware? Spraying Crypto-malware Spyware Ransomware

Ransomware

Which type of evidence is also known as associative or physical evidence and includes tangible objects that prove or disprove a fact? Demonstrative evidence Documentary evidence Real evidence Direct evidence

Real evidence

Your senior financial people have been attacked with a piece of malware targeting financial records. Based on talking to one of the executives, you now know this is a spear phishing attack. Which of the following is the most likely vector used? Wireless Cloud Direct access Removeable media

Removeable media

What is one of the challenges of NetFlow data? Proprietary format Excess data fields Record size Removing duplicate records along a path

Removing duplicate records along a path

A security analyst wants to harden the company's VoIP PBX. The analyst is worried that credentials may be intercepted and compromised when IP phones authenticate with the BPX. Which of the following would best prevent this from occurring? Require SIPS on connections to the PBX. Implement SRTP between the phones and the PBX. Place the phones and PBX in their own VLAN. Restrict the phone connections to the PBX.

Require SIPS on connections to the PBX.

An externally facing web server in your organization keeps crashing. Looking at the server after a reboot, you notice CPU usage is pegged and memory usage is rapidly climbing. The traffic logs show a massive amount of incoming HTTP and HTTPS requests to the server. Which type of attack is this web server experiencing? Distributed error handling Race condition Resource exhaustion Input validation

Resource exhaustion

Your organization has grown too large to support assigning permissions to users individually. Within your organization, you have large groups of users who perform the same duties and need the same type and level of access to the same files. Rather than assigning individual permissions, your organization may wish to consider using which of the following access control methods? Role-based access control Shift-based access control Group-based access control File-based access control

Role-based access control

What is the most secure means of establishing connectivity to a Wi-Fi access point? IEEE 802.1X WPA2 CCMP SAE protocol

SAE protocol

Which of the following is an open standard that uses security tokens and assertions and allows you to access multiple websites with one set of credentials? SAML PAP SSO CHAP

SAML

Your database server is returning a large dataset to an online user, saturating the network. The normal return of records would be a couple at most. This is an example of what form of attack? Man in the middle SQL injection Memory leak LDAP injection

SQL injection

A security administrator needs an external vendor to correct an urgent issue with an organization's physical access control system (PACS). The PACS does not currently have internet access because it is running a legacy operation system. Which of the following methods should the security administrator select the best balances security and efficiency? Have the external vendor come onsite and provide access to the PACS directly Set up a web conference on the administrator's pc; then remotely connect to the pacs Set up VPN concentrator for the vendor and restrict access to the PACS using desktop sharing Temporarily permit outbound internet access for the pacs so desktop sharing can be set up

Set up VPN concentrator for the vendor and restrict access to the PACS using desktop sharing

A penetration testing is preparing for a client engagement in which the tester must provide data that proves and validates the scanning tools' results. Which of the following is the best method for collecting this information? Use a protocol analyzer to log all pertinent network traffic Set up the scanning system's firewall to permit and log all outbound connections Configure network flow data logging on all scanning system Enable debug level logging on the scanning system and all scanning tools used.

Set up the scanning system's firewall to permit and log all outbound connections

Which of the following represents the greatest risk when used? Shared accounts Service accounts Guest accounts User accounts

Shared accounts

What type of attack involves an attacker putting a layer of code between an original device driver and the operating system? Refactoring Pass the hash Trojan horse Shimming

Shimming

What is the best way to deal with large, complex systems that have very expensive and lengthy process elements in an exercise? Simulations Walkthroughs Just skip this element. Tabletops

Simulations

Which of the following is a system component whose failure or malfunctioning could result in the failure of the entire system? Mean time between failures Single-loss expectancy Single point of failure Likelihood of occurrence

Single point of failure

You wish to tokenize account credentials so people can carry their passwords with them and not have to remember or type in long passwords. The best solution would involve which of the following? Smart card SSH keys Identity providers (IdPs) Password managers

Smart card

The Chief Security Officer (CISO) at a multinational banking corporation is reviewing a plan to upgrade the entire corporate IT infrastructure. The architecture consists of a centralized cloud environment hosting the majority of data, small server clusters at each corporate location to handle the majority of customer transaction processing, ATMs, and a new mobile banking application accessible from smartphones, tablets, and the Internet via HTTP. The corporation does business having varying data retention and privacy laws. Which of the following technical modifications to the architecture and corresponding security controls should be implemented to provide the MOST complete protection of data? Install redundant servers to handle corporate customer processing, encrypt all customer data to ease the transfer from one country to another, implement end-to-end encryption between mobile applications and the cloud. Revoke exiting root certificates, re-issue new customer certificates, and ensure all transactions are digitally signed to minimize fraud, implement encryption for data in-transit between data centers Ensure all data is encryption according to the most stringent regulatory guidance applicable, implement encryption for data in-transit between data centers, increase data availability by replicating all data, transaction data, logs between each corporate location. Store customer data based on national borders, ensure end-to end encryption between ATMs, end users, and servers, test redundancy and COOP plans to ensure data is not inadvertently shifted from one legal jurisdiction to another with more stringent regulations

Store customer data based on national borders, ensure end-to end encryption between ATMs, end users, and servers, test redundancy and COOP plans to ensure data is not inadvertently shifted from one legal jurisdiction to another with more stringent regulations

Which standard of evidence states the evidence must be convincing or measure up without question? Sufficient evidence Competent evidence Direct evidence Relevant evidence

Sufficient evidence

What is the correct term for tracking issues associated with the upgrading of a component in a subassembly, specifically to a newer software version? Change control Supply chain risk Change management Vendor risk

Supply chain risk

To remotely log information using a centralized log server, which of the following protocols should be used? DNS NetFlow IPFIX Syslog

Syslog

For organizations that draw a distinction between a BCP and a DRP, which of the following statements is true? The DRP is always developed first, and the BCP normally is an attachment to this document. The BCP is a subset of the DRP. The DRP outlines the minimum set of business functions required for the organization to continue functioning. The BCP details the functions that are most critical and outlines the order in which critical functions should be returned to service to maintain business operations.

The BCP details the functions that are most critical and outlines the order in which critical functions should be returned to service to maintain business operations.

When trying to log onto a company's new ticketing system, some employees receive the following message: Access denied: too many concurrent sessions. The ticketing system was recently installed on a small VM with only the recommended hardware specifications. Which of the following is the MOST likely cause for this error message? The VM does not have enough processing power. The firewall is misconfigured. Network resources have been exceeded. The software is out of licenses.

The VM does not have enough processing power.

What is the primary limitation of a credentialed scan on a network? Examining too deeply into individual boxes Speed The inability to scale across multiple systems Slowing down your network with ancillary traffic

The inability to scale across multiple systems

Who assumes the risk associated with a system or product after it has entered EOL status? The original manufacturer The supply chain manager The vendor The organization

The organization