CISS 125 FINAL REVIEW
*Question #16* *Which device watches for attacks and sounds an alert only when one occurs*? A. firewall B. network intrusion detection system (NIDS) C. network intrusion prevention system (NIPS) D. proxy intrusion device
B. * network intrusion detection system (NIDS)* *page 254*
*Question #9* *Sebastian was explaining to his supervisor why the enterprise needed to implement port security*. *His supervisor asked what security action a flood guard could do when a MAC flooding attack occurred*. *Which of the following was NOT an answer that was given by Sebastian*? A. Ignore the new MAC addresses while allowing normal traffic from the single pre-approved MAC address B. Cause the device to enter a fail-open mode. C. Record new MAC addresses up to a specific limit D. Block the port entirely
B. *Cause the device to enter a fail-open mode*. *page 239*
*Question #6* *How does network address translation (NAT) improve security*? A. It filters based on protocol. B. It discards unsolicited packets. C. It masks the IP address of the NAT device. D. NATs do not improve security.
B. *It discards unsolicited packets* *page 263* a NAT router* is a router with NAT technology added to it so that it 'knows' which packets were sent out. The NAT Table is formed on the NAT Router. This NAT Table consists of the packets' Private IPs and the CORRESPONDING assigned 'alias' (masked) Public IP addresses. Due to formation of this NAT Table, the NAT router 'knows' what it expects to receive*. *If a packet ARRIVES AT the NAT router for an internal network device BUT the REQUEST for THAT PACKET was NOT FIRST SENT "OUT" through the router*, then the router DISCARDS all UNSOLICITED packets so that they NEVER enter the internal network.* -*In this way, the NAT router acts like a FIREWALL by DISCARDING UNWANTED PACKETS*
*Question #4* *Which of the following devices can identify the application that send packets and then make decisions about filtering based on it*? A. Internet content filter B. application-based firewall C. reverse proxy D. web security gateway
B. *application-based firewall* *page 250*
*Question #8* *Which device is easiest for an attacker to take advantage of to capture and analyze packets*? A. router B. hub C. switch D. load balancer
B. *hub* *page 237*
*Question #20* *Which is the most secure type of firewall*? A. stateless packet filtering B. stateful packet filtering C. network intrusion detection system replay D. reverse proxy analysis
B. *stateful packet filtering* *page 249* -Only stateless packet filtering and stateful packet filtering are ACTUAL types of FIREWALLS -The Stateful packet not only makes decisions (allow, drop, reject, ask) based on the connection as well as the conditions. -In addition, the Stateful KEEPS A RECORD of the state of a connection between an internal computer and an external device -This record can be referred to later for determining when an PREVIOUSLY UNKNOWN malware may have been introduced to the network
What functions of a switch does a software defined network separate? A. Host and virtual B. Control plane and physical plane C. Network level and resource level D. RAM and hard drive
B. Control plane and physical plane
18. Elijah was asked by a student intern to explain the Extensible Authentication Protocol (EAP). What would be the best explanation of EAP? A. It is the transport protocol used in TCP/IP for authentication B. It is a framework for transporting authentication protocols C. It is a subset of WPA2 D. It is a technology used by IEEE 802.11 for encryption
B. It is a framework for transporting authentication protocols
13. What is the primary weakness of wired equivalent privacy (WEP)? A. It functions only on specific brands of APs. B. Its usage creates a detectable pattern. C. It slows down a WLAN from 104 Mbps to 16 Mbps. D. Initialization vectors (IVs) are difficult for users to manage.
B. Its usage creates a detectable pattern.
7. Which of these Wi-Fi Protected Setup (WPS) methods is vulnerable? A. Push-Button method B. PIN method C. piconet method D. NFC method
B. PIN method
Which version of Simple Network Management Protocol (SNMP) is considered the most secure? A. SNMPv4 B. SNMPv3 C. SNMPv5 D. SNMPv2
B. SNMPv3
14. WPA replaces WEP with _____. A. WPA2 B. Temporal Key Integrity Protocol (TKIP) C. Cyclic Redundancy Check (CRC) D. Message Integrity Check (MIC)
B. Temporal Key Integrity Protocol (TKIP)
17. Which of the following is a multipurpose security device? A. Hardware security module B. Unified Threat Management (UTM) C. Media gateway D. Intrusion Detection/Prevention (ID/P)
B. Unified Threat Management (UTM)
Which application stores the user's desktop inside a virtual machine that resides on a server and is accessible from multiple locations? A. Application cell B. VDI C. Container D. VDE
B. VDI
20. Which of these is NOT a type of wireless AP probe? A. wireless device probe B. WNIC probe C. dedicated probe D. AP probe
B. WNIC probe
17. AES-CCMP is the encryption protocol standard used in _____. A. WPA B. WPA2 C. IEEE 802.11 D. NFC
B. WPA2
18. Which of the following CANNOT be used to hide information about the internal network? A. network address translation (NAT) B. a protocol analyzer C. a subnetter D. a proxy server
B. a protocol analyzer
Which type of device log contains the most beneficial security data? A. switch log B. firewall log C. router log D. email log
B. firewall log
A monitoring technique used by an intrusion detection system (IDS) that uses the normal processes and actions as the standard and compares actions against it.
Behavioral Monitoring
Which of these Bluetooth attacks involves accessing unauthorized information through a Bluetooth connection? Bluesnarfing Bluecreeping Bluestealing Bluejacking
Bluesnarfing
Which of the following are zombie armies formed by a number of innocent hosts set up to perform malicious operations?
Botnets
A hardware device or software that is used to join two separate computer networks to enable communication between them.
Bridge
A security administrator uses third-party certificate authorities plus their own set of enterprise certificate authorities. How is a list of trusted certificate authorities delivered to a browser? (Choose all that apply.)
Browser manufacturer Group policy
Timur was making a presentation regarding how attacker's break passwords. His presentation demonstrated the attack technique that is the slowest yet most thorough attack that is used against passwords. Which of these password attacks did he demonstrate?
Brute force attack
You are examining the types of overflow attacks. Which type of attack attempts to store data in RAM that is beyond the fixed-length storage boundaries?
Buffer overflow
Although redundant links between switches is a desirable design element, what problem does this pose in Layer 2 switched networks? A. Possibility of duplicate MAC addresses B. Larger MAC address tables C. Switching loops D. . Increased memory usage
C
When all ports on all switches have transitioned to either blocking or forwarding the network is said to be ____________. A. Synchronized B. Consistent C. Converged D. Replicated
C
Which of the following is NOT one of the Spanning Tree port states? A. Listening B. Learning C. Recording D. Forwarding
C
*Question #19* *What is the difference between a network intrusion detection system (NIDS) and a network intrusion prevention system (NIPS)*? A. A NIDS provides more valuable information about attacks. B. There is no difference; a NIDS and a NIPS are equal. C. A NIPS can take actions more quickly to combat an attack. D. A NIPS is much slower because it uses protocol analysis.
C. *A NIPS can take actions more quickly to combat an attack*. *page 257*
*Question #3* *Which of these would NOT be a filtering mechanism found in a firewall ACL rule*? A. source address B. direction C. date D. protocol
C. *date* *pages 249-250*
Which of the following is NOT a service model in cloud computing? A. Software as a Service (SaaS) B. Platform as a Service (PaaS) C. Hardware as a Service (HaaS) D. Infrastructure as a Service (IaaS)
C. Hardware as a Service (HaaS)
9. Which of the following is NOT a wireless peripheral protection option? A. Update or replacing any vulnerable device B. Switch to a more fully tested Bluetooth model C. Install a network sensor to detect an attack D. Substitute a wired device
C. Install a network sensor to detect an attack
5. Why is a rogue AP a security vulnerability? A. It uses the weaker IEEE 80211i protocol. B. It conflicts with other network firewalls and can cause them to become disabled. C. It allows an attacker to bypass network security configurations. D. It requires the use of vulnerable wireless probes on all mobile devices.
C. It allows an attacker to bypass network security configurations.
11. Which of these is a vulnerability of MAC address filtering? A. APs use IP addresses instead of MACs. B. The user must enter the MAC. C. MAC addresses are initially exchanged unencrypted. D. Not all operating systems support MACs.
C. MAC addresses are initially exchanged unencrypted.
Kyle asked his supervisor which type of computing model was used when the enterprise first started. She explained that the organization purchased all the hardware and software necessary to run the company. What type of model was she describing to Kyle? A. Off-premises B. Hosted services C. On-premises D. Virtual services
C. On-premises
Catriona needed to monitor network traffic. She did not have the resources to install an additional device on the network. Which of the following solutions would meet her needs? A. Correlation engine B. Aggregation switch C. Port mirroring D. Network tap
C. Port mirroring
3. What is a difference between NFC and RFID? A. NFC is based on wireless technology while RFID is not. B. RFID is faster than NFC. C. RFID is designed for paper-based tags while NFC is not. D. NFC devices cannot pair as quickly as RFID devices.
C. RFID is designed for paper-based tags while NFC is not.
15. Adabella was asked by her supervisor to adjust the frequency spectrum settings on a new AP. She brought up the configuration page and looked through the different options. Which of the following frequency spectrum settings would she NOT be able to adjust? A. Frequency band B. Channel selection C. RFID spectrum D. Channel width
C. RFID spectrum
What is the recommended secure protocol for voice and video applications? A. Network Time Protocol (NTP) B. Hypertext Transport Protocol Secure (HTTPS) C. Secure Real-time Transport Protocol (SRTP) D. Secure/Multipurpose Internet Mail Extensions (S/MIME)
C. Secure Real-time Transport Protocol (SRTP)
Which type of hypervisor does not run on an underlying operating system? A. Type III B. Type IV C. Type I D. Type II
C. Type I
12. Which of these is NOT a limitation of turning off the SSID broadcast from an AP? A. Turning off the SSID broadcast may prevent users from being able to freely roam from one AP coverage area to another. B. Some versions of operating systems favor a network that broadcasts an SSID over one that does not. C. Users can more easily roam from one WLAN to another. D. The SSID can easily be discovered, even when it is not contained in beacon frames, because it still is transmitted in other management frames sent by the AP.
C. Users can more easily roam from one WLAN to another.
Which of the following is NOT a security concern of virtualized environments? A. Physical security appliances are not always designed to protect virtual systems. B. Virtual machines must be protected from both the outside world and from other virtual machines on the same physical computer. C. Virtual servers are less expensive than their physical counterparts. D. Live migration can immediately move one virtualized server to another hypervisor.
C. Virtual servers are less expensive than their physical counterparts.
Which type of log can provide details regarding requests for specific files on a system? A. SysFile log B. event log C. access log D. audit log
C. access log
Which type of cloud is offered to specific organizations that have common concerns? A. public cloud B. private cloud C. community cloud D. hybrid cloud
C. community cloud
10. The primary design of a(n) _____ is to capture the transmissions from legitimate users. A. rogue access point B. WEP C. evil twin D. Bluetooth grabber
C. evil twin
On a 64-bit version of Windows 10, where are 32-bit apps typically installed?
C:\Program Files (x86)
Public keys of compromised certificates can be found in which ways? (Choose all that apply.) Bcrypt OCSP Blowfish CRL PBKDF2
CRL OCSP The following are ways to check for revoked certificates: - Certificate Revocation List (CRL.) The CRL contains a list of certificates that are compromised and invalid. The CRL should be checked regularly to avoid using compromised certificates. The main disadvantages of implementing a certificate revocation list is that it is a single point of failure, is expensive to maintain, and is slower than OCSP. - Online Certificate Status Protocol (OCSP.) The OCSP overcomes the chief limitation of CRL: the fact that updates must be frequently downloaded to keep the list current at the client end. When a user attempts to access a server, OCSP sends a request for certificate status information. The server sends back a response of "current", "expired," or "unknown." The protocol specifies the syntax for communication between the server (which contains the certificate status) and the client application (which is informed of that status). OCSP allows users with expired certificates a grace period, so they can access servers for a limited time before renewing. The Online Certificate Status Protocol (OCSP) is the protocol used by browsers to obtain the revocation status of a digital certificate attached to a website. OCSP speed is faster than downloading a CRL. The following provide key stretching and do not reveal compromised certificates: - PBKDF2 (Password-Based Key Derivation Function 2) applies a pseudorandom function, such as a cryptographic hash, cipher, or HMAC to the input password or passphrase along with a salt value and repeats the process tens of thousands of times to produce a derived key, which can then be used as a cryptographic key in subsequent operations. The added computational work makes password cracking much more difficult, and is known as key stretching. - Bcrypt. Bcrypt uses a variant of the Blowfish encryption algorithm's keying schedule, and introduces a work factor, which allows one to determine how expensive the hash function will be. Because of this, bcrypt can keep up with Moore's law. As computers get faster one can increase the work factor and the hash will get slower. Although bcrypt is derived from Blowfish, Blowfish does not provide key stretching. Blowfish is a very strong symmetric algorithm with up to a 448 bit key.
Public keys of compromised certificates can be found in which ways? (Choose all that apply.)
CRL OCSP
Which of the following might be included in Microsoft Security Bulletins? PHP CGI CVE TLS
CVE
Type D
Calista is designing the specifications for new laptop computers to be purchased by her company. She is comparing the different types and sizes of USB connections found on the devices. Which type USB connection would she NOT find on a laptop?
Sebastian was explaining to his supervisor why the enterprise needed to implement port security. His supervisor asked what security action a flood guard could do when a MAC flooding attack occurred. Which of the following was NOT an answer that was given by Sebastian?
Cause the device to enter a fail-open mode
Sebastian was explaining to his supervisor why the enterprise needed to implement port security. His supervisor asked what security action a flood guard could do when a MAC flooding attack occurred. Which of the following was NOT an answer that was given by Sebastian? a. Ignore the new MAC addresses while allowing normal traffic from the single pre-approved MAC address b. Cause the device to enter a fail-open mode c. Record new MAC addresses up to a specific limit d. Block the port entirely
Cause the device to enter a fail-open mode
An entity that issues digital certificates is a ____________.
Certificate Authority (CA)
A centralized directory of digital certificates is called a(n) ____________.
Certificate Repository (CR)
A ____________ is a specially formatted encrypted message that validates the information the CA requires to issue a digital certificate.
Certificate Signing Request (CSR)
Improper certificate and key management
Certificates that are not renewed and replaced before they expire can cause serious downtime and outages. Private keys used with certs must be kept secure or unauthorized individuals can intercept confidential communications or gain unauthorized access to critical systems.
attributes
Characteristic features of different groups of threat actors.
Attributes
Characteristic features of the different groups of threat actors can vary widely.
Which one of the following can monitor and protect a DNS server? Ping the DNS server Block port 53 on the firewall Purge PTR records daily Check DNS records regularly
Check DNS records regularly
________ biometric is related to the perception, through processes, and understanding of the user.
Cognitive
Which of these is a US Department of Defense smart card that is used for identification of active duty and reserve military personnel?
Common Access Card (CAC)
Macro Viruses
Common in Microsoft Office, they infect that program specifically.
Which type of cloud is offered to specific organizations that have common concerns? a. Public cloud b. Hybrid cloud c. Private cloud d. Community cloud
Community Cloud
D. through products, people, and procedures on the devices that store, manipulate, and transmit the information.
Complete this definition of information security: That which protects the integrity, confidentiality, and availability of information _____. A. on electronic digital devices and limited analog devices that can connect via the Internet or through a local area network. B. through a long-term process that results in ultimate security. C. using both open-sourced as well as supplier-sourced hardware and software that interacts appropriately with limited resources. D. through products, people, and procedures on the devices that store, manipulate, and transmit the information.
Which of the choices provided ensures that only approved individuals can access special content?
Confidentiality
weak configuration
Configuration options that provide limited security choices.
What functions of a switch does a software defined network separate? a. Host and virtual b. Control plane and physical plane c. RAM and hard drive d. Network level and resource level
Control plane and physical plane
A wireless LAN controller (WLC) was recently installed, and now Kelsey needs to purchase several new APs to be managed by it. Which type of AP should he purchase? Fat AP Standalone AP Any type of AP can be managed by a WLC. Controller AP
Controller AP
What is a disadvantage or biometric readers?
Cost
Untrained users
Cost at least five times more to support than trained users
In your organization's network you have VoIP phones and PCs connected to the same switch. Which of the following is the best way to logically separate these device types while still allowing traffic between them via an ACL? Install a firewall and connect it to the switch Create and define two subnets, configure each device to use a dedicated IP address, and then connect the whole network to a router Install a firewall and connect it to a dedicated switch for each type of device Create two VLANs on the switch connected to a router
Create two VLANs on the switch connected to a router
Defense-in-Depth
Creating multiple layers of security defenses though which an attacker must penetrate.
Layered Security
Creating multiple layers of security defenses through which an attacker must penetrate.
layered security
Creating multiple layers of security defenses through which an attacker must penetrate; also called defense-in-depth.
defense-in-depth
Creating multiple layers of security defenses through which an attacker must penetrate; also called layered security.
Credentialed vs. Non-credentialed
Credentialed Scan is a much safer version of the vulnerability scanner. It provides more detailed information than a non-credentialed scan. A non-credentialed scan will monitor the network and see any vulnerabilities that an attacker would easily find.
Cross-Site request forgery
Cross-Site Forgery is an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated
Select the critical asset in the choices provided
Customized business software
DoS
Cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet.
One function of a VLAN is to ____________. A. increase traffic B. increase broadcast traffic C. reduce bandwidth D. reduce broadcast traffic
D
When a switch boots up and receives the first frame from a host what does the switch do with the frame? A. Send the frame to every switch port B. Holds the frame in memory until it learns the destination switch-port C. Drops the frame D. Send the frame to every switch port except the one on which it arrived
D
Which of the following best describes a VLAN? A. A protocol used with dial-up connections B. A firewall technology that filters packets based on content C. A way of identifying a document on the Internet D. A switching technology that enables users on different switch ports to take part in their own network
D
*Question #2* *Ximena noticed that *Sofia had created a network bridge* on her new *laptop between* the *unsecured wireless network* and *the organization's secure intranet*. Ximena *explained* to Sofia *the problem associated with setting up the bridge*. *What did Ximena tell Sofia*? A. A bridge will block packets between two different types of networks. B. A bridge cannot be used on any Internet connection. C. A bridge would block packets from reaching the Internet. D. A bridge could permit access to the secure wired network from the unsecured wireless network
D. *A bridge could permit access to the secure wired network from the unsecured wireless network*
*Question #10* *Which statement regarding a demilitarized zone (DMZ) is NOT true*? A. It can be configured to have one or two firewalls. B. It typically includes an email or web server. C. It provides an extra degree of security. D. It contains servers that are used only by internal network users.
D. *It contains servers that are used only by internal network users*. *This statement is FALSE* *pages 260-261*
Which Domain Name System (DNS) attack replaces a fraudulent IP address for a symbolic name? A. DNS forwarding B. DNS Masking C. DNS replay D. DNS Poisoning
D. DNS Poisoning
19. Minh has been asked to recommend an EAP for a system that uses both passwords and tokens with TLS. Which should she recommend? A. EAP-TLS B. EAP-TTLS C. EAP-SSL D. EAP-FAST
D. EAP-FAST
*Question #11* *Which statement about network address translation (NAT) is true*? A. It substitutes MAC addresses for IP addresses. B. It can be stateful or stateless. C. It can be found only on core routers. D. It removes private addresses when the packet leaves the network.
D. It removes private addresses when the packet leaves the network. *page 263
Which of these is NOT correct about an SSL/TLS accelerator? A. It is a separate hardware card that inserts into a web server. B. It contains one or more co-processors to handle SSL/TLS processing. C. It can be installed as a "virtual SSL/TLS server" alongside a forward proxy server. D. It replaces FTP using Secure Sockets Layer (FTPS) as a file transport layer resting "on top" of SSL/TLS.
D. It replaces FTP using Secure Sockets Layer (FTPS) as a file transport layer resting "on top" of SSL/TLS.
Which of these is the most secure protocol for transferring files? A. TCP B. FTPS C. FTP D. SFTP
D. SFTP
Which of the following involves deploying a large number of compromised hosts to flood a target system?
DDoS
Which of the following can be used to prevent a buffer overflow attack? a. DEP b. FIM c. VPN d. DNS
DEP
A security analyst wants to ensure that all external traffic is able to access an organization's front-end servers but also wants to protect access to internal resources. Which network design element is the best option for the security analyst? VLAN Virtualization DMZ Cloud computing
DMZ
Which of the following should be placed between the LAN and the Internet? DMZ HIDS Domain controller Extranet
DMZ
Which of the following would you set up in a multifunction SOHO router? DMZ DOS OSI ARP
DMZ
Amplification
DNS amplification, like other amplification attacks, is a type of reflection attack. In this case, the reflection is achieved by eliciting a response from a DNS resolvers to a spoofed IP address.
A coworker goes to a website but notices that the browser brings her to a different website and that the URL has changed. What type of attack is this? DNS poisoning Denial of service Buffer overflow ARP poisoning
DNS poisoning
Which Domain Name System (DNS) attack replaces a fraudulent IP address for a symbolic name? a. DNS replay b. DNS masking c. DNS poisoning d. DNS forwarding
DNS poisoning
When users in your company attempt to access a particular website, the attempts are redirected to a spoofed website. What are two possible reasons for this? DoS DNS poisoning Modified hosts file Domain name kiting
DNS poisoning, Modified hosts file
A person attempts to access a server during a zone transfer to get access to a zone file. What type of server is that person trying to manipulate? Proxy server DNS server File server Web server
DNS server
Which types of apps are not supported by a 64-bit edition of Windows 10? (Choose all that apply.)
DOS Win16
A system of security tools that is used to recognize and identify data that is critical to the organization and ensure that it is protected.
Data Loss Prevention (DLP)
Which of these would NOT be a filtering mechanism found in a firewall ACL rule? a. Source address b. Direction c. Date d. Protocol
Date
architecture/design weaknesses
Deficiencies in software due to poor design.
A separate network that rests outside the secure network perimeter: untrusted outside users can access It, but cannot enter the secure network.
Demilitarized Zone (DMZ)
undocumented assets
Devices that are not formally identified or documented in an enterprise.
Risk Response Techniques
Different option available when dealing with risks.
risk response techniques
Different options available when dealing with risks.
In which of the following types of access control is the default for Windows systems and has access determined by the owner of a resource?
Discretionary access control
In which of the following types of access control is the default for Windows systems and has access determined by the owner of a resource? Rule based access control Role based access control Discretionary access control Mandatory access control
Discretionary access control
A network access control (NAC) agent that disappears after reporting information to the NAC device.
Dissolvable NAC Agent
DDoS
Disturbed Denial of Service occurs when multiple systems flood the bandwidth or resources of a targeted system. Usually one or more webservers.
Your web server that conducts online transactions crashed, so you examine the HTTP logs and see that a search string was executed by a single user masquerading as a customer. The crash happened immediately afterward. What type of network attack occurred?
DoS
What is the difference between a DoS and a DDoS attack?
DoS attacks use fewer computers than DDoS attacks
What is the difference between a DoS and a DDoS attack? DoS attacks are faster than DDoS attacks DoS attacks use fewer computers than DDoS attacks DoS attacks do not use DNS servers as DDoS attacks do DoS attacks user more memory than a DDoS attack
DoS attacks use fewer computers than DDoS attacks
Boot Sector
Don't need an OS. It can sit in your boot of your hard drive.
Known plain text/cipher text
During known-plaintext attacks, the attacker has an access to the ciphertext and its corresponding plaintext. Her goal is to guess the secret key (or a number of secret keys) or to develop an algorithm which would allow him to decrypt any further messages.
Minh has been asked to recommend an EAP for a system that uses both passwords and tokens with TLS. Which should she recommend? EAP-SSL EAP-TTLS EAP-FAST EAP-TLS
EAP-FAST
End of-life systems
EOL is a term used with respect to a product supplied to customers, indicating that the product is in the end of its useful life and a vendor stops marketing, selling or rework sustain it
insiders
Employees, contractors, and business partners who can be responsible for an attack.
Trust
Ensures confidence. You know who they are. "You know who I am."
Which type of log can provide details regarding requests for specific files on a system? a. Audit log b. Event log c. Access log d. SysFile log
Event log
A digital certificate that turns the address bar green is a(n) ____________.
Extended Validation SSL Certificate
A private network that can also be accessed by authorized external customers, vendors, and partners.
Extranet
What is the best way to utilize FTP sessions securely? FTPS FTP passive FTP active TFTP
FTPS
Which of the following is the most secure protocol for transferring files? FTP SSH FTPS Telnet
FTPS
What are some common symptoms of RAID array failures? (Choose all that apply.) OS not found Overheating Failure to boot Drive not recognized
Failure to boot Drive not recognized OS not found Common symptoms of RAID array failure include OS not found, when the OS is installed to the RAID array. Drive not recognized may indicate a RAID array failure and it may also indicate a single drive has failed when seen outside the scope of a RAID array. Failure to boot is as common as OS not found. In any of these situations, when RAID stops working, one will have to replace failed drives and potentially restore data to the RAID array. Overheating is not a common symptom of RAID failures, though is a common symptom of failure within the cooling system or another electrical component.
A web application firewall is exactly the same as a network firewall.
False
All Windows Store apps are universal apps. True or False?
False
DoS attacks are for gaining unauthorized access or control of a system.
False
Microsoft Store for Business contains Azure RemoteApp programs. True or False?
False
Proxies are "devices" that are strictly software-only.
False
You can automate installation of Window Store apps by using Group Policy. True or False?
False
The failure to raise an alarm when there is abnormal behavior.
False Negative
Alarm that is raised when there is no actual abnormal behavior.
False Positives
Which of the following aims to support distributed authentication and authorization over the Internet?
Federation services
Which of the following aims to support distributed authentication and authorization over the Internet? Trust bridge services DFS Transitive trust services Trust link services Federation services
Federation services Federation services aim to support distributed authentication and authorization over the Internet so that it is possible to create, secure, and verify claims that flow between partnering organizations.
Firewalls
Filters traffic by port number. Filters at OSI layer 4. Can encrypt traffic into/out of the network.
Hardware or software that is designed to limit the spread of malware.
Firewall
Which of the following devices would most likely have a DMZ interface? Switch VoIP phone Proxy server Firewall
Firewall
Which type of device log contains the most beneficial security data? a. Firewall log b. Email log c. Switch log d. Router log
Firewall log
A defense against a MAC flooding attack.
Flood Guard
A TOTP token code is generally valid for what period of time?
For as long as it appears on the device
A Web application firewall protects Web servers from malicious traffic and blocks attempts to compromise the system. It prevents targeted attacks that include Denial of Service (DOS), Cross-Site Scripting (XSS), SQL injection, Cross-Site Request Forgery (CSRF), forceful browsing, cookie poisoning and invalid input. In which of the following attacks does the attacker gains access to a restricted page within a Web application by supplying a URL directly?
Forceful browsing
A computer or an application program that intercepts user requests from the internal secure network and then processes those requests on behalf of the users.
Forward Proxy
Which device intercepts internal user requests and then processes those requests on behalf of the users?
Forward proxy server
Which device intercepts internal user requests and then processes those requests on behalf of the users? a. Forward proxy server b. Reverse proxy server c. Host detection server d. Intrusion prevention device
Forward proxy server
Which of the following attacks is a type of DoS attack that sends large amounts of UDP echoes to ports 7 and 19? Teardrop IP spoofing Fraggle Replay
Fraggle
Industry-Specific Frameworks
Frameworks/architectures that are specific to a particular industry or market sector.
industry-specific frameworks
Frameworks/architectures that are specific to a particular industry or market sector.
Open-Source Intelligence
Freely available automated attack software.
open-source intelligence
Freely available automated attack software.
A VPN technology in which all traffic is sent to the VPN concentrator and is protected.
Full Tunnel
Which of the following are options that are viable and practical for implementing data encryption? (Choose all that apply.)
Full disk encryption, database encryption, individual file encryption, removable media encryption, and mobile devices encryption.
reset to factory settings
Gaetan has attempted to enter the passcode for his mobile device but keeps entering the wrong code. Now he is asked to enter a special phrase to continue. Which configuration setting is enabled on Gaetan's mobile device?
Creating a pattern of where a user accessed a remote web account is an example of which of the following?
Geolocation
Gray Box
Gray box tester has the access and knowledge levels of a user, potentially with elevated privileges on a system. Gray-box pen testers typically have some knowledge of a networks internals
A security administrator uses third-party certificate authorities plus their own set of enterprise certificate authorities. How is a list of trusted certificate authorities delivered to a browser? (Choose all that apply.) Online Certificate Status Protocol (OCSP) Registration Authority (RA) Browser manufacturer Certificate Authority (CA) Group policy
Group policy Browser manufacturer The list of trusted third-party certificate authorities is installed by the browser manufacturer and updated when the browser is updated. The list of trusted Conglomerate.com enterprise certificate authorities should be delivered to the browser by group policy. While the certificate authority signs its own root certificate and vouches for itself, it is up to the browser manufacturer to install them. While a registration authority can help a CA by identity proofing certificate applicants, it is again up to the browser manufacturer to install them. The Online Certificate Status Protocol (OCSP) allows a user to check for revoked certificates. The OCSP overcomes the chief limitation of CRL: the fact that updates must be frequently downloaded to keep the list current at the client end. When a user attempts to access a server, OCSP sends a request for certificate status information. The server sends back a response of "current", "expired," or "unknown." The protocol specifies the syntax for communication between the server (which contains the certificate status) and the client application (which is informed of that status). OCSP allows users with expired certificates a grace period, so they can access servers for a limited time before renewing. The Online Certificate Status Protocol (OCSP) is the protocol used by browsers to obtain the revocation status of a digital certificate attached to a website. OCSP speed is faster than downloading a CRL.
Control Diversity
Groups who are responsible for regulating access to a system are also different.
A separate open network that anyone can access without prior authorization.
Guest Network
A. Extinguish risk
Gunnar is creating a document that explains risk response techniques. Which of the following would he NOT list and explain in his document? A. Extinguish risk B. Transfer risk C. Mitigate risk D. Avoid risk
Which registry hive contains settings that are imported from ntuser.dat?
HKEY_CURRENT_USER
Which registry hive is used to store global information about apps regardless of the user that is signed in?
HKEY_LOCAL_MACHINE
Which one-time password is event-driven?
HOTP
A dedicated cryptographic processor that provides protection for cryptographic keys.
Hardware Security Module
Which of the following is NOT a service model in cloud computing? a. Software as a Service (SaaS) b. Hardware as a Service (HaaS) c. Platform as a Service (PaaS) d. Infrastructure as a Service (IaaS)
Hardware as a Service (HaaS)
Resource Exhaustion
Hardware with limited resources could be exploited by an attacker who intentionally tries to consume more resources then intended.
control diversity
Having different groups responsible for regulating access to a system.
Which human characteristic is NOT used for biometric identification?
Height
User Training
Help instruct the employees as to the security reasons behind the restrictions.
A monitoring technique used by an intrusion detection system (IDS) that uses an algorithm to determine if a threat exists.
Heuristic Monitoring
Reports sent by network access control (NAC) "agents" installed on devices to gather information and report back to the NAC device.
Host Agent Health Checks
Olivia was asked to protect the system from a DNS poisoning attack. What are the locations she would need to protect?
Host table and external DNS server
Olivia was asked to protect the system from a DNS poisoning attack. What are the locations she would need to protect? Web server buffer and host DNS server Reply referrer and domain buffer Web browser and browser add-on Host table and external DNS server
Host table and external DNS server
A software firewall that runs as a program on the local computer to block or filter traffic coming into and out of the computer.
Host-Based Firewall
A software-based application that runs on a local host computer that can detect an attack as it occurs.
Host-Based Intrusion Detection System (HIDS)
A technology that monitors a local system to immediately react to block a malicious attack.
Host-Based Intrusion Prevention System (HIPS)
Using the security mechanisms on a standard Wi-Fi network.
How can an SDIO card be made secure?
A virtualized environment is created and the code is executed in it.
How does heuristic detection detect a virus?
A more recent and advanced electronic email system for incoming mail.
IMAP (Internet Mail Access Protocol)
Which of the following TCP/IP protocols do not relate to security? a. IP b. SNMP c. HTTPS d. FTP
IP
IP Spoofing
IP Spoofing is a technique used to gain unauthorized access to machines, whereby an attacker illicitly impersonates another machine by manipulating IP packets
You see a network address in the command-line that is composed of a long string of letters and numbers. What protocol is being used? IPv4 ICMP IPv3 IPv6
IPv6
You ping a hostname on the network and receive a response including the address 2001:4560:0:2001::6A. What type of address is listed within the response? MAC address Loopback address IPv6 address IPv4 address
IPv6 address
Many botnets were controlled through using what protocol?
IRC
Your boss (The IT director) wants to move several internally developed software applications to an alternate environment, supported by a third party, in an effort to reduce the footprint of the server room. Which of the following is the IT director proposing? PaaS IaaS SaaS Community cloud
IaaS
A. Security administrator
Ian recently earned his security certification and has been offered a promotion to a position that requires him to analyze and design security solutions as well as identifying users' needs. Which of these generally recognized security positions has Ian been offered? A. Security administrator B. Security technician C. Security officer D. Security manager
Vulnerable Business Processes
If there's a way to game the system, the bad guys will find it. It doesn't have to be a technical vulnerability.
Familiarity
If you like someone, you are more likely to do what the person asks. "I remember reading a good evaluation on you"
Urgency
Immediate Action is needed. "My meeting with the board starts in 5 minutes."
The principle of being always blocked by default.
Implicit Deny
Improper input handling
Improper input handling is the term used to describe functions such as validation, sanitization, filtering or encoding and/or decoding of input data. Improper Input Handling is a leading cause of critical vulnerabilities that exist in today's systems and applications.
On-boarding
In MDM terms, which choice would most quickly get a device enrolled on a network?
Black Box
In a black-box testing assignment the penetration tester is placed in the role of the average hacker. With no internal knowledge of the target system. Testers are not provided with any architecture diagrams or source code that is not publicly available.
Dictionary
In cryptanalysis and computer security, a dictionary attack is a form of brute force attack technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by trying hundreds or sometimes millions of likely possibilities, such as words in a dictionary.
Brute Force
In cryptography, a brute-force attack consists of an attacker submitting many passwords or passphrases with the hope of eventually guessing correctly. The attacker systematically checks all possible passwords and passphrases until the correct one is found.
Collision
In cryptography, a collision attack on a cryptographic hash tries to find two inputs producing the same hash value, i.e. a hash collision.
CYOD
In her job interview, Xiu asks about the company policy regarding smartphones. She is told that employees may choose from a limited list of approved devices but that she must pay for the device herself; however, the company will provide her with a monthly stipend. Which type of enterprise deployment model does this company support?
An intrusion detection system (IDS) implemented through the network itself by using network protocols and tools.
In-Band IDS
script kiddies
Individual who lacks advanced knowledge of computers and networks and so uses downloaded automated attack software to attack information systems.
Script Kiddies
Individuals who want to attack computers yet they lack the knowledge of computers and networks needed to do so.
Which of the choices is NOT part of the CIA model
Information
Which of the choices provided would be considered a critical asset
Information
Availability
Information has value if the authorized parties who are assured of its integrity can access the information.
National
Information security framework/architectures that are domestic.
national
Information security framework/architectures that are domestic.
international
Information security framework/architectures that are worldwide.
Non-Regulatory
Information security frameworks/architectures that are not required.
non-regulatory
Information security frameworks/architectures that are not required.
regulatory
Information security frameworks/architectures that are required by
Regulatory
Information security frameworks/architectures that are required by agencies that regulate the industry.
An intrusion detection system (IDS) that is directly connected to the network and monitors the flow of data as it occurs.
Inline IDS
Which of the following is NOT a wireless peripheral protection option? Update or replacing any vulnerable device Switch to a more fully tested Bluetooth model Substitute a wired device Install a network sensor to detect an attack
Install a network sensor to detect an attack
Passively test security controls
Instead, a vulnerability scan is a passive attempt to identify weaknesses. This ensures that the testing does not interfere with normal operations.
user training
Instructing employees as to the security reasons behind security restrictions.
An attacker who manipulates the maximum size of an integer type would be performing what kind of attack? Integer overflow Buffer overflow Number overflow Heap overflow
Integer overflow
Which of the choices provided ensures that information is correct and has not been altered
Integrity
Clark Wilson Model
Integrity Model relies on auditing to ensure that unauthorized subjects cannot access objects and that authorized users access objects properly A model that employs limited interfaces or programs to control and maintain object integrity access control relationship (a.k.a. access triple) are subject, object, and program (or interface).
A private network that belongs to an organization that can only be accessed by approved internal users.
Intranet
A device that detects an attack as it occurs.
Intrusion Detection System (IDS)
Which function does an Internet content filter NOT perform? a. Intrusion detection b. URL filtering c. Malware inspection d. Content inspection
Intrusion detection
Embedded Systems
Is a combination of computer hardware and software, either fixed in capability or programmable, designed for a specific function or functions within a larger system.
New threats/zero day:
Is a cyber attack targeting a software vulnerability which is unknown to the software vendor or to antivirus vendors. The attacker spots the software vulnerability before any parties interested in mitigating it, quickly creates an exploit and uses it for an attack.
Rainbow Tables
Is a pre-computed table for reversing cryptographic hash functions, usually for cracking password hashes.
DLL Injection
Is a technique used for running code within the address space of another process by forcing it to load a dynamic-link library. DLL injection is often used by external programs to influence the behavior of another program in a way its authors did not anticipate or intend.
Active Reconnaissance
Is a type of computer attack in which an intruder engages with the target system to gather information about vulnerabilities.
Cross-site Scripting:
Is a type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client side scripts into web pages viewed by other users.
Privilege Escalation Attack
Is a type of network intrusion that takes advantage of programming errors or design flaws to grant the attacker elevated access to the network and its associated data and applications.
Buffer overflow
Is an anomaly where a program while writing data to a buffer, overruns the buffer's boundary and overwrites adjacent memory locations.
Buffer Overflow
Is an anomaly where a program, while writing data to a buffer, overruns the buffer's boundary and overwrites adjacent memory locations.
Why is a rogue AP a security vulnerability? It uses the weaker IEEE 80211i protocol. It allows an attacker to bypass network security configurations. It conflicts with other network firewalls and can cause them to become disabled. It requires the use of vulnerable wireless probes on all mobile devices.
It allows an attacker to bypass network security configurations
Which of these is NOT correct about an SSL accelerator? a. It can be a separate hardware card that inserts into a web server. b. It can be a separate hardware module. c. It should reside between the user's device and the web servers. d. It can only handle the SSL protocol.
It can only handle the SSL protocol
Aideen sent an email to her supervisor explaining the Domain Name System Security Extensions (DNSSEC). Which of the following statements would Aideen have NOT included in her email? a. It is fully supported in BIND9. b. It adds additional resource records. c. It adds message header information. d. It can prevent a DNS transfer attack.
It can prevent a DNS transfer attack
Which statement regarding a demilitarized zone (DMZ) is NOT true?
It contains servers that are used only by internal network users.
Which statement regarding a demilitarized zone (DMZ) is NOT true? a. It can be configured to have one or two firewalls. b. It typically includes an email or web server. c. It provides an extra degree of security. d. It contains servers that are used only by internal network users.
It contains servers that are used only by internal network users.
Why should the account lockout threshold not be set too low?
It could result in denial of service (DoS) attacks
How does network address translation (NAT) improve security?
It discards unsolicited packets.
How does network address translation (NAT) improve security? a. It filters based on protocol. b. It discards unsolicited packets. c. It masks the IP address of the NAT device. d. NATs do not improve security.
It discards unsolicited packets.
Elijah was asked by a student intern to explain the Extensible Authentication Protocol (EAP). What would be the best explanation of EAP? It is a framework for transporting authentication protocols It is a technology used by IEEE 802.11 for encryption It is a subset of WPA2 It is the transport protocol used in TCP/IP for authentication
It is a framework for transporting authentication protocols
Which statement is NOT true regarding hierarchical trust models?
It is designed for use on a large scale.
Confidentiality
It is important that only approved individuals can access important information.
Which of the following is NOT true of a wireless router? It is also called a "residential WLAN gateway". It combines multiple features into a single hardware device. It is most commonly used in an enterprise setting . It often includes features of an access point (AP).
It is most commonly used in an enterprise setting .
Which statement about network address translation (NAT) is true? a. It substitutes MAC addresses for IP addresses. b. It can be stateful or stateless. c. It can be found only on core routers. d. It removes private addresses when the packet leaves the network.
It removes private addresses when the packet leaves the network.
Which statement about network address translation (NAT) is true?
It removes private addresses when the packet leaves the network.
How is key stretching effective in resisting password attacks?
It takes more time to generate candidate password digests
What is the primary weakness of wired equivalent privacy (WEP)? Its usage creates a detectable pattern. Initialization vectors (IVs) are difficult for users to manage. It functions only on specific brands of APs. It slows down a WLAN from 104 Mbps to 16 Mbps.
Its usage creates a detectable pattern.
push notification services
Jabez needs to alert through an SMS text message those corporate users who have a specific brand and type of mobile device regarding a serious malware incident. What technology will she use?
A network administrator has a domain that includes single location. They want to store a copy of digital certificates with a trusted third party. What should be implemented?
Key escrow
____________ refers to a situation in which keys are managed by a third party, such as a trusted CA.
Key escrow
A network administrator has a domain that includes single location. They want to store a copy of digital certificates with a trusted third party. What should be implemented? Key backup Recovery agent Key escrow Dual keys
Key escrow Key escrow is the process of entrusting the keys to a third party. Key escrow provides a system for recovering encrypted data even if the users lose private keys. The following do not necessarily use trusted third parties: - A recovery agent, usually an administrator can decrypt the data the soonest. A recovery agent allows a company to maintain access to encrypted resources when employee turnover is high. A recovery agent stores information with a trusted agent to decrypt data at a later date, even if the user destroys the keyA data recovery agent (DRA) is a Microsoft Windows user who has been granted the right to decrypt data that was encrypted by other users. The assignment of DRA rights to an approved individual provides an IT department with a way to unlock encrypted data in case of an emergency. Data Recovery Agents can be defined at the domain, site, organizational unit or local machine level. In a small to mid-sized business, the network administrator is often the designated DRA. - Key backup could be stored locally and/or offsite, but usually does not involve a third party. Dual keys are a different concept. One key pair is used for digital signatures and is not backed up, so as to provide strong non-repudiation. A second key pair is used for encryption and is backed up so a corrupted or lost key can be recovered.
Which of the following are responsibilities of the certificate authority (CA) that cannot be outsourced? (Choose all that apply.) Key generation Maintaining the CRL Key recovery Key escrow Identity proofing
Key generation Maintaining the CRL The CA is responsible for generating and issuing keys and for assuring their continued validity by maintaining the Certificate Revocation list (CRL.) The CA might outsource identify proofing of potential customers to a registration authority. The CA might also outsource key escrow and key recovery to a third-party key escrow company. Key escrow is an arrangement in which the keys needed to decrypt encrypted data are held in escrow so that, under certain circumstances, an authorized third party may gain access to those keys. These third parties may include businesses, who may want access to employees' private communications, or governments, who may wish to be able to view the contents of encrypted communications. More importantly, key escrow systems are used to ensure that there is a backup of the cryptographic key in case the parties with access to key lose the data through a disaster or malicious intent.
Which of the following enables an attacker to float a domain registration for a maximum of five days? Kiting DNS poisoning Domain hijacking Spoofing
Kiting
A dedicate network device that can help to evenly distribute work across a network.
Load Balancer
Which of the following is a form of delayed-execution virus?
Logic Bomb
Dumpster Diving
Looking through someones trash for information.
A means to mitigate broadcast storms using the IEEE 802.1d standard spanning-tree algorithm (STA).
Loop Prevention
You receive complaints about network connectivity being disrupted. You suspect that a user connected both ends of a network cable to two different ports on a switch. What can be done to prevent this? Loop Protection DMZ VLAN segregation Port forwarding
Loop Protection
A malicious insider is accused of stealing confidential data from your organization. What is the best way to identify the insider's computer? IP address MAC address Computer name NetBIOS name
MAC address
Which of these is a vulnerability of MAC address filtering? Not all operating systems support MACs. The user must enter the MAC. MAC addresses are initially exchanged unencrypted. APs use IP addresses instead of MACs.
MAC addresses are initially exchanged unencrypted.
Which of the choices identifies an attack that intercepts communications between a browser and the host security system?
MITB
A replay attack is a variation of this attack type.
MITM
What type of attack intercepts legitimate communication and forges a fictitious response to the sender?
MITM
What type of attack intercepts legitimate communication and forges a fictitious response to the sender? SIDS interceptor MITM SQL intrusion
MITM
A system that monitors emails for unwanted content and prevents these messages from being delivered.
Mail Gateway
Which of the following are responsibilities of the certificate authority (CA) that cannot be outsourced? (Choose all that apply.)
Maintaining the CRL Key generation
What type of attack involves manipulating third-party ad networks? Session advertising Malvertising Clickjacking Directory traversal
Malvertising
Worms
Malware that self-replicates. Doesn't need you to do anything. Uses the network as a transmission medium.
Which attack intercepts communications between a web browser and the underlying computer? Man-in-the-middle (MITM) Man-in-the-browser (MITB) Replay ARP poisoning
Man-in-the-browser (MITB)
Which three methods can you use to configure RemoteApp and Desktop Connections with the URL of the web feed? (Choose all that apply.)
Manually enter the URL during configuration Configure a Group Policy Object with the correct URL Create a TXT record in DNS that includes the RRl and have users enter their email address during configuration
Weak security update distribution
Many software products lack a means to distribute security updates in a timely fashion.
Which type of password attack is a more targeted brute force attack that uses placeholders for characters in certain positions of the password?
Mask attack
A device that converts media data from one format to another.
Media Gateway
False Positive
Might occur when the scanner can read only the configuration information from service banners. Another example is when the scanner reads the banner and detects the version of SSH that is installed, but can't detect the patch level or the operating system
Improperly Configured Accounts
Misconfiguration is commonly seen in accounts that are set up for a user that provide more access then is necessary, such as providing total access over the entire device when the access should be more limited.
RootKit
Modifies the kernel of the OS. You won't see it in task manager because it's invisible.
Improperly configured accounts
More likely a process rather than technical issue, improperly configured accounts can give users much higher access privileges than their jobs require.
Which of these is NOT a reason why users create weak passwords?
Most sites force users to create weak passwords even though they do not want to
What is a token system that requires the user to enter the code along with a PIN called?
Multifactor authentication system
A DDoS attack can be best defined as what? Privilege escalation Multiple computers attacking a single server A computer placed between a sender and receiver to capture data Overhearing parts of a conversation
Multiple computers attacking a single server
Which of these hides an entire network of IP addresses? SPI NAT SSH FTP
NAT
A technique that examines the current state of a system or network device before it can connect to the network.
Network Access Control (NAC)
A technique that allows private IP addresses to be used on the public Internet.
Network Address Translation (NAT)
A technology that watches for attacks on the network and reports back to a central device.
Network Intrusion Detection System (NIDS)
A technology that monitors network traffic to immediately react to block a malicious attack.
Network Intrusion Prevention System (NIPS)
Which device watches for attacks and sounds an alert only when one occurs? a. Firewall b. Network intrusion detection system (NIDS) c. Network intrusion prevention system (NIPS) d. Proxy intrusion device
Network intrusion detection system (NIDS)
A firewall that functions at the OSI Network layer (Layer 3).
Network-Based Firewall
Ilya has been asked to recommend a federation system technology that is an open source federation framework that can support the development of authorization protocols. Which of these technologies would he recommend?
OAuth
What are some common symptoms of RAID array failures? (Choose all that apply.)
OS not found / Drive not recognized /Failure to boot
What are some common systems of RAID array failures? (Choose all that apply.)
OS not found, drive not recognized, and failure to boot
Race Conditions
Occur when there is a delay between an application checking a value and updating the value. The time between sending 100 dollars and when your account hits 0, attackers will try to exploit the delay to benefit them with a few extra hundred and make the account go into the negatives.
System Sprawl and undocumented assets
Occurs when an organization has more systems than it needs, and systems it owns are underutilized. Asset management begins before the hardware is purchased and helps prevent system sprawl by evaluating the purchase.
Zero Day
Often an attacker may find a vulnerability and initiate an attack taking advantage of it even before users or security professionals are aware of the vulnerability.
Vulnerable Business Processes
Often attacks are successful not because of compromised technology but because of the manipulation of processes that an enterprise performs
Kyle asked his supervisor which type of computing model was used when the enterprise first started. She explained that the organization purchased all the hardware and software necessary to run the company. What type of model was she describing to Kyle? a. Virtual services b. Off-premises c. On-premises d. Hosted services
On-premises
Francisco was asked by a student intern to explain the danger of a MAC flooding attack on a switch. What would Francisco say?
Once the MAC address table is full the switch functions like a network hu
Francisco was asked by a student intern to explain the danger of a MAC flooding attack on a switch. What would Francisco say?
Once the MAC address table is full the switch functions like a network hub.
Francisco was asked by a student intern to explain the danger of a MAC flooding attack on a switch. What would Francisco say? a. Once the MAC address table is full the switch functions like a network hub. b. A MAC flooding attack with filter to the local host computer's MAC-to-IP address tables and prevent these hosts from reaching the network. c. In a defense of a MAC flooding attack network routers will freeze and not permit any incoming traffic. d. A MAC flooding attack will prevent load balances from identifying the correct VIP of the servers.
Once the MAC address table is full the switch functions like a network hub.
Botnet
Once your machine is infected, it becomes a bot. Can come through a trojan. Bad guys send a chain of commands and all botnets will respond on any system infected.
Which of the following is true regarding cloud storage?
One may not have control over how exactly the data is safeguarded.
Replay
One place we saw a lot of problems with replay attacks was when we were using WEP encryption on our wireless networks.
____________ performs a real-time lookup of a digital certificate's status.
Online Certificate Status Protocol (OCSP)
Which of these is NOT a risk when a home wireless router is not securely configured? Only a small percentage of the total traffic can be encrypted. Malware can be injected into a computer connected to the WLAN. User names, passwords, credit card numbers, and other information sent over the WLAN could be captured by an attacker. An attacker can steal data from any folder with file sharing enabled.
Only a small percentage of the total traffic can be encrypted
Improper Error Handling
Other software may not properly trap an error condition and thus provide an attacker with underlying access to the system.
An intrusion detection system (IDS) that uses an independent and dedicated channel to reach the device.
Out-of-Band IDS
Which of these Wi-Fi Protected Setup (WPS) methods is vulnerable? NFC method Push-Button method piconet method PIN method
PIN method
Which of the following cloud computing services offers easy-to-configure operating systems? SaaS IaaS PaaS VM
PaaS
Connecting a mobile device as a peripheral to an infected computer could allow malware to be sent to that device.
Paavo was reviewing a request by an executive for a new subnotebook computer. The executive said that he wanted USB OTG support and asked Paavo's opinion regarding its security. What would Paavo tell him about USB OTG security?
Wireless carriers are reluctant to provide firmware OTA updates because of the bandwidth it consumes on their wireless networks.
Pakpao has been asked to provide research regarding a new company initiative to add Android smartphones to a list of approved devices. One of the considerations is how frequently the smartphones receive firmware OTA updates. Which of the following reasons would Pakpao NOT list in his report as a factor in the frequency of Android firmware OTA updates?
An intrusion detection system (IDS) that is connected to a port on a switch in which data is fed to it.
Passive IDS
Those who implement and properly use security products to protect data
People
Authority
People tend to have more trust in things that are endorsed by people that they trust. "I'm the CEO calling"
A network access control (NAC) agent that resides on end devices until uninstalled.
Permanent NAC Agent
Which of the following MAINLY applies to email that appears to be sent from a legitimate business?
Phishing
Isolating the network so that it is not accessible by outsiders.
Physical Network Segregation
Which of the following should NOT be stored in a secure password database?
Plaintext password
You are reviewing browser additions. Which choice describes browser functionality that supports music and video content in different browsers?
Plug-in
Which of the following adds new functionality to the web browser so that users can play music, view videos, or display special graphical images within the browser?
Plug-ins
Which of the following adds new functionality to the web browser so that users can play music, view videos, or display special graphical images within the browser? Extensions Scripts Plug-ins Add-ons
Plug-ins
plans and policies established by an organization to ensure that people correctly use the products
Policies and Procedures
John needs to install a web server that can offer SSL-based encryption. Which of the following ports is required for SSL transactions? Port 80 inbound Port 80 outbound Port 443 inbound Port 443 outbound
Port 443 inbound
Don must configure his firewall to support TACACS+. Which port(s) should he open on the firewall? Port 53 Port 49 Port 161 Port 22
Port 49
Catriona needed to monitor network traffic. She did not have the resources to install an additional device on the network. Which of the following solutions would meet her needs? a. Network tap b. Port mirroring c. Aggregation switch d. Correlation engine
Port Mirroring
A flood guard technology that restricts the number of incoming MAC addresses for a port.
Port Security
An earlier mail system responsible for incoming mail.
Post Office Protocol (POP)
Which of the following are major consideration when installing and configuring printers? (Choose all that apply).
Printer sharing Print device sharing Use appropriate printer drivers for a given operating system
Each of the following accounts should be prohibited EXCEPT:
Priviledged accouts
Newton is concerned that attackers could be exploiting a vulnerability in software to gain access to resources that the user normally would be restricted from accessing. What type of attack is he worried about?
Privilege escalation
Newton is concerned that attackers could be exploiting a vulnerability in software to gain access to resources that the user normally would be restricted from accessing. What type of attack is he worried about? Privilege escalation Session replay Scaling exploit Amplification
Privilege escalation
What kind of attack is performed by an attacker who takes advantage of the inadvertent and unauthorized access built through three succeeding systems that all trust one another? Privilege escalation Cross-site attack Horizontal access attack Transverse attack
Privilege escalation
Form the security around the data. May be as basic as door locks or as complicated as network security equipment
Products
Program Viruses
Program with virus attached to it.
Which of the following CANNOT be used to hide information about the internal network? a. Network address translation (NAT) b. Protocol analyzer c. Subnetter d. Proxy server
Protocol analyzer
Which of these is not a DoS attack? SYN flood DNS amplification Smurf attack Push flood
Push flood
Your organization uses VoIP. Which of the following should be performed to increase the availability of IP telephony by prioritizing traffic? NAT QoS NAC Subnetting
QoS
Which Remote Desktop Services role can users sign in to for access to RemoteApps and virtual desktops?
RD Web Access
What is a difference between NFC and RFID? NFC is based on wireless technology while RFID is not. RFID is faster than NFC. NFC devices cannot pair as quickly as RFID devices. RFID is designed for paper-based tags while NFC is not.
RFID is designed for paper-based tags while NFC is not
Adabella was asked by her supervisor to adjust the frequency spectrum settings on a new AP. She brought up the configuration page and looked through the different options. Which of the following frequency spectrum settings would she NOT be able to adjust? Frequency band RFID spectrum Channel width Channel selection
RFID spectrum
Which of the following are measures for achieving availability? (Choose all that apply.)
Redundancy, Fault tolerance, and Patching
Which action cannot be performed through a successful SQL injection attack? Discover the names of different fields in a table Reformat the web application server's hard drive Display a list of customer telephone numbers Erase a database table
Reformat the web application server's hard drive
Which tools or methods can you use to import a .reg file? (Choose all that apply.)
Registry Editor (regedit) reg.exe Double-click the .reg file in File Explorer
Administrative Controls
Regulating the Human factors of security.
A user-to-LAN VPN connection used by remote users.
Remote Access VPN
When is a system image backup more useful?
Replacing a failed hard drive
What is the best definition for ARP? Resolves IP addresses to DNS names Resolves IP addresses to hostnames Resolves IP addresses to MAC addresses Resolves IP addresses to DNS addresses
Resolves IP addresses to MAC addresses
A proxy that routes requests coming from an external network to the correct internal server.
Reverse Proxy
A scheduling protocol rotation that applies to all devices equally.
Round-Robin
A device that can forward packets across computer networks.
Router
Isabella is a security support manager for a large enterprise. In a recent meeting, she was asked which of the standard networking devices already present on the network could be configured to supplement the specific network security hardware devices that were recently purchased. Which of these standard networking devices would Isabella recommend? a. Router b. Hub c. Virtual private network d. SIEM device
Router
Which of the following protocols allow for the secure transfer of files? (Select the best two answers.) SNMP SFTP TFTP SCP ICMP
SFTP, SCP
A SIEM feature that combines data from multiple data sources (network security devices, servers, software applications, etc.) to build a comprehensive picture of attacks.
SIEM Aggregation
A SIEM feature that can inform security personnel of critical issues that need immediate attention.
SIEM Automated Alerting and Triggers
A SIEM feature that searches the data acquired through SIEM aggregation to look for common characteristics, such as multiple attacks coming from a specific source.
SIEM Correlation
A SIEM feature that can help filter the multiple alerts into a single alarm.
SIEM Event Duplication
A SIEM feature that records events to be retained for future analysis and to show that the enterprise has complied with regulations.
SIEM Logs
A SIEM feature that can show the order of the events.
SIEM Time Synchronization
You have three e-mail servers. What is it called when one server forwards e-mail to another? SMTP relay Buffer overflows POP3 Cookies
SMTP relay
Which of the following is the best option if you are trying to monitor network devices? SNMP Telnet FTPS IPsec
SNMP
Which version of Simple Network Management Protocol (SNMP) is considered the most secure? a. SNMPv2 b. SNMPv3 c. SNMPv4 d.SNMPv5
SNMPv3
What is a secure way to remotely administer Linux systems?
SSH
A separate device that decrypts SSL traffic.
SSL Decryptor
Which of these is considered the weakest cryptographic transport protocol?
SSL v2.0
A separate hardware card that inserts into a web server that contains one or more co-processors to handle SSL/TLS processing.
SSL/TLS Accelerator
Which of the following misuses the TCP handshake process? Man-in-the-middle attack SYN attack WPA attack Replay attack
SYN attack
Which of the following are characteristics of spyware? (Choose all that apply.)
Secretly collects information about users / Negatively affects confidentiality / Negatively affects availably / Tracking cookies and browser history can be used by spyware / It is greyware
What is the recommended secure protocol for voice and video applications? a. Secure Real-time Transport Protocol (SRTP) b. Hypertext Transport Protocol Secure (HTTPS) c. Network Time Protocol (NTP) d. Secure/Multipurpose Internet Mail Extensions (S/MIME)
Secure Real-time Transport Protocol (SRTP)
____________ is a protocol for securely accessing a remote computer.
Secure Shell (SSH)
availability
Security actions that ensure that data is accessible to authorized users.
competitors
Security actions that ensure that only authorized parties can view the information.
confidentiality
Security actions that ensure that only authorized parties can view the information.
integrity
Security actions that ensure that the information is correct and no unauthorized person or malicious software has altered the data.
A product that consolidates real-time monitoring and management of security information with analysis and reporting of security events.
Security and Information Event Management (SIEM)
administrative controls
Security controls for developing and ensuring that policies and procedures are carried out; regulating the human factors of security.
Lack of Vendor Support
Security requires diligence. The potential for a vulnerability is always there.
Insiders
Serious threat to an enterprise comes from its own employees, contractors, and business partners.
If a person takes control of a session between a server and a client, it is known as what type of attack?
Session hijacking
____________ are symmetric keys to encrypt and decrypt information exchanged during the session and to verify its integrity.
Session keys
Which PowerShell cmdlet is used to modify a registry key value?
Set-ItemProperty
Shoulder Surfing
Shoulder Surfing: the practice of spying on the user of an ATM, computer, or other electronic device in order to obtain their personal access information.
A monitoring technique used by an intrusion detection system (IDS) that examines network traffic to look for well-known patterns and compares the activities against a predefined signature.
Signature-Based Monitoring
A. Obscurity
Signe wants to improve the security of the small business where she serves as a security manager. She determines that the business needs to do a better job of not revealing the type of computer, operating system, software, and network connections they use. What security principle does Signe want to use? A. Obscurity B. Layering C. Diversity D. Limiting
An earlier email system that handles outgoing mail.
Simple Mail Transfer Protocol (SMTP)
Using one authentication credential to access multiple accounts or applications is known as _______.
Single sign-on
A VPN connection in which multiple sites can connect to other sites over the Internet.
Site-to-Site VPN
Which of the following is NOT a means used by an attacker to do reconnaissance on a network? Smurf attack Port scan attack DNS footprinting Christmas tree attack TCP/IP Stack fingerprinting Banner grabbing
Smurf attack
Race Condition
Software occurs when two concurrent threads of execution access a shared resource simultaneously, resulting in unintended consequences.
improper input handling
Software that allows the user to enter data but does not validate or filter user input to prevent a malicious action.
Improper Input Handling
Software that allows the user to enter data but has features does not filter or validate user input to prevent a malicious action.
improper error handling
Software that does not properly trap an error condition and provides an attacker with underlying access to the system.
hypervisor
Software that manages virtual machine operating systems.
WPS
Some access points have a WPS button on the front. So if you can walk right up to the access point you may easily be on the network. As if these problems weren't enough, in summer of 2014 a new attack against WPS was found. This one's called Pixie Dust.
Weak Configuration
Some devices have options that provide limited security choices.
Lack of Vender Support
Some devices, particularly consumer devices, have no support from the company that made the device. This means that no effort is made to fix any vulnerabilities that are found.
Vendor Diversity
Some enterprises use security products provided by different manufactures.
Sophisticated
Some groups have created a massive network of resources while others are simple individuals just seeing what they can do.
End-of-Life-Systems
Some systems are so old that vendors have dropped all support for security updates, or else charge an exorbitant fee to provide updates.
A VPN technology in which only some traffic is sent to the VPN concentrator and is protected while other traffic directly accesses the Internet.
Split Tunneling
Raul was asked to configure the VPN to preserve bandwidth. Which configuration would he choose? a. Split tunnel b. Full tunnel c. Narrow tunnel d. Wide tunnel
Split tunnel
Raul was asked to configure the VPN to preserve bandwidth. Which configuration would he choose?
Split tunnel
Making data appear as if it is coming from somewhere other than its original source is known as what?
Spoofing
What attack involves impersonating another device? Spimming Pharming Spoofing Spearing Phishing
Spoofing Spoofing involves impersonating another device or user for launching attack. A popular way to achieve this is through creating IP packets using someone else's IP address.
Which of the following is usually bundled as a hidden component of a freeware?
Spyware
Nation State Actors
State sponsored attackers employed by a government for launching computer attacks against foes.
nation state actors
State-sponsored attackers employed by a government for launching computer attacks against foes.
A firewall that keeps a record of the state of a connection between an internal computer and an external device and then makes decisions based on the connection as well as the conditions.
Stateful Packet Filtering
Which is the most secure type of firewall? a. Stateless packet filtering b. Stateful packet filtering c. Network intrusion detection system replay d. Reverse proxy analysis
Stateful packet filtering
A firewall that looks at the incoming packet and permits or denies it based on the conditions that have been set by the administrator.
Stateless Packet Filtering
Which of the following statements best describes a static NAT? Static NAT uses a one-to-one mapping Static NAT uses a many-to-many mapping Static NAT uses a one-to-many mapping Static NAT uses a many-to-one mapping
Static NAT uses a one-to-one mapping
Keyloggers
Stores your keystrokes. Can store screenshot info. Usually installed with malware. Keep your signatures updated
Architecture/Design Weaknesses
Successful attacks are often the result of software that is poorly designed.
Eachna is showing a new security intern the log file from a firewall. Which of the following entries would she tell him do not need to be investigated? a. Suspicious outbound connections b. IP addresses that are being rejected and dropped c. Successful logins d. IP addresses that are being rejected and dropped
Successful logins
A device that connects network segments and forwards only frames intended for that specific device or frames sent to all devices.
Switch
You want to reduce network traffic on a particular network segment to limit the amount of user visibility. Which of the following is the best device to use in this scenario? Switch Hub Router Firewall
Switch
end-of-life system
System for which vendors have dropped all support for security updates due to the system's age.
Which of these is the most secure protocol for transferring files? a. FTPS b. SFTP c. TCP d. FTP
TCP
Which of the following is an example of a nonessential protocol? DNS ARP TCP TFTP
TFTP
C. Vulnerable business processes
Tatyana is discussing with her supervisor potential reasons why a recent attack was successful against one of their systems. Which of the following configuration issues would NOT covered? A. Default configurations B. Weak configurations C. Vulnerable business processes D. Misconfigurations
WPA replaces WEP with _____. Temporal Key Integrity Protocol (TKIP) Cyclic Redundancy Check (CRC) Message Integrity Check (MIC) WPA2
Temporal Key Integrity Protocol (TKIP)
Which of these is NOT used in scheduling a load balancer? a. The IP address of the destination packet b. Data within the application message itself c. Round-robin d. Affinity
The IP address of the destination packet
Which of these is NOT used in scheduling a load balancer?
The IP address of the destination packet
Man-In-The-Brow
The Man-in-the-Browser attack is the same approach as Man-in-the-middle attack, but in this case a Trojan Horse is used to intercept and manipulate calls between the main application's executable (ex: the browser) and its security mechanisms or libraries on-the-fly.
NFC
The Near Field Communication (NFC) is a set of standards for mobile devices designed to establish radio communication with each other by being touched together or brought within a short distance.
Session Hijacking
The Session Hijacking attack consists of the exploitation of the web session control mechanism, which is normally managed for a session token
Escalation of Privilege
The act of exploiting a bug, design flaw or configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user.
DNS poisoning
The code for DNS cache poisoning is often found in URLs sent via spam emails.
Initial Exploitation
The exploitation phase of a penetration test focuses soley on establishing access to a system or resource by bypassing security restrictions.
Vulnerability
The hole in the fencing, which is a flaw or a weakness that allows a threat actor to bypass security.
External
The location outside an enterprise in which some threat actors perform.
external
The location outside an enterprise in which some threat actors perform.
Internal
The location within an enterprise in which some threat actors perform.
internal
The location within an enterprise in which some threat actors perform.
default configurations
The out-of-the-box security configuration settings.
Intent and Motivation
The reasoning behind attacks made by threat actors.
intent and motivation
The reasoning behind attacks made by threat actors.
system sprawl
The widespread proliferation of devices across an enterprise.
System Sprawl
The widespread proliferation of devices across the enterprise.
RFID
There are a number of attacks associated with RFID technologies. One is a simple data capture. If you can sit in the middle of that wireless communication, you can view what's going back and forth between the RFID tag.
Which of the following are reasons that an APIPA address might be obtained? (Choose all that apply).
There is no DHCP server The DHCP server is shutdown There are no available leases The DHCP relay agent is not working The router is not RFC1542 compliant
IV
There were a number of technological challenges that really created this issue for us with 802.11 WEP. One was that the federal government of the United States said, you can't do heavy encryption on these wireless networks
Advanced Persist ant Threat (APT)
These attacks use innovative attack tools and once a system is infected it silently extracts data over an extended period.
Why are extensions, plug-ins, and add-ons considered to be security risks?
They have introduced vulnerabilities in browsers.
Why are extensions, plug-ins, and add-ons considered to be security risks? They are written in Java, which is a weak language. They have introduced vulnerabilities in browsers. They use bitcode. They cannot be uninstalled.
They have introduced vulnerabilities in browsers.
Intimidation
They might say that bad things will happen if you don't help "If you don't reset my password, I will call your supervisor."
1234
This PIN is used by well over 10% of ATM users in a recent survey of banks limiting the codes to 4 digits.
Integrity
This ensures that the information is correct and no unauthorized person or malicious software has altered the data.
Threat Actor
This is a person or element that has the power to carry out a threat.
BlueJacking
This is the practice of sending unsolicited messages to nearby Bluetooth devices. Bluejacking messages are typically text, but can also be images or sounds
White Box
This testing goes by several different names including (clear box, open box, auzilary and logic driven test) The main challenge with white-box testing is sifting through the massive amount of data available to identify potential points of weakness.
organized crime
Threat actors that are moving from traditional organized criminal activities to more rewarding and less risky online attacks
Organized Crime
Threat actors that are moving from traditional organized criminal activities to more rewarding and less risky online attacks.
sophisticated
Threat actors that have developed a high degree of complexity.
Competitors
Threat actors that launch attack against an opponents system to steal classified information.
Viruses, botnets, social engineering, and drive-by-downloads and other methods used to attack a target are best described as which of the following?
Threat vectors
What is the basis of an SQL injection attack? To expose SQL code so that it can be examined To have the SQL server attack client web browsers To insert SQL statements through unfiltered user input To link SQL servers into a botnet
To insert SQL statements through unfiltered user input
removable media control
Tools that can be used to restrict which removable media, such as USB flash drives, can be attached to a system.
Which statement is correct regarding why traditional network security devices cannot be used to block web application attacks? The complex nature of TCP/IP allows for too many ping sweeps to be blocked. Web application attacks use web browsers that cannot be controlled on a local computer. Network security devices cannot prevent attacks from web resources. Traditional network security devices ignore the content of HTTP traffic, which is the vehicle of web application attacks.
Traditional network security devices ignore the content of HTTP traffic, which is the vehicle of web application attacks.
Which statement is correct regarding why traditional network security devices cannot be used to block web application attacks?
Traditional network security devices ignore the content of HTTP traffic, which is the vehicle of web application attacks.
A proxy that does not require any configuration on the user's computer.
Transparent Proxy
If you have a computer running a 64-bit version of Windows 10 with Client Hyper-V, it is possible to run a 16-bit Windows app in a virtual machine. True or False?
True
Office 365 ProPlus never receives updates through Windows Update. True or False?
True
You can use a 32-bit version of Windows 10 to run legacy Win16 apps. True or False?
True
Packet sniffing can be helpful in detecting rogues. True False
True It is technically possible to detect rogues by using wireless sniffing tools to capture information regarding access points within range. Packet sniffing can be helpful in detecting rogues.
Which type of hypervisor does not run on an underlying operating system? a. Type I b. Type II c. Type III d. Type IV
Type 1
Threat
Type of action that has the potential to cause harm.
A system administrator wants to improve the security of a Windows Vista-based system by preventing unauthorized or accidental changes from occurring on the system. Which feature of the operating system will help the administrator accomplish this task?
UAC
What kind of attack is it when the packets sent do not require a synchronization process and are not connection-oriented?
UDP attack
Attackers who register domain names that are similar to legitimate domain names are performing _____.
URL hacking
Attackers who register domain names that are similar to legitimate domain names are performing _____. address resolution HTTP manipulation HTML squatting URL hijacking
URL hijacking
A data loss prevention (DLP) technique for blocking the copying of files to a USB flash drive.
USB Blocking
Script Viruses
Uncommon. Javascript is big with script viruses.
Which of the following is a multipurpose security device?
Unified Threat Management
An integrated device that combines several security functions.
Unified Threat Management (UTM)
Which of the following is a multipurpose security device?
Unified Threat Management (UTM)
Which of the following is a multipurpose security device? a. Hardware security module b. Unified Threat Management (UTM) c. Media gateway d. Intrusion Detection/Prevention (ID/P)
Unified Threat Management (UTM)
Identify Common Misconfigurations
Unpatched Systems, Using default account credentials, Unprotected files and directories, Unused Web pages, Poorly configured network devices.
Flash cookies are a type of spyware. What are ways to clean Flash cookies? (Choose all that apply.)
Use a browser add-on / Disable Adobe Flash / Anti-malware programs
You are implementing a testing environment for the development team. They use several virtual servers to test their applications. One of these applications requires that the servers communicate with each other. However, to keep this network safe and private, you do not want it to be routable to the firewall. What is the best method to accomplish this? Use a virtual switch Remove the virtual network from the routing table Use a standalone switch Create a VLAN without any default gateway
Use a virtual switch
Misconfiguration
User devices have option that provide limited security choices.
User confusion
Users are required to make difficult security decisions with little or no instruction
Which of these is NOT a limitation of turning off the SSID broadcast from an AP? Some versions of operating systems favor a network that broadcasts an SSID over one that does not. Users can more easily roam from one WLAN to another. The SSID can easily be discovered, even when it is not contained in beacon frames, because it still is transmitted in other management frames sent by the AP. Turning off the SSID broadcast may prevent users from being able to freely roam from one AP coverage area to another.
Users can more easily roam from one WLAN to another.
untrained users
Users with little or no instruction in making security decisions.
vendor diversity
Using security products provided by different manufacturers.
Technical Controls
Using technology as a basis for controlling the access and usage of sensitive data.
technical controls
Using technology that is carried out or managed by devices as a basis for controlling the access to and usage of sensitive data.
Penetration Testing vs Vulnerability Testing:
V: Scans and searches systems for known vulnerabilities. P: test attempts to actively exploit weaknesses in an environment.
Which application stores the user's desktop inside a virtual machine that resides on a server and is accessible from multiple locations? a. Application cell b. Container c. VDE d. VDI
VDI
You have been tasked with segmenting internal traffic between layer 2 devices on the LAN. Which of the following network design elements would most likely be used? VLAN DMZ NAT Routing
VLAN
A device that aggregates hundreds or thousands of VPN connections.
VPN concentrator
Delays in security updating
Vendors are overwhelmed trying to keep pace updating their products against the latest attacks.
An IP address and a specific port number that can be used to reference different physical servers.
Virtual IP (VIP)
A technology that allows scattered users to be logically grouped together even though they may be attached to different switches.
Virtual LAN (VLAN)
A technology that enables use of an unsecured public network as if it were a secure private network.
Virtual Private Network (VPN)
Which of the following is NOT a security concern of virtualized environments? a. Virtual machines must be protected from both the outside world and from other virtual machines on the same physical computer. b. Physical security appliances are not always designed to protect virtual systems. c. Virtual servers are less expensive than their physical counterparts. d. Live migration can immediately move one virtualized server to another hypervisor.
Virtual servers are less expensive than their physical counterparts
Multipartite
Viruses that are able to use multiple methods above working together.
An attacker has targeted Corp.com's employees with voicemails that attempt to acquire sensitive information by masquerading as a trustworthy entity. Which type of attack is this?
Vishing
Identify lack of security controls
Vulnerability scanning that looks for lack of firewalls and secure passwords, antivirus, anti spyware ect
Which of these is NOT a type of wireless AP probe? wireless device probe AP probe WNIC probe dedicated probe
WNIC probe
AES-CCMP is the encryption protocol standard used in _____. IEEE 802.11 WPA NFC WPA2
WPA2
Logic Bomb
Waits for a predefined event, often left by someone with a grudge. Could be triggered by a certain action, or date.
A firewall that filters by examining the applications using HTTP.
Web Application Firewall
A network administrator is evaluating different firewalls. Which of the following firewalls provides protection from the following attacks: Denial of Service (DOS), Cross-Site Scripting (XSS), SQL injection, Cross-Site Request Forgery (CSRF), forceful browsing, cookie poisoning and invalid input?
Web application firewall (WAF)
mobile device management (MDM)
What allows a device to be managed remotely?
Group Policy
What allows for a single configuration to be set and then deployed to many or all users?
D. Regulatory
What are industry-standard frameworks and reference architectures that are required by external agencies known as? A. Compulsory B. Mandatory C. Required D. Regulatory
Wrong passcode 3 times
What criteria has to be met for you to get a picture of the person that stole your tablet?
It separates personal data from corporate data.
What does containerization do?
geofencing
What enforces the location in which an app can function by tracking the location of the mobile device?
B. When two concurrent threads of execution access a shared resource simultaneously, resulting in unintended consequences.
What is a race condition? A. When a vulnerability is discovered and there is a race to see if it can be patched before it is exploited by attackers. B. When two concurrent threads of execution access a shared resource simultaneously, resulting in unintended consequences. C. When an attack finishes its operation before antivirus can complete its work. D. When a software update is distributed prior to a vulnerability being discovered.
C. To spy on citizens
What is an objective of state-sponsored attackers? A. To right a perceived wrong B. To amass fortune over of fame C. To spy on citizens D. To sell vulnerabilities to the highest bidder
C. Brokers
What is the category of threat actors that sell their knowledge of vulnerabilities to other attackers or governments? A. Cyberterrorists B. Competitors C. Brokers D. Resource managers
geolocation
What is the process of identifying the geographical location of a mobile device?
screen lock
What prevents a mobile device from being used until the user enters the correct passcode?
Which authentication factor is based on a unique talent that a user possesses?
What you do?
lack of vendor support
When the company that made a device provides no support for the device.
Disassociation Attack
When your computer or device is continuously removing and reconnecting to a network.
Alarm will sound
When your tablet is missing, you realize that you last used it in class and had the speakers set to mute. Which result can you expect if you try to track it by playing a sound?
D. Gramm-Leach-Bliley Act (GLBA)
Which act requires banks and financial institutions to alert their customers of their policies in disclosing customer information? A. Sarbanes-Oxley Act (Sarbox) B. Financial and Personal Services Disclosure Act C. Health Insurance Portability and Accountability Act (HIPAA) D. Gramm-Leach-Bliley Act (GLBA)
Waterfall model
Which model uses a sequential design process?
Cable lock
Which of the following can be used to secure a laptop or mobile device?
B. Confidentiality
Which of the following ensures that only authorized parties can view protected information? A. Authorization B. Confidentiality C. Availability D. Integrity
Requires periodic visual inspections
Which of the following is NOT a characteristic of an alarmed carrier PDS?
Variable overflow
Which of the following is NOT a memory vulnerability?
Moisture
Which of the following is NOT a motion detection method?
Supply chains take advantage of the trusted "chain of trust" concept.
Which of the following is NOT a reason why supply chain infections are considered especially dangerous?
D. Purposes
Which of the following is NOT a successive layer in which information security is achieved? A. Products B. People C. Procedures D. Purposes
Restricting patch management
Which of the following is NOT a typical OS security configuration?
Users can disable or circumvent updates just as they can if their computer is configured to use the vendor's online update service.
Which of the following is NOT an advantage to an automated patch update service?
Barricade
Which of the following is NOT designed to prevent individuals from entering sensitive areas but instead is intended to direct traffic flow?
D. Security is a war that must be won at all costs.
Which of the following is NOT true regarding security? A. Security is a goal. B. Security includes the necessary steps to protect from harm. C. Security is a process. D. Security is a war that must be won at all costs.
Service pack
Which of the following is a cumulative package of all patches?
B. Information
Which of the following is an enterprise critical asset? A. System software B. Information C. Outsourced computing services D. Servers, routers, and power supplies
MMS
Which of the following technologies provides for pictures, video, or audio to be included in text messages?
Dynamic analysis
Which of the following types of testing uses unexpected or invalid inputs?
Public networks are faster than local networks and can spread malware more quickly to mobile devices.
Which of these is NOT a risk of connecting a mobile device to a public network?
last known good configuration
Which of these is NOT a security feature for locating a lost or stolen mobile device?
Whitelist
Which of these is a list of approved email senders?
password
Which of these is considered the strongest type of passcode to use on a mobile device?
Staging stage
Which stage is a "quality assurance" test that verifies the code functions as intended?
It monitors and controls two interlocking doors to a room.
Which statement about a mantrap is true?
physical keyboard
Which technology is NOT a core feature of a mobile device?
B. Greater sophistication of defense tools
Which the following is NOT a reason why it is difficult to defend against today's attackers? A. Delays in security updating B. Greater sophistication of defense tools C. Increased speed of attacks D. Simplicity of attack tools
B. Advanced Persistent Threat (APT)
Which tool is most commonly associated with nation state threat actors? A. Closed-Source Resistant and Recurrent Malware (CSRRM) B. Advanced Persistent Threat (APT) C. Unlimited Harvest and Secure Attack (UHSA) D. Network Spider and Worm Threat (NSAWT)
MAM
Which tool manages the distribution and control of apps?
RTOS
Which type of OS is typically found on an embedded system?
Network OS
Which type of operating system runs on a firewall, router, or switch?
Keyed entry lock
Which type of residential lock is most often used for keeping out intruders?
C. They can cause significant disruption by destroying only a few targets.
Why do cyberterrorists target power plants, air traffic control centers, and water systems? A. These targets are government-regulated and any successful attack would be considered a major victory. B. These targets have notoriously weak security and are easy to penetrate. C. They can cause significant disruption by destroying only a few targets. D. The targets are privately owned and cannot afford high levels of security.
Untrained Users
With Little or no direction to guide them.
Which attack uses the user's web browser settings to impersonate that user?
XSRF
Which attack uses the user's web browser settings to impersonate that user? XDD XSRF Domain hijacking Session hijacking
XSRF
John was explaining about an attack that accepts user input without validating it and uses that input in a response. What type of attack was he describing?
XSS
John was explaining about an attack that accepts user input without validating it and uses that input in a response. What type of attack was he describing? SQL XSS XSRF DDoS DNS
XSS
RansomWare
Your data is the most important. The bad guys want your money and the best way is if they hold your data for ransom.
RootKit Zues/Zbot
Zeus/Zbot malware is used to listen in on bank account info and use that to move the money.
Zues/Zbot
Zeus/Zbot malware is used to listen in on bank account info and use that to move the money.
In the context of Active Directory Federation Services (AD FS), what does the acronym SAN denote? a. subject alternative names b. storage area network c. subject assigned names d. service alternative names
a
Which of the following CANNOT be used to hide information about the internal network?
a protocol analyzer
What is a session token?
a random string assigned by a web server
Which of the following security domains are required in setting up Active Directory Federation Services (AD FS)? (Choose all that apply) a. resource partner b. accounts partner c. resource provider d. resource handler e. accounts provider f. accounts handler
a, b
Which of the following can be considered as examples of a claim? (choose all that apply) a. name b. email address c. alias d. user principal name (UPN) e. password
a, b, d
Tailgating
also known as "piggybacking," involves an attacker seeking entry to a restricted area which lacks the proper authentication- The attacker can simply walk in behind a person who is authorized to access the area.
Typosquatting
also known as URL hijacking, is a form of cybersquatting (sitting on sites under someone else's brand or copyright) that targets Internet users who incorrectly type a website address into their web browser (e.g., "Gooogle.com" instead of "Google.com"). When users make such a typographical error, they may be led to an alternative website owned by a hacker that is usually designed for malicious purposes.
Clickjacking
also known as a "UI redress attack", is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were intending to click on the the top level page.
Downgrade
an attacker forces a network channel to switch to an unprotected or less secure data transmission standard.
Which of the following devices can identify the application that sends packets and then makes decisions about filtering based on it?
application-based firewall
Public Key Cryptography Standards (PKCS) ____________.
are widely accepted in the industry
Weak Implementation
attack exploits implementation weaknesses, such as in software, the protocol, or the encryption algorithm.
Which of these is NOT part of the certificate life cycle?
authorization
Flavio visits a local coffee shop on his way to school and accesses its free Wi-Fi. When he first connects, a screen appears that requires him to first agree to an Acceptable Use Policy (AUP) before continuing. What type of AP has he encountered? authenticated portal captive portal rogue portal web-based portal
captive portal
A(n) ____________ is a published set of rules that govern the operation of a PKI.
certificate policy (CP)
Misconfiguration Vulnerabilities
could occur if a compenent is susceptible to attack due to an insecure configuration option.
Which of these would NOT be a filtering mechanism found in a firewall ACL rule?
date
Open System
designed using industry standards and are usually easy to integrate with other open systems is one with published APIs that allow third parties to develop products to interact with it.
The strongest technology that would assure Alice that Bob is the sender of a message is a(n) ____________.
digital certificate
The primary design of a(n) _____ is to capture the transmissions from legitimate users. Bluetooth grabber evil twin WEP rogue access point
evil twin
Closed System
generally proprietary hardware and/or software. Their specifications are not normally published, and they are usually harder to integrate with other systems. is one that is proprietary with no third‐party product support.
Which device is easiest for an attacker to take advantage of to capture and analyze packets?
hub
Which device is easiest for an attacker to take advantage of to capture and analyze packets? a. Router b. Hub c. Switch d. Load balancer
hub
Jamming
if an attacker truly wanted to compromise your LAN and wireless security, the most effective approach would be to send random unauthenticated packets to every wireless station in the network.
Which of these is NOT where keys can be stored?
in digests
International
information security framework/architectures that are worldwide.
An attacker who manipulates the maximum size of an integer type would be performing what kind of attack?
integer overflow
Which function does an Internet content filter NOT perform?
intrusion detection
Open source
is a coding stance that allows others to view the source code of a program
ARP Poisoning
is a form of attack in which an attacker changes the Media Access Control (MAC) address and attacks an Ethernet LAN by changing the target computer's ARP cache with a forged ARP request and reply packets.
Replay
is a form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed.
Shimming
is a means of injecting alternate or compensation code into a system in order to alter its operations without changing the original or existing code.
Whaling
is a method used by cybercriminals to masquerade as a senior player at an organization and directly target senior or other important individuals at an organization
Resource Exhaustion
is a simple Denial of Service condition that happens when the resources required to execute an action are entirely expended, preventing that action from occurring. Your system will probably crash.
Pointer Dereference
is a sub type of an error causing a segmentation fault. It occurs when a program attempts to read or write to memory with a Null Pointer.
access control matrix
is a table of subjects and objects that indicates the actions or functions that each subject can perform on each object assembles ACLs from multiple objects into a single table. The rows of that table are the ACEs of a subject across those objects, thus a capabilities list.
Birthday
is a type of cryptographic attack that belongs to a class of brute force attacks. It exploits the mathematics behind the birthday problem in probability theory.
Impersonation
is an attack in which an adversary successfully assumes the identity of one of the legitimate parties in a system or in a communications protocol.
Bluesnarfing:
is an attack to access information from wireless devices that transmit using the Bluetooth protocol. With mobile devices, this type of attack is often used to target the international mobile equipment identity.
Spear Phishing
is an email or electronic communications scam targeted towards a specific individual, organization or business.
Closed source
is an opposing coding stance that keeps source code confidential.
Memory Leak
is an unintentional form of emmory consumption whereby the developer fails to free an allocated block of memory when no longer needed. The consequences of such an issue depend on the application itself.
information flow model
is designed to prevent unauthorized, insecure, or restricted information flow
Default Configuration
is insecure configuration. This should be rule number one.
constrained process
is one that can access only certain memory locations
security kernel
is the collection of the TCB components that implement the functionality of the reference monitor.
security perimeter
is the imaginary boundary that separates the TCB from the rest of the system. TCB components communicate with non-TCB components using trusted paths.
reference monitor
is the logical part of the TCB that confirms whether a subject has the right to use a resource prior to granting access.
Public key infrastructure (PKI) ____________.
is the management of digital certificates
Object
is the resource a user or process wants to access.
Pivot
is the unique technique of using an instance (also referred to as a 'plant' or 'foothold') to be able to move around inside a network.
MAC Spoofing
is where the intruder sniffs the network for valid MAC addresses and attempts to act as one of the valid MAC addresses. The intruder then presents itself as the default gateway and copies all of the data forwarded to the default gateway without being detected
A replay attack _____.
makes a copy of the transmission for use at a later time
A replay attack _____. can be prevented by patching the web browser is considered to be a type of DoS attack makes a copy of the transmission for use at a later time replays the attack over and over to flood the server
makes a copy of the transmission for use at a later time
What type of attack involves manipulating third-party ad networks?
malvertising
Which attack intercepts communications between a web browser and the underlying computer?
man-in-the-browser (MITB)
security capabilities of information systems
memory protection, virtualization, and Trusted Platform Module (TPM).
Which technology is predominately used for contactless payment systems? near field communication (NFC) Radio Frequency ID (RFID) wireless local area network (WLAN) Bluetooth
near field communication (NFC)
Which device watches for attacks and sounds an alert only when one occurs?
network intrusion detection system (NIDS)
???
ok
Domain Hijacking
or domain theft is the act of changing the registration of a domain name without the permission of its original registrant, or by abuse of privileges on domain hosting and registrar software systems.
Which compatibility issues can be fixed for an app by using the capabilities includes in Windows 10? (Choose all that apply.)
poor display quality on full screen when the screen resolution is 1920 X 1024 required to right-click and run as administrator odd colors when the color depth is greater than 16-bit
What kind of attack is performed by an attacker who takes advantage of the inadvertent and unauthorized access built through three succeeding systems that all trust one another?
privilege escalation
What can be deployed to intercept and log network traffic passing through the network? event viewers NIDSs protocol analyzers proxy catchers NIPSs
protocol analyzers Packet sniffers are protocol analyzers that can be deployed to intercept and log network traffic passing through the network.
Which of these is NOT a DoS attack?
push flood
Which action cannot be performed through a successful SQL injection attack?
reformat the web application server's hard drive
DNSSEC adds additional and message header information, which can be used to verify that the requested data has not been altered in transmission. a. resource records b. field flags c. hash sequences d. zone transfers
resource records
Confinement
restricts a process to reading from and writing to certain memory locations
Isabella is a security support manager for a large enterprise. In a recent meeting, she was asked which of the standard networking devices already present on the network could be configured to supplement the specific network security hardware devices that were recently purchased. Which of these standard networking devices would Isabella recommend?
router
Which ACT tool is used to deploy compatibility fixes to computers?
sdbinst.exe
In order to ensure a secure cryptographic connection between a web browser and a web server, a(n) ____________ would be used.
server digital certificate
Which is the most secure type of firewall?
stateful packet filtering
DNS poisoning _____.
substitutes DNS addresses so that the computer is automatically redirected to another device
DNS poisoning _____. floods a DNS server with requests until it can no longer respond is rarely found today due to the use of host tables substitutes DNS addresses so that the computer is automatically redirected to another device is the same as ARP poisoning
substitutes DNS addresses so that the computer is automatically redirected to another device
Phishing
the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.
Bounds
the limits of memory a process cannot exceed when reading or writing
Isolation
the mode a process runs in when it is confined through the use of memory bounds.
Accreditation
the process of formal acceptance of a certified configuration from a designated authority.
Declassification
the process of moving an object into a lower level of classification once it is determined that it no longer justifies being placed at a higher level. Only trusted subjects can perform declassification because this action is a violation of the verbiage of the star property of Bell‐LaPadula, but not the spirit or intent, which is to prevent unauthorized disclosure.
Certification
the technical evaluation of each part of a computer system to assess its concordance with security standards.
Subject
the user or process that makes a request to access a resource
A digital certificate associates ____________.
the user's identity with his public key
The ___________-party trust model supports CA.
third
Scarcity
to create a feeling of urgency in a decision making context. "I can't waste time here."
What is the basis of an SQL injection attack?
to insert SQL statements through unfiltered user input
Digital certificates can be used for each of these EXCEPT ____________.
to verify the authenticity of the Registration Authorizer
Security Controls
use access rules to limit the access by a subject to an object
TCSEC Classes
verified protection, mandatory protection, discretionary protection, minimal protection
without permission
без разрешения
introduce a policy
ввести политику
compromised
взломанный
fill in information
вносить информацию
log into
войти (в систему)
access the Internet
выйти в интернет
in other words
другими словами
reliant on
зависимый от
register with a website
зарегистрироваться на сайте
protect data
защищать данные
cyberattack on a business
кибератака против бизнеса
behaviour towards colleagues
поведение по отношению к коллегам
understanding of online security
понимание онлайн безопасности
check for viruses
проверить на наличие вирусов
follow rules
следовать правилам
cost-saving
требующий меньших издержек
confident about
уверенный в
vulnerable to
уязвимый к
thumb drive
флешка
encrypt files
шифровать файлы
reference architectures
"Supporting structures" for implementing security; also called industry-standard frameworks.
industry-standard frameworks
"Supporting structures" for implementing security; also called reference architectures.
Industry-Standard Frameworks
"supporting structures" for implementing security.
Which versions of .NET Framework are included with Windows 10? (Choose all that apply.)
.NET Framework 3.5 .NET Framework 4.6
Which types of apps can be deployed by using Configuration Manager? (Choose all that apply.)
.msi .appx .NET Framework
Which RAID types would use a minimum of four hard drives? (Choose all that apply).
10 / 6 / 51
Which RAID types would use a minimum of four hard drives? (Choose all that apply).
10 and 6
Your network uses the subnet mask 255.255.255.224. Which of the following IPv4 addresses are able to communicate with each other? (Select the two best answers.) 10.36.36.126 10.36.36.158 10.36.36.166 10.36.36.184 10.36.36.224
10.36.36.166, 10.36.36.184
From the list of ports, select the two that are used for e-mail. 110 3389 143 389
110, 143
Which of the following is a private IPv4 address? 11.16.0.1 127.0.0.1 172.16.0.1 208.0.0.1
172.16.0.1
Which port number is ultimately used by SCP?
22
For a remote tech to log in to a user's computer in another state, what inbound port must be open on the user's computer? 21 389 3389 8080
3389
Which TCP port does LDAP use?
389
Your organization wants to implement a secure e-mail system using the POP3 and SMTP mail protocols. All mail connections need to be secured with SSL. Which of the following ports should you be using? (Select the two best answers.) 25 110 143 465 993 995
465, 995
What will be the available drive space in a RAID 5 configured system with 3 250GB hard drives?
500 GB
What will be the available drive space in a RAID 5 configured system with 3 250GB hard drives? 750 GB 500 GB 250 GB 1 TB
500 GB
Which RAID types would use a minimum of four hard drives? (Choose all that apply). 10 6 5 51 0 1
51 6 10 RAID 0 stripes two or more hard drives. RAID 1 mirrors two hard drives. RAID 5 is disk striping with parity and it uses three or more hard drives. RAID 1+0 (RAID 10) is disk mirroring with stripping. It typically uses four hard drives. RAID 6 is disk striping with two parity disks. It uses four or more disk drives. RAID 5+1 (RAID 51) is mirrored RAID 5. It takes six or more disks.
Which port number does the Domain Name System use?
53
Which RAID types would use a minimum of four hard drives? (Choose all that apply).
6 10 51
Which of the following ports is used by Kerberos by default? 21 80 88 443
88
Which of the following is NOT one of the functions of Layer 2 switching? A. Separation of broadcast domains B. Loop avoidance C. Forwarding/filtering decision D. Address learning
A
Data Execution Prevention (DEP)
A Microsoft Windows feature that prevents attackers from using buffer overflow to execute malware.
What is the difference between a network intrusion detection system (NIDS) and a network intrusion prevention system (NIPS)? a. A NIDS provides more valuable information about attacks. b. There is no difference; a NIDS and a NIPS are equal. c. A NIPS can take actions more quickly to combat an attack. d. A NIPS is much slower because it uses protocol analysis.
A NIPS can take actions more quickly to combat an attack.
What is the difference between a network intrusion detection system (NIDS) and a network intrusion prevention system (NIPS)?
A NIPS can take actions more quickly to combat an attack.
trusted computing base (TCB)
A TCB is the combination of hardware, software, and controls that form a trusted base that enforces the security policy
FTP Secure (FTPS)
A TCP/IP protocol that uses Secure Sockets Layer or Transport Layer Security to encrypt commands sent over the control port (port 21) in an FTP session.
URL Hijacking
A URL hijack is when you think you're going to one website and you end up going to a completely different one. And the URLs may look very similar or they actually might be very different.
Ximena noticed that Sofia had created a network bridge on her new laptop between the unsecured wireless network and the organization's secure intranet. Ximena explained to Sofia the problem associated with setting up the bridge. What did Ximena tell Sofia?
A bridge could permit access to the secure wired network from the unsecured wireless network
Ximena noticed that Sofia had created a network bridge on her new laptop between the unsecured wireless network and the organization's secure intranet. Ximena explained to Sofia the problem associated with setting up the bridge. What did Ximena tell Sofia? a. A bridge will block packets between two different types of networks. b. A bridge cannot be used on any Internet connection. c. A bridge would block packets from reaching the Internet. d. A bridge could permit access to the secure wired network from the unsecured wireless network.
A bridge could permit access to the secure wired network from the unsecured wireless network.
Ximena noticed that Sofia had created a network bridge on her new laptop between the unsecured wireless network and the organization's secure intranet. Ximena explained to Sofia the problem associated with setting up the bridge. What did Ximena tell Sofia?
A bridge could permit access to the secure wired network from the unsecured wireless network.
Infrastructure as a Service (IaaS)
A cloud computing model in which customers have the highest level of control and can deploy and run their own software.
public cloud
A cloud in which the services and infrastructure are offered to all users with access provided remotely through the Internet.
Platform as a Service (PaaS)
A cloud service in which consumers can install and run their own specialized applications on the cloud computing network.
Cloud storage
A cloud system that has no computational capabilities but provides remote file storage.
private cloud
A cloud that is created and main- tained on a private network.
community cloud
A cloud that is open only to specific organizations that have common concerns.
hybrid cloud
A combination of public and private clouds.
on-premises
A computing model in which enterprises purchased all the hardware and software necessary to run the organization.
hosted services
A computing model in which servers, storage, and the supporting networking infrastructure are shared by multiple enterprises over a remote network connection.
Bell Lapadula Model
A confidentiality‐focused security model based on the state machine model and employing mandatory access controls and the lattice model allows subjects to access only those objects with the corresponding classification levels two primary rules of Bell‐LaPadula are the simple rule of no read‐up the star rule of no write‐down.
correlation engine
A device that aggregates and correlates content from different sources to uncover an attack.
aggregation switch
A device used to combine multiple network connections into a single link.
port mirroring
A facility that allows the administrator to configure a switch to copy traffic that occurs on some or all ports to a designated monitoring port on the switch.
vulnerability
A flaw or weakness that allows a threat agent to bypass security.
Jailbreaking
A friend of Ukrit told him that he has just downloaded and installed an app that allows him to circumvent the built-in limitations on his Apple iOS smartphone. What is this called?
hactivists
A group of threat actors that is strongly motivated by ideology.
Hactivists
A group that is strongly motivated by ideology.
DDoS mitigator
A hardware device that identifies and blocks real-time distributed denial of service (DDoS) attacks.
deadbolt lock
A lock that extends a solid metal bar into the door frame for extra security is the _____.
Which of these is NOT a characteristic of a weak password?
A long password
Malware
A malware is designed to replicate itself. It is able to transfer to other things in your computer or other places in your network.
Noninterference Model
A model loosely based on the information flow model, is concerned with the actions of one subject affecting the system state or actions of another subject
Take Grant Model
A model that employs a directed graph to dictate how rights can be passed from one subject to another or from a subject to an object. Simply put, a subject with the grant right can grant another subject or another object any other right they possess. Likewise, a subject with the take right can take a right from another subject
Advanced Persistent Threat (APT)
A new class of attack that uses innovative attack tools to infect a system and then silently extracts data over an extended period.
Pass the Hash
A pass the hash attack is an exploit in which an attacker steals a hashed user credential and, without cracking it, reuses it to trick an authentication system into creating a new authenticated session on the same network.
Cloud computing
A pay-per-use computing model in which customers pay only for the online computing resources that they need, and the resources can be easily scaled.
threat actor
A person or element that has the power to carry out a threat.
What is a session token? XML code used in an XML injection attack A random string assigned by a web server Another name for a third-party cookie A unique identifier that includes the user's email address
A random string assigned by a web server
log
A record of events that occur.
Replay
A replay attack is a form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed.
Accept
A response to risk that acknowledges the risk but takes no steps to address it.
accept
A response to risk that acknowledges the risk but takes no steps to address it.
Transfer
A response to risk that allows a third party to assume the responsibility of the risk.
transfer
A response to risk that allows a third party to assume the responsibility of the risk.
Avoid
A response to risk that identifies the risk and the decision is made to not engage in the risk-provoking activity.
avoid
A response to risk that identifies the risk and the decision is made to not engage in the risk-provoking activity.
Rogue AP
A rogue access point is a device not sanctioned by an administrator, but is operating on the network anyway. This could be an access point set up by either an employee or by an intruder. The access point could also belong to a nearby company.
Secure FTP (SFTP)
A secure TCP/IP protocol that is used for transporting files by encrypting and compressing all data and commands.
Brewer and Nash Model (Chinese Wall)
A security model designed to permit access controls to change dynamically based on a user's previous activity (making it a kind of state machine model as well)
Graham Denning Model
A security model focused on the secure creation and deletion of both subjects and objects
network tap (test access point)
A separate device that can be installed on the network for monitoring traffic.
file integrity check (FIC)
A service that can monitor any changes made to computer files.
Cloud access security broker (CASB)
A set of software tools or services that resides between the enterprises' on-premises infrastructure and the cloud provider's infrastructure to ensure that the security policies of the enterprise extend to their data in the cloud.
resource exhaustion
A situation in which a hardware device with limited resources (CPU, memory, file system storage, etc.) is exploited by an attacker who intentionally tries to consume more resources than intended.
vulnerable business processes
A situation in which an attacker manipulates commonplace actions that are routinely performed; also called business process compromise.
risk
A situation that involves exposure to danger.
Risk
A situation that involves exposure to some type of danger.
race condition
A software occurrence when two concurrent threads of execution access a shared resource simultaneously, resulting in unintended consequences.
State Machine Model
A system that is designed so that no matter what function is performed, it is always a secure system
Advanced malware management
A third- party service that monitors a network for any unusual activity.
New Threat
A threat that has not been previously identified.
new threat
A threat that has not been previously identified.
threat
A type of action that has the potential to cause harm.
application cell
A virtualized environment that holds only the necessary operating system components (such as binary files and libraries) that are needed for a specific application to run. Also called an application cell.
container
A virtualized environment that holds only the necessary operating system components (such as binary files and libraries) that are needed for a specific application to run. Also called an application cell.
Hoax
A virus hoax is a false warning about a virus.
Identify Vulnerability
A vulnerability assessment is the process of defining, identifying, classifying and prioritizing vulnerabilities in computer systems
Zero-Delay
A zero day attack (also referred to as Day Zero) is an attack that exploits a potentially serious software security weakness that the vendor or developer may be unaware of.
*Question #13* *In which of the following configurations are all the load balancers always active*? A. Active-active B. Active-passive C. Passive-active-passive D. Active-load-passive-load
A. *Active-active* *page 242*
*Question #14* *Which device intercepts internal user requests and then processes those requests on behalf of the users*? A. Forward proxy server B. Reverse proxy server C. Host detection server D. Intrusion prevention device
A. *Forward proxy server*
*Question #7* *Francisco was asked by a student intern to explain the danger of a MAC flooding attack on a switch. What would Francisco say*? A. Once the MAC address table is full the switch functions like a network hub. B. A MAC flooding attack with filter to the local host computer's MAC-to-IP address tables and prevent these hosts from reaching the network. C. In a defense of a MAC flooding attack network routers will freeze and not permit any incoming traffic. D. A MAC flooding attack will prevent load balances from identifying the correct VIP of the servers.
A. *Once the MAC address table is full the switch functions like a network hub*. *page 239*
*Question #15* *Raul was asked to configure the VPN to preserve bandwidth. Which configuration would he choose*? A. Split tunnel B. Full tunnel C. Narrow tunnel D. Wide tunnel
A. *Split tunnel* *page 252*
*Question #12* *Which of these is NOT used in scheduling a load balancer*? A. The IP address of the destination packet B. Data within the application message itself C. Round-robin D. Affinity
A. *The IP address of the destination packet* *page 242* *Load Balancing Distribution Scheduling are based upon*: -*Round-robin* -*Affinity* -*Other*: *Layer 7 Load Balancers can also use HTTP headers, cookies, or data w/in the application message* ITSELF TO MAKE A DECISION ON DISTRIBUTION
*Question #5* *Which function does an Internet content filter NOT perform*? A. intrusion detection B. URL filtering C. malware inspection D. content inspection
A. *intrusion detection* *page 260* The definition of an Internet Content Filter is a device that monitors internet traffic and provides internet block access to preselected websites and files. An Internet Content Filter restricts unapproved websites based on URL, or by searching for matching and keywords s.a. "sex" or "hate and also looks for malware.
2. Which of these Bluetooth attacks involves accessing unauthorized information through a Bluetooth connection? A. Bluesnarfing B. Bluejacking C. Bluecreeping D. Bluestealing
A. Bluesnarfing
16. A wireless LAN controller (WLC) was recently installed, and now Kelsey needs to purchase several new APs to be managed by it. Which type of AP should he purchase? A. Controller AP B. Standalone AP C. Fat AP D. Any type of AP can be managed by a WLC.
A. Controller AP
Which of the following can be used to prevent a buffer overflow attack? A. DEP B. DNS C. FIM D. VPN
A. DEP
Which of the following TCP/IP protocols do not relate to security? A. IP B. HTTPS C. FTP D. SNMP
A. IP
Aideen sent an email to her supervisor explaining the Domain Name System Security Extensions (DNSSEC). Which of the following statements would Aideen have NOT included in her email? A. It can prevent a DNS transfer attack. B. It is fully supported in BIND9. C. It adds message header information. D. It adds additional resource records.
A. It can prevent a DNS transfer attack.
6. Which of these is NOT a risk when a home wireless router is not securely configured? A. Only a small percentage of the total traffic can be encrypted. B. An attacker can steal data from any folder with file sharing enabled. C. User names, passwords, credit card numbers, and other information sent over the WLAN could be captured by an attacker. D. Malware can be injected into a computer connected to the WLAN.
A. Only a small percentage of the total traffic can be encrypted.
4. Which of these technologies is NOT found in a wireless router? A. access point B. router C. dynamic host configuration protocol (DHCP) server D. firewall
A. access point
8. Flavio visits a local coffee shop on his way to school and accesses its free Wi-Fi. When he first connects, a screen appears that requires him to first agree to an Acceptable Use Policy (AUP) before continuing. What type of AP has he encountered? A. captive portal B. web-based portal C. rogue portal D. authenticated portal
A. captive portal
1. Which technology is predominately used for contactless payment systems? A. near field communication (NFC) B. wireless local area network (WLAN) C. Bluetooth D. Radio Frequency ID (RFID)
A. near field communication (NFC)
DNSSEC adds additional _____ and message header information, which can be used to verify that the requested data has not been altered in transmission. A. resource records B. hash sequences C. zone transfers D. field flags
A. resource records
*Question #1* Isabella is a security support manager for a large enterprise. In a recent meeting, *she was asked which* of the *standard networking devices* already present on the network *could be configured to supplement the specific network security hardware devices* that were recently purchased. *Which of these standard networking devices would Isabella recommend*? A. router B. hub C. virtual private network D. SIEM device
A. router *page 236* *The standard networking devices include: -*bridges*, -*switches* -*routers* -*load balancers* -and *proxies*
Eachna is showing a new security intern the log file from a firewall. Which of the following entries would she tell him do not need to be investigated? A. successful logins B. suspicious outbound connections C. IP addresses that are being rejected and dropped D. Probes to obscure port numbers
A. successful logins
Which feature of the Windows 8.1 operating system enables issuing an alternate IP address when it is unable to obtain a lease from the DHCP server?
APIPA
A set of rules that acts like a "network filter" to permit or restrict data flowing into and out of the router network interfaces.
Access Control List (ACL)
improperly configured account
Account set up for a user that might provide more access than is necessary.
A configuration in which all load balancers are always active.
Active-Active
A configuration in which the primary load balancer distributes the network traffic to the most suitable server while the secondary load balancer operates in a "listening mode".
Active-Passive
In which of the following configurations are all the load balancers always active?
Active-active
In which of the following configurations are all the load balancers always active? a. Active-active b. Active-passive c. Passive-active-passive d. Active-load-passive-load
Active-active
When classifying advertising attacks which of the choices is NOT relevant?
Ad session hijacking
Which cmdlet do you use to sideload Windows Store apps?
Add-AppxPackage
Mitigate
Addressing risks by making risks less serious.
mitigate
Addressing risks by making risks less serious.
C. "Security and convenience are inversely proportional."
Adone is attempting to explain to his friend the relationship between security and convenience. Which of the following statements would he use? A. "Security and convenience are not related." B. "Convenience always outweighs security." C. "Security and convenience are inversely proportional." D. "Whenever security and convenience intersect, security always wins."
Adware
Advertisements that are filled with many other viruses, worms, torjans, etc.
A scheduling protocol that distributes the load based on which devices can handle the load more efficiently.
Affinity
Infrared
Agape was asked to make a recommendation regarding short-range wireless technologies to be supported in a new conference room that was being renovated. Which of the following would she NOT consider due to its slow speed and its low deployment levels today?
A network access control (NAC) agent that is not installed on an endpoint device but is embedded within a Microsoft Windows Active Directory domain controller.
Agentless NAC
The absence of any type of connection between devices.
Air Gap
Why would system software not be considered a critical asset
All of these are correct
Default Configurations
Almost all devices come with out of the box configuration settings.
A VPN that allows the user to always stay connected instead of connecting and disconnecting from it.
Always-on VPNs
D. Misconfigurations
Alyona has been asked by her supervisor to give a presentation regarding reasons why security attacks continue to be successful. She has decided to focus on the issue of widespread vulnerabilities. Which of the following would Alyona NOT include in her presentation? A. Large number of vulnerabilities B. End-of-life systems C. Lack of vendor support D. Misconfigurations
Persistence
An advanced persistent threat is a network attack in which unauthorized person gains access to a network and stays there undetected for a long period of time. The intention of an APT attack is to steal data rather than to cause damage to the network or organization.
zero day
An attack in which there are no days of warning.
What is a hybrid attack?
An attack that combines a dictionary attack with a mask attack
Injection Attacks
An attacker supplies untrusted input to a program. The input gets processed by an interpreter as part of a command or query. In turn, this alters the execution of that program.
funding and resources
An attribute of threat actors that can vary widely.
Funding and Resources
An attribute of threat actors that can very widely.
Evil Twin
An evil twin attack is a type Wi-Fi attack that works by taking advantage of the fact that most computers and phones will only see the "name" or ESSID of a wireless network.
Domain Name System Security Extensions (DNSSEC)
An extension to DNS that adds additional resource records and message header information, used to verify that DNS data has not been altered in transmission.
misconfiguration
An incorrectly configured device.
Integer Overflow
An integer overflow is the condition that occurs when the result of an arithmetic operation, such as multiplication or addition, exceeds the maximum size of the integer type used to store it.
Goguen Meseguer Model
An integrity model based on predetermining the set or domain of objects that a subject can access.
Sutherland Model
An integrity model that focuses on preventing interference in support of integrity.
Biba Model
An integrity‐focused security model based on the state machine model and employing mandatory access controls and the lattice model prevents subjects with lower security levels from writing to objects at higher security levels The two rules of the model are: the simple rule of no read‐down the star rule of no write‐up.
Intrusive vs. Non-intrusive
An intrusive test tries to exercise the vulnerability, which can crash or alter the remote target. A non-intrusive test tries not to cause any harm to the target.
application whitelisting
An inventory of applications and associated components (libraries, configuration files, etc.) that have been pre-approved and authorized to be active and present on the device.
Asset
An item that has value.
asset
An item that has value.
B. Diversity
An organization that practices purchasing products from different vendors is demonstrating which security principle? A. Obscurity B. Diversity C. Limiting D. Layering
File Transfer Protocol (FTP)
An unsecure TCP/IP protocol that is commonly used for transferring files.
A monitoring technique used by an intrusion detection system (IDS) that creates a baseline of normal activities and compares actions against the baseline. Whenever there is a significant deviation from this baseline, an alarm is raised.
Anomaly Monitoring
Undocumented Assets
Another problem in the enterprise is the rapid acquisition and deployment of technology devices without proper documentation.
Refactoring
Another technique that malware authors like to do is to change the way the malware looks every time it's downloaded. This is metamorphic malware that is a technique called refactoring.
Use of an ACL on a internet facing router, limiting traffic that imitates another computer's IP address.
Antispoofing
Operates at a higher level by identifying the applications that send packets though the firewall and then make decisions about the applications instead of filtering packets based on granular rule settings like the destination port or protocol.
Application-Based Firewall
Which of the following devices can identify the application that send packets and then make decisions about filtering based on it? a. Internet content filter b. Application-based firewall c. Reverse proxy d. Web security gateway
Application-based firewall
A special proxy server that "knows" the application protocols that it supports. For example, an FTP proxy server implements the protocol FTP.
Application/Multipurpose Proxy
None
Apps are small and very useful software programs that range from essential to just silly. They are available from device manufacturers, OS providers, and third parties. Which of the app types listed can be side-loaded on an iOS device?
Which of the following are true about App-V? (Choose all that apply.)
Apps are streamed for installation Virtual environments prevent conflicts between apps Apps are updated when the source on the server is updated
Trojan
Are programs that pretend to be something else when it's not.
Architecture/design Weaknesses:
Asset management helps reduce architecture and design weaknesses by ensuring that purchases go through an approval process. The approval process does more than just compare costs.
Greater sophistication of attacks
Attack tools vary their behavior so the same attack appears differently each time
Man-In-The-Middle
Attack where they secretly relays and possibly alters the communications between two parties who believe that they are directly communicating with eachother.
Watering hole attack
Attacker will infect users after stalking them to their commonly visited websites.
Increased speed of attacks
Attackers can launch attacks against millions of computers within minutes
Universally connected devices
Attackers from anywhere in the world can send attacks
Distributed attacks
Attackers use thousands of computers in an attack against a single computer or network.
Availability and simplicity of attack tools
Attacks are no longer limited to highly skilled attackers
In Windows network, transitive trust is used among the different domains inside a forest for implementing:
Authentication
In Windows network, transitive trust is used among the different domains inside a forest for implementing: Authentication Distributed file systems DCOM File systems RPC
Authentication Transitivity is what determines if a trust is allowed to extend outside the two domains between which a trust was formulated. In Windows network, transitive trust is used among the different domains inside a forest for implementing authentication.
Which of the choices provided ensures that information is accessible only to authorized users
Avaliability
Which of the following is NOT a benefit of layer 2 switching? A. Wire speed B. Software based bridging C. Low cost D. Low latency
B
Which of the following is true about bridges and switches? A. Switches are less expensive than bridges B. Bridges use software to manage a filter table and switches use ASICs C. Bridges typically have more ports D. Bridges are really multiport switches
B
You have created two VLANs on your switch: VLAN A and VLAN B. What device do you need to configure so that clients associated with VLAN A can communicate with clients associated with VLAN B? A. Modem B. Router C. Hub D. Repeater
B