CTS1120 Study Guide
14. Which utility sends custom TCP/IP packets?
hping
7. Olivia is explaining to a friend about digital certificates. Her friend asks what two entities a digital certificate associates or binds together. What would Olivia say?
**INCORRECT** A private key with a digital signature
15. Which of the following is NOT a feature of a next-generation SWG?
**INCORRECT** Analyze traffic encrypted by SSL
9. Who verifies the authenticity of a CSR?
**INCORRECT** Certificate authority
6. Proteus has been asked to secure endpoints that can be programmed and have an IP address so that they cannot be used in a DDoS attack. What is the name for this source of DDoS attack?
**INCORRECT** Network IoT
4. Emilie is reviewing a log file of a new firewall. She notes that the log indicates packets are being dropped for incoming packets for which the internal endpoint did not initially create the request. What kind of firewall is this?
**INCORRECT** Packet filtering firewall
13. Which of the following is NOT a means by which a newly approved root digital certificate is distributed?
**INCORRECT** Pinning
7. Oliwia has been given a project to manage the development of a new company app. She wants to use a cloud model to facilitate the development and deployment. Which cloud model will she choose?
**INCORRECT** XaaS
12. Which of these is NOT used in scheduling a load balancer?
Data within the application message itself
14. Nadia has been asked to perform dynamic resource allocation on specific cloud computing resources. What action is Nadia taking?
Deprovisioning resources that are no longer necessary
11. Which of the following is not to be decrypted but is only used for comparison purposes?
Digest
6. What is the strongest technology that would assure Alice that Bob is the sender of a message?
Digital certificate
8. What is the difference between a DoS and a DDoS attack?
DoS attacks use fewer computers than DDoS attacks.
17. Juan needs a certificate that must only authenticate that a specific organization has the right to use a particular domain name. What type of certificate does he need?
Domain validation
17. Basil was reading about a new attack that forces the system to abandon a higher cryptographic security mode of operation and instead fall back to an older and less secure mode. What type of attack is this?
Downgrade attack
18. How is confidentiality achieved through IPsec?
ESP
19. Which of the following will NOT protect a container?
Eliminate APIs.
11. Which of the following functions does a network hardware security module NOT perform?
Fingerprint authentication
4. Deacon has observed that the switch is broadcasting all packets to all devices. He suspects it is the result of an attack that has overflowed the switch MAC address table. Which type of attack is this?
MAC flooding
9. The CEO is frustrated by the high costs associated with security at the organization and wants to look at a third party assuming part of their cybersecurity defenses. Nikola has been asked to look into acquiring requests for proposal (RFPs) from different third parties. What are these third-party organizations called?
MSSPs
1. Which attack intercepts communications between a web browser and the underlying OS?
Man-in-the-browser (MITB)
19. Hanna has received a request for a data set of actual data for testing a new app that is being developed. She does not want the sensitive elements of the data to be exposed. What technology should she use?
Masking
2. Cryptography can prevent an individual from fraudulently reneging on an action. What is this known as?
Nonrepudiation
11. Elton needs his application to perform a real-time lookup of a digital certificate's status. Which technology would he use?
Online Certificate Status Protocol (OCSP)
11. Theo uses the Python programming language and does not want his code to contain vulnerabilities. Which of the following best practices would Theo NOT use?
Only use compiled and not interpreted Python code.
6. What are public key systems that generate different random public keys for each session?
Perfect forward secrecy
17. Which of the following is a tool for editing packets and then putting the packets back onto the network to observe their behavior?
Tcpreplay
3. What is the result of an ARP poisoning attack?
The ARP cache is compromised.
12. What is Bash?
The command-language interpreter for Linux/UNIX OSs
5. What is low latency?
The time between when a byte is input into a cryptographic cipher and when the output is obtained.
15. Which is the first step in a key exchange?
The web browser sends a message ("ClientHello") to the server.
11. Which of the following is NOT correct about high availability across zones?
They require that specific security appliances be located on-prem so that the local data center can be considered as a qualified Zone.
12. What is the purpose of certificate chaining?
To group and verify digital certificates
8. Which of the following can a digital certificate NOT be used for?
To verify the authenticity of the CA
13. Gregory wants to look at the details about the patch a packet takes from his Linux computer to another device. Which Linux command-line utility will he use?
Traceroute
18. Estevan has recommended that the organization hire and deploy two security guards in the control room to limit the effect if one of the guards has been compromised. What is Estevan proposing?
Two-person integrity/control
16. Which type of hypervisor runs directly on the computer's hardware?
Type I
6. Which of these appliances provides the broadest protection by combining several security functions?
UTM
16. Eros wants to change a configuration file on his Linux computer. He first wants to display the entire file contents. Which tool would he use?
cat
3. What entity calls in crypto modules to perform cryptographic tasks?
Crypto service provider
10. Which of the following is NOT a Microsoft defense against macros?
Trusted domain
16. What is the file extension for a Cryptographic Message Syntax Standard based on PKCS#7 that defines a generic syntax for defining digital signature and encryption?
.P7B
5. What is a virtual firewall?
A firewall that runs in the cloud
10. Which of the following is NOT a cloud computing security issue?
Bandwidth utilization
20. Which of the following does NOT describe an area that separates threat actors from defenders?
Containment space
1. Which is an IPsec protocol that authenticates that packets received were sent from the source?
AH
13. In which of the following configurations are all the load balancers always active?
Active-active
14. Which of these is the strongest symmetric cryptographic algorithm?
Advanced Encryption Standard
15. If Bob wants to send a secure message to Alice using an asymmetric cryptographic algorithm, which key does he use to encrypt the message?
Alice's public key
2. Which firewall rule action implicitly denies all other traffic unless explicitly allowed?
Allow
9. Which type of monitoring methodology looks for statistical deviations from a baseline?
Anomaly monitoring
13. Deo has been asked to explain RSA to his colleague. After his explanation, Deo is asked what, if any, weaknesses RSA has. How would Deo respond?
As computers become more powerful, the ability to compute factoring has increased.
5. What is the name of the device protected by a digital certificate?
CN
14. Which block cipher mode of operating requires that both the message sender and receiver access a counter that computes a new value whenever a ciphertext block is exchanged?
CTR
10. A centralized directory of digital certificates is called a(n) _____.
Certificate repository (CR)
2. Which is an IPsec protocol that authenticates that packets received were sent from the source?
Certified attributes
12. Which of these is NOT a characteristic of a secure hash algorithm?
Collisions should occur no more than 15 percent of the time
3. Aleksandra, the company HR manager, is completing a requisition form for the IT staff to create a type of cloud that would only be accessible to other HR managers like Aleksandra who are employed at manufacturing plants. The form asks for the type of cloud that is needed. Which type of cloud would best fit Aleksandra's need?
Community cloud
5. Tomaso is explaining to a colleague the different types DNS attacks. Which DNS attack would only impact a single user?
DNS poisoning attack
8. Maja has been asked to investigate DDoS mitigations. Which of the following should Maja consider?
DNS sinkhole
4. Alicja is working on a project to deploy automated guided vehicles on the industrial shop floor of the manufacturing plant in which she works. What location of computing would be best for this project?
Fog
14. Which device intercepts internal user requests and then processes those requests on behalf of the users
Forward proxy server
20. Which of these provides cryptographic services and is external to the device?
Hardware Security Module (HSM)
7. Which of the following contains honeyfiles and fake telemetry?
High-interaction honeypot
2. Calix was asked to protect a system from a potential attack on DNS. What are the locations he would need to protect?
Host table and external DNS server
8. Which cloud model requires the highest level of IT responsibilities?
IaaS
7. Which of the following is NOT a reason that threat actors use PowerShell for attacks?
It can be invoked prior to system boot.
19. Which of the following is NOT a characteristic of the Trusted Platform Module (TPM)?
It can easily be transported to another computer
4. Which of the following is FALSE about "security through obscurity"?
It can only provide limited security
10. Which statement regarding a demilitarized zone (DMZ) is NOT true?
It contains servers that are used only by internal network users.
20. How does BPDU guard provide protection?
It detects when a BPDU is received from an endpoint.
9. Which of the following is NOT true about VBA?
It is being phased out and replaced by PowerShell
17. Which of the following is NOT correct about L2TP?
It must be used on HTML5 compliant devices.
13. Which of the following is true about secrets management?
It provides a central repository.
19. Which of the following sensors can detect an object that enters the sensor's field?
Proximity
3. Brielle is researching substitution ciphers. She came across a cipher in which the entire alphabet was rotated 13 steps. What type of cipher is this?
ROT13
2. Zuzana is creating a report for her supervisor about the cost savings associated with cloud computing. Which of the following would she NOT include on her report on the cost savings?
Reduction in broadband costs
8. Which of these is NOT a basic security protection for information that cryptography can provide?
Risk
18. Which of the following virtualizes parts of a physical network?
SDN
20. Which of the following provides the highest level of security?
SFTP
10. Which of the following is NOT a symmetric cryptographic algorithm?
SHA
9. Cicero is researching hash algorithms. Which algorithm would produce the longest and most secure digest?
SHA3-512
20. Which is a protocol for securely accessing a remote computer in order to issue a command?
Secure Shell (SSH)
6. What does the term "serverless" mean in cloud computing?
Server resources of the cloud are inconspicuous to the end user.
4. _____ are symmetric keys to encrypt and decrypt information exchanged during the session and to verify its integrity.
Session keys
15. Which of the following is a third-party OS penetration testing tool?
Sn1per
18. What is a collision?
Two files produce the same digest
16. Which of the following is not a basic configuration management tool?
MAC address schema
5. Wiktoria is frustrated that her company is using so many different cloud services that span multiple cloud provider accounts and even different cloud providers. She wants to implement a technology to give full control and visibility over all the cloud resources, including network routing and security. What product does Wiktoria need?
Transit gateway
18. Which of the following is NOT a NAC option when it detects a vulnerable endpoint?
Update Active Directory to indicate the device is vulnerable.
1. Which of the following is NOT a firewall rule parameter?
Visibility
12. Which of these is NOT created and managed by a microservices API?
User experience (UX)
1. Which of the following is NOT a characteristic of cloud computing?
Visible resource pooling
17. Which of the following is NOT correct about containers?
Containers require a full OS whenever APIs cannot be used.
19. Which refers to a situation in which keys are managed by a third party, such as a trusted CA?
Key escrow
7. What is data called that is to be encrypted by inputting it into a cryptographic algorithm?
Plaintext
3. Leah is researching information on firewalls. She needs a firewall that allows for more generic statements instead of creating specific rules. What type of firewall should Leah consider purchasing that supports her need?
Policy-based firewall
15. Sofie needs to configure the VPN to preserve bandwidth. Which configuration would she choose?
Split tunnel
1. Which of the following hides the existence of information?
Steganography
16. Egor wanted to use a digital signature. Which of the following benefits will the digital signature NOT provide?
Verify the receiver
