Security +

Gabriel's sister called him about a message that suddenly appeared on her screen that says her software license has expired and she must immediately pay $500 to have it renewed before control of the computer will be returned to her. What type of malware has infected her computer? Persistent lockware Blocking ransomware Cryptomalware Impede-ware

Blocking ransomware

Which type of memory vulnerability attack manipulates the "return address" of the memory location of a software program? Shim overflow attack Factor overflow attack Integer overflow attack Buffer overflow attack

Buffer overflow attack

Which of the following attacks is based on the principle that when a user is currently authenticated on a website and then loads another webpage, the new page inherits the identity and privileges of the first website? SSFR DLLS CSRF DRCR

CSRF

Marius's team leader has just texted him that an employee, who violated company policy by bringing in a file on her USB flash drive, has just reported that her computer is suddenly locked up with cryptomalware. Why would Marius consider this a dangerous situation? It sets a precedent by encouraging other employees to violate company policy. Cryptomalware can encrypt all files on any network that is connected to the employee's computer. The organization may be forced to pay up to $500 for the ransom. The employee would have to wait at least an hour before her computer could be restored.

Cryptomalware can encrypt all files on any network that is connected to the employee's computer.

A recognized subset of ML is AI.

False; A recognized subset of artificial intelligence (AI) is machine learning (ML).

COPE allows users to use their own personal mobile devices for business purposes.

False; BYOD allows users to use their own personal mobile devices for business purposes.

Security professionals consider threat maps a vital source of information.

False; Many threat maps claim that they show data in real time, but most are simply a playback of previous attacks. Also, threat actors usually mask their real locations so what is displayed on a threat map is incorrect. As a result, many cybersecurity professionals question the value of threat maps.

Opal is a standard for FEDs.

False; Opal is a standard for SEDs.

The goal of impersonation is often prepending, which is obtaining private information.

False; Pretexting is obtaining private information.

Provisioning is removing a resource that is no longer needed.

False; Provisioning is the enterprise-wide configuration, deployment, and management of multiple types of IT system resources, of which the new application would be viewed as a new resource.

Since 2015, the number of unfilled cybersecurity positions has increased by 10 percent.

False; Since 2015, the number of unfilled cybersecurity positions has increased by 50 percent.

Script kiddies are responsible for the class of attacks called advanced persistent threats.

False; State actors are responsible for the class of attacks called Advanced Persistent Threats.

SSL is a replacement cryptographic protocol for TLS.

False; TLS is a replacement for SSL.

The Center for Internet Security (CIS) has published a Cloud Controls Matrix.

False; The Cloud Security Alliance (CSA) has published the Cloud Controls Matrix.

Unencrypted data that is input for encryption or is the output of decryption is called cleartext.

False; Unencrypted data that is input for encryption or is the output of decryption is called plaintext.

It is a common tactic for cryptomalware attackers to not send the decryption key after the ransom has been paid.

False; When victims pay the ransom, a decryption tool is delivered 99 percent of the time.

Which type of malware relies on LOLBins? PUP File-based virus Fileless virus Bot

Fileless virus

Which ISO contains controls for managing and controlling risk? ISO XRS ISO 31000 ISO 271101 ISO 27555

ISO 31000

When researching how an attack recently took place, Nova discovered that the threat actor, after penetrating the system, started looking to move through the network with their elevated position. What is the name of this technique? Jumping Twirling Squaring up Lateral movement

Lateral movement

Which of the following is NOT an advantage of crowdsourced penetration testing? Faster testing Less expensive Ability to rotate teams Conducting multiple tests simultaneously

Less expensive

Randall's roommate is complaining to him about all of the software that came pre-installed on his new computer. He doesn't want the software because it slows down the computer. What type of software is this? Spyware BOT PUP Keylogger

PUP

Ebba has received a new initiative for her security team to perform an in-house penetration test. What is the first step that Ebba should undertake? Approval Budgeting Planning Documentation

Planning

What are the two concerns about using public information sharing centers? Cost and availability Privacy and speed Security and privacy Regulatory approval and sharing

Privacy and speed

Linnea has requested to be placed on the penetration testing team that scans for vulnerabilities to exploit them. Which team does she want to be placed on? Blue Team Purple Team White Team Red Team

Red Team

What term refers to changing the design of existing code? Library manipulation Shimming Refactoring Design driver manipulation

Refactoring

Which of the following are developed by established professional organizations or government agencies using the expertise of seasoned security professionals? Legislation White papers Regulations Benchmarks

Regulations

Which is the final rule of engagement that would be conducted in a pen test? Cleanup Communication Reporting Exploitation

Reporting

What are documents that are authored by technology bodies employing specialists, engineers, and scientists who are experts in those areas? Cybersecurity feeds White notebooks Blue papers Requests for comments (RFCs)

Requests for comments (RFCs)

Which of the following can automate an incident response? SIEM SOAR CVCC SOSIA

SIEM

Tuva's supervisor wants to share a recent audit outside the organization. Tuva warns him that this type of audit can only be read by those within the organization. What audit does Tuva's supervisor want to distribute? SSAE SOC 2 Type II SSAE SOC 2 Type III SSAE SOC 3 Type IV SSAE SOC 3.2 Type X

SSAE SOC 2 Type II

Which of the following manipulates the trusting relationship between web servers? SSRF CSRF EXMAL SCSI

SSRF

Tilde is working on a contract with the external penetration testing consultants. She does not want any executives to receive spear-phishing emails. Which rule of engagement would cover this limitation? Scope Exploitation Targets Limitations and exclusions

Scope

Which of these would NOT be considered the result of a logic bomb? Send an email to Rowan's inbox each Monday morning with the agenda of that week's department meeting. If the company's stock price drops below $50, then credit Oscar's retirement account with one additional year of retirement credit. Erase the hard drives of all the servers 90 days after Alfredo's name is removed from the list of current employees. Delete all human resource records regarding Augustine one month after he leaves the company.

Send an email to Rowan's inbox each Monday morning with the agenda of that week's department meeting.

Which of the following is NOT a means by which a bot communicates with a C&C device? Signing in to a website the bot herder operates Signing in to a third-party website Email Command sent through Twitter posts

Signing in to a website the bot herder operates

Which statement regarding a keylogger is NOT true? Software keyloggers can be designed to send captured information automatically back to the attacker through the Internet. Hardware keyloggers are installed between the keyboard connector and computer keyboard USB port. Software keyloggers are generally easy to detect. Keyloggers can be used to capture passwords, credit card numbers, or personal information.

Software keyloggers are generally easy to detect.

Lykke's supervisor is evaluating whether to use internal security employees to conduct a penetration test. Lykke does not consider this a good idea and has created a memo with several reasons they should not be used. Which of the following would NOT be part of that memo? The employees could have inside knowledge of the network that would give them an advantage. There may be a lack of expertise. Employees may have a reluctance to reveal a vulnerability. They would have to stay overnight to perform the test.

They would have to stay overnight to perform the test.

Which premise is the foundation of threat hunting? Cybercrime will only increase. Threat actors have already infiltrated our network. Attacks are becoming more difficult. Pivoting is more difficult to detect than ever before.

Threat actors have already infiltrated our network.

What race condition can result in a NULL pointer/object dereference? Conflict race condition Value-based race condition Thread race condition Time of check/time of use race condition

Time of check/time of use race condition

"I'm the CEO calling" is an example of the psychological principle of authority.

True

A cipher suite is a named combination of the encryption, authentication, and message authentication code (MAC) algorithms that are used with TLS.

True

A goal of software diversity is to reduce the probability that errors created by different compilers will influence the end results.

True

A remote access Trojan (RAT) can monitor what the user is doing, change computer settings, browse and copy files, and use the computer to access other computers connected on the network.

True

A security manager works on tasks identified by the CISO and resolves issues identified by technicians.

True

AI is already being used broadly in cybersecurity defenses.

True

An HSM is external while a TMP is internal.

True

An RTOS is tuned to accommodate very high volumes of data that must be immediately processed for critical decision making.

True

Artificial intelligence (AI) may be defined as technology that imitates human abilities.

True

Brokers sell their knowledge of a weakness to other attackers or a government.

True

Circumventing the installed built-in limitations on an Apple iPhone is called jailbreaking.

True

Due to its slow speed and other limitations, infrared capabilities in mobile devices are rarely found today.

True

Entropy is the measure of randomness of a data-generating function.

True

Fileless viruses take advantage of native services and processes that are part of the operating system (OS) to avoid detection and carry out its attacks, and these native services used in a fileless virus are called living-off-the-land binaries (LOLBins).

True

Hacktivists are strongly motivated by ideology.

True

Modern OSs provide encryption support natively.

True

Power, compute, and network are all security constraints for embedded systems and specialized devices.

True

S/MIME is a protocol for securing email messages.

True

SecDevOps has elasticity and scalability.

True

Spear phishing targets specific users.

True

Steganography hides the existence of information.

True

The European Union General Data Protection Directive (GDPR) is a regulation regarding data protection and privacy in the EU and the European Economic Area (EEA).

True

Which of the following is NOT something that a SIEM can perform? User behavior analysis Sentiment analysis Log aggregation Incident response

User behavior analysis

Which of the following is known as a network virus? TAR Worm Remote exploitation virus (REV) C&C

Worm

Which of the following attacks is based on a website accepting user input without sanitizing it? RSS XSS SQLS SSXRS

XSS

Which of the following is a standard for the handling of customer card information? DRD STR OSS XRS RMR CDC PCI DSS

PCI DSS

The two NIST frameworks are the NIST Risk Management Framework (RMF) and NIST Cybersecurity Framework (CSF).

True

Two concerns about public information sharing centers are the privacy of shared information and the speed at which the information is shared.

True

Two tools that facilitate AIS are STIX and TAXII.

True

What is the difference between a Trojan and a RAT? There is no difference. A RAT gives the attacker unauthorized remote access to the victim's computer. A Trojan can carry malware while a RAT cannot. A RAT can infect only a smartphone and not a computer.

A RAT gives the attacker unauthorized remote access to the victim's computer.

Which of the following is technology that imitates human abilities? AI ML RC XLS

AI

What is another name for footprinting? High-level reconnaissance Active reconnaissance Modeling Revealing

Active reconnaissance

Which of the following is NOT a characteristic of a penetration test? Automated Finds deep vulnerabilities Performed occasionally May use internal employees or external consultants

Automated

What penetration testing level name is given to testers who have no knowledge of the network and no special privileges? Black box Gray box White box Purple box

Black box

The relationship between security and convenience is inversely proportional: as security is increased, convenience is decreased.

True

Which group is responsible for the Cloud Controls Matrix? CSA CIS OSINT NIST

CSA

Which of the following is NOT a characteristic of malware? Deceive Launch Imprison Diffusion

Diffusion

Which of the following attacks targets the external software component that is a repository of both code and data? Application program interface (API) attack Device driver manipulation attack Dynamic-link library (DLL) injection attack OS REG attack

Dynamic-link library (DLL) injection attack

What word is the currently accepted term to refer to network-connected hardware devices? Host Endpoint Device Client

Endpoint

Multiple SCADAs are controlled by an ICS.

False; Multiple ICS are managed by a larger supervisory control and data acquisition (SCADA) system.

An IOC occurs when what metric exceeds its normal bounds? IRR LRG EXR KRI

KRI

Josh is researching the different types of attacks that can be generated through a botnet. Which of the following would NOT be something distributed by a botnet? LOLBins Spam Malware Ad fraud

LOLBins

Which of the following is not a general information source that can provide valuable in-depth information on cybersecurity? Twitter Conferences Local industry groups Vendor websites

Twitter