Final Assesment
CMMI Level _ Initial is a state where the processes do not exist and are not defined. Work is reactive in nature within the organization's systems.
1
CMMI Level _ Defined means that the majority of work is well-defined via processes and proactive measures are in place.
3
CMMI Level _ Optimizing is the highest level. At this level, work is well-defined via processes, work is proactive, measured, analyzed, and continuously improved.
5
An organization considers a federation approach when it comes to credential management. For what reason might the organization consider this solution? Peer trust models can avoid a single point of failure. The use of a digital signature allows the relying party to trust the identity provider. To retain a single account for all participating networks. A network needs to be accessible to more than just a well-defined group of employees.
A network needs to be accessible to more than just a well-defined group of employees. Federation is the notion that a network needs to be accessible to more than just a well-defined group of employees. In business, a company might need to make parts of its network open to partners, suppliers, and customers.
Engineers that support the software systems within an organization implement the use of the Capability Maturity Model Integration (CMMI) to measure functionality and capability. Currently, a score of Level 2: Managed is assigned to the systems. Which statement describes the current state of the software applications? A. Many work activities are defined via processes but work is still frequently reactive in nature. B. The majority of work is well-defined via processes and proactive measures are in place. C. Processes do not exist and work is reactive in nature. D. Work is well-defined via processes, work is proactive, and is measured.
A. Many work activities are defined via processes but work is still frequently reactive in nature. Capability Maturity Model Integration (CMMI) describes five levels of maturity within the operational or software capabilities of an organization. Level 2 Managed refers to many work activities being defined via processes, but work is still frequently reactive in nature.
An engineer discovers that an attack occurred on a system via a backdoor through a connected application. What enabled this form of attack? Middleware Library Container API
API APIs provide the core mechanisms that enable the integration and orchestration of application integration. APIs can be exploited to gain access to protected features of the underlying platform or used to extract sensitive data.
An attacker gains access to a sensitive shared folder. What might a security engineer configure to directly mitigate the problem? Enable Endpoint Protection Adjust ACL rules implement IDS rules Deploy a script
Adjust ACL rules Modifying access control list (ACL) rules using access rules can block or limit access to resources, such as blocking access to files and folders or blocking write access from specific accounts.
A systems security engineer deploys several new workstations in an organization. While doing so, a hardware security module (HSM) is also deployed for security services. What solution has the engineer provided by utilizing the HSM? Unchangeable asymmetric private key The use of digital certificates An archive and escrow for keys Record the presence of unsigned kernel-level code
An archive and escrow for keys A hardware security module (HSM) is a network appliance designed to perform centralized PKI management for a network of devices. It can act as an archive or escrow for keys in case of loss or damage.
Experts perform risk management activities at an organization. During which phase are quantitative and qualitative methods useful? Identification of risk responses Identification of known vulnerabilities Identification of potential threats Analysis of business impacts
Analysis of business impacts The analysis of business impacts uses quantitative and qualitative methods to analyze impacts and likelihood of a risk.
A sysadmin thinks a malicious process is preventing a service from starting on a Windows server. Which event does the log reveal information related to a service that won't start? Security System Application Forwarded
Application The Windows Application Event log displays events generated by applications and services. This included information such as when a service cannot start properly.
Management at a large financial firm maps out a data life cycle plan. During the process, regulatory restrictions are considered when defining which phase? (Select all that apply.) Archive Create Use Destroy
Archive Destroy When data is no longer used on a regular basis, it can be archived to help reduce costs and complexity. Important considerations include the legal and regulatory requirements governing retention periods. When data is no longer needed and authorized for destruction, defining the legally compliant methods for its destruction is critically important.
___ is the science of creating machine systems that can simulate or demonstrate a similar general intelligence capability to humans.
Artificial intelligence (AI)
An organization plans to sign an agreement with a new technology services vendor. Currently, the services that the organization receives are detrimental such that a lock-in scenario exists. Evaluate the statements and determine which best describes the organization's current situation. A vendor's product is developed in a way that makes it inoperable with other products. Determining if a vendor will be in business on an ongoing basis. Being completely dependent on a vendor for products or services because switching is impossible. Verifying the type and level of support to be provided by the vendor in support.
Being completely dependent on a vendor for products or services because switching is impossible. A vendor lock-in describes when a customer is completely dependent on a vendor for products or services because switching is either impossible or would result in substantial complexity and costs.
_____ refers to data collections that are so large and complex that they are difficult for traditional database tools to manage.
Big data
Servers at a data center are now protected with a data loss prevention (DLP). A remediation policy is configured such that any user is prevented from copying files, but access to read any files remains. What remediation policy is in place? Tombstone Quarantine Block Alert
Block A block policy prevents users from copying the original file but they retain access to it. Users may or may not be alerted to the policy violation, but it will be logged as an incident by the management engine.
An application uses encrypted transactional data to record incoming and changing data sets. Which technology does the application use? Big data Blockchain Artificial intelligence Deep learning
Blockchain Blockchain describes an expanding list of transactional records which are secured using cryptography. Records are connected in a chain, and each record is referred to as a block.
Which web traffic protection method is configured on an SSL/TLS web server to periodically obtain a time-stamped Online Certificate Status Protocol (OCSP) response from the certificate authority? Certificate Pinning Certificate Stapling Strict Transport Security Digital Signature
Certificate Stapling Certificate stapling resolves certificate pinning issues by having a SSL/TLS web server periodically obtain a time-stamped OCSP response from the CA.
Security experts perform forensic activities on a compromised server investigation. Which phase of the investigative process presents legal concerns for the experts? Identification Collection Reporting Analysis
Collection During evidence collection, it is important to have the authorization to collect the evidence using tools and methods that will withstand legal scrutiny.
An application specialist suggests using a particular application in a virtualized environment to avoid configuring additional workstations for the sake of using one piece of software. What does the specialist suggest using? Containers Thin client Minimal OS Thick client
Containers Application cell/container virtualization dispenses with the idea of a hypervisor and instead enforces resource separation at the operating system level. The OS defines isolated "cells" for each user instance to run in.
During a data life cycle plan, regulatory restrictions aren't usually a concern during which phases? (Select all that apply.) Create Use Archive Destroy
Create Use Data creation pertains to office productivity files, manual data entry, data interfaces, external feeds, automated capture, databases, files systems, and more. How data is used to support operational needs and objectives pertains to how it is viewed, manipulated/processed, and saved/overwritten or deleted.
Systems administrators use a deceptive tool to lure an adversary into a trap that contains false information. What tool have the administrators utilized? Honeynet Honeypot Decoy files Simulator
Decoy files A decoy file can include honeytokens and/or canary traps. These decoy files contain data that would be appealing to an adversary but contain false information
______ is a type of machine learning that de-constructs knowledge into a series of smaller, simpler parts. Complex concepts are broken down into simpler elements of knowledge so they can be used to interpret data.
Deep learning
______ includes using vulnerability scanning software to identify vulnerabilities and, in a more vigorous approach, penetration testing. A ______ approach requires the evaluation of a system or software while it is running.
Dynamic analysis
A security engineer utilizes the Extensible Authentication Protocol (EAP) between client workstations and server systems. If the solution uses public key certificates on both clients and servers, which EAP implementation does the engineer deploy? Protected Extensible Authentication Protocol (PEAP) EAP Tunneled Transport Layer Security (EAP-TTLS) EAP Transport Layer Security (EAP-TLS) EAP with Flexible Authentication via Secure Tunneling (EAP-FAST)
EAP Transport Layer Security (EAP-TLS) EAP Transport Layer Security (EAP-TLS) is one of the strongest types of authentication. An encrypted Transport Layer Security (TLS) tunnel is established between a client and a server using public-key certificates on the server and client.
_____ uses a server-side certificate to establish a protected tunnel through which the user's authentication credentials can be transmitted to the authentication server.
EAP Tunneled Transport Layer Security (EAP-TTLS)
_____ uses a Protected Access Credential (PAC), which is generated for each user from the authentication server's master key.
EAP with Flexible Authentication via Secure Tunneling (EAP-FAST)
A security engineer looks to change the Extensible Authentication Protocol (EAP) authentication method between client workstations and server systems. If the current solution uses the Protected Access credential, which EAP implementation does the engineer look to replace? Protected Extensible Authentication Protocol (PEAP) EAP Tunneled Transport Layer Security (EAP-TTLS) EAP Transport Layer Security (EAP-TLS) EAP with Flexible Authentication via Secure Tunneling (EAP-FAST)
EAP with Flexible Authentication via Secure Tunneling (EAP-FAST) EAP with Flexible Authentication via Secure Tunneling (EAP-FAST) uses a Protected Access Credential (PAC), which is generated for each user from the authentication server's master key.
Security engineers perform threat intelligence training. Which approach uses threat intelligence in a practical and actionable way? Tactical Operational Strategic Emulation
Emulation Emulation exercises help teams test and improve their skills and capabilities and also force the interpretation and use of threat intelligence in a practical and actionable way.
Systems administrators hope to learn details about recent attacks on a portion of a company's network. In doing so, which deceptive tool do the administrators utilize when tight control and monitoring is the goal? Honeynet Honeypot Decoy files Simulator
Honeynet A honeynet contains several honeypots attached to a tightly controlled and heavily monitored network.
An organization performs a risk management exercise as it relates to server security. Experts examine a workflow that involves the replication of files from one server to another. The replication is found to not use any form of encryption for data. The experts document this finding during which phase of the exercise? Identification of known vulnerabilities Identification of mission-critical functions Identification of potential threats Identification of risk responses
Identification of known vulnerabilities Identification of any vulnerabilities for each function or workflow is useful in determining what risk exists and how to harden systems. Unencrypted data and communications is susceptible to an attack.
Security consultants suggest a tabletop exercise be performed to evaluate incident response procedures. In doing so, what do the consultants suggest as part of the exercise? (Select all that apply.) Evaluate plans for feedback Assign a representative to analyze plan effectiveness Identify and act upon a specific objective Respond to an imaginary event
Identify and act upon a specific objective Respond to an imaginary event A tabletop exercise will identify a specific objective and then use it to determine whether all parties involved in the response know what to do and how to work together to complete the exercise.
____ leverages configuration management tools to control infrastructure changes.
Infrastructure as Code (IaC)
When managing risk, experts refer to the four common phases of Identify, Assess, Control, and Review as which concept? Framework Lifecycle Categories Capabilities
Lifecycle Risk management tasks are defined by a life cycle. The four major phases common to all risk management life cycles include Identify, Assess, Control, and Review.
Systems administrators configure access to a network where each object and each subject is granted a clearance level. Which solution do the administrators configure? (Select all that apply.) Access Control List (ACL) Mandatory Access Control (MAC) SELinux SEAndroid
Mandatory Access Control (MAC) SELinux SEAndroid Mandatory access control (MAC) is based on the idea of security clearance levels. Rather than defining ACLs on resources, each object and each subject is granted a clearance level, referred to as a label. In Linux, execution control is normally enforced by using a mandatory access control (MAC) kernel module or Linux Security Module (LSM). SEAndroid uses mandatory access control (MAC) policies to run apps in sandboxes. When the app is installed, access is granted (or not) to specific shared features.
A security administrator establishes several certification authority servers on a private network. Part of the configuration utilizes cross-certification. How does this approach benefit from issuing a certificate? Multiple departments are combining resources. Trusted providers can be expanded or reduced. A single authority issues certificates to several intermediate authorities. A single authority issues certificates to users.
Multiple departments are combining resources. Cross certification describes when a certificate is used to establish a trust relationship between two different certification authorities (CA). This can be useful when different organizations are combining resources.
The _______ deconstructs the capabilities of a successful and comprehensive cybersecurity program into five capabilities including Identify, Protect, Detect, Respond, and Recover.
NIST cybersecurity framework
A server was hacked at a small company. Investigators feel that a former employee is the culprit. What intelligence collection method do investigators use to monitor the suspect's social network feeds? Intelligence feeds Human intelligence Deep web Open-source intelligence
Open-source intelligence Open-source intelligence refers to using publicly available information sources to collect and analyze data to be used from the perspective of cybersecurity operations. An example is the monitoring of social media networks.
When using a virtual private network (VPN) on a mobile device, which would provide always-on functionality? Application Web-based Operating system Location
Operating system An operating system level VPN offers comprehensive protection of device traffic since they operate at a low level of the operating system and capture all device traffic as a result. OS level VPN can be configured to operate as "always-on."
Developers that are working on a web application use coding practices to prevent insecure references. Several months after deployment of the application, testers discover that at times the application is running in a controlled state. What vulnerability have testers uncovered? Security misconfiguration Poor exception handling Weak cryptography implementations Information disclosure
Poor exception handling Poor exception handling describes when an application is not written to anticipate problems or safely manage them to leave the application in a controlled state.
A systems administrator looks to harden server systems by first identifying any available and unnecessary services. What solution can accomplish this task efficiently? Traffic analyzer Port scanner HTTP interceptor Protocol analyzer
Port scanner A port scanner is used to identify available services running on a device by determining its open ports. A port scanner can be used for network discovery tasks and security auditing.
An internal cloud application at an organization requires additional storage space. Engineers configure a storage area network to satisfy the need. What cloud deployment and service models did the engineers use? (Select all that apply.) Private cloud Platform as a Service (PaaS) Public cloud Infrastructure as a Service (IaaS)
Private cloud Infrastructure as a Service (IaaS) A private cloud is an infrastructure that is completely private and owned by the organization. In this case, the storage is for internal use only. Infrastructure as a Service (IaaS) is a means of provisioning IT resources such as servers, load balancers, and storage area network (SAN) components quickly.
____ uses an encrypted tunnel established between the supplicant and authentication server, but ____ only requires a server-side public key certificate.
Protected Extensible Authentication Protocol (PEAP)
______ are designed to capture traffic in a networked environment and are often configured to store captured traffic for further analysis using other software tools.
Protocol analyzers
____ form the basis of a risk management program and also serve as an authoritative reference. The NIST Cybersecurity Framework is a popular framework that helps organizations define five core functions within a cybersecurity program.
Risk frameworks
___ places security at the forefront of development efforts. Two essential elements to ______ are Security as Code (SaC) and Infrastructure as Code (IaC).
SecDevOps
Developers at an organization look to place security concerns at the forefront of application development. If the developers choose to utilize dynamic application testing, which element do they put in place? SecDevOps Infrastructure as Code Security as Code Spiral Method
Security as Code (SaC) Security as Code (SaC) is an element of SecDevOps that uses automated methods to introduce static code analysis testing and dynamic application testing (DAST) as applications are developed.
A penetration tester performs a vulnerability assessment and analysis at a manufacturing firm. The tester uses a packet capture utility to collect the state of an application as it operates. What approach does the tester use to collect information, even if it is encrypted? Reverse engineering Dynamic analysis Side-channel analysis Static analysis
Side-channel analysis The side-channel analysis describes inspections of a system and/or software as it operates. Even if traffic is encrypted, information can be collected about the state of an application or information about the endpoints and/or users interacting with it.
Wireless engineers at a large communications provider rollout Wi-Fi Protected Access 3 (WPA3) at a client site. Which security features influence the decision to utilize WPA3 over WPA2? (Select all that apply.) Simultaneous Authentication of Equals (SAE) AES Galois Counter Mode Protocol (GCMP) 4-way handshake authentication AES CCMP
Simultaneous Authentication of Equals (SAE) AES Galois Counter Mode Protocol (GCMP) With WPA3, the Simultaneous Authentication of Equals (SAE) protocol replaces the 4-way handshake, which has been found to be vulnerable to various attacks. SAE uses the Dragonfly handshake. AES Galois Counter Mode Protocol (GCMP) replaces the AES CCMP mode of operation. Enterprise authentication methods must use 192-bit AES, while personal authentication can use either 128-bit or 192-bit.
A development team integrates incremental and waterfall methods while managing a software development project. What approach does the team use to manage the project lifecycle? SecDevOps Infrastructure as Code Spiral method Security as code
Spiral method With a spiral development model, teams combine several approaches to software development, such as incremental and waterfall, into a single hybrid method. Development is modified repeatedly in response to stakeholder feedback.
____ can be performed in a variety of ways. One method involves manual inspection of source code in order to identify vulnerabilities in programming techniques.
Static analysis
______ is focused on the big picture leadership-focused information typically associated with reports. The information is used to help identify the motivations, capabilities, and intentions of various threat actors.
Strategic threat intelligence
A network system that recently moved from on-premises to the cloud experiences a security breach. Investigators research and determine the cause. Of the findings, what is the Cloud Service Provider (CSP) responsible for? (Select all that apply.) Tenant resource identity and access control Physical security of the infrastructure User identity management Data and application security configuration
Tenant resource identity and access control Physical security of the infrastructure A cloud tenant is the account holder for the cloud service. This account is required to access cloud services. Tenant resource identity and access control are the responsibility of the cloud service provider (CSP).
Systems Administrators at a manufacturing company deploy a virtualized infrastructure while utilizing a virtual desktop (VDI) approach. By doing so, the administrators deploy which solutions? (Select all that apply.) Containers Thin client Minimal OS Thick client
Thin client Minimal OS Virtual desktop infrastructure (VDI) refers to using a virtual machine (VM) as a means of provisioning corporate desktops. In a typical VDI, desktop computers are replaced by low-spec, low-power thin client computers. A virtual desktop infrastructure (VDI) uses a virtual machine (VM) as a means of deploying corporate desktops. When the thin client starts, it boots a minimal OS.
_____ quarantines the original file and replaces it with one describing the policy violation and how the user can release it again.
Tombstone policy
____ describe the set of root CAs that are trusted to validate an identity. Certificates signed by a _____ will in turn be trusted. ________ can be expanded or reduced as appropriate.
Trusted providers
A company requests that a newly implemented cloud presence be strengthened with a resilient architecture. Engineers suggest heterogeneity. If management at the company agrees, which solution will be implemented? Distributed allocation of resources Using solutions from different vendors Copy data to where it can be utilized most effectively Allow multiple redundant processing nodes
Using solutions from different vendors Heterogeneous, or diverse, components are components that are not the same as or similar to each other. In an enterprise, these translate to the use of multiple vendor products in a security solution
Network administrators look to harden a corporate network. Initial testing results in discovering that wireless signals from the private network extended further into a public area than expected. How have the administrators discovered this vulnerability? Software Composition Analysis Vulnerability scans Fuzz testing Persistence
Vulnerability scans Vulnerability scans, such as a wireless scan, can identify the configuration and signal coverage of an organization's wireless network, for example, to determine if the hardware is vulnerable to known attacks.
People, Processes, and Technologies are types of ___. When designing and implementing controls identified via the risk management program, careful analysis determines which controls are used.
control categories
The ____ command is a Linux-based forensic data recovery utility that uses file carving techniques to extract deleted or corrupted data from a disk partition.
foremost
The ______ utility can be used to extract data from binary files and can display the contents in hexadecimal, decimal, octal, or ASCII formats. _____ inspection is often part of data recovery and/or reverse engineering processes.
hexdump
A security expert examines a server system for malicious processes. Which tool will the experts find helpful in determining dependencies for a process? readelf objdump strace ldd
ldd The ldd utility can be used to display a program's dependencies. For example, issuing the command sudo ldd /sbin/poweroff displays all of the shared libraries required by the Linux poweroff command.
A _______ is crafted to aid in the analysis of data captured by a sensor. A _______ can provide insights regarding the http sessions by extracting files contained within sessions.
network traffic analyzer
A _______ describes when a vendor's product is developed in a way that makes it inoperable with other products. Integration with other products is usually not feasible or it does not exist.
vendor lockout
A forensics team investigates a compromised server. The server is powered on and the team looks to do a live collection of real-time system information. Which tool does the team find suited for the task? hexdump strings vmstat foremost
vmstat The vmstat command-line utility is designed to display real-time information about system memory, running processes, interrupts, paging, and I/O statistics.
