Security + Exam Questions to study
If a single loss expectancy is $25,000 and the annual rate of occurrence is .5, what is the annual loss expectancy? $12,500 $5,000 $2,500 $25,000
$12,500
A Chief Security Office's (CSO's) key priorities are to improve preparation, response, and recovery practices to minimize system downtime and enhance organizational resilience to ransomware attacks. Which of the following would BEST meet the CSO's objectives? Purchase cyber insurance from a reputable provider to reduce expenses during an incident. Invest in end-user awareness training to change the long-term culture and behavior of staff and executives, reducing the organization's susceptibility to phishing attacks. Implement application whitelisting and centralized event-log management, and perform regular testing and validation of full backups. Use email-filtering software
A Chief Security Office's (CSO's) key priorities are to improve preparation, response, and recovery practices to minimize system downtime and enhance organizational resilience to ransomware attacks. Which of the following would BEST meet the CSO's objectives? Implement application whitelisting and centralized event-log management, and perform regular testing and validation of full backups.
A Chief Security Officer (CSO) is concerned about the volume and integrity of sensitive information that is exchanged between the organization and a third party through email. The CSO is particularly concerned about an unauthorized party who is intercepting information that is in transit between the two organizations. Which of the following would address the CSO's concerns? SSL SPF DMARC DKIM TLS
A Chief Security Officer (CSO) is concerned about the volume and integrity of sensitive information that is exchanged between the organization and a third party through email. The CSO is particularly concerned about an unauthorized party who is intercepting information that is in transit between the two organizations. Which of the following would address the CSO's concerns? DKIM-allows the receiver to check that an email was indeed sent and authorized by the owner of that domain. DKIM (Domain Keys Identified Mail) is an email authentication technique that allows the receiver to check that an email was indeed sent and authorized domain.
After a security review, Tom has recommended that his organization install a network-based intrusion prevention system (NIPS). Based on the current budget, his manager recommended that he install a less costly network-based intrusion detection system (NIDS). What are the primary security differences between a NIDS and a NIPS that Tom could use to justify the additional costs?(Choose two.) A NIPS is only host based, not network based. A NIDS can raise alarms when it detects an intrusion. A NIPS actively tries to mitigate an incoming intrusion rather than just detect it. A NIDS only detects TCP/IP attacks.
A NIPS actively tries to mitigate an incoming intrusion rather than just detect it. A NIDS only detects TCP/IP attacks. The difference between a NIDS and a NIPS is that the NIPS alters the flow of network traffic.
A network technician is installing a guest wireless network at a coffee shop. When a customer purchases an Item, the password for the wireless network is printed on the recent so the customer can log in. Which of the following will the technician MOST likely configure to provide the highest level of security with the least amount of overhead? Response: A business continuity plan A communications plan WPS-PIN An incident response plan
A network technician is installing a guest wireless network at a coffee shop. When a customer purchases an Item, the password for the wireless network is printed on the recent so the customer can log in. Which of the following will the technician MOST likely configure to provide the highest level of security with the least amount of overhead? A business continuity plan
A new plug-and-play storage device was installed on a PC in the corporate environment. Which of the following safeguards will BEST help to protect the PC from malicious files on the storage device? Encrypt the disk on the storage device Plug the storage device in to the UPS Define the PC firewall rules to limit access Change the default settings on the PC
A new plug-and-play storage device was installed on a PC in the corporate environment. Which of the following safeguards will BEST help to protect the PC from malicious files on the storage device? Response: Encrypt the disk on the storage device
A private medical practice hires you to determine the feasibility of cloud computing, whereby storage of e-mail and medical applications, as well as patient information, would be hosted by a public cloud provider. You are asked to identify potential problems related to sensitive data regulatory compliance.(Choose two.) Should the provider be served a subpoena, the possibility of full data disclosure exists. Data is stored on the cloud provider's infrastructure, which is shared by other cloud tenants. Data will be encrypted in transit as well as when stored. HTTPS will be used to access remote services.
A private medical practice hires you to determine the feasibility of cloud computing, whereby storage of e-mail and medical applications, as well as patient information, would be hosted by a public cloud provider. You are asked to identify potential problems related to sensitive data regulatory compliance.(Choose two.) Should the provider be served a subpoena, the possibility of full data disclosure exists. Data is stored on the cloud provider's infrastructure, which is shared by other cloud tenants.
A security analyst is preparing a threat for an upcoming internal penetration test. The analyst needs to identify a method for determining the tactics, techniques, and procedures of a threat against the organization's network. Which of the following will the analyst MOST likely use to accomplish the objective? MTRE ATT$CK A table exercise OWASP NST CSF
A security analyst is preparing a threat for an upcoming internal penetration test. The analyst needs to identify a method for determining the tactics, techniques, and procedures of a threat against the organization's network. Which of the following will the analyst MOST likely use to accomplish the objective? MTRE ATT$CK-a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations.
A security auditor is reviewing vulnerability scan data provided by an internal security team. Which of the following BEST indicates that valid credentials were used? The scan results show open ports, protocols, and services exposed on the target host The scan enumerated software versions of installed programs The scan produced a list of vulnerabilities on the target host The scan identified expired SSL certificates
A security auditor is reviewing vulnerability scan data provided by an internal security team. Which of the following BEST indicates that valid credentials were used? The scan enumerated software versions of installed programs
A colleague is designing an SoC(System and Organization Controls). What suggestions should you offer for making the SoC design more secure? (suggest(s) means choose multiple) A separate security verification tool should be used to check the design. Sensitive data should not be stored in the register or cache after processing. Use priority inversion so that a lower priority task can preempt a higher priority task. The device should be shielded from electromagnetic interference at the maximum level.
A separate security verification tool should be used to check the design. Sensitive data should not be stored in the register or cache after processing. The device should be shielded from electromagnetic interference at the maximum level.
You are presenting data at a risk analysis meeting. During your presentation you display a list of ALE values ranked by dollar amount. Bob, a meeting participant, wants to know how reliable the numeracy used to calculate the ALE is. What can you tell Bob? ALE = SLE x ARO. (Annual Loss = Asset )(Exposure factor0 X Annualized rate of occurance) ALEs are calculated using percentages and are accurate. ALEs are calculated using probability values that vary. The numbers are 50 percent reliable. The numbers are 100 percent reliable.
ALEs are calculated using probability values that vary.
After reviewing device security logs, you learn that a malicious user in an airport terminal seating area was able to connect wirelessly to a traveling employee's smartphone and downloaded her contact list. Which type of attack has taken place? Bluesnarfing-Bluesnarfing is the theft of information from a wireless device through a Bluetooth connection. Disassociation Social engineering Bluejacking - Bluejacking is a hacking method that allows an individual to send anonymous messages to Bluetooth-enabled devices within a certain radius
After reviewing device security logs, you learn that a malicious user in an airport terminal seating area was able to connect wirelessly to a traveling employee's smartphone and downloaded her contact list. Which type of attack has taken place? Bluesnarfing-Bluesnarfing is the theft of information from a wireless device through a Bluetooth connection. Snarf=eat or drink quickly or greedily.
After running a vulnerability scan of your entire network because of newly reported vulnerabilities on the Internet, you notice that Linux-based honeypots on your network that are intentionally configured to appear vulnerable were not reported as vulnerable. What is the most likely cause of this behavior? A credentialed scan was not run. The vulnerability database is not up-to-date. Vulnerability scanners cannot identify vulnerabilities on Linux hosts. The honeypots have an OS-level firewall enabled.
After running a vulnerability scan of your entire network because of newly reported vulnerabilities on the Internet, you notice that Linux-based honeypots on your network that are intentionally configured to appear vulnerable were not reported as vulnerable. What is the most likely cause of this behavior? The vulnerability database is not up-to-date.
An HTTPS-secured web site requires that you restrict some workstations from making a connection. Which option is the most secure? Configure the web site to use user authentication. Configure the web site to allow connections only from the IP addresses of valid workstations. Configure the web site to allow connections only from the MAC addresses of valid workstations. Configure the web site to require client-side certificates.
An HTTPS-secured web site requires that you restrict some workstations from making a connection. Which option is the most secure? Configure the web site to require client-side certificates.
An __________ _______ creates, maintains, and manages identity information for an organization. Identity manager Identity provider Identity validator Identity Authority
An __________ creates, maintains, and manages identity information for an organization. Response: Identity provider
An organization has various applications that contain sensitive data hosted in the cloud. The company's leaders are concerned about lateral movement across applications of different trust levels. Which of the following solutions should the organization implement to address the concern? ISFW UTM SWG CASB
An organization has various applications that contain sensitive data hosted in the cloud. The company's leaders are concerned about lateral movement across applications of different trust levels. Which of the following solutions should the organization implement to address the concern? CASB - Cloud Access Security Broker SWG = Secure Web Gateway UTM = Unified Threat Manager ISFW = Internal Segmentation Firewall
Which type of card can be used to access computer systems as well as buildings?(Choose the best answer.) Hardware token CAC Smartcard Proximity card
CAC
Which Linux command was used to create the result in the output shown in Exhibit? dnsenum curl scanless route
CURL - Linux command illustrated is curl.
How do client devices trust the TLS certificate used by an HTTPS web server? Pinning Certificate chaining Key escrow Stapling
Certificate Chaining - TLS Pinning is domain to cert. Stapling allows the presenter of a certificate to bear the resource cost involved in providing Online Certificate Status Protocol
A previous cloud administrator has deployed a cloud-hosted web application that uses HTTPS communications over TCP port 443 through the SSL network protocol. The web application is accessed over the Internet by customers. The underlying cloud Linux virtual machine supporting the web application defaults to employing username and password authentication. You have been tasked with hardening the web application. What should you recommend?(Choose two.) Host the web application on an underlying Windows virtual machine instead of Linux. Configure Linux public key authentication instead of username and password authentication. Change the default HTTPS port 443 to a different value. Use TLS instead of SSL.
Configure Linux public key authentication instead of username and password authentication. Use TLS instead of SSL.
Developers at your company require a set of practices that combines software development and IT operations to shorten the software development life cycle. Which of the following is being described? Resource pooling DevOps Elasticity IaC
Developers at your company require a set of practices that combines software development and IT operations to shorten the software development life cycle. Which of the following is being described? DevOps
Jasmine is responsible for setting up new satellite offices for her organization on the Gulf Coast of Florida. She has just signed contracts with ISPs, utilities, and facilities managers that detail the minimum levels of support that must be provided during a failure or disaster. What is the term for these contracts? Disaster recovery policies Service-level agreements Disaster recovery plans Tabletop exercises
Disaster recovery policies
Which term is used to describe network traffic within a data center? North-south traffic Honeynet traffic Honeypot traffic East-west traffic
East-west traffic
Which cryptographic operations use a public key?(Choose two.) Encrypting messages Decrypting messages - uses the private key - DC Comics Private Creating digital signatures - uses private key - DC Comics Private Verifying digital signatures
Encrypting messages Verifying digital signatures EV is public
An organization that has a large number of mobile devices is exploring enhanced security controls to manage unauthorized access if a device is lost or stolen. Specifically, if mobile devices are more than 3mi (4.8km) from the building, the management team would like to have the security team alerted and server resources restricted on those devices. Which of the following controls should the organization implement? Lockout GPS tagging Near-field communication Geofencing
Geofencing
You have been tasked with deploying a security solution that will monitor activity related to a specific application server. The solution must be able to detect suspicious activity and take steps to prevent the activity from continuing. What should you deploy? NIDS-network-based intrusion detection system NIPS-network-based intrusion prevention system HIDS-host based intrusion detection system HIPS-host based intrusion prevention system
HIPS-host based intrusion prevention system You have been tasked with deploying a security solution that will monitor activity related to a specific application server. The solution must be able to detect suspicious activity and take steps to prevent the activity from continuing. What should you deploy? HIPS-host based intrusion prevention system
Your organization must observe the appropriate cloud security ISO compliance standards. Which ISO standard must be observed? ISO 27002 ISO 27701 ISO 27701 ISO 27017
ISO 27017 Your organization must observe the appropriate cloud security ISO compliance standards. Which ISO standard must be observed? ISO 27002-Information security controls ISO 27001-information security mgmt. system ISO 27701-security techniques ISO 27017-security cloud services
Which type of cloud service model is depicted in Exhibit? Response: XaaS - Anything as a service PaaS - Platform - Force.com IaaS - Infrastructure - Rackspace SaaS - Software - On demand software
IaaS - Infrastructure as a service (IaaS) is a type of cloud computing service that offers essential compute, storage, and networking resources on demand, on a pay-as-you-go basis. What is difference IaaS and PaaS? The most distinct difference between IaaS and PaaS is that IaaS offers administrators more direct control over operating systems, and PaaS offers users greater flexibility and ease of operation
In preparation for the next IT security meeting for your company, you would like to provide a visual representation of various risks and their likelihood. What should you prepare? Risk heat map Risk matrix Risk assessment Risk register
In preparation for the next IT security meeting for your company, you would like to provide a visual representation of various risks and their likelihood. What should you prepare? Risk heat map
In the middle of a cybersecurity, a security engineer removes the infected devices from the network and lock down all compromised accounts. In which of the following incident response phases is the security engineer currently operating? Eradiction Recovery Identification Preparation Containment
In the middle of a cybersecurity, a security engineer removes the infected devices from the network and lock down all compromised accounts. In which of the following incident response phases is the security engineer currently operating? Containment
Your web server hosts the www.corp.com and info.corp.com DNS names. Both sites require HTTPS. Which configuration meets the stated requirement while requiring the least amount of administrative effort? Configure IPSec for the web server host. Install a subject alternative name certificate on the web server host. Install two certificates; one for each DNS name. Install a certificate revocation list on the web server host.
Install a subject alternative name certificate on the web server host.
Identify the disaster recovery plan errors.(Choose two.) Perform a business impact analysis first. Keep existing backup solutions in place even though the software is two versions out of date. Base your DRP on an unchanged downloaded template. Data backups are never tested; it costs the company too much money. - While bad, not as bad as the others.
Keep existing backup solutions in place even though the software is two versions out of date. Base your DRP on an unchanged downloaded template.
Scope: E Overview: A Policy: D Definitions: C Enforcement: B
Match the security policy terms with the appropriate definitions:
Over time, you have noticed unauthorized configuration changes made to virtual machine cloud settings. You need a way to track who made these changes and when. What should you do? Enable virtual machine API integration. Rotate the cloud access keys. Deploy an OSI layer 7 firewall. Enable cloud resource activity auditing.
Over time, you have noticed unauthorized configuration changes made to virtual machine cloud settings. You need a way to track who made these changes and when. What should you do? Enable cloud resource activity auditing.
Which term best describes sensitive medical information? TLS - Encryption PHI = Personal Health Info PII = Personal Identifiable Information AES - Encryption
PHI
Penetration testers are executing Wi-Fi disassociation attacks as part of their mandate. What type of behavior can Wi-Fi users expect during the pen test? Wi-Fi users will notice that their devices will randomly reboot. Wi-Fi users will notice Wi-Fi network disruptions. Wi-Fi users will not notice anything unusual. Wi-Fi users will notice wireless network performance degradation.
Penetration testers are executing Wi-Fi disassociation attacks as part of their mandate. What type of behavior can Wi-Fi users expect during the pen test? Response: Wi-Fi users will notice Wi-Fi network disruptions.
Which action simulates attacks against a web application? Normalization Penetration testing Obfuscation Configuring deny lists
Penetration testing - simulates an attack.
You are viewing the contents of the Linux authorized_keys file. Which type of key is stored here? Secret Symmetric Private Public
You are viewing the contents of the Linux authorized_keys file. Which type of key is stored here? Public
You are a file server administrator for a health organization. Management has asked you to configure your servers appropriately to classify files containing unique manufacturing processes. What is an appropriate data classification for these types of files? PII PHI Proprietary Public
Proprietary You are a file server administrator for a health organization. Management has asked you to configure your servers appropriately to classify files containing unique manufacturing processes. What is an appropriate data classification for these types of files? Proprietary
Refer to Exhibit. Which security option is enabled? IPSec HTTPS VPN DNSSEC
Refer to Exhibit. Which security option is enabled? IPSec HTTPS VPN DNSSEC!!!!
Your manager has requested that the combo padlocks used to secure different areas of the company facility be replaced with electronic swipe cards. What type of social-engineering attack is your manager hoping to avoid with this change? Dumpster diving Tailgating Shoulder surfing Hoaxes
Shoulder surfing, Your manager has requested that the combo padlocks used to secure different areas of the company facility be replaced with electronic swipe cards. What type of social-engineering attack is your manager hoping to avoid with this change? Shoulder Surfing.
The IT department has been tasked with conducting a risk assessment related to the migration of a line-of-business app to the public cloud. To which security control category does this apply? Physical Technical Managerial Operational
The IT department has been tasked with conducting a risk assessment related to the migration of a line-of-business app to the public cloud. To which security control category does this apply? Managerial Technical - Solution Operational - Daily Physical - Tangable
The __________ process in Windows 10 uses the UEFI and a trusted platform module to provide a more secure boot process, also allowing for boot attestation. Measured boot Boot management Safe mode Secure boot
The __________ process in Windows 10 uses the UEFI and a trusted platform module to provide a more secure boot process, also allowing for boot attestation. Measured boot Verified Boot is often referred to as Secure Boot. Measured Boot is often referred to as Trusted Boot
What must be determined by the first responder to an incident? The severity of the event Which other personnel must be called in The dollar amount associated with the incident Who is at fault
The severity of the event
Three employees within the company have received phone calls from an individual asking about personal finance information. What type of attack is occurring? Whaling Vishing Phishing Tailgating
Three employees within the company have received phone calls from an individual asking about personal finance information. What type of attack is occurring? Vishing-the fraudulent practice of making phone calls or leaving voice messages purporting to be from reputable companies in order to induce individuals to reveal personal information, such as bank details and credit card numbers Definition of wrong answers: Whaling-Whaling is a highly targeted phishing attack - aimed at senior executives - masquerading as a legitimate email. Whaling is digitally enabled fraud through social engineering, designed to encourage victims to perform a secondary action, such as initiating a wire transfer of funds. Tailgating - someone without the proper authentication follows an authenticated employee into a restricted area.
To secure VPN access, you need a solution that will first authenticate devices before allowing network access. Which authentication standard does this apply to? OAuth MFA IEEE 802.1x SSO
To secure VPN access, you need a solution that will first authenticate devices before allowing network access. Which authentication standard does this apply to? Response: IEEE 802.1x-802.1X provides an authentication framework that allows a user to be authenticated by a central authority
To which OSI model layer do port numbers apply? Session Transport Data link Network
To which OSI model layer do port numbers apply? Transport - TCP/UDP
Which security hardware can be used for multifactor authentication? HSM TPM Token key Password vault
Token Key
U.S. federal agencies are required to follow the NIST Risk Management Framework (RMF). What more recent framework did NIST release that organizes cybersecurity activities at their highest level? COBIT-control objectives for information and related tech. NIST Cybersecurity Framework (CSF) ISO/IEC 27001-standards for infosec ISO/IEC 27701-extends meaning from 27001 - aligns with GDPR
U.S. federal agencies are required to follow the NIST Risk Management Framework (RMF). What more recent framework did NIST release that organizes cybersecurity activities at their highest level? NIST Cybersecurity Framework (CSF)
What can be done to protect data after a handheld device is lost or stolen? Enable encryption. Enable screen lock. Execute a remote wipe. Disable Bluetooth discovery.
What can be done to protect data after a handheld device is lost or stolen? Execute a remote wipe. Enable encryption. - Does some protection, but can be hacked. Enable screen lock. Does not protect data. Disable Bluetooth discovery.
What type of attack is a smurf attack? Privilege escalation Distributed denial of service (DDoS) Malicious insider threat Denial of service (DoS)
What type of attack is a smurf attack? Response: Distributed denial of service (DDoS)
Which PKI verification processes can best mitigate the creation of phishing web sites by scammers?(Choose two.) OSCP Domain validation Extended validation CRL
Which PKI verification processes can best mitigate the creation of phishing web sites by scammers?(Choose two.) Domain validation Extended validation
Which abilities are unique to end-point detection and response solutions compared to host-based packet filtering firewalls? (Choose two.) Block incoming traffic initiated from outside the machine (not unique) Allow incoming response traffic initiated from the machine (not unique) Stop attacks in progress Detect threats
Which abilities are unique to end-point detection and response solutions in comparison to host-based packet filtering firewalls?(Choose two.) Response: Stop attacks in progress Detect threats
Which of the following types of wireless attacks utilizes a weakness in WEP key generation and encryption to decrypt WEP encrypted data? Eavesdropping PSK attack IV attack War driving
Which of the following types of wireless attacks utilizes a weakness in WEP key generation and encryption to decrypt WEP encrypted data? IV attack - It modifies the IV of an encrypted wireless packet during transmission. IVs are blocks of bits that are used to differentiate users on the wireless network Eavesdropping PSK attack - all 0 encryption key War driving-driving around looking for wifi with vulnerability.
Which authentication protocol requires the client and server to be configured with a PKI certificate? IEEE 802.1x EAP-TTLS EAP-FAST EAP-TLS
Which authentication protocol requires the client and server to be configured with a PKI certificate? EAP-TLS EAP-TTLS - EAP-TTLS is a specific version of the EAP(Extensible Authentication Protocol) providing a framework to support authentication across a number of communication systems. Unlike EAP-TLS, EAP-TTLS requires only server-side certificates. EAP-FAST - EAP-FAST (Flexible Authentication via Secure Tunneling) was developed by Cisco*. Instead of using a certificate to achieve mutual authentication. EAP-FAST authenticates by means of a PAC (Protected Access Credential) which can be managed dynamically by the authentication server. 802.1X protocol—An IEEE standard for port-based network access control (PNAC) on wired and wireless access points
Which cryptographic operations use a public key?(Choose two.) Verifying digital signatures Encrypting messages Creating digital signatures Decrypting messages
Which cryptographic operations use a public key?(Choose two.) Verifying digital signatures Encrypting messages The private key is used for creating digital signatures and decrypting messages. DC
Which identity federation component authenticates users? OAuth Resource provider SAML Identity provider
Which identity federation component authenticates users? Identity provider
Which of the following IPSec modes should be used within a local area network? Tunnel mode Authentication mode Transport mode Encryption mode
Which of the following IPSec modes should be used within a local area network? Transport Mode IPsec tunnel mode sets up a secure connection, while IPsec Transport Mode only encrypts the data being sent without establishing a secure connection.
Which of the following are normally considered potential insider threats?(Choose two.) Infected e-mail file attachments Contractors Brute-force username and password web site attacks Port scanning of firewall interfaces
Which of the following are normally considered potential insider threats?(Choose two.) Contractor Infected Email file attachment
Which of the following are true statements regarding PowerShell and Python? PowerShell is a general-purpose programming language available on many Linux distributions and Apple's macOS. PowerShell files use the file extension .py. Python is a command-line shell and scripting interface for Microsoft Windows environments. The Python file extension is .ps1. Python is a general-purpose programming language available on many Linux distributions and Apple's macOS. The Python file extension is .py. PowerShell is a command-line shell and scripting interface for Microsoft Windows environments. PowerShell files use the file extension .ps1.
Which of the following are true statements regarding PowerShell and Python? Response: Python is a general-purpose programming language available on many Linux distributions and Apple's macOS. The Python file extension is .py. PowerShell is a command-line shell and scripting interface for Microsoft Windows environments. PowerShell files use the file extension .ps1.
Which of the following best describes the term key escrow? A trusted third party with decryption keys in case the original keys have expired An account that can be used to encrypt private keys An account that can be used to encrypt data for any user A trusted third party with copies of decryption keys in addition to existing original keys
Which of the following best describes the term key escrow? A trusted third party with copies of decryption keys in addition to existing original keys
Which of the following countermeasures is designed to protect against a brute-force password attack? Patching Account lockout Password complexity Strong passwords
Which of the following countermeasures is designed to protect against a brute-force password attack? Account lockout
Which of the following distributes data among nodes, making it more difficult to manipulate the data while also minimizing downtime? MSSP Public cloud Hybrid cloud Fog computing
Which of the following distributes data among nodes, making it more difficult to manipulate the data while also minimizing downtime? Hybrid cloud
Which of the following is based on NetFlow version 9? sFlow syslog-ng IPFIX (IP Flow Information Export) syslog
Which of the following is based on NetFlow version 9? IPFIX
Which of the following items are most affected by worm malware? IP address Memory Computer name Network bandwidth
Which of the following items are most affected by worm malware? Network bandwidth
Which of the following load balancing solutions is best suited for routing incoming video-streaming requests to specific backend servers optimized for streaming? Layer 4 load balancer Round robin Layer 7 load balancer Fixed weight
Which of the following load balancing solutions is best suited for routing incoming video-streaming requests to specific backend servers optimized for streaming? Layer 7 load balancer
Which of the following represent reasons why social-engineering attacks are so effective?(Choose two.) URL redirection Consensus Domain reputation Scarcity Malicious code execution
Which of the following represent reasons why social-engineering attacks are so effective?(Choose two.) Consensus Scarcity
Which of the following should a technician consider when selecting an encryption method for data that needs to remain confidential for a specific length of time? A method of introducing entropy into key calculations The computational overhead of calculating the encryption key The encryption algorithm's longevity The key length of the encryption algorithm
Which of the following should a technician consider when selecting an encryption method for data that needs to remain confidential for a specific length of time? The key length of the encryption algorithm
Which of the following statements are true regarding TCP/IP?(Choose two.) TCP/IP closely maps to the OSI model. TCP/IP protocols are part of the OSI model. TCP/IP is a protocol stack containing multiple protocols. TCP/IP protocols are part of the transport and network layers of the OSI model.
Which of the following statements are true regarding TCP/IP? TCP/IP closely maps to the OSI model. TCP/IP is a protocol stack containing multiple protocols.
Which security technique associates a host with its related public key? Certificate pinning OSCP - Protocol used to check the status of single cert. CRL is a list. CRL - Revocation List FQDN - Fully Qualified Domain Name?
Which security technique associates a host with its related public key? Certificate Pinning - HTTP Public Key Pinning is an obsolete Internet security mechanism delivered via an HTTP header which allows HTTPS websites to resist impersonation by attackers using misused or otherwise fraudulent digital certificates
Which standard specifies the syntax used to represent cybersecurity information? Response: XML STIX TAXII JSON
Which standard specifies the syntax used to represent cybersecurity information? Response: STIX-Structured Threat Information Expression (STIX™) is a language and serialization format used to exchange cyber threat intelligence (CTI).
Which statements regarding SSH public key authentication are correct?(Choose two.) A public and private key pair is required. A user password is required. A user password is not required. A symmetric key is required.
Which statements regarding SSH public key authentication are correct?(Choose two.) A public and private key pair is required. A user password is not required.
Which term is the most closely related to the "impossible travel time" security feature? Anomaly detection Chain of trust Security token Geofencing
Which term is the most closely related to the "impossible travel time" security feature? Anomaly detection
Which type of access control model uses a hardened specialized operating system with resource labeling and security clearance levels to control resources access? Discretionary access control Role-based access control Attribute-based access control Mandatory access control
Which type of access control model uses a hardened specialized operating system with resource labeling and security clearance levels to control resource access? Mandatory access control
Which type of authentication method measures the motion patterns of a person's body movement? Biometric TOTP Gait analysis SAML
Which type of authentication method measures the motion patterns of a person's body movement? Gait analysis
Which types of keys are all commonly required when connecting via HTTPS to an e-commerce website? Public only Private only Public, private, and session (SSL and TLS) Public and private
Which types of keys are all commonly required when connecting via HTTPS to an e-commerce website? Public, private, and session (SSL and TLS)
You are a network engineer for a San Francisco law firm. After the 1989 earthquake, an emphasis on continued business operation after future earthquakes dominated in the San Francisco business community. What type of plan focuses on ensuring that personnel, customers, and IT systems are minimally affected after a disaster? Fault tolerant Risk management Business continuity Disaster recovery
You are a network engineer for a San Francisco law firm. After the 1989 earthquake, an emphasis on continued business operation after future earthquakes dominated in the San Francisco business community. What type of plan focuses on ensuring that personnel, customers, and IT systems are minimally affected after a disaster? Business continuity
You are configuring a security appliance with the following rule: alert tcp any any -> $CORP_NET 23 (msg:"Telnet connection attempt"; sid:1000002; rev:1;) Which type of device are you configuring? HSM Proxy server Packet filtering firewall IDS
You are configuring a security appliance with the following rule: alert tcp any any -> $CORP_NET 23 (msg:"Telnet connection attempt"; sid:1000002; rev:1;) Which type of device are you configuring? IDS Assumption here with the alert, therefore IDS.
You are configuring wireless router WPA2 enterprise settings. Which items must be specified?(Choose two.) Shared secret Wireless channel PSK RADIUS server IP address
You are configuring wireless router WPA2 enterprise settings. Which items must be specified?(Choose two.) Shared secret RADIUS server IP address
You are evaluating IoT HVAC sensors for a commercial building. One concern is how device updates can be applied wirelessly when they are available. What should you search for in the IoT sensor documentation? Sideloading Firmware OTA updates WSUS TPM
You are evaluating IoT HVAC sensors for a commercial building. One concern is how device updates can be applied wirelessly when they are available. What should you search for in the IoT sensor documentation? Firmware OTA updates
You are implementing an organizational-wide risk management strategy, and you are using the NIST Risk Management Framework. You have just completed the RMF phase of categorizing your organization's information systems. Which of the following steps should you complete next in the RMF sequence? Authorize system Assess security controls Continuous monitoring Select security controls
You are implementing an organizational-wide risk management strategy, and you are using the NIST Risk Management Framework. You have just completed the RMF phase of categorizing your organization's information systems. Which of the following steps should you complete next in the RMF sequence? Select security controls Categorize Select Implement Assess if it works Authorize Monitor
You are performing an information security audit for an organization that collects, uses, stores, and processes personal information. Which of the following can best help you identify assets that store PII and PHI? Privacy threshold assessment PCI DSS FRCP Privacy impact assessment
You are performing an information security audit for an organization that collects, uses, stores, and processes personal information. Which of the following can best help you identify assets that store PII and PHI? Privacy threshold assessment Privacy impact assessment
You are planning your SMTP mail system so that mail transfers are encrypted. Which protocol should you use? NTS SRTP S/MIME LDAPS
You are planning your SMTP mail system so that mail transfers are encrypted. Which protocol should you use? S/MIME
You have an active-active load balancer configuration for a web app using a backend Microsoft SQL Server database. How many SQL database instances are active concurrently? One Two It depends on the backend pool configuration None
You have an active-active load balancer configuration for a web app using a backend Microsoft SQL Server database. How many SQL database instances are active concurrently? It depends on the backend pool configuration
You have been tasked with contacting your CA and revoking your company's current web server certificate. Which of the following is the most likely reason to revoke the certificate? You renewed your certificate after it expired. The previous network administrator who created the certificate was fired. You installed a new web server. Your current certificate expires in less than 30 days.
You have been tasked with contacting your CA and revoking your company's current web server certificate. Which of the following is the most likely reason to revoke the certificate? The previous network administrator who created the certificate was fired.
You have configured a network-based IPS appliance to prevent web server directory traversal attacks. What type of configuration is this? Anomaly-based Behavior-based Web-based Signature-based
You have configured a network-based IPS appliance to prevent web server directory traversal attacks. What type of configuration is this? Signature-based - The only way to effectively detect directory traversal vulnerabilities is by using a web vulnerability scanner. Behaviour-based IDPS monitors all the traffic that flows into or out of your network and is designed to detect behaviour that is atypical or deviant
You have instructed your web app developers to include a message for web site visitors detailing how their data will be processed and used. What should web app develops add to the site? Information life cycle document Terms of agreement Public disclosure Privacy notice
You have instructed your web app developers to include a message for web site visitors detailing how their data will be processed and used. What should web app develops add to the site? Privacy notice
You have used the Nmap tool to scan hosts for open ports. NMPA scan showing 22/tcp open SSH - What is likely in use? Windows server computer Linux computer Network switch Windows client computer
You have used the Nmap tool to scan hosts for open ports. NMPA scan showing 22/tcp open SSH - What is likely in use? Linux computer Network switch
You must control network traffic flow to specific Amazon Web Services (AWS) virtual machines. What should you configure? Amazon machine image Elastic IP address Security group Network ACL
You must control network traffic flow to specific Amazon Web Services (AWS) virtual machines. What should you configure? Security group
You need to assess whether Linux servers in the screened subnet need to be hardened. The servers are currently configured with SSH public key authentication. What should you check that should be in place?(Choose two.) Password protection for the public key - public you do not do that. Private key password protection - private - you should do that Default SSH port number TCP 22 has been changed to an unreserved port number Default SSH port number TCP 25 has been changed to an unreserved port number
You need to assess whether Linux servers in the screened subnet need to be hardened. The servers are currently configured with SSH public key authentication. What should you check that should be in place?(Choose two.) Private key password protection Default SSH port number TCP 22 has been changed to an unreserved port number
You need to manage cloud-based Windows virtual machines (VMs) from your on-premises network. Which option presents the most secure remote management solution? Configure each VM with a public IPv6 address Enable HTTPS for RDP Use PowerShell remoting for remote management Manage the VMs through a jump box
You need to manage cloud-based Windows virtual machines (VMs) from your on-premises network. Which option presents the most secure remote management solution? Manage the VMs through a jump box
You need to manage cloud-based Windows virtual machines (VMs) from your on-premises network. Which option presents the most secure remote management solution? Manage the VMs through a jump box Configure each VM with a public IPv6 address Use PowerShell remoting for remote management Enable HTTPS for RDP
You need to manage cloud-based Windows virtual machines (VMs) from your on-premises network. Which option presents the most secure remote management solution? Manage the VMs through a jump box
You want to protect users from connecting to known malicious domains and botnet command and control servers over the Internet. What technique should you implement? DNS sinkhole CASBs Honeypot Honeynet
You want to protect users from connecting to known malicious domains and botnet command and control servers over the Internet. What technique should you implement? DNS sinkhole - is a DNS server that has been configured to hand out non-routable addresses for a certain set of domain names CASBs - A cloud access security broker is on-premises or cloud based software that sits between cloud service users and cloud applications, and monitors all activity and enforces security policies. Honeypot-is a computer security mechanism set to detect, deflect, or, in some manner, counteract attempts at unauthorized use of information systems. Honeynet
Your IT security team has worked with executive management to determine that a company e-commerce web site must never remain down for more than two hours. To which disaster recovery term does this apply? RPO MTBF MTTR - Mean time to response RTO
Your IT security team has worked with executive management to determine that a company e-commerce web site must never remain down for more than two hours. To which disaster recovery term does this apply? Response: RTO (Recovery Time Objective) - Goal to recover from failure. MTTR (mean time to respond) is the average time it takes to recover from a product or system failure from the time when you are first alerted to that failure. MTBF (mean time between failures) is the average time between repairable failures of a technology product. Recovery Point Objective describes the interval of time that might pass during a disruption before the quantity of data lost during that period exceeds the Business Continuity Plan's maximum allowable threshold or "tolerance."
Your senior network administrator has decided that the five physical servers at your location will be virtualized and run on a single physical host. The five virtual guests are mission-critical and will use the physical hard disks in the physical host. The physical host has the hard disks configured with RAID 1. Identify the flaw in this plan. The physical hard disks must not reside in the physical host. The physical server should be using RAID 5. You cannot run five virtual machines on a physical host simultaneously. The physical host is a single point of failure.
Your senior network administrator has decided that the five physical servers at your location will be virtualized and run on a single physical host. The five virtual guests are mission-critical and will use the physical hard disks in the physical host. The physical host has the hard disks configured with RAID 1. Identify the flaw in this plan. Raid 1 = mirror The physical host is a single point of failure.
Your senior network administrator has decided that the five physical servers at your location will be virtualized and run on a single physical host. The five virtual guests are mission-critical and will use the physical hard disks in the physical host. The physical host has the hard disks configured with RAID 1. Identify the flaw in this plan. The physical server should be using RAID 5. The physical hard disks must not reside in the physical host. You cannot run five virtual machines on a physical host simultaneously. The physical host is a single point of failure.
Your senior network administrator has decided that the five physical servers at your location will be virtualized and run on a single physical host. The five virtual guests are mission-critical and will use the physical hard disks in the physical host. The physical host has the hard disks configured with RAID 1. Identify the flaw in this plan. The physical host is a single point of failure.
Your team has been tasked with reviewing the source code for a custom application component to identify and mitigate source code vulnerabilities. Which term best describes the procedure? Dynamic code analysis Shimming Static code analysis CI/CD
Your team has been tasked with reviewing the source code for a custom application component to identify and mitigate source code vulnerabilities. Which term best describes the procedure? Response: Static code analysis
Your web server is being flooded by a denial-of-service attack. Using a network analyzer, you see that IP broadcast replies are being sent back to the address of your server from multiple addresses. Which type of network attack is this? On-path DNS poisoning Smurf Back door
Your web server is being flooded by a denial-of-service attack. Using a network analyzer, you see that IP broadcast replies are being sent back to the address of your server from multiple addresses. Which type of network attack is this? Response: Smurf On-path - On-path attackers place themselves between two devices (often a web browser and a web server) and intercept or modify communications between the two. The attackers can then collect information as well as impersonate either of the two agents. DNS P- Domain Name Server (DNS) spoofing (a.k.a. DNS cache poisoning) is an attack in which altered DNS records are used to redirect online traffic to a fraudulent website that resembles its intended destination. Back Door-A backdoor is a malware type that negates normal authentication procedures to access a system
__________ is a data protection approach that obfuscates sensitive data by substituting it with a different value ("dummy" value), available to unauthorized users. Data masking Data transference Data rights management Data obfuscation
__________ is a data protection approach that obfuscates sensitive data by substituting it with a different value ("dummy" value), available to unauthorized users. Data masking Data transference Data rights management Data obfuscation
Within Unix/Linux systems, the __________ tool dumps the contents of physical memory. coredump sysdump memdump fulldump
memdump Within Unix/Linux systems, the __________ tool dumps the contents of physical memory. coredump-a crash file sysdump-generates a system dump image of a live system without disrupting normal operation of the syste memdump fulldump
