Practice test questions

A healthcare organization was asked to share its data with an analytics company to perform research on patient well-being. Which of the following encryption methods would most likely ensure patient information during analysis?

Homomorphic encryption is an encryption method that allows computation to be performed directly on encrypted data without requiring access to a secret key. Analysis can apply functions on encrypted data without needing to reveal the values of the data.

An attacker evaded antivirus detection in a Linux kernel, as multiple threads attempted to write an object at the same memory location. What type of vulnerability did the attacker use?

Race condition

Condition access is an example of what?

Rule Based access control

An organization configures virtual network appliances as part of an infrastructure as code (IaC) deployment. What approach handles the near real-time collection, aggregation, and reporting of data of the implementation?

Software definded visibiloty

inherent risk

The result of quantitative or qualitative analysis is a measure

How does the General Data Protection Regulations (GDPR) classify data that can prejudice decisions, such as sexual orientation?

The sensitive classification is used in the context of personal data about a subject that could harm them if made public and could prejudice decisions made about them if referred to by internal procedures.

Contontrol groups in relation to containers

ensure that one container cannot overwelm others in a dos type attack.

lack of which of the following measures of disorder can leave a cryptosystem vulnerable and unable to encrypt data securely?

entropy

Content Security policy

header option that mitigates clickjacking, script injection, and other client side attacks

Entropy

measure of cryptographic unpredictability. Using high entropy sources of data provides more security than using low sources. A lack of good entropy can leave a system vulnerable.

Race condition

occurs when multiple threads are attempting to write at the same memory location. Race conditions can deploy as an anti-virus evasion technique.

Namespaces

prevent one container from reading or writing processes in another

Software Development kit

provides developers a prepackaged set of tools, libraries, documentation, and code samples to create software applications on a specific platform.

Measurement systems analysis (MSA) relates to what?

quality management processes, such as Six Sigma, that make use of quantified analysis methods to determine the effectiveness of a system and may be part of an onboarding requirement.

Software definied visibility think....

real time

An attacker is preparing a phishing email mimicking the contents of a legitimate company email. The email will include a fake invoice to request payment for medical services and an email address that looks convincing. What can the attacker modify on the email to make it more convincing?

repending means adding text that appears to have been generated by the mail system. For example, an attacker may add "RE:" to the subject line to make it appear more legitimate and a reply to a previous email thread.

Cache Control

s a header option that sets whether the browser can cache responses. Preventing data caching protects confidential and personal information where the client device is shared by multiple users.

applicaable laws

steward

Software -defined visibility

supports assessment and incident response functions. Visibility is the near real-time collection, aggregation, and reporting of data about network traffic.

offline password attack

that the attacker has managed to obtain a database of password hashes from an Active Directory credential store, for example. A password cracker tool does not need to interact with the authentication system in this case.

Access policy determines wqhat?

things such as the right to log on to a computer locally or via remote desktop, install software, change the network configuration, and so on.

Develoment

where developers create a product. Developers check out code for editing or updating. Version control and change management occur in the development environment to track development.

PEAP and EAP-TTLS

both use a server-side public key certificate to establish an encrypted tunnel between the user and authentication server. The user does not require a certificate. The main distinction between these protocols is that EAP-TTLS can use any tunneled authentication protocol, while PEAP must use EAP-MSCHAP or EAP-GTC.

Which of the following security mechanisms provides protection against Secure Socket Layer (SSL) stripping attacks?

HTTP Strict Transport Security (HSTS)

A web administrator notices a few security vulnerabilities that must be addressed on the company Intranet. The portal must force a secure browsing connection, mitigate script injection, and prevent caching on shared client devices. Determine the secure options to set on the web server's response headers. (Select all that apply.)

HTTP strict transport security Content securityt policy Cahce control

Today's hackers are keen on knowing that security teams are actively hunting for threats on the network. Hackers may use resources to trigger a diversion to keep threat hunters busy, while another attack is initiated to carry out the primary objective of the planned penetration attack. How can a security team best circumvent this strategic hacking technique?

A defense maneuver uses passive discovery techniques so that threat actors do not know they have been discovered. This gives the security team a chance to investigate the source of the attack and plan a resolution before the threat moves on to the next objective.

A social engineer used a phishing attack to trick users into visiting a website. Once users visit the site, a vulnerability exploit kit installs, which actively exploits vulnerabilities on the client. What type of attack did the users become a victim of?

A MitB attack compromises the web browser by installing malicious plug-ins, scripts, or intercepting API calls. Vulnerability exploit kits installed on a website can actively try to exploit vulnerabilities in clients browsing the site

A company uses a DevSecOps approach for developing and maintaining software. In one environment, developers complete penetration and vulnerability scanning to ensure the system is free of bugs and coding errors early on. Which of the following best describes this environment?

A test environment does not fully simulate a production environment. The test environment allows for vulnerability scanning, penetration testing, and functional user testing before being deployed to the staging environment.

Which of the following hardening procedures can protect a multifunction printer from a cybersecurity attack? (Select all that apply.)

Administrators should change all passwords from the factory defaults of a multifunction printer to ensure a secure system. Enabling logging allows administrators to monitor and audit printer use. Reviewing the logs on a regular basis helps determine suspicious activity. Automatically deleting queued data can protect the disclosure of information that is stored on the multifunction printer hard drive.

A Windows firewall rule allows all programs, all protocols, and all ports within a 192.168.0.0/24 subnet to connect to the network. What type of Windows Firewall with Advanced Security is this?

Access Control List

A new administrator completed setting up an admin account on the network. The admin successfully logged on to a remote file server with the new credentials but not on a remote domain controller (DC) server. Determine the most likely cause for not being able to log in to a DC server.

Access policy

Determine the type of code execution policy that would ensure that unrecognized software cannot run.

Allow list

Determine a solution that can combine with a cloud access security broker (CASB) to provide a wholly cloud-hosted platform for client access?

An on-premises next-generation secure web gateway (SWG) is a proxy-based firewall, content filter, and intrusion detection/prevention system that mediates user access to Internet sites and services. Netskope is an example of an SWG product that can include a cloud access security broker (CASB).

A system administrator ensures that the checksum on the developed code checked into the Nexus repository matches the checksum presented to the customer to ensure the finished product is what was agreed upon. This best represents which of the following processes?

Basline configuration

A user receives access to a company system through the use of a smart card. The user can then access data they have privileges to access. A record of all events the user accomplishes or attempts to is recorded in a log for administrative purposes. What access management policy does this best describe?

Authentication, Authorization, and Accounting (AAA) provides a comprehensive access management approach to identifying, authorizing, and accounting for user activity.

Network administrators are configuring a demilitarized zone (DMZ) to provide Internet-facing services to customers. These admins will perform minimum configuration and security to rapidly deploy two web servers that are load balanced. Which of the following will most likely be configured in this DMZ? (Select all that apply.)

Bastion hosts are any servers that are configured with minimal services to run in a demilitarized zone (DMZ). A bastion host would not be configured with any data that could be a security risk to the internal network. Virtual Internet Protocol (IP) addresses are public IP addresses that are shared among a load-balanced cluster of servers. The primary node will receive traffic from the virtual IP address until the secondary node takes over. The scheduling algorithm is the code and metrics that determine which node is selected for processing each incoming request. For example, round robin.

List methods of containment that are based on the concept of isolation. (Select all that apply.)

Blackholes correspond to locations in the network that quietly discard (or "drop") incoming or outgoing messages without notifying the source that it did not reach its intended recipient. Blackholes are an isolation technique because they isolate the attacker from the network. Air gapping indicates the physical isolation of a system from all network resources, often by being physically disconnected. The exploit becomes isolated to the disconnected device and cannot "escape." A sandbox is an isolated environment created for analyzing malware and exploits safely, such as Cuckoo, for example.

Identify types of metadata that would be associated with CDR (call detail records) of mobile devices. (Select all that apply.)

Call detail records (CDR) routinely contain times and durations of incoming, outgoing, and attempted calls, as well as the phone numbers of said calls. By examining the list of towers a device has connected to in the call detail records (CDR), it is possible to ascertain the general vicinity of locations in which the device has been present. SMS text time, duration, and phone number of origin are recorded in the call detail records (CDR) metadata associated with mobile devices.

Conclude which terms represent a core feature of the Diamond Model of Intrusion Analysis. (Select all that apply.)

Capability Infrastructure Victim Adversary

A vulnerability database loaded on a scanning tool such as Tenable Nessus will commonly show which of the following properties? (Select all that apply.)

Common Vulnerabilities and Exposures (CVE) is a dictionary of vulnerabilities in published operating systems and applications software provided by cve.mitre.org. It includes CVE ID, brief descriptions, a URL reference list, and data of entry. Common Vulnerability Scoring System (CVSS) is maintained by the Forum of Incident Response and Security Teams (first.org/cvss). Scores range from 0 (low) to 9+ (critical).

With capture the flag think what?

Completeing challeneges

Management is planning a secure network design for corporate mobile devices given to remote employees. One security suggestion involves only allowing corporate apps to access the corporate network when the mobile device is connected via a virtual private network (VPN). Which of the following will support this design? (Select all that apply.)

Context-aware authentication can, for example, disable screen locks when the mobile device is in a trusted location, such as a home. It can also check whether the network connection is trusted before allowing apps to communicate externally. Mobile Application Management (MAM) sets policies for apps that can process corporate data and prevents data transfer to personal apps. This type of solution configures an enterprise-managed container or workspace. Unified Endpoint Management (UEM) is a suite of applications and features that extends the concept of network access control (NAC) solutions to the mobile device. UEM may include MAM.

Which classification of data is likely to be immediately escalated in the case of a breach?

Critical data, sometimes top-secret, is too valuable to permit any risk of a breach. Therefore, any detected abnormality should immediately be escalated to senior decision-makers.

Which attack types are client-side attacks that are impacted by malicious code? (Select all that apply.)

Cross site scripting Session replay

group of junior systems administrators participates in an ethical hacking seminar that allows for advancement and rewards for completing challenges. Which training methods do the administrators experience?

Ethical hacker training programs and gamified competitions usually use Capture the Flag (CTF). Participants must complete a series of challenges that usually result in identifying a threat actor (the flag).Gamification is a learning approach that includes a fun-factor and features gaming type elements such as points, leveling up, and rewards

The client wants to deploy a wireless network that uses a smart card or a certificate that can be installed on the client's PC. Which type of authentication mechanism is most suitable for this task?

EAP-TLS requires client certificates, but most other types of EAP can be configured to perform mutual authentication (including EAP-TTLS, PEAP with TLS, and EAP-FAST).

An unmanned aerial vehicle is equipped with a component to ensure position and movement sensors are aligned and relays information to a ground control. Which of the following computing devices does this best describe?

Embedded system

A Security Information and Event Management (SIEM) system is heavily dependent on which of the following to provide meaningful information about security events and trends?

Data inputs

Fake Telemetry

Deception strategy that returns spoofed data in response to network probes.

An application's appliance template virtual machine (VM) is running on the production network. A Linux administrator logs in to the system as the default root account to verify network settings. The appliance was deployed "out of the box" and is running healthy. A security engineer would have some concerns about which of the following configurations? (Select all that apply.)

Default Template settings Lo on as a super user

After opening a third branch office in another state, the security team is having difficulty monitoring the network and managing system logs. Using a standard Security Information and Event Management (SIEM) system, what can the team do to better manage these events in a centralized way?

Deploy Listeners

In which environment can multiple developers check out software code and include change management processes?

Development

A company deployed a wireless access point and wishes to enable the Enterprise mode for secure wireless connections. The servers have certificates, but the supplicants do not. Which of the following options would fit the company's needs? (Select all that apply.)

EAP-FAST (Flexible Authentication via Secure Tunneling) is Cisco's replacement for LEAP. It addresses LEAP vulnerabilities using TLS (Transport Layer Security) with PAC (Protected Access Credential) instead of certificates. PEAP (Protected Extensible Authentication Protocol) uses a server-side public key certificate to create an encrypted tunnel between the supplicant and authentication server. PEAP is an industry standard.

A hacker modified a company photo by embedding malicious code in the picture. The hacker emailed the picture to company employees, and several employees opened the email. The hacker now has remote access to those employees' computers. Which of the following can prevent this method of attack?

File Integrity Monitoring

Which value is the result of a quantitative or qualitative risk analysis?

Inherent risk

Two organizations plan on forming a partnership to provide systems security services. Part of the onboarding requirements for both sides includes a mutual understanding of quality management processes. Which approach details this requirement?

MSA (Measurement system analysis)

A multinational company has partnered with several smaller, younger companies. To protect their supply chain and improve their own risk posture, the company offers to provide network security services for their new partners. Conclude what type of risk the company is addressing.

Multiparty risk occurs when an adverse event impacts multiple organizations. If a breach occurs for one party, all parties share the risk.

Which of the following will reduce the risk of data exposure between containers on a cloud platform? (Select all that apply.)

NAmespaces Control groups

A developer is concerned with Cross-Site Scripting (XSS) in the latest deployed version of an application. What should the developer refer to for information regarding critical application security risks?

OWASP

A file system audit shows a malicious account was able to obtain a password database. The malicious account will be able to use the information without interacting with an authentication system. What type of attack will the malicious account be able to perform on systems?

Offline password attack

OWASP

Open Web Application Security Project is an online resource that provides resources for secure application development. It offers tools, networking, education, and training to the development community.

STP

Spanning Tree Protocol) is a means for the bridges to organize themselves into a hierarchy and prevent loops from forming.

Consider conditional access to a system and determine which options fit the criteria. (Select all that apply.)

Sudo, UAC

An organization wants to implement a certificate on a website domain. The organization prepares for a rigorous check to prove its identity using extended validation. Evaluate the options and conclude why the certificate would not be issued.

The domain usesa a wildcard

In what way does Challenge Handshake Authentication Protocol (CHAP) protect against replay attacks?

The handshake is repeated with different challenge messages periodically throughout the session connection.

Describe the general function of the command echo "head" when used in conjunction with a resource pointer, such as a filename or IP address.

The head command, by default, outputs the oldest ten lines in a file. The echo command is a command that outputs the strings passed as an argument; in this case, the first lines of the provided target.

Which of the following attacks would allow an attacker to sniff all traffic on a switched network?

To sniff all traffic on a switched network, the switch must be overcome using ARP poisoning. ARP poisoning occurs when an attacker, with access to the network, redirects an IP address to the MAC address of an unintended computer.

A brute-force attack compromises a server in a company's data center. Security experts investigate the attack type and discover which vulnerability on the server?

Weak ENcryption

HTTP Strict Transport Security (HSTS) forces browsers to connect using HTTPS only, mitigating what?

downgrade attacks such as SSL stri[ping

EV certification cant be used on a what?

Wildcard

An employee at a financial firm is responsible for ensuring that data is stored in accordance with applicable laws and regulations. What role does the employee have in terms of data governance?

data steward

Companies often update their website links to redirect users to new web pages that may feature a new promotion or to transition to a new web experience. How would an attacker take advantage of these common operations to lead users to fake versions of the website? (Select all that apply.)

add reirects to .htaaccess files craft phishing links

ARP poisoning

an attack that convinces the network that the attacker's MAC address is the one associated with an allowed address so that traffic is wrongly sent to the attacker's machine

Listeners can do what?

an better manage collections to reduce the number of systems communicating with the SIEM.

What is a superuser in linux?

default user account

chap does what

changes periodically

.htaaccess file

controls high-level configuration of a website. This file runs on an Apache server and can be edited to redirect users to other URLs.

Basline Configuration

documented and agreed-upon sets of specifications for information systems. Baseline configurations serve as the starting point for development, patching, and changes to information systems.

Homomorphic Encryption

does not reveal data