TestOut CyberDefense Pro Units 3 & 4 Test
Which of the following roles is often outsourced in risk training scenarios?
The offensive team
A new desktop was put into production. The system administrator created a new user and disabled the local administrator and guest accounts. Which vulnerability was introduced when the system was powered on?
The system was not updated or patched
During a tabletop exercise, someone from the red team has a question about a procedure's validity and whether or not it would violate the terms of engagement. How should this be determined?
The white team must answer the question before moving forward.
Which of the following indicate the email highlighted below may be suspicious? (Select two.)
There are several spelling mistakes in the email. The link in the email is to an IP address; it is not to Microsoft's website.
A new piece of equipment is placed into production. It is connected and powered on. Which of the following is the known threat vulnerability introduced in this scenario?
Default credentials
Gathering information about a system, its components, and how they work together is known as which of the following?
Footprinting
Fred runs a small manufacturing shop. He produces consumer goods on his equipment. Suppose Fred has six stamp presses each valued at $35,000. At any given time, two of his presses might be out of service due to mechanical breakdowns or required upgrades. What is Fred's single loss expectancy?
$70,000
Natural disasters can happen at any time and have unknown or incalculable effects. Based on information from subject matter experts, the probability of a natural disaster is once every 75 years. Using this information, what is the annualized rate of occurrence (ARO) for a natural disaster affecting an organization?
0.013
Which of the following best describes a script kiddie?
A hacker who uses scripts written by much more talented individuals.
Which of the following are true about threats and vulnerabilities? (Select two.)
A vulnerability is an opening for an attacker to exploit. A threat is a potential source of harm.
Which of the following would the red team MOST likely use?
An ethical hacker
One component of the ALE calculation is ARO. What does ARO represent?
Annualized rate of occurrence
An organization's user data server is backed up daily. Referencing the CIA triad, this is an example of which of the following?
Availability
What do each of the letters represent in the CIA triad? (Select three.)
Availability Confidentiality Integrity
Which team is responsible for defending the network against attacks in a risk training scenario?
Blue
A security analyst and their team go through the entire list of assets in the company and assign each item a level of priority. Then they group the assets in the same levels together so they can create defense strategies for each group. What is this process called?
Bundling critical assets
How is probability determined using qualitative analysis?
By a team of subject matter experts
Robyn, a new employee, needs to choose a password to log into the system. She doesn't want to forget it, but she needs to meet certain criteria required by security. What should she do?
Choose a password that's easy to remember but doesn't include any personal information.
Access to a database is protected by multi-factor authentication. In the CIA triad, this is an example of which of the following?
Confidentiality
The following output was displayed using the Social Engineering Toolkit (SET). Which attack method was used to capture the user's input?
Credential harvesting attack method
What is vandalism?
Damaging or defacing assets
4.1.10 Identify Social Engineering You are the security analyst for a small corporate network. Your manager has received several concerning emails. He has asked you to view his email and determine whether these messages are hazardous or safe. In this lab, your task is to: Read each email and determine whether the email is legitimate. Delete any emails that are attempts at social engineering. Keep all emails that are safe.
Delete the Microsoft Windows Update Center phishing email Delete the Jim Haws malicious attachment email Delete the Executive Recruiting whaling email Delete the Riverdale Estates HOA Online Banking phishing email Delete the Grandma White forwarded email hoax Delete the Daisy Knudsen spear phishing email Delete the Rachelle Hancock malicious attachment email Delete the Grandma White forwarded email hoax
Ron, a hacker, wants to gain access to a prestigious law firm he has been watching for a while. June, an administrative assistant at the law firm, is having lunch at the food court around the corner from her office. Ron notices that June has a picture of a dog on her phone. He casually walks by and starts a conversation about dogs. Which phase of the social engineering process is Ron in?
Development phase
As a security technician who is in charge of physical security for computer and network resources, you are responsible for ensuring a quick recovery should an event occur. A physical storage device controlling data backups has failed, causing corruption for a weekly full backup. It failed on Saturday. On Monday, you noticed the errors and have since run a restore of needed data and a full backup to ensure continuity. The failed device has been replaced. Since each work day creates unique data to be backed up, which type of backup would be the preferred method to make certain each day's data was properly maintained while ensuring efficiency? (The time required for backup is not a primary concern, but the time needed to restore data is, as is backup data storage space.)
Differential backup
Compliments, misinformation, feigning ignorance, and being a good listener are tactics of which social engineering technique?
Elicitation
A speaker was invited to a company-wide training meeting. When he arrived, he identified himself at the front desk, and the receptionist gave him directions on how to find the conference room. What important step did the receptionist miss?
Escorting him to the conference room
Escorting him to the conference room
Forward the call to the help desk
A company is in the process of hiring Jill, a new technician. HR has checked the background and references of the candidate. What are some next steps in the hiring process that HR should take?
Have her sign an NDA and AUPs.
Which of the following is a device used by the blue team to lure an unsuspecting attacker to aimlessly explore?
Honeypot
You are in the process of implementing policies and procedures that require employee identification. You observe employees holding a secure door for others to pass through. Which of the following training sessions should you implement to help prevent this in the future?
How to prevent piggybacking and tailgating.
How is magnitude measured by a team of subject matter experts when using qualitative analysis?
Impact
A tabletop exercise is a theoretical exercise where each team is given a set of criteria and then left to evaluate and strategize. They evaluate the what, when, where, why, and how. What is the purpose of this exercise?
It gives each team the opportunity to hone their skills and evaluate different techniques for attack and defense.
Which of the following BEST describes a physical barrier used to deter an aggressive intruder?
Large flowerpots
A company has a list of high-value assets (HVAs). As a security analyst, what must you do to help protect those assets? (Select two.)
Make sure an incident involving one of the HVAs is always high priority. Make sure the response team can easily identify the HVAs.
While reviewing video files from your organization's security cameras, you notice a suspicious person using piggybacking to gain access to your building. The individual in question did not have a security badge. Which of the following would you most likely implement to keep this from happening in the future?
Mantraps
Which of the following are tactics social engineers might use?
Moral obligation, ignorance, and threatening
PII, if exposed or captured by attackers, can be used to exploit and blackmail. What is PII?
Personally identifiable information
The annual loss expectancy (ALE) calculation provides an organization's stakeholders with what information?
Potential financial loss of an event based on how often a threat could occur.
Important aspects of physical security include which of the following?
Preventing interruptions of computer services caused by problems such as fire
What are the three factors to keep in mind with physical security?
Prevention, detection, and recovery
Which of the following BEST describes what asset criticality does?
Prioritizes systems for scanning and remediation.
When determining a risk's severity, which of the following are best to consider? (Select two.)
Probabilty Magnitude
Which team is responsible for trying to infiltrate and attack a network?
Red
A person in a dark grey hoodie has jumped the fence at your research center. A security guard has detained this person, denying them physical access. Which of the following areas of physical security is the security guard currently in?
Security sequence
Attackers often target data and intangible assets. Identify what hackers may do with the information they collect. (Select two.)
Sell the data to the competition Harm a company's reputation
Brandon is helping Fred with his computer. He needs Fred to enter his username and password into the system. Fred enters the username and password while Brandon is watching him. Brandon explains to Fred that it is not a good idea to allow anyone to watch you type in usernames or passwords. Which type of social engineering attack is Fred referring to?
Shoulder surfing
You have a set of DVD-RW discs that were used to archive files from your latest project. You need to prevent the sensitive information on the discs from being compromised. Which of the following methods should you use to destroy the data?
Shred the discs
Any attack involving human interaction of some kind is referred to as which of the following?
Social engineering
You are instant messaging a coworker, and you get a malicious link. Which type of social engineering attack is this?
Spim
4.3.3 Implement Physical Security Countermeasures Based on your review of physical security, you have recommended several improvements. Your plan includes smart card readers, IP cameras, signs, and access logs. Implement your physical security plan by dragging the correct items from the shelf into the various locations in the building. As you drag the items from the shelf, the possible drop locations are highlighted. In this lab, your task is to: Install the smart card key readers in the appropriate locations to control access to key infrastructure. Install the IP security cameras in the appropriate locations to record which employees access the key infrastructure. Install a Restricted Access sign in the appropriate location to control access to the key infrastructure. Add the visitor log to a location appropriate for logging visitor access.
TASK SUMMARY Required Actions Install the smart card key readers > Install the card reader outside the building's front door >Install the card reader outside the Networking Closet door Install the IP security cameras > Install the IP security camera inside the Networking Closet > Install the IP security camera outside the Networking Closet Install the Restricted Access sign on the Networking Closet door Place the visitor log on the Lobby desk EXPLANATION Complete this lab as follows: Install the smart card key readers. From the Shelf, expand Door Locks. Drag a Smart Card Reader from the shelf to the highlighted location outside the building's front door. Drag a Smart Card Reader from the shelf to the highlighted location outside the Networking Closet's door. Install the IP security cameras. From the Shelf, expand CCTV Cameras. Drag the IP Security Camera from the shelf to the highlighted circle inside the Networking Closet. Drag the IP Security Camera from the shelf to just outside the Networking Closet. Install the Restricted Access sign. From the Shelf, expand Restricted Access Signs. Drag the Restricted Access Sign from the shelf to the Networking Closet door. Install the visitor log. On the Shelf, expand Visitor Logs. Drag the Visitor Log from the shelf to the Lobby desk.
You are a security consultant and have been hired to evaluate an organization's physical security practices. All employees must pass through a locked door to enter the main work area. Access is restricted using a biometric fingerprint lock. A receptionist is located next to the locked door in the reception area. They use an iPad application to log any security events that may occur. They also use their iPad to complete work tasks as assigned by the organization's CEO. What could you do to add an additional layer of security to this organization?
Train the receptionist to keep his or her iPad in a locked drawer.
A security analyst must identify risks and figure out how best to mitigate them. Which of the following are risk mitigation techniques? (Select three.)
Train users to identify email attacks. Close unused ports on a firewall. Ensure systems are patched and updated.
An organization's cybersecurity staff needs to be competent at their jobs or serious consequences can occur. Which of the following is an important component to staying up to date and honing a team's cybersecurity skills?
Training
You want to properly dispose of papers with sensitive content. You want to ensure that it's nearly impossible for a dumpster diver to put the information back together. What should you do?
Use a crosscut shredder
You have implemented a regular backup schedule for a Windows system, backing up data files every night and creating a system image backup once per week. For security reasons, your company has decided not to store a redundant copy of the backup media at an off-site location. Which of the following would be the best backup and storage option?
Use incremental backups and store them in a locked, fireproof safe.
How is probability determined using quantitative analysis?
Using the ARO calculation
A resentful employee hacks into a company's website and replaces all the text and images with obscene material. They also replace all links with malicious ones. This is an example of which of the following?
Vandalism
A(n) ______ threat comes from a disgruntled employee or contractor.
internal
A(n) ______ assessment measures valuation and intangibles.
qualitative
A(n) ______ assessment measures the direct value of tangible assets.
quantitative
What is the name for a mock attack exercise that simulates an actual network attack?
tabletop
A member of which team is often used to oversee a tabletop exercise?
white