SEC+ Exam A
What is the Microsoft Powershell script file?
.ps1
What extension can be used for cross platform general purpose programming language?
.py
What extension can be used for a script file type designed to be run in UNIX command line?
.sh
What is another way to refer to a directory traversal attack?
A dot-dot-slash attack
What is a characteristic feature of a spraying attack?
A short list of commonly used passwords tried against large number of user accounts
What is a fileless virus?
A type of malware that resides only in RAM
What enables the exchange of information between computer programs?
API
What statements can be used to describe the characteristics of an on path attack?
An on-path attack is also known as MITM attack
The practice of sending unsolicited messages over Bluetooth is known as what?
Bluejacking
Which of the following refers to unauthorized data access of a Bluetooth device over a Bluetooth wireless network?
Bluestripping
Providing a high and low estimate in order to entice a more specific number is the definition of what?
Bracketing
A type of exploit that relies on overwriting contents of memory to cause unpredictable results in an application called?
Buffer overflow
When you attempt to use your smartphone to connect to the coffee shop Wi-Fi, you are presented with the web page shown below. What has been configured to require web page authentication prior to your gaining Internet access?
Captive portal
What can a malicious USB Cable be used for?
Capturing keystrokes,Sending and receiving commands,Delivering and executing malware,GPS tracking
Collecting evidence and preserving the admissibility of the evidence is what forensic technique?
Chain of custody
What is the BEST way to prevent Cross-Site Request Forgery attacks?
Check the referrer field in the HTTP header
A video game company is working on a patch to its newest game. The company requires all patches to go through the intensive testing prior to distributing them to the online environment. What should the administrator use to test the patching process quickly and often?
Create a virtualized sandbox and utilize snapshots
Threat actors whose sole intent behind breaking into a computer system or network is monetary gain are known as:
Criminal syndicates
A collection of precompiled functions designed to be used by more than one Microsoft Windows application simultaneously to save system resources is known as?
DLL
Which term best reflects what is happening in the exhibit? CMD WITH NSLOOKUP?
DNS
A wireless disassociation attack is a type of what?
Deauthentication attack
DeeDee wants to send a file to Juan. She wants to ensure he knows it was sent from her. What should DeeDee use to ensure Jaun knows DeeDee is the sender?
DeeDee's private key
A wireless jamming attack is a type of what?
Denial-of-Service (DoS) attack
NFC Vulnerabilities
Denial-of-Service (DoS) attacks,Replay attacks,Data interception
What should you do to secure a switch from physical access?
Disable unused ports
You need to create a plan in the event of a complete loss due to unforseen events. What plan is the organization MOST likely to develop?
Disaster recovery
What factor has the biggest impact reputation of a domain?
Distribution of spam
Which cryptographic approach uses points on a curve to define public and private key pairs?
ECC
PKI relies on a pair of symmetric keys in which all users must publish their private key to the system to enable senders to encrypt email messages?
False
You want to enable a third factor to an existing multifactor authentication. You currently implement smart card and password. What would meet the organizations need for a third factor?
Fingerprints
You have just been assigned the role of DPO. Which privacy regulation do you fall under?
GDPR
What term best describes a person who breaks into a computer network or system for socially motivated purpose?
Hacktivist
What are the contents of a rainbow table?
Hash/Password
Which term describes an intentionally vulnerable computer used to track malicious activity?
Honeypot
You work for an international corporation that conducts a great deal of transborder data exchange between other countries. Which standard framework should your company be compliant with?
ISO 27000 series
Which social engineering attack relies in identity theft?
Impersonation
What would the benefit be for encrypting an individual file on a hard drive which already deploys full disk encryption?
Individually encrypted files will remain encrypted when copied to external media
What term describes a legitimate employee that abuses access to a companys internal resources?
Insider threat
To give a contractor network access quickly, a network administrator adds the contractor account to the Windows Administrators group. Which security principle does this violate?
Least privilege
What are typical attributes of a script kiddie file?
Low level of technical sophistication
An attacker changed the physical address of his NIC to assume the identity of a different network host is known as?
MAC spoofing
When companies work together under a Memorandum of understanding what is one of the GREATEST security risks?
MOUs are generally loose agreements and therefore may not have strict guidelines in place to protect sensitive data between the two entities.
What term does not relate to a direct access threat vector?
Malicious URL
A situation in which an application fails to properly release memory allocated to it or continually requests more memory that required is what?
Memory leak
What is the most common format in which Certificate Authorities issue certificates?
PEM
Code Kings, LLC, a software development company wants to keep their production overhead to a minimum by not purchasing a lot of networking systems and associated licenses. The owner of the company wants the employees to focus on just writing programs, generating data, and running it on a cloud providers server. What cloud model will facilitate this business plan?
PaaS
URL redirection is a characteristic feature of?
Pharming
what wireless technology enables identification and tracking of tags attached to objects?
RFID
What terms refer to a software/hardware driver manipulation techniques?
Refactoring,Shimming
What indicates an SQL Injection attack attempt?
SELECT * FROM users WHERE userName = 'Bobby' AND password = '' OR '1' = '1';
What type of exploit allows an attacker to take control over a server and use it as a proxy for unauthorized actions?
SSRF
Your company needs to implement secure authentication to third party websites without user passwords. What would be the BEST way to achieve this objective?
Security Assertion Markup Language (SAML)
The web developers at your company are testing their latest web site code before going live to ensure that it is robust and secure. During their testing they provide malformed URLs with additional Abnormal parameters as well as an abundance of random data. What term describes their actions?
Smartcard/PIN
Which of the following is considered multifactor authentication?
Smartcard/PIN
You are the chief security officer of widget.com and during a recent staff meeting you discover that your companys developers frequently update production servers without going through a validation/approval process. What strategy should you implement within your company to help mitigate this risk?
Smartcard/PIN
Which type of VPN configuration can use the Internet connection of a VPN client device to access Internet resources as opposed to the VPN-connected network's Internet connection?
Split tunnel
RFID Vulnerabilities
Spoofing,Eavesdropping,Data interception,Replay attacks
In social engineering, the term "Elicitation" describes the use of casual conversation to extract non public information from people without giving them the feeling they are being interrogated.
TRUE
The term "shadow IT" is used to describe software and hardware used within an organization, but outside of the organization's official IT infrastructure.
TRUE
Complex passwords are considered which type of security control?
Technical
A network administration posts a file named Networkconfigs.txt on the desktop of an administrator account on a server in the DMZ. What term best explains this?
The document is a honeyfile and is meant to attract the attention of a cyberintruder.
What is skimming?
The theft of sensitive data from a payment card
What term refer to a vulnerability caused be race conditions?
Time-of-check to time-of-use
What refers to the refers to the characteristic features of pharming?
Traffic redirection,Fraudulent website,Credential harvesting
What risk management strategy may utilize cybersecurity insurance?
Transference
A situation where a cryptographic hash function produces the same digest for two different input is known as a collision.
True
Media Access Flooding is a network attack that compromises the security of a network switch by overflowing its memory used to store the mac address table.
True
Your company will be implementing two factor authentication during the start of the next quarter. What would fulfill your company's requirement?
USB token and PIN
An organization does not have adequate resources to administer its largest infrastructure. A security administrator wishes to combine some security controls into one platform. What would best accomplish this goal?
UTM
How can users ensure that e-mail messages are not forged?
Verify the digital signatures with the sender's public key.
The practice of using a telephone system to manipulate user into disclosing information is known as what?
Vishing
What can test multiple security configurations in the least invasive manner?
Vulnerability scan
Your direct supervisor wants you to ensure that there are no exposures to well known attacks throughout the enterprise. What is the best way to do this?
Vulnerability scanning
An attacker has targeted a website that your company employees visit often. What type of attack is this?
Watering hole attack
You are responsible for two servers, Batman and Superman. Both Batman and Superman have TPM (Trusted Platform Module) chips that are fully configured to encrypt all server hard disks. The dual power supplies in Batman fail, so you remove the hard disks and place them in Superman. How can you access the contents of these moved hard disks?
You must supply a separate recovery key.