sec+ prac exam #6 JD
Jamie's organization is attempting to budget for the next fiscal year. Jamie has calculated that a data breach will cost them $120,000 for each occurrence. Based on her analysis, she believes that a data breach will occur once every four years and have a risk factor is 30%. What is the ALE for a data breach within Jamie's organization? $90,000 $9,000 $36,000 $360,000
$9,000
You have been asked to classify a hospital's medical records as a form of regulated data. Which of the following would BEST classify this type of data? PHI PII PCI GDPR
PHI
Which of the following is considered a form of regulated data? PII DMCA AUP DRM
PII
What technique is an attacker using if they review data and publicly available information to gather intelligence about the target organization without scanning or other technical information-gathering activities? Vulnerability scanning Patch management Active scanning Passive reconnaissance
Passive reconnaissance
A new alert has been distributed throughout the information security community regarding a critical Apache vulnerability. What action could you take to ONLY identify the known vulnerability? Perform a web vulnerability scan on all servers in the environment Perform an unauthenticated vulnerability scan on all servers in the environment Perform an authenticated scan on all web servers in the environment Perform a scan for the specific vulnerability on all web servers
Perform a scan for the specific vulnerability on all web servers
What is the lowest layer (bottom layer) of a bare-metal virtualization environment? Host operating system Physical hardware Hypervisor Guest operating system
Physical hardware
You are reviewing the logs in your IDS and see that there were entries showing SYN packets received from a remote host targeting each port on your web server from 1 to 1024. Which of the following MOST likely occurred? SYN flood Port scan Remote host cannot find the right service port UDP probe
Port scan
You are conducting an investigation on a suspected compromise. You have noticed several files that you don't recognize. How can you quickly and effectively check if the files have been infected with malware? Run the Strings tool against each file to identify common malware identifiers Submit the files to an open-source intelligence provider like VirusTotal Scan the files using a local anti-virus/anti-malware engine Disassembly the files and conduct static analysis on them using IDA Pro
Submit the files to an open-source intelligence provider like VirusTotal
You are conducting an intensive vulnerability scan to detect which ports might be open to exploitation. During the scan, one of the network services becomes disabled and causes an impact on the production server. Which of the following sources of information would provide you with the most relevant information for you to use in determining which network service was interrupted and why? Firewall logs Syslog Network mapping NIDS
Syslog
While working as a security analyst, you have been asked to monitor the SIEM. You observed network traffic going from an external IP to an internal host's IP within your organization's network over port 443. Which of the following protocols would you expect to be in use? SSH TFTP HTTP TLS
TLS
Dion Training requires that the staff simulate their response to a potential data breach. During this simulation, the staff gathers in the conference room and discusses each action they would take as part of their response. This information is then analyzed to ensure the company's data breach response playbook is up to date and would work properly when needed. Which of the following best describes what the staff did? Business impact analysis Tabletop exercise Incident response Disaster recovery planning
Tabletop exercise
Which of the following categories of controls are firewalls, intrusion detection systems, and a RADIUS server classified as? Physical controls Compensating controls Technical controls Administrative controls
Technical controls
You are installing Windows 2016 on a rack-mounted server and want to host multiple virtual machines within the physical server. You just finished the installation and now want to begin creating and provisioning the virtual machines. Which of the following should you utilize to allow you to create and provision the virtual machines? Hypervisor Disk management Device manager Terminal services
Hypervisor
Which of the protocols listed is NOT likely to be a trigger for a vulnerability scan alert when it is used to support a virtual private network (VPN)? SSLv2 SSLv3 IPSec PPTP
IPSec
Which cloud computing concept is BEST described as focusing on the replacement of physical hardware at a customer's location with cloud-based resources? IaaS PaaS SaaS SECaaS
IaaS
Which of the following features is supported by Kerberos, but not by RADIUS and Diameter? Tickets used to identify authenticated users Services for authentication Single sign-on capability XML for cross-platform interoperability
Tickets used to identify authenticated users
Which technique would provide the largest increase in security on a network with ICS, SCADA, or IoT devices? Implement endpoint protection platforms User and entity behavior analytics Use of a host-based IDS or IPS Installation of anti-virus tools
User and entity behavior analytics
Your company has an office in Boston and is worried that its employees may not be able to reach the office during periods of heavy snowfall. You have been asked to select a technology that would allow employees to work remotely from their homes during poor weather conditions. Which of the following should you select? VPN VLAN NAT IDS
VPN
Which of the following is the MOST secure wireless security and encryption protocol? WPS WPA WEP WPA2
WPA2
A cybersecurity analyst is preparing to run a vulnerability scan on a dedicated Apache server that is going to be moved into a DMZ. Which of the following vulnerability scans is most likely to provide valuable information to the analyst? Database vulnerability scan Network vulnerability scan Port scan Web application vulnerability scan
Web application vulnerability scan
An organization is conducting a cybersecurity training exercise. Which team is Jason assigned if he has been asked to monitor and manage the technical environment that is being used by the defenders and attackers during the exercise? Blue team Red team White team Purple team
White team
You have noticed some unusual network traffic outbound from a certain host. The host is communicating with a known malicious server over port 443 using an encrypted TLS tunnel. You ran a full system anti-virus scan of the host with an updated anti-virus signature file, but the anti-virus did not find any signs of infection. Which of the following has MOST likely occurred? Password spraying Zero-day attack Session hijacking Directory traversal
Zero-day attack
Which of the following cryptographic algorithms is classified as symmetric? ECC RSA 3DES PGP
3DES
Dion Training wants to implement a technology within their corporate network to BEST mitigate the risk that a zero-day virus might infect their workstations. Which of the following should be implemented FIRST? Application whitelisting Host-based firewall Anti-malware solution Intrusion detection system
Application whitelisting
You work as the incident response team lead at Fail to Pass Systems. Sierra, a system administrator, believes an incident has occurred on the network and contacts the SOC. At 2:30 am, you are woken up by a phone call from the CEO of Fail to Pass stating an incident has occurred and that you need to solve this immediately. As you are getting dressed to drive into the office, your phone rings again. This time, it is the CIO who starts asking you a lot of technical questions about the incident. The first you heard of this incident was 5 minutes ago from the CEO, so you obviously don't have the answers to the CIO's questions. Based on this scenario, which of the following issues needs to be documented in your lessons learned report once this incident is resolved? A robust method of incident detection An established incident response form for all employees to use to collect data A call list/escalation list
A call list/escalation list
Which of the following cryptographic algorithms is classified as symmetric? Diffie-Hellman ECC RSA AES
AES
Susan, a help desk technician at Dion Training, has received several trouble tickets today related to employees receiving the same email as part of a phishing campaign. She has determined that the malicious link in the email is not being blocked by the company's security suite when a user clicks the link. Susan asks you what action can be performed to prevent a user from reaching the website that is associated with the malicious link in the phishing email. What action do you recommend she utilize? Forward this phishing email to all employees with a warning not to click on the embedded links Block the IP address of the malicious domain in your firewall's ACL Enable TLS on your organizatin's mail server Add the malicious domain name to your content filter and web proxy's blacklist
Add the malicious domain name to your content filter and web proxy's blacklist
Which of the following types of attackers are sophisticated and highly organized people or teams who are typically sponsored by a nation-state? Ethical hacker Hacktivists Advanced Persistent Threat Script kiddies
Advanced Persistent Threat
Raj is working to deploy a new vulnerability scanner for an organization. He wants to verify the information he gets is the most accurate view of the configurations on the organization's traveling salespeople's laptops to determine if any configuration issues could lead to new vulnerabilities. Which of the following technologies would work BEST to collect the configuration information in this situation? Passive network monitoring Server-based scanning Non-credentialed scanning Agent-based scanning
Agent-based scanning
As a cybersecurity analyst conducting vulnerability scans, you have just completed your first scan of an enterprise network comprising over 10,000 workstations. As you examine your findings, you note that you have less than 1 critical finding per 100 workstations. Which of the following statement does BEST explain these results? The scanner failed to connect with the majority of workstations An uncredentialed scan of the network was performed The network has an exceptionally strong security posture The scanner was not compatible with the devices on your network
An uncredentialed scan of the network was performed
You are conducting a routine vulnerability scan of a server when you find a vulnerability. You locate a patch for the vulnerability on the software vendor's website. What should you do next? Start the incident response process Establish continuous monitoring Submit a Request for Change using the change management process c
Submit a Request for Change using the change management process
Tierra works as a cybersecurity analyst for a large multi-national oil and gas company. She is responding to an incident at her company in which their public-facing web server has been defaced with the words, "Killers of the Arctic." She believes this was done in response to her company's latest oil drilling project in the Arctic Circle. Which threat actor is most likely to blame for the website defacement? APT Organized crime Hacktivist Script kiddie
Hacktivist
Which of the following physical security controls would be the most effective in preventing an attacker from driving a vehicle through the glass doors at the front of the organization's headquarters? Intrusion alarm Security guards Mantraps Bollards
Bollards
Lamont is in the process of debugging a software program. As he examines the code, he discovers that it is written incorrectly. Due to the error, the code is not validating the size of a variable prior to allowing the information to be written into memory. Based on Lamont's discovery, what type of attack might occur? Buffer overflow Cross-site scripting SQL injection Malicious logic
Buffer overflow
You are troubleshooting a network connectivity issue and need to determine the packet's flow path from your system to the remote server. Which of the following tools would best help you identify the path between the two systems? nbtstat netstat tracert ipconfig
tracert
You have been asked to provide some training to Dion Training's system administrators about the importance of proper patching of a system prior to deployment. To demonstrate the effects of deploying a new system without patching it first, you ask for the system administrators to provide you with an image of a brand-new server they plan to deploy. How should you deploy the image to demonstrate the vulnerabilities that are being exposed while maintaining the security of the corporate network? Deploy the system image within a virtual machine, ensure it is in an isolated sandbox environment, then scan it for vulnerabilities Utilize a server with multiple virtual machine snapshots installed o it, restore from a known compromised image, then scan it for vulnerabilities
Deploy the system image within a virtual machine, ensure it is in an isolated sandbox environment, then scan it for vulnerabilities
You have been asked by the incident response team leader to perform a forensic examination on a workstation that is suspected to have been infected with malware. You remember from your training that you must collect digital evidence in the proper order to protect it from being changed during your evidence collection efforts. Which of the following describes the correct sequence to collect the data from the workstation? CPU cache, RAM, Swap, Hard drive Hard drive, Swap, CPU cache, RAM Swap, RAML, CPU cache, Hard drive RAM, CPU cache, Swap, Hard drive
CPU cache, RAM, Swap, Hard drive
Last week, your organization was the victim of a cyber attack. The root cause of the attack was investigated and found to be due to a missing patch on your Windows 2016 server for the EternalBlue exploit. The organization's vulnerabilty management team has rescanned the network and identified all the machines missing this critical patch. These systems were then patched, and the network rescanned to verify the patch was installed properly. Which of the following types of controls would you classify the installation of this patch as? Compensating Detective Deterrent Corrective
Corrective
A cybersecurity analyst is applying for a new job with a penetration testing firm. He received the job application as a secured Adobe PDF file, but unfortunately, the firm locked the file with a password so the potential employee cannot fill in the application. Instead of asking for an unlocked copy of the document, the analyst decides to write a script in Python to attempt to unlock the PDF file by using passwords from a list of commonly used passwords until he can find the correct password or attempts every password in his list. Based on this description, what kind of cryptographic attack did the analyst perform? Man-in-the-middle attack Brute-force attack Session hijacking Dictionary attack
Dictionary attack
Your home network is configured with a long, strong, and complex pre-shared key for its WPA2 encryption. You noticed that your wireless network has been running slow, so you checked the list of "connected clients" and see that "Bob's Laptop" is connected to it. Bob lives downstairs and is the maintenance man for your apartment building. You know that you never gave Bob your password, but somehow he has figured out how to connect to your wireless network. Which of the following actions should you take to prevent anyone from connecting to your wireless network without the WPA2 password? Enable WPA Disabled WPS Disable SSID broadcast Disable WPA2
Disabled WPS
You are working as part of a penetration testing team during an assessment of Dion Training's headquarters. Your boss has requested that you search the recycle bins of the company for any information that might be valuable during the reconnaissance phase of your attack. What type of social engineering method are you performing? Impersonation Phishing Whaling Dumpster diving
Dumpster diving
Which of the following access control models is the most flexible and allows the owner of the resource to control the access permissions? MAC RBAC ABAC DAC
DAC
Which of the following cryptographic algorithms is classified as symmetric? DSA ECC GPG DES
DES
An analyst is reviewing the configuration of a triple-homed firewall that connects to the internet, a private network, and one other network. Which of the following would best describe the third network connected to this firewall? Subnet NIDS DMZ GPO
DMZ
You want to play computer-based video games from anywhere in the world using your laptop or tablet. You heard about a new product called a Shadow PC that is a virtualized Windows 10 Home gaming PC in the cloud. Which of the following best describes this type of service? PaaS DaaS SaaS IaaS
DaaS
A cybersecurity analyst has deployed a custom DLP signature to alert on any files that contain numbers in the format of a social security number (xxx-xx-xxxx). Which of the following concepts within DLP is being utilized? Exact data match Classification Document matching Statistical matching
Exact data match
What is used as a measure of biometric performance to rate the system's ability to correctly authenticate an authorized user by measuring the rate that an unauthorized user is mistakenly permitted access? Crossover error rate False rejection rate Failure to capture False acceptance rate
False acceptance rate
You have just received an email that claims to be from the Federal Bureau of Investigation (FBI). According to the email, it claims that your computer was identified as part of a botnet being used to distribute pirated copies of a new movie. The email states that you must click the link below and pay a fine of $1000 within 24 hours or federal agents will be sent to your home to arrest you for copyright infringement. What social engineering principle is this email relying using? Familiarity Trust Consensus Intimidation
Intimidation
A cybersecurity analyst just finished conducting an initial vulnerability scan and is reviewing their results. To avoid wasting their time on results that are not really a vulnerability, the analyst wants to remove any false positives before they begin to remediate the findings. Which of the following is an indicator that something in their results would be a false positive? A finding that shows the scanner compliance plug-ins are not up-to-date A 'HTTPS entry that indicates the web page is securely encrypted A scan result showing a version that is different from the automated asset inventory Items classified by the system as Low or as For Informational Purposes Only
Items classified by the system as Low or as For Informational Purposes Only
You want to provide controlled remote access to the remote administration interfaces of multiple servers hosted on a private cloud. What type of segmentation security solution is the best choice for this scenario? Jumpbox Physical Airgap Bastion hosts
Jumpbox
Which protocol relies on mutual authentication of the client and the server for its security? CHAP Two-factor authentication LDAPS RADIUS
LDAPS
Dion Training is in early discussions with a large university to license its cybersecurity courses as part of their upcoming semester. Both organizations have decided to enter into an exploratory agreement while they negotiate the detailed terms of the upcoming contract. Which of the following documents would best serve this purpose? ISA NDA SLA MOU
MOU
Which of the following terms is used to describe the period of the time taken to correct a fault so that the system is restored to full operations after a failure or incident? RTO MTBF MTTR RPO
MTTR
Which type of system would classify traffic as malicious or benign based on explicitly defined examples of malicious and benign traffic? Deep leaning Generative adversarial network Artificial intelligence Machine learning
Machine learning
What is a legal contract outlining the confidential material or information that will be shared by the pentester and the organization during an assessment? SOW NDA MSA Corporate Policy
NDA
Which type of agreement between companies and employees is used as a legal basis for protecting information assets? NDA ISA MOU SLA
NDA
What tool can be used to scan a network to perform vulnerability checks and compliance auditing? BeEF Nessus Metasploit Nmap
Nessus
Taylor needs to sanitize hard drives from some leased workstations that are being returned to a supplier at the end of the lease period. The workstations' hard drives contained sensitive corporate data. Which is the most appropriate choice to ensure that data exposure doesn't occur during this process? Clear, validate, and document the sanitization of the drives Clear the drives The drives must be destroyed to ensure no data loss Purge, validate, and document the sanitization of the drives
Purge, validate, and document the sanitization of the drives
(Sample Simulation - On the real exam for this type of question, you may receive a list of different RAID types and asked to visually display which hard drives in the RAID are used for redundant data storage as either a stripe or a mirror. Then, you will have to identify which RAID type is most appropriate for each type of server shown.) You are configuring a RAID drive for a Media Streaming Server. Your primary concern is speed of delivery of the data. This server has two hard disks installed. What type of RAID should you install, and what type of data will be stored on Disk 1 and Disk 2? RAID 1 - Disk 1 (Mirror) and Disk 2 (Mirror) RAID 0 - Disk 1 (Mirror) and Disk 2 (Mirror) RAID 1 - Disk 1 (Stripe) and Disk 2 (Stripe) RAID 0 - Disk 1 (Stripe) and Disk 2 (Stripe)
RAID 0 - Disk 1 (Stripe) and Disk 2 (Stripe)
Which of the following cryptographic algorithms is classified as symmetric? RSA Diffie-Hellman ECC RC4
RC4
Which of the following hashing algorithms results in a 160-bit fixed output? NTLM MD-5 SHA-2 RIPEMD
RIPEMD
Dion Training has performed an assessment as part of their disaster recovery planning. The assessment found that the organization can only tolerate a maximum of 60 minutes worth of data loss in the event of a disaster. Therefore, the organization has implemented a system of database snapshots that are backed up every hour. Which of the following metrics would best represent this time period? RTO MTTR MTBF RPO
RPO
You have been hired as a consultant by Dion Training to review their current disaster recovery plans. The CEO has requested that the plans ensure that the company can limit downtime in the event of a disaster, but due to staffing concerns he simply cannot approve the budget to implement or maintain a fully redundant offsite location to ensure a 99.999% availability. Based on that limitation, what should you recommend to the CEO? Retain their backups in their office building but install redudant services in a colocated datacenter within a different company Install a set of redundant servers to another part of the company's office building Retain all hardware at their office building but ship their backups to an offsite facility for storage Redundant hardware be manintained at the offsite location and configure it to be ready for the recovery of the company's backup data when needed
Redundant hardware be manintained at the offsite location and configure it to be ready for the recovery of the company's backup data when needed
You are developing your vulnerability scanning plan and attempting to properly scope your scans. You have decided to focus on the criticality of a system to the organization's operations when prioritizing the system in the scope of your scans. Which of the following would be the best place to gather the criticality of a system? Ask the CEO for a list of the critical systems Scope the scan based on IP subnets Review the asset inventory and BCP Conduct a nmap scan of the network to determine the OS of each system
Review the asset inventory and BCP
Which cloud computing concept is BEST described as focusing on the replacement of applications and programs on a customer's workstation with cloud-based resources? PaaS IaaS SaaS DBaaS
SaaS
What is a major security risk that could occur when you comingle hosts/servers with different security requirements in a single network? Password compromises Security policy violations Zombie attacks Privilege creep
Security policy violations
Which attack method is MOST likely to be used by a malicious employee or insider who is trying to obtain another user's passwords? Shoulder surfing Man-in-the-middle Tailgating Phishing
Shoulder surfing
DeepScan supports data-flow analysis and understands the execution flow of a program. It allows you to see possible security flaws without executing the code. Which of the following types of tools would DeepScan be classified as? Static code analyzer Decompiler Fault injector Fuzzer
Static code analyzer
What command should a forensic analyst use to make a forensic disk image of a hard drive? rm touch wget dd
dd
Which of the following Wireshark filters should be applied to a packet capture to detect applications that are sending passwords in cleartext to a REST API located at 10.1.2.3? ip.proto=tcp ip.dst=10.1.2.3 http.request.method=="POST" http.request.methd=="POST" && ip.dst=10.1.2.3
http.request.methd=="POST" && ip.dst=10.1.2.3
Your team is developing an update to a piece of code that allows customers to update their billing and shipping addresses in the web application. The shipping address field used in the database was designed with a limit of 75 characters. Your team's web programmer has brought you some algorithms that may help to prevent an attacker from trying to conduct a buffer overflow attack by submitting invalid input to the shipping address field. Which pseudo-code represents the best solution to prevent this issue? if (shippingAddress != 75) {update field} else exit if (shippingAddress <= 75) {update field} else exit if (shippingAddress >= 75) {update field} else exit if (shippingAddress = 75) {update field} else exit
if (shippingAddress <= 75) {update field} else exit
