SEC - 160 MIDTERM

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

host address: 192.168.100.161/25 203.0.113.100/24 network address: 10.10.10.128/25 172.110.12.64/28 broadcast address: 192.168.1.191/26 10.0.0.159/27

--

desirable for an ISP or large business mail is deleted as it is downloaded does not require a centralized backup solution

POP characteristics

It is part of the internet that can only be accessed with special software.

What is the dark web

street address credit card number

Which two examples of personally identifiable information PII

MTTD

average time that it takes fro the SOC personnel to identify that valid security incidents have occurred in the network

25 53 443 22 23

ports: SMTP DNS HTTPS SSH Telnet

/var/log/dmesg

stores information related to hardware devices and their drivers:

The administrator has more control over the operating system.

1. Why would a network administrator choose Linux as an operating system in the Security Operations Center (SOC)?

UEFI

25. What technology was created to replace the BIOS program on modern personal computer motherboards?

Client information is stolen.

28. What is the result of an ARP poisoning attack?

connectionless

36. What is a basic characteristic of the IP protocol?

53

6. What is the well-known port address number used by DNS to serve requests?

TCP: FTP, HTTP, SMTP. UDP: TFTP, DHCP.

TCP AND UDP Services

private

1. When a wireless network in a small office is being set up, which type of IP addressing is typically used on the networked devices?

alert analyst

10. What job would require verification that an alert represents a true security incident or a false positive?

the domain name mapped to mail exchange servers

10. What type of information is contained in a DNS MX record?

packet capture software

10. Which type of tool allows administrators to observe and understand every detail of a network transaction?

ransomware

11. When a user turns on the PC on Wednesday, the PC displays a message indicating that all of the user files have been locked. In order to get the files unencrypted, the user is supposed to send an email and include a specific ID in the email title. The message also includes ways to buy and submit bitcoins as payment for the file decryption. After inspecting the message, the technician suspects a security breach occurred. What type of malware could be responsible?

It is an open source Linux security distribution containing many penetration tools.

11. Why is Kali Linux a popular choice in testing the network security of an organization?

10 segments

12. A PC is downloading a large file from a server. The TCP window is 1000 bytes. The server is sending the file using 100-byte segments. How many segments will the server send before it requires an acknowledgment from the PC?

rogue access point

12. An employee connects wirelessly to the company network using a cell phone. The employee then configures the cell phone to act as a wireless access point that will allow new employees to connect to the company network. Which type of security threat best describes this situation?

host unreachable

13. A user issues a ping 192.168.250.103 command and receives a response that includes a code of 1 . What does this code represent?

NTFS supports larger files NTFS provides more security features

14. What are two advantages of the NTFS file system compared with FAT32? (Choose two.)

netstat -r route print

14. Which two commands can be used on a Windows host to display the routing table? (Choose two.)

a list of all established active TCP connections

15. A PC user issues the netstat command without any options. What is displayed as the result of this command?

amateur

15. A company has just had a cybersecurity incident. The threat actor appeared to have a goal of network disruption and appeared to use a common security hack tool that overwhelmed a particular server with a large amount of traffic. This traffic rendered the server inoperable. How would a certified cybersecurity analyst classify this type of threat actor?

protocol unreachable

15. A user issues a ping 2001:db8:FACE:39::10 command and receives a response that includes a code of 2 . What does this code represent?

the ICMPv6 Router Advertisement

16. What message informs IPv6 enabled interfaces to use stateful DHCPv6 for obtaining an IPv6 address?

nslookup cisco.com ping cisco.com

16. Which two commands could be used to check if DNS name resolution is working properly on a Windows PC? (Choose two.)

to provide feedback of IP packet transmissions

17. What is the purpose of ICMP messages?

to review the settings of password and logon requirements for users

17. What is the purpose of using the net accounts command in Windows?

HIPPA

17. Which regulatory law regulates the identification, storage, and transmission of patient personal healthcare information?

PHI

18. A worker in the records department of a hospital accidentally sends a medical record of a patient to a printer in another department. When the worker arrives at the printer, the patient record printout is missing. What breach of confidentiality does this situation describe?

4xx = client error 3xx = redirection 2xx = sucess 1xx = information 5xx = server error

18. Match the HTTP status code group to the type of message generated by the HTTP server.

Change the startup type for the utility to Automatic in Services .

19. A technician has installed a third party utility that is used to manage a Windows 7 computer. However, the utility does not automatically start whenever the computer is started. What can the technician do to resolve this problem?

DNS

19. What network service uses the WHOIS protocol?

worm

19. What type of cyberwarfare weapon was Stuxnet?

SOAR automates incident investigation and responds to workflows based on playbooks.

2. What is a benefit to an organization of using SOAR as part of the SIEM system?

Enforce the password history mechanism. Ensure physical security.

2. Which two methods can be used to harden a computing device? (Choose two.)

host portion network portion

2. Which two parts are components of an IPv4 address? (Choose two.)

It sends a DHCPREQUEST that identifies which lease offer the client is accepting.

20. What action does a DHCPv4 client take if it receives more than one DHCPOFFER from multiple DHCP servers?

An email is sent to the employees of an organization with an attachment that looks like an antivirus update, but the attachment actually consists of spyware.

20. Which example illustrates how malware might be concealed?

It is used to share network resources.

20. Which statement describes the function of the Server Message Block (SMB) protocol?

PowerShell script

21. A user creates a file with .ps1 extension in Windows. What type of file is it?

inside global

21. Refer to the exhibit. From the perspective of users behind the NAT router, what type of NAT address is 209.165.201.1?

websites to make purchases

21. What websites should a user avoid when connecting to a free and open wireless hotspot?

Install the latest firmware versions for the devices.

22. In a smart home, an owner has connected many home devices to the Internet, such as the refrigerator and the coffee maker. The owner is concerned that these devices will make the wireless network vulnerable to attacks. What action could be taken to address this issue?

Right-click the application and choose Run as Administrator .

23. A user logs in to Windows with a regular user account and attempts to use an application that requires administrative privileges. What can the user do to successfully use the application?

It is encapsulated in a Layer 2 frame.

23. What is done to an IP packet before it is transmitted over the physical medium?

botnet

24. A group of users on the same network are all complaining about their computers running slowly. After investigating, the technician determines that these computers are part of a zombie network. Which type of malware is used to control these computers?

Windows Defender Firewall with Advanced Security

24. An IT technician wants to create a rule on two Windows 10 computers to prevent an installed application from accessing the public Internet. Which tool would the technician use to accomplish this task?

segment

24. Which PDU is processed when a host computer is de-encapsulating a message at the transport layer of the TCP/IP model?

client/server

25. Which networking model is being used when an author uploads one chapter document to a file server of a book publisher?

It is Internet-based conflict that involves the penetration of information systems of other nations.

25. Which statement describes cyberwarfare?

multicast

26. Which type of transmission is used to transmit a single video stream such as a web-based video conference to a select number of users?

Most IoT devices do not receive frequent firmware updates.

26. Why do IoT devices pose a greater risk than other computing devices on a network?

the MAC address of the G0/0 interface on R1

27. Refer to the exhibit. PC1 attempts to connect to File_server1 and sends an ARP request to obtain a destination MAC address. Which MAC address will PC1 receive in the ARP reply?

The man man command provides documentation about the man command

27. What is the outcome when a Linux administrator enters the man man command?

DDoS

27. Which cyber attack involves a coordinated attack from a botnet of zombie computers?

to gain advantage over adversaries

28. What is the main purpose of cyberwarfare?

improved performance increase in the size of supported files

29. What are two benefits of using an ext4 partition instead of ext3? (Choose two.)

to request an HTML page from a web server

29. What is the function of the HTTP GET message?

pwd

3. Which Linux command can be used to display the name of the current working directory?

Tier 3 SME

3. Which personnel in a SOC are assigned the task of hunting for potential threats and implementing threat detection tools?

SMB

30. Which protocol is a client/server file sharing protocol and also a request/response protocol?

A DHCPDISCOVER message is sent with the broadcast IP address as the destination address.

31. How is a DHCPDISCOVER transmitted on a network to reach a DHCP server?

to configure networking parameters for the PC

31. What is the purpose of entering the netsh command on a Windows PC?

32. What is a description of a DNS zone transfer?

32. What is a description of a DNS zone transfer?

cmdlets

32. Which type of Windows PowerShell command performs an action and returns an output or object to the next command that will be executed?

Powershell script

33. A user creates a file with .ps1 extension in Windows. What type of file is it?

64 bytes 1518 bytes

33. What are the two sizes (minimum and maximum) of an Ethernet frame? (Choose two.)

DHCP

34. Which process failed if a computer cannot access the internet and received an IP address of 169.254.142.5?

IP relies on upper layer services to handle situations of missing or out-of-order packets.

35. Which statement describes a feature of the IP protocol?

file system structure, file permissions, and user account restrictions

36. Why is Linux considered to be better protected against malware than other operating systems?

Tracert shows each hop, while ping shows a destination reply only.

37. Which statement describes the ping and tracert commands?

bring your own device

38. A large corporation has modified its network to allow users to access network resources from their personal laptops and smart phones. Which networking trend does this describe?

Local Security Policy

38. Which Windows tool can be used by a cybersecurity administrator to secure stand-alone computers that are not part of an active directory domain?

2001:0420:0059:0000:0001:0000:0000:000a

4. What is the full decompressed form of the IPv6 address 2001:420:59:0:1::a/64?

security monitoring threat intelligence log management

4. Which three technologies should be included in a SOC security information and event management system? (Choose three.)

terminal emulator

5. A Linux system boots into the GUI by default, so which application can a network administrator use in order to access the CLI environment?

arp -a

5. A cybersecurity analyst believes an attacker is spoofing the MAC address of the default gateway to perform a man-in-the-middle attack. Which command should the analyst use to view the MAC address a host is using to reach the default gateway?

Tier 1 personnel

5. The term cyber operations analyst refers to which group of personnel in a SOC?

the MAC address of the default gateway

6. A user sends an HTTP request to a web server on a remote network. During encapsulation for this request, what information is added to the address field of a frame to indicate the destination?

by combining data from multiple technologies

6. How does a security information and event management system (SIEM) in a SOC help the personnel fight against security threats?

Threat Hunter

7. An SOC is searching for a professional to fill a job opening. The employee must have expert-level skills in networking, endpoint, threat intelligence, and malware reverse engineering in order to search for cyber threats hidden within the network. Which job within an SOC requires a professional with those skills?

destination MAC address to a destination IPv4 address

7. What addresses are mapped by ARP?

root user

7. Which user can override file permissions on a Linux computer?

IP address to MAC address mappings

8. What type of information is contained in an ARP table?

technologies processes people

8. Which three are major categories of elements in a security operations center? (Choose three.)

Time to Control

9. Which KPI metric does SOAR use to measure the time required to stop the spread of malware in the network?

downloads copies of email messages to the client requires a larger amount of disk space original messages must be manually deleted

IMAP

(ISC)2

Which organization is an international nonprofit organization that offers the CISSP certification?

Step one: The Windows boot loader Winload.exe loads Step two: Ntosknl.exe and hal.dll are loaded Step three: Winload.exe reads the registry, chooses a hardware profile, and loads the device drivers. Step four: Ntoskrnl.exe takes over the process. Step five: Winlogon.exe is loaded and excutes the logon process.

Windows boot process

/var/log/messages

contains generic computer activity logs, and is used to store informational and noncritical system messages

MTTR

the average time that it takes to stop and remediate a security threat

dwell time

the length of time that threat actors have access to the network before they are detected and access is stopped

message encoding

the process of converting information from one format to another acceptable for transmission

MTTC

the time required to stop the incident from causing further damage to the systems or data

/var/log/auth.log

used by Debian and Ubuntu computers and stores all authentication-related events:

/var/log/secure

used by RedHat and CentOS computers and tracks authentication-related events:


Ensembles d'études connexes

Pharm Lecture 18: Anti-fungal and non-hiv antiviral agents (In progress)

View Set

sports management 110 final (drexel) chapter 12 and 13, 17, 16

View Set

Topic 7: Motivation: Needs Theory & Expectancy Theory

View Set