Practice Tests
You have been asked to explain a few information security principles to a network infrastructure technician who has been in the industry for just a couple of years . After chatting a little while about threat actors , you decide to mention some of the attributes that differentiate attackers from one another , and which can help explain the types of attacks that can be expected from them . Which of the following might you decide to include in the conversation ? Each correct answer represents a complete solution . Choose three .
A B Internal vs. external Well - funded vs. poorly - funded Motivation
Which of the following is an accurate characteristic of threat maps ?
A geographical map is used to help visualize attacks localization
Which of the following situations would most likely motivate a hacktivist ?
A large food - processing enterprise is dumping byproducts into a nearby stream .
Which of the following is an example of preventative control ?
A locked door
What is eDiscovery ?
A process for sharing electronic forensic data
Which of the following physical security solutions qualifies as both a preventative and a detective control ?
A security guard A locked door
Which statement about physical security controls is most accurate ?
A security guard is an example of physical security control .
What are hot and cold aisles designed to assist ?
Air circulation in the server room
A company configures workstations only to run software on an approved list . What is this an example of ?
Allow listing
You were asked to build a web server for a new business unit in your company . One of the administrators , Bob , manages all of the SSL certificates for the enterprise . Once you get the server fully established and configured , you head over to Bob's office with the name and IP address of the server to watch the process he uses to obtain a certificate for the server . Bob remotes into the server with the address you supplied and enters an openssl command , specifying a 4096 - bit cipher , that creates two files , one enter a distinguished name ( DN ) made up of the company's name and location , the name of the new business unit , as well as Bob's email address and the of the registration authority ( RA ) for the certificate authority ( CA ) that your company uses . During the process , the openss1 command prompts Bob to containing a private key , he places in a directory with restricted access , and another he copies the contents of before pasting them in a form on the website FODN of the new website . What did Bob send to the RA to apply for the server's certificate
CSR
Your company allows you to use the same smartphone for both personal and work purposes , but only if it's one of a half - dozen different models on an approved list . If you don't have an approved device , the company will pay for part of your upgrade . What kind of deployment model does the company use ?
CYOD
What security feature makes it more difficult for an attacker to trick you into installing a fraudulent Ethernet driver that reports on your network activities ?
Code signing
Which of the following statements is a good guideline in preparing for zero - day vulnerabilities ?
Common industry - recommended security controls can mitigate the risk associated with zero - day attacks .
Someone put malware on your computer that records all of your keystrokes . What aspect of security was primarily attacked ? Choose the best response
Confidentiality
You're configuring a router and want it to check the properties of incoming traffic before passing it on . What will this require , at a minimum ?
Configuring ACLs
What form of incident mitigation technique do isolation and segmentation exemplify ?
Containment
Your organization has a critical database full of customer PII , and a new employee was just authorized to use it . How would you best describe the role of the system administrator who configures user permissions in the database software ?
Data custodian
Privacy - enhancing technologies are part of a larger principle by which the amount of PII , PHI , or other sensitive private data that is collected and stored is carefully limited . What is the " umbrella " term under which many other terms regarding privacy enhancement fall ?
Data minimization
Click and drag the secure application - development environments into the order in which they are utilized during the creation and deployment process . Each item must be moved or clicked before submitting . Do not click Submit until each item is labeled with a number .
Development Test Staging Production
During the investigation of the breach of a server , a security admin , working off the assumption that the attacker cracked the strongest encryption the organization has ever deployed , was surprised to discover that the attack succeeded through the compromise of a much weaker algorithm Which of the following cryptographic attacks is characterized by these symptoms ?
Downgrade
A security program alerts you of a failed login attempt to a secure system . On investigation , you learn the system's regular user accidentally had caps lock turned on . What kind of alert was it ?
False positive
You want to test an application to make sure it doesn't behave insecurely when it receives non - standard input . What technique should you use ?
Fuzzing
In the area of threat hunting , what is meant by intelligence fusion ?
Gathering intelligence from multiple sources to feed advanced analytics
Which of the following are forms of cybersecurity resilience that help to ensure fault tolerance or recoverability of services in the case of an outage ? Each correct answer represents a complete solution . Choose three .
Geographically dispersed data centers NIC teaming A diesel generator
What is true of a digital certificate , but not true of a digital signature ? Each correct answer represents a complete solution . Choose two .
Has a valid starting and ending date Proves the authenticity of a person or system
You're shopping for a new A / C unit for your server room and are comparing manufacturer ratings . Which combination will minimize the time you'll have to go without sufficient cooling ?
High MTBF and low MTTR
Which of the following statements concerning hybrid warfare is a false statement ?
Hybrid warfare requires human - to - human interaction .
Which statements about service accounts are most accurate ? Each correct answer represents a complete solution . Choose two .
It is an account associated with an application or service that needs to interact with the system . A web server will have a service account that owns and accesses resources as if it were a user but independent of which user installed or ran the service .
Which of the following is a unique characteristic of an EV certificate ?
It requires a stricter identity verification process on application .
Your employer stores a copy of all private keys used on devices in the enterprise because the regulatory agency that audits and certifies your company's business practices demands centralized access to them in case the court's order decryption of any official communications at the agency's request . What is this an example of ?
Key escrow
You have a critical database server that continuously backs its files up to the critical failure , it would take a long time to get it working again . Assuming these constraints are acceptable , how would you describe your recovery plan for cloud . Still , its software environment is so finicky that if it encountered a that service ?
Low RPO and high RTO
What security controls can protect against tailgating ? Each correct answer represents a complete solution . Choose two .
Mantraps Security guards
Three applications were developed in - house to work together on a complex task . After a month of continuous execution , it is discovered that one of the applications frequently requests that shared memory be allocated for a procedure that all three applications must contribute to Once the procedure is complete , the requesting applications fail to release the memory , and neither of the two other applications requires that the memory remain allocated nor do they take responsibility for releasing it . What type of vulnerability has the requesting application introduced ?
Memory leak
Your company is developing a custom web app for the sales team . It should be able to access a list of Salesforce contacts , but for security reasons , the app shouldn't be able to access the actual Salesforce account . What standard would allow this ?
OAuth
What makes Python a good choice for crafting malicious scripts for an attack ?
Python is installed by default on the majority of Linux distributions and is available to install on the rest .
A user logs into their computer and is presented with a screen showing a US Department of Justice logo indicating the computer has been locked due to the user violating federal law . The screen gives several details of the violation and indicates that the user must pay a fine of $ 500 within 72 hours , or a warrant will be issued for their arrest . The user cannot unlock the system . What type of malware has likely infected the computer ?
Ransomware
What group permissions would a Linux file have if its permissions displayed as ' -rwxrw - r-- ' ?
Read and write
Which of the following are examples of threat vectors ? Each correct answer represents a complete solution . Choose two .
Removable storage media Email attachments
operating system and hide from anti - malware software . What kind of malware is it ? You've found a computer infected by stealth malware . The program installed itself as part of the computer's boot process to gain access to the entire
Rootkit
Which of the following are application attacks that directly target the database programs sitting behind web servers ? Each correct answer represents a complete solution . Choose two .
SQL injection XML injection
What category of attackers are defined by their limited sophistication and funding and a reliance on pre - packaged tools ?
Script kiddies
If your organization is in need of a pre - written benchmark for validating that your network infrastructure devices are secured properly , what offering from an industry standards organization can best help with this requirement ?
Secure configuration guide
Mary receives a text message asking her to contact IRS due to unpaid taxes . When she calls , the person on the other end of the line attempts to get her to disclose a bank account number , Social Security personal information . What type of attack is this ?
Smishing
Which of the following risks is brought on by the need to rely on an external third party ?
Supply chain compromise
Which statement about the authentication technologies TOTP , HOTP , and SMS is accurate ?
TOTP is more secure than HOTP and SMS
A security appliance that has been installed for six months and was designed to use artificial intelligence ( Al ) to detect malicious traffic on the network did not catch the existence of an APT that was discovered when it acted on its objectives , disabling the majority of the enterprise's critical systems . Analysis revealed that the original attack before establishing persistence occurred four and a half months ago . Why might this advanced Al appliance have missed such a threat ?
Tainted training data was used .
If a dummy security camera with a lighted red LED is placed in a transition area between public and restricted zones in a building before any breach security has occurred , what type of security control does the camera represent ?
Technical Deterrent
What is one of the reasons why WEP is an unacceptable wireless security protocol ?
The IV is too short and can be reused
What role does SAE play in improving the security of personal mode in WPA3 as compared to that in WPA2 ?
The PSK is never used to generate the session - key or exposed in hashed form
0 An e - commerce vendor that accepts payment by credit and debit cards hired a consultant to look evidence for a data breach ; the vendor suspects that it impacted customer Pll used during return - customer transactions . Upon completing a thorough analysis , the consultant informs the vendor that there was indeed an exfiltration of private customer information . Furthermore , the consultant reveals that the information that was harvested was not adequately secured according to PCI DSS requirements because the primary account numbers ( PANs ) were hashed using MD5 and placed in local unencrypted storage locations . What technique might the consultant recommend for compliant storage of customer payment - card information ?
Tokenization
Which of the following is a concern most related to data sovereignty ?
Trusting a cloud service provider in the storage of a company's data
Which of the following describes the concept of qualitative risk assessment ?
Uses human judgment to calculate and assign a priority to the associated risk
What would be an example of a lateral movement attack ?
Using credentials discovered while on one system against another
Which of the following statements about vulnerability scans is accurate ?
Vulnerability scans should consist of credentialed scans as well as non - credentialed scans ,
What is the most common concern with regard to residential loT devices and technologies ?
Weak default configurations
What kind of penetration test involves a tester with full knowledge of your network configuration ?
White box
Which of the following are examples of non - persistence used for cybersecurity resilience ? Each correct answer represents a complete solution Choose three
Windows LKGC bootup Live boot media Windows system restore
What kind of malware can spread through a network without any human interaction
Worm
What kind of attack is against a software vulnerability that hasn't been patched yet ?
Zero - day
You've been asked to secure the private - key file on the Linux Apache Tomcat web server in your organization . When you issue the Ls -1 command at the shell prompt , the following line displays for the key file : -rw - rw - r-- 1 root root 3272 Feb 13 22:07 example.key Which commands could you enter to restrict the file to root access only ? Each correct answer represents a complete solution . Choose two .
chmod 0600 example.key chmod go - r , g - w example . key
Which of the following is a packet crafting utility useful to attackers and penetration testers ?
hping
Which of these terms refers to a category of security control in contrast to a type of control ?
Administrative
Drag the descriptions for the terms related to embedded and specialized systems from the bottom up to the spot next to the correct term
Arduino An encende FPGA B A conti Raspberry P Aque TOS Software for end
Which type of cryptography is most commonly used for secure key exchange ?
Asymmetric encryption
Which tenet of security can be affected most by an enterprise HVAC ( heating , ventilation and air conditioning system
Availability
In the context of penetration testing , which team not know that the test is underway ?
Blue team
You've traced some anomalous network activity to malware that's infected a whole department's computers . The computers are processing a distributed task using spare CPU cycles , communicating with a remote server , and sending emails to random targets . What kind of malware is it ?
Botnet
How can web cookies be securely protected by a web application during transmission to a client ? Each correct answer represents a complete solution . Choose all that apply .
By sending the Cookie HTTP header over a TLS session By setting the Secure attribute in the cookie
Which cybersecurity framework offers a number of benchmarks by which an organization can measure their adherence to their own security baselinea ?
CIS
Which of the following statements about captive portals is accurate ?
Captive portals can be used as a landing page prior to authentication
Which solution allows separation of resources down to the application level if necessary ?
Containers
What are the possible challenges involved in managing timely communication with stakeholders after the discovery of an incident ? Each correct answer represents a complete solution . Choose two .
Controlling the further dispersion of information after communication with stakeholders Meeting reported obligations after an attack .
Which feature of SIEM utilities brings together log entries from multiple components in order to find broader trends and relationships than those formed by the individual entries ?
Correlation
It has come to your attention that a newly created sensitive document is making the rounds among authorized users in the company . Which enterprise utility can you adjust the configuration of to reduce the likelihood that the document will fall into the wrong hands in a readable format ?
DLP
On an IPsec VPN , what protocol negotiates security associations ?
IKE
What kind of application centrally manages security policy and settings on all company mobile devices ?
MDM
In which category do security controls such as policies , employee training , and posted signs fall ?
Managerial
What kind of policy governs the removal of sensitive data and credentials when a user device is no longer used for company business ?
Offboarding
What type of control is a security assessment procedure ?
Operational
Your company is developing an application that will support credit card transactions and the storage of identifying information regarding paying customers Regardless of what other data the application handles , what kind of compliance do you already know you need to research ?
PCI DSS
You've been instructed to implement two - factor authentication for a secure system . Of the following list , which would qualify ? Each correct answer represents a complete solution . Choose three .
Password and OTP Smart card and fingerprint scan Password and iris scan
Bollards have recently been installed as a corrective control right outside your corporate office building . Under which category or type of control do bollardis fall?
Physical
Someone in the CEO's office followed instructions in a malicious email with the subject line , " RE : FWD : From the Office of the CEO - Please respond " . Below the portion with the malicious instructions was what appeared to be a legitimate email from the CEO's office requesting instructions that make those offered seem plausible . Which of the following phishing techniques were employed in this particular attack ?
Prepending Whaling
At the end of a cybersecurity exercise , who gathers to share lessons learned during both the offensive and defensive portions of the exercise ?
Purple team
One of your co - workers is organizing four teams for a penetration test against a newly designed distributed service . Which team would you expect to focus on fostering a collaborative environment and ensuring that the attacking and defending teams learn from one another
Purple team
Your wireless network is configured in Enterprise mode based on 802.1X . What kind of server does it most likely use as a backend ?
RADIUS
What application vulnerability can be exploited by providing a series of standard data inputs with a specific sequence and timing ?
Race condition
You've been asked to provide security advice for a custom - robotics project using an off - the - shelf single - board computer and a specialized Linux operating system What technology should you research first ?
Raspberry Pi
Which common utility for creating complete disk images was enhanced by the Defense Computer Forensics Lab to include features valuable to the field of forensics , such as hashing on - the - fly and image verification ?
dd
Which of the following commands will display the most recent " failed " entries in logfile ?
grep " failed " logfile tail