CIS 4670 Midterm
Jen is configuring a cloud environment and needs to define network traffic that is allowed into the organization's cloud environment while blocking other network traffic. What resource would a cloud provider typically offer to meet this need?
security groups
Worms
self-installed and spread on their own
Sam has detected lateral network traffic that is not compliant with the organization's security policy creating a belief that a cybersecurity compromise has already occurred. Sam decides to search for evidence of the compromise, which type of security assessment technique should Sam utilize?
threat hunting
Jerry is responding to a cybersecurity incident in which user account information was compromised. Jerry believes an attacker manipulated information in the user account system. What cybersecurity objective did this attack violate?
Integrity
Maria wants to use an individuals job requirements as the basis for an access control scheme. Which scheme is best suited to this implementation?
RBAC
Terry is tasked with deploying a solution that will monitor data traffic bound for the Internet containing unencrypted data that requires cybersecurity protection. What technology should Terry focus attention on when searching for a solution?
Network-based DLP
Jayden is monitoring network traffic and discovers an employee monitoring or spying on others using their organization-provided systems. What type of malware is Jayden likely monitoring to make this discovery?
RATs
Trojans
Require user interaction
After a forensic analysis of a cyber breach, Taylor discovered that software was left on the system allowing attackers to have remote access to systems within the company. How should Taylor describe or classify this malware?
a backdoor
Lilo is working in the SOC and observes a command and control system being used to allow attackers to manage, control and update systems automatically. What type of malware is Lilo observing?
a bot
Phishing
a broad term used to describe the fraudulent acquisition of information, often focused on credentials like usernames and passwords, as well as sensitive personal information like credit card numbers and related data
In what cloud security model does the cloud service provider bear the least responsibility for implementing security controls?
IaaS
The SWIFT club has 80 members and they all need the ability to communicate with one another securely using an asymmetric encryption system. The system allows any two members to communicate without other members eavesdropping. If an 81st member is added to the club, how many new keys must be added to the system?
2
Match the protocols with their port numbers
22- SSH 53- DNS 80- HTTP 443- HTTPS
What type of malware is adware typically classified as?
A PUP
Lilo needs to provide access control in enterprise-systems applications such as database, microservice, and API access which requires considerable flexibility. Which access control scheme is Lilo likely to use?
ABAC
Which of the CVSS metrics would contain information about the difficulty of exploiting the vulnerability?
AC
During a periodic review of security controls, Maria discovered that individuals who breach the network security perimeter would be able to then attack IoT systems that operate manufacturing. Manufacturing is a closed system and does not require internet connectivity. What type of solution is best suited for this?
Air gap
Bob would like to send Alice a secure message using an asymmetric encryption algorithm. What key should Bob use to encrypt the message?
Alice's public key
Ash recently received a flash drive with data along with instructions to load the data into the recently-created customer database. The flash drive arrived in an envelope that appeared to be official and the sending address was the address of the company's headquarters. Ash loaded the data and then discovered the flash drive was actually send by a company conducting a penetration test on the organization and the sending address was manipulated by the company completing the pentest. What social engineering principle best matches this type of attack?
Authority
What type of attack does an account lockout policy help to prevent?
Brute Force
Mackenzie was offered an on-the-job training opportunity that includes defending the organization's systems from attack as part of a security training exercise. What role is Mackenzie playing in this exercise?
Blue team
Lilo is concerned about vehicles approaching the entrance to a building. What physical security control should Lilo implement.
Bollard
Terry is investigating a security incident where the attacker entered a very long string into an input field, which was followed by a system command. What type of attack likely took place?
Buffer overflow
Sam is using full disk encryption technology to protect the contents of laptops against theft. What goal of cybersecurity is Sam attempting to achieve?
Confidentiality
Kevin would like to utilize a security control that can implement access restrictions across all of the SaaS solutions used by the organization. What control would best meet Kevin's needs?
CASB
Melinda is investigating a cybersecurity incident in which an API key and password was exploited after being found in the organizations online environment. What type of threat vector best describes this attack?
Cloud
Mindy works for an automobile parts manufacturer and has access to a cloud environment that is exclusive to organizations that provide services or parts to a major automobile manufacturer. What model of of cloud computing does this environment represent?
Community Cloud
Sam's college IT group recently became aware of a security breach that affected students' private data. Sam is concerned that the college is subject to FERPA regulations and the college could face scrutiny for the breach. What category of risk is likely concerning Sam?
Compliance
What technology uses mathematical algorithms to render information unreadable to those lacking the required key
Data Encryption
Dr. Hwang is the CIS department chair and wishes to send a message to CIS students that does not need to be kept secret but students need to be assured that the message actually came from Dr. Hwang. What key should Dr. Hwang use to sign the message?
Dr Hwang's private key
When CIS students receive an email from Dr. Hwang that has been digitally signed, what key should the students use to verify the digital signature?
Dr Hwang's public key
Taylor is reviewing authentication frameworks for wireless networks. Which framework is Taylor likely to find most useful for wireless environments?
EAP
Taylor is designing a pentest platform that needs to be able to expand and contract as needs change. Which of the following terms describes Taylor's goal?
Elasticity
Availability
Ensures that data is accessible to authorized users
Confidentiality
Ensures that only authorized parties can view the information
Sana is deploying the organization's websites in the local AWS availability zone as well as an availability zone across the country. This plan will provide enhanced uptime and scalability, but why did Sana choose an availability zone on the far side of the country?
Geographic dispersal
Lilo is conducting a penetration test for a client. The client provided Lilo with limited but important information on the configuration of the systems under test. What type of pentest is Lilo performing?
Gray-box test
Michael is wanting to implement numerous smaller servers for the data center and then deploy a load balancer to gain scalability. What type of scalability is Michael trying to implement?
Horizontal Scalability
Kara discovered the web server was being overwhelmed by traffic causing a CPU bottleneck. Using an interface from the cloud provider, Kara added a second web server and a load balancer to balance the load between the two servers. What term best describes Kara's action?
Horizontal scaling
The Student Data Center (SDC) on campus ties together local computing capabilities within the SDC with capabilities from multiple public-cloud providers. Which deployment model best describes this environment?
Hybrid Cloud
Cybersecurity threat actors are divided into which of the following classifications? (choose 4)
Internal vs External Level of sophistication/capability Resources/funding Intent/motivation
Umberto discovered hash values in the organizations systems that match values found by other firms found after a ransomware attack. What term best describes this information?
IoC
Match the items below with their respective definitions.
IoC- telltale signs an attack has taken place which may include file signatures MISP- Threat Sharing Project Threat Vectors- means or pathways used to obtain access OSINT- threat intelligence acquired from publicly available sources
What are three common questions that come into play when assessing a threat intelligence source or a specific intelligence notification? (choose 3)
Is it timely? Is the information relevant? Is the information accurate?
Joanna recovers a password file with passwords stored as MD5 hashes. What tool can she use to crack the passwords?
John the Ripper
Shoulder surfing
Looking over the shoulder of someone working on a computer to view usernames, passwords, or account numbers.
Terry identified a new security vulnerability and computed its CVSS base score as 3.5. Which risk category would this vulnerability fall into?
Low
What type of malware is VBA code most likely to show up in?
Macro viruses
Taylor is seeking the Cloud Reference Architecture which offers a high-level taxonomy for cloud services. What document should Taylor access?
NIST SP Thing
Lyndsey wants to implement a striped drive solution. What RAID level does this describe?
RAID 0
Sam wants to implement a RAID array upon which data is striped across drives, with drives used for parity (checksum) of the data. Sam also wants to ensure that the system can handle more than one drive failing at a time. What RAID type should Sam use?
RAID 6
Which of the following are considered embedded systems by the Security+ exam? (there is more than one answer)
Raspberry Pi Arduinos FPGA
Match the concepts to their descriptions/functions.
SAML- XML Based Open Standard SSO-Allow a user to login with a single Password vaults- Software solutions that store Filesystem controls- Determine which accounts
Taylor is preparing to perform a cybersecurity assessment at a nuclear power plant with a focus on embedded systems controls. Which of the following topics should Taylor review to prepare?
SCADA
Match the technologies below with their related environments.
SCADA- embedded systems VOIP- telephony
Logging into an AWS environment to perform maintenance work is most commonly done through which tool?
SSH
Sam is conducting a penetration test in preparation for an external pentest engagement. Sam attempts a session hijacking attack which will require a __________ to be successful.
Session Cookie
What type of phishing targets specific groups of employees, such as all managers in the financial department of a company?
Spear Fishing
Alex is reviewing network logs and recognized a high volume of brute force username/password attacks against organization and IT leadership members' credentials. What type of attack might Alex surmise is taking place?
Spoofing
Carla is reviewing forensic evidence that suggests malicious firmware was installed into a device before it was provided by the supplier. If true, what type of threat vector best describes the attack.
Supply Chain
Cindy wants to send threat information via a standardized protocol specifically designed to exchange cyber threat information. Which should she use?
TAXII
Tina is tuning her organization's intrusion prevention system to prevent false positive alerts. What type of control is Tina implementing?
Technical Control
phases of the software development life cycle
The phases of the software development life cycle in order are: Planning , Requirements , Design , Coding , Testing , Training and Transition , and Ongoing Operations and Maintenance .
Technical Controls
Using technology that is carried out or managed by devices as a basis for controlling the access to and usage of sensitive data.
Which of the following is considered an OSINT source?
WHOIS Query
Which of the following techniques is considered passive reconnaissance?
WHOIS lookups
Tailgating
When an unauthorized individual enters a restricted-access building by following an authorized user.
Match the items with their respective definitions.
White hat hackers- good guys Black hat hackers- bad guys Gray Hat Hackers- neutral
Aubrey needs to implement LDAP service. What type of service is Aubrey attempting to enable?
a directory service
What type of recovery site has all the infrastructure and data needed to operate the organization?
a hot site
Cipher
a method used to scramble or obfuscate characters to hide their value
What type of malicious actor is most likely to use hybrid warfare?
a nation-state
Ben examined the hash values for the firmware on a firewall that was just shipped from the manufacturer and discovered they do not match values published by the firewall's manufacturer. What type of attack should Ben be concerned with regarding the mismatched hash values?
a supply chain attack
Taylor performs a backup that captures the changes since the last backup. What type of backup has Taylor performed?
an incremental backup
Steganography
art of using cryptographic techniques to hide data
An individual's name, location, and role in the organization are all examples of what?
attributes
Which of the following controls will NOT affect scan results?
audit requirements
Lilo is configuring a web server to use digital certificates and wishes to allow clients to quickly verify the status of the certificate without contacting a remote server. What technology can Lilo use to accomplish this outcome?
certificate stapling
Sam wants to change file permissions. Which of the following command-line Linux tools will accomplish this task?
chmod
Kim creates open-source software tools and wants to assure users that the code they received is authentic code provided by the author. What technique can Kim use to provide this assurance?
code signing
While on the night shift working in the SOC, Ash notices traffic between systems being monitored within the organization and a known malicious host using TCP port 6667. What type of traffic is Ash most likely detecting?
command and control
Mac needs to utilize application-level virtualization in which multiple servers operate independently while sharing an operating system. What type of resource does Mac need to use?
containers
Vicky conducted an assessment of organizational security controls and discovered that backups of data are insufficient to recover from a ransomware attack. What type of control gap exists in this case?
corrective
Which of the following measures would database administrators consider to be the best defense against data exposure?
data minimization
Sam has developed a plan to prevent ransomware, what would be an additional critical step to defend the organization against losses from ransomware? (choose the best answer)
deploy a backup system that stores files in a separate location that will not be impacted if the system or device it backs up is infected
Malware
describes wide range of software intentionally designed to cause harm to systems
In preparation for a penetration test engagement, Kai goes to the IT managers house on trash day to rifle through the trash can that is out on the street and search for information about the manager that may prove useful during the penetration test. What term describes this activity?
dumpster diving
Integrity
ensures that there are no unauthorized alterations of data
Sam is responsible for the deployment of IoT gateway devices located in close proximity to sensors that are collecting data. The gateway performs preprocessing of the data before sending results to the cloud. What term best describes this approach? Edge computing
fog computing
Morgan is testing software by sending invalid and even random data to the application. What type of code testing is Morgan conducting?
fuzzing
Sam wants to set an account policy that raises an alert if a user logs in from two different locations in a timeframe that is too short for reasonable travel. What type of account policy should Sam set?
impossible travel time
Taylor is saving hash values of data archives so that these same archives in the future can be tested to ensure that the archive has not been changed or modified. What goal of cybersecurity is Taylor attempting to achieve?
integrity
Taylor is conducting a penetration test and deploys a toolkit on a compromised system which is then used to gain access to other systems. What term best describes Taylor's activity?
lateral movement
Ransomware
malware that takes over a computer then demands payment
Jen is engaged in a penetration test and wishes to eavesdrop on communications between a user and a web server. What type of attack would Jen likely use?
man-in-the-middle
operational control
monitoring performance to ensure that operational plans - day-to-day goals - are being implemented and taking corrective action as needed
Marie is documenting a financial loss resulting from a credit card holder who claimed they did not order an item they had received and therefore refused to pay for it and it is not possible to prove otherwise. What cybersecurity principle was most directly related to this incident?
nonrepudiation
Miguel sends backups to a company that keeps them in a secure vault. What type of backup solution has Miguel implemented?
offline
Precompiled SQL statements that only require variables to be input are an example of what type of application security control?
parametetized queries
Kelly installs a backdoor in a database server that was exploited as part of a penetration test which will provide ongoing access to the server in the future. Which term describes this action?
persistence
managerial controls
processes established to manage technology in a secure manner
When making a change to a web application in use by an organization to fix a bug, the work should be completed in the _____________ environment.
production
Which of the following is NOT considered a type of virus?
rat-toolkit virus
Entering the command chmod 754 with respect to a file will result in which set of permissions?
rwxr-xr--
Benny needs to create an account for an application (e.g. a VM instance) to access other resources. What type of account should Benny use?
service account
While reviewing systems logs, Kendra determined that phishing attacks were focused solely on members of the sales and marketing team. What type of phishing does this event indicate?
spear fishing
What type of cipher operates on one character at a time?
stream cipher
Mac is monitoring a log file and wishes to view the most recent entries which are found at the bottom of the file. Which command will allow Mac to view the most recent entries to the file?
tail
Credential harvesting
the process of gathering information like usernames and passwords
What is an HSM used for?
to enable federation between organizations
substitution cipher
type of coding or ciphering system that changes one character or symbol into another
Marta discovers that someone set up a website with a URL that is nearly identical to the site she manages and appears to be easily mistaken for her own. Which of the following best describes this sort of attack?
typosquatting