SEC+ Exam C

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

What is the extention for a Microsoft PowerShell script file?

.ps1

Which extension can be used for cross-platform general-purpose programming language?

.py

Which extension can be used for a scripting language based on the Microsoft's Visual Basic programming language.

.vbs

What is another way to refer to a Directory traversal attack?

A dot-dot-slash attack

What is a characteristic feature of a Spraying attack?

A short list of commonly used passwords tried against large number of user accounts

An insurance company charges an additional $200 monthly premium for natural disaster coverage for your business site. What figure must you compare this against to determine whether to accept this additional coverage?

ALE

Which of the following enables the exchange of information between computer programs?

API

Your company is required to be protect and control the access to data by government regulations. The data cannot be accessible by corporate networks or the Internet. Which of the following is the BEST solution to protect the data?

An air gap

Which term fall into the category of semi-authorized hacking activities?

Blue hat

The confidentiality of the data is being protected.

Bluebourne

Gaining unauthorized access to a Bluetooth device is referred to as:

Bluesnarfing

Which of the following refers to unauthorized data access of a Bluetooth device over a Bluetooth wireless network?

Bluesnarfing

Providing a high and low estimate in order to entice a more specific number is the definiton of:

Bracketing

A type of exploit that relies on overwriting contents of memory to cause unpredictable results in an application is called:

Buffer overflow

New regulations have just been passed into law regarding data breaches and protective measures regaurding PII. Your company's Chief Security Officer (CSO) has calculated that one single breach could cost the company $700,000 at a minimum. Which of the following documents is the CSO most likely going to update?

Business impact analysis

What is a method for requesting a digital certificate?

CSR

When you attempt to use your smartphone to connect to the coffee shop Wi-Fi, you are presented with the web page shown below. What has been configured to require web page authentication prior to your gaining Internet access?

Captive portal

Collecting evidence and preserving the admissibility of the evidence is which of the following forensic technique?

Chain of custody

Which data forensic term encompasses documenting all aspects of evidence to ensure its integrity?

Chain of custody

Team members meet in an informal, classroom setting to discuss their roles during an emergency and their responses to a particular emergency situation. Decision makers help guide participants through dynamic scenarios and lead discussions on these scenarios. Which term best describes this:

Conducting a tabletop exercise

A video game company is working on a patch to its newest game (IT SIM LIFE). The company requires all patches to go through intensive testing prior to distributing them to the online environment. Which of the 8following should the administrator use to test the patching process quickly and often?

Create a virtualized sandbox and utilize snapshots

Your organization security policy requires all personnel to secure personal electronic devices outside of a security area. What did your organization determine to be a risk to its data when creating this policy?

Data exfiltration

A wireless disassociation attack is a type of?

Deauthentication attack

A wireless jamming attack is a type of?

Denial-of-Service (DoS) attack

Which of the following control types is an IDS?

Detective

What should you do to secure a switch from physical access?

Disable unused ports

Which of the following is considered a requirement for data availability?

Disaster recovery planning

Which factor has the biggest impact the reputation of a domain?

Distribution of spam

Which cryptographic approach uses points on a curve to define public and private key pairs?

ECC

What can be done to protect data after a handheld device is lost or stolen?

Execute a remote wipe.

Which of the following answers can be used to describe characteristics of a cross-site request forgery attack?

Exploits the trust a website has in the user's web browser, Website executes attacker's requests, A user is tricked by an attacker into submitting unauthorized web requests

ARP poisoning is designed to spoof the IP address in namespace records whereas DNS poison is designed to spoof physical addresses in the computer's address cache.

False

PKI relies on a pair of symmetric keys in which all users must publish their private key to the system to enable senders to encrypt email messages.

False

The two primary modes of operation for IPSEC is tunnel and transport. Tunnel mode encrypts only the data portion of the packet whereas transport mode encrypts the entire packet for added security.

False

The web developers at your company are testing their latest web site code before going live to ensure that it is robust and secure. During their testing, they provide malformed URLs with additional abnormal parameters as well as an abundance of random data. Which term describes their actions?

Fuzzing

Which of the following frameworks protects PHI?

HIPAA

Which term best describes a person who breaks into a computer network or system for socially motivated purpose?

Hacktivist

Which of the following refers to the contents of a rainbow table?

Hash/Password

Which statement best describe the attributes of an APT?

High level of technical sophistication

Which term describes an intentionally vulnerable computer used to track malicious activity?

Honeypot

You work for an international corporation that conducts a great deal of transborder data exchange between other countries. Which standard framework should your company be compliant with?

ISO 27000 series

Which social engineering attack relies on identity theft?

Impersonation

A situation in which a web form field accepts data other than expected (e.g. server commands) is an example of:

Improper input validation

Users are experiencing sporadic Wi-Fi connectivity, especially when moving farther away from the access point. Which changes should you make?

Increase the power level, Change the channel.

What would the benefit be for encrypting an individual file on a hard drive which already deploys full disk encryption?

Individually encrypted files will remain encrypted when copied to external media

Which of the following answers refers to a countermeasure against code injection?

Input validation

Which of the programming aspects listed below are critical in secure application development process?

Input validation, Error and exception handling

What is it called when a trusted third party is allowed to store an organizations sensitive PKI components?

Key escrow

An attacker changed the physical address of his NIC to assume the identity of a different network host is known as:

MAC cloning

An AI feature that enables it to accomplish tasks based on training data without explicit human instructions is called:

ML

When companies work together under a Memorandum of Understanding what is one of the GREATEST security risks?

MOUs are generally loose agreements and therefore may not have strict guidelines in place to protect sensitive data between the two entities.

What is the most commonly used DDoS attack?

Network-based

Which of the following solutions allow to check whether a digital certificate has been revoked?

OCSP, CIRT

A technique that allows an attacker to authenticate to a remote server without extracting cleartext password from a digest is called:

Pass the hash

The practice of modifying an application's code without changing its external behavior is referred to as:

Refactoring

What type of spam relies on text-based communication?

SPIT

Which of the following alters the external behavior of an application and at the same time does not introduce any changes to the application's code?

Shimming

Which of the following is considered multifactor authentication?

Smartcard/PIN

Which type of VPN configuration can use the Internet connection of a VPN client device to access Internet resources as opposed to the VPN-connected network's Internet connection?

Split tunnel

Complex passwords are considered which type of security control?

Technical

A Linux administrator enables hardware disk encryption for data drives used by a Linux server. The operating system disk is physically located in the Linux server but the data drives exist on a SAN (storage area network). Which of the following statements is true?

The confidentiality of the data is being protected.

Which of the following terms refers to a vulnerability caused by race conditions?

Time-of-check to time-of-use

What risk management strategy may utilize cybersecurity insurance?

Transference

In social engineering, the term "Elicitation" describes the use of casual conversation to extract non-public information from people without giving them the feeling they are being interrogated.

True

Media Access Control (MAC) flooding is a network attack that compromises the security of a network switch by overflowing its memory used to store the MAC address table.

True

The term "Shadow IT" is used to describe software and hardware used within an organization, but outside of the organization's official IT infrastructure.

True

How can users ensure that e-mail messages are not forged?

Verify the digital signatures with the sender's public key.

The practice of using a telephone system to manipulate user into disclosing confidential information is known as:

Vishing

Which of the following test multiple security configurations in the least invasive manner?

Vulnerability scan

Your direct superviser wants you to ensure that there are no exposures to well-known attacks throughout the enterprise. What is the BEST way to do this?

Vulnerability scanning

An attacker has targeted a website that your company employees visit often. What attack type is this?

Watering hole attack

A government contracting company wants to to protect the confidentiality of data on laptops. They want to ensure that in the event a laptop is stolen the data would still be safeguarded. Which of the following would BEST suit their needs?

Whole disk encryption with two-factor authentication

You are responsible for two servers, Batman and Superman. Both Batman and Superman have TPM (Trusted Platform Module) chips that are fully configured to encrypt all server hard disks. The dual power supplies in Batman fail, so you remove the hard disks and place them in Superman. How can you access the contents of these moved hard disks?

You must supply a separate recovery key.

Which of the following fragments of input might indicate an LDAP injection attack attempt?

administrator)(&)) AND search.aspx?name=userName)(zone=*)

A wireless disassociation attack is a type of:U

denial-of-service (DoS) attack


Ensembles d'études connexes

WGU Project Management C722, Unit 6, Module 21, 22 quiz

View Set

Chapter 28 PrepU: Assessment of Hematologic Function and Treatment Modalities

View Set

Critical Thinking, Neuroscience, & Rhetoric

View Set

Chapter 30 Abdominal and Genitourinary Injuries

View Set

Fundi CH 18: Planning Nursing Care

View Set

Chapter 2 - Working Inside Desktops and Laptops

View Set