Week 2

Which of the following is NOT a method of achieving logical separation in network infrastructure? Using VLANs to segregate network traffic Using firewalls to create a screened subnet Physically disconnecting a system from other networks Implementing rules and policies on network devices

Physically disconnecting a system from other networks Logical separation in network infrastructure is achieved through methods that create boundaries within a network to restrict access to certain areas. This can be done using VLANs, firewalls, and implementing rules and policies on network devices. Physically disconnecting a system from other networks, also known as "air gapping," is a method of achieving physical separation, not logical separation.

According to the order of volatility, which of the following would typically be considered the least volatile form of evidence? RAM memory Network logs Archived data Registry entries

Archived data Archived data is considered the least volatile form of evidence in digital forensics because it represents a static and preserved data which is usually stored off-site, whereas RAM memory, network logs, and registry entries are more volatile and subject to rapid changes during system operation.

Which of the following best describes a replay attack? An attacker modifies the info being sent and received in real time Attacker captures a user's login session and reuses it later to gain unathorized access An attacker uses a virus to corrupt a user's data An attacker physically steals a user's device to gain access to information

Attacker captures a user's login session and reuses it later to gain unathorized access In a replay attack, the attacker intercepts valid data transmissions (like a login session) and fraudulently or maliciously re-broadcasts, repeats, or delays them. For instance, if an attacker captures the session that occurs when you log into your bank with your username and password, they could then replay that session to the bank at a later time in an attempt to log in as you. This is the basic premise of a replay attack.

Cristian, a cybersecurity analyst at Dion Training, is analyzing a security alert and trying to determine which type of attack was being used by a threat actor. The alert details an incident where an attacker deliberately inputs an excessive amount of data into an application's buffer to try and cause the system to crash and potentially allow for the execution of arbitrary code. Which of the following BEST describes this type of attack? Buffer overflow Zero-day XSS CSRF

Buffer overflow A Buffer Overflow attack occurs when an attacker inputs more data into a buffer than it can handle, potentially causing system instability, crashes, or the execution of arbitrary code.

Paula, a cybersecurity analyst at Dion Training, is tasked with researching and documenting known vulnerabilities in the organization's software applications. The analyst needs to reference a standardized identifier for each vulnerability to facilitate communication and collaboration across different teams and tools. Which of the following would provide the analyst with a unique identifier for each publicly disclosed vulnerability? CVSS OSINT CVE SCAP

CVE The Common Vulnerabilities and Exposures (CVE) system provides unique identifiers for publicly disclosed cybersecurity vulnerabilities. These identifiers, known as CVE IDs, facilitate communication and enable data exchange between security products and ensure that different tools and databases are referring to the same vulnerabilities in a standardized manner.

Sonia, a cybersecurity analyst at Dion Training, is implementing a set of rules and configurations in a Windows environment to centrally manage and control user and computer settings. Which of the following BEST describes what she is configuring? Group policies Application restriction Secure baselines SELinux

Group policies Group Policies are a set of rules and configurations in Windows environments that allow administrators to centrally manage and control user and computer settings, ensuring compliance with security and operational standards.

In an Internet of Things (IoT) ecosystem, which component serves as the central point that connects all IoT devices and enables them to communicate? Sensors Smart devices Wearables Hub/Control system

Hub/Control system In an IoT ecosystem, the hub/control system acts as the central point that connects all IoT devices, enabling them to communicate with each other. It collects, processes, and analyzes data from various devices and then sends commands back to them. This allows for seamless interaction and data exchange among all connected devices.

Satoshi, a network administrator at Dion Training, wants to mediate requests from clients seeking resources from other servers by helping to simplify requests, improve performance, and filter content. Which of the following should he utilize to accomplish this? Load balancer Proxy server Jump box Network sensor

Proxy server

Which access control model is typically used in an environment where access needs to be strictly regulated and users cannot modify their own permissions? Discretionary Access Control (DAC) Role-Based Access Control (RBAC) Mandatory Access Control (MAC) Rule-Based Access Control (RBAC)

Mandatory Access Control (MAC) Mandatory Access Control (MAC) is typically used in environments that require a high level of data security. In a MAC model, access permissions are regulated by a central authority, and users cannot modify their own permissions.

Which of the following is a challenge in microservices architecture? Scalability Flexibility Network latency faster deployment

Network latency While scalability, flexibility, and faster deployment are benefits of a microservices architecture, network latency is a challenge. Increased inter-service communication can lead to network latency and slower response times

Which term in cloud computing refers to the speed at which the system can adapt to changes in demand and why is it important for businesses to ensure a smooth customer experience? Availability Resilience Scalability Responsiveness

Reponsiveness Responsiveness in cloud computing refers to how quickly the system can adapt to changes in demand. For example, if a business experiences a sudden surge in website traffic, a responsive cloud service could automatically allocate more resources to handle the increased load. This ensures that the website remains operational and provides a smooth experience for users.

Which of the following is used for identifying the optimal locations for wireless access points in a building? Heat maps Site surveys Firewall Encryption

Site surveys Site Surveys are used for planning and designing a wireless network to provide a solution that will deliver the required wireless coverage, data rates, network capacity, roaming capability, and Quality of Service (QoS). The survey usually involves a site visit to test for RF interference and to identify optimum installation locations for access points.

Sasha, a cybersecurity analyst at Dion Training, is analyzing a security alert and trying to determine which type of attack was being used by a threat actor. The alert details an incident where an attacker sent unsolicited messages to a user's smartphone via Bluetooth without any evidence of taking control of the device. Which of the following BEST describes this type of attack? bluejacking bluebugging bluesnarfing eternalblue

bluejacking Bluejacking is the practice of sending unsolicited messages over Bluetooth to Bluetooth-enabled devices without taking control of the device.

Which of the following attacks involves an attacker intercepting the communication between two parties, altering it, and relaying it to the original recipient? Sidejacking XSS On-path SQL injection

On-path On-Path is a form of eavesdropping where the attacker intercepts the communication between two parties, modifies it, and then relays it to the original recipient. The two parties believe they are communicating directly with each other, but in reality, the attacker controls the entire conversation. This type of attack can be used to steal login credentials, personal information, or to alter the content of the communication for malicious purposes.

Roberto, a cybersecurity analyst at Dion Training, is responsible for maintaining the security and functionality of computer systems by systematically identifying, testing, deploying, and monitoring software updates. Which of the following BEST describes his responsibility? Data encryption levels Patch management Application restrictions Secure baselines

Patch management Patch management is the systematic process of identifying, testing, deploying, and monitoring software patches and updates to maintain the security and functionality of computer systems.

Which of the following scenarios best illustrates a potential risk associated with a decentralized architecture? A cybercriminal targets the central server, compromising all data and applications As an organization grows, the central server struggles to handle the increased load, leading to performance issue A remote work arrangement exposes the network to additional threats, as each remote connection is a potential entry point for cybercriminals The failure of the central server disrupts the entire network, leading to significant downtime

A remote work arrangement exposes the network to additional threats, as each remote connection is a potential entry point for cybercriminals While decentralized architectures offer greater flexibility and can support remote work arrangements, they can also expose the network to additional security threats. Each remote connection in a decentralized system is a potential entry point for cybercriminals, making it a significant risk associated with this type of architecture. The other choices mentioned are more related to risks associated with centralized architectures.

Which of the following cryptographic protocols is used in WPA3 for encryption? TKIP AES WEP CCMP

AES WPA3, the latest version of the Wi-Fi Protected Access protocol, continues to use the Advanced Encryption Standard (AES) for encryption. This protocol ensures that data transmitted over the network is secure and cannot be easily intercepted or deciphered by unauthorized parties.

Which type of DDoS attack is best described by the following statement: "The attacker sends a small packet of information that appears to originate from the victim's IP address to a vulnerable UDP server, which in turn sends a significantly larger packet of information back to the victim's IP address"? Reflected DDos Amplified DDoS Single-source DDoS On-path attack

Amplified DDoS attack In an Amplified DDoS attack, the attacker exploits the connectionless nature of the User Datagram Protocol (UDP). They send a small packet of information that appears to originate from the victim's IP address to a vulnerable UDP server. The server then sends a significantly larger packet of information back to the victim's IP address, effectively amplifying the size of the data packet and the impact of the attack.

Which of the following best describes a non-idempotent operation in the context of Infrastructure as Code (IaC)? An operation that produces the same result no matter how many times its executed An operation that produces a different results each time it's executed An operation that executes only once An operation that cannot be operated

An operation that produces a different results each time it's executed In the context of IaC, idempotence refers to the ability of an operation to produce the same results no matter how many times it's executed. Therefore, a non-idempotent operation would produce different results each time it's executed.

Susan, a cybersecurity analyst at Dion Training, is analyzing a security alert and trying to determine which technique can enhance security by ensuring that only explicitly approved applications are allowed to run on a system. Which of the following BEST describes this technique? Data encryption Application restriction Patch management Secure baselines

App restriction Application restriction is a security approach where only explicitly approved or "allow listed" applications are allowed to run on a system, ensuring that only trusted and authorized software can execute while minimizing the risk of malware or unauthorized programs compromising the system's security.

Which component of SCAP provides a list of entries with each one containing an identification number, a description, and at least one public reference for publicly known cybersecurity vulnerabilities? CVE CVSS CCE ARF

CVE (Common Vulnerabilities and Exposures) The CVE's common identifiers enable data exchange between security products and provide a baseline index point for evaluating coverage of tools and services to make it easier for organizations to share data across separate vulnerability-related tools, speeding up vulnerability management, establishing the base for risk measurement, and enabling automation. CVSS provides a framework for communicating the characteristics and impacts of IT vulnerabilities. CCE provides unique identifiers to system configurations. ARF expresses the transport format of information about assets.

In digital forensics, which of the following involves the systematic process of maintaining and safeguarding electronic evidence, ensuring its unaltered state, and keeping a detailed record of its handling and transfers throughout the investigation? Legal hold E-discovery Chain of custody Reporting

Chain of custody Chain of custody is a fundamental aspect of digital forensics that involves the meticulous documentation and tracking of electronic evidence from the moment of collection to its presentation in a legal context. It ensures the integrity of the evidence and its admissibility in court.

Which of the following attacks occurs when a threat actor executes arbitrary shell commands on a host via a vulnerable web application? LDAP injection Command injection Process injection SQL injection

Command injection A Command Injection attack occurs when a threat actor is able to execute arbitrary shell commands on a host via a vulnerable web application. This is typically achieved by manipulating input fields or parameters to include additional commands that the system will execute. In the context of the provided text, an example of this would be a web application that allows a user to test connectivity with a remote website or server by entering an IP address or hostname.

Which of the following is described as a system where a company trusts accounts created and managed by a different network that allows users to authenticate across different services using a single set of credentials? Centralized authentication MFA Federation Local authentication

Federation Federation in network security refers to a system where a company or organization trusts accounts created and managed by a different network. This allows users to authenticate across different services using a single set of credentials.

Which of the following security tools generates data about potential data leaks and policy violations that can be sent to a Security Information and Event Management (SIEM) system? Antivirus software Data loss prevention (DLP) systems Network Intrusion Detection Systems (NIDS) Vulnerability Scanners

DLP systems Data Loss Prevention (DLP) systems are designed to detect potential data breach or exfiltration transmissions by monitoring, detecting, and blocking sensitive data while in use, in motion, and at rest. DLP systems generate data about potential data leak incidents and policy violations. This information can be sent to a Security Information and Event Management (SIEM) system to alert security teams to potential data leaks, enabling them to take corrective action.

Which type of DNS attack is best described by the attacker trying to get a copy of the entire DNS zone data by pretending to be an authorized system? DNS cache poisoning DNS amplification DNS zone transfer DNS hijacking

DNS zone transfer In a DNS Zone Transfer Attack, the attacker attempts to get a copy of the entire DNS zone data, which includes all the DNS records for a domain, by pretending to be an authorized system. This can expose sensitive information about the network infrastructure of a domain.

Which process involves removing an individual's access rights when they no longer need them? Identity proofing Provisioning Deprovisioning Attestation

Deprovisioning

Sahra, a cybersecurity analyst at Dion Training, is reviewing a system's configurations and notices several software processes running that are not required for essential functionality. Which of the following actions should she take to enhance security? Enable SELinux Disable unnecessary services Apply security patches Change default passwords

Disable unnecessary services

Which of the following is NOT a benefit of serverless computing? Cost reduction Automatic scaling Increased focus on coding Easier tests and debugging

Easier testing and debugging Serverless computing offers numerous benefits such as cost reduction, automatic scaling, and allowing developers to focus more on coding rather than managing and operating servers. However, easier testing and debugging is not one of them. In fact, testing and debugging serverless applications can be more challenging due to their distributed nature. Traditional testing and debugging tools may not be suitable for serverless applications, requiring new tools and approaches.

Which of the following refers to a server or system that serves as the entry and exit point for emails, handling the transfer of emails between the internet and a local network? DMARC DKIM SPF Email gateway

Email gateway

Which of the following is a solution to mitigate shared physical server vulnerabilities? Ignoring user activities Implementing Strong isolation Mechanisms Avoiding regular vulnerability scanning Using insecure multi-tenancy

Implementing strong isolation mechanisms Strong isolation mechanisms, such as hypervisor protection and secure multi-tenancy, can ensure that activities in one virtual environment do not affect others, thus mitigating shared physical server vulnerabilities.

What is a significant challenge in securing embedded systems? Easy to apply patches Firmware code control Use of wrappers Inability to patch

Inability to patch Firmware code control and the use of wrappers are strategies for securing embedded systems are not challenges. On the other hand, the inability to patch is a significant challenge in securing embedded systems. Many embedded systems operate in environments where downtime is not acceptable, or they may be physically hard to reach, making patch application difficult. Easy to apply patches, is not typically a characteristic of embedded systems, making it an incorrect choice.

Rajesh, a security specialist at Dion Training, wants to install a IDS or IPS so that is can actively block and prevent malicious traffic from entering a screened subnet in real-time. Which of the following should he do to accomplish this? Install the IDS as a tap or monitor Install the IDS as an inline device Install the IPS as a tap or monitor Install the IPS as an inline device

Install the IPS as an inline device Installing the IPS as an in-line device allows it to actively analyze and block malicious traffic in real-time.

Which of the following best describes the role of the control plane in Software-Defined Networking (SDN)? It is responsible for moving data packets from one place to another It houses the network applications that instruct the controller It decides where network traffic is sent across a network It is a centralized system that manages the physical aspects of the network

It decides where network traffic is sent across a network In Software-Defined Networking (SDN), the control plane is the 'brain' of the network. It makes decisions about where traffic is sent. Unlike traditional network architectures where each router has its own control plane, in SDN, the control plane is centralized. This means that one central controller dictates the traffic flow across the entire network, making the network more manageable and flexible.

A cybersecurity researcher discovered a critical vulnerability in a widely-used software application that, if exploited, could allow unauthorized access to sensitive user data. The researcher wants to ensure that the vulnerability is addressed promptly while minimizing the risk of malicious exploitation. What is the most appropriate course of action for the researcher to take? Exploit the vulnerability and publicly post details to raise awareness Report it through a responsible disclosure program Ignore it since it's the responsibility of the vendor to find and fix such issues Sell the details of the vulnerability by conducting a bug bounty auction

Report it through a responsible disclosure program Responsible disclosure programs provide a framework for ethical hackers and security researchers to report vulnerabilities they discover in a responsible and ethical manner. By reporting through such a program, the researcher ensures that the software vendor has an opportunity to address the vulnerability before it is publicly disclosed, thereby minimizing the risk of exploitation by malicious actors.

Ling, a cybersecurity consultant at Dion Training, wants to select some effective security controls by prioritizing and implementing the controls based on the specific vulnerabilities and threats that the enterprise infrastructure is facing. Which of the following principles of effective control selection should they emphasize to more effectively use their limited resources while providing the best protection for the organization's infrastructure? Defense in depth Open design Risk based approach least privilege

Risk based approach A Risk-based approach underscores the need for the prioritization of controls based on potential risks and vulnerabilities specific to the infrastructure. With limited resources, organizations need to prioritize threats and vulnerabilities to best protect their infrastructure.

Which concept refers to the shifting of some risks from the customer to the cloud service provider? Risk acceptance Risk avoidance Risk mitigation Risk transference

Risk transference Risk Transference in cloud computing involves shifting certain risks from the customer to the cloud service provider. For instance, the risk of maintaining the infrastructure and ensuring uptime is transferred to the provider. However, the customer is still responsible for securing their data and applications.

Which process involves a thorough examination of the events and factors that led to a security incident and aims to identify the underlying issues and vulnerabilities that need to be addressed to prevent future occurrences? Chain of custody Root cause analysis Threat hunting Lessons learned

Root cause analysis Root cause analysis is a systematic approach to investigating cybersecurity incidents to understand their primary causes and contributing factors, enabling organizations to take corrective actions to enhance their security posture and prevent similar incidents in the future.

Which system is typically used for geographically dispersed industrial processes? PLC DCS SCADA ICS

SCADA SCADA (Supervisory Control and Data Acquisition) systems are typically used to monitor and control industrial processes that are geographically dispersed.

Priya, a network engineer at Dion Training, wants to improve the management and operation of a wide area network by decoupling the networking hardware from its control mechanism. Which of the following should she utilize to accomplish this? EAP SD-WAN IPSec SASE

SD-WAN SD-WAN (Software-Defined Wide Area Network) is a technology that decouples the network hardware from its control mechanism, providing agility, optimized cloud application performance, and reduced costs.

Liam, a cybersecurity analyst at Dion Training, is analyzing a security alert and trying to determine which type of attack was being attempted by a threat actor. The following line in the log file appears to be suspicious: 2023-11-02 14:23:56 [IP:192.168.1.101] [ERROR] User login failed for username: 'admin' OR '1'='1'; Which of the following BEST describes the type of attack attempted by this threat actor? XML injection jailbreaking SQL injection bluejacking

SQL injection

Which of the following activities involves regularly examining systems, networks, or applications to identify vulnerabilities, configuration issues, or other potential problems? Log aggregation Alerting Scanning Archiving

Scanning

Margo, a cybersecurity engineer at Dion Training, is tasked with establishing a safe starting point for the configurations of computer systems and networks. Which of the following BEST describes what she is aiming to create? Group policies Secure baselines Trusted Operating Systems Patch management

Secure baselines A secure baseline is a predefined, standardized configuration and its associated settings that establish a secure starting point to minimize security risks and vulnerabilities.

A security engineer wants to proactively identify potential vulnerabilities in a software application's source code before it is compiled and deployed. The goal is to find issues such as insecure coding practices, buffer overflows, and input validation errors. Which of the following approaches would be most effective for achieving this objective? Dynamic analysis Penetration testing Static analysis Vulnerability Scanning

Static analysis, also known as Static Application Security Testing (SAST), involves analyzing an application's source code or binary code before it is run or compiled. This approach allows security engineers to identify potential vulnerabilities, insecure coding practices, and other issues within the codebase without executing the program. Static analysis is a proactive measure to ensure application security by catching vulnerabilities early in the development lifecycle.

Which training and testing method typically involves a structured discussion in a meeting room where participants provide their responses to various scenarios and discuss their roles and responsibilities in an incident? Simulation Tabletop exercise Red teaming Blue teaming

Tabletop exercise A tabletop exercise is a structured, discussion-based training method where participants simulate responses to various scenarios to discuss their roles and responsibilities in an incident without executing actual actions

A cybersecurity analyst is tasked with gathering threat intelligence on potential sources of data leaks and unauthorized sales of proprietary company information. The analyst needs to search for mentions of the company's data in online marketplaces that are not accessible through traditional search engines and are known for hosting illegal activities. Which of the following should the analyst investigate to find such information? Public forums Corporate websites Dark web Social media

The dark web The dark web refers to a part of the internet that is intentionally hidden and is not accessible through traditional search engines. It is known for hosting illegal activities, including the sale of stolen data and proprietary information. A cybersecurity analyst would investigate the dark web to find mentions of the company's data in unauthorized marketplaces and forums.

What is the primary use of SNMP? To encrypt network data To monitor and manage network devices To create a VPN To establish a firewall

To monitor and manage network devices SNMP (Simple Network Management Protocol) is primarily used to monitor and manage network devices. It provides a standardized framework for these devices to share information about their state, allowing network administrators to manage performance, find and solve network issues, and plan for network growth. While SNMP can be used in conjunction with other technologies such as VPNs, firewalls, and encryption, its primary function is not to establish these services but to monitor and manage network devices

Which of the following best describes the function of a Security Information and Event Management (SIEM) system? To establish firewalls and VPNs on different networks To monitor, manage, and collect log data from network devices To detect and remove malware like an antivirus solution To manage the physical components of a network infrastructure

To monitor, manage, and collect log data from network devices A Security Information and Event Management (SIEM) system is a tool used in cybersecurity to provide real-time analysis of security alerts generated by applications and network hardware. It collects and aggregates log data generated throughout the organization's technology infrastructure, from host systems and applications to network and security devices such as firewalls and antivirus filters. This data is then analyzed to identify patterns that might indicate a security threat.

Which of the following statements about virtualization and containerization is NOT correct? Virtualization allows for the emulation of servers, each running its own operating system within virtual machines Containerization involves encapsulating an app in a container within its own operating environment Type 1 hypervisors operate within a standard operating system, such as Windows, Mac and Linux Docker, Kubernetes, and RedHat OpenShift are popular containerization technologies

Type 1 hypervisors operate within a standard operating system, such as Windows, Mac and Linux Type 1 hypervisors, also known as bare metal or native hypervisors, run directly on the host hardware and function similarly to an operating system. They do not operate within a standard operating system. On the other hand, Type 2 hypervisors operate within a standard operating system, such as Windows, Mac, or Linux.

Lucia, a security analyst at Dion Training, wants a comprehensive solution that integrates various security features for her company's network, including antivirus, anti-spam, firewall, and intrusion detection capabilities in a single network appliance. Which of the following types of firewalls should she utilize to accomplish this? UTM NGFW WAF Layer 4

UTM UTM (Unified Threat Management) is an all-in-one security solution that combines multiple security features into one appliance, including antivirus, anti-spam, firewall, and intrusion detection capabilities.

Which of the following best describes the process that uses data collected from various sources to identify patterns that represent typical user behavior, with the goal of detecting anomalous behavior that could indicate potential security threats? Network traffic analysis User behavior analytics Data loss prevention Intrusion Detection System

User behavior analytics

An organization has legacy systems that are critical to its operations and cannot be easily updated or replaced. These systems have known vulnerabilities that cannot be remediated through traditional patching. What is the most appropriate strategy for the organization to mitigate the risk associated with these vulnerabilities while ensuring that the systems remain operational? Immediately replace the system Ignore the vulnerabilities Utilize a compensating control Conduct full system patching

Utilize a compensating control Compensating controls refer to alternative security measures implemented to mitigate the risk when traditional controls, such as patching, are not feasible. In cases where legacy systems cannot be easily updated or replaced, compensating controls such as network segmentation, additional monitoring, or restricted access can provide an effective means of managing the associated risks while ensuring that the systems remain operational.

Which of the following security strategies collects and automatically correlates data across multiple security layers such as email, endpoint, server, cloud workloads, and network so threats can be detected faster and security analysts can improve response times? EDR FIM XDR NIDS

XDR Extended Detection and Response (XDR) is a security strategy that integrates multiple protection technologies into a single platform. It collects and automatically correlates data across multiple security layers, including email, endpoint, server, cloud workloads, and network, so that threats can be detected faster, and security analysts can improve response times. This is different from EDR and FIM, which focus on endpoint security and file integrity respectively, and NIDS, which focuses on detecting network intrusions.

Jonathan, a cybersecurity analyst at Dion Training, is analyzing a security alert and trying to determine which type of attack was being used by a threat actor. The alert details an incident where an attacker inserted malicious scripts into input fields on a website, which were then executed in the browser of any user viewing that data. Which of the following BEST describes this type of attack? XSS Buffer overflow SQL injection Bluejacking

XSS (Cross site scripting) Cross-site Scripting (XSS) is a type of injection attack where malicious scripts are inserted into websites and executed in the browser of any user viewing that data, potentially leading to stolen information or malicious redirection.

Which attack involves trying a small number of commonly used passwords against a large number of usernames or accounts? brute force dictionary password spraying hybrid

password spraying

Helena, a cybersecurity analyst at Dion Training, is analyzing a security alert and trying to determine which type of attack was being used by a threat actor. The alert details an incident where an attacker exploited a timing vulnerability that caused the system to process operations out of the intended sequence and allowing unauthorized actions. Which of the following BEST describes this type of attack? XML injection side loading SQL injection race condition

race condition A race condition occurs when the behavior of a system depends on the relative timing of events, such as the order in which threads are scheduled to run, and this potentially can lead to unintended outcomes.