Stormwind Practice Exam Sec+
A company decides to implement a COPE policy for mobile devices. The company wants to block users from access to game and social media apps while at work. The company also wants to prevent the use of some custom company apps when the user is away from work. What should the company use to accomplish this? A. Geofencing B. Containerization C. Geolocation D. Context-aware authentication
A. Geofencing
A company is deploying a PKI. They want to use a hardware device separate form their Windows servers to manage and maintain cryptographic keys. What should the company use? A. HSM B. DLP C. TACACS+ D. TPM
A. HSM (Hardware Security Module)
A company is pursuing a PCI DSS certification. The company wants to implement secure management of the entire cryptography key lifecycle for the enterprise and prevent outside access to cryptographic keys. What should the company use? A. HSM B. NIPS C. CA D. TPM
A. HSM (Hardware Security Module)
A company is launching a team to conduct a forensics investigation. They need to analyze the low-level content of a suspected hard disk. What is the BEST tool for this activity? A. Hex editor B. Disk cloning software C. Log editor D. Regex editor
A. Hex editor
The administrator deploys three web servers, all hosting the same web application and data, on his company's perimeter network. The administrator implements load balancing through the use of a load balancer. This is BEST described as an example of which resiliency strategy? A. High availability B. Elasticity C. Scalability D. Distributive computer
A. High availability
A security analyst receives an email message that appears to be from the IT director at the company. The email warns the analyst about a zero-day virus and instructs him to find and delete a certain file on the computer. When the security analyst deletes the file, the computer no longer boots. Which attack methods were used? (Choose two) A. Hoax B. Impersonation C. Evil twin D. Brute force E. Spear phishing F. Dumpster diving
A. Hoax B. Impersonation
An organization collects extensive information about its clients. Which of the following is most likely protected by PHI laws or regulations? A. Prescriptions B. Credit card number C. Social security number D. Ethnicity
A. Prescriptions
An attacker may be sending damaged packets into a network to compromise the firewall. What should the administrator use to collect as much information about network traffic as possible? A. Protocol analyzer B. Vulnerability scanner C. Firewall logs D. Rogue system detection
A. Protocol analyzer
During which phase of a penetration test is the tester most likely to use OSINT? A. Reconnaissance B. Gaining access C. Maintaining access D. Analysis
A. Reconnaissance
Recently, a client used an organization's guest wireless network to distribute pirated materials. To protect themselves from litigation, the organization wants to ensure that all guest WiFi users agree to an acceptable use policy prior to gaining access. What should the organization do to meet this requirement? A. Configure open authentication on the controller B. Enable a captive portal on the wireless controller C. Configure the network to support 802.1x authentication D. Enable PSK-based authentication o the APs
B. Enable a captive portal on the wireless controller
What is the most cost-effective way to defend against whaling attacks? A. Keep servers locked in a secure location B. Educate and train upper management C. Use strong passwords D. Use biometrics E. Educate and train all employees
B. Educate and train upper management
A company CSO has ordered that all emails sent or received by senior management personnel be preserved. Managers should not be able to delete emails. If changes are made to an email, both the original and modified versions should be preserved. Managers should still have access to their email accounts. Security personnel are tasked with ensuring this. What should the security personnel use? A. Chain of custody B. Forensic hashing C. Legal hold D. Principle of least privilege
C. Legal hold
Which of the following physical controls is the best option for mitigating tailgating attacks? A. Air gap B. Badges C. Mantrap D. TEMPEST
C. Mantrap
What is the role of OWASP (Open Web Application Security Project) in software development? A. OWASP offers a publicly available version control system and code repository. B. OWASP provides testing services to help identify zero-day and other vulnerabilities C. OWASP provides free materials to promote and support web application security D. OWASP develops structured guidelines for application development methodologies.
C. OWASP provides free materials to promote and support web application security
An organization struggles to manage and search logs stored on various servers and network nodes. Which platform provides log aggregation and can be used for log analysis and security assessments? A. SNMP B. AAA C. SIEM D. NGFW
C. SIEM (Security Information and Event Management)
A company's incident response team and the Chief Security Officer identify an employee who is working with an outside threat actor to compromise and exploit network resources. The team moves to seize the employee's desktop computer and mobile devices. The team wants to ensure that the seized artifacts can be used as evidence in any legal proceedings. What should the team do FIRST? A. Create a digital image close of all storage media B. Run a full backup of each device C. Start a chain of custody for each device D. Create a hash for every file on each device
C. Start a chain of custody for each device
In order to increase security, an organization that stores PHI has decided to implement tokenization of sensitive data. What should the organization do with the original data that was tokenized? A. Discard the data because it is no longer needed B. Mask the data and store it with the token C. Store it in an encrypted file or database D. Hash the data and store it offline
C. Store it in an encrypted file or database
A user installs an application on a computer. After installing the application, the computer begins receiving a series of pop-up ads. The ads disappear after the user enables the popup blocker. What is most likely wrong? A. The application is a Trojan horse B. The application contains a logic bomb C. The application installed adware on the computer D. The application installed ransomware
C. The application installed adware on the computer
Which key is used to encrypt data in an asymmetric encryption system? A. The sender's private key B. The recipient's private key C. The recipient's public key D. The sender's public key
C. The recipient's public key
You download a file management application from the Internet. When you launch the application, your screen goes blank and your hard disk's active light starts flashing. You restart the computer and discover that your hard disk partitions have been deleted. This is an example of what kind of threat? A. RAT B. Logic bomb C. Trojan horse D. Spyware
C. Trojan horse
An organization determines that their working production control is susceptible to attack. What should the organization implement to mitigate the risk of compromised code integrity? A. Normalization B. Elasticity C. Version control D. Obfuscation
C. Version control
A Chief Financial Officer (CFO) receives an email that appears to be from the company's President. The email is tailored for the CFO and requests details regarding an upcoming quarterly report that will be presented to shareholders. No other employees receive this email. The CFO was the target of which type of social engineering attack? A. Vishing B. Piggybacking C. Whaling D. Smishing
C. Whaling
The incident response team copied several files to removable media as part of its digital forensics after a security-related incident. The team wants to ensure that it can identify whether any of the files are accidentally or maliciously modified after collection. What should the team do? A. Encrypt each of the files B. Start a chain of custody form C. Designate a legal hold D. Generate a hash on each of the files
D. Generate a hash on each of the files
An engineering team has deployed PKI within their organization. To meet legal reporting requirements, they need to implement a way to provide decryption keys to a third party on an as-needed basis. What should they do? A. Identify a recovery agent B. Deploy an additional CA C. Use certificate registration D. Implement a key escrow arrangement
D. Implement a key escrow arrangement
Which of the following can be used to launch a coordinated DDoS attack? A. Bot B. Rootkit C. Worm D. Adware
A. Bot
Which of the following are block cipher modes? (Choose three) A. CBC B. GCM C. CRC D. SSL E. ECB
A. CBC (Cipher Block Chaining) B. GCM (Galois/Counter Mode) E. ECB (Electronic Codebook) Other Block Ciphers: CFB - Cipher Feedback OFB - Output Feedback CTR - Counter
An organization supplies each employee with a laptop and smartphone. The organization wants to ensure that users can only successfully authenticate using an Android-based MFA app after their location is determined using GPS coordinates. What should the organization do to meet this requirement? A. Configure geotagging for all authentication approvals B. Configure geofencing policies for each user's laptop C. Configure network-based tracking for each mobile devices D. Configure IP geolocation tracking for each user's laptop
A. Configure geotagging for all authentication approvals
A security administrator discovers attempts to compromise a Web site. The attacks are based on commands sent from authenticated users' Web browsers to the Web site. The commands execute at the users permission level. Users who have been contacted had no idea that the commands were being sent from their computers. What kind of attack does this represent? A. Cross-site request forgery B. Cross-site scripting C. Buffer overflow D. SQL injection
A. Cross-site request forgery
A networking hardware vendor uses several platforms to deliver firmware update to customers. Recently, customers have complained that installing firmware updates also installs malware on systems. The hardware vendor is concerned that the malware is being bundled with the updates that are hosted on popular software repositories. What should the vendor do to ensure that firmware updates can be safely hosted on third-party sites. A. Digitally sign each firmware update prior to release. B. Create a digest for each update using a hashing algorithm. C. Encrypt each update using AES prior to release D. Attach an X.509 certificate to the update to prove authenticity.
A. Digitally sign each firmware update prior to release.
A security administrator discovers port 23 is open and actively used on many servers. Which of the following should be the administrator's PRIMARY concern? A. Eavesdropping B. Buffer overflows C. Password-based attacks D. Data exfiltration
A. Eavesdropping
When an account authenticates with a web service, the service issues a temporary token that can be used to authenticate client requests. What should be done to maximize security for issued tokens? A. Require TLS for all connections B. Configure password complexity policies C. Require clients to hash tokens D. Store tokens in service config files
A. Require TLS for all connections
A set of programs provide a hacker with administrator access to a computer that cannot be detected through normal means. What is the BEST description of this threat? A. Rootkit B. Backdoor C. Xmas/Christmas tree attack D. Armored virus
A. Rootkit
Network access control is designed so that remote users are limited to accessing the network during normal business hours only. Policies regarding user access apply to all users. This is an example of which type of access control? A. Rule-based access control B. MAC C. DAC D. Role-based access control
A. Rule-based access control
A company's workforce includes several mobile users who access company resources through the internet. The company needs a cloud-based security solution that: - Prevents users from accessing known malicious web sites. - Enforces the company's acceptable use policies for internet access - Ensures that applicable regulations regarding data protection are applied - Filters data to and from social media for protected devices The solution should include encrypted traffic analysis. What should the company use? A. SWG B. WAF C. SIEM D. CASB
A. SWG (Secure Web Gateway)
A security administrator is working on a confidential report in a crowded airport terminal. The administrator is not connected to the airport's Wi-Fi hotsport. What type of attack is MOST likely to occur? A. Shoulder surfing B. NFC C. Man-in-the-middle D. Quid pro quo
A. Shoulder surfing
Which two types of attacks rely mainly on the attacker seeming to be familiar to the victim for their effectiveness? (Select two) A. Spear phishing B. Pharming C. Tailgating D. Whaling
A. Spear phishing C. Tailgating
A DoS has occured. Which two questions should be answered during the incident identification phase? A. What servers have been compromised? B. When can the affected service be restored? C. What is the impact to the business? D. Has any malware planted by the attacker been removed? E. Are all affected servers isolated from those that are not affected?
A. What servers have been compromised? C. What is the impact to the business?
What is the type of threat actor from the description? A group that uses hard-to-detect tools to persist its connection to target systems, usually with data theft or financial gain as goals.
APT (Advanced Persistent Threat)
A company is concerned about users sending sensitive information to recipients outside of the network. This is a concern due to potential insider threats and the need to meet stringent data privacy requirements. What should the company implement to help prevent this? A. SSL/TLS B. DLP C. DNS sinkhole D. Hashing
B. DLP (Data Loss Prevention)
What should be used to ensure non-repudiation on outgoing emails? A. Steganography B. Digital signature C. Cryptographic hash D. Ephemeral key
B. Digital signature
Some network traffic is being redirected to a client that is infected with a Trojan. The IP addresses and MAC addresses on the redirected packets do not match up correctly. All packets have the MAC address of the infected system. The IP addresses are legitimate host addresses. This is a symptom of which kind of attack? A. IP spoofing B. ARP poisoning C. DoS attack D. DNS poisoning
B. ARP poisoning (Address Resolution Protocol)
An organization has moved most of its applications and services to cloud-based platforms. The organization wants to ensure that the security for these diverse environments can be managed centrally. What should the organization do? A. Configure an SWG and configure secure access policies B. Configure a CASB to enforce organizational security policies C. Deploy an MDM server and enroll all cloud service platforms D. Deploy a cloud based proxy and connect each platform to the proxy.
B. Configure a CASB to enforce organizational security policies (Cloud Access Security Broker)
Following several successful cyber attacks involving malware, an organization needs to improve its incident handling capabilities. Which of the following is the best option for minimizing the time required to eradicate infections? A. Enable SIEM breach responses B. Configure a SOAR runbook C. Configure security alerts on a NIDS D. Implement NGFW security policies
B. Configure a SOAR runbook (Security Orchestration, Automation and Response)
An organization's users are redirected to a dummy vendor website that uses a stolen SSL certificate. The users unknowingly make purchases on the site using a corporate credit card. What should the organization do to mitigate this risk? A. Deploy PKI for certificate management B. Configure all browsers to use OCSP C. Validate the certificate with the CA D. Validate each vender site's CSR
B. Configure all browsers to use OCSP (Online Certificate Status Protocol)
An administrator sets up a VM for testing different versions of an application. The administrator wants to be able to return to the baseline state as quickly as possible between each test. What should the administrator do? A. Run a full backup of the host B. Create a snapshot of the VM C. Implement automatic change management D. Configure a sandbox environment
B. Create a snapshot of the VM
An organization wants to maximize availability for cloud-based resources. What should the organization do to minimize latency while guaranteeing that web servers in the same cluster are never hosted in the same data center? A. Ensure that each cluster member is located in a different region B. Ensure that cluster members are located in the same region but different availability zones. C. Ensure that all cluster members are located in the same availability zone. D. Ensure that each cluster member is located in a different availability zone
B. Ensure that cluster members are located in the same region but different availability zones.
A company is designing and developing an automated authentication system based on biometric attributes. One of the goals is to keep the authentication process as transparent and unobtrusive to employees as possible. The company installed close-circuit television (CCTV) cameras throughout its corporate campus. Images are fed through artificial intelligence (AI) analysis system for employee identification. Human operators provide feedback to assist with machine learning and improve accuracy. Which biometric attributes are BEST suited to this application? (Select two.) A. Vein B. Gait C. Voice D. Facial E. Retina
B. Gait D. Facial
A company has several web apps deployed in its perimeter network. After numerous successful exploits by external threat actors, the company is investing in hardening its network and apps that are exposed to the internet. A contracted security consultant recommends fuzz testing on the web apps to help identify vulnerabilities. What type of vulnerability can be best exposed through fuzzing? A. Weak passwords and password policies B. Improper input handling C. Unsecure protocol use D. Buggy code
B. Improper input handling
An attacker posing as a janitor is able to access a storage area where sensitive printed documents are kept. Which method should the organization use to implement a preventive physical control? A. Define a policy that forbids unauthorized access to the storage area B. Install a locked fence that limits access to the storage area C. Install alarms on all doors leading to the storage area D. Install surveillance cameras throughout the storage area
B. Install a locked fence that limits access to the storage area
An organization does business with customers located in European Union countries. In order to avoid fines, what must the organization do to comply with GPDR requirements? A. Deploy anti-malware on systems that collect user data B. Keep any collected personal information up to date C. Only use collected data within the processing organization D. Collect all data for a user during a single transaction
B. Keep any collected personal information up to date
A company's recovery plan states that it will take, on average, three hours to restore services to an operational level after a catastrophic failure. What is this value known as? A. RTO B. MTTR C. MTBF D. RPO
B. MTTR (Mean Time To Restore)
Which statement describes a primary benefit provided by MFA (Multi Factor Authentication)? A. Required use of biometrics B. Mitigation of phishing attacks C. Federated authentication D. Protection of data in motion
B. Mitigation of phishing attacks
An organization is forced to run an out-of-date web server for a key client. The organization wants to mitigate the risk of network-wide infection if the server is compromised. What should the organization do? A. Enable MFA for all sensitive systems B. Move the web server to the DMZ C. Place the web server behind the firewall D. Install a NIDS on the ISP connection
B. Move the web server to the DMZ
Several employees received emails that appeared to be from an online auction site. When the users click on the link, they are prompted for personal information. However, the link does not go to the auction site, but to a duplicate site set up by an attacker. What kind of attack has occurred? A. Pharming B. Phishing C. Scam D. Identity theft
B. Phishing
A company's systems engineer is devising an incident management plan. What should be the primary goal of in the incident management plan for a DoS attack on the company's ecommerce servers? A. Identify the vulnerabilities that the attacker exploited B. Restore normal operations as quickly as possible C. Implement DPI on the firewall D. Discover the identity of the attacker
B. Restore normal operations as quickly as possible
During a vulnerability scan, a security administrator discovers an application that is no longer supported by the vendor. The administrator's manager decides that purchasing the latest version of the application is no in the organization's budget. Which risk management technique has the manager employed? A. Risk Avoidance B. Risk Acceptance C. Risk Mitigation D. Risk Transference
B. Risk Acceptance
You discover a program running in the background on a computer. The program is collecting address and computer name information from your network and sending it to an address on the Internet. This is an example of what kind of threat? A. Worm B. Spyware C. Rootkit D. Watering hole attack
B. Spyware
A company is contracting with a third-party security company to perform penetration testing. Which two considerations are NOT defined in the rules of engagement? A. Physical location of testers B. Targeted IP ranges and domains C. Permission to test D. Testing goals E. Evidence handing procedures
B. Targeted IP ranges and domains D. Testing goals
A file server is deployed on a company's on-premises network. A security review finds that several ports open for services are not in use on the computer. What is the MOST likely risk associated with this? A. Unsecure protocols are currently in use on the computer B. The computer's attack surface is unnecessarily increased C. User may be unable to recognize the server as a file server D. The computer is configured with default settings
B. The computer's attack surface is unnecessarily increased
A company is designing a data processing application that will support various levels of context- and location-sensitive levels of access. Sensitive data is replaced in the database with a non-sensitive data equivalent that has no exploitable meaning or value. The database value is securely mapped to the actual data, which is stored in a separate location. What is this an example of? A. Data masking B. Tokenization C. De-identification D. Encryption
B. Tokenization
A employee receives a direct message from a friend on a social network. The message is about an offer to receive a $100 gift card if they are one of the first 25 to respond to a survey. They click the link and become infected with malware. Which attack principles contribute to the effectiveness of this attack? (Choose two) A. Intimidation B. Trust C. Consensus D. Authority E. Scarcity
B. Trust E. Scarcity
What is the type of threat actor from the description? This is a threat actor with minimal technical skills who relies on tools developed by others. Goals include hacking in just to hack in.
Script kiddie
An organization deploys a distributed app that uses multiple servers. The organization wants to ensure that each app component is properly secured. What should the organization do? A. Install and configure a Host-Based Intrusion Detection System (HIDS) on each server B. Minimize complexity by hardening servers with a common configuration C. Implement a framework-based benchmark for each server or service D. Deploy and configure host-based firewalls on all servers
C. Implement a framework-based benchmark for each server or service
An organization is concerned that privilege creep may lead to data exfiltration. Which principle or practice should the organization implement to mitigate this risk? A. Job rotation B. Discretionary access C. Least privilege D. Mandatory vacations
C. Least privilege
A company institutes a CYOD policy for end-user mobile devices. Users have sometimes downloaded potentially dangerous apps while at work. The company wants to limit the devices to a set of preselected apps only while users are at work. The company wants to minimize the effort to implement and maintain this restriction. What should the company use? A. Application deny list B. Application blocked list C. Application approved list D. Quarantining
C. Application approved list
What is the primary risk of an integer overflow attack? A. Session hijacking B. Directory traversal C. Arbitrary code execution D. Header manipulation
C. Arbitrary code execution
Malware has infected a server in a company. The security analyst makes a digital copy of the hard drive to analyze and places the original drive in a secure cabinet. Which aspect of incident response does this illustrate? A. Loss control B. Damage control C. Chain of custody D. Incident isolation
C. Chain of custody
Internal security determines that an insider threat has resulted in unauthorized distribution of PII about company employees and customers. Security personnel are working with network administrators to minimize the risk of this occurring again in the future. What is the BEST way to avoid this in the future? A. Fine-tune firewall settings B. Use URL filtering C. Configure DLP D. Implement MDM.
C. Configure DLP
A company is deploying IoT devices on its production network. What are two vulnerabilities that can place the network at greater risk? (Choose two) A. Devices cannot be patched or updated. B. Devices cannot be detected or monitored by network access controls or intrusion detection devices C. Devices that do not have the computing resources to implement advanced security D. Devices use hard-coded or well-known default passwords E. Devices introduced non-standard network protocols that interfere with secure protocols.
C. Devices that do not have the computing resources to implement advanced security D. Devices use hard-coded or well-known default passwords
An organization implements distributed, cloud-based app using resources and services from multiple CSPs. App nodes authenticate with one another using shared secrets. The organization equipped each node with trusted X.509 certificate. Which method should the organization use to ensure that shared secrets can be sent securely and can only be decrypted by the destination node? A. Encrypt the shared secrets with the destination node's private key. B. Encrypt the shared secrets with the sending node's private key. C. Encrypt the shared secrets with the destination node's public key. D. Encrypt the shared secrets with the sending node's public key.
C. Encrypt the shared secrets with the destination node's public key.
A company's internal network has experienced several attempted attacks from the Internet. The administrator needs to collect as much information about the attackers and their attack methods as possible. The administrator should minimize the risk to the internal network. What should the administrator use? A. DMZ B. VLAN C. Honeynet D. Eatranet
C. Honeynet
What kind of recovery site meets this business requirement (Hot site/Cold site/Warm site): The company must have an alternate location available with the facilities infrastructure to support business operations. Costs must be kept to a minimum.
Cold site
Which of the following can be used to prevent external electrical fields from affecting sensitive equipment? A. UPS B. Hot and cold aisles C. Halon D. Faraday cage
D. Faraday cage
A competitor learns company secrets by examining the contents of a USB drive that he found in a trash can during a site visit. How can the company best mitigate this type of risk? A. A UTM appliance B. Periodic permissions review C. Surveillance cameras D. A data disposition policy
D. A data disposition policy
Which of the following can be used to launch a coordinated DDoS attack? A. Rootkit B. Worm C. Adware D. Bot
D. Bot
A company hosts a customer feedback forum on its website. Visitors are redirected to a different website after opening a recently posted comment. What kind of attack does this MOST likely indicate? A. SQL injection B. Code injection C. Directory transversal D. Cross-site scripting (XSS)
D. Cross-site scripting (XSS)
A network administrator must configure a wireless controller to allow authentication for devices that do not support EAP. Once configured, client authentication must be automatic. However, unauthorized users should not be able to access network resources. Which of the following actions should the administrator take? A. Deploy PKI and require clients use certificates to authenticate B. Configure 802.1x on the controller and set up RADIUS C. Configure the controller to support CCMP D. Enable WPA2-PSK authentication on the controller.
D. Enable WPA2-PSK authentication on the controller.
Following several zero-day attacks where vulnerable web servers were used to gain access to internal resources, an organization decides to replace the existing NIDS system with a NIPS. A network tap is created on the organization's core switch and the NIPS is configured for anomaly-based detection. However, a new attack successfully compromises a server. Which actions should the organization take? A. Move the NIPS to the DMZ B. Enable signature-based detection C. Forward all firewall traffic to the NIPS D. Install the NIPS inline with the servers
D. Install the NIPS inline with the servers
Which of the following is designed to be a full-scoped attack simulation? A. White team testing B. Regression testing C. Gray box testing D. Red team testing
D. Red team testing
A company's network is configured with four interconnected switches. Networked devices are frequently moved between different physical locations. The network suffers occasional crashes without warning. A consultant is contracted to diagnose the problem. The consultant determines that the crashes are due to high volumes of broadcast traffic looping through the network. Which solution should the consultant configure? A. MAC address filtering B. DHCP snooping C. NAC D. STP
D. STP (Spanning Tree Protocol)
Many of a company's users have to spend a great deal of time surfing the web. This has led to various security incidents including users browsing to malicious websites, users downloading malware and other malicious code, and data leakage. The company needs to implement a solution to improve security. What should the company use? A. CASB B. DLP C. WAF D. SWG
D. SWG (Secure Web Gateway)
A server application produces plain text output. The output needs to be encrypted before being delivered to local and remote client computers. Output varies in length depending on the client request. The processing requirements and the volume of data sent should be kept to a minimum. What type of cipher should be used? A. Block cipher B. Hash encryption C. Transport encryption D. Stream cipher
D. Stream cipher
A company needs to set up two-factor authentication for a cloud-based application. The authentication should include a one-time use, limited time password that is delivered to the user through the Google Authenticator mobile app. The password should be based on a shared key and the current date and time. What type of authentication should the company use? A. CAC B. PIV C. HOTP D. TOTP
D. TOTP (Time-based One Time Password)
A script kiddie would most likely be involved in what type of activity? A. Intercepting and modifying email messages B. Creating password cracking scripts to compromise networks C. Developing and testing hacking tools D. Vandalizing public web sites
D. Vandalizing public web sites
A security administrator is looking for a way to know when people approach any of several secure areas. The method must be active 24-hours a day. They want to keep recurring expenses related to the solution to a minimum. What should the administrator use? A. A guard dog in each area B. Proximity readers C. A posted human guard in each area D. Video surveillance
D. Video surveillance
The network is attacked by a self-replicating program. What type of malware does this indicate? A. Virus B. Trojan horse C. Logic bomb D. Worm
D. Worm
What is the attack actor type? Recently installed routers have been reconfigured by an attacker who used administrative access to the routers.
Default configuration
What is the attack actor type? A web application that was developed in house has been found to be highly susceptible to buffer overflow and DoS attacks.
Design weakness
What is the appropriate threat actor type? This is an actor whose primary goal is to either draw attention to a cause or reduce support for a cause rather than a monetary goal.
Hacktivist
What is the type of threat actor from the description? A group that wants to bring attention to an issue, person, or organization. The group's motivation is about making a point rather than financial gain.
Hacktivist
What kind of recovery site meets this business requirement (Hot site/Cold site/Warm site): The company must be able to return to full operations as quickly as possible after a catastrophic failure. The site will maintain copies of all current backups.
Hot Site
What kind of recovery site meets this business requirement (Hot site/Cold site/Warm site): The company must ensure business continuity through use of an alternate processing location that supports its standard business processes in case of failure at the main site.
Hot site
What is the type of threat actor from the description? Involved in activities coming from malicious actions, negligence, or incompetence by an organization's employees.
Insider threat
What is the appropriate threat actor type? This is an actor that is best positioned to take advantage of a company's security and infrastructure in executing an attack.
Internal
What is the appropriate threat actor type? This is an actor that is motivated primarily by monetary gain, focusing on attacks such as ransomware and identity theft.
Organized crime
What is the type of threat actor from the description? A group whose primary goal is financial gain and relies on attacks such as ransomware and data exfiltration activities.
Organized crime
A company is deploying the PKI infrastructure shown in the work area. The network administrator needs to determine whether each certificate authority should be deployed as an online or offline CA to provide a secure infrastructure. Users must be able to request certificates for local use. To answer, choose the correct deployment option from the drop-down menus. Root CA (Offline/Online) --------------------------- Intermediate CA (Offline/Online) --------------------------- Issuing CA (Offline/Online)
Root CA - Offline Intermediate CA - Offline Issuing CA - Online
What is the appropriate threat actor type? This is an actor primarily concerned in covert collection of data and in performing acts of cyber espionage.
State-sponsored
What is the attack actor type? Successful social engineering attacks are increasing in a company, most of them based on deceptive telephone calls.
User training
What is the attack actor type? An attack occurred that leveraged a previously unknown vulnerability. The vendor is working on a corrective patch.
Zero day
