SEC+ Book review questions
Something you know
A PIN is an example of what type of factor?
Attributes
A person's name, age ,location, or job title are all examples of what?
10
Acme widgets has 10 employees and they all need the ability to communicate with one and another using a symmetric encryption system. The system should allow any two employees to securely communicate without other employees eavesdropping. If an 11th employee is added to the organization, how many new keys must be added to the system?
static code analysis
Adam is conducting software testing by reviewing the source code of the application. What type of code testing is Adam conducting?
Pharming
Alaina discovers that someone has set up a website that looks exactly like her organization's banking website. Which of the following terms best describes this sort of attack?
Spam over Instant Messaging
Alaina suspects that her organization may be targeted by a SPIM attack. What technology is she concerned about?
Shoulder Surfing
Alan reads Susan's password from across the room as she logs in. What type of technique has he used?
Homomorphic encryption
Alan's team needs to perform computations on sensitive personal information but does not need access to underlying data. What technology can the team use to perform these calculations without accessing the data?
CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol)
Alania has implemented WPA2 and uses enterprise authentication for access points in infrastructure mode. What encryption protocol is her network using?
Supply chain attack
Alex discovers that the network router that his organization has recently ordered are running a modified firmware version that does not match the hash provided by the manufacturer when he compares them. What type of attack should alex categorize this attack as ?
a deny list tool
Alyssa wants to prevent a known Microsoft word file from being downloaded and accessed on devices she is responsible for. What type of tool can she use to prevent this?
A microSD HSM
Alyssa wants to use her android phone to store and manage cryptographic certificates. What type of solution could she choose to do this using secure hardware?
A CAN bus
Amanda is assessing a vehicle's internal network. What type of bus is she most likely to discover connecting its internal sensors and controllers?
A heatmap
Amanda wants to create a view of her buildings that show wifi signal strength and converge. What is this type of view called?
Degaussing
Amanda wants to securely destroy data held on DVDs. Which of the following options is not suitable solution for this?
Identity Provider(Idp)
Angela has chosen to federate with other organizations to allow use of services that each organization provides. What role does Angela's organization play when they authenticate their users and assert that those users are valid to other members of the federation?
A walk-through
As part of their yearly incident response preparations, Ben's organization through a sample incident step by step to validate what each person will do in the incident. What type of exercise is this?
Point-to-point
Bart knows that there are two common connection methods between Wifi devices. Which of the following best describes ad hoc mode?
tcpdump
Bart needs to assess whether a three-way TCP handshake is occurring between a Linux server and a windows workstation. He believes that the workstation is sending a SYN but is not sure what is occurring next. If he wants to monitor the traffic, he knows that the Linux system does not provide the GUI, what took should he use to view that traffic
Dumpster diving
Ben searches through an organizations trash looking for sensitive documents, internal notes, and other useful information. What term best describe this type of activity?
RAID 10
Ben wants to implement a RAID array that combines both read and write performance while retaining data integrity if a drive fails. Cost is not the concern compared to the speed and resilience. What RAID type should he use?
A honeynet
Ben wants to observe malicious behavior targeted at multiple systems on a network. He sets up a variety of systems and instruments to allow him to capture copies to attack tools and to document all the attacks that are conducted. What has he set up?
LDAPS
Bonita has discovered that her organization is running a service on TCP port 636. What secure protocol is most likely in use?
MSSP (Managed Security Service Provider)
Brenda's company provides a managed incident response service to its customers. What term best describes this type of service offering?
steganography
Brian discovers that a user suspected of stealing sensitive information is posting many image files to a message board. What technique might the individual be using to hide sensitive information in those images?
SCADA (supervisory control and data acquisition)
Brian has deployed a system that monitors sensors and uses that data to manage the power distribution for the power company that he works for. Which of the following terms is commonly use to describe this type of control and monitoring solution?
API-based CASB
Brian is selecting a CASB for his organization and he would like to use an approach that interacts with the cloud provider directly. Which CASB approach is most appropriate for his needs?
Integrity
Brian ran a penetration test against a school's grading system and discovered a flaw that would allow students to alter their grades by exploiting a SQL injection vulnerability. What type of control should he recommend to the school's cybersecurity team to prevent students from engaging in this type of activity?
Resource policy
Brian would like to limit the ability of users inside his organization to provision expensive cloud server instances without permission. What type of control would best help him achieve this goal?
White-box testing
Bruce is conducting a penetration test for a client. The client provided him with details of their systems in advanced. what type of test is bruce conducting?
Directory service
Charles has implemented LDAP for his organization. What type of service has he enabled?
Performing user input validation
Charles is worried about users conducting SQL injection attacks. Which of following solutions will best address his concerns?
Tail
Charles wants to monitor changes to log file via a command line in real time. Which of the following command-line Linux tools will let him see the last lines of a log file as they change?
windows security log
Chris has turned on logon auditing for a windows system. Which log will show them?
Integrity
Chris is responding to a security incident that compromised one of his organization's web servers. He believes that the attackers defaced one or more pages on the website. What cyber security objective did this attack violate?
UEFI/Measured boot
Chris wants systems that connect to his network to report their boot processes to a server where they can e validated before being permitted to join the network. What technology should he use to do this on the workstations?
TAXII
Cindy wants to send threat information via a standardized protocol specifically designed to exchange cyber threat information. What should she choose?
pathping
Connor believes that there is an issue between his organizations network and a remote web server and he wants to verify this be checking each hop along the route. Which tool should be use if he is testing from a windows 10 system?
Snapshots
Cynthia wants to clone a VM. What should she do to capture a live machine, including the machine state?
SAE
Daniel knows that WPA3 has added a method to ensure that brute-force attacks against weak preshared keys are less likely to succeed. What is this technology called?
Wireshark
Danielle wants to capture traffic from a network so that she can analyze a VoIP conversation. Which of the following tools will allow her to review the conversation most effectively?
Mikes public key
David would like to send Mike a message using an asymmetric encryption algorithm. what key should he use to encrypt the message?
Lateral movement
During a penetration test, Patrick deploys that toolkit on a compromised system and uses it to gain access to other systems on the same network. What term best describes this activity?
An evil twin
During a site survey, Chris discovers that there are more access points broadcasting his organizations SSID than he expected there to be. What type of wireless attack has he likely discovered?
Improper error handling
During a web application test, Ben discovers that the application shows SQL code as part of an error provided to application users. what should he note in his report?
Insider, hacktivist
Edward was a government contractor who disclosed sensitive gov documents to a journalists to uncover what he believed were unethical activities. Which two following terms best describes edwards activities?
RADIUS
Elaine wants to implement an AAA system. Which of the following is an AAA system she could implement?
Use a degausser
Elaine wants to securely erase the contents of a tape used for backups in her organizations tape library. What is the fastest secure erase method available to her that will allow the tape to be reused?
SRTP (Secure Real-Time Transport Protocol)
Elle is implementing a VoIP telephony system and wants to use secure protocols. If she has already implemented SIPS, which other protocol is she most likely to use?
Continuous Delivery
Every time Susan checks code into her organizations code repository, it is tested and validated, and then if accepted, it is immediately put into production. What is the term for this?
Air gaped
Florian wants to unsure that systems on a protected network cannot be attacked via the organizations network. What design technique should he use to ensure this?
Buffer overflow
Frank is investigating a security incident where the attacker entered a very long string into an input field, which was followed by a system command. What type of attack likely took place?
Implement and use a data classification scheme
Frank's organization is preparing to deploy to a data loss prevention (DLP) system. What key process should they undertake they deploy it?
The provider must maintain security patches on the host operating system
Frans organization uses Type hypervisor to implement an IaaS offering that it sells to customers. which one of the following security controls is least applicable to this environment?
out-of-band management
Fred wants to ensure that the administrative interfaces for the switches and routers are protected so that they cannot be accessed by attackers. Which of the following solutions should he recommend as part of his organizations network design?
Containerization
Fred's company issues devices in a BOYD model. That means that Fred wants to ensure that corporate data and applications are kept separate from personal applications on the devices. What technology is best suited to meet this need?
RAID 1
Gabby wants to implement a mirrored drive solution. What RAID level does this describe?
POPS, IMAPS, HTTPS
Gary wants to use secure protocols for email access for his end users. Which of the following groups of protocols should he implement to accomplish this task?
dev.www.mydomain.com
Glenn recently obtained a wildcard cert for *.mydomain.com. which one of the following domains would not be covered by this cert?
Footprinting
Grace would like to determine the operating system running on a system that she is targeting in a penetration test. Which one of the following techniques will most directly provide her with this information?
Supply chain
Greg believes that an attacker may have installed malicious firmware in a network device before it was provided to his organization by the supplier. What type of threat vector does this best describes this attack?
Network- based DLP
Greg is implementing a data loss prevention system. He would like to ensure that it protects against transmissions of sensitive information by guest on his wireless network. What DLP technology would best meet his goal
Preventive
Greg recently conducted an assessment of his organizations security controls and discovered a potential gap: the organization does not use full-disk encryption on laptops. what type of control gap exists in this case?
COPE (choose your own device)
Greg wants to select a mobile device deployment method that provides employees with devices that they can use as though they've personally owned to maximize flexibility and ease of use. Which deployment model should be select?
CSA CCM (Cloud security alliance, cloud control matrix)
Greg would like to find a reference document that describes how to map cloud security controls to different regulatory standards. What document would best assist with this task?
Geographic dispersal
Gurvinder identifies a third-party datacenter provider over 90 miles away to run his redundant datacenter operations. Why has he placed the datacenter that far away?
A disaster recovery plan
Gwen is building her organization's documentation and processes and wants to create the plan for what the organization would do if her datacenter burned down. What type of plan would typically cover that type of scenario?
SaaS (Software as a Service)
Helen designed a new payroll system that she offers to her customers. She hosts the payroll system in AWS and her customers access it through the web. What tier of cloud computing best describes Helen's service?
vulnerability scans
Henry wants to check to see if services were installed by an attacker. What commonly gathered organizational data can he use to see if a new service appeared on systems?
containment
Hitesh wants to keep a system online but limit the impact of malware that was found on it while an investigation occurs. What method from the following list should he use?
helps ensure that a single failure - due to a vendor, vulnerability , or misconfiguration- will not impact an entire organization
How does technology diversity help ensure cybersecurity resilience ?
All should have equal weight
Howard is assessing the legal risks of his organization based upon its handling of PII. The organization is based in the US, handles the data of customers located in Europe, and stores information in Japanese datacenters. What law would be most important to Howard during his assessment?
Sensitivity
Ian has been receiving hundreds of false positive alerts from his SIEM every night when scheduled jobs run across his datacenter. What should he adjust on his SIEM to reduce the false positive rate?
2
If Acme widgets switched to an asymmetric encryption algorithm, how many keys would be required to add the 11th employee?
Davids private key
If david wishes to digitally sign the message that he is sending Mike. What key would be use to create the digital signature ?
SaaS (Software as a Service)
In what cloud security model does the cloud service provider bear the most responsibility for implementing security controls?
IaaS (Infrastructure as a Service), and PaaS(Platform as a Service)
In which of the following cloud categories are customers typically charged based on the number of virtual instances dedicated to their use?
Password complexity requirements
Is the least effective means of preventing shared accounts
PEAP (Protected Extensible Authentication Protocol)
Isabelle needs to select the EAP protocol that she will use with her wireless network. She wants to use a secure protocol that does not require client devices to have a certificate, but she does want to require mutual authentication. Which EAP protocol should she use?
Risk Compliance
Jades organization recently suffered a breach that affected stored credit card data. Jades primary concern is the fact that the organization is subject to sanctions for violating the provisions of the payment card industry data security standard. what category of risk is concerning jade?
Disable ARP on all accessible ports
James is concerned about preventing broadcast storms on his network. Which of the following solutions is not a useful method of preventing broadcast storms on his network ?
A captive portal
Jerome wants to allow guest to use his organizations wireless network, but he does not want to provide preshared key. What solution can he deploy to gather information such as email addresses or other contact information before allowing users to access his open network?
When the machine is off
Jim configured a windows machine with the built in Bit-Locker full disk encryption tool. When is the machine least vulnerable to having data stolen from it?
journalctl
Jim wants to view log entries that describe actions taken by applications on a CentOS Linux system. Which of the following tools can he use on the system to view those logs?
John and Ripper
Joanna recovers a password file with stored as MD5 hashes. What tool can she use to crack the passwords?
Parameter pollution
Joe checks his web server logs and sees that somone sent the following query string to an application running on the server: http://www.mycompany.com/servicestatus.php?serviceID=892&serviceID=892'; DROP TABLE services; What type of attack was most likely attempted?
Timing-based SQL injections
Joe is examining the logs for his web server and discovers that a user sent input to a web application that contained the string WAITFOR. What type of attack was the user likely attempting?
Directory traversal
Joes adventures in web server log analysis are not yet complete. As he continues to review the logs, he finds the request: http://www.mycompany.com/../../../etc/password] What type of attack was most likely attempted ?
Robotic centuries
Kathleen wants to discourage potential attackers from entering the facility she is responsible for. Which of the following is not a common control used for this type of preventive defense?
Internet RFCs
Ken is conducting threat research on Transport Layer Security(TLS) and would like to consult the authorized reference for the protocols technical specification. What resource would best meet his needs?
vertical scaling
Kevin discovered that his web server was being overwhelmed by traffic, causing a CPU bottleneck. Using the interface offered by his could service provider , he added another CPU to the server. What term best describes Kevin's action?
Certificate stapling
Kevin is configuring a web server to use digital certificates. What technology can he use to allow clients to quickly verify the status of that digital certificate without contacting a remote server?
Red Team
Kevin is participating in a security exercise for his organization. His role in the exercise is to use hacking techniques to attempt to gain access to the organization's systems. What role is kevin playing in this exercise?
Elasticity
Kevin would like to ensure that his software runs on a platform that is able to expand and contract as needs change. Which one of the following terms best describes his goal?
CASB
Kira would like to implement a security control that can implement access restrictions across all of the SaaS solutions used by her organization. What control would best meet her needs?
White-hat
Kollin is a penetration tester who works for a cyber security company. His firm was hired to conduct a penetration test against a health-care system, and Kolin is working to gain access to the systems belonging to a hospital in that system. What term best describes Kolins work?
Persistence
Kyle is conducting a penetration test. After gaining access to an organizations database server, he installs a backdoor on the server to grant himself access in the future. What term best describes this action?
PSK (pre-shared key)
Laura wants to deploy a WPA2 secured wireless for her small business, but she doesn't have a RADIUS server set up. If she wants her Wi-Fi to be encrypted, what is her best option for wireless authentication?
Rules of engagement
Lila is working on a penetration testing team and she is unsure whether she is allowed to conduct social engineering as part of the test. What document should she consult to find this information?
Host Intrusion Detection System (HIDS)
Liv want to install a host-based security package that can detect attacks against the system coming from the network, but she does not want to take the risk of blocking the attacks since she fears that she might inadvertently block legitimate traffic. What type of tool could she install that will meet this requirement?
Compensating
Lou mounted the sign below * beware of dog* on the fence surrounding his organization's datacenter. What control type best describes this control?
Rasberry Pi
Lucca is prototyping an embedded system that wants to use a device that can run a full Linux operating system so that he can install and use a firewall and other security software to protect a web service he will run on it. Which of the following solutions should he use?
Phishing
Lucca's organization runs a hybrid datacenter with systems in microsoft's Azure cloud and in a local facility. Which one of the following attacks is on that he can establish controls for in both locations?
Text messages and multimedia messages
Madhuri disables SMS, MMS, and RCS on phones in her organization. What has she prevented from being sent?
Active/active
Madhuri is designing a load-balancing configuration for her company and wants to keep a single node from being overloaded. What type of design will meet this need?
In the photo's metadata
Madhuri wants to check a PNG-formatted photo for GPS coordinates. Where can she find that information if it exists in the photo?
Motion-detecting cameras
Madhuri wants to implement a camera system but is concerned about the amount of storage space that the video recordings will require. What technology can help with this?
Isolation
Mark unplugs the network connection from a system that is part of an incident and places tape over its ethernet jack with a sign that says " Do not reconnect without approval from IR team." How is this method best describes ?
Managerial control
Matt is updating the organizations threat assessment process. what category of control is Matt implementing?
capability
Megan's organization uses the Diamond Model of Intrusion Analysis as part of their incident response process. A use in Megan's organization has discovered a compromised system. What core feature would help her determine how the compromise occurred?
Low CER
Melisaa is planning on implementing biometric authentication on her network. Which of the following should be her goal for any biometric solution she selects?
syslog-ng
Michael wants to log directly to a database while also using TCP and TLS to protect his log information and to ensure it is received. What tool should be use?
Something you can do
Michelle enables the Windows 10 picture password feature to control logins for her laptop. Which type of attribute will it provide?
Geofencing
Michelle has deployed iPads to her staff who work for her company's factory floor. She wants to ensure that the devices work only in the factory and that if they are taken home they cannot access business data or services. What type of solution is best suited to her needs?
Air-gap
Michelle wants to ensure that attackers who breach her network security perimeter cannot gain control of the systems that run industrial processes her organization uses as part of her business. What type of solution is best suited to this?
An allow list application
Michelle wants to prevent unauthorized applications from being installed on a system. What type of tool can she use to allow only permitted applications to be installed?
Shared Secret key
Mike is sending David an encrpyted message usinga symmetric encryption algorithm. What key should he use to encrypt the message?
Bollards
Mike wants to stop vehicles from traveling toward the entrance of his building. What physical security control should he implement?
21- FTP, 23 - Telnet, 80 - HTTP
Naomi has discovered the following TCP ports open on a system she wants to harden. Which ports are used for unsecure services and this should be disabled to allow their secure equivalents to continue to be used?
Text message-based phishing
Naomi receives a report of smishing. What type of attack should she be looking for ?
Load balancer
Naomi wants to deploy a tool that will allow her to scale horizontally while also allowing her to patch systems without interfering with traffic to her web server. What type of technology should she deploy?
arp /a
Nick wants to display the ARP cache for a windows system. What command she he run to display the cache?
Typosquatting
Nicole accidently types www.smazon.com into her browser and discovers that she is directed to a different site loaded with ads and pop-ups. Which of the following is the most accurate description of the attack she has experienced?
weak encryption
Nina's organization uses SSH keys to provides secure access between systems. Which of the following is not a common security concern when using SSH keys
Confidentiality
Nolan is writing an after action report on a security breach hat took place in his organization. The attackers stole thousands of customer record sfrom the organizations database. What cyber security principal was most impacted in this breach?
Bluesnarfing Attack
Octavia discovers that the contact list from her phone has been acquired via a wireless attack. Which of the following is most likely the culprit ?
Of the threat vectors listed here, which one is most commonly exploited by attackers who are at a distant location?
Account policies
Password complexity, password history, password reuse are all examples of what?
Parameterized queries
Precompiled SQL statements that only require variables to be input are an example of what type of application security protocol?
Read-Only
Renee is configuring her vulnerability management solution to perform credentialed scans of servers on her network. What type of account should she provide to the scanner?
Differential backup
Rick performs a backup that captures the changes since the last full backup. What type of backup has he performed?
Run the scan in a test environment
Ryan is planning to conduct a vulnerability scan of a business-critical system using dangerous plug-ins. what would be the best approach for the initial scan?
Third-party control
Ryan is selecting a new security control to meet his organizations objectives. He would like to use it in their multicloud environment and would like to minimize the administrative work required from his fellow technologists. what approach would best meet his needs?
Documented restoration order
Sally is working to restore her organizations operations after a disaster took her datacenter offline. What critical document should she refer to as she restarts the system?
Geofencing
Samantha wants to set an account policy that ensures that devices can be used only while the user is in the organizations main facility. What type of account policy should she set?
Offline backup
Scott sends his backups to a company that keeps them in a secure vault. what type of backup solution has he implemented?
OpenID
Scott wants to allow users to bring their own credentials to his website so that they can log in using a Google or Microsoft account without giving him their passwords. What protocol can he use that will allow those users to grant the website access to their information?
Watering Hole Attack
Selah infects the ads on a website that users from her target company frequently visit with malware as part of her penetration test. what technique has she used?
Exploitation
Selah is following the Cyber Kill Chain model and has completed the delivery phase. What step is next according to the kill chain?
Invoice scam
Sharif receives a bill for services he does not believe his company requested or had performed. what type of social engineering technique is this?
Cloning
Skimming attacks are often associated with what next step by attackers?
retention policies
Susan has discovered that an incident took place on her network almost six months ago. As she prepares to identify useful data for the incident, which common policy is most likely to cause her difficulties during her investigation?
Remote wipe and FDE (Full device encryption)
Susan wants to ensure that the threat of a lost phone creating a data breach is minimized. What two technologies should she implement to do this?
False positive
Tara recently analyzed the results of a vulnerability scan report and found that a vulnerability reported by the scanner did not exists because the system was actually patched as specified. What type of error occurred?
A race condition
The application that Scott is writing has a flaw that occurs when two operations are attempted at the same time, Resulting in unexpected results when the two actions do not occur in the expected order. what type of flaw does the application have?
A microcontroller, and on physical security
The company that Hui works for as built a device based on an Arduino and wants to standardize its deployment across the entire organization. What type of device has a Hui's organization deployed, and where should she place her focus on securing it?
Attackers may steak the SIM cards from the devices and use them for their own purposes
The company that Theresa works for has deployed IoT sensors that have built-in cellular modems for communication back to a central server. What issue may occur if the devices can be accessed by attackers?
An RTOS
The organization that Lynn works for wants to deploy an embedded system that needs to process data as it comes in to the device without processing delays or other interruptions. What type of solution does Lynn's company need to deploy?
Storage segmentation
Theresa has implemented technology that keeps data for personal use separate from data for her company on mobile devices used by members of her staff. What is this concept called?
RBAC
Theresa wants to implement an access control scheme that sets permissions based on what the individuals jobs requires. Which of the following schemes is most suited to this type of implementation?
Development
Tim is working on change to a web application used by his organization to fix a known bug. What environment should he be working in?
Code signing
Tom is a software developer who creates code for sale to the public. He would like to assure his users that the code they receive actually came from him. What technique can he use to best provide this assurance?
Unavailable of future patches
Tom's organization recently learned that the vendor is discontinuing support for their customer relationship management (CRM) system. What should concern tom the most from a security prospective
Strategic
Tony is reviewing that status of his organizations defenses against a breach of their file server. He believes that a compromise of the file server could reveal information that would prevent the company from continuing to do business. What term best describes the risk that tony is considering?
Public cloud
Tony purchases virtual machines from Microsoft Azure and uses them exclusively for use by his organization. What model of cloud computing is this?
Deterrent
Tonya is concerned about the risk that an attacker will attempt to gain access to her organization's database server. She is searching for a control that would discourage the attacker from attempting to gain access/ what type of security control is she seeking to implement?
Time-based one-time passwords
Trevor is deploying the google authenticator mobile application for use in his organization. What type of one-time password does Google Authenticator use in its default mode?
Insecure direct object reference
Upon further inspection, joe finds a series of thousands of request to the same URL coming from a single IP address. Example: http://www.mycompany.com/servicestatus.php?serviceID=1 http://www.mycompany.com/servicestatus.php?serviceID=2 http://www.mycompany.com/servicestatus.php?serviceID2=3 http://www.mycompany.com/servicestatus.php?serviceID=4 http://www.mycompany.com/servicestatus.php?serviceID=5 What type of vulnerability was the attacker likely trying to exploit?
Shadow IT
Ursula recently discovered that a group of developers are sharing information over a messaging tool provided by a cloud vendor but no sanctioned by her organization. What term best describes this use of technology?
Transit Gateway(TGW)
Ursula would like to link the networks in her on-premises datacenter with cloud VPCs in an secure manner. What technology would help her best achieve this goal?
SSH, port 22
Valarie wants to replace the telnet access she found still in use in her organization. Which protocol should she use to replace it, and what port will run on it?
AES
Vince is choosing asymmetric encyrption algorithm for use in his organization. He would like to choose the strongest algorithm from the choices below. What algorithm should he choose?
IoC
Vince recently received the hash values of malicious software that several other firms in his industry found installed on their systems after a compromise, What term best describes this information
Edge computing
Wanda is responsible for a series of seismic sensors placed at remote locations. These sensors have low-bandwidth connections and she would like to place computing power on the sensors to allow them to preprocess data before it is sent back to the cloud. What term best describes this approach?
A browser plug-in
Wayne is concerned that an on-path attack has been used against computers he is responsible for. What artifact is he most likely to find associated with this attack?
session cookie
Wendy is a penetration tester who wishes to engage in a session hijacking attack. What information is crucial for Wendy if her attack will be successful?
API keys
Wendy is scanning cloud-based repositories for sensitive information. Which on of the following should concern her most, if discovered in a public repository?
face recognition and fingerprint
What are the two most commonly deployed biometric authentication solutions for mobile devices?
HIPAA
What compliance regulation most directly affects the operations of a healthcare provider?
Tokenization
What data minimization technique replaces personal identifiers with unique identifiers that may be cross-referenced with a lookup table?
An unencrypted HTTP connection
What does an SSL stripping attack look for to perform an on-path attack?
most costly
What factor is a major reason organizations do not use security guards?
To generate, manage, and securely store cryptographic keys
What is HSM used for?
Privacy
What is the most frequent concern that leads to GPS tagging being disabled by some companies via MDM tool?
SFlow samples only network traffic, meaning that some detail will be lost
What is the primary concern with SFlow in a large, busy network?
XML
What language is STIX based on?
the cloud service will provide account and identify management services
What major difference is likely to exist between on-premises identity services and those used in a cloud-hosted environment ?
ISACs
What organizations did the US government help create to help share knowledge between organizations in specific verticals?
TLS (Transport Layer Security)
What protocol is used to securely wrap many otherwise insecure protocols?
Powershell
What scripting environment is native to windows systems?
USB-OTG (on-the-go)
What standard allows USB devices like cameras, keyboards, and flash drives to be plugged into mobile devices and used as they normally would be?
Distributing them in a parkinglot as if they were dropped
What technique is most commonly associated with the use of malicious flash drives by penetration test?
It is digitally signed
What technique is used to ensure that DNSSEC-protected DNS information is trustworthy?
Control objectives
What term best describes an organizations desired security state?
Data in motion
What term best describes data that is being sent between two systems over a network connection?
EDR
What term is used to describe tools focused on detecting and responding to suspicious activates occurring on endpoints like desktops, laptops, and mobile devices?
SOAR
What tool is specifically designed to support incident responders by allowing unified, automated responses across an organization ?
Agent-based, pre-admission NAC
What type of NAC will provide Isaac with the greatest amount of information about the systems that are connecting while also giving him the most amount of control of systems and their potential impact on other systems that are connected to the network?
DAC(Discretionary Access Control)
What type of access control scheme best describes the Linux filesystem?
Behavorial
What type of assessment is particularly useful for identifying insider threats?
Brute force
What type of attack does an account lockout policy help to prevent?
Man-In-the-Middle
What type of attack places an attacker in the position to eavesdrop on communications between a user and a web server?
DOM-based XSS
What type of cross-site scripting attack would not be visible to a security professional inspecting HTML source code in a browser?
EV(extended validation certificates)
What type of digital certificate provides the greatest level of assurance that the certificate owner is who they claim to be?
spear phishing
What type of phishing targets a specific groups of employees, such as all managers in the financial department of a company?
Warm sites
What type of recovery site has some or most systems in place but does not have the data needed to take over operations?
HSM(Hardware Security Module)
What type of security solution provides a hardware platform for the storage and management of encryption keys?
Davids public key
When Mike receives the digitally signed message from David, what key should be use to verify the digital signature?
mikes private key
When mike receives the message that David encrypted for him, what key should he use to decrypt the message?
Vishing
When you combine phishing with Voice over IP, it is known as?
Hybrid Cloud
Which cloud computing deployment model requires the use of unifying technology platform to tie together components from different providers?
CVE
Which element of the SCAP framework can be used to consistently describe vulnerabilities?
Fingerprint Scanner
Which of the following biometric technologies is most broadly deployed due to its ease of use and acceptance from end users?
Two-person control
Which of the following controls help prevent insider threats?
Frequent Flyer number
Which of the following data elements is not commonly associated with identity theft?
Compute
Which of the following is not a common constraint of an embedded system?
Allocation
Which of the following is not a common goal of a cyber security attacker?
Avoiding use of other organizations IP addresses
Which of the following is not a typical reason to use an IP addressing schema in an enterprise ?
Use of weak encryption
Which of the following is not a typical security concern with MFPs?
Documentation and reporting
Which of the following is not one of the four phases in COOP?
Memory
Which of the following is not typically part of a SoC?
Following someone through a door they just unlocked
Which of the following is the best description of tailgating?
Anonymous
Which of the following is the best exampled of hacktivist group?
Detail
Which of the following measures is not commonly used to access threat intelligence?
Cloud computing customers provision resources through the service provider's sales team
Which of the following statements about cloud computing is incorrect?
IPv6's NAT implementation is insecure
Which of the following statements about security implications of IPv6 is not true?
Controls used to fulfill one PCI DSS requirement may e used to compensate for the absence of a control needed to meet another requirement
Which of the following statements is not true about compensating controls under PCI DSS
Nation-state actors
Which of the following threat actors typically has the greatest access to resources?
PR(privilege's required)
Which one of the CVSS metrics would contain information about the type of account access that an attacker must have to execute an attack?
bug bounty
Which one of the following assessment techniques is designed to solicit participation from external security experts and reward them for discovering vulnerabilities?
Nation-state actor
Which one of the following attackers is most likely to be associated with an APT?
PFX(Personal Information Exchange)
Which one of the following certificate formats is closely associated with Windows binary certificate files?
Tokenization
Which one of the following data protection techniques is reversible when conducted properly?
port scans
Which one of the following information sources would not be considered an OSINT source?
Preventing injection attacks
Which one of the following is not an advantage of database normalization
Using cloud provider's web interface to provision resources
Which one of the following is not an example of infrastructure as code?
Threat hunting
Which one of the following security assessment techniques assumes that an organization has already been compromised and searches for evidence of that compromise?
Metasploit
Which one of the following security assessment tools is least likely to be used during the reconnaissance phase of a penetration test?
Root CA
Which one of the following servers is almost always an offline CA in a large PKI Deployment
All cryptographic keys should be kept secret
Which one of the following statements about cryptographic keys is incorrect ?
threat maps
Which one of the following threat research tools is used to visually display info about the location of threat actors
Web application vulnerability scanner
Which one of the following tools is most likely to detect an XSS vulnerability?
Low
Which one of the following values for the CVSS attack complexity metric would indicate that the specified attack is the simplest to exploit?
CRM (Customer Relationship Management)
Which one of the following would not commonly be available as an IaaS service offering?
Management
Which team member acts as a primary conduit to senior management on an IR team?
RFID (radio frequency identification)
Which wireless technology is frequently used for door access cards?
Used to stop unwanted EMI
Why are Faraday cages deployed?
medium
kevin recently identified a new security vulnerability and computed its CVSS base score as 6.5. Which risk category would this vulnerability fall into?
Hypervisor
what component of Virtualization platform is primarily responsible for preventing VM escape attacks?
identification
what phase in the incident response process leverages indicators of compromise and log analysis as part of a review of events?
Data Encryption
what technology uses mathematical algorithms to render information unreadable t those lacking the required key?
stream cipher
what type of cipher operates on one character of text at a time?
nation-state
what type of malicious actor is most likely to use hybrid warfare?
Nonrepudiation
which one of the following objectives is not one of the three main objectives that information security professionals must achieve to protect their organizations against cybersecurity threats?
Agile
which one of the following software development models focuses on the early and continuous delivery of software?
SMS
which type of multifactor authentication is considered the least secure?
