601 Security+ Missed
What are the characteristic features of the Personal Information Exchange (PFX) and P12 digital certificate format? (Select 3 answers) .pfx and .p12 file extensions Generally used for Microsoft windows servers Encoded in text (ASCII Base64) format .pem, .crt, .cer and .key file extensions Encoded in binary format Generally used for Apache servers or similar configurations
.pfx and .p12 file extensions Generally used for Microsoft windows servers Encoded in binary format
Which of the following answers refers to a filename extension used in a cross-platform, general-purpose programming language? .bat .py .ps1 .vbs
.py
A strong password that meets the password complexity requirement should contain: (Select the best answer) Uppercase letters (A-Z) Digits (0-9) Non-alphanumeric characters if permitted (e.g. !, @, #, $) Lowercase letters (a-z) A combination of characters from at least 3 character groups
A combination of characters from at least 3 character groups
A rule-based access control mechanism implemented on routers, switches, and firewalls is called: ACL CSR DLP AUP
ACL
Which of the algorithms below does not fall into the category of asymmetric encryption? RSA GPG DSA AES DHE ECDHE PGP
AES
Which of the cryptographic algorithms listed below is the least vulnerable to attaccks? AES DES RC4 3DES
AES
For the purpose of encryption, WiFi Protected Access 3 (WPA3) takes advantage of: (Select 2 answers) AES-GCMP PSK TKIP with RC4 RC4 AES-CCMP SAE
AES-GCMP, AES-CCMP
Which part of the IPsec protocol suite provides authentication and integrity? CRC AH SIEM AES
AH
Which of the following terms refers to a US government initiative for real-time sharing of cyber threat indicators? NVD AIS TTP CVSS
AIS
Which of the acronyms listed below refers to a risk assessment formula defining probable financial loss due to a risk over a one-year period? ARO SLE ALE SLA
ALE
Which of the following answers refers to the correct formula for calculating probable financial loss due to a risk over a one-year period? SLE = AV x EF ALE = ARO x SLE SLE = ALE x AV SLE = AV x EF
ALE = ARO x SLE
Which of hte following enables the exchange of information between computer programs?
API
An estimate based on the historical data of how often a threat would be successful in exploiting a vulnerability is known as: ALE SLA ARO SLE
ARO
In quantitative risk assessment, this term is used for estimating the likelihood of occurrence of a future threat ALE SLA ARO SLE
ARO
An attacker managed to associate his/her MAC address with the IP address of the default gateway. In result, a targeted host is sending network traffic to the attacker's IP address instead of the IP address of the default gateway. Based on the given info, which type of attack is taking place in this scenario? ARP poisoning Replay attack Cross-site request forgery DNS poisoning
ARP poisoning
A type of document stipulating rules of behavior to be followed by users of computers, networks, and associated resources is referred to as: SLA EULA AUP BPA
AUP
What is the PKI role of Registration Authority (RA)? (Select 2 answers) Accepting requests for digital certificates Validating digital certificates Authenticating the entity making the request Providing backup source for cryptographic keys Issuing digital certificates
Accepting requests for digital certificates, Authenticating the entity making the request
Which of the following answers refer to the Rule-Based Access Control (RBAC) model? (Select 2 answers) Access to resources granted or denied depending on Access Control List (ACL) entries Every object has an owner who at his/her own discretion determines what kind of permissions other users can have to that object Implemented in network devices such as firewalls to control inbound and outbound traffic based on filtering rules Every resource has a sensitivity label matching a clearance level assigned to a user, labels and clearance levels can only be applied and changed by an administrator An access control method based on user identity
Access to resources granted or denied depending on Access Control List (ACL) entries, Implemented in network devices such as firewalls to control inbound and outbound traffic based on filtering rules
Which of the physical security control types listed below provides isolation from external computer networks? Air gap Network segmentation Hardware firewall Protected cable distribution
Air gap
Restoring data from an incremental backup requires: (Select 2 answers) Copy of the last incremental backup All copies of differential backups made since the last full backup Copy of the last differential backup All copies of incremental backups made since the last full backup Copy of the last full backup
All copies of incremental backups made since the last full backup Copy of the last full backup
Which of the answers listed below refer to examples of PKI trust models? Single CA model Hierarchical model (root CA + Intermediate CAs) Mesh model (cross-certifying CAs) Web of trust model (all CAs act as root CAs) Client-server mutual authentication model All of the above
All of the above
Which of the following answers can be used to describe the category of managerial security controls? (Select 3 answers) Also known as administrative controls Sometimes referred to as logical security controls Focused on managing risk Executed by computer systems (instead of people) Documented in written policies Focused on the day-to-day procedures of an organization
Also known as administrative controls, Focused on managing risk, Documented in written policies
Which of the following statements can be used to describe the characteristics of an on-path attack? (Select all that apply) An on-path attack is also known as MITM attack In an on-path attack, attackers place themselves on the communication route between two devices In an on-path attack, attackers intercept or modify packets sent between two communicating devices In an on-path attack, attackers do not have access to packets exchanged during the communication between two devices In an on-path attack, attackers generate forged packets and inject them in the network
An on-path attack is also known as MITM attack, In an on-path attack, attackers place themselves on the communication route between two devices, In an on-path attack, attackers intercept or modify packets sent between two communicating devices
The term "Rooting" refers to the capability of gaining administrative access to the operating system and system applications on: Android devices iOS devices Microsoft devices All type of mobile devices
Android devices
What are the characteristics features of Elliptic Curve Cryptography (ECC)? (Select 3 answers) Asymmetric encryption Low processing power requirements Suitable for small wireless devices High processing power requirements Symmetric encryption Not suitable for small wireless devices
Asymmetric encryption, Low processing power requirements, Suitable for small wireless devices
Which of the following answers refers to an open-source forensics platform that allows to examine the contents of a hard drive or mobile device and recover evidene from it? Memdump FTK imager Autopsy Metasploit
Autopsy
Which of the following answers refers to a key document governing the relationship between two business organizations? ISA ALE SLA BPA
BPA
Which of the following answers refers to an STP frame? MTU Jumbo frame BPDU Magic packet
BPDU
Which of the following answers refer to compensating security controls? (Select all that apply) Backup power system Sandboxing Temporary port blocking Fire suppression system Security audits Temporary service disablement
Backup power system, Sandboxing, temporary port blocking, temporary service disablement
Which of the following terms is used to describe a text message containing system information details displayed after connecting to a service on a server?
Banner
The practice of connecting to an open port on a remote host to gather more information about its configuration is known as
Banner grabbing
Which of the following answers describes the features of TOTP? (Select 3 answers) Vulnerable to replay attacks Based on a cryptographic hash function and a secret cryptographic key Valid for multiple login sessions Based on a shared secret key and current time Not vulnerable to replay attacks Valid for only one login session
Based on a shared secret key and current time, Not vulnerable to replay attacks, valid for only one login session
Which cryptographic attack relies on the concepts of probability theory? KPA Brute-force Dictionary Birthday
Birthday
Which of the following terms best describes threat actors whose sole intent behind breaking into a computer system or network is monetary gain? State actors Black hat hackers Criminal syndicates Advanced Persistent Threat (APT)
Black hat hackers
Gaining unauthorized access to a Bluetooth device is referred to as:
Bluesnarfing
What is the function of a C2 server?
Botnet control
A situation in which an application writes to an area of memory it is not supposed ot have access to is referred to as:
Buffer overflow
Penetration testing: (Select all that apply) Bypasses security controls Only identifies lack of security controls Actively tests security controls Exploits vulnerabilities Passively tests security controls
Bypasses security controls, Actively tests security controls, Exploits vulnerabilities
A type of trusted third party that issues digital certificates used for creating digital signatures and public private key pairs is known as: RA IKE CA CSP
CA
Which of the following answers refers to a security policy enforcement software tool or service placed between cloud service users and cloud applications? UTM CASB NGFW DMVPN
CASB
Which of the following answers refers to a cybersecurity control framework for cloud computing? CCM CSA CSF CIS
CCM
Which of the following answers refers to a nonprofit organization focused on developing globally-recognized best practices for securing IT systems and data against cyberattacks? CIS RMF CSA SSAE
CIS
Which of the following answers refers to a U.S. government initiative that provides the details on how to ensure continued performance of essential functions during unexpected events? SLA COOP RPO COPE
COOP
In which of the mobile device deployment models employees can use corporate-owned devices both for work-related tasks and personal use? BYOD COPE VDI CYOD
COPE
Which of the following solutions allow to check whether a digital certificate has been revoked? (Select 2 answers) CIRT CRL OSCP CSR Key escrow
CRL, OSCP
Which of the answers listed below refers to a method for requesting a digital certificate? CBC CSR CFB CRL
CSR
Which of the following answers refer to vulnerability databases? (Select 2 answers) DBA CVE DBaaS NVD AIS
CVE, NVD
An industry standard for assessing the seveirty of computer system security vulnerabilities is known as: SIEM CVSS OSINT SOAR
CVSS
A mobile device deployment model in which employees select devices for work-related tasks from a company-approved device list is known as: VDI CYOD BYOD COPE
CYOD
Which of the following provides physical security measure against laptop theft? Cable lock Trusted Platform Module Geotracking LoJack for Laptops
Cable lock
Which memory type provides a CPU with the fastest access to frequently used data? Secondary storage Flash memory DRAM Cache memory
Cache memory
Which of the following answers refers to an example order of volatility for a typical computer system? Cache memory -> RAM -> Disk files -> Temporary files -> Swap/Pagefile -> Archival media Archival media -> Disk files -> Temporary files -> Swap/Pagefile -> RAM -> Cache memory Cache memory -> RAM -> Swap/Pagefile -> Temporary files -> Disk files -> Archival media Temporary files -> RAM -> Cache memory -> Swap/Pagefile -> Archival media -> Disk files
Cache memory -> RAM -> Swap/Pagefile -> Temporary files -> Disk files -> Archival media
Which of the following answers refers to a security solution that allows administrators to block network access for users until they perform required action? Honeypot Quarantine network Captive portal FIrewall
Captive portal
What is the function of the Linux chmod command? Changes file/directory access permissions Moves or renames files Changes file owner and group permissions COmpares the contents of two files or sets of files
Changes file/directory access permissions
Which of the following terms illustrate the security through obscurity concept? (Select all that apply) Code obfuscation Steganography SSID broadcast suppression Encryption
Code obfuscation, Steganography, SSID broadcast suppression
What is STIX?
Common language for describing cyber/threat information
Which of the following terms best describes threat actors that engage in illegal activities to get the know-how and gain market advantage? Insiders Nation states /APTs Criminal syndicates Competitors
Competitors
Which of the following examples fall into the category of operational security controls? (Select 3 answers) Configuration management Data backups Authentication protocols Awareness programs Vulnerability assessments
Configuration management, Data backups, Awareness programs
Which functionality allows a DLP system to fulfill its role? Biometrics Environmental monitoring Content inspection Loop protection
Content inspection
Which of the following terms refers to a modified mobile device equipped with software features that were not originally designed by the device manufacturer? Jailbreaking Custom firmware Rooting Sideloading
Custom firmware
A network protocol providing an alternative solution to the manual allocation of IP addresses is called: DNS SNMP DAT DHCP
DHCP
A security feature of a network switch that provides countermeasures against rogue DHCP servers is called: DHCP scope DHCP reservation DHCP snooping DHCP relay agent
DHCP snooping
A collection of precompiled functions designed to be used by more than one Microsoft Windows application simultaneously to save system resources is known as
DLL
Which of the following describes an application attack that relies on executing a library of code? Memory leak DLL injection Pointer dereference Buffer overflow
DLL injection
A software or hardware-based security solution designed to detect and prevent unauthorized use and transmission of confidential information outside of the corporate network (data exfiltration) is known as: DEP RADIUS DLP PGP
DLP
Which of the following would prevent using a mobile device for data exfiltration via cable connection? DLP Full device encryption Screen locks COPE
DLP
Remapping a domain name to a rogue IP address is an example of what kind of exploit? DNS poisoning Domain hijacking ARP poisoning URL hijacking
DNS poisoning
A suite of security extensions for an internet service that translates domain names into IP addresses is known as: EDNS DNSSEC Split DNS DDNS
DNSSEC
Replacing password characters in a password field with a series of asterisks is an example of Data masking Tokenization Anonymization Pseudo-anonymization
Data masking
A type of redundant source code producing an output not used anywhere in the application is commonly referred to as Inline code Dead code Code bloat Duplicate code
Dead code
A wireless disassociation attack is a type of: (Select 2 answers) Cryptographic attack Downgrade attack Deauthentication attack Brute-force attack Denial-of-Service (DoS) attack
Deauthentication attack, Denial-of-Service (DoS) attack
Netstat is a command-line utility used for: (Select 2 answers) Displaying active TCP/IP connections Testing the reachability of a remote host Displaying intermediary points on the packet route Viewing the TCP/IP configuration details Displaying network protocol statistics
Displaying active TCP/IP connections, Displaying network protocol statistics
Which of the following factors has the biggest impact on domain reputation? Domain age Missing SSL certificate Derivative content Bounce rate Distribution of spam
Distribution of spam
What are the characteristic features of a transparent proxy? (Select all that apply) Doesn't require client-side configuration Modifies client's requests and responses Redirects client's requests and responses without modifying them Clients might be unaware of the proxy service Requires client-side configuration
Doesn't require client-side configuration, Redirects client's requests and responses without modifying them, Clients might be unaware of the proxy service
SSL stripping is an example of: (Select 2 answers) Brute-force attack Downgrade attack Watering hole attack On-path attack Denial-of-Service (DOS) attack
Downgrade attack, On-path attack
Which of the following would add power redundancy on a server box? Standby UPS Backup generator Managed PDU Dual-power supply
Dual-power supply
The process of searching, collecting, and securing electronic data with the intent of using it in a legal proceeding or investigation is known as: OSINT E-discovery White-hat hacking Active reconnaissance
E-discovery
Which cryptographic solution would be best suited for low-power devices? ECC EFS SED FDE
ECC
Which of the following answers refers to an endpoint security solution that provides the capability for detection, analysis, response, and real-time monitoring of cyber threats? SWG CASB EDR NGFW
EDR
Which of the terms listed below refer to a product/service that no longer receives continuing support? (Select 2 answers) ETL SDLC EOL EOF ERP EOSL
EOL, EOSL
Which part of IPsec provides authentication, integrity, and confidentiality? AES SHA AH ESP
ESP
POP3 is used for: Name resolution Sending email messages File exchange Email retrieval
Email retrieval
What are the characteristic features of the Distinguished Encoding Rules (DER) digital certificate format? (Select 3 answers) Encoded in binary format Generally used for Microsoft windows servers .der and .cer file extensions Encoded in text (ASCII Base64) format Generally used for Java servers .perm, .crt, .cer and .key file extensions
Encoded in binary format, .der and .cer file extensions, Generally used for Java servers
Which of the following answers refer to the Privacy Enhanced Email (PEM) digital certificate format? (Select 3 answers) Encoded in binary format .pfx and .p12 file extensions Generally used for Java servers Encoded in text (ASCII Base64) format .pem, .crt, .cer and .key file extensions Generally used for Apache servers or similar configurations
Encoded in text (ASCII Base64) .pem, .crt, .cer and .key file extensions Generally used for Apache servers or similar configurations
Which of the following terms applies to the concept of confidentiality? Hashing Encryption Security through obscurity MFS Digital certificate
Encryption
Which of the answers listed below refer to examples of technical security controls? (Select 3 answers) Security audits Encryption protocols Organizational security policy Configuration management Firewall ACLs Authentication protocols
Encryption protocols, Firewall ACLs, Authentication protocols
What are the characteristics of TACACS+? (Select 3 answers) Encrypts only the password in the access-request packet Combines authentication and authorization Encrypts the entire payload of the access-request packet Primarily used for device administration Separates authentication and authorization Primarily used for network access
Encrypts the entire payload of the access-request packet Primarily used for device administration Separates authentication and authorization
Which of the following answers can be used to describe characteristics of a cross-site scripting attack? (Select 3 answers) Exploits the trust a user's web browser has in a website A malicious script is injected into a trusted website User's browser executes attacker's script Exploits the trust a website has in the user's web browser A user is tricked by an attacker into submitting unauthorized web requests Website executes attacker's requests
Exploits the trust a user's web browser has in a website, A malicious script is injected into a trusted website, User's browser executes attacker's script
Which of the following answers can be used to describe characteristics of a cross-site request forgery attack? (Select 3 answers) Exploits the trust a website has in the user's web browser A user is tricked by an attacker into submitting unauthorized web requests Website executes attacker's requests Exploits the trust a user's web browser has in a website A malicious script is injected into a trusted website User's browser executes attacker's script
Exploits the trust a website has in the user's web browser, A user is tricked by an attacker into submitting unauthorized web requests, Website executes attacker's requests
Which of the following answers refers to a rule-based access control mechanism associated with files and/or directories? EFS FACL FIM NTFS
FACL
A software technology designed to provide confidentiality for an entire data storage device is known as: AES FDE EFS HSM
FDE
A measure of the likelihood that a biometric security system will incorrectly reject an access attempt by an authorized user is referred to as: FAR CER CRC FRR
FRR
Which of the following answers refers to a tool for creating forensic images of computer data? diskpart FTK Imager fsutil Autopsy
FTK Imager
Which of the following protocols allow(s) for secure file transfer? (Select all that apply) FTPS TFTP FTP SFTP
FTPS, SFTP
A dynamic code analysis allows for detecting application flaws without the need for actual execution of the application code
False
A situation where a cryptographic hash function produces two different digests for the same data input is referred to as a hash collision.
False
Code obfuscation techniques rely on encryption to protect the source code against unauthorized access
False
Examples of techniques used for encrypting information include symmetric encryption (also called public-key encryption) and asymmetric encryption (also called secret-key encryption, or session-key encryption)
False
FTPS is an extension to the Secure Shell (SSH) protocol and runs by default on port number 22.
False
High MTBF value indicates that a component or system provides low reliability and is more likely to fail.
False
In a differential backup strategy, restoring data from backup requires only a working copy of the last full backup.
False
In cybersecurity exercises, purple team combines the roles of all other teams (i.e. red, blue, and white)
False
In penetration testing, passive reconnaissance relies on gathering information on the targeted system with the use of various non-invasive software tools and techniques, such as pinging, port scanning, or OS fingerprinting
False
In the context of IT security, the term "Data minimization" refers to the process of removing all unnecessary characters from the source code to make it less intelligible for humans and faster to process by machines:
False
Secure File Transfer Protocol (SFTP) is an extension to the FTP protocol that adds support for the Transport Layer Security (TLS) and the Secure Sockets Layer (SSL) cryptographic protocols
False
Stateless inspection is a firewall technology that keeps track of the state of network connections and based on that data determines which network packets to allow through the firewall.
False
The term "DHCP snooping" refers to an exploit that enables operation of a rogue DHCP network server.
False
The term "Non-repudiation" describes the inability to deny responsibility for performing a specific action. In the context of data security, non-repudiation ensures data confidentiality, provides the proof of data integrity, and proof of data origin.
False
The term "Static code analysis" refers to the process of discovering application run-time errors
False
An authentication subsystem in which a single set of authentication credentials provides access to multiple systems across different organizations is called AAA framework Multi-factor authentication Group-based access control Federation
Federation
Which type of malware resides only in RAM? Rootkit Fileless virus Backdoor Logic bomb
Fileless virus
Which of the following answers can be used to describe the category of operational security controls (Select 3 answers) Also known as administrative controls Focused on the day-to-day procedures of an organization Executed by computer systems (instead of people) Used to ensure that the equipment continues to work as specified Focused on managing risk Primarily implemented and executed by people (as opposed to systems)
Focused on the day-to-day procedures of an organization, Used to ensure that the equipment continues to work as specified, Primarily implemented and executed by people (as opposed to systems)
Which of the following passwords is the moste complex? T$7C52WL4SU GdL3tU8wxYz @TxBL$nW@Xt G$L3tU8wY@z
G$L3tU8wY@z
Which of the block cipher modes listed below provides both data integrity and confidentiality? CBC GCM ECB CTR
GCM
Which of the following regulates personal data privacy of the European Union (EU) citizens? PHI HIPAA PCI DSS GDPR
GDPR
A mobile device's built-in functionality enabling the usage of locator applications is called: WPS GSM IMEI GPS
GPS
A person who breaks into a computer network or system for a politically or socially motivated purpose is usually described as a(n) Insider Gray hat hacker Hacktivist State actor
Hacktivist
Example of MFA attributes include (Select all that apply) USB token Retina scan Handwritten signature Gait analysis GPS reading PIN Chain of trust
Handwritten signature Gait analysis GPS reading Chain of trust
Which firewall would provide the best protection for an ingress / egress point of a corporate network? (Select 2 answers) Hardware firewall Network-based firewall Software firewall Host-based firewall
Hardware firewall Network-based firewall
Which of the following refers to the contents of a rainbow table entry? Hash/Password IP address/Domain name Username/Password Account name/Hash
Hash/Password
Which of the following terms applies to the concept of data integrity? MFA Digital certificate Hashing Security through obscurity Encryption
Hashing
Which of the following can be used to validate the origin (provenance) of digital evidence? (Select 2 answers) Hashing Tokenization Salting Metadata examination Checksums
Hashing, Checksums
An administrator needs to adjust the placement of multiple Access Points (APs) to ensure the best wireless signal coverage for the network. Which of the following would be of help while identifying areas of low signal strength? Heat map Power level controls Logical network diagram WiFi hotspots
Heat map
A NIDS/NIPS that detects intrusions by comparing network traffic against the previously established baseline can be classified as: (Select all that apply) Heuristic Anomaly-based Behavioral Signature-based
Heuristic Anomaly-based Behavioral
Which of the following enables processing data in an encrypted form? Diffusion Homomorphic encryption Obfuscation Hashing
Homomorphic encryption
Which of the following is a common firewall type used for protecting a single computer? (Select 2 answers) Host-based firewall Software firewall Network-based firewall Hardware firewall
Host-based firewall, Software firewall
Which of the following examples do not fall into the category of physical security controls (Select 3 answers) Lighting Warning signs Sensors IDS/IPS Security cameras Alarms Encryption protocols Fences/bollards/barricades Security guards Firewall ACLs Access control vestibules Door locks / cable locks
IDS/IPS, Encryption protcols, Firewall ACLs
Which of the following answers refers to an IEEE standard that can be implemented in a situation where an Ethernet switch acts as an authenticator for devices that intend to connect to a network through one of its ports? IEEE 802.1X IEEE 802.11ac IEEE 802.111D IEEE 802.11x
IEEE 802.1X
An IETF specification that defines how IP flow information is to be formatted and transferred from an exporter to a collector is called: NetFlow IPFIX sFlow NXLog
IPFIX
Which of the answers listed below refer to examples of corrective security controls? (Select all that apply) IPS Security guards Backups and system recovery Log monitoring Alternate site Fire suppression system
IPS, backups and system recovery, Alternate site, Fire suppression system
Examples of protocols used for implementing secure VPN tunnels include: (Select all that apply) bcrypt IPsec SRTP TLS L2TP
IPsec, TLS, L2TP
Which of the answers listed below refers to a short distance, line-of-sight technology used for example in home remote controls? NFC Bluetooth IR Zigbee
IR
Which of the following terms refers to a group of experts designated to handle a natural disaster or an interruption of business operations? IETF CSIRT IRT IRTF
IRT
Which of the following answers refers to an ISO/IEC standard providing code of practice for information security controls? ISO/IEC 27001 ISO/IEC 27002 ISO/IEC 27701 ISO/IEC 27701
ISO/IEC 27002
An extension to the ISO/IEC 27001 standard that focuses on privacy data management is called: ISO/IEC 27002 ISO/IEC 27701 ISO/IEC 27702 ISO/IEC 31000
ISO/IEC 27702
Which of the following answers refers to a family of standards providing principles and guidelines for risk management? ISO/IEC 27001 ISO/IEC 27002 ISO/IEC 27701 ISO/IEC 31000
ISO/IEC 31000
Which of the following answers refers to a cloud computing service model in which clients, instead of buying all the hardware and software, purchase computing resources as an outsourced service from suppliers who own and maintain all the necessary equipment and software? SaaS XaaS PaaS IaaS
IaaS
Which of the following answers refers to a trusted third-party service for validating user identity in a federated identity system? RA IdP CA Kerberos
IdP
Which of the following statements are not true? (Select 2 answers) Risk awareness is the acknowledgement of risk existence Control risk is the risk caused by improper implementation of security controls Risk appetite is the amount of risk an organization is willing to take in pursuit of its goals Inherent risk is the remaining risk after implementing controls Residual risk is the original level of risk that exist before implementing any controls
Inherent risk is the remaining risk after implementing controls, Residual risk is the original level of risk that exist before implementing any controls
Which programming aspects are critical for secure application development process? (Select 2 answers) Patch management Input validation Password protection Error and exception handling Application whitelisting
Input invalidation, Error and exception handling
Digital signatures provide: (Select 3 answers) Integrity Authentication Confidentiality Authorization Non-repudiation Accounting
Integrity, Authentication, Non-repudiation
A type of forensic evidence that can be used to detect unauthorized access attempts to other malicious activities is called: CVE IoC AIS OSINT
IoC
A type of hardened server used as a secure gateway for remote administration of devices placed in a different security zone is known as: C2 server Jump server UC server Proxy server
Jump server
Which of the following servers would be best suited to act as an intermediary between an intranet and a screened subnet? UC server Proxy server C2 server Jump server
Jump server
During a password reminder procedure the system asks security question that covers personal details that should be known only to the user (e.g. user's favorite holiday destination). This type of authentication method is an example of SAE KBA IdP PII
KBA
Which of the following are examples of hardware authentication tokens? (Select 3 answers) Key fob Cable lock Passphrase Biometric reader RFID badge Smart card
Key fob, RFID badge, Smart card
Which of the following answers refers to the concept of non-persistence? (Select 3 answers) Last known-good configuration System image Live boot media Journaling Known state reversion
Last known-good configuration, Live boot media, Known state reversion
Which of the answers listed below refers to a type of removable storage media that contains a portable, non-persistent OS?
Live boot media
Which of the following answers refer to examples of detective security controls (Select all that apply) Lighting Log monitoring Sandboxing Security audits CCTV IDS
Log monitoring, Security audits, CCTV, IDS
Which of the following fall(s) into the category of Layer 2 attacks? (Select all that apply) MAC cloning ARP poisoning MAC flooding DNS poisoning MAC spoofing
MAC cloning ARP poisoning MAC flooding MAC spoofing
Which of the following answers refers to a dedicated mobile app management software? UEM MAM RCS MDM
MAM
Which of the following terms applies to the authentication process? Digital certificate MFA Encryption Security through obscurity Hashing
MFA
Which of the following answers refer to an office equipment that combines the functionality of multiple devices (Select 2 answers) MFD IoT MFP PED MFA
MFD, MFP
A globally accessible knowledge base of Adversary Tactics, Techniques, and Procedures (TTPs) based on observations from real-world attacks is known as MITRE ATT&CK The Diamond Model of Intrusion Analysis Cyber Kill Chain
MITRE ATT&CK
Which of the following answers refer to a general document established between two or more parties to define their respective responsibilities and expectations in accomplishing a particular goal or mission? (Select 2 answers) SLA MOU SOW MOA ISA
MOU, MOA
A type of agreement that specifies generic terms to simplify the negotiation of future contracts between the signing parties is called: MOU SLA MSA SOW
MSA
Which of the following would be the best solution for a company that needs IT services that lacks any IT personnel? MSA MaaS MSP MSSP
MSP
Which of the following terms refers to a third-party vendor offering IT security management services? (Select best answer) MSP MaaS MSA MSSP
MSSP
Which of the following terms is used to describe an average time required to repair a failed component or device? MTBF RPO MTTR SLA
MTTR
Which of the following answers refers to a sequential-access backup media? Magnetic tapes Disk drives Optical discs Flash media
Magnetic tapes
Which of the following forensic utilities enables the extraction of RAM contents? Memdump Wirehex FTK Imager Autopsy
Memdump
A nontransparent proxy: (Select 2 answers) Modifies client's requests and responses Doesn't require client-side configuration Requires client-side configuration Redirects client's requests and responses without modifying them
Modifies client's requests and responses, Requires client-side configuration
A solution that alleviates the problem of depleting IPv4 address space by allowing multiple hosts on the same private LAN to share a single public IP address is known as: DNS APIPA NAT DHCP
NAT
A very short-range communication method where a wireless signal is sent between two devices that are touching or nearly touching each other is a characteristic feature of: RFID NFC Infrared(IR) Bluetooth
NFC
What is the name of a technology used for contactless payment transactions? NFC SDN PED WAP
NFC
Which of the following answers refers to a firewall type that improves upon first- and second- generation firewalls by offering additional features, such as more in-depth inspection of network traffic and application-level inspection? IDS Packet filter NGFW Stateful firewall
NGFW
The process of combining multiple physical network adapters into a single logical interface for increased throughput and redundancy is called: Device pairing Multipath I/O Route aggregation NIC teaming
NIC teaming
Which protocol ensures the reliability of the Kerberos authentication process? EAP NTP IPsec RTP
NTP
Which of the following is a cross-platform log-managing tool? Netflow rsyslog NXLog sFlow syslog-ng
NXLog
Which of the following tools offers the functionality of a configuration compliance scanner? Zenmap Roo Nessus DBAN
Nessus
Which of the following is a Cisco-designed IP traffic collection method that by default does not offer packet sampling? IPFIX NetFlow NXLog sFlow
NetFlow
Which of the following answers refer(s) to wireless threat vector(s)? (Select all that apply) Network protocol vulnerabilities (WEP/WPA) Rogue AP/ Evil twin Default security configurations Malicious email attachments Vulnerabilities in network security standards (WPS)
Network protocol vulnerabilities (WEP/WPA), Rogue AP / Evil twin, Default security configurations, Vulnerabilties in network security standards (WPS)
What is the most common form of a DDoS attack?
Network-based
In a round-robin load balancing method, each consecutive request is handled by: (Select best answer) FIrst server in a cluster Next server in a cluster Least utilized server in a cluster Last server in a cluster
Next server in a cluster
What is the fastest way for checking the validity of a digital certificate? CRL Key escrow OSCP CSR
OSCP
Which type of DDoS attack targets industrial equipment and infrastructure? IoT ATT&CK OT IoC
OT
Mobile device updates delivered over a wireless connection are known as: WAP UAV OTA RAS
OTA
Which technology enables establishing direct communication links between two USB devices? VDE GRE OTG DHE
OTG
Which of the following answers refer to IMAP? (Select 2 answers) Offers improved functionality in comparison to POP3 Serves the same function as POP3 Enables sending email messages from client devices Offers less functions than POP3 Enables email exchange between mail servers
Offers improved functionality in comparison to POP3, Serves the same function as POP3
Which of the following answers refers to a common antenna type used as a standard equipment on most Access Points (APs) for indoor Wireless Local Area Network (WLAN) deployments? Omnidirectional antenna Dish antenna Unidirectional antenna Yagi antenna
Omnidirectional antenna
Which wireless antenna type provides a 360-degree horizontal signal coverage? Dish antenna Unidirectional antenna Yagi antenna Omnidirectional antenna
Omnidirectional antenna
A security solution that provides control over elevated (i.e. administrative type) accounts is known as: MAC PAM ICS FACL
PAM
Which of the following answers refers to a solution designed to strengthen the security of session keys? ECB PFS EFS PFX
PFS
The US Health Insurance Portability and Accountability Act (HIPAA) provides privacy protection for: (Select best answer) PII ESN PHI PIV
PHI
Which of the following acronyms refers to any type of information pertaining to an individual that can be used to uniquely identify that person? PHI Biometrics PII PKI
PII
Which of the following fall into the category of MFA factors? (Select 3 answers) GPS reading Handwritten signature PIN Chain of trust USB token Gait analysis Retina scan
PIN, USB token, Retina scan
Which of the following answers refers to a hierarchical system for the creation, management, storage, distribution, and revocation of digital certificates? Web of trust PKI IaaS CA
PKI
Which of the following answers refers to a deprecated method for implementing Virtual Private Networks (VPNs)? GRE PPTP OpenVPN SSTP
PPTP
Which of the following acronyms refers to a client authorization method used in WPA2 Personal mode? AES RC4 IKE PSK SAE
PSK
Which cloud service model would provide the best solution for a web developer intending to create a web app? XaaS SaaS PaaS IaaS
PaaS
Which of the following can be used as an extension of RAM? (Select 2 answers) Pagefile Extended partition Swap partition Primary storage Archive file
Pagefile, Swap partition
A security administrator configured a NIDS to receive traffic from network switch via port mirroring. Which of the following terms can be used to describe the operation mode of the NIDS? (Select 2 answers) In-band Passive Inline Out-of-band
Passive, Out-of-band
URL redirection is a characteristic feature of: Pharming Directory traversal attacks On-path attacks Typosquatting
Pharming
Which of the following answers refer(s) to the characteristic feature(s) of Faraday cage? (Select all that apply) Physical security control type Provides protection against RFI Technical security control type Provides protection against EMI Administrative security control type
Physical security control type, Provides protection against RFI, provides protection against EMI
Which of the following allows an administrator to inspect traffic passing through a network switch? VLAN tagging Port mirroring Fault-tolerant mode Port scanner
Port mirroring
802.1X is an IEEE standard for implementing: VLAN tagging Token ring networks Port-based NAC Wireless networks
Port-based NAC
According to predictions, the most future-proof cryptographic solution should be: Quantum cryptography Symmetric-key cryptography Post-quantum cryptography Asymmetric-key cryptography Public-key cryptography
Post-quantum cryptography
Which of the following is used in data URL phishing? Prepending Typosquatting Pretexting Domain hijacking
Prepending (prepending refers to when an attacker prepends, or attaches, a trustworthy value like "RE:" or "MAILSAFE: PASSED" to a message in order to make the message appear more trustworthy. You would do URL phishing in an email or some form of communication. Typosquatting refers to registering slightly misspelled domains of company url's, pretexting is a social engineering technique that abuses a user's trust in a familiar situation, and domain hijacking is when registration of a domain name is transferred away from the rightful owner)
What are the characteristic features of RADIUS? (Select 3 answers) Primarily used for network access Encrypts the entire payload of the access-request packet Combines authentication and authorization Encrypts only the password in the access-request packet Primarily used for device administration Separates authentication and authorization
Primarily used for network access Combines authentication and authorization Encrypts only the password in the access-request packet
A type of contactless smart card that can be read at a close range from a reader device is commonly referred to as: MicroSD card Common Access Card (CAC) Proximity card Personal Identity Verification (PIV) card
Proximity card
What type of preventive physical access controls would provide a basic means for securing a door access? (Select 2 answers) Air gap Proximity card reader CCTV Industrial camouflage Smart card reader
Proximity card reader, Smart card reader
What is the name of a cloud computing deployment model in which the cloud infrastructure is provisioned for open use by the general public? Hybrid cloud Private cloud Community cloud Public cloud
Public cloud
Assessment of risk probability and its impact based on subjective judgement falls into the category of: Risk acceptance Quantitative risk assessment Risk transference Qualitative risk assessment
Qualitative risk assessment
Which of the following solutions is used for controlling network resources and assigning priority to different types of traffic? Measured service Acceptable Use Policy (AUP) Fair access policy Quality of Service (QoS)
Quality of Service (QoS)
A calculation of the Single Loss Expectancy (SLE) is an example of: Quantitative risk assessment Risk deterrence Qualitative risk assessment Risk acceptance
Quantitative risk assessment
Which of the following RAID levels does not offer fault tolerance?
RAID 0
Which of the solutions listed below add(s) redundancy in areas identified as single points of failure (Select all that apply) RAID Dual-power supply Virtualization Failover clustering Load balancing
RAID, Dual-power supply, Fallover clustering, Load balancing
Which type of Trojan enables unauthorized remote access to a compromised system? pcap RAT MaaS pfSense
RAT
Group-based access control in MS Windows environments is an example of: RBAC DAC ABAC MAC
RBAC
Which of the following answers refers to a technology designated as a successor to SMS and MMS? RCS S/MIME IM CMS
RCS
Which of the following answers refer(s) to (an) example(s) of physical authentication token(s)? (Select all that apply) RFID badge Password key Password vault Key fob Smart card
RFID badge, Password key, Key fob, Smart card
A mandatory IT security and risk management framework for U.S. federal government developed by NIST is known as: SSAE CSF RMF CSA
RMF
Which of the algorithms listed below does not belong to the category of symmetric ciphers? RC4 DES RSA AES BLowfish 3DES Twofish
RSA
Which of the acronyms listed below refers to a maximum tolerable period of time required for restoring business functions after a failure or disaster? SLA RTO AUP RPO
RTO
A type of OS characterized by low delay between the execution of tasks required in specific applications such as in military missile guidance systems or in automotive braking systems, is known: UNIX Windows NT POSIX RTOS
RTOS
A malfunction in a preprogrammed sequential access to a shared resource is described as:
Race condition
Examples of embedded systems include: (Select all that apply) Android OS Raspberry PI iOS Arduino Field Programmable Gate Array (FPGA) Mainframe computer system
Raspberry Pi, Arduino, Field Programmable Gate Array (FPGA)
The practice of modifying an application's code without changing its external behavior is referred to as:
Refactoring
Which of the following terms refer to software/hardware driver manipulation techniques (Select 2 answers) Prepending Fuzz testing Refactoring Shimming Sideloading
Refactoring, Shimming
Which VPN type is used for connecting computers to a network? (Select all that apply) Remote access Intranet-based Client-to-site Site-to-site Extranet-based
Remote access, Client-to-site
Hardware RAID Level 0: (Select all that apply) Requires a minimum of 2 drives to implement Is also known as disk striping Decreases reliability (failure of any disk in the array destroys the entire array) Is also referred to as disk mirroring Offers less volume capacity in comparison to RAID 1 Requires at least 3 drives to implement Is suitable for systems where performance has higher priority than fault tolerance Offers improved reliability by creating identical data sets on each drive (failure of one drive does not destroy the array as each drive contains identical copy of the data)
Requires a minimum of 2 drives to implement Is also known as disk striping Decreases reliability (failure of any disk in the array destroys the entire array)
Hardware RAID Level 10 (a.k.a. RAID 1+0): (Select 3 answers) Requires a minimum of 4 drives to implement Is referred to as stripe of mirrors, i.e. a combination of RAID 1 (disk mirroring) and RAID 0 (disk striping) Requires a minimum of 5 drives to implement Offers increased performance and fault tolerance (failure of one drive in each mirrored pair of disk drives does not destroy the array) Requires a minimum of 3 drives to implement Continues to operate in case of failure of more than 2 drives
Requires a minimum of 4 drives to implement, Is referred to as stripe of mirrors, i.e. a combination of RAID 1 (disk morroring) and RAID 0 (disk striping), Offers increased performance and fault tolerance (failure of one drive in each mirrored pair of disk drives does not destroy the array)
Hardware RAID level 1: (Select 3 answers) Requires at least 2 drives to implement Is also known as disk striping Offers improved performance in comparison to RAID 0 Requires at least 3 drives to implement Offers improved reliability by creating identical data sets on each drive (failure of one drive does not destroy the array as each drive contains identical copy of the data) Is also referred to as disk mirroring
Requires at least 2 drives to implement, Offers improved reliability by creating identical data sets on each drive contains identical copy of the data) Is also referred to as disk mirroring
Hardware RAID Level 5: (Select 2 answers) Requires at least 2 drives to implement Continues to operate in case of failure of more than 1 drive Requires at least 3 drives to implement Offers increased performance and fault tolerance (single drive failure does not destroy the array and lost data can be re-created by the remaining drives) Requires at least 4 drives to implement
Requires at least 3 drives to implement, Offers increased performance and fault tolerance (single drive failure does not destroy the array and lost data can be re-created by the remaining drives)
Which of the following answers refer to an assessment tool used for prioritizing the severity of different risks? (Select 2 answers) Risk register Quantitative risk assessment Risk heat map Disaster Recovery Plan (DRP) Risk matrix
Risk heat map, Risk matrix
Which of the following answers refers to a document containing detailed information on potential cybersecurity risks? Risk register Risk heat map Risk matrix Risk repository
Risk register
Cybersecurity insurance is an example of which risk management strategy? Risk avoidance Risk deterrence Risk transferrence Risk acceptance
Risk transference
A collection of software tools used by a hacker to mask intrusion and obtain administrator-level access to a computer or computer network is known as a:
Rootkit
An access control model in which access to resources is granted or denied depending on the contents of Access Control List (ACL) entries is called: Role-Based Access Control Mandatory Access Control Rule-Based Access Control Lattice-Based Access Control
Rule-Based Access Control
Which of the following acronyms refers to a client authentication method used in WPA3 Personal mode? SAE IKE RC4 PSK AES
SAE
Which of the answers listed below refers to an XML-based markup language for exchanging authentication and authorization data? SAML OpenID Connect Shibboleth OAuth
SAML
Which of the following answers refer to software technologies designed to simplify network infrastructure management? (Select 2 answers) SDP SSP SDV SEH SDN
SDV, SDN
Which of the following answers refers to a data storage device equipped with hardware-level encryption functionality? SSP SEH SDN SED
SED
A security solution designed to detect anomalies in the log and event data collected from multiple network devices is called SNMP PCAP HPS SIEM
SIEM
A correlation engine used for processing various types of log data into an actionable information is a feature of: REST API SIEM dashboard Syslog server SOAR
SIEM dashboard
Which of the following answers refers to a protocol used for managing real-time session that include voice, video, application sharing, or instant messaging services? L2TP BGP RSTP SIP
SIP
An agreement between a service provider and users defining the nature, availability, quality, and scope of the service to be provided is known as: SOW MSA SLA MOU
SLA
Which of the following terms refers to an agreement that specifies performance requirements for a vendor? MSA SLA MOU SOW
SLA
Which term describes the predicted loss of value to an asset based on a single security incident? SLE ARO ALE SLA
SLE
Which of the answers listed below refers to a deprecated TLS-based method for securing SMTP IMAPS STARTTLS POP3S SMTPS
SMTPS
Which version(s) of the SNMP protocol offer(s) authentication based on community strings sent in an unencrypted form? (Select all that apply) SNMPv1 SNMPv2 SNMPv3 SNMPv4
SNMPv1, SNMPv2
Which of the following tools enables automated response to security incidents? NIDS SOAR HIDS SIEM
SOAR
Which protocol enables secure, real-time delivery of audio and video over an IP network? S/MIME RTP SIP SRTP
SRTP
Which type of exploit allows an attacker to take control over a server and use it as a proxy for unauthorized actions?
SSRF
Which of the following answers refers to a deprecated encryption protocol? SSH TLS S/MIME SSL IPsec PGP
SSl
Which of the following protocols provide protection against broadcast storms and switching loops? (Select 2 answers) RPT SRTP RDP STP RSTP
STP, RSTP
A cloud computing service model offering remote access to applications based on monthly or annual subscription fee is called PaaS SaaS IaaS XaaS
SaaS
Which of the following answers to a type of additional input that increases password complexity and provides better protection against brute-force, dictionary, and rainbow table attacks? Seed IV Salt Shim
Salt
Which of the following provide randomization during encryption process? (Select 2 answers) Salting Rainbow tables Obfuscation Initialization Vector (IV) Shimming
Salting Initialization Vector (IV)
What are the countermeasures against VM escape? (Select 2 answers) Group policy Sandboxing User training Patch management Asset documentation
Sandboxing, Patch management
A lightly protected subnet (previously known as a DMZ) consisting of publicly available servers placed on the outside of the company's firewall is called:
Screened subnet
What are the characteristic features of the secure version of IMAP? (Select all that apply) TCP port 143 Secure Sockets Layer (SSL) TCP port 993 Transport Layer Security (TLS) TCP port 995
Secure Sockets Layer (SSL), TCP port 993, Transport Layer Security (TLS)
Which of the following answers refer(s) to POP3S encrypted communication? (Select all that apply) TCP port 993 Secure Sockets Layer (SSL) TCP port 995 Transport Layer Security (TLS) TCP port 110
Secure Sockets Layer (SSL), TCP port 995, Transport Layer Security (TLS)
LDAPS is an example of: Authentication protocol Secure directory access protocol Address resolution protocol File exchange protocol
Secure directory access protocol
What are the examples of preventive security controls? (Select 3 answers) Security guards Fire suppression system System hardening Login banners CCTV Separation of duties
Security guards, System hardening, Separation of duties
Which of the answers listed below refers to a concept of having more than one person required to complete a given task? Job rotation Role-Based Access Control (RBAC) Multitasking Separation of duties
Separation of duties
A type of encryption scheme where the same key is used to encrypt and decrypt data is referred to as: (Select 3 answers) Session-key encryption Public-key encryption Symmetric encryption Asymmetric encryption Secret-key encryption
Session-key encryption Public-key encryption Symmetric encryption Asymmetric encryption Secret-key encryption
Which of the following alters the external behavior of an application and at the same time does not introduce any changes to the application's code? Shimming Refactoring API call Sideloading
Shimming
Allowing "Unknown Sources" in Android Security Settings enables: Rooting Carrier unlocking Sideloading Jailbreaking
Sideloading
Installing mobile apps from websites and app stores other than the official marketplaces is referred to as: Jailbreaking Rooting Sideloading Carrier unlocking
Sideloading
Which of the following answers does not refer to an email communication threat vector? Skimming Malicious attachment Social engineering Malicious URL Phishing
Skimming
Which of the following answers refers to an example implementation of certificate-based authentication? Smart card ID badge PIN code Biometric lock
Smart card
Which of the following devices best illustrates the concept of edge computing? Router Smartwatch Thin client Server
Smartwatch
Which of the following answers refer to smishing? (Select 2 answers) Social engineering technique Email communication Spam over Internet Telephony Text messaging Spam over Internet Messaging (SPIM)
Social engineering technique, Text messaging (Smishing is a form of social engineering that uses text messages (SMS) to trick people into revealing sensitive information or downloading malware, aka SMS phishing)
Which of the following answers can be used to describe the category of technical security controls (Select 3 answers) Focused on managing risk Sometimes called logical security controls Executed by computer systems (instead of people) Also known as administrative controls Implemented with technology Primarily implemented and executed by people (as opposed to systems)
Sometimes called logical security controls, Executed by computer systems (instead of people), Implemented with technology
A short list of commonly used passwords tried against large number of user accounts is a characteristic feature of a: Replay attack Dictionary attack Spraying attack Birthday attack
Spraying attack
Which of the terms listed below refers to the dynamic packet filtering concept? Port mirroring Stateful inspection Out-of-band management Stateless inspection
Stateful inspection
Which of the following terms refers to an automated or manual code review process aimed at discovering logic and syntax errors in the application's source code? Input validation Dynamic code analysis Fuzzing Static code analysis
Static code analysis
What are the countermeasures against SQL injection attacks? (Select 2 answers) Code obfuscation Database normalization Stored procedures Code signing Input validation
Stored procedures, Input validation
What are the characteristic features of WPA2/WPA3 Enterprise mode? (Select 3 answers) Suitable for large corporate networks IEEE 802.1D Does not require an authentication server IEEE 802.1X Suitable for all types of wireless LANs Requires RADIUS authentication server
Suitable for large corporate networks, IEEE 802.1X, Requires RADIUS authentication server
A type of file that an OS uses to hold parts of programs and data files that cannot be stored in RAM due to insufficient memory space is called: (Select 2 answers) Swap file Temporary file Pagefile Signature file Archive file
Swap file, Pagefile
Which of the following terms refers to an embedded cryptoprocessor that can be found on the motherboards of newer PCs and laptops? CFB AHCI UEFI TPM
TPM
Which of the following answers list examples of hardware root of trust? (Select 2 answers) EFS TPM SED HSM FDE
TPM, HSM
Which of the following describes the behavior of a threat actor? PII TTPs IPS MaaS
TTPs
Which of the following answers refers to a Command-Line Interface (CLI) packet-crafting tool? tcpdump theHarvester Tcpreplay WireShark
Tcpreplay
Which of the following tools enables sending custom packets that can be used to evaluate the security of a network device? WireShark Tcpreplay tcpdump theHarvester
Tcpreplay
A mobile device's capability to share its internet connection with other devices is referred to as: Pairing Clustering Tethering Bonding
Tethering
Which of the following answers refers to a methodology framework for intrusion analysis developed by U.S. government intelligence community? MITRE ATT&CK The Diamond Model of Intrusion Analysis Cyber Kill Chain
The Diamond Model of Intrusion Analysis
Which of the following terms refers to a vulnerability caused by race conditions? Mean time to failure Replay attack Mean time between failures Time-of-check to time-of-use
Time-of-check to time-of-use
Which of the following security solutions can be used to protect database contents? (Select all that apply) Fuzzing Tokenization Salting Normalization Hashing
Tokenization Salting Hashing
Which part of the IPsec modes provides entire packet encryption? Tunnel Payload Transport Default
Tunnel
Examples of key stretching algorithms include: (Select 2 answers) ROT13, Twofish, Bcrypt, DSA, PBKDF2
Twofish, Bcrypt, PBKDF2
Which of the following answers refers to a software tool that provides a single management interface for mobile devices, PCs, printers, IoT devices and wearables? MDM RCS UEM MAM
UEM
What is the name of a device that can provide short-term emergency power during an unexpected main power source outage? UPS PoE SVC PSU
UPS
Examples of application software designed to selectively block access to websites include: (Select 2 answers) URL filter Captive portal FIrewall Content filter Proxy server
URL filter, Content filter
Which of the following physical security controls can be implemented as DLP solution? USB data blocker Visitor logs CCTV Motion detection
USB data blocker
An attacker impersonates a company's managing staff member to manipulate a lower rank employee into disclosing confidential data. The attacker informs the victim that the information is essential for a task that needs to be completed within the business hours on the same day and mentions potential financial losses for the company in case the victim refuses to comply. Which social engineering principles apply to this attack scenario? (Select 3 answer) Urgency Familiarity Authority Consensus Intimidation Scarcity
Urgency, Authority, Intimidation
Which of the following security measures can be used to prevent VM sprawl? (Select 2 answers) Patch management Usage audit Physical security controls Sandboxing Asset documentation
Usage audit Asset documentation
Which of the following answers list the characteristic features of the Mandatory Access Control (MAC) model? (Select 3 answers) Users are not allowed to change access policies at their own discretion Labels and clearance levels can only be applied and changed by an administrator Every object has an owner who at his/her own discretion determines what kind of permissions other users can have to that object Access to resources based on user identity Every resource has a sensitivity label matching a clearance level assigned to a user
Users are not allowed to change access policies at their own discretion, Labels and clearance levels can only be applied and changed by an administrator, Every resource has a sensitivity label matching a clearance level assigned to a user
Which of the following enables running macros in Microsoft Office applications? DOM VBA SDK RAD
VBA
A logical grouping of computers that allow computer hosts to act as if they were attached to the same broadcast domain regardless of their physical location is known as: VLN Screened subnet Intranet SAN
VLAN
Which of the following answers refer to the characteristics of HOTP? (Select 3 answers) Valid for only one login session Based on a shared secret key and current time Vulnerable to replay attacks Based on a cryptographic hash function and a secret cryp
Valid for only one login session, Based on a cryptographic hash function and a secret cryptographic key, Not vulnerable to replay attacks
The practice of using a telephone system to manipulate user into disclosing confidential information is known as:
Vishing (Voicemail phishing)
Which of the acronyms listed below refers to a firewall controlling access to a web server? WEP WAP WPS WAF
WAF
Which of the following would be of help in troubleshooting wireless signal loss and low wireless network signal coverage? (Select 2 answers) Protocol analyzer WAP power level controls WiFi analyzer Logical network diagram Network mapper
WAP power level controls, WiFi analzyer
Which of the wireless security protocols listed below has been deprecated in favor of newer standards due to known vulnerabilities resulting from implementation flaws? EAP AES WPA2 WEP
WEP
A solution that simplifies configuration of new wireless networks by allowing non-technical users to easily configure network security settings and add new devices to an existing network is known as: WPA WPS WEP WAP
WPS
Which of the wireless technologies listed below are deprecated and should not be used due to their known vulnerabilities? (Select 2 answers) WPS WAP WPA2 WAF WEP
WPS, WEP
An optimal Wireless Access Point (WAP) antenna placement provides a countermeasure against: War chalking Spoofing War driving Insider threat
War driving
Which of the terms listed below refers to a platform used for watering hole attacks? Mail gateways Websites PBX systems Web browsers
Websites (A watering hole attack is a targeted attack designed to compromise users within a specific industry or group of users by infecting websites they typically visit and luring them to a malicious site)
Which of the following answers refers to a diagnostic tool that can be used for measuring wireless signal strength? Tone generator Multimeter WiFi analyzer Network mapper
WiFi analyzer
Which digital certificate allows multiple subdomains to be protected by a single certificate? Root signing certificate Subject Alternative Name (SAN) certificate Extended Validation (EV) certificate Wildcard certificate
Wildcard certificate
The process of planning and designing new WLANs for optimal performance, security and compliance typically involves: Penetration testing Wireless site survey Vulnerability scanning End user awareness and training
Wireless site survey
Which of the following answers refers to a command-line tool used to download or upload data to a server via any of the supported protocols, such as FTP, HTTP, SMTP, IMAP, POP3, or LDAP? theHarvester curl sn1per memdump
curl
A Linux command-line utility that can be used in the forensic process for creating and copying image files is called: fsutil diskpart dd format
dd
Which of the following answers refers to network administration command-line utilities used for DNS queries? (Select 2 answers) dig tracert nslookup ping pathping
dig, nslookup
Which of the following tools would be best suited for gathering information about a domain? FTK Imager dnsenum scanless Wireshark
dnsenum
Which of the following enables client-side URL redirection? host hosts hostname localhost
hosts
Which of the following answers refers to a command-line tool used for security auditing and testing of firewalls and networks? pathping netstat nslookup hping
hping
Which of the following answers refers to a Linux utility for querying and displaying logs that are stored in binary form? logger uncompress read journalctl
journalctl
Which of the following commands enables adding messages to the /var/log/syslog file in Linux? paste logger write printf
logger
A Linux command-line command for displaying routing table contents is called: print route netstat -r route print netstat -a
netstat -r
Which network command-line utility in MS Windows combines the features of ping and tracert? nbtstat pathping traceroute netstat
pathping
Which of the following command-line commands in MS Windows are used to display the contents of a routing table? (Select 2 answers) netstat -p route print netstat -a print route netstat -r
route print, netstat -r
Which of the following answers refers to a cross-platform IP traffic collection method that takes advantage of packet sampling to optimize bandwidth and hardware resources usage? sFlow NXLog NetFlow IPFIX
sFlow
Which of the following answers refers to an advanced network exploration and penetration testing tool integrating functionalities from multiple other tools, such as ping, whois, or nmap? sn1per dnsenum curl scanless
sn1per
Examples of utilities that enable logging of data from different types of systems in a central repository include: (Select all that apply) syslog rsyslog journalctl syslog-ng NXLog
syslog rsyslog syslog-ng NXLog
Which of the following are log managing utilities for Unix and Unix-like systems that implement the basic syslog protocol and extend it with additional functionalities? (Select 2 answers) NXLog syslog-ng NetFlow rsyslog sFlow
syslog-ng, rsyslog
Which of the following is a Command-Line Interface (CLI) packet-capturing tool used in Unix-like operating systems? tcpdump Wireshark theHarvester Tcpreplay
tcpdump
Which of the following tools is used for gathering OSINT? Wireshark theHarvester Nessus FTK Imager
theHarvester
A Linux command-line utility for displaying intermediary points (routers) the IPv4 packet is passed through on tis way to another network node is known as: nbtstat traceroute netstat tracert
traceroute
A network command-line utility in MS Windows that tracks and displays the route taken by IPv4 packets on their way to another host is called ping traceroute nslookup tracert
tracert
