IT FINAL REVIEW
The risk of DDoS attacks, SQL injection attacks, phishing, etc., is classified under which threat category?
Technical
What type of attack occurs when the threat actor snoops and intercepts the digital data transmitted by the computer and resends that data, impersonating the user?
Replay
In a security review meeting, you are asked to calculate the single loss expectancy (SLE) of an enterprise building worth $100,000,000, 75% of which is likely to be destroyed by a flood. Flood insurance data suggest that a severe flood is likely to occur once every 100 years. Which formula should you use to calculate the SLE?
100,000,000 * 0.75
Which of the following statements correctly describes the disadvantage of a hardware-based keylogger?
A hardware-based keylogger must be physically installed and removed without detection.
Which of the following best describes an acceptable use policy?
A policy that defines the actions users may perform while accessing systems and networking equipment
You want to examine every future login attempt made on the enterprise devices. Which of the following windows group policy settings should you enable to make sure every login attempt is logged?
Account audits
You are asked to construct a server cluster to provide resilience to the webserver hosted by your enterprise. Which of the following clustering systems should you implement to ensure the standby server only works when the other server fails?
Asymmetric
Which of the following types of malware allows the attacker to launch attacks from the infected computer to other computers?
Bot
Japan's cybercrime control center noticed that around 200,000 Tokyo computers are infected by bots, and all these bots are remotely controlled by a single attacker. What is this attacker referred to as?
Bot herder
Which of the following documents provide alternative modes of operation for interrupted business activities?
Business continuity plan
Which of the following is an example of a request forgery malware?
CRSF
While Andel is logging into his email through a browser, the login window disappears. Andel attempts to log in again and is successful. Days later, he goes to log into his email, and his attempt fails. He receives a message indicating that his username and/or password are invalid. What is Andel likely a victim of?
CSRF
Shanise is an IT security professional for a large private bank. She got an alert that the bank website received a funds transfer request that was correctly credentialed but flagged as being out of the account owner's usual pattern. If the alert is correct, what type of attack has likely occurred?
CSRF attack
"Computer workstations must be locked when the workspace is unoccupied and turned off at the end of the business day." "Laptops must be either locked with a locking cable or locked in a drawer or filing cabinet." Which policy includes these directives?
Clean desk space
Which of the following is NOT a part of business continuity planning?
Contingency actions
In an interview, you are asked to differentiate between data protection and data privacy. How should you differentiate between data protection and data privacy?
Data protection involves securing data against unauthorized access, while data privacy is concerned with authorized data access.
When your enterprise's collected data information life cycle ended, you were asked to destroy the data stored on magnetic storage devices. Which of the following techniques should you use to destroy the data?
Degauss the data
Which of the following is NOT a method for destroying data stored on paper media?
Degaussing
What should be done when the information life cycle of the data collected by an organization ends?
Destroy the data
Which of the following types of risk control occurs during an attack?
Detective control
Which control discourages security violations before their occurrence?
Deterrent control
Why is maintaining a hot recovery site is important for e-commerce businesses?
E-commerce businesses cannot risk significant downtime.
You are a security administrator asked to restrict employees in your organization from accessing their social media accounts at their workplace. Which of the following mobile device location-based policies should you use to accomplish this?
Geofencing
Your enterprise's employees prefer a kinesthetic learning style for increasing their security awareness. How should you train them?
Give employees a hands-on experience of various security constraints
Which cloud app security features check the last login's location and current login attempts to restrict login if found suspicious?
Impossible travel
Which of the following describes a memory leak attack?
In a memory leak attack, the threat actor takes advantage of the programming error of not freeing the memory after executing a process, taking advantage of the device's low memory conditions to attack.
In a security review meeting, you are asked to implement a detective control to ensure enhanced security during an attack. Which of the following actions should you take?
Install motion detection sensors in strategic areas
In an interview, you are asked to explain how gamification contributes to enterprise security. How should you reply?
Instructional gaming can train employees on the details of different security risks while keeping them engaged.
Which of the following policies restrict employees from being in a position to manipulate security configurations by limiting the time they spend with control of those configurations?
Job rotation
Kate decides to download an extension to her favorite browser to quickly store links on her spreadsheet software. While downloading the software, she ignores the opt-out check box that allows the extension to download a search toolbar. What has occurred here?
Kate has installed a potentially unwanted program (PUP).
Kia recently noticed that when she browses her favorite online shopping site, she is immediately redirected to a competitor's site. What is happening here, and what is the best option for Kia to fix this situation?
Kia must uninstall the toolbar software and the accompanying components she has recent installed on her browser.
Terrence, an executive VP of IT at Sigma Bank, noticed that yesterday, there was a major attack on several thousands of bank employees' computers located at geographically different locations where files and data from the computers got deleted. It was also noticed that several confidential files containing customer data were deleted from the bank's server in multiple locations, and the CEO's emails were deleted from the mail server. Since the bank was compliant with cybersecurity measures, Terrence suspects an internal hand in this activity. While going through the records of all employees working in the IT security of the bank, both past and present, he notices that there is an employee, Chris, who has enough experience to launch this attack, was unhappy with his annual review last year, and had left the bank three months ago.If Terrence were able to single Chris out as the one responsible for the attack, what kind of an attack would this be?
Logic bomb
Several quantitative tools like mean time between failure (MTBF), mean time to recovery (MTTR), mean time to failure (MTTF), and failure in time (FIT) can be used to predict the likelihood of the risk. Which of these tools perform similar functions?
MTBF and FIT
Which of the following is a subset of artificial intelligence?
Machine learning
Which of the following can be done to obfuscate sensitive data?
Masking
Which of the following types of risk would organizations being impacted by another organization's vulnerabilities be classified as?
Multiparty risk
You are assigned to install multiple physical paths between devices and the SAN so that an interruption in one path will not affect communication. Which of the following techniques should you implement to manage the risk of interruption?
Multipath
Dave is preparing a COOP for his company. In it, he included how and where employees and resources will be relocated in case of a natural disaster, how data will be recovered in case a terrorist attack shuts down public networks, and how the company's critical services and processes will be affected by an IT system failure. Did Dave compile the COOP correctly?
No. Dave's COOP plan should not include how critical services and processes will be affected by an IT system failure.
Which of the following is an agreement that ensures an employee does not misuse enterprise data?
Nondisclosure agreement
Which of the following policies propose using non-disclosure agreements (NDA)?
Onboarding and offboarding
What is the power supply device that can ensure a correct and constant power level is delivered to a server?
Online UPS
How do phishing simulations contribute to enterprise security?
Phishing simulations train employees on how to recognize phishing attacks.
After reviewing the data collection procedures in your organization, a court ordered you to issue a document that specifies how the organization uses the collected personal information. This document must be displayed to the user before allowing them to share personal data. Which of the following documents should you prepare?
Privacy notice
What do servers connected in a cluster use to communicate with each other?
Private cluster connection
Which of the following methods can be used to destroy data on paper?
Pulping
Which of the following is a form of malware attack that uses specialized communication protocols?
RAT
What does ransomware do to an endpoint device?
Ransomware attacks the endpoint device holding it hostage by preventing it from functioning unless the user fulfills the ransom payment demanded.
Which risk remains after additional controls are applied?
Residual risk
While preparing a continuity plan, you were asked to choose a technique by which the backup data stored on the cloud can be accessed from any location. Which of the following techniques should you choose?
Restore the data to virtual machines
One of the important systems in your organization was accidentally exposed to malware. Which of the following features should you use to manage the risk of malware?
Revert to a known state
You are a security administrator for an enterprise. You were asked to implement a cloud app security function in your enterprise network so that login attempts from identified threat actors can be restricted. Which of the following cloud app security function should you use?
Risky IP address
Which type of malware can hide its agenda inside other processes, making it undetectable, and what is it usually used for?
Rootkit, a malware that uses the lower layers of the operating system or undocumented functions to make alterations to the operating system's processes
Which of the following allows high-speed storage and transmission of large volumes of data?
SAN
A web application with an SQL server database is found to be compromised by an attacker. On examination, the email IDs of the database have been found modified. This was due to improper validation in the input fields exploited by the attacker.What is the probable attack in the above scenario?
SQL Injection
What is the name of the process where a website validates user input before the application uses the input?
Sanitizing
Smitha, an employee working in the accounts department, reported to the information security officer that she could not access her computer. James, the security officer, noticed the following on Smitha's system: On booting the computer, the following message was flashing on the computer screen with the IRS logo:" This computer is locked by the Internal Revenue Service. It has come to our attention that you are transferring funds to other agencies using this computer without compliance with the local income tax laws. As per section 22 of the U.S. Income Tax Act, the transmission of funds without applicable taxes is prohibited. Your IP address is identified in this fraudulent transaction and is locked to prevent further unlawful activities. This offense attracts a penalty of $400.00 for the first offense. You are hereby given 16 hours to resolve this issue, failing which you shall be prosecuted to the full extent of the law. You may make a secure payment by clicking on the following link. If you face any issues, you may reach out to us at [email protected]." The message will not close, nor is there access to applications or files on the computer; however, James can open shared files and folders on Smitha's computer through the network. What is your inference about the problem faced by Smitha on her computer?
Smitha's computer is compromised by ransomware.
You are a security admin for an enterprise, and you were asked to ensure high availability of data using redundancy. Which of the following action should you perform?
Store the same data in different devices across different locations
What is a risk to data when training a machine learning (ML) application?
Tainted training data for machine learning
Which of the following describes the action of an SQL injection into a database server?
The SQL injection inserts specially created structured query language statements to manipulate the database server, giving control of the database to the attacker, who can then manipulate the database.
Natasha, a network security administrator for an online travel portal, noticed that her website was the victim of an SQL injection. She decided to study the SQL queries to find which one made this vulnerability in the database, and she noticed the following SQL code piece executed on the database :'whatever' AND email IS NULL; What has been accessed by the attacker running this SQL injection?
The attacker has determined the names of different types of fields in the database.
An attacker has changed the value of a variable used when copying files from one cloud server to a local drive. What is the most likely motive behind the attack?
The attacker is using an integer overflow attack to initiate a buffer overflow that can allow them to take over the machine.
What does the end of service notice indicate?
The enterprise will no longer offer support services for a product.
In an interview, you are asked to explain the major objective of having resilience in an organization. How should you respond?
The major objective of resilience in an organization is to provide uninterrupted services.
A few computers at a high-security software firm location have been compromised. The threat actor took user videos, confidential information like bank account IDs and passwords, email IDs and passwords, and computer screenshots. These confidential data have been shared every three hours from the computers to the threat actor. Which of the following is correct, based on the evaluation of the above observation?
This is a software keylogger attack, as screenshots, video captures, and keystrokes have been routinely monitored and periodically shared.
The files in James's computer were found spreading within the device without any human action. As an engineer, you were requested to identify the problem and help James resolve it. During file code inspection, you noticed that certain types of files in the computer have similar codes. You found that the problem is coming from a set of codes that are not part of the actual files, appended at the bottom of the file. You also noticed a transfer control code written at the beginning of the files giving control to the code at the bottom of the file. Which type of infection is this a characteristic of?
This is a typical characteristic of an endpoint device infected with a file-based virus attack.
Zeda Corporation provides online training solutions to global customers. To provide e-learning solutions, it integrates with multiple vendor platforms. This ensures seamless transfer to multiple operators' solutions through sign on. Joe, an IT security administrator, noticed that a threat actor has attacked the platform and stolen the user data. The source of this vulnerability was identified as one of the integrated external applications.What type of attack is this?
This is an API attack.
Why can the accuracy of data collected from users not be verified?
Users have no right to correct or control the information gathered.
William downloaded some free software to help him with photo editing. A few days later, William noticed several personal photographs were modified and posted to various social media pages with obscene comments. He also noticed that there were videos of him that were morphed and circulated on adult websites. The videos were obviously taken using his webcam. What should William do to fix his problem and prevent it from happening again in the future?
William should run an antimalware program and scan for all known RATs, then quarantine and remove the infected file(s). To prevent this in the future, he should only download software from trusted websites.
You are the cybersecurity chief of an enterprise. A risk analyst new to your company has come to you about a recent report compiled by the team's lead risk analyst. According to the new analyst, the report overemphasizes the risk posed by employees who currently have broad network access and puts too much weight on the suggestion to immediately limit user access as much as possible. According to the new analyst, not only does the report not mention the risk posed by a hacktivist group that has successfully attacked other companies in the same industry, it doesn't mention data points related to those breaches and your company's risk of being a future target of the group. How should you address this issue so that future reports and risk analyses are more accurate and cover as many risks as needed?
You should implement risk control self-assessment.
You are assigned to destroy the data stored in electrical storage by degaussing. You need to ensure that the drive is destroyed. What should you do before degaussing so that the destruction can be verified?
You should wipe the data before degaussing.
In 2016, your enterprise issued an end-of-life notice for a product. In 2020, an end of service notice was issued for the same product. What does this mean?
Your company stopped manufacturing a product in 2016, and all maintenance services for the product stopped in 2020.
You are working in the headquarters of an organization and you're asked to deal with the interruption in services due to network issues found in the ISP servers. How will you tackle this sitiuation? Using RAID Using NIC teaming Using UPS Backing up dataAnalysis:
choose all answers
