SEC+ 601- Mastering Security Basics
ip link set eth0 up
- enables a network interface on Linux
Which of the following is not a possible hash length from the SHA-2 function?
128 bits
Which one of the following ports is not normally used by email systems?
139
What is the minimum number of disk required to perform RAID level 5?
3
What CVSS value is the threshold at which PCI DSS requires remediation to achieve a passing scan?
4
What network port is used for SSL/TLS VPN connections?
443
journalctl
A Linux command line utility used for querying and displaying logs from journald, the systemd logging service on Linux
SoC
A ____ combines processing, memory, networking, and other embedded system components on a single chip.
Smart Card
A company currently uses passwords for logging into company-owned devices and wants to add a second authentication factor. Per corporate policy, users are not allowed to have smartphones at their desks. How would you meet the requirement?
RAT
A connection is established through which commands can be executed remotely. What kind of attacks is this?
user
A connection is established through which commands can be executed remotely. This targets _____.
access control vestibule
A defined space that provides security by using two or more doors, with each door able to operate independently, and that permits an officer to observe those who pass through the space.
HSMaaS approach
A major benefit of the _____ is the ability to maintain encryption keys separate from the data they protect, thereby providing an additional level of data security.
worm
A self-propagating attack spread across a network after compromising an SQL database Apache server using well-known credentials. What kind of attack is this?
database server
A self-propagating attack spread across a network after compromising an SQL database Apache server using well-known credentials. This targets _____.
Webserver
A threat actor sends multiple SYN packets from many sources. This targets _____.
Botnet
A threat actor sends multiple SYN packets from many sources. What kind of attack is this?
James notices that a macro virus has been detected on a workstation in his organization. What was the most likely path for the infection?
A user intentionally enabled macros for an infected file
acknowledge
ACK means ____.
Annualized Loss Expectancy
ALE stands for
Wendy is scanning cloud-based repositories for sensitive information. Which one of the following should concern her most, if discovered in a public repository?
API keys
Annualized Rate of Occurrence
ARO stands for
arp cache
ARP command shows help on Windows, but ____ on Linux.
Address Resolution Protocol
ARP stands for
Adversarial Tactics, Techniques, and Common Knowledge
ATT&CK
SLE
AV * EF = ____
EF
AV * ____ = SLE
Asset Valuation
AV stands for
continue operations
Accepting the risk would _____ as in a data center despite the flooding risk
Directory Traversal
Alan is analyzing his web server logs and sees several strange entries that contain strings similar to "../../" in URL requests. What type of attack was attempted against his server?
non-repudiation
Alice would like to be able to prove to Charlie that a message she received actually came from Bob. What cryptographic goal is Alice trying to enforce?
command and control
Amanda notices traffic between her systems and a known malicious host on TCP port 6667. What type of traffic is she most likely detecting?
Which one of the following services offers block storage volumes?
Amazon EBS
Which one of the following services is an example of desktop virtualization?
Amazon workspaces
SYN attack
An excessive number of SYN_RECEIVED states indicate a ____ where an attacker is flooding a system with SYN packets but never finalizes the connection with ACK packets.
application
An internally developed application has a hidden portal that allows an attacker to bypass authentication. This targets _____.
Backdoor
An internally developed application has a hidden portal that allows an attacker to bypass authentication. What kind of attack is this?
threat
Any circumstance or event that has the potential to compromise confidentiality, integrity, or availability.
sensitivity and criticality
Assign classifications based on _____ of information
classifications
Assign information into categories, known as _____, that determine storage, handling, and access requirements.
Compromised Credentials
At present, literally billions of _____ are circulating on the dark web.
MTTF
Average time a nonrepairable component will last
MTBF
Average time gap between failures of a repairable component
corrective
Backups are an example of what category of security control?
Open the file using a text editor to review the code
Ben wants to analyze Python code that he believes may be malicious code written by an employee of his organization. What can he do to determine if the code is malicious?
transposition cipher
Bob is planning to use a cryptographic cipher that rearranges the characters in a message. What type of cipher is Bob planning to use?
COBIT
Business-focused control framework
Which of these individuals would not normally be found on the incident response team?
CEO
Provide Stakeholder Value
COBIT principle #1:
Hollistic Approach
COBIT principle #2:
Dynamic Governance System
COBIT principle #3:
Governance Distinct from Management
COBIT principle #4:
Tailored to Enterprise Needs
COBIT principle #5:
End-to-End Governance System
COBIT principle #6:
As Dave works with his colleagues in other IT disciplines, he notices that they use different names to refer to the same products and vendors. Which SCAP component would best assist him in reconciling these differences?
CPE
cybersecurity framework
CSF stands for
Diamond Model
Capability, Victim, Infrastructure, Adversary are all core features of the ____.
concatenate
Cat command stands for ____.
integrity objective
Chris is responding to a security incident that compromised one of his organization's web servers. He believes that the attackers defaced one or more pages on the website. What cybersecurity objective did this attack violate?
TAXII
Cindy wants to send threat information via a standardized protocol specifically designed to exchange cyber threat information. What should she choose?
hping
Command that can send pings using TCP, UDP, and ICMP
netstat
Command that displays a listing of all open TCP connections
ping hostname.com
Command that resolves hostname to IP address.
ifconfig -a
Command that shows a comprehensive listing of TCP/IP configuration information for each NIC for Linux.
ipconfig /all
Command that shows a comprehensive listing of TCP/IP configuration information for each NIC for Windows.
ping -c 4 111.111.1.1
Command to make linux count pings like windows.
CIA security triad
Confidentiality, Integrity, Availability form the _____.
response controls
Controls designed to prepare for security incidents and respond to them once they occur.
data breaches
Credential stuffing attacks are one of the most common causes of_____ because many people reuse the same password on multiple (and sometimes all) accounts.
ransomware
Crypto malware is a type of what sort of malware?
ransomware
Cryptolocker is an example of what type of malicious software?
Helen has vulnerability scanners located at several points on her network. Which one of the following scanners is likely to provide the most complete picture of the vulnerabilities present on a public web server?
DMZ Scanner
external connections
DMZ contains systems that must accept direct _____
Name: Wikipedia.org Address: 208.80.154.224 Which of the following attacks MOST likely occurred on the user's internal network?
DNS poisoning
Fran's network recently suffered a botnet infestation and she would like to implement a control that limits the ability of botnets to reach their command-and-control servers. Which one of the following deception technologies would best meet this need?
DNS sinkhole
rainbow table
Dan is engaging in a password cracking attack where he uses precomputed hash values. What type of attack is Dan waging?
customer responsibilities
Data and applications are _____.
confidentiality
Data breaches violate which principle of cybersecurity?
Honeynet
Decoy networks designed to attract attackers
UDP 53
Dennis would like to capture the DNS traffic on his network using Wireshark. What port should he use in his capture filter to restrict his capture to DNS queries and responses?
trunk negotiation
Deny the use of automatic _____ to limit the effectiveness of VLAN hopping attacks.
use case
Describes a goal that an organization wants to achieve
risk register
Description, category, probability and impact, risk rating, and risk management actions are all contents of
digital certificate
Developers wishing to sign their code must have a ____.
posture
Device _____ collects security-related device data, such as OS and version, jailbreak status, data encryption, screen lock status, biometrics status, etc.
Which one of the following is an example of an in-band approach to key exchange?
Diffie-Hellman
ifconfig eth0 -promisc
Disable promiscuous mode on first ethernet interface on Linux system
operating normally
Disaster recovery efforts end only when the business is _____ in its primary environment.
netstat -a
Displays a listing of all TCP and UDP ports that a system is listening on, in addition to all open connections.
netstat -s
Displays statistics of packets sent or received for specific protocols such as IP, ICMP, TCP, UDP.
netstat -r
Displays the routing table
asset value
Dollar value of an asset
containing the damage
During an incident response, what is the highest priority of first responders?
production
During what phase of ediscovery does an organization share information with the other side?
authentication
During which phase of the access control process does a user prove their identity?
exposure factor
EF stands for
Which type of digital certificate offers the highest possible level of trust?
EV
DNS cache
Each time a system queries DNS to resolve a hostname to an IP address, it stores the results in the ____.
mainframes
Embedded device security controls are effective for _____ as well.
technical controls
Encryption, antivirus software, IDS, IPS, firewalls, and least privilege are examples of _____.
ipconfig
Entered by itself, this command provides basic information about the NIC, such as IP, subnet mask, and default gateway.
impact
Evaluate incident severity based upon ____.
exposure factor
Expected Percentage of damage to an asset
ALE
Expected dollar loss from a risk in any given year
Single Loss Expectancy
Expected dollar loss if a risk occurs one time
Field Programmable Gate Array
FPGA stands for
(T/F) Cable distribution runs are not normally included in a site's physical security plan.
False
(T/F) Companies should always manage bug bounty programs internally.
False
(T/F) Conducting a brute force attack requires a sample of plaintext.
False
(T/F) Database normalization should always be used to improve database security
False
(T/F) Removing names and identification numbers is usually all that is necessary to deidentify a dataset.
False
(T/F) Static code testing software executes code to verify that it is functioning properly.
False
(T/F) The DevOps model prioritizes development efforts over operational tasks.
False
(T/F) You are normally required to report security incidents to law enforcement if you believe a law may have been violated.
False
Which biometric error would allow an unauthorized user to access a system?
False acceptance
three
Firewalls connect ____ networks
Isolate the affected systems
First responders must act quickly and _____.
Identify ID
Framework function #1
Protect PR
Framework function #2
Detect DE
Framework function #3
Respond RS
Framework function #4
Recover RC
Framework function #5
logger Backup started
Gives you a timestamped entry with text "backup started" in Linux
network and host firewalls
Granting network access requires configuring both ___.
supply chain
Greg believes that an attacker may have installed malicious firmware in a network device before it was provided to his organization by the supplier. What type of threat vector best describes the attack?
network-based
Greg is implementing a data loss prevention system. He would like to ensure that it protects against transmissions of sensitive information by guests on his wireless network. What DLP technology would work best to meet this goal?
preventative control
Greg recently conducted an assessment of his organization's security controls and discovered a potential gap: the organization does not use full-disk encryption on laptops. What type of control-gap exists in this case?
logic bomb
Gurvinder has been asked to assist a company that recently fired one of their developers. After the developer was terminated, the critical application that they had written for the organization stopped working and now displays a message reading "You shouldn't have fired me!" If the developer's access was terminated and the organization does not believe that they would have had access to any systems or code after they left the organization, what type of malware should Gurvinder look for?
masking
Gwen is exploring a customer transaction reporting system and discovers the table shown here. What type of data minimization has likely been used on this table?
vendor responsibilities
Hardware and Data Center are _____.
executive
Hardware remotely captures credentials by monitoring a user's input. This targets _____.
Keylogger
Hardware remotely captures credentials by monitoring a user's input. What kind of attack is this?
The chief compliance officer from a bank has approved a background check policy for all new hires. Which of the following is the policy MOST likely protecting against?
Hiring an employee who has been convicted of theft to adhere to industry compliance.
relocate the data center
How do you avoid the risk of a flood?
3
How many keys should be used with 3DES to achieve the greatest level of security?
internet control message protocol
ICMP stands for ___.
Which of the following is an example of multifactor authentication?
ID Card and PIN
Which one of the following is not an example of an open source intelligence resource?
IP reputation service
32
IPv4 uses ____ bits
hexidecimal numbers
IPv6 consists of 8 groups of 4 _____. Example: fd02:24c1:b942:01f3:ead2:123a:c3d2:cf2f
address exhaustion
IPv6 replaces IPv4 due to ____.
128
IPv6 uses ____ bits.
which of the following is a common command-and-control mechanism for botnets?
IRC
cybersecurity control objectives
ISO 27001 covers:
cybersecurity control implementation
ISO 27002 covers:
privacy controls
ISO 27701 covers:
risk management programs
ISO 31000 covers:
access controls
Identification, Authentication, Authorization
shared secret key
If Alice wants to send a message to Bob using symmetric cryptography, what key does she use to encrypt the message?
SPOF
If a ____ fails, an entire system can fail.
traffic stops
If ping fails, admins can use tracert to identify where ____.
Cache Poisoning
If you suspect and ARP ____ attack, you can use ARP to check the cache.
A dynamic application vulnerability scan identified code injection could be performed using a web form. Which of the following will be BEST remediation to prevent this vulnerability?
Implement input validations
alert
Impossible Travel Time activity should be unusual enough to be considered an indicator of compromise (IoC) and worthy of an _____.
File Transfer Protocol
In Administrative Services, port 21 is for _____.
Secure Shell
In Administrative Services, port 22 is for _____.
remote desktop protocol
In Administrative Services, port 3389 is for _____.
Domain Name Service
In Administrative Services, port 53 is for _____.
53
In Administrative Services, port ____ is for Domain Name Service (DNS)
3389
In Administrative Services, port ____ is for Remote Desktop Protocol (RDP).
21
In Administrative Services, port _____ is for File Transfer Protocol (FTP).
22
In Administrative Services, port _____ is for Secure Shell (SSH).
NetBIOS
In Administrative Services, ports 137, 138, and 139 are for _____.
137, 138, and 139
In Administrative Services, ports _____ are for NetBIOS.
OS
In IaaS, the _____ is the customer's responsibility. In PaaS and SaaS, it is the vendor's responsibility.
tail
In Linux, the ____ command displays only the last 10 lines of a log file.
logger
In Linux, use the ___ command to add entries in the /var/log/syslog file from the terminal or scripts and applications.
journalctl --since 1 hour ago
In Linux, you can limit journal entry logs displayed to only last hour with ____ command.
Post Office Protocol
In Mail Services, port 110 is for _____.
Internet Message Access Protocol
In Mail Services, port 143 is for _____.
Simple Mail Transfer Protocol
In Mail Services, port 25 is for _____.
143
In Mail Services, port ____ is for Internet Message Access Protocol (IMAP).
110
In Mail Services, port ____ is for Post Office Protocol (POP).
25
In Mail Services, port _____ is for Simple Mail Transfer Protocol (SMTP).
Secure Hypertext Transfer Protocol
In Web Services, port 443 is for _____.
Hypertext Transfer Protocol
In Web Services, port 80 is for _____.
80
In Web Services, port ____ is for HTTP.
443
In Web Services, port ____ is for HTTPS.
black box
In a ___ penetration test, the attacker has no prior knowledge of the environment.
failover cluster
In a _____, the server switches from the failed server in a cluster to an operational server in the same cluster.
white team
In a cybersecurity exercise, what team is responsible for serving as moderators?
MDM platforms
In device posturing, _____ gain greater insight into the posture of mobile devices to enforce appropriate network access policies.
head
In linux, the ____ command allows you to see only the beginning of a log file.
AS
In the Kerberos protocol, what system performs authentication of the end user?
transport layer
In the OSI model, the ___ consists of TCP and UDP.
data link layer
In the OSI model, the ___ consists of data transfers between two nodes.
presentation layer
In the OSI model, the ___ consists of data translation and encryption.
session layer
In the OSI model, the ___ consists of exchanges between systems.
network layer
In the OSI model, the ___ consists of internet protocol (IP).
application layer
In the OSI model, the ___ consists of user programs.
physical layer
In the OSI model, the ___ consists of wires, radios, and optics.
clipper chip
In the early 1990s, the National Security Agency attempted to introduce key escrow using what failed technology?
listen
Indicates the system is waiting for a connection request
SYN_received
Indicates the system sent a TCP SYN-ACK packet after receiving a SYN packet as the first part of the SYN, SYN-ACK, ACK handshake process. It is waiting for the ACK response to establish the connection.
Which one of the following is not one of the GAPP principles?
Integrity
knowledge-based organizations
Intellectual property theft poses a risk to _____.
extranet
Intranet segments extended to business partners
What action can users take to overcome security flaws in RC4?
It is not possible to use RC4 securely
Compliance
Jade's organization recently suffered a security breach that affected stored credit card data. Jade's primary concern is the fact that the organization is subject to sanctions for violating the provisions of the Payment Card Industry Data Security Standard. What category of risk is concerning to Jade?
HOTP
Jane uses an authentication token that requires her to push a button each time she wishes to login to a system. What type of token is she using?
steganography
Jasmine comes across a file sent out of her organization that she suspects contains proprietary trade secrets but appears to be an innocuous image. What technique might the sender have used to hide information in the image?
false positive
Jason recently investigated a vulnerability discovered during a scan and, after exhaustive research, determined that the vulnerability did not exist. What type of error occurred?
boxes, servers, hosts
Jump _____ are all the same thing
Nancy is designing a security strategy for remote access. She would like to provide administrators with an intermediate box that they connect to before reaching sensitive systems. What type of service is Nancy planning?
Jump box
internet RFC
Ken is conducting threat research on Transport Layer Security (TLS) and would like to consult the authoritative reference for the protocol's technical specification. What resource would best meet his needs?
white hat
Kolin is a penetration tester who works for a cybersecurity company. His firm was hired to conduct a penetration test against a health-care system, and Kolin is working to gain access to the systems belonging to a hospital in that system. What term best describes Kolin's work?
honeynets
Large-scale deployments of honeypots are called ____.
MAC address
Limit the devices that may connect to a network switchport by _____.
switches
Limit the unnecessary exposure of VLANs by limiting the number of _____ where they are trunked, especially for the sensitive VLANs.
urgency
Linda's organization recently experienced a social engineering attack. The attacker called a help desk employee and persuaded her that she was a project manager on a tight deadline and locked out of her account. The help desk technician provided the attacker with access to the account. What social engineering principle was used?
ifconfig eth0 allmulti
Linux command that Enables multicast mode on the NIC. Allows the NIC to process all multicast traffic received by the NIC.
ifconfig eth0 promisc
Linux command that enables promiscuous mode on the first ethernet interface
ip -s link
Linux command that shows statistics on the network interfaces.
cat
Linux command used to display the contents of files.
ctrl + c
Linux continues to ping until you press ___.
traceroute
Linux tracert commands is equivalent to ____.
apache
Linux web server application
physical location
Location based network security techniques restrict access based upon _____.
compensating control
Lou mounted the sign below on the fence surrounding his organization's datacenter. What control type best describes this control?
Security analysts are conducting an investigation of an attack that occurred inside the organization's network. An attacker was able to connect network traffic between workstations throughout the network. The analysts review the following logs: VLAN ADDRESS ________ _______________ 1 0007.1e5d.3213 1 002a.7d.44.8801 1 0011.aab4.344d The layer 2 address table has hundreds of entities similar to the ones above. Which of the following attacks has MOST likely occurred?
MAC flooding
Security as a Service
MSSPs may also be referred to as _____
Mean Time Between Failures
MTBF stands for
Mean Time to Failure
MTTF stands for
Maloof would like to digitally sign a message that he is sending to Clementine. What key does he use the create the digital signature?
Maloof's private key
Which phase of the capability maturity module introduces the reuse of code across projects?
Managed
risk management process
Management controls improve the security of the _____ itself
assessment
Managerial controls use planning and _____ methods to provide ongoing review of organization's ability to reduce and manage risk.
security and privacy
Many individuals play a role in data _____.
Managerial
Matt is updating the organization's threat assessment process. What category of control is Matt implementing?
Different vendors use different names for malware packages
Matt uploads a malware sample to a third-party malware scanning site that uses multiple antimalware and antivirus engines to scan the sample. He receives several different answers for what the malware package is. What has occurred?
security group
Matt would like to assign users to roles within his Windows enterprise. What feature can he use to create a role?
data breaches
Measuring control effectiveness includes assessing ____ requiring notification.
end-user accounts
Measuring control effectiveness includes assessing compromised _____
web application
Measuring control effectiveness includes assessing critical findings in _____ scans.
public-facing systems
Measuring control effectiveness includes assessing vulnerabilities in _____.
backdoor
Mike discovers that attackers have left software that allows them to have remote access to systems on a computer in his company's network. How should he describe or classify this malware?
flood control measures
Mitigate the risk of a flood by installing ____.
Security and Privacy Controls for Information Systems and Organizations
NIST 800-53 covers:
security actions
NIST CSF aligns _____ across control types
identify and prioritize
NIST CSF helps _____ actions.
different organizations
NIST CSF offers different value to _____.
common language
NIST CSF provides a _____ for cybersecurity risk
commerce
NIST is part of the US Dept of _____.
Keyboard and other input from the user
Nancy is concerned that there is a software keylogger on the system she is investigating. What data may have been stolen?
powershell
Naomi believes that an attacker has compromised a Windows workstation using a fileless malware package. What Windows scripting tool was most likely used to download and execute the malware?
firewalls
Network _____ restrict network traffic going in and out of a network.
faulty routers
Network admins usually use tracert to identify ____ on the network.
east-west traffic
Network traffic between systems located in the data center
inherently superior
No cloud model is _____ to the other approaches. It all depends on the context.
confidentiality
Nolan is writing an after action report on a security breach that took place in his organization. The attackers stole thousands of customer records from the organization's database. What cybersecurity principle was most impacted by the breach?
stakeholders
Notify management and other _____.
Which of the following would be used to find the MOST common web-application vulnerabilities?
OWASP
rootkit infections
Often time, file integrity monitors send alerts indicating ____.
chmod
On Linux, which command is used to modify permissions on system files and folders?
people
Operational controls are executed by ____ instead of systems.
human-driven
Operational controls use ____ processes to manage technology in a secure manner
fault-tolerant
Organizations commonly implement redundancy and _____ methods to ensure high levels of availability.
asset valuation techniques
Original cost, depreciated cost, and replacement cost are all
Which one of the following authentication protocols requires the use of external encryption to protect passwords?
PAP
bans
PCI DSS compensating controls must be "above and beyond" other PCI DSS requirements. This specifically ____ the use of a control used to meet one requirement as a compensating control for another requirement.
Which one of these file extensions is always associated with certificates stored in binary form?
PFX
scripting languages
PHP, Perl, and Python are the ____ for Linux.
sensitive customer information
PII, Financial info, and health info are all _____.
live systems
Ping identifies _____.
49,152- 65,535
Port ranges for dynamic ports:
1,024- 49,151
Port ranges for registered ports:
0- 1,023
Port ranges for well-known ports:
likelihood
Probability that a risk will occur
risk transference
Purchasing an insurance policy is an example of which risk management strategy?
IaaS
Purchasing server instances and configuring them to run your own software is an example of what cloud deployment model?
An analyst just discovered an ongoing attack on a host that is on the network. The analyst observes the below taking place: - The computer performance is slow - Ads are appearing from various pop-up windows - OS files are modified - The computer is receiving AV alerts for execution of malicious processes Which of the following steps should the analyst consider FIRST?
Put the machine in containment
SLE*ARO=ALE
Quantitative risk assessment formula for ALE
AV*EF=SLE
Quantitative risk assessment formula for SLE:
Which one of the following is not an example of federated authentication?
RADIUS
backup strategy
RAID is a fault-tolerance technique, not a ____.
What disaster recovery metric provides the targeted amount of time to restore a service after a failure?
RTO
round trip time
RTT is the abbreviation for?
risk mitigation
Reduces the chances that a threat will exploit a vulnerability
risk mitigation
Reduces the likelihood or impact of the risk
starting point
Reference architectures provide a useful framework, but they're just a ______.
gray-hat hacking
Renee is a cybersecurity hobbyist. She receives an email about a new web grading system used by her son's school and she visits the site. She notices that the URL looks like this: https://www.myschool.edu/grades.php&studentID=1023425 She realizes that 1023425 is her son's student ID number and she then attempts to access the following URLs: https://www.myschool.edu/grades.php&studentID=1023423 https://www.myschool.edu/grades.php&studentID=1023424 https://www.myschool.edu/grades.php&studentID=1023426 https://www.myschool.edu/grades.php&studentID=1023427 When she does so, she accesses the records of the other students. She closes the records and immediately informs the school principal of the vulnerability. What term best describes Renee's work?
Naomi wants to provide guidance on how to keep her organization's new machine learning (ML) tools secure. Which of the following is not a common means of securing ML algorithms?
Require third-party review for bias in ML algorithms
Which cloud security control can be used to limit the amount of money spent by a user within the cloud customer's organization?
Resource policies
Fred receives a call to respond to a malware-infected system. When he arrives, he discovers a message on the screen that reads "Send .5 Bitcoin to the following address to recover your files." What is the most effective way for Fred to return the system to normal operations?
Restore from a backup if available
Mount the drive on another system and scan it that way
Rick believes that a system he is responsible for has been compromised with malware that uses a rootkit to obtain and retain access to the system. When he runs a virus scan, the system doesn't show any malware. If he has other data that indicates the system is infected what should his next step be if he wants to determine what malware may be on the system?
avoidance
Risk ____ changes the organization's business practices
prioritized
Risk assessments produce a ____ set of risks.
risk management strategies
Risk avoidance, transference, mitigation, and acceptance are all ____.
single point in time
Risk control assessments look at a _____
ongoing process
Risk management is an _____.
document and track
Risk visibility and reporting techniques _____ risks over time
identity of an individual
Role based network security techniques restrict access based upon _____.
packet routing decisions
Routers connect networks to each other, making intelligent _____.
business logic
Rule based network security techniques restrict access based upon _____.
ICS Types
SCADA, DCSs, and PLCs are ____.
ALE
SLE * ARO = _____
ARO
SLE * ____ = ALE
Single Loss Expectancy
SLE stands for
Which one of the following issues is not generally associated with the use of default configurations?
SQL injection flaws
Which one of the following functions is not normally found in a UTM device?
SSL termination
Which of the following is a standardized language used to communicate security information between systems and organizations?
STIX
What TCP flag indicates that a packet is requesting a new connection?
SYN
synchronize
SYN means ____.
bot
Scott notices that one of the systems on his network contacted a number of systems via encrypted web traffic, downloaded a handful of files, and then uploaded a large amount of data to a remote system. What type of infection should he look for?
sensitive
Secret info is _____
security risks
Security controls are Procedures and mechanisms that an organization puts in place to manage ____.
different risks
Security controls must cover many _____.
continuous improvement
Security programs should embrace a spirit of ____.
something you know
Security questions are an example of what type of authentication factor?
Wipe the drive and reinstall from known good media
Selah wants to ensure that malware is completely removed from a system. What should she do to ensure this?
documentary
Server logs are an example of ____ evidence.
Which one of the following is a hashing utility that you can use in your forensic toolkit?
Shasum
Risk transference
Shifts the impact of a risk to another organization
netstat -p
Shows statistics on a specific protocol. For example _____ tcp for only TCP stats.
arp -a
Shows the ARP cache on Windows
ipconfig /displaydns
Shows the contents of DNS cache and IP address mappings.
ip link show
Shows the interfaces along with some details on them on Linux
which of the following would produce the closest experience of responding to an actual incident response scenario?
Simulation
System on a Chip
SoC stands for
firewall rule
Source system address, destination address, destination port and protocol, and action (allow or deny) are all ____ contents.
lost
Source to Here column lists _____/sent = pct (percent)
loop prevention
Spanning Tree Protocol prevents broadcast storms by implementing ____.
threat vectors
Specified methods that threats use to exploit a vulnerability
layer 3
Switches MAY function at _____.
layer 2
Switches typically work at _____.
honeypots
Systems designed to attract and trap attackers
no trust
Systems gain _____ based solely upon network location.
Ricky would like to use an authentication protocol that fully encrypts the authentication session, uses the reliable TCP protocol and will work on his Cisco devices. What protocol should he choose?
TACACS+
which one of the following is the most secure way for web servers and web browsers to communicate with each other?
TLS
Which of the following is a race condition attack?
TOC/TOU
ten
Tail command allows you to see the last ____ lines of a log file.
technology
Technical controls use ____ to achieve security control objectives.
ad hoc network
Temporary networks that may bypass security controls
security principles
The CIA security triad is a model used to guide an organization's _____.
housekeeping
The ICMP is the ____ protocol of the internet.
special
The ITL publishes _____ publications in the 800 series that are of general interest to the computer security community.
Information Technology Laboratory
The NIST's Computer Security Division hosts the _____.
grep
The ___ command on Linux is used to search for a specific string or pattern of text within a file.
Dynamic Host Configuration Protocol
The ____ allows the automatic assignment of IP addresses from an administrator-configured pool.
pathping
The ____ command combines the functions of the ping and the tracert commands.
tracert
The ____ command lists all the routers between two systems.
Internet Control Message Protocol
The ____ is the housekeeping protocol of the internet.
netstat command
The _____ allows you to view statistics for TCP/IP protocols on a system.
fault tolerance
The ability of a system to continue operation even if a component fails.
prime factorization
The difficulty of solving what mathematical problem provides the security underlying the Diffie-Hellman algorithm?
explicitly allowed
The firewall implicit deny strategy blocks all traffic that is not _____.
risk profile
The full set of risks facing an organization is called the ____.
containing damage through isolation
The highest priority of a first responder must be _____.
deny strategy
The implicit ____ provides a secure starting point for a firewall.
Locations
The impossible travel detection identifies unusual and impossible user activity between two _____.
risk appetite
The organization's _____ describes how much risk it is willing to accept.
credential stuffing
The reuse of passwords across multiple sites makes an individual susceptible to ____ attacks
risks, not threats
The words "internal" and "external" are applied to _____.
journalctl--since "1 hour ago">myjournal.txt
This command sends journal output to text
journalctl --list-boots journalctl-1
This command shows the available boot logs and retrieve the boot log identified with the number 1.
geographically distant locations
This detection identifies a user account activities originating from ____ within a time period shorter than the time it would have taken the user to travel from the first location to the second.
CLOSE_WAIT
This indicates the system is waiting for a connection termination request. •
TIME_WAIT
This indicates the system is waiting for enough time to pass to be sure the remote system received a TCP-based acknowledgment of the connection.
SYN_SENT
This indicates the system sent a TCP SYN (synchronize) packet as the first part of the SYN, SYN-ACK, ACK handshake process and it is waiting for the SYN-ACK response.
Risk management and treatment
This is a process of systematically analyzing potential responses to each risk and implementing strategies to control those risks appropriately.
time of day
Time based network security techniques restrict access based upon _____.
repairable
Time to restore service depends upon whether a component is _____.
technical control
Tina is tuning her organization's intrusion system to prevent false positive alerts. What type of control is Tina implementing?
netstat -anp tcp
To show a listing of ports that the system is listening on, listed in numerical order, for only the tcp you would use _____.
privilege creep
Tobias recently permanently moved from a job in accounting to a job in human resources but never had his accounting privileges revoked. What situation occurred in this case?
strategic risk
Tony is reviewing the status of his organization's defenses against a breach of their file server. He believes that a compromise of the file server could reveal information that would prevent the company from continuing to do business. What term best describes the risk that Tony is considering?
deterrent control
Tonya is concerned about the risk that an attacker will attempt to gain access to her organization's database server. She is searching for a control that would discourage the attacker from attempting to gain access. What type of security control is she seeking to implement?
highly sensitive
Top Secret info is ____
She should run the ML algorithm on the network only if she believes it is secure
Tracy is concerned about attacks against the machine learning (ML) algorithm that her organization is using to assess their network. What step should she take to ensure that her baseline data is not tainted?
The board of directors at a company contracted with an insurance firm to limit the organization's liability. Which of the following risk management practices does the BEST describe?
Transference
disguise
Trojan horses ____ themselves.
(T/F) Audits may be performed by either internal or external entities.
True
(T/F) Certifications help employees validate their skills and are an important recruiting and retention tool.
True
(T/F) Data ownership issues often arise in supplier relationships.
True
(T/F) Risk assessments represent a point-in-time analysis of the risks facing an organization.
True
(T/F) SIEMs apply artificial intelligence techniques to log entries.
True
(T/F) Software forensics may be used to identify the origin of malware.
True
(T/F) The chain of custody must be updated EVERY time someone handles a piece of evidence.
True
(T/F) Vendors extend your organization's technology environment. If they handle data on your behalf, you should expect they execute the same degree of care that you would in your own operations.
True
(T/F) ZIP code, date of birth, and gender uniquely identify 87% of people in the United States.
True
T/F It is generally a bad practice to run software after the vendor's end of life
True
T/F Privilege escalation attacks require a normal user account to execute
True
T/F The main purpose of a code repository is to store the source files used in software development in a centralized location that allows for secure storage.
True
T/F You should rebuild any system that may have been compromised during a security incident.
True
Machines
UEBA goes further than simply monitoring human behavior—it monitors _____.
behavior
UEBA seeks to recognize any peculiar or suspicious _____— instances where there are irregularities from normal everyday patterns or usage.
User and Entity Behavior Analytics
UEBA stands for _____.
Something you know
UN/PW, PIN #, Birth date are all _____.
commercial
UPSs and generators can provide power to key systems when _____ power fails.
Shadow IT
Ursula recently discovered that a group of developers are sharing information over a messaging tool provided by a cloud vendor but not sanctioned by her organization. What best describes this use of technology?
v3
Use SNMP ______. Earlier versions have critical security flaws.
Which one of the following is not a common deployment option for relational databases?
Use a VDI service
IoC
Vince recently received the hash values of malicious software that several other firms in his industry found installed on their systems after a compromise. What term best describes this information?
human action
Viruses are spread by ____.
mechanism of action
We categorize controls by their purpose or ____.
watermarking
What DLP technique tags sensitive content and then watches for those tags in data leaving the organization?
Try...Catch
What Java clause is critical for error handling?
o
What Linux file permissions group is used to describe the permissions assigned to any user of the system?
GPOs
What Windows mechanism allows the easy application of security settings to groups of users?
bcrypt
What algorithm uses the Blowfish cipher along with a salt to strengthen cryptographic keys?
Application, Presentation, Session, Transport, Network, Data Link, Physical
What are the 7 layers of the OSI model?
driver shimming
What attack technique wraps malicious code around a legitimate driver?
false rejection rate
What characteristic of biometrics measures the frequency at which legitimate users are denied access to a system or facility?
class c
What class of fire extinguisher is designed to work on electrical fires?
VPC
What cloud computing technology is similar to the VLANs used in an on-premises network?
security groups
What cloud security control is used to replace firewall functionality for IaaS environments?
ping
What command sends ICMP echo request packets?
Lockheed Martin
What company developed the Cyber Kill Chain?
HIPPA
What compliance regulation most directly affects the operations of a healthcare provider?
Internet
What component makes up the Internet Zone in the Network Border Firewall?
Release management
What component of a change management program includes final testing that the software functions properly?
DMZ, email server, webserver
What components make up the DMZ in the Network Border Firewall?
Internal network, endpoint network, wireless network, guest network, data center network
What components make up the Intranet Zone in the Network Border Firewall?
memory leak
What condition occurs when a software package fails to release memory that it reserved for use?
Segmentation
What containment strategy moves compromised systems to a separate VLAN attached to the enterprise network?
availability
What cybersecurity tenet is violated when a customer's cloud-hosted website goes down?
tokenization
What data obfuscation technique is intended to be reversible?
data owner
What data security role is normally filled by a senior-level official who bears overall responsibility for the data?
skimmer
What device is often used in card cloning attacks?
tactic
What do the columns in the ATT&CK matrix represent?
Control Objectives for IT
What does COBIT stand for?
Distributed denial-of-service
What does DDoS stand for?
dynamic host configuration protocol
What does DHCP stand for?
domain-based message authentication reporting conformance
What does DMARC stand for?
domain name system
What does DNS stand for?
Data protection officer
What does DPO stand for?
Hardware Security Module as a Service
What does HSMaaS stand for?
Information Technology Laboratory
What does ITL stand for?
network interface card
What does NIC stand for?
National Institute of Standards and Technology
What does NIST stand for?
security information and event management
What does SIEM stand for?
special publications
What does SP stand for?
Transmission Control Protocol/ Internet Protocol
What does TCP/IP stand for?
User Datagram Protocol
What does UDP stand for?
identifies and prioritizes risks
What does a risk assessment do?
grep
What file manipulation command is used to search the contents of a text file?
TPM
What hardware technology may be embedded in a laptop computer to protect encrypted hard drives from removal?
blacklisting
What input validation approach works to exclude prohibited input?
categorize information system
What is the first step in the NIST risk management framework?
Planning
What is the first step of a Fagan inspection?
confidential
What is the lowest level of classification
64.4 Fahrenheit
What is the minimum acceptable temperature for a data center?
network segmentation
What is the most important control to apply to smart devices?
AppLocker
What is the name of the application control technology built-in to Microsoft Windows?
tailgating
What is the name of the practice where a user holds a door open for the individual following them into a building?
supplicant
What is the piece of software running on a device that enables it to connect to a NAC-protected network?
NIST SP 800-37
What is the special publication governing Risk Management Framework?
randomly generated key
What key is actually used to encrypt the contents of a message when using PGP?
XML
What language is STIX based on?
PowerShell
What language is commonly used to automate the execution of system administrator tasks on Windows systems?
HIPAA
What law contains specific requirements for data breaches that occur in the healthcare industry?
56 bits
What length encryption key does the Data Encryption Standard use?
trap
What message can an SNMP agent send to a network management system to report an unusual event?
800
What number series are computer security special publications?
ISACs
What organizations did the U.S. government help create to help share knowledge between organizations in specific verticals?
TLS
What protocol may be used to secure passwords in transit to a web application?
access control lists
What router technology can be used to perform basic firewall functionality?
TLS
What security control would normally be used to add encryption for data in transit to and from a cloud-based web server?
implicit deny
What security principle does a firewall implement with traffic when it does not have a rule that explicitly defines an action for that communication?
least privilege
What security principle prevents against an individual having excess security rights?
SOAR
What security technology best assists with the automation of security workflows?
Oversubscription
What situation occurs when cloud service customers request more services than the provider has capacity?
spiral
What software development methodology uses four stages in an iterative process?
x.509
What standard governs the structure and content of digital certificates?
VLAN pruning
What technique should network administrators use on switches to limit the exposure of sensitive network traffic?
certificate stapling
What technology allows web servers to attach an OCSP validation to the certificate they send to users?
flood guard
What technology can help prevent denial of service attacks on a network?
wrappers
What technology can you use as a compensating control when it's not possible to patch an embedded system?
certificate pinning
What technology can you use to tell clients that a certificate is unlikely to change over time?
APIs
What technology do cloud orchestration services use to interact with cloud service providers?
NAT
What technology provides the translation that assigns public IP addresses to privately addressed systems that wish to communicate on the internet?
Data Encryption
What technology uses mathematical algorithms to render information unreadable to those lacking the required key?
data in motion
What term best describes data that is being sent between two systems over a network connection?
memdump
What tool allows you to dump the contents of memory on a Linux system?
Likelihood and Impact
What two factors are used to evaluate a risk?
SOC 3
What type of Service Organization Controls audit is designed for public consumption?
Service level agreement
What type of agreement is used to define availability requirements for an IT service that an organization is purchasing from a vendor?
prescriptive analytics
What type of artificial intelligence technique is most commonly associated with optimization?
behavioral
What type of assessment is particularly useful for identifying insider threats?
known plaintext
What type of attack is possible when the attacker has access to both an encrypted and unencrypted version of a single message?
buffer overflow
What type of attack seeks to write data to areas of memory reserved for other purposes?
incremental
What type of backup includes only those files that have changed since the most recent full or incremental backup?
horizontal scaling
What type of cloud scaling adds more servers to the pool to meet increased demand?
high availability
What type of control are we using if we supplement a single firewall with a second standby firewall ready to assume responsibility if the primary firewall fails?
SLA
What type of document is used to agree upon vendor obligations?
orphaned rule
What type of firewall rule error occurs when a service is decommissioned but the related firewall rules are not removed?
mutation fuzzing
What type of fuzz testing captures real software input and modifies it?
Type 2
What type of hypervisor requires a host operating system?
operational
What type of investigation would typically be launched in response to a report of high network latency?
bot
What type of malware connects to a command-and-control system, allowing attackers to manage, control, and update it remotely?
logic bomb
What type of malware delivers its payload only after certain conditions are met, such as a specific date and time occurring?
macro viruses
What type of malware is VBA code most likely to show up in?
PUP
What type of malware is adware typically classified as?
RATs
What type of malware is frequently called stalkerware because of its use by those in intimate relationships to spy on their partners?
signature detection
What type of malware prevention is most effective against known viruses?
cookie
What type of object must a hacker typically access in order to engage in a session hijacking attack?
ISAC
What type of organization facilitates cybersecurity information sharing among industry-specific communities?
cameras
What type of physical security control should always be disclosed to visitors when used?
capture the flag
What type of security training is specifically designed to educate employees about attack techniques?
SCADA
What type of system is used to gather information from remote sensors via telemetry?
write blocker
What type of technology prevents a forensic examiner from accidentally corrupting evidence while creating an image of a disk?
configuration management
What type of tool assists with the automated validation of systems?
site trusted by the end user
What type of website does an attacker use when waging a watering hole attack?
others
When working with Linux permissions, "o" means ____.
Windows Registry
Where do fileless viruses often store themselves to maintain persistence?
Risk Register
Where would an organization normally record its risks?
ipconfig /flushdns
Which command erases the contents of the DNS cache?
header
Which component of a syslog message contains the timestamp?
guidelines
Which element of the security policy framework includes suggestions that are not mandatory?
memory contents
Which evidence source should be collected first when considering the order of volatility?
identity of attacker
Which one of the following is not a suggested criteria for evaluating containment strategies?
independent facilitator
Who is the most effective person to lead a lessons learned review?
Cloud Service Provider
Who provides cloud computing services for sale to third parties?
certificate authority
Who provides the digital signature on a digital certificate?
Windows Event Viewer
Windows logs are available in the ___.
four
Windows pings (sends out echo requests) _____ times by default.
DMARC record
Within its _____, each business sets a policy that tells other organizations' email systems what to do when they receive fake emails that impersonate its domain.
themselves
Worms spread by ____.
binary format
You can't query journald directly because it stores log data in ____, but journalctl displays it as text.
Read CR
___ indicates someone can open the file and view its contents in Linux chmod.
ipconfig command
___ shows the transmission control protocol/ Internet Protocol (TCP/IP) configuration information for a Windows system.
tcpreplay
____ allows editing and replaying traffic.
FPGAs
____ are chips that allow dynamic reprogramming.
Static IPs
____ are manually assigned to systems by a system administrator. They must be unique and within the appropriate range for the network.
darknets
____ are unused but monitored IP address space.
deterrent controls
____ attempt to discourage a threat.
network reconnaissance
____ attempts to learn additional details about the network and discoverable devices.
internal controls
____ can address internal risks
ARP
____ command line tool resolves IP addresses to MAC addresses and stores the results in the ____ cache.
Libraries
____ consist of shared code objects that perform related functions
honeyfiles
____ contain false stores of sensitive information
corrective and recovery
____ controls attempt to reverse the impact of an incident or problem after it has occurred.
anamoly, behavior-based, heuristic
____ detection, ____ detection, and ____ detection are the same thing.
cable locks
____ deter thieves from stealing laptops.
classification
____ drives cloud security decisions.
backups
____ ensure that personnel can recover data if it is lost or corrupted.
spyware
____ gathers information.
classifying information
____ helps employees understand security requirements.
write (w)
____ indicates a user can modify the contents of a file in Linux chmod
ping
____ is a basic command used to test connectivity for remote systems.
UEBA
____ is a cybersecurity solution that uses algorithms and machine learning to detect anomalies in the behavior of not only the users in a corporate network but also the routers, servers, and endpoints in that network.
business continuity planning
____ is also known as continuity of operations planning (COOP).
My SQL
____ is the Linux database management system
security controls
____ keep our risk profile in line with our risk appetite.
deprecated
____ means discouraged but tolerated
role based
____ network security techniques restrict access based upon identity of an individual.
location based
____ network security techniques restrict access based upon physical location.
time based
____ network security techniques restrict access based upon time of day.
system recovery
____ procedures ensure administrators can recover a system after a failure.
incident handling
____ processes define steps to take in response to security incidents.
Risk management frameworks
____ provide proven, time-tested techniques
escalate
____ response to appropriate level.
quantitative
____ risk uses objective numeric ratings to evaluate risk likelihood and impact.
multiparty risks
____ risks are shared across many organizations
promiscuous
____ rules allow more access than necessary.
Threat intelligence
____ shares risk information
AV
_____ * EF = SLE
split-tunnel
_____ VPNs provide users with a false sense of security.
network discovery
_____ allows devices on a network to discover other devices on the same network.
external controls
_____ arise from outside the organization
legacy risks
_____ arise from unsupportable systems.
internal risks
_____ arise from within an organization
BDPU Guard
_____ blocks malicious STP updates
Passwordless Authentication
_____ can prevent credential stuffing altogether because it verifies a user with something they have or something they are instead of a password.
software license
_____ compliance issues create the risk of fines and legal action.
compensating
_____ controls are alternative controls used when a primary control is not feasible.
managerial
_____ controls are primarily administrative in function.
detective
_____ controls attempt to detect incidents after they have occurred.
deterrent
_____ controls attempt to discourage individuals from causing an incident.
preventive
_____ controls attempt to prevent an incident from occuring.
corrective
_____ controls attempt to reverse the impact of an incident.
operational
_____ controls help ensure that the day to day operations of an organization comply with the security policy.
physical
_____ controls refer to controls you can physically touch.
technical
_____ controls use technology such as hardware, software, and firmware to reduce vulnerabilities.
control frameworks
_____ guide security program design
credential stuffing
_____ is a type of cyberattack in which a cybercriminal uses stolen usernames and passwords from one organization (obtained in a breach or purchased off of the dark web) to access user accounts at another organization.
DPO
_____ is responsible for overseeing a company's data protection strategy and its implementation to ensure compliance with GDPR requirements.
network segmentation
_____ is the most important control for embedded devices
impossible travel
_____ keeps track of where users are located so it can identify potential security breaches.
Device Posturing
_____ lets you establish trust in devices that comply with security policies and deny access to devices that don't meet security criteria.
resiliency
_____ methods help systems heal themselves or recover from faults with minimal downtime.
rule based
_____ network security techniques restrict access based upon business logic.
Spanning tree protocol
_____ prevents broadcast storms by implementing loop prevention
qualitative
_____ risk uses subjective ratings to evaluate risk likelihood and impact
orphaned
_____ rules allow access to decommissioned systems and services.
control assessments
_____ test control effectiveness.
risk register
_____ tracks risk information
HSM
______ as a Service is an alternate to HSM devices and KMS and provides secure, centralized key management and cryptography without the need for HSM appliances.
Ping Flood Attack
a ____ attempts to disrupt systems by sending ping requests repeatedly.
verb-noun
a common naming strategy for a use case is _____format.
algorithm
a hashing _____ creates a fixed-length, irreversible output.
hash
a number created by executing a hashing algorithm against data.
Whitelisting
a process in which a company identifies acceptable software and permits it to run, and either prevents anything else from running or lets new software run in a quarantined environment until the company can verify its validity
Blacklisting
a process in which a company identifies certain types of software that are not allowed to run in the company environment
vulnerability
a weakness in hardware, software, configuration, or users operating a system
elasticity
ability of a system to handle an increased workload by dynamically scaling up or scaling out as the need arises
risk acceptance
accepts the risk without taking further action
A recent security audit revealed that a popular website with IP address 172.16.1.5 also has an FTP service that employees were using to store sensitive corporate data. The organization's outbound firewall processes rules top-down. Which of the following would permit HTTP and HTTPS, while denying all other services for this host?
access-rule permit tcp destination 172.16.1.5 port 80 access-rule permit tcp destination 172.16-1-5 port 443 access-rule deny ip destination 172.16.1.5
redundancy
adds duplication to critical systems and provides fault tolerance
security incident
adverse event or series of events that can negatively affect the confidentiality, integrity, or availability of an organization's IT systems or data.
Which one of the following is not a common goal of a cybersecurity attacker?
allocation
fault-tolerant disks
allow a system to continue even if a disk fails.
compensating controls
alternative controls used instead of a primary control.
impact
amount of expected damage is called _____
Which one of the following is the best example of a hacktivist group?
anonymous
physical controls
any controls that you can physically touch.
specified ip address
arp -a 192.168.1.1 (or any IP) displays the ARP cache for ____.
which approach to threat identification begins with a listing of all resources owned by the organization?
asset-focused
What goal of security is enhanced by a strong business continuity program?
availability
points of failure
availability often addresses single _____.
What term best describes making a snapshot of a system or application at a point in time for later comparison?
baselining
Which of the following would be MOST effective to contain a rapid attack that is affecting a large number of organizations?
blocklist
What basic cryptographic functions does the AES algorithm use to encrypt plaintext?
both substitution and transposition
Which one of the following is a file carving tool?
bulk extractor
providers and customers
business continuity planning in the cloud is a partnership between _____.
hashes
by comparing _____, you can verify that integrity has been maintained
Which one of the following security mechanisms prevents laptops from theft while in use?
cable lock
Which one of the following security mechanisms prevents laptops from theft while they are in use?
cable lock
change mode
chmod is short for
What type of lock always requires entering a code to enter the facility?
cipher lock
ifconfig eth0 -allmulti
command that Disables multicast mode on Linux
Which of the following is not a standard application hardening technique?
conduct cross-site scripting
internal
confidential info is ____.
Which one of the following metrics does not contribute to the exploitability score for a vulnerability in CVSS?
confidentiality
mutually exclusive
control categories are not _____.
What tool can you use to create a disk image?
dd
Which one of the following data sanitization strategies is the most secure?
destruction
1) Which of the following measures is not commonly used to assess threat intelligence?
detail
netstat - n
displays addresses and port numbers in numerical order
netstat -e
displays details on network statistics, including how many bytes the system sent and received.
physical locks
door locks are ____.
Which one of the following expenses typically is billed to the user directly in on-premises environments but not in cloud environments?
electricity costs
Of the threat vectors listed here, which one is most commonly exploited by attackers who are at a distant location?
Which operation uses a cryptographic key to convert plaintext into cipher text?
encryption
Confidentiality
ensures that data is only viewable by authorized users
When you communicate over the Tor network, which of the following entities do you communicate with directly?
entry node
Which of the following is not a core feature of the Diamond Model?
exploit
threat
external threat jeopardizing security
(T/F) The analysis of adversary TTP includes tools, techniques, and policies.
false
(T/F) When handling cross-jurisdictional issues, disputes are resolved based upon the law of the cloud service provider's home country.
false
Which one of the following devices would you not typically find in a DMZ?
file server
Ricky would like to separate his network into three distinct security zones. Which one of the following devices is best suited to that task?
firewall
which one of the following controls is not particularly effective against insider threat?
firewalls
which one of the following is not a characteristic of cloud computing?
fixed
Which one of the following data elements is not commonly associated with identity theft?
frequent flyer number
authorization
grant or restrict access to resources using a _____ method, such as permissions.
Globally search a Regular Expression and Print
grep is short for ____.
preventive controls
hardening, training, guards, change management, account disablement, and IPS are all types of _____.
environmental
heating and ventilation are _____ controls.
A financial institution would like to store its customer data in a cloud but still allow the data to be accessed and manipulated while encrypted. Doing so would prevent the cloud service provider from being able to decipher the data due to its sensitivity. The financial institution is not concerned about computational overheads and slow speeds. Which of the following cryptographic techniques would BEST meet the requirement?
homomorphic
Which one of the following security controls is built in to Microsoft Windows?
host firewall
What type of disaster recovery site is able to be activated most quickly in the event of a disruption?
hot site
Which one of the following does not exist in a containerized computing environment?
hypervisor
When selecting a cloud server instance, which feature is generally not user-configurable?
hypervisor type
interface configuration
ifconfig stands for ____.
hops
in reference to commands, routers are referred to as ____.
What is the simplest way to take an existing cipher and make it stronger?
increase the length of the encryption key
availability
indicates that data and services are available when needed
Edward Snowden was a government contractor who disclosed sensitive government documents to journalists to uncover what he believed were unethical activities. Which of the following terms best describe Snowden's activities?
insider, hacktivist
external risks
internal controls can also mitigate _____.
network systems
ipconfig can manipulate the settings on the _____.
internet protocol configuration
ipconfig stands for____.
Which one of the following devices helps networked services scale with increasing demand?
load balancer
somewhere you are
location is considered ____.
A website developer who is concerned about theft of the company's user database warns to protect weak passwords from offline brute-force attacks. Which of the following would be the BEST solution?
lock accounts after five failed logons
detective controls
log monitoring, SIEM systems, security audit, video surveillance, motion detection, and IDS are all types of _____.
Which one of the following access control cards is the easiest to duplicate without permission?
magnetic stripe card
security controls
managerial, operational, and technical are all types of _____.
Which one of the following is a commonly used exploitation framework?
metasploit
Which one of the following attackers is most likely to be associated with an APT?
nation-state actor
Which of the following threat actors typically has the greatest access to resources?
nation-state actors
Which of the following is not an effective defense against XSRF attacks?
network segmentation
north-south traffic
network traffic between systems in the data center and systems on the internet
Which one of the following objectives is not one of the three main objectives that information security professionals must achieve to protect their organizations against cybersecurity threats?
nonrepudiation
established
normal state for data transfer phase of a connection. Indicates active, open connection.
Which statement about printers is incorrect?
often contain web servers
Harold works for a certificate authority and wants to ensure that his organization is able to revoke digital certificates that it creates. What is the most effective method of revoking digital certificates?
online certificate status protocol
Renee is creating a prioritized list of scanning targets. Which one of the following is the least important criteria for her prioritization?
operating system
What information is not found in network flow data?
packet content
Three of these choices are data elements found in NetFlow data. Which is not?
packet contents
Which one of the following disaster recovery tests involves the actual activation of the DR site?
parallel test
Which one of the following is not a normal account activity attribute to monitor?
password
windows systems
pathping is only available on ____
quantitative risk
perform _____ assessment for a single risk and asset pair.
Matt would like to limit the tests performed by his vulnerability scanner to only those that affect operating systems installed in his environment. Which setting should he modify?
plug-ins
Which one of the following information sources would not be considered an OSINT source?
port scans
risk
possibility or likelihood of a threat exploiting a vulnerability, resulting in a loss.
Which one of the following shell environments is commonly associated with Windows systems?
powershell
In which technique do attackers pose as their victim to elicit information from third parties?
pretexting
Which cloud deployment model exclusively uses dedicated cloud resources for a customer?
private cloud
Which of the following is not an important account management practice for security professionals?
privilege creep
Vic is planning a redesign of his organization's firewall strategy and is planning to issue an RFP for a firewall vendor. Which one of the following vendors would not be able to meet Vic's needs?
proofpoint
Which of the following is a provider activity in the cloud reference architecture?
provide audit data
NIC teaming
provides both redundancy support and increases bandwidth by load balancing
decision making
quantitative risk assessments aid in data-driven ____.
Which one of the following encryption approaches is most susceptible to a quantum computing attack?
quantum cryptography
What file permission does NOT allow a user to launch an application?
read
Which component of a change management program includes final testing that the software functions properly?
release management
failed
resiliency methods expect components to retry _____ processes.
information sources
risk assessment results, audit findings, team member output, and threat intelligence are all risk register _____.
corresponding threat
risks are the combination of a vulnerability and a ____.
After a WiFi scan of a local office was conducted, an unknown wireless signal was identified. Upon investigation, an unknown Raspeberry Pi device was found connected to an Ethernet port using a single connection. Which of the following BEST describes the purpose of this device?
rogue access point
Which one of the following would typically be an offline CA?
root CA
Randy is developing a vulnerability management program. Which one of the following is not a common source of requirements for such a program?
sales team requests
What communications technology provides the widest global coverage?
satellite
encryption
scrambles data to make it unreadable by unauthorized personnel
Which of the following is not one of the major principles of COBIT?
securing the enterprise end-to-end
Alice would like to send a message to Bob using RSA encryption. What key should she use to encrypt the message?
shared secret key
In which type of social engineering attack does the attacker physically observe the victim's activity?
shoulder surfing
ifconfig eth0
shows the configuration of the first Ethernet interface (NIC) on a Linux system
ifconfig wlan0
shows the configuration of the first wireless interface on a Linux system?
Which one of the following intrusion detection technologies requires frequent threat updates from the vendor?
signature detection
Something you have
smart card and hardware token are both ____.
ping 111.111.1.1
standard command for ping:
dynamic
static systems are scaled up or out manually, while ____ systems use elasticity to scale up and scale out.
Which one of the following technologies is an example of a parameterized query?
stored procedure
elevated
sudo command allows you to run a command with root, or ____ privileges. (linux)
grep command
sudo grep "authentication failure"/var/log/auth.log is utilizing ____. (linux)
super user do
sudo stands for
Which one of the following devices carries VLANs on a network?
switch
scalability
system's ability to handle increased workload either by scaling up or scaling out. added manually
Data Controller
the entity (person, organization, etc.) that determines the why and the how for processing personal data.
Data Processor
the entity that performs the data processing on the controller's behalf.
hardening
the practice of making a system or application more secure than its default configuration
vulnerability assessments
these attempt to discover current vulnerabilities
risk assessments
these help organizations qualify and quantify risks within an organization so that they can focus on the serious risks.
Which one of the following threat research tools is used to visually display information about the location of threat actors?
threat map
something you are
thumb print and retinal scan are both _____.
What data obfuscation technique is intended to be reversible?
tokenization
Which one of the data protection techniques is reversible when conducted properly?
tokenization
round-trip times
tracert identifies the ip address and sometimes the hostname of each hop in addition to the ____ for each hop.
Which one of the following is a file integrity monitoring tool?
tripwire
(T/F) Embedded systems often suffer from limited access to power and bandwidth.
true
(T/F) In a discretionary access control system, individual users have the ability to alter access permissions.
true
(T/F) When a user is terminated, administrators should first disable the account and then delete it later.
true
(T/F) Windows provides a facility for administrators to implement Time of Day restrictions without requiring the use of a third party tool.
true
T/F It is difficult to develop defenses against APT attackers.
true
encryption and access controls
types of confidentiality
Tom's organization recently learned that the vendor is discontinuing support for their customer relationship management (CRM) system. What should concern Tom the most from a security perspective?
unavailability of future patches
public
unclassified info is ____.
Angela wants to limit the potential impact of malicious Bash scripts. Which of the following is the most effective technique she can use to do so without a significant usability impact for most users?
use Bash's restricted mode
Which one of the following is not a barrier to using the web of trust (WoT) approach?
use of weak cryptography
identification
users claim an identity with a unique username
authentication
users prove their identity with _____.
Which one of the following is not critical to the security of one-time pad operations?
using AES in conjunction with the one-time pad
integrity
verifies that data has not been modified
vulnerabilities
weaknesses in security controls
Multicast mode
what allows the NIC to process all multicast traffic received by the NIC?
Time-based One Time Password
what does TOTP stand for?
assumption of compromise
what is the basic principle underlying threat hunting activities?
Input validation
what is the most effective defense against cross-site scripting attacks?
sudo
what is the preceding Linux command to request administrative permissions?
router
what network device can connect together multiple networks?
hacktivist
what type of attacker is primarily concerned with advancing an ideological agenda?
whaling
what type of phishing attack focuses specifically on senior executives of a targeted organization?
Which one of the following tools is a protocol analyzer?
wireshark
Which one of the following types of malware can spread without any user interaction?
worm
combine
you can _____ many of the netstat switches to show different types of information.
enforce
you can use hashing techniques to _____ integrity
controls
you reduce risk by implementing _____.
What command is used to apply operating system updates on some Linux distributions?
yum