SEC+ Exam A

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

What is the Microsoft Powershell script file?

.ps1

What extension can be used for cross platform general purpose programming language?

.py

What extension can be used for a script file type designed to be run in UNIX command line?

.sh

What is another way to refer to a directory traversal attack?

A dot-dot-slash attack

What is a characteristic feature of a spraying attack?

A short list of commonly used passwords tried against large number of user accounts

What is a fileless virus?

A type of malware that resides only in RAM

What enables the exchange of information between computer programs?

API

What statements can be used to describe the characteristics of an on path attack?

An on-path attack is also known as MITM attack

The practice of sending unsolicited messages over Bluetooth is known as what?

Bluejacking

Which of the following refers to unauthorized data access of a Bluetooth device over a Bluetooth wireless network?

Bluestripping

Providing a high and low estimate in order to entice a more specific number is the definition of what?

Bracketing

A type of exploit that relies on overwriting contents of memory to cause unpredictable results in an application called?

Buffer overflow

When you attempt to use your smartphone to connect to the coffee shop Wi-Fi, you are presented with the web page shown below. What has been configured to require web page authentication prior to your gaining Internet access?

Captive portal

What can a malicious USB Cable be used for?

Capturing keystrokes,Sending and receiving commands,Delivering and executing malware,GPS tracking

Collecting evidence and preserving the admissibility of the evidence is what forensic technique?

Chain of custody

What is the BEST way to prevent Cross-Site Request Forgery attacks?

Check the referrer field in the HTTP header

A video game company is working on a patch to its newest game. The company requires all patches to go through the intensive testing prior to distributing them to the online environment. What should the administrator use to test the patching process quickly and often?

Create a virtualized sandbox and utilize snapshots

Threat actors whose sole intent behind breaking into a computer system or network is monetary gain are known as:

Criminal syndicates

A collection of precompiled functions designed to be used by more than one Microsoft Windows application simultaneously to save system resources is known as?

DLL

Which term best reflects what is happening in the exhibit? CMD WITH NSLOOKUP?

DNS

A wireless disassociation attack is a type of what?

Deauthentication attack

DeeDee wants to send a file to Juan. She wants to ensure he knows it was sent from her. What should DeeDee use to ensure Jaun knows DeeDee is the sender?

DeeDee's private key

A wireless jamming attack is a type of what?

Denial-of-Service (DoS) attack

NFC Vulnerabilities

Denial-of-Service (DoS) attacks,Replay attacks,Data interception

What should you do to secure a switch from physical access?

Disable unused ports

You need to create a plan in the event of a complete loss due to unforseen events. What plan is the organization MOST likely to develop?

Disaster recovery

What factor has the biggest impact reputation of a domain?

Distribution of spam

Which cryptographic approach uses points on a curve to define public and private key pairs?

ECC

PKI relies on a pair of symmetric keys in which all users must publish their private key to the system to enable senders to encrypt email messages?

False

You want to enable a third factor to an existing multifactor authentication. You currently implement smart card and password. What would meet the organizations need for a third factor?

Fingerprints

You have just been assigned the role of DPO. Which privacy regulation do you fall under?

GDPR

What term best describes a person who breaks into a computer network or system for socially motivated purpose?

Hacktivist

What are the contents of a rainbow table?

Hash/Password

Which term describes an intentionally vulnerable computer used to track malicious activity?

Honeypot

You work for an international corporation that conducts a great deal of transborder data exchange between other countries. Which standard framework should your company be compliant with?

ISO 27000 series

Which social engineering attack relies in identity theft?

Impersonation

What would the benefit be for encrypting an individual file on a hard drive which already deploys full disk encryption?

Individually encrypted files will remain encrypted when copied to external media

What term describes a legitimate employee that abuses access to a companys internal resources?

Insider threat

To give a contractor network access quickly, a network administrator adds the contractor account to the Windows Administrators group. Which security principle does this violate?

Least privilege

What are typical attributes of a script kiddie file?

Low level of technical sophistication

An attacker changed the physical address of his NIC to assume the identity of a different network host is known as?

MAC spoofing

When companies work together under a Memorandum of understanding what is one of the GREATEST security risks?

MOUs are generally loose agreements and therefore may not have strict guidelines in place to protect sensitive data between the two entities.

What term does not relate to a direct access threat vector?

Malicious URL

A situation in which an application fails to properly release memory allocated to it or continually requests more memory that required is what?

Memory leak

What is the most common format in which Certificate Authorities issue certificates?

PEM

Code Kings, LLC, a software development company wants to keep their production overhead to a minimum by not purchasing a lot of networking systems and associated licenses. The owner of the company wants the employees to focus on just writing programs, generating data, and running it on a cloud providers server. What cloud model will facilitate this business plan?

PaaS

URL redirection is a characteristic feature of?

Pharming

what wireless technology enables identification and tracking of tags attached to objects?

RFID

What terms refer to a software/hardware driver manipulation techniques?

Refactoring,Shimming

What indicates an SQL Injection attack attempt?

SELECT * FROM users WHERE userName = 'Bobby' AND password = '' OR '1' = '1';

What type of exploit allows an attacker to take control over a server and use it as a proxy for unauthorized actions?

SSRF

Your company needs to implement secure authentication to third party websites without user passwords. What would be the BEST way to achieve this objective?

Security Assertion Markup Language (SAML)

The web developers at your company are testing their latest web site code before going live to ensure that it is robust and secure. During their testing they provide malformed URLs with additional Abnormal parameters as well as an abundance of random data. What term describes their actions?

Smartcard/PIN

Which of the following is considered multifactor authentication?

Smartcard/PIN

You are the chief security officer of widget.com and during a recent staff meeting you discover that your companys developers frequently update production servers without going through a validation/approval process. What strategy should you implement within your company to help mitigate this risk?

Smartcard/PIN

Which type of VPN configuration can use the Internet connection of a VPN client device to access Internet resources as opposed to the VPN-connected network's Internet connection?

Split tunnel

RFID Vulnerabilities

Spoofing,Eavesdropping,Data interception,Replay attacks

In social engineering, the term "Elicitation" describes the use of casual conversation to extract non public information from people without giving them the feeling they are being interrogated.

TRUE

The term "shadow IT" is used to describe software and hardware used within an organization, but outside of the organization's official IT infrastructure.

TRUE

Complex passwords are considered which type of security control?

Technical

A network administration posts a file named Networkconfigs.txt on the desktop of an administrator account on a server in the DMZ. What term best explains this?

The document is a honeyfile and is meant to attract the attention of a cyberintruder.

What is skimming?

The theft of sensitive data from a payment card

What term refer to a vulnerability caused be race conditions?

Time-of-check to time-of-use

What refers to the refers to the characteristic features of pharming?

Traffic redirection,Fraudulent website,Credential harvesting

What risk management strategy may utilize cybersecurity insurance?

Transference

A situation where a cryptographic hash function produces the same digest for two different input is known as a collision.

True

Media Access Flooding is a network attack that compromises the security of a network switch by overflowing its memory used to store the mac address table.

True

Your company will be implementing two factor authentication during the start of the next quarter. What would fulfill your company's requirement?

USB token and PIN

An organization does not have adequate resources to administer its largest infrastructure. A security administrator wishes to combine some security controls into one platform. What would best accomplish this goal?

UTM

How can users ensure that e-mail messages are not forged?

Verify the digital signatures with the sender's public key.

The practice of using a telephone system to manipulate user into disclosing information is known as what?

Vishing

What can test multiple security configurations in the least invasive manner?

Vulnerability scan

Your direct supervisor wants you to ensure that there are no exposures to well known attacks throughout the enterprise. What is the best way to do this?

Vulnerability scanning

An attacker has targeted a website that your company employees visit often. What type of attack is this?

Watering hole attack

You are responsible for two servers, Batman and Superman. Both Batman and Superman have TPM (Trusted Platform Module) chips that are fully configured to encrypt all server hard disks. The dual power supplies in Batman fail, so you remove the hard disks and place them in Superman. How can you access the contents of these moved hard disks?

You must supply a separate recovery key.


Ensembles d'études connexes

Ch.22- Lymphatic System and Immunity

View Set

Chapter 3 Prenatal development and birth

View Set

Building Materials, Fasteners, and Adhesives

View Set

Meaning of Extension in other Countries

View Set

Psychology Brain States & Consciousness

View Set

All season driving school final test 2

View Set

PSY 200 Study Guide- Mr Nichols, NWSCC

View Set

Chapter 8 History Layup Questions

View Set

Seeley's Anatomy & Physiology 11th ed Chapter 15

View Set

McFarland USA Important Vocab Words

View Set