SSCP question
What standard governs the creation and validation of digital certificates for use in a public key infrastructure?
X.509
Which one of the following is not considered PII under U.S. federal government regulations?
ZIP code
What topology correctly describes Ethernet?
a bus
Lauren's and Nick's PCs simultaneously send traffic by transmitting at the same time. What network term describes the range of systems on a network that could be affected by this same issue?
a collision domain
Lauren's team of system administrators each deal with hundreds of systems with varying levels of security requirements and find it difficult to handle the multitude of usernames and passwords they each have. What type of solution should she recommend to ensure that passwords are properly handled and that features such as logging and password rotation occur?
a credential management system
Arnold is receiving reports from end users that their Internet connections are extremely slow. He looks at the firewall and determines that there are thousands of unexpected inbound connections per second arriving from all over the world. What type of attack is most likely occurring?
a denial of service attack
What documentation is typically prepared after a postmortem review of an incident has been completed?
a lessons learned document
What type of attack is most likely to occur after a successful ARP spoofing attempt?
a man-in-the-middle attack
What type of key does WEP use to encrypt wireless communications?
a predefined shared static key
What network tool can be used to protect the identity of clients while providing Internet access by accepting client requests, altering the source addresses of the requests, mapping requests to clients, and sending the modified requests out to their destination?
a proxy
In her role as an information security professional, Susan has been asked to identify areas where her organization's wireless network may be accessible even though it isn't intended to be. What should Susan do to determine where her organization's wireless network is accessible?
a site survey
The U.S. government CAC is an example of what form of Type 2 authentication factor?
a smart card
Lauren's networking team has been asked to identify a technology that will allow them to dynamically change the organization's network by treating the network like code. What type of architecture should she recommend?
a software-defined network
Susan sets up a firewall that keeps track of the status of the communication between two systems and allows a remote system to respond to a local system after the local system starts communication. What type of firewall is Susan using?
a stateful packet inspection firewall
Chris needs to design a firewall architecture that can support a DMZ, a database, and a private internal network in a secure manner that separates each function. What type of design should he use, and how many firewalls does he need?
a three tier firewall design with at least one firewall
A new customer at a bank that uses fingerprint scanners to authenticate its users is surprised when he scans his fingerprint and is logged in to another customer's account. What type of biometric factor error occurred?
a type 2 error
Jim uses a tool that scans a system for available services and then connects to them to collect banner information to determine what version of the service is running. It then provides a report detailing what it gathers, basing results on service fingerprinting, banner information, and similar details it gathers combined with CVE information. What type of tool is Jim using?
a vulnerability scanner
During a port scan, Susan discovers a system running services on TCP and UDP 137-139 and TCP 445, as well as TCP 1433. What type of system is she likely to find if she connects to the machine?
a windows sql server
Which of the following are not Remote Access concerns?
access badges
Kathleen works for a data center hosting facility that provides physical data center space for individuals and organizations. Until recently, each client was given a magnetic-strip-based keycard to access the section of the facility where their servers are located, and they were also given a key to access the cage or rack where their servers reside. In the past month, several servers have been stolen, but the logs for the pass cards show only valid IDs. What is Kathleen's best option to make sure that the users of the pass cards are who they are supposed to be?
add a biometric factor
What type of access control is composed of policies and procedures that support regulations, requirements, and the organization's own policies?
administrative
When a host on an Ethernet network detects a collision and transmits a jam signal, what happens next?
all hosts stop transmitting, and each host waits a random period of time before attempting to transmit again
Which objects and subjects have a label in a MAC model?
all objects and subjects have a label
Adam recently configured permissions on an NTFS filesystem to describe the access that different users may have to a file by listing each user individually. What did Adam create?
an access control list
As the CISO of her organization, Jennifer is working on an incident classification scheme and wants to base her design on NIST's definitions. Which of the following options should she use to best describe a user accessing a file that they are not authorized to view?
an adverse event
Which one of the following statements best describes a zero-day vulnerability?
an attack prviously unkown to the security community
What type of firewall is capable of inspecting traffic at layer 7 and performing protocolspecific analysis for malicious traffic?
application firewall
the DARPA TCP/IP model's Application layer matches up to what three OSI model layers?
application, presentation, and session
what important function do senior managers normally fill on a business continuity planning team?
arbitrating disputes about criticality
Earlier this year, the information security team at Jim's employer identified a vulnerability in the web server that Jim is responsible for maintaining. He immediately applied the patch and is sure that it installed properly, but the vulnerability scanner has continued to incorrectly flag the system as vulnerable because of the version number it is finding even though Jim is sure the patch is installed. Which of the following options is Jim's best choice to deal with the issue?
ask the information security team to flag the system as patched and not vulnerable
What type of token-based authentication system uses a challenge/response process in which the challenge must be entered on the token?
asynchronous
Laura is in the process of logging into a system and she just entered her password. What term best describes this activity?
authentication
When you input a user ID and password, you are performing what important identity and access management activity?
authentication
What access management concept defines what rights or privileges a user has?
authorization
Gary is implementing a new website architecture that uses multiple small web servers behind a load balancer. What principle of information security is Gary seeking to enforce?
availability
John's network begins to experience symptoms of slowness. Upon investigation, he realizes that the network is being bombarded with TCP SYN packets and believes that his organization is the victim of a denial-of-service attack. What principle of information security is being violated?
availability
Which one of the following security programs is designed to establish a minimum standard common denominator of security understanding?
awareness
Senior management in Adam's company recently read a number of articles about massive ransomware attacks that successfully targeted organizations like the one that Adam is part of. Adam's organization already uses layered security solutions including a border IPS, firewalls between network zones, local host firewalls, antivirus software, and a configuration management system that applies recommended operating system best practice settings to their workstations. What should Adam recommend to minimize the impact of a similar ransomware outbreak at his organization?
backups
What term is used to describe a set of common security configurations, often provided by a third party?
baseline
Yolanda is writing a document that will provide configuration information regarding the minimum level of security that every system in the organization must meet. What type of document is she preparing?
baseline
Which one of the following tools helps system administrators by providing a standard, secure template of configuration settings for operating systems and applications?
baseline configuration
Cynthia is building a series of scripts to detect malware beaconing behavior on her network. Which of the following is not a typical means of identifying malware beaconing?
beacon protocol
Saria's team is working to persuade their management that their network has extensive vulnerabilities that attackers could exploit. If she wants to conduct a realistic attack as part of a penetration test, what type of penetration test should she conduct?
black box
Grace would like to implement application control technology in her organization. Users often need to install new applications for research and testing purposes, and she does not want to interfere with that process. At the same time, she would like to block the use of known malicious software. What type of application control would be appropriate in this situation?
blacklisting
Lisa is attempting to prevent her network from being targeted by IP spoofing attacks as well as preventing her network from being the source of those attacks. Which one of the following rules is not a best practice that Lisa can configure at her network border?
block packets with public IP address from entering the network
Linux systems that use bcrypt are using a tool based on what DES alternative encryption scheme?
blowfish
Raj is selecting an encryption algorithm for use in his organization and would like to be able to vary the strength of the encryption with the sensitivity of the information. Which one of the following algorithms allows the use of different key strengths?
blowfish
During a penetration test, Lauren is asked to test the organization's Bluetooth security. Which of the following is not a concern she should explain to her employers?
bluetooth active scans can't evaluate the security mode of Bluetooth devices.
MAC models use three types of environments. Which of the following is not a mandatory access control design?
bracketed
Which of the following is best described as an access control model that focuses on subjects and identifies the objects that each subject can access?
capability table
Which of the following is not a potential problem with active wireless scanning?
causing alarms on the organization's wireless IPS
As part of his team's forensic investigation process, Matt signs drives and other evidence out of storage before working with them. What type of documentation is he creating?
chain of custody
Tom is responding to a recent security incident and is seeking information on the approval process for a recent modification to a system's security settings. Where would he most likely find this information?
change log
Glenda would like to conduct a disaster recovery test and is seeking a test that will allow a review of the plan with no disruption to normal information system activities and as minimal a commitment of time as possible. What type of test should she choose?
checklist review
Who is the ideal person to approve an organization's business continuity plan?
chieg executive officer
During a port scan of his network, Alex finds that a number of hosts respond on TCP ports 80, 443, 515, and 9100 in offices throughout his organization. What type of devices is Alex likely discovering?
Printers
Allie is responsible for reviewing authentication logs on her organization's network. She does not have the time to review all logs, so she decides to choose only records where there have been four or more invalid authentication attempts. What technique is Allie using to reduce the size of the pool?
clipping
Tony is developing a business continuity plan and is having difficulty prioritizing resources because of the difficulty of combining information about tangible and intangible assets. What would be the most effective risk assessment approach for him to use?
combination of quantitative and qualitative risk assessment
What is the final step of a quantitative risk analysis?
conduct a cost/benefit analysis
Which one of the following protocols is commonly used to provide backend authentication services for a VPN?
RADIUS
Howard is choosing a cryptographic algorithm for his organization, and he would like to choose an algorithm that supports the creation of digital signatures. Which one of the following algorithms would meet his requirement?
RSA
which one of the following cryptographic algorithms supports the goal of nonrepudiation?
RSA
Sarah is manually reviewing a packet capture of TCP traffic and finds that a system is setting the RST flag in the TCP packets it sends repeatedly during a short period of time. What does this flag mean in the TCP packet header?
RST means "reset" the TCP session will be disconnected
After completing an incident response process and providing a final report to management, what step should Casey use to identify improvement to her incident response plan?
conduct a lessons learned session
Frank discovers a keylogger hidden on the laptop of his company's chief executive officer. What information security principle is the keylogger most likely designed to disrupt?
confidentiality
Susan is working with the management team in her company to classify data in an attempt to apply extra security controls that will limit the likelihood of a data breach. What principle of information security is Susan trying to enforce?
confidentiality
Which one of the following cryptographic goals protects against the risks posed when a device is lost or stolen?
confidentiality
What technology asset management practice would an organization use to ensure that systems meet baseline security standards?
configuration management
During what phase of incident response is the primary goal to limit the damage caused by an incident?
containment
Tara recently detected a security incident in progress on her network. What action should be her highest priority at this point?
containment
During a forensic investigation, Charles discovers that he needs to capture a virtual machine that is part of the critical operations of his company's website. If he cannot suspend or shut down the machine for business reasons, what imaging process should he follow?
copy the virtual disk files and then use a memory capture tool
If Danielle wants to purge a drive, which of the following options will accomplish her goal?
cryptographic erase
Kevin is an internal auditor at a major retailer and would like to ensure that the information contained in audit logs is not changed after it is created. Which one of the following controls would best meet his goal?
cryptographic hashing
Ben is working on integrating a federated identity management system and needs to exchange authentication and authorization information for browser-based single sign-on. What technology is his best option?
SAML
Skip needs to transfer files from his PC to a remote server. What protocol should he use instead of FTP?
SCP
Under what virtualization model does the virtualization platform separate the network control plane from the data plane and replace complex network devices with simpler devices that simply receive instructions from the controller?
SDN
Which one of the following protocols might be used within a virtualization platform for monitoring and managing the network?
SNMP
What protocol is preferred over Telnet for remote server administration via the command line?
SSH
Bruce is seeing quite a bit of suspicious activity on his network. It appears that an outside entity is attempting to connect to all of his systems using a TCP connection on port 22. What type of scanning is the outsider likely engaging in?
SSH scanning
Quantum Computing regularly ships tapes of backup data across the country to a secondary facility. These tapes contain confidential information. What is the most important security control that Quantum can use to protect these tapes?
data encryption
What does a bluesnarfing attack target?
data from a bluetooth-enabled device
Which of the following does not describe data in motion?
data on a backup tape that is being shipped to a storage facility
What scenario describes data at rest?
data stored on a hard drive
As part of her malware analysis process, Caitlyn diagrams the high-level functions and processes that the malware uses to accomplish its goals. What is this process known as?
decomposition
What principle of information security states that an organization should implement overlapping security controls whenever possible?
defense in depth
Which one of the following security practices suggests that an organization should deploy multiple, overlapping security controls to meet security objectives?
defense in depth
During which phase of the incident response process would an analyst receive an intrusion detection system alert and verify its accuracy?
detection
Which one of the following control categories does not accurately describe a fence around a facility?
detective
When developing a business impact analysis, the team should first create a list of assets. What should happen next?
develop a value for each asset
Greg is the network administrator for a large stadium that hosts many events throughout the course of the year. They equip ushers with handheld scanners to verify tickets. Ushers turn over frequently and are often hired at the last minute. Scanners are handed out to ushers before each event, but different ushers may use different scanners. Scanners are secured in a locked safe when not in use. What network access control approach would be most effective for this scenario?
device authentication
Florian and Tobias would like to begin communicating using a symmetric cryptosystem, but they have no prearranged secret and are not able to meet in person to exchange keys. What algorithm can they use to securely exchange the secret key?
diffie-hellman
Wanda is configuring device-based authentication for systems on her network. Which one of the following approaches offers the strongest way to authenticate devices?
digital certificate
Carrie is analyzing the application logs for her web-based application and comes across the following string: ../../../../../../../../../etc/passwd What type of attack was likely attempted against Carrie's application?
directory traversal
Ben has configured his network to not broadcast an SSID. Why might Ben disable SSID broadcast, and how could his SSID be discovered?
disabling SSID broadcast hides networks from unauthorized personnel. the SSID can be discovered using a wireless sniffer
The (ISC)2 code of ethics applies to all SSCP holders. Which of the following is not one of the four mandatory canons of the code?
disclose breaches of privacy, trust, and ethics
Which of the following is not an important part of the incident response communication process?
disclosure based on public feedback
What security problem is most likely to exist if an operating system permits objects to be used sequentially by multiple users without forcing a refresh of the objects?
disclosure of residual data
What access control system lets owners decide who has access to the objects they own?
discretionary access control
Which of the following sequences properly describes the TCP three-way handshake?
SYN, SYN/ACK, ACK
Mark is considering replacing his organization's customer relationship management (CRM) solution with a new product that is available in the cloud. This new solution is completely managed by the vendor, and Mark's company will not have to write any code or manage any physical resources. What type of cloud solution is Mark considering?
SaaS
What name is given to the random value added to a password in an attempt to defeat rainbow table attacks?
Salt
Which one of the following actions is not normally part of the project scope and planning phase of business continuity planning?
documentation of the plan
Ben is troubleshooting a network and discovers that the NAT router he is connected to has the 192.168.x.x subnet as its internal network and that its external IP is 192.168.1.40. What problem is he encountering?
double NATing is not possible using the same IP range
In his role as a forensic examiner, Lucas has been asked to produce forensic evidence related to a civil case. What is this process called?
ediscovery
Veronica is considering the implementation of a database recovery mechanism recommended by a consultant. In the recommended approach, an automated process will move database backups from the primary facility to an off-site location each night. What type of database recovery technique is the consultant describing?
electronic vaulting
Which one of the following is not normally considered a business continuity task?
electronic vaulting
Jarett needs to protect an application server against resource exhaustion attacks. Which of the following techniques is best suited to surviving a large-scale DDoS attack?
employ a CDN
Ben is responsible for the security of payment card information stored in a database. Policy directs that he remove the information from the database, but he cannot do this for operational reasons. He obtained an exception to policy and is seeking an appropriate compensating control to mitigate the risk. What would be his best option?
encrypting the database contents
Fred is preparing to send backup tapes off-site to a secure third-party storage facility. What steps should Fred take before sending the tapes to that facility?
ensure that the tapes are handled the same way the original media would be handled based on their classification
What term is used to describe the default set of privileges assigned to a user when a new account is created?
entitlement
In Transport Layer Security, what type of key is used to encrypt the actual content of communications between a web server and a client?
ephemeral session key
Who should receive initial business continuity plan training in an organization?
everyone in the organization
Darcy is a computer security specialist who is assisting with the prosecution of a hacker. The prosecutor requests that Darcy give testimony in court about whether, in her opinion, the logs and other records in a case are indicative of a hacking attempt. What type of evidence is Darcy being asked to provide?
expert opinion
Which of the following is not a hazard associated with penetration testing?
exploitation of vulnerabilities
Norma is helping her organization create a specialized network designed for vendors that need to connect to Norma's organization's network to process invoices and upload inventory. This network should be segmented from the rest of the corporate network but have a much higher degree of access than the general public. What type of network is Norma building?
extranet
Kim is troubleshooting an application firewall that serves as a supplement to the organization's network and host firewalls and intrusion prevention system, providing added protection against web-based attacks. The issue the organization is experiencing is that the firewall technology suffers somewhat frequent restarts that render it unavailable for 10 minutes at a time. What configuration might Kim consider to maintain availability during that period at the lowest cost to the company?
fail open
Raul is creating a trust relationship between his company and a vendor. He is implementing the system so that it will allow users from the vendor's organization to access his accounts payable system using the accounts created for them by the vendor. What type of authentication is Raul implementing?
federated authentication
Which one of the following information sources is most likely to detect a security incident involving unauthorized modification of information by an employee?
file integrity monitoring system
Adam is accessing a standalone file server using a username and password provided to him by the server administrator. Which one of the following entities is guaranteed to have information necessary to complete the authorization process?
file server
Which one of the following is an example of physical infrastructure hardening?
fire suppression system
While performing post-rebuild validation efforts, Scott scans a server from a remote network and sees no vulnerabilities. Joanna, the administrator of the machine, runs a scan and discovered two critical vulnerabilities and five moderate issues. What is most likely causing the difference in their reports?
firewall between the remote network and the server
Saria wants to log and review traffic information between parts of her network. What type of network logging should she enable on her routers to allow her to perform this analysis?
flow logging
Ian's company has an internal policy requiring that it perform regular port scans of all of its servers. Ian has been part of a recent effort to move his organization's servers to an infrastructure as a service provider. What change will Ian most likely need to make to his scanning efforts?
follow the service provider's scan policies
Jim is building a research computing system that benefits from being part of a full mesh topology between systems. In a five-node full mesh topology design, how many connections will an individual node have?
four
What is the first step that should occur before a penetration test is performed?
getting permission
Gordon suspects that a hacker has penetrated a system belonging to his company. The system does not contain any regulated information, and Gordon wants to conduct an investigation on behalf of his company. He has permission from his supervisor to conduct the investigation. Which of the following statements is true?
gordon's investigatioon may include examining the contents of hard disks, network traffic, and any other systems of information belonging to the company
Alan is responding to a security incident and receives a hard drive image from a cooperating organization that contains evidence. What additional information should he request to verify the integrity of the evidence?
hash
What major issue would Charles face if he relied on hashing malware packages to identify malware packages?
hashing cannot identify unknown malware
Maria wants to deploy an anti-malware tool to detect zero-day malware. What type of detection method should she look for in her selected tool?
heuristic-based
Chris is worried that the laptops that his organization has recently acquired were modified by a third party to include keyloggers before they were delivered. Where should he focus his efforts to prevent this?
his supply chain
Chris uses a cellular hot spot (modem) to provide Internet access when he is traveling. If he leaves the hot spot connected to his PC while his PC is on his organization's corporate network, what security issue might he cause?
his system may act as a bridge from the internet to local network
Brian recently joined an organization that runs the majority of its services on a virtualization platform located in its own data center but also leverages an IaaS provider for hosting its web services and an SaaS email system. What term best describes the type of cloud environment this organization uses?
hybrid cloud
In a virtualized computing environment, what component is responsible for enforcing separation between guest machines?
hypervisor
When a subject claims an identity, what process is occurring?
identification
chris is configuring and IDS to monitor for unencrypted FTP traffic. what ports should chris use in his configuration?
TCP 20 and 21
What methods are often used to protect data in transit?
TLS VPN IPSec
Greg is designing a defense-in-depth approach to securing his organization's information and would like to select cryptographic tools that are appropriate for different use cases and provide strong encryption. Which one of the following pairings is the best use of encryption tools?
TLS for data in motion and AES for data at rest
Sonia recently removed an encrypted hard drive from a laptop and moved it to a new device because of a hardware failure. She is having difficulty accessing encrypted content on the drive despite that she knows the user's password. What hardware security feature is likely causing this problem?
TPM
A zero-day vulnerability is announced for the popular Apache web server in the middle of a workday. In Jacob's role as an information security analyst, he needs to quickly scan his network to determine what servers are vulnerable to the issue. What is Jacob's best route to quickly identify vulnerable systems?
identify affected versions and check systems for that version number using an automated scanner
Susan needs to predict high-risk areas for her organizatiion and wants to use metrics to asses risk trends as they occur. what should she do to handle this?
identify and track key risk indicators.
Which one of the following is the first step in developing an organization's vital records program?
identifying vital records
Which one of the following is not an attribute of a hashing algorithm?
They require a cryptographic key
As Lauren prepares her organization's security practices and policies, she wants to address as many threat vectors as she can using an awareness program. Which of the following threats can be most effectively dealt with via awareness?
impersonation
Which one of the following actions might be taken as part of a business continuity plan?
implementing RAID
Alex's organization uses the NIST incident classification scheme. Alex discovers that a laptop belonging to a senior executive had keylogging software installed on it. How should Alex classify this occurrence?
incident
During a review of access logs, Alex notices that Danielle logged into her workstation in New York at 8 a.m. daily but that she was recorded as logging into her department's main web application shortly after 3 a.m. daily. What common logging issue has Alex likely encountered?
inconsistent timestamps
The financial services company that Susan works for provides a web portal for its users. When users need to verify their identity, the company uses information from third-party sources to ask questions based on their past credit reports, such as "Which of the following streets did you live on in 2007?" What process is Susan's organization using?
indentity proofing
Which one of the following is not a goal of a formal change management program?
inform stakeholders of changes after they occur
When a Windows system is rebooted, what type of log is generated?
information
Angela wants to understand what a malware package does and executes it in a virtual machine that is instrumented using tools that will track what the program does, what changes it makes, and what network traffic it sends while allowing her to make changes on the system or to click on files as needed. What type of analysis has Angela performed?
interactive behavior analysis
Which one of the following tasks is performed by a forensic disk controller?
intercepting and modifying or discarding commands sent to the storage device
Which one of the following would be a reasonable application for the use of self-signed digital certificates?
internal scheduling application
During an incident investigation, investigators meet with a system administrator who may have information about the incident but is not a suspect. What type of conversation is taking place during this meeting?
interview
Why should passive scanning be conducted in addition to implementing wireless security technologies like wireless intrusion detection systems?
it can help identify rogue devices.
How does single sign-on increase security?
it helps decrease the likelihood that users will write down their password
What is the primary advantage of decentralized access control?
it provides control of access to people closer to the resources
Joe works at a major pharmaceutical research and development company and has been tasked with writing his organization's data retention policy. As part of its legal requirements, the organization must comply with the U.S. Food and Drug Administration's Code of Federal Regulations Title 21. To do so, it is required to retain records with electronic signatures. Why would a signature be part of a retention requirement?
it validates who approved the data
Maddox is conducting an information audit for his organization. Which one of the following elements that he discovered is least likely to be classified as PII when used in isolation?
item codes
Greg is redesigning his organization's incident response process, seeking to improve its efficiency and effectiveness. Which one of the following actions is not likely to improve his incident response plan?
keep all members of the team on permanent assignment to the team
Which of the following is a ticket-based authentication protocol designed to provide secure communication?
kerberos
What cryptographic principle stands behind the idea that cryptographic algorithms should be open to public inspection?
kerckhoff's principle
Questions like "What is your pet's name?" are examples of what type of identity proofing?
knowledge-based authentication
Which conceptual approach to intrusion detection system is the most common?
knowledge-based intrusion detection
Tom is a cryptanalyst and is working on breaking a cryptographic algorithm's secret key. He has a copy of an intercepted message that is encrypted, and he also has a copy of the decrypted version of that message. He wants to use both the encrypted message and its decrypted plaintext to retrieve the secret key for use in decrypting other messages. What type of attack is Tom engaging in?
known plaintext
Mandatory access control is based on what type of model?
lattice-based
The Address Resolution Protocol (ARP) and the Reverse Address Resolution Protocol (RARP) operate at what layer of the OSI model?
layer 2
SMTP, HTTP, and SNMP all occur at what layer of the OSI model?
layer 7
Javier is verifying that only IT system administrators have the ability to log on to servers used for administrative purposes. What principle of information security is he enforcing?
least privilege
During what phase of the incident response process would security professionals analyze the process itself to determine whether any improvements are warranted?
lessons learned
Tom enables an application firewall provided by his cloud infrastructure as a service provider that is designed to block many types of application attacks. When viewed from a risk management perspective, what metric is Tom attempting to lower?
likelihood
What is the best way to provide accountability for the use of identities?
logging
Because of external factors, Eric has only a limited time period to collect an image from a workstation. If he collects only specific files of interest, what type of acquisition has he performed?
logical
Juan is retrofitting an existing door to his facility to include a lock with automation capabilities. Which one of the following types of lock is easiest to install as a retrofit to the existing door?
magnetic lock
Ryan is a security risk analyst for an insurance company. He is currently examining a scenario in which a malicious hacker might use a SQL injection attack to deface a web server because of a missing patch in the company's web application. In this scenario, what is the threat?
malicious hacker
In what type of attack do attackers manage to insert themselves into a connection between a user and a legitimate website?
man-in-the-middle
While conducting a vulnerability scan of his organization's data center, Renee discovers that the management interface for the organization's virtualization platform is exposed to the scanner. In typical operating circumstances, what is the proper exposure for this interface?
management network
Jack's organization is a government agency that handles very sensitive information. They need to implement an access control system that allows administrators to set access rights but does not allow the delegation of those rights to other users. What is the best type of access control design for Jack's organization?
mandatory access control
An accounting employee at Doolittle Industries was recently arrested for participation in an embezzlement scheme. The employee transferred money to a personal account and then shifted funds around between other accounts every day to disguise the fraud for months. Which one of the following controls might have best allowed the earlier detection of this fraud?
mandatory vacation
Tim is a forensic analyst who is attempting to retrieve information from a hard drive. It appears that the user attempted to erase the data, and Tim is trying to reconstruct it. What type of forensic analysis is Tim performing?
media analysis
The Double DES (2DES) encryption algorithm was never used as a viable alternative to the original DES algorithm. What attack is 2DES vulnerable to that does not exist for the DES or 3DES approach?
meet in the middle
Which one of the following is not an example of a backup tape rotation scheme?
meet in the middle
During what phase of the incident response process do administrators take action to limit the effect or scope of an incident?
mitigation
Jennifer is an Active Directory domain administrator for her company and knows that a quickly spreading botnet relies on a series of domain names for command and control and that preventing access to those domain names will cause the malware infection that connects to the botnet to fail to take further action. Which of the following actions is her best option if she wants to prevent off-site Windows users from connecting to botnet command-and-control systems?
modify the hosts file
What type of trust relationship extends beyond the two domains participating in the trust to one or more of their subdomains?
Transitive trust
Angela uses a sniffer to monitor traffic from a RADIUS server configured with default settings. What protocol should she monitor, and what traffic will she be able to read?
UDP, all traffic but the passwords, which are encrypted
During a third-party vulnerability scan and security test, Danielle's employer recently discovered that the embedded systems that were installed to manage her company's new buildings have a severe remote access vulnerability. The manufacturer has gone out of business, and there is no patch or update for the devices. What should Danielle recommend that her employer do about the hundreds of devices that are vulnerable?
move the devices to a secured network segment
Gabe is concerned about the security of passwords used as a cornerstone of his organization's information security program. Which one of the following controls would provide the greatest improvement in Gabe's ability to authenticate users?
multifactor authentication
John deploys his website to multiple regions using load balancers around the world through his cloud infrastructure as a service provider. What availability concept is he using?
multiple processing sites
Which of the following is a method used to design new software tests and to ensure the quality of tests?
mutation testing
Lydia is processing access control requests for her organization. She comes across a request where the user does have the required security clearance, but there is no business justification for the access. Lydia denies this request. What security principle is she following?
need to know
You are performing an investigation into a potential bot infection on your network and want to perform a forensic analysis of the information that passed between different systems on your network and those on the Internet. You believe that the information was likely encrypted. You are beginning your investigation after the activity concluded. What would be the best and easiest way to obtain the source of this information?
netflow data
Jim would like to identify compromised systems on his network that may be participating in a botnet. He plans to do this by watching for connections made to known commandand-control servers. Which one of the following techniques would be most likely to provide this information if Jim has access to a list of known servers?
netflow records
Which one of the following facilities would have the highest level of physical security requirements?
network closet
Joe is the security administrator for an ERP system. He is preparing to create accounts for several new employees. What default access should he give to all of the new employees as he creates the accounts?
no access
Kelly is adjusting her organization's password requirements to make them consistent with best practice guidance from NIST. What should she choose as the most appropriate time period for password expiration?
no expiration
Which one of the following is an administrative control that can protect the confidentiality of information?
nondisclosure agreement
Which one of the following statements is true about virtualized operating systems?
none of these statements is correct
Alice sent a message to Bob. Bob would like to demonstrate to Charlie that the message he received definitely came from Alice. What goal of cryptography is Bob attempting to achieve?
nonrepudiation
Ben is designing a messaging system for a bank and would like to include a feature that allows the recipient of a message to prove to a third party that the message did indeed come from the purported originator. What goal is Ben trying to achieve?
nonrepudiation
Jeff discovers a series of JPEG photos on a drive that he is analyzing for evidentiary purposes. He uses exiftool to collect metadata from those files. Which information is not likely to be included in that metadata?
number of copies made
Files, databases, computers, programs, processes, devices, and media are all examples of what?
objects
Susan wants to integrate her website to allow users to use accounts from sites like Google. What technology should she adopt?
openID
When working to restore systems to their original configuration after a long-term APT compromise, Charles has three options: Option 1: He can restore from a backup and then update patches on the system. Option 2: He can rebuild and patch the system using the original installation media and application software and his organization's build documentation. Option 3: He can remove the compromised accounts and rootkit tools and then fix the issues that allowed the attackers to access the systems. Which option should Charles choose in this scenario?
option 2. He can rebuild and patch the system using the original installation media and application software and his organization's build documentation.
Lauren's organization has deployed VoIP phones on the same switches that the desktop PCs are on. What security issue could this create, and what solution would help?
VLAN hopping; use physically separate switches
Chris would like to use John the Ripper to test the security of passwords on a compromised Linux system. What files does he need to conduct this analysis?
/etc/passwd and /etc/shadow
Ben has deployed a 1000BaseT 1 gigabit network and needs to run a cable to another building. If Ben is running his link directly from a switch to another switch in that building, what is the maximum distance Ben can cover according to the 1000BaseT specification?
100 meters
Alice is designing a cryptosystem for use by six users and would like to use a symmetric encryption algorithm. She wants any two users to be able to communicate with each other without worrying about eavesdropping by a third user. How many symmetric encryption keys will she need to generate?
15
Cameron is configuring his organization's Internet router and would like to enable antispoofing technology. Which one of the following source IP addresses on an inbound packet should trigger anti-spoofing controls?
192.168.163.109
Chris is designing a cryptographic system for use within his company. The company has 1,000 employees, and they plan to use an asymmetric encryption system. How many total keys will they need?
2000
How many possible keys exist for a cipher that uses a key containing 5 bits?
32
How many bits of keying material does the Data Encryption Standard use for encrypting information?
56 bits
Which NIST special publication covers the assessment of security and privacy controls?
800-53A
Lauren wants to provide port-based authentication on her network to ensure that clients must authenticate before using the network. What technology is an appropriate solution for this requirement?
802.1x
Ed has been tasked with identifying a service that will provide a low-latency, highperformance, and high-availability way to host content for his employer. What type of solution should he seek out to ensure that his employer's customers around the world can access their content quickly, easily, and reliably?
A CDN
Chris is setting up a hotel network and needs to ensure that systems in each room or suite can connect to each other, but systems in other suites or rooms cannot. At the same time, he needs to ensure that all systems in the hotel can reach the Internet. What solution should he recommend as the most effective business solution?
VLANs
During a recent vulnerability scan, Ed discovered that a web server running on his network has access to a database server that should be restricted. Both servers are running on his organization's VMware virtualization platform. Where should Ed look first to configure a security control to restrict this access?
VMware
Kaiden is creating an extranet for his organization and is concerned about unauthorized eavesdropping on network communications. Which one of the following technologies can he use to mitigate this risk?
VPN
Ben is designing a Wi-Fi network and has been asked to choose the most secure option for the network. Which wireless security standard should he choose?
WPA2
The leadership at Susan's company has asked her to implement an access control system that can support rule declarations like "Only allow access to salespeople from managed devices on the wireless network between 8 a.m. and 6 p.m." What type of access control system would be Susan's best choice?
ABAC
WPA2's Counter Mode Cipher Block Chaining Message Authentication Mode Protocol (CCMP) is based on which common encryption scheme?
AES
What encryption algorithm is used by both BitLocker and Microsoft's Encrypting File System?
AES
What encryption algorithm would provide strong protection for data stored on a USB thumb drive?
AES
One of Susan's attacks during a penetration test involves inserting false ARP data into a system's ARP cache. When the system attempts to send traffic to the address it believes belongs to a legitimate system, it will instead send that traffic to a system she controls. What is this attack called?
ARP cache poisoning
During a penetration test of her organization, Kathleen's IPS detects a port scan that has the URG, FIN, and PSH flags set and produces an alarm. What type of scan is the penetration tester attempting?
An Xmas scan
Which information security goal is impacted when an organization experiences a DoS or DDoS attack?
Availability
Which one of the following mobile device strategies is most likely to result in the introduction of vulnerable devices to a network?
BYOD
Ralph is designing a physical security infrastructure for a new computing facility that will remain largely unstaffed. He plans to implement motion detectors in the facility but would also like to include a secondary verification control for physical presence. Which one of the following would best meet his needs?
CCTV
Which one of the following stakeholders is not typically included on a business continuity planning team?
CEO
Susan has been asked to recommend whether her organization should use a MAC scheme or a DAC scheme. If flexibility and scalability are important requirements for implementing access controls, which scheme should she recommend and why?
DAC, because allowing individual administrators to make choices about the objects they control provides scalability and flexibility
What technology could Lauren's employer implement to help prevent confidential data from being emailed out of the organization?
DLP
Isaac wants to prevent hosts from connecting to known malware distribution domains. What type of solution can he use to do this without deploying endpoint protection software or an IPS?
DNS blackholing
During troubleshooting, Chris uses the nslookup command to check the IP address of a host he is attempting to connect to. The IP he sees in the response is not the IP that should resolve when the lookup is done. What type of attack has likely been conducted?
DNS poisoning
Lauren's multinational company is planning a new cloud deployment and wants to ensure compliance with the EU GDPR. Which principle states that the individual should have the right to receive personal information concerning himself or herself and share it with another data controller?
Data integrity
During a port scan using nmap, Joseph discovers that a system shows two ports open that cause him immediate worry: 21/open 23/open What services are likely running on those ports?
FTP and Telnet
What problem with FTP and Telnet makes using SFTP and SSH better alternatives?
FTP and Telnet do not encrypt data
Carla's organization recently suffered a data breach when an employee misplaced a laptop containing sensitive customer information. Which one of the following controls would be least likely to prevent this type of breach from reoccurring in the future?
File integrity monitoring
Melanie suspects that someone is using malicious software to steal computing cycles from her company. Which one of the following security tools would be in the best position to detect this type of incident?
HIDS
Lauren uses the ping utility to check whether a remote system is up as part of a penetration testing exercise. If she does not want to see her own ping packets, what protocol should she filter out from her packet sniffer's logs?
ICMP
Ben is seeking a control objective framework that is widely accepted around the world and focuses specifically on information security controls. Which one of the following frameworks would best meet his needs?
ISO 27002
Which of the following options includes standards or protocols that exist in layer 6 of the OSI model?
JPEG, ASCII and MIDI
What access control scheme labels subjects and objects and allows subjects to access objects when the labels match?
MAC
Which one of the following is an example of a nondiscretionary access control system?
MAC
Tiffany needs to assess the patch level of a Windows 2012 server and wants to use a freely available tool to check the system for security issues. Which of the following tools will provide the most detail about specific patches installed or missing from her machine?
MBSA
Max is the security administrator for an organization that uses a remote access VPN. The VPN depends upon RADIUS authentication, and Max would like to assess the security of that service. Which one of the following hash functions is the strongest cryptographic hash protocol supported by RADIUS?
MD5
Sherry conducted an inventory of the cryptographic technologies in use within her organization and found the following algorithms and protocols in use. Which one of these technologies should she replace because it is no longer considered secure?
MD5
Gary is concerned about applying consistent security settings to the many mobile devices used throughout his organization. What technology would best assist with this challenge?
MDM
Florian is building a disaster recovery plan for his organization and would like to determine the amount of time that a particular IT service may be down without causing serious damage to business operations. What variable is Florian calculating?
MTD
Karen's organization has been performing system backups for years but has not used the backups frequently. During a recent system outage, when administrators tried to restore from backups, they found that the backups had errors and could not be restored. Which of the following options should Karen avoid when selecting ways to ensure that her organization's backups will work next time?
MTD verification
During a port scan, Lauren found TCP port 443 open on a system. Which tool is best suited to scanning the service that is most likely running on that port?
Nikto
Jim wants to allow cloud-based applications to act on his behalf to access information from other sites. Which of the following tools can allow that?
OAuth
Darlene was recently offered a consulting opportunity as a side job. She is concerned that the opportunity might constitute a conflict of interest. Which one of the following sources is most likely to provide her with appropriate guidance?
organizational code of ethics
When a user attempts to log into their online account, Google sends a text message with a code to their cell phone. What type of verification is this?
out-of-band identity proofing
Which of the following Type 3 authenticators is appropriate to use by itself rather than in combination with other biometric factors?
palm scans
Susan needs to scan a system for vulnerabilities, and she wants to use an open source tool to test the system remotely. Which of the following tools will meet her requirements and allow vulnerability scanning?
OpenVAS
What type of disaster recovery test activates the alternate processing facility and uses it to conduct transactions but leaves the primary site up and running?
parallel test
Betty is concerned about the use of buffer overflow attacks against a custom application developed for use in her organization. What security control would provide the strongest defense against these attacks?
parameter checking
Roger recently accepted a new position as a security professional at a company that runs its entire IT infrastructure within an IaaS environment. Which one of the following would most likely be the responsibility of Roger's firm?
patching operating systems
Carl recently assisted in the implementation of a new set of security controls designed to comply with legal requirements. He is concerned about the long-term maintenance of those controls. Which one of the following is a good way for Carl to ease his concerns?
periodic audits
Information maintained about an individual that can be used to distinguish or trace their identity is known as what type of information?
personally identifiable information (PII)
Geoff is responsible for hardening systems on his network and discovers that a number of network appliances have exposed services including telnet, FTP, and web servers. What is his best option to secure these systems?
place a network firewall between the devices and the rest of the network
Which one of the following does not describe a standard physical security requirement for wiring closets?
place only in areas monitored by security guards
nmap is an example of what type of tool
port scanner
Eric has access to a full suite of network monitoring tools and wants to use appropriate tools to monitor network bandwidth consumption. Which of the following is not a common method of monitoring network bandwidth usage?
portmon
What type of fire suppression system fills with water when the initial stages of a fire are detected and then requires a sprinkler head heat activation before dispensing water?
preaction
After 10 years working in her organization, Cassandra is moving into her fourth role, this time as a manager in the accounting department. What issue is likely to show up during an account review if her organization does not have strong account maintenance practices?
privilege creep
What term is used to describe the problem that occurs when users change jobs in an organization but never have the access rights associated with their old jobs removed?
privilege creep
Brandon observes that an authorized user of a system on his network recently misused his account to exploit a system vulnerability against a shared server that allowed him to gain root access to that server. What type of attack took place?
privilege escalation
Which one of the following files is most likely to contain a macro virus?
projections.doc
Which one of the following is not a canon of the (ISC)2 code of ethics?
promptly report security vulnerabilities to relevant authorities
Ed has been asked to send data that his organization classifies as confidential and proprietary via email. What encryption technology would be appropriate to ensure that the contents of the files attached to the email remain confidential as they traverse the Internet?
PGP
Which one of the following cryptographic systems is most closely associated with the Web of Trust?
PGP
As part of hiring a new employee, Kathleen's identity management team creates a new user object and ensures that the user object is available in the directories and systems where it is needed. What is this process called?
provisioning
Which attack helped drive vendors to move away from SSL toward TLS-only by default?
POODLE
There are four common VPN protocols. Which group listed contains all of the common VPN protocols?
PPTP, L2F, L2TP, IPsec
Renee is a software developer who writes code in Node.js for her organization. The company is considering moving from a self-hosted Node.js environment to one where Renee will run her code on application servers managed by a cloud vendor. What type of cloud solution is Renee's company considering?
PaaS
Glenda is investigating a potential privacy violation within her organization. The organization notified users that it was collecting data for product research that would last for six months and then disposed of the data at the end of that period. During the time that they had the data, they also used it to target a marketing campaign. Which principle of data privacy was most directly violated?
purpose limitations
Which type of business impact assessment tool is most appropriate when attempting to evaluate the impact of a failure on customer confidence?
qualitative
Which of the following vulnerabilities is unlikely to be found by a web vulnerability scanner?
race condition
Retaining and maintaining information for as long as it is needed is known as what?
record retention
Tracy is preparing to apply a patch to her organization's enterprise resource planning system. She is concerned that the patch may introduce flaws that did not exist in prior versions, so she plans to conduct a test that will compare previous responses to input with those produced by the newly patched application. What type of testing is Tracy planning?
regression testing
What term describes software testing that is intended to uncover new bugs introduced by patches or configuration changes?
regression testing
The company that Dan works for has recently migrated to a Service as a Service provider for its enterprise resource planning (ERP) software. In its traditional on-site ERP environment, Dan conducted regular port scans to help with security validation for the systems. What will Dan most likely have to do in this new environment?
rely on vendor testing and audiits
Which one of the following events marks the completion of a disaster recovery process?
restoring operations in the primary facility
Tom is planning to terminate an employee this afternoon for fraud and expects that the meeting will be somewhat hostile. He is coordinating the meeting with human resources and wants to protect the company against damage. Which one of the following steps is most important to coordinate in time with the termination meeting?
revoking electronic access rights
Ricky would like to access a remote file server through a VPN connection. He begins this process by connecting to the VPN and attempting to log in. Applying the subject/object model to this request, what is the subject of Ricky's login attempt?
ricky
What is the formula used to determine risk?
risk = threat * vulnerability
Rolando is a risk manager with a large-scale enterprise. The firm recently evaluated the risk of California mudslides on its operations in the region and determined that the cost of responding outweighed the benefits of any controls it could implement. The company chose to take no action at this time. What risk management strategy did Rolando's organization pursue?
risk acceptance
HAL Systems recently decided to stop offering public NTP services because of a fear that its NTP servers would be used in amplification DDoS attacks. What type of risk management strategy did HAL pursue with respect to its NTP services?
risk avoidance
Mike recently implemented an intrusion prevention system designed to block common network attacks from affecting his organization. What type of risk management strategy is Mike pursuing?
risk mitigation
In Luke's company, users change job positions on a regular basis. Luke would like the company's access control system to make it easy for administrators to adjust permissions when these changes occur. Which model of access control is best suited for Luke's needs?
role-based access control
Kathleen is implementing an access control system for her organization and builds the following array: Reviewers: update files, delete files Submitters: upload files Editors: upload files, update files Archivists: delete files What type of access control system has Kathleen implemented?
role-based access control
The senior management of Kathleen's company is concerned about rogue devices on the network. If Kathleen wants to identify rogue devices on her wired network, which of the following solutions will quickly provide the most accurate information?
router and switch-based MAC address reporting
What type of access control is typically used by firewalls?
rule-based access controls
During a wireless network penetration test, Susan runs aircrack-ng against the network using a password file. What might cause her to fail in her password-cracking efforts?
running WPA2 in enterprise mode
Connor's company recently experienced a denial-of-service attack that Connor believes came from an inside source. If true, what type of event has the company experienced?
sabotage
Attackers who compromise websites often acquire databases of hashed passwords. What technique can best protect these passwords against automated password cracking attacks that use precomputed values?
salting
Derek sets up a series of virtual machines that are automatically created in a completely isolated environment. Once created, the systems are used to run potentially malicious software and files. The actions taken by those files and programs are recorded and then reported. What technique is Derek using?
sandboxing
Chris is responsible for workstations throughout his company and knows that some of the company's workstations are used to handle proprietary information. Which option best describes what should happen at the end of their lifecycle for workstations he is responsible for?
sanitization
A remote access tool that copies what is displayed on a desktop PC to a remote computer is an example of what type of technology?
screen scraping
During a review of her organization's network, Angela discovered that it was suffering from broadcast storms and that contractors, guests, and organizational administrative staff were on the same network segment. What design change should Angela recommend?
segment the network based on functional requirements
During a review of support incidents, Ben's organization discovered that password changes accounted for more than a quarter of its help desk's cases. Which of the following options would be most likely to decrease that number significantly?
self-service password reset
Margot is considering the use of a self-signed certificate to reduce the costs associated with maintaining a public-facing web server. What is the primary risk associated with the use of self-signed certificates?
self-signed certificates are not trusted by default
The Acme Widgets Company is putting new controls in place for its accounting department. Management is concerned that a rogue accountant may be able to create a new false vendor and then issue checks to that vendor as payment for services that were never rendered. What security control can best help prevent this situation?
separation of duties
When designing an access control scheme, Hilda set up roles so that the same person does not have the ability to provision a new user account and assign superuser privileges to an account. What information security principle is Hilda following?
separation of duties
Todd wants to add a certificate to a certificate revocation list. What element of the certificate goes on the list?
serial number
Which one of the following terms is often used to describe a collection of unrelated patches released in a large collection?
service pack
Ben's organization has had an issue with unauthorized access to applications and workstations during the lunch hour when employees aren't at their desk. What are the best types of session management solutions for Ben to recommend to help prevent this type of access?
set session timeouts for applications and use password-protected screensavers with inactivity time-outs on workstations
Jim wants to allow a partner organization's Active Directory forest (B) to access his domain forest's (A)'s resources but doesn't want to allow users in his domain to access B's resources. He also does not want the trust to flow upward through the domain tree as it is formed. What should he do?
set up a one-way nontransitive trust
Chris wants to verify that a software package that he downloaded matches the original version. What hashing tool should he use if he believes that technically sophisticated attackers may have replaced the software package with a version containing a backdoor?
sha256
Barry recently received a message from Melody that Melody encrypted using symmetric cryptography. What key should Barry use to decrypt the message?
shared secret key
Alison is examining a digital certificate presented to her by her bank's website. Which one of the following requirements is not necessary for her to trust the digital certificate?
she knows that the server belongs to the bank
Lauren is the IT manager for a small company and occasionally serves as the organization's information security officer. Which of the following roles should she include as the leader of her organization's CSIRT?
she should select herself.
Which of the following tools is not typically used to verify that a provisioning process was followed in a way that ensures that the organization's security policy is being followed?
signature-based detection
Ryan would like to implement an access control technology that is likely to both improve security and increase user satisfaction. Which one of the following technologies meets this requirement?
single sign on
Jerome is conducting a forensic investigation and is reviewing database server logs to investigate query contents for evidence of SQL injection attacks. What type of analysis is he performing?
software analysis
Which of the following multifactor authentication technologies provides both low management overhead and flexibility?
software tokens
which one of the following is not normally included in business continuity plan documentation?
statement of accounts
Martin is inspecting a system where the user reported unusual activity, including disk activity when the system is idle, and abnormal CPU and network usage. He suspects that the machine is infected by a virus but scans come up clean. What malware technique might be in use here that would explain the clean scan results?
stealth virus
Susan is reviewing files on a Windows workstation and believes that cmd.exe has been replaced with a malware package. Which of the following is the best way to validate her theory?
submit cmd.exe to VirusTotal
What type of networking device is most commonly used to assign endpoint systems to VLANs?
switch
What type of encryption is typically used for data at rest?
symmetric encryption
Ben uses a software-based token that changes its code every minute. What type of token is he using?
synchronous
What message logging standard is commonly used by network devices, Linux and Unix systems, and many other enterprise devices?
syslog
Which one of the following activities is an example of an authorization process?
system consulting an access control list
Jim is working with a penetration testing contractor who proposes using Metasploit as part of her penetration testing effort. What should Jim expect to occur when Metasploit is used?
systems will have known vulnerabilities exploited
Michael is responsible for forensic investigations and is investigating a medium-severity security incident that involved the defacement of a corporate website. The web server in question ran on a virtualization platform, and the marketing team would like to get the website up and running as quickly as possible. What would be the most reasonable next step for Michael to take?
take a snapshot of the compromised system and use that for the investigation
A denial-of-service (DoS) attack that sends fragmented TCP packets is known as what kind of attack?
teardrop
Andrew believes that a digital certificate belonging to his organization was compromised and would like to add it to a Certificate Revocation List. Who must add the certificate to the CRL?
the CA that issued the certificate
Jim has been contracted to conduct a gray box penetration test, and his clients have provided him with the following information about their networks so that he can scan them: Data center: 10.10.10.0/24 Sales: 10.10.11.0/24 Billing: 10.10.12.0/24 Wireless: 192.168.0.0/16 What problem will Jim encounter if he is contracted to conduct a scan from offsite?
the IP addresses provided are RFC 1918 addresses.
The Windows ipconfig command displays the following information: BC-5F-F4-7B-4B-7D What term describes this, and what information can usually be gathered from it?
the MAC address, the network interface card's manufacturer
Which of the following is not true about the (ISC)2 code of ethics?
the code applies to all members of the information security profession
During a forensic investigation, Charles is able to determine the Media Access Control address of a system that was connected to a compromised network. Charles knows that MAC addresses are tied back to a manufacturer or vendor and are part of the fingerprint of the system. To which OSI layer does a MAC address belong?
the data link layer
Which one of the following is not a requirement for evidence to be admissible in court?
the evidence must be tangible
Which one of the following is not one of the basic requirements for a cryptographic hash function?
the function must work on fixed-length input
As part of his incident response process, Charles securely wipes the drive of a compromised machine and reinstalls the operating system (OS) from original media. Once he is done, he patches the machine fully and applies his organization's security templates before reconnecting the system to the network. Almost immediately after the system is returned to service, he discovers that it has reconnected to the same botnet it was part of before. Where should Charles look for the malware that is causing this behavior?
the installation media
Which of the following security models does NOT concern itself with the flow of data?
the noninterference model
Which OSI layer includes electrical specifications, protocols, and interface standards?
the physical layer
In the OSI model, when a packet changes from a datastream to a segment or a datagram, what layer has it traversed?
the transport layer
Segmentation, sequencing, and error checking all occur at what layer of the OSI model that is associated with SSL, TLS, and UDP?
the transport layer
One of the findings that Jim made when performing a security audit was the use of non-IP protocols in a private network. What issue should Jim point out that may result from the use of these non-IP protocols?
they may not be able to be filtered by firewall devices.
Ben has been tasked with identifying security controls for systems covered by his organization's information classification system. Why might Ben choose to use a security baseline?
they provide a good starting point that can be tailored to organizational needs.
Darcy is designing a fault-tolerant system and wants to implement RAID level 5 for her system. What is the minimum number of physical hard disks she can use to build this system?
three
Controls provide accountability for individuals who are accessing sensitive information. This accountability is accomplished:
through access control mechanisms that require identification and authentication and through the audit funtion
While investigating a malware infection, Lauren discovers that the hosts file for the system she is reviewing contains multiple entries as shown here: 0.0.0.0 symantec.com 0.0.0.0 mcafee.com 0.0.0.0 microsoft.com 0.0.0.0 kapersky.com Why would the malware make this change?
to prevent antivirus updates
Frank discovers a missing Windows security patch during a vulnerability scan of a server in his organization's data center. Upon further investigation, he discovers that the system is virtualized. Where should he apply the patch?
to the virtualized system
Which one of the following traffic types should not be blocked by an organization's egress filtering policy?
traffic with a destination address on an external network
Which one of the following security programs is designed to provide employees with the knowledge they need to perform their specific work tasks?
training
After conducting a qualitative risk assessment of her organization, Sally recommends purchasing cybersecurity breach insurance. What type of risk response behavior is she recommending?
transfer
which one of the following administrative processes assists organizations in assignment appropriate levels of security control to sensitive information?
transmitting data
Sally is using IPsec's ESP component in transport mode. What important information should she be aware of about transport mode?
transport mode does not encrypt the header of the packet
Alan intercepts an encrypted message and wants to determine what type of algorithm was used to create the message. He first performs a frequency analysis and notes that the frequency of letters in the message closely matches the distribution of letters in the English language. What type of cipher was most likely used to create this message?
transposition cipher
Helen is implementing a new security mechanism for granting employees administrative privileges in the accounting system. She designs the process so that both the employee's manager and the accounting manager must approve the request before the access is granted. What information security principle is Helen enforcing?
two-person control
Which one of the following is an example of a computer security incident?
unauthorized vulnerability scan of a file server
Which of the following strategies is not a reasonable approach for remediating a vulnerability identified by a vulnerability scanner?
update the banner or version number.
What security measure can provide an additional security control in the event that backup tapes are stolen or lost?
use AES-256 encryption
Sue's organization recently failed a security assessment because their network was a single flat broadcast domain, and sniffing traffic was possible between different functional groups. What solution should she recommend to help prevent the issues that were identified?
use VLANs
Staff from Susan's company often travel internationally. Susan believes that they may be targeted for corporate espionage activities because of the technologies that her company is developing. What practice should Susan recommend that they adopt for connecting to networks while they travel?
use a VPN for all connections
Mika wants to analyze the contents of a drive without causing any changes to the drive. What method is best suited to ensuring this?
use a write blocker
During a security assessment of a wireless network, Jim discovers that LEAP is in use on a network using WPA. What recommendation should Jim make?
use an alternate protocol like PEAP or EAP-TLS and implement WPA2 if supported
Susan is writing a best practices statement for her organizational users who need to use Bluetooth. She knows that there are many potential security issues with Bluetooth and wants to provide the best advice she can. Which of the following sets of guidance should Susan include?
use bluetooth only for those activities that are not confidential, change the default PIN on your device, turn off discovery mode, and turn off bluetooth when it's not in active use
The company that Lauren works for is making significant investments in infrastructure as a service hosting to replace its traditional data center. Members of her organization's management have expressed concerns about data remanence when Lauren's team moves from one virtual host to another in their cloud service provider's environment. What should she instruct her team to do to avoid this concern?
use full disk encryption
Which one of the following tools is most often used for identification purposes and is not suitable for use as an authenticator?
username
Chris wants to prevent users from running a popular game on Windows workstations he is responsible for. How can Chris accomplish this for Windows 10 Pro workstations?
using application whitelisting to prevent all unallowed programs from running
NIST defines five major types of threat information types in NIST SP 800-150 the "Guide to Cyber Threat Information Sharing." They are: 1. Indicators, which are technical artifacts or observables that suggest an attack is imminent, currently underway, or compromise may have already occurred 2. Tactics, techniques, and procedures that describe the behavior of an actor 3. Security alerts like advisories and bulletins 4. Threat intelligence reports that describe actors, systems, and information being targeted and the methods being used 5. Tool configurations that support collection, exchange, analysis, and use of threat information Which one of the following groups would be least likely to included in an organization's cybersecurity incident communications plans?
utilities
Robin recently conducted a vulnerability scan and found a critical vulnerability on a server that handles sensitive information. What should Robin do next?
validation
In a software as a service cloud computing environment, who is normally responsible for ensuring that appropriate firewall controls are in place to protect the application?
vendor
In an infrastructure as a service (IaaS) environment where a vendor supplies a customer with access to storage services, who is normally responsible for removing sensitive data from drives that are taken out of service?
vendor
In what virtualization model do full guest operating systems run on top of a virtualization platform?
virtual machines
Lauren wants to ensure that her users run only the software that her organization has approved. What technology should she deploy?
whitelisting
What type of malware is characterized by spreading from system to system under its own power by exploiting vulnerabilities that do not require user intervention?
worm
What type of vulnerabilities will not be found by a vulnerability scanner?
zero-day vulnerabilities
Angela wants to test a web browser's handling of unexpected data using an automated tool. What tool should she choose?
zzuf