475 Chpt. 11-13, 15
Out of the following, which is one of RSA's registered key strengths?
1,024 bits
What key sizes in bits are used within AES?
128, 192, and 256
Which of the following is associated with security access in a wireless network?
802.1X
Which encryption was selected by NIST as the principal method for providing confidentiality after the DES algorithm?
AES
You are a CISO for a giant tech company. You are charged with implementing an encryption cipher for your new mobile devices that will be introduced in 2022. What encryption standard will you most likely choose?
AES
Which wireless mode is used when there is a point-to-point connection but no wireless access point involved?
Ad hoc
What are the two types of wireless network?
Ad hoc, infrastructure
What tool could you use to assist in capturing radio headers on wireless networks?
Airmon-ng
Which of the following are the features of cloud computing? a. Security b. Availability c. Large Network Access d. All of the above
All of the above
What type of attack is a Fraggle attack?
Amplification
What do wireless access points use to advertise their presence?
Beacon frame
What type of attack would the following code be vulnerable to?char[5] attacker;strcpy (attacker, "cat /etc/passwd");?scanf(&attacker);
Buffer overflow
Which option describes the concept of injecting code into a portion of data in memory that allows for arbitrary commands to be executed?
Buffer overflow
Which authentication protocol is used in WPA2?
CCMP
Which of the following applications allows you to crack WEP passwords in a wireless network?
Cain & Abel
Which of the following tools allows you to create certificates that are not officially signed by a CA?
Cain & Abel
Which of the following verifies a user's authenticity when the user is requesting a certificate?
Certificate authority
Which of these is NOT an example of an IoT device?
Chromebook
Applications and services that run on a distributed network using virtualized resources is known as ______ computing.
Cloud
Which method would be targeting the client in a web-based communication?
Cross-site scripting (XSS)
An attacker is using different methods of cracking an encryption algorithm, such as side channel attacks, frequency analysis, and also bit flipping. What is the attacker doing?
Cryptanalysis
Which of the following deletes the Clients table within an SQL database?
DROP TABLE Clients
To provide non-repudiation for email, which algorithm would you choose to implement?
DSA
Which algorithm does not provide integrity or confidentiality?
DSA
In a SQL injection attack, where does the attack actually execute?
Database server
You are sending messages that are used to force a wireless station to continue to send messages to reconnect to the wireless network. What kind of attack is this?
Deauthentication
Which of the following is a good practice that includes the ability to isolate systems and detect attacks and may also include preventive measures?
Defensible network architecture
What is the protocol commonly used for key exchange, where the keys are mutually derived rather than directly exchanged?
Diffie-Hellman
What is an easy way to gather credentials from wireless users?
Evil twin
What sort of an attack might you suspect if you had found an access point with the same name as an enterprise SSID?
Evil twin
Your security team notifies you that they are seeing the same SSID being advertised in your vicinity, but the BSSID is different from ones they are aware of. What type of attack is this?
Evil twin
A wireless access point that looks like a known and legitimate wireless network may actually be what?
Evil twin efore use.
Which of these would not be a reason to use automation in a cloud environment?
Fault tolerance
How many stages are used in the handshake to establish credentials in WPA/2/3?
Four
You are an administrator overseeing IT security operations for a local bank. As you review logs from the prior day, you notice a very high rate of UDP packets targeting your web server that are coming from your clients all at the same time. What could be the culprit?
Fraggle attack
What common protocol may be used to communicate with IoT devices on home or business networks?
HTTP
Which application exploit type works against dynamic memory allocations?
Heap spraying
Which of the following best describes steganography?
Hiding information within a picture or concealing it in an audio format
Which of these tasks would you not use the website Shodan for?
Identifying IP address ranges for a company
If you were moving your IT infrastructure from on-premise to a cloud service provider, what might you be most concerned about that would be different from what you have already?
Inability to implement security controls
When writing a program, what is one of the fundamental tasks that should be done when declaring a variable?
Initialize the variable.
What common element of a general-purpose computing platform does an IoT not typically have?
Input/output
The light switch is being asked to either allow power through the switch or prevent power from passing through the switch. The broad collection of all of these devices is called the _______
Internet of Things
Which of the following describes the X.509 standard?
It describes the standard for creating a digital certificate.
What protection characteristics are in use with IPSec transport mode?
It provides encryption to the payload only.
Which of the following tools can be used to DDoS a target system?
LOIC
Which of the following has no key associated with it?
MD5
Which of the following is not a type of cloud server?
Merged Cloud Servers
Which of these is a protocol might you expect to see used in an industrial control system to communicate with programmable logic controllers?
Modbus
To sniff wireless traffic at layer 2, what must you have set on your wireless adapter?
Monitor mode
What is a computing platform that provides a solution, hosted with a service provider, that customers could build applications on top of?
Platform as a Service
A key that has to be known ahead of time to be able to encrypt data between two parties is known as what?
Pre-shared key
What do you call the simple device that is used to manage the lowest-level elements of an industrial control system?
Programmable logic controller
Which of these would be an example of operational technology?
Programmable logic controller
Who has responsibility for the operating system in a Platform as a Service (PaaS) offering with a cloud provider?
Provider
Which key is used to encrypt messages to the owner of a certificate when using asymmetric encryption?
Public key
In WPA2, what AAA server can be used in the enterprise configuration?
RADIUS
Which encryption algorithm is a symmetric stream cipher?
RC4
What encryption algorithm is used within TLS for the handshake and key negotiation?
RSA
Which of the following encryption algorithms uses two large prime numbers?
RSA
Which option describes a server-side attack targeting web applications?
SQL injection
You are a security administrator working at a movie production company. One of your daily duties is to check the IDS logs when you are alerted. You notice that you received a lot of incomplete three-way handshakes, your memory performance has been dropping significantly on your web server, and customers are complaining of really slow connections. What could be the actual issue?
SYN flood
Which of the following model consists of the service that you can access on a cloud computing platform?
Service
You are a passenger in an airport terminal. You glance across the terminal and notice a man peering over the shoulder of a young woman as she uses her tablet. What do you think he is doing?
Shoulder surfing
What might be a quick and easy way to attempt to compromise a mobile device?
Smishing
What is the region in memory that is assigned to a process or a program when it is initiated?
Stack
What is a buffer used for?
Static data storage
If you wanted to share documents with someone using a cloud provider, which service would you be most likely to use?
Storage as a service
During the course of testing, you identify a WAP that you are going to exploit. You discover that the WAP is using WEP. Which method will you utilize in order to exploit the WAP?
The initialization vector (IV)
What is the result of conducting a MAC flood on a switch?
The switch would operate as if it were a hub.
What can be said about asymmetric encryption?
The two keys are mathematically related.
What is the purpose of the Internet Key Exchange (IKE) protocol?
To exchange secret keys
Which type of packet does a Fraggle attack use to create a DoS attack?
UDP
Which of these is not a common element of cloud-native design?
Virtual machines
You are sitting inside of your office, and you notice a strange person in the parking lot with what appears to be a tall antenna connected to a laptop. What is the stranger most likely doing?
Wardriving
Which of these would be a very common vulnerability in cloud computing deployments that could lead to exploitation?
Weak access management
When you are attacking a web application, what server would you typically need to go through first to get to any programmatic content if the application is designed using a typical n-tier architecture?
Web server
If you were to see !ENTITY xxe SYSTEMin in your logs, what would you think may be going on?
XML entity injection
What type of attack is being used if you were to see < ! ENTITY "file.. > in your web server logs?
XXE
What tool could you use to identify IoT devices on a network?
nmap