CIS120A
Which one of the following statements about cryptographic keys is incorrect? All cryptographic keys should be kept secret. Longer keys are better than shorter keys when the same algorithm is used. Asymmetric algorithms generally use longer keys than symmetric algorithms. Digital certificates are designed to share public keys.
All cryptographic keys should be kept secret.
Password complexity, password history, and password reuse are all examples of what? Account audits Account policies Access policies Credential attributes
Account policies Access to most systems involves a password of some sort. Your organization should have and enforce policies around passwords.
How does technology diversity help ensure cybersecurity resilience? It ensures that a vulnerability in a single company's product will not impact the entire infrastructure. If a single vendor goes out of business, the company does not need to replace its entire infrastructure. It means that a misconfiguration will not impact the company's entire infrastructure. All of the above.
All of the above.
Howard is assessing the legal risks to his organization based upon its handling of PII. The organization is based in the United States, handles the data of customers located in Europe, and stores information in Japanese datacenters. What law would be most important to Howard during his assessment? Japanese law European Union law U.S. law All should have equal weight
All should have equal weight The principle of data sovereignty states that data is subject to the legal restrictions of any jurisdiction where it is collected, stored, or processed. In this case, Howard needs to assess the laws of all three jurisdictions.
Florian wants to ensure that systems on a protected network cannot be attacked via the organization's network. What design technique should he use to ensure this? A hot aisle An air gap A cold aisle Protected cable distribution
An air gap Air gapping is a security measure that involves isolating a computer or network and preventing it from establishing an external connection. For example, an air gapped computer is one that is physically segregated and incapable of connecting wirelessly or physically with other computers or network devices.
Michelle wants to ensure that attackers who breach her network security perimeter cannot gain control of the systems that run the industrial processes her organization uses as part of their business. What type of solution is best suited to this? An air gap A Faraday cage A cold aisle A screened subnet
An air gap air gap is a security measure that isolates a digital device or private local area network (LAN) from other devices and networks, including the public internet. An air gap is also known as an air wall and the strategy of using air gaps to protect critical data is also known as security by isolation.J
Which one of the following is the best example of a hacktivist group? Chinese military U.S. government Russian mafia Anonymous
Anonymous
Mike discovers that attackers have left software that allows them to have remote access to systems on a computer in his company's network. How should he describe or classify this malware? A worm Crypto malware A Trojan A backdoor
A backdoor An undocumented way of gaining access to computer system. A backdoor is a potential security risk.
Mike wants to stop vehicles from traveling toward the entrance of his building. What physical security control should he implement? An air gap A hot aisle A robotic sentry A bollard
A bollard bollards, which are these concrete poles which are designed to stop large items from being able to pass through an area
Naomi wants to deploy a tool that can allow her to scale horizontally while also allowing her to patch systems without interfering with traffic to her web servers. What type of technology should she deploy? A load balancer NIC teaming Geographic diversity A multipath network
A load balancer Load balancing is a way to distribute the load that is incoming across multiple devices, thereby making the resource available to more people than having a single server in place.
Cynthia wants to clone a virtual machine. What should she do to capture a live machine, including the machine state? A full backup A snapshot A differential backup A LiveCD
A snapshot Another nice security feature of these snapshots is that you have a way to go back in time to see when something may have changed
What type of attack does an account lockout policy help to prevent? Stolen password Race conditions Buffer overflows Brute force
Brute force A brute force attack is a hacking method that uses trial and error to crack passwords, login credentials, and encryption keys. It is a simple yet reliable tactic for gaining unauthorized access to individual accounts and organizations' systems and networks.
Frank is investigating a security incident where the attacker entered a very long string into an input field, which was followed by a system command. What type of attack likely took place? Cross-site request forgery Server-side request forgery Command injection Buffer overflow
Buffer overflow Buffer overflow is a software coding error or vulnerability that can be exploited by hackers to gain unauthorized access to corporate systems. It is one of the best-known software security vulnerabilities yet remains fairly common
Which one of the following assessment techniques is designed to solicit participation from external security experts and reward them for discovering vulnerabilities? Threat hunting Penetration testing Bug bounty Vulnerability scanning
Bug bounty A bug bounty program gives ethical hackers permission to test if an organization's applications contain certain types of vulnerabilities. The details of bug bounty programs can vary from one organization to another
Which element of the SCAP framework can be used to consistently describe vulnerabilities? CPE CVE CVSS CCE
CVE CVE, short for Common Vulnerabilities and Exposures, is a list of publicly disclosed computer security flaws. When someone refers to a CVE, they mean a security flaw that's been assigned a CVE ID number.
Which one of the following statements about cloud computing is incorrect? Cloud computing offers ubiquitous, convenient access. Cloud computing customers store data on hardware that is shared with other customers. Cloud computing customers provision resources through the service provider's sales team. Cloud computing resources are accessed over a network.
Cloud computing customers provision resources through the service provider's sales team.
Amanda notices traffic between her systems and a known malicious host on TCP port 6667. What type of traffic is she most likely detecting? Command and control A hijacked web browser A RAT A worm
Command and control TCP Port 6667 may use a defined protocol to communicate depending on the application. A protocol is a set of formalized rules that explains how data is communicated over a network. Think of it as the language spoken between computers to help them communicate more efficiently.
Lou mounted the sign below of dog on the fence surrounding his organization's datacenter. What control type best describes this control? Compensating Detective Physical Deterrent
Compensating This question is a little tricky. The use of an actual guard dog could be considered a deterrent, physical, or detective control. It could even be a compensating control in some circumstances. However, the question asks about the presence of a sign and does not state that an actual dog is used. The sign only has value as a deterrent control. Be careful when facing exam questions like this to read the details of the question.
Jade's organization recently suffered a security breach that affected stored credit card data. Jade's primary concern is the fact that the organization is subject to sanctions for violating the provisions of the Payment Card Industry Data Security Standard. What category of risk is concerning Jade? Strategic Compliance Operational Financial
Compliance The breach of credit card information may cause many different impacts on the organization, including compliance, operational, and financial risks. However, in this scenario, Jade's primary concern is violating PCI DSS, making his concern a compliance risk.
Norm is using full-disk encryption technology to protect the contents of laptops against theft. What goal of cryptography is he attempting to achieve? Integrity Nonrepudiation Authentication Confidentiality
Confidentiality Confidentiality has to do with keeping an organization's data private. This often means that only authorized users and processes should be able to access or modify data.
Nolan is writing an after action report on a security breach that took place in his organization. The attackers stole thousands of customer records from the organization's database. What cybersecurity principle was most impacted in this breach? Availability Nonrepudiation Confidentiality Integrity
Confidentiality The disclosure of sensitive information to unauthorized individuals is a violation of the principle of confidentiality
Every time Susan checks code into her organization's code repository, it is tested and validated, and then if accepted, it is immediately put into production. What is the term for this? Continuous integration Continuous delivery A security nightmare Agile development
Continuous delivery If we can automate the checks during the development process, then we should also be able to automate the checks during the testing process. This is called continuous delivery, where we're going to automate the testing and the release of this particular application
What term best describes an organization's desired security state? Control objectives Security priorities Strategic goals Best practices
Control objectives As an organization analyzes its risk environment, technical and business leaders determine the level of protection required to preserve the confidentiality, integrity, and availability of their information and systems. They express these requirements by writing the control objectives that the organization wishes to achieve. These control objectives are statements of a desired security state.
What type of access control scheme best describes the Linux filesystem? MAC RBAC DAC ABAC
DAC Discretionary access control is the principle of restricting access to objects based on the identity of the subject (the user or the group to which the user belongs). Discretionary access control is implemented using access control lists
What technology uses mathematical algorithms to render information unreadable to those lacking the required key? Data loss prevention Data obfuscation Data minimization Data encryption
Data encryption Encryption technology uses mathematical algorithms to protect information from prying eyes, both while it is in transit over a network and while it resides on systems. Encrypted data is unintelligible to anyone who does not have access to the appropriate decryption key, making it safe to store and transmit encrypted data over otherwise insecure means.
Tracy is concerned about attacks against the machine learning algorithm that her organization is using to assess their network. What step should she take to ensure that her baseline data is not tainted? She should scan all systems on the network for vulnerabilities and remediate them before using the algorithm. She should run the ML algorithm on the network only if she believes it is secure. She should disable outbound and inbound network access so that only normal internal traffic is validated. She should disable all firewall rules so that all potential traffic can be validated.
She should run the ML algorithm on the network only if she believes it is secure.
Alaina suspects that her organization may be targeted by a SPIM attack. What technology is she concerned about? Spam over Instant Messaging Social Persuasion and Intimidation by Managers Social Persuasion by Internet Media Spam over Internal Media
Spam over Instant Messaging
Brian discovers that a user suspected of stealing sensitive information is posting many image files to a message board. What technique might the individual be using to hide sensitive information in those images? Steganography Homomorphic encryption Replay attack Birthday attack
Steganography Steganography is the technique of hiding secret data within an ordinary, non-secret, file or message in order to avoid detection; the secret data is then extracted at its destination. The use of steganography can be combined with encryption as an extra step for hiding or protecting data.
What type of cipher operates on one character of text at a time? Block cipher Bit cipher Stream cipher Balanced cipher
Stream cipher stream cipher, the encryption is done one bit or one byte at a time. This is encryption that is considered to be high speed and it can be done on hardware that doesn't require a lot of complexity. We commonly use symmetric encryption for stream ciphers
Tina is tuning her organization's intrusion prevention system to prevent false positive alerts. What type of control is Tina implementing? Technical control Physical control Managerial control Operational control
Technical control Technical controls enforce confidentiality, integrity, and availability in the digital space. Examples of technical security controls include firewall rules, access control lists, intrusion prevention systems, and encryption.
Which one of the following threat research tools is used to visually display information about the location of threat actors? Threat map Predictive analysis Vulnerability feed STIX
Threat map Threat Map is a visual representation of the source and destination locations around the world for the traffic through your Firebox.
Tom's organization recently learned that the vendor is discontinuing support for their customer relationship management (CRM) system. What should concern Tom the most from a security perspective? Unavailability of future patches Lack of technical support Theft of customer information Increased costs
Unavailability of future patches
Elaine wants to implement an AAA system. Which of the following is an AAA system she could implement? RADIUS SAML OAuth LDAP
RADIUS Remote authentication dial-in user service (RADIUS) is a protocol that supports centralized authentication, authorization, and accounting management for clients that establish connection with a network and intend to use any of the provided services
Matt uploads a malware sample to a third-party malware scanning site that uses multiple antimalware and antivirus engines to scan the sample. He receives several different answers for what the malware package is. What has occurred? The package contains more than one piece of malware. The service is misconfigured. The malware is polymorphic and changed while being tested. Different vendors use different names for malware packages.
Different vendors use different names for malware packages.
Helen designed a new payroll system that she offers to her customers. She hosts the payroll system in AWS and her customers access it through the web. What tier of cloud computing best describes Helen's service? PaaS SaaS FaaS IaaS
SaaS Software as a service (SaaS) is the most commonly used option for businesses in the cloud market. Helen is using IaaS services to create her payroll product. She is then offering that payroll service to her customers as a SaaS solution.
Samantha wants to set an account policy that ensures that devices can be used only while the user is in the organization's main facility. What type of account policy should she set? Time of day Geofencing Time-based logins Impossible travel time
Geofencing Geofencing takes geolocation one step further and uses GPS coordinates or radio frequency identification (RFID) to define a geographic perimeter.
During a web application test, Ben discovers that the application shows SQL code as part of an error provided to application users. What should he note in his report? Improper error handling Code exposure SQL injection A default configuration issue
Improper error handling Improper error handling flaws occur when an error message that's displayed to an end user provides clues about how an application or website operates.
Which one of the following attackers is most likely to be associated with an APT? Nation-state actor Hacktivist Script kiddie Insider
Nation-state actor
Lucca's organization runs a hybrid datacenter with systems in Microsoft's Azure cloud and in a local facility. Which of the following attacks is one that he can establish controls for in both locations? Shoulder surfing Tailgating Dumpster diving Phishing
Phishing Phishing is a type of cybersecurity attack during which malicious actors send messages pretending to be a trusted person or entity
Kevin discovered that his web server was being overwhelmed by traffic, causing a CPU bottleneck. Using the interface offered by his cloud service provider, he added another CPU to the server. What term best describes Kevin's action? Elasticity Horizontal scaling Vertical scaling High availability
Vertical scaling This is an example of adding additional capacity to an existing server, which is also known as vertical scaling. Kevin could also have used horizontal scaling by adding additional web servers. Elasticity involves the ability to both add and remove capacity on demand and, though it does describe this scenario, it's not as good a description as vertical scaling. There is no mention of increasing the server's availability.
Nina's organization uses SSH keys to provide secure access between systems. Which of the following is not a common security concern when using SSH keys? Inadvertent exposure of the private key Weak passwords/passphrases SSH key sprawl Weak encryption
Weak encryption SSH keys are the private-public key pair that provides the access credentials for the SSH protocol. Its function is similar to usernames and passwords, except that it is mainly used for automated and single-sign-on.
Bruce is conducting a penetration test for a client. The client provided him with details of their systems in advance. What type of test is Bruce conducting? Gray-box test Blue-box test White-box test Black-box test
White-box test White box testing is a security testing method that can be used to validate whether code implementation follows intended design, to validate implemented security functionality, and to uncover exploitable vulnerabilities
Selah wants to ensure that malware is completely removed from a system. What should she do to ensure this? Run multiple antimalware tools and use them to remove all detections. Wipe the drive and reinstall from known good media. Use the delete setting in her antimalware software rather than the quarantine setting. There is no way to ensure the system is safe and it should be destroyed.
Wipe the drive and reinstall from known good media.
What language is STIX based on? PHP HTML XML Python
XML STIX (Structured Threat Information eXpression) is a standardized XML programming language for conveying data about cybersecurity threats in a common language that can be easily understood by humans and security technologies. Designed for broad use, there are several core use cases for STIX
Tom is a software developer who creates code for sale to the public. He would like to assure his users that the code they receive actually came from him. What technique can he use to best provide this assurance? Code signing Code endorsement Code encryption Code obfuscation
Code signing Code signing is a digital signature added to software and applications that verifies that the included code has not been tampered with after it was signed
When you combine phishing with Voice over IP, it is known as: Spoofing Spooning Whaling Vishing
Vishing
A person's name, age, location, or job title are all examples of what? Biometric factors Identity factors Attributes Account permissions
Attributes examples of a person
When a caller was recently directed to Amanda, who is a junior IT employee at her company, the caller informed her that they were the head of IT for her organization and that she needed to immediately disable the organization's firewall due to an ongoing issue with their e-commerce website. After Amanda made the change, she discovered that the caller was not the head of IT, and that it was actually a penetration tester hired by her company. Which social engineering principle best matches this type of attack? Authority Consensus Scarcity Trust
Authority Authority - People will tend to obey authority figures, even if they are asked to perform objectionable acts.
Ryan is planning to conduct a vulnerability scan of a business-critical system using dangerous plug-ins. What would be the best approach for the initial scan? Run the scan against production systems to achieve the most realistic results possible. Run the scan during business hours. Run the scan in a test environment. Do not run the scan to avoid disrupting the business.
Run the scan in a test environment.
Wendy is scanning cloud-based repositories for sensitive information. Which one of the following should concern her most, if discovered in a public repository? Product manuals Source code API keys Open source data
API keys API keys are generally not considered secure; they are typically accessible to clients, making it easy for someone to steal an API key. Once the key is stolen, it has no expiration, so it may be used indefinitely, unless the project owner revokes or regenerates the key.
Which one of the following is not a common goal of a cybersecurity attacker? Disclosure Denial Alteration Allocation
Allocation The three primary goals of cybersecurity attackers are disclosure, alteration, and denial. These map directly to the three objectives of cybersecurity professionals: confidentiality, integrity, and availability
Kira would like to implement a security control that can implement access restrictions across all of the SaaS solutions used by her organization. What control would best meet her needs? Security group Resource policy CASB SWG
CASB Cloud access security brokers (CASBs) are designed specifically for this situation: enforcing security controls across cloud providers. A secure web gateway (SWG) may be able to achieve Kira's goal but it would be more difficult to do so. Security groups and resource policies are controls used in IaaS environments.
Which one of the following would not commonly be available as an IaaS service offering? CRM Storage Networking Computing
CRM Customer relationship management (CRM) packages offered in the cloud would be classified as software-as-a-service (SaaS), since they are not infrastructure components. Storage, networking, and computing resources are all common IaaS offerings.
What factor is a major reason organizations do not use security guards? Reliability Training Cost Social engineering
Cost
What type of cross-site scripting attack would not be visible to a security professional inspecting the HTML source code in a browser? Reflected XSS Stored XSS Persistent XSS DOM-based XSS
DOM-based XSS DOM Based XSS (or as it is called in some texts, "type-0 XSS") is an XSS attack wherein the attack payload is executed as a result of modifying the DOM "environment" in the victim's browser used by the original client side script, so that the client side code runs in an "unexpected" manner
Tonya is concerned about the risk that an attacker will attempt to gain access to her organization's database server. She is searching for a control that would discourage the attacker from attempting to gain access. What type of security control is she seeking to implement? Preventive Detective Corrective Deterrent
Deterrent Deterrent controls are designed to prevent an attacker from attempting to violate security policies in the first place. Preventive controls would attempt to block an attack that was about to take place. Corrective controls would remediate the issues that arose during an attack
Which of the following biometric technologies is most broadly deployed due to its ease of use and acceptance from end users? Voice print recognition Gait recognition Retina scanners Fingerprint scanner
Fingerprint scanner
Which of the following is the best description of tailgating? Following someone through a door they just unlocked. Figuring out how to unlock a secured area. Sitting close to someone in a meeting. Stealing information from someone's desk.
Following someone through a door they just unlocked.
Which cloud computing deployment model requires the use of a unifying technology platform to tie together components from different providers? Public cloud Private cloud Community cloud Hybrid cloud
Hybrid cloud Hybrid cloud environments blend elements of public, private, and/or community cloud solutions. A hybrid cloud requires the use of technology that unifies the different cloud offerings into a single, coherent platform.
What organizations did the U.S. government help create to help share knowledge between organizations in specific verticals? DHS SANS CERTS ISACs
ISACs Information Sharing and Analysis Centers (ISACs) are non-profit organizations that provide a central resource for gathering information on cyber threats (in many cases to critical infrastructure) as well as allow two-way sharing of information between the private and the public sector about root causes, incidents and threats, as well as sharing experience, knowledge and analysis. In many EU Member States, ISAC or similar initiatives exist.
Ken is conducting threat research on Transport Layer Security (TLS) and would like to consult the authoritative reference for the protocol's technical specification. What resource would best meet his needs? Academic journal Internet RFCs Subject matter experts Textbooks
Internet RFCs RFC (stands for Request For Comments) is a document that describes the standards, protocols, and technologies of the Internet and TCP/IP
Which one of the following values for the CVSS attack complexity metric would indicate that the specified attack is simplest to exploit? High Medium Low Severe
Low
Matt is updating the organization's threat assessment process. What category of control is Matt implementing? Operational Technical Corrective Managerial
Managerial Managerial controls are procedural mechanisms that focus on the mechanics of the risk management process. Threat assessment is an example of one of these activities.
Gwen is exploring a customer transaction reporting system and discovers the table shown here. Order # | Amount | Date | Credit Card # |1001 | $12,345 | 06/24/21 | *** ** *** 1234 | What type of data minimization has most likely been used on this table? Destruction Masking Tokenization Hashing
Masking In this case, the first 12 digits of the credit card have been removed and replaced with asterisks. This is an example of data masking
Which one of the following certificate formats is closely associated with Windows binary certificate files? DER PEM PFX P7B
PFX The . pfx file, which is in a PKCS#12 format, contains the SSL certificate (public keys) and the corresponding private keys. Sometimes, you might have to import the certificate and private keys separately in an unencrypted plain text format to use it on another system.
Greg recently conducted an assessment of his organization's security controls and discovered a potential gap: the organization does not use full-disk encryption on laptops. What type of control gap exists in this case? Detective Corrective Deterrent Preventive
Preventive
Theresa wants to implement an access control scheme that sets permissions based on what the individual's job requires. Which of the following schemes is most suited to this type of implementation? ABAC DAC RBAC MAC
RBAC Role-based access control (RBAC) and attribute-based access control (ABAC) are the two most popular ways to implement access control. Knowing what separates the two methods can help you choose what's right for your organization. RBAC grants or rejects access based on the requesting user's role within a company
Alan reads Susan's password from across the room as she logs in. What type of technique has he used? A man-in-the-room attack Shoulder surfing A man-in-the-middle attack Pretexting
Shoulder surfing Shoulder surfing is a criminal practice where thieves steal your personal data by spying over your shoulder as you use a laptop, ATM, public kiosk or other electronic device in public
Michelle enables the Windows 10 picture password feature to control logins for her laptop. Which type of attribute will it provide? Somewhere you are Something you can do Something you exhibit Someone you know
Something you can do
What type of phishing targets specific groups of employees, such as all managers in the financial department of a company? Smishing Spear phishing Whaling Vishing
Spear phishing a type of phishing campaign that targets a specific person or group and often will include information known to be of interest to the target, such as current events or financial documents.
Sally is working to restore her organization's operations after a disaster took her datacenter offline. What critical document should she refer to as she restarts systems? The restoration order documentation The TOTP documentation The HOTP documentation The last-known good configuration documentation
The restoration order documentation
Which one of the following security assessment techniques assumes that an organization has already been compromised and searches for evidence of that compromise? Vulnerability scanning Penetration testing Threat hunting War driving
Threat hunting Threat hunting, also known as cyberthreat hunting, is a proactive approach to identifying previously unknown, or ongoing non-remediated threats, within an organization's network.
Trevor is deploying the Google Authenticator mobile application for use in his organization. What type of one-time password system does Google Authenticator use in its default mode? HMAC-based one-time passwords SMS-based one-time passwords Time-based one-time passwords Static codes
Time-based one-time passwords A Time-Based One-Time Password (TOTP, or OTP) is a string of dynamic digits of code, whose change is based on time. Often, these appear as sic-digit numbers that regenerate every 30 seconds.
Acme Widgets has 10 employees and they all need the ability to communicate with one another using a symmetric encryption system. The system should allow any two employees to securely communicate without other employees eavesdropping. If an 11th employee is added to the organization, how many new keys must be added to the system? 1 2 10 11
10
Referring to the scenario in question 9, if Acme Widgets switched to an asymmetric encryption algorithm, how many keys would be required to add the 11th employee? 1 2 10 11
2
What type of malware is adware typically classified as? A DOG A backdoor A PUP A rootkit
A PUP Potentially Unwanted Programs (PUPs) are software programs that you had no intention of downloading. The PUP virus, also known as a Potentially Unwanted Application (PUA), junkware, or bundleware, mostly come with software that you planned to download
Rick performs a backup that captures the changes since the last full backup. What type of backup has he performed? A new full backup A snapshot An incremental backup A differential backup
A differential backup A differential backup is a data backup that copies all of the files that have changed since the last full backup was performed. This includes any data that has been created, updated or altered in any way and does not copy all of the data every time.
Charles has implemented LDAP for his organization. What type of service has he enabled? A federation A directory service An attestation service A biometric identity provider
A directory service LDAP (Lightweight Directory Access Protocol) is a software protocol for enabling anyone to locate data about organizations, individuals and other resources such as files and devices in a network -- whether on the public Internet or on a corporate Intranet
What type of malicious actor is most likely to use hybrid warfare? A script kiddie A hacktivist An internal threat A nation-state
A nation-state Nation-state attacks are malicious cyberattacks that originate from a particular country and are an attempt to further that country's interests
The application that Scott is writing has a flaw that occurs when two operations are attempted at the same time, resulting in unexpected results when the two actions do not occur in the expected order. What type of flaw does the application have? De-referencing A race condition An insecure function Improper error handling
A race condition A race condition is a coding problem. And that's because on the systems we use these days, there are usually multiple users performing multiple functions all at the same time. And if your coding has not taken into account that these multiple things could happen simultaneously, you will run into a race condition.
Alex discovers that the network routers that his organization has recently ordered are running a modified firmware version that does not match the hash provided by the manufacturer when he compares them. What type of attack should Alex categorize this attack as? An influence campaign A hoax A supply chain attack A pharming attack
A supply chain attack A supply chain attack refers to when someone uses an outside provider or partner that has access to your data and systems to infiltrate your digital infrastructure.
What type of recovery site has some or most systems in place but does not have the data needed to take over operations? A hot site A warm site A cloud site A cold site
A warm site A warm site is a type of facility an organization uses to recover its technology infrastructure when its primary data center goes down. A warm site features an equipped data center but no customer data
Selah infects the ads on a website that users from her target company frequently visit with malware as part of her penetration test. What technique has she used? A watering hole attack Vishing Whaling Typosquatting
A watering hole attack A security exploit where the attacker infects websites that are frequently visited by members of the group being attacked, with a goal of infecting a computer used by one of the targeted group when they visit the infected website
Vince is choosing a symmetric encryption algorithm for use in his organization. He would like to choose the strongest algorithm from the choices below. What algorithm should he choose? DES 3DES RSA AES
AES The AES algorithm utilizes the Rijndael algorithm with block sizes and key lengths of 128, 192, and 256 bits to provide better security than its predecessor, the DES algorithm.
Brian is selecting a CASB for his organization and he would like to use an approach that interacts with the cloud provider directly. Which CASB approach is most appropriate for his needs? Inline CASB Outsider CASB Comprehensive CASB API-based CASB
API-based CASB API-based CASB solutions interact directly with the cloud provider through the provider's API. Inline CASB solutions intercept requests between the user and the provider. Outsider and comprehensive are not categories of CASB solutions.
Which one of the following software development models focuses on the early and continuous delivery of software? Waterfall Agile Spiral Butterfly
Agile The Agile model combines incremental and iterative process models throughout the software development lifecycle (SDLC). The Agile model focuses on rapid delivery of working software products. In the Agile model, the products are broken into different SDLC environments. Smaller tasks are divided into time boxes to deliver specific features for a release. Each incremental build helps the product advance to a final build that contains all the required features with a focus on adaptability and customer satisfaction.
What type of physical security control is shown here? A Faraday cage An access control vestibule A bollard An air gap
An access control vestibule
Sharif receives a bill for services that he does not believe his company requested or had performed. What type of social engineering technique is this? Credential harvesting A hoax Reconnaissance An invoice scam
An invoice scam Invoice fraud involves a fraudster notifying your company that supplier payment details have changed and providing alternative details in order to defraud you. The fraudster could be claiming to be from your company's genuine supplier, or even be posing as a member of your own firm
What type of assessment is particularly useful for identifying insider threats? Behavioral Instinctual Habitual IOCs
Behavioral Behavior-based security is a proactive approach to security in which all relevant activity is monitored so that deviations from normal behavior patterns can be identified and dealt with quickly
Greg would like to find a reference document that describes how to map cloud security controls to different regulatory standards. What document would best assist with this task? CSA CCM NIST SP 500-292 ISO 27001 PCI DSS
CSA CCM The Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) is a reference document designed to help organizations understand the appropriate use of cloud security controls and map those controls to various regulatory standards. NIST SP 500-292 is a reference model for cloud computing and operates at a high level. ISO 27001 is a general standard for cybersecurity, and PCI DSS is a regulatory requirement for organizations involved in processing credit card transactions.
Kevin is configuring a web server to use digital certificates. What technology can he use to allow clients to quickly verify the status of that digital certificate without contacting a remote server? CRL OCSP Certificate stapling Certificate pinning
Certificate stapling OCSP Stapling improves the connection speed of the SSL handshake by combining two requests into one. This cuts down on the amount of time it takes to load an encrypted webpage. OCSP Stapling helps maintain the privacy of the end user as no connection is made to the CRL for the OCSP request.
Skimming attacks are often associated with what next step by attackers? Phishing Dumpster diving Vishing Cloning
Cloning clone phishing is carried out through a spoofed email sent from a location outside an organization. The emails contain a link or attachment that links to a malicious version of the website which swaps information with the attacker. The only difference between clone phishing and regular phishing attacks is that all of the original data remains intact, but it has been duplicated
Which one of the following statements is not true about compensating controls under PCI DSS? Controls used to fulfill one PCI DSS requirement may be used to compensate for the absence of a control needed to meet another requirement. Controls must meet the intent of the original requirement. Controls must meet the rigor of the original requirement. Compensating controls must provide a similar level of defense as the original requirement.
Controls used to fulfill one PCI DSS requirement may be used to compensate for the absence of a control needed to meet another requirement. PCI DSS compensating controls must be "above and beyond" other PCI DSS requirements. This specifically bans the use of a control used to meet one requirement as a compensating control for another requirement.
What term best describes data that is being sent between two systems over a network connection? Data at rest Data in motion Data in processing Data in use
Data in motion Data being sent over a network is data in motion. Data at rest is stored data that resides on hard drives, tapes, in the cloud, or on other storage media. Data in processing, or data in use, is data that is actively in use by a computer system
If David wishes to digitally sign the message that he is sending Mike, what key would he use to create the digital signature? David's public key David's private key Mike's public key Mike's private key
David's private key
When Mike receives the digitally signed message from David, what key should he use to verify the digital signature? David's public key David's private key Mike's public key Mike's private key
David's public key
Amanda wants to securely destroy data held on DVDs. Which of the following options is not a suitable solution for this? Degaussing Burning Pulverizing Shredding
Degaussing using electromagnetics. A degausser will send a magnetic field throughout the device, which will remove all of the data from the storage platters and destroy all of the electronics on the device. And like paper, we can use heat to incinerate these products, making sure that they are completely destroyed.
Which of the following measures is not commonly used to assess threat intelligence? Timeliness Detail Accuracy Relevance
Detail Threat intelligence includes in-depth information and context about specific threats, such as who is attacking, their capabilities and motivation, and the indicators of compromise (IOCs).
Tim is working on a change to a web application used by his organization to fix a known bug. What environment should he be working in? Test Development Staging Production
Development Software developers use a development environment to create the application. This typically includes version control and change management controls to track the application development.
Joe's adventures in web server log analysis are not yet complete. As he continues to review the logs, he finds the request http://www.mycompany.com/../../../etc/passwd What type of attack was most likely attempted? SQL injection Session hijacking Directory traversal File upload
Directory traversal A directory traversal vulnerability is the result of insufficient filtering/validation of browser input from users. Directory traversal vulnerabilities can be located in web server software/files or in application code that is executed on the server
What technique is most commonly associated with the use of malicious flash drives by penetration testers? Mailing them to targets. Sneaking them into offices and leaving them in desk drawers. Distributing them in parking lots as though they were dropped. Packing them to look like a delivery and dropping them off with a target's name on the package
Distributing them in parking lots as though they were dropped.
What type of cryptographic attack attempts to force a user to reduce the level of encryption that they use to communicate with a remote server? Birthday Frequency Downgrade Rainbow table
Downgrade Another type of attack is a downgrade attack. Normally when you want to communicate securely to another device, there's a conversation that initially takes place where both sides determine what the best possible encryption algorithm might be. If you're able to somehow sit-in the middle and influence that conversation, you could have the two sides downgrade to a type of encryption that might be very easy to break.
Ben searches through an organization's trash looking for sensitive documents, internal notes, and other useful information. What term describes this type of activity? Waste engineering Dumpster diving Trash pharming Dumpster harvesting
Dumpster diving Dumpster diving is a way for attackers to gain information that they use to establish trust. While attackers will also take any computer equipment they find, typically, the primary focus of a dumpster diving attack is to gain information about an organization. Even innocuous documents can be used by an attacker.
What type of digital certificate provides the greatest level of assurance that the certificate owner is who they claim to be? DV OV UV EV
EV Extended Validation (EV), like OV, verifies the identity of an organization. However, EV represents a higher standard of trust than OV and requires more rigorous validation checks to meet the standard of the CA/Browser Forum's Extend.
Wanda is responsible for a series of seismic sensors placed at remote locations. These sensors have low-bandwidth connections and she would like to place computing power on the sensors to allow them to preprocess data before it is sent back to the cloud. What term best describes this approach? Edge computing Client-server computing Fog computing Thin client computing
Edge computing This approach may be described as client-server computing, but that is a general term that describes many different operating environments. The better term to use here is edge computing, which involves placing compute power at the client to allow it to perform preprocessing before sending data back to the cloud. Fog computing is a related concept that uses IoT gateway devices that are located in close physical proximity to the sensors.
Kevin would like to ensure that his software runs on a platform that is able to expand and contract as needs change. Which one of the following terms best describes his goal? Scalability Elasticity Cost effectiveness Agility
Elasticity Elasticity is one where you would add new resources as they're needed and be able to scale things down as things slow down
Charles wants to find out about security procedures inside his target company, but he doesn't want the people he is talking to realize that he is gathering information about the organization. He engages staff members in casual conversation to get them to talk about the security procedures without noticing that they have done so. What term describes this process in social engineering efforts? Elicitation Suggestion Pharming Prepending
Elicitation Elicitation is a technique used to discreetly gather information. That is to say, elicitation is the strategic use of casual conversation to extract information from people (targets) without giving them the feeling that they are being interrogated or pressed for the information
Of the threat vectors listed here, which one is most commonly exploited by attackers who are at a distant location? Email Direct access Wireless Removable media
Tara recently analyzed the results of a vulnerability scan report and found that a vulnerability reported by the scanner did not exist because the system was actually patched as specified. What type of error occurred? False positive False negative True positive True negative
False positive False positives occur when a scanning tool, web application firewall (WAF), or intrusion prevention system (IPS) incorrectly flag a security vulnerability during software testing. False positives describe the situation where a test case fails, but in actuality there is no bug and functionality is working correctly.
Grace would like to determine the operating system running on a system that she is targeting in a penetration test. Which one of the following techniques will most directly provide her with this information? Port scanning Footprinting Vulnerability scanning Packet capture
Footprinting a technique used for gathering information about computer systems & the entities they belong to. To get this information, a hacker might use various tools & technologies. This information could be very helpful to a hacker who is trying to crack into a system.
Which one of the following data elements is not commonly associated with identity theft? Social Security number Driver's license number Frequent flyer number Passport number
Frequent flyer number Although it is possible that a frequent flyer account number, or any other account number for that matter, could be used in identity theft, it is far more likely that identity thieves would use core identity documents. These include drivers' licenses, passports, and Social Security numbers
Gurvinder identifies a third-party datacenter provider over 90 miles away to run his redundant datacenter operations. Why has he placed the datacenter that far away? Because it is required by law Network traffic latency concerns Geographic dispersal Geographic tax reasons
Geographic dispersal Geographic dispersal spreads our systems over a large geographic area. For example, if we have four web servers providing access to our organization's website, we might place one of those servers in New york etc.
Renee is a cybersecurity hobbyist. She receives an email about a new web-based grading system being used by her son's school and she visits the site. She notices that the URL for the site looks like this: https://www.myschool.edu/grades.php&studentID=1023425 (Links to an external site.) She realizes that 1023425 is her son's student ID number and she then attempts to access the following similar URLs: https://www.myschool.edu/grades.php&studentID=1023423 (Links to an external site.) https://www.myschool.edu/grades.php&studentID=1023424 (Links to an external site.) https://www.myschool.edu/grades.php&studentID=1023426 (Links to an external site.) https://www.myschool.edu/grades.php&studentID=1023427 (Links to an external site.) When she does so, she accesses the records of other students. She closes the records and immediately informs the school principal of the vulnerability. What term best describes Renee's work? White-hat hacking Green-hat hacking Gray-hat hacking Black-hat hacking
Gray-hat hacking Gray hat hackers enact a blend of both black hat and white hat activities. Gray hat hackers often look for vulnerabilities in a system without the owner's permission or knowledge. If issues are found, they report them to the owner, sometimes requesting a small fee to fix the problem.
What compliance regulation most directly affects the operations of a healthcare provider? HIPAA PCI DSS GLBA SOX
HIPAA Although a health-care provider may be impacted by any of these regulations, the Health Insurance Portability and Accountability Act (HIPAA) provides direct regulations for the security and privacy of protected health information and would have the most direct impact on a health-care provider.
What type of security solution provides a hardware platform for the storage and management of encryption keys? HSM IPS SIEM SOAR
HSM Hardware security module (HSM) is a security device you can add to a system to manage, generate, and securely store cryptographic keys
Alan's team needs to perform computations on sensitive personal information but does not need access to the underlying data. What technology can the team use to perform these calculations without accessing the data? Quantum computing Blockchain Homomorphic encryption Certificate pinning
Homomorphic encryption homomorphic encryption, you perform the calculation, while the data remains encrypted. You can perform calculations on data, in its encrypted form, and save the results as encrypted data, the entire time never having decrypted any of that information
What component of a virtualization platform is primarily responsible for preventing VM escape attacks? Administrator Guest operating system Host operating system Hypervisor
Hypervisor Virtual machine (VM) escape vulnerabilities are the most serious issue that can exist in a virtualized environment, particularly when a virtual host runs systems of differing security levels. In an escape attack, the attacker has access to a single virtual host and then manages to leverage that access to intrude upon the resources assigned to a different virtual machine. The hypervisor is supposed to prevent this type of access by restricting a virtual machine's access to only those resources assigned to that machine.
In which of the following cloud categories are customers typically charged based on the number of virtual server instances dedicated to their use? IaaS only SaaS only IaaS and PaaS IaaS, SaaS, and PaaS
IaaS and PaaS Customers are typically charged for server instances in both IaaS environments, where they directly provision those instances, and PaaS environments, where they request the number of servers needed to support their applications. In an SaaS environment, the customer typically has no knowledge of the number of server instances supporting their use.
Angela has chosen to federate with other organizations to allow use of services that each organization provides. What role does Angela's organization play when they authenticate their users and assert that those users are valid to other members of the federation? Service provider Relying party Authentication provider Identity provider
Identity provider Identity Provider (IdP). The party that manages the subscriber's primary authentication credentials and issues assertions derived from those credentials
Upon further inspection, Joe finds a series of thousands of requests to the same URL coming from a single IP address. Here are a few examples: http://www.mycompany.com/servicestatus.php?serviceID=1 http://www.mycompany.com/servicestatus.php?serviceID=2 http://www.mycompany.com/servicestatus.php?serviceID=3 http://www.mycompany.com/servicestatus.php?serviceID=4 http://www.mycompany.com/servicestatus.php?serviceID=5 http://www.mycompany.com/servicestatus.php?serviceID=6 What type of vulnerability was the attacker likely trying to exploit? Insecure direct object reference File upload Unvalidated redirect Session hijacking
Insecure direct object reference Insecure direct object references (IDOR) are a type of access control vulnerability that arises when an application uses user-supplied input to access objects directly. The term IDOR was popularized by its appearance in the OWASP 2007 Top Ten
Edward Snowden was a government contractor who disclosed sensitive government documents to journalists to uncover what he believed were unethical activities. Which two of the following terms best describe Snowden's activities? (Choose two.) Insider State actor Hacktivist APT Organized crime
Insider Hacktivist The Cyber and Infrastructure Security Agency (CISA) defines insider threat as the threat that an insider will use his or her authorized access, wittingly or unwittingly, to do harm to the Department's mission, resources, personnel, facilities, information, equipment, networks, or systems. Hacktivism is the use of computer-based techniques such as hacking as a form of civil disobedience to promote a political agenda or social change.
Chris is responding to a security incident that compromised one of his organization's web servers. He believes that the attackers defaced one or more pages on the website. What cybersecurity objective did this attack violate? Confidentiality Nonrepudiation Integrity Availability
Integrity The defacement of a website alters content without authorization and is, therefore, a violation of the integrity objective. The attackers may also have breached the confidentiality or availability of the website, but the scenario does not provide us with enough information to draw those conclusions.
Brian ran a penetration test against a school's grading system and discovered a flaw that would allow students to alter their grades by exploiting a SQL injection vulnerability. What type of control should he recommend to the school's cybersecurity team to prevent students from engaging in this type of activity? Confidentiality Integrity Alteration Availability
Integrity The integrity side means that as traffic is traveling from one side to another, you want to be sure that nobody makes any changes to that information. When it's received, you want to be sure the integrity of the data is maintained all the way through the system.
Vince recently received the hash values of malicious software that several other firms in his industry found installed on their systems after a compromise. What term best describes this information? Vulnerability feed IoC TTP RFC
IoC Indicators of compromise (IOCs) serve as forensic evidence of potential intrusions on a host system or network. These artifacts enable information security (InfoSec) professionals and system administrators to detect intrusion attempts or other malicious activities.
Joanna recovers a password file with passwords stored as MD5 hashes. What tool can she use to crack the passwords? MD5sum John the Ripper GPG Netcat
John the Ripper John the Ripper (JtR) is a password cracking tool originally produced for UNIX-based systems. It was designed to test password strength, brute-force encrypted (hashed) passwords, and crack passwords via dictionary attacks
Nancy is concerned that there is a software keylogger on the system she is investigating. What data may have been stolen? All files on the system All keyboard input All files the user accessed while the keylogger was active Keyboard and other input from the user
Keyboard and other input from the user Keyloggers are activity-monitoring software programs that give hackers access to your personal data. The passwords and credit card numbers you type, the webpages you visit - all by logging your keyboard strokes. The software is installed on your computer, and records everything you type. Then it sends this log file to a server, where cybercriminals wait to make use of all this sensitive information.
During a penetration test, Patrick deploys a toolkit on a compromised system and uses it to gain access to other systems on the same network. What term best describes this activity? Lateral movement Privilege escalation Footprinting OSINT
Lateral movement Lateral movement refers to the techniques that a cyberattacker uses, after gaining initial access, to move deeper into a network in search of sensitive data and other high-value assets.
Melissa is planning on implementing biometric authentication on her network. Which of the following should be a goal for any biometric solution she selects? High FRR, low FAR High FAR, low FRR Low CER High CER
Low CER A lower CER indicates that the biometric system is more accurate. a low CER is the best choice as it has very few errors
Brenda's company provides a managed incident response service to its customers. What term best describes this type of service offering? MSP PaaS SaaS MSSP
MSSP Brenda's company is offering a technology service to customers on a managed basis, making it a managed service provider (MSP). However, this service is a security service, so the term managed security service provider (MSSP) is a better description of the situation.
What type of malware is VBA code most likely to show up in? Macro viruses RATs Worms Logic bombs
Macro viruses A macro virus is a computer virus written in the same macro language used to create software programs such as Microsoft Excel or Word. It centers on software applications and does not depend on the operating system (OS)
What type of attack places an attacker in the position to eavesdrop on communications between a user and a web server? Man-in-the-middle Session hijacking Buffer overflow Meet-in-the-middle
Man-in-the-middle The bad guy acts as the middleman. It's receiving information from one device, looking at what's inside of it, and forwarding it on to another device. MITM attacks take advantage of an unsecured or misconfigured Wi-Fi network. The most common way is spoofing an SSID.
Kevin recently identified a new security vulnerability and computed its CVSS base score as 6.5. Which risk category would this vulnerability fall into? Low Medium High Critical
Medium
Which one of the following security assessment tools is least likely to be used during the reconnaissance phase of a penetration test? Nmap Nessus Metasploit Nslookup
Metasploit The Metasploit Framework is a Ruby-based, modular penetration testing platform that enables you to write, test, and execute exploit code. The Metasploit Framework contains a suite of tools that you can use to test security vulnerabilities, enumerate networks, execute attacks, and evade detection
When Mike receives the message that David encrypted for him, what key should he use to decrypt the message? David's public key David's private key Mike's public key Mike's private key
Mike's private key
David would like to send Mike a message using an asymmetric encryption algorithm. What key should he use to encrypt the message? David's public key David's private key Mike's public key Mike's private key
Mike's public key
Madhuri wants to implement a camera system but is concerned about the amount of storage space that the video recordings will require. What technology can help with this? Infrared cameras Facial recognition Motion detection PT
Motion detection
Rick believes that a system he is responsible for has been compromised with malware that uses a rootkit to obtain and retain access to the system. When he runs a virus scan, the system doesn't show any malware. If he has other data that indicates the system is infected, what should his next step be if he wants to determine what malware may be on the system? Rerun the antimalware scan. Mount the drive on another system and scan it that way. Disable the systems antivirus because it may be causing a false negative The system is not infected and he should move on
Mount the drive on another system and scan it that way.
Which of the following threat actors typically has the greatest access to resources? Nation-state actors Organized crime Hacktivists Insider threats
Nation-state actors The Nation State Actor has a 'Licence to Hack'. They work for a government to disrupt or compromise target governments, organisations or individuals to gain access to valuable data or intelligence, and can create incidents that have international significance.
Greg is implementing a data loss prevention system. He would like to ensure that it protects against transmissions of sensitive information by guests on his wireless network. What DLP technology would best meet this goal? Watermarking Pattern recognition Host-based Network-based
Network-based In this case, Greg must use a network-based DLP system. Host-based DLP requires the use of agents, which would not be installed on guest systems. Greg may use watermarking and/or pattern recognition to identify the sensitive information. but he must use network-based DLP to meet his goal
Which one of the following objectives is not one of the three main objectives that information security professionals must achieve to protect their organizations against cybersecurity threats? Integrity Nonrepudiation Availability Confidentiality
Nonrepudiation The three primary objectives of cybersecurity professionals are confidentiality, integrity, and availability
Scott sends his backups to a company that keeps them in a secure vault. What type of backup solution has he implemented? Nearline Safe Online Offline
Offline An offline backup is particularly important to defend against ransomware attacks, ensuring the organization can always restore from a clean, protected data set.
Ben wants to analyze Python code that he believes may be malicious code written by an employee of his organization. What can he do to determine if the code is malicious? Run a decompiler against it to allow him to read the code Open the file using a text editor to review the code. Test the code using an antivirus tool. Submit the Python code to a malware testing website.
Open the file using a text editor to review the code.
Scott wants to allow users to bring their own credentials to his website so that they can log in using a Google or Microsoft account without giving him their passwords. What protocol can he use that will allow those users to grant the website access to their information? Kerberos OAuth RADIUS OpenID
OpenID Google to sign in to applications like YouTube, or Facebook to log into an online shopping cart, then you're familiar with this authentication option. OpenID Connect is an open standard that organizations use to authenticate users.
Which one of the CVSS metrics would contain information about the type of account access that an attacker must have to execute an attack? AV C PR AC
PR Privileges Required (PR) shows the amount of privileges the attacker must have to exploit the vulnerability successfully.
Joe checks his web server logs and sees that someone sent the following query string to an application running on the server: http://www.mycompany.com/servicestatus.php?serviceID=892&serviceID=892' ; DROP TABLE Services;-- What type of attack was most likely attempted? Cross-site scripting Session hijacking Parameter pollution Man-in-the-middle
Parameter pollution HTTP Parameter Pollution (HPP) is a Web attack evasion technique that allows an attacker to craft a HTTP request in order to manipulate or retrieve hidden information. This evasion technique is based on splitting an attack vector between multiple instances of a parameter with the same name
Precompiled SQL statements that only require variables to be input are an example of what type of application security control? Parameterized queries Encoding data Input validation Appropriate access controls
Parameterized queries SQL Parameterized Query comes to rescue here because it forces the user to implement the logic of SQL query first and then inserting user input into it. This forces the SQL query to be built before entering any user input in it.
Which of the following technologies is the least effective means of preventing shared accounts? Password complexity requirements Requiring biometric authentication Requiring one-time passwords via a token Requiring a one-time password via an application
Password complexity requirements 10-20 characters = no periodic reset/expiration required. 8-9 characters plus a second authentication factor = no periodic reset/expiration required. 8-9 characters only = annual password reset/expiration required.
During a vulnerability scan, Brian discovered that a system on his network contained this vulnerability: What security control, if deployed, would likely have addressed this issue? Patch management File integrity monitoring Intrusion detection Threat hunting
Patch management Patch management ensures that systems and applications stay up to date with current patches
Charles is worried about users conducting SQL injection attacks. Which of the following solutions will best address his concerns? Using secure session management Enabling logging on the database Performing user input validation Implementing TLS
Performing user input validation Input validation is the practice of checking data for validity before using it. Input validation prevents an attacker from sending malicious code that an application will use by either sanitizing the input to remove malicious code or rejecting the input. The lack of input validation is one of the most common security issues on web-based applications. It allows many different types of attacks, such as buffer overflow, SQL injection, command injection, and cross-site scripting attacks.
Kyle is conducting a penetration test. After gaining access to an organization's database server, he installs a backdoor on the server to grant himself access in the future. What term best describes this action? Privilege escalation Lateral movement Maneuver Persistence
Persistence In persistence, the attacker does not limit their attack to a limited time. Instead, they watch and wait, looking for an opening to strike the target system. When one presents itself, they take penetrate the victims system. Afterwards, the attacker will continue to monitor the target network for further vulnerabilities
Alaina discovers that someone has set up a website that looks exactly like her organization's banking website. Which of the following terms best describes this sort of attack? Phishing Pharming Typosquatting Tailgating
Pharming Pharming is a two-step process that begins with an attacker installing malicious code on a victim's computer or server. That code sends the victim to a spoofed website, where they may be tricked into offering their personal data or login credentials for a website or online service
Which one of the following information sources would not be considered an OSINT source? DNS lookup Search engine research Port scans WHOIS queries
Port scans The OSINT cycle describes the process of collecting, analyzing, and disseminating publicly sourced information. Combine OSINT cycle knowledge with optimized research and collection tools as well as OPSEC training, and your teams will propel their missions forward. A port scan is a common technique hackers use to discover open doors or weak points in a network. A port scan attack helps cyber criminals find open ports and figure out whether they are receiving or sending data. It can also reveal whether active security devices like firewalls are being used by an organization.
Naomi believes that an attacker has compromised a Windows workstation using a fileless malware package. What Windows scripting tool was most likely used to download and execute the malware? VBScript Python Bash PowerShell
PowerShell PowerShell allows a user to implement automated security solutions that are dependent on specific services running on multiple servers. Abusing PowerShell heightens the risks of exposing systems to a plethora of threats such as ransomware, fileless malware, and malicious code memory injections
Which one of the following is not an advantage of database normalization? Preventing data inconsistencies Preventing injection attacks Reducing the need for database restructuring Making the database schema more informative
Preventing injection attacks Data normalization is the process of intercepting and storing incoming data so it exists in one form only. This eliminates redundant data and protects the data's integrity. The stored, normalized data is protected while any appearance of the data elsewhere is only making a reference to the data that is being stored and protected in the data normalizer
Tony purchases virtual machines from Microsoft Azure and uses them exclusively for use by his organization. What model of cloud computing is this? Public cloud Private cloud Hybrid cloud Community cloud
Public cloud This is an example of public cloud computing because Tony is using a public cloud provider, Microsoft Azure. The fact that Tony is limiting access to virtual machines to his own organization is not relevant because the determining factor for the cloud model is whether the underlying infrastructure is shared, not whether virtualized resources are shared.
Gabby wants to implement a mirrored drive solution. What RAID level does this describe? RAID 0 RAID 1 RAID 5 RAID 6
RAID 1 Disk mirroring, also known as RAID 1, is the replication of data to two or more disks. Disk mirroring is a good choice for applications that require high performance and high availability, such as transactional applications, email and operating systems.
Ben wants to implement a RAID array that combines both read and write performance while retaining data integrity if a drive fails. Cost is not a concern compared to speed and resilience. What RAID type should he use? RAID 1 RAID 5 RAID 6 RAID 10
RAID 10 RAID 10, also known as RAID 1+0, is a RAID configuration that combines disk mirroring and disk striping to protect data. It requires a minimum of four disks and stripes data across mirrored pairs. As long as one disk in each mirrored pair is functional, data can be retrieved
Renee is configuring her vulnerability management solution to perform credentialed scans of servers on her network. What type of account should she provide to the scanner? Domain administrator Local administrator Root Read-only
Read-only Read-only is a designation for any object or construct which can no longer be altered after creation, it can only be read
Kevin is participating in a security exercise for his organization. His role in the exercise is to use hacking techniques to attempt to gain access to the organization's systems. What role is Kevin playing in this exercise? Red team Blue team Purple team White team
Red team The red team is usually referring to the team of folks who are on offense. These are folks that are performing the penetration test themselves. You might hear those referred to as ethical hacking, because they're working for us, to try to find the holes that might be in our network.
Brian would like to limit the ability of users inside his organization to provision expensive cloud server instances without permission. What type of control would best help him achieve this goal? Resource policy Security group Multifactor authentication Secure web gateway
Resource policy Cloud providers offer resource policies that customers may use to limit the actions that users of their accounts may take. Implementing resource policies is a good security practice to limit the damage caused by an accidental command, a compromised account, or a malicious insider.
Fred receives a call to respond to a malware-infected system. When he arrives, he discovers a message on the screen that reads "Send .5 Bitcoin to the following address to recover your files." What is the most effective way for Fred to return the system to normal operation? Pay the Bitcoin ransom. Wipe the system and reinstall. Restore from a backup if available. Run antimalware software to remove malware.
Restore from a backup if available.
Kathleen wants to discourage potential attackers from entering the facility she is responsible for. Which of the following is not a common control used for this type of preventive defense? Fences Lighting Robotic sentries Signs
Robotic sentries
Which one of the following servers is almost always an offline CA in a large PKI deployment? Root CA Intermediate CA RA Internal CA
Root CA The root certificate is the public certificate that's assigned to your root certificate authority
Lila is working on a penetration testing team and she is unsure whether she is allowed to conduct social engineering as part of the test. What document should she consult to find this information? Contract Statement of work Rules of engagement Lessons learned report
Rules of engagement The Rules of Engagement, or ROE, are meant to list out the specifics of your penetration testing project to ensure that both the client and the engineers working on a project know exactly what is being testing, when its being tested, and how its being tested. Detailed guidelines and constraints regarding the execution of information security testing. The ROE is established before the start of a security test, and gives the test team authority to conduct defined activities without the need for additional permissions.
Which type of multifactor authentication is considered the least secure? HOTP SMS TOTP Biometric
SMS
In what cloud security model does the cloud service provider bear the most responsibility for implementing security controls? IaaS FaaS PaaS SaaS
SaaS The cloud service provider bears the most responsibility for implementing security controls in an SaaS environment and the least responsibility in an IaaS environment. This is due to the division of responsibilities under the cloud computing shared responsibility model.
Wendy is a penetration tester who wishes to engage in a session hijacking attack. What information is crucial for Wendy to obtain if her attack will be successful? Session ticket Session cookie Username User password
Session cookie The session cookie is a server-specific cookie that cannot be passed to any machine other than the one that generated the cookie. The session cookie allows the browser to re-identify itself to the single, unique server to which the client had previously authenticated
Ursula recently discovered that a group of developers are sharing information over a messaging tool provided by a cloud vendor but not sanctioned by her organization. What term best describes this use of technology? Shadow IT System integration Vendor management Data exfiltration
Shadow IT Shadow IT refers to any technical solutions or applications that are adopted and used by end users without the approval and/or knowledge of centralized IT teams. While these applications lack governance, they are most often acquired by end users with the best of intentions.
Mike is sending David an encrypted message using a symmetric encryption algorithm. What key should he use to encrypt the message? Mike's public key Mike's private key David's public key Shared secret key
Shared secret key A shared secret key is used by mutual agreement between a sender and receiver for encryption, decryption, and digital signature purposes. A shared secret key uses a text file that contains the key material for cryptographic operations
A PIN is an example of what type of factor? Something you know Something you are Something you have Something you set
Something you know a password, pincode, or answers to "challenge" questions.
Adam is conducting software testing by reviewing the source code of the application. What type of code testing is Adam conducting? Mutation testing Static code analysis Dynamic code analysis Fuzzing
Static code analysis Static code analysis, also known as Static Application Security Testing (SAST), is a vulnerability scanning methodology designed to work on source code rather than a compiled executable.
Tony is reviewing the status of his organization's defenses against a breach of their file server. He believes that a compromise of the file server could reveal information that would prevent the company from continuing to do business. What term best describes the risk that Tony is considering? Strategic Reputational Financial Operational
Strategic The risk that Tony is contemplating could fit any one of these categories. However, his primary concern is that the company may no longer be able to do business if the risk materializes. This is a strategic risk.
Greg believes that an attacker may have installed malicious firmware in a network device before it was provided to his organization by the supplier. What type of threat vector best describes this attack? Supply chain Removable media Cloud Direct access
Supply chain Supply chain attacks are an emerging kind of threat that target software developers and suppliers. The goal is to access source codes, build processes, or update mechanisms by infecting legitimate apps to distribute malware
Cindy wants to send threat information via a standardized protocol specifically designed to exchange cyber threat information. What should she choose? STIX 1.0 OpenIOC STIX 2.0 TAXII
TAXII Trusted Automated eXchange of Intelligence Information, defines how cyber threat information can be shared via services and message exchanges. It is designed specifically to support STIX information, which it does by defining an API that aligns with common sharing models.
Naomi receives a report of smishing. What type of attack should she be looking for? Compressed files in phishing Text message-based phishing Voicemail-based phishing Server-based phishing
Text message-based phishing Smishing is a form of phishing in which an attacker uses a compelling text message to trick targeted recipients into clicking a link and sending the attacker private information or downloading malicious programs to a smartphone
What major difference is likely to exist between on-premises identity services and those used in a cloud-hosted environment? Account policy control will be set to the cloud provider's standards. The cloud service will provide account and identity management services. Multifactor authentication will not be supported by the cloud vendor. None of the above.
The cloud service will provide account and identity management services.
Fran's organization uses a Type I hypervisor to implement an IaaS offering that it sells to customers. Which one of the following security controls is least applicable to this environment? Customers must maintain security patches on guest operating systems. The provider must maintain security patches on the hypervisor. The provider must maintain security patches on the host operating system. Customers must manage security groups to mediate network access to guest operating systems.
The provider must maintain security patches on the host operating system. Type I hypervisors, also known as bare-metal hypervisors, run directly on top of the physical hardware and, therefore, do not require a host operating system.
Ryan is selecting a new security control to meet his organization's objectives. He would like to use it in their multicloud environment and would like to minimize the administrative work required from his fellow technologists. What approach would best meet his needs? Third-party control Internally developed control Cloud-native control Any of the above
Third-party control Controls offered by cloud service providers have the advantage of direct integration with the provider's offerings, often making them cost-effective and user-friendly. Third-party solutions are often more costly, but they bring the advantage of integrating with a variety of cloud providers, facilitating the management of multicloud environments.
Joe is examining the logs for his web server and discovers that a user sent input to a web application that contained the string WAITFOR. What type of attack was the user likely attempting? Timing-based SQL injection HTML injection Cross-site scripting Content-based SQL injection
Timing-based SQL injection Time-based SQL Injection is an inferential SQL Injection technique that relies on sending an SQL query to the database which forces the database to wait for a specified amount of time (in seconds) before responding. The response time will indicate to the attacker whether the result of the query is TRUE or FALSE
What is a HSM used for? To capture biometric enrollment data To generate, manage, and securely store cryptographic keys To generate one-time passwords via a time-based code algorithm To enable federation between organizations
To generate, manage, and securely store cryptographic keys A hardware security module (HSM) is a security device you can add to a system to manage, generate, and securely store cryptographic keys
Why are Faraday cages deployed? To prevent tailgating To assist with fire suppression To prevent EMI To prevent degaussing
To prevent EMI EMI shielding prevents outside interference sources from corrupting data and prevents data from emanating outside the cable
What data minimization technique replaces personal identifiers with unique identifiers that may be cross-referenced with a lookup table? Tokenization Hashing Salting Masking
Tokenization Tokenization is the process of replacing sensitive data with unique identification symbols that retain all the essential information about the data without compromising its security.
Which one of the following data protection techniques is reversible when conducted properly? Tokenization Masking Hashing Shredding
Tokenization Tokenization techniques use a lookup table and are designed to be reversible. Masking and hashing techniques replace the data with values that can't be reversed back to the original data if performed properly. Shredding, when conducted properly, physically destroys data so that it may not be recovered.
Ursula would like to link the networks in her on-premises datacenter with cloud VPCs in a secure manner. What technology would help her best achieve this goal? Transit gateway HSM VPC endpoint SWG
Transit gateway Transit Gateway. Virtual router that handles routing between subnets in each VPC (virtual cloud network), and attached VPN gateways
Which of the following controls helps prevent insider threats? Two-person control Visitor logs Air gaps Reception desks and staff
Two-person control Continuous surveillance and control of positive control material at all times by a minimum of two authorized individuals, each capable of detecting incorrect and unauthorized procedures with respect to the task being performed, and each familiar with established security and safety requirements.
Nicole accidentally types www.smazon.com (Links to an external site.) into her browser and discovers that she is directed to a different site loaded with ads and pop-ups. Which of the following is the most accurate description of the attack she has experienced? DNS hijacking Pharming Typosquatting Hosts file compromise
Typosquatting Typosquatting is a form of cybercrime that involves hackers registering domains with deliberately misspelled names of well-known websites. Hackers do this to lure unsuspecting visitors to alternative websites, typically for malicious purposes
A caller reached a member of the IT support person at Carlos's company and told them that the chairman of the company's board was traveling and needed immediate access to his account but had been somehow locked out. They told the IT support person that if the board member did not have their password reset, the company could lose a major deal. If Carlos receives a report about this, which of the principles of social engineering should he categorize the attacker's efforts under? Scarcity Familiarity Consensus Urgency
Urgency Some attacks use urgency as a technique to encourage people to take action now.
Angela wants to limit the potential impact of malicious Bash scripts. Which of the following is the most effective technique she can use to do so without a significant usability impact for most users? Disable Bash. Switch to another shell. Use Bash's restricted mode. Prevent execution of Bash scripts.
Use Bash's restricted mode. Restricted shells can be applied to scripts, too. That ensures that any damage they may cause if they've been written incorrectly is limited to the confines of their restricted world and that they don't have access to your entire computer.
Which one of the following is not an example of infrastructure as code? Defining infrastructure in JSON. Writing code to interact with a cloud provider's API. Using a cloud provider's web interface to provision resources. Defining infrastructure in YAML.
Using a cloud provider's web interface to provision resources Infrastructure as code is any approach that automates the provisioning, management, and deprovisioning of cloud resources. Defining resources through JSON or YAML is IaC, as is writing code that interacts with an API. Provisioning resources through a web interface is manual, not automated, and therefore does not qualify as IaC.
Which one of the following techniques would be considered passive reconnaissance? Port scans Vulnerability scans WHOIS lookups Footprinting
WHOIS lookups WHOIS is a widely used Internet record listing that identifies who owns a domain and how to get in contact with them. The Internet Corporation for Assigned Names and Numbers (ICANN) regulates domain name registration and ownership.
Which one of the following tools is most likely to detect an XSS vulnerability? Static application test Web application vulnerability scanner Intrusion detection system Network vulnerability scanner
Web application vulnerability scanner Web Application Vulnerability Scanners are automated tools that scan web applications, normally from the outside, to look for security vulnerabilities such as Cross-site scripting, SQL Injection, Command Injection, Path Traversal and insecure server configuration.
Kolin is a penetration tester who works for a cybersecurity company. His firm was hired to conduct a penetration test against a health-care system, and Kolin is working to gain access to the systems belonging to a hospital in that system. What term best describes Kolin's work? White hat Gray hat Green hat Black hat
White hat A white hat hacker -- or ethical hacker -- is an individual who uses hacking skills to identify security vulnerabilities in hardware, software or networks. However, unlike black hat hackers -- or malicious hackers -- white hat hackers respect the rule of law as it applies to hacking.
Glenn recently obtained a wildcard certificate for *. mydomain.com (Links to an external site.). Which one of the following domains would not be covered by this certificate? mydomain.com core.mydomain.com dev. www.mydomain.com mail.mydomain.com
dev. www.mydomain.com