Practice
Which of the following statements accurately describes DoS and DDoS attacks? Select three answers.
1. A DDoS attack involves multiple hosts carrying out the attack. 2. A DoS attack involves one host conducting the attack 3. A network device experiencing a DoS attack is unable to respond to legitimate users.
Which of the following statements correctly describes passive and active packet sniffing? Select three answers.
1. Active packet sniffing may enable attackers to redirect the packets to unintended ports. 2. The purpose of passive packet sniffing is to read data packets while in transit. 3. Using only websites with HTTPS at the beginning of their domain names provides protection from packet sniffing.
Which of the following statements accurately describe risk? Select all that apply.
1. Another way to think of risk is the likelihood of a threat occurring. 2. If compromised, a medium-risk asset may cause some damage to an organization's ongoing operations. 3. A high-risk asset is any information protected by regulations or law
Which of the following proficiencies are examples of technical skills? Select two answers.
1. Automating tasks with programming 2. Applying computer forensics
Which of the following statements accurately describe personally identifiable information (PII) and sensitive personally identifiable information (SPII)? Select all that apply.
1. Both PII and SPII are vulnerable to identity theft 2. An example of SPII is someone's financial information 3. An example of PII is someone's date of birth
What characteristics do the TCP/IP and OSI models share?
1. Both models illustrate network processes and protocols for data transmission between two or more systems. 2. Both models include and application and transport layer 3.
Which of the following areas are in the controlled zone? Select all that apply.
1. Demilitarized zone (DMZ) (The DMZ contains public-facing services that can access the internet.) 2. Internal network (The internal network contains private servers and data that the organization needs to protect.) 3. Restricted zone (The restricted zone protects highly confidential information that is only accessible to employees with certain privileges.)
Which of the following examples are key focus areas of the security and risk management domain? Select three answers.
1. Follow legal regulations 2. Maintain business continuity 3. Define security goals
A security team wants to examine logs to understand what is occurring within their systems. Why might they choose Linux to perform this task? Select two answers.
1. It allows for text-based commands by users 2. It is open source
What are some key benefits of using Python to perform security tasks? Select all that apply.
1. It saves time. 2. It helps ensure accuracy
Which of the following statements accurately describe the NIST CSF? Select all that apply.
1. Its purpose is to help manage cybersecurity risk. 2. It consists of standards, guidelines, and best practices. 3. It is only effective at managing long-term risk.
Which of the following statements correctly describe logs? Select two answers.
1. Logs help identify vulnerabilities and potential security breaches. 2. A business might log errors that occurred as a result of high network traffic.
What are some of the primary purposes of security frameworks? Select three answers.
1. Managing organizational risks 2. Protecting PII data 3. Identifying security weaknesses
Which of the following are core components of security frameworks? Select two answers.
1. Monitoring and communicating results 2. Identifying and documenting security goals
Which of the following tasks can be performed using SIEM tools? Select three answers.
1. Proactively searching for threats 2. Performing incident analysis 3. Providing alerts for specific types of risks
Which of the following tasks are typically responsibilities of entry-level security analysts? Select all that apply.
1. Protecting computer and network systems 2. Installing prevention software
What are some key benefits of programming languages? Select all that apply.
1. They complete tasks faster than if working manually. 2. They can be used to create a specific set of instructions for a computer to execute tasks. 3. They reduce the risk of human error.
What are some benefits of swithces?
1. They only pass data to the intended destination 2. They control the flow of traffic 3. They can improve network performance
What are some key benefits associated with an organization meeting regulatory compliance? Select two answers.
1. Upholding ethical obligations 2. Avoiding fines
Which types of attacks take advantage of communication protocols by sending an overwhelming number of requests to a server? Select all
1.) SYN flood attack 2.) ICMP flood attack
Which of following is an example of an IPv4 address?
172.16.254.1
Which of the following statements accurately describes a smurf attack?
A network attack performed when an attacker sniffs an authorized user's IP address and floods it with packets.
What is the Transmission Control Protocol (TCP)
An internet communication convention
Which action can a security analyst take when they are assessing a SIEM alert?
Analyze log data and related metrics
Which layer of the TCP/IP model has protocols that organize file transfers and email services?
Application Layer
You're monitoring a SIEM dashboard and receive an alert about a suspicious file download. What's the first thing you should do?
Assess the alert by gathering more information
Which domain involves securing digital and physical assets, as well as managing the storage, maintenance, retention, and destruction of data?
Asset security
Fill in the blank: ____ refers to all the potential vulnerabilities a threat actor could potentially exploit in a system.
Attack Surface
You are helping your security team consider risk when setting up a new software system. Using the CIA triad, you focus on confidentiality, integrity, and what else?
Availability
What term describes an organization's ability to maintain its everyday productivity by establishing risk disaster recovery plans?
Business continuity
After you've taken all the necessary steps outlined in your organization's playbook to resolve the incident, what should you do?
Communicate the incident to stakeholders
What is the main objective of a Denial of Service(DoS) attack?
Disrupt normal business operations
What type of attack uses multiple device or servers in different locations to flood the target networks with unwanted traffic?
Distributed Denial of Service (DDoS) attack
Fill in the blank: ____ is a process performed by a VPN service that protects data in transit by wrapping sensitive data in other data packets.
Encapsulation
Which security event, related to the successful infiltration of a credit reporting agency, resulted in one of the largest known data breaches of sensitive information, including customers' social security and credit card numbers?
Equifax breach
A business recently experienced a security breach. Security professionals are currently restoring the affected data using a clean backup that was created before the incident. What playbook phase does this scenario describe?
Eradication and recovery
Someone outside of an organization attempts to gain access to its private information. What type of threat does this scenario describe?
External
Playbooks are permanent, best-practice documents, so a security team should not make changes to them
False
True or False: Stateless is a class of firewall that keeps track of information passing through it and proactively filters out threats.
False
Passive packet sniffing involves data packets being manipulated while in transit which may include injecting internet protocols to redirect the packets to unintended ports or changing the information the packet contains.
False (Active Packet Sniffing)
To connect an entire city, the most effective network type would be a local area network (LAN)
False (WAN)
A business experiences an attack. As a result, its critical business operations are interrupted and it faces regulatory fines. What type of consequence does this scenario describe?
Financial
What monitors and filters traffic coming in and out of a network?
Firewall
Which network protocol provides a secure method of communication between clients and web services
HTTPS
A security professional wants to ensure information is being broadcast to every computer on their organizations network. What device should they investigate?
Hub
A malicious actor changes to the source IP of a data packet in order to communicate over an organization's internal network. Which type of attack is this?
IP Spoofing
Which type of attack involves an attacker changing the source IP of a data packet to impersonate an authorized system and gain access to the network?
IP Spoofing
What do security professionals typically do with SIEM tools?
Identify and analyze security threats, risks, and vulnerabilities
An individual has their personal information stolen. They discover that someone is using that information to impersonate them and commit fraud. What does this scenario describe?
Identity Theft
A security analyst verifies users and monitors employees' login attempts. This goal is to keep the business's assets secure. Which security domain does this scenario describe?
Identity and access management
Which domain involves keeping data secure by ensuring users follow established policies to control and manage physical assets?
Identity and access management
You are a security professional working for a state motor vehicle agency that stores drivers' national identification numbers and banking information. Which ethical principle involves adhering to rules that are intended to protect these types of data?
Laws
Fill in the blank: in a/an ____ attack, a malicious actor places themselves in the middle of an authorized connection and intercepts the data in transit.
On-path attack
Fill in the blank: The Denial of Service(DoS) attack _____ is caused when a hacker sends a system an ICMP packet that is bigger than 64KB
Ping of Death
Which type of attack occurs when a malicious actor sends and oversized ICMP packet to a server?
Ping of Death
Which ethical principle describes safeguarding personal information from unauthorized use?
Privacy Protection
What type of address is assigned by an internet service provider and connects to a geographic location?
Public IP address
A malicious actor intercepts a network transmission that was sent by an authorized user and repeats it at a later time to impersonate a user. Which type of attack is this?
Replay
You determine that the suspicious file download alert is valid, so you follow the steps in your organization's playbook to contain and eliminate traces of the incident. What should you do next?
Restore affected systems
Which security zone is used to ensure highly confidential information and is only accessible to employees with certain privileges?
Restricted zone
A security team investigates a server that has been overwhelmed with SYN packets. What does this scenario describe?
SYN flood attack
What type of attack poses as a TCP connection and floods a server with packets simulating the first step of the TCP handshake?
SYN flood attack
To keep information safe from malicious actors, what security protocol can be used?
Secure sockets layer and transport layer security (SSL/TLS)
Which domain involves conducting investigations and implementing preventive measures?
Security Operations
Which domain involves defining security goals and objectives, risk mitigation, compliance, business continuity, and the law?
Security and risk management
A security professional is optimizing data security by ensuring that effective tools, systems, and processes are in place. Which domain does this scenario describe?
Security architecture and engineering
Shared responsibility is a core concept of which domain?
Security architecture and engineering
A security analyst is asked to conduct a security audit to identify vulnerabilities. Which security domain is this task related to?
Security assessment and testing
Which domain involves conduction, collecting, and analyzing data, as well as conducting security audits to monitor for risks, threats, and vulnerabilities?
Security assessment and testing
A security professional working at a bank is running late for a meeting. They consider saving time by leaving files on their desk that contain client account numbers. However, after thinking about company guidelines with regards to compliance, the security professional takes the time to properly store the files. Which concept does this scenario describe?
Security ethics
A cybersecurity analyst is tasked with proactively searching for threats and performing incident analysis. What type of tools should they use?
Security information and event management (SIEM)
A malicious actor takes down a network by flooding an authorized user's IP address with packets. Which type of attack is this?
Smurf Attack
Fill in the blank: Exploiting human error to gain access to private information is an example of _____ engineering.
Social
What type of information is contained within the header of an IP packet?
The sender's IP address, the size of the packet, and the protocol to use
A security professional is asked to teach employees how to avoid inadvertently revealing sensitive data. What type of training should they conduct?
Training about social engineering
IEEE 802.11, also known as Wi-Fi, is a set of standards that define communication for wireless LANs
True
As a security analyst, you are monitoring network traffic to ensure that SPII data is not being accessed by unauthorized users. What does this scenario describe?
Using network protocol analyzer (packet sniffer)
Fill in the blank: Encapsulation can be performed by a ____ to help protect information by wrapping sensitive data in other data packets.
VPN service
Fill in the blank: A switch uses a MAC ____ to direct data packets to the correct device.
address table
Fill in the blank: A key aspect of the CIA triad is ensuring that data is correct, _____, and reliable.
authentic
Fill in the blank: Security posture refers to an organization's ability to react to _____ and manage its defense of critical assets and data.
change
Fill in the Blank: The practice of using servers, applications, and network services that are hosted on the internet is called ________ computing.
cloud
Fill in the blank: A database is a ____ of organized data stored in a computer system.
collection
Fill in the blank: A _____ is malicious code written to interfere with computer operations and cause damage to data.
computer virus
Fill in the blank: Once a security incident is resolved, security analysts perform various post-incident activities and ______ efforts with the security team
coordination
Fill in the blank: Cybersecurity aims to protect networks, devices, people, and data from _____ or unauthorized access.
criminal explotiation
Fill in the blank: Some of the most dangerous threat actors are ______ because they often know where to find sensitive information, can access it, and may have malicious intent.
disgruntled employees
Fill in the blank: In the Risk Management Framework(RMF), the ____ step might involve implementing a plan to change password requirements in order to reduce requests to rest employee passowrds.
implement
Fill in the blank: The software development security domain involves the use of the software development ____, which is an efficient process used by teams to quickly build software products and services.
lifecycle
Fill in the blank: An Internet Protocol(IP) address is a unique string of characters that identifies the ____ of a device on the internet.
location
Fill in the blank: Security information and even ______ (SIEM) tools enable security professionals to identify and analyze threats, risks, and vulnerabilities.
management
Fill in the blank: Network protocols are rules used by two or more devices on a network to describe the _____ and structure of data
order of delivery
Fill in the blank: Security professionals use _____ to help them manage a security incident before, during, and after it has occurred.
playbooks
Fill in the blank: A _____ is a software-based location that organizes the sending and receiving of data between devices on a network.
port
Fill in the blank: A security analyst uses a _____ to regulate and restrict access to an internal server from the internet. This tool works by accepting traffic from external parties, approving it, and forwarding it to internal servers.
reverse proxy server
Fill in the blank: A(n) _____ regulates and restricts the internet's access to an internal server.
reverse proxy server
Fill in the blank: A security professional has been tasked with implementing strict password policies on workstations to reduce the risk of password theft. This is an example of _____.
security controls
Fill in the blank: A security analyst can protect against malicious packet sniffing by ______ to encrypt data as it travels across a network.
using a VPN
