DSST Cybersecurity
The best practice for access, authentication, and authorization is to a. allow the right people to interface with the proper segments of the network, the right servers, and the appropriate data. b. ensure that employees within a business sign a security policy. c. have the proper network visibility. d. feed data into a correlation engine for protection.
The correct answer is A. A best practice for access, authentication, and authorization is to allow the right people to interface with the proper segments of the network, the right servers and the appropriate data. Choice B is incorrect because ensuring that employees within a business sign a security policy is not considered a best practice of access, authentication, and authorization. Choice C is should be eliminated because having the proper network visibility is not considered a best practice of access, authentication, and authorization. Choice D is incorrect because feeding data into a correlation engine for protection is not considered a best practice of access, authentication, and authorization.
Which of the following is characterized as any circumstance or event with the potential to have an adverse impact on an information system through unauthorized access, destruction, disclosure, modification of data, and/or denial of service (DoS)? a. Threat b. Vulnerability c. Risk d. Intrusion
The correct answer is A. According to the NIST, a threat is defined as any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation); organizational assets; individuals; other organizations; or the nation through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service
The NIST risk determination model is: a. Likelihood × Impact = Risk Level. b. Threats × vulnerabilities = Risk Level. c. Threats + Impact = Risk Level. d. Controls × Vulnerabilities = Risk Level.
The correct answer is A. Choices B, C, and D are incorrect. The likelihood of impact is how likely it is that a threat hits a vulnerability. The effect of impact is how bad the impact would be on your organization if the threat hit a vulnerability. To determine the risk level, multiply likelihood × impact.
To identify which vulnerabilities are most critical, less significant, and contain false positives means to conduct a. penetration testing. b. compliance testing. c. vulnerability testing. d. cybersecurity testing.
The correct answer is A. Conducting a penetration test identifies which vulnerabilities are most critical, less significant, and contain false positives. Choice B is incorrect because compliance testing checks for the existence of required controls and their correct configurations by establishing a simple scenario. Choice C is eliminated because vulnerability testing is a component of penetration testing that will identify vulnerabilities. Choice D is incorrect because cybersecurity testing identifies ways to protect and restore computers, electronic communications systems, electronic communications services, wire communication, and electronic communications.
The prevention of damage to, the protection of, and the restoration of computers, electronic communications systems, electronic communications services, wire communication, and electronic communication is a. cybersecurity. b. network security. c. infrastructure security. d. application security.
The correct answer is A. Cybersecurity is the prevention of damage to, the protection of, and the restoration of computers, electronic communications systems, electronic communications services, wire communication, and electronic communication. Choice B is incorrect because network security is protection of the access to files and directories in a computer network against hacking, misuse, and unauthorized changes to the system. Choice C is incorrect because infrastructure security is a collection of physical or virtual resources that supports an overall IT environment and component of network security. Choice D is incorrect because application security is the use of software, hardware, and procedural methods to protect applications from external threats.
Which of the following is considered the most visible device in a computer system and therefore one of the most vulnerable? a. Hardware b. Software c. Cables d. Server room
The correct answer is A. Hardware resources, including PCs, laptops, and printers, are in plain sight and therefore provide easy targets for tampering. Choice B is incorrect since software resides on a server and is only accessible for malicious intent via backdoors. Choice C is incorrect since cabling is usually hidden and offers very little use to malicious attacks. Choice D is incorrect since the server room should always be secured behind locked doors.
Which form of network traffic encryption requires common configuration between the two computers communicating? a. IP Security (IPSec) b. Secure Shell (SSH) c. Secure File Transfer Protocol (SFTP) d. Secure Sockets Layer (SSL)/Transport Layer Security (TLS)
The correct answer is A. IP Security (IPSec) is a form of network traffic encryption that requires common configuration between the two computers communicating. Choice B is incorrect because Secure Shell (SSH) is a form of encrypting terminal connections. Choice C should be eliminated because Secure File Transfer Protocol (SFTP) is a form of encrypting file transfers. Choice D is incorrect because Secure Sockets Layer (SSL)/Transport Layer Security (TLS) is a form of encrypting web traffic in transit.
Which of the following is true about multi-factor authorization? a. It employs more than one method to verify authenticity. b. It incorporates both access-control and authentication mechanisms into a single device. c. It allows for multiple levels of security classification in a single system. d. It bases access decisions on the role of the user, as opposed to using the more common access control list mechanism.
The correct answer is A. Multifactor authorization refers to the use of more than one type of authorization mechanism in order to provide improved security. Choice B is incorrect since multifactor authentication can combine any two types of authorization on one or more devices. Choice C is incorrect since the mechanisms for authentication do not need to be on different levels. Choice D is incorrect since authorization to access an information system is not based on roles.
Penetration testing attempts to approve or disapprove a. real-world attacks against an organization. b. vulnerability scans. c. compliance audits. d. security assessments.
The correct answer is A. Penetration testing attempts to approve or disapprove real-world attacks against an organization. Choice B is incorrect because vulnerability scans simply uncover vulnerabilities, not approve or disapprove real-world attacks against an organization. Choice C can be eliminated because compliance audits check for existing required controls and their correct configurations by establishing a simple scenario. Choice D is incorrect because security assessments check for existing required controls and their correct configurations by establishing a simple scenario.
Which type of cybersecurity monitoring tool identifies and attempts to block possible attacks? a. Preventive b. Detective c. Retrospective d. Prospective
The correct answer is A. Preventive tools identify and attempt to block possible cyber-attacks. Choice B is incorrect because detective technologies detect attacks that have bypassed the preventive capabilities. Choice C should be eliminated because retrospective tools investigate and remediate incidents found by detective technologies. Choice D is incorrect because prospective tools mitigate potential cyber-attacks.
Which of the following describes how a router can be used to implement security on a network? a. Use an access control list to deny traffic from specific IP addresses. b. Use a lookup table to deny access to traffic from specific MAC addresses. c. Examine the packet payload to deny packets with malformed data. d. Use an access control list to deny traffic sent from specific users.
The correct answer is A. Routers operate at the network layer of the OSI model and can compare IP addresses to access control lists (ACLs) to determine protocols and ports. Choice B is incorrect since lookup tables serve only as reference guides. Choice C is incorrect since packet payload is data about the packet. Choice D is incorrect since an access control list requires IP addresses to determine secure throughput.
Which of the following is one of the two key components of system integrity? a. Software authenticity b. System file checker tool c. System integrity protection d. User Credential Management Assurance
The correct answer is A. Software authenticity and assurance of user identity are the two key components of system integrity that the US-CERT recommends. Choice B is incorrect because a system file checker tool is a utility in Windows that allows users to scan corrupted Windows system files and restore files. Choice C should be eliminated because system integrity protection is an Apple-enabled default security oriented feature aimed at preventing Mac OS X compromise by malicious code. Choice D is incorrect because User Credential Management Assurance (UCMA) refers to reliability and security usage, distribution, storage, and creation of authentication credentials like passwords.
What does CIA stand for? a. Confidentiality, integrity, availability b. Compression, information, abstracting c. Confidentiality, information, awareness d. Confidentiality, integrity, access
The correct answer is A. The CIA is a triad consisting of confidentiality, integrity, and availability. Choice B is incorrect because the critical three elements are not compression, information, and abstracting. Choice C is incorrect since information and awareness are not part of the triad. Choice D is incorrect since access is not part of the triad.
During the Development/Acquisition phase of the System Development Lifecycle (SDLC), the system is a. programmed. b. installed. c. terminated. d. modified.
The correct answer is A. The system is programmed in the second phase of the SDLC, the Development/Acquisition phase. Choice B is incorrect because the system is installed or fielded in the third phase of the SDLC, after system acceptance testing. Choice C is incorrect because the system is modified in the fourth phase of the SCLC, Operation/Maintenance. Choice D is incorrect because the system is terminated in the fifth, or final, phase of the SDLC, the Disposal phase.
Public-key systems are characterized by the use of a cryptographic type of algorithm with two keys. These two keys are a. one private and one public. b. both private. c. both public. d. random.
The correct answer is A. Using PKI, one key is held private and the other is available publicly (analogous with a safe deposit box, where the owner has one key and the bank has the other). Choice B is incorrect since having both keys private would not allow the sharing of files and e-mails. Choice C is incorrect since there would be no confidentiality is both keys were public. Choice D is incorrect since the randomization of keys could cause redundancy and not meet the confidentiality or integrity needs of using PKI systems.
An iris scan device is an example of what type of authorization mechanism? a. Something you know b. Something you have c. Something about you/something you are d. Multifactor authorization
The correct answer is C. An iris scan is an example of a biometric device, which falls into the category of something about you/something you are. Choice A is incorrect since "something you know" is intellectual, not biometric. Choice B is incorrect since "something you have" is a possession and not a biometric characteristic. Choice D is incorrect since an iris scan device is a single-factor authentication device.
The granting of a right or permission to a system entity to access a system resource is called a. authentication. b. authorization. c. audit. d. access.
The correct answer is B. Authorization is the process by which a subject's (e.g., user's), identity is verified. Choice A is incorrect, since authentication is the verification that the credentials of a user or other system entity are valid. Choice C is incorrect, since an audit is an independent review and examination of system records and activities in order to test for adequacy of system controls, policies, and procedures. Choice D is incorrect since access is dependent upon authorization.
Governance processes include identifying, managing, and disseminating all information related to the outsourcing contract, while controlling the relationship between the client organization and service provider. Which of the following is also a governance process? a. Benchmarking b. Auditing c. Measuring d. Controlling
The correct answer is B. Choice B is correct, since auditing is an integral requirement of governance processes for outsourced contracts. Choice A is incorrect because benchmarking allows either party to measure its performance and resource requirements against industry norms, but it is not a governance process requirement. Choices C and D are incorrect. Measuring and controlling should be part of the agreements with third-party entities, such as SLAs, OLAs, and others, but they are not an integral part of the governance processes related to the outsourcing contract.
When considering emerging technologies, best practices include all of the following EXCEPT: a. Security should be in place when the new technologies become available b. Consider the business needs prior to focusing on security c. Establish user agreements in advance d. Policies and procedures should be implemented by the time new technologies become available
The correct answer is B. Considering the business needs prior to focusing on security is NOT identified as a best practice of emerging technologies. Choice A is incorrect because security should be in place when the new technologies become available as a best practice of emerging technologies. Choice C should be eliminated because establishing user agreements in advance is identified as a best practice of emerging technologies. Choice D is incorrect because as a best practice of emerging technologies, policies and procedures should be implemented by the time new technologies become available.
Combinatorial methods in cybersecurity testing with a network simulator to detect configurations that produce deadlock are useful for defending a network against attacks that result in a. injection and cross-site scripting threats. b. denial of service. c. data supply chain threats. d. data breach.
The correct answer is B. Cybersecurity testing demonstrate the effectiveness of combinatorial methods with a network simulator to detect configurations that produce deadlock, useful for defending a network against attacks that attempt to force the network into a deadlock configuration that results in denial of service. Choice A is incorrect because injection and cross-site scripting threats are not mitigated by detection of configurations that produce deadlock. Choice C is incorrect because data supply chain threats are not mitigated by detection of configurations that produce deadlock. Choice D is incorrect because data breaches are not mitigated by detection of configurations that produce deadlock.
Which of the following is NOT a key exposures/deficiency in the physical security realm? a. An open lobby and unlocked doors b. Lack of encryption c. Inadequate intrusion detection d. Lack of surveillance
The correct answer is B. Encryption relates to network security, not physical security. Encryption means conversion of plain text to cipher text through the use of a cryptographic algorithm. Choices A, C, and D are all examples of lapses in physical security.
What is one of the most common forms of encrypting terminal connections? a. IP Security (IPSec) b. Secure Shell (SSH) c. Secure File Transfer Protocol (SFTP) d. Secure Sockets Layer (SSL)/Transport Layer Security (TLS)
The correct answer is B. Secure Shell (SSH) is one of the most common forms of encrypting terminal connections. Choice A is incorrect because IP Security (IPSec) operates at a more basic layer than SSL or SSH and can be applied to any network traffic. Choice C should be eliminated because Secure File Transfer Protocol (SFTP) is one of the most secure forms of encrypting file transfers. Choice D is incorrect because Secure Sockets Layer (SSL)/Transport Layer Security (TLS) is commonly used to encrypt web traffic in transit.
Which of the following defines an acceptable-use agreement? a. An agreement that is a legal contract between the organization and the employee that specifies the employee is not to disclose the organization's confidential information b. An agreement that identifies the employee's rights to use company property, such as Internet access and computer equipment, for personal use c. An agreement that outlines the organization's monitoring activities d. An agreement that prohibits an employee from working for a competing organization for a specified time after the employee leaves the organization
The correct answer is B. The acceptable-use agreement identifies the employee's rights to use company property such as Internet access and computer resources for personal use. Choice A is incorrect since this describes a non-disclosure agreement. Choice C is incorrect since an organization does not need to disclose its monitoring processes. Choice D is incorrect since this describes a non-compete agreement
Tokens are a. an electronic signature used to verify authenticity. b. a hardware device used in challenge/response authorization process. c. a software implementation of digital signature functionality. d. used in a challenge/response protocol to ensure the identity of both sides of a client/server relationship.
The correct answer is B. Tokens are a hardware device that can be used in a challenge-response authentication process. Choice A is incorrect since tokens are not electronic signatures. Choice C is incorrect since tokens are not software. Choice D is incorrect since tokens only affect the server side of the transmission.
AAA stands for which of the following? a. Accessing, authorization, accounting b. Auditing, accepting, accounting c. Authentication, authorization, accounting d. Authentication, application, accounting
The correct answer is C. AAA stands for authentication, authorization, and accounting. AAA services are typically utilized to allow access to the LAN from the outside. Choice A is incorrect since it does not include authentication, and accessing is not part of the AAA protocol. Choice B is incorrect since it does not include authentication and authorization, and auditing and accepting are not part of the AAA protocol. Choice D is incorrect since it does not include authorization, and application is not part of the AAA protocol.
Which are considered the best practices for risk management when considering a new application in production? I. Assessing the business needs II. Determining risk tolerance III. Having a strong discovery IV. Providing solutions a. I and II only b. II only c. I, II, and III only d. I, II, III, and IV
The correct answer is C. Assessing the business needs, determining risk tolerance, and having a strong discovery are considered the best practices for risk management when considering a new application in production. Choice A is incorrect because it includes only two of the three best practices. Choice B should be eliminated because it includes only one of the three best practices. Choice D is incorrect because it includes an incorrect statement (IV).
What does DT stand for in cybersecurity testing communication? a. Detection time b. Demonstration test c. Developmental test d. Defense test
The correct answer is C. DT stands for developmental test as noted in the 2015 Department of Defense Cybersecurity Test and Evaluation Guidebook. Choice A is incorrect because detection time is not DoD's meaning of DT. Choice B is to be eliminated because demonstration test is not DoD's meaning of DT. Choice D is incorrect because defense test is not DoD's meaning of DT.
Evaluating current knowledge of a system's design, stated requirements, and minimal security requirements to determine its effectiveness to mitigate anticipated risks describes the purpose of which of the following? a. Security categorization b. Security architecture design c. Risk assessment d. Functional review
The correct answer is C. In the second SDLC phase, a key security activity is to conduct the risk assessment and use the results to supplement the baseline security controls. Choice A is incorrect since categorizing the information system takes place in the first SDLC phase, Initiation. Choice B is incorrect since the security risk assessment should be conducted before the approval of design specifications as it may result in additional specifications or provide further justification for specifications. Choice D is incorrect since functional and security testing take place after the risk assessment.
Which of the following is an example of a fundamental security design principle, as defined by the U.S. National Security Agency and the U.S. Department of Homeland Security? a. Highest privilege b. Combination of privileges c. Layering d. Having all ports open at all times
The correct answer is C. Layering refers to the use of multiple, overlapping protection approaches addressing the people, data, and operational aspects of information systems. Choice A is incorrect since utilizing the highest principle would grant all privileges to all users. Choice B is incorrect since the combination of privileges would confuse the access control for the network. Choice D is incorrect since open ports are a vulnerability and therefore only the ones being actively used should be open at any given time.
Mobile botnets, exploitation of mobile applications, and exploitation of m-commerce are examples of threats to mobile devices. Which of the following is also a threat? a. Network engineering b. Third-party engineering c. Social engineering d. Internal engineering
The correct answer is C. Social engineering is the art of manipulating people so they give up confidential information. In the security chain, people are the weakest link. Common social engineering attacks involve hacking or socially engineering one person's e-mail password to gain access to a contact list, preying on people's trust in a message that asks for help, and other forms of manipulation. Choices A, B, and D are incorrect.
Port 80 provides access to which service? a. FTP b. POP c. HTTP d. Telnet
The correct answer is C. TCP Port 80 is designated for HTTP traffic. Choice A is incorrect since FTP traffic uses TCP Port 21. Choice B is incorrect since POP traffic goes through TCP Ports 110 and 111. Choice D is incorrect since Telnet uses TCP Port 23.
The process of setting up a valid user account configured by the network administrator that specifies the user permissions and rights, and then requiring the user to enter assigned credentials to access a system describes the a. verification process. b. authorization process. c. authentication process. d. credentialing process.
The correct answer is C. The authentication process is the process of setting up a valid user account configured by the network administrator that specifies the user permissions and rights, and then requiring the user to enter assigned credentials to access a system. Choice A does not apply because the verification process is an internal system configuration that complies with regulation, requirement, and specification or imposed standards. Choice B is eliminated because the authorization process verifies that the user has the correct permissions and rights to access the requested resource. Choice D is incorrect because credentialing is the process of establishing the qualifications of licensed professionals, organizational members, or organizations and assessing their background and legitimacy.
According to NIST, a basic security requirement for media protection is to limit access to CUI on information system media to a. system administrators. b. system owners. c. program managers. d. authorized users.
The correct answer is D. Authorized users have been granted access privileges, usually by an official management decision. Choices A, B, and C are incorrect since these roles are included under the umbrella of authorized users.
An attacker is conducting passive reconnaissance on a targeted company. Which of the following could he be doing? a. War driving b. War dialing c. Social engineering d. Browsing the organization's website
The correct answer is D. Browsing the organization's website is a form of passive reconnaissance. Choice A is incorrect since war driving refers to a potential attacker driving around with a laptop and WNIC in RF monitor mode to detect unsecured wireless signals and therefore is active reconnaissance. Choice B is incorrect since war-dialing refers to an attacker's attempt to gain unauthorized access to a computer system or network by discovering unprotected connections to the system through the telephone system and modems and therefore is active reconnaissance. Choice C is incorrect since social engineering is the art of deceiving another individual so that he or she reveals confidential information and therefore is active reconnaissance
Operational best practices for security include all of the following EXCEPT: a. Protection against the latest threats b. Enhancing mitigation c. Streamline the security environment d. Enhancing litigation
The correct answer is D. Enhancing litigation is NOT considered an operational security best practice. Choice A is incorrect because protection against the latest threats is considered a best practice of operational security. Choice B is incorrect because enhancing mitigation is considered a best practice of operational security. Choice C is incorrect because streamlining the security environment is considered a best practice of operational security
Which of the following is the most effective protection against IP spoofing on a private network? a. Host-based IDS b. Antivirus scanners c. Digital signatures d. Ingress and egress filters
The correct answer is D. Ingress and egress filters are the most effective protection against IP packet spoofing. Choice A is incorrect since host-based IDS are good at detecting host intrusions and violations. Choice B is incorrect since antivirus scanners are only useful against viruses. Choice C is incorrect since digital signatures are used to provide a recipient with proof of nonrepudiation and integrity of communications.
Network security includes four complementary courses of action: Prevention, Detection, Response, and a. Treatment. b. Modeling. c. Specifications. d. Recovery.
The correct answer is D. Recovery is the use of resources, such as backup systems, so that if data integrity is compromised, a prior, correct copy of data can be reloaded. Choice A is incorrect since treatment does not apply to network security. Choice B is incorrect since modeling is not a course of action. Choice C is incorrect since specifications are not a course of action.
What is one of the most common forms of encrypting web traffic in transit? a. IP Security (IPSec) b. Secure Shell (SSH) c. Secure File Transfer Protocol (SFTP) d. Secure Sockets Layer (SSL)/Transport Layer Security (TLS)
The correct answer is D. Secure Sockets Layer (SSL)/Transport Layer Security (TLS) is one of the most common forms of encrypting web traffic in transit. Choice A is incorrect because IP Security (IPSec) operates at a more basic layer than SSL or SSH and can be applied to any network traffic. Choice B should be eliminated because Secure Shell (SSH) is one of the most common forms of encrypting terminal connections. Choice C is incorrect because Secure File Transfer Protocol (SFTP) is one of the most secure forms of encrypting file transfers.
The NIST organization describes security considerations that will help integrate information security into the System Development Life Cycle (SDLC). Which of the following phases of the SDLC results in security categorization, including high-level security requirements and level of effort estimates? a. Operation/Maintenance b. Implementation/Assessment c. Development/Acquisition d. Initiation
The correct answer is D. The Initiation, or first phase of the SDLC, includes a review of the information system security categorization results, which will include identified information types, resulting impact levels, and the final system security categorization. Choice A is incorrect since Operation/Maintenance is the fourth phase of the SDLC. Choice B is incorrect since Implementation/Assessment is the third phase of the SCLC. Choice C is incorrect since Development/Acquisition is the second phase of the SDLC.
What is the benefit of using automated vulnerability scanners? a. To scan entire websites for vulnerabilities b. To scan the network for vulnerabilities c. To scan computers for vulnerabilities d. All of the above
The correct answer is D. The benefits of using automated vulnerability scanners are to scan entire websites, the network, and computers for vulnerabilities. Choice A is incorrect because it includes only one of the three benefits of automated vulnerability scanners. Choice B should be eliminated because it includes only one of the three benefits of automated vulnerability scanners. Choice C is incorrect because it includes only one of the three benefits of automated vulnerability scanners.
Authorization is defined as the action associated with determining permission associated with a user action. Which of the following is the default state used by any authorization technique prior to a user request being granted? a. Accept b. Who is c. Response d. Unknown user
The correct answer is D. The default setting of "unknown user" acts to keep all users out unless they can meet authentication parameters. Choice A is incorrect since having a default setting of "accept" would allow all users access without meeting authorization parameters. Choice B is incorrect since "Who is" is a convention used to associate an IP address with its owner. Choice C is incorrect since "response" refers to the actions taking place within the server called "action" and "response." The action is the input of the user's credentials, and the response is the response from the server.
What is the most common form of authentication used? a. Biometrics b. Tokens c. Access-card d. Username/password
The correct answer is D. The username/password combination is the single most common mechanism in use today based on the need for a server and access control for verification. Choice A is incorrect since biometric hardware and software are still in their infancy and are viewed as expensive. Choice B is incorrect since tokens are used for challenge-response purposes, not authentication. Choice C is incorrect since access cards require unique hardware and software for the verification process, and these resources can get expensive.
Intentional, unintentional, technical, non-technical, and structural are all types of a. controls. b. vulnerabilities. c. impacts. d. threats.
The correct answer is D. Types of threat sources include hostile cyber or physical attacks, human errors of omission or commission, or structural failures of organization-controlled resources, such as hardware, software, or environmental controls. Choice A is incorrect. Controls are safeguards or countermeasures to avoid, detect, counteract, or minimize security risks and protect against vulnerabilities. Choice B is incorrect. Vulnerabilities are weaknesses that allow an attacker to reduce a system's information assurance. Choice C is incorrect since impacts are consequences related to a threat hitting a vulnerability.
