Cyber Security Questions
As a chief information security officer (CISO) of her organization, Jennifer is working on an incident classification scheme and wants to make her design on the National Institute of Standards and Technology's (NIST's) definitions. Which of the following classification scheme should she use to describe users accessing a file that users are not authorized to view?
Adverse event
If SLE of a specific risk is $25,000 and ARO occurs once every four years, then what will be its ALE?
$6,250
Which of the following statements are true about function as a service (FaaS)? Each correct answer represents a complete solution. Choose all that apply.
1) It offers Amazon's Lambda services. 2) It is used to execute or trigger functions written by developers. 3) It allows cloud customers for the serverless application architecture.
Rex is a security administrator for a company. He wants to limit the security team's ability to remediate vulnerabilities. Which of the following business documents should he use as a reference for remediating such vulnerabilities? Each correct answer represents a complete solution. Choose two.
1) MOU 2) SLA
Alex has access to a full suite of network monitoring tools and wants to use appropriate tools to monitor network bandwidth consumption. Which of the following is a common method of monitoring network bandwidth usage? Each correct answer represents a complete solution. Choose all that apply.
1) Packet sniffing 2) Flow 3) SNMP
Jim is considering locating a new business in the downtown area of Miami, Florida. He consults the FEMA flood plain map for the region and determines that the area he is considering suffers from flood plain twice a year. What is the ARO of a flood in this area?
2.0
A user is configuring a jump box server from which system administrators will connect their laptops. Which one of the following ports should not be open on the server?
23
George recently ran a port scan on a network device used by his organization and found some open ports. Which of the following open ports represents the most significant possible security vulnerability?
23
Rick, a network administrator, is preparing a firewall rule that will allow network traffic from external systems to a web server, which is running the HTTPS protocol. Which TCP port must he allow to pass through the firewall?
443
Vincent works as a security analyst in an organization. He is responding to a security incident that compromised one of his organization's web servers. He does not believe that attackers modified or stole any information, but they did disrupt access to the organization's website. Which cybersecurity objective did this attack violate in the given scenario?
Availability
Cheryl, a security analyst, has decided to use Wireshark for capturing and analyzing network data in a GUI. What advantages of Wireshark must be the reasons behind Cheryl's decision?
1) It is available for multiple platforms, such as Windows and Android. 2) It provides detailed information about packets within a network.
Which of the following categories of threat requires that cybersecurity analysts consider the capability, intent, and the likelihood that the threat will target the organization?
Adversarial
Maria is a security analyst in the XYZ company. Management has asked her to implement a solution that helps users to authenticate them using three or more pieces of information. For that purpose, she is implementing multifactor authentication (MFA). Which of the following MFA combinations should she implement in the given scenario?
Biometrics, smart cards, and strong passwords
After completing an incident response process and providing a final report to management, which step should Casey use to identify improvements in her incident response process?
Conduct a lessons-learned review.
Which protocol provides an encryption key and a digital signature that verifies that an email message was not forged or altered?
DKIM
Malena works as a cybersecurity analyst in an XYZ company. Her company assigned her to investigate threats using the threat intelligence cycle. Using this process, she started her work by assessing what kinds of security breaches or compromises her company has faced and according to intelligence requirements, she started collecting data from threat intelligence sources. What should be Malena's next step in the given scenario?
Data processing and analysis
Anaa is working as a network administrator for a company. She has received multiple issues from the employees of the application department that they cannot access the company's website. For that purpose, she has decided to conduct some fact-finding. Upon her investigation, she found that the company's server cannot resolve the hostnames (or URLs) to IP addresses. Which of the following is causing this issue in the given scenario?
Domain Name System
Cindy works as a cybersecurity analyst in an XYZ organization. She conducts a cybersecurity risk assessment and considers the impact of a failure of her city's power grid that might have on the organization. Which type of threat is Cindy facing in the given scenario?
Environmental
You've been asked to implement a policy that defines how retired hard drives are sanitized securely. Which of the following would be the least acceptable?
Format hard drives.
Paul is researching models for providing guidance on best practices in the industry for implementing an information technology help desk. Which of the following standard frameworks should Paul use for this implementation?
ITIL
Rex works as a cybersecurity analyst in an organization. He has been asked to improve the delivery of IT services. Management requests him to follow the guidelines outlined in available frameworks. Which framework would Rex most likely use?
ITIL
As Lauren prepares her organization's security practices and policies, she wants to address as many threat vectors as she can using an awareness program. Which of the following threats can be most effectively dealt with via an awareness program?
Improper usage
Which of the following attacks specifically targets directory servers?
LDAP injection
Mark, a security analyst, wants to analyze an incident and determine actions that were taken during the analysis and steps needed to prevent a future occurrence. Which of the following will he use in the given scenario?
Lessons learned report
Charles wants to limit what potential attackers can gather during passive or semi-passive reconnaissance activities. Which of the following actions will reduce his organization's reconnaissance the most?
Limit information available via an organization's website without authentication.
Max works as a penetration tester in an organization. He acquired access to a client's Amazon Web Services (AWS) account while performing penetration testing on a system. He would like to determine which access level does a client have to the account. Which of the following tools would help Max to determine the level in the given scenario?
Pacu
Which of the following is a process of discovering the technological principles of a device, an object, or a system through analysis of its structure, function, and operation?
Reverse engineering
Rob is an auditor who is reviewing the payment process used by a company to issue checks to vendors. He notices that Helen, a staff accountant, is the person responsible for creating new vendors. Norm, another accountant, is responsible for issuing payments to vendors. Helen and Norm are cross-trained to provide backup to each other. Which type of security violation in the company is getting violated in the given scenario?
Separation of duties
A company wants to implement security during the software development lifecycle (SDLC) process. To achieve this task, the company wants to employ a method that detects weaknesses in an application before execution. Which code analysis method provides the feature mentioned in the given scenario?
Static
Adam is responsible for one of the servers that recently ran out of disk space. Despite system-level alarms, the problem was not detected, resulting in an outage when the server crashed. In which NIST's threat category, Adam should categorize this issue for the given scenario?
Structural threat
During which phase of the software development life cycle (SDLC) model does UAT occur?
Testing and integration
The Diamond Model of Intrusion Analysis uses four main concepts as part of its threat mapping. Which of the following is not one of those four concepts?
Threat
As a U.S. government employee, Michael recognizes the difficulty of ensuring source authenticity and operates a program for critical defense systems. What is this program known as?
Trusted foundry
Two different organizations are merging and throughout the acquisition process, all data on the virtualized file server must be shared by the respective departments of both the organizations. These organizations consider data ownership to determine which of the following?
Which user will have access to which data
Johann is troubleshooting a network connectivity issue and wants to determine the path that packets follow from his system to a remote host. Which command would best assist him with the task in the given scenario?
tracert
Suzanne is the chief information security officer (CISO) at a major non-profit hospital group and is given the responsibility to handle medical records. Which of the following regulations most directly covers the way she uses to handle these medical records?
HIPAA
Ryan, a penetration tester, needs a password-cracking tool to crack passwords that work at a very high rate of speed. Which of the following tools should he use?
Hashcat
Mike is configuring vulnerability scans for a new web server in his organization. The server is located on the demilitarized zone (DMZ) network, as shown in the figure. Which type of scans should he configure for the best results?
He should perform both internal and external vulnerability scans of a web server.
Ria wants to deploy an anti-malware tool to analyze zero-day malware. Which type of data analysis method should she perform to achieve the given task?
Heuristic
Which of the following methods of analysis identifies the nature of an entity by subjecting it to a particular environment?
Heuristic
Which of the following allows a user to deploy, configure, and manage data centers through scripts?
IaC
Ben works as a cybersecurity analyst in an ABC organization. He is preparing to conduct a cybersecurity risk assessment process for his organization. For the risk assessment, he chooses to follow the standard process proposed by NIST. Which of the following steps be the first step that Ben would perform in the given scenario?
Identify threats.
What strategy does the National Institute of Standards and Technology (NIST) suggest about identifying attackers during an incident response process?
Identifying attackers is not an important part of the incident response process
Which of the following is a written document and used in those cases where parties do not imply a legal commitment or situations where parties are unable to create a legally enforceable agreement?
Memorandum of understanding
Bob recently implemented an intrusion prevention system designed to block common network attacks from affecting his organization. Which type of risk management strategy is he implementing in the given scenario?
Mitigation
Ashley is working with software developers to evaluate the security of an application they are upgrading. She is performing testing that slightly modifies the application code to help in identifying errors in code segments that might be infrequently used. Which type of testing is she performing in the given scenario?
Mutation testing
Which type of firewall provides the greatest degree of contextual information and can include information about users and applications in its decision-making process?
NGFW
Robert works as a security analyst in an organization. His organization has a Bring Your Own Device (BYOD) policy and he would like to ensure that devices connected to the network under this policy have current antivirus software. Which technology can best assist Robert to accomplish the given task in this scenario?
Network access control
Which of the following is an administrative control that can protect the confidentiality of sensitive information?
Nondisclosure agreement
Which of the following objectives is not one of the three main objectives that information security professionals must achieve to protect their organizations against cybersecurity threats?
Nonrepudiation
Eric leads a team of software developers and wants to help them in understanding the most important security issues in web application development. Which of the following sources would provide Eric with the most useful resource?
OWASP
Jill works as a security analyst for an ABC company. The higher authority of his company is considering cloud migration for the production environment, which handles marketing, billing, and logistics. They asked Jill for recommending a model to accomplish their goal. Which cloud deployment model will Jill recommend using in the given scenario?
Private cloud
What is the primary role of management in the incident response process?
Providing authority and resources required during a response
Taylor is reviewing the results of a security assessment and evaluating potential risk treatment strategies. To prioritize response actions, she uses cost-based metrics to identify the exposure factor of the weakness identified. Which of the following is she performing to review the results in the given scenario?
Quantitative risk assessment
During the 802.1x authentication process, which protocol does the authenticator use to communicate with the authentication server?
RADIUS
Rena works as an employee in a company. She is facing an issue that her system's screen becomes blank with a message requesting payment or else her hard drive will be formatted. Which of the following types of malware is on Rena's system?
Ransomware
Which tool is used to find Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access II (WPA2) passphrases specifically on networks that support the Wi-Fi Protected Setup (WPS) feature?
Reaver
Barry, a cybersecurity analyst, is participating in a cybersecurity wargame exercise. His role is to attempt to break into adversary systems. In which team does Barry belong to?
Red team
Paul works as a risk analyst in an organization. He recently completed a risk assessment and determined that his network was vulnerable to hackers as the network was connecting to open ports on servers. He implemented a network firewall to reduce the likelihood of a successful attack. Which risk management strategy did Paul choose to pursue in the given scenario?
Risk mitigation
After conducting a qualitative risk assessment of her organization, Sia recommends purchasing a cybersecurity breach insurance policy. What type of risk response behavior is she recommending to her organization in the given scenario?
Risk transference
Which of the following is unauthorized equipment that is attached to a network or assets which create a side channel for an attack?
Rogue hardware
An attack is performed on a web application where a string of characters is entered and input validation is bypassed to display some additional information. Which attack is being performed in the given scenario?
SQL injection
Lisa is following the CompTIA process for validation after a compromise. Which of the following activities should be included in the validation phase?
Setting permissions
Lauren works as a security officer for an organization. From a security point of view, she wants to ensure that devices, systems, or spaces are not accessed while she is not available in the office. Which of the following should Lauren use to achieve the task in the given scenario?
Tamper-proof seal
Which of the following issues is the fuzz testing methodology most likely to detect?
Unvalidated inputs
Kevin works as a security analyst in an organization. To protect his organization against SQL injection, cross-site scripting, and similar attacks, he would like to implement a specialized firewall. Which technology should he choose for the implementation process explained in the given scenario?
WAF
Dennis is developing a checklist that will be used by different security teams within his large organization. Which Security Content Automation Protocol (SCAP) component can he use to write this checklist and report results in a standardized fashion?
XCCDF
Sam works as a cybersecurity analyst for a company. He wants to make a full copy of an image for forensics use. Which of the following command utilities would he use to achieve the given task?
dd
Which of the following techniques is used to automatically detect and block malicious software that does not match known malware signatures?
Sandboxing
During the analysis of an incident that took place on Tammy's network, she discovered that an attacker used a stolen cookie to access a web application. Which of the following attack types most likely occurred in the given scenario?
Session hijacking
Which of the following threats are nation state-sponsored organizations with significant resources and capabilities and provide the highest level of threat on the adversary tier list?
APTs
During a routine upgrade, Maria inadvertently changes permissions of a critical directory, causing an outage of her organization's Remote Authentication Dial-In User Service (RADIUS) infrastructure. In which NIST's threat category, Maria should categorize this outage for the given scenario?
Accidental threat
Cynthia wants to build scripts to detect malware beaconing behavior. Which of the following is not a means of identifying malware beaconing behavior for building scripts on a network?
Beacon protocol
Which of the following ESA frameworks was created by ISACA and provides a structure for IT management and governance?
COBIT
Juan works in an investigation department. He gathers the evidence that can be used in court to convict persons of crimes. Which of the following is used to address the reliability and credibility of the evidence?
Chain of custody
Chris is implementing cryptographic controls to protect his organization and wants to use defense-in-depth controls to protect sensitive information stored and transmitted by the organization's web server. Which of the following controls would be least suitable to directly provide protection in the given scenario?
DLP
Mike's company recently suffered a security incident where they lost control of thousands of personal customer records. Many of these records were from projects that ended long ago and served no business purpose. Which type of policy, if followed, would have best limited the impact of the security incident in the given scenario?
Data retention
Your organization enforces new data privacy laws, such as general data protection regulation (GDPR), which significantly restricts that information should be converted and stored in binary digital form. Which of the following concepts does this law encompass?
Data sovereignty
Rica, a security administrator, requires multiple layers of security controls to be placed throughout the IT infrastructure, which improves the security posture of an organization to defend against malicious attacks or potential vulnerabilities. Which of the following will she use to fulfill her requirements in the given scenario?
Defense-in-depth
While engaging in an attack, an attacker sends an email message to the targeted victim that contains malicious software as an attachment. Which phase of the Cyber Kill Chain is occurring in the given scenario?
Delivery
Which of the following approaches is an example of a formal code review process?
Fagan inspection
Jason, a network administrator, used to access the Internet frequently, which makes the company's files susceptible to attacks due to unauthorized access. He wants to protect his company's network from external attacks. Which of the following should Jason use to achieve his aim in the given scenario?
Firewall
Which of the following steps occurs first during the attack phase of a penetration test?
Gaining access
Kaitlyn's organization recently set a new password policy that requires all passwords should have a minimum length of 10 characters and meet certain complexity requirements. She would like to enforce this requirement for the Windows systems in her domain. Which type of control would most easily allow this?
Group Policy Object
Tom works as an administrator in an organization. He would like to deploy consistent security settings to all of his Windows systems simultaneously. Which technology can Tom use to achieve this goal in the given scenario?
Group Policy Objects
A network administrator must install a device that will proactively stop outside attacks from reaching the LAN. Which of the following devices should a network administrator install in the given scenario?
Intrusion prevention system (IPS)
Which of the following is an example of operational security control?
Penetration test
Which of the following uses active tools and security utilities to find security by simulating an attack on a system?
Penetration test
A fire suppression system is an example of which type of control?
Physical
During which phase of a penetration test will a tester obtain written authorization to conduct the test?
Planning
Pete, a network administrator, wants to create an entire virtual network with all of the virtual devices needed to support a service or an application. Which of the following cloud models will he use to accomplish the task?
Platform as a service
Ursula is a security group's administrator for an organization. Her organization provides web services that participate in federated identity management using the OAuth framework. Her group role is to operate the web service that end users access once they have received authorization from their identity provider. Which type of OAuth component does her group manage?
Resource servers
Which of the following enables security personnel to take defensive actions more quickly by providing real-time or near-real-time analysis of security alerts generated by network hardware and applications?
SIEM
Kieran is evaluating forensic tools and would like to consider the use of an open source forensic suite. Which of the following toolkits would best meet his needs?
SIFT
Eric believes that his organization has several vulnerable systems that have been scanned by third parties. If he wants to check publicly available vulnerability information, which of the following should Eric perform?
Search for his domain in Shodan.
In an organization, several employees clicked on a link in a malicious message that bypassed the spam filter and as a result, their PCs were infected with malware. Which of the following would best prevent this situation from occurring in the future?
Security awareness training
During a forensic investigation, Shelly is told to look for information in the slack space on a drive. Where should she look and what is she likely to find?
She should look at the unused space left when a file is written and find file fragments from deleted files.
Which of the following security controls is designed to provide continuity for security responsibilities?
Succession planning
Juan, a network analyst, is configuring a new device that will be connected to join his organization's wireless network. The wireless network uses 802.1x authentication. Which type of agent must be running on the device to connect to this network?
Supplicant
Sam needs to deploy a tool that includes resources and utilities to manage, diagnose, troubleshoot, and monitor a Microsoft Windows environment. Which tool should Sam use?
Sysinternals
Garrett is working with a database administrator (DBA) to correct security issues on several servers managed by the database team. He would like to extract a report for the DBA that will provide useful information to assist him in the remediation of such issues. Of the report types shown in the following figure, which would be most useful to the DBA team in the given scenario?
Technical
James works as a security analyst in an organization. He wants to select a threat framework for his organization. He preferred a framework that includes steps to identify victims, capabilities, and infrastructure of a cybersecurity event. Which of the following would be James's best choice as per his preferences?
The Diamond Model of Intrusion Analysis
Ian is reviewing the security architecture as shown in the following figure: The given architecture is designed to connect a local data center with an IaaS service provider that Ian's company is using to provide overflow services. Which component is being represented by the question mark (?) symbol in Figure A to provide a secure encrypted network connection?
VPN
Tommy, a data analyst in an organization, is assessing the security of several database servers in his datacenter. During his assessment process, he realizes that one of the databases is missing a critical Oracle security patch. Which type of situation has Tommy detected in the given scenario?
Vulnerability