475 Chpt. 11-13, 15

Out of the following, which is one of RSA's registered key strengths?

1,024 bits

What key sizes in bits are used within AES?

128, 192, and 256

Which of the following is associated with security access in a wireless network?

802.1X

Which encryption was selected by NIST as the principal method for providing confidentiality after the DES algorithm?

AES

You are a CISO for a giant tech company. You are charged with implementing an encryption cipher for your new mobile devices that will be introduced in 2022. What encryption standard will you most likely choose?

AES

Which wireless mode is used when there is a point-to-point connection but no wireless access point involved?

Ad hoc

What are the two types of wireless network?

Ad hoc, infrastructure

What tool could you use to assist in capturing radio headers on wireless networks?

Airmon-ng

Which of the following are the features of cloud computing? a. Security b. Availability c. Large Network Access d. All of the above

All of the above

What type of attack is a Fraggle attack?

Amplification

What do wireless access points use to advertise their presence?

Beacon frame

What type of attack would the following code be vulnerable to?char[5] attacker;strcpy (attacker, "cat /etc/passwd");?scanf(&attacker);

Buffer overflow

Which option describes the concept of injecting code into a portion of data in memory that allows for arbitrary commands to be executed?

Buffer overflow

Which authentication protocol is used in WPA2?

CCMP

Which of the following applications allows you to crack WEP passwords in a wireless network?

Cain & Abel

Which of the following tools allows you to create certificates that are not officially signed by a CA?

Cain & Abel

Which of the following verifies a user's authenticity when the user is requesting a certificate?

Certificate authority

Which of these is NOT an example of an IoT device?

Chromebook

Applications and services that run on a distributed network using virtualized resources is known as ______ computing.

Cloud

Which method would be targeting the client in a web-based communication?

Cross-site scripting (XSS)

An attacker is using different methods of cracking an encryption algorithm, such as side channel attacks, frequency analysis, and also bit flipping. What is the attacker doing?

Cryptanalysis

Which of the following deletes the Clients table within an SQL database?

DROP TABLE Clients

To provide non-repudiation for email, which algorithm would you choose to implement?

DSA

Which algorithm does not provide integrity or confidentiality?

DSA

In a SQL injection attack, where does the attack actually execute?

Database server

You are sending messages that are used to force a wireless station to continue to send messages to reconnect to the wireless network. What kind of attack is this?

Deauthentication

Which of the following is a good practice that includes the ability to isolate systems and detect attacks and may also include preventive measures?

Defensible network architecture

What is the protocol commonly used for key exchange, where the keys are mutually derived rather than directly exchanged?

Diffie-Hellman

What is an easy way to gather credentials from wireless users?

Evil twin

What sort of an attack might you suspect if you had found an access point with the same name as an enterprise SSID?

Evil twin

Your security team notifies you that they are seeing the same SSID being advertised in your vicinity, but the BSSID is different from ones they are aware of. What type of attack is this?

Evil twin

A wireless access point that looks like a known and legitimate wireless network may actually be what?

Evil twin efore use.

Which of these would not be a reason to use automation in a cloud environment?

Fault tolerance

How many stages are used in the handshake to establish credentials in WPA/2/3?

Four

You are an administrator overseeing IT security operations for a local bank. As you review logs from the prior day, you notice a very high rate of UDP packets targeting your web server that are coming from your clients all at the same time. What could be the culprit?

Fraggle attack

What common protocol may be used to communicate with IoT devices on home or business networks?

HTTP

Which application exploit type works against dynamic memory allocations?

Heap spraying

Which of the following best describes steganography?

Hiding information within a picture or concealing it in an audio format

Which of these tasks would you not use the website Shodan for?

Identifying IP address ranges for a company

If you were moving your IT infrastructure from on-premise to a cloud service provider, what might you be most concerned about that would be different from what you have already?

Inability to implement security controls

When writing a program, what is one of the fundamental tasks that should be done when declaring a variable?

Initialize the variable.

What common element of a general-purpose computing platform does an IoT not typically have?

Input/output

The light switch is being asked to either allow power through the switch or prevent power from passing through the switch. The broad collection of all of these devices is called the _______

Internet of Things

Which of the following describes the X.509 standard?

It describes the standard for creating a digital certificate.

What protection characteristics are in use with IPSec transport mode?

It provides encryption to the payload only.

Which of the following tools can be used to DDoS a target system?

LOIC

Which of the following has no key associated with it?

MD5

Which of the following is not a type of cloud server?

Merged Cloud Servers

Which of these is a protocol might you expect to see used in an industrial control system to communicate with programmable logic controllers?

Modbus

To sniff wireless traffic at layer 2, what must you have set on your wireless adapter?

Monitor mode

What is a computing platform that provides a solution, hosted with a service provider, that customers could build applications on top of?

Platform as a Service

A key that has to be known ahead of time to be able to encrypt data between two parties is known as what?

Pre-shared key

What do you call the simple device that is used to manage the lowest-level elements of an industrial control system?

Programmable logic controller

Which of these would be an example of operational technology?

Programmable logic controller

Who has responsibility for the operating system in a Platform as a Service (PaaS) offering with a cloud provider?

Provider

Which key is used to encrypt messages to the owner of a certificate when using asymmetric encryption?

Public key

In WPA2, what AAA server can be used in the enterprise configuration?

RADIUS

Which encryption algorithm is a symmetric stream cipher?

RC4

What encryption algorithm is used within TLS for the handshake and key negotiation?

RSA

Which of the following encryption algorithms uses two large prime numbers?

RSA

Which option describes a server-side attack targeting web applications?

SQL injection

You are a security administrator working at a movie production company. One of your daily duties is to check the IDS logs when you are alerted. You notice that you received a lot of incomplete three-way handshakes, your memory performance has been dropping significantly on your web server, and customers are complaining of really slow connections. What could be the actual issue?

SYN flood

Which of the following model consists of the service that you can access on a cloud computing platform?

Service

You are a passenger in an airport terminal. You glance across the terminal and notice a man peering over the shoulder of a young woman as she uses her tablet. What do you think he is doing?

Shoulder surfing

What might be a quick and easy way to attempt to compromise a mobile device?

Smishing

What is the region in memory that is assigned to a process or a program when it is initiated?

Stack

What is a buffer used for?

Static data storage

If you wanted to share documents with someone using a cloud provider, which service would you be most likely to use?

Storage as a service

During the course of testing, you identify a WAP that you are going to exploit. You discover that the WAP is using WEP. Which method will you utilize in order to exploit the WAP?

The initialization vector (IV)

What is the result of conducting a MAC flood on a switch?

The switch would operate as if it were a hub.

What can be said about asymmetric encryption?

The two keys are mathematically related.

What is the purpose of the Internet Key Exchange (IKE) protocol?

To exchange secret keys

Which type of packet does a Fraggle attack use to create a DoS attack?

UDP

Which of these is not a common element of cloud-native design?

Virtual machines

You are sitting inside of your office, and you notice a strange person in the parking lot with what appears to be a tall antenna connected to a laptop. What is the stranger most likely doing?

Wardriving

Which of these would be a very common vulnerability in cloud computing deployments that could lead to exploitation?

Weak access management

When you are attacking a web application, what server would you typically need to go through first to get to any programmatic content if the application is designed using a typical n-tier architecture?

Web server

If you were to see !ENTITY xxe SYSTEMin in your logs, what would you think may be going on?

XML entity injection

What type of attack is being used if you were to see < ! ENTITY "file.. > in your web server logs?

XXE

What tool could you use to identify IoT devices on a network?

nmap