CySa+
Darien last ran a vulnerability scan a year ago. Which of the following could he expect to have changed if he ran the scan again today? a. Vulnerability ID of previously found items b. Published date c. CVSS temporal score d. CVSS base score
c. CVSS temporal score The CVSS temporal score reflects the current characteristics of a vulnerability that may have changed over time.
Morwenna wants to install Nessus for a trial run on her company's infrastructure. Which of the following is the default method of installation? a. FTPS b. SCP c. HTTPS d. SFTP
c. HTTPS HTTPS is the default method for the installation of Nessus.
Muhammed is a cybersecurity engineer for a quickly growing organization. He is concerned that his team may not be able to keep up with the growth, and that a system might remain vulnerable to certain exploits. He is considering taking advantage of the cloud to help accommodate the growth. Which of the following might he choose to use? a. SIEM b. SaaS c. SECaaS d. IaaS
c. SECaaS Security as a Service is an outsourced model in which security services are delivered from the cloud to the organization. The service provider is responsible for updates and automated monitoring services while the organization is responsible for configuring implementation of the services with their systems.
Toria's manager has asked her to implement a new system that uses X.500. She knows the information that is looked up needs to be stored somewhere. What is the name of the part of the setup that stores the information? a. MIB b. UDP c. TID d. DIB
d. DIB A directory information base is used to store information in an X.500 setup.
The CISO of an organization wants to determine what real attackers could do if they decided to attack his company. Which of the following types of tests would be the most appropriate to meet the CISO's goals? a. Red box b. Blue box c. White box d. Black box
d. Black box In black box testing, the testers have little to no knowledge of the organization or system they are testing.
Which of the following regulations does not address notification of individuals or a government entity in the event of a data breach? a. CCPA b. PIPEDA c. HIPAA d. GDPR
a. CCPA The California Consumer Privacy Act does not contain requirements for notification in the event of a data breach.
Neo wants to consolidate real-time monitoring and management of security-related information with analysis and reporting of events. Which of the following might he want to implement? a. IGRP b. IMEI c. SERP d. SIEM
d. SIEM Security Information and Event Management products consolidate real-time monitoring and management of security information with analysis and reporting of security events.
Nadia, a cybersecurity analyst, has installed a vulnerability scanning application called Nessus that uses modular updates she can download and install as needed. Which of the following terms may be used to describe these updates? a. Updates b. Patches c. Service packs d. Plug-ins
d. Plug-ins Plug-ins are updates to the Nessus vulnerability scanning software modules.
Morwenna wants to install Nessus for a trial run on her company's infrastructure. Which of the following is the default method of installation? a. FTPS b. SFTP c. HTTPS d. SCP
c. HTTPS HTTPS is the default method for the installation of Nessus.
A startup company has invented a new IoT device and stored the design documents on an internal network share. Which of the following types of data are they trying to protect? a. PHI b. PCI c. IP d. PII
c. IP Intellectual property is a creation or invention of the mind. It includes things that can be trademarked, copyrighted, and patented.
Chase has found a virtual machine on one of the hosts in the data center that has been capturing packets, logging all of the GET and POST requests and parameters, and forwarding that information outside of the network. Which of the following best describes what he might have discovered? a. Interception proxy b. Port scanner c. Fuzzer d. Ransomware
a. Interception proxy An interception proxy is a tool used to analyze traffic between users on a network and a destination server. In some cases, the proxy may even modify or inject new code into the traffic before forwarding it to the destination.
Hattie has just been promoted to the cybersecurity team within her organization. Her new manager recommends reading up on cybersecurity guidelines that have been published by theU.S.government. Which of the following should she become familiar with? a. COBIT b. NIST c. TOGAF d. ITIL
b. NIST The National Institute of Standards and Technology is a non-regulatory agency of the U.S. Department of Commerce that publishes guidelines for helping private companies identify, detect, and respond to cyberattacks.
Phillida, a cybersecurity analyst, is comparing vulnerability scanning products for potential use in her organization. She reads that Nessus uses a combination of machine learning and threat intelligence to produce which of the following? a. VSP b. VPR c. VCR d. VPC
b. VPR Nessus uses a combination of machine learning and threat intelligence to produce a vulnerability priority rating.
Cece, a penetration tester, has been hired by a company to attempt to breach the company's systems and gain access to whatever she can, just as if she were a real threat actor. Which of the following might be one of the initial tests that she performs? a. A push-based vulnerability scan b. An agent-based vulnerability scan c. A non-credentialed vulnerability scan d. A credentialed vulnerability scan
c. A non-credentialed vulnerability scan In the beginning stages of a penetration test, the tester doesn't have access to any systems, as this is the discovery phase. Thus, a non-credentialed scan is the best answer for this scenario.
Brianne wants to find some best practices to share with the development team in her organization. Which of the following is not a good source for this type of information? a. CIS b. OWASP c. ARIN d. SANS
c. ARIN ARIN is the American Registry for Internet Numbers. It administers IP addresses. It does not provide best practices for software development.
Araya has been tasked with implementing a new set of procedures for the onboarding and offboarding of employees. Which of the following types of controls does this new task fall into? a. Supervisory controls b. Physical controls c. Administrative controls d. Logical controls
c. Administrative controls Administrative controls include creating policies, procedures, and guidelines that define business practices to align with the organization's security goals.
A consultant is hired to analyze some of the most critical and confidential systems in an organization. Which of the following will most likely be necessary as part of the work? a. SLA b. OLA c. NDA d. HIPAA
c. NDA A non-disclosure agreement states that any information learned by the consultant will be highly confidential and is not to be disclosed to anyone who isunauthorized to view the information.
Thierry wants to implement a method of analyzing network traffic to detect attacks by using a database of known attacks for comparison. Which of the following methods of analysis meets his goal? a. Anomaly analysis b. Availability analysis c. Signature analysis d. Behavioral analysis
c. Signature analysis Signature analysis uses a database of signatures for comparison to determine whether network activity may be part of an attack.
A network engineer is designing a new subnet to be deployed in the neighboring building that her organization just purchased. She wants to ensure that certain protocols are not allowed to communicate between the existing subnets and the new subnet. Which of the following should the network engineer configure on the router connecting the two buildings? a. SID b. DAC c. MAC d. ACL
d. ACL An access control list is a set of rules that can be applied to interfaces on routers that allow or deny certain types of traffic. Standard access control lists can filter traffic based on source or destination, while extended access control lists can also take into account the port or protocol being used.
Nephele is looking at the vulnerabilities found in her organization. She wants to figure out which ones must be present or addressed from the local network compared to the ones that must be addressed either from an adjacent network or other network. Which of the following metrics covers this information? a. User interaction b. Scope c. Attack complexity d. Attack vector
d. Attack vector The attack vector describes the type of network access necessary to exploit a vulnerability.
Petronilla, a cybersecurity researcher, has just received a call from a client who reports that someone has redirected multiple A record entries on their recursive server to an incorrect IP address. Which of the following has occurred? a. DNS manipulation b. Authoritative DNS modification c. ARP manipulation d. DNS poisoning
d. DNS poisoning A recursive DNS server is a caching name server that acts as a middleman so that DNS queries by local users don't need to go all the way to the authoritative name server to resolve, as long as the cached entry is still valid. If a threat actor is able to manipulate the data in that cache, it is known as DNS poisoning.
Phillida, a cybersecurity analyst, is comparing vulnerability scanning products for potential use in her organization. She reads that Nessus uses a combination of machine learning and threat intelligence to produce which of the following? a. VSP b. VCR c. VPC d. VPR
d. VPR Nessus uses a combination of machine learning and threat intelligence to produce a vulnerability priority rating.
Dimitri wants to install Nessus on the systems within his network, but is concerned that Nessus may not be compatible with certain types of devices in his company. Which of the following is Nessus not compatible with? a. Windows b. macOS c. Linux d. UNIX e. None of the above. It is compatible with all of these options.
e. None of the above. It is compatible with all of these options. Nessus is compatible with all of the other choices listed.
Match each of the following output types with the command switch used with nmap to generate that type of output: QuestionCorrect MatchSelected Match Interactive a. (Default) a. (Default)Interactive output stored in a file b. -oN b. -oNOutput in Extensible Markup Language c. -oX c. -oXOutput that can be manipulated using Linux command-line tools d. -oG d. -oG All Answer Choices a. (Default) b. -oN c. -oX d. -oG
a. (Default) b. -oN c. -oX d. -oG
Faranoush is examining the CVSS Base Score Exploitability Metrics to better understand the information she sees in her report. Which of the following reflects the ability of a vulnerability in one software component to impact other resources? a. Attack complexity b. User interaction c. Attack vector d. Scope
d. Scope The scope reflects the ability of the vulnerability in one software component to impact other resources.
Jorge is reviewing the firewall logs and sees 28 echo requests leaving the network and ICMP echo replies coming back over the course of a five-minute period. Which of the following is most likely the cause of this traffic? a. This is standard voice-over-IP traffic and is no cause for concern. b. Users are streaming multimedia from a popular video-sharing website. c. These are authentication requests for single sign-on using federation with large websites. d. Someone has run multiple ping tests from the network to an outside address.
d. Someone has run multiple ping tests from the network to an outside address. With both ping and tracert/traceroute, an ICMP echo request is sent to a particular host address. Assuming that ICMP isn't blocked at the firewall, the host will respond with an ICMP echo reply.
Tyrese, a cybersecurity analyst, is performing an audit of user accounts when he discovers a handful of accounts that do not appear to represent actual employees at his organization. As he continues to investigate, he finds that the accounts were created around four months ago and only connect to resources from outside the network. Which of the following might he have discovered? a. APT b. Zero day c. Ransomware d. DDoS
a. APT An advanced persistent threat is a type of attack where the attacker gains access to a system and then continues to maintain access while going undetected. Attackers may create more accounts as part of maintaining their access. Their goal is to pivot to other systems and gain as much access and information from the organization as possible.
Nephele is looking at the vulnerabilities found in her organization. She wants to figure out which ones must be present or addressed from the local network compared to the ones that must be addressed either from an adjacent network or other network. Which of the following metrics covers this information? a. Attack vector b. Attack complexity c. Scope d. User interaction
a. Attack vector The attack vector describes the type of network access necessary to exploit a vulnerability.
Nephele is looking at the vulnerabilities found in her organization. She wants to figure out which ones must be present or addressed from the local network compared to the ones that must be addressed either from an adjacent network or other network. Which of the following metrics covers this information? a. Attack vector b. User interaction c. Scope d. Attack complexity
a. Attack vector The attack vector describes the type of network access necessary to exploit a vulnerability.
Lillith has just been hired to head up an organization's new cybersecurity division. In the initial stages of forming the division, she needs to find a good way to respond to incidents. Which of the following might be the best option in the event that she discovers an extensive APT? a. Call an incident response provider. b. Delay a response until enough cybersecurity employees can be hired, as the attackers have already been present for some time. c. Quickly hire several new employees to address the issue. d. Respond to the APT by herself.
a. Call an incident response provider. An incident response provider is a third-party organization that provides assistance in responding to an incident. In this case, it would be the quickest response to an extensive APT.
A threat actor has decided to get revenge on a company that overcharged him for a product he says didn't work. Upon completing a scan of their public-facing network, he finds a list of the services running on the server and decides to look for vulnerabilities in each of the services. He gets a copy of one of the programs he detected, but needs to examine the source code to look for unknown vulnerabilities. Which of the following might allow him to see the source code behind the program? a. Decompiler b. Risk matrix c. Sandboxing d. Fingerprinting
a. Decompiler A decompiler creates source code from machine language.
Ulf has found malware on a couple of computers that has been making remote connections to named pipes. Which of the following is being exploited by this malware? a. C&C b. DLP c. SMB d. USB
c. SMB Server Message Block uses named pipes, or logical connections.
Samara needs to retrieve the private key from the key escrow service her company uses.Upon trying to retrieve the key, she is advised that at least two authorized personnel must request the key before it can be released. Which of the following has been implemented by the key escrow service? a. Dual control b. Succession planning c. Job rotation d. Separation of duties
a. Dual control Dual control requires two employees to complete a specified process separately and then provide their own separate authorizations or confirmations.
Terry and Alex have been hired as consultants to determine the security posture of an organization. They have written a custom tool that will crawl social media networks and other popular sites looking for certain pieces of valuable information they can use as part of an attack. Which of the following is this tool most likely used for? a. Email harvesting b. IP address harvesting c. DNS harvesting d. MAC address harvesting
a. Email harvesting Email harvesting is the process of collecting as many valid email addresses as possible by scraping data from social media and other websites where the information is freely posted.
Victoria, a cybersecurity analyst, has just disconnected a computer from the network after finding that it was infected with malware. Which of the following is the next task that she should attempt to perform with the system? a. Eradication b. Containment c. Patching d. Validation
a. Eradication After a computer system has been removed from an organization's network and contained, the next step is to attempt eradication, or elimination, of the infection from the system.
An automobile manufacturer has created a new application that needs to be accessible only by its authorized dealership franchisees. What type of configuration would best provide access to the dealerships while protecting it from unauthorized public access? a. Extranet b. DMZ c. Intranet d. Guest network
a. Extranet An extranet is a type of private network that can also be accessed by authorized external customers, partners, vendors, or franchisees.
A growing social media company has decided to expand its physical presence into Europe after seeing users start to sign up for its service. It collects a lot of information about users and needs to know what the requirements are to protect the users' data. Which of the following should the company look to for this information? a. GDPR b. PIPEDA c. GLBA d. EASR
a. GDPR The General Data Protection Regulation is a European Union regulation that defines how data is to be stored and protected. Companies that operate in the EU need to be familiar with this regulation.
The application development manager for an organization has suggested that the company hire a penetration tester to test a new application. The manager suggests that they give the penetration tester some information about the application, but not all of the details. Which of the following describes the type of testing the development manager is suggesting? a. Gray box b. Gray hat c. Gray scenario d. Gray team
a. Gray box Gray box testing is the middle ground between white box testing, where the tester is given complete information about a system, and black box testing, where the tester is given little to no information about a system.
The security administrator for a large organization wants to prevent customer service employees from being able to access control panels or command prompts. Which of the following could the security administrator implement in order to accomplish this goal? a. Group policy b. NAC c. Mandatory access control d. DAC
a. Group policy Group policies can be created for a single computer or user or for large groups of computers and users to determine what they are allowed to do within a company's network.
Tyrese has just been hired as a cybersecurity analyst at a major hospital in Colorado. Which of the following regulations might he need to be familiar with? a. HIPAA b. ICO c. PIPEDA d. CCPA
a. HIPAA The Health Insurance Portability and Accountability Act defines a number of requirements for healthcare providers in the United States.
Patrik, a cybersecurity analyst, has just discovered a computer system infected with malware that appears to communicate with a command and control server. He doesn't believe there will be any negative consequences to shutting down communications between the computer and the command and control server, so he decides to redirect the communications to a sinkhole. Which of the following containment methods did Patrik choose to employ? a. Isolation b. Segmentation c. Removal d. Reverse engineering
a. Isolation The isolation containment technique permits an infected device to continue functioning while directing all network communication to a sinkhole.
Nik, a cybersecurity analyst, has been asked to examine an employee's iPhone that is exhibiting strange behavior. After looking through the phone, he finds that the user apparently has been able to upload third-party apps that are not in the App Store. Which of the following has most likely occurred with this phone? a. Jailbreaking b. Raking c. Clapping d. Rooting
a. Jailbreaking Jailbreaking is the term for modifying an iPhone so it can load third-party apps that are not in the App Store.
Nik, a cybersecurity analyst, has been asked to examine an employee's iPhone that is exhibiting strange behavior. After looking through the phone, he finds that the user apparently has been able to upload third-party apps that are not in the App Store. Which of the following has most likely occurred with this phone? a. Jailbreaking b. Rooting c. Clapping d. Raking
a. Jailbreaking Jailbreaking is the term for modifying an iPhone so it can load third-party apps that are not in the App Store.
Nik, a cybersecurity analyst, has been asked to examine an employee's iPhone that is exhibiting strange behavior. After looking through the phone, he finds that the user apparently has been able to upload third-party apps that are not in the App Store. Which of the following has most likely occurred with this phone? a. Jailbreaking b. Rooting c. Raking d. Clapping
a. Jailbreaking Jailbreaking is the term for modifying an iPhone so it can load third-party apps that are not in the App Store.
Elon has created a project to review the vulnerabilities in his organization. As the project wraps up, which of the following should be created? a. Lessons learned report b. Incident summary report c. Change request d. Incident response plan
a. Lessons learned report A lessons learned report should be created at the end of projects to discuss what is being done correctly, what isn't being done correctly, and what needs to change.
Jupiter is a systems administrator for a growing company. Until recently, one web server has been enough to handle the traffic load for her organization. However, she knows that if something happens to this server, the website could go down for an undetermined amount of time. She is considering moving the website to a cloud configuration, but she knows that if the server failed in the cloud, it would be a single point of failure. Which of the following might she want to implement in addition to a secondary web server? a. Load balancer b. Bridge c. Switch d. Router
a. Load balancer To eliminate a web server as a single point of failure, Jupiter should also implement a load balancer. By using it in the cloud, the load balancer becomes a less likely single point of failure than if Jupiter used a hardware load balancer in her on-premises data center.
Gabe, a penetration tester, has gained physical access to a company's facilities and planted devices behind several printers that will send him copies of all documents sent to those printers. Which of the following has Gabe executed? a. MITM attack b. Replay attack c. XSRF d. XSS
a. MITM attack A man-in-the-middle attack actively intercepts or eavesdrops on communications. By planting a device behind printers, Gabe can capture the data going to the printer and send it outside of the network for later analysis.
Isla is an executive at a large corporation that is currently working on merging with another corporation. Final regulatory approval is still needed, but could be more than a year away. In the meantime, the two companies have created a business partnership agreement to start working on certain projects together. They have also created an agreement that is not legally binding to define each of their roles in a new project. Which of the following is most likely the agreement they created? a. MOU b. DRP c. OLA d. SLA
a. MOU A memorandum of understanding is an agreement between two or more parties that demonstrates a willingness to work together and describes what each of the parties will contribute to a project. It is not legally binding, but is more of a formal agreement outlining the contributions in writing.
A cybersecurity analyst is researching syslog for possible implementation at his organization. He is reading about the elements that syslog messages contain and sees the priority and header fields. Which of the following fields contains the contents of the messages? a. MSG b. VALUE c. CONTENT d. STAT
a. MSG The MSG field contains the contents of syslog messages.
Kallie, a cybersecurity analyst, has just returned from a cybersecurity conference where she learned about the Nessus vulnerability scanner. She wants to try it at her company, but her software budget has already been spent for the fiscal year. Which of the following versions should she consider installing? a. Nessus Essentials b. Nessus Manager c. Nessus Agent d. Nessus Basic
a. Nessus Essentials Nessus Essentials is the free version of Nessus that Kallie could install and try until her budget allows for this type of expense.
Jonquil, a cybersecurityanalyst, has been asked to implement a system that collects information for analysis about traffic flowing through the routers and switches on her company's network. Which of the following protocols should she considerto implement this type of setup? a. NetFlow b. Resource Monitor c. IDS d. SIEM
a. NetFlow NetFlow is a protocol developed by Cisco that is used to collect information about traffic flowing through devices on a network.
Umberto works for an organization that has created a policy prohibiting the use of open source software unless there is no alternative. He wants to sniff packets on the network, but most of the sniffer applications are open source. Which of the following software packages would adhere to the company's policy? a. Network General b. EtherApe c. Wireshark d. NetworkMiner
a. Network General Network General is a proprietary software application that performs packet capturing.
The CISO of a large organization, Mikael, has just returned from a security conference. At the conference, he learned about a vulnerability scanner that he would like to implement at his company. He likes the fact that the software published under the GNU GPL. Which of the following vulnerability scanners is he most likely considering? a. Nikto b. Nexpose c. Nessus d. Tenable
a. Nikto Nikto is an open source, web server vulnerability assessment tool released under the GNU GPL.
Dimitri wants to install Nessus on the systems within his network, but is concerned that Nessus may not be compatible with certain types of devices in his company. Which of the following is Nessus not compatible with? a. None of the above. It is compatible with all of these options. b. UNIX c. Linux d. macOS e. Windows
a. None of the above. It is compatible with all of these options. Nessus is compatible with all of the other choices listed.
An online retailer has just discovered a data breach of the system used to store all of the data for shipments of products, including tracking numbers, date shipped, customer names, and addresses. Which of the following has the company failed to protect? a. PII b. PCI c. PHI d. PRI
a. PII Customer names and addresses are considered forms of personally identifiable information.
Abdul has just discovered a successful brute force attack against one of the systems in his company's network that lasted for almost five months undetected. Which of the following might have prevented this attack from being successful? a. Password policy b. Data ownership policy c. Acceptable use policy d. Data classification policy
a. Password policy A good password policy requires users to change their passwords every 30 to 60 days. If the attacker was able to use a brute force attackon the password after five months, the user passwords most likely aren't changed very often.
Alika has just finished eradicating a piece of malware from a computer system. Which of the following might she do next as part of the validation process? a. Patching b. Reimaging c. Secure erase d. Reconstruction
a. Patching Patching is part of the validation process. Compromised systems that have had malware eradicated should be patched to attempt to prevent future infection.
Alaa wants to update her Nessus installation to ensure that she is scanning for all recently discovered vulnerabilities. Which of the following does she need to download? a. Plug-ins b. Modules c. Service packs d. Hotfixes
a. Plug-ins Plug-ins are used with Nessus to provide information about new vulnerabilities.
Hannah has just been hired to review a large organization's formal IT processes and procedures. She finds that the company's backup methods create unacceptable risks because of potential data loss in a disaster, such as a fire. She recommends backing up the company's data to the cloud instead of storing magnetic tapes onsite. Which of the following best describes Hannah's recommendations? a. Process retirement b. Non-repudiation c. Request for change d. Succession planning
a. Process retirement Process retirement is replacing a deficient process with a superior process. In this case, off-site backups to the cloud are superior to the current process of backing up to magnetic tapes that are stored on site.
Dharma manages a Linux server and wants to ensure that none of the users on the system have common passwords that would be in a standard password dictionary. Which of the following would best help accomplish her goal? a. Rainbow tables b. Chained credentials c. Password dictionary d. Crack list
a. Rainbow tables A rainbow table is a list of commonly used passwords along with the hash for the password that has already been computed. When she has the hash for a password, which Dharma should have access to, she can simply look up the row in the table where the hash is listed and retrieve the plain text equivalent.
Aurelia has just modified a module in one of her company's software applications to add a new feature. Which of the following should be done to ensure that the changes did not adversely affect any other areas of the application? a. Regression testing b. Application stress testing c. Static code analysis d. User acceptance testing
a. Regression testing Regression testing is an evaluation of software code to help ensure that changes to the code do not inadvertently create new flaws.
Nichole, a cybersecurity analyst, has received an alert about a potential ping flood on one of the company's Windows servers. She is able to connect to the server via an out-of-band management network. Which of the following native tools might help her verify what is occurring on the server at the moment? a. Resource Monitor b. Wireshark c. tcpdump d. Network General
a. Resource Monitor Resource Monitor is a tool built into Windows that allows the administrator to view disk, network, CPU, and memory usage. Ping floods are typically visible in Resource Monitor when you see a spike in network and CPU usage
Cyndi, a cybersecurity researcher, has been hired to comb through historical data at a large organization after an APT was discovered. She needs to determine the extent of the attack and be able to view various parts of the network's logs to give her the full context of what occurred. Which of the following might best describe the type of analysis she is performing? a. Retrospective network analysis b. Packet analysis c. Anomaly analysis d. Signature analysis
a. Retrospective network analysis Retrospective network analysis allows you to observe data breaches and attacks exactly as they occurred within the context of other network activity.
A security researcher has just purchased a new IoT door lock and wants to determine whether there are any vulnerabilities that the manufacturer may have missed. Which of the following might the researcher use to fully study this product? a. Reverse engineering b. Fingerprinting c. Operational control review d. Sandboxing
a. Reverse engineering Reverse engineering is the deconstruction of a device or program to reveal its underlying design or architecture.
Nikola is meeting with the executives of a large stock brokerage company. He knows that they have had a data breach recently and are extremely concerned about any further intrusions. This organization could be described as having an extremely low ________. a. Risk appetite b. Fault tolerance c. Vulnerability stamina d. Sensitivity level
a. Risk appetite An organization's risk appetite is their tolerance for exposure to a vulnerability. A large stock brokerage company that has recently suffered a data breach most likely has an extremely low tolerance for any sort of vulnerabilities that could put them at further risk for another breach or intrusion.
An outside consultant has been hired to perform a risk analysis for a company. As part of the report, he details the likelihood of certain events occurring as well as the impact they would have. Which of the following could he use to display this information in his report? a. Risk matrix b. Impact analysis c. Qualitative risk calculation d. Quantitative risk calculation
a. Risk matrix A risk matrix can display the results of qualitative, quantitative, and semi-quantitative risk calculations.
Dion is developing an application that will allow users to create their own passwords. He then needs to store that information in a database to be used when the user attempts to log in again. Which of the following provides the strongest option for Dion to accomplish this task? a. SHA-512 b. SHA-256 c. MD5 d. MD4
a. SHA-512 SHA-512 and SHA-256 are the strongest of these four choices; MD4 and MD5 should be considered too weak and vulnerable to use. The SHA-256 method creates a 256-bit hash, while SHA-512 creates a 512-bit hash. The longer the hash, or message digest, the stronger it is.
A system administrator is auditing the accounts on a Windows computer and sees the following output from a command issued at the CLI. Which of the following describes the string of characters beside each username? A system administrator is auditing the accounts on a Windows computer and sees the following output from a command issued at the CLI. Which of the following describes the string of characters beside each username? Administrator S-1-5-21-3108310220-2736563938-1271586134-500 David S-1-5-21-3108310220-2736563938-1271586134-1001 John S-1-5-21-3108310220-2736563938-1271586134-1002 Natalie S-1-5-21-3108310220-2736563938-1271586134-1003 Mark S-1-5-21-3108310220-2736563938-1271586134-1004 Guest S-1-5-21-3108310220-2736563938-1271586134-501 a. SID b. GID c. UID d. LDAPID
a. SID The security identifier is used to identify user accounts on a Windows system.
Samuel works for a telecommunications provider in the United States. Which of the following regulations might he need to be familiar with? a. Sarbanes-Oxley b. HIPAA c. PIPEDA d. GDPR
a. Sarbanes-Oxley The Sarbanes-Oxley Act defines regulations for financial reporting and auditing. This answer is the only one that would apply to a telecommunications provider in the United States.
Alois, a cybersecurity manager,has purchased a new vulnerability scanning tool on a trial basisto determine whether it would work for the organization's systems. She meets with her team to make the announcement and get input on which systems should be part of the first phase of the trial. Which of the following is she trying to determine? a. Scope b. Vulnerability feeds c. Workflow d. Sensitivity level
a. Scope The scope of a vulnerability scanner is a list of the target devices to be included in a vulnerability scan.
Annya, a cybersecurity analyst, has just pulled a failed hard drive out of a system. She cannot seem to get any applications to overwrite the blocks on the drive with random data. Which of the following methods should she use to ensure the data on the drive is safe from being recovered by unauthorized parties? a. Secure disposal b. Reconstruction c. Sanitization d. Reimaging
a. Secure disposal Secure disposal is the process of physically shearing or crushing a drive that cannot be overwritten in order to ensure the data on the drive will not fall into the wrong hands.
Falik has just returned from a cybersecurity conference where he learned about a UTM that provides some new features he would like to implement within his network. Which of the following best describes what he would like to implement? a. Security appliance b. Next-generation firewall c. SIEM d. Event logger
a. Security appliance A unified threat management device is a security appliance. It is a piece of hardware that may include features such as email spam filtering, malware protection, firewall capabilities, and more.
The security administrator is configuring a new technology that will analyze incoming traffic to determine whether it is malicious or an intrusion of any sort. If it is, the system will automatically create a rule to redirect traffic to another network where the traffic can be analyzed. Which of the following terms describes the technology that the security administrator has implemented? a. Sinkhole b. NIDS c. NIPS d. Honeypot
a. Sinkhole A sinkhole can be implemented to redirect malicious traffic to an alternate location for analysis rather than continue to let it hit the interface of a legitimate network.
Vince wants to configure a firewall on the perimeter of his organization's network to block all unsolicited incoming traffic. However, he still needs servers behind the firewall to be able to access the Internet for patching purposes. Which of the following types of firewalls might he decide to install? a. Stateful firewall b. Web application firewall c. Stateless firewall d. Portless firewall
a. Stateful firewall A stateful firewall determines if there is an existing connection before deciding whether to forward traffic. In this scenario, the server could reach out to the Internet for information, which would be allowed to come back because of the connection the server established.
Marilla is creating an application that will be installed on all client computers in her organization. Which of the following should be performed before the application is compiled and distributed? a. Static code analysis b. Historical analysis c. Web application vulnerability scanner d. Regression testing
a. Static code analysis Static code analysis is the close examination and testing of software before the source code is compiled.
A growing organization has recently created a policy that everyone in upper management must train each other in various aspects of their jobs.They must also train one of their direct reports to perform key parts of their jobs. The object is to establish continuity of the organization's operations if something catastrophic happens to a manager. Which of the following terms best describes the type of policy that has been implemented? a. Succession planning b. Job rotation c. Dual control d. Separation of duties
a. Succession planning Succession planning is the process of identifying and developing new leaders to replace leaders who leave the organization or encounter a circumstance that prevents them from fulfilling their job duties.
Suki wants to analyze all of the traffic being sent to and from a group of 10 computers that are all connected to the same networking device. He decides to install a sniffing device that will capture packets and then enable port mirroring on the networking device to send copies of the traffic to the sniffing device. Which of the following networking devices is he most likely using? a. Switch b. Router c. Bridge d. Load balancer
a. Switch Port mirroring is a feature of switches that you can configure to send copies of frames to a particular port for analysis. These frames are sent between devices on the network.
Suki wants to analyze all of the traffic being sent to and from a group of 10 computers that are all connected to the same networking device. He decides to install a sniffing device that will capture packets and then enable port mirroring on the networking device to send copies of the traffic to the sniffing device. Which of the following networking devices is he most likely using? a. Switch b. Router c. Load balancer d. Bridge
a. Switch Port mirroring is a feature of switches that you can configure to send copies of frames to a particular port for analysis. These frames are sent between devices on the network.
Ines is reviewing the network traffic logs and sees what appears to be beaconing. Which of the following best describes the traffic she has noticed? a. The traffic is most likely being sent to a command and control server. b. Beacons are another name for DNS queries, which is a normal type of traffic on the network. c. The traffic is most likely internal communications between malware-infected computers. d. This is normal network traffic that is sent between routers and switches on the network.
a. The traffic is most likely being sent to a command and control server. Beaconing describes malware-infected devices checking in with a command and control server to determine whether there is anything they need to do.
Sarita is a network engineer for a growing organization. Her company plans to open branch offices and connect them in a secure manner to the headquarters building via the Internet. Which of the following should Sarita implement? a. VPN b. ICS c. Load balancer d. SCADA
a. VPN A site-to-site virtual private network creates an encrypted tunnel through a public network to connect two networks.
Maya has just been hired as the first cybersecurity engineer at a growing company in an effort to focus more resources on hardening the company's infrastructure. Which of the following might she use to identify applications that users log into with unencrypted passwords? a. Wireshark b. Cain & Abel c. John the Ripper d. dd
a. Wireshark Wireshark is a packet capture tool. When passwords are sent in plain text, they are visible in the output in Wireshark.
Janos works for a large regional hospital system. The system has data retention policies that have necessitated the backup of certain types of information. As such, he decides that in addition to the standard daily and weekly backups, he would like to create a byte-by-byte copy of data on a particular server's drive to be stored off-site. Which of the following tools might help him perform this action? a. dd b. Zap c. dig d. tcpdump
a. dd The dd command can be used to create a byte-by-byte copy of a hard drive.
Malik has received a call from an employee about suspicious activity on her computer. He's not sure if it's being controlled remotely or if any other remote network connections are contributing to this issue. Which of the following tools might he initially use as part of his investigation? a. netstat b. traceroute c. ping d. nslookup
a. netstat The netstat command can be used to show current network connections on a computer. From there, Malik can look up information on the IP addresses to determine where the traffic is coming from.
Hwan, a network administrator, has just overheard a cybersecurity analyst at his company talking about a DDoS attack. He wants to ensure that he notifies the appropriate parties if this type of attack does take place. Which of the following symptoms might indicate a potential DDoS attack? a. HTTP packets being sent once per minute to the same destination IP address from an internal host b. A large constant spike in bandwidth consumption c. The discovery of several unknown services running on a couple of the servers d. A consistent stream of packets from one client to another that just recently started
b. A large constant spike in bandwidth consumption A large constant spike in bandwidth consumption is one of the signs of a distributed denial-of-service attack.
Cece, a penetration tester, has been hired by a company to attempt to breach the company's systems and gain access to whatever she can, just as if she were a real threat actor. Which of the following might be one of the initial tests that she performs? a. A push-based vulnerability scan b. A non-credentialed vulnerability scan c. A credentialed vulnerability scan d. An agent-based vulnerability scan
b. A non-credentialed vulnerability scan In the beginning stages of a penetration test, the tester doesn't have access to any systems, as this is the discovery phase. Thus, a non-credentialed scan is the best answer for this scenario.
A security engineer has found that an industrial control system used in one of his company's manufacturing plants has a vulnerability that could halt production in the entire plant if exploited. The ICS doesn't need to be accessible from the Internet—it should only be accessed from the control room located within the same building. Which of the following could be implemented as the most effective way to prevent this system from being discovered and exploited? a. Secure admin workstation b. Air gapping c. Next-generation firewall d. Proxy server
b. Air gapping Air gapping refers to physically disconnecting two networks so that it is impossible to communicate between them. In this case, the industrial control system should not be physically connected to any other network within the plant that connects to the Internet.
Ramon has been hired as a consultant for a large corporation to validate its existing security controls. Which of the following would most likely be one of the first pieces of data he requests? a. Operational-level agreement b. Asset inventory c. Risk matrix d. Service-level agreement
b. Asset inventory An asset inventory will allow Ramon to ensure that all of the systems within the company's infrastructure have been sufficiently secured.
Ramon has been hired as a consultant for a large corporation to validate its existing security controls. Which of the following would most likely be one of the first pieces of data he requests? a. Service-level agreement b. Asset inventory c. Risk matrix d. Operational-level agreement
b. Asset inventory An asset inventory will allow Ramon to ensure that all of the systems within the company's infrastructure have been sufficiently secured.
Gabriel is trying to understand the metrics behind the scores that Nessus uses. He asks you which of the metrics is based on the attacker having to gather more information about the target before the vulnerability can be exploited. Which of the following identifies the metric he described? a. Attack vector b. Attack complexity c. Privileges required d. Scope
b. Attack complexity The attack complexity metric describes the conditions beyond the threat actor's control that must exist in order to exploit the vulnerability.These conditions require the threat actor to gather more information about the target.
Gabriel is trying to understand the metrics behind the scores that Nessus uses. He asks you which of the metrics is based on the attacker having to gather more information about the target before the vulnerability can be exploited. Which of the following identifies the metric he described? a. Scope b. Attack complexity c. Attack vector d. Privileges required
b. Attack complexity The attack complexity metric describes the conditions beyond the threat actor's control that must exist in order to exploit the vulnerability.These conditions require the threat actor to gather more information about the target.
Nephele is looking at the vulnerabilities found in her organization. She wants to figure out which ones must be present or addressed from the local network compared to the ones that must be addressed either from an adjacent network or other network. Which of the following metrics covers this information? a. Attack complexity b. Attack vector c. Scope d. User interaction
b. Attack vector The attack vector describes the type of network access necessary to exploit a vulnerability.
Nephele is looking at the vulnerabilities found in her organization. She wants to figure out which ones must be present or addressed from the local network compared to the ones that must be addressed either from an adjacent network or other network. Which of the following metrics covers this information? a. Attack complexity b. Attack vector c. User interaction d. Scope
b. Attack vector The attack vector describes the type of network access necessary to exploit a vulnerability.
Tina wants to determine the fault toleranceof the servers in her data center, and is reviewing the previous 24 months of logs using an analysis tool. Which of the following types of analysis is Tina most likely performing? a. Behavioral analysis b. Availability analysis c. Anomaly analysis d. Conditional analysis
b. Availability analysis Availability analysis is a data correlation analysis that examines whether a network device or service is properly functioning to provide resources to users. In this case, even if a component fails, Tina wants to determine whether the systems are fault tolerant and thus still available to users.
Piet is analyzing the report generated by a Nessus scan and sees two types of scores in the Risk Information section. One of the scores represents the intrinsic qualities of the vulnerability when it was first discovered. Which of the following scores represents these intrinsic qualities? a. CVSS environmental score b. CVSS base score c. CVSS temporal score d. CVSS original score
b. CVSS base score The CVSS base score represents the intrinsic qualities of the vulnerability when it was first discovered.
Piet is analyzing the report generated by a Nessus scan and sees two types of scores in the Risk Information section. One of the scores represents the intrinsic qualities of the vulnerability when it was first discovered. Which of the following scores represents these intrinsic qualities? a. CVSS temporal score b. CVSS base score c. CVSS original score d. CVSS environmental score
b. CVSS base score The CVSS base score represents the intrinsic qualities of the vulnerability when it was first discovered.
Victoria, a cybersecurity analyst, has discovered a vulnerability within several servers that requires a configuration modification. However, company policies dictate that she needs to get approval first to make this modification. Which of the following processes does the company most likely have in place? a. Modification restriction b. Change control c. Configuration control d. Regression testing
b. Change control Change control is a methodology for making modifications to a system and keeping track of them. There is typically a change control board or change advisory board that will review proposed changes and either approve or deny them.
Petronilla, a cybersecurity researcher, has just received a call from a client who reports that someone has redirected multiple A record entries on their recursive server to an incorrect IP address. Which of the following has occurred? a. Authoritative DNS modification b. DNS poisoning c. DNS manipulation d. ARP manipulation
b. DNS poisoning A recursive DNS server is a caching name server that acts as a middleman so that DNS queries by local users don't need to go all the way to the authoritative name server to resolve, as long as the cached entry is still valid. If a threat actor is able to manipulate the data in that cache, it is known as DNS poisoning.
Kevin is working the after-hours shift in the NOC and receives an alert that there has been a potential intrusion into one of the servers. He pulls out the incident response plan and sees that the first step is to notify the on-call manager. Where might he find that information? a. Crime tape b. Escalation list c. Incident form d. Chain of custody
b. Escalation list The escalation list should contain the phone numbers of people who need to be called after an incident that requires notification.
A security engineer has been brought onto a project for a new system containing several critical files that should never change. However, the team needs to be able to know if a file does change. Which of the following solutions would the security engineer most likely recommend? a. White box b. Fingerprinting c. Scoping d. Sandboxing
b. Fingerprinting Fingerprinting can be used to take a signature, or digital representation, of a file. Over time, more fingerprints can be taken, which should all be the same. If a fingerprint is ever different, it can be determined that the file has changed.
Octavius has developed a new application and wants to ensure that there are no issues with memory corruption or program crashes as a result of certain types of input being sent to the application. Which of the following might he use to meet this goal? a. Input validation b. Fuzzing c. Regression testing d. Application stress testing
b. Fuzzing Fuzzing provides random input to a program in an attempt to trigger exceptions, such as memory corruption, program crashes, or security breaches.
A group of doctor's offices have decided to merge into one organization. As part of the migration, the cybersecurity team is responsible for determining how systems from the different offices will be able to share information with each other until they can be formally combined into a single system. Which of the following does the cybersecurity team need to keep in mind throughout the merger as they perform the necessary tasks of combining systems that are specific to the medical field? a. PCI DSS b. HIPAA c. FISMA d. MOMA
b. HIPAA The Health Insurance Portability and Accountability Act details the protections necessary to ensure that personally identifiable information is safeguarded.
A company with operations in Europe has just experienced a breach of its customer data. Which of the following does the company need to notify under European Union regulations? a. FBI b. ICO c. HHS d. GDPR
b. ICO The company needs to notify the EU's Information Commissioner's Office if employee or customer data has been breached.
Amadeus is composing a new web application that his organization will make available to the general public. The site will offer users the ability to sign up for accounts and interact with certain functions of the application. Which of the following should he ensure is done as part of the sign-up process? a. Static code analysis b. Input validation c. Automated reporting d. Fuzzing
b. Input validation When users sign up for new accounts, they need to enter various pieces of information about themselves, such as an email address and a password. Most likely, this information will be stored in a database, which means that any input should be validated to ensure that a threat actor is not attempting an SQL injection attack or another form of malicious attack against the application.Amadeus should ensure that an input validation function is included in the application's code before deployment.
Jupiter is a systems administrator for a growing company. Until recently, one web server has been enough to handle the traffic load for her organization. However, she knows that if something happens to this server, the website could go down for an undetermined amount of time. She is considering moving the website to a cloud configuration, but she knows that if the server failed in the cloud, it would be a single point of failure. Which of the following might she want to implement in addition to a secondary web server? a. Switch b. Load balancer c. Bridge d. Router
b. Load balancer To eliminate a web server as a single point of failure, Jupiter should also implement a load balancer. By using it in the cloud, the load balancer becomes a less likely single point of failure than if Jupiter used a hardware load balancer in her on-premises data center.
Tyrese, a system administrator, is responsible for the Windows Server infrastructure at his organization. He has discovered that when it comes time to upgrade some of the servers from Windows Server 2012 R2, they will no longer be able to use the built-in vulnerability scanner. Which of the following is the vulnerability scanner that Tyrese had read about? a. WVSS b. MBSA c. VSS d. WSUS
b. MBSA The Microsoft Baseline Security Analyzer has been discontinued and version 2.3 has not been updated to support Windows 10 and Windows Server 2016.
Peter has just been hired as a network engineer and has recently been examining the company's core router configuration. He notices that the current configuration would allow an incoming packet from the Internet to have a source IP address within the 10.0.0.0/8, 172.16.0.0/12, or 192.168.0.0/16 address space. Which of the following should Peter do? a. Nothing. The router configuration is correct. b. Modify the ACL on the router to prevent the traffic from transferring to the internal network from the Internet for those addresses. c. Create a rule on the switches that connect to the router to discard any traffic with those addresses in the source IP field. d. Replace the router with a stateless firewall.
b. Modify the ACL on the router to prevent the traffic from transferring to the internal network from the Internet for those addresses. The access control list on the router can work like a firewall, allowing or disallowing certain types of traffic based upon source or destination IP addresses. Anytime traffic is coming in from the Internet, it should have a public IP address as the source IP address.
Simone, a cybersecurity researcher, has just finished the analysis and documentation of a new vulnerability she discovered in a widely used product. In addition to contacting the manufacturer of the software, she also believes it is necessary to make a plug-in available so common vulnerability scanners can pick up the vulnerability in their scans. Which of the following would be helpful for her to know in order to meet this goal? a. ACL b. NASL c. NIDS d. TLS
b. NASL The Nessus Attack Scripting Language is used to create plug-ins that help vulnerability scanners detect vulnerabilities.
Simone, a cybersecurity researcher, has just finished the analysis and documentation of a new vulnerability she discovered in a widely used product. In addition to contacting the manufacturer of the software, she also believes it is necessary to make a plug-in available so common vulnerability scanners can pick up the vulnerability in their scans. Which of the following would be helpful for her to know in order to meet this goal? a. ACL b. NASL c. TLS d. NIDS
b. NASL The Nessus Attack Scripting Language is used to create plug-ins that help vulnerability scanners detect vulnerabilities.
Kallie, a cybersecurity analyst, has just returned from a cybersecurity conference where she learned about the Nessus vulnerability scanner. She wants to try it at her company, but her software budget has already been spent for the fiscal year. Which of the following versions should she consider installing? a. Nessus Basic b. Nessus Essentials c. Nessus Agent d. Nessus Manager
b. Nessus Essentials Nessus Essentials is the free version of Nessus that Kallie could install and try until her budget allows for this type of expense.
Valeria, a cybersecurity manager, wants to start using a vulnerability scanner at the large global organization where she works. Which of the following might be the best fit for this organization? a. Nessus Global b. Nessus Manager c. Nessus Essentials d. Nessus Professional
b. Nessus Manager Nessus Manager is an enterprise-based package for managing numerous Nessus agents.
A security researcher purchases a discounted open-box item from a local electronics retailer, hoping to learn more about the device. After turning it on and launching the configuration application, he notices that several features appear to be missing, while other features are there that he hadn't heard about. Which of the following would best allow the researcher to verify whether this device has potentially been tampered with? a. Operational control review b. OEM documentation c. White box testing d. Trusted foundry
b. OEM documentation OEM documentation comes from the original equipment manufacturer and can be used to help verify the authenticity of hardware.
A Silicon Valley startup has begun attracting users in Canada. Which of the following regulations should its legal department study to ensure that the company is abiding by any applicable laws? a. COPPA b. PIPEDA c. GDPR d. CCPA
b. PIPEDA The Personal Information Protection and Electronic Documents Act is the only Canadian regulation in the list of answer choices.
David, an IT manager, has just returned from a security conference where he was discussing the capabilities of a vendor's products. The vendor explained that their system relied on an agent that is installed on systems within an organization in order for it to work. Which of the following is most likely the type of product offered by this vendor? a. Pull-based vulnerability scanner b. Push-based vulnerability scanner c. Slide-based vulnerability scanner d. Flip-based vulnerability scanner
b. Push-based vulnerability scanner A push-based scanner is also known as an agent-based scanner. These systems rely on agents, or software, to be installed on systems that then send information back to a manager.
Franco, a cybersecurity analyst, has just received a report that a piece of malware has been detected on a user's system. The user downloaded a solitaire game that had pictures of cats on the back of the cards, and he just couldn't resist. After examining the computer and network traffic, Franco finds that the game has been allowing an intruder to connect to the computer and execute commands on the system as well as send files to a remote server. Which of the following has Franco found? a. Trojan b. RAT c. Ransomware d. Worm
b. RAT A remote access Trojan appears to be a legitimate application, but it may allow a remote attacker to gain access to resources in the infected system.
A system administrator has just been hired at a company that has been experiencing rapid growth in its second year of operation. When the company began, users were simply given permissions for the files or directories to which they needed access by the owners of the files and directories. Which of the following should the system administrator recommend to accommodate this new growth? a. NAC b. RBAC c. DAC d. TACACS
b. RBAC Role-based access control is used to simplify the administration of a network and reduce the amount of management necessary to maintain the network. Users are assigned to groups based upon their roles within the organization and then the group is assigned permissions to objects.
A solutions architect is designing a new application and the server requirements to support the application. She has specified that the application should be run on a Linux server and that it needs to use the mandatory access control model. Which of the following should be enabled to implement MAC? a. secACL b. SELinux c. manACL d. enforce
b. SELinux SELinux is a security feature in the Linux kernel that is an implementation of the mandatory access control model.
Alois, a cybersecurity manager,has purchased a new vulnerability scanning tool on a trial basisto determine whether it would work for the organization's systems. She meets with her team to make the announcement and get input on which systems should be part of the first phase of the trial. Which of the following is she trying to determine? a. Workflow b. Scope c. Vulnerability feeds d. Sensitivity level
b. Scope The scope of a vulnerability scanner is a list of the target devices to be included in a vulnerability scan.
Faranoush is examining the CVSS Base Score Exploitability Metrics to better understand the information she sees in her report. Which of the following reflects the ability of a vulnerability in one software component to impact other resources? a. User interaction b. Scope c. Attack vector d. Attack complexity
b. Scope The scope reflects the ability of the vulnerability in one software component to impact other resources.
Jan has just finished upgrading the physical and administrative controls in his organization and is about to start planning the upgrade of logical controls. Which of the following is not a manufacturer to consider when looking at options for new firewalls? a. Checkpoint b. Seagate c. Cisco d. Palo Alto
b. Seagate Seagate makes hard drives and storage solutions. They do not have a firewall product.
Lakia has been hired as a penetration tester for a large organization. She finds that one of the branch offices is still running WEP and quickly cracks the key to gain access to the network. As she is capturing network packets while sitting in the company's parking lot, she sees a couple of tokens that users send to an HTTP-based website to log in. Which of the following types of attacks might she be able to perform with this information? a. XSS b. Session hijacking c. Rootkit attack d. XSRF
b. Session hijacking Session hijacking is an attack in which a threat actor attempts to impersonate a user by using his session token.
A network administrator has just configured 802.1x for the wired network within her company's building. She has already configured the switches to verify credentials of the computers that request permission to connect. Which of the following does she need to configure on the client devices? a. Authenticator b. Supplicant c. Resource d. Registrant
b. Supplicant A supplicant is typically a software application on a device that requests permission from an authenticator to join the network.
Carl is a new cybersecurity analyst. His manager has just asked him to implement a vulnerability scanner that uses the CVSS. Which of the following best describes why he would want to use it? a. The cybersecurity virtual scanning software will help protect the company's virtual machine infrastructure from attacks specific to virtualized and hypervisor-based technologies. b. The Common Vulnerability Scoring System will allow the organization to prioritize which vulnerabilities it should mitigate first or implement compensating controls for. c. The central vulnerability scanning service will allow the company to easily automate scans from a centralized system rather than have to install components on individual servers and systems. d. The computerized vector scanning system will determine which attack vectors are most vulnerable to the threat of malicious threat actors who can exploit weaknesses in the company's infrastructure.
b. The Common Vulnerability Scoring System will allow the organization to prioritize which vulnerabilities it should mitigate first or implement compensating controls for. The Common Vulnerability Scoring System is used by vulnerability scanning software applications to allow administrators to rank discovered vulnerabilities according to their impact and severity.
Talia has just been hired as the first security employee at an organization. Until this point, security has been everyone's responsibility, but she knows that the IT staff have different skill sets and may not be aware of certain weaknesses within various platforms. Which of the following tools might Talia use to help her determine the state of the existing infrastructure? a. NIDS b. Vulnerability scanner c. syslog d. OS fingerprinting
b. Vulnerability scanner A vulnerability scanner is a generic term for a range of products that look for different vulnerabilities, or weaknesses, within networks or systems. A comprehensive scan of the network and systems would be a good starting point before suggesting or implementing any new technologies or changes.
The development manager wants to verify that a new application her team developed has been fully hardened. Which of the following might ensure that every part of the application has been tested? a. Blue box testing b. White box testing c. Gray box testing d. Black box testing
b. White box testing In white box testing, all information about an application or system is given to the tester so that every part of it can be thoroughly examined and tested.
Rudyard has heard rumors that an employee has set up an FTP server at his house. The server issaid to be running on port 80, as ports 20 and 21 are blocked on the company's firewall. He knows that the firewall doesn't perform any sort of packet inspection to ensure that only HTTP traffic is being transmitted. Which of the following tools might he use in conjunction with port mirroring on the switch to monitor the user's traffic and search for signs of FTP traffic being sent on port 80? a. Peach Fuzzer b. Wireshark c. Metasploit d. Check Point
b. Wireshark Wireshark is a packet sniffer that can capture the packets being transmitted across a network. Rudyard could set up port mirroring on a switch to copy all traffic from the user's switch port to a system running Wireshark so that the traffic can be analyzed for improper usage.
Marco has been hired as a penetration tester by a large organization. He has managed to exploit a vulnerability in the perimeter firewall. Which of the following tools might help him discover what other resources exist within the organization's network? a. traceroute b. nslookup c. netstat d. Untidy
b. nslookup The nslookup command is available across a variety of platforms to query DNS servers for records that contain name-to-IP address mappings.
Which of the following tools most likely generated the following output? 1 216.182.226.94 (216.182.226.94) 12.594 ms 216.182.226.146 (216.182.226.146) 15.121 ms 216.182.226.134 (216.182.226.134) 21.772 ms 2 100.66.8.14 (100.66.8.14) 21.115 ms 100.66.32.216 (100.66.32.216) 5.539 ms 100.66.8.248 (100.66.8.248) 20.062 ms 3 100.66.34.250 (100.66.34.250) 11.830 ms 100.66.11.164 (100.66.11.164) 15.988 ms 100.66.11.204 (100.66.11.204) 17.247 ms 4 100.66.7.189 (100.66.7.189) 16.971 ms 100.66.7.149 (100.66.7.149) 22.494 ms 100.66.6.81 (100.66.6.81) 16.582 ms 5 100.66.5.191 (100.66.5.191) 12.744 ms 100.66.5.41 (100.66.5.41) 16.752 ms 100.66.5.23 (100.66.5.23) 21.620 ms 6 100.65.15.193 (100.65.15.193) 0.876 ms 100.65.13.97 (100.65.13.97) 0.322 ms 100.66.5.71 (100.66.5.71) 15.611 ms 7 52.93.28.253 (52.93.28.253) 0.357 ms 52.93.28.243 (52.93.28.243) 0.497 ms 52.93.29.3 (52.93.29.3) 0.500 ms 8 100.100.2.32 (100.100.2.32) 3.957 ms 100.100.2.40 (100.100.2.40) 0.398 ms 100.100.2.32 (100.100.2.32) 0.664 ms 9 99.82.181.25 (99.82.181.25) 0.977 ms 100.100.2.44 (100.100.2.44) 0.705 ms 99.82.181.25 (99.82.181.25) 0.802 ms 10 * * * 11 * 216.239.58.30 (216.239.58.30) 0.718 ms 108.170.228.150 (108.170.228.150) 1.135 ms 12 74.125.37.221 (74.125.37.221) 1.445 ms 108.170.246.49 (108.170.246.49) 1.304 ms 108.170.246.66 (108.170.246.66) 1.546 ms 13 iad30s24-in-f14.1e100.net (172.217.164.142) 0.899 ms 216.239.63.235 (216.239.63.235) 2.164 ms 2.005 ms a. nmap b. traceroute c. ping d. netstat
b. traceroute The traceroute command is used on Linux, UNIX, Mac, Cisco, and other devices to show the hops, or routers, that a network transmission is sent across. In this scenario, a traceroute was performed from a virtual machine residing on Amazon Web Services to google.com.
Craig has been asked to implement the ISO standards for cybersecurity in his organization. Which of the following families of standards should he become familiar with? a. 22000 b. 20000 c. 27000 d. 9000
c. 27000 The ISO 27000 family of standards deals with information security.
Monica wants to implement more security around the login function that her company's website uses to allow customers to interact with the organization. One of the tasks on her to-do list is to prevent brute force attacks. Which of the following might help Monica achieve this goal? a. Analyze the type of device the user is attempting to log in from. b. Analyze the geolocation where the user is logging in. c. Analyze the frequency of attempted logins. d. Analyze the source IP address of the user attempting to log in and ensure that it matches the normal IP address the user logs in from.
c. Analyze the frequency of attempted logins. By analyzing the frequency of attempted logins, Monica might be able to detect whether a brute force attack is being performed by a password cracking program.
Which of the following is not one of the purposes of establishing a communication process and plan? a. Use a secure method of communication. b. Prevent inadvertent release of information. c. Be completely transparent with the public. d. Limit communication to trusted parties.
c. Be completely transparent with the public. While complete transparency sounds like a lofty goal, there are certain things that should be kept private within the organization or perhaps between the organization and law enforcement.
Uziahhas received an alert from a network monitoring system that it has detected a client on the network sending an HTTPS packet once per minute for the past six hours to an external IP address. Which of the following has the system most likely detected? a. Port scanning b. Snitching c. Beaconing d. Ping sweep
c. Beaconing Beaconing occurs when a client on the network sends packets to a command and control server at regular intervals over commonly used ports (such as HTTP or HTTPS) to determine whether there are any new tasks for it to perform.
Jaden has received an alert from a system that has identified potential malware on itself. Upon looking through the log files, he sees a list of error messages where an executable tried to write data to a range of memory addresses that did not exist for the system. Which of the following has most likely occurred? a. Space overflow b. Decimal overflow c. Buffer overflow d. Integer overflow
c. Buffer overflow A buffer overflow occurs when a process tries to write data to a memory address range to which it is not supposed to write or to a range that does not exist.
Victoria, a cybersecurity analyst, has discovered a vulnerability within several servers that requires a configuration modification. However, company policies dictate that she needs to get approval first to make this modification. Which of the following processes does the company most likely have in place? a. Regression testing b. Configuration control c. Change control d. Modification restriction
c. Change control Change control is a methodology for making modifications to a system and keeping track of them. There is typically a change control board or change advisory board that will review proposed changes and either approve or deny them.
Kiah, a cybersecurity analyst for the government, is setting up a new Linux server and needs to configure the data classification labels to be used for the new application. Which of the following are valid labels for U.S. government systems? a. Classified, secret, top secret b. Sensitive but unclassified, classified, secret c. Confidential, secret, top secret d. Public, secret, top secret
c. Confidential, secret, top secret The common data classification levels for government systems are unclassified, sensitive but unclassified, confidential, secret, and top secret.
Petronilla, a cybersecurity researcher, has just received a call from a client who reports that someone has redirected multiple A record entries on their recursive server to an incorrect IP address. Which of the following has occurred? a. DNS manipulation b. Authoritative DNS modification c. DNS poisoning d. ARP manipulation
c. DNS poisoning A recursive DNS server is a caching name server that acts as a middleman so that DNS queries by local users don't need to go all the way to the authoritative name server to resolve, as long as the cached entry is still valid. If a threat actor is able to manipulate the data in that cache, it is known as DNS poisoning.
Uma wants to figure out how to detect any rogue access points that might be installed around her company's offices. Which of the following might she choose to implement? a. Waypoint b. RF scanner c. Dedicated probe d. RFID antenna
c. Dedicated probe Dedicated probes can be installed to exclusively monitor the RF airspace for transmissions. They could then alert Uma to any new SSIDs being detected.
Van has been tasked with designing a fault-tolerant system for a critical application. Which of the following is the biggest concern about the design of this system? a. Data integrity b. System process criticality c. Downtime d. Recovery time
c. Downtime Fault-tolerant systems are built with enough redundancy to continue operating even if a component of the system fails. Downtime is the biggest concern in these systems; failing over to alternative hardware or systems should be transparent to the user so that no downtime is ever noticed.
Cosmo is reviewing a recent Nessus scan report and sees a number of items that have recently had compensating controls implemented for them. Which of the following terms might describe these items in the report? a. Uncaught exception b. Unvoided transaction c. False positive d. Error handling
c. False positive Some may consider these items to be false positives; they should not be an issue because compensating controls have been implemented.
Calliope is a forensics detective with a law enforcement agency. She discovers that an attacker who has just been caught was using a dead-drop method of controlling the bots in a botnet. Which of the following might have been a clue that the attacker was using this method? a. Reading log files that contained constant encrypted communications from the attacker's IP address to some of the identified bots b. Finding a directional antenna and Wi-Fi setup that allowed the bot herder to beam communications directly to the target computers c. Finding an e-mail account with multiple saved drafts that were never sent but contained instructions the bots were to follow d. Finding devices that the attacker had hidden on multiple victims' company networks
c. Finding an e-mail account with multiple saved drafts that were never sent but contained instructions the bots were to follow Dead drops are a method of exchanging information;it is planted in a secret location by one party to be picked up by a second party.
Kendra has a very limited budget, but has three critical servers that she needs to secure against data breaches within her company's infrastructure. She knows that she won't be able to protect the entire network, but she has started searching for a solution to secure the most critical assets. Which of the following options would she most likely choose? a. UTM appliance b. Proxy server c. HIPS d. NIPS
c. HIPS A host intrusion prevention system is installed on individual hosts to detect an intrusion, log the event, alert administrators, and attempt to stop the intrusion. It is the only host-based solution described in the answer choices.
Tabitha has just contracted with a large company to perform a penetration test against it. Which of the following might help her with part of the reconnaissance process? a. Audit b. Evaluation c. Impersonation d. Assessment
c. Impersonation Tabitha can pretend to be a vendor over the phone or can take on a variety of roles—utility technician, custodian, delivery person, etc.—to physically gain access to the company's facilities and get a peek at the types of technologies they may be using. She may also be able to plant devices that can report back to her with more information.
Jared has created a field in the database that acts as the backend for an application he has written.The field has been configured to store an 8-bit unsigned number. The field where the user enters information has only been configured to accept numbers, but Jared apparently forgot to add logic to ensure that the user could not enter numbers greater than 255. Which of the following could occur as a result of this oversight? a. Buffer overflow b. Decimal overflow c. Integer overflow d. Space overflow
c. Integer overflow If a user tried to store the number 256, it would require 9 bits, which would be an integer overflow. Any numbers larger than 255 would require a minimum of 9 bits in binary form.
Nik, a cybersecurity analyst, has been asked to examine an employee's iPhone that is exhibiting strange behavior. After looking through the phone, he finds that the user apparently has been able to upload third-party apps that are not in the App Store. Which of the following has most likely occurred with this phone? a. Raking b. Rooting c. Jailbreaking d. Clapping
c. Jailbreaking Jailbreaking is the term for modifying an iPhone so it can load third-party apps that are not in the App Store.
A solutions architect has designed a new web-based application that will be hosted on a cloud service provider. The web server will be publicly accessible, and the database server it uses will be located in a private subnet that is only accessible from the subnet where the public-facing web server is located. The database server will not be accessible directly from the Internet. Which of the following might the solutions architect implement in order to manage and maintain the database server? a. DMZ b. NAC c. Jump box d. 802.1Q
c. Jump box A jump box would be placed within the DMZ where the web server is located in order to provide a connection to the private subnet where the database server is located.
Jupiter is a systems administrator for a growing company. Until recently, one web server has been enough to handle the traffic load for her organization. However, she knows that if something happens to this server, the website could go down for an undetermined amount of time. She is considering moving the website to a cloud configuration, but she knows that if the server failed in the cloud, it would be a single point of failure. Which of the following might she want to implement in addition to a secondary web server? a. Switch b. Router c. Load balancer d. Bridge
c. Load balancer To eliminate a web server as a single point of failure, Jupiter should also implement a load balancer. By using it in the cloud, the load balancer becomes a less likely single point of failure than if Jupiter used a hardware load balancer in her on-premises data center.
Tyrese, a system administrator, is responsible for the Windows Server infrastructure at his organization. He has discovered that when it comes time to upgrade some of the servers from Windows Server 2012 R2, they will no longer be able to use the built-in vulnerability scanner. Which of the following is the vulnerability scanner that Tyrese had read about? a. VSS b. WSUS c. MBSA d. WVSS
c. MBSA The Microsoft Baseline Security Analyzer has been discontinued and version 2.3 has not been updated to support Windows 10 and Windows Server 2016.
Cheyenne is concerned about a recent news story that global data breaches are on the rise. She believes that she has installed the latest detection software on all of the servers she is responsible for, but she knows that security requires a layered approach. Which of the following might she also decide to implement? a. HIPS b. Spam filter c. NIPS d. Proxy server
c. NIPS A network intrusion prevention system provides protection from data breaches at the network level. A NIPS looks at traffic before it gets to the hosts rather than examining it once the data arrives.
Kallie, a cybersecurity analyst, has just returned from a cybersecurity conference where she learned about the Nessus vulnerability scanner. She wants to try it at her company, but her software budget has already been spent for the fiscal year. Which of the following versions should she consider installing? a. Nessus Basic b. Nessus Manager c. Nessus Essentials d. Nessus Agent
c. Nessus Essentials Nessus Essentials is the free version of Nessus that Kallie could install and try until her budget allows for this type of expense.
Tara has just discovered the John the Ripper tool on a workstation on her company's network, which is a direct violation of an existing policy that defines what users are allowed and not allowed to do on the network. She believes that if other instances of this tool are installed, the current policy protecting against attacks from such tools needs to be strengthened properly. Which of the following policies might she choose to update as a result? a. Account management policy b. AUP c. Password policy d. Data retention policy
c. Password policy Tara may decide to strengthen the company's password policy to make sure that passwords are as complex as possible.The revised policy should protect against any more instances of a password cracking tool that may be installed on a system within her organization.
Bartolo sees a notification from a security device on the perimeter of the network that ICMP echo requests have been received for the entire range of IP addresses on the external subnet. Which of the following has been detected? a. Port scan b. Hyperthreading c. Ping sweep d. Dedicated probe
c. Ping sweep In a ping sweep, ICMP echo requests are sent to a range of IP addresses in an attempt to discover which hosts may be online and active.
Alaa wants to update her Nessus installation to ensure that she is scanning for all recently discovered vulnerabilities. Which of the following does she need to download? a. Hotfixes b. Modules c. Plug-ins d. Service packs
c. Plug-ins Plug-ins are used with Nessus to provide information about new vulnerabilities.
Barry has just installed Wireshark on a computer in his organization to analyze network traffic. Which of the following will he also most likely need in order to make this configuration work? a. Trunk port b. Portfast c. Port mirroring d. BPDU guard
c. Port mirroring Most organizations have replaced hubs with switches. In a switch, the incoming frames are analyzed to discover the destination MAC address and then they are forwarded only to the port where that device is located. In order for other packets to reach the computer running Wireshark, the switch will need to be configured with port mirroring to send a copy of the traffic to the computer's switchport.
David, an IT manager, has just returned from a security conference where he was discussing the capabilities of a vendor's products. The vendor explained that their system relied on an agent that is installed on systems within an organization in order for it to work. Which of the following is most likely the type of product offered by this vendor? a. Flip-based vulnerability scanner b. Slide-based vulnerability scanner c. Push-based vulnerability scanner d. Pull-based vulnerability scanner
c. Push-based vulnerability scanner A push-based scanner is also known as an agent-based scanner. These systems rely on agents, or software, to be installed on systems that then send information back to a manager.
Amir has just received a user's computer that was found to have a malware infection. He has sanitized the hard drive but doesn't have a snapshot from which he can restore. Which of the following techniques might he choose to make the system functional again? a. Segmentation technique b. Schneier technique c. Reconstruction d. Reimaging
c. Reconstruction Reconstruction is the restoration of a hard drive by installing the operating system, application programs, and data files.
Penetration testers have made their way past a company's firewall by exploiting an unpatched vulnerability. They perform a quick ping sweep followed by a port scan so they can determine which services and operating systems may be in the company's environment. An hour into the breach, they get disconnected, and it appears that all of their traffic is being directed to another location when they try to reconnect. Which of the following roles did the penetration tester play in this exercise? a. Blue team b. White team c. Red team d. Green team
c. Red team The red team is the offensive team in a penetration testing exercise.
Nikola is meeting with the executives of a large stock brokerage company. He knows that they have had a data breach recently and are extremely concerned about any further intrusions. This organization could be described as having an extremely low ________. a. Vulnerability stamina b. Fault tolerance c. Risk appetite d. Sensitivity level
c. Risk appetite An organization's risk appetite is their tolerance for exposure to a vulnerability. A large stock brokerage company that has recently suffered a data breach most likely has an extremely low tolerance for any sort of vulnerabilities that could put them at further risk for another breach or intrusion.
The CISO for an organization has called penetration testers that she met at an information security conference a few months ago. The penetration testers come to the office for a meeting and describe the process of how the test would proceed. The testers explain that before they can get started, they need written authorization from the company. Which of the following would outline the authorization, scope, and timing necessary for the penetration testers to begin? a. NDA b. Risk matrix c. Rules for engagement d. SLA
c. Rules for engagement Rules for engagement outline the scope, authorization, and timing necessary for a penetration tester to begin the task of attacking a company's network. Without this authorization, the penetration tester should never begin attacking a network or system.
Clifford, a cybersecurity analyst, has been tasked with implementing a method of automating vulnerability management at his organization. Which of the following is the most likely solution that Clifford would choose to implement? a. SCP b. PAM c. SCAP d. AVMP
c. SCAP The Security Content Automation Protocol is an open standard that enables an automated vulnerability management, measurement, and policy compliance evaluation.
Tamara is a systems administrator for a company that wants to move some of their applications to a cloud service provider. Tamara needs to ensure that data won't be lost and that the systems will maintain 99.999% uptime. Which of the following should Tamara review from the CSPs her company is considering? a. MOUs b. OLAs c. SLAs d. Change control documentation
c. SLAs Service-level agreements define the level of service that a service provider guarantees. Because Tamara is looking for guarantees of availability and durability, she would need to look in the SLAs for the cloud service providers.
Ramon, a cybersecurity analyst, is aware of the regulatory requirements that his organization must meet. He needs to make sure that best practices are meeting the goals of these regulatory requirements. Which of the following might he decide to employ as part of a vulnerability scan? a. CVSS temporal scoring b. Plug-ins c. Scanning template d. CVSS base scoring
c. Scanning template Scanning templates can be used to perform scans that look for specific widespread vulnerabilities or that meet certain regulatory requirements.
Faranoush is examining the CVSS Base Score Exploitability Metrics to better understand the information she sees in her report. Which of the following reflects the ability of a vulnerability in one software component to impact other resources? a. Attack complexity b. User interaction c. Scope d. Attack vector
c. Scope The scope reflects the ability of the vulnerability in one software component to impact other resources.
Jorge is analyzing the event logs on a server and sees that someone attempted to log into a user account twice with the incorrect password before logging in successfully. In which of the following general types of logs were these events most likely captured? a. Authentication b. System c. Security d. Application
c. Security Security logs are specifically logged by the operating system; they include login failures.
Tonia has just completed an audit of the accounts payable system and discovered what appears to be the embezzlement of funds by a clerk.The clerk was able to create entries of payments to be made and was also allowed to approve the payments. Which of the following might have prevented this situation from occurring and should be implemented immediately? a. Dual control b. Succession planning c. Separation of duties d. Cross-training
c. Separation of duties Separation of duties would mean that one person is responsible for creating entries of payments to be made and someone else is responsible for approving payments.
Carl is a new cybersecurity analyst. His manager has just asked him to implement a vulnerability scanner that uses the CVSS. Which of the following best describes why he would want to use it? a. The computerized vector scanning system will determine which attack vectors are most vulnerable to the threat of malicious threat actors who can exploit weaknesses in the company's infrastructure. b. The cybersecurity virtual scanning software will help protect the company's virtual machine infrastructure from attacks specific to virtualized and hypervisor-based technologies. c. The Common Vulnerability Scoring System will allow the organization to prioritize which vulnerabilities it should mitigate first or implement compensating controls for. d. The central vulnerability scanning service will allow the company to easily automate scans from a centralized system rather than have to install components on individual servers and systems.
c. The Common Vulnerability Scoring System will allow the organization to prioritize which vulnerabilities it should mitigate first or implement compensating controls for. The Common Vulnerability Scoring System is used by vulnerability scanning software applications to allow administrators to rank discovered vulnerabilities according to their impact and severity.
Albrecht has noticed a number of clients on the network attempting to contact the same external IP address at a constant rate of once every five minutes over the past 72 hours. Which of the following might be the cause of his concern? a. The computers may have formed a distributed computing configuration that allows them to work as a single command and control system. b. The computers are performing a port scan against a victim computer. c. The computers may be infected with malware that has made them part of a botnet. d. The computers are currently taking part in a DDoS attack against the destination IP address.
c. The computers may be infected with malware that has made them part of a botnet. Computers that communicate with a command and control server are commonly known as bots or zombies. A collection of bots communicating with the same command and control server and under the control of the same person or group is known as a botnet.
Which of the following would be the result of a user with the IP address of 10.15.30.45 attempting to access a website located at 10.20.30.40 if a router or firewall is located between the two subnets using the extended ACL below? 10 PERMIT IP ANY ANY 20 PERMIT TCP 10.15.30.0 0.0.0.255 10.20.30.0 0.0.0.255 eq 25 20 PERMIT TCP 10.15.30.0 0.0.0.255 10.20.30.0 0.0.0.255 eq 143 30 DENY IP 10.15.30.0 0.0.0.255 10.20.30.0 0.0.0.255 eq 80 40 DENY IP 10.15.30.0 0.0.0.255 10.20.30.0 0.0.0.255 eq 443 a. The user would be able to access the HTTP version of the website, but not HTTPS. b. The user would be able to access the HTTPS version of the website, but not HTTP. c. The user would be able to access the website successfully. d. The user would be able to access email, but not the website.
c. The user would be able to access the website successfully. Remember that rules are evaluated in order. Once a rule is matched, the router or firewall doesn't need to go any further, so it stops evaluating the rules. Because the first rule is to permit traffic from any source to any destination, all traffic will match this rule, so the rest of the rules are irrelevant.
A systems administrator works for the U.S. Department of Defense (DoD). She is building out infrastructure to host a new application. Which of the following might she need to reference before ordering any of the hardware to ensure that the hardware and vendor are approved? a. OEM documentation b. Vendor framework c. Trusted foundry d. Qualitative risk database
c. Trusted foundry Trusted foundry is a program implemented by the DoD to identify trusted vendors and a trusted supply chain.
Takara is building a digital forensics workstation. She needs the ability to connect to PATA and SATA devices for forensic analysis. Which of the following tools might best fit her needs? a. Multiport hub b. Firewire hard drive controller c. Universal hard drive adapter kit d. Write blocker
c. Universal hard drive adapter kit A universal hard drive adapter kit usually has connections for at least PATA and SATA hard drive connectors.
Phillida, a cybersecurity analyst, is comparing vulnerability scanning products for potential use in her organization. She reads that Nessus uses a combination of machine learning and threat intelligence to produce which of the following? a. VCR b. VSP c. VPR d. VPC
c. VPR Nessus uses a combination of machine learning and threat intelligence to produce a vulnerability priority rating.
Lida has discovered several unauthorized applications on a number of computer systems within her company. Which of the following would have best prevented this scenario from occurring? a. Greenlist b. Graylist c. Whitelist d. Blacklist
c. Whitelist A whitelist is a list of applications that are approved for users to install. It is stricter than a blacklist, which cannot list all unapproved applications due to the large volume of applications available to download from the Internet.
A threat actor has gone to a local coffee shop and opened a program that can analyze traffic being sent and received on the network. He finds that someone on the network is sending emails using SMTP without encryption, and he can see the contents of the emails. Which of the following programs is he most likely using? a. Nessus b. netstat c. Wireshark d. dig
c. Wireshark Wireshark is a packet analysis tool that allows a user to see the traffic being sent and received on a network. If the traffic is unencrypted, the user can see the contents of the packets as well.
Boris, a cybersecurity analyst, has just received a client's hard drive that needs a forensic analysis. He needs to ensure that the data on the drive maintains its integrity and that no unallocated blocks are changed so he can attempt to undelete files on the drive. Which of the following tools would be most useful as part of his analysis? a. Tamper-evident tape b. Universal hard drive adapter kit c. Write blocker d. Multiport hub
c. Write blocker A write blocker would help Boris meet his goal of ensuring no data is written to currently unallocated blocks.
Bettye manages a server for which a major vulnerability was recently reported in one of the services that her company uses. However, a patch is not currently available to fix the vulnerability, so she needs to ensure that the firewall and other protections in place will prevent a threat actor from exploiting the vulnerability. Which of the following describes the type of vulnerability on the server she manages? a. APT b. DDoS c. Zero day d. Ransomware
c. Zero day A zero day vulnerability is any recently discovered vulnerability for which no patch is available yet.
Tito has logged into a Linux server that has just had a secondary NIC installed. Which of the following commands would he use as part of the next steps to connect the server to an out-of-band management network? a. niconfig b. top c. ifconfig d. ipconfig
c. ifconfig The ifconfig command is used in Linux to display or change the interface configuration. On some newer distributions of Linux, the ifconfig command has been replaced by the ip command, though the older ifconfig command can still be installed via the net-tools package.
Tobias has just installed Linux on a virtual machine in his company's data center. However, he isn't sure whether the image he installed from automatically has an SMTP server running. Which of the following tools might he use to verify whether an SMTP server package is running? a. NIDS b. Vulnerability scanner c. nmap d. nslookup
c. nmap The nmap program can perform a port scan on a host or multiple hosts by using the FQDN, IP address, or IP address range. The port scan should return information about the logical ports that are responding to network requests.
The IT management team at an organization has just created a new policy that requires guests to be given authentication credentials through a sponsoring process in order to join the wireless network. Which of the following is most likely to be chosen as the solution to implement this new policy? a. Configure 802.3a for the wireless network backed by XTACACS. b. Authenticate all wireless network users by using 802.3at backed by TACACS+. c. Require the use of 802.3af across the entire wireless network. d. Authenticate all wireless network users by using 802.1x backed by a RADIUS server.
d. Authenticate all wireless network users by using 802.1x backed by a RADIUS server. The IEEE 802.1x standard can be used to authenticate users on a wired or wireless network. The RADIUS protocol is commonly used for communication between the access point in a wireless network and the server that contains the user credentials.
A telecommunications company has split its security team into two teams. One of them is responsible for attacking the company's infrastructure while the other should do everything they can to stop the attack. The management team will coordinate activities with both teams and ensure that there are no ill-timed attacks from outside that are not caught. Which of the following describes the defending team? a. White team b. Gray team c. Red team d. Blue team
d. Blue team The blue team is the defensive team in a penetration test exercise.
Ananada is sitting on a train and overhears someone on his phone bragging that he has a massive network of computers at his fingertips that have been compromised with some form of malware. He tells the person on the other end of the call that they can have all these computers attack a target in unison. Which of the following terms might describe the person whose conversation she overheard? a. Shepherd b. Zombie c. Alien wrangler d. Bot herder
d. Bot herder A bot herder controls the bots, or zombies, that make up a botnet.
Phaedra, a cybersecurity analyst, has discovered a number of computers within her company's network that are regularly sending packets to an external IP address for no legitimate reason. Which of the following is the most likely cause of this scenario? a. Alien colony b. Telnet relay c. Zombie herd d. Botnet
d. Botnet A computer that is most likely communicating with a command and control server is known as a bot or zombie. A collection of these computers is known as a botnet.
Sakura, a cybersecurity analyst, is implementing SCAP for her organization. She wants to implement best practices for the configuration of settings on various computer systems. Which of the following might she use to meet her goal? a. CVE b. CWE c. CPE d. CCE
d. CCE Common Configuration Enumeration includes entries that specify preferred or required settings or policies for computer systems.
Sakura, a cybersecurity analyst, is implementing SCAP for her organization. She wants to implement best practices for the configuration of settings on various computer systems. Which of the following might she use to meet her goal? a. CWE b. CVE c. CPE d. CCE
d. CCE Common Configuration Enumeration includes entries that specify preferred or required settings or policies for computer systems.
Piet is analyzing the report generated by a Nessus scan and sees two types of scores in the Risk Information section. One of the scores represents the intrinsic qualities of the vulnerability when it was first discovered. Which of the following scores represents these intrinsic qualities? a. CVSS temporal score b. CVSS environmental score c. CVSS original score d. CVSS base score
d. CVSS base score The CVSS base score represents the intrinsic qualities of the vulnerability when it was first discovered.
Alisi, a cybersecurity manager, has found that a former employee was engaging in illegal activities online;she must report these activities to local law enforcement authorities. She locks the employee's computer in a closet to which only she and two of her peers have access. Which of the following should be created as part of the documentation for this incident? a. PHI tracker b. Incident response plan c. PII form d. Chain of custody
d. Chain of custody A chain of custody tracking document should be created to keep track of the people who have had access to certain items, such as pieces of evidence that may end up being used in court at trial.
Belvais performing an audit of the e-mail server when she discovers that one of the accounts is sending a lot of e-mails all day that contain attachments. After a bit more research, she finds that the attachments contain extensive proprietary and confidential information. Which of the following should she consider implementing to prevent a reoccurrence? a. Access point probe b. Buffer filtering c. PoS d. DLP
d. DLP A data loss prevention system can be used to detect certain types of confidential information that a user or piece of malware may be attempting to exfiltrate from the organization to an external destination.
Phil wants to determine whether the new email filter on the company's mail server has been effective in reducing the number of malware instances detected on user computers. Which of the following is the best answer to describe what he should use for his analysis? a. Data aggregation b. Intrusion detection system c. Trend analysis d. Data correlation
d. Data correlation Data correlation is a relationship between data elements. In this scenario, Phil wants to determine if the number of emails caught by the new filtering software has an inverse correlation to the number of malware instances detected on employee computers.
Penelope has just been hired as a cybersecurity manager for an organization. She has done an initial analysis of the organization's policies and sees there is no document outlining the duties and responsibilities of data custodians. Which of the following policies might she consider creating? a. Data retention policy b. Data protection policy c. Data classification policy d. Data ownership policy
d. Data ownership policy A data ownership policy defines the duties of a data custodian and a data owner for protecting data.
Morwenna wants to install Nessus for a trial run on her company's infrastructure. Which of the following is the default method of installation? a. SFTP b. FTPS c. SCP d. HTTPS
d. HTTPS HTTPS is the default method for the installation of Nessus.
A system administrator is looking for solutions to distract any intrudersthat make it past the company's perimeter protections. This would give the security team more time to respond. Which of the following might the system administrator choose to deploy to meet this goal? a. VLAN b. NIDS c. ACLs d. Honeynet
d. Honeynet A honeynet is a collection of honeypots that is designed to act as a decoy. The decoys look like legitimate systems with vulnerabilities so that the attacker is tempted to spend time attempting to exploit those vulnerabilities rather than try to exploit the legitimate systems.
Dahlia has just been hired as a new cybersecurity manager at an organization. Up until now, the organization has not had any formal procedures in place to handle events such as malware or data breaches. Dahlia would like to ensure that everyone follows the same procedures when responding to these events. Which of the following should she create? a. DRP b. IP c. CDP d. IRP
d. IRP An incident response plan is good to have in place to ensure that everyone is following the same best practices in handling incidents.
Jim wants to implement an active vulnerability scanner within his company. He is trying to determine the scope of systems to be scanned. Which of the following might he choose to exempt from active vulnerability scanning? a. Linux servers b. Distribution routers c. Windows servers d. Industrial control systems
d. Industrial control systems Industrial control systems may have certain services or functions that do not respond well to active vulnerability scanning and may be excluded from the scope of an organization's vulnerability scanning plans.
Jupiter is a systems administrator for a growing company. Until recently, one web server has been enough to handle the traffic load for her organization. However, she knows that if something happens to this server, the website could go down for an undetermined amount of time. She is considering moving the website to a cloud configuration, but she knows that if the server failed in the cloud, it would be a single point of failure. Which of the following might she want to implement in addition to a secondary web server? a. Router b. Bridge c. Switch d. Load balancer
d. Load balancer To eliminate a web server as a single point of failure, Jupiter should also implement a load balancer. By using it in the cloud, the load balancer becomes a less likely single point of failure than if Jupiter used a hardware load balancer in her on-premises data center.
A user is trying to log into a system and receives the error message below. Which of the following types of access control is the organization most likely using? Error: You are not allowed to access this resource. Your access: Confidential. Required: Secret. All attempts to access this resource are logged.Please contact the administrator if you believe this message to be in error. a. ABAC b. DAC c. RuBAC d. MAC
d. MAC Mandatory access control uses labels such as confidential, secret, or top secretto classify data. Users who want to access a resource must have the appropriate level of clearance or access.
Marcus, a cybersecurity manager, wants to perform random audits on user systems. He knows that a complete audit of one system could take an entire day or more. Which of the following might he implement to allow him to accomplish these random audits? a. SIEM b. Separation of duties c. Succession planning d. Mandatory vacation
d. Mandatory vacation Mandatory vacation usually starts with someone from the cybersecurity staff coming to an employee's desk along with a Human Resources rep or a security guard to tell the employee that it's her turn for mandatory vacation. Typically, the employee will only be allowed to contact one or two designated people within the organization while on mandatory vacation. This allows the security team full access to the employee's computer without concern that the employee may try to tamper with any evidence or their findings.
A security specialist has been hired to find ways to harden an organization's infrastructure. One of the organization's concerns is that if someone gained physical access to the building, there are no detective controls installed. Which of the following might the company choose to implement to correct the security specialist's concerns? a. Bollards b. K-Rated Fencing c. Firewall d. Motion sensors
d. Motion sensors Motion sensors are detective controls that are able to detect motion in an area and alert the proper personnel that there has been an intrusion.
Loide is a cybersecurity analyst and is looking for a vulnerability scanner that will pull updates from a web-based feed so that it constantly has the latest information about new vulnerabilities as they're discovered. Which of the following might be a good source of data for the scanner? a. OSCVD b. NVLM c. NVCDB d. NVD
d. NVD The National Vulnerability Database, maintained by NIST, is a commonly used vulnerability feed for vulnerability scanning software.
Ilya is having an audit performed by a third-party consultant to find vulnerabilities in his organization. As part of the audit, several tools have been brought in to detect weaknesses in the organization's infrastructure. Which of the following vulnerability scanners might be used to perform this task? a. Burp Suite b. nmap c. Cellebrite d. Nessus
d. Nessus Nessus is a popular vulnerability scanner that the third-party auditor might use to find vulnerabilities on the network.
Valeria, a cybersecurity manager, wants to start using a vulnerability scanner at the large global organization where she works. Which of the following might be the best fit for this organization? a. Nessus Essentials b. Nessus Global c. Nessus Professional d. Nessus Manager
d. Nessus Manager Nessus Manager is an enterprise-based package for managing numerous Nessus agents.
The CISO of a large organization, Mikael, has just returned from a security conference. At the conference, he learned about a vulnerability scanner that he would like to implement at his company. He likes the fact that the software published under the GNU GPL. Which of the following vulnerability scanners is he most likely considering? a. Nessus b. Nexpose c. Tenable d. Nikto
d. Nikto Nikto is an open source, web server vulnerability assessment tool released under the GNU GPL.
Morena wants to use Wireshark to analyze the types of traffic being sent across her company's network. Which of the following types of analysis does she want to perform? a. Protocol analysis b. Wireless analysis c. Traffic analysis d. Packet analysis
d. Packet analysis Wireshark is an application used to analyze the contents of packets on a network; this is known as packet analysis.
Louise has been asked to provide a report to management that contains a list of insecure traffic types coming into the company's network from the Internet. Which of the following tools might she use to collect this information? a. netstat b. nslookup c. nmap d. Packet analyzer
d. Packet analyzer A packet analyzer, such as Wireshark, can be used to capture and log traffic moving across a network for further analysis and aggregation. In this case, a filter can be applied to look for any HTTP, FTP, Telnet, or other packets where insecure protocols are in use.
Louise has been asked to provide a report to management that contains a list of insecure traffic types coming into the company's network from the Internet. Which of the following tools might she use to collect this information? a. nmap b. netstat c. nslookup d. Packet analyzer
d. Packet analyzer A packet analyzer, such as Wireshark, can be used to capture and log traffic moving across a network for further analysis and aggregation. In this case, a filter can be applied to look for any HTTP, FTP, Telnet, or other packets where insecure protocols are in use.
Dharma has just been hired to create the new cybersecurity team in a growing organization. Which of the following might be one of the first things she does? a. Implement compensating controls. b. Implement new physical controls. c. Create a new data ownership policy. d. Perform an audit.
d. Perform an audit. An audit is an evaluation by an external third party that examines the security of an organization.Because Dharma is heading up the creation of the cybersecurity team, it is a good idea to inventory and document everything that is currently in place before making any changes.
Ian, a cybersecurity analyst, wants to use a system to identify when employees are using Telnet on the network by examining only the headers of packets as they traverse the network. Which of the following might he decide to implement to meet this goal? a. Packet analysis b. Traffic analysis c. Wireless analysis d. Protocol analysis
d. Protocol analysis Protocol analysis only examines the headers of packets to determine the protocol in use
Franco, a cybersecurity analyst, has just received a report that a piece of malware has been detected on a user's system. The user downloaded a solitaire game that had pictures of cats on the back of the cards, and he just couldn't resist. After examining the computer and network traffic, Franco finds that the game has been allowing an intruder to connect to the computer and execute commands on the system as well as send files to a remote server. Which of the following has Franco found? a. Worm b. Ransomware c. Trojan d. RAT
d. RAT A remote access Trojan appears to be a legitimate application, but it may allow a remote attacker to gain access to resources in the infected system.
Moira has discovered a compromised computer on her organization's network that is communicating with a command and control server. She believes that cutting off the connection to the command and control server may completely destroy the system. Which of the following containment techniques might she choose to use? (Choose two.) a. Renovation b. Isolation c. Removal d. Reverse engineering e. Segmentation
d. Reverse engineering e. Segmentation The reverse engineering containment technique permits an infected device to talk to a command and control server with filtered communication while the malware is closely examined through reverse engineering. Segmentation is a containment technique that permits an infected device to transmit back to a command and control server, but filters the communication.
Clifford, a cybersecurity analyst, has been tasked with implementing a method of automating vulnerability management at his organization. Which of the following is the most likely solution that Clifford would choose to implement? a. PAM b. SCP c. AVMP d. SCAP
d. SCAP The Security Content Automation Protocol is an open standard that enables an automated vulnerability management, measurement, and policy compliance evaluation.
A security researcher has just been sent a set of files from zero-day malware for analysis. The researcher is concerned about damage to hardware, as the hardware budget for the current fiscal year has been exhausted. Which of the following should the security researcher implement? a. Trusted foundry b. Fingerprinting c. Decomposition d. Sandboxing
d. Sandboxing Sandboxing is a method of isolating malware from interacting with a computer operating system, hardware, and files.
Ramon, a cybersecurity analyst, is aware of the regulatory requirements that his organization must meet. He needs to make sure that best practices are meeting the goals of these regulatory requirements. Which of the following might he decide to employ as part of a vulnerability scan? a. CVSS base scoring b. Plug-ins c. CVSS temporal scoring d. Scanning template
d. Scanning template Scanning templates can be used to perform scans that look for specific widespread vulnerabilities or that meet certain regulatory requirements.
Paris is designing the logical configuration for the company's new headquarters building. He knows that several departments, including Human Resources and the research and development group, should not be able to communicate with each other. Which of the following should he include as part of the network design requirements? a. ICS b. Automated reporting systems c. Obfuscation d. Subnetting
d. Subnetting Subnetting is a method of subdividing a larger network into smaller subnetworks that will not be able to communicate without a specifically configured route between them.
Raja wants to require network administrators to log into the company's Cisco routers and switches. Which of the following is the most likely choice to implement for this configuration? a. XTACACS b. Diameter c. RADIUS d. TACACS+
d. TACACS+ TACACS+ is a protocol developed by Cisco that can provide the authentication functions Raja wants to implement.
A large international corporation has hired a penetration tester to determine the extent to which their infrastructure is vulnerable to attacks. In which of the following areas must this company put the most effort and thought, compared with smaller companies? a. Authorization b. Communication c. Exploitation d. Timing
d. Timing An international organization with users in time zones across the world must put extensive thought and effort into coordinating a penetration test.Testing must coincide with times that will not make individual systems unusable for company employees.
Sarita is a network engineer for a growing organization. Her company plans to open branch offices and connect them in a secure manner to the headquarters building via the Internet. Which of the following should Sarita implement? a. SCADA b. ICS c. Load balancer d. VPN
d. VPN A site-to-site virtual private network creates an encrypted tunnel through a public network to connect two networks.
Phillida, a cybersecurity analyst, is comparing vulnerability scanning products for potential use in her organization. She reads that Nessus uses a combination of machine learning and threat intelligence to produce which of the following? a. VCR b. VPC c. VSP d. VPR
d. VPR Nessus uses a combination of machine learning and threat intelligence to produce a vulnerability priority rating.
Talera believes an evil twin might be planted somewhere around her company's office. Which of the following is the best method of finding where it might be located? a. Packet analysis b. Traffic analysis c. Protocol analysis d. Wireless analysis
d. Wireless analysis Wireless analysis can be used to identify the signal strength of wireless access points, which will help locate an evil twin.
Kevin must manually review the events that occur on a number of network devices to determine whether systems are running normally. He discovers that systems are available that can act as a centralized repository and perform much of the analysis for him. Which of the following might be used to collect events in a centralized location for analysis? a. Phishing b. netstat c. DNS harvesting d. syslog
d. syslog Syslog is a universal standard for system messages. Events from a number of systems can be combined into a single repository for analysis and correlation.