SEC+ 601- Mastering Security Basics

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

ip link set eth0 up

- enables a network interface on Linux

Which of the following is not a possible hash length from the SHA-2 function?

128 bits

Which one of the following ports is not normally used by email systems?

139

What is the minimum number of disk required to perform RAID level 5?

3

What CVSS value is the threshold at which PCI DSS requires remediation to achieve a passing scan?

4

What network port is used for SSL/TLS VPN connections?

443

journalctl

A Linux command line utility used for querying and displaying logs from journald, the systemd logging service on Linux

SoC

A ____ combines processing, memory, networking, and other embedded system components on a single chip.

Smart Card

A company currently uses passwords for logging into company-owned devices and wants to add a second authentication factor. Per corporate policy, users are not allowed to have smartphones at their desks. How would you meet the requirement?

RAT

A connection is established through which commands can be executed remotely. What kind of attacks is this?

user

A connection is established through which commands can be executed remotely. This targets _____.

access control vestibule

A defined space that provides security by using two or more doors, with each door able to operate independently, and that permits an officer to observe those who pass through the space.

HSMaaS approach

A major benefit of the _____ is the ability to maintain encryption keys separate from the data they protect, thereby providing an additional level of data security.

worm

A self-propagating attack spread across a network after compromising an SQL database Apache server using well-known credentials. What kind of attack is this?

database server

A self-propagating attack spread across a network after compromising an SQL database Apache server using well-known credentials. This targets _____.

Webserver

A threat actor sends multiple SYN packets from many sources. This targets _____.

Botnet

A threat actor sends multiple SYN packets from many sources. What kind of attack is this?

James notices that a macro virus has been detected on a workstation in his organization. What was the most likely path for the infection?

A user intentionally enabled macros for an infected file

acknowledge

ACK means ____.

Annualized Loss Expectancy

ALE stands for

Wendy is scanning cloud-based repositories for sensitive information. Which one of the following should concern her most, if discovered in a public repository?

API keys

Annualized Rate of Occurrence

ARO stands for

arp cache

ARP command shows help on Windows, but ____ on Linux.

Address Resolution Protocol

ARP stands for

Adversarial Tactics, Techniques, and Common Knowledge

ATT&CK

SLE

AV * EF = ____

EF

AV * ____ = SLE

Asset Valuation

AV stands for

continue operations

Accepting the risk would _____ as in a data center despite the flooding risk

Directory Traversal

Alan is analyzing his web server logs and sees several strange entries that contain strings similar to "../../" in URL requests. What type of attack was attempted against his server?

non-repudiation

Alice would like to be able to prove to Charlie that a message she received actually came from Bob. What cryptographic goal is Alice trying to enforce?

command and control

Amanda notices traffic between her systems and a known malicious host on TCP port 6667. What type of traffic is she most likely detecting?

Which one of the following services offers block storage volumes?

Amazon EBS

Which one of the following services is an example of desktop virtualization?

Amazon workspaces

SYN attack

An excessive number of SYN_RECEIVED states indicate a ____ where an attacker is flooding a system with SYN packets but never finalizes the connection with ACK packets.

application

An internally developed application has a hidden portal that allows an attacker to bypass authentication. This targets _____.

Backdoor

An internally developed application has a hidden portal that allows an attacker to bypass authentication. What kind of attack is this?

threat

Any circumstance or event that has the potential to compromise confidentiality, integrity, or availability.

sensitivity and criticality

Assign classifications based on _____ of information

classifications

Assign information into categories, known as _____, that determine storage, handling, and access requirements.

Compromised Credentials

At present, literally billions of _____ are circulating on the dark web.

MTTF

Average time a nonrepairable component will last

MTBF

Average time gap between failures of a repairable component

corrective

Backups are an example of what category of security control?

Open the file using a text editor to review the code

Ben wants to analyze Python code that he believes may be malicious code written by an employee of his organization. What can he do to determine if the code is malicious?

transposition cipher

Bob is planning to use a cryptographic cipher that rearranges the characters in a message. What type of cipher is Bob planning to use?

COBIT

Business-focused control framework

Which of these individuals would not normally be found on the incident response team?

CEO

Provide Stakeholder Value

COBIT principle #1:

Hollistic Approach

COBIT principle #2:

Dynamic Governance System

COBIT principle #3:

Governance Distinct from Management

COBIT principle #4:

Tailored to Enterprise Needs

COBIT principle #5:

End-to-End Governance System

COBIT principle #6:

As Dave works with his colleagues in other IT disciplines, he notices that they use different names to refer to the same products and vendors. Which SCAP component would best assist him in reconciling these differences?

CPE

cybersecurity framework

CSF stands for

Diamond Model

Capability, Victim, Infrastructure, Adversary are all core features of the ____.

concatenate

Cat command stands for ____.

integrity objective

Chris is responding to a security incident that compromised one of his organization's web servers. He believes that the attackers defaced one or more pages on the website. What cybersecurity objective did this attack violate?

TAXII

Cindy wants to send threat information via a standardized protocol specifically designed to exchange cyber threat information. What should she choose?

hping

Command that can send pings using TCP, UDP, and ICMP

netstat

Command that displays a listing of all open TCP connections

ping hostname.com

Command that resolves hostname to IP address.

ifconfig -a

Command that shows a comprehensive listing of TCP/IP configuration information for each NIC for Linux.

ipconfig /all

Command that shows a comprehensive listing of TCP/IP configuration information for each NIC for Windows.

ping -c 4 111.111.1.1

Command to make linux count pings like windows.

CIA security triad

Confidentiality, Integrity, Availability form the _____.

response controls

Controls designed to prepare for security incidents and respond to them once they occur.

data breaches

Credential stuffing attacks are one of the most common causes of_____ because many people reuse the same password on multiple (and sometimes all) accounts.

ransomware

Crypto malware is a type of what sort of malware?

ransomware

Cryptolocker is an example of what type of malicious software?

Helen has vulnerability scanners located at several points on her network. Which one of the following scanners is likely to provide the most complete picture of the vulnerabilities present on a public web server?

DMZ Scanner

external connections

DMZ contains systems that must accept direct _____

Name: Wikipedia.org Address: 208.80.154.224 Which of the following attacks MOST likely occurred on the user's internal network?

DNS poisoning

Fran's network recently suffered a botnet infestation and she would like to implement a control that limits the ability of botnets to reach their command-and-control servers. Which one of the following deception technologies would best meet this need?

DNS sinkhole

rainbow table

Dan is engaging in a password cracking attack where he uses precomputed hash values. What type of attack is Dan waging?

customer responsibilities

Data and applications are _____.

confidentiality

Data breaches violate which principle of cybersecurity?

Honeynet

Decoy networks designed to attract attackers

UDP 53

Dennis would like to capture the DNS traffic on his network using Wireshark. What port should he use in his capture filter to restrict his capture to DNS queries and responses?

trunk negotiation

Deny the use of automatic _____ to limit the effectiveness of VLAN hopping attacks.

use case

Describes a goal that an organization wants to achieve

risk register

Description, category, probability and impact, risk rating, and risk management actions are all contents of

digital certificate

Developers wishing to sign their code must have a ____.

posture

Device _____ collects security-related device data, such as OS and version, jailbreak status, data encryption, screen lock status, biometrics status, etc.

Which one of the following is an example of an in-band approach to key exchange?

Diffie-Hellman

ifconfig eth0 -promisc

Disable promiscuous mode on first ethernet interface on Linux system

operating normally

Disaster recovery efforts end only when the business is _____ in its primary environment.

netstat -a

Displays a listing of all TCP and UDP ports that a system is listening on, in addition to all open connections.

netstat -s

Displays statistics of packets sent or received for specific protocols such as IP, ICMP, TCP, UDP.

netstat -r

Displays the routing table

asset value

Dollar value of an asset

containing the damage

During an incident response, what is the highest priority of first responders?

production

During what phase of ediscovery does an organization share information with the other side?

authentication

During which phase of the access control process does a user prove their identity?

exposure factor

EF stands for

Which type of digital certificate offers the highest possible level of trust?

EV

DNS cache

Each time a system queries DNS to resolve a hostname to an IP address, it stores the results in the ____.

mainframes

Embedded device security controls are effective for _____ as well.

technical controls

Encryption, antivirus software, IDS, IPS, firewalls, and least privilege are examples of _____.

ipconfig

Entered by itself, this command provides basic information about the NIC, such as IP, subnet mask, and default gateway.

impact

Evaluate incident severity based upon ____.

exposure factor

Expected Percentage of damage to an asset

ALE

Expected dollar loss from a risk in any given year

Single Loss Expectancy

Expected dollar loss if a risk occurs one time

Field Programmable Gate Array

FPGA stands for

(T/F) Cable distribution runs are not normally included in a site's physical security plan.

False

(T/F) Companies should always manage bug bounty programs internally.

False

(T/F) Conducting a brute force attack requires a sample of plaintext.

False

(T/F) Database normalization should always be used to improve database security

False

(T/F) Removing names and identification numbers is usually all that is necessary to deidentify a dataset.

False

(T/F) Static code testing software executes code to verify that it is functioning properly.

False

(T/F) The DevOps model prioritizes development efforts over operational tasks.

False

(T/F) You are normally required to report security incidents to law enforcement if you believe a law may have been violated.

False

Which biometric error would allow an unauthorized user to access a system?

False acceptance

three

Firewalls connect ____ networks

Isolate the affected systems

First responders must act quickly and _____.

Identify ID

Framework function #1

Protect PR

Framework function #2

Detect DE

Framework function #3

Respond RS

Framework function #4

Recover RC

Framework function #5

logger Backup started

Gives you a timestamped entry with text "backup started" in Linux

network and host firewalls

Granting network access requires configuring both ___.

supply chain

Greg believes that an attacker may have installed malicious firmware in a network device before it was provided to his organization by the supplier. What type of threat vector best describes the attack?

network-based

Greg is implementing a data loss prevention system. He would like to ensure that it protects against transmissions of sensitive information by guests on his wireless network. What DLP technology would work best to meet this goal?

preventative control

Greg recently conducted an assessment of his organization's security controls and discovered a potential gap: the organization does not use full-disk encryption on laptops. What type of control-gap exists in this case?

logic bomb

Gurvinder has been asked to assist a company that recently fired one of their developers. After the developer was terminated, the critical application that they had written for the organization stopped working and now displays a message reading "You shouldn't have fired me!" If the developer's access was terminated and the organization does not believe that they would have had access to any systems or code after they left the organization, what type of malware should Gurvinder look for?

masking

Gwen is exploring a customer transaction reporting system and discovers the table shown here. What type of data minimization has likely been used on this table?

vendor responsibilities

Hardware and Data Center are _____.

executive

Hardware remotely captures credentials by monitoring a user's input. This targets _____.

Keylogger

Hardware remotely captures credentials by monitoring a user's input. What kind of attack is this?

The chief compliance officer from a bank has approved a background check policy for all new hires. Which of the following is the policy MOST likely protecting against?

Hiring an employee who has been convicted of theft to adhere to industry compliance.

relocate the data center

How do you avoid the risk of a flood?

3

How many keys should be used with 3DES to achieve the greatest level of security?

internet control message protocol

ICMP stands for ___.

Which of the following is an example of multifactor authentication?

ID Card and PIN

Which one of the following is not an example of an open source intelligence resource?

IP reputation service

32

IPv4 uses ____ bits

hexidecimal numbers

IPv6 consists of 8 groups of 4 _____. Example: fd02:24c1:b942:01f3:ead2:123a:c3d2:cf2f

address exhaustion

IPv6 replaces IPv4 due to ____.

128

IPv6 uses ____ bits.

which of the following is a common command-and-control mechanism for botnets?

IRC

cybersecurity control objectives

ISO 27001 covers:

cybersecurity control implementation

ISO 27002 covers:

privacy controls

ISO 27701 covers:

risk management programs

ISO 31000 covers:

access controls

Identification, Authentication, Authorization

shared secret key

If Alice wants to send a message to Bob using symmetric cryptography, what key does she use to encrypt the message?

SPOF

If a ____ fails, an entire system can fail.

traffic stops

If ping fails, admins can use tracert to identify where ____.

Cache Poisoning

If you suspect and ARP ____ attack, you can use ARP to check the cache.

A dynamic application vulnerability scan identified code injection could be performed using a web form. Which of the following will be BEST remediation to prevent this vulnerability?

Implement input validations

alert

Impossible Travel Time activity should be unusual enough to be considered an indicator of compromise (IoC) and worthy of an _____.

File Transfer Protocol

In Administrative Services, port 21 is for _____.

Secure Shell

In Administrative Services, port 22 is for _____.

remote desktop protocol

In Administrative Services, port 3389 is for _____.

Domain Name Service

In Administrative Services, port 53 is for _____.

53

In Administrative Services, port ____ is for Domain Name Service (DNS)

3389

In Administrative Services, port ____ is for Remote Desktop Protocol (RDP).

21

In Administrative Services, port _____ is for File Transfer Protocol (FTP).

22

In Administrative Services, port _____ is for Secure Shell (SSH).

NetBIOS

In Administrative Services, ports 137, 138, and 139 are for _____.

137, 138, and 139

In Administrative Services, ports _____ are for NetBIOS.

OS

In IaaS, the _____ is the customer's responsibility. In PaaS and SaaS, it is the vendor's responsibility.

tail

In Linux, the ____ command displays only the last 10 lines of a log file.

logger

In Linux, use the ___ command to add entries in the /var/log/syslog file from the terminal or scripts and applications.

journalctl --since 1 hour ago

In Linux, you can limit journal entry logs displayed to only last hour with ____ command.

Post Office Protocol

In Mail Services, port 110 is for _____.

Internet Message Access Protocol

In Mail Services, port 143 is for _____.

Simple Mail Transfer Protocol

In Mail Services, port 25 is for _____.

143

In Mail Services, port ____ is for Internet Message Access Protocol (IMAP).

110

In Mail Services, port ____ is for Post Office Protocol (POP).

25

In Mail Services, port _____ is for Simple Mail Transfer Protocol (SMTP).

Secure Hypertext Transfer Protocol

In Web Services, port 443 is for _____.

Hypertext Transfer Protocol

In Web Services, port 80 is for _____.

80

In Web Services, port ____ is for HTTP.

443

In Web Services, port ____ is for HTTPS.

black box

In a ___ penetration test, the attacker has no prior knowledge of the environment.

failover cluster

In a _____, the server switches from the failed server in a cluster to an operational server in the same cluster.

white team

In a cybersecurity exercise, what team is responsible for serving as moderators?

MDM platforms

In device posturing, _____ gain greater insight into the posture of mobile devices to enforce appropriate network access policies.

head

In linux, the ____ command allows you to see only the beginning of a log file.

AS

In the Kerberos protocol, what system performs authentication of the end user?

transport layer

In the OSI model, the ___ consists of TCP and UDP.

data link layer

In the OSI model, the ___ consists of data transfers between two nodes.

presentation layer

In the OSI model, the ___ consists of data translation and encryption.

session layer

In the OSI model, the ___ consists of exchanges between systems.

network layer

In the OSI model, the ___ consists of internet protocol (IP).

application layer

In the OSI model, the ___ consists of user programs.

physical layer

In the OSI model, the ___ consists of wires, radios, and optics.

clipper chip

In the early 1990s, the National Security Agency attempted to introduce key escrow using what failed technology?

listen

Indicates the system is waiting for a connection request

SYN_received

Indicates the system sent a TCP SYN-ACK packet after receiving a SYN packet as the first part of the SYN, SYN-ACK, ACK handshake process. It is waiting for the ACK response to establish the connection.

Which one of the following is not one of the GAPP principles?

Integrity

knowledge-based organizations

Intellectual property theft poses a risk to _____.

extranet

Intranet segments extended to business partners

What action can users take to overcome security flaws in RC4?

It is not possible to use RC4 securely

Compliance

Jade's organization recently suffered a security breach that affected stored credit card data. Jade's primary concern is the fact that the organization is subject to sanctions for violating the provisions of the Payment Card Industry Data Security Standard. What category of risk is concerning to Jade?

HOTP

Jane uses an authentication token that requires her to push a button each time she wishes to login to a system. What type of token is she using?

steganography

Jasmine comes across a file sent out of her organization that she suspects contains proprietary trade secrets but appears to be an innocuous image. What technique might the sender have used to hide information in the image?

false positive

Jason recently investigated a vulnerability discovered during a scan and, after exhaustive research, determined that the vulnerability did not exist. What type of error occurred?

boxes, servers, hosts

Jump _____ are all the same thing

Nancy is designing a security strategy for remote access. She would like to provide administrators with an intermediate box that they connect to before reaching sensitive systems. What type of service is Nancy planning?

Jump box

internet RFC

Ken is conducting threat research on Transport Layer Security (TLS) and would like to consult the authoritative reference for the protocol's technical specification. What resource would best meet his needs?

white hat

Kolin is a penetration tester who works for a cybersecurity company. His firm was hired to conduct a penetration test against a health-care system, and Kolin is working to gain access to the systems belonging to a hospital in that system. What term best describes Kolin's work?

honeynets

Large-scale deployments of honeypots are called ____.

MAC address

Limit the devices that may connect to a network switchport by _____.

switches

Limit the unnecessary exposure of VLANs by limiting the number of _____ where they are trunked, especially for the sensitive VLANs.

urgency

Linda's organization recently experienced a social engineering attack. The attacker called a help desk employee and persuaded her that she was a project manager on a tight deadline and locked out of her account. The help desk technician provided the attacker with access to the account. What social engineering principle was used?

ifconfig eth0 allmulti

Linux command that Enables multicast mode on the NIC. Allows the NIC to process all multicast traffic received by the NIC.

ifconfig eth0 promisc

Linux command that enables promiscuous mode on the first ethernet interface

ip -s link

Linux command that shows statistics on the network interfaces.

cat

Linux command used to display the contents of files.

ctrl + c

Linux continues to ping until you press ___.

traceroute

Linux tracert commands is equivalent to ____.

apache

Linux web server application

physical location

Location based network security techniques restrict access based upon _____.

compensating control

Lou mounted the sign below on the fence surrounding his organization's datacenter. What control type best describes this control?

Security analysts are conducting an investigation of an attack that occurred inside the organization's network. An attacker was able to connect network traffic between workstations throughout the network. The analysts review the following logs: VLAN ADDRESS ________ _______________ 1 0007.1e5d.3213 1 002a.7d.44.8801 1 0011.aab4.344d The layer 2 address table has hundreds of entities similar to the ones above. Which of the following attacks has MOST likely occurred?

MAC flooding

Security as a Service

MSSPs may also be referred to as _____

Mean Time Between Failures

MTBF stands for

Mean Time to Failure

MTTF stands for

Maloof would like to digitally sign a message that he is sending to Clementine. What key does he use the create the digital signature?

Maloof's private key

Which phase of the capability maturity module introduces the reuse of code across projects?

Managed

risk management process

Management controls improve the security of the _____ itself

assessment

Managerial controls use planning and _____ methods to provide ongoing review of organization's ability to reduce and manage risk.

security and privacy

Many individuals play a role in data _____.

Managerial

Matt is updating the organization's threat assessment process. What category of control is Matt implementing?

Different vendors use different names for malware packages

Matt uploads a malware sample to a third-party malware scanning site that uses multiple antimalware and antivirus engines to scan the sample. He receives several different answers for what the malware package is. What has occurred?

security group

Matt would like to assign users to roles within his Windows enterprise. What feature can he use to create a role?

data breaches

Measuring control effectiveness includes assessing ____ requiring notification.

end-user accounts

Measuring control effectiveness includes assessing compromised _____

web application

Measuring control effectiveness includes assessing critical findings in _____ scans.

public-facing systems

Measuring control effectiveness includes assessing vulnerabilities in _____.

backdoor

Mike discovers that attackers have left software that allows them to have remote access to systems on a computer in his company's network. How should he describe or classify this malware?

flood control measures

Mitigate the risk of a flood by installing ____.

Security and Privacy Controls for Information Systems and Organizations

NIST 800-53 covers:

security actions

NIST CSF aligns _____ across control types

identify and prioritize

NIST CSF helps _____ actions.

different organizations

NIST CSF offers different value to _____.

common language

NIST CSF provides a _____ for cybersecurity risk

commerce

NIST is part of the US Dept of _____.

Keyboard and other input from the user

Nancy is concerned that there is a software keylogger on the system she is investigating. What data may have been stolen?

powershell

Naomi believes that an attacker has compromised a Windows workstation using a fileless malware package. What Windows scripting tool was most likely used to download and execute the malware?

firewalls

Network _____ restrict network traffic going in and out of a network.

faulty routers

Network admins usually use tracert to identify ____ on the network.

east-west traffic

Network traffic between systems located in the data center

inherently superior

No cloud model is _____ to the other approaches. It all depends on the context.

confidentiality

Nolan is writing an after action report on a security breach that took place in his organization. The attackers stole thousands of customer records from the organization's database. What cybersecurity principle was most impacted by the breach?

stakeholders

Notify management and other _____.

Which of the following would be used to find the MOST common web-application vulnerabilities?

OWASP

rootkit infections

Often time, file integrity monitors send alerts indicating ____.

chmod

On Linux, which command is used to modify permissions on system files and folders?

people

Operational controls are executed by ____ instead of systems.

human-driven

Operational controls use ____ processes to manage technology in a secure manner

fault-tolerant

Organizations commonly implement redundancy and _____ methods to ensure high levels of availability.

asset valuation techniques

Original cost, depreciated cost, and replacement cost are all

Which one of the following authentication protocols requires the use of external encryption to protect passwords?

PAP

bans

PCI DSS compensating controls must be "above and beyond" other PCI DSS requirements. This specifically ____ the use of a control used to meet one requirement as a compensating control for another requirement.

Which one of these file extensions is always associated with certificates stored in binary form?

PFX

scripting languages

PHP, Perl, and Python are the ____ for Linux.

sensitive customer information

PII, Financial info, and health info are all _____.

live systems

Ping identifies _____.

49,152- 65,535

Port ranges for dynamic ports:

1,024- 49,151

Port ranges for registered ports:

0- 1,023

Port ranges for well-known ports:

likelihood

Probability that a risk will occur

risk transference

Purchasing an insurance policy is an example of which risk management strategy?

IaaS

Purchasing server instances and configuring them to run your own software is an example of what cloud deployment model?

An analyst just discovered an ongoing attack on a host that is on the network. The analyst observes the below taking place: - The computer performance is slow - Ads are appearing from various pop-up windows - OS files are modified - The computer is receiving AV alerts for execution of malicious processes Which of the following steps should the analyst consider FIRST?

Put the machine in containment

SLE*ARO=ALE

Quantitative risk assessment formula for ALE

AV*EF=SLE

Quantitative risk assessment formula for SLE:

Which one of the following is not an example of federated authentication?

RADIUS

backup strategy

RAID is a fault-tolerance technique, not a ____.

What disaster recovery metric provides the targeted amount of time to restore a service after a failure?

RTO

round trip time

RTT is the abbreviation for?

risk mitigation

Reduces the chances that a threat will exploit a vulnerability

risk mitigation

Reduces the likelihood or impact of the risk

starting point

Reference architectures provide a useful framework, but they're just a ______.

gray-hat hacking

Renee is a cybersecurity hobbyist. She receives an email about a new web grading system used by her son's school and she visits the site. She notices that the URL looks like this: https://www.myschool.edu/grades.php&studentID=1023425 She realizes that 1023425 is her son's student ID number and she then attempts to access the following URLs: https://www.myschool.edu/grades.php&studentID=1023423 https://www.myschool.edu/grades.php&studentID=1023424 https://www.myschool.edu/grades.php&studentID=1023426 https://www.myschool.edu/grades.php&studentID=1023427 When she does so, she accesses the records of the other students. She closes the records and immediately informs the school principal of the vulnerability. What term best describes Renee's work?

Naomi wants to provide guidance on how to keep her organization's new machine learning (ML) tools secure. Which of the following is not a common means of securing ML algorithms?

Require third-party review for bias in ML algorithms

Which cloud security control can be used to limit the amount of money spent by a user within the cloud customer's organization?

Resource policies

Fred receives a call to respond to a malware-infected system. When he arrives, he discovers a message on the screen that reads "Send .5 Bitcoin to the following address to recover your files." What is the most effective way for Fred to return the system to normal operations?

Restore from a backup if available

Mount the drive on another system and scan it that way

Rick believes that a system he is responsible for has been compromised with malware that uses a rootkit to obtain and retain access to the system. When he runs a virus scan, the system doesn't show any malware. If he has other data that indicates the system is infected what should his next step be if he wants to determine what malware may be on the system?

avoidance

Risk ____ changes the organization's business practices

prioritized

Risk assessments produce a ____ set of risks.

risk management strategies

Risk avoidance, transference, mitigation, and acceptance are all ____.

single point in time

Risk control assessments look at a _____

ongoing process

Risk management is an _____.

document and track

Risk visibility and reporting techniques _____ risks over time

identity of an individual

Role based network security techniques restrict access based upon _____.

packet routing decisions

Routers connect networks to each other, making intelligent _____.

business logic

Rule based network security techniques restrict access based upon _____.

ICS Types

SCADA, DCSs, and PLCs are ____.

ALE

SLE * ARO = _____

ARO

SLE * ____ = ALE

Single Loss Expectancy

SLE stands for

Which one of the following issues is not generally associated with the use of default configurations?

SQL injection flaws

Which one of the following functions is not normally found in a UTM device?

SSL termination

Which of the following is a standardized language used to communicate security information between systems and organizations?

STIX

What TCP flag indicates that a packet is requesting a new connection?

SYN

synchronize

SYN means ____.

bot

Scott notices that one of the systems on his network contacted a number of systems via encrypted web traffic, downloaded a handful of files, and then uploaded a large amount of data to a remote system. What type of infection should he look for?

sensitive

Secret info is _____

security risks

Security controls are Procedures and mechanisms that an organization puts in place to manage ____.

different risks

Security controls must cover many _____.

continuous improvement

Security programs should embrace a spirit of ____.

something you know

Security questions are an example of what type of authentication factor?

Wipe the drive and reinstall from known good media

Selah wants to ensure that malware is completely removed from a system. What should she do to ensure this?

documentary

Server logs are an example of ____ evidence.

Which one of the following is a hashing utility that you can use in your forensic toolkit?

Shasum

Risk transference

Shifts the impact of a risk to another organization

netstat -p

Shows statistics on a specific protocol. For example _____ tcp for only TCP stats.

arp -a

Shows the ARP cache on Windows

ipconfig /displaydns

Shows the contents of DNS cache and IP address mappings.

ip link show

Shows the interfaces along with some details on them on Linux

which of the following would produce the closest experience of responding to an actual incident response scenario?

Simulation

System on a Chip

SoC stands for

firewall rule

Source system address, destination address, destination port and protocol, and action (allow or deny) are all ____ contents.

lost

Source to Here column lists _____/sent = pct (percent)

loop prevention

Spanning Tree Protocol prevents broadcast storms by implementing ____.

threat vectors

Specified methods that threats use to exploit a vulnerability

layer 3

Switches MAY function at _____.

layer 2

Switches typically work at _____.

honeypots

Systems designed to attract and trap attackers

no trust

Systems gain _____ based solely upon network location.

Ricky would like to use an authentication protocol that fully encrypts the authentication session, uses the reliable TCP protocol and will work on his Cisco devices. What protocol should he choose?

TACACS+

which one of the following is the most secure way for web servers and web browsers to communicate with each other?

TLS

Which of the following is a race condition attack?

TOC/TOU

ten

Tail command allows you to see the last ____ lines of a log file.

technology

Technical controls use ____ to achieve security control objectives.

ad hoc network

Temporary networks that may bypass security controls

security principles

The CIA security triad is a model used to guide an organization's _____.

housekeeping

The ICMP is the ____ protocol of the internet.

special

The ITL publishes _____ publications in the 800 series that are of general interest to the computer security community.

Information Technology Laboratory

The NIST's Computer Security Division hosts the _____.

grep

The ___ command on Linux is used to search for a specific string or pattern of text within a file.

Dynamic Host Configuration Protocol

The ____ allows the automatic assignment of IP addresses from an administrator-configured pool.

pathping

The ____ command combines the functions of the ping and the tracert commands.

tracert

The ____ command lists all the routers between two systems.

Internet Control Message Protocol

The ____ is the housekeeping protocol of the internet.

netstat command

The _____ allows you to view statistics for TCP/IP protocols on a system.

fault tolerance

The ability of a system to continue operation even if a component fails.

prime factorization

The difficulty of solving what mathematical problem provides the security underlying the Diffie-Hellman algorithm?

explicitly allowed

The firewall implicit deny strategy blocks all traffic that is not _____.

risk profile

The full set of risks facing an organization is called the ____.

containing damage through isolation

The highest priority of a first responder must be _____.

deny strategy

The implicit ____ provides a secure starting point for a firewall.

Locations

The impossible travel detection identifies unusual and impossible user activity between two _____.

risk appetite

The organization's _____ describes how much risk it is willing to accept.

credential stuffing

The reuse of passwords across multiple sites makes an individual susceptible to ____ attacks

risks, not threats

The words "internal" and "external" are applied to _____.

journalctl--since "1 hour ago">myjournal.txt

This command sends journal output to text

journalctl --list-boots journalctl-1

This command shows the available boot logs and retrieve the boot log identified with the number 1.

geographically distant locations

This detection identifies a user account activities originating from ____ within a time period shorter than the time it would have taken the user to travel from the first location to the second.

CLOSE_WAIT

This indicates the system is waiting for a connection termination request. •

TIME_WAIT

This indicates the system is waiting for enough time to pass to be sure the remote system received a TCP-based acknowledgment of the connection.

SYN_SENT

This indicates the system sent a TCP SYN (synchronize) packet as the first part of the SYN, SYN-ACK, ACK handshake process and it is waiting for the SYN-ACK response.

Risk management and treatment

This is a process of systematically analyzing potential responses to each risk and implementing strategies to control those risks appropriately.

time of day

Time based network security techniques restrict access based upon _____.

repairable

Time to restore service depends upon whether a component is _____.

technical control

Tina is tuning her organization's intrusion system to prevent false positive alerts. What type of control is Tina implementing?

netstat -anp tcp

To show a listing of ports that the system is listening on, listed in numerical order, for only the tcp you would use _____.

privilege creep

Tobias recently permanently moved from a job in accounting to a job in human resources but never had his accounting privileges revoked. What situation occurred in this case?

strategic risk

Tony is reviewing the status of his organization's defenses against a breach of their file server. He believes that a compromise of the file server could reveal information that would prevent the company from continuing to do business. What term best describes the risk that Tony is considering?

deterrent control

Tonya is concerned about the risk that an attacker will attempt to gain access to her organization's database server. She is searching for a control that would discourage the attacker from attempting to gain access. What type of security control is she seeking to implement?

highly sensitive

Top Secret info is ____

She should run the ML algorithm on the network only if she believes it is secure

Tracy is concerned about attacks against the machine learning (ML) algorithm that her organization is using to assess their network. What step should she take to ensure that her baseline data is not tainted?

The board of directors at a company contracted with an insurance firm to limit the organization's liability. Which of the following risk management practices does the BEST describe?

Transference

disguise

Trojan horses ____ themselves.

(T/F) Audits may be performed by either internal or external entities.

True

(T/F) Certifications help employees validate their skills and are an important recruiting and retention tool.

True

(T/F) Data ownership issues often arise in supplier relationships.

True

(T/F) Risk assessments represent a point-in-time analysis of the risks facing an organization.

True

(T/F) SIEMs apply artificial intelligence techniques to log entries.

True

(T/F) Software forensics may be used to identify the origin of malware.

True

(T/F) The chain of custody must be updated EVERY time someone handles a piece of evidence.

True

(T/F) Vendors extend your organization's technology environment. If they handle data on your behalf, you should expect they execute the same degree of care that you would in your own operations.

True

(T/F) ZIP code, date of birth, and gender uniquely identify 87% of people in the United States.

True

T/F It is generally a bad practice to run software after the vendor's end of life

True

T/F Privilege escalation attacks require a normal user account to execute

True

T/F The main purpose of a code repository is to store the source files used in software development in a centralized location that allows for secure storage.

True

T/F You should rebuild any system that may have been compromised during a security incident.

True

Machines

UEBA goes further than simply monitoring human behavior—it monitors _____.

behavior

UEBA seeks to recognize any peculiar or suspicious _____— instances where there are irregularities from normal everyday patterns or usage.

User and Entity Behavior Analytics

UEBA stands for _____.

Something you know

UN/PW, PIN #, Birth date are all _____.

commercial

UPSs and generators can provide power to key systems when _____ power fails.

Shadow IT

Ursula recently discovered that a group of developers are sharing information over a messaging tool provided by a cloud vendor but not sanctioned by her organization. What best describes this use of technology?

v3

Use SNMP ______. Earlier versions have critical security flaws.

Which one of the following is not a common deployment option for relational databases?

Use a VDI service

IoC

Vince recently received the hash values of malicious software that several other firms in his industry found installed on their systems after a compromise. What term best describes this information?

human action

Viruses are spread by ____.

mechanism of action

We categorize controls by their purpose or ____.

watermarking

What DLP technique tags sensitive content and then watches for those tags in data leaving the organization?

Try...Catch

What Java clause is critical for error handling?

o

What Linux file permissions group is used to describe the permissions assigned to any user of the system?

GPOs

What Windows mechanism allows the easy application of security settings to groups of users?

bcrypt

What algorithm uses the Blowfish cipher along with a salt to strengthen cryptographic keys?

Application, Presentation, Session, Transport, Network, Data Link, Physical

What are the 7 layers of the OSI model?

driver shimming

What attack technique wraps malicious code around a legitimate driver?

false rejection rate

What characteristic of biometrics measures the frequency at which legitimate users are denied access to a system or facility?

class c

What class of fire extinguisher is designed to work on electrical fires?

VPC

What cloud computing technology is similar to the VLANs used in an on-premises network?

security groups

What cloud security control is used to replace firewall functionality for IaaS environments?

ping

What command sends ICMP echo request packets?

Lockheed Martin

What company developed the Cyber Kill Chain?

HIPPA

What compliance regulation most directly affects the operations of a healthcare provider?

Internet

What component makes up the Internet Zone in the Network Border Firewall?

Release management

What component of a change management program includes final testing that the software functions properly?

DMZ, email server, webserver

What components make up the DMZ in the Network Border Firewall?

Internal network, endpoint network, wireless network, guest network, data center network

What components make up the Intranet Zone in the Network Border Firewall?

memory leak

What condition occurs when a software package fails to release memory that it reserved for use?

Segmentation

What containment strategy moves compromised systems to a separate VLAN attached to the enterprise network?

availability

What cybersecurity tenet is violated when a customer's cloud-hosted website goes down?

tokenization

What data obfuscation technique is intended to be reversible?

data owner

What data security role is normally filled by a senior-level official who bears overall responsibility for the data?

skimmer

What device is often used in card cloning attacks?

tactic

What do the columns in the ATT&CK matrix represent?

Control Objectives for IT

What does COBIT stand for?

Distributed denial-of-service

What does DDoS stand for?

dynamic host configuration protocol

What does DHCP stand for?

domain-based message authentication reporting conformance

What does DMARC stand for?

domain name system

What does DNS stand for?

Data protection officer

What does DPO stand for?

Hardware Security Module as a Service

What does HSMaaS stand for?

Information Technology Laboratory

What does ITL stand for?

network interface card

What does NIC stand for?

National Institute of Standards and Technology

What does NIST stand for?

security information and event management

What does SIEM stand for?

special publications

What does SP stand for?

Transmission Control Protocol/ Internet Protocol

What does TCP/IP stand for?

User Datagram Protocol

What does UDP stand for?

identifies and prioritizes risks

What does a risk assessment do?

grep

What file manipulation command is used to search the contents of a text file?

TPM

What hardware technology may be embedded in a laptop computer to protect encrypted hard drives from removal?

blacklisting

What input validation approach works to exclude prohibited input?

categorize information system

What is the first step in the NIST risk management framework?

Planning

What is the first step of a Fagan inspection?

confidential

What is the lowest level of classification

64.4 Fahrenheit

What is the minimum acceptable temperature for a data center?

network segmentation

What is the most important control to apply to smart devices?

AppLocker

What is the name of the application control technology built-in to Microsoft Windows?

tailgating

What is the name of the practice where a user holds a door open for the individual following them into a building?

supplicant

What is the piece of software running on a device that enables it to connect to a NAC-protected network?

NIST SP 800-37

What is the special publication governing Risk Management Framework?

randomly generated key

What key is actually used to encrypt the contents of a message when using PGP?

XML

What language is STIX based on?

PowerShell

What language is commonly used to automate the execution of system administrator tasks on Windows systems?

HIPAA

What law contains specific requirements for data breaches that occur in the healthcare industry?

56 bits

What length encryption key does the Data Encryption Standard use?

trap

What message can an SNMP agent send to a network management system to report an unusual event?

800

What number series are computer security special publications?

ISACs

What organizations did the U.S. government help create to help share knowledge between organizations in specific verticals?

TLS

What protocol may be used to secure passwords in transit to a web application?

access control lists

What router technology can be used to perform basic firewall functionality?

TLS

What security control would normally be used to add encryption for data in transit to and from a cloud-based web server?

implicit deny

What security principle does a firewall implement with traffic when it does not have a rule that explicitly defines an action for that communication?

least privilege

What security principle prevents against an individual having excess security rights?

SOAR

What security technology best assists with the automation of security workflows?

Oversubscription

What situation occurs when cloud service customers request more services than the provider has capacity?

spiral

What software development methodology uses four stages in an iterative process?

x.509

What standard governs the structure and content of digital certificates?

VLAN pruning

What technique should network administrators use on switches to limit the exposure of sensitive network traffic?

certificate stapling

What technology allows web servers to attach an OCSP validation to the certificate they send to users?

flood guard

What technology can help prevent denial of service attacks on a network?

wrappers

What technology can you use as a compensating control when it's not possible to patch an embedded system?

certificate pinning

What technology can you use to tell clients that a certificate is unlikely to change over time?

APIs

What technology do cloud orchestration services use to interact with cloud service providers?

NAT

What technology provides the translation that assigns public IP addresses to privately addressed systems that wish to communicate on the internet?

Data Encryption

What technology uses mathematical algorithms to render information unreadable to those lacking the required key?

data in motion

What term best describes data that is being sent between two systems over a network connection?

memdump

What tool allows you to dump the contents of memory on a Linux system?

Likelihood and Impact

What two factors are used to evaluate a risk?

SOC 3

What type of Service Organization Controls audit is designed for public consumption?

Service level agreement

What type of agreement is used to define availability requirements for an IT service that an organization is purchasing from a vendor?

prescriptive analytics

What type of artificial intelligence technique is most commonly associated with optimization?

behavioral

What type of assessment is particularly useful for identifying insider threats?

known plaintext

What type of attack is possible when the attacker has access to both an encrypted and unencrypted version of a single message?

buffer overflow

What type of attack seeks to write data to areas of memory reserved for other purposes?

incremental

What type of backup includes only those files that have changed since the most recent full or incremental backup?

horizontal scaling

What type of cloud scaling adds more servers to the pool to meet increased demand?

high availability

What type of control are we using if we supplement a single firewall with a second standby firewall ready to assume responsibility if the primary firewall fails?

SLA

What type of document is used to agree upon vendor obligations?

orphaned rule

What type of firewall rule error occurs when a service is decommissioned but the related firewall rules are not removed?

mutation fuzzing

What type of fuzz testing captures real software input and modifies it?

Type 2

What type of hypervisor requires a host operating system?

operational

What type of investigation would typically be launched in response to a report of high network latency?

bot

What type of malware connects to a command-and-control system, allowing attackers to manage, control, and update it remotely?

logic bomb

What type of malware delivers its payload only after certain conditions are met, such as a specific date and time occurring?

macro viruses

What type of malware is VBA code most likely to show up in?

PUP

What type of malware is adware typically classified as?

RATs

What type of malware is frequently called stalkerware because of its use by those in intimate relationships to spy on their partners?

signature detection

What type of malware prevention is most effective against known viruses?

cookie

What type of object must a hacker typically access in order to engage in a session hijacking attack?

ISAC

What type of organization facilitates cybersecurity information sharing among industry-specific communities?

cameras

What type of physical security control should always be disclosed to visitors when used?

capture the flag

What type of security training is specifically designed to educate employees about attack techniques?

SCADA

What type of system is used to gather information from remote sensors via telemetry?

write blocker

What type of technology prevents a forensic examiner from accidentally corrupting evidence while creating an image of a disk?

configuration management

What type of tool assists with the automated validation of systems?

site trusted by the end user

What type of website does an attacker use when waging a watering hole attack?

others

When working with Linux permissions, "o" means ____.

Windows Registry

Where do fileless viruses often store themselves to maintain persistence?

Risk Register

Where would an organization normally record its risks?

ipconfig /flushdns

Which command erases the contents of the DNS cache?

header

Which component of a syslog message contains the timestamp?

guidelines

Which element of the security policy framework includes suggestions that are not mandatory?

memory contents

Which evidence source should be collected first when considering the order of volatility?

identity of attacker

Which one of the following is not a suggested criteria for evaluating containment strategies?

independent facilitator

Who is the most effective person to lead a lessons learned review?

Cloud Service Provider

Who provides cloud computing services for sale to third parties?

certificate authority

Who provides the digital signature on a digital certificate?

Windows Event Viewer

Windows logs are available in the ___.

four

Windows pings (sends out echo requests) _____ times by default.

DMARC record

Within its _____, each business sets a policy that tells other organizations' email systems what to do when they receive fake emails that impersonate its domain.

themselves

Worms spread by ____.

binary format

You can't query journald directly because it stores log data in ____, but journalctl displays it as text.

Read CR

___ indicates someone can open the file and view its contents in Linux chmod.

ipconfig command

___ shows the transmission control protocol/ Internet Protocol (TCP/IP) configuration information for a Windows system.

tcpreplay

____ allows editing and replaying traffic.

FPGAs

____ are chips that allow dynamic reprogramming.

Static IPs

____ are manually assigned to systems by a system administrator. They must be unique and within the appropriate range for the network.

darknets

____ are unused but monitored IP address space.

deterrent controls

____ attempt to discourage a threat.

network reconnaissance

____ attempts to learn additional details about the network and discoverable devices.

internal controls

____ can address internal risks

ARP

____ command line tool resolves IP addresses to MAC addresses and stores the results in the ____ cache.

Libraries

____ consist of shared code objects that perform related functions

honeyfiles

____ contain false stores of sensitive information

corrective and recovery

____ controls attempt to reverse the impact of an incident or problem after it has occurred.

anamoly, behavior-based, heuristic

____ detection, ____ detection, and ____ detection are the same thing.

cable locks

____ deter thieves from stealing laptops.

classification

____ drives cloud security decisions.

backups

____ ensure that personnel can recover data if it is lost or corrupted.

spyware

____ gathers information.

classifying information

____ helps employees understand security requirements.

write (w)

____ indicates a user can modify the contents of a file in Linux chmod

ping

____ is a basic command used to test connectivity for remote systems.

UEBA

____ is a cybersecurity solution that uses algorithms and machine learning to detect anomalies in the behavior of not only the users in a corporate network but also the routers, servers, and endpoints in that network.

business continuity planning

____ is also known as continuity of operations planning (COOP).

My SQL

____ is the Linux database management system

security controls

____ keep our risk profile in line with our risk appetite.

deprecated

____ means discouraged but tolerated

role based

____ network security techniques restrict access based upon identity of an individual.

location based

____ network security techniques restrict access based upon physical location.

time based

____ network security techniques restrict access based upon time of day.

system recovery

____ procedures ensure administrators can recover a system after a failure.

incident handling

____ processes define steps to take in response to security incidents.

Risk management frameworks

____ provide proven, time-tested techniques

escalate

____ response to appropriate level.

quantitative

____ risk uses objective numeric ratings to evaluate risk likelihood and impact.

multiparty risks

____ risks are shared across many organizations

promiscuous

____ rules allow more access than necessary.

Threat intelligence

____ shares risk information

AV

_____ * EF = SLE

split-tunnel

_____ VPNs provide users with a false sense of security.

network discovery

_____ allows devices on a network to discover other devices on the same network.

external controls

_____ arise from outside the organization

legacy risks

_____ arise from unsupportable systems.

internal risks

_____ arise from within an organization

BDPU Guard

_____ blocks malicious STP updates

Passwordless Authentication

_____ can prevent credential stuffing altogether because it verifies a user with something they have or something they are instead of a password.

software license

_____ compliance issues create the risk of fines and legal action.

compensating

_____ controls are alternative controls used when a primary control is not feasible.

managerial

_____ controls are primarily administrative in function.

detective

_____ controls attempt to detect incidents after they have occurred.

deterrent

_____ controls attempt to discourage individuals from causing an incident.

preventive

_____ controls attempt to prevent an incident from occuring.

corrective

_____ controls attempt to reverse the impact of an incident.

operational

_____ controls help ensure that the day to day operations of an organization comply with the security policy.

physical

_____ controls refer to controls you can physically touch.

technical

_____ controls use technology such as hardware, software, and firmware to reduce vulnerabilities.

control frameworks

_____ guide security program design

credential stuffing

_____ is a type of cyberattack in which a cybercriminal uses stolen usernames and passwords from one organization (obtained in a breach or purchased off of the dark web) to access user accounts at another organization.

DPO

_____ is responsible for overseeing a company's data protection strategy and its implementation to ensure compliance with GDPR requirements.

network segmentation

_____ is the most important control for embedded devices

impossible travel

_____ keeps track of where users are located so it can identify potential security breaches.

Device Posturing

_____ lets you establish trust in devices that comply with security policies and deny access to devices that don't meet security criteria.

resiliency

_____ methods help systems heal themselves or recover from faults with minimal downtime.

rule based

_____ network security techniques restrict access based upon business logic.

Spanning tree protocol

_____ prevents broadcast storms by implementing loop prevention

qualitative

_____ risk uses subjective ratings to evaluate risk likelihood and impact

orphaned

_____ rules allow access to decommissioned systems and services.

control assessments

_____ test control effectiveness.

risk register

_____ tracks risk information

HSM

______ as a Service is an alternate to HSM devices and KMS and provides secure, centralized key management and cryptography without the need for HSM appliances.

Ping Flood Attack

a ____ attempts to disrupt systems by sending ping requests repeatedly.

verb-noun

a common naming strategy for a use case is _____format.

algorithm

a hashing _____ creates a fixed-length, irreversible output.

hash

a number created by executing a hashing algorithm against data.

Whitelisting

a process in which a company identifies acceptable software and permits it to run, and either prevents anything else from running or lets new software run in a quarantined environment until the company can verify its validity

Blacklisting

a process in which a company identifies certain types of software that are not allowed to run in the company environment

vulnerability

a weakness in hardware, software, configuration, or users operating a system

elasticity

ability of a system to handle an increased workload by dynamically scaling up or scaling out as the need arises

risk acceptance

accepts the risk without taking further action

A recent security audit revealed that a popular website with IP address 172.16.1.5 also has an FTP service that employees were using to store sensitive corporate data. The organization's outbound firewall processes rules top-down. Which of the following would permit HTTP and HTTPS, while denying all other services for this host?

access-rule permit tcp destination 172.16.1.5 port 80 access-rule permit tcp destination 172.16-1-5 port 443 access-rule deny ip destination 172.16.1.5

redundancy

adds duplication to critical systems and provides fault tolerance

security incident

adverse event or series of events that can negatively affect the confidentiality, integrity, or availability of an organization's IT systems or data.

Which one of the following is not a common goal of a cybersecurity attacker?

allocation

fault-tolerant disks

allow a system to continue even if a disk fails.

compensating controls

alternative controls used instead of a primary control.

impact

amount of expected damage is called _____

Which one of the following is the best example of a hacktivist group?

anonymous

physical controls

any controls that you can physically touch.

specified ip address

arp -a 192.168.1.1 (or any IP) displays the ARP cache for ____.

which approach to threat identification begins with a listing of all resources owned by the organization?

asset-focused

What goal of security is enhanced by a strong business continuity program?

availability

points of failure

availability often addresses single _____.

What term best describes making a snapshot of a system or application at a point in time for later comparison?

baselining

Which of the following would be MOST effective to contain a rapid attack that is affecting a large number of organizations?

blocklist

What basic cryptographic functions does the AES algorithm use to encrypt plaintext?

both substitution and transposition

Which one of the following is a file carving tool?

bulk extractor

providers and customers

business continuity planning in the cloud is a partnership between _____.

hashes

by comparing _____, you can verify that integrity has been maintained

Which one of the following security mechanisms prevents laptops from theft while in use?

cable lock

Which one of the following security mechanisms prevents laptops from theft while they are in use?

cable lock

change mode

chmod is short for

What type of lock always requires entering a code to enter the facility?

cipher lock

ifconfig eth0 -allmulti

command that Disables multicast mode on Linux

Which of the following is not a standard application hardening technique?

conduct cross-site scripting

internal

confidential info is ____.

Which one of the following metrics does not contribute to the exploitability score for a vulnerability in CVSS?

confidentiality

mutually exclusive

control categories are not _____.

What tool can you use to create a disk image?

dd

Which one of the following data sanitization strategies is the most secure?

destruction

1) Which of the following measures is not commonly used to assess threat intelligence?

detail

netstat - n

displays addresses and port numbers in numerical order

netstat -e

displays details on network statistics, including how many bytes the system sent and received.

physical locks

door locks are ____.

Which one of the following expenses typically is billed to the user directly in on-premises environments but not in cloud environments?

electricity costs

Of the threat vectors listed here, which one is most commonly exploited by attackers who are at a distant location?

email

Which operation uses a cryptographic key to convert plaintext into cipher text?

encryption

Confidentiality

ensures that data is only viewable by authorized users

When you communicate over the Tor network, which of the following entities do you communicate with directly?

entry node

Which of the following is not a core feature of the Diamond Model?

exploit

threat

external threat jeopardizing security

(T/F) The analysis of adversary TTP includes tools, techniques, and policies.

false

(T/F) When handling cross-jurisdictional issues, disputes are resolved based upon the law of the cloud service provider's home country.

false

Which one of the following devices would you not typically find in a DMZ?

file server

Ricky would like to separate his network into three distinct security zones. Which one of the following devices is best suited to that task?

firewall

which one of the following controls is not particularly effective against insider threat?

firewalls

which one of the following is not a characteristic of cloud computing?

fixed

Which one of the following data elements is not commonly associated with identity theft?

frequent flyer number

authorization

grant or restrict access to resources using a _____ method, such as permissions.

Globally search a Regular Expression and Print

grep is short for ____.

preventive controls

hardening, training, guards, change management, account disablement, and IPS are all types of _____.

environmental

heating and ventilation are _____ controls.

A financial institution would like to store its customer data in a cloud but still allow the data to be accessed and manipulated while encrypted. Doing so would prevent the cloud service provider from being able to decipher the data due to its sensitivity. The financial institution is not concerned about computational overheads and slow speeds. Which of the following cryptographic techniques would BEST meet the requirement?

homomorphic

Which one of the following security controls is built in to Microsoft Windows?

host firewall

What type of disaster recovery site is able to be activated most quickly in the event of a disruption?

hot site

Which one of the following does not exist in a containerized computing environment?

hypervisor

When selecting a cloud server instance, which feature is generally not user-configurable?

hypervisor type

interface configuration

ifconfig stands for ____.

hops

in reference to commands, routers are referred to as ____.

What is the simplest way to take an existing cipher and make it stronger?

increase the length of the encryption key

availability

indicates that data and services are available when needed

Edward Snowden was a government contractor who disclosed sensitive government documents to journalists to uncover what he believed were unethical activities. Which of the following terms best describe Snowden's activities?

insider, hacktivist

external risks

internal controls can also mitigate _____.

network systems

ipconfig can manipulate the settings on the _____.

internet protocol configuration

ipconfig stands for____.

Which one of the following devices helps networked services scale with increasing demand?

load balancer

somewhere you are

location is considered ____.

A website developer who is concerned about theft of the company's user database warns to protect weak passwords from offline brute-force attacks. Which of the following would be the BEST solution?

lock accounts after five failed logons

detective controls

log monitoring, SIEM systems, security audit, video surveillance, motion detection, and IDS are all types of _____.

Which one of the following access control cards is the easiest to duplicate without permission?

magnetic stripe card

security controls

managerial, operational, and technical are all types of _____.

Which one of the following is a commonly used exploitation framework?

metasploit

Which one of the following attackers is most likely to be associated with an APT?

nation-state actor

Which of the following threat actors typically has the greatest access to resources?

nation-state actors

Which of the following is not an effective defense against XSRF attacks?

network segmentation

north-south traffic

network traffic between systems in the data center and systems on the internet

Which one of the following objectives is not one of the three main objectives that information security professionals must achieve to protect their organizations against cybersecurity threats?

nonrepudiation

established

normal state for data transfer phase of a connection. Indicates active, open connection.

Which statement about printers is incorrect?

often contain web servers

Harold works for a certificate authority and wants to ensure that his organization is able to revoke digital certificates that it creates. What is the most effective method of revoking digital certificates?

online certificate status protocol

Renee is creating a prioritized list of scanning targets. Which one of the following is the least important criteria for her prioritization?

operating system

What information is not found in network flow data?

packet content

Three of these choices are data elements found in NetFlow data. Which is not?

packet contents

Which one of the following disaster recovery tests involves the actual activation of the DR site?

parallel test

Which one of the following is not a normal account activity attribute to monitor?

password

windows systems

pathping is only available on ____

quantitative risk

perform _____ assessment for a single risk and asset pair.

Matt would like to limit the tests performed by his vulnerability scanner to only those that affect operating systems installed in his environment. Which setting should he modify?

plug-ins

Which one of the following information sources would not be considered an OSINT source?

port scans

risk

possibility or likelihood of a threat exploiting a vulnerability, resulting in a loss.

Which one of the following shell environments is commonly associated with Windows systems?

powershell

In which technique do attackers pose as their victim to elicit information from third parties?

pretexting

Which cloud deployment model exclusively uses dedicated cloud resources for a customer?

private cloud

Which of the following is not an important account management practice for security professionals?

privilege creep

Vic is planning a redesign of his organization's firewall strategy and is planning to issue an RFP for a firewall vendor. Which one of the following vendors would not be able to meet Vic's needs?

proofpoint

Which of the following is a provider activity in the cloud reference architecture?

provide audit data

NIC teaming

provides both redundancy support and increases bandwidth by load balancing

decision making

quantitative risk assessments aid in data-driven ____.

Which one of the following encryption approaches is most susceptible to a quantum computing attack?

quantum cryptography

What file permission does NOT allow a user to launch an application?

read

Which component of a change management program includes final testing that the software functions properly?

release management

failed

resiliency methods expect components to retry _____ processes.

information sources

risk assessment results, audit findings, team member output, and threat intelligence are all risk register _____.

corresponding threat

risks are the combination of a vulnerability and a ____.

After a WiFi scan of a local office was conducted, an unknown wireless signal was identified. Upon investigation, an unknown Raspeberry Pi device was found connected to an Ethernet port using a single connection. Which of the following BEST describes the purpose of this device?

rogue access point

Which one of the following would typically be an offline CA?

root CA

Randy is developing a vulnerability management program. Which one of the following is not a common source of requirements for such a program?

sales team requests

What communications technology provides the widest global coverage?

satellite

encryption

scrambles data to make it unreadable by unauthorized personnel

Which of the following is not one of the major principles of COBIT?

securing the enterprise end-to-end

Alice would like to send a message to Bob using RSA encryption. What key should she use to encrypt the message?

shared secret key

In which type of social engineering attack does the attacker physically observe the victim's activity?

shoulder surfing

ifconfig eth0

shows the configuration of the first Ethernet interface (NIC) on a Linux system

ifconfig wlan0

shows the configuration of the first wireless interface on a Linux system?

Which one of the following intrusion detection technologies requires frequent threat updates from the vendor?

signature detection

Something you have

smart card and hardware token are both ____.

ping 111.111.1.1

standard command for ping:

dynamic

static systems are scaled up or out manually, while ____ systems use elasticity to scale up and scale out.

Which one of the following technologies is an example of a parameterized query?

stored procedure

elevated

sudo command allows you to run a command with root, or ____ privileges. (linux)

grep command

sudo grep "authentication failure"/var/log/auth.log is utilizing ____. (linux)

super user do

sudo stands for

Which one of the following devices carries VLANs on a network?

switch

scalability

system's ability to handle increased workload either by scaling up or scaling out. added manually

Data Controller

the entity (person, organization, etc.) that determines the why and the how for processing personal data.

Data Processor

the entity that performs the data processing on the controller's behalf.

hardening

the practice of making a system or application more secure than its default configuration

vulnerability assessments

these attempt to discover current vulnerabilities

risk assessments

these help organizations qualify and quantify risks within an organization so that they can focus on the serious risks.

Which one of the following threat research tools is used to visually display information about the location of threat actors?

threat map

something you are

thumb print and retinal scan are both _____.

What data obfuscation technique is intended to be reversible?

tokenization

Which one of the data protection techniques is reversible when conducted properly?

tokenization

round-trip times

tracert identifies the ip address and sometimes the hostname of each hop in addition to the ____ for each hop.

Which one of the following is a file integrity monitoring tool?

tripwire

(T/F) Embedded systems often suffer from limited access to power and bandwidth.

true

(T/F) In a discretionary access control system, individual users have the ability to alter access permissions.

true

(T/F) When a user is terminated, administrators should first disable the account and then delete it later.

true

(T/F) Windows provides a facility for administrators to implement Time of Day restrictions without requiring the use of a third party tool.

true

T/F It is difficult to develop defenses against APT attackers.

true

encryption and access controls

types of confidentiality

Tom's organization recently learned that the vendor is discontinuing support for their customer relationship management (CRM) system. What should concern Tom the most from a security perspective?

unavailability of future patches

public

unclassified info is ____.

Angela wants to limit the potential impact of malicious Bash scripts. Which of the following is the most effective technique she can use to do so without a significant usability impact for most users?

use Bash's restricted mode

Which one of the following is not a barrier to using the web of trust (WoT) approach?

use of weak cryptography

identification

users claim an identity with a unique username

authentication

users prove their identity with _____.

Which one of the following is not critical to the security of one-time pad operations?

using AES in conjunction with the one-time pad

integrity

verifies that data has not been modified

vulnerabilities

weaknesses in security controls

Multicast mode

what allows the NIC to process all multicast traffic received by the NIC?

Time-based One Time Password

what does TOTP stand for?

assumption of compromise

what is the basic principle underlying threat hunting activities?

Input validation

what is the most effective defense against cross-site scripting attacks?

sudo

what is the preceding Linux command to request administrative permissions?

router

what network device can connect together multiple networks?

hacktivist

what type of attacker is primarily concerned with advancing an ideological agenda?

whaling

what type of phishing attack focuses specifically on senior executives of a targeted organization?

Which one of the following tools is a protocol analyzer?

wireshark

Which one of the following types of malware can spread without any user interaction?

worm

combine

you can _____ many of the netstat switches to show different types of information.

enforce

you can use hashing techniques to _____ integrity

controls

you reduce risk by implementing _____.

What command is used to apply operating system updates on some Linux distributions?

yum


Ensembles d'études connexes

[Lección 3] Estructura 2.5 - Mi familia Possessive adjectives

View Set

Employment Process Notes Career Prep

View Set

Chapter 18: Intraoperative Nursing Management

View Set

Placental Hormones & Endocrine Adaptations During Pregnancy

View Set

Bones and Joints of the Pelvic Girdle

View Set