Ucertify Chapters 1, 2, 3, 4, 5, 6, 7 ,8, 9, 10, 11, 12, 13, 14, 15, 16 test
If SLE of a specific risk is $25,000 and ARO occurs once every four years, then what will be its ALE?
$6,250
Which flag does nmap use to enable the operating system identification?
-o
Which of the following grep flags only shows lines that do not contain any regular expression?
-v
A user wants to review the syslog on a Linux system. Which directory should the user check to find it on most Linux distributions?
/var/log
Elaine works as an application developer in an organization. She wants to check for user logins on her organization's Linux system. Which of the following log location should she check first in the system to achieve her task?
/var/log/auth.log
Which Cisco log level is the most critical level?
0
Aziz works as a website administrator in an organization. He is responsible for the administration of an e-commerce website that generates $100,000 per day in revenue for his firm. The website uses a database that contains sensitive information about the firm's customers. He is assessing the risk of an SQL injection attack against the database where the attacker would steal all of the customer personally identifiable information (PII) from the database. After consulting threat intelligence, he believes that there is a 5 percent chance of a successful attack in any given year. According to the given scenario, what is ARO?
0.05
LAB: Performing Vulnerability Scanning Using OpenVAS
1. On the left sidebar, click the Terminal () icon. 2. In the Terminal window, execute the following command to perform automated vulnerability scanning:Copy gvm-start 3. Wait for 2-3 minutes for the command to be executed completely and this will automatically open the Greenbone Security Assistant - Mozilla Firefox window. 4.On the Greenbone Security Assistant page, verify that the Username is entered as admin, and Password as ucertify, and then click Login. 5. On the Greenbone Security Assistant page, navigate to Configuration > Credentials. 6. If asked, on the Greenbone Security Assistant page, verify that the Username is entered as admin, and Password as ucertify, and then click Login. 7. On the Greenbone Security Assistant page, below the menu bar, at the left corner, click the New Credential () icon. 8. In the New Credential window, type the following details and click Save to create a new credential: a. Replace Name as kali-default b. Comment: default kali credentials c. Username: root d. Password: ucertify Note: The rest of the details will be left as default. 9. You will observe that a new credential with the name kali-default is created, having different parameters in a tabular format. 10. Minimize the Greenbone Security Assistant - Mozilla Firefox window. 11. In the Terminal window and execute the following commands (Note: Execute one command at a time.): a. Copy nmap 10.1.143.181 -oA hosts -Pn b. grep Up hosts.gnmap | cut -d " " -f 2 > uphosts.txt 12. On the left sidebar, click the Firefox ESR () icon to go back to the window. 13. On the Greenbone Security Assistant page, navigate to Configuration > Targets to import hosts. 14. On the Greenbone Security Assistant page, below the menu bar, at the left corner, click the New Target () icon. 15. In the New Target window, perform the following steps and, click Save to create a new target: Replace Name as lan-subnet-86.From Hosts, select the From file radio button and then click Browse. In the File Upload window, in the left pane, click Home. In the right pane, scroll down, select uphosts.txt, and then click Open. From Port List, scroll down and select All TCP and Nmap top 100 UDP. Note: The rest of the details will be left as default. 16. On the Greenbone Security Assistant page, navigate to Configuration > Scan Configs. 17. On the Greenbone Security Assistant page, below the menu bar, at the left corner, click the New Scan Config () icon. 18. In the New Scan Config window, perform the following steps and, click Save to create a new scan config: Replace Name as Subnet-86 full and fast. Type Comment as Scan tuned for subnet-86.Note: The rest of the details will be left as default. 19. Scroll down and under Actions, click the Edit Scan Config icon () for Subnet-86 full and fast. 20. In the Edit Scan Config Subnet-86 full and fast window, under the Select all NVTs column, scroll down (if required), check the Buffer overflow, Denial of Service, Firewalls, and General checkboxes. 21. Scroll down and click Save. 22. At the Scan Configs step, under the Name column, click the Full and fast link. 23. On the Greenbone Security Assistant page, navigate to Scans > Tasks. 24. Wait until the page loads. 25. On the Greenbone Security Assistant page, below the menu bar, at the left corner, hover over the New Task () icon and select New Task. 26. In the New Task window, perform the following steps: Replace Name as LAN_SCAN. From the Scan Targets drop-down, select Ian-subnet-86.From Alterable Task, select the yes radio button. From Scan Config, select Subnet-86 full and fast. Type Network Source Interface as eth0.From Order for target hosts, select Random. Type Maximum concurrently executed NVTs per host as 3.Type Maximum concurrently scanned hosts as15.Scroll down (if required) and click the Save button to create a new configured task. Note: The rest of the details will be left as default. 27. Scroll down and under Actions, click the Start () icon. Note: Wait until the scan is complete, it may take anywhere between 10 to 55 minutes to complete. Refresh the browser window to see the scan progress. 28. When you will observe Status as Done, then on the menu bar, click Scans, and select Results. 29. Scroll down and at the bottom-right corner, click the Export page contents () icon. 30. In the Opening results window, select the Save File radio button and click OK. 31. Close the Firefox ESR window and the Terminal window.
Harry works as a website administrator for a firm. He is responsible for the administration of an e-commerce website that generates $100,000 per day in revenue for his firm. The website uses a database that contains sensitive information about the firm's customers. He expects that a compromise of that database would result in $500,000 in fines against his firm. According to the given scenario, what is the exposure factor (EF)?
100 percent
Jim is considering locating a new business in the downtown area of Miami, Florida. He consults the FEMA flood plain map for the region and determines that the area he is considering suffers from flood plain twice a year. What is the ARO of a flood in this area?
2.0
A user is configuring a jump box server from which system administrators will connect their laptops. Which one of the following ports should not be open on the server?
23
George recently ran a port scan on a network device used by his organization and found some open ports. Which of the following open ports represents the most significant possible security vulnerability?
23
Which ISO standard applies to information security management controls?
27001
Which of the following International Organization of Standardization (ISO) standards mandates requirements that define how to implement, monitor, maintain, and continually improve an information security management system?
27001
Which is the most recent version of CVSS that is released in June 2019 and currently available?
3.1
According to Cisco log levels, which of the following levels represents a warning?
4
Rick, a network administrator, is preparing a firewall rule that will allow network traffic from external systems to a web server, which is running the HTTPS protocol. Which TCP port must he allow to pass through the firewall?
443
Joy works as a website administrator in a firm. He is responsible for the administration of an e-commerce website that generates $100,000 per day in revenue for his firm. The website uses a database that contains sensitive information about the firm's customers. He expects that a compromise of that database would result in $500,000 in fines against his firm. According to the given scenario, what is the AV?
500,000
Sia works as a website administrator in an organization. She is responsible for the administration of an e-commerce website that generates $300,000 per day in revenue for the organization. The website uses a database that contains sensitive information about the organization's customers. She expects that a compromise of that database would result in $700,000 in fines against the organization. According to the given scenario, what is the SLE?
700,000
Which of the following statements is true about port security?
A security option that allows only specific MAC addresses to access a network port
Which tool is not used to generate the hash of a forensic copy?
AES
Which of the following options represents the ALE calculation?
ALE = SLE * ARO
Which type of credential is commonly used to restrict access to an application programming interface (API)?
API keys
Brian works as a cloud security analyst. He selects a CASB solution for his organization to interact with a cloud provider directly. Which CASB solution is most appropriate for Brian's needs in the given scenario?
API-based CASB
Danielle's security team has found consistent evidence of system compromise for weeks with additional evidence pointing to systems, which the team is investigating. Despite her team's best efforts, Danielle has found that her team cannot seem to track down and completely remove the compromise. What type of attack is Danielle likely dealing with?
APT
Which of the following threats are nation state-sponsored organizations with significant resources and capabilities and provide the highest level of threat on the adversary tier list?
APTs
Gabby, a cybersecurity analyst, wants to select a threat framework for her organization. She identifies that threat actor tactics in a standardized way is an important part of her selection process. Which threat model would be her best choice for the selection process in the given scenario?
ATT&CK
You work as a security analyst in an organization. You need to select a threat framework for your organization and mainly want threat actor tactics to be in a normalized way. Which threat model would be your best choice for selection in the given scenario?
ATT&CK
Which one of the following services is not an example of FaaS computing?
AWS DeepLens
Which of the following identifies potentially malicious external domains?
Access control list
During a routine upgrade, Maria inadvertently changes permissions of a critical directory, causing an outage of her organization's Remote Authentication Dial-In User Service (RADIUS) infrastructure. In which NIST's threat category, Maria should categorize this outage for the given scenario?
Accidental threat
Which policy should contain provisions for removing user access upon termination?
Account management
Which form of monitoring involves the injection of packets into communications to measure the performance of various elements in a network?
Active
Which of the following information would you not be able to find using netstat on a Windows system?
Active TLS connection
Which of the following describes offensive actions taken to counter adversaries?
Active defense
In the National Institute of Standards and Technology (NIST) Cybersecurity Framework tiers, which of the following framework implementation tiers is labeled Tier 4?
Adaptive
Rhonda recently configured new vulnerability scans for her organization's data center. Completing the scan according to current specifications requires that the scan should run all day and every day. After the first day of scanning, she received complaints from administrators regarding network congestion during rush business hours. How should she handle this situation?
Adjust the scanning frequency to avoid conflicts during peak times.
Which of the following controls involves processes and procedures like those found in incident response plans, account creation, and management as well as awareness and training efforts?
Administrative
Which of the following categories of threat requires that cybersecurity analysts consider the capability, intent, and the likelihood that the threat will target the organization?
Adversarial
Sia works as a security analyst in an organization. She consciously leaks private and crucial information of the organization to one of its business partners. Which of the following NIST's threat category is being referred to in the given scenario?
Adversarial threat
As a chief information security officer (CISO) of her organization, Jennifer is working on an incident classification scheme and wants to make her design on the National Institute of Standards and Technology's (NIST's) definitions. Which of the following classification scheme should she use to describe users accessing a file that users are not authorized to view?
Adverse event
Kim, an administrator in an XYZ organization, is preparing to deploy a new vulnerability scanner and wants to ensure that she can get the most accurate view of configuration issues on laptops belonging to traveling salespeople, which are not always connected to a network. Which technology will work best to achieve this task in the given scenario?
Agent-based scanning
When Pete connects to his organization's network, his PC runs network access control (NAC) software that his systems administrator has installed. This software communicates to the edge switch he is plugged into, which validates his login and system security state. Which type of NAC solution does Pete's organization use in the given scenario?
Agent-based, out-of-band
Sam works as a software developer at an XYZ company. For his current project, he wants to work in iterations of phases for the quality of the project with each iteration producing specific deliverable. Which of the following models will he use to accomplish this task?
Agile development
Juan, a black hat hacker, wants to perform a wireless network attack by breaking a password used for a network. Which of the following should he use to accomplish the given task?
Aircrack-ng
Which of the following are the major categories of security event indicators described by NIST 800-61?Each correct answer represents a complete solution. Choose all that apply.
Alerts from IDS, IPS, SIEM, AV, and other security systems Logs generated by systems, services, and applications Internal and external sources
A user executes the following command against the boot.log file. Which entries will this command return? grep -v error /var/log/boot.log
All lines without the string "error" in the lines
What is the purpose of creating an MD5 hash for a drive during the forensic imaging process?
All of these
Which of the following is the major component of reports?
All of these
Megan works as a security analyst in an organization. She is trying to prevent impersonation attacks from impacting her company but receives the "No DMARC record found" error when she checks a frequent business partner's DNS information. Which of the following does she need to enable DMARC in the given scenario?
All of these.
Jason works as a security analyst in an organization. He gathers threat intelligence information that explains to him about an adversary which is considered as a threat in his organization. The adversary likes to use USB key drops to compromise their targets. Which of the following options is specified in the given scenario?
An attack vector
Tim works in the forensic department of an organization. During a forensic investigation, Tim discovers a program called Eraser installed on an employee's system. What should Tim expect to find as part of his investigation in the given scenario?
Antiforensic activities
Which forensic issue does the presence of a program like CCleaner indicate?
Antiforensic activities
A user would like to run an internal vulnerability scan on a system for PCI DSS compliance purposes. What is the role of the user who is authorized to complete the scan in the given scenario?
Any qualified individual
Kate works as a cloud solution architect in a cloud service provider company named GoCloud. Her company uses a standard interface to interact with web-based services programmatically. Which of the following is being referred to in the given scenario?
Application programming interface
Who is authorized to complete a vulnerability scan on a system for PCI DSS compliance purposes?
Approved scanning vendor
Renee works as a security analyst in a company. She is responding to a security incident that resulted in the unavailability of a website critical to her company's operations. She is unsure of the amount of time and effort that it will take to recover the website. How should Renee classify the recoverability effort in the given scenario?
As extended
Which of the following supplements automated tools with other information to detect systems present on a network?
Asset inventory
Selah's organization suffers an outage of a point-to-point encrypted virtual private network (VPN) because of a system compromise at the organization's Internet service provider (ISP). Which type of issue is being referred to in the given scenario?
Availability
Vincent works as a security analyst in an organization. He is responding to a security incident that compromised one of his organization's web servers. He does not believe that attackers modified or stole any information, but they did disrupt access to the organization's website. Which cybersecurity objective did this attack violate in the given scenario?
Availability
Joseph works in the security analysis team at XYZ Inc. He was reviewing a business document and identifies the cost linked to major business interruption, such as expected loss of earnings, potential fines, and potential consequences to customer service. Which of the following documents is Joseph reviewing in the given scenario?
BIA
Ryan's organization allows employees to bring personally owned devices and connect them to the organization's network. Which approach is Ryan's organization using?
BYOD
Cynthia wants to build scripts to detect malware beaconing behavior. Which of the following is not a means of identifying malware beaconing behavior for building scripts on a network?
Beacon protocol
Avika works as a network administrator in an organization. She has been asked to identify unexpected traffic on her organization's network. Which of the following is not a technique that she should use to accomplish her task in the given scenario?
Beaconing
Which of the following is an activity sent to a command and control (C&C) system as part of a botnet or a malware remote control system?
Beaconing
Which of the following terms describes a system sending heartbeat traffic to a botnet command and a control server?
Beaconing
Which type of assessment is particularly useful for identifying insider threats?
Behavioral
Sayed works as a data analyst in an organization. He manages Windows workstations and is planning to prohibit a variety of files, including games, from being installed on these workstations. Which of the following tools or applications can allow Sayed to achieve his task in the given scenario?
Blacklisting
Which of the following teams is a defender who secures systems and networks from attacks?
Blue
Ed, Barb, and Sophia are cybersecurity analysts in an ABC company. The company is conducting a cybersecurity exercise designed to test the effectiveness of its security controls. For conducting the cybersecurity exercise, participants have been divided into different teams to perform different functions. The team led by Ed is responsible for facilitating the exercise and arbitrating rules disputes. Barb's team is responsible for securing the systems in the exercise environment and defending systems against attacks. Sofia's team is conducting offensive operations and attempting to break into the systems protected by Barb's team. Which of the following terms best describes the role that Barb's team is playing in the exercise?
Blue team
Which of the following is an example of an attrition attack?
Brute-force password attack
In which type of attack does an attacker manipulate a program into placing more data into an area of memory than is allocated for that program's use?
Buffer overflow
Max, a security analyst, is concerned that an application on which her team is currently developing is vulnerable to unexpected user input that could lead to issues within memory. Because of these issues, the application is affected in a harmful manner leading to potential exploitation. Which of the following describes this attack in the given scenario?
Buffer overflow
Which type of attack is typically associated with the strcpy function?
Buffer overflow
Carla is performing a penetration test of a web application and wants to use a software package that allows her to modify requests being sent from her system to a remote web server. Which of the following tools would meet Carla's needs? Each correct answer represents a complete solution. Choose all that apply.
Burp ZAP Tamper Data
Matt works as a security analyst in an organization. He is building a device and wants to prevent attackers from capturing data by directly connecting to the hardware communications components of the device. Which technique should Matt use to make sure that communications between the processor and other chips are not vulnerable?
Bus encryption
Jim works as a cybersecurity analyst in an organization. He notices a high number of SQL injection attacks against a web application run by his organization and installs a web application firewall to block many of these attacks before they reach the web server. How has Jim altered the severity of the risk of these attacks reaching the server in the given scenario?
By reducing the probability
Ana works as a security analyst in an ABC company. Her company has a mix of the on-premises and cloud-provider infrastructure and needs to extend the reach of its security policies beyond its internal infrastructure. Which of the following would be the solution for the company to consider in the given scenario?
CASB
Mark, a security administrator in a company, observes multiple service interruptions caused by a data center design. He decided to migrate the company away from its data center and successfully completed the migration of all data center servers and services to a cloud service provider. He is still concerned with the availability requirements of critical company applications. Which of the following should Mark implement next?
CASB
Matthew is creating a new forum for system engineers in his organization to discuss security configuration issues of his organization's systems. He wants administrators to have a standard language for discussing these configuration issues. Which Security Content Automation Protocol (SCAP) component will help Matthew to achieve this task in the given scenario?
CCE
Which of the following ESA frameworks was created by ISACA and provides a structure for IT management and governance?
COBIT
Susan has been asked to capture forensic data from a Windows PC and needs to ensure that she captures this data in their order of volatility. Which order is correct from most volatile to least volatile?
CPU cache > network traffic > disk drives > optical media
Which one of the following would not commonly be available as an IaaS service offering?
CRM packages
Sam is a penetration tester in an organization. He found severe vulnerability issues while penetration testing. Which of the following systems would he use that will provide relative severity rankings for different vulnerabilities?
CVSS
Which of the following terms is a fun way to achieve training objectives?
Capture the flag
Juan works in an investigation department. He gathers the evidence that can be used in court to convict persons of crimes. Which of the following is used to address the reliability and credibility of the evidence?
Chain of custody
Robert is finishing a draft of a proposed incident response policy for his organization by signing the policy. Which of the following is the appropriate role of Robert to accomplish his task in the given scenario?
Chief executive officer
Which of the following properly lists sanitization descriptions from least to most effective activities for media sanitization?
Clear > purge > destroy
Which of the following statements is not true about cloud computing?
Cloud computing customers provision resources through a sales representative.
Which type of security policy often serves as a backstop for issues not addressed in policies?
Code of conduct
Jason works as a product manager in an organization. He is writing a report about a potential security vulnerability in a software product and wishes to use standardized product names to ensure that other security analysts understand the report. Which SCAP component can help Jason to accomplish the task in the given scenario?
Common Platform Enumeration
Jessica, a cybersecurity analyst in an organization, is reading reports from vulnerability scans run by multiple employees of her organization using different products. She is responsible for assigning remediation resources and is having difficulty prioritizing issues from different sources. Which SCAP component can help Jessica to prioritize issues in the given scenario?
Common Vulnerability Scoring System
A coalition of universities banded together and created a cloud computing environment that is open to all member institutions. The cloud computing environment provided is a basic IaaS component. Which of the following best describes the cloud model narrated in the given scenario?
Community
A medical company wants to take advantage of a complex application but wants to manage cost savings by accessing a shared instance of an application hosted in the cloud. Considering regulatory requirements, which type of cloud delivery model should a medical company use in the given scenario?
Community
Which control satisfies a requirement that isn't able to be met by an existing security measure either because it is too difficult to implement or does not fully meet security needs?
Compensating
Which of the following controls satisfies a requirement that isn't able to be met by an existing security measure?
Compensating
After completing an incident response process and providing a final report to management, which step should Casey use to identify improvements in her incident response process?
Conduct a lessons-learned review.
Which term describes scores that allow organizations to filter and use threat intelligence based on the amount of trust they can give?
Confidence
Which of the following measures is not used for evaluating the exploitability of the vulnerability?
Confidentiality metric
Which of the following functions is not one of the five core security functions defined by the NIST Cybersecurity Framework?
Contain
The following figure signifies the concepts of virtualization vs. containerization: What is represented by the two question marks in the given figure?
Container engine and operating system
Tamara is a cybersecurity analyst for a private business that is suffering a security breach. She believes the attackers have compromised a database containing sensitive information. Which of the following activities should be Tamara's first priority?
Containment
During an incident response process, Susan heads to a compromised system and pulls its network cable. Which phase of the incident response process is Susan performing?
Containment, eradication, and recovery
During an incident response process, Susan plugs a system back into the network, allowing the system to normally access the network. Which phase of the incident response process is she performing in the given scenario?
Containment, eradication, and recovery
Which of the following phases of incident response involves active undertakings designed to minimize the damage that an attacker might cause?
Containment, eradication, and recovery
Which of the following phases of the incident response process would include measures designed to limit the damage caused by an ongoing breach?
Containment, eradication, and recovery
Every time Susan checks code into her organization's code repository, it is tested, validated, then if accepted it is immediately put into production. In which of the following methodologies is Susan operating?
Continuous delivery
James, a security technician, wants to ensure that security controls are functioning as intended by taking regular measurements of network traffic levels. Which of the following security techniques is most appropriate for him to perform in the given scenario?
Continuous monitoring
Which of the following approaches incorporates data from agent-based approaches to vulnerability detection?
Continuous monitoring
Which element of the Control Objectives for Information and Related Technology (COBIT) framework contains the high-level requirements that an organization should implement to manage its information technology functions?
Control objectives
Which of the following statements is not true about compensating controls under PCI DSS?
Controls used to fulfill PCI DSS requirement that may be used to compensate for the absence of control needed to meet another requirement.
Which two files may contain encryption keys normally stored only in memory on a Windows system?
Core dumps and hibernation files
Which of the following is not an objective of the NIST Cybersecurity Framework?
Create specific technology requirements for an organization.
What is a function of the dd command in Linux?
Creating an image of a boot disk for duplication
Which of the following items is not typically found in corporate forensic kits?
Crime scene tape
An evidence investigation for a physical incident is going on an organization's premises. Which tool should be used by an organization's investigation team to isolate that premises while the investigation is underway?
Crime tape
Monica works as a cybersecurity analyst in an organization. She manages a web forum for the organization. She discovers that an attacker posted a message in that web forum and is attacking users who visit the forum. Which of the following attack types is most likely to have occurred in the given scenario?
Cross-site scripting
NIST SP 800-61 identifies six outside parties with which an incident response team generally communicates. Which of the following represents those parties?Each correct answer represents a complete solution. Choose all that apply.
Customers, constituents, and media Internet service providers Law enforcement agencies
Betty works as a security administrator at XYZ Inc. Her network is being flooded by ICMP packets. She observes that these packets came from multiple different IP addresses. Which type of attack can be the result of such a situation?
DDoS
Which protocol provides an encryption key and a digital signature that verifies that an email message was not forged or altered?
DKIM
Chris is implementing cryptographic controls to protect his organization and wants to use defense-in-depth controls to protect sensitive information stored and transmitted by the organization's web server. Which of the following controls would be least suitable to directly provide protection in the given scenario?
DLP
Susan works as a security analyst in an organization. She wants to use an email security protocol to determine the authenticity of an email. For security purposes, Susan wants to ensure that her organization's email server can determine if it should accept email from a sender. Which of the following options will help her to ensure the authenticity in the given scenario?
DMARC
Ben wants guidance on grouping information into varying levels of sensitivity. He plans to use these groupings to assist with decisions related to the security controls that an organization will apply to storage devices containing that information. Which of the following policies is most likely to have relevant information for Ben's decision-making process?
Data classification
Tim works as a security analyst in an organization. He is assigned to add third-party threat data feeds to his organization's SIEM. Once his work is completed, he will spend time reviewing syslog data feeds to ensure that he contains the information that is needed for responses. Which of the following processes the analyst is performing in the given scenario?
Data enrichment
Malena works as a cybersecurity analyst in an XYZ company. Her company assigned her to investigate threats using the threat intelligence cycle. Using this process, she started her work by assessing what kinds of security breaches or compromises her company has faced and according to intelligence requirements, she started collecting data from threat intelligence sources. What should be Malena's next step in the given scenario?
Data processing and analysis
Mike's company recently suffered a security incident where they lost control of thousands of personal customer records. Many of these records were from projects that ended long ago and served no business purpose. Which type of policy, if followed, would have best limited the impact of the security incident in the given scenario?
Data retention
Which of the following policies would typically answer questions about when an organization should destroy records?
Data retention
In the shared responsibility model, under IaaS, SaaS, and PaaS cloud service models, which component always remains the responsibility of a customer?
Data security
Your organization enforces new data privacy laws, such as general data protection regulation (GDPR), which significantly restricts that information should be converted and stored in binary digital form. Which of the following concepts does this law encompass?
Data sovereignty
Which of the following is not a common source of information that may be correlated with vulnerability scan results?
Database table
You work as a security assistant at XYZ company and asked to analyze malware dynamically on the company's web site. Which of the following tools will you use to achieve the given task?
Debugger
Rica, a security administrator, requires multiple layers of security controls to be placed throughout the IT infrastructure, which improves the security posture of an organization to defend against malicious attacks or potential vulnerabilities. Which of the following will she use to fulfill her requirements in the given scenario?
Defense-in-depth
As part of his forensic investigation, Scott intends to make a forensic image of a network share that is mounted by the PC. What information will he be unable to capture during his investigation in the given scenario?
Deleted files
Sia works as a cybersecurity analyst at an ABC organization. Her organization uses Lockheed Martin's Cyber Kill Chain process for defenders' model attacks and appropriate defenses. Using this process, she started identifying a target and then created tools to exploit vulnerabilities. What would be Sia's next step in the given scenario?
Delivering of weapons to a target
While engaging in an attack, an attacker sends an email message to the targeted victim that contains malicious software as an attachment. Which phase of the Cyber Kill Chain is occurring in the given scenario?
Delivery
Jordan works as a network analyst in a company. His company follows the systems development life cycle (SDLC). He works with a network systems team on various features, wiring diagrams, and the layout of a new network to support the expansion of the headquarters building. Which phase of the SDLC is Jordan working on in the given scenario?
Design
Which of the following statements are true about machine learning? Each correct answer represents a complete solution. Choose all that apply.
Designed to automatically extract knowledge from the voluminous quantity of information generated by security systems Integrated into many security analytics tools, providing automated analysis of data based on the experiences of other users of these tools
Joe works as a cybersecurity analyst. He would like to determine the appropriate disposition of a flash drive, which is used to gather highly sensitive evidence during an incident response effort. He does not need to reuse the drive but wants to return it to its owner who is an outside contractor. Which is the appropriate disposition option Joe considered to use for performing the task in the given scenario?
Destroy
Which of the following measures is not commonly used to assess threat intelligence?
Detail
Which of the following is not an objective of the containment, eradication, and recovery phase of the incident response process?
Detect an incident in progress.
In which of the incident response process phase, does a CSIRT leader analyzes precursors and indicators?
Detection and analysis
Matt's incident response team has collected log information and is working on identifying attackers using that information. Which two stages of the NIST incident response process is his team working on in the given scenario? Each correct answer represents a complete solution. Choose two.
Detection and analysis Containment, eradication, and recovery
If users are performing forensic investigations on cloud services, it will be very challenging for them to preserve data. Which of the following tasks will users perform to overcome these challenges in the given scenario?
Determine what users' contract says about investigations. Determine what legal recourse users have with a vendor. Identify data that users needs and whether it is available via methods, which they or their organization controls.
Which of the following control types are designed to discourage an attacker?
Deterrent
Which of the following tools is used to convert machine language into assembly language?
Disassembler
Alice is performing a penetration test of a client's systems. As part of her test, she gathered information from the social media feeds of staff members who work for her client. Which phase of the NIST penetration testing process is she currently performing in the given scenario?
Discovery
Which of the following security activities is not normally a component of the operations and maintenance phase of the software development life cycle (SDLC)?
Disposition
Anaa is working as a network administrator for a company. She has received multiple issues from the employees of the application department that they cannot access the company's website. For that purpose, she has decided to conduct some fact-finding. Upon her investigation, she found that the company's server cannot resolve the hostnames (or URLs) to IP addresses. Which of the following is causing this issue in the given scenario?
Domain Name System
Bruce is concerned about access breaches to the master account for a cloud service that his company uses to manage payment transactions. He decides to implement a new process for multifactor authentication to that account where an employee of the IT team has the password to the account, while another employee of the accounting team has the token. This newly implemented process is based on which security principle?
Dual control
Tommy's company recently implemented a new policy that restricts root access to its cloud computing service provider master account. This policy requires a team member from the operations group to retrieve a password from a password vault to log in to this account. The account then uses two-factor authentication that requires that a team member from the security group approve the login. Which type of control is the company using in the given scenario?
Dual control
During the analysis of a malware sample, John reviews malware files and binaries by executing them. Which type of analysis process did John perform in the given scenario?
Dynamic
Which of the following terms for systems provides continuous monitoring and response to advanced threats?
Endpoint detection and response
Cindy works as a cybersecurity analyst in an XYZ organization. She conducts a cybersecurity risk assessment and considers the impact of a failure of her city's power grid that might have on the organization. Which type of threat is Cindy facing in the given scenario?
Environmental
Which incident response activity focuses on removing any artifacts of an incident that may remain on an organization's network?
Eradication
Mike, a forensic analyst, is looking for information about files that were changed on a Windows endpoint system. Which of the following is least likely to contain useful information for his investigation in the given scenario?
Event log
After reaching the office, Ron found a subpoena on his desk ordering him to appear in a law court. Which type of procedure should he use to determine appropriate next steps including the people he should consult and the technical process he should follow regarding the subpoena?
Evidence production
Which type of data can frequently be gathered from images taken on smartphones?
Exif
On which of the following languages is STIX based?
Extensible Markup Language
Jim is concerned to comply with the U.S. federal act covering student educational records. Jim is attempting to comply with which of the following acts in the given scenario?
FERPA
Which federal law requires the use of vulnerability scanning on information systems operated by federal government agencies?
FISMA
Joe, an investigator, wants to scan a hard drive to view the deleted communication. Which of the following tools should Joe use to accomplish the given task?
FTK
Which of the following approaches is an example of a formal code review process?
Fagan inspection
Jordan, a white hat hacker, observes an inaccurate alert triggered by an intrusion prevention system (IPS). Which type of event has occurred in the scenario?
False positive
Juan, a security technician, is reviewing IDS log files. He investigated and found that many alerts for multicast packets from switches on a network were reported. After investigation, he discovers that this is a normal activity for the network. Which of the following best describes the result of his investigation?
False positive
Tara works as a network administrator in an organization. She recently analyzed the results of a vulnerability scan report and found that a vulnerability reported by the scanner does not exist because the system was patched as specified. Which type of error is analyzed in the given scenario?
False positive
Which type of testing focuses on inserting errors into the error handling process and path in an application?
Fault injection
Which federal regulation establishes a standard approach for assessing, monitoring, and authorizing cloud computing services under the Federal Information Security Management Act (FISMA)?
Federal Risk and Authorization Management Program
Which of the following is the process of extracting data from a computer when that data has no associated file system metadata?
File carving
Angela needs to implement a control to ensure that she is notified for changes of important configuration files on her server. Which type of tool should Angela use to implement this control in the given scenario?
File integrity checking
Jason, a network administrator, used to access the Internet frequently, which makes the company's files susceptible to attacks due to unauthorized access. He wants to protect his company's network from external attacks. Which of the following should Jason use to achieve his aim in the given scenario?
Firewall
Jay works as a security analyst in an organization. He received an alert of a potential attack against a web server on his network. However, he is unsure whether the traffic generating the alert entered the network from an external source or whether it came from inside the network. Jay would like to perform a manual log review using NAT to locate the source of the traffic. Which of the following logs will be the best to answer Jay's specific question about the source of the traffic?
Firewall
Your organization needs to install a device that will act as a filter and permits or denies data traffic, both incoming and outgoing, using a set of rules based on traffic content and traffic pattern. Which type of device security will help in accomplishing the task in the given scenario?
Firewall
Which of the following is an example of a logical control?
Firewall rule
Which type of network information should users capture to provide a report about how much traffic systems in their network are sent to remote systems?
Flow data
You've been asked to implement a policy that defines how retired hard drives are sanitized securely. Which of the following would be the least acceptable?
Format hard drives.
Which of the following is an example of a computer security incident?
Former employee crashes a server
Performing Session Hijacking Using Burp Suite
From the left sidebar, click the burpsuite () icon. At the Burp Suite Community Edition prompt, click OK. In the Burp Suite Community Edition window, if asked for the update, click Close. In the Burp Suite Community Edition v1.7.33 window, perform the following steps: a. At the Use the options below to create or open a project step, verify that the Temporary project radio button is selected and click Next. b. At the Select the configuration that you would like to load for this project step, verify that the Use Burp defaults radio button is selected and click Start Burp. Wait for the project to get started. In the Burp Suite Community Edition v1.7.33 - Temporary Project window, click the Proxy tab. Minimize the Burp Suite Community Edition v1.7.33 window. From the left sidebar, click the Firefox ESR () icon. In the address bar, replace the existing URL with localhost/dvwa and press Enter. In the Login :: Damn Vulnerable Web Application (DVWA) v1.10 *Development* - Mozilla Firefox window, at the upper-right corner, click the Menu (3 lines) icon, scroll down if required, and then click Preferences. In the Preferences - Mozilla Firefox window, in the left pane, click Advanced. In the Preferences - Mozilla Firefox window, in the right pane of the Advanced page, on the Network tab, click Settings of Connection. In the Connection Settings dialog box, select Manual proxy configuration, and perform the following steps: a. Type HTTP Proxy as 127.0.0.1. b. Type Port as 8080. c. Check the Use this proxy server for all protocols checkbox. d. Scroll down and remove everything written within the No Proxy for text box. e. Click OK.Note: The rest of the details will be left as default. In the Mozilla Firefox window, switch back to the Login :: Damn Vulnerable Web Application (DVWA) v1.10 *Development* - Mozilla Firefox tab. On the Login page, scroll down and type the following credentials and click Login: User name: admin Password: password Minimize the Mozilla Firefox window. Now switch to burpsuite (orange icon) and observe data written in the Raw tab. If no data appears in the Raw tab, click the Forward button until you observe the User name and Password that you entered in step 13. Right-click inside the Raw tab and select Save item. In the Select a file window, in the File Name text box, type hijack and click Save to save in the default root folder. At the Save item prompt, click OK. Close the Burp Suite Community Edition v1.7.33 window. At the Confirm prompt, click Yes. Close the Mozilla Firefox window.
Kevin works as a developer in an organization. He is using a service where a cloud provider offers a platform that executes his code in response to discrete events. His bill is prepared based on the actual resources consumed during each code execution event. Which of the following services is being referred to in the given scenario?
Function as a service
Patricia is evaluating the security of an application developed within her organization. She would like to assess the application's security by supplying it with invalid inputs. Which technique is Patricia planning to use in the given scenario?
Fuzz testing
You have implemented a security technique where an automated system generates random input data to test an application. Which of the following techniques have you implemented in the given scenario?
Fuzzing
Chelsea recently accepted a new position as a cybersecurity analyst for a privately held bank and asked to design a cybersecurity program. Which of the following regulations will have the greatest impact on her cybersecurity program?
GLBA
Which of the following regulations imposes compliance obligations specifically upon financial institutions?
GLBA
Which of the following steps occurs first during the attack phase of a penetration test?
Gaining access
Which type of organization is the most likely to face a statutory requirement to conduct vulnerability scans?
Government agency
Kaitlyn's organization recently set a new password policy that requires all passwords should have a minimum length of 10 characters and meet certain complexity requirements. She would like to enforce this requirement for the Windows systems in her domain. Which type of control would most easily allow this?
Group Policy Object
Tom works as an administrator in an organization. He would like to deploy consistent security settings to all of his Windows systems simultaneously. Which technology can Tom use to achieve this goal in the given scenario?
Group Policy Objects
A user is authoring a document that explains to system administrators that one way to comply with an organization's requirement is to encrypt all laptops. Which type of document is the user authoring?
Guideline
Which of the following security policy framework components does not contain mandatory instructions for individuals in the organization?
Guideline
Which of the following values for the confidentiality, integrity, or availability CVSS metric would indicate the potential for the total compromise of a system?
H
Suzanne is the chief information security officer (CISO) at a major non-profit hospital group and is given the responsibility to handle medical records. Which of the following regulations most directly covers the way she uses to handle these medical records?
HIPAA
Which law creates cybersecurity obligations for healthcare providers and others in the health industry?
HIPAA
Alaina discovers that her company's website has defaced with a political message. Which type of threat actor is most likely to occur on her company's website in the given scenario?
Hacktivist
Which type of threat actor includes organizations like anonymous that target governments and businesses for political reasons?
Hacktivists
Ryan, a penetration tester, needs a password-cracking tool to crack passwords that work at a very high rate of speed. Which of the following tools should he use?
Hashcat
Kevin is an internal auditor at a major retailer and would like to ensure that the information contained in audit logs is not changed after it is created. Which one of the following would best meet his goal?
Hashing
Which of the following techniques uses a one-way cryptographic function to create a digest of original data?
Hashing
Mike is configuring vulnerability scans for a new web server in his organization. The server is located on the demilitarized zone (DMZ) network, as shown in the figure. Which type of scans should he configure for the best results?
He should perform both internal and external vulnerability scans of a web server.
Dan is a cybersecurity analyst for a healthcare organization. He ran a vulnerability scan of the VPN server used by his organization. His scan ran from inside the data center against a VPN server that was also located in the same data center. The complete vulnerability report is shown in the following figure: What action should Dan take next?
He should take no action.
Ria wants to deploy an anti-malware tool to analyze zero-day malware. Which type of data analysis method should she perform to achieve the given task?
Heuristic
Which of the following methods of analysis identifies the nature of an entity by subjecting it to a particular environment?
Heuristic
Which type of analysis is used to detect threats based on their behavior?
Heuristic
Which minimum level of impact must a system have under FISMA before an organization is required to determine what information about the system is discoverable by adversaries?
High
Gary is a system administrator for a federal agency. In the agency, he is responsible for a variety of information systems. Which of the following systems categories must be covered by vulnerability scanning programs of Garry's agency in the given scenario?
High-impact, moderate-impact, and low-impact systems
An analyst has received unusual alerts on the security information and event management (SIEM) dashboard. The analyst wants to get payloads that hackers are sending toward the target system without impacting the business operation. Which of the following should the analyst implement to achieve this task in the given scenario?
Honeypot
Andrew works as a security administrator for uCertify Inc. He wants to capture attack details on the organization's network that are occurring while also protecting the organization's production network. Which of the following will he implement to accomplish the given task?
Honeypot
Ben works as a security analyst in an organization. He sets up a system that acts like a vulnerable host to observe an attacker's behavior. Which type of system has Ben set up in the given scenario?
Honeypot
The security team of an organization has trapped attackers in an isolated environment where they are being monitored. The team has also tricked these attackers into believing that they are causing damage to the organization's systems. Which of the following practices is used by the security team in the given scenario?
Honeypot
Which type of system allows attackers to believe they have succeeded with their attack, thus providing defenders with information about their attack methods and tools?
Honeypot
Charles is building an incident response playcourse for his organization that will address command and control (C&C) client-server traffic detection and response. Which of the following information sources is least likely to be part of his playcourse?
Honeypot's data
Which of the following technologies is not generally used to implement network segmentation?
Host firewall
Harry recently joined an organization. His organization runs the majority of its services on a virtualization platform located in its data center but also leverages an IaaS provider for hosting its web services and a SaaS email system. Which of the following cloud environments is used by this organization in the given scenario?
Hybrid cloud
Which cloud computing deployment model requires the use of a unifying technology platform to tie components together from different providers?
Hybrid cloud
Which of the following operating system mediates access to the underlying hardware resources in a virtualized datacenter?
Hypervisor
Which of the following terms is not typically used to describe the connection of physical devices to a network?
IDS
While reviewing the monthly Internet usage, Ann, a security analyst, noticed that there is a large spike in traffic classified as "unknown" and does not appear to be within the bounds of an organization's acceptable use policy (AUP). Which of the following tools or technologies will work best for her to obtain more information on this traffic?
IDS logs
The United States has threat intelligence sharing centers for major areas like healthcare, aviation, and finance. What are these centers called?
ISAC
Which of the organizations did the U.S. government help in sharing threat information to infrastructure owners and operators?
ISACs
Roger is the chief information officer (CIO) for a midsize manufacturing firm. He recently returned from a meeting of the board of directors where he had an in-depth discussion about cybersecurity. One member of the board who is familiar with the International Organization for Standardization (ISO) standards in manufacturing quality control, asked if there was an ISO standard covering cybersecurity. Which standard is most relevant to the director's concern in the given scenario?
ISO 27001
Paul is researching models for providing guidance on best practices in the industry for implementing an information technology help desk. Which of the following standard frameworks should Paul use for this implementation?
ITIL
Rex works as a cybersecurity analyst in an organization. He has been asked to improve the delivery of IT services. Management requests him to follow the guidelines outlined in available frameworks. Which framework would Rex most likely use?
ITIL
Which of the following allows a user to deploy, configure, and manage data centers through scripts?
IaC
Which of the following is not typically found in a cybersecurity incident report?
Identification of an attacker performing an attack
Ben works as a cybersecurity analyst in an ABC organization. He is preparing to conduct a cybersecurity risk assessment process for his organization. For the risk assessment, he chooses to follow the standard process proposed by NIST. Which of the following steps be the first step that Ben would perform in the given scenario?
Identify threats.
What strategy does the National Institute of Standards and Technology (NIST) suggest about identifying attackers during an incident response process?
Identifying attackers is not an important part of the incident response process
Bethany is a vulnerability management specialist for a large retail organization. She completed her last PCI DSS compliance scan in March. In April, the organization upgraded its point-of-sale system and Bethany is preparing to conduct new scans. When must Bethany complete the new scan in the given scenario?
Immediately
Peter's organization recently upgraded a firewall that protects a network where employees process credit card information. This network is subject to the provisions of the Payment Card Industry Data Security Standard (PCI DSS). When is Peter required to schedule the vulnerability scan of the network in the given scenario?
Immediately
A man-in-the-middle attack is an example of which type of threat vector?
Impersonation
Roland received a security assessment report from a third-party assessor, which indicated that one of the organization's web applications is susceptible to the OAuth redirect attack vulnerability. Which type of attack would this vulnerability allow an attacker to wage?
Impersonation
Which of the following attacks includes an email purporting from a trusted coworker or manager?
Impersonation
Your organization is merged with another organization in legal jurisdiction and wants to improve its network security posture in ways that do not require additional resources to implement data isolation. Which of the following would be the best solution for improving the organization's network security?
Implementing network segmentation
Which of the following activities is not normally conducted during the recovery validation phase?
Implementing new firewall rules
During a web application test, Ben, an application developer, prepares a report for the issues reported during the testing of the application. He discovers that the application shows SQL code as part of an error provided to application users. What should he note in his report in the given scenario?
Improper error handling
As Lauren prepares her organization's security practices and policies, she wants to address as many threat vectors as she can using an awareness program. Which of the following threats can be most effectively dealt with via an awareness program?
Improper usage
Kathleen works as a data analyst in an organization. She needs to find data contained in memory but only has an image of an offline Windows system. Where does she have the best chance of recovering data she needs in the given scenario?
In %SystemRoot%\MEMORY.DMP
Alex, a technician in an organization, is conducting a forensic examination of a Windows system and wants to determine if an application was installed. Where can he find the Windows installer log files for a user named Jim?
In C:\Windows\Jim\AppData\Local\Temp
During an investigation, Jeff, a certified forensic examiner, is provided with a drive image created by an IT staff member and is asked to add it to his forensic case. If the case goes to court and Jeff's procedures are questioned, he can encounter an issue. Which of the following is the most important issue that Jeff can encounter?
Inability to certify the chain of custody
Ben works as a security analyst in an organization. His organization uses an IP reputation service to block outbound access to all sites that are flagged with a negative reputation score. Which of the following can be the consequences of this issue of negative reputation score in the given scenario?
Inadvertent blocking of sites due to false positives.
Which of the following statements is not true about ATT&CK matrices?
Include metadata like the author, the name of the IOC, and a description.
Which one of the following conditions would not result in a certificate warning during a vulnerability scan of a web server?
Inclusion of a public encryption key
What are the advantages of using an IaC approach? Each correct answer represents a complete solution. Choose all that apply.
Increases the reusability of code Increases the speed of infrastructure creation Reduces the likelihood of configuration errors by leveraging common templates
What are the advantages of using an IaC approach? Each correct answer represents a complete solution. Choose all that apply.
Increases the reusability of code Increases the speed of infrastructure creation Reduces the likelihood of configuration errors by leveraging common templates
Which of the following is a characteristic of DevOps approaches to software development and technology?
Increasing the frequency of application releases
Who is the best facilitator for a post-incident lessons learned session?
Independent facilitator
Which of the following type of threat assessment data uses forensic evidence or data?
Indicators of compromise
Which of the following control models describes the five core activities associated with ITSM as service strategy, service design, service transition, service operation, and continual service improvement?
Information Technology Infrastructure Library (ITIL)
The following figure signifies the Diamond Model of Intrusion: What does the question mark symbol represent on each vertex of the given figure?
Infrastructure and capability
Under the shared responsibility model, in which cloud computing environment is a customer responsible for securing an operating system?
Infrastructure as a service
Roma works as a penetration tester in an organization. She is performing a penetration test for a customer and identifies a client machine that is downloading the contents of the customer database, which stores the customer's intellectual property. After that, she also identifies an employee who is exporting the downloaded data to a USB drive. Which type of threat actor is being referred to in the given scenario?
Insider threat
You suspect that few employees in your organization are sending confidential data outside of the organization via an email message, posing a threat to the organization. As a security administrator, which of the following will you implement to mitigate such threats?
Install a network-based DLP.
Which of the following stages of the Lockheed Martin's Cyber Kill Chain process focuses on persistent backdoor access for attackers?
Installation
Which phase of the Cyber Kill Chain process includes the creation of persistent backdoor access for attackers?
Installation
A network security engineer wants an employee, who uses email messaging to provide PII to others regularly, to assure that their messages are not intercepted or altered during any transmission. The network security engineer is concerned about which of the following types of security control objectives in the given scenario?
Integrity
Gabby works as a software tester in an organization. She wants to insert the data into the response received from her web browser to a web application. She wants to easily make manual changes into the data sent from the web browser when she interacts with the website. Which type of tool should Gabby use to make these changes in the given scenario?
Interception proxy
Which of the following site helps a user to find an older copy of their website?
Internet Archive
Which organization manages the global IP address space?
Internet Assigned Numbers Authority (IANA)
A network administrator must install a device that will proactively stop outside attacks from reaching the LAN. Which of the following devices should a network administrator install in the given scenario?
Intrusion prevention system (IPS)
Alice works as a cybersecurity analyst in an organization. While monitoring, she confers with other team members and decides that even allowing limited access to other systems is an unacceptable risk and decides to prevent the quarantine VLAN from accessing any other systems by putting firewall rules in place that limit access to other enterprise systems to cut off an attack. Which strategy is Alice pursuing in the given scenario?
Isolation
Which of the following statements are true about function as a service (FaaS)? Each correct answer represents a complete solution. Choose all that apply.
It allows cloud customers for the serverless application architecture. It is used to execute or trigger functions written by developers. It offers Amazon's Lambda services.
Which of the following is the common criticism of the Cyber Kill Chain model?
It includes actions outside a defended network.
Which of the following statements explains the jump box?
It is a system used to access and manage systems or devices in another security zone from where a user belongs.
Which of the following are characteristics of an information systems security audit? Each correct answer represents a complete solution. Choose all that apply.
It is conducted on behalf of a third party. It results in a formal statement. It is conducted by internal groups.
Cheryl, a security analyst, has decided to use Wireshark for capturing and analyzing network data in a GUI. What advantages of Wireshark must be the reasons behind Cheryl's decision? Each correct answer represents a complete solution. Choose all that apply.
It provides detailed information about packets within a network. It is available for multiple platforms, such as Windows and Android.
Frederick works as an assistant manager in an organization. His organization has been informed that data must be preserved due to pending legal actions. What is this process of preserving data called?
Legal hold
Which of the following forensic tool capabilities preserves all forms of potentially relevant information when litigation is pending or reasonably anticipated?
Legal hold
Mark works as an incident team lead at XYZ Inc. Following the successful response to a data-leakage incident, he facilitates an exercise that focuses on continuous improvement of the organization's incident response capabilities. Which of the following he has facilitated in the given scenario?
Lessons learned report
Mark, a security analyst, wants to analyze an incident and determine actions that were taken during the analysis and steps needed to prevent a future occurrence. Which of the following will he use in the given scenario?
Lessons learned report
Charles wants to limit what potential attackers can gather during passive or semi-passive reconnaissance activities. Which of the following actions will reduce his organization's reconnaissance the most?
Limit information available via an organization's website without authentication.
Jeff, an investigating officer, is investigating a system that is running malware, which encrypts its data on a drive. Which of the following processes should he use to have the best chance of viewing data in the given scenario?
Live imaging
Ryan is concerned about the possibility of a distributed denial-of-service attack against his organization's web portal. Which one of the following types of testing would best evaluate the portal's susceptibility to this type of attack in the given scenario?
Load
Which process is used to ensure that an application can handle very high numbers of concurrent users or sessions?
Load testing
Joseph works as a security analyst in an organization. While analyzing malware, Joseph notes that this malware has encrypted files. For security purposes, he instantly prevented the organization's main web application server from sharing files. Which type of impact has he noted in the given scenario?
Localized, immediate impact
Charleen's incident response team is fighting a rapidly spreading zero-day malware package on a system that silently installs a vulnerability via Adobe Flash when an email attachment is viewed through webmail. After identifying the compromised system, she determines that the system is beaconing to a group of fast flux DNS entries. Which of the following techniques is best suited to identify other infected systems?
Log DNS queries to identify compromised systems.
Which of the following criteria is not normally used when evaluating the appropriateness of a cybersecurity incident containment strategy?
Log records generated by the strategy
Which of the following values for the CVSS attack complexity metric would indicate that the specified attack is simplest to exploit?
Low
Rex is a security administrator for a company. He wants to limit the security team's ability to remediate vulnerabilities. Which of the following business documents should he use as a reference for remediating such vulnerabilities? Each correct answer represents a complete solution. Choose two.
MOU SLA
Which of the following is not a commonly recommended best practice of the incident analysis process based on NIST's guidelines?
Maintain backups of every system and device.
During a forensic investigation Ben, a forensic analyst, asks Chris, another forensics expert, to sign off the actions he has taken. What is Ben doing by asking Chris to sign off in the given scenario?
Maintaining the chain of custody documentation
Tony and Mal are friends. Tony wants to check the digital signature of an encrypted email that he received from Mal. Which of the following keys does Tony need to verify that the email is from Mal?
Mal's public key
Which of the following data elements would not normally be included in an evidence log?
Malware signatures
Darren works as a risk analyst in an organization. For the security of his organization, he is updating the organization's risk management process. Which type of control is Darren creating by performing the task in the given scenario?
Managerial
Colin wants to implement a security control in the accounting department of his organization that is specifically designed to detect cases of fraud that occur despite the presence of other security controls. Which of the following controls is best suited to meet his need?
Mandatory vacation
Which security company creates and provides a base set of indicators of compromise (IOC) used by OpenIOC?
Mandiant
Which of the following primary modes of data acquisition involves reviewing the content of the live and an unlocked phone and taking pictures and notes about what is found?
Manual access
What does the MAC address of a rogue device tells a user?
Manufacturer of the device
Which of the following is a component of the COBIT framework that allows a company to have its methods and processes assessed according to management best practices against a clear set of external benchmarks?
Maturity model
Ben is working in an IT services organization that uses the National Institute of Standards and Technology (NIST) functional impact categories to describe the impact of incidents. During a recent construction project, a contractor plugged a network device to the same switch twice, resulting in a network loop and taking down the organization's network for one-third of its users. Which functional impact category should Ben use to classify the event given in the scenario?
Medium
Ben, a security analyst in an organization, is working to classify the functional impact of an incident. The incident has disabled email services for approximately 30 percent of his organization's staff. According to the NIST scale, in which of the following categories should, Ben classify the functional impact of the incident in the given scenario?
Medium
Kevin is a security analyst in a large scale organization. He recently identified a new security vulnerability and computed its CVSS base score as 6.5. Under which risk category would this vulnerability fall in the given scenario?
Medium
Which phase of the Fagan inspection process identifies defects based on notes from the preparation phase?
Meeting
Which of the following is a written document and used in those cases where parties do not imply a legal commitment or situations where parties are unable to create a legally enforceable agreement?
Memorandum of understanding
Before sending a Word document, a user uses the built-in Document Inspector to verify that the document does not contain hidden content. Which of the following process is defined in the given scenario?
Metadata scrubbing
Which of the following tools does not provide real time drive capacity monitoring for Windows?
Microsoft Endpoint Configuration Manager
Bob recently implemented an intrusion prevention system designed to block common network attacks from affecting his organization. Which type of risk management strategy is he implementing in the given scenario?
Mitigation
Brian, a data analyst in an organization, is seeking to determine the appropriate impact categorization for a federal information system as he plans the vulnerability scanning controls for that system. After consulting the management of his organization, he discovers that the system contains information that, if disclosed improperly, would have a serious adverse impact on the organization. In which of the following categories should the system be categorized in the given scenario?
Moderate
Danielle works as a data analyst in an organization. As part of her job, she sets an alarm to notify her team via an email if her Windows server uses 80 percent of its memory and to send a text message if it reaches 90 percent utilization. Which of the following options represents the task performed by Danielle in the given scenario?
Monitoring threshold
Riana works as a security administrator for a company. She observes that the company's web server is using Transport Layer Security (TLS) version 1.0 and is subjected to eavesdropping attacks. Which of the following actions will be best for her to take in resolving this issue in the given scenario?
Move from TLS 1.0 to TLS 1.2.
A user fell for a phishing scam and provided their password and personal information to an attacker. Which layered security approach is not an appropriate layer for the user to implement to protect themselves from future issues?
Multitiered firewall
Ashley is working with software developers to evaluate the security of an application they are upgrading. She is performing testing that slightly modifies the application code to help in identifying errors in code segments that might be infrequently used. Which type of testing is she performing in the given scenario?
Mutation testing
Alex needs to deploy a solution that will limit access to his network to only authorized individuals while also ensuring that systems that connect to the network meet his organization's patching, antivirus, and configuration requirements. Which of the following will Alex implement to meet the requirements in the given scenario?
NAC
An incident response report discovers a virus that was introduced through a remote host connected to corporate resources. A cybersecurity analyst has been asked for a recommendation to solve this issue. Which of the following should the cybersecurity analyst apply in the given scenario?
NAC
Which of the following technologies is suited to prevent wired rogue devices from connecting to a network?
NAC
Which type of firewall provides the greatest degree of contextual information and can include information about users and applications in its decision-making process?
NGFW
Which of the following threat actors are often associated with advanced persistent threat (APT) organizations?
Nation-state actors
Which of the following threat actors typically has the greatest access to resources?
Nation-state actors
Which utility will you use to connect and directly interact with a service?
Netcat
Which tool is used to capture the IP traffic information that allows analysis of traffic flow and volume?
Netflow
During a network reconnaissance exercise, Max gains access to a PC located in a secure network. If he wants to locate a database and web servers that his company uses, which command-line tool can he use to gather information about other systems on a local network without installing additional tools or sending additional traffic?
Netstat
Tom works as a security analyst in an organization. He reviews a vulnerability scan report and finds that one of the servers on his network suffers from an internal IP address disclosure vulnerability. Which technology is used on this network that resulted in this vulnerability in the given scenario?
Network Address Translation
Which of the following protocols provides a common source of time information that allows the synchronizing of clocks throughout an enterprise?
Network Time Protocol (NTP)
Robert works as a security analyst in an organization. His organization has a Bring Your Own Device (BYOD) policy and he would like to ensure that devices connected to the network under this policy have current antivirus software. Which technology can best assist Robert to accomplish the given task in this scenario?
Network access control
Jose is concerned that his organization is facing a large number of social engineering attacks. Which of the following controls is least likely to be effective against these attacks?
Network firewall
Bruce is concerned about the security of an industrial control system that his organization uses to monitor and manage systems. He wants to reduce the risk of an attacker penetrating this system. Which of the following security controls would best mitigate vulnerabilities in this type of system?
Network segmentation
When an organization handles sensitive data, it is required that the organization must apply a security control so that all employees working with that data are not able to share that information with unauthorized individuals. Which security control would best protect the integrity of data in the given scenario?
Nondisclosure agreement
Which of the following is an administrative control that can protect the confidentiality of sensitive information?
Nondisclosure agreement
Hank works as a security analyst in a company. He is responding to a security event where the CEO of his company had her laptop stolen. The laptop was encrypted but contained sensitive information about the company's employees. In which of the following NIST information impact categories, should Hank classify the impact of this security event?
None
In which of the following cloud computing service models does a customer share responsibility with a cloud provider for datacenter security?
None of these
Sondra works as a cybersecurity analyst. She determines that an attacker has gained access to a server containing critical business files and wishes to ensure that the attacker cannot delete those files. Which of the following strategies would meet Sondra's goal in the given scenario?
None of these
Which of the following statements is true about bare-metal virtualization?
None of these
Which one of the following is not an appropriate criterion to use when prioritizing remediation of vulnerabilities?
None of these
Which of the following objectives is not one of the three main objectives that information security professionals must achieve to protect their organizations against cybersecurity threats?
Nonrepudiation
Which nmap feature is enabled with the -O flag?
OS detection
What term describes information from publicly available sources used for intelligence purposes?
OSINT
Eric leads a team of software developers and wants to help them in understanding the most important security issues in web application development. Which of the following sources would provide Eric with the most useful resource?
OWASP
Sam works as a security analyst in an XYZ company. He sends threat intelligence information to his manager in a machine-readable format so that the manager can verify it. In that format, Mandiant's indicators are used by Sam for the base framework. Which format did Sam use in the given scenario?
OpenIOC
Mark is a cybersecurity analyst for a nonprofit company. He wants to begin a vulnerability scanning program for the company but does not have any available funds to purchase a tool. Which open source tool can he use at no cost in the given scenario?
OpenVAS
Which of the following security architectural views would provide details about the flow of information in a complex system?
Operational
Which of the following types of view describes how a function is performed and what it achieves?
Operational
Jack received an unknown call from a girl saying that she is a customer executive calling from an XYZ bank. She informed Jack that he won a prize of $2000 and the same amount will be transferred to his account as he is one of the prime customers of this bank. For this amount transfer, she requested Jack to confirm his debit card details. In the given scenario, the girl is playing which threat actor role?
Organized crime
Wendy is a security administrator for a membership association that is planning to launch an online store. As part of this launch, she is responsible for ensuring that the website and associated systems are compliant with all relevant standards. Which regulatory standard will Wendy use to specifically cover credit card information?
PCI DSS
Which of the following contractual obligations applies to merchants and service providers who work with credit card information?
PCI DSS
During their organization's incident response preparation, Charles and Linda are identifying critical information assets that an organization uses. Their organizational data sets include a list of customer names, addresses, phone numbers, and demographic information. By using which of the following should Charles and Linda classify this information?
PII
Perry, a software developer, writes code in PHP for her company. The company is moving a self-hosted PHP environment to one platform where Perry will run her code on application servers managed by a cloud vendor. What type of cloud solution is Perry's company considering?
PaaS
Chris works as a network administrator in an organization. He is reviewing proxy logs while monitoring for systems that are participating in a botnet. Which of the following types of data will he not be able to see in his proxy logs?
Packet payload
Gina, an attacker, gained access to a client's AWS account during a penetration test. She would like to determine which level of access she has to the account. Which of the following tools would help Gina to determine the level in the given scenario?
Pacu
Max works as a penetration tester in an organization. He acquired access to a client's Amazon Web Services (AWS) account while performing penetration testing on a system. He would like to determine which access level does a client have to the account. Which of the following tools would help Max to determine the level in the given scenario?
Pacu
Jim is helping a software development team to integrate security reviews into their code review process. He would like to implement a real-time review technique. Which of the following approaches will help Jim to accomplish the given task in the given scenario?
Pair programming
Sia and Maria work as a software developer on a project in an ABC organization. Both are working on the same workstation. For the quality of the project, Sia writes the code and Maria reviews the code written by Sia so that multiple developers are familiar with the code. Which of the following techniques Sia and Maria are pursuing in the given scenario?
Pair programming
Precompiled SQL statements that only require variables for the input are an example of which type of application security control?
Parameterized queries
Kristen works as a software tester in an organization. She wants to implement a code review but has a distributed team that works in different shifts during the day. She also does not want to create any additional support load for her team with new development environment applications. Which type of review process will work best for Kristen's needs in the given scenario?
Pass-around
Which of the following monitoring methods relies on acquiring data about a network as traffic flows through a location on a network link?
Passive monitoring
Allen needs to evaluate, test, and deploy software updates. Which of the following management techniques will she use?
Patch
Which of the following is not a common technique used to defend against command and control (C2) capabilities deployed by attackers?
Patching against zero-day attacks
Which of the following three options are most likely to be used to handle a memory leak?
Patching, service restarts, and system reboots
Which of the following is an example of operational security control?
Penetration test
Which of the following uses active tools and security utilities to find security by simulating an attack on a system?
Penetration test
James works as a security administrator for a company. He wants to actively test that an application's security controls are in place or not. Which of the following assessments will he perform to test the application in the given scenario?
Penetration testing
Which Windows tool provides detailed information including information about USB host controllers, memory usage, and disk transfers?
Perfmon
An alert has been distributed throughout the information security community regarding a critical Apache vulnerability. Which of the following courses of action would only identify the known vulnerability?
Performing a scan for the specific vulnerability on all web servers
Charles works as a security analyst in an organization. He is worried about users conducting SQL injection attacks. Which of the following solutions will best address Charles's concerns in the given scenario?
Performing user input validation
Which of the following parties is not a target of external communications during an incident?
Perpetrator
A fire suppression system is an example of which type of control?
Physical
Catherine is working with an architect on the design of a new data center for her organization. She wants to design an intrusion alarm in the data center that will notify security personnel for an attempted break-in to the facility. Which type of control is she designing in the given scenario?
Physical
Chris works as a network administrator in an organization. He wants to use an active monitoring approach to test his network. Which of the following techniques is appropriate for Chris to test the network in the given scenario?
Pinging remote systems
During which phase of a penetration test will a tester obtain written authorization to conduct the test?
Planning
Pete, a network administrator, wants to create an entire virtual network with all of the virtual devices needed to support a service or an application. Which of the following cloud models will he use to accomplish the task?
Platform as a service
Tommy is a team leader of the computer security incident response team (CSIRT) for his organization and is responding to a newly discovered security incident. To respond to the incident, he is following step-by-step instructions that he might follow in the early hours of the response effort. Which of the following document is most likely to contain instructions mentioned in the above scenario?
Playcourse
Michelle works as a network administrator in a corporate. She has been asked to review her corporate network's design for single points of failure that would impact the core network operations. After the review, she analyzed that the following figure that shows a redundant network design with a critical fault, which is a single point of failure. If the point of failure failed, it could take the network offline. According to the scenario, where is this single point of failure in the given figure?
Point A
Which of the following documents are the highest-level component of an organization's cybersecurity program?
Policies
Which of the following document types would outline the authority of CSIRT responding to an active security incident?
Policy
Which of the following documents must be approved by the CEO or an equivalent high-level executive?
Policy
Adam is performing an internal security assessment and wants to identify services running on servers. Which of the following will he use to identify services available on servers?
Port scan
Rena, a network administrator, wants to check which services are exposed to the outside world. Which tool would she use to accomplish this?
Port scanner
During an incident response process, Cynthia conducts a lessons-learned review for project management improvement. Which phase of the incident response process is she performing in the given scenario?
Post-incident recovery
A security administrator wants to manage both local and remote hosts together on a Windows system. Which of the following can a security administrator use to accomplish the given task?
PowerShell
Dan is designing a segmented network that places systems with different levels of security requirements into different subnets with firewalls and other network security devices between them. In which phase of the incident response process is Dan working in the given scenario?
Preparation
During which phase of the incident response process will an organization implement cybersecurity defenses designed to reduce the likelihood of a security incident?
Preparation
Greg works as a cybersecurity analyst in an organization. He recently conducted an assessment of his organization's security controls and discovered a potential control gap that the organization does not use full-disk encryption on laptops. Which type of control gap exists in this scenario?
Preventive
Which of the following controls are intended to stop an incident from occurring by taking proactive measures to stop threats?
Preventive controls
Jill works as a security analyst for an ABC company. The higher authority of his company is considering cloud migration for the production environment, which handles marketing, billing, and logistics. They asked Jill for recommending a model to accomplish their goal. Which cloud deployment model will Jill recommend using in the given scenario?
Private cloud
Gavin is tracing the activities of an attacker who compromised a system on his network. The attacker appears to have used the credentials belonging to a janitor. After doing so, the attacker entered some strange commands with very long strings of text and then began using the sudo command to carry out other actions. What type of attack appears to have taken place in the given scenario?
Privilege escalation
Some users are able to obtain access to additional resources or functionality that they are normally not allowed to access. Which type of attack is being referred to in the given scenario?
Privilege escalation
Which of the following CVSS metrics contains information about the type of account access that an attacker must have to execute an attack?
Privileges required
Shelly works as a risk analyst in an organization. She is writing a document that describes the steps that incident response teams will follow on the basis of the first notice of a potential incident. Which type of document is she creating in the given scenario?
Procedure
Which of the following elements is not normally found in an incident response policy?
Procedures for rebuilding systems
Which of the following activities ensures that you have reviewed threats, their causes, and their typical actions and processes?
Profiling threat actors and activities
Karen works as a security analyst in an organization. She is responding to a security incident that resulted from an intruder stealing files from a government agency. These files contained unencrypted information about protected critical infrastructure. In which of the following category, can Karen rate the information impact of this loss from intruder stealing?
Proprietary breach
Which of the following Open Web Application Security Project (OWASP) best practices is satisfied using TLS to protect application traffic?
Protect data
Which of the following is not a reason that penetration testers often perform packet capture while conducting port and vulnerability scanning?
Provide plausible deniability.
What is the primary role of management in the incident response process?
Providing authority and resources required during a response
Tony works as a security analyst in an organization. He purchases virtual machines from Microsoft Azure and uses them exclusively for services such as analytics, virtual computing, storage, networking, and much more. Which of the following model of cloud computing is referred to in the given scenario?
Public cloud
Which of the following activities applies physical or logical techniques that render target data recovery infeasible using state-of-the-art laboratory techniques?
Purge
Asa works as a customer executive in an organization. She believes that her organization is using data, which was collected from customers for technical support, for commercial and marketing purposes without the customer's permission. Which principle is most likely being violated in the given scenario?
Purpose limitation
Harry is a security analyst for the ABC project. He is working with his project team to prioritize identified risks within the ABC project. He and his team are prioritizing risks for further analysis or action by assessing and combining the probability of the occurrence and impact of the risk by substituting subjective judgment for objective data. Which of the following is Harry performing in the given scenario?
Qualitative risk assessment
A company claims that it is following Generally Accepted Privacy Principles (GAPP) privacy practices. As per one of the practices, the company insists that it will maintain accurate and complete information about its employees. Which of the following practices is being referred to in the given scenario?
Quality
Ryan, a system engineer in an organization, is facing some issues in his system while working. To resolve this issue, he decided to use a vulnerability scanner that offers a deployment model using the SaaS management console and appliances located both in on-premises datacenters and the cloud. Which of the following scanner is he using in the given scenario?
Qualys's vulnerability scanner
Taylor is reviewing the results of a security assessment and evaluating potential risk treatment strategies. To prioritize response actions, she uses cost-based metrics to identify the exposure factor of the weakness identified. Which of the following is she performing to review the results in the given scenario?
Quantitative risk assessment
Tonya, a cybersecurity analyst in an organization, is configuring vulnerability scans for a system that is subject to the PCI DSS compliance standard. What is the minimum frequency with which she must conduct scans in the given scenario?
Quarterly
During the 802.1x authentication process, which protocol does the authenticator use to communicate with the authentication server?
RADIUS
In which format does the dd utility is used to clone drives?
RAW
Which of the following flaw types is an application that needs to take action on an object that may be sensitive to what is occurring or has occurred to that object?
Race condition
Rena works as an employee in a company. She is facing an issue that her system's screen becomes blank with a message requesting payment or else her hard drive will be formatted. Which of the following types of malware is on Rena's system?
Ransomware
An enterprise has a vulnerability scanning tool installed that generates contextual risk-based scores and reports for vulnerabilities on enterprise software and hardware platform. Which of the following vulnerability scanning tools is being used in the enterprise?
Rapid7 Nexpose
Renee, a network administrator in an organization, is configuring her vulnerability management solution to perform credentialed scans of servers on her network. Which type of account can be used in the scan process in the given scenario?
Read-only
Which tool defines the following statement given below: "It is a specialized tool used to find WPA and WPA2 passphrases specifically on networks that support the WPS feature."
Reaver
Which tool is used to find Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access II (WPA2) passphrases specifically on networks that support the Wi-Fi Protected Setup (WPS) feature?
Reaver
Which team plays the role of an attacker during a penetration test?
Red
Barry, a cybersecurity analyst, is participating in a cybersecurity wargame exercise. His role is to attempt to break into adversary systems. In which team does Barry belong to?
Red team
Ed, Barb, and Sophia are cybersecurity analysts in the Golden Dome enterprise. The enterprise is conducting a cybersecurity exercise designed to test the effectiveness of its security controls. For conducting the cybersecurity exercise, participants have been divided into different teams to perform different functions. The team led by Ed is responsible for facilitating the exercise and arbitrating rules disputes. Barb's team is responsible for securing systems in the exercise environment and defending systems against attacks. Sofia's team is conducting offensive operations and attempting to break into systems protected by Barb's team. Which of the following terms best describes the role that Sofia's team playing in the exercise?
Red team
Which of the following describes offensive participants in a tabletop exercise?
Red team
Mike works as a security analyst in an organization. He installs a firewall in front of a previously open network to prevent the systems behind the firewall from being targeted by external systems. What did Mike do in the given scenario?
Reduced the organization's attack surface
Which of the following is not a common DNS anti-harvesting technique?
Registering manually
Curt is conducting a forensic analysis of a Windows system and needs to determine whether a program was set to run automatically. Which of the following locations should he check to determine the program setting given in the scenario?
Registry
A company has developed an application that is undergoing the testing process. According to the results of the testing process, some changes have been made to the application. The company now wishes to check whether or not the changes made in the application have caused a failure in the previously existing functionality. Which test should the company perform in the given scenario?
Regression
Haley, a security administrator, is planning to deploy a security update to an application provided by a third-party vendor. She installed a patch in a test environment and would like to determine whether applying the patch creates other issues. Which type of test can Haley run to best determine the impact of applying the patch in the given scenario?
Regression
Sam works as a software developer in an organization. He is working on a web application for its improvement. For the improvement of the web application, a major patch is released. After the release of the patch, Sam proceeds to run the security scanner against the web application to verify that it is still secure. Which of the following processes is Sam conducting in the given scenario?
Regression testing
A user is responding to a security incident and determines that an attacker is using the Internet on systems on the user's network to attack a third party. Which of the following containment approaches will prevent the user's system from being used by the attacker in the given scenario?
Removal
After observing an attacker on the wireless connection of a system, a user decides to detach the Internet connection entirely, leaving the system running but inaccessible from outside the quarantine VLAN. Which strategy is the user pursuing to accomplish his goals in the given scenario?
Removal
Jamie works as a security worker in an organization. After a major compromise in an organization, he needs to conduct a forensic examination of the compromised systems. Which containment method should Jamie use to ensure that he can fully investigate systems that were involved while minimizing the risk to his organization's other production systems?
Removal
Jen works as a Windows server administrator in an organization. She identified a missing patch on a Windows server that might allow an attacker to gain remote control of her system. After consulting with her manager, Jen applied the patch on the Windows server where the patch was missing. From a risk management perspective, what has she done by applying a patch in the given scenario?
Removed the vulnerability
Which of the following activities is not part of the vulnerability management life cycle?
Reporting
Kathleen works as a project manager in an organization. She wants to build a public API for modern service-oriented architecture. Which of the following models is likely Kathleen's best choice to build this architect in the given scenario?
Representational State Transfer (REST)
Bethy, a software developer, received a report from her company's cybersecurity team that a vulnerability scan detected a SQL injection vulnerability in one of her applications. She examines her code and modifies a test environment that she believes will correct the issue. What should she do next after examining her code and modifying the test environment?
Request a scan of the test environment to confirm that the issue was corrected.
Which of the following is not a purging activity?
Resetting a device to a factory state
Rex works as a security analyst for an organization. After performing a security audit, he realizes that one of the biggest issues which the organization is facing is to continue practicing outdated procedures that do not contribute to defense-in-depth. Which of the following will Rex use to resolve the issue in the given scenario?
Retirement of processes
Chris is in charge of his organization's Windows security standard, including their Windows 7 security standard life cycle. He has recently decommissioned the organization's last Windows 7 system. Which of the following is the next step in this security standard's life cycle in the given scenario?
Retiring the Windows 7 standard
Which of the following is a process of discovering the technological principles of a device, an object, or a system through analysis of its structure, function, and operation?
Reverse engineering
Which of the following options is frequently conducted in the requirements gathering phase of the intelligence cycle?
Review of security breaches or compromises an organization has faced
Which of the following actions is not a common activity during the recovery phase of an incident response process?
Reviewing accounts and adding new privileges
During the Fagan code inspection, which stage can redirect to the planning stage?
Rework
Grace works as a risk analyst in an organization. She recently completed a risk assessment of her organization's exposure to data breaches and determined that there is a high level of risk related to the loss of sensitive personal information. After considering a variety of approaches, including the expensive insurance policy for securing data, she decided not to take any additional action. Which of the following risk management strategies is being used by Grace in the given scenario?
Risk acceptance
James during a code review notices a security risk that may result in hundreds of hours of rework. The security team has classified these issues as low risks. So, the management has decided that the code will not be rewritten. The given scenario is an example of which of the following risk response techniques?
Risk acceptance
Rio is a risk manager for a large-scale company. The company recently evaluated the risks of mudslides in the Texas's region for the company's project. Due to these risks, the company determined that the cost of responding to risks is greater than the benefits of any controls, which the company could implement. So, as a risk manager, Rio chose not to take any action at this time. What risk strategy did Rio pursue in the given scenario?
Risk acceptance
Which term describes an organization's willingness to tolerate risk in their computing environment?
Risk appetite
A company is considering services it can successfully provide to its customers. One of the services, however, is deemed to be difficult to offer with a high degree of certainty of success. The organization has decided not to offer the service because of the risk in offering the service and failing. What risk management technique is used in this scenario?
Risk avoidance
A company named HAL Systems recently decided to stop offering public NTP services because of a fear that its NTP servers would amplify distributed denial-of-service (DDoS) attacks. Which type of risk management strategy did this company pursue with its NTP services?
Risk avoidance
Sasha, the project manager of a computer networking project, is monitoring the performance of her project. She decides to change the project plan to eliminate risks to protect the objectives of the project. Which of the following strategies is she using for tackling the risk in the given scenario?
Risk avoidance
Jack works as a risk administrator for a company. He is concerned about the risk of phones which is introducing security risks to the network. However, many employees need these devices for their work. So, he decides to allow phones only if they meet specific security criteria. Which risk response technique is best for him to implement?
Risk mitigation
Paul works as a risk analyst in an organization. He recently completed a risk assessment and determined that his network was vulnerable to hackers as the network was connecting to open ports on servers. He implemented a network firewall to reduce the likelihood of a successful attack. Which risk management strategy did Paul choose to pursue in the given scenario?
Risk mitigation
Sasha recently implemented an intrusion prevention system, which is designed to block common network attacks from affecting her organization. Which type of risk management strategy is she pursuing on the system in the given scenario?
Risk mitigation
In dealing with risks, which response is accomplished when an organization purchases insurance to protect the income when a disaster or threat is realized?
Risk transfer
After conducting a qualitative risk assessment of her organization, Sia recommends purchasing a cybersecurity breach insurance policy. What type of risk response behavior is she recommending to her organization in the given scenario?
Risk transference
Ria works as a cybersecurity analyst in an organization. She recently completed a risk assessment of her organization's exposure to data breaches and determined that there is a high level of risk related to the loss of sensitive personal information. After installing the web application firewall, she was worried about risks that are not addressed by the firewall and considered purchasing an insurance policy to cover those risks. Which of the following risk management strategies is being used by Ria to control the risk in the given scenario?
Risk transference
Which of the following is unauthorized equipment that is attached to a network or assets which create a side channel for an attack?
Rogue hardware
Which of the following pieces of information is most critical to conduct a solid incident recovery effort?
Root cause of an attack
An organization wishes to conduct the pen test to assess an organization's security posture. To conduct this test, the organization needs to specify various guidelines and constraints. Which of the following documents the same?
Rules of engagement
Vincent is a security manager for a U.S. federal government agency subject to FISMA. Which one of the following is not a requirement that he must follow for his vulnerability scans to maintain FISMA compliance?
Run complete scans on at least a monthly basis.
Ryan, a network administrator in an organization, is planning to conduct a vulnerability scan of a business-critical system using dangerous plug-ins. Which of the following would be the best approach to accomplish his task?
Run the scan in a test environment.
Jessica works as a cybersecurity analyst in an organization. She requires a system that allows the connection of physical devices and processes to networks and provides tremendous sources of data for organizations seeking to make their business processes more efficient and effective. Which of the following systems can she use as per the requirement in the given scenario? Each correct answer represents a complete solution. Choose all that apply.
SCADA IoT ICS
Colin is looking for a solution that will help him to aggregate many different sources of security information created in his environment and correlate those sources for relevant security issues. Which one of the following tools would assist Colin to accomplish the given task?
SIEM
Monica, a security administrator, wants to use a tool that will aggregate log and event data from the virtual and real networks, applications, and systems and also provides real-time reporting and alerting on information or events that may require intervention or other types of response. Which tool should she use in the given scenario?
SIEM
Which of the following enables security personnel to take defensive actions more quickly by providing real-time or near-real-time analysis of security alerts generated by network hardware and applications?
SIEM
Kieran is evaluating forensic tools and would like to consider the use of an open source forensic suite. Which of the following toolkits would best meet his needs?
SIFT
A company has purchased a new system but security personnel is spending a lot of time on the system's maintenance. A new third party vendor has been appointed for maintaining the company's system. Which of the following documents should be created before assigning this maintenance job to the new vendor?
SLA
Sofia works as a security analyst in an organization. She suspects that a system in her datacenter may be sending beaconing traffic to a remote system. Which of the following is not a useful tool to verify Sofia's suspicions about sending traffic in a given scenario?
SNMP
Alex has access to a full suite of network monitoring tools and wants to use appropriate tools to monitor network bandwidth consumption. Which of the following is a common method of monitoring network bandwidth usage? Each correct answer represents a complete solution. Choose all that apply.
SNMP Packet sniffing Flow
What are SNMP alert messages called?
SNMP traps
Which of the following concepts relies on a stack of security tools to collect data from a variety of security sources and then automatically respond to the sources?
SOAR
Which technology enables organizations to collect inputs monitored by the security operations team?
SOAR
Which NIST publication contains guidance on cybersecurity incident handling?
SP 800-61
An attack is performed on a web application where a string of characters is entered and input validation is bypassed to display some additional information. Which attack is being performed in the given scenario?
SQL injection
During a port scan of a server, Miguel discovered that the following ports are open on the internal network: TCP port 25 TCP port 80 TCP port 110 TCP port 443 TCP port 1433 TCP port 3389 The scan results provide evidence that a variety of services are running on this server. Which of the following services is not indicated by the scan results?
SSH
After running a nmap scan on a system, you receive scanned data, which indicates that the following three ports are open: 22/tcp80/tcp3306/tcp Which services commonly run on these given ports?
SSH, HTTP, MySQL
Which of the following is a standardized Extensible Markup Language (XML) programming language for conveying data about cybersecurity threats in a common language that can be easily understood by humans and security technologies?
STIX
Which six-category threat classification model developed by Microsoft is used to assess threats in an application?
STRIDE
Jack is considering to replace his company's customer relationship management (CRM) solution with a new product that is available in the cloud. This new solution is completely managed by a service provider and Jack's company will not have to write any code or manage any physical resources for this new project. Which type of cloud solution is being referred to in the given scenario?
SaaS
You work as an application developer at XYZ Inc. The company has to use the right type of cloud service to provide you with a complete packaged solution so that you can easily develop and test your applications. Which cloud service will the company use?
SaaS
A security administrator is constructing a development environment and places three virtual servers in a new virtual network to isolate them from the production network. Which of the following describes the environment that the administrator is building in the given scenario?
Sandbox
Which of the following tools may be used to isolate attackers so that they may not cause damage to production systems but may still be observed by cybersecurity analysts?
Sandbox
Which of the following techniques is used to automatically detect and block malicious software that does not match known malware signatures?
Sandboxing
You suspect a program contains malware on a cloud server. You want to test the program by safely executing it in an isolated environment. Which of the following techniques will you use?
Sandboxing
Which of the following is an act of permanently removing all the data from a storage device?
Sanitization
Which law requires publicly traded companies to have proper internal control structures in place to validate that their financial statements accurately reflect their financial results?
Sarbanes-Oxley
Which law governs the financial records of publicly traded companies?
Sarbanes-Oxley Act
Rachel is working as a cloud administrator at the XYZ company. As she is using file hosting service on the cloud, OneDrive, on her system, she is having limitless computing, storage, and networking resources available for her work. Which of the following specifies the given features of the cloud in the given scenario?
Scalability
Which of the following nmap's command-line flags uses a TCP SYN packet to verify a service response?
Scan technique
Which of the following activities does CompTIA classify as part of the recovery validation effort?
Scanning
Amanda works as a cloud security analyst in an organization. She would like to run a security configuration scan of the organization's Microsoft Azure cloud environment. Which of the following tools would be most appropriate for the scan in the given scenario?
ScoutSuite
Lisa, a cloud security administrator, wants to run a security configuration scan of a company's Microsoft Azure cloud environment. Which of the following tools would be most appropriate for Lisa to perform the scan in the given scenario?
ScoutSuite
Eric believes that his organization has several vulnerable systems that have been scanned by third parties. If he wants to check publicly available vulnerability information, which of the following should Eric perform?
Search for his domain in Shodan.
Which type of Windows event log is most likely to contain information about the deletion of a file?
Security
In an organization, several employees clicked on a link in a malicious message that bypassed the spam filter and as a result, their PCs were infected with malware. Which of the following would best prevent this situation from occurring in the future?
Security awareness training
Alex works for an organization that classifies security-related events using the National Institute of Standards and Technology's (NIST's) standard definitions. Which classification should Alex use when he discovers keylogging software on one of his executive's laptops?
Security incident
Alan works as a security analyst in an organization. He is responsible for developing his organization's detection and analysis capabilities for identifying a security incident that is taking place. To detect potential security incidents he would like to purchase a system that can combine log records from multiple sources. Which type of system is best suited to meet Alan's security objective in the given scenario?
Security information and event management
Which of the following contains records of the login/logout activity or other security-related events specified by the system's audit policy?
Security log
John is reviewing his organization's procedures for applying security patches and is attempting to align them with the best security practices. Which of the following statements are the best security practices for patching? Each correct answer represents a complete solution. Choose all that apply.
Security patches should be applied as soon as possible. Security patches should be thoroughly tested for unintended consequences. Security patches should follow a change management process.
A corporation has split its network into network zones that include sales, HR, research and development, and guest networks. Each zone is separated from other zones using network security devices. Which concept is the corporation using for their network security?
Segmentation
Alice works as a cybersecurity analyst in an organization. She is responding to a cybersecurity incident and notices a system that she suspects is compromised. She places the system on a quarantine VLAN with limited access to other networked systems. Which containment strategy is Alice pursuing in the given scenario?
Segmentation
As part of her post-incident recovery process, Alicia created a separate virtual network, as shown in the figure, to contain compromised systems she needs to investigate. Which containment technique is Alicia using in the given scenario?
Segmentation
Which of the following defense-in-depth concepts splits a network into subnetworks where each subnetwork has different security and performance requirements?
Segmentation
As part of his incident response program, Allan is designing a playcourse for zero-day threats. Which of the following should be in his plan to handle these threats? Each correct answer represents a complete solution. Choose all that apply.
Segmentation Using threat intelligence Whitelisting
Jordan is a network administrator who wants to specify which systems can send email messages through his company's mail servers. Which of the following will help him in accomplishing the given task?
Sender Policy Framework (SPF)
During a penetration test of an XYZ company, penetration testers were able to compromise the company's web servers and deleted their log files, preventing analysis of their attacks. Which compensating control is best suited to prevent this issue in the future?
Sending logs to a syslog server
Katie, a security administrator, notices a potential fraud committed by a database administrator performing various job functions within the company. Which of the following is the best method for him to use to prevent such activities in the future?
Separation of duties
Rob is an auditor who is reviewing the payment process used by a company to issue checks to vendors. He notices that Helen, a staff accountant, is the person responsible for creating new vendors. Norm, another accountant, is responsible for issuing payments to vendors. Helen and Norm are cross-trained to provide backup to each other. Which type of security violation in the company is getting violated in the given scenario?
Separation of duties
Susan is building an incident response program and intends to implement the National Institute of Standards and Technology's (NIST's) recommended actions to improve the effectiveness of incident analysis. Which of the following actions is not a NIST's recommended incident analysis improvement?
Set system BIOS clocks regularly.
Lisa is following the CompTIA process for validation after a compromise. Which of the following activities should be included in the validation phase?
Setting permissions
Donna is analyzing the vulnerability scan report of her organization's network. She wants to determine which vulnerability to remediate first. She would like to focus on the most critical vulnerability according to the potential impact, if exploited. Assuming the organization's firewall is properly configured, which of the following severity-level vulnerabilities in the organization's file server should she give the highest priority?
Severity 5
Which of the following conditions is not likely to trigger an alert during an automated cloud security assessment?
Sharing of API keys among different developers
Which of the following is not a common use of formal incident reports?
Sharing with other organizations
During a forensic investigation, Shelly is told to look for information in the slack space on a drive. Where should she look and what is she likely to find?
She should look at the unused space left when a file is written and find file fragments from deleted files.
Susan's organization suffered from a major breach that was attributed to an advanced persistent threat (APT), which used exploits of zero-day vulnerabilities to gain control of systems on her company's network. Which of the following is the least appropriate solution for Susan to use in preventing such type of future attacks?
Signature data analysis
You have been tasked with analyzing business continuity requirements for your organization. During the review of architecture diagrams of business processes, you notice that a critical business process only has one application server with no redundancy. Which of the following does this scenario describe?
Single point of failure
Tony works as a network administrator in an organization. He configures his network to provide false DNS responses for known malware domains. Which of the following technique is he using in the given scenario?
Sinkholing
File carving is used to find file remnants found in clusters on disks that have been only partially rewritten by new files. Which of the following is the technical term for the location of these files in the given scenario?
Slack
Which of the following is not a vulnerability scanning tool?
Snort
Which of the following is not an example of a vulnerability scanning tool?
Snort
Which of the following is a practice of deceiving people into giving away access or confidential information to unauthorized parties?
Social engineering
During an information-gathering exercise, Chris, a data analyst in an organization, is asked to find out detailed personal information about one of the employees of his organization. Which of the following is frequently the best place to find this information?
Social media
Helen is a cloud service provider. She designed a new payroll system that she offers to her customers. She hosts the payroll system in Amazon Web Services (AWS) and her customers access it through the web. Which tier of cloud computing best describes Helen's service in the given scenario?
Software as a service
Which of the following offerings endeavor to hide implementation details from a customer?
Software as a service
Susan works as a senior software developer in an organization. Her team has been writing code for a major project for a year and recently released its third version of this code. During a post-implementation regression test, an issue that was originally seen in version 1 reappeared. Which of the following should Susan implement to avoid this issue in the future?
Source control management
Sia needs to deploy a solution that allows her to consolidate the logs for easier analysis. Which tool should she use?
Splunk
Which of the following factors is least likely to impact vulnerability scanning schedules?
Staff availability
Allan works as a cybersecurity analyst in an organization. He is writing a document that lists acceptable mechanisms for securely obtaining remote administrative access to servers in his organization. Which of the following types of documents is Allan writing?
Standard
A company wants to implement security during the software development lifecycle (SDLC) process. To achieve this task, the company wants to employ a method that detects weaknesses in an application before execution. Which code analysis method provides the feature mentioned in the given scenario?
Static
Bruce is considering the acquisition of a software testing package that allows programmers to provide their source code as input. The package analyzes the code and identifies potential security issues without executing it. What type of analysis is Bruce performing in the given scenario?
Static analysis
A user is conducting software testing by reviewing the source code of an application. What type of software testing is the user conducting in the given scenario?
Static code analysis
The Open Web Application Security Project (OWASP) maintains an application called Orizon. This application reviews Java classes and identifies potential security flaws. What type of tool describes the referred application?
Static code analyzer
Which level of intelligence provides broad information about threats and threat actors, allowing organizations to understand and respond to trends?
Strategic intelligence
During a testing process, Tiffany, a network administrator, slowly increases the number of connections to an application until it fails. Which of the following testing processes is Tiffany performing?
Stress
Adam is responsible for one of the servers that recently ran out of disk space. Despite system-level alarms, the problem was not detected, resulting in an outage when the server crashed. In which NIST's threat category, Adam should categorize this issue for the given scenario?
Structural threat
Alan works as a security analyst in an organization. He reviewed web server logs after an attack and found many records that contain semicolons and apostrophes in queries from end users. Which type of attack should he suspect in the given scenario?
Structured Query Language injection
Which of the following security controls is designed to provide continuity for security responsibilities?
Succession planning
Jennifer's team has completed the initial phases of their incident response process and is assessing the time required to recover from an incident. The team has determined that they can predict the time to recovery but will require additional resources. This determination represents which of the following NIST recoverability effort categories?
Supplemented
Juan, a network analyst, is configuring a new device that will be connected to join his organization's wireless network. The wireless network uses 802.1x authentication. Which type of agent must be running on the device to connect to this network?
Supplicant
Sam needs to deploy a tool that includes resources and utilities to manage, diagnose, troubleshoot, and monitor a Microsoft Windows environment. Which tool should Sam use?
Sysinternals
A technician is running an intensive vulnerability scan to detect which ports are open to exploit. During the scan, several network services are disabled and the production is affected. Which of the following sources would the technician use to evaluate which services were disabled?
Syslog
Which of the following people would normally be in the best position to remediate a server vulnerability?
System administrator
Which of the following issues makes both the cloud and virtualized environments more difficult to perform forensics?
Systems may be ephemeral.
Barry, a data analyst in an organization, placed all of his organization's credit card processing systems on an isolated network dedicated to card processing. He has implemented appropriate segmentation controls to limit the scope of PCI DSS to those systems through the use of virtual local area networks (VLANs) and firewalls. When Barry goes to conduct vulnerability scans for PCI DSS compliance purposes, which type of systems must he scan?
Systems on the isolated network
Cyn works as a cybersecurity analyst. She wants to send threat information via a standardized protocol specifically designed to exchange cyber threat information. Which of the following should Cyn choose to exchange cyber threat information in the given scenario?
TAXII
Which of the following is specifically designed to support Structured Threat Information Expression (STIX) data exchange?
TAXII
Lauren works as a security officer for an organization. From a security point of view, she wants to ensure that devices, systems, or spaces are not accessed while she is not available in the office. Which of the following should Lauren use to achieve the task in the given scenario?
Tamper-proof seal
Susan, a network administrator in an organization, needs to capture network traffic from a Linux server that does not use a graphical user interface (GUI). She decided to use a utility that is found on many Linux systems and works from the command line. Which of the following packet capture utilities can Susan use in the given scenario?
Tcpdump
Garrett is working with a database administrator (DBA) to correct security issues on several servers managed by the database team. He would like to extract a report for the DBA that will provide useful information to assist him in the remediation of such issues. Of the report types shown in the following figure, which would be most useful to the DBA team in the given scenario?
Technical
Rose, a security administrator, implements screen savers that lock the PC after five minutes of inactivity to prevent unauthorized access to the PC. Which of the following controls is being used to achieve the given implementation?
Technical
Rosy wants to implement a security control to monitor and prevent threats and attacks to computer systems and services. Which of the following security controls should she implement to accomplish the given task?
Technical
Tina, a network administrator in an organization, is creating a set of firewall rules designed to block denial-of-service attacks from entering her organization's network. Which type of control is Tina creating in the given scenario?
Technical
Which architecture view focuses on settings and configurations used in architecture and identifies incorrect configurations and insecure design decisions?
Technical
Which of the following protocols should not be used on a public network?
Telnet
Rob is planning the security testing for a new product being built by his organization's IT team. He wants to conduct rigorous testing of the finished product before it is released for customer's use. Which environment would be the most appropriate place to conduct this testing?
Test
During which phase of the software development life cycle (SDLC) model does UAT occur?
Testing and integration
Which phase of the Rapid Application Development (RAD) model focuses on the dataflow and interfaces between components?
Testing and turnover
James works as a security analyst in an organization. He wants to select a threat framework for his organization. He preferred a framework that includes steps to identify victims, capabilities, and infrastructure of a cybersecurity event. Which of the following would be James's best choice as per his preferences?
The Diamond Model of Intrusion Analysis
Mike works as a security analyst in an organization. While reviewing a Wireshark traffic capture, he discovers the following information. Which of the following details did Mike get to know about a user's device based on this TCP stream in the given scenario?
The device is a Samsung SM-N950U.
Michelle is analyzing a Wireshark traffic capture and follows the TCP stream for the TIFF file download. What concern should she raise from the information displayed in the stream viewer?
The file is an executable file.
Cameron works as a cybersecurity analyst. He builds a malware signature using a hash of the binary that he found on an infected system. What problem is he likely to encounter with modern malware when he tries to match hashes with other infected systems?
The malware may be polymorphic.
Susan works as a network administrator in an organization. While observing a router via network flows, she sees a sudden drop in network traffic levels to zero and the traffic chart shows a flat line. What has likely happened in the given scenario?
The monitored link failed.
Brian works in an XYZ organization. His network suddenly stops working at 8:40 AM, interrupting video conferences, streaming, and other services throughout his organization, and then resumes functioning. When Brian logs into his Paessler Router Traffic Grapher (PRTG) console and checks his router's traffic via the primary connection's redundant network link, he sees the following graph. What should Brian presume occurred based on the given information shown in figure A?
The primary link went down and he should check the secondary link for traffic.
Which of the following would not normally be found in an organization's information security policy?
The requirement to use Advanced Encryption Standard-256 encryption
Which one of the following statements is not true about inline CASB solutions?
These can monitor activity but cannot actively enforce requirements policy.
Which of the following statements are true about service degradations? Each correct answer represents a complete solution. Choose all that apply.
They are the most common barrier to vulnerability scanning raised by technology professionals. They may diminish system functionality and poses a risk of interrupting business processes. The risk of interrupting business processes increases when scans involve legacy systems or proprietary systems.
Which of the following statements are true of proper compensating controls? Each correct answer represents a complete solution. Choose all that apply.
They must meet the intent and rigor of the original requirement. They must provide a similar level of defense as the original requirement. They must be "above and beyond" other PCI DSS procedures.
The Diamond Model of Intrusion Analysis uses four main concepts as part of its threat mapping. Which of the following is not one of those four concepts?
Threat
In which of the following categories, do workflow, reporting, and collaboration tools fit?
Threat and vulnerability management
Which of the following drove the creation of ISACs in the United States?
Threat information sharing for infrastructure owners
Which of the following activities follows threat data analysis in the threat intelligence cycle?
Threat intelligence dissemination
Jason, a data analyst of an XYZ company, has to provide crucial details of their customers to his manager via an email message. Accidentally, he sent this email to one of their business partners, adversely impacting the confidentiality and integrity of the information of XYZ's sensitive information. Which of the following defines the situation mentioned in the given scenario?
Threats
What is the minimum tenure for retaining incident-handling records?
Three years
In which tier of the National Institute of Standards and Technology (NIST) Cybersecurity Framework, risk management practices are approved by management but may not be established as an organization-wide policy?
Tier 2
Dylan is an IT consultant brought in to assess the maturity of risk management practices at an organization using the National Institute for Standards and Technology (NIST) cybersecurity framework. During his evaluation, he determines that the organization does use an organization-wide approach to manage cybersecurity risk but that it does not use risk informed policies, processes, and procedures to address potential cybersecurity events. In which tier of the NIST cybersecurity framework does this organization's risk management approach reside?
Tier 3: Repeatable
Rob works as a cybersecurity analyst in an organization. While studying his organization's risk management process under the NIST Cybersecurity Framework, he determines that his organization adapts its cybersecurity practices based on lessons learned and predictive indicators derived from previous and current cybersecurity activities. Which of the following tiers his organization positioned to meet cybersecurity objectives in the given scenario?
Tier 4
Jeff works as a forensic analyst. He investigates a compromised system and knows that the first event was reported on October 5th. He needs to map other events found in logs and files to this date. Which forensic tool capability should he use to accomplish his task in the given scenario?
Timeline
Which of the following data protection techniques is reversible when conducted properly?
Tokenization
Which of the following obfuscation methods replaces sensitive values with a unique identifier using a lookup table?
Tokenization
Which of the following U.S. government classification levels requires the highest degree of security control?
Top Secret
You have been hired as a security consultant for an organization that does contract work for the U.S. Department of Defense (DoD). You must ensure that all data that is part of the contract work is categorized appropriately. What is the highest degree of data protection category you can use in the given scenario?
Top Secret
Which command-line tool can be used to determine the path that network traffic takes to a remote system?
Traceroute
Rex, a security administrator, wants to identify irregular or unexpected behavior in network traffic communication patterns. Which of the following security analysis techniques should he perform?
Traffic analysis
Charles works as a network analyst in an organization. He is reviewing flow logs for his organization and notices that traffic witnessed a 20 percent increase on the second Thursday of each month after which the traffic returns to normal. Which type of analysis is Charles conducting in the given scenario?
Trend
Which analysis is a process of detecting patterns within a dataset over time and using those patterns to make predictions about future events?
Trend
James, a security analyst in an organization, wants to monitor a Linux system's filesystem for unauthorized changes. Which open source tool can he use to perform this task in the given scenario?
Tripwire
Which of the following is a chip built into a system to secure hardware through integrated cryptographic keys?
Trusted Platform Module
As a U.S. government employee, Michael recognizes the difficulty of ensuring source authenticity and operates a program for critical defense systems. What is this program known as?
Trusted foundry
Which of the following processes checks to ensure that the functionality of an application or software meets customer needs?
UAT
Which of the following test types involves an evaluation of an application by end users?
UAT
Alaina works as a network administrator in an organization. She wants to deploy a tool that can monitor the behavior of users and can detect anomalous behavior to determine if a security incident has occurred. Which type of tool should Aliana acquire for monitoring in the given scenario?
UEBA
Which technology takes user behavior into account when making security determinations?
UEBA
Juan, a security analyst, wants to recognize the broad range of attacks that are happening and the vectors that are used in his organization. Which of the following will he use to accomplish the given task?
UTM
Which of the following is not a potential issue with live imaging of a system?
Unallocated space will be captured.
Lauren finds that the version of Java installed on her organization's web server has been replaced. Which type of issue has taken place on an organization's web server?
Unauthorized change
Which of the following issues is the fuzz testing methodology most likely to detect?
Unvalidated inputs
Mika wants to analyze the contents of a drive without causing any changes to the drive. Which method is best suited to ensure this?
Use a write blocker.
Which of the following options is not a valid way to check the status of a service in Windows?
Use service --status at the command line.
Which of the following is not an example of infrastructure as code (IaC)?
Using a cloud provider's web interface to provision resources
In which type of attack does an adversary leverage a position on a guest operating system to gain access to hardware resources assigned to other operating systems, which are running in the same hardware environment?
VM escape
Ian is reviewing the security architecture as shown in the following figure: The given architecture is designed to connect a local data center with an IaaS service provider that Ian's company is using to provide overflow services. Which component is being represented by the question mark (?) symbol in Figure A to provide a secure encrypted network connection?
VPN
Which of the following are disadvantages of cloud computing? Each correct answer represents a complete solution. Choose all that apply.
Vendor lock-in Vulnerability to attack
Which of the following are disadvantages of cloud computing? Each correct answer represents a complete solution. Choose all that apply.
Vendor lock-in Vulnerability to attack
In which type of attack does an attacker seek to gain access to resources assigned to a different virtual machine?
Virtual machine escape
Catherine is responding to a request for materials from auditors who will be reviewing her organization's security. She received a request for a list of physical security controls that will be used to protect her organization's data center. Which one of the following controls will not fulfill the request in the given scenario?
Visitor log review
During a forensic investigation, Shawn discovers that he needs to recover encrypted data from live memory. If he is having the encryption key, he needs a tool to recover data. Which of the following tools is being referred to in the given scenario?
Volatility
Jennifer works as a forensics analyst. She wants to perform memory analysis and forensics for Windows, macOS, and Linux systems. Which of the following is best suited to Jennifer to accomplish her task in the given scenario?
Volatility Framework
Tommy, a data analyst in an organization, is assessing the security of several database servers in his datacenter. During his assessment process, he realizes that one of the databases is missing a critical Oracle security patch. Which type of situation has Tommy detected in the given scenario?
Vulnerability
Which of the following metrics is not included in the calculation of the CVSS exploitability score?
Vulnerability age
Sam, a security analyst, during a recent audit discovered an issue that many services and desktops were missing security patches. Which of the following best describes the assessment that he should perform to discover the issue in the given scenario?
Vulnerability scan
Ryan is a security tester in an XYZ organization. He needs to perform a web application vulnerability scanning. To achieve this scanning he requires some tools. Which tools will he use to accomplish the task? Each correct answer represents a complete solution. Choose all that apply.
W3AF Burp Suite
Kevin works as a security analyst in an organization. To protect his organization against SQL injection, cross-site scripting, and similar attacks, he would like to implement a specialized firewall. Which technology should he choose for the implementation process explained in the given scenario?
WAF
A cross-site scripting attack is an example of which type of threat vector?
Web
You work as a network administrator for a company. Your company asks you to analyze the traffic of layer 7 of the OSI model between a web client and a web server. Which of the following will you use to accomplish the given task?
Web application firewall
Two different organizations are merging and throughout the acquisition process, all data on the virtualized file server must be shared by the respective departments of both the organizations. These organizations consider data ownership to determine which of the following?
Which user will have access to which data
Fred works as a penetration tester in an organization. He is responsible for establishing the rules of engagement and performance metrics for the penetration test that needs to be conducted inside the organization. As per the scenario, Fred is working under which of the following penetration testing teams?
White
Ed, Barb, and Sophia are cybersecurity analysts in an XYZ company. The company is conducting a cybersecurity exercise designed to test the effectiveness of its security controls. For conducting the cybersecurity exercise, participants have been divided into different teams to perform different functions. The team led by Ed is responsible for facilitating the exercise and arbitrating rules disputes. Barb's team is responsible for securing the systems in the exercise environment and defending the systems against attacks. Sofia's team is conducting offensive operations and attempting to break into the systems protected by Barb's team. Which of the following terms best describes the role that Ed's team is playing in the exercise?
White team
Alex works as an application developer in an organization. He wants to prohibit software that is not expressly allowed by his organization's desktop management team from being installed on workstations. Which type of tool should Alex use to accomplish his task in the given scenario?
Whitelisting
An organization has recently launched a new billing invoice website for a few key vendors. Emily, a security analyst, is receiving calls from customers that the website is performing slowly and webpages sometimes display time out errors. The analyst discovers the website is receiving millions of requests, causing the billing service to become unavailable. Which of the following should she implement to fix this issue of service unavailability in the given scenario?
Whitelisting
Which of the following techniques relies on building a list of allowed things whether they are IP addresses in firewall ruleset, software packages, or something else?
Whitelisting
Which of the following provides information about a domain's registrar and physical location?
Whois
Which of the following operating systems should be avoided on production networks?
Windows Server 2003
Bob's manager has asked him to ensure that a compromised system has purged of the compromise. What is Bob's best course of action to ensure this?
Wipe and rebuild the compromised system.
Alice works as a security analyst in an organization. During her data acquisition process, she wants to copy a drive without modifying it even accidentally by the copying process. Which type of device should she use to ensure that this modification does not happen?
Write blocker
Dennis is developing a checklist that will be used by different security teams within his large organization. Which Security Content Automation Protocol (SCAP) component can he use to write this checklist and report results in a standardized fashion?
XCCDF
A web application is configured to target browsers by allowing them to provide access to bank accounts to drain money to a foreign account. This is an example of which of the following attacks?
XSS
A vulnerability is discovered in an application. Before a patch is available, this vulnerability is used to gain access to sensitive data. What type of vulnerability is being described in the given scenario?
Zero-day
Chris wants to gather as much information as he can about an organization using DNS harvesting techniques. Which of the following methods will easily provide useful information about an organization's network that he is targeting?
Zone transfer
Which method is used to replicate DNS information between DNS servers can also be used to gather large amounts of information about an organization's systems?
Zone transfer
Which of the following technique is being used in the given command? dig axfr @dns-server example.com
Zone transfer
Which of the following method is used to replicate DNS information for DNS servers but is also a tempting exploit target for attackers?
Zone transfers
Jake is building a forensic image of a compromised drive using the dd command with its default settings. He finds out that the imaging process is very slow. Which of the following flags should he adjust first to resolve the issue in the given scenario?
bs
A U.S. company stores data in an EU datacenter and finds that it is now subject to the requirements of GDPR. This is an example of __________.
data sovereignty
Sam works as a cybersecurity analyst for a company. He wants to make a full copy of an image for forensics use. Which of the following command utilities would he use to achieve the given task?
dd
Which of the following Linux commands will show a user how much disk space is in use?
df
Which of the following commands is not useful for monitoring memory usage in Linux?
df
A user wants to detect a denial-of-service attack against his web server. Which of the following tools should the user avoid?
iPerf
Forensic suites typically build in ___________ that can match log entries to other forensic information, but specialized logs may require additional tools.
log viewers
Kim is reviewing the data gathered by the first responder of a security incident and comes across a text file containing the output shown in the figure. Which command generated this output?
netstat
Sia, a cybersecurity analyst, wants to use a command utility to identify open ports and running services on a host along with an application associated with those services and port. Which of the following should she use to achieve the task in the given scenario?
netstat
Fred has configured the Simple Network Management Protocol (SNMP) to gather information from his network devices and executed the following command: $ snmpgetnext -v 1 -c public device1 \ He received a response that included the following data: ip.ipRouteTable.ipRouteEntry.ipRouteDest \ip.ipRouteTable.ipRouteEntry.ipRouteNextHopip.ipRouteTable.ipRouteEntry.ipRouteDest.0.0.0.0 = IpAddress: 0.0.0.0ip.ipRouteTable.ipRouteEntry.ipRouteNextHop.0.0.0.0 = IpAddress: 10.0.11.1 Which local command can Fred execute to gather the same information?
netstat -nr
Sarah wants to run an nmap scan that includes all TCP ports and uses service detection. Which of the following nmap commands should she execute?
nmap -p 1-65535 -sV -sS
The Dirty COW attack is an example of _________________.
privilege escalation
Which Domain-Based Message Authentication, Reporting, and Conformance (DMARC) tag includes a series of uniform resource identifiers (URIs) that lists where to send forensic feedback reports?
ruf=
Selah has been tasked with gathering information to increase her penetration testing team's understanding of their customer's Internet footprint. She wants to gather details of emails, subdomains, employee names, and other information in an automated way. Which of the following tools is best suited to her purpose in the given scenario?
theHarvester
STRIDE, PASTA, and LINDDUN are all examples of ________________.
threat classification tools
Juan works as a network administrator in an organization. He wants to see a list of processes along with their CPU utilization in an interactive format. Which of the following built-in Linux commands should he use to accomplish his task in the given scenario?
top
Ian works as an application developer in an organization. He wants to view a report, which shows the current memory consumption of all data on his Linux systems and also wants to be able to read the report. Which of the following commands will help him to accomplish his task in the given scenario?
top | more
Johann is troubleshooting a network connectivity issue and wants to determine a path that packets follow from his system to a remote host. Which command would assist him with the task given in the scenario?
tracert
Johann is troubleshooting a network connectivity issue and wants to determine the path that packets follow from his system to a remote host. Which command would best assist him with the task in the given scenario?
tracert
Taylor, a database administrator, wants to determine a publicly available set of databases that contain domain name registration contact information. Which of the following commands will she use to achieve this task in the given scenario?
whois