CIS 4670 Midterm

Jen is configuring a cloud environment and needs to define network traffic that is allowed into the organization's cloud environment while blocking other network traffic. What resource would a cloud provider typically offer to meet this need?

security groups

Worms

self-installed and spread on their own

Sam has detected lateral network traffic that is not compliant with the organization's security policy creating a belief that a cybersecurity compromise has already occurred. Sam decides to search for evidence of the compromise, which type of security assessment technique should Sam utilize?

threat hunting

Jerry is responding to a cybersecurity incident in which user account information was compromised. Jerry believes an attacker manipulated information in the user account system. What cybersecurity objective did this attack violate?

Integrity

Maria wants to use an individuals job requirements as the basis for an access control scheme. Which scheme is best suited to this implementation?

RBAC

Terry is tasked with deploying a solution that will monitor data traffic bound for the Internet containing unencrypted data that requires cybersecurity protection. What technology should Terry focus attention on when searching for a solution?

Network-based DLP

Jayden is monitoring network traffic and discovers an employee monitoring or spying on others using their organization-provided systems. What type of malware is Jayden likely monitoring to make this discovery?

RATs

Trojans

Require user interaction

After a forensic analysis of a cyber breach, Taylor discovered that software was left on the system allowing attackers to have remote access to systems within the company. How should Taylor describe or classify this malware?

a backdoor

Lilo is working in the SOC and observes a command and control system being used to allow attackers to manage, control and update systems automatically. What type of malware is Lilo observing?

a bot

Phishing

a broad term used to describe the fraudulent acquisition of information, often focused on credentials like usernames and passwords, as well as sensitive personal information like credit card numbers and related data

In what cloud security model does the cloud service provider bear the least responsibility for implementing security controls?

IaaS

The SWIFT club has 80 members and they all need the ability to communicate with one another securely using an asymmetric encryption system. The system allows any two members to communicate without other members eavesdropping. If an 81st member is added to the club, how many new keys must be added to the system?

2

Match the protocols with their port numbers

22- SSH 53- DNS 80- HTTP 443- HTTPS

What type of malware is adware typically classified as?

A PUP

Lilo needs to provide access control in enterprise-systems applications such as database, microservice, and API access which requires considerable flexibility. Which access control scheme is Lilo likely to use?

ABAC

Which of the CVSS metrics would contain information about the difficulty of exploiting the vulnerability?

AC

During a periodic review of security controls, Maria discovered that individuals who breach the network security perimeter would be able to then attack IoT systems that operate manufacturing. Manufacturing is a closed system and does not require internet connectivity. What type of solution is best suited for this?

Air gap

Bob would like to send Alice a secure message using an asymmetric encryption algorithm. What key should Bob use to encrypt the message?

Alice's public key

Ash recently received a flash drive with data along with instructions to load the data into the recently-created customer database. The flash drive arrived in an envelope that appeared to be official and the sending address was the address of the company's headquarters. Ash loaded the data and then discovered the flash drive was actually send by a company conducting a penetration test on the organization and the sending address was manipulated by the company completing the pentest. What social engineering principle best matches this type of attack?

Authority

What type of attack does an account lockout policy help to prevent?

Brute Force

Mackenzie was offered an on-the-job training opportunity that includes defending the organization's systems from attack as part of a security training exercise. What role is Mackenzie playing in this exercise?

Blue team

Lilo is concerned about vehicles approaching the entrance to a building. What physical security control should Lilo implement.

Bollard

Terry is investigating a security incident where the attacker entered a very long string into an input field, which was followed by a system command. What type of attack likely took place?

Buffer overflow

Sam is using full disk encryption technology to protect the contents of laptops against theft. What goal of cybersecurity is Sam attempting to achieve?

Confidentiality

Kevin would like to utilize a security control that can implement access restrictions across all of the SaaS solutions used by the organization. What control would best meet Kevin's needs?

CASB

Melinda is investigating a cybersecurity incident in which an API key and password was exploited after being found in the organizations online environment. What type of threat vector best describes this attack?

Cloud

Mindy works for an automobile parts manufacturer and has access to a cloud environment that is exclusive to organizations that provide services or parts to a major automobile manufacturer. What model of of cloud computing does this environment represent?

Community Cloud

Sam's college IT group recently became aware of a security breach that affected students' private data. Sam is concerned that the college is subject to FERPA regulations and the college could face scrutiny for the breach. What category of risk is likely concerning Sam?

Compliance

What technology uses mathematical algorithms to render information unreadable to those lacking the required key

Data Encryption

Dr. Hwang is the CIS department chair and wishes to send a message to CIS students that does not need to be kept secret but students need to be assured that the message actually came from Dr. Hwang. What key should Dr. Hwang use to sign the message?

Dr Hwang's private key

When CIS students receive an email from Dr. Hwang that has been digitally signed, what key should the students use to verify the digital signature?

Dr Hwang's public key

Taylor is reviewing authentication frameworks for wireless networks. Which framework is Taylor likely to find most useful for wireless environments?

EAP

Taylor is designing a pentest platform that needs to be able to expand and contract as needs change. Which of the following terms describes Taylor's goal?

Elasticity

Availability

Ensures that data is accessible to authorized users

Confidentiality

Ensures that only authorized parties can view the information

Sana is deploying the organization's websites in the local AWS availability zone as well as an availability zone across the country. This plan will provide enhanced uptime and scalability, but why did Sana choose an availability zone on the far side of the country?

Geographic dispersal

Lilo is conducting a penetration test for a client. The client provided Lilo with limited but important information on the configuration of the systems under test. What type of pentest is Lilo performing?

Gray-box test

Michael is wanting to implement numerous smaller servers for the data center and then deploy a load balancer to gain scalability. What type of scalability is Michael trying to implement?

Horizontal Scalability

Kara discovered the web server was being overwhelmed by traffic causing a CPU bottleneck. Using an interface from the cloud provider, Kara added a second web server and a load balancer to balance the load between the two servers. What term best describes Kara's action?

Horizontal scaling

The Student Data Center (SDC) on campus ties together local computing capabilities within the SDC with capabilities from multiple public-cloud providers. Which deployment model best describes this environment?

Hybrid Cloud

Cybersecurity threat actors are divided into which of the following classifications? (choose 4)

Internal vs External Level of sophistication/capability Resources/funding Intent/motivation

Umberto discovered hash values in the organizations systems that match values found by other firms found after a ransomware attack. What term best describes this information?

IoC

Match the items below with their respective definitions.

IoC- telltale signs an attack has taken place which may include file signatures MISP- Threat Sharing Project Threat Vectors- means or pathways used to obtain access OSINT- threat intelligence acquired from publicly available sources

What are three common questions that come into play when assessing a threat intelligence source or a specific intelligence notification? (choose 3)

Is it timely? Is the information relevant? Is the information accurate?

Joanna recovers a password file with passwords stored as MD5 hashes. What tool can she use to crack the passwords?

John the Ripper

Shoulder surfing

Looking over the shoulder of someone working on a computer to view usernames, passwords, or account numbers.

Terry identified a new security vulnerability and computed its CVSS base score as 3.5. Which risk category would this vulnerability fall into?

Low

What type of malware is VBA code most likely to show up in?

Macro viruses

Taylor is seeking the Cloud Reference Architecture which offers a high-level taxonomy for cloud services. What document should Taylor access?

NIST SP Thing

Lyndsey wants to implement a striped drive solution. What RAID level does this describe?

RAID 0

Sam wants to implement a RAID array upon which data is striped across drives, with drives used for parity (checksum) of the data. Sam also wants to ensure that the system can handle more than one drive failing at a time. What RAID type should Sam use?

RAID 6

Which of the following are considered embedded systems by the Security+ exam? (there is more than one answer)

Raspberry Pi Arduinos FPGA

Match the concepts to their descriptions/functions.

SAML- XML Based Open Standard SSO-Allow a user to login with a single Password vaults- Software solutions that store Filesystem controls- Determine which accounts

Taylor is preparing to perform a cybersecurity assessment at a nuclear power plant with a focus on embedded systems controls. Which of the following topics should Taylor review to prepare?

SCADA

Match the technologies below with their related environments.

SCADA- embedded systems VOIP- telephony

Logging into an AWS environment to perform maintenance work is most commonly done through which tool?

SSH

Sam is conducting a penetration test in preparation for an external pentest engagement. Sam attempts a session hijacking attack which will require a __________ to be successful.

Session Cookie

What type of phishing targets specific groups of employees, such as all managers in the financial department of a company?

Spear Fishing

Alex is reviewing network logs and recognized a high volume of brute force username/password attacks against organization and IT leadership members' credentials. What type of attack might Alex surmise is taking place?

Spoofing

Carla is reviewing forensic evidence that suggests malicious firmware was installed into a device before it was provided by the supplier. If true, what type of threat vector best describes the attack.

Supply Chain

Cindy wants to send threat information via a standardized protocol specifically designed to exchange cyber threat information. Which should she use?

TAXII

Tina is tuning her organization's intrusion prevention system to prevent false positive alerts. What type of control is Tina implementing?

Technical Control

phases of the software development life cycle

The phases of the software development life cycle in order are: Planning , Requirements , Design , Coding , Testing , Training and Transition , and Ongoing Operations and Maintenance .

Technical Controls

Using technology that is carried out or managed by devices as a basis for controlling the access to and usage of sensitive data.

Which of the following is considered an OSINT source?

WHOIS Query

Which of the following techniques is considered passive reconnaissance?

WHOIS lookups

Tailgating

When an unauthorized individual enters a restricted-access building by following an authorized user.

Match the items with their respective definitions.

White hat hackers- good guys Black hat hackers- bad guys Gray Hat Hackers- neutral

Aubrey needs to implement LDAP service. What type of service is Aubrey attempting to enable?

a directory service

What type of recovery site has all the infrastructure and data needed to operate the organization?

a hot site

Cipher

a method used to scramble or obfuscate characters to hide their value

What type of malicious actor is most likely to use hybrid warfare?

a nation-state

Ben examined the hash values for the firmware on a firewall that was just shipped from the manufacturer and discovered they do not match values published by the firewall's manufacturer. What type of attack should Ben be concerned with regarding the mismatched hash values?

a supply chain attack

Taylor performs a backup that captures the changes since the last backup. What type of backup has Taylor performed?

an incremental backup

Steganography

art of using cryptographic techniques to hide data

An individual's name, location, and role in the organization are all examples of what?

attributes

Which of the following controls will NOT affect scan results?

audit requirements

Lilo is configuring a web server to use digital certificates and wishes to allow clients to quickly verify the status of the certificate without contacting a remote server. What technology can Lilo use to accomplish this outcome?

certificate stapling

Sam wants to change file permissions. Which of the following command-line Linux tools will accomplish this task?

chmod

Kim creates open-source software tools and wants to assure users that the code they received is authentic code provided by the author. What technique can Kim use to provide this assurance?

code signing

While on the night shift working in the SOC, Ash notices traffic between systems being monitored within the organization and a known malicious host using TCP port 6667. What type of traffic is Ash most likely detecting?

command and control

Mac needs to utilize application-level virtualization in which multiple servers operate independently while sharing an operating system. What type of resource does Mac need to use?

containers

Vicky conducted an assessment of organizational security controls and discovered that backups of data are insufficient to recover from a ransomware attack. What type of control gap exists in this case?

corrective

Which of the following measures would database administrators consider to be the best defense against data exposure?

data minimization

Sam has developed a plan to prevent ransomware, what would be an additional critical step to defend the organization against losses from ransomware? (choose the best answer)

deploy a backup system that stores files in a separate location that will not be impacted if the system or device it backs up is infected

Malware

describes wide range of software intentionally designed to cause harm to systems

In preparation for a penetration test engagement, Kai goes to the IT managers house on trash day to rifle through the trash can that is out on the street and search for information about the manager that may prove useful during the penetration test. What term describes this activity?

dumpster diving

Integrity

ensures that there are no unauthorized alterations of data

Sam is responsible for the deployment of IoT gateway devices located in close proximity to sensors that are collecting data. The gateway performs preprocessing of the data before sending results to the cloud. What term best describes this approach? Edge computing

fog computing

Morgan is testing software by sending invalid and even random data to the application. What type of code testing is Morgan conducting?

fuzzing

Sam wants to set an account policy that raises an alert if a user logs in from two different locations in a timeframe that is too short for reasonable travel. What type of account policy should Sam set?

impossible travel time

Taylor is saving hash values of data archives so that these same archives in the future can be tested to ensure that the archive has not been changed or modified. What goal of cybersecurity is Taylor attempting to achieve?

integrity

Taylor is conducting a penetration test and deploys a toolkit on a compromised system which is then used to gain access to other systems. What term best describes Taylor's activity?

lateral movement

Ransomware

malware that takes over a computer then demands payment

Jen is engaged in a penetration test and wishes to eavesdrop on communications between a user and a web server. What type of attack would Jen likely use?

man-in-the-middle

operational control

monitoring performance to ensure that operational plans - day-to-day goals - are being implemented and taking corrective action as needed

Marie is documenting a financial loss resulting from a credit card holder who claimed they did not order an item they had received and therefore refused to pay for it and it is not possible to prove otherwise. What cybersecurity principle was most directly related to this incident?

nonrepudiation

Miguel sends backups to a company that keeps them in a secure vault. What type of backup solution has Miguel implemented?

offline

Precompiled SQL statements that only require variables to be input are an example of what type of application security control?

parametetized queries

Kelly installs a backdoor in a database server that was exploited as part of a penetration test which will provide ongoing access to the server in the future. Which term describes this action?

persistence

managerial controls

processes established to manage technology in a secure manner

When making a change to a web application in use by an organization to fix a bug, the work should be completed in the _____________ environment.

production

Which of the following is NOT considered a type of virus?

rat-toolkit virus

Entering the command chmod 754 with respect to a file will result in which set of permissions?

rwxr-xr--

Benny needs to create an account for an application (e.g. a VM instance) to access other resources. What type of account should Benny use?

service account

While reviewing systems logs, Kendra determined that phishing attacks were focused solely on members of the sales and marketing team. What type of phishing does this event indicate?

spear fishing

What type of cipher operates on one character at a time?

stream cipher

Mac is monitoring a log file and wishes to view the most recent entries which are found at the bottom of the file. Which command will allow Mac to view the most recent entries to the file?

tail

Credential harvesting

the process of gathering information like usernames and passwords

What is an HSM used for?

to enable federation between organizations

substitution cipher

type of coding or ciphering system that changes one character or symbol into another

Marta discovers that someone set up a website with a URL that is nearly identical to the site she manages and appears to be easily mistaken for her own. Which of the following best describes this sort of attack?

typosquatting