CompTIA Security+ Practice Questions
After a poorly handled security breach, a company updates its security policy to include an improved incident response plan. Which of the following security controls does this update address? Compensating Deterrent Corrective Detective
Corrective
An administrator uses data from a Security Information and Event Management (SIEM) system to identify potential malicious activity. Which feature does the administrator utilize when implementing rules to interpret relationships between datapoints to diagnose incidents? A.Retention B.Trend Analysis C.Baseline D.Correlation
Correlation
A network manager assists with developing a policy to protect the company from data exfiltration. The employee devises a list of focus points to include. Which plans, when consolidated, provide the best protection for the company? (Select all that apply.) A.Store backups of critical data on site within a secure space, that may be targeted for destruction or ransom B.Creating a training program for all employees that reiterates the importance of knowing how to use encryption to secure data. C.Only allow removable media if it is company property, if it is required to perform a task, and if it has been cleared through the proper channels D.Encrypt all sensitive data at rest and disconnect systems that are storing archived data from the network
Creating a training program for all employees that reiterates the importance of knowing how to use encryption to secure data. Only allow removable media if it is company property, if it is required to perform a task, and if it has been cleared through the proper channels Encrypt all sensitive data at rest and disconnect systems that are storing archived data from the network
A document contains information about a company that is too valuable to permit any risks, and viewing is severely restricted. Analyze levels of classification and determine the appropriate classification for the document. A.Critical B.Confidential C.Classified D.Unclassified
Critical
A security team has just added iris scanners to two access control points in a secure facility. They are in the process of making adjustments to ensure authorized users have access, while unauthorized users cannot get through. Analyze the scenario and determine what metric the team is in the process of fine-tuning. A.Crossover error rate (CER) B.False rejection rate (FRR) C.False acceptance rate (FAR) D.Type II error
Crossover error rate (CER)
Which of the following methods allows subjects to determine who has access to their objects? A.RBAC B.DAC C.MAC D.ABAC
DAC
During the planning/scoping phase of the kill chain, an attacker decides that a Distributed Denial of Service (DDoS) attack would be the best way to disrupt the target website and remain anonymous. Evaluate the following explanations to determine the reason the attacker chose a DDoS attack. A.A DDoS attack can launch via covert channels B.DDoS attacks utilize botnets C.A DDoS attack creates a backdoor to a website D.DDoS attacks use impersonation
DDoS attacks utilize botnets
Where should an administrator place an internet-facing host on the network? A.DMZ B.Bastion host C.Extranet D.Private network
DMZ
An authoritative server for a zone creates an RRset signed with a Zone Signing Key. Another server requests a secure record exchange and the authoritative server returns the package along with the public key. Evaluate the scenario to determine what the authoritative server is demonstrating in this situation. A.Domain Name System (DNS) B.DNS Security Extension C.DNS Footprinting D.Dynamic Host Configuration Protocol (DHCP)
DNS Security Extension
An attacker modifies the HOSTS file on a workstation to redirect traffic. Consider the types of attacks and deduce which type of attack has likely occurred. A.DNS server cache poisoning B.DNS spoofing C.DNS client cache poisoning D.Typosquatting
DNS client cache poisoning
Analyze and determine the role responsible for managing the system where data assets are stored, and is responsible for enforcing access control, encryption, and backup measures. A.Data owner B.Data steward C.Data custodian D.Privacy officer
Data custodian
Data exists in several states, each requiring different security considerations. Evaluate the following items and select which data state presents the greatest risk due to decryption. A.Data in use B.Data in transit C.Data in motion D.Data at rest
Data in use
An organization plans the destruction of old flash drives. In an attempt to erase the media, an employee uses an electromagnet, only to discover that it did not destroy the data. Which method has the employee tried? A.Pulping B.Degaussing C.Pulverizing D.Burning
Degaussing
The IT department head returns from an industry conference feeling inspired by a presentation on the topic of cybersecurity frameworks. A meeting is scheduled with IT staff to brainstorm ideas for deploying security controls by category and function throughout the organization. Which of the following ideas are consistent with industry definitions? (Select all that apply.) Deploy a technical control to enforce network access policies. Deploy an operational control to monitor compliance with external regulations. Schedule quarterly security awareness workshops as a preventive control to mitigate social engineering attacks. Deploy agents to file servers to perform continuous backups to cloud storage as a corrective control to mitigate the impact of malware.
Deploy a technical control to enforce network access policies. Schedule quarterly security awareness workshops as a preventive control to mitigate social engineering attacks. Deploy agents to file servers to perform continuous backups to cloud storage as a corrective control to mitigate the impact of malware.
A systems engineer reviews recent backups for a production server. While doing so, the engineer discovers that archive bits on files are clearing and incorrect backup types have been occurring. Which backup type did the engineer intend to use if the bit should not be cleared? A.Snapshot B.Full C.Differential D.Incremental
Differential
Compare and evaluate the various levels and types of platform security to conclude which option applies to a hardware Trusted Platform Module (TPM). A.A security system that is designed to prevent a computer from being hijacked by a malicious operating system. B.The boot metrics and operating system files are checked and signatures verified at logon. C.Digital certificates, keys, and hashed passwords are maintained in hardware-based storage. D.The industry standard program code that is designed to operate the essential components of a system.
Digital certificates, keys, and hashed passwords are maintained in hardware-based storage.
Which of the following utilizes both symmetric and asymmetric encryption? A.Digital envelope B.Digital certificate C.Digital evidence D.Digital signature
Digital envelope
An employee works on a small team that shares critical information about the company's network. When sending emails that have this information, what would be used to provide the identity of the sender and prove that the information has not been tampered with? A.Private key B.Digital signature C.Public key D.RSA algorithm
Digital signature
A system administrator has received new systems to deploy within a work center. Which of the following should the system administrator implement to ensure proper hardening without impacting functionality? (Select all that apply.) A.Remove all third-party software. B.Disable ports that allow client software to connect to applications. C.Disable any network interfaces that are not required. D.Disable all unused services.
Disable any network interfaces that are not required. Disable all unused services.
A systems breach occurs at a financial organization. The system in question contains highly valuable data. When performing data acquisition for an investigation, which component does an engineer acquire first? A.RAM B.Browser cache C.SSD data D.Disk controller cache
Disk controller cache
Consider the challenges with providing privileged management and authorization on an enterprise network. Which of the following would the network system administrator NOT be concerned with when configuring directory services? A.Confidentiality B.Integrity C.Non-repudiation D.DoS
DoS
When a company attempts to re-register their domain name, they find that an attacker has supplied false credentials to the domain registrar and redirected their host records to a different IP address. What type of attack has occurred? A.Domain hijacking B.Domain name system client cache (DNS) poisoning C.Rogue dynamic host configuration protocol (DHCP) D.Domain name system server cache (DNS) poisoning
Domain hijacking
Incident management relies heavily on the efficient allocation of resources. Which of the following factors should an IT manager consider as it relates to the overall scope of dealing with an incident? (Select all that apply.) A.Planning time B.Downtime C.Detection time D.Recovery time
Downtime Detection time Recovery time
Contrast vendor support for products and services at the end of their life cycle. Which of the following statements describes the difference between support available during the end of life (EOL) phase and end of service life (EOSL) phase? A.During the end of life (EOL) phase, manufacturers provide limited support, updates, and spare parts. In the end of service life (EOSL), developers or vendors no longer support the product and no longer push security updates. B.During the end of service life (EOSL) phase, manufacturers provide limited support, updates, and spare parts. In the end of life (EOL), developers or vendors no longer support the product and no longer push security updates. C.All vendors adhere to a policy of providing five years of mainstream support (end of life support) and five years of extended support (end of service life support), during which vendors only ship security updates. D.A well-maintained piece of software is in its end of service life (EOSL) stage. Abandonware refers to a product during the end of life (EOL) stage, which no longer receives updates.
During the end of life (EOL) phase, manufacturers provide limited support, updates, and spare parts. In the end of service life (EOSL), developers or vendors no longer support the product and no longer push security updates.
Which statement regarding attacks on media access control (MAC) addresses accurately pairs the method of protection and what type of attack it guards against? (Select all that apply.) A.MAC filtering guards against MAC snooping. B.Dynamic Host Configuration Protocol (DHCP) snooping guards against MAC spoofing. C.MAC filtering guards against MAC spoofing. D.DAI guards against invalid MAC addresses
Dynamic Host Configuration Protocol (DHCP) snooping guards against MAC spoofing. DAI guards against invalid MAC addresses
When provisioning application services in network architecture, an engineer uses a microservices approach as a solution. Which principle best fits the engineer's implementation? A.Components working together to perform a workflow B.Being closely mapped to business workflows C.The performing of a sequence of automated tasks D.Each program or tool should do one thing well
Each program or tool should do one thing well
A network user calls the help desk after receiving an error message. The caller complains that the error message does not indicate whether the username or password input was incorrect but simply states there was an authentication error. What does this situation illustrate? A.Effective exception handling B.Dynamic code analysis C.Minimizing data exposure D.Web application validation
Effective exception handling
An engineer needs to review systems metadata to conclude what may have occurred during a breach. The first step the engineer takes in the investigation is to review MTA information in an Internet header. Which data type does the engineer review? A.Web B.Email C.File D.Cell
Compare the features of static and dynamic computing environments and then select the accurate statements. (Select all that apply.) A.Embedded systems are typically static computing environments, while most personal computers are dynamic computing environments. B.Dynamic computing environments are easier to update than static computing environments. C.Dynamic computing environments give less control to users than static computing environments. D.Dynamic computing environments are easier to secure than static computing environments.
Embedded systems are typically static computing environments, while most personal computers are dynamic computing environments. Dynamic computing environments are easier to update than static computing environments.
A company's clean desk policy will most likely feature which of the following clauses? A.Employees must not use multiple tabs in a browser window. B.Employees must keep their workplace tidy and professional in appearance. C.Employees may not use personally-owned electronic devices in the office. D.Employees must not leave documents unattended in their workspace.
Employees must not leave documents unattended in their workspace.
A hurricane has affected a company in Florida. What is the first step in the order of restoration? A.Enable and test switch infrastructure B.Enable and test power delivery systems C.Enable and test network security appliances D.Enable and test critical network servers
Enable and test power delivery systems
Which statement describes the mechanism by which encryption algorithms help protect against birthday attacks? A.Encryption algorithms utilize key stretching. B.Encryption algorithms use secure authentication of public keys. C.Encryption algorithms add salt when computing password hashes. D.Encryption algorithms must utilize a blockchain.
Encryption algorithms add salt when computing password hashes.
Digital certificates are based on the X.509 standard that defines the fields (or information) about a subject (or entity using the certificate) and the certificate's issuer. Which of the following fields would not be included in a standard public certificate? A.Extensions B.Public key C.Endorsement key D.Subject
Endorsement key
What actions are typically recommended when securing virtualized and cloud-based resources? (Select all that apply.) A.Ensure virtual machines are logging all events for auditing. B.Enforce the principle of most privilege for access to VMs. C.Ensure software and hosts are patched regularly. D.Configure devices to support isolated communications.
Ensure software and hosts are patched regularly. Configure devices to support isolated communications.
A user calls the help desk to report that Microsoft Excel continues to crash when used. The technician would like to review the logs in an attempt to determine the cause. Analyze the types of logs to determine which would contain the information the technician needs. A.Event log B.Audit log C.Security log D.Access log
Event log
An employee has requested a digital certificate for a user to access the Virtual Private Network (VPN). It is discovered that the certificate is also being used for digitally signing emails. Evaluate the possible extension attributes to determine which should be modified so that the certificate only works for VPN access. A.Valid from/to B.Extended key usage C.Serial number D.Public key
Extended key usage
In which of these situations might a non-credentialed vulnerability scan be more advantageous than a credentialed scan? (Select all that apply.) A.When active scanning poses no risk to system stability B.External assessments of a network perimeter C.Detection of security setting misconfiguration D.Web application scanning
External assessments of a network perimeter Web application scanning
Consider the types of zones within a network's topology and locate the zone considered semi-trusted and requires hosts to authenticate to join. A.Private network B.Extranet C.Internet D.Anonymous
Extranet
A network administrator uses two different automated vulnerability scanners. They regularly update with the latest vulnerability feeds. If the system regularly performs active scans, what type of error is the system most likely to make? A.False positive B.False negative C.Validation error D.Configuration error
False positive
Consider biometric methods that are used to authenticate a user. Knowing that errors are possible, which of the following would most likely result in a security breach? A.False positive B.False negative C.A low Crossover-Error-Rate (CER) D.A low throughput
False positive
A security team is setting up a secure room for sensitive systems which may have active wireless connections that are prone to eavesdropping. Which solution does the team secure the systems with to remedy the situation? A.Vault B.Colocation cage C.Faraday cage D.DMZ
Faraday cage
Many Internet companies, such as Google and Facebook, allow users to share a single set of credentials between multiple services providers. For example, a user could login to Amazon using their Facebook credentials. Which term correctly defines this example? A.Federation B.Single sign-on C.Permission D.Access control
Federation
Analyze the features of Microsoft's Information Rights Management (IRM) and choose the scenarios that accurately depict IRM. (Select all that apply.) A.File permissions are assigned based on the roles within a document. B.A document is emailed as an attachment, but cannot be printed by the receiver. C.A document does not allow screen capture to any device it is sent to. D.An email message cannot be forwarded to another employee.
File permissions are assigned based on the roles within a document. A document is emailed as an attachment, but cannot be printed by the receiver. An email message cannot be forwarded to another employee.
You are asked to help design a security system. What are some methods that can be used to mitigate risks to embedded systems in such environments? (Select all that apply.) A.Faraday cage B.Firmware patching C.Network Segmentation D.Wrappers
Firmware patching Network Segmentation Wrappers
IT staff looks to provide a high level of fault tolerance while implementing a new server. With which systems configuration approach does the staff achieve this goal? A.Adapting to demand in real time B.Adding more resources for power C.Focusing on critical components D.Increasing the power of resources
Focusing on critical components
A security professional is looking to harden systems at an industrial facility. In particular, the security specialist needs to secure an HVAC system that is part of an IoT network. Which areas does the specialist look to secure from data exfiltration exploits? (Select all that apply.) A.Edge devices B.Data center C.Fog node D.Edge gateway
Fog node Edge gateway
Which term defines the practice of collecting evidence from computer systems to an accepted standard in a court of law? A.Forensics B.Due process C.eDiscovery D.Legal hold
Forensics
Which of the following is mostly considered an insider threat? (Select all that apply.) Former employee Contractor Customer White hat hacker
Former employee Contractor
Choose which of the following items classify as Personally Identifiable Information. (Select all that apply.) A.Job position B.Gender C.Full name D.Date of birth
Full name Date of birth
What is the purpose of a web server certificate? A.Sign and encrypt email messages. B.Guarantee the validity of a browser plug-in. C.Provide identification of the certificate authority. D.Guarantee the identity of a website.
Guarantee the identity of a website.
A hospital must balance the need to keep patient privacy information secure and the desire to analyze the contents of patient records for a scientific study. What cryptographic technology can best support the hospital's needs? A.Blockchain B.Quantum computing C.Perfect forward security (PFS) D.Homomorphic encryption
Homomorphic encryption
Management has reason to believe that someone internal to the organization is committing fraud. To confirm their suspicion, and to collect evidence, they need to set up a system to capture the events taking place. Evaluate which option will best fit the organization's needs. A.Honeynet B.Honeypot C.Exploitation framework D.Metasploit
Honeypot
A natural disaster has resulted in a company moving to an alternate processing site. The company has operations moved almost immediately as a result of having a building with all of the equipment and data needed to resume services. The alternative site was actively running prior to the natural disaster. Evaluate the types of recovery sites to determine which processing site the company is utilizing. A.Replication site B.Cold site C.Warm site D.Hot site
Hot site
When a network uses Extensible Authentication Protocol (EAP) as the authentication method, what access control mechanism restricts local traffic to authentication data when a client connects over a Virtual Private Network (VPN) gateway? A.IEEE802.1X B.Kerberos C.Terminal Access Controller Access-Control System Plus (TACACS+) D.Remote Authentication Dial-in User Service (RADIUS)
IEEE802.1X
An employee recently retired, and the employee received an exit interview, returned a company-issued laptop, and had company-specific programs and applications removed from a personal PC. Evaluate this employee's offboarding process and determine what, if anything, remains to be done. A.The offboarding process is complete; no further action is necessary. B.IT needs to disable the employee's user account and privileges. C.IT needs to delete any company data encrypted with the employee's key. D.The employee must sign a nondisclosure agreement (NDA).
IT needs to disable the employee's user account and privileges.
A systems administrator suspects that a virus has infected a critical server. In which step of the incident response process does the administrator notify stakeholders of the issue? A.Recovery B.Identification C.Containment D.Eradication
Identification
An engineer utilizes digital forensics for information gathering. While doing so, the first focus is counterintelligence. Which concepts does the engineer pursue? (Select all that apply.) A.Identification and analysis of specific adversary tactics B.Build cybersecurity capabilities C.Configure and audit active logging systems D.Inform risk management provisioning
Identification and analysis of specific adversary tactics Configure and audit active logging systems
Select the phase of risk management a company has performed if they analyzed workflows and identified critical tasks that could cause their business to fail, if not performed. A.Identify mission essential functions B.Identify vulnerabilities C.Identify threats D.Analyze business impacts
Identify mission essential functions
The National Institute of Standards and Technology (NIST) provides a framework that classifies security-related functions. Which description aligns with the "respond" function? Evaluate risks, threats, and vulnerabilities. Perform ongoing, proactive monitoring. Implement resilience to restore systems. Identify, analyze, and eradicate threats.
Identify, analyze, and eradicate threats.
Which statement best explains the differences between black box, white box, and gray box attack profiles used in penetration testing? A.A black box pen tester acts as a privileged insider and must perform no reconnaissance. A white box pen tester has no access, and reconnaissance is necessary. A gray box actor is a third-party actor who mediates between a black box and white box pen tester. B.A black box pen tester acts as the adversary in the test, while the white box pen tester acts in a defensive role. A gray box pen tester is a third-party actor who mediates between a black box pen tester and a white box pen tester. C.In a black box pen test, the contractor receives no privileged information, so they must perform reconnaissance. In contrast, a white box pen tester has complete access and skips reconnaissance. A gray box tester has some, but not all information, and requires partial reconnaissance. D.In a white box pen test, the contractor receives no privileged information, so they must perform reconnaissance. In contrast, a black box pen tester has complete access and skips reconnaissance. A gray box tester has some, but not all information, and requires partial reconnaissance.
In a black box pen test, the contractor receives no privileged information, so they must perform reconnaissance. In contrast, a white box pen tester has complete access and skips reconnaissance. A gray box tester has some, but not all information, and requires partial reconnaissance.
Analyze and eliminate the item that is NOT an example of a reconnaissance technique. Initial exploitation Open Source Intelligence (OSINT) Social engineering Scanning
Initial exploitation
Which of the following is a common solution that protects an application from behaving in an unexpected way when passing invalid data through an attack? A.Buffer overflow B.Race conditions C.Zero-day exploit D.Input Validation
Input Validation
Which of the following statements differentiates between input validation and output encoding? A.Input validation ensures that data input into an application is in a compatible format for the application, while output encoding re-encodes data that transfers between scripts. B.Input validation is a server-side validation method, while output encoding is a client-side validation method. C.Output encoding is a server-side validation method, while input validation encoding is a client-side validation method. D.Input validation forces the browser to connect using HTTPS only, while output encoding sets whether the browser can cache responses.
Input validation ensures that data input into an application is in a compatible format for the application, while output encoding re-encodes data that transfers between scripts.
A user presents a smart card to gain access to a building. Authentication is handled through integration to a Windows server that's acting as a certificate authority on the network. Review the security processes and conclude which are valid when using Kerberos authentication. (Select all that apply.) A.Inputting a correct PIN authorizes the smart card's cryptoprocessor to use its private key to create a Ticket Granting Ticket (TGT) request. B.The smart card generates a one-time use Ticket Granting Service (TGS) session key and certificate. C.The Authentication Server (AS) trusts the user's certificate as it was issued by a local certification authority. D.The Authentication Server (AS) is able to decrypt the request because it has a matching certificate.
Inputting a correct PIN authorizes the smart card's cryptoprocessor to use its private key to create a Ticket Granting Ticket (TGT) request. The Authentication Server (AS) trusts the user's certificate as it was issued by a local certification authority.
An Identity and Access Management (IAM) system has four main processes. Which of the following is NOT one of the main processes? A.Accounting B.Identification C.Integrity D.Authentication
Integrity
One aspect of threat modeling is to identify potential threat actors and the risks associated with each one. When assessing the risk that any one type of threat actor poses to an organization, what are the critical factors to profile? (Select all that apply.) A.Education B.Socioeconomic status C.Intent D.Motivation
Intent Motivation
Analyze the available detection techniques and determine which are useful in identifying a rogue system through software management. (Select all that apply.) A.Visual inspection of ports and switches will prevent rogue devices from accessing the network. B.Network mapping is an easy way to reveal the use of unauthorized protocols on the network or unusual traffic volume. C.Intrusion detection and NAC are security suites and appliances that combine automated network scanning with defense and remediation suites to prevent rogue devices from accessing the network. D.Wireless monitoring can reveal whether there are unauthorized access points.
Intrusion detection and NAC are security suites and appliances that combine automated network scanning with defense and remediation suites to prevent rogue devices from accessing the network. Wireless monitoring can reveal whether there are unauthorized access points.
A company security manager takes steps to increase security on Internet of Things (IoT) devices and embedded systems throughout a company's network and office spaces. What measures can the security manager use to implement secure configurations for these systems? (Select all that apply.) A.Isolate hosts that are using legacy versions of operating systems (OSes) from other network devices through network segmentation. B.Use wrappers, such as Internet Protocol Security (IPSec) for embedded systems' data in transit. C.Increase network connectivity for embedded systems so they receive regular updates. D.Maintain vendor-specific software configuration on Internet of Things (IoT) devices that users operate at home and in the office.
Isolate hosts that are using legacy versions of operating systems (OSes) from other network devices through network segmentation. Use wrappers, such as Internet Protocol Security (IPSec) for embedded systems' data in transit.
A web administrator visits a website after installing its certificate to test the SSL binding. The administrator's client computer did not trust the website's certificate. The administrator views the website's certificate from the browser to determine which certificate authority (CA) generated the certificate. Which certificate field would assist with the troubleshooting process? A.Subject alternative name B.Signature algorithm C.Issuer D.Subject
Issuer
If not managed properly, certificate and key management can represent a critical vulnerability. Assess the following statements about key management and select the true statements. (Select all that apply.) A.If a key used for signing and encryption is compromised, it can be easily destroyed with a new key issued. B.It is exponentially more difficult to ensure the key is not compromised with multiple backups of a private key. C.If a private key, or secret key, is not backed up, the storage system represents a single point of failure. D.A compromised private key that encrypts data is of no concern if the same key signs documents.
It is exponentially more difficult to ensure the key is not compromised with multiple backups of a private key. If a private key, or secret key, is not backed up, the storage system represents a single point of failure.
Evaluate the metrics associated with Mission Essential Functions (MEF) to determine which example is demonstrating Work Recovery Time (WRT). A.A business function takes five hours to restore, resulting in an irrecoverable business failure. B.It takes two hours to identify an outage and restore the system from backup. C.It takes three hours to restore a system from backup, and the restore point is two hours prior to the outage. D.It takes three hours to restore a system from backup, reintegrate the system, and test functionality.
It takes three hours to restore a system from backup, reintegrate the system, and test functionality.
When endpoint security experiences a breach, there are several classes of vector to consider for mitigation. Which type relates to exploiting an unauthorized service port change? A.Configuration drift B.Weak configuration C.Lack of controls D.Social Engineering
Lack of controls
A security expert archives sensitive data that is crucial to a legal case involving a data breach. The court is holding this data due to its relevance. The expert fully complies with any procedures as part of what legal process? A.Chain of custody B.Due process C.Forensics D.Legal hold
Legal hold
A Redundant Array of Independent Disks (RAID) is installed with data written to two disks with 50% storage efficiency. Which RAID level has been utilized? A.Level 0 B.Level 1 C.Level 5 D.Level 6
Level 1
A systems engineer configures a disk volume with a Redundant Array of Independent Disks (RAID) solution. Which solution does the engineer utilize when allowing for the failure of two disks? A.Level 1 B.Level 0 C.Level 5 D.Level 6
Level 6
A large sales organization uses a cloud solution to store large amounts of data. One afternoon, the data becomes inaccessible due to an outage at a data center. Which replication service level is currently in use? A.Regional B.Local C.Geo-redundant D.Zone
Local
A company has a critical encryption key that has an M-of-N control configuration for protection. Examine the examples and select the one that correctly illustrates the proper configuration for this type of protection of critical encryption keys. A.M=1 and N=5 B.M=3 and N=5 C.M=6 and N=5 D.M=0 and N=5
M=3 and N=5
A company determines the mean amount of time to replace or recover a system. What has the company calculated? A.MTBF B.KPI C.MTTR D.MTTF
MTTR
An employee calls IT personnel and states that they received an email with a PDF document to review. After the PDF was opened, the system has not been performing correctly. An IT admin conducted a scan and found a virus. Determine the two classes of viruses the computer most likely has. (Select all that apply.) A.Boot sector B.Macro C.Script D.Trojan
Macro Script
A hacker compromises a web browser and uses access to harvest credentials users input when logging in to banking websites. What type of attack has occurred? A.Evil twin B.Man-in-the-Browser C.Session hijacking D.Clickjacking
Man-in-the-Browser
A client contacts a server for a data transfer. Instead of requesting TLS1.3 authentication, the client claims legacy systems require the use of SSL. What type of attack might a data transfer using this protocol facilitate? A.Credential harvesting B.Key stretching C.Phishing D.Man-in-the-middle
Man-in-the-middle
How might the goals of basic network management not align with the goals of security? Management focuses on confidentiality and availability. Management focuses on confidentiality over availability. Management focuses on integrity and confidentiality. Management focuses on availability over confidentiality.
Management focuses on availability over confidentiality.
A company has an annual contract with an outside firm to perform a security audit on their network. The purpose of the annual audit is to determine if the company is in compliance with their internal directives and policies for security control. Select the broad class of security control that accurately demonstrates the purpose of the audit. Managerial Technical Physical Compensating
Managerial
Examine the differences between general purpose personal computer hosts and embedded systems and select the true statements regarding embedded system constraints. (Select all that apply.) A.Many embedded systems work on battery power, so they cannot require significant processing overhead. B.Many embedded systems rely on a root of trust established at the hardware level by a trusted platform module (TPM). C.Embedded systems often use the system on chip (SoC) design to save space and increase power efficiency. D.Most embedded systems are based on a common but customizable design, such as Raspberry Pi or Arduino.
Many embedded systems work on battery power, so they cannot require significant processing overhead. Embedded systems often use the system on chip (SoC) design to save space and increase power efficiency.
A project manager is developing a site layout for a new facility. Consider the principles of site layout design to recommend the best plan for the project. A.Locate secure zones near the front of the building and next to the security desk, for monitoring entry and exit. B.Do not make the building a target by placing signs and warnings of the security within the building. C.Minimize traffic passing between zones so that the flow of people are in and out, instead of across and between. D.Place windows in rooms within secure zones to deter unauthorized people or actions due to the higher visibility.
Minimize traffic passing between zones so that the flow of people are in and out, instead of across and between.
Which security related phrase relates to the integrity of data? Availability Modification Knowledge Risk
Modification
A system administrator wants to install a mechanism to conceal the internal IP addresses of hosts on a private network. What tool can the administrator use to accomplish this security function? A.NAT gateway B.Reverse proxy server C.Virtual firewall D.Access Control List (ACL)
NAT gateway
Which of the following has a cyber security framework (CSF) that focuses exclusively on IT security, rather than IT service provisioning? National Institute of Standards and Technology (NIST) International Organization for Standardization (ISO) Control Objectives for Information and Related Technologies (COBIT) Sherwood Applied Business Security Architecture (SABSA)
National Institute of Standards and Technology (NIST)
A networking administrator is reviewing available security products to further fine-tune the existing firewall and appliance settings. Through analysis of what system's logs can an administrator tune firewall rulesets and remove or block suspect hosts and processes from the network? A.Network-based intrusion detection system (NIDS) B.Unified threat management (UTM) product C.Network-based intrusion prevention system (IPS) D.Network behavior and anomaly detection (NBAD) product
Network-based intrusion detection system (NIDS)
Evaluate the following choices based on their potential to lead to a network breach. Select the choice that is NOT a network architecture weakness. A.The network architecture is flat. B.Services rely on the availability of several different systems. C.The network relies on a single hardware server. D.Not all hosts on the network can talk to one another.
Not all hosts on the network can talk to one another.
A security team suspects the unauthorized use of an application programming interface (API) to a private web-based service. Which metrics do the team analyze and compare to a baseline for response times and usage rates, while investigating suspected DDoS attacks? (Select all that apply.) A.Number of requests B.Error rates C.Latency D.Endpoint connections
Number of requests Latency
Successful adversarial attacks mostly depend on knowledge of the algorithms used by the target AI. In an attempt to keep an algorithm secret, which method does an engineer use when hiding the secret? A.AI training B.Obscurity C.Filtering D.Analytics
Obscurity
A cloud server has been breached. The organization realizes that data acquisition differs in the cloud when compared to on-premises. What roadblocks may the organization have to consider when considering data? (Select all that apply.) A.On-demand services B.Jurisdiction C.Chain of custody D.Notification laws
On-demand services Jurisdiction Chain of custody
An engineer looks to implement security measures by following the five functions in the National Institute of Standards and Technology (NIST) Cybersecurity Framework. When documenting the "detect" function, what does the engineer focus on? Evaluate risks and threats Install, operate, and decommission assets Ongoing proactive monitoring Restoration of systems and data
Ongoing proactive monitoring
A hotel guest opens their computer and logs into the Wi-Fi without prompting the guest for a username and password. Upon opening an internet browser, a splash page appears that requests the guest's room number and last name for authentication. Which type of authentication is the hotel utilizing? A.Protected B.Extensive C.Group D.Open
Open
A contractor has been hired to conduct security reconnaissance on a company. The contractor browses the company's website to identify employees and then finds their Facebook pages. Posts found on Facebook indicate a favorite bar that employees frequent. The contractor visits the bar and learns details of the company's security infrastructure through small talk. What reconnaissance phase techniques does the contractor practice? (Select all that apply.) Open Source Intelligence (OSINT) Scanning Social engineering Persistence
Open Source Intelligence (OSINT) Social engineering
Examine each attack vector. Which is most vulnerable to escalation of privileges? A.Software B.Operating System (OS) C.Applications D.Ports
Operating System (OS)
Evaluate approaches to applying patch management updates to select the accurate statement. A.Operating System major release updates can cause problems with software application compatibility. B.Applying all patches as released is more time consuming than only applying patches as needed. C.It is more costly to apply all patches, so most companies choose to apply patches on an as-needed basis. D.It is best practice to install patches immediately to provide the highest level of security for workstations.
Operating System major release updates can cause problems with software application compatibility.
Which microwave connection mode is most appropriate for forming a strong connection between two sites? A.P2P B.P2M C.OTA D.OTG
P2P
A network administrator conducts a network assessment to determine where to implement a network intrusion detection system (NIDS). Which sensor deployment option is most ideal if the admin is concerned about system overloads and resiliency in the event of power loss? A.Passive test access point (TAP) B.Active test access point (TAP) C.Aggregation test access point (TAP) D.Switched port analyzer (SPAN)/mirror port
Passive test access point (TAP)
Examine the tradeoff between traditional password policy complexity requirements and updated practical suggestions from the National Institute of Standards and Technology (NIST) and select the statement that fits both practical password management and traditional complexity requirements. A.Passwords should be easy to remember and can include spaces and repetitive strings of numbers (like 987654). B.Passwords should be easy to remember, but should never use spaces. C.Passwords should be written in a common password repository held secure by a member of the IT staff. D.Passwords should not contain dictionary words or contextual information, such as a username or the company name.
Passwords should not contain dictionary words or contextual information, such as a username or the company name.
When using a digital envelope to exchange key information, the use of what key agreement mitigates the risk inherent in the Rivest-Shamir-Adleman (RSA) algorithm, and by what means? A.Perfect forward secrecy (PFS) uses Diffie-Hellman (DH) key agreement to create ephemeral session keys without using the server's private key. B.The Cipher Block Chaining (CBC) key agreement mode uses an initialization vector (IV) to create ephemeral session keys without using the server's private key. C.Counter mode in key agreement makes the advanced encryption standard (AES) algorithm work as a stream cipher, by applying an initialization vector to issue a security certificate. D.A certificate authority (CA) validates the public key's owner and creates an initialization vector to protect the exchange from snooping.
Perfect forward secrecy (PFS) uses Diffie-Hellman (DH) key agreement to create ephemeral session keys without using the server's private key.
A network administrator regularly reviews group membership and access control lists for each resource. The administrator also looks for unnecessary accounts to disable. What is the administrator executing in this situation? A.Recertification B.Logging C.Permission auditing D.Usage auditing
Permission auditing
A hacker set up a Command and Control network to control a compromised host. What is the ability of the hacker to use this remote connection method as needed known as? A.Weaponization B.Persistence C.Reconnaissance D.Pivoting
Persistence
A threat analyst is asked about malicious code indicators. Which indicator allows the threat actor's backdoor to restart if the host reboots or the user logs off? A.Persistence B.Credential dumping C.Shellcode D.Lateral movement/inside attacker
Persistence
Which of the following depict ways a malicious attacker can gain access to a target's network? (Select all that apply.) A.Ethical hacking B.Phishing C.Shoulder surfing D.Influence campaign
Phishing Shoulder surfing
An organization suspects that a visitor is performing data exfiltration while on the premises. The organization knows that the visitor does not have physical access to any computer system. Which of the following methods does the organization suspect the visitor of using? (Select all that apply.) A.Phone B.USB C.Remote access D.Camera
Phone Camera
A system administrator is setting up a new Simple Mail Transfer Protocol (SMTP) configuration. Make recommendations for how the administrator should configure the ports. (Select all that apply.) A.Port 110 should be used by mail clients to submit messages for delivery. B.Port 143 should be used to connect clients. C.Port 25 should be used for message relay. D.Port 465 should be used for message submission over implicit TLS.
Port 25 should be used for message relay. Port 465 should be used for message submission over implicit TLS.
Which scripting language is the preferred method of performing Windows administration tasks? A.Javascript B.Python C.Ruby D.Powershell
Powershell
Arrange the following stages of the incident response life cycle in the correct order. A.Preparation; Identification; Containment, Eradication, and Recovery; Lessons Learned B.Identification; Preparation; Containment, Eradication, and Recovery; Lessons Learned C.Containment, Eradication, and Recovery; Identification; Preparation; Lessons Learned D.Identification; Containment, Eradication, and Recovery; Preparation; Lessons Learned
Preparation; Identification; Containment, Eradication, and Recovery; Lessons Learned
Examine each statement and determine which most accurately describes a major limitation of quantum computing technology. A.Presently, quantum computers do not have the capacity to run useful applications. B.Quantum computing is not yet sufficiently secure to run current cryptographic ciphers. C.Quantum computing is not sufficiently agile to update the range of security products it most frequently uses. D.Attackers may exploit a crucial vulnerability in quantum computing to covertly exfiltrate data.
Presently, quantum computers do not have the capacity to run useful applications.
An engineer receives an alert from a mobile system equipped with an RFID tag. Upon investigating, the mobile system is missing from its assigned station. Which alarm type prompted the engineer to investigate? A.Duress B.Proximity C.Motion D.Circuit
Proximity
Which two cryptographic functions can be combined to authenticate a sender and prove the integrity of a message? A.Hashing and symmetric encryption B.Public key cryptography and digital enveloping C.Hashing and digital enveloping D.Public key cryptography and hashing
Public key cryptography and hashing
An organization plans the destruction of old HDDs. In an effort to save money, the organization damages the media by impact, but they did not destroy all of the data. Which method has the organization tried? A.Degaussing B.Pulping C.Shredding D.Pulverizing
Pulverizing
Both Remote Access Dial-In User Service (RADIUS) and Terminal Access Controller Access-Control System (TACACS+) provide authentication, authorization, and accounting using a separate server (the AAA server). Based on the protocols' authentication processes, select the true statements. (Select all that apply.) A.TACACS+ is open source and RADIUS is a proprietary protocol from Cisco. B.RADIUS uses UDP and TACACS+ uses TCP. C.TACACS+ encrypts the whole packet (except the header) and RADIUS only encrypts the password. D.RADIUS is primarily used for network access and TACACS+ is primarily used for device administration.
RADIUS uses UDP and TACACS+ uses TCP. TACACS+ encrypts the whole packet (except the header) and RADIUS only encrypts the password. RADIUS is primarily used for network access and TACACS+ is primarily used for device administration.
Identify the type of attack that occurs when the outcome from execution process are directly dependent on the order and timing of certain events, and those events fail to execute in the order and timing intended by the developer. A.Stack overflow B.Integer overflow C.Race conditions D.Dynamic Link Library (DLL) injection
Race conditions
An employee handles key management and has learned that a user has used the same key pair for encrypting documents and digitally signing emails. Prioritize all actions that should be taken and determine the first action that the employee should take. A.Revoke the keys. B.Recover the encrypted data. C.Generate a new key pair. D.Generate a new certificate.
Recover the encrypted data.
Compare and contrast the types of Cross-Site Scripting (XSS) attacks, and select the option that accurately distinguishes between them. A.Reflected and stored XSS attacks exploit client-side scripts, while the DOM is used to exploit vulnerabilities in server-side scripts. B.Reflected and stored XSS attacks exploit server-side scripts, while the DOM is used to exploit vulnerabilities in client-side scripts. C.Reflected and DOM attacks exploit server-side scripts, while a stored attack exploits vulnerabilities in client-side scripts. D.Nonpersistent and persistent attacks exploit client-side scripts, while the DOM is used to exploit vulnerabilities in server-side scripts.
Reflected and stored XSS attacks exploit server-side scripts, while the DOM is used to exploit vulnerabilities in client-side scripts.
Select the options that can be configured by Group Policy Objects (GPOs). (Select all that apply.) A.Registry settings B.Code signing C.Software deployment D.Baseline deviation
Registry settings Software deployment
Evaluate the Agile paradigm within a Software Development Lifecycle (SDLC) to determine which statement demonstrates the idea of continuous tasks. A.Devising an application's initial scope and vision for the project B.Prioritizing the requirements and work through the cycles of designing, developing, and testing C.Releasing well-tested code in smaller blocks D.Perform the final integration and testing of the solution
Releasing well-tested code in smaller blocks
A system administrator uses a Graphical User Interface (GUI) remote administration tool over TCP port 3389 to manage a server operating Windows 2016. Evaluate the types of remote administration tools to conclude which protocol the administrator is using. A.Secure Shell B.Telnet C.Dynamic Host Configuration Protocol D.Remote Desktop
Remote Desktop
A system compromise prompts the IT department to harden all systems. The technicians look to block communications to potential command and control servers. Which solutions apply to working with egress filtering? (Select all that apply.) A.Mediate the copying of tagged data B.Restrict DNS lookups C.Remove compromised root certificates D.Allow only authorized application ports
Restrict DNS lookups Allow only authorized application ports
Biometric authentication methods have different error rates, with some methods being easier to fool than others. An unauthorized user is unlikely to fool which of the following methods? A.Fingerprint scan B.Retinal scan C.Facial recognition D.Voice recognition
Retinal scan
A systems administrator deploys a cloud access security broker (CASB) solution for user access to cloud services. Evaluate the options and determine which solution may be configured at the network edge and without modifying a user's system. A.Single sign-on B.Application programming interface C.Forward proxy D.Reverse proxy
Reverse proxy
A network administrator wants to use a proxy server to prevent external hosts from connecting directly with application servers. Which proxy server implementation will best fit this need? A.Transparent proxy server B.Non-transparent proxy server C.Caching proxy server D.Reverse proxy server
Reverse proxy server
An attacker compromises a Linux host, installing a web shell as a backdoor. If the attacker gained access to the host through a connection the host established, what type of attack has occurred? A.Man-in-the-Browser (MitB) B.Reverse shell C.Rootkit D.Session hijacking
Reverse shell
A recent systems crash prompts an IT administrator to perform recovery steps. Which mechanism does the administrator use to achieve nonpersistence? A.Configuration validation B.Data replication C.Restoration automation D.Revert to known state
Revert to known state
An employee handling key management discovers that a private key has been compromised. Evaluate the stages of a key's life cycle and determine which stage the employee initiates upon learning of the compromise. A.Certificate generation B.Key generation C.Expiration and renewal D.Revocation
Revocation
Management of a company identifies priorities during a risk management exercise. By doing so, which risk management approach does management use? A.Inherent risk B.Risk posture C.Risk transference D.Risk avoidance
Risk posture
A gaming company decides to add software on each title it releases. The company's objective is to require the CD to be inserted during use. This software will gain administrative rights, change system files, and may hide from detection without the knowledge or consent of the user. Consider the malware characteristics and determine which may be used. (Select all that apply) A.Spyware B.Keylogger C.Rootkit D.Trojan
Rootkit Trojan
A company is working to restore operations after a blizzard stopped all operations. Evaluate the order of restoration and determine the correct order of restoring devices from first to last. A.Routers, firewalls, Domain Name System (DNS), client workstations B.Domain Name System (DNS), routers, firewalls, client workstations C.Firewalls, routers, Domain Name System (DNS), client workstations D.Routers, client workstations, firewalls, Domain Name System (DNS)
Routers, firewalls, Domain Name System (DNS), client workstations
Security specialists create a sinkhole to disrupt any adversarial attack attempts on a private network. Which solution do the specialists configure? A.Routing traffic to a different network B.Using fake telemetry in response to port scanning C.Configuring multiple decoy directories on a system D.Staging fake IP addresses as active
Routing traffic to a different network
A security team desires to modify event logging for several network devices. One team member suggests using the configuration files from the current logging system with another open format that uses TCP with a secure connection. Which format does the team member suggest? A.Syslog-ng B.Rsyslog C.Syslog D.NXlog
Rsyslog
An engineer creates a set of tasks that queries information and runs some PowerShell commands to automate several stages of the process, including the identification of threats and other malicious activity on multiple servers. The engineer defines these tasks using which of the following? A.Runbook B.Playbook C.Orchestration D.Automation
Runbook
Consider the role trust plays in federated identity management and determine which models rely on networks to establish trust relationships. (Select all that apply.) A.SAML B.OAuth C.OpenID D.LDAP
SAML OAuth OpenID
Analyze each statement and determine which describes a fundamental improvement on traditional log management that security information and event management (SIEM) offers. A.SIEM is completely automated; it requires no manual data preparation. B.SIEM logs ensure non-repudiation, whereas other logs cannot link a specific user to an action. C.SIEM can perform correlation, linking observables into meaningful indicators of risk or compromise. D.SIEM addresses the issue of sheer volume of alerts, using machine learning to facilitate threat hunting.
SIEM can perform correlation, linking observables into meaningful indicators of risk or compromise.
An individual receives a text message that appears to be a warning from a well-known order fulfillment company, informing them that the carrier has tried to deliver his package twice, and that if the individual does not contact them to claim it, the package will not be delivered. Analyze the scenario and select the social engineering technique being used. A.SMiShing B.Phishing C.Vishing D.Prepending
SMiShing
Given that layer 2 does not recognize Time to Live, evaluate the potential problems to determine which of the following options prevents this issue. A.ICMP B.L2TP C.NTP D.STP
STP
Which cookie attribute can a security admin configure to help mitigate a request forgery attack? A.Secure B.HttpOnly C.SameSite D.Cache-Control
SameSite
There are several types of security zones on a network. Analyze network activities to determine which of the following does NOT represent a security zone. A.DMZ B.Screened host C.Wireless D.Guest network
Screened host
A system administrator needs secure remote access into a Linux server. Evaluate the types of remote administration to recommend which protocol should be used in this situation. A.Telnet B.Secure Shell (SSH) C.Remote Desktop Protocol (RDP) D.Kerberos
Secure Shell (SSH)
Given knowledge of secure firmware implementation, select the statement that describes the difference between secure boot and measured boot. A.Secure boot requires a unified extensible firmware interface (UEFI) and trusted platform module (TPM), but measured boot requires only a unified extensible firmware interface (UEFI). B.Secure boot provisions certificates for trusted operating systems (OSes) and blocks unauthorized OSes. Measured boot stores and compares hashes of critical boot files to detect the presence of unauthorized processes. C.Secure boot is the process of sending a signed boot log or report to a remote server, while measured boot provisions certificates for trusted operating systems (OSes) and blocks unauthorized OSes. D.Secure boot requires a unified extensible firmware interface (UEFI) but does not require a trusted platform module (TPM). Measured boot is the mechanism by which a system sends signed boot log or report to a remote server.
Secure boot provisions certificates for trusted operating systems (OSes) and blocks unauthorized OSes. Measured boot stores and compares hashes of critical boot files to detect the presence of unauthorized processes.
Which of the following solutions best addresses data availability concerns that may arise with the use of application-aware next-generation firewalls (NGFW) and unified threat management (UTM) solutions? A.Signature-based detection system B.Secure web gateway (SWG) C.Network-based intrusion prevention system (IPS) D.Active or passive test access point (TAP)
Secure web gateway (SWG)
If an administrator in an exchange server needs to send digitally signed and encrypted messages, what messaging implementation will best suit the administrator's needs? A.Secure/Multipurpose Internet Mail Extensions (S/MIME) B.Secure Post Office Protocol v3 (POP3S) C.Internet Message Access Protocol v4 (IMAP4) D.Simple Mail Transfer Protocol (SMTP)
Secure/Multipurpose Internet Mail Extensions (S/MIME)
During a penetration test, an adversary operator sends an encrypted message embedded in an attached image. Analyze the scenario to determine what security principles the operator is relying on to hide the message. (Select all that apply.) A.Security by obscurity B.Integrity C.Prepending D.Confidentiality
Security by obscurity Confidentiality
Which of the following is NOT a use of cryptography? A.Non-repudiation B.Obfuscation C.Security through obscurity D.Resiliency
Security through obscurity
An organization plans a move of systems to the cloud. In order to identify and assign areas of risk, which solution does the organization establish to contractually specify cloud service provider responsibilities? A.Service level agreement B.Trust relationship C.Responsibilities matrix D.High availability
Service level agreement
Which malicious code indicator is a minimal program designed to exploit a buffer overflow? A.Credential dumping B.Persistence C.Lateral movement/insider attack D.Shellcode
Shellcode
An employee is having coffee at an outdoor coffee shop and is not taking precautions against someone watching their screen while working on a company project. A person a few tables over watches the employee enter their credentials and then takes photos of the work they are completing with their smartphone. Which form of social engineering is being used in this situation? A.Vishing B.Lunchtime attack C.Shoulder surfing D.Man-in-the-middle attack
Shoulder surfing
Which of the following considerations is most important when employing a signature-based intrusion detection system? A.The system may produce false positives and block legitimate activity. B.The system must create a valid baseline signature of normal activity. C.Signatures and rules must be kept up to date to protect against emerging threats. D.Signatures and rules must be able to detect zero-day attacks.
Signatures and rules must be kept up to date to protect against emerging threats.
An employee has arrived to work and logged into the network with their smart card. This employee now has access to the company databases, email, and shared network resources. Evaluate all of the basic authorization policies and determine the policy best illustrated in this scenario. A.Least privilege B.Implicit deny C.Single Sign-On (SSO) D.Access key
Single Sign-On (SSO)
A system breach occurs at a retail distribution center. Data from a persistent disk is required as evidence. No write blocker technology is available. Which approach does a security analyst use to acquire the disk? A.Carving B.Cache C.Snapshot D.Artifact
Snapshot
A system administrator suspects a memory leak is occurring on a client. Determine which scenario would justify this finding. A.A rapid decrease in disk space has been logged. B.High page file utilization has been logged. C.High memory utilization during scheduled backups after-hours. D.Software does not release allocated memory when it is done with it.
Software does not release allocated memory when it is done with it.
A new cloud-based application will replicate its data on a global scale, but will exclude residents of the European Union. Which concerns should the organization that provides the data to consumers take into consideration? (Select all that apply.) A.General Data Protection Regulations (GDPR) B.Sovereignty C.Location D.Roles
Sovereignty Location
A security expert needs to review systems information to conclude what may have occurred during a breach. The expert reviews NetFlow data. What samples does the expert review? A.Protocol usage and endpoint activity B.Traffic statistics at any layer of the OSI model C.Statistics about network traffic D.Bandwidth usage and comparative baselines.
Statistics about network traffic
A hacker is able to install a keylogger on a user's computer. What is the hacker attempting to do in this situation? A.Key management B.Encryption C.Obfuscation D.Steal confidential information
Steal confidential information
An attacker uses a cryptographic technology to create a covert message channel in transmission control protocol (TCP) packet data fields. What cryptographic technique does this attack strategy employ? A.Homomorphic encryption B.Blockchain C.Steganography D.Key stretching
Steganography
Which statement best describes key differences between symmetric and asymmetric cryptographic ciphers? A.Symmetric encryption is used for confidentiality, and uses the same key for encryption and decryption. B.Asymmetric encryption is primarily used for confidentiality, and uses different keys for encryption and decryption. C.Symmetric encryption is used for authentication, and is the most efficient method of encryption for large data transfers. D.Asymmetric encryption is used for non-repudiation and is the most efficient method of encryption for large data transfers.
Symmetric encryption is used for confidentiality, and uses the same key for encryption and decryption.
A security engineer encrypted traffic between a client and a server. Which security protocol does the engineer configure if an ephemeral key agreement is used? A.AES 256 B.TLS 1.2 C.TLS 1.3 D.SHA 384
TLS 1.3
Transport layer security (TLS) version 1.3 improves upon a vulnerability in TLS1.2. Which statement correctly describes a remedy for this vulnerability? A.TLS version 1.3 is backward compatible with earlier versions of transport layer security. B.TLS version 1.3 removes the ability to downgrade to weaker encryption ciphers and earlier versions of transport layer security. C.TLS version 1.3 creates a secure link between the client and server using Secure Shell (SSH) over TCP port 22. D.TLS1.3 can use more secure authentication and authorization methods, such as security assertion markup language (SAML) and open authorization (OAuth).
TLS version 1.3 removes the ability to downgrade to weaker encryption ciphers and earlier versions of transport layer security.
A system administrator needs to implement a secure remote administration protocol and would like more information on Telnet. Evaluate and select the features of Telnet that the administrator should consider to accomplish this task. (Select all that apply.) A.Telnet does not support direct file transfer. B.Telnet uses TCP port 23. C.Telnet is a secure option. D.Telnet uses encryption to send passwords.
Telnet does not support direct file transfer. Telnet uses TCP port 23.
A contractor has been hired to conduct penetration testing on a company's network. They have decided to try to crack the passwords on a percentage of systems within the company. They plan to annotate the type of data that is on the systems that they can successfully crack to prove the ease of access to data. Evaluate the penetration steps and determine which are being utilized for this task. (Select all that apply.) Test security controls Bypass security controls Verify a threat exists Exploit vulnerabilities
Test security controls Exploit vulnerabilities
A developer considers using an API for service integration and automation. If choosing Representational State Transfer (REST) as the API, which features can the developer expect? (Select all that apply.) A.The ability to submit a request as an HTTP operation/verb B.It is a looser architectural framework C.It uses XML format messaging D.It has built-in error handling
The ability to submit a request as an HTTP operation/verb It is a looser architectural framework
A system administrator is deploying a new web server. Which hardening procedures should the administrator consider? (Select all that apply.) A.The administrator should use SFTP to transfer files to and from the server remotely. B.Any guest web access that exist on the webserver should be disabled or removed. C.The administrator should assign a digital certificate and enable the use of TLS 1.3. D.The configuration templates contain vulnerabilities, and the administrator should not utilize them.
The administrator should use SFTP to transfer files to and from the server remotely. The administrator should assign a digital certificate and enable the use of TLS 1.3.
A member of the IT team at a company launches a simulated phishing attack email to users across the organization. Which of these statements most accurately describes the purpose of such an attack? A.The attack simulated an insider attack and alerted other members of the IT team to the presence of an attack. B.The attack is a bug bounty, which identifies individuals in the organization who recognize the attack, who then make attempts to enhance security. C.The attack identifies those users who respond to the phishing attempt as individuals who may require more training. D.The attack prepares users for upcoming training, with users who respond appropriately, designated as teachers.
The attack identifies those users who respond to the phishing attempt as individuals who may require more training.
An attacker finds a way to exploit a vulnerability in a target application that allows the attacker to bypass a password requirement. Which method did the attacker most likely use? A.The attacker added LDAP filters as unsanitized input by creating a condition that is always true. B.The attacker inserted code into a back-end database by submitting a post to a bulletin board with a malicious script embedded in the message. C.The attacker embedded a request for a local resource via XML with no encryption. D.The attacker modified a basic SQL function, adding code to some input that an app accepts, causing it to execute the attacker's query.
The attacker added LDAP filters as unsanitized input by creating a condition that is always true.
A threat actor programs an attack designed to invalidate memory locations to crash target systems. Which statement best describes the nature of this attack? A.The attacker created a null pointer file to conduct a dereferencing attack. B.The attacker programmed a dereferencing attack. C.The attacker programmed a null pointer dereferencing exception. D.The attacker created a race condition to perform a null pointer dereferencing attack.
The attacker programmed a null pointer dereferencing exception.
An attacker uses spoofed GPS coordinates on a stolen mobile device, attempting to gain access to an enterprise network. Which statement best describes the attack vector? A.The attacker uses the spoofed coordinates to defeat containerization on the target network. B.The attacker uses spoofed coordinates to perform a bluesnarfing attack. C.The attacker uses spoofed coordinates to establish a rogue wireless access point. D.The attacker uses spoofed coordinates to defeat geofencing on the target network.
The attacker uses spoofed coordinates to defeat geofencing on the target network.
Compare and evaluate the various levels and types of security found within a Trusted OS (TOS) to deduce which scenario is an example of a hardware Root of Trust (RoT). A.A security system is designed to prevent a computer from being hijacked by a malicious operating system B.The boot metrics and operating system files are checked, and signatures verified at logon. C.Digital certificates, keys, and hashed passwords are maintained in hardware-based storage. D.The industry standard program code that is designed to operate the essential components of a system.
The boot metrics and operating system files are checked, and signatures verified at logon.
Analyze the methods for authentication to a Secure Shell (SSH) and determine which statement best summarizes the host-based authentication method. A.The user's private key is configured with a passphrase that must be input to access the key. B.The client submits credentials that are verified by the SSH server using RADIUS. C.The client submits a Ticket Granting Ticket (TGT) that is obtained when the user logged onto the workstation. D.The client sends a request for authentication and the server generates a challenge with the public key.
The client sends a request for authentication and the server generates a challenge with the public key.
Select the explanations that accurately describe the Ticket Granting Ticket (TGT) role within the Authentication Service (AS). (Select all that apply.) A.The client sends the AS a request for a TGT that is composed by encrypting the date and time on the local computer with the user's password hash as the key. B.The AS responds with a User Ticket that contains information about the client. This includes the name and IP address of the client, plus a timestamp and validity period. C.The AS responds with a TGT key for use in communications between the client and the Ticket Granting Service (TGS). D.The TGT responds with a service session key for use between the client and the application server.
The client sends the AS a request for a TGT that is composed by encrypting the date and time on the local computer with the user's password hash as the key. The AS responds with a User Ticket that contains information about the client. This includes the name and IP address of the client, plus a timestamp and validity period.
A company has recently started using a Platform as a Service (PaaS). Compare cloud service types to determine what is being deployed. A.The company has leased servers and a Storage Area Network (SAN). B.The company has leased a suite of applications that were outside of the budget to purchase outright. C.The company has outsourced the responsibility for information assurance. D.The company has leased an instance that runs Microsoft Azure SQL Database.
The company has leased an instance that runs Microsoft Azure SQL Database.
An employee is attempting to install new software they believe will help them perform their duties faster. When the employee tries to install the software, an error message is received, stating they are not authorized to install the software. The employee calls the help desk for assistance. Evaluate the principles of execution control to conclude what has most likely occurred in this scenario. A.The company is utilizing allow list control, and the software is included in the list. B.The software is malicious, and execution control has identified the virus and is blocking the installation. C.The company is utilizing allow list control, and the software is not included in the list. D.The company is utilizing block list control, and the software is not included in the list.
The company is utilizing allow list control, and the software is not included in the list.
A user facing a tight deadline at work experiences difficulties logging in to a network workstation, so the user activates a smartphone hotspot and connects a company laptop to save time. Which of the following vulnerabilities has the user potentially created for the enterprise environment? A.A device in "discoverable" mode can exploit outdated software patches. B.The device may be vulnerable to a skimming attack. C.The device may be able to defeat geofencing mechanisms. D.The device may circumvent data loss prevention and web content filtering policies.
The device may circumvent data loss prevention and web content filtering policies.
A company utilizing formal data governance assigns the role of data steward to an employee. Evaluate the roles within data governance and conclude which tasks the employee in this role performs. A.The employee ensures the processing and disclosure of Personally Identifiable Information (PII) complies within legal frameworks. B.The employee ensures data is labeled and identified with appropriate metadata. C.The employee enforces access control, encryption, and recovery measures. D.The employee ensures the data is protected with appropriate controls and determines who should have access.
The employee ensures data is labeled and identified with appropriate metadata.
Analyze mobile device deployment models to select the best explanation of the Corporate Owned, Personally-Enabled (COPE) deployment model. A.The employee may use the mobile device to access personal email and social media accounts. The device is chosen and supplied by the company. B.The employee may use the mobile device to access personal email and social media accounts. The device is chosen and supplied by the employee. C.The device is the property of the company and may only be used for company business. D.The employee may use the mobile device to access personal email and social media accounts. The device is chosen by the employee and supplied by the company.
The employee may use the mobile device to access personal email and social media accounts. The device is chosen and supplied by the company.
The first responder to a security incident decides the issue requires escalation. Consider the following and select the scenario that best describes escalation in this issue. A.The first responder calls the company's legal team. B.The first responder shuts down the affected system. C.The first responder calls senior staff to get them involved. D.The first responder reviews user privileges to look for users who may have gained unauthorized privileges.
The first responder calls senior staff to get them involved.
Compare all of the functions within directory services and determine which statement accurately reflects the function of group memberships. A.The key provided at authentication lists a user's group memberships, which in turn allows certain access to resources on the network. B.The system compares group memberships with the user's logon credentials to determine if the user has access to the network resources. C.Group memberships contain entries for all usernames and groups that have permission to use the resource. D.Group memberships are like a database, where an object is similar to a record, and the attributes known about the object are similar to the fields.
The key provided at authentication lists a user's group memberships, which in turn allows certain access to resources on the network.
Windows has several service account types, typically used to run processes and background services. Which of the following statements about service accounts is FALSE? A.The Network service account and the Local service account have the same privileges as the standard user account. B.Any process created using the system account will have full privileges over the local computer. C.The local service account creates the host processes and starts Windows before the user logs on. D.The Local Service account can only access network resources as an anonymous user.
The local service account creates the host processes and starts Windows before the user logs on.
An outside security consultant updates a company's network, including data cloud storage solutions. The consultant leaves the manufacturer's default settings when installing network switches, assuming the vendor shipped the switches in a default-secure configuration. Examine the company's network security posture and select the statements that describe key vulnerabilities in this network. (Select all that apply.) The network is open to third-party risks from using an outside contractor to configure cloud storage settings. The default settings in the network switches represent a weak configuration. The use of network switches leaves numerous unused ports open. The default settings in the network switches represent unsecured protocols.
The network is open to third-party risks from using an outside contractor to configure cloud storage settings. The default settings in the network switches represent a weak configuration.
A network manager is installing a new switch on the network. Which option does the manager use to harden network security after installation? A.A Group Policy Object (GPO) should be configured to deploy custom settings. B.The Server Core option should be used to limit the device to only using Hyper-V and DHCP. C.Microsoft Baseline Security Analyzer (MBSA) is used on Windows networks and validates the security configuration of a Windows system. D.The network manager should ensure all patches are applied and it is appropriately configured.
The network manager should ensure all patches are applied and it is appropriately configured.
Following a data breach at a large retail company, their public relations team issues a statement emphasizing the company's commitment to consumer privacy. Identify the true statements concerning this event. (Select all that apply.) A.The data breach must be an intentional act of corporate sabotage. B.The privacy breach may allow the threat actor to sell the data to other malicious actors. C.The data breach can cause data to be exfiltrated. D.The data breach event may compromise data integrity, but not information availability.
The privacy breach may allow the threat actor to sell the data to other malicious actors. The data breach can cause data to be exfiltrated.
Any external responsibility for an organization's security lies mainly with which individuals? The senior executives Tech staff Managers Public relations
The senior executives
During a penetration test, systems administrators for a large company are tasked to play on the white team for an affiliated company. Examine each of the following roles and determine which role the systems admins will fill. A.The systems admins will arbitrate the exercise, setting rules of engagement and guidance. B.The systems admins will try to infiltrate the target system. C.The systems admins will operate monitoring and alerting controls to detect and prevent the infiltration. D.The systems admins will collaborate with attackers and defenders to promote constructive developments.
The systems admins will arbitrate the exercise, setting rules of engagement and guidance.
A security technician needs to transfer a large file to another user in a data center. Which statement best illustrates what type of encryption the technician should use to perform the task? A.The technician should use symmetric encryption for authentication and data transfer. B.The technician should use asymmetric encryption to verify the data center user's identity and agree on a symmetric encryption algorithm for the data transfer. C.The technician should use asymmetric encryption for authentication and data transfer. D.The technician should use symmetric encryption to verify the data center user's identity and agree on an asymmetric encryption algorithm for the data transfer.
The technician should use asymmetric encryption to verify the data center user's identity and agree on a symmetric encryption algorithm for the data transfer.
A systems breach occurs at a manufacturer. The system in question contains highly valuable data. An engineer plans a live acquisition, but ultimately, is not successful. What reason may be stopping the engineer? A.There is no hibernation file present B.The tools are not preinstalled or running C.The crash dump file is missing D.The pagefile is corrupt
The tools are not preinstalled or running
A user would like to install an application on a mobile device that is not authorized by the vendor. The user decides the best way to accomplish the install is to perform rooting on the device. Compare methods for obtaining access to conclude which type of device the user has, and what actions the user has taken. A.The user has an iOS device and has used custom firmware to gain access to the administrator account. B.The user has an Android device and has used custom firmware to gain access to the administrator account. C.The user has an iOS device and has booted the device with a patched kernel. D.The user has an Android device and has booted the device with a patched kernel.
The user has an Android device and has used custom firmware to gain access to the administrator account.
A company receives a massive flood of requests which throttles their network traffic to the internet. How would restricting the number of connections be categorized as a vulnerability? A.The user is exposed to a replay attack. B.The user is exposed to a brute force attack. C.The user is exposed to a DoS attack. D.The user is exposed to an offline attack.
The user is exposed to a DoS attack.
An employee is working on a project that contains critical data for the company. In order to meet deadlines, the employee decides to email the document containing the data to their personal email to work on at home. Consider the traits of Data Loss Prevention (DLP) and evaluate the scenario to select the DLP remediation the company should utilize. A.The email is allowed to send the file and an alert is triggered so that an administrator is aware of the incident. B.The user should be blocked from sending the email but retain access to it. The user is alerted to the policy violation, and it is logged as an incident. C.Access is denied to the sender and all other users within the company. The file is encrypted and moved into a quarantine area by the management engine. D.The original file is quarantined and replaced with one describing the policy violation and how the user can release it again.
The user should be blocked from sending the email but retain access to it. The user is alerted to the policy violation, and it is logged as an incident.
Based on the known facts of password attacks, critique the susceptibility of the password "DogHouse23" to an attack. A.This is a sufficient password. It is ten characters and contains uppercase characters, lowercase characters, and numbers. B.This is an insufficient password. There are not enough uppercase characters within the password. C.This is a sufficient password. The password is easy for the user to remember yet long enough to meet character requirements. D.This is an insufficient password. The password contains words that are found in the dictionary and does not contain special characters.
This is an insufficient password. The password contains words that are found in the dictionary and does not contain special characters.
A security engineer is investigating a potential system breach. When compiling a report of the incident, how does the engineer classify the actor and the vector? A.Threat B.Vulnerability C.Risk D.Exploit
Threat
An IT director reads about a new form of malware that targets a system widely utilized in the company's network. The director wants to discover whether the network has been targeted, but also wants to conduct the scan without disrupting company operations or tipping off potential attackers to the investigation. Evaluate vulnerability scanning techniques and determine the best tool for the investigation. A.Credentialed scan B.Configuration review C.Penetration testing D.Threat hunting
Threat hunting
Which situation would require keyboard encryption software be installed on a computer? A.To set up single sign-on privileges B.To comply with input validation practices C.For the purpose of key management D.To protect against spyware
To protect against spyware
Based on knowledge of the fundamentals of One-time Passwords (OTP), which of the following choices represents the problem that exists with HMAC-based One-time Password Algorithm (HOTP) and is addressed by Time-based One-time Password Algorithm (TOTP)? A.HOTP is not configured with a shared secret. B.The server is not configured with a counter in HOTP. C.Only the HOTP server computes the hash. D.Tokens can be allowed to continue without expiring in HOTP.
Tokens can be allowed to continue without expiring in HOTP.
A company is instituting role-based training. Which type of training will the company require the data owner to most likely complete? A.Expert knowledge of IT security and network design B.Training to ensure technical understanding of access controls C.Training on data management and PII plus regulatory and compliance frameworks D.Training on compliance issues and data classification systems
Training on compliance issues and data classification systems
A Department of Defense (DoD) security team identifies a data breach in progress, based on some anomalous log entries, and take steps to remedy the breach and harden their systems. When they resolve the breach, they want to publish the cyber threat intelligence (CTI) securely, using standardized language for other government agencies to use. The team will transmit threat data feed via which protocol? A.Structured Threat Information eXpression (STIX) B.Automated Indicator Sharing (AIS) C.Trusted Automated eXchange of Indicator Information (TAXII) D.A code repository protocol
Trusted Automated eXchange of Indicator Information (TAXII)
A technician is configuring Internet Protocol Security (IPSec) for communications over a Virtual Private Network (VPN). Evaluate the features of available modes and recommend the best option for implementation. A.Tunnel mode because the whole IP packet is encrypted, and a new IP header is added. B.Transport mode because the whole IP packet is encrypted, and a new IP header is added. C.Tunnel mode because the payload is encrypted. D.Transport mode because the payload is encrypted.
Tunnel mode because the whole IP packet is encrypted, and a new IP header is added.
Analyze the following scenarios and determine which accurately describes the use of an ad hoc Wi-Fi network. A.Two or more wireless devices connect to each other on a temporary basis. B.A smartphone shares its Internet connection with a PC. C.Mobile device connects with a wireless speaker and keyboard. D.A smartphone connects to a PC via Bluetooth.
Two or more wireless devices connect to each other on a temporary basis.
An engineer retrieves data for a legal investigation related to an internal fraud case. The data in question is from an NTFS volume. What will the engineer have to consider with NTFS when documenting a data timeline? A.UTC time B.NTP Server C.Time server D.DHCP server
UTC time
An unknowing user with authorized access to systems in a software development firm installs a seemingly harmless, yet unauthorized program on a workstation without the IT department's sanction. Identify the type of threat that is a result of this user's action. Unintentional insider threat Malicious insider threat Intentional attack vector External threat with insider knowledge
Unintentional insider threat
A system administrator has configured a security log to record unexpected behavior and review the logs for suspicious activity. Consider various types of audits to determine which type aligns with this activity. A.Permission auditing B.Usage auditing C.Information security audit D.Compliance audit
Usage auditing
Which of the following are appropriate methods of media sanitization? (Select all that apply.) A.Use random data to overwrite data on each location of a hard drive. B.Reset a disk to its factory condition utilizing tools provided by the vendor. C.Degauss a hard drive using a machine with a powerful electromagnet. D.Degauss Compact Disks (CDs) using a machine with a powerful electromagnet.
Use random data to overwrite data on each location of a hard drive. Reset a disk to its factory condition utilizing tools provided by the vendor. Degauss a hard drive using a machine with a powerful electromagnet.
A system administrator is configuring a new Dynamic Host Configuration Protocol (DHCP) server. Analyze the types of attacks DHCP servers are prone to and determine which steps the system administrator should take to protect the server. (Select all that apply.) A.Use scanning and intrusion detection to pick up suspicious activity. B.Disable DHCP snooping on switch access ports to block unauthorized servers. C.Enable logging and review the logs for suspicious events. D.Disable unused ports and perform regular physical inspections to look for unauthorized devices.
Use scanning and intrusion detection to pick up suspicious activity. Enable logging and review the logs for suspicious events. Disable unused ports and perform regular physical inspections to look for unauthorized devices.
What are the most common, baseline account policies system administrators implement on a secure domain network? (Select all that apply.) A.Use upper- and lower-case letters, numbers, and special characters for passwords. B.Set a lockout duration period of one hour. C.Disable enforcement of a password history policy for unique passwords. D.Use a shared account for administrative work on the network.
Use upper- and lower-case letters, numbers, and special characters for passwords. Set a lockout duration period of one hour.
What is Open Source Intelligence (OSINT)? Obtaining information, physical access to premises, or even access to a user account through the art of persuasion The means the organization will take to protect the confidentiality, availability, and integrity of sensitive data and resources Using web search tools and social media to obtain information about the target Using software tools to obtain information about a host or network topology
Using web search tools and social media to obtain information about the target
Analyze and select the accurate statements about threats associated with virtualization. (Select all that apply.) A.Virtualizing switches and routers with hypervisors make virtualization more secure. B.VM escaping occurs as a result of malware jumping from one guest OS to another. C.A timing attack occurs by sending multiple usernames to an authentication server to measure the server response times. D.VMs providing front-end, middleware, and back-end servers should remain together to reduce security implications of a VM escaping attack on a host located in the DMZ.
VM escaping occurs as a result of malware jumping from one guest OS to another. A timing attack occurs by sending multiple usernames to an authentication server to measure the server response times.
A system administrator downloads and installs software from a vendor website. Soon after installing the software, the administrator's computer is taken over remotely. After closer investigation, the software package was modified, probably while it was downloading. What action could have prevented this incident from occurring? A.Validate the software using a checksum B.Validate the software using a private certificate C.Validate the software using a key signing key D.Validate the software using Kerberos
Validate the software using a checksum
The security team at an organization looks to protect highly confidential servers. Which method does the team propose when protecting the servers against explosives? A.Air gap B.Faraday cage C.Colocation cage D.Vault
Vault
Consider the life cycle of an encryption key. Which of the following is NOT a stage in a key's life cycle? A.Storage B.Verification C.Expiration and renewal D.Revocation
Verification
A company technician goes on vacation. While the technician is away, a critical patch released for Windows servers is not applied. According to the National Institute of Standards and Technology (NIST), what does the delay in applying the patch create on the server? A.Control B.Risk C.Threat D.Vulnerability
Vulnerability
Compare and contrast vulnerability scanning and penetration testing. Select the true statement from the following options. Vulnerability scanning is conducted by a "white hat" and penetration testing is carried out by a "black hat." Vulnerability scanning by eavesdropping is passive, while penetration testing with credentials is active. Penetration testing and vulnerability scanning are considered "black hat" practices. Vulnerability scanning is part of network reconnaissance, but penetration testing is not.
Vulnerability scanning by eavesdropping is passive, while penetration testing with credentials is active.
A team is building a wireless network, and the company has requested the team to use a Wired Equivalent Privacy (WEP) encryption scheme. The team has developed a recommendation to utilize a different encryption scheme based on the problems with WEP. Analyze the features of WEP to determine what problems to highlight in the recommendation. A.WEP only allows the use of a 128-bit encryption key and is not secure. The Initialization Vector (IV) is too large to provide adequate security. B.WEP allows for a 256-bit key but is still not secure. The Initialization Vector (IV) is not sufficiently large, thus is not always generated using a sufficiently random algorithm. C.WEP has the option to use either a 64-bit or a 128-bit key, which is not secure enough for the company. Packets use a checksum to verify integrity that is too difficult to compute. D.WEP only allows the use of a 64-bit key, which is not secure enough for the company. The Initialization Vector (IV) is often not generated using a sufficiently random algorithm.
WEP allows for a 256-bit key but is still not secure. The Initialization Vector (IV) is not sufficiently large, thus is not always generated using a sufficiently random algorithm.
A company is reviewing the options for installing a new wireless network. They have requested recommendations for utilizing WEP, WPA, or WPA2. Differentiate between Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA). Determine which of the following statements accurately distinguishes between the options. (Select all that apply.) A.WEP and WPA use RC4 with a Temporal Key Integrity Protocol (TKIP), while WPA2 uses a 24-bit Initialization Vector (IV). WPA2 combines the 24-bit IV with an Advanced Encryption Standard (AES) to add security. B.WEP is the strongest encryption scheme, followed by WPA2, then WPA. WEP is difficult to crack when protected by a strong password, or if deploying enterprise authentication. WPA2 is more vulnerable to decryption due to replay attack possibilities. C.WPA and WEP use RC4, while WEP uses a 24-bit Initialization Vector (IV). WPA uses a Temporal Key Integrity Protocol (TKIP), and WPA2 uses an Advanced Encryption Standard (AES) for encryption. D.WPA2 is the strongest encryption scheme, followed by WPA, then WEP. WPA2 is difficult to crack if protected by a strong password, or if deploying enterprise authentication. WEP is more vulnerable to decryption due to replay attack possibilities.
WPA and WEP use RC4, while WEP uses a 24-bit Initialization Vector (IV). WPA uses a Temporal Key Integrity Protocol (TKIP), and WPA2 uses an Advanced Encryption Standard (AES) for encryption. WPA2 is the strongest encryption scheme, followed by WPA, then WEP. WPA2 is difficult to crack if protected by a strong password, or if deploying enterprise authentication. WEP is more vulnerable to decryption due to replay attack possibilities.
A website with many subdomains has been issued a web server certificate for domain validation. This certificate verifies the parent domain and all subdomains (to a single level). This certificate is also known as which of the following? A.SAN certificate B.Wildcard certificate C.Root certificate D.Code signing certificate
Wildcard certificate
A secure data center has multiple alarms installed for security. Compare the features of the types of alarms that may be installed, and determine which is an example of a circuit alarm. A.Windows and emergency exits along the perimeter will sound an alarm when opened. B.An alarm alerts authorities if movement occurs within the building after hours. C.Security has a panic button under the desk in case of attack. D.Employees wear a pendant they can push to alert authorities if needed.
Windows and emergency exits along the perimeter will sound an alarm when opened.
Select the appropriate methods for packet capture. (Select all that apply.) A.Wireshark B.Packet analyzer C.Packet injection D.tcpdump
Wireshark tcpdump
Management of a company practices qualitative risk when assessing a move of systems to the cloud. How does the company indicate any identified risk factors? A.With an exposure factor (EF) B.With an annualized loss expectancy (ALE) C.With a classification system D.With transference
With a classification system
Which statement best describes the difference between session affinity and session persistence? A.With persistence, once a client device establishes a connection, it remains with the node that first accepted its request, while an application-layer load balancer uses session affinity to keep a client connected by setting up a cookie. B.Session affinity makes node scheduling decisions based on health checks and processes incoming requests based on each node's load. Session persistence makes scheduling decisions on a first in, first out (FIFO) basis. C.With session affinity, when a client establishes a session, it remains with the node that first accepted its request, while an application-layer load balancer uses persistence to keep a client connected by setting up a cookie. D.Session persistence makes scheduling decisions based on traffic priority and bandwidth considerations, while session affinity makes scheduling decisions based on which node is available next.
With session affinity, when a client establishes a session, it remains with the node that first accepted its request, while an application-layer load balancer uses persistence to keep a client connected by setting up a cookie.
Analyze the following statements and select the statement which correctly explains the difference between cross-site scripting (XSS) and cross-site request forgery (XSRF). A.XSRF spoofs a specific request against the web application, while XSS is a means of running any arbitrary code. B.XSS is not an attack vector, but the means by which an attacker can perform XSRF, the attack vector. C.XSRF requires a user to click an embedded malicious link, whereas the attacker embeds an XSS attack in the document object module (DOM) script. D.XSRF is a server-side exploit, while XSS is a client-side exploit.
XSRF spoofs a specific request against the web application, while XSS is a means of running any arbitrary code.
Which of the following is an example of the process of identifying and de-duplicating files and metadata to be stored for evidence in a trial? A.Legal hold B.Forensics C.eDiscovery D.Due process
eDiscovery
Analyze and compare iOS and Android operating systems (OS) to accurately differentiate between the two. (Select all that apply.) A.Android releases updates often, while iOS is more sporadically released. B.iOS is limited to Apple products, while Android has multiple hardware vendors. C.Android is an open source OS based on Linux, unlike iOS, which is a closed and proprietary system. D.iOS is more vulnerable to attack due to being a closed source, while Android is more secure with multiple partners working to secure the OS.
iOS is limited to Apple products, while Android has multiple hardware vendors. Android is an open source OS based on Linux, unlike iOS, which is a closed and proprietary system.
A system administrator must scan the company's web-based application to identify which ports are open and which operating system can be seen from the outside world. Determine the syntax that should be used to yield the desired information if the administrator will be executing this task from a Linux command line. A.netstat -a B.nmap -O C.nmap -sS 10.1.0.0/24 D.netstat -n
nmap -O
A network manager needs a map of the network's topology. The network manager is using Network Mapper (Nmap) and will obtain the visual map with the Zenmap tool. If the target IP address is 192.168.1.1, determine the command within Nmap that will return the necessary data to build the visual map of the network topology. A.nmap -sn --ipconfig 192.168.1.1 B.nmap -sn --ifconfig 192.168.1.1 C.nmap -sn --traceroute 192.168.1.1 D.nmap -sn --nslookup 192.168.1.1
nmap -sn --traceroute 192.168.1.1
Identify the command that can be used to detect the presence of a host on a particular IP address. A.ipconfig B.ifconfig C.ip D.ping
ping
Which of the following is NOT a scripting language? A.regex B.PowerShell C.JavaScript D.Python
regex
A critical server has a high availability requirement of 99.99%. Solve the Maximum Tolerable Downtime (MTD) in hh:mm:ss to conclude which option will meet the requirement. A.0:53:56 annual downtime B.0:49:23 annual downtime C.1:24:19 annual downtime D.2:48:42 annual downtime
0:49:23 annual downtime
A company has thirty servers that run for 125 hours, with three servers that fail. Rounding to the nearest whole number, calculate the Mean Time Between Failures (MTBF) for this scenario. A.125 B.41 C.3,750 D.1,250
1,250
An engineer plans to acquire data from a disk. The disk is connected to the forensics workstation and is ready for the engineer. Which steps indicate a correct order of acquisition as they relate to integrity and non-repudiation? A.1. A hash of the disk is made 2. A bit-by-bit copy is made 3. A second hash is made 4. A copy is made of the reference image B.1. A hash of the disk is made 2. A copy is made of the reference image 3. A second hash is made 4. A bit-by-bit copy is made C.1. A copy is made of the reference image 2. A hash of the disk is made 3. A bit-by-bit copy is made 4. A second hash is made D.1. A copy is made of the reference image 2. A bit-by-bit copy is made 3. A hash of the disk is made 4. A second hash is made
1. A hash of the disk is made 2. A bit-by-bit copy is made 3. A second hash is made 4. A copy is made of the reference image
A Certificate Revocation List (CRL) has a publish period set to 24 hours. Based on the normal procedures for a CRL, what is the most applicable validity period for this certificate? A.26 hours B.1 hour C.23 hours D.72 hours
26 hours
Analyze and compare the access control models in terms of how Access Control Lists (ACL) are written and determine which statement accurately explains the Discretionary Access Control (DAC) model. A.A DAC model is the most flexible and weakest access control model. Administrative accounts have control of the resource and grants rights to others. B.A DAC model is the least flexible and strongest access control model. The owner has full control over the resource and grants rights to others. C.A DAC model is the least flexible and strongest access control model. Administrative accounts have control of the resource and grant rights to others. D.A DAC model is the most flexible and weakest access control model. The owner has full control over the resource and grants rights to others.
A DAC model is the most flexible and weakest access control model. The owner has full control over the resource and grants rights to others.
Evaluate the functions of a Network-Based Intrusion Detection System (NIDS) and conclude which statements are accurate. (Select all that apply.) A.Training and tuning are fairly simple, and there is a low chance of false positives and false negatives. B.A NIDS will identify and log hosts and application activity that the administrator can use to analyze and take further action. C.Training and tuning are complex, and there is a high chance of false positive and negative rates. D.A NIDS will identify attacks and block the traffic to stop the attack. The administrator will be able to review the reports for future prevention.
A NIDS will identify and log hosts and application activity that the administrator can use to analyze and take further action. Training and tuning are complex, and there is a high chance of false positive and negative rates.
An Internet Service Provider's (ISP) customer network is under a Distributed Denial of Service (DDoS) attack. The ISP decides to use a blackhole as a remedy. How does the ISP justify their decision? A.A blackhole drops packets for the affected IP address(es) and is in a separate area of the network that does not reach any other part of the network. B.A blackhole makes the attack less damaging to the ISP's other customers and continues to send legitimate traffic to the correct destination. C.A blackhole routes traffic destined to the affected IP address to a different network. Here, the ISP can analyze and identify the source of the attack, to devise rules to filter it. D.A blackhole is preferred, as it evaluates each packet in a multi-gigabit stream against an Access Control List (ACL) without overwhelming the processing resources.
A blackhole drops packets for the affected IP address(es) and is in a separate area of the network that does not reach any other part of the network.
Evaluate the differences between stream and block ciphers and select the true statement. A.A block cipher is suitable for communication applications. B.A stream cipher is subjected to complex transposition and substitution operations, based on the value of the key used. C.A block cipher is padded to the correct size if there is not enough data in the plaintext. D.A stream cipher's plaintext is divided into equal-sized blocks.
A block cipher is padded to the correct size if there is not enough data in the plaintext.
Analyze the metrics governing Mission Essential Functions (MEF) and determine which example demonstrates Maximum Tolerable Downtime (MTD). A.It takes two hours to identify an outage and restore the system from backup. B.It takes three hours to restore a system from backup and the restore point is two hours prior to the outage. C.A business function relies on five hours for restoration; otherwise, there is an irrecoverable business failure. D.It takes three hours to restore a system from backup, reintegrate the system, and to test functionality.
A business function relies on five hours for restoration; otherwise, there is an irrecoverable business failure.
A company conducts file sharing via a hosted private cloud deployment model. Which scenario accurately depicts this type of file sharing? A.A cloud hosted by a third party for the exclusive use of the organization. B.A cloud hosted by a third party and shared with other subscribers. C.A cloud that is completely private to and owned by the company that utilizes it. D.A cloud where several organizations share the costs of a cloud in order to pool resources for a common concern.
A cloud hosted by a third party for the exclusive use of the organization.
Select the example that provides an accurate simulation of a company engaging in the identifying threats phase of risk management. A.A company develops a list of processes that are necessary for the company to operate. B.A company conducts research to determine why vulnerabilities may be exploited. C.A company conducts penetration testing to search for vulnerabilities. D.A company determines how the company will be affected in the event a vulnerability is exploited.
A company conducts research to determine why vulnerabilities may be exploited.
A company performs risk management. Which action identifies a risk response approach? A.A company develops a list of processes necessary for the company to operate. B.A company develops a countermeasure for an identified risk. C.A company conducts penetration testing to search for vulnerabilities. D.A company determines how the company will be affected in the event a vulnerability is exploited.
A company develops a countermeasure for an identified risk.
Evaluate the typical weaknesses found in network architecture and determine which statement best aligns with a perimeter security weakness. A.A company has a single network channel. B.A company has many different systems to operate one service. C.A company has a habit of implementing quick fixes. D.A company has a flat network architecture.
A company has a flat network architecture.
Analyze automation strategies to differentiate between elasticity and scalability. Which scenarios demonstrate scalability? (Select all that apply.) A.A company is hired to provide data processing for 10 additional clients and has a linear increase in costs for the support. B.A company is hired to provide data processing for 10 additional clients and is able to utilize the same servers to complete the tasks without performance reduction. C.A company has a 10% increase in clients and a 5% increase in costs. D.A company has a 10% increase in clients and a 10% decrease in server performance.
A company is hired to provide data processing for 10 additional clients and has a linear increase in costs for the support. A company has a 10% increase in clients and a 5% increase in costs.
Assess the features and processes within biometric authentication to determine which scenario is accurate. A.A company chooses to use a biometric cryptosystem due to the ease of revocation for a compromised certificate. B.A company uses a fingerprint scanner that acts as a sensor module for logging into a system. C.A company uses a fingerprint scanner that acts as a feature extraction module for logging into a system. D.A company records information from a sample using a sensor module.
A company uses a fingerprint scanner that acts as a sensor module for logging into a system.
Evaluate the following controls that have been set by a system administrator for an online retailer. Determine which statement demonstrates the identification control within the Identity and Access Management (IAM) system. A.A control is set to force a customer to log into their account prior to reviewing and editing orders. B.A control is set to cancel automatic shipments for any customer that has an expired credit card on file. C.A control is set to ensure that billing and primary delivery addresses are valid. D.A control is set to record the date, time, IP address, customer account number, and order details for each order.
A control is set to ensure that billing and primary delivery addresses are valid.
Analyze the following attacks to determine which best illustrates a pharming attack. A.A customer gets an email that appears to be from their insurance company. The email contains a link that takes the user to a fake site that looks just like the real insurance company site. B.An employee gets a call from someone claiming to be in the IT department. The caller says there was a problem with the network, so they need the employee's password in order to restore network privileges. C.A company's sales department often has after-hour training sessions, so they order dinner delivery online from the restaurant across the street. An attacker is able to access the company's network by compromising the restaurant's unsecure website. D.A customer enters the correct URL address of their bank, which should point to the IP address 172.1.24.4. However, the browser goes to 168.254.1.1, which is a fake site designed to look exactly like the real bank site.
A customer enters the correct URL address of their bank, which should point to the IP address 172.1.24.4. However, the browser goes to 168.254.1.1, which is a fake site designed to look exactly like the real bank site.
Which scenario best describes provisioning? A.A developer removes an application from packages or instances. B.A developer deploys an application to the target environment. C.A developer sets up ID system for each iteration of a software product. D.A developer commits and tests updates.
A developer deploys an application to the target environment.
Analyze the features of a Full Disk Encryption (FDE) to select the statements that accurately reflect this type of security. (Select all that apply.) A.FDE encrypts the files that are listed as critical with one encryption key. B.The encryption key that is used for FDE can only be stored in a TPM on the disk for security. C.A drawback of FDE is the cryptographic operations performed by the OS reduces performance. D.FDE requires the secure storage of the key used to encrypt the drive contents.
A drawback of FDE is the cryptographic operations performed by the OS reduces performance. FDE requires the secure storage of the key used to encrypt the drive contents.
A network manager suspects that a wireless network is undergoing a deauthentication attack. Applying knowledge of wireless network attacks, which scenario best supports the network manager's suspicion? A.A network has sudden interference, which is causing connectivity issues for the network. The users disconnect from the network, and upon reauthenticating, they log on to an evil twin Access Point (AP). B.An attacker creates an Access Point (AP) using a similar name as a legitimate AP, in an attempt to have users authenticate through the rogue AP in order to gain authentication information. C.A rogue Access Point (AP) captures user logon attempts. The attacker uses this information to authenticate to the system and obtain critical data. D.A group of users suddenly disconnects from the network. When the users reconnect, they actually connect to an evil twin Access Point (AP), which gives an attacker information about authentication.
A group of users suddenly disconnects from the network. When the users reconnect, they actually connect to an evil twin Access Point (AP), which gives an attacker information about authentication.
Analyze the following scenarios and determine which best simulates a content filter in action. (Select all that apply.) A.A system has broken down a packet containing malicious content, and erases the suspicious content, before rebuilding the packet. B.A high school student is using the school library to do research for an assignment and cannot access certain websites due to the subject matter. C.A system administrator builds a set of rules based on information found in the source IP address to allow access to an intranet. D.A system administrator blocks access to social media sites after the CEO complains that work performance has decreased due to excessive social media usage at work.
A high school student is using the school library to do research for an assignment and cannot access certain websites due to the subject matter. A system administrator blocks access to social media sites after the CEO complains that work performance has decreased due to excessive social media usage at work.
Select the statement which best describes the difference between a zero-day vulnerability and a legacy platform vulnerability. A.A legacy platform vulnerability is unpatchable, while a zero-day vulnerability may be exploited before a developer can create a patch for it. B.A zero-day vulnerability is unpatchable, while a legacy platform vulnerability can be patched, once detected. C.A zero-day vulnerability can be mitigated by responsible patch management, while a legacy platform vulnerability cannot be patched. D.A legacy platform vulnerability can be mitigated by responsible patch management, while a zero-day vulnerability does not yet have a patch solution.
A legacy platform vulnerability is unpatchable, while a zero-day vulnerability may be exploited before a developer can create a patch for it.
A project manager has designed a new secure data center and has decided to use multifactor locks on each door to prevent unauthorized access. Compare the following types of locks that the project manager may use to determine which example the facility is utilizing. A.A lock that requires an employee to use a smart card and pin to enter B.A lock that requires an employee to use a magnetic swipe card to enter C.A cipher lock on a door D.A bolt on the door frame
A lock that requires an employee to use a smart card and pin to enter
When exploring the deep web, a user will need which of the following to find a specific and hidden dark web site? The Onion Router (TOR) Dark web search engine A specific URL or ip Open Source Intelligence (OSINT)
A specific URL or ip
Evaluate how identification and authentication are distinct in their functions. Which of the following scenarios best illustrates a user being authenticated? A.A user accesses a system by having their face scanned. B.A system administrator sets up a user account for a new employee after HR sends employment verification. C.An administrator sends an initial password to a new telecommuting employee through a VPN. D.A user is assigned an SID.
A user accesses a system by having their face scanned.
Which of the following options represents Two-Factor Authentication (2FA)? A.A user logs in using a password and a PIN. B.A user logs in using a password and a smart card. C.A user logs in using a fingerprint and retina scanner. D.A user logs in using a smart card and a key fob.
A user logs in using a password and a smart card.
Analyze each scenario and determine which best describes the authentication process in an Identity and Access Management (IAM) system. A.An account is created that identifies a user on the network. B.A user logs into a system using a control access card (CAC) and PIN number. C.An Access Control List (ACL) is updated to allow a new user access to only the databases that are required to perform their job. D.A report is reviewed that shows every successful and unsuccessful login attempt on a server.
A user logs into a system using a control access card (CAC) and PIN number.
Analyze types of vulnerabilities and summarize a zero-day exploit. A.A design flaw that can cause the application security system to be circumvented. B.A vulnerability that is capitalized on before the developer knows about it. C.An attack that passes invalid data to an application. D.An attack that passes data to deliberately overflow the buffer, that the application reserves to store the expected data.
A vulnerability that is capitalized on before the developer knows about it.
Encryption vulnerabilities allow unauthorized access to protected data. Which component is subject to brute-force enumeration? A.An unsecured protocol B.A software vulnerability C.A weak cipher D.A lost decryption key
A weak cipher
Which statement best illustrates the importance of a strong true random number generator (TRNG) or pseudo-random number generator (PRNG) in a cryptographic implementation? A.A weak number generator leads to many published keys sharing a common factor. B.A weak number generator creates numbers that are never reused. C.A strong number generator creates numbers that are never reused. D.A strong number generator adds salt to encryption values.
A weak number generator leads to many published keys sharing a common factor.
An attacker tricks a host within a subnet into routing through an attacker's machine, rather than the legitimate default gateway, allowing the attacker to eavesdrop on communications and perform a Man-in-the-Middle (MitM) attack. Compare the types of routing vulnerabilities and conclude what the attacker is exploiting in this scenario. A.Route injection B.Denial of service C.ARP poisoning D.Source routing
ARP poisoning
Identify the attack that can launch by running software such as Dsniff or Ettercap from a computer attached to the same switch as the target. A.ARP poisoning attack B.MAC spoofing C.MAC flooding D.Man-in-the-Middle (MitM)
ARP poisoning attack
Which of the following statements summarizes a disadvantage to performing an active vulnerability scan? (Select all that apply.) A.Active scanning consumes more network bandwidth. B.Active scanning runs the risk of causing an outage. C.Active scanning will identify all of a system's known vulnerabilities. D.Active scanning techniques do not use system login.
Active scanning consumes more network bandwidth. Active scanning runs the risk of causing an outage.
Given knowledge of load balancing and clustering techniques, which configuration provides both fault tolerance and consistent performance for applications like streaming audio and video services? A.Active/Passive clustering B.Active/Active clustering C.First in, First out (FIFO) clustering D.Fault tolerant clustering
Active/Passive clustering
Which of the following are types of log collection for SIEM? (Select all that apply.) A.Log aggregation B.Firewall C.Agent-based D.Listener/Collector
Agent-based Listener/Collector
A security analyst needs to contain a compromised system. The analyst would be most successful using which containment approach? A.Black hole B.VLAN C.ACL D.Air gap
Air gap
Which statement best describes the purpose of an acceptable use policy (AUP)? A.An AUP governs how employees may use company equipment and internet services. B.An AUP establishes ethical standards for employee behavior. C.An AUP communicates a company's values and expectations to its employees and customers. D.An AUP defines security roles and training requirements for different types of employees.
An AUP governs how employees may use company equipment and internet services.
An IT manager in the aviation sector checks the industry's threat intelligence feed to keep up on the latest threats and ensure the work center implements the best practices in the field. What type of threat intelligence source is the IT manager most likely accessing? A.Open Source Intelligence (OSINT) B.An Information Sharing and Analysis Center (ISAC) C.A vendor website, such as Microsoft's Security Intelligence blog D.A closed or proprietary threat intelligence platform
An Information Sharing and Analysis Center (ISAC)
Compare and contrast the characteristics of the various types of firewalls and select the correct explanation of a packet filtering firewall. A.An administrator configures an Access Control List (ACL) to deny access to IP addresses B.A firewall that maintains stateful information about the connection C.A firewall that analyzes HTTP headers and the HTML code to identify code that matches a pattern D.A stand-alone firewall implemented with routed interfaces or as a virtual wire transparent firewall
An administrator configures an Access Control List (ACL) to deny access to IP addresses
Examine each of the following statements and determine which most accurately compares an allow and block list control practices. A.An allow list depends on security clearance levels, while a block list depends on the primacy of the resource owner. B.A block list operates on a default-deny policy, while an allow list is a default-allow policy. C.A block list depends on the primacy of the resource owner, while an allow list depends on security clearance levels. D.An allow list operates on a default-deny policy, while a block list is a default-allow policy.
An allow list operates on a default-deny policy, while a block list is a default-allow policy.
Compare and analyze the types of firewalls available to differentiate between them. Choose the answer with the most correct description. A.Packet filtering firewalls operate at layer 5 of the OSI model, while circuit-level stateful inspection firewalls operate at layer 3. B.An appliance firewall is also known as a stateful multilayer inspection or a deep packet inspection. An application aware firewall is a stand-alone hardware firewall that performs the function of a firewall only. C.A packet filtering firewall maintains stateful information about a connection between two hosts and implements an appliance firewall as a software application running on a single host. D.An application firewall can analyze the HTTP headers to identify code that matches a pattern, while an appliance firewall monitors all traffic passing into and out of a network segment.
An application firewall can analyze the HTTP headers to identify code that matches a pattern, while an appliance firewall monitors all traffic passing into and out of a network segment.
Analyze the types of password cracker attacks to determine which scenario best describes a brute force attack. A.An attacker guesses the password using software that enumerates values in the dictionary B.An attacker uses a precomputed lookup table of all possible passwords and their matching hashes C.An attacker attempts every possible combination in the key space in order to derive a plaintext password from a hash D.An attacker tests dictionary words and names in combination with several numeric prefixes
An attacker attempts every possible combination in the key space in order to derive a plaintext password from a hash
A system administrator is working to restore a system affected by a stack overflow. Analyze the given choices and determine which overflow vulnerability the attacker exploited. A.An attacker changes the return address of an area of memory used by a program subroutine. B.An attacker overwrites an area of memory allocated by an application to store variables. C.An attacker exploits unsecure code with more values than an array expects. D.An attacker causes the target software to calculate a value that exceeds the set bounds.
An attacker changes the return address of an area of memory used by a program subroutine.
An organization routinely communicates directly to a partner company via a domain name. The domain name now leads to a fraudulent site for all users. Systems administrators find incorrect host records in DNS. What do the administrators believe to be the root cause? A.A server host has a poisoned arp cache. B.Some user systems have invalid hosts file entries. C.An attacker masquerades as an authoritative name server. D.The domain servers have been hijacked.
An attacker masquerades as an authoritative name server.
Compare the characteristics of a rogue Access Point (AP) in wireless networks to determine which statements correctly summarize their attributes. (Select all that apply.) A.An evil twin is a rogue AP, and an attacker can use a Denial of Service (DoS) to disconnect users from the legitimate AP and connect to the evil twin. B.Sometimes referred to as an evil twin, a rogue AP masquerading as a legitimate AP, may have a similar name to a legitimate AP. C.An attacker can set up a rogue AP with something as simple as a smartphone with tethering capabilities. D.A Denial of Service (DoS) will bypass authentication security (enabled on the AP), so it is important to regularly scan for rogue APs on the network.
An evil twin is a rogue AP, and an attacker can use a Denial of Service (DoS) to disconnect users from the legitimate AP and connect to the evil twin. Sometimes referred to as an evil twin, a rogue AP masquerading as a legitimate AP, may have a similar name to a legitimate AP. An attacker can set up a rogue AP with something as simple as a smartphone with tethering capabilities.
Artificial intelligence (AI) and machine learning are especially important during which security information and event management (SIEM) task? A.Packet capture B.Analysis and report review C.Data aggregation D.Log collection
Analysis and report review
The IT team at a company discovers that a Windows server is infected with malware. As a result, the server is not functioning properly. Which event log does the team review to find errors from failing services related to newly installed software? A.Setup B.Security C.System D.Application
Application
Security information and event management (SIEM) collect data inputs from multiple sources. Which of the following is NOT one of the main types of log collection for SIEM? A.Agent-based B.Listener/collector C.Sensor (sniffer) D.Artificial intelligence (AI)
Artificial intelligence (AI)
Which of the following statements best describes the trade-off when considering which type of encryption cipher to use? A.Asymmetric encryption is the strongest hashing algorithm, which produces longer and more secure digests than symmetric encryption. B.Asymmetric encryption requires substantially more overhead computing power than symmetric encryption. Asymmetric encryption is inefficient when transferring or encrypting large amounts of data. C.Symmetric encryption requires substantially more overhead computing power than asymmetric encryption. Symmetric encryption is inefficient when transferring or encrypting large amounts of data. D.Symmetric encryption is not considered as safe as asymmetric encryption, but it might be required for compatibility between security products.
Asymmetric encryption requires substantially more overhead computing power than symmetric encryption. Asymmetric encryption is inefficient when transferring or encrypting large amounts of data.
An organization stores data in different geographic locations for redundancy. This data replicates so that it is the same in all locations. Engineers discover that some replicas are lagging with updates. What configuration do the engineers discover as the cause? A.Asynchronous replication B.Synchronous replication C.On-premises location D.Cloud location
Asynchronous replication
Evaluate the features and vulnerabilities found in medical devices and then select the accurate statements. (Select all that apply.) A.Medical devices are only those devices located outside of the hospital setting, including defibrillators and insulin pumps. B.Attackers may attempt to gain access in order to kill or injure patients, or hold medical units ransom. C.Medical devices are updated regularly to secure them against vulnerabilities and protect patient safety. D.Many portable devices, such as cardiac monitors and insulin pumps, run on unsupported operating systems.
Attackers may attempt to gain access in order to kill or injure patients, or hold medical units ransom. Many portable devices, such as cardiac monitors and insulin pumps, run on unsupported operating systems.
Analyze the following scenarios and determine which cases call for account disablement over account lockout. (Select all that apply.) A.Audit logs reveal suspicious activity on a privileged user's account. B.A user's company laptop and key fob are stolen at an airport. C.A user enters an incorrect password multiple times. D.A privileged user logs on to a company server outside of authorized hours.
Audit logs reveal suspicious activity on a privileged user's account. A user's company laptop and key fob are stolen at an airport.
Compare physical access controls with network security to identify the statements that accurately connect the similarities between them. (Select all that apply.) A.Authentication provides users access through the barriers, while authorization determines the barriers around a resource. B.An example of authentication in networking is a user logging into the network with a smart card. Similarly, authentication in physical security is demonstrated by an employee using a badge to enter a building. C.Authorization provides users access through barriers, while authentication creates barriers around a resource. D.An example of authorization in networking is a user logging into the network with a smart card. Similarly, authorization in physical security is demonstrated by an employee using a badge to enter a building.
Authentication provides users access through the barriers, while authorization determines the barriers around a resource. An example of authentication in networking is a user logging into the network with a smart card. Similarly, authentication in physical security is demonstrated by an employee using a badge to enter a building.
During a training event, an executive at a large company asks the security manager trainer why pushing automatic updates as a patch management solution is not ideal for their Enterprise network. How will the security manager most likely respond? A.The security manager pushes updates individually, based on office hours. B.Automatic updates can cause performance and availability issues. C.A patch management suite is impractical for Enterprise networks. D.Next-generation endpoint protection suites perform patch management.
Automatic updates can cause performance and availability issues.
Analyze the features of behavioral technologies for authentication, and choose the statements that accurately depict this type of biometric authentication. (Select all that apply.) A.Behavioral technologies are cheap to implement, but have a higher error rate than other technologies. B.Signature recognition is popular within this technology because everyone has a unique signature that is difficult to replicate. C.Obtaining a voice recognition template for behavioral technologies is rather easy and can be obtained quickly. D.Behavior technologies may use typing as a template, which matches the speed and pattern of a user's input of a passphrase.
Behavioral technologies are cheap to implement, but have a higher error rate than other technologies. Behavior technologies may use typing as a template, which matches the speed and pattern of a user's input of a passphrase.
A manufacturing company hires a pentesting firm to uncover any vulnerabilities in their network with the understanding that the pen tester receives no information about the company's system. Which of the following penetration testing strategies is the manufacturing company requesting? A.Black box B.Sandbox C.Gray box D.White box
Black box
Which statement most accurately describes the mechanisms by which blockchain ensures information integrity and availability? A.Blockchain ensures availability by cryptographically linking blocks of information, and integrity through decentralization. B.Blockchain ensures availability through decentralization, and integrity through cryptographic hashing and timestamping. C.Blockchain ensures availability through cryptographic hashing and timestamping, and integrity through decentralization. D.Blockchain ensures both availability and integrity through decentralization and peer-to-peer (P2P) networking.
Blockchain ensures availability through decentralization, and integrity through cryptographic hashing and timestamping.
An attacker steals personal data from a user device with an outdated Bluetooth authentication mechanism. What type of attack has occurred? A.Bluejacking B.Bluesnarfing C.Bluetooth jamming D.Jailbreaking
Bluesnarfing
A user's PC is infected with a virus that appears to be memory resident and loads anytime it is booted from an external universal serial bus (USB) thumb drive. Examine the following options and determine which describes the infection type. A.Script virus B.Boot virus C.Worm D.Spyware
Boot virus
Which of the following password cracker attacks are combined to create a typical hybrid password attack? (Select all that apply.) A.Brute force B.Dictionary C.Salt D.PTH
Brute force Dictionary
An engineer uses an abstract model that represents network functionality. Using infrastructure as code to deploy and manage a network, how does the engineer make control decisions? A.By managing compatible physical appliances B.By prioritizing and securing traffic C.By monitoring traffic conditions D.By using security access controls
By prioritizing and securing traffic
An employee is working on a team to build a directory of systems they are installing in a classroom. The team is using the Lightweight Directory Access Protocol (LDAP) to update the X.500 directory. Utilizing the standards of an X.500 directory, which of the following distinguished names is the employee most likely to recommend? A.OU=Univ,DC=local,CN=user,CN=system1 B.CN=system1,CN=user,OU=Univ,DC=local C.CN=user,DC=local,OU=Univ,CN=system1 D.DC=system1,OU=Univ,CN=user,DC=local
CN=system1,CN=user,OU=Univ,DC=local
Pilots in an Air Force unit utilize government-issued tablet devices loaded with navigational charts and aviation publications, with all other applications disabled. This illustrates which type of mobile device deployment? A.BYOD B.COBO C.COPE D.CYOD
COBO - corporate owned, business only
The owner of a company asks a network manager to recommend a mobile device deployment model for implementation across the company. The owner states security is the number one priority. Which deployment model should the network manager recommend for implementation? A.BYOD since the company can restrict the usage to business only applications. B.CYOD because even though the employee picks the device, the employee only conducts official business on it. C.COPE since only company business can be conducted on the device. D.COBO because the company retains the most control over the device and applications.
COBO because the company retains the most control over the device and applications.
Compare and contrast the modes of operation for block ciphers. Which of the following statements is true? A.ECB and CBC modes allow block ciphers to behave like stream ciphers. B.CTM mode allows block ciphers to behave like stream ciphers. C.ECB allows block ciphers to behave like stream ciphers. D.CBC and CTM modes allow block ciphers to behave like stream ciphers.
CTM mode allows block ciphers to behave like stream ciphers.
Which type of attack disguises the nature of malicious input, preventing normalization from stripping illegal characters? A.Fuzzing B. Canonicalization C.Code reuse D.Code signing
Canonicalization
Which type of employee training utilizes gaming and/or scenario-based techniques to emphasize training objectives? (Select all that apply.) A.Capture the flag (CTF) B.Computer-based training (CBT) C.Penetration Testing audit D.Role-based training
Capture the flag (CTF) Computer-based training (CBT)
A system has a slight misconfiguration which could be exploited. A manufacturing workflow relies on this system. The admin recommends a trial of the proposed settings under which process? A.Change management B.Change control C.Asset management D.Configuration management
Change management
Which method might an attacker use to redirect login via information gained by implementing JavaScript on a webpage the user believes is legitimate? A.Man-in-the-Browser (MitB) B.Confused deputy C.Reflected D.Clickjacking
Clickjacking
A company has many employees that work from home. The employees obtain data and post data to a shared file they access through a link on the Internet. Consider the types of virtualization and conclude which the company is most likely utilizing. A.Rapid elasticity B.Measured service C.Cloud computing D.Resource pooling
Cloud computing
An organization configures both a warm site and a hot site for disaster preparedness. Doing so poses which difficulties for the organization? (Select all that apply.) A.Resiliency B.Diversity C.Complexity D.Budgetary
Complexity Budgetary
A security team is in the process of selecting a cryptographic suite for their company. Analyze cryptographic implementations and determine which of the following performance factors is most critical to this selection process if users primarily access systems on mobile devices. A.Speed B.Latency C.Computational overhead D.Cost
Computational overhead
The _____ requires federal agencies to develop security policies for computer systems that process confidential information. Sarbanes-Oxley Act (SOX) Computer Security Act Federal information Security Management Act (FISMA) Gramm-Leach-Bliley Act (GLBA)
Computer Security Act
A systems administrator configures several subnets within a virtual private cloud (VPC). The VPC has an Internet gateway attached to it, however, the subnets remain private. What does the administrator do to make the subnets accessible by the public? A.Configure any VPC endpoints. B.Create a VPN between VPCs. C.Configure a default route for each subnet. D.Create a VPC for each subnet.
Configure a default route for each subnet.
A system administrator has just entered their credentials to enter a secure server room. As the administrator is entering the door, someone is walking up to the door with their hands full of equipment and appears to be struggling to move items around while searching for their credentials. The system administrator quickly begins to assist by getting items out of the person's hands, and they walk into the room together. This person is not an employee, but someone attempting to gain unauthorized access to the server room. What type of social engineering has occurred? A.Familiarity/liking B.Consensus/social proof C.Authority and intimidation D.Identity fraud
Consensus/social proof
A senior administrator is teaching a new technician how to properly develop a standard naming convention in Active Directory (AD). Examine the following responses and determine which statements are sound advice for completing this task. (Select all that apply.) A.Create as many root-level containers and nest containers as deeply as needed B.Consider grouping Organizational Units (OU) by location or department C.Build groups based on department, and keep all accounts, both standard and administrative, in the same group D.Within each root-level Organizational Unit (OU), use separate child OUs for different types of objects
Consider grouping Organizational Units (OU) by location or department Within each root-level Organizational Unit (OU), use separate child OUs for different types of objects
A startup designs a new online service and uses a serverless approach for some business functions. With this approach, how does the startup accomplish these functions? (Select all that apply.) A.Virtual machines B.Containers C.Single service D.Orchestration
Containers Orchestration
During weekly scans, a system administrator identifies a system that has software installed that goes against security policy. The system administrator removes the system from the network in an attempt to limit the effect of the incident on the remainder of the network. Apply the Computer Security Incident Handling Guide principles to determine which stage of the incident response life cycle the administrator has entered. A.Preparation B.Identification C.Containment, eradication and recovery D.Lessons learned
Containment, eradication and recovery
Code developers de-conflict coding with one another during which phase of the software development life cycle (SDLC)? A.Continuous integration B.Continuous delivery C.Continuous validation D.Continuous monitoring
Continuous integration
A systems engineer decides that security mechanisms should differ for various systems in the organization. In some cases, systems will have multiple mechanisms from multiple sources. Which types of diversity does the engineer practice? (Select all that apply.) A.Control B.Vendor C.Change D.Resiliency
Control Vendor