Security+ CompTIA Exam Questions

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Which of the following answers refers to a broadband cellular network technology?

4G/5G

A strong password that meets the password complexity requirement should contain: (Select the best answer)

A combination of characters from at least 3 character groups

Which access control model defines access control rules with the use of statements that closely resemble natural language?

ABAC

Which of the cryptographic algorithms listed below is the least vulnerable to attacks?

AES

What is the PKI role of Registration Authority (RA)? (Select 2 answers)

Accepting requests for digital certificates AND Authenticating the entity making the request

Which of the account policies listed below provides a countermeasure against malicious users attempting to determine an account password by trial and error?

Account lockout

Context-aware authentication strengthens the authentication process by requiring the standard user credentials (username and password) to be coupled with additional items that can be used in the authentication process, such as:

All of the above

Examples of properties used for defining access policies in Attribute-Based Access Control (ABAC) model include:

All of the above

Examples of social media threat vectors include:

All of the above

In the context of implementing secure network designs, the term "Port security" may apply to:

All of the above

NFC is vulnerable to:

All of the above

RFID is vulnerable to:

All of the above

Which of the answers listed below refer to examples of PKI trust models?

All of the above

Which of the following measures can be used in the hardening process?

All of the above

Which of the following does not have an application in the authentication process?

All of the above can be used in the authentication process

Which of the following is not used in the process of biometric authentication?

All of the above can be used in the biometric authentication process

In active-active mode, load balancers distribute network traffic across:

All servers

Which of the following answers can be used to describe the category of managerial security controls? (Select 3 answers)

Also known as administrative controls AND Focused on managing risk AND Documented in written policies

In cybersecurity exercises, red team takes on the role of:

An attacker

Due to added functionality in its plug, malicious USB cable can be used for:

Any of the above

What are the characteristic features of Elliptic Curve Cryptography (ECC)? (Select 3 answers)

Asymmetric encryption AND Low processing power requirements AND Suitable for small wireless devices

Which of the following answers refers to a key document governing the relationship between two business organizations?

BPA

Which of the following answers refers to an STP frame?

BPDU

A mobile device deployment model that allows employees to use private mobile devices for accessing company's restricted data and applications is known as:

BYOD

Which of the following terms falls into the category of unauthorized hacking activities?

Black hat

A type of trusted third party that issues digital certificates used for creating digital signatures and public-private key pairs is known as:

CA

Which of the following answers refers to a security policy enforcement software tool or service placed between cloud service users and cloud applications?

CASB

The practice of modifying a mobile device's operation in such a way that it can be used with any service provider is called:

Carrier unlocking

In forensic procedures, a chronological record outlining persons in possession of an evidence is referred to as:

Chain of custody

What is the function of the Linux chmod command?

Changes file/directory access permissions

In wireless networks, a situation where multiple channels share the frequency band causing interference and performance degradation for devices operating on channels that are too close to each other is known as:

Channel overlapping

A sticky note with a password kept on sight in user's cubicle would be a violation of which of the following policies?

Clean desk policy

The practice of making an unauthorized copy of a payment card is referred to as:

Cloning

Which of the following terms illustrate the security through obscurity concept? (Select all that apply)

Code obfuscation AND Steganography AND SSID broadcast suppression

A disaster recovery facility that provides only the physical space for recovery operations is called:

Cold site

What is STIX?

Common language for describing cyber threat information

A type of redundant source code producing an output not used anywhere in the application is commonly referred to as:

Dead code

Which password attack takes advantage of a predefined list of words?

Dictionary attack

Which of the following terms applies to the concept of non-repudiation?

Digital certificate

The process of searching, collecting, and securing electronic data with the intent of using it in a legal proceeding or investigation is known as:

E-discovery

Which of the EAP methods listed below relies on client-side and server-side certificates for authentication?

EAP-TLS

Which of the following EAP methods offers the highest level of security?

EAP-TLS

Which of the following block cipher modes is the simplest/weakest and therefore not recommended for use?

ECB

Which cryptographic solution would be best suited for low-power devices?

ECC

Which of the following answers refers to an endpoint security solution that provides the capability for detection, analysis, response, and real-time monitoring of cyber threats?

EDR

POP3 is used for:

Email retrieval

What is Metasploit?

Exploitation framework

A SOAR playbook implements the runbook checklist by automatically performing actions outlined in the runbook.

False

A SOAR runbook is a checklist of actions that need to be performed to detect and respond to a security incident.

False

A dynamic code analysis allows for detecting application flaws without the need for actual execution of the application code.

False

A situation where a cryptographic hash function produces two different digests for the same data input is referred to as a hash collision.

False

Code obfuscation techniques rely on encryption to protect the source code against unauthorized access.

False

Examples of techniques used for encrypting information include symmetric encryption (also called public-key encryption) and asymmetric encryption (also called secret-key encryption, or session-key encryption.)

False

FTPS is an extension to the Secure Shell (SSH) protocol and runs by default on port number 22.

False

High MTBF value indicates that a component or system provides low reliability and is more likely to fail.

False

In a differential backup strategy, restoring data from backup requires only a working copy of the last full backup.

False

In cybersecurity exercises, purple team combines the roles of all other teams (i.e. red, blue, and white).

False

In penetration testing, active reconnaissance involves gathering any type of publicly available information that can be used later for exploiting vulnerabilities found in the targeted system.

False

In penetration testing, passive reconnaissance relies on gathering information on the targeted system with the use of various non-invasive software tools and techniques, such as pinging, port scanning, or OS fingerprinting.

False

In the context of IT security, the term "Data minimization" refers to the process of removing all unnecessary characters from the source code to make it less intelligible for humans and faster to process by machines.

False

Stateless inspection is a firewall technology that keeps track of the state of network connections and based on that data determines which network packets to allow through the firewall.

False

Symmetric encryption algorithms require large amounts of processing power for both encryption and decryption of data which makes them much slower in comparison to asymmetric encryption ciphers.

False

The lack of entropy in the process of generating cryptographic keys improves the security of cryptographic algorithms.

False

The term "DHCP snooping" refers to an exploit that enables operation of a rogue DHCP network server.

False

The term "Non-repudiation" describes the inability to deny responsibility for performing a specific action. In the context of data security, non-repudiation ensures data confidentiality, provides the proof of data integrity, and proof of data origin.

False

The term "Static code analysis" refers to the process of discovering application run-time errors.

False

Which of the following terms refers to a situation where no alarm is raised when an attack has taken place?

False negative

An antivirus software identifying non-malicious file as a virus due to faulty virus signature file is an example of:

False positive error

An authentication subsystem in which a single set of authentication credentials provides access to multiple systems across different organizations is called:

Federation

GitHub is an example of:

File/code repository

Which type of malware resides only in RAM?

Fileless virus

Which of the following answers can be used to describe the category of operational security controls (Select 3 answers)

Focused on the day-to-day procedures of an organization AND Used to ensure that the equipment continues to work as specified AND Primarily implemented and executed by people (as opposed to systems)

Which of the following statements does not apply to dark web?

Forms a large part of the deep web

The practice of finding vulnerabilities in an application by feeding it incorrect input is called:

Fuzzing

Which of the following passwords is the most complex?

G$L3tU8wY@z

Which of the following terms falls into the category of semi-authorized hacking activities?

Gray hat

Which of the following terms is used to describe a penetration test in which the person conducting the test has a limited access to information on the internal workings of the targeted system?

Gray-box testing

Which statements best describe the attributes of an APT? (Select 3 answers)

High level of technical sophistication AND Extensive amount of resources/funding AND Typically funded by governments/nation states

Which of the following enables processing data in an encrypted form?

Homomorphic encryption

A monitored host holding no valuable data specifically designed to detect unauthorized access attempts and divert attacker's attention from the actual network is known as:

Honeypot

Which of the following is a common firewall type used for protecting a single computer? (Select 2 answers)

Host-based firewall AND Software firewall

Which of the following answers refers to a family of standards providing principles and guidelines for risk management?

ISO/IEC 31000

Which of the following answers refers to a cloud computing service model in which clients, instead of buying all the hardware and software, purchase computing resources as an outsourced service from suppliers who own and maintain all the necessary equipment and software?

IaaS

Which of the following answers refers to a trusted third-party service for validating user identity in a federated identity system?

IdP

Vulnerability scanning: (Select all that apply)

Identifies lack of security controls AND Identifies common misconfigurations AND Passively tests security controls

Which social engineering attack relies on identity theft?

Impersonation

Which of the following is an example of a risk mitigation strategy?

Implementation of security controls

Which of the three states of digital data requires data to be processed in an unencrypted form?

In processing

Which of the following statements are not true? (Select 2 answers)

Inherent risk is the remaining risk after implementing controls AND Residual risk is the original level of risk that exist before implementing any controls

Which of the following answers refers to a countermeasure against code injection?

Input validation

Which of the programming aspects listed below are critical in secure application development process? (Select 2 answers)

Input validation AND Error and exception handling

Which programming aspects are critical for secure application development process? (Select 2 answers)

Input validation AND Error and exception handling

Examples of password-cracking utilities include: (Select 2 answers)

John the Ripper AND Cain & Abel

A type of hardened server used as a secure gateway for remote administration of devices placed in a different security zone is known as:

Jump server

Which of the following servers would be best suited to act as an intermediary between an intranet and a screened subnet?

Jump server

Malicious code activated by a specific event is called:

Logic bomb

Which of the following forensic utilities enables the extraction of RAM contents?

Memdump

A situation in which an application fails to properly release memory allocated to it or continually requests more memory than required is known as:

Memory leak

Which of the following solutions is used to hide the internal IP addresses by modifying IP address information in IP packet headers while in transit across a traffic routing device?

NAT

A legal contract between the holder of confidential information and another person to whom that information is disclosed prohibiting that other person from disclosing the confidential information to any other party is known as:

NDA

A very short-range communication method where a wireless signal is sent between two devices that are touching or nearly touching each other is a characteristic feature of:

NFC

What is the name of a technology used for contactless payment transactions?

NFC

Which of the following answers refers to a firewall type that improves upon first- and second-generation firewalls by offering additional features, such as more in-depth inspection of network traffic and application-level inspection?

NGFW

The process of combining multiple physical network adapters into a single logical interface for increased throughput and redundancy is called:

NIC teaming

Which protocol ensures the reliability of the Kerberos authentication process?

NTP

Which of the following is a secure implementation of a protocol used for synchronizing clocks over a computer network?

NTPsec

What is the most common form of a DDoS attack?

Network-based

The process of removing redundant entries from a database is known as:

Normalization

What is the fastest way for checking the validity of a digital certificate?

OCSP

URL redirection is a characteristic feature of:

Pharming

A social engineering technique whereby attackers under disguise of a legitimate request attempt to gain access to confidential information is commonly referred to as:

Phishing

Protection provided by security personnel is an example of:

Physical security control

Which of the following answers refer(s) to the characteristic feature(s) of Faraday cage? (Select all that apply)

Physical security control type AND Provides protection against RFI AND Provides protection against EMI

Which of the following answers refers to a deprecated security mechanism designed to defend HTTPS websites against impersonation attacks performed with the use of fraudulent digital certificates?

Pinning

Which of the following allows an administrator to inspect traffic passing through a network switch?

Port mirroring

Bracketing

Providing a high and low estimate in order to entice a more specific number

One of the best practices for malware removal involves the process of isolation of files and applications suspected of containing malware to prevent further execution and potential harm to the user's system. This process is referred to as:

Quarantine

A mandatory IT security and risk management framework for U.S. federal government developed by NIST is known as:

RMF

A type of OS characterized by low delay between the execution of tasks required in specific applications, such as in military missile guidance systems or in automotive braking systems, is known as:

RTOS

A malfunction in a preprogrammed sequential access to a shared resource is described as:

Race condition

Malware that restricts access to a computer system by encrypting files or locking the entire system down until the user performs requested action is known as:

Ransomware

Which of the following is an example of cryptomalware?

Ransomware

Examples of embedded systems include: (Select all that apply)

Raspberry Pi AND Arduino AND Field Programmable Gate Array (FPGA)

In the Kerberos-based authentication process, the purpose of the client's timestamp is to provide countermeasure against:

Replay attacks

Hardware RAID Level 0: (Select all that apply)

Requires a minimum of 2 drives to implement AND Is also known as disk striping AND Decreases reliability (failure of any disk in the array destroys the entire array) AND Is suitable for systems where performance has higher priority than fault tolerance

Hardware RAID Level 10 (a.k.a. RAID 1+0): (Select 3 answers)

Requires a minimum of 4 drives to implement AND Is referred to as stripe of mirrors, i.e. a combination of RAID 1 (disk mirroring) and RAID 0 (disk striping) AND Offers increased performance and fault tolerance (failure of one drive in each mirrored pair of disk drives does not destroy the array)

What is the purpose of a DoS attack?

Resource exhaustion

Which of the following acronyms refers to a client authentication method used in WPA3 Personal mode?

SAE

Which of the following answers refers to a non-proprietary cryptographic network protocol for secure data communication, remote command-line login, remote command execution, and other secure network services?

SSH

Which of the following answers refers to a deprecated encryption protocol?

SSL

An authentication subsystem that enables a user to access multiple, connected system components (such as separate hosts on a network) after a single login on only one of the components is known as:

SSO

LDAPS is an example of:

Secure directory access protocol

Which type of user account violates the concept of non-repudiation?

Shared account

Which of the following alters the external behavior of an application and at the same time does not introduce any changes to the application's code?

Shimming

A situation in which an unauthorized person can view another user's display or keyboard to learn their password or other confidential information is referred to as:

Shoulder surfing

Allowing "Unknown Sources" in Android Security Settings enables:

Sideloading

An integrated circuit combining components normally found in a standard computer system is referred to as:

SoC

Which password attack bypasses account-lockout policies?

Spraying attack

Which of the terms listed below refers to the dynamic packet filtering concept?

Stateful inspection

A mobile security solution that enables separate controls over the user and enterprise data is called:

Storage segmentation

A mobile device's capability to share its Internet connection with other devices is referred to as:

Tethering

Which of the following answers refers to a methodology framework for intrusion analysis developed by U.S. government intelligence community?

The Diamond Model of Intrusion Analysis

Which of the following terms refers to a vulnerability caused by race conditions?

Time-of-check to time-of-use

Which of the following privacy-enhancing technologies replaces actual data with a substitute that holds a reference to it but by itself does not represent any valuable information that could be used by an attacker?

Tokenization

Which of the following security solutions can be used to protect database contents? (Select all that apply)

Tokenization AND Salting AND Hashing

Which of the following answers refer to the characteristic features of pharming? (Select 3 answers)

Traffic redirection AND Fraudulent website AND Credential harvesting

An IPsec mode providing encryption only for the payload (the data part of the packet) is known as:

Transport mode

A Secure Web Gateway (SWG) is a software component or a hardware device designed to prevent unauthorized traffic from entering an internal network of an organization. An SWG implementation may include various security services, such as packet filtering, URL/content filtering, malware inspection, application controls, Acceptable Use Policy (AUP) enforcement, or Data Loss Prevention (DLP).

True

A cloud deployment model consisting of two or more interlinked cloud infrastructures (private, community, or public) is referred to as a hybrid cloud.

True

A common implementation of identity and access controls used in federated SSO systems includes OpenID Connect and Oauth 2.0 used in conjunction to provide authentication and authorization services.

True

A web server and a client exchange data through HTTP messages. The two types of HTTP messages include: request from client to server (an HTTP request) and response from server to client (an HTTP response). An HTTP header is a name-value pair separated by a colon. It forms a part of the HTTP message and enables transferring additional information between the client and the server with the request or the response. Some HTTP headers can be used to improve security. As an example, for a website that has a valid SSL certificate (can be accessed via HTTPS), HTTP Strict Transport Security (HSTS) response header (if set) will block communication via HTTP and force the browser to use only secure HTTPS.

True

An HTML5 VPN portal is an example of clientless VPN implementation where an HTML5-compliant web browser along with TLS encryption can be used instead of a dedicated VPN client software.

True

An IP address that doesn't correspond to any actual physical network interface is called a virtual IP address (VIP/VIPA).

True

An authenticator application is a software that generates additional authentication token (in the form of a random code) used in multi-step verification process.

True

File timestamp is a metadata that contains information about a file and reflects when the file was created, last accessed, and last modified. In digital forensics, timestamps can be used for example to validate the integrity of an access log file (i.e. to check whether the file has been tampered with to mask unauthorized access attempt). Because different systems might be set to different time zones, in order to determine the chronological order of events during a security incident it is also important to take into account time offset which denotes the difference between the timestamp and a chosen reference time (a.k.a. time normalization).

True

From the security standpoint, the job rotation policy enables detection of fraudulent activity within the company/organization.

True

In IT security, the term "Shadow IT" is used to describe software and hardware used within an organization, but outside of the organization's official IT infrastructure.

True

In a digital certificate, the Common Name (CN) field describes a device, an individual, an organization, or any other entity the certificate has been issued for. In an SSL certificate, CN refers to the Fully Qualified Domain Name (FQDN), which is the domain name of the server protected by the SSL certificate.

True

In software engineering, the term "Microservice" describes independent and self-contained code components that can be put together to form an application.

True

Of the three existing versions of the Simple Network Management Protocol (SNMP), versions 1 and 2 (SNMPv1 and SNMPv2) offer authentication based on community strings sent in an unencrypted form (in cleartext). SNMPv3 provides packet encryption, authentication, and hashing mechanisms that allow for checking whether data has changed in transit (i.e. validation of data integrity).

True

One of the goals behind the mandatory vacations policy is to mitigate the occurrence of fraudulent activity within the company/organization.

True

One of the measures for bypassing the failed logon attempt account lockout policy is to capture any relevant data that might contain the password and brute force it offline.

True

Secure File Transfer Protocol (SFTP) is an extension to the FTP protocol that adds support for the Transport Layer Security (TLS) and the Secure Sockets Layer (SSL) cryptographic protocols.

True

Setting up hot and cold aisles in a server room allows for more efficient management of air flow.

True

The importance of changing default usernames and passwords can be illustrated on the example of certain network devices (such as routers) which are often shipped with default and well-known admin credentials that can be looked up on the web.

True

The term "Mobile hotspot" refers to a type of WLAN that enables network access through a mobile device that acts as a portable WAP.

True

The term "Push notification" is used to describe information delivery from a server to a client performed without a specific request from the client.

True

Unified Extensible Firmware Interface (UEFI) is a firmware interface designed as a replacement for BIOS. UEFI offers a variety of improvements over BIOS, including Graphical User Interface (GUI), mouse support, or secure boot functionality designed to prevent the loading of malware and unauthorized operating systems during the computer startup process.

True

Unlike stream ciphers which process data by encrypting individual bits, block ciphers divide data into separate fragments and encrypt each fragment separately.

True

Which of the IPsec modes provides entire packet encryption?

Tunnel

Which of the following statements does not match a typical description of nation states or state-funded groups identified as threat actors?

Typically classified as an internal threat

Flattery

Using praise to coax a person into providing information

Which of the acronyms listed below refers to a firewall controlling access to a web server?

WAF

Which of the following wireless encryption schemes offers the highest level of protection?

WPA3

A Linux command that allows to create, view, and concatenate files is called:

cat

Which of the following commands in Linux displays the last part (by default its 10 last lines) of a file?

tail

Which of the following fragments of input might indicate an XML injection attack attempt?

... p@$$w0rd</password></user><user><name>attacker</name> ....

What are the characteristic features of the Personal Information Exchange (PFX) and P12 digital certificate format? (Select 3 answers)

.pfx and .p12 file extensions AND Generally used for Microsoft windows servers AND Encoded in binary format

Which of the following answers lists the filename extension of a Microsoft PowerShell script file?

.ps1

Which of the following answers refers to a filename extension used in a cross-platform, general-purpose programming language?

.py

Files with this filename extension are used in a scripting language based on the Microsoft's Visual Basic programming language.

.vbs

What is a PUP? (Select 3 answers)

A type of computer program not explicitly classified as malware by AV software AND A type of software that may adversely affect the computer's security and performance, compromise user's privacy, or display unsolicited ads AND An application downloaded and installed with the user's consent (legal app)

Which of the following are the characteristic features of a session ID? (Select 3 answers)

A unique identifier assigned by the website to a specific user AND A piece of data that can be stored in a cookie, or embedded as an URL parameter AND Stored in a visitor's browser

A rule-based access control mechanism implemented on routers, switches, and firewalls is called:

ACL

Which of the acronyms listed below refers to a set of rules that specify which users or system processes are granted access to objects as well as what operations are allowed on a given object?

ACL

Which of the algorithms listed below does not fall into the category of asymmetric encryption?

AES

Which of the following encryption schemes is used in WiFi Protected Access 2 (WPA2)?

AES-CCMP

For the purpose of encryption, WiFi Protected Access 3 (WPA3) takes advantage of: (Select 2 answers)

AES-GCMP AND AES-CCMP

Which part of the IPsec protocol suite provides authentication and integrity?

AH

Which of the following terms refers to a US government initiative for real-time sharing of cyber threat indicators?

AIS

Which of the acronyms listed below refers to a risk assessment formula defining probable financial loss due to a risk over a one-year period?

ALE

Which of the following answers refers to the correct formula for calculating probable financial loss due to a risk over a one-year period?

ALE = ARO x SLE

Which of the following enables the exchange of information between computer programs?

API

An estimate based on the historical data of how often a threat would be successful in exploiting a vulnerability is known as:

ARO

In quantitative risk assessment, this term is used for estimating the likelihood of occurrence of a future threat.

ARO

An attacker managed to associate his/her MAC address with the IP address of the default gateway. In result, a targeted host is sending network traffic to the attacker's IP address instead of the IP address of the default gateway. Based on the given info, which type of attack is taking place in this scenario?

ARP poisoning

A type of document stipulating rules of behavior to be followed by users of computers, networks, and associated resources is referred to as:

AUP

Which of the following answers refer to the Rule-Based Access Control (RBAC) model? (Select 2 answers)

Access to resources granted or denied depending on Access Control List (ACL) entries AND Implemented in network devices such as firewalls to control inbound and outbound traffic based on filtering rules

In the AAA security architecture, the process of tracking accessed services as well as the amount of consumed resources is called:

Accounting

A type of hierarchical database structure used in Windows Server environments that enables centralized management of users, devices and resources on a network is known as:

Active Directory (AD)

Which of the following statements does not apply to the concept of OSINT?

Active reconnaissance in penetration testing

Which of the following statements describe the function of a forward proxy? (Select 2 answers)

Acts on behalf of a client AND Hides the identity of a client

Which of the physical security control types listed below provides isolation from external computer networks?

Air gap

Restoring data from an incremental backup requires: (Select 2 answers)

All copies of incremental backups made since the last full backup AND Copy of the last full backup

Which of the following statements can be used to describe the characteristics of an on-path attack? (Select all that apply)

An on-path attack is also known as MITM attack AND In an on-path attack, attackers place themselves on the communication route between two devices AND In an on-path attack, attackers intercept or modify packets sent between two communicating devices

The term "Rooting" refers to the capability of gaining administrative access to the operating system and system applications on:

Android devices

Which of the following URLs is a potential indicator of a directory traversal attack?

Any of the above

OpenID Connect is a protocol used for:

Authentication

Which part of the AAA security architecture deals with the verification of the identity of a person or process?

Authentication

Which of the following is an example of a soft authentication token?

Authenticator app

OAuth is an open standard for:

Authorization

Which of the answers listed below refers to the process of granting or denying access to resources?

Authorization

Which of the following answers refers to an open-source forensics platform that allows to examine the contents of a hard drive or mobile device and recover evidence from it?

Autopsy

Which of the following refers to an undocumented (and often legitimate) way of gaining access to a program, online service, or an entire computer system?

Backdoor

Which of the following power redundancy solutions would be best suited for providing long-term emergency power during an unexpected main power source outage?

Backup generator

Which of the following answers refer to compensating security controls? (Select all that apply)

Backup power system AND Sandboxing AND Temporary port blocking AND Temporary service disablement

Which of the following terms is used to describe a text message containing system information details displayed after connecting to a service on a server?

Banner

The practice of connecting to an open port on a remote host to gather more information about its configuration is known as:

Banner grabbing

Which of the following answers describe the features of TOTP? (Select 3 answers)

Based on a shared secret key and current time AND Not vulnerable to replay attacks AND Valid for only one login session

Examples of key stretching algorithms include: (Select 2 answers)

Bcrypt AND PBKDF2

Which cryptographic attack relies on the concepts of probability theory?

Birthday

In cybersecurity exercises, the defending team is referred to as:

Blue team

The practice of sending unsolicited messages over Bluetooth is known as:

Bluejacking

Gaining unauthorized access to a Bluetooth device is referred to as:

Bluesnarfing

A popular, 2.4 GHz short-range wireless technology used for connecting various personal devices in a WPAN is known as:

Bluetooth

A malware-infected network host under remote control of a hacker is commonly referred to as:

Bot

Which of the following applies to a collection of intermediary compromised systems that can be used as a platform for a DDoS attack?

Botnet

What is the function of a C2 server?

Botnet control

An attack against encrypted data that relies heavily on computing power to check all possible keys and passwords until the correct one is found is known as:

Brute-force attack

A situation in which an application writes to an area of memory it is not supposed to have access to is referred to as:

Buffer overflow

A type of exploit that relies on overwriting contents of memory to cause unpredictable results in an application is called:

Buffer overflow

Penetration testing: (Select all that apply)

Bypasses security controls AND Actively tests security controls AND Exploits vulnerabilities

Which of the following answers refers to a cybersecurity control framework for cloud computing?

CCM

Which of the answers listed below refers to a type of metric used for evaluation of a biometric security system's accuracy?

CER

Which of the following answers refers to a nonprofit organization focused on developing globally-recognized best practices for securing IT systems and data against cyberattacks?

CIS

Which of the following answers refers to a U.S. government initiative that provides the details on how to ensure continued performance of essential functions during unexpected events?

COOP

In which of the mobile device deployment models employees can use corporate-owned devices both for work-related tasks and personal use?

COPE

Which of the following solutions allow to check whether a digital certificate has been revoked? (Select 2 answers)

CRL AND OCSP

Which of the following answers refers to a nonprofit organization promoting best security practices related to cloud computing environments?

CSA

Which of the following answers refers to a NIST's voluntary framework outlining best practices for computer security?

CSF

Which of the answers listed below refers to a method for requesting a digital certificate?

CSR

Which of the following answers refer to vulnerability databases? (Select 2 answers)

CVE AND NVD

An industry standard for assessing the severity of computer system security vulnerabilities is known as:

CVSS

A mobile device deployment model in which employees select devices for work-related tasks from a company-approved device list is known as:

CYOD

Which of the following provides physical security measure against laptop theft?

Cable lock

Which memory type provides a CPU with the fastest access to frequently used data?

Cache memory

Which of the following answers refers to an example order of volatility for a typical computer system?

Cache memory -> RAM -> Swap/Pagefile -> Temporary files -> Disk files -> Archival media

Which of the following answers refers to a security solution that allows administrators to block network access for users until they perform required action?

Captive portal

Which of the following terms best describes threat actors that engage in illegal activities to get the know-how and gain market advantage?

Competitors

A type of code that has already been translated from a high-level programming language into a low-level programming language and converted into a binary executable file is referred to as:

Compiled code

Which of the following examples fall into the category of operational security controls? (Select 3 answers)

Configuration management AND Data backups AND Awareness programs

What is the purpose of code signing? (Select 2 answers)

Confirms the application's source of origin AND Validates the application's integrity

While conducting a web research that would help in making a better purchasing decision, a user visits series of Facebook pages and blogs containing fake reviews and testimonials in favor of a paid app intentionally infected with malware. Which social engineering principle applies to this attack scenario?

Consensus

In the context of MDM, the isolation of corporate applications and data from other parts of the mobile device is referred to as:

Containerization

Which of the following terms refers to the concept of virtualization on an application level?

Containerization

Which functionality allows a DLP system to fulfill its role?

Content inspection

The purpose of PCI DSS is to provide protection for:

Credit cardholder data

Which of the following terms best describes threat actors whose sole intent behind breaking into a computer system or network is monetary gain?

Criminal syndicates

Which of the following answers refers to an anti-malware tool that enables automated analysis of suspicious files in a sandbox environment?

Cuckoo

Which of the following terms refers to a modified mobile device equipped with software features that were not originally designed by the device manufacturer?

Custom firmware

Which of the following answers refers to a 7-step military model adopted by Lockheed Martin to identify the phases of a cyberattack?

Cyber Kill Chain

A network protocol providing an alternative solution to the manual allocation of IP addresses is called:

DHCP

A security feature of a network switch that provides countermeasures against rogue DHCP servers is called:

DHCP snooping

A collection of precompiled functions designed to be used by more than one Microsoft Windows application simultaneously to save system resources is known as:

DLL

Which of the following describes an application attack that relies on executing a library of code?

DLL injection

A software or hardware-based security solution designed to detect and prevent unauthorized use and transmission of confidential information outside of the corporate network (data exfiltration) is known as:

DLP

Which of the following acronyms refers to software or hardware-based security solutions designed to detect and prevent unauthorized use and transmission of confidential information?

DLP

Which of the following would prevent using a mobile device for data exfiltration via cable connection?

DLP

Remapping a domain name to a rogue IP address is an example of what kind of exploit?

DNS poisoning

Which of the following is an example of fake telemetry?

DNS sinkhole

A suite of security extensions for an Internet service that translates domain names into IP addresses is known as:

DNSSEC

Replacing password characters in a password field with a series of asterisks is an example of:

Data masking

A wireless disassociation attack is a type of: (Select 2 answers)

Deauthentication attack AND Denial-of-Service (DoS) attack

Which of the following methods provides the most effective way for permanent removal of data stored on a magnetic drive?

Degaussing

A wireless jamming attack is a type of:

Denial-of-Service (DoS) attack

A dot-dot-slash attack is also referred to as:

Directory traversal attack

Netstat is a command-line utility used for: (Select 2 answers)

Displaying active TCP/IP connections AND Displaying network protocol statistics

Which of the following factors has the biggest impact on domain reputation?

Distribution of spam

What are the characteristic features of a transparent proxy? (Select all that apply)

Doesn't require client-side configuration AND Redirects client's requests and responses without modifying them AND Clients might be unaware of the proxy service

A type of cryptographic attack that forces a network protocol to revert to its older, less secure version is known as:

Downgrade attack

SSL stripping is an example of: (Select 2 answers)

Downgrade attack AND On-path attack

Which of the following would add power redundancy on a server box?

Dual-power supply

Which of the terms listed below refer to a product/service that no longer receives continuing support? (Select 2 answers)

EOL AND EOSL

Which part of IPsec provides authentication, integrity, and confidentiality?

ESP

Which of the following answers refers to network traffic within a data center, a.k.a. server-to-server traffic?

East-west

Which of the following solutions would be best suited for situations where response time in data processing is of critical importance?

Edge computing

Which of the following answers refers to a privacy-related security risk connected with public sharing of pictures taken with smartphones?

Embedded geotag

What are the characteristic features of the Distinguished Encoding Rules (DER) digital certificate format? (Select 3 answers)

Encoded in binary format AND .der and .cer file extensions AND Generally used for Java servers

Which of the following answers refer to the P7B digital certificate format? (Select 3 answers)

Encoded in text (ASCII Base64) format AND .p7b file extension AND Generally used for Microsoft windows and Java Tomcat servers

Which of the following answers refer to the Privacy Enhanced Email (PEM) digital certificate format? (Select 3 answers)

Encoded in text (ASCII Base64) format AND .pem, .crt, .cer and .key file extensions AND Generally used for Apache servers or similar configurations

Which of the following terms applies to the concept of confidentiality?

Encryption

Which of the answers listed below refer to examples of technical security controls? (Select 3 answers)

Encryption protocols AND Firewall ACLs AND Authentication protocols

What are the characteristics of TACACS+? (Select 3 answers)

Encrypts the entire payload of the access-request packet AND Primarily used for device administration AND Separates authentication and authorization

An asymmetric encryption key designed to be used only for a single session or transaction is known as:

Ephemeral key

Which of the following answers can be used to describe characteristics of a cross-site scripting attack? (Select 3 answers)

Exploits the trust a user's web browser has in a website AND A malicious script is injected into a trusted website AND User's browser executes attacker's script

Which of the following answers can be used to describe characteristics of a cross-site request forgery attack? (Select 3 answers)

Exploits the trust a website has in the user's web browser AND A user is tricked by an attacker into submitting unauthorized web requests AND Website executes attacker's requests

A private network's segment made available for a trusted third party is an example of:

Extranet

Which of the following answers refers to a rule-based access control mechanism associated with files and/or directories?

FACL

A measure of the likelihood that a biometric security system will incorrectly accept an access attempt by an unauthorized user is known as:

FAR

A software technology designed to provide confidentiality for an entire data storage device is known as:

FDE

A measure of the likelihood that a biometric security system will incorrectly reject an access attempt by an authorized user is referred to as:

FRR

Which of the following answers refers to a tool for creating forensic images of computer data?

FTK imager

Which of the following protocols allow(s) for secure file transfer? (Select all that apply)

FTPS AND SFTP

Which of the block cipher modes listed below provides both data integrity and confidentiality?

GCM

Which of the following regulates personal data privacy of the European Union (EU) citizens?

GDPR

A mobile device's built-in functionality enabling the usage of locator applications is called:

GPS

What is tailgating?

Gaining unauthorized access to restricted areas by following another person

A type of technology that provides control over the usage of a mobile device within a designated area is referred to as:

Geofencing

Which of the following answers refers to a piece of hardware and associated software/firmware designed to provide cryptographic functions?

HSM

What is the name of a network protocol that secures web traffic via SSL/TLS encryption?

HTTPS

Which of the protocols listed below enables remote access to another computer on the network via web browser?

HTTPS

Which of the following terms refers to an environmental control system?

HVAC

A person who breaks into a computer network or system for a politically or socially motivated purpose is usually described as a(n):

Hacktivist

Examples of MFA attributes include: (Select all that apply)

Handwritten signature AND Gait analysis AND GPS reading AND Chain of trust

Which firewall would provide the best protection for an ingress/egress point of a corporate network? (Select 2 answers)

Hardware firewall AND Network-based firewall

Which of the following refers to the contents of a rainbow table entry?

Hash/Password

Which of the following terms applies to the concept of data integrity?

Hashing

Which of the following can be used to validate the origin (provenance) of digital evidence? (Select 2 answers)

Hashing AND Checksums

An administrator needs to adjust the placement of multiple Access Points (APs) to ensure the best wireless signal coverage for the network. Which of the following would be of help while identifying areas of low signal strength?

Heat map

A NIDS/NIPS that detects intrusions by comparing network traffic against the previously established baseline can be classified as: (Select all that apply)

Heuristic AND Anomaly-based AND Behavioral

Which of the statements listed below describe the function of a reverse proxy? (Select 2 answers)

Hides the identity of a server AND Acts on behalf of a server

What is the purpose of steganography?

Hiding data within another piece of data

Which alternate site allows for fastest disaster recovery?

Hot site

Which of the following terms refers to a duplicate of the original site, with fully operational computer systems as well as near-complete backups of user data?

Hot site

Which of the following answers illustrates the difference between passive and active network security breach response?

IDS vs. IPS

Which of the following examples do not fall into the category of physical security controls? (Select 3 answers)

IDS/IPS AND Encryption protocols AND Firewall ACLs

Which of the following answers refers to an IEEE standard that can be implemented in a situation where an Ethernet switch acts as an authenticator for devices that intend to connect to a network through one of its ports?

IEEE 802.1X

The arp command can be used to perform what kind of resolution?

IP to MAC

An IETF specification that defines how IP flow information is to be formatted and transferred from an exporter to a collector is called:

IPFIX

Which of the answers listed below refer to examples of corrective security controls? (Select all that apply)

IPS AND Backups and system recovery AND Alternate site AND Fire suppression system

Examples of protocols used for implementing secure VPN tunnels include: (Select all that apply)

IPsec AND TLS AND L2TP

Which of the answers listed below refers to a short distance, line-of-sight technology used for example in home remote controls?

IR

Which of the following terms refers to a group of experts designated to handle a natural disaster or an interruption of business operations?

IRT

An ISO/IEC standard defining requirements for information security management systems is known as:

ISO/IEC 27001

Which of the following answers refers to an ISO/IEC standard providing code of practice for information security controls?

ISO/IEC 27002

An extension to the ISO/IEC 27001 standard that focuses on privacy data management is called:

ISO/IEC 27701

A situation in which a web form field accepts data other than expected (e.g. server commands) is an example of:

Improper input validation

Which term best describes a disgruntled employee abusing legitimate access to company's internal resources?

Insider threat

Which of the terms listed below describes a programming error where an application tries to store a numeric value in a variable that is too small to hold it?

Integer overflow

Digital signatures provide: (Select 3 answers)

Integrity AND Authentication AND Non-repudiation

A type of private network for a corporation or organization accessible only to its employees or authorized members is referred to as:

Intranet

A type of forensic evidence that can be used to detect unauthorized access attempts or other malicious activities is called:

IoC

An emerging field of innovative technologies, such as wearable tech or home automation is known as:

IoT

Which of the following terms is used to describe the process of removing software restrictions imposed by Apple on its iOS operating system?

Jailbreaking

During a password reminder procedure the system asks security question that covers personal details that should be known only to the user (e.g. user's favorite holiday destination). This type of authentication method is an example of:

KBA

Assigning a unique encrypted key, called a ticket, to each user that logs on to the network is a characteristic feature of:

Kerberos

Which of the following authentication protocols can be used to enable SSO in Windows-based network environments?

Kerberos

A trusted third-party storage solution providing backup source for cryptographic keys is referred to as:

Key escrow

Which of the following are examples of hardware authentication tokens? (Select 3 answers)

Key fob AND RFID badge AND Smart card

Which of the following is an example of spyware?

Keylogger

Which of the following answers refer to the concept of non-persistence? (Select 3 answers)

Last known-good configuration AND Live boot media AND Known state reversion

A collection of commonly used programming functions designed to speed up software development process is known as:

Library

Which of the answers listed below refers to a type of removable storage media that contains a portable, non-persistent OS?

Live boot media

A network hardware or software solution designed for managing the optimal distribution of workloads across multiple computing resources is known as:

Load balancer

Which of the following answers refer to examples of detective security controls (Select all that apply)

Log monitoring AND Security audits AND CCTV AND IDS

Which of the following account management security measures narrows down a user's computer access to specified hours?

Login time restrictions

Which statements best describe the attributes of a script kiddie? (Select 2 answers)

Low level of technical sophistication AND Lack of extensive resources/funding

Which of the following access control models enforces the strictest set of access rules?

MAC

Which of the following fall(s) into the category of Layer 2 attacks? (Select all that apply)

MAC cloning AND ARP poisoning AND MAC flooding AND MAC spoofing

What is the name of a network security access control method in which a 48-bit physical address assigned to each network card is used to determine access to the network?

MAC filtering

An attack that relies on altering the burned-in address of a NIC to assume the identity of a different network host is known as: (Select 2 answers)

MAC spoofing AND MAC cloning

Which of the following answers refers to a dedicated mobile app management software?

MAM

Which of the following facilitates the enforcement of mobile device policies and procedures?

MDM

Which type of software enables a centralized administration of mobile devices?

MDM

Which of the following terms applies to the authentication process?

MFA

Which of the following answers refer to an office equipment that combines the functionality of multiple devices? (Select 2 answers)

MFD AND MFP

A globally accessible knowledge base of Adversary Tactics, Techniques, and Procedures (TTPs) based on observations from real-world attacks is known as:

MITRE ATT&CK

An AI feature that enables it to accomplish tasks based on training data without explicit human instructions is called:

ML

Which of the following answers refer to a general document established between two or more parties to define their respective responsibilities and expectations in accomplishing a particular goal or mission? (Select 2 answers)

MOU AND MOA

A type of agreement that specifies generic terms to simplify the negotiation of future contracts between the signing parties is called:

MSA

Which of the following would be the best solution for a company that needs IT services but lacks any IT personnel?

MSP

Which of the following terms refers to a third-party vendor offering IT security management services? (Select best answer)

MSSP

Which of the following terms is used to describe an average time required to repair a failed component or device?

MTTR

Which of the following answers refers to a sequential-access backup media?

Magnetic tapes

Which of the following answers does not relate to a direct access threat vector?

Malicious URL

Harmful programs used to disrupt computer operation, gather sensitive information, or gain unauthorized access to computer systems are commonly referred to as:

Malware

Which of the following answers refers to a device designed to distribute (and monitor the quality of) electric power to multiple outlets?

Managed Power Distribution Unit (Managed PDU)

A nontransparent proxy: (Select 2 answers)

Modifies client's requests and responses AND Requires client-side configuration

A dedicated storage appliance that can be added to a local network is known as:

NAS

A solution that alleviates the problem of depleting IPv4 address space by allowing multiple hosts on the same private LAN to share a single public IP address is known as:

NAT

Which of the following is a cross-platform log-managing tool?

NXLog

Which of the following tools offers the functionality of a configuration compliance scanner?

Nessus

Which of the following is a Cisco-designed IP traffic collection method that by default does not offer packet sampling?

NetFlow

Which of the following answers refer(s) to wireless threat vector(s)? (Select all that apply)

Network protocol vulnerabilities (WEP/WPA) AND Rogue AP / Evil twin AND Default security configurations AND Vulnerabilities in network security standards (WPS)

In a round-robin load balancing method, each consecutive request is handled by: (Select best answer)

Next server in a cluster

Which of the following terms describes an attempt to read a variable value from an invalid memory address?

Null-pointer dereference

Which of the following terms refers to threat intelligence gathered from publicly available sources?

OSINT

Which type of DDoS attack targets industrial equipment and infrastructure?

OT

Mobile device updates delivered over a wireless connection are known as:

OTA

Which technology enables establishing direct communication links between two USB devices?

OTG

Which of the following terms refers to a nonprofit organization focused on software security?

OWASP

Which of the following answers refer to IMAP? (Select 2 answers)

Offers improved functionality in comparison to POP3 AND Serves the same function as POP3

Which of the following answers refers to a common antenna type used as a standard equipment on most Access Points (APs) for indoor Wireless Local Area Network (WLAN) deployments?

Omnidirectional antenna

Which wireless antenna type provides a 360-degree horizontal signal coverage?

Omnidirectional antenna

Which of the following answers refers to a specification for SEDs?

Opal

Which of the following answers refers to a software library used to implement encrypted connections?

OpenSSL

In forensic procedures, a sequence of steps in which different types of evidence should be collected is known as:

Order of volatility

Which of the following examples fall into the category of managerial security controls? (Select 3 answers)

Organizational security policy AND Risk assessments AND Vulnerability assessments

A security solution that provides control over elevated (i.e. administrative type) accounts is known as:

PAM

Which of the answers listed below refers to an obsolete authentication protocol that sends passwords in cleartext?

PAP

Which of the following answers refers to a solution designed to strengthen the security of session keys?

PFS

The US Health Insurance Portability and Accountability Act (HIPAA) provides privacy protection for: (Select best answer)

PHI

Which of the following acronyms refers to any type of information pertaining to an individual that can be used to uniquely identify that person?

PII

Which of the following fall into the category of MFA factors? (Select 3 answers)

PIN AND USB token AND Retina scan

Which of the following answers refers to a security feature used in Bluetooth device pairing?

PIN code

Which of the following answers refers to a hierarchical system for the creation, management, storage, distribution, and revocation of digital certificates?

PKI

Which of the following answers refers to a deprecated method for implementing Virtual Private Networks (VPNs)?

PPTP

Which of the following acronyms refers to a client authentication method used in WPA2 Personal mode?

PSK

Which cloud service model would provide the best solution for a web developer intending to create a web app?

PaaS

Which of the following can be used as an extension of RAM? (Select 2 answers)

Pagefile AND Swap partition

A technique that allows an attacker to authenticate to a remote server without extracting cleartext password from a digest is called:

Pass the hash

A security administrator configured a NIDS to receive traffic from network switch via port mirroring. Which of the following terms can be used to describe the operation mode of the NIDS? (Select 2 answers)

Passive AND Out-of-band

Which of the following examples meets the requirement of multifactor authentication?

Password and biometric scan

An account policy setting that forces users to come up with a new password every time they are required to change their old password is called:

Password history

Which of the account policy settings prevents users from reusing old passwords?

Password history

The two factors that are considered important for creating strong passwords are: (Select 2 answers)

Password length AND Password complexity

802.1X is an IEEE standard for implementing:

Port-based NAC

According to predictions, the most future-proof cryptographic solution should be:

Post-quantum cryptography

Which of the following is used in data URL phishing?

Prepending

Feigned ignorance

Pretending to be ignorant of a topic in order to exploit the person's tendency to educate

Confidential bait

Pretending to divulge confidential information in hopes of receiving confidential information in return

What are the characteristic features of RADIUS? (Select 3 answers)

Primarily used for network access AND Combines authentication and authorization AND Encrypts only the password in the access-request packet

A type of contactless smart card that can be read at a close range from a reader device is commonly referred to as:

Proximity card

What type of preventive physical access controls would provide a basic means for securing a door access? (Select 2 answers)

Proximity card reader AND Smart card reader

In computer networking, a computer system or an application that acts as an intermediary between another computer and the Internet is commonly referred to as:

Proxy

What is the name of a cloud computing deployment model in which the cloud infrastructure is provisioned for open use by the general public?

Public cloud

Which of the following answers refers to a cross-platform, general-purpose programming language?

Python

Assessment of risk probability and its impact based on subjective judgment falls into the category of:

Qualitative risk assessment

Which of the following solutions is used for controlling network resources and assigning priority to different types of traffic?

Quality of Service (QoS)

A calculation of the Single Loss Expectancy (SLE) is an example of:

Quantitative risk assessment

An emerging field of advanced computing technologies based on the principles of physics is known as:

Quantum computing

Which of the following RAID levels does not offer fault tolerance?

RAID 0

Which of the solutions listed below add(s) redundancy in areas identified as single points of failure? (Select all that apply)

RAID AND Dual-power supply AND Failover clustering AND Load balancing

Which type of Trojan enables unauthorized remote access to a compromised system?

RAT

Group-based access control in MS Windows environments is an example of:

RBAC

Which of the following answers refers to a technology designated as a successor to SMS and MMS?

RCS

A type of formal document that describes the specifications for a particular technology is known as:

RFC

Which of the following wireless technologies enables identification and tracking of tags attached to objects?

RFID

A type of identification badge that can be held within a certain distance of a reader device to authenticate its holder is called:

RFID badge

Which of the following answers refer(s) to (an) example(s) of physical authentication token(s)? (Select all that apply)

RFID badge AND Password key AND Key fob AND Smart card

In Business Continuity Planning (BCP), the maximum tolerable point in time to which systems and data must be recovered after an outage is called:

RPO

Which of the algorithms listed below does not belong to the category of symmetric ciphers?

RSA

Which of the acronyms listed below refers to a maximum tolerable period of time required for restoring business functions after a failure or disaster?

RTO

A dedicated data storage solution that combines multiple disk drive components into a single logical unit to increase volume size, performance, or reliability is referred to as:

Redundant Array of Independent Disks (RAID)

The practice of modifying an application's code without changing its external behavior is referred to as:

Refactoring

Which of the following terms refer to software/hardware driver manipulation techniques? (Select 2 answers)

Refactoring AND Shimming

Which VPN type is used for connecting computers to a network? (Select all that apply)

Remote access AND Client-to-site

Which of the following allows to erase data on a lost or stolen mobile device?

Remote wipe

Hardware RAID Level 1: (Select 3 answers)

Requires at least 2 drives to implement AND Offers improved reliability by creating identical data sets on each drive (failure of one drive does not destroy the array as each drive contains identical copy of the data) AND Is also referred to as disk mirroring

Hardware RAID Level 5: (Select 2 answers)

Requires at least 3 drives to implement AND Offers increased performance and fault tolerance (single drive failure does not destroy the array and lost data can be re-created by the remaining drives)

Hardware RAID Level 6: (Select 2 answers)

Requires at least 4 drives to implement AND Offers increased performance and fault tolerance (failure of up to 2 drives does not destroy the array and lost data can be re-created by the remaining drives)

Which of the following terms relates closely to the concept of residual risk?

Risk acceptance

Disabling certain system functions or shutting down the system when risks are identified is an example of:

Risk avoidance

Which of the following answers refer to an assessment tool used for prioritizing the severity of different risks? (Select 2 answers)

Risk heat map AND Risk matrix

Which of the following answers refers to a document containing detailed information on potential cybersecurity risks?

Risk register

Contracting out a specialized technical component when the company's employees lack the necessary skills is an example of:

Risk transference

Cybersecurity insurance is an example of which risk management strategy?

Risk transference

A collection of software tools used by a hacker to mask intrusion and obtain administrator-level access to a computer or computer network is known as:

Rootkit

An access control model in which access to resources is granted or denied depending on the contents of Access Control List (ACL) entries is called:

Rule-Based Access Control

Which of the answers listed below refers to an XML-based markup language for exchanging authentication and authorization data?

SAML

A dedicated local network consisting of devices providing data access is called:

SAN

Which of the following answers refer to industrial and manufacturing control systems? (Select 2 answers)

SCADA AND ICS

Which of the acronyms listed below refers to a specialized suite of software tools used for developing applications for a specific platform?

SDK

Which of the following answers refer to software technologies designed to simplify network infrastructure management? (Select 2 answers)

SDV AND SDN

A type of mobile OS implementing more strict, Linux-based access security controls is known as:

SEAndroid

Which of the following answers refers to a data storage device equipped with hardware-level encryption functionality?

SED

Which of the following indicates an SQL injection attack attempt?

SELECT * FROM users WHERE userName = 'Alice' AND password = '' OR '1' = '1';

A network protocol for secure file transfer over Secure Shell (SSH) is called:

SFTP

A security solution designed to detect anomalies in the log and event data collected from multiple network devices is called:

SIEM

A technology that enables real-time analysis of security alerts generated by network hardware and applications is known as:

SIEM

A correlation engine used for processing various types of log data into an actionable information is a feature of:

SIEM dashboard

Which of the following answers refers to a protocol used for managing real-time sessions that include voice, video, application sharing, or instant messaging services?

SIP

An agreement between a service provider and users defining the nature, availability, quality, and scope of the service to be provided is known as:

SLA

Which of the following terms refers to an agreement that specifies performance requirements for a vendor?

SLA

Which term describes the predicted loss of value to an asset based on a single security incident?

SLE

Which of the answers listed below refers to a deprecated TLS-based method for securing SMTP?

SMTPS

Which version(s) of the SNMP protocol offer(s) authentication based on community strings sent in an unencrypted form? (Select all that apply)

SNMPv1 AND SNMPv2

Which of the following tools enables automated response to security incidents?

SOAR

What type of spam relies on text-based communication?

SPIM

Which protocol enables secure, real-time delivery of audio and video over an IP network?

SRTP

Which type of exploit allows an attacker to take control over a server and use it as a proxy for unauthorized actions?

SSRF

Which of the following protocols provide protection against broadcast storms and switching loops? (Select 2 answers)

STP AND RSTP

A cloud computing service model offering remote access to applications based on monthly or annual subscription fee is called:

SaaS

Pseudo-random data added to a password before hashing is called:

Salt

Which of the following answers refers to a type of additional input that increases password complexity and provides better protection against brute-force, dictionary, and rainbow table attacks?

Salt

Which of the following provide randomization during encryption process? (Select 2 answers)

Salting AND Initialization Vector (IV)

In computer security, a mechanism for safe execution of untested code or untrusted applications is referred to as:

Sandboxing

What are the countermeasures against VM escape? (Select 2 answers)

Sandboxing AND Patch management

Deliberate false statements

Saying something wrong in the hopes that the person will correct the statement with true information

Denial of the obvious

Saying something wrong in the hopes that the person will correct the statement with true information

The capability of a hardware or software system to process increasing workload without decrease in performance is known as:

Scalability

An attacker impersonating a software beta tester replies to a victim's post in a forum thread discussing the best options for affordable productivity software. A while later, he/she follows up by sending the victim private message mentioning the discussion thread and offering free access to a closed beta version of a fake office app. Which social engineering principles apply to this attack scenario? (Select 3 answers)

Scarcity AND Familiarity AND Trust

A user interface element controlling access to a mobile device after the device is powered on is called:

Screen lock

A lightly protected subnet (previously known as a DMZ) consisting of publicly available servers placed on the outside of the company's firewall is called:

Screened subnet

What are the characteristic features of the secure version of IMAP? (Select all that apply)

Secure Sockets Layer (SSL) AND TCP port 993 AND Transport Layer Security (TLS)

Which of the following answers refer(s) to POP3S encrypted communication? (Select all that apply)

Secure Sockets Layer (SSL) AND TCP port 995 AND Transport Layer Security (TLS)

What are the examples of preventive security controls? (Select 3 answers)

Security guards AND System hardening AND Separation of duties

Which of the following terms applies to the concept of obfuscation?

Security through obscurity

Which SIEM dashboard configuration setting provides a countermeasure against false positive/negative errors?

Sensitivity levels

Which of the answers listed below refers to a concept of having more than one person required to complete a given task?

Separation of duties

In active-passive mode, load balancers distribute network traffic across:

Servers marked as active

Which of the following account types is not designed for an end user use?

Service account

Which of the terms listed below refers to a method that ignores the load balancing algorithm by consistently passing requests from a given client to the same server?

Session affinity

A type of encryption scheme where the same key is used to encrypt and decrypt data is referred to as: (Select 3 answers)

Session-key encryption AND Symmetric encryption AND Secret-key encryption

Which of the following destruction tools/methods allow(s) for secure disposal of physical documents? (Select all that apply)

Shredding AND Burning

Installing mobile apps from websites and app stores other than the official marketplaces is referred to as:

Sideloading

Which type of VPN enables connectivity between two networks?

Site-to-site

Which of the following answers does not refer to an email communication threat vector?

Skimming

Which of the following terms is used to describe the theft of personal data from a payment card?

Skimming

Which of the following answers refers to an example implementation of certificate-based authentication?

Smart card

Which of the following devices best illustrates the concept of edge computing?

Smartwatch

A file-based representation of the state of a virtual machine at a given point in time is called:

Snapshot

What type of backups are commonly used with virtual machines?

Snapshot backups

Which of the following answers refer to smishing? (Select 2 answers)

Social engineering technique AND Text messaging

Which of the following answers can be used to describe the category of technical security controls (Select 3 answers)

Sometimes called logical security controls AND Executed by computer systems (instead of people) AND Implemented with technology

Which of the following terms is commonly used to describe an unsolicited advertising message?

Spam

Phishing scams targeting a specific group of people are referred to as:

Spear phishing

Which of the terms listed below describes a type of VPN that alleviates bottlenecks and conserves bandwidth by enabling utilization of both the VPN and public network links?

Split tunnel

A short list of commonly used passwords tried against large number of user accounts is a characteristic feature of:

Spraying attack

Malicious software collecting information about users without their knowledge/consent is known as:

Spyware

Which of the following allows for checking digital certificate revocation status without contacting Certificate Authority (CA)?

Stapling

Which of the following terms refers to an automated or manual code review process aimed at discovering logic and syntax errors in the application's source code?

Static code analysis

What are the countermeasures against SQL injection attacks? (Select 2 answers)

Stored procedures AND Input validation

A digital certificate which allows multiple domains to be protected by a single certificate is known as:

Subject Alternative Name (SAN) certificate

What are the characteristic features of WPA2/WPA3 Enterprise mode? (Select 3 answers)

Suitable for large corporate networks AND IEEE 802.1X AND Requires RADIUS authentication server

A type of file that an OS uses to hold parts of programs and data files that cannot be stored in RAM due to insufficient memory space is called: (Select 2 answers)

Swap file AND Pagefile

Which type of server is used for collecting diagnostic and monitoring data from networked devices?

Syslog server

An exact copy of the entire state of a computer system is known as:

System image

Which of the following facilitate(s) privilege escalation attacks? (Select all that apply)

System/application vulnerability AND Social engineering techniques AND System/application misconfiguration

Which of the following terms refers to a dedicated transport mechanism for cyber threat information?

TAXII

Which of the following terms refers to an embedded cryptoprocessor that can be found on the motherboards of newer PCs and laptops?

TPM

Which of the following answers list examples of hardware root of trust? (Select 2 answers)

TPM AND HSM

Which of the following describes the behavior of a threat actor?

TTPs

A monitoring port on a network device is referred to as:

Tap

Which of the following answers refers to a Command-Line Interface (CLI) packet-crafting tool?

Tcpreplay

Which of the following tools enables sending custom packets that can be used to evaluate the security of a network device?

Tcpreplay

A common example of channel overlapping in wireless networking would be the 2.4 GHz band used in 802.11, 802.11b, 802.11g, and 802.11n networks, where the 2.401 - 2.473 GHz frequency range is used for allocating 11 channels, each taking up a 22-MHz portion of the available spectrum. Setting up a wireless network to operate on a non-overlapping channel (1, 6, and 11 in this case) allows multiple networks to coexist in the same area without causing interference.

True

A general characteristics of a standard user account is that it provides access to basic system resources but does not allow the user to make system changes.

True

A hash function allows for mapping large amount of data content to a small string of characters. The result of hash function provides the exact "content in a nutshell" (in the form of a string of characters) derived from the original data content. In case there is any change to the data after the original hash was taken, the next time when hash function is applied, the resulting hash value calculated after content modification will be different from the original hash.

True

A network replay attack occurs when an attacker intercepts sensitive user data and resends it to the receiver with the intent of gaining unauthorized access or tricking the receiver into unauthorized operations.

True

A penetration test of a computer system performed without the prior knowledge on how the system that is to be tested works is referred to as a black-box testing.

True

A type of NIDS/NIPS that relies on predetermined attack patterns to detect intrusions is referred to as a signature-based NIDS/NIPS.

True

A type of software that performs unwanted and harmful actions in disguise of a legitimate and useful program is known as a Trojan horse. This type of malware may act like a legitimate program and have all the expected functionalities, but apart from that it will also contain a portion of malicious code that the user is unaware of.

True

As opposed to the simple Denial of Service (DoS) attacks that usually are performed from a single system, a Distributed Denial of Service (DDoS) attack uses multiple compromised computer systems to perform the attack against its target. The intermediary systems that are used as platform for the attack are the secondary victims of the DDoS attack; they are often referred to as zombies, and collectively as a botnet.

True

Authentication process can be based on various categories of authentication factors and attributes. Authentication factors include unique physical traits of each individual such as fingerprints ("something you are"), physical tokens such as smart cards ("something you have"), or usernames and passwords ("something you know"). The categories of authentication attributes include geolocation ("somewhere you are"), user-specific activity patterns, such as keyboard typing style ("something you can do"), revealing something about an individual, e.g. wearing an ID badge ("something you exhibit"), or proving the relation with a trusted third party ("someone you know"). Multifactor authentication systems require implementation of authentication factors from two or more distinct categories.

True

Challenge Handshake Authentication Protocol (CHAP) is a remote access authentication protocol that periodically re-authenticates client at random intervals to prevent session hijacking.

True

Code-signing certificates are used to verify the authenticity and integrity of software. Self-signed certificates have a lower level of trustworthiness, because they are not signed by a Certificate Authority (CA). Computer certificates (a.k.a. machine certificates) are used to prove the identity of devices. S/MIME certificates are used to encrypt and digitally sign email messages. User digital certificates provide improved security during authentication and authorization of individuals. Root certificates are self-signed certificates that identify a root Certificate Authority (CA). Domain validation certificates prove a user's ownership rights to a domain. Extended Validation (EV) certificates provide the highest level of trust and protection.

True

Copies of lost private encryption keys can be retrieved from a key escrow by recovery agents. Recovery agent is an individual with access to key database and permission level allowing him/her to extract keys from escrow.

True

Discretionary Access Control (DAC) is an access control model based on user identity. In DAC, every object has an owner who at his/her own discretion determines what kind of permissions other users can have to that object.

True

Extensible Authentication Protocol (EAP) is an authentication framework frequently used in wireless networks and point-to-point connections. EAP provides an authentication framework, not a specific authentication mechanism. There are many authentication mechanisms (referred to as EAP methods) that can be used with EAP. Wireless networks take advantage of several EAP methods, including PEAP, EAP-FAST, EAP-TLS, and EAP-TTLS.

True

FTP, HTTP, IMAP, POP, SMTP, and Telnet are all examples of cleartext (i.e. unencrypted) network protocols.

True

Implementing full device encryption is one of the methods for securing sensitive data on a smartphone. When enabled, this type of encryption works in conjunction with the phone's screen lock, i.e. to decrypt the phone (which stays encrypted whenever the phone is locked), a user must first unlock the screen. On Android devices, the unlocking methods include entering a PIN, password, or swipe pattern. Apple devices use passcode and biometric fingerprint sensor (a.k.a. Touch ID).

True

In MS Windows environments, Guest account is an account for users who do not have a permanent account on a Windows computer or domain. People using this type of account cannot install software or hardware, change settings, create passwords, or access protected files and folders. However, because the Guest account allows the user to log on to a network, browse the Internet, and shut down the computer, it is recommended to keep it disabled when it isn't being used.

True

In a session replay attack, an attacker steals a valid session ID of a user and resends it to the server with the intent of gaining unauthorized access or tricking the server into unauthorized operations.

True

In a weighted round-robin load balancing method, each consecutive request is handled in a rotational fashion, but servers with higher specs are designated to process more workload.

True

In asymmetric encryption, any message encrypted with the use of a public key can only be decrypted by applying the same algorithm and a matching private key (and vice versa).

True

In client-server model, the term "Thin client" refers to a networked computer equipped with the minimum amount of hardware and software components. As opposed to thick client, which runs applications locally from its own hard drive, thin client relies on network resources provided by a remote server performing most of the data processing and storage functions.

True

In computer networking, the term "Out-of-band management" refers to a network device management technique that enables device access through a dedicated communication channel separate from the network where a given device operates. Managing access can be established either locally by installing an out-of-band management card on the device, or remotely by establishing a dedicated connection to the device with the use of a modem or console router.

True

In computer security, the term "Biometrics" refers to physical characteristics of the human body that can be used for identification and access control purposes.

True

In computer security, the term "Dumpster diving" is used to describe a practice of sifting through trash for discarded documents containing sensitive data. Found documents containing names and surnames of the employees along with the information about positions held in the company and other data can be used to facilitate social engineering attacks. Having the documents shredded or incinerated before disposal makes dumpster diving less effective and mitigates the risk of social engineering attacks.

True

In cryptography, the number of bits in a key used by a cryptographic algorithm is referred to as a key size or key length. The key length determines the maximum number of combinations required to break the encryption algorithm, therefore typically a longer key means stronger cryptographic security.

True

In cryptography, the term "Key stretching" refers to a mechanism for extending the length of a cryptographic key to make it more secure against brute-force attacks.

True

In cryptography, the term "Plaintext" is used to describe data in an unencrypted form.

True

In social engineering, the term "Elicitation" describes the use of casual conversation to extract non-public information from people without giving them the feeling they are being interrogated.

True

In the field of data security, the term "Tokenization" refers to the process of replacing sensitive data with nonsensitive information which holds a reference to the original data and enables its processing but has no value when breached.

True

In web application programming, the term "Backend" typically refers to the part of a computer system or application that is not directly accessed by the user (for example a web server). On the opposite side, "Frontend" means software that can be accessed by the user locally (an example of this would be user's web browser). Code execution and input validation that take place in the backend are referred to as server-side operations, the frontend equivalent of this is known as client-side operations.

True

Installing mobile apps from trusted sources (e.g. Apple's App Store for iOS devices, or Google Play for Android devices) instead of third-party application stores decreases malware-related security risks.

True

Media Access Control (MAC) flooding is a network attack that compromises the security of a network switch by overflowing its memory used to store the MAC address table.

True

MicroSD HSM is an example of a dedicated cryptographic processor residing on a miniature flash memory card. MicroSD HSM can be used to create, manage, and store cryptographic keys on any device with a matching card slot.

True

Multipurpose Internet Mail Extensions (MIME) specification extends the email message format beyond simple text, enabling the transfer of graphics, audio, and video files over the Internet mail system. Secure MIME (S/MIME) is an enhanced version of the MIME protocol that enables email security features by providing encryption, authentication, message integrity, and other related services.

True

Network Access Control (NAC) defines a set of rules enforced in a network that the clients attempting to access the network must comply with. With NAC, policies can be enforced before (pre-admission NAC) and/or after end-stations gain access to the network (post-admission NAC). NAC can be implemented with the use of agent software which can be installed on the client machine permanently (this type of software is referred to as permanent agent) or used only temporarily during checks (this type of software is known as dissolvable agent). Another implementation option is agentless NAC, where checks are performed remotely without the need for any client software agents. In agentless NAC, the client machine is checked by external security device with the use of either passive or active network discovery methods.

True

One of the ways of confirming that a software application comes from a trusted source is the verification of its digital signature. A digitally signed software proves the identity of the developer and guarantees that the application code has not been tampered with since it was signed. The authenticity and integrity of the application's code can be verified by comparing results of a cryptographic hash function (original hash published by the application developer vs. hash obtained from a downloaded app).

True

One of the ways to prevent data recovery from a hard drive is to overwrite its contents. The data overwriting technique is used by drive wipe utilities which might employ different methods (including multiple overwriting rounds) to decrease the likelihood of data retrieval. As an example, a disk sanitization utility might overwrite the data on the drive with the value of one in the first pass, change that value to zero in the second pass, and finally perform five more passes, overwriting the contents with random characters (the Schneier method).

True

Physical and logical network diagrams provide visual representation of network architecture. A physical network diagram contains information on hardware devices and physical links between them. A logical network diagram describes the actual traffic flow on a network and provides information related to IP addressing schemes, subnets, device roles, or protocols that are in use on the network.

True

Private Branch Exchange (PBX) is an internal telephone exchange or switching system implemented in a business or office. PBX allows for handling of internal communications without the use of paid Public Switched Telephone Network (PSTN) service, also known as Plain Old Telephone Service (POTS). A Voice over Internet Protocol (VoIP) PBX, which takes advantage of existing LAN cables, can further reduce costs by removing the need for separate telephone cabling infrastructure in a building or office. VoIP endpoints are specialized hardware devices or application programs that enable VoIP calls from computing devices. VoIP gateways are network devices that convert voice and fax calls, in real time, between an IP network and PSTN/POTS.

True

Rainbow tables are lookup tables used to speed up the process of password guessing.

True

Statement on Standards for Attestation Engagements 18 (SSAE 18) is a standard from the American Institute of Certified Public Accountants (AICPA). The standard defines three types of System and Organization Controls (SOC) audit reports that review different aspects of a company's operations. A SOC 2 audit report provides detailed information and assurance about a service organization's security, availability, processing integrity, confidentiality and/or privacy controls, based on their compliance with the AICPA's TSC (Trust Services Criteria). Furthermore, a SOC 2 Type I audit provides a snapshot of the organization's control landscape in a specific point in time, SOC 2 Type II audit evaluates the effectiveness of controls over a period of time of at least six consecutive calendar months (in simple terms, "SOC" defines the scope of the audit, "Type" defines the time covered during the audit).

True

The "Run as administrator" option in MS Windows allows users with lower-level permissions to perform tasks reserved for system administrators. This feature requires providing Administrator account credentials and temporarily elevates the current user's privileges to perform a given task. A Linux command that temporarily modifies security privileges to allow an execution of a single command that requires root access permissions is called sudo.

True

The difference between static KBA and dynamic KBA is that in the case of static KBA authentication process relies on pre-determined security questions and answers chosen in advance by the user during the account creation process. On the other hand, setting up dynamic KBA does not require user input, i.e. users are not asked to choose security questions during the account creation process. Instead, dynamic KBA relies on various public and private data sources that pertain to the user which makes it a more secure authentication method.

True

The term "Always-on VPN" refers to a type of persistent VPN connection the starts automatically as soon as the computer detects a network link.

True

The term "Anonymized data" refers to data that is made anonymous in such a way that the original subject or person described by the data can no longer be identified. This type of privacy-enhancing technology is used for example during mass population surveys to protect the identity of participants. Pseudo-anonymization (a.k.a. pseudonymization) replaces personal data with artificial identifiers (a.k.a. pseudonyms). The main difference between anonymization and pseudo-anonymization is that in case of the latter the original data can be restored to its original state with the use of additional reference information enabling the identification of the original subject or person the data pertains to.

True

The term "Blockchain" refers to a decentralized digital ledger system (i.e. a specific type of a distributed database) stored across multiple computers in a P2P network.

True

The term "Certificate chaining" refers to the process of verifying authenticity of a newly received digital certificate. Such process involves checking all the certificates in the chain of certificates from a trusted root CA, through any intermediate CAs, down to the certificate issued to the end user. A new certificate can only be trusted if each certificate in that certificate's chain is properly issued and valid.

True

The term "Domain hijacking" refers to a situation in which domain registrants due to unlawful actions of third parties lose control over their domain names.

True

The term "Evil twin" refers to a rogue Wireless Access Point (WAP) set up for eavesdropping or stealing sensitive user data. Evil twin replaces the legitimate access point and by advertising its own presence with the same Service Set Identifier (SSID, a.k.a. network name) appears as a legitimate access point to connecting hosts.

True

The term "Fog computing" refers to a local network infrastructure between IoT devices and the cloud designed to speed up data transmission and processing.

True

The term "Forensic artifact" is used to describe an unintentional trace of an attacker activity that can be identified on a host or network. Forensic artifacts include information that can be extracted from (among other sources) registry keys (applies to MS Windows), event logs, timestamps, web browser search history, or files left in the system trash folder.

True

The term "Intrusion Detection System" (IDS) refers to a device or application designed to detect malicious activities and violations of security policies on a network or computer host. An IDS designed to monitor networks is known as Network Intrusion Detection System (NIDS), an IDS installed on a host monitoring only that host is called Host Intrusion Detection System (HIDS). IDSs do not take any active steps to prevent or stop the intrusion relying only on passive response which may include sending an alert to a management console or saving information about the event in logs.

True

The term "Mantrap" (a.k.a. access control vestibule) refers to a physical security access control system used to prevent unauthorized users from gaining access to restricted areas by following another person. An example mantrap could be a two-door entrance point connected to a guard station wherein a person entering mantrap from the outside remains locked inside until he/she provides authentication token required to unlock the inner door.

True

The term "Measured Boot" refers to a security mechanism first introduced by Microsoft in Windows 8. Measured Boot checks system startup components and stores the resulting boot configuration log in the Trusted Platform Module (TPM). The log is then sent for remote attestation to a trusted server on the network to verify the integrity of the Windows startup process. Measured Boot allows for neutralization of hard-to-detect malware and rootkits which are run before the OS.

True

The term "Metadata" refers to a type of data that provides information about other data, but not the content of the data. This type of data can be viewed, but by default it is not visible to the user. The basic metadata related to email communication comes from email headers and includes detailed information about the sender and recipient of the message as well as the path that a message went through. Examples of mobile device metadata include device model, geolocation, information about the camera used to take a photo, Internet, phone, text messaging, and application usage statistics, as well as metadata from different types of files stored on the device. In web browsing, metadata comes from HTML meta tags placed in the head section of a web page. In case of files, the basic metadata examples include information about the author (e.g. the person who created the file), file type, size, creation date and time, last modification date and time.

True

The term "Multipath I/O" refers to a framework that improves fault tolerance and performance by enabling additional, alternate routes for data that is being transferred to and from storage devices.

True

The term "Password vault" refers to a credential manager program that stores usernames and passwords in an encrypted form. Password vault requires a single master password for accessing a number of different passwords used for different websites or services.

True

The term "Secure cookie" refers to a type of HTTP cookie that has Secure attribute set. The Secure attribute prevents the transmission of a cookie over an unencrypted channel (i.e. the cookie is not sent over HTTP; HTTPS is used instead).

True

The term "URL hijacking" (a.k.a. "Typosquatting") refers to a practice of registering misspelled domain name closely resembling other well established and popular domain name in hopes of getting Internet traffic from users who would make errors while typing in the URL in their web browsers.

True

The term "Unified Threat Management" (UTM) refers to a network security solution, commonly in the form of a dedicated device (called UTM appliance or web security gateway), which combines the functionality of a firewall with additional features such as URL filtering, content inspection, spam filtering, gateway antivirus protection, IDS/IPS function, or malware inspection.

True

The term "VM escape" refers to the process of breaking out of the boundaries of a guest operating system installation to access the primary hypervisor controlling all the virtual machines on the host machine.

True

The term "VM sprawl" is used to describe a situation in which large number of deployed virtual machines lack proper administrative controls.

True

The term "Zero Trust" in the context of network security means that none of the devices operating within the boundaries of a given network can be trusted by default even if they were previously verified.

True

Which of the following answers refers to a software tool that provides a single management interface for mobile devices, PCs, printers, IoT devices and wearables?

UEM

What is the name of a device that can provide short-term emergency power during an unexpected main power source outage?

UPS

Examples of application software designed to selectively block access to websites include: (Select 2 answers)

URL filter AND Content filter

Which of the following physical security controls can be implemented as DLP solution?

USB data blocker

An attacker impersonates a company's managing staff member to manipulate a lower rank employee into disclosing confidential data. The attacker informs the victim that the information is essential for a task that needs to be completed within the business hours on the same day and mentions potential financial losses for the company in case the victim refuses to comply. Which social engineering principles apply to this attack scenario? (Select 3 answers)

Urgency AND Authority AND Intimidation

Which of the following security measures can be used to prevent VM sprawl? (Select 2 answers)

Usage audit AND Asset documentation

What are the characteristic features of a session key? (Select 2 answers)

Used during a single session AND Symmetric key

Examples of static authentication methods include: (Select 2 answers)

User-generated password AND Personal Identification Number (PIN)

Which of the following can be used to verify the identity of a client while establishing a session over TCP port 22? (Select all that apply)

Username and password AND SSH key

Which of the following answers list the characteristic features of the Mandatory Access Control (MAC) model? (Select 3 answers)

Users are not allowed to change access policies at their own discretion AND Labels and clearance levels can only be applied and changed by an administrator AND Every resource has a sensitivity label matching a clearance level assigned to a user

Which of the following enables running macros in Microsoft Office applications?

VBA

In which of the mobile device deployment models a mobile device acts as a terminal for accessing data and applications hosted on a remote server?

VDI

A logical grouping of computers that allow computer hosts to act as if they were attached to the same broadcast domain regardless of their physical location is known as:

VLAN

In cloud computing, users on an on-premises network take advantage of a transit gateway to connect to:

VPC

Which of the answers listed below refers to a dedicated device for managing encrypted connections established over an untrusted network, such as the Internet?

VPN concentrator

Which of the following answers refer to the characteristics of HOTP? (Select 3 answers)

Valid for only one login session AND Based on a cryptographic hash function and a secret cryptographic key AND Not vulnerable to replay attacks

Which of the following mitigates the risk of supply chain attacks?

Vendor/intermediary checks

What type of IP address would be assigned to a software-based load balancer to handle an Internet site hosted on several web servers, each with its own private IP address?

Virtual IP address

An email message containing a warning related to a non-existent computer security threat, asking a user to delete system files falsely identified as malware, and/or prompting them to share the message with others would be an example of:

Virus hoax

The practice of using a telephone system to manipulate user into disclosing confidential information is known as:

Vishing

Which of the following would be of help in troubleshooting wireless signal loss and low wireless network signal coverage? (Select 2 answers)

WAP power level controls AND WiFi analyzer

Which of the wireless security protocols listed below has been deprecated in favor of newer standards due to known vulnerabilities resulting from implementation flaws?

WEP

Which of the following would be the best solution for securing a small network that lacks an authentication server?

WPA3-SAE

A solution that simplifies configuration of new wireless networks by allowing non-technical users to easily configure network security settings and add new devices to an existing network is known as:

WPS

Which of the wireless technologies listed below are deprecated and should not be used due to their known vulnerabilities? (Select 2 answers)

WPS AND WEP

An optimal Wireless Access Point (WAP) antenna placement provides a countermeasure against:

War driving

Examples of deterrent security controls include: (Select 3 answers)

Warning signs AND Lighting AND Login banners

Which of the terms listed below refers to a platform used for watering hole attacks?

Websites

Phishing scams targeting people holding high positions in an organization or business are known as:

Whaling

Which of the following terms fall into the category of authorized hacking activities? (Select 2 answers)

White hat AND Blue hat

In cybersecurity exercises, the role of an event overseer (i.e. the referee) is delegated to:

White team

A penetration test performed by an authorized professional with the full prior knowledge on how the system that is to be tested works is called:

White-box testing

A 2.4/5.0 GHz frequency range wireless network technology implemented in the IEEE 802.11 series of standards is commonly referred to as:

WiFi

Which technology enables establishing direct communication links between two wireless devices without an intermediary Wireless Access Point (WAP)?

WiFi Direct

Which of the following answers refers to a diagnostic tool that can be used for measuring wireless signal strength?

WiFi analyzer

Which digital certificate type allows multiple subdomains to be protected by a single certificate?

Wildcard certificate

Which of the following answers refers to a multi-function disk and binary data editor used for low-level data processing, data recovery, and digital forensics?

WinHex

A type of extended command-line shell and a scripting language designed to simplify administrative tasks in Microsoft Windows is known as:

Windows PowerShell

Which of the following answers refers to an advanced cross-platform packet-capturing tool equipped with a Graphical User Interface (GUI)?

WireShark

The process of planning and designing new WLANs for optimal performance, security and compliance typically involves:

Wireless site survey

A standalone malicious computer program that typically propagates itself over a computer network to adversely affect system resources and network bandwidth is called:

Worm

A type of attack aimed at exploiting vulnerability that is present in already released software but unknown to the software developer is called:

Zero-day attack

Which of the answers listed below refers to an IoT technology designed to provide communication between appliances in a home automation network?

Zigbee

Which of the following fragments of input might indicate an LDAP injection attack attempt? (Select 2 answers)

administrator)(&)) AND search.aspx?name=userName)(zone=*)

Which of the following answers refers to a command-line tool used to download or upload data to a server via any of the supported protocols, such as FTP, HTTP, SMTP, IMAP, POP3, or LDAP?

curl

A Linux command-line utility that can be used in the forensic process for creating and copying image files is called:

dd

Which of the following answers refer to network administration command-line utilities used for DNS queries? (Select 2 answers)

dig AND nslookup

Which of the following tools would be best suited for gathering information about a domain?

dnsenum

A Linux command-line command that enables searching files for lines containing a match to a given text pattern is called:

grep

A Linux command that allows to display the beginning of a file (by default its first 10 lines) is known as:

head

Which of the following enables client-side URL redirection?

hosts

Which of the following answers refers to a command-line tool used for security auditing and testing of firewalls and networks?

hping

The Linux command-line utility for network interface configuration is called:

ifconfig

What is the name of a Windows command-line utility that can be used to display TCP/IP configuration settings?

ipconfig

Which of the following answers refers to a Linux utility for querying and displaying logs that are stored in binary form?

journalctl

Which of the following commands enables adding messages to the /var/log/syslog file in Linux?

logger

Which of the following answers refers to a network debugging and exploration tool that can read and write data across TCP or UDP connections?

netcat

A Linux command-line command for displaying routing table contents is called:

netstat -r

Which of the following command-line tools is used for discovering hosts and services on a network?

nmap

Which network command-line utility in MS Windows combines the features of ping and tracert?

pathping

A command-line utility used for checking the reachability of a remote network host is known as:

ping

Which of the following command-line commands in MS Windows displays the contents of a routing table?

route print

Which of the following answers refers to a cross-platform IP traffic collection method that takes advantage of packet sampling to optimize bandwidth and hardware resources usage?

sFlow

Which of the following tools hides attacker's identity by utilizing a proxy for port scanning?

scanless

Which of the following answers refers to a script file type designed to be run in Unix command line?

sh

Which of the following answers refers to an advanced network exploration and penetration testing tool integrating functionalities from multiple other tools, such as ping, whois, or nmap?

sn1per

Examples of utilities that enable logging of data from different types of systems in a central repository include: (Select all that apply)

syslog AND rsyslog AND syslog-ng AND NXLog

Which of the following are log managing utilities for Unix and Unix-like systems that implement the basic syslog protocol and extend it with additional functionalities? (Select 2 answers)

syslog-ng AND rsyslog

Which of the following is a Command-Line Interface (CLI) packet-capturing tool used in Unix-like operating systems?

tcpdump

Which of the following tools is used for gathering OSINT?

theHarvester

A Linux command-line utility for displaying intermediary points (routers) the IPv4 packet is passed through on its way to another network node is known as:

traceroute

A network command-line utility in MS Windows that tracks and displays the route taken by IPv4 packets on their way to another host is called:

tracert


Ensembles d'études connexes

CHAPTER 15 - FEMALE REPRODUCTIVE, MATERNITY & NEWBORNS

View Set

Practice Questions for 401 Exam 1

View Set

Adrenergics (carvedilol, clonidine, doxazosin)

View Set

Marine Biology Chapter 20 - Tides, Waves, and Currents

View Set

Chapter 10 ■ Incident Response and Recovery ExamQ

View Set