final
Marcus is considering GPS tagging for use with an MDM tool and asks you if there is a major concern with this approach. What advice does the text share that you could pass on to Marcus? No concern Chain of custody Support for geofencing Privacy
Privacy
What type of malware is adware typically classified as? A DOG A backdoor A PUP A rootkit
A PUP
What does the chmod command do?
Changes permissions of a file
Lilo is conducting a penetration test for a client. The client provided Lilo with limited but important information on the configuration of the systems under test. What type of pentest is Lilo performing? Gray-box test Red-box test White-box test Black-box test
Gray-box test
Devices that centralize the acceptance and forwarding of network requests are known as what? Proxy servers Firewalls Routers VPN concentrator
Proxy servers
Aubrey needs to implement LDAP service. What type of service is Aubrey attempting to enable? An attestation service A federation A directory service A biometric identity provider
A directory service
What service runs on port 53?
DNS
Malware
Describes a wide range of software intentioanlly designed to cause harm to systems, networks and devices
PII
Includes any information that unqiuely identifies an individual person
RAID 0
Data is spread to every drive in the array, which is like artifiically gluing two hard drives or more together
What service runs on port 80?
HTTP
Lilo discovers that users are using many approaches to using systems resources and some approaches are creating unforeseen risks. Lilo creates a revised document that limits users to any one of several approaches that have not been shown to create risks. What type of document did Lilo create? Policy Standard Guideline Procedure
Standard
Risk acceptance
A management decision to take no furhter risk reduction actions and accept the existing risk as part of normal operations
Nessus
A network-vulnerability scanner, that can determine whether a server is vulnerable
A prominent cloud-computing vendor is engaging an audit firm to produce a report that will be shared publicly to demonstrate that appropriate controls are in place. The audit firm will assess the controls as well as the effectiveness of the controls. What type of report should the cloud-computing firm expect? SOC 2 Type 1 SOC 2 Type 2 SOC 3 Type 1 SOC 3 Type 2
SOC 3 Type 2
Confidentiality
Ensure that data remainds private while in transite, in storage and in use
What tool supports incident responders by allowing unified, automated responses across an organization? IPS COOP SOAR IRC
SOAR
ISO 31000
guidelines for risk management programs
Which scripting environment is native to most UNIX/Linux distributions? PowerShell Python Bash Go
Bash
Kim creates open-source software tools and wants to assure users that the code they received is authentic code provided by the author. What technique can Kim use to provide this assurance? Code signing Code endorsement Code encryption Code obfuscation
Code signing
While on the night shift working in the SOC, Ash notices traffic between systems being monitored within the organization and a known malicious host using TCP port 6667. What type of traffic is Ash most likely detecting? A RAT Command and control A worm A bot
Command and control
Which of the following measures would database administrators consider to be the best defense against data exposure? Normalization Data minimization Tokenization Hashing
Data minimization
Which tool cannot be used in the data obfuscation process? Hashing Tokenization Data masking Data minimization
Data minimization
Procedures
Detailed step-by-step process that individuals in an organization must follow
Which cybersecurity tool focuses heavily on understanding the attacker and their motivations to help defenders understand the threat? MITRE Diamond Model Cyber Kill Chain SIEM
Diamond Model
Which component of an incident response plan focuses on activities and restoration related to a disaster? Communications plan Stakeholder management Business continuity Disaster recovery
Disaster recovery
Maria's needs to provide access to secure information via the wireless network and therefore wishes to ensure that individuals outside the building cannot connect to the wireless network. What type of solution is a good fit for this requirement? IPS Geofencing Context-aware authentication Unified Endpoint Management (UEM)
Geofencing
Kyra tapes a sign over an Ethernet jack with a sign saying the system is part of an incident and warning that only the IR team can approve connecting the device. What is the name for this step? Containment Isolation Segmentation Zoning
Isolation
The phases of the software development life cycle in order are: Planning , Requirements , Design , Coding , Testing , Training and Transition , and Ongoing Operations and Maintenance . What is the order they go in?
Planning -> Requirements -> Design -> Coding -> testing -> Training and Transition -> Ongoing Opeartions and Maintenance
DMZ (demilitarized zone)
Sections of a network that are exposed to less trusted areas of the internet, such as web servers
Sam was instructed to implement a data protection technique that will be reversible if needed. Which technique would Sam want to use? Tokenization Masking Hashing Shredding
Tokenization
Taylor is reviewing details of a forensic investigation to create documentation for attorneys preparing for a potential prosecution and finds a pagefile for a system. From where was the pagefile taken? Memory disk CPU register Device firmware
disk
Which of the following is NOT considered a type of virus? memory-resident virus boot-sector virus rat-toolkit virus email virus
rat-toolkit virus
What service runs on port 22?
SSH
Morgan is testing software by sending invalid and even random data to the application. What type of code testing is Morgan conducting? Mutation testing Static code analysis Dynamic ocde analysis Fuzzing
Fuzzing
Authentication
Verifying the claimed identity of a system user
Wireshark
Application that captures and analyzes network packets. Which can also be used to analyze a VOIP conversation.
Embedded systems that must place priority on processing data as it arrives rather than using interrupts or other waiting techniques are likely to utilize which type of operating system? Windows Linux DOS RTOS
RTOS
Data processors
Service providers that process information on behalf of the data controller
Chris turned on logon auditing for a Windows system. Which log will show them? The Windows Application log The Windows Security log The Windows System log All of the above
The Windows Security log
During a periodic review of security controls, Maria discovered that individuals who breach the network security perimeter would be able to then attack IoT systems that operate manufacturing. Manufacturing is a closed system and does not require internet connectivity. What type of solution is best suited for this? Air gap Faraday Cage Cold aisle screened subnet
Air gap
Policies
High-level statements of management intent
Lilo recently conducted a risk measurement exercise to determine the risk the organization faced before implementing any mitigations or controls. What term best describes this risk? Inherent risk Control risk Risk appetite Residual risk
Inherent risk
Extranet
Networks that are used by trusted partners or customers, and provides greater access than what is available to the public
Bob would like to send Alice a secure message using an asymmetric encryption algorithm. What key should Bob use to encrypt the message? Bob's public key Bob's private key Alice's public key Alce's private key
Alice's public key
What program defines the requirements that government agencies need to meet to ensure that continuity of operations can be ensured? NIST SP 500 COOP National Disaster Preparedness Plan FedDP
COOP
Sam wants to follow the order of volatility to guide a forensic data acquisition. Which of the following is most volatile? RAM CPU cache and register Data on the hard disk Backups
CPU cache and register
What does the grep command do?
tool to search for patterns
27001
Provides a common structure for security programs based on accepted industry best practices.
Sam wants to implement a RAID array upon which data is striped across drives, with drives used for parity (checksum) of the data. Sam also wants to ensure that the system can handle more than one drive failing at a time. What RAID type should Sam use? RAID 1 RAID 5 RAID 6 RAID 10
RAID 6
Jayden is monitoring network traffic and discovers an employee monitoring or spying on others using their organization-provided systems. What type of malware is Jayden likely monitoring to make this discovery? Worms RATs Crypto Malware PUPs
RATs
Terry identified a new security vulnerability and computed its CVSS base score as 3.5. Which risk category would this vulnerability fall into? Low Medium High Critical
Low
Trojans
Require user interaction to be triggered
Which term refers to a measure of reliability of a system? MTBF MTTR RTO RPO
MTBF
Deleting a file in a Windows results in a Quick formatting which leads to which outcome? memory is reformatted and data is overwritten memory is wiped and data is destroyed file index is wiped but data likely remains untouched file index and data is wiped
file index is wiped but data likely remains untouched
In what cloud security model does the cloud service provider bear the least responsibility for implementing security controls? IaaS PaaS SaaS FaaS
IaaS
What legal concept is related to the ability to validate the integrity of the data and the process of collecting it? Nexus Nonrepudiation Jurisdiction Admissibility
Nonrepudiation
Kelly installs a backdoor in a database server that was exploited as part of a penetration test which will provide ongoing access to the server in the future. Which term describes this action? Lateral movement Privilege escalation Maneuver Persistence
Persistence
University IT staff determined that the campus LMS can be down for no more than 24 hours before causing unacceptable damage to the business. What metric describes this outcome? MTBF MTTR RTO RPO
RTO
Mackenzie needs a solution that will provide an alert if services were installed without approval from the change control process. What solution would you recommend? Registry dumps Firewall logs Vulnerability scans Flow logs
Registry dumps
What technology is VOIP used in?
Telephpony
What does the head command do?
View the first part of a file
Steganography
The art of using cryptographic techniques to hide secret messages inside of a file
SSO Systems
Allows a user to log in with a single identity and use multipel systems without reauthenticating
Data custodians
Individuals or teams that are responsible for safekeeping information
As part of a penetration test, Lilo is attempting to cause traffic between two devices to be relayed through a third device allowing the traffic to be monitored or even altered. What type of attack is Lilo attempting? DNS attack DDOS attack On-Path attack DOS attack
On-Path attack
Mindy works for an automobile parts manufacturer and has access to a cloud environment that is exclusive to organizations that provide services or parts to a major automobile manufacturer. What model of of cloud computing does this environment represent? Public cloud Private Cloud Hybrid Cloud Community cloud
Community cloud
Joanna recovers a password file with passwords stored as MD5 hashes. What tool can she use to crack the passwords? MD5Sum John the Ripper GPG Netcat
John the Ripper
Sam is conducting a penetration test in preparation for an external pentest engagement. Sam attempts a session hijacking attack which will require a __________ to be successful. Sessiong ticket Session cookie Username User password
Session cookie
What protocol is used to securely wrap many otherwise insecure protocols? ISAKMP SSL IKE TLS
TLS
Taylor would like to try different tools on a Windows 10 system that will verify each hop along the path from the system to the server to which it is connected. Which tool or tools could Taylor try? tracert route traceroute pathping
tracert pathping
ISO 27701
An extension to ISO 27001 and is a framework for managing privacy controls to reduce the risk of privacy breach to the privacy of individuals.
Terry is investigating a security incident where the attacker entered a very long string into an input field, which was followed by a system command. What type of attack likely took place? Cross site request forgery Server siude request forgery Command injection Buffer overflow
Buffer overflow
Which component of an incident response plan focuses on keeping the organization functional when incidents occur? Communications plan Stakeholder management plan Business continuity Disaster recovery
Business continuity
While reviewing systems logs, Kendra determined that phishing attacks were focused solely on members of the sales and marketing team. What type of phishing does this event indicate? Smishing Spear fishing Whaling Vishing
Spear fishing
theHARVESTER
An open source OSINT tool that gathers several different types of background information on a target
Data controllers
Entity that determines why someone processes personal information
Password Vaults
Software solutions that store, manage and secure passwords and other information
Mac needs to utilize application-level virtualization in which multiple servers operate independently while sharing an operating system. What type of resource does Mac need to use? Virtual Machines Elastic Systems Containers Hypervisors
containers
Lilo needs to provide access control in enterprise-systems applications such as database, microservice, and API access which requires considerable flexibility. Which access control scheme is Lilo likely to use? RBAC ABAC RuBAC ACL
ABAC
Nonrepudiation
Provide assurance to the recipient that the sender of the message was the original sender and not a third party
A SPAN
Traffic sent to multiple ports is forwarded to another switch port for monitoring
GPS
uses a series of satellites, tracking stations, and receivers to determine precise absolute locations on earth
Jen is configuring a cloud environment and needs to define network traffic that is allowed into the organization's cloud environment while blocking other network traffic. What resource would a cloud provider typically offer to meet this need? Firewall VPC Security groups SSH
Security groups
What is the document that tracks the custody or control of a piece of evidence called? Evidence log Audit log Event report Chain of custody
Chain of custody
Lyndsey wants to implement a striped drive solution. What RAID level does this describe? RAID 0 RAID 1 RAID 5 RAID 6
RAID 0
What type of attack does an account lockout policy help to prevent? Stolen password Race Condition Buffer Overflows brute force
Brute force
Kevin would like to utilize a security control that can implement access restrictions across all of the SaaS solutions used by the organization. What control would best meet Kevin's needs? Security group Resource policy CASB SWG
CASB
CPP recently upgraded the Guest Wi-Fi account to require the gathering of information such as a cell phone number before allowing access to the university network. What solution is the university likely using? WPS capture mode Kerberos WPA2 Captive portal
Captive portal
The Bronco Bookstore on campus accepts many forms of payment including cash, department account charges and credit cards. With what external compliance obligation does the bookstore need to comply? FERPA GDPR PCI DSS SOX
PCI DSS
Mackenzie needs to implement a Wi-Fi authentication solution that implements certificate-based authentication but does not require certificates on endpoints and does not require additional software to be installed on any devices. Which solution would best fit Mackenzie's needs? PEAP EAP-FAST EAP-TLS EAP-TTLS
PEAP
What type of recovery site has all the infrastructure and data needed to operate the organization? A hot site A warm site a cloud site A cold site
A hot site
What type of malicious actor is most likely to use hybrid warfare? A nation state A script kiddie A hacktivist An inside threat
A nation state
Risk Avoidance
A risk response strategy where the strategy is to eliminate the potential for a risk to occur
Broadcast domain
A segment of a network where all devices have the same IP subnet
VPN
A tool that creates a virtual network that users outside of your network can connect to and interact with each other as if they were on the same network.
The SWIFT club has 80 members and they all need the ability to communicate with one another securely using an asymmetric encryption system. The system allows any two members to communicate without other members eavesdropping. If an 81st member is added to the club, how many new keys must be added to the system? 1 2 80 81
2
Lilo is working in the SOC and observes a command and control system being used to allow attackers to manage, control and update systems automatically. What type of malware is Lilo observing? A bot A drone A Vampire A Worm
A bot
Taylor is reviewing authentication frameworks for wireless networks. Which framework is Taylor likely to find most useful for wireless environments? SAML EAP OAuth LDAP
EAP
Ransomware
Malware that takes over a computer and then demands payment
What type of malware is VBA code most likely to show up in? Macro Viruses RATs Worms Logic bombs
Mcaro Viruses
Cynthia wants to make an exact copy of a drive using a Linux command-line tool. What command should Cynthia use? dd df cp ln
dd
Sam has developed a plan to prevent ransomware, what would be an additional critical step to defend the organization against losses from ransomware? (choose the best answer) back up all data deploy a backup system that stores files in a separate location that will not be impacted if the system or device it backs up is infected Ensure old data is deleted obfuscate data at rest
deploy a backup system that stores files in a separate location that will not be impacted if the system or device it backs up is infected
Data stewards
Carry out the intent of the data controllers
Taylor is designing a pentest platform that needs to be able to expand and contract as needs change. Which of the following terms describes Taylor's goal? Elasticity Scalability Agility Cost effectiveness
Elasticity
Maria working for a Florida-based firm and is completing a forensic examination related to events that emanated from California. What legal concept must be considered when determining if laws from a particular state must be considered or adhered to in a particular investigation? Nexus Nonrepudiation Jurisdiction Admissibility
Nexus
Miguel sends backups to a company that keeps them in a secure vault. What type of backup solution has Miguel implemented? Nearline Safe Online Offline
Offline
Sam has detected lateral network traffic that is not compliant with the organization's security policy creating a belief that a cybersecurity compromise has already occurred. Sam decides to search for evidence of the compromise, which type of security assessment technique should Sam utilize? Vulnerability scanning Penetration testing Threat huntiung War driving
Threat hunting
NFC
VERY short range wireless data transmission that allows devices to transfer payment information to a POS, point of sale, system. (Near Field Communication)
Kara discovered the web server was being overwhelmed by traffic causing a CPU bottleneck. Using an interface from the cloud provider, Kara added a second web server and a load balancer to balance the load between the two servers. What term best describes Kara's action? Elasticity Horizontal Scaling Vertical Scaling High Availability
Horizontal scaling
When CIS students receive an email from Dr. Hwang that has been digitally signed, what key should the students use to verify the digital signature? Dr. Hwangs.......... Public Key Private key Student's....... Individual public keys Individual private keys
Dr. Hwang's public key
Lilo is configuring a web server to use digital certificates and wishes to allow clients to quickly verify the status of the certificate without contacting a remote server. What technology can Lilo use to accomplish this outcome? Certificate Pinning Certificate stapling CRL OSCP
Certificate stapling
Michael is wanting to implement numerous smaller servers for the data center and then deploy a load balancer to gain scalability. What type of scalability is Michael trying to implement? Horiziontal Scalability Vertical Scalability Lateral scalability Hot-site Scalability
Horiziontal Scalability
Taylor is conducting a penetration test and deploys a toolkit on a compromised system which is then used to gain access to other systems. What term best describes Taylor's activity? OSINT Lateral Movement Privilege Escalation Footprinting
Lateral movement
Ben examined the hash values for the firmware on a firewall that was just shipped from the manufacturer and discovered they do not match values published by the firewall's manufacturer. What type of attack should Ben be concerned with regarding the mismatched hash values? A hoax A vishing attack A supply chain attack A pharming attack
A supply chain attack
Dr. Hwang is the CIS department chair and wishes to send a message to CIS students that does not need to be kept secret but students need to be assured that the message actually came from Dr. Hwang. What key should Dr. Hwang use to sign the message? Dr. Hwangs.......... Public Key Private key Student's....... Individual public keys Individual private keys
Dr. Hwangs' Private key
Logging into an AWS environment to perform maintenance work is most commonly done through which tool? SSH Telnet FTP SFTP
SSH
What type of phishing targets specific groups of employees, such as all managers in the financial department of a company? Smishing Spear Fishing Whaling Vishing
Spear Fishing
Taylor needs to prevent a know Excel file from being downloaded and accessed on devices that are being managed. What type of tool can Taylor use to accomplish this task? Allow list SOAR SIEM Deny list
Deny list
Taylor was made aware that some users devices were unintentionally configured in a manner that caused devices to act as wireless access points on the network. What is the term used for such access points? Evil twin Alternate SSID Rogue AP Split WiFi
Rogue AP
What technology is SCADA used in?
Industrial Control Systems
Intranet
Internal networks that are used by employees or highly trusted entities
Guidelines
bet practices and recommendations given for a cocnept, technology or task
Sam is using full disk encryption technology to protect the contents of laptops against theft. What goal of cybersecurity is Sam attempting to achieve? Integrity nonrepudiation Authentication Confidentiality
Confidentiality
Sam is responsible for the deployment of IoT gateway devices located in close proximity to sensors that are collecting data. The gateway performs preprocessing of the data before sending results to the cloud. What term best describes this approach? Edge computing Client-server ocmputing Fog computing Thing client computing
Fog computing
Sam discovered that users are struggling to use their personal devices to complete specific work on organization systems. In response, Sam created a document with solutions users may try to achieve their intended outcomes. What type of document did Sam create? Policy Standard Guideline Procedure
Guideline
Sam wants to set an account policy that raises an alert if a user logs in from two different locations in a timeframe that is too short for reasonable travel. What type of account policy should Sam set? Time of day Geogencing time based logins Impossible travel time
Impossible travel time
Entering the command chmod 754 with respect to a file will result in which set of permissions? rw-rw-rw- rwxr-xr-x rwxr-xr-- rwxrwxrwx
rwxr-xr--
What technology are raspberry Pis used in?
Embedded system
Marie is researching solutions to ensure that the administrative interfaces of network devices cannot be accessed by attackers. Which of the following solutions is typically utilized for this purpose? NAC Trunking Out-of-band management Port security
Out-of-band management
RAID 5
Data is striped across drives. Data is striped across drives, with one being used for parity for the data
After a forensic analysis of a cyber breach, Taylor discovered that software was left on the system allowing attackers to have remote access to systems within the company. How should Taylor describe or classify this malware? A Worm Crypto Malware A trojan A back Door
A backdoor
Substitution cipher
A type of coding or cipehring that changes one cahracter or symbol to another
Taylor performs a backup that captures the changes since the last backup. What type of backup has Taylor performed? A new full backup A snapshot An incremental backup A differential backup
An incremental backup
bots
Remotely controlled systems or devices that have malware installed on them
Worms
Seklf-installed and spread on their own
Risk mitigation
a process whereby the organization takes actions to REDUCE the probability of a risk occuring
keyloggers
Programs that capture keystrokes from keyboards
integrity
Ensures that data is not altered without authorization
What does the cat command do?
output file contents so that they can be appended to other files
theHarvester
An open source intelligence gathering tool that can retrieve information like email accounts, domains, usernames, and other details using LinkedIn; search engines like Google, Bing, and Baidu; PGP servers; and other sources. t
Which of the CVSS metrics would contain information about the difficulty of exploiting the vulnerability? AV C PR AC
AC
In preparation for a penetration test engagement, Kai goes to the IT managers house on trash day to rifle through the trash can that is out on the street and search for information about the manager that may prove useful during the penetration test. What term describes this activity? Trash Pharming Dumpster harvesting Dumpster diving waste engineering
Dumpster diving
A home router typically runs a NAT firewall that keeps track of the session status between devices in the home and addresses on the Internet to which home devices connect. Tracking this status allows the home router to redirect traffic from Internet sources back to the correct device on the home network. This is an example of which type of firewall? Application Stateless Stateful Heuristic
Stateful
Which of the following are considered embedded systems by the Security+ exam? (there is more than one answer) Android phone Raspberry Pi Arduino Android tablet FPGA
Android phone Raspberry Pi Arduino FPGA
Infrared
Low to high bandwidth, requires line of sight
Rootkits
Malware that is specfically designed to allow attackers in through a backdoor
backdoor
methods or tools that provide access that bypasses normal authentication and authorization procedures, allowing attackers access to systems, devices, or applications.
Sam needs to create load balancing to ensure that a failure of the organizations web server will cause a secondary or backup system to come online and start handling web requests. What type of load balancer should Sam implement? Active/active Active/passive Round-robin Least connection
Active/passive
University IT staff discover that a student is operating a for-profit enterprise from a dorm room using university computing and communications resources. What policy would IT staff likely review when dealing with this situation? NDA MOU SLA AUP
AUP
An individual's name, location, and role in the organization are all examples of what? Biometric factors Identity factors Attributes Account permissions
Attributes
Inherent Risk
The original level of risk, before security controls are implemented
Which of the following techniques is considered passive reconnaissance? Port scans Vulnerability scanning WHOIS lookups Footprinting
WHOIS lookups
Sam is seeking the most robust solution possible to ensure that stolen or lost devices do not result in a data breach the company. What solution is best to meet this challenge? Context-aware authentication Containerization Storage segmentation Full-device encryption
Full-device encryption
Sana is deploying the organization's websites in the local AWS availability zone as well as an availability zone across the country. This plan will provide enhanced uptime and scalability, but why did Sana choose an availability zone on the far side of the country? Because it is requrie by law Network traffic latency concerns Geographical dispersal Geographic tax reasons
Geographical dispersal
The Student Data Center (SDC) on campus ties together local computing capabilities within the SDC with capabilities from multiple public-cloud providers. Which deployment model best describes this environment? Public Cloud Private cloud community cloud hybrid cloud
Hybrid Cloud
Taylor is saving hash values of data archives so that these same archives in the future can be tested to ensure that the archive has not been changed or modified. What goal of cybersecurity is Taylor attempting to achieve? Inegrity Nonrepudiation Authentication Confidentiality
Integrity
Jen is engaged in a penetration test and wishes to eavesdrop on communications between a user and a web server. What type of attack would Jen likely use? Man in the middle Session hijacking Buffer overflow Meet in the middle
Main in the middle
Filesystem Controls
Determines which accounts can read, write, access and/or execute files in a system
Risk transference
Shfits some of the risk an organization is experiencing to another entity
RAID 1
All data from one half of the drives are copied to the other half exactly. Mirrored
Taylor is preparing to perform a cybersecurity assessment at a nuclear power plant with a focus on embedded systems controls. Which of the following topics should Taylor review to prepare? SCADA AVAD SIM HVAC
SCADA
Benny needs to create an account for an application (e.g. a VM instance) to access other resources. What type of account should Benny use? Usr account Admin Account Guest Account Service Account
Service Account
Lilo wants to use Perfect Forware Secrecy to ensure message security as well as SAE in place of shared keys. What Wi-Fi security standard does Lilo need to implement? WPA WPA2 WPA3 WPA4
WPA3
When making a change to a web application in use by an organization to fix a bug, the work should be completed in the _____________ environment. Test Development Stagin Production
Development
Taylor is seeking the Cloud Reference Architecture which offers a high-level taxonomy for cloud services. What document should Taylor access? CSA CCM NIST SP 500-292 ISO 27001 PCI DSS
NIST SP 500-292
RFID
Relateively short range communication using tags and receivers
Bluetooth
Short range, low bandwidth wireless technology often used for mobile phone headsets or earphones operates at 2.4ghz
Marta discovers that someone set up a website with a URL that is nearly identical to the site she manages and appears to be easily mistaken for her own. Which of the following best describes this sort of attack? Phishing Pharmning Typosquatting Tailgating
Typosquatting
SAML
An XML Based open standard for exchanging authentication and authorizing information
Alex is reviewing network logs and recognized a high volume of brute force username/password attacks against organization and IT leadership members' credentials. What type of attack might Alex surmise is taking place? Spoofing Spooning Whaling Vishing
Whaling
Carla needs to capture network traffic to support a forensic investigation. What tool should Carla use? EnCase FTK dd Wireshark
Wireshark
Sam wants to change file permissions. Which of the following command-line Linux tools will accomplish this task? logger tail chmod head
chmod
What device or service would alert the security team to an unauthorized wireless access point? wireless intrusion detection system Firewall Router logs Rainbow table
wireless intrusion detection system
tcpdump
A common packet analyzer that runs under the command line. It allows the user to display TCP/IP and other packets being transmitted or received over a network to which the computer is attached.
Mackenzie's firm is reviewing a recent data breach related to a partnership with another company that codeveloped and comarketed one of the firm's most profitable products. Which type of document should Mackenzie likely review to determine responsibility and next steps? BPA CTF MSA SLA
BPA
Mackenzie was offered an on-the-job training opportunity that includes defending the organization's systems from attack as part of a security training exercise. What role is Mackenzie playing in this exercise? Red Team blue Team Orange Team White Team
Blue Team
Ash recently received a flash drive with data along with instructions to load the data into the recently-created customer database. The flash drive arrived in an envelope that appeared to be official and the sending address was the address of the company's headquarters. Ash loaded the data and then discovered the flash drive was actually send by a company conducting a penetration test on the organization and the sending address was manipulated by the company completing the pentest. What social engineering principle best matches this type of attack? Consensus Authority Scarcity Trust
Trust
Mac is monitoring a log file and wishes to view the most recent entries which are found at the bottom of the file. Which command will allow Mac to view the most recent entries to the file? logger view-last tail chmod
tail
What service runs on port 443?
HTTPS
What technology is CAN used in?
Automobiles
Taylor is granted a set of IS permissions to carry out work but restricted from many other systems capabilities and resources. This is an example of which principle? Separation of duties Least privilege Clean desk space Nondisclosure agreement
Least privilege
Standards
Mandatory requirements describing how an organization will carry out IS responsibilities
Precompiled SQL statements that only require variables to be input are an example of what type of application security control? Parameterized queries Encoding Data Input validation Appropriate access controls
Parameterized queries
A formal document was recently sent from our university president designating that all systems access at Cal Poly Pomona must use MFA. This document is an example of which type of document? Policy Standard Guideline Procedure
Policy
Taylor's employer is collecting information from subscribers to enhance customer support but then using this same information for marketing without subscribers' permission. What principle is likely being violated? Data minimization Data retention Purpose limitation Data sovereignty
Purpose limitation
Calculate the impact sub-score (ISS) given the following CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 0.24 0.56 0.44 0.92
0.56 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Attack Vector: Network (score: 0.85) Attack Complexity: Low (score: 0.77) Privileges Required: None (score: 0.85) User Interaction: None (score: 0.85) Scope: Unchanged Confidentiality: High (score: 0.56) Integrity: None (score: 0.00) Availability: None (score: 0.00) ISS = 1 - [(1 - Confidentiality) x (1-Integrity) x (1-Availability)] ISS = 1 - [(1-0.56) x (1-0) x (1-0)] = .56
Lilo needs to conduct a forensic investigation and needs to find an open source forensic suite due to financial constraints. Which of the following tools should Lilo select? EnCase FTK WinHex Autopsy
Autopsy
Cipher
A method used to scramble or obfuscate cahracters to hide their values
Port Security
A capability that allows you to limit the number of MAC addresses on a single port number
Which of the following controls will NOT affect scan results? Firewall settings Network segmentation Audit requirements Intrusion Detection System (IDS)
Audit Requirements
Which type of compute environment is designed to be ephemeral and using shared resources thereby creating fewer forensic artifacts? Mobile phone Virtual machines Containers Physical servers
Containers
After conducting a risk measurement exercise to determine the organization's risk before implementing mitigations or controls, Lilo then measured the risk that still remains after the application of mitigations and controls. What term best describes this risk? Inherent risk Control risk Risk appetite Residual risk
Residual risk
What is an HSM used for? To capture biometric enrollment data To generate, manage, and securely store cryptographic keys To generate one-time passwords via a time-based code algorithm To enable federation between organizations
To generate, manage, and securely store cryptographic keys
ISO 27001
standard document titled "Information technology— Security techniques—Information security management systems— Requirements." This standard includes control objectives covering 14 categories
Lilo is concerned about vehicles approaching the entrance to a building. What physical security control should Lilo implement. Hot aisle Robotic Sentry Bollard Firewall
Bollard
At which phase of the cyber kill chain does an attacker gain two-way communication with the remote system? Weaponization Delivery Exploitation Command and Control
Command and Control
Maria wants to use an individuals job requirements as the basis for an access control scheme. Which scheme is best suited to this implementation? RBAC DAC ABAC MAC
RBAC
Taryn wants to ensure that the threat of a data breach due to a lost phone. What pair of technologies are best suited to this need? Wi-Fi and NFC Remote wipe and FDE Containerization and NFC Geofencing and remote wipe
Remote wipe and FDE
What type of cipher operates on one character at a time? Block cipher Bit cipher Stream cipher Balanced Cipher
Stream cipher
RAID 10
a combination of RaID 1 and RaID 0 that requires at least four disks to work as an array of drives and provides the best redundancy and performance.