Advanced Ethical Hacking 2 - Final
Which of the following controls can change and thus should be periodically reviewed?
- Products - People - Processes -> All of the above <-
Craig has been asked to implement the ISO standards for cybersecurity in his organization. Which of the following families of standards should he become familiar with?
27000
What is the risk associated with not creating multiple VPN profiles?
A VPN connection could allow open access to network resources.
Hwan, a network administrator, has just overheard a cybersecurity analyst at his company talking about a DDoS attack. He wants to ensure that he notifies the appropriate parties if this type of attack does take place. Which of the following symptoms might indicate a potential DDoS attack?
A large constant spike in bandwidth consumption
A recent report showed that Olivia's organization has not been following all necessary regulations. She has been asked to respond to this report, and she has listed several difficulties in following regulations. Which of the following would not be on her list?
A new federal law mandates that organizations must have employees whose sole responsibility is to monitor regulations, but the organization cannot afford this.
What vulnerability is specific to a bridge?
A secure wired LAN network with an unsecured wireless network, which could create an unprotected link between the two
Which of the following is false about fuzzing?
A single pass is sufficient
Which of the following does not describe an MITM attack?
A threat actor captures packets and loads them into Wireshark to look for cleartext passwords.
Bianca suspects that a recent attack was the work of nation-state actors who were well-resourced and highly trained. What type of attack was this?
APT
Tyrese, a cybersecurity analyst, is performing an audit of user accounts when he discovers a handful of accounts that do not appear to represent actual employees at his organization. As he continues to investigate, he finds that the accounts were created around four months ago and only connect to resources from outside the network. Which of the following might he have discovered?
APT
Brianne wants to find some best practices to share with the development team in her organization. Which of the following is not a good source for this type of information?
ARIN
Which of the following is not an attack that is specifically designed for a web server?
ARP poisoning
Which policy is intended for personnel who are responsible for the management of user accounts?
Account management policy
Thalia has been asked by her team leader to closely examine the results of a vulnerability scan. One vulnerability indicates that it could result in a neighbor discovery (IPv6) flood that leads to a DoS on the local LAN segment. Which attack vector base score exploit metric in CVSS would cover this?
Adjacent (AV:A)
Araya has been tasked with implementing a new set of procedures for the onboarding and offboarding of employees. Which of the following types of controls does this new task fall into?
Administrative controls
Which of the following attacks does not take advantage of an application software vulnerability?
Adware
Which of the following is not a reason for communications in a cyber incident?
Allow for an unplanned release of information.
Nicholas observes that the CVSS temporal score is different from the CVSS base score. What most likely caused the change?
An operating system patch that addressed the original vulnerability
Monica wants to implement more security around the login function that her company's website uses to allow customers to interact with the organization. One of the tasks on her to-do list is to prevent brute force attacks. Which of the following might help Monica achieve this goal?
Analyze the frequency of attempted logins.
Phoebe is examining the CVSS scores from a recent scan. Which metric is used to determine the type of network access necessary to exploit a vulnerability?
Attack Vector (AV)
Which of the following is false about beaconing?
Beaconing is a three-way communication process.
Which of the following is not a type of attack that can be generated through a botnet?
Buffer overflows
What is the best way for an organization to limit adverse reactions?
By controlling the conversation
Which of the following regulations does not address notification of individuals or a government entity in the event of a data breach?
CCPA
Which of the following sources is a not-for-profit organization that provides training, assessment tools, and consulting services?
CIS
Lillith has just been hired to head up an organization's new cybersecurity division. In the initial stages of forming the division, she needs to find a good way to respond to incidents. Which of the following might be the best option in the event that she discovers an extensive APT?
Call an incident response provider.
Which of the following is not a general principle for prioritizing cyber incidents?
Consider the public response.
Which of the following processes identifies incremental enhancements that can make a process better?
Continual improvement
Javier is creating a forensics kit. Which of the following documents would he not include?
Corporate hierarchy chart
Which of the following is not an example of intellectual property?
Credit card number
Which of the following is the violation of an explicit or implied security policy?
Cyber incident
Kaitlyn is creating an incident response plan. Which of the following should be notified first in the event of a cyber incident?
Cyber incident response team
Toria's manager has asked her to implement a new system that uses X.500. She knows the information that is looked up needs to be stored somewhere. What is the name of the part of the setup that stores the information?
DIB
Belva is performing an audit of the e-mail server when she discovers that one of the accounts is sending a lot of e-mails all day that contain attachments. After a bit more research, she finds that the attachments contain extensive proprietary and confidential information. Which of the following should she consider implementing to prevent a reoccurrence?
DLP
Petronilla, a cybersecurity researcher, has just received a call from a client who reports that someone has redirected multiple A record entries on their recursive server to an incorrect IP address. Which of the following has occurred?
DNS poisoning
What type of camera should not be used in a forensics investigation?
Digital still camera
Etsu is reviewing log files and discovers that data has been stolen and sent out from the network. In her report, what does she call this activity?
Exfiltration
Eva is researching which law enforcement agency to contact in the event of different types of cyber incidents. Which agency should be contacted after any type of incident?
FBI
A company with operations in Europe has just experienced a breach of its customer data. Which of the following does the company need to notify under European Union regulations?
ICO
Which of the following is not a type of wireless probe that monitors the airwaves for traffic?
Independent probe (GUESS)
Jared has created a field in the database that acts as the back end for an application he has written. The field has been configured to store an 8-bit unsigned number. The field where the user enters information has only been configured to accept numbers, but Jared apparently forgot to add logic to ensure that the user could not enter numbers greater than 255. Which of the following could occur as a result of this oversight?
Integer overflow
What type of overflow is the result of an arithmetic operation that exceeds the maximum size of the integer type used to store the integer value?
Integer overflow
Chase has found a virtual machine on one of the hosts in the data center that has been capturing packets, logging all of the GET and POST requests and parameters, and forwarding that information outside of the network. Which of the following best describes what he might have discovered?
Interception proxy
Patrik, a cybersecurity analyst, has just discovered a computer system infected with malware that appears to communicate with a command and control server. He doesn't believe there will be any negative consequences to shutting down communications between the computer and the command and control server, so he decides to redirect the communications to a sinkhole. Which of the following containment methods did Patrik choose to employ?
Isolation
Which of the following is false about regression testing?
It only needs to be done once after the software is completed.
Jupiter is a systems administrator for a growing company. Until recently, one web server has been enough to handle the traffic load for her organization. However, she knows that if something happens to this server, the website could go down for an undetermined amount of time. She is considering moving the website to a cloud configuration, but she knows that if the server failed in the cloud, it would be a single point of failure. Which of the following might she want to implement in addition to a secondary web server?
Load balancer
Which type of image recognizes files and data based on the installed operating system?
Logical
Which framework is divided into a framework core, implementation tiers, and profiles?
National Institute of Standards and Technology (NIST) Cybersecurity Framework
Which of the following devices can be installed on a network to monitor traffic?
Network tap
Which of the following scopes of impact describes the amount of time needed for IT systems to return to their normal functions?
Recovery time
Aurelia has just modified a module in one of her company's software applications to add a new feature. Which of the following should be done to ensure that the changes did not adversely affect any other areas of the application?
Regression testing
Which of the following is not a learning style to be considered when designing security awareness training?
Responsive learning
Which of the following is not a category for determining a CVSS score?
Risk score metrics
What is used to control multiple ICSs?
SCADA
What methodology can be used to build a program or application from its inception to decommissioning?
SDLC
Muhammed is a cybersecurity engineer for a quickly growing organization. He is concerned that his team may not be able to keep up with the growth, and that a system might remain vulnerable to certain exploits. He is considering taking advantage of the cloud to help accommodate the growth. Which of the following might he choose to use?
SECaaS
Which of the following outsourcing security models uses the cloud?
SECaaS
Dion is developing an application that will allow users to create their own passwords. He then needs to store that information in a database to be used when the user attempts to log in again. Which of the following provides the strongest option for Dion to accomplish this task?
SHA-512
Which of the following is not a federation system technology?
SSO
Samuel works for a telecommunications provider in the United States. Which of the following regulations might he need to be familiar with?
Sarbanes-Oxley
Which of the following federal regulations is a result of corporate fraud cases?
Sarbox
Ramon, a cybersecurity analyst, is aware of the regulatory requirements that his organization must meet. He needs to make sure that best practices are meeting the goals of these regulatory requirements. Which of the following might he decide to employ as part of a vulnerability scan?
Scanning template
Jan has just finished upgrading the physical and administrative controls in his organization and is about to start planning the upgrade of logical controls. Which of the following is not a manufacturer to consider when looking at options for new firewalls?
Seagate
Annya, a cybersecurity analyst, has just pulled a failed hard drive out of a system. She cannot seem to get any applications to overwrite the blocks on the drive with random data. Which of the following methods should she use to ensure the data on the drive is safe from being recovered by unauthorized parties?
Secure disposal
Falik has just returned from a cybersecurity conference where he learned about a UTM that provides some new features he would like to implement within his network. Which of the following best describes what he would like to implement?
Security appliance
Lakia has been hired as a penetration tester for a large organization. She finds that one of the branch offices is still running WEP and quickly cracks the key to gain access to the network. As she is capturing network packets while sitting in the company's parking lot, she sees a couple of tokens that users send to an HTTP-based website to log in. Which of the following types of attacks might she be able to perform with this information?
Session hijacking
Liam is investigating a recent attack in which a threat actor stole session cookies and used them to impersonate the user. What kind of attack is Liam investigating?
Session hijacking
Which of the following is not a security issue of TACACS?
Session identifiers are always unique
What is another name for a virtual network?
Software-defined network (SDN)
Which of the following tests is conducted before source code is compiled?
Static code analysis
Paris is designing the logical configuration for the company's new headquarters building. He knows that several departments, including Human Resources and the research and development group, should not be able to communicate with each other. Which of the following should he include as part of the network design requirements?
Subnetting
A growing organization has recently created a policy that everyone in upper management must train each other in various aspects of their jobs. They must also train one of their direct reports to perform key parts of their jobs. The object is to establish continuity of the organization's operations if something catastrophic happens to a manager. Which of the following terms best describes the type of policy that has been implemented?
Succession planning
Donatello's supervisor has asked if he would be interested in enrolling in a company program designed to prepare individuals to assume new leadership roles when an employee retires. What type of program is this?
Succession planning
Corban is examining a vulnerability scan report. It indicates that a MAC flooding attack could occur due to a misconfigured hardware appliance. Which hardware device should Corban now correctly configure?
Switch
Suki wants to analyze all of the traffic being sent to and from a group of 10 computers that are all connected to the same networking device. He decides to install a sniffing device that will capture packets and then enable port mirroring on the networking device to send copies of the traffic to the sniffing device. Which of the following networking devices is he most likely using?
Switch
Alvaro has been asked to acquire tape to secure evidence bags for forensics investigations. The tape cannot be removed and reapplied without leaving visual evidence. What type of tape should he use?
Tamper-evident
Rico is developing a list of personnel who may be asked to serve on a cyber incident response team. Who will be responsible for helping the team focus on minimizing damage and recovering quickly from a cyber incident?
Team leader
Emma is researching role-based responsibilities. For internal communications, which two categories are often used?
Technical and management
Why would a threat actor not use BitTorrent for data exfiltration?
The BitTorrent protocol can be easily identified.
Carl is a new cybersecurity analyst. His manager has just asked him to implement a vulnerability scanner that uses CVSS. Which of the following best describes why he would want to use it?
The Common Vulnerability Scoring System will allow the organization to prioritize which vulnerabilities it should mitigate first or implement compensating controls for.
Which of the following is false about RADIUS?
The RADIUS server authenticates and authorizes the RADIUS client request and sends back a RADIUS message response. (*GUESSS*)
William has been asked to create a draft data retention policy. Which of the following would not be part of that policy?
The duties of the data custodian
Why does corporate accounting data have a high value.
The loss of accounting data prevent an organization from providing stakeholders an accurate picture of its financial health.
Ava is reviewing her organization's data classification policy. Which of the following would not be part of that policy?
The responsibilities of the data owner
Which of the following is a purpose of a rootkit?
To hide its presence
Which of the following items cannot be evaluated for high-volume consumption by a resource monitor?
USB
Adele is researching zero day attacks. To which category of threats would these attacks apply?
Unknown knowns
Phillida, a cybersecurity analyst, is comparing vulnerability scanning products for potential use in her organization. She reads that Nessus uses a combination of machine learning and threat intelligence to produce which of the following?
VPR
Nori is concerned that Bob, who has a lower level of privileges, has inherited Mackenzie's higher level of privileges. Which of the following terms describes this situation?
Vertical privilege escalation
Ralph is creating a list of opportunities for conducting security awareness training. Which of the following would not be included on the list?
When an employee is terminated.
Emma has discovered that one of her company's web applications is accepting user input without validating it before presenting it back to the user. What type of attack could use this vulnerability?
XSS
Which of the following is the first step in incident response and recovery?
analysis
Janos works for a large regional hospital system. The system has data retention policies that have necessitated the backup of certain types of information. As such, he decides that in addition to the standard daily and weekly backups, he would like to create a byte-by-byte copy of data on a particular server's drive to be stored off-site. Which of the following tools might help him perform this action?
dd
Mackenzie is making a presentation about what to do in a cyber security incident. Which of the following would she not include in her presentation?
resist the urge to communicate with other security personnel.
Jaden has received an alert from a system that has identified potential malware on itself. Upon looking through the log files, he sees a list of error messages where an executable tried to write data to a range of memory addresses that did not exist for the system. Which of the following has most likely occurred?
Buffer overflow
Darien last ran a vulnerability scan a year ago. Which of the following could he expect to have changed if he ran the scan again today?
CVSS temporal score
Which CVSS score reflects the current characteristics of a vulnerability that may have changed over time?
CVSS temporal score
Which of the following is not a name for a unique digital fingerprint of a set of data?
Certificate
Alisi, a cybersecurity manager, has found that a former employee was engaging in illegal activities online; she must report these activities to local law enforcement authorities. She locks the employee's computer in a closet to which only she and two of her peers have access. Which of the following should be created as part of the documentation for this incident?
Chain of custody
Which of the following is not a communications best practice strategy?
Contact local news media before information leaks out.
Tyrese has just been hired as a cybersecurity analyst at a major hospital in Colorado. Which of the following regulations might he need to be familiar with?
HIPAA
Isabella has been asked to research HIPAA requirements for her employer. Which of the following statements about HIPAA is false?
HIPAA includes any third-party business associate that handles protected healthcare information.
Morwenna wants to install Nessus for a trial run on her company's infrastructure. Which of the following is the default method of installation?
HTTPS
Which of the following is not an application symptom?
Hard drive consumption
Mason has been asked to create a list of vulnerabilities in the organization's directory service. Which vulnerability would not be included on the list?
Having a minimal number of domain administrators
Autumn has been asked to create a list of reasons why cyber incident response and recovery analysis is considered difficult. Which of the following would she not include in her list?
High number of false negative
A startup company has invented a new IoT device and stored the design documents on an internal network share. Which of the following types of data are they trying to protect?
IP
Dahlia has just been hired as a new cybersecurity manager at an organization. Up until now, the organization has not had any formal procedures in place to handle events such as malware or data breaches. Dahlia would like to ensure that everyone follows the same procedures when responding to these events. Which of the following should she create?
IRP
Marcus, a cybersecurity manager, wants to perform random audits on user systems. He knows that a complete audit of one system could take an entire day or more. Which of the following might he implement to allow him to accomplish these random audits?
Mandatory vacation
Isabella needs to document a framework that identifies increasing levels of security development, with each level more difficult to achieve but more secure than the preceding lower level. Which of the following would she document?
Maturity model
An online retailer has just discovered a data breach of the system used to store all of the data for shipments of products, including tracking numbers, date shipped, customer names, and addresses. Which of the following has the company failed to protect?
PII
Viola is examining data that was compromised during a recent attack. Into which category would a password number be classified?
PII
A Silicon Valley startup has begun attracting users in Canada. Which of the following regulations should its legal department study to ensure that the company is abiding by any applicable laws?
PIPEDA
Ulf has found malware on a couple of computers that has been making remote connections to named pipes. Which of the following is being exploited by this malware?
SMB
Faranoush is examining the CVSS Base Score Exploitability Metrics to better understand the information she sees in her report. Which of the following reflects the ability of a vulnerability in one software component to impact other resources?
Scope
Raja wants to require network administrators to log into the company's Cisco routers and switches. Which of the following is the most likely choice to implement for this configuration?
TACACS+
Takara is building a digital forensics workstation. She needs the ability to connect to PATA and SATA devices for forensic analysis. Which of the following tools might best fit her needs?
Universal hard drive adapter kit
Morgan has been asked to make recommendations about her employer's use of social media in the event of a cyber incident. Which of the following would she not recommend?
Use a strictly casual tone in communication.
Which of the following is not an advantage of using layers for defense?
Using layers is easier for security personnel to implement.
Which of the following is false about traffic spikes?
Using traffic spikes as a symptom of a cyber incident is easy and straightforward.
Sarita is a network engineer for a growing organization. Her company plans to open branch offices and connect them in a secure manner to the headquarters building via the Internet. Which of the following should Sarita implement?
VPN
Bettye manages a server for which a major vulnerability was recently reported in one of the services that her company uses. However, a patch is not currently available to fix the vulnerability, so she needs to ensure that the firewall and other protections in place will prevent a threat actor from exploiting the vulnerability. Which of the following describes the type of vulnerability on the server she manages?
Zero day
Lida has discovered several unauthorized applications on a number of computer systems within her company. Which of the following would have best prevented this scenario from occurring?
whitelist
Which of the following is false about state legislative mandates for communication in a cyber incident?
Only California has a state security breach notification law.
Gabriel is trying to understand the metrics behind the scores that Nessus uses. He asks you which of the metrics is based on the attacker having to gather more information about the target before the vulnerability can be exploited. Which of the following identifies the metric he described?
Attack complexity
Nephele is looking at the vulnerabilities found in her organization. She wants to figure out which ones must be present or addressed from the local network compared to the ones that must be addressed either from an adjacent network or other network. Which of the following metrics covers this information?
Attack vector
Which of the following is not one of the purposes of establishing a communication process and plan?
Be completely transparent with the public
Uziah has received an alert from a network monitoring system that it has detected a client on the network sending an HTTPS packet once per minute for the past six hours to an external IP address. Which of the following has the system most likely detected?
Beaconing
Yairo has been asked to examine only internal data points when analyzing a recent vulnerability scan. Which of the following would he not use?
Best practices
Ananada is sitting on a train and overhears someone on his phone bragging that he has a massive network of computers at his fingertips that have been compromised with some form of malware. He tells the person on the other end of the call that they can have all these computers attack a target in unison. Which of the following terms might describe the person whose conversation she overheard?
Bot herder
Phaedra, a cybersecurity analyst, has discovered a number of computers within her company's network that are regularly sending packets to an external IP address for no legitimate reason. Which of the following is the most likely cause of this scenario?
Botnet
Baggio has been researching ways to implement a new job rotation program. What is required before job rotation can begin?
Cross training
Phil wants to determine whether the new email filter on the company's mail server has been effective in reducing the number of malware instances detected on user computers. Which of the following is the best answer to describe what he should use for his analysis?
Data correlation
Penelope has just been hired as a cybersecurity manager for an organization. She has done an initial analysis of the organization's policies and sees there is no document outlining the duties and responsibilities of data custodians. Which of the following policies might she consider creating?
Data ownership policy
What is the first step in determining the severity of an incident?
Deciding if the occurrence was a cybersecurity incident.
Uma wants to figure out how to detect any rogue access points that might be installed around her company's offices. Which of the following might she choose to implement?
Dedicated probe
Anabelle needs to eradicate malware from a hard drive. What should she not do?
Delete the files from the hard drive by using the Quick format option.
Which of the following is not a helpful question in determining the cause of a traffic spike?
Does all the traffic use common protocols?
Van has been tasked with designing a fault-tolerant system for a critical application. Which of the following is the biggest concern about the design of this system?
Downtime
Samara needs to retrieve the private key from the key escrow service her company uses. Upon trying to retrieve the key, she is advised that at least two authorized personnel must request the key before it can be released. Which of the following has been implemented by the key escrow service?
Dual control
Victoria, a cybersecurity analyst, has just disconnected a computer from the network after finding that it was infected with malware. Which of the following is the next task that she should attempt to perform with the system?
Eradication
Kevin is working the after-hours shift in the NOC and receives an alert that there has been a potential intrusion into one of the servers. He pulls out the incident response plan and sees that the first step is to notify the on-call manager. Where might he find that information?
Escalation list
Aika wants to monitor bandwidth consumption to determine if there has been a cyber incident. What will be her first step?
Establish a baseline of normal bandwidth use.
Which of the following is the least effective cybersecurity verification?
Evaluation
Cosmo is reviewing a recent Nessus scan report and sees a number of items that have recently had compensating controls implemented for them. Which of the following terms might describe these items in the report?
False Positive
A vulnerability scan indicates that a patch is missing from a Windows server. However, upon further examination you determine this is not true. What have you discovered?
False positive
Which of the following is not a reason why computer forensics is important?
Federal laws that mandate all attacks to be examined using forensics
Calliope is a forensics detective with a law enforcement agency. She discovers that an attacker who has just been caught was using a dead-drop method of controlling the bots in a botnet. Which of the following might have been a clue that the attacker was using this method?
Finding an e-mail account with multiple saved drafts that were never sent but contained instructions the bots were to follow
Which of the following is not a reason to use bandwidth monitoring?
Finding application buffer overflows
Adamo has been asked to create a cyber incident response plan. What will be the final phase of the plan?
Follow-up
Which of the following is a series of documented processes used to define policies and procedures for implementation and management of security controls in an enterprise environment?
Framework
Octavius has developed a new application and wants to ensure that there are no issues with memory corruption or program crashes as a result of certain types of input being sent to the application. Which of the following might he use to meet this goal?
Fuzzing
A growing social media company has decided to expand its physical presence into Europe after seeing users start to sign up for its service. It collects a lot of information about users and needs to know what the requirements are to protect the users' data. Which of the following should the company look to for this information?
GDPR
Pat is researching requirements for communicating with affected parties in a cyber incident. What requirement would Pat find that is used in the European Union (EU)?
GDPR
Which of the following is not a reason to contact law enforcement agencies in the event of a cyber incident?
Identifying threat actors often leads to no arrests or convictions.
Noah has been asked to perform an environmental reconnaissance. He decides to call the help desk and pretend to be a mid-level manager who needs to have his password reset. What type of attack is Noah performing?
Impersonation
Tabitha has just contracted with a large company to perform a penetration test against it. Which of the following might help her with part of the reconnaissance process?
Impersonation
Amadeus is composing a new web application that his organization will make available to the general public. The site will offer users the ability to sign up for accounts and interact with certain functions of the application. Which of the following should he ensure is done as part of the sign-up process?
Input validation
Tomaso is explaining to Nikita how a virtual network functions. Which of the following is not a correct description of a control plane?
It can be interchanged with a data plane when necessary.
Moe is researching P2P C&C configurations. Which of the following is not true about a P2P C&C?
It can mask irregular peer-to-peer communications through beaconing, but not data exfiltration.
Basil has been asked to examine an employee's Apple iOS smartphone that is owned by the organization. He discovers that the employee has circumvented the built-in limitations. What is this called?
Jailbreaking
Nik, a cybersecurity analyst, has been asked to examine an employee's iPhone that is exhibiting strange behavior. After looking through the phone, he finds that the user apparently has been able to upload third-party apps that are not in the App Store. Which of the following has most likely occurred with this phone?
Jailbreaking
Elon has created a project to review the vulnerabilities in his organization. As the project wraps up, which of the following should be created?
Lesson learned report
Gabe, a penetration tester, has gained physical access to a company's facilities and planted devices behind several printers that will send him copies of all documents sent to those printers. Which of the following has Gabe executed?
MITM attack
Which of the following memory vulnerabilities occurs when an application dynamically allocates memory but does not free it when finished using it?
Memory leak
Pablo is performing a forensics investigation and needs to identify the edit history of a file. What type of data does Pablo need to examine?
Metadata
Simone, a cybersecurity researcher, has just finished the analysis and documentation of a new vulnerability she discovered in a widely used product. In addition to contacting the manufacturer of the software, she also believes it is necessary to make a plug-in available so common vulnerability scanners can pick up the vulnerability in their scans. Which of the following would be helpful for her to know in order to meet this goal?
NASL
Hattie has just been promoted to the cybersecurity team within her organization. Her new manager recommends reading up on cybersecurity guidelines that have been published by the U.S. government. Which of the following should she become familiar with?
NIST
Ilya is having an audit performed by a third-party consultant to find vulnerabilities in his organization. As part of the audit, several tools have been brought in to detect weaknesses in the organization's infrastructure. Which of the following vulnerability scanners might be used to perform this task?
Nessus
Ashlee has been asked to evaluate the Nessus vulnerability scanner for her company. She wants to install the free version so that she can first test its features. Which version of the scanning manager would she use?
Nessus Essentials
Kallie, a cybersecurity analyst, has just returned from a cybersecurity conference where she learned about the Nessus vulnerability scanner. She wants to try it at her company, but her software budget has already been spent for the fiscal year. Which of the following versions should she consider installing?
Nessus Essentials
Valeria, a cybersecurity manager, wants to start using a vulnerability scanner at the large global organization where she works. Which of the following might be the best fit for this organization?
Nessus Manager
Why does an installation of Nessus produce a security warning?
Nessus uses a self-signed SSL certificate.
Which of the following statements about new account creation is false?
New account creation can only be used for a threat actor to log in to an application.
Dimitri wants to install Nessus on the systems within his network, but is concerned that Nessus may not be compatible with certain types of devices in his company. Which of the following is Nessus not compatible with?
None of the above. It is compatible with all of these options.
What information would a directory service not include?
Password
Tara has just discovered the John the Ripper tool on a workstation on her company's network, which is a direct violation of an existing policy that defines what users are allowed and not allowed to do on the network. She believes that if other instances of this tool are installed, the current policy protecting against attacks from such tools needs to be strengthened properly. Which of the following policies might she choose to update as a result?
Password Policy
Abdul has just discovered a successful brute force attack against one of the systems in his company's network that lasted for almost five months undetected. Which of the following might have prevented this attack from being successful?
Password policy
Alika has just finished eradicating a piece of malware from a computer system. Which of the following might she do next as part of the validation process?
Patching
Which of the following controls would include fencing and security guards?
Physical controls
Which of the following is false about networks?
Physical isolation is the preferred method for creating a network layer.
Bartolo sees a notification from a security device on the perimeter of the network that ICMP echo requests have been received for the entire range of IP addresses on the external subnet. Which of the following has been detected?
Ping sweep
Alaa wants to update her Nessus installation to ensure that she is scanning for all recently discovered vulnerabilities. Which of the following does she need to download?
Plug-ins
Kallista needs to install the latest updates to Nessus so that it can identify the most recent threats. What will she need to download?
Plug-ins
Barry has just installed Wireshark on a computer in his organization to analyze network traffic. Which of the following will he also most likely need in order to make this configuration work?
Port mirroring
If an attacker wants to learn which services are running on a server, which of the following would he use?
Port scan
Dharma has just been hired to create the new cybersecurity team in a growing organization. Which of the following might be one of the first things she does?
Preform an audit
Which of the following is not always provided by incident response providers?
Preparation (*Guess*)
Hannah has just been hired to review a large organization's formal IT processes and procedures. She finds that the company's backup methods create unacceptable risks because of potential data loss in a disaster, such as a fire. She recommends backing up the company's data to the cloud instead of storing magnetic tapes on site. Which of the following best describes Hannah's recommendations?
Process retirement
Kyo is compiling a list of network symptoms of a cyber incident. Which would she not include on her list?
Processor consumption
Which of the following is not a reason for a traffic spike?
Processor consumption
Which of the following is not one of the three types of DLP sensors?
Public sensors
Franco, a cybersecurity analyst, has just received a report that a piece of malware has been detected on a user's system. The user downloaded a solitaire game that had pictures of cats on the back of the cards, and he just couldn't resist. After examining the computer and network traffic, Franco finds that the game has been allowing an intruder to connect to the computer and execute commands on the system as well as send files to a remote server. Which of the following has Franco found?
RAT
Dharma manages a Linux server and wants to ensure that none of the users on the system have common passwords that would be in a standard password dictionary. Which of the following would best help accomplish her goal?
Rainbow tables
Which of the following is not a validation step?
Reimaging
Which containment technique simply removes the affected system from the network by disconnecting it?
Removal
Which of the following protections does cryptography not provide?
Repudiation
Moira has discovered a compromised computer on her organization's network that is communicating with a command and control server. She believes that cutting off the connection to the command and control server may completely destroy the system. Which of the following containment techniques might she choose to use? (Choose two.)
Segmentation
Tonia has just completed an audit of the accounts payable system and discovered what appears to be the embezzlement of funds by a clerk. The clerk was able to create entries of payments to be made and was also allowed to approve the payments. Which of the following might have prevented this situation from occurring and should be implemented immediately?
Separation of duties
What is the name of the practice that requires a process to be divided between two or more employees if a fraudulent application of the process could result in a breach of security?
Separation of duties
Marilla is creating an application that will be installed on all client computers in her organization. Which of the following should be performed before the application is compiled and distributed?
Static code analysis
Kristin is reviewing the impact of a recent attack and finds that it only caused a seldom-used test server to be taken offline for a short period of time. She has decided that this incident does not deserve a high-priority ranking. What scope of impact has she used in making this determination?
System process criticality
Which framework is used for software development?
The Open Group Architecture Framework (TOGAF)
Albrecht has noticed a number of clients on the network attempting to contact the same external IP address at a constant rate of once every five minutes over the past 72 hours. Which of the following might be the cause of his concern?
The computers may be infected with malware that has made them part of a botnet.
When configuring a Nessus basic network scan, what information must be provided in the settings.
The targets to be scanned.
Ines is reviewing the network traffic logs and sees what appears to be beaconing. Which of the following best describes the traffic she has noticed?
The traffic is most likely being sent to a command and control server.
Which of the following is false about third-party suppliers?
The use of third-party suppliers is diminishing
Maya has just been hired as the first cybersecurity engineer at a growing company in an effort to focus more resources on hardening the company's infrastructure. Which of the following might she use to identify applications that users log into with unencrypted passwords?
Wireshark
Which of the following is also called a network virus and is designed to enter a computer through the network before searching for another vulnerable system?
Worm
Boris, a cybersecurity analyst, has just received a client's hard drive that needs a forensic analysis. He needs to ensure that the data on the drive maintains its integrity and that no unallocated blocks are changed so he can attempt to undelete files on the drive. Which of the following tools would be most useful as part of his analysis?
Write blocker
Which of the following devices prevents writing to a drive?
Write blocker
Which imaging utility can generate a physical image copy?
dd
Amir has just received a user's computer that was found to have a malware infection. He has sanitized the hard drive but doesn't have a snapshot from which he can restore. Which of the following techniques might he choose to make the system functional again?
reconstruction