Modules 8-15 Review Questions (for Final)
Which of the following is NOT part of the AAA framework? Authentication Access Authorization Accounting
Access
Which of the following is NOT a packet type used with Extensible Authentication Protocol (EAP)? Acknowledgement Request Success Response
Acknowledgement
In which of the following configurations are all the load balancers always active? Active-active Active-passive Passive-active-passive Active-load-passive-load
Active-active
Which firewall rule action implicitly denies all other traffic unless explicitly allowed? Force Allow Force Deny Bypass Allow
Allow
Which type of monitoring methodology looks for statistical deviations from a baseline? Behavioral monitoring Signature-based monitoring Anomaly monitoring Heuristic monitoring
Anomaly monitoring
Which technology for protecting data privacy involves obfuscation of personally identifiable information? Data masking Data sovereignty Data minimization Data exposing
Data masking
Which of the following is NOT a consequence to an organization that has suffered a data security breach? Reputation damage IP theft De-escalation of reporting requirements Monetary fine
De-escalation of reporting requirements
Angelo has received notification that a business partner will no longer sell or update a specific product. What type of notification is this? EOA EOP EOL (end of life) EOS
EOL (end of life)
Which of the following will NOT protect containers? Using a hardened OS. Using reduced-visibility images to limit the risk of a compromise. Only using containers in a protected cloud environment. Eliminating APIs.
Eliminating APIs.
Zariah is writing an email to an employee about a wireless attack that is designed to capture the wireless transmissions from legitimate users. Which type of attack is Zariah describing? Rogue access point Bluetooth grabber WEP-II Evil twin
Evil twin
Which of these is NOT created and managed by a microservices API? User experience (UX) Database Logs Authentication
User experience (UX)
Which of the following threats would be classified as the actions of a hactivist? External threat Internal threat Environmental threat Compliance threat
External threat
Which of the following functions does a network hardware security module NOT perform? Fingerprint authentication Key management Key exchange Random number generator
Fingerprint authentication
Alicja is working on a project to deploy automated guided vehicles on the industrial shop floor of the manufacturing plant in which she works. What location of computing would be best for this project? Fog Edge Off-premises Remote
Fog
Which device intercepts internal user requests and then processes those requests on behalf of the users? Forward proxy server Reverse proxy server Host detection server Intrusion prevention device
Forward proxy server
A BIA (business impact analysis) can be a foundation for which of the following? Functional recovery plan Site risk assessment Contingency reaction plan Resumption assessment plan
Functional recovery plan
Which utility sends custom TCP/IP packets? curl hping shape Pingpacket
hping
Which of the following is a Linux utility that displays the contents of system memory? Autopsy WinHex dd memdump
memdump
Which of the following is a third-party OS penetration testing tool? theHarvester scanless Nessus sn1per
sn1per
What must be incorporated into network design to restrict attackers by limiting access to other parts of the network? Data loss prevention Content filters A runbook Network segmentation
Network segmentation
Which of the following should NOT be stored in a secure password database? Iterations Password digest Salt Plaintext password
Plaintext password
What is a list of potential threats and associated risks? Risk assessment Risk matrix Risk register Risk portfolio
Risk register
Which type of hypervisor runs directly on the computer's hardware? Type I Type II Type III Type IV
Type I
Enzo is reviewing the financial statements and has discovered a serious misstatement. What type of risk has he found? Control risk Financial risk Reporting risk Monetary risk
Control risk
Which cloud model requires the highest level of IT responsibilities? IaaS SaaS PaaS Hybrid cloud
IaaS
Which of the following is a document that outlines specific requirements or rules that must be met? Guideline Policy Framework Specification
Policy
Which of the following is NOT a threat classification category? Compliance Financial Tactical Strategic
Tactical
Which statement regarding a demilitarized zone (DMZ) is NOT true? It can be configured to have one or two firewalls. It typically includes an email or web server. It provides an extra degree of security. It contains servers that are used only by internal network users.
It contains servers that are used only by internal network users.
Which of the following is NOT correct about L2TP? It is used as a VPN protocol. It must be used on HTML 5 compliant devices. It does not offer encryption. It is paired with IPsec.
It must be used on HTML 5 compliant devices.
Gregory wants to look at the details about the path a packet takes from his Linux computer to another device. Which Linux command-line utility will he use? tracepacket trace Tracert - Windows tool for this traceroute
traceroute
(T/F) Rule-Based Access Control dynamically assigns roles to subjects based on rules.
true
Which of these attacks is the last-resort effort in cracking a stolen password digest file? Hybrid Mask Rule list Brute force
Brute force
Margaux is reviewing the corporate policy that stipulates the processes to be followed for implementing system changes. Which policy is she reviewing? Change management policy Change format policy Change modification policy Change control policy
Change control policy
______ biometrics is related to the perception, thought processes, and understanding of the user. Cognitive Standard Intelligent Behavioral
Cognitive
Which of the following data types has the highest level of data sensitivity? Private Secure Sensitive Confidential
Confidential
Maja has been asked to investigate DDoS mitigations. Which of the following should Maja consider? DDoS Prevention System (DPS) DNS sinkhole MAC pit IP denier
DNS sinkhole
Which type of disk drive redundancy uses separate controller cards for each disk and duplicates the contents of one disk to a second disk? Disk striping Disk mirroring Disk duplexing Distributed parity
Disk duplexing - a variation of RAID 1 (disk mirroring) in which separate controller cards are used for each disk to protect against disk controller failure.
Which type of site is essentially a duplicate of the production site and has all the equipment needed for an organization to continue running? Cold site Warm site Hot site Replicated site
Hot site
Which of the following is NOT a means by which a threat actor can perform a wireless denial of service attack? Jamming Disassociation IEEE 802.11iw separate Manipulate duration field values
IEEE 802.11iw separate
Mary Alice has been asked to help develop an outline of procedures to be followed in the event of a major IT incident or an incident that directly impacts IT. What type of planning is this? Business impact analysis planning IT contingency planning Disaster recovery planning Risk IT planning
IT contingency planning
Maryam is explaining the Extensible Authentication Protocol (EAP). What would be the best explanation of EAP? It is the transport protocol used in TCP/IP for authentication. It is a framework for transporting authentication protocols. It is a subset of WPA2. It is a technology used by IEEE 802.11 for encryption.
It is a framework for transporting authentication protocols.
Which of the following is NOT true about VBA? It is commonly used to create macros. It is built into most Microsoft Office applications. It is included in select non-Microsoft products. It is being phased out and replaced by PowerShell.
It is being phased out and replaced by PowerShell.
Which of the following is NOT true about RAID? It can be implemented in hardware or software. Nested levels can combine other RAID levels. It is designed primarily to backup data. The most common levels of RAID are Level 0, 1, 5, 6, and 10.
It is designed primarily to backup data.
Which of the following is true about secrets management? It provides a central repository. It can only be used on-prem for security but has a connection to the cloud. It requires AES-512. It cannot be audited for security purposes.
It provides a central repository.
Which of these is a vulnerability of MAC address filtering in a WLAN? Not all operating systems support MACs. APs use IP addresses instead of MACs. The user must enter the MAC. MAC addresses are initially exchanged unencrypted.
MAC addresses are initially exchanged unencrypted.
Which attack intercepts communications between a web browser and the underlying OS? Interception Man-in-the-browser (MITB) DIG ARP poisoning
Man-in-the-browser (MITB)
Which of these creates a format of the candidate password to significantly reduce the time needed to crack a password? Rainbow Mask Rule Pass the hash
Mask
Hanna has received a request for a data set of actual data for testing a new app that is being developed. She does not want the sensitive elements of the data to be exposed. What technology should she use? Masking Tokenization Data Object Obfuscation (DOO) PII Hiding
Masking
Theo uses the Python programming language and does not want his code to contain vulnerabilities. Which of the following best practices would Theo NOT use? Only use compiled and not interpreted Python code. Use the latest version of Python. Use caution when formatting strings. Download only vetted libraries.
Only use compiled and not interpreted Python code.
Which of these WPA setups does not require authentication? Open method PSK Enterprise method Initialization method
Open method
In which of the following threat classifications would a power blackout be classified? Operational Managerial Technical Strategic
Operational
Proteus has been asked to secure endpoints that can be programmed and have an IP address so that they cannot be used in a DDoS attack. What is the name for this source of DDoS attack? Network Application IoT Operational Technology
Operational Technology
Which of these Wi-Fi Protected Setup (WPS) methods is vulnerable? Push-button method Piconet method PIN method Click-to-connect method
PIN method
Oliwia has been given a project to manage the development of a new company app. She wants to use a cloud model to facilitate the development and deployment. Which cloud model will she choose? SaaS XaaS IaaS PaaS
PaaS
What does the WPA Personal protocol use to establish authentication? Digital certificate MAC address PIN Pre shared key (PSK)
Pre shared key (PSK)
What process can be done on smart cards that steals the information contained on them? Skimming Injection Spraying Cracking
Skimming
Which tool is an open source utility for UNIX devices that includes content filtering? Syslog - syslog (system logging protocol) is a standard to send system log or event messages to a server. Nxlog - nxlog is a multi-platform log management tool and supports various platforms, log sources, and formats. Rsyslog - rsyslog (rocket-fast system for log processing) is an open source utility for forwarding log messages in an IP network on UNIX devices. Syslog-ng
Syslog-ng
Which of the following is typically a monthly discussion of a scenario conducted in an informal and stress-free environment to evaluate an incident response plan? Walkthrough Simulation Tabletop Incident Response Plan Evaluation (IRP-E)
Tabletop
Which of the following is a tool for editing packets and then putting the packets back onto the network to observe their behavior? Tcpreplay Tcpdump Wireshark Packetdump
Tcpreplay
What is the amount of time added to or subtracted from Coordinated Universal Time to determine local time? Greenwich Mean Time (GMT) Civil time Daylight savings time Time offset
Time offset
Which of the following is NOT a problem associated with log management? Multiple devices generating logs Large volume of log data Different log formats Time-stamped log data
Time-stamped log data
Which of these is NOT a risk when a home wireless router is not securely configured? An attacker can steal data from any folder with file sharing enabled. Wireless endpoints must be manually approved to connect to the WLAN. Usernames, passwords, credit card numbers, and other information sent over the WLAN could be captured by an attacker. Malware can be injected into a computer connected to the WLAN.
Wireless endpoints must be manually approved to connect to the WLAN.
What type of access technology routes some traffic over a secure VPN while other traffic accesses the Internet directly without going through the VPN? a. Split tunnel b. Site-site VPN c. Router ACL d. Full tunnel
a. Split tunnel
Which of the following network security devices is a computer that is purposely located in an area with limited security to attract threat actors? a. Forward proxy b. Honeypot c. Inline system d. Behavior monitor
b. Honeypot
What can be used to secure electronic devices from electromagnetic spying and shield them from EMI? a. Demilitarized zone b. PDS c. Faraday cage d. Mantrap
c. Faraday cage
In which type of attack is the threat actor positioned between two parties and alters the transmission to eavesdrop or impersonate one of the parties? a. MITB b. MAC cloning c. MITM d. Session replay
c. MITM
Which of the following is a packet sampling protocol that gives a statistical sample instead of the actual flow of packets? NetFlow - A session sampling protocol feature on Cisco routers that collects IP network traffic as it enters or exits an interface. sFlow IPFIX - similar to NetFlow but with additional capabilities, such as integrating Simple Network Management Protocol (SNMP) information directly into the IPFIX information Journalctl
sFlow
What can be used to provide both filesystem security and database security? RBASEs LDAPs CHAPs ACLs
ACLs
Which type of access control scheme uses predefined rules that makes it the most flexible scheme? ABAC DAC MAC NAC
ABAC (attribute based access control)
What is a virtual firewall? A firewall that runs in the cloud. A firewall that runs in an endpoint virtual machine. A firewall that blocks only incoming traffic. A firewall appliance that runs on a LAN.
A firewall that runs in the cloud
Which type of access control scheme uses predefined rules that makes it the most flexible scheme? ABAC (attribute based access control) DAC MAC NAC
ABAC (attribute based access control)
Which of these is a set of permissions that is attached to an object? ACL (access control list) SRE Object modifier Entity attribute (EnATT)
ACL (access control list)
Pablo has been asked to look into security keys that have a feature of a key pair that is "burned" into the security key during manufacturing time and is specific to a device model. What feature is this? Authorization Authentication Attestation Accountability
Attestation - can be used to cryptographically prove that a user has a specific model of device when it is registered
In which type of access control can access policies be based on the properties of objects, subjects, and the environment and can be constructed using If-Then-Else statements? Rule-Based Access Control Role-based Access Control Attribute-Based Access Control Discretionary Access Control
Attribute-Based Access Control
Giovanni is completing a report on risks. To which risk option would he classify the action that the organization has decided not to construct a new data center because it would be located in an earthquake zone? Transference Avoidance Rejection Prevention
Avoidance
Which of the following is NOT a cloud computing security issue? System vulnerabilities Insecure APIs Compliance regulations Bandwidth utilization
Bandwidth utilization
Which of the following is NOT an MFA using a smartphone? Authentication app Biometric gait analysis SMS text message Automated phone call
Biometric gait analysis
Nyla is investigating a security incident in which the smartphone of the CEO was compromised and confidential data was stolen. She suspects that it was an attack that used Bluetooth. Which attack would this be? Blueswiping Bluesnarfing - Steals data Bluejacking - Does not steal data Bluestealing
Bluesnarfing
Timur was making a presentation regarding how attackers break passwords. His presentation demonstrated the attack technique that is the slowest yet most thorough attack that is used against passwords. Which of these password attacks did he demonstrate? Dictionary attack Hybrid attack Custom attack Brute force attack - Offline brute force attack
Brute force attack
Which of the following uses data anonymization? Tokenization Data masking Data minimization Data obfuscation sanitization (DOS)
Data masking
What is a platform used to provide telephony, video, and web conferences that can serve as an entry point to a threat actor? SIP VoIP Call manager IP voice
Call manager
Which of the following is a federal initiative that is designed to encourage organizations to address how critical operations will continue under a broad range of negative circumstances? DPPR BIA MTBF COOP (continuity of operation planning)
COOP (continuity of operation planning)
Which of these is the encryption protocol for WPA2? CMAC-RSTS CPB CBD-MAC CCMP (counter mode with cipher block message authentication code protocol)
CCMP (counter mode with cipher block message authentication code protocol)
Which of the following is the most fragile and should be captured first in a forensics investigation? ARP cache Kernel statistics CPU cache RAM
CPU cache
Flavio visits a local coffee shop on his way to school and accesses its free Wi-Fi. When he first connects, a screen appears that requires him to agree to an acceptable use policy (AUP) before continuing. What type of AP has he encountered? Authenticated portal Captive portal Control portal Rogue portal
Captive portal
Aleksandra, the company HR manager, is completing a requisition form for the IT staff to create a type of cloud that would only be accessible to other HR managers like Aleksandra who are employed at manufacturing plants. The form asks for the type of cloud that is needed. Which type of cloud would best fit Aleksandra's need? Public cloud Group cloud Hybrid cloud Community cloud
Community cloud
Which of the following is a virtualization instance that uses OS components for virtualization? Container Hypervisor VM escape protection Host OS
Container
Which of the following is NOT correct about containers? Containers start more quickly. Containers reduce the necessary hard drive storage space to function. Containers require a full OS whenever APIs cannot be used. Containers include components like binary files and libraries.
Containers require a full OS whenever APIs cannot be used.
In an interview, Tom was asked to give a brief on how containers perform virtualization. How should Tom reply? Containers use Type I hypervisors for virtualization Containers use hardware hypervisors for virtualization Containers use OS components for virtualization Containers use dedicated physical storage for virtualization
Containers use OS components for virtualization
Which of the following does NOT describe an area that separates threat actors from defenders? DMZ Air gap Secure area Containment space
Containment space
Imani has been asked to purchase wireless LAN controllers (WLCs) for the office. What type of APs must she also purchase that can be managed by a WLC? Standalone AP Controller AP Fat AP Any type of AP can be managed by a WLC
Controller AP
What does an incremental backup do? Copies all files changed since the last full or incremental backup. Copies only user-selected files. Copies all files. Copies all files since the last full backup.
Copies all files changed since the last full or incremental backup.
What is a disadvantage of biometric readers? Speed Cost Weight Standards
Cost
Raul has been asked to serve as the individual to whom day-to-day actions have been assigned by the owner. What role is Raul taking? Data custodian/steward Data privacy officer Data controller Data processor
Data custodian/steward
Tomaso is explaining to a colleague the different types of DNS attacks. Which DNS attack would only impact a single user? DNS hijack attack DNS poisoning attack DNS overflow attack DNS resource attack
DNS poisoning attack - DNS hijack affects everyone who uses compromised DNS server
Nadia has been asked to perform dynamic resource allocation on specific cloud computing resources. What action is Nadia taking? Creating security groups to segment computing resources into logical groupings that form network perimeters. Decreasing the network bandwidth to the cloud. Deprovisioning resources that are no longer necessary. Expanding the visibility of intrusion prevention devices.
Deprovisioning resources that are no longer necessary
Simona needs to research a control that attempts to discourage security violations before they occur. Which control will she research? Deterrent control Preventive control Detective control Corrective control
Deterrent control
Ella wants to research an attack framework that incorporates adversary, infrastructure, capability, and victim. Which of the following would she choose? Diamond Model of Intrusion Analysis Cyber Kill Chain Mitre ATT&CK Basic-Advanced Incident (BAI) Framework
Diamond Model of Intrusion Analysis
Which type of networking service is potentially susceptible to LDAP injection attacks? Directory service Domain name service Web service Mail service
Directory service
What is the difference between a DoS and a DDoS attack? DoS attacks are faster than DDoS attacks. DoS attacks use fewer computers than DDoS attacks. DoS attacks do not use DNS servers as DDoS attacks do. DoS attacks use more memory than DDoS attacks.
DoS attacks use fewer computers than DDoS attacks.
When discussing the chain of custody of evidence in a cybercrime, what does provenance mean? Preservation of the evidence to ensure it is not destroyed. Ensuring that collected evidence is admissible. Documenting custody of the evidence from the beginning of the investigation. Securing the scene of the crime until the response team arrives.
Documenting custody of the evidence from the beginning of the investigation
Minh has been asked to recommend an EAP for a system that uses both passwords and tokens with TLS. Which should she recommend? EAP-FAST EAP-TLS EAP-TTLS EAP-SSL
EAP-FAST
Which of the following is NOT used to identify or enforce what mobile devices can do based on the location of the device? Geo-spatial Geolocation Geo-tagging Geofencing
Geo-spatial
Which of the following is NOT true about data sovereignty? Data sovereignty is a concept that until recently was less of an issue. Generally, data is subject to the laws of the country in which it is collected or processed. Governments cannot force companies to store data within specific countries. Regulations are not necessarily those where an organization is headquartered
Governments cannot force companies to store data within specific countries.
Which one-time password is event driven? HOTP TOTP ROTP POTP
HOTP - HMAC based one time password
Which human characteristic is NOT used for biometric identification? Retina Iris Height Fingerprint
Height
Which of the following contains honeyfiles and fake telemetry? High-interaction honeypot Attacker-interaction honeypot Honeypotnet Honeyserver
High-interaction honeypot
Which of the following is a network set up with intentional vulnerabilities? Honeypot Sinkhole Virtual private network Honeynet
Honeynet
Calix was asked to protect a system from a potential attack on DNS. What are the locations he would need to protect? Web server buffer and host DNS server Reply referrer and domain buffer Web browser and browser add-on Host table and external DNS server
Host table and external DNS server
Which of these is a 24-bit value that changes each time a packet is encrypted and then is combined with a shared secret key? RC IV (initialization vector) SL SSD
IV (initialization vector)
Thea has received a security alert that someone in London attempted to access the email account of Sigrid, who had accessed it in Los Angeles one hour before. What feature determined an issue and send this alert to Thea? Impossible Travel Incompatible Location Remote IP address Risky IP address
Impossible Travel
Fatima has just learned that employees have tried to install their own wireless router in the employee lounge. Why is installing this rogue AP a security vulnerability? It uses the weaker IEEE 80211i protocol. It allows an attacker to bypass network security configurations. It conflicts with other network firewalls and can cause them to become disabled. It requires the use of vulnerable wireless probes on all mobile devices.
It allows an attacker to bypass network security configurations.
How is the Security Assertion Markup Language (SAML) used? It serves as a backup to a RADIUS server. It allows secure web domains to exchange user authentication and authorization data. It is an authenticator in IEEE 802.1x. It is no longer used because it has been replaced by LDAP.
It allows secure web domains to exchange user authentication and authorization data.
Which of the following is NOT a reason that threat actors use PowerShell for attacks? It cannot be detected by antimalware running on the computer. It leaves behind no evidence on a hard drive. It can be invoked prior to system boot. Most applications flag it as a trusted application.
It can be invoked prior to system boot.
How does BPDU guard provide protection? It detects when a BPDU is received from an endpoint. It sends BPDU updates to all routers. BPDUs are encrypted so that attackers cannot see their contents. All firewalls are configured to let BPDUs pass to the external network.
It detects when a BPDU is received from an endpoint.
Which statement about Rule-Based Access Control is true? It requires that a custodian set all rules. - System admin can also set rules It is no longer considered secure. It dynamically assigns roles to subjects based on rules. It is considered a real-world approach by linking a user's job function with security.
It dynamically assigns roles to subjects based on rules.
How is key stretching effective in resisting password attacks? It takes more time to generate candidate password digests. It requires the use of GPUs. It does not require the use of salts. The license fees are very expensive to purchase and use it.
It takes more time to generate candidate password digests.
Which access control scheme is the most restrictive? Role-Based Access Control DAC (discretionary access control) - Least restrictive Rule-Based Access Control MAC (mandatory access control)
MAC (mandatory access control)
Which of the following is NOT a basic configuration management tool? Baseline configuration Standard naming convention Diagrams MAC address schema
MAC address schema
Which attack uses one or a small number of commonly used passwords to attempt to log in to several different user accounts? Online brute force attack Offline brute force attack Password spraying attack Role attack
Password spraying attack
Deacon has observed that the switch is broadcasting all packets to all devices. He suspects it is the result of an attack that has overflowed the switch MAC address table. Which type of attack is this? MAC spoofing attack MAC cloning attack MAC flooding attack MAC overflow attack
MAC flooding attack
Bob needs to create an agreement between his company and a third-party organization that demonstrates a "convergence of will" between the parties so that they can work together. Which type of agreement will Bob use? SLA BPA ISA MOU (memorandum of understanding)
MOU (memorandum of understanding)
Which of the following is NOT a legally enforceable agreement but is still more formal than an unwritten agreement? BPA SLA MOU (memorandum of understanding) MSA
MOU (memorandum of understanding)
Which of the following is the Microsoft version of CHAP? EAP-MS AD-EAP PAP-Microsoft MS-CHAP
MS-CHAP
The CEO is frustrated by the high costs associated with security at the organization and wants to look at a third party assuming part of their cybersecurity defenses. Nikola has been asked to look into acquiring requests for proposal (RFPs) from different third parties. What are these third-party organizations called? MSSPs (managed security service provider) MPSs (managed service provider) MSecs MHerrs
MSSPs (managed security service provider)
What is the average amount of time that it will take a device to recover from a failure that is not a terminal failure? MTTR (mean time to recovery) RTO RPO MTBF
MTTR (mean time to recovery)
Linnea is researching a type of storage that uses a single storage device to serve files over a network and is relatively inexpensive. What type of storage is Linnea researching? SAN NAS (network attached storage) RAID ARI
NAS (network attached storage)
Which wireless technology establishes two-way communication when two devices are brought within 4 cm of each other or tapped together and is often used in contactless payment systems? Bluetooth NFC RFID 802.11ad
NFC
Aaliyah has been asked to do research in a new payment system for the retail stores that her company owns. Which technology is predominately used for contactless payment systems that she will investigate? Bluetooth Near field communication (NFC) Wi-Fi Radio frequency ID (RFID)
Near field communication (NFC)
Molly needs to access a setting in Microsoft Windows Group Policy to change the type of a network to which a computer is attached. Which setting must Molly change? Wi-Fi/Wired Network Policy Network Config Network Type Network Location
Network Location
Ilya has been asked to recommend a federation system technology that is an open source federation framework that can support the development of authorization protocols. Which of these technologies would he recommend? OAuth Open ID Shibboleth NTLM
OAuth
What device is always running off its battery while the main power runs the battery charger? Secure UPS Backup UPS Offline UPS Online UPS
Online UPS
Which of the following control categories includes conducting workshops to help users resist phishing attacks? Managerial Operational Technical Administrative
Operational
Fernando is explaining to a colleague how a password cracker works. Which of the following is a valid statement about password crackers? Most states prohibit password crackers unless they are used to retrieve a lost password. Due to their advanced capabilities, they require only a small amount of computing power. A password cracker attempts to uncover the type of hash algorithm that created the digest because once it is known, the password is broken. Password crackers differ as to how candidates are created.
Password crackers differ as to how candidates are created.
Which of the following will a BIA (business impact analysis) NOT help determine? Mission-essential functions Identification of critical systems Single point of failure Percentage availability of systems
Percentage availability of systems
Blaise needs to create a document that is a linear-style checklist of required manual steps and actions needed to successfully respond to a specific type of incident. What does she need to create? Playbook Runbook - series of automated conditional steps (like threat containment) that are part of an incident response procedure. SIEM-book ARC Codebook
Playbook
Leah is researching information on firewalls. She needs a firewall that allows for more generic statements instead of creating specific rules. What type of firewall should Leah consider purchasing that supports her need? Content/URL filtering firewall Policy-based firewall Hardware firewall Proprietary firewall
Policy-based firewall
Which of the following can a UPS NOT perform? Prevent certain applications from launching that will consume too much power. Disconnect users and shut down the server. Prevent any new users from logging on. Notify all users that they must finish their work immediately and log off.
Prevent certain applications from launching that will consume too much power.
Which of the following sensors can detect an object that enters the sensor's field? Proximity Field detection IR verification Object recognition
Proximity
Sergio has been asked to make a set of data that was once restricted now available to any users. What data type will Sergio apply to this set of data? Open Unrestricted Public Available
Public
Which commercial data classification level would be applied to a data set of the number of current employees at an organization and would only cause a small amount of harm if disclosed? Public Open Private Confidential
Public
Which of the following approaches to risk calculation typically assigns a numeric value (1-10) or label (High, Medium, or Low) to represent a risk? Quantitative risk calculation Qualitative risk calculation Rule-based risk calculation Policy-based risk calculation
Qualitative risk calculation
Cheryl has been asked to set up a user account explicitly to provide a security context for services running on a server. What type of account will she create? Generic account Service account User account Privilege account
Service account
Which of the following RAID configurations have no fault tolerance? RAID level 10 RAID level 1 RAID level 0 RAID level 5
RAID level 0
What is a difference between NFC and RFID? NFC is based on wireless technology while RFID is not. RFID is faster than NFC. RFID is designed for paper-based tags while NFC is not. NFC devices cannot pair as quickly as RFID devices.
RFID is designed for paper-based tags while NFC is not.
Adabella was asked by her supervisor to adjust the frequency spectrum settings on a new AP. She brought up the configuration page and looked through the different options. Which of the following frequency spectrum settings would she NOT be able to adjust? Frequency band Channel selection RFID spectrum Channel width
RFID spectrum
Zuzana is creating a report for her supervisor about the cost savings associated with cloud computing. Which of the following would she NOT include on her report on the cost savings? Reduction in broadband costs Resiliency Scalability Pay-per-use
Reduction in broadband costs
Which of these is NOT an incident response process step? Recovery Reporting Eradication Lessons learned
Reporting
Which of these is NOT a response to risk? Mitigation Transference Resistance Avoidance
Resistance
What is a jump box used for? Switching from a public IP to a private IP Bypassing a firewall by generating a log entry Deceiving threat actors by intentionally creating vulnerable devices Restricting access to a demilitarized zone
Restricting access to a demilitarized zone
Which of the following is NOT an element that should be part of a BCP (business continuity plan)? High availability Robustness Diversity Scalability
Robustness
Which WPA3 security feature is designed to increase security at the time of the handshake? WEP MIT OWE SAE (simultaneous authentication of equals)
SAE (simultaneous authentication of equals)
Which standard allows secure web domains to exchange user authentication and authorization data? LDAP SAML (security assertion markup language) MS-CHAP TACACS
SAML (security assertion markup language)
What virtualization technology separates the control plane from the data plane on networking devices such as switches and routers? SDV Hypervisor Containers SDN
SDN
Which of the following virtualizes parts of a physical network? SDN (software defined network) SDV SDX SDA
SDN (software defined network)
Which of the following versions of FTP provides the highest level of security? FTP XFTP FTPS (FTP secure) SFTP (secure/SSH file transfer protocol)
SFTP (secure/SSH file transfer protocol)
Emiliano needs to determine the expected monetary loss every time a risk occurs. Which formula will he use? AV SLE (single loss expectancy) ARO ALE
SLE (single loss expectancy)
Which of the following should be performed in advance of an incident? Containment Segmentation Isolation Capture
Segmentation
Which of the following is NOT a feature of a next generation SWG (secure web gateway)? DLP. Send alerts to virtual firewalls. Analyze traffic encrypted by SSL. Can be placed on endpoints, at the edge, or in the cloud.
Send alerts to virtual firewalls.
The manager of your company is concerned that the finances are at risk because Jane, the accountant, is the only person in the organization that has responsibility over the money that goes in and out of the business. What policy should he put in place to ease his concerns? Least privilege principle Separation of duties Nondisclosure agreement Acceptable use
Separation of duties - requires that if a fraudulent application of a process could potentially result in a breach of security, the process should be divided between two or more individuals
What does the term "serverless" mean in cloud computing? The cloud network configuration does not require any servers. Server resources of the cloud are inconspicuous to the end user. Servers are run as VMs. All appliances are virtual and do not interact with physical servers.
Server resources of the cloud are inconspicuous to the end user.
Which of the following is an authentication credential used to access multiple accounts or applications? Single sign-on Credentialization Identification authentication Federal login
Single sign-on
In an interview, Max was asked to tell one difference between a software firewall and a virtual firewall. How should Max answer? Software firewalls can protect all the endpoints in a network, whereas virtual firewalls can protect only one device. Virtual firewalls are cost-free, whereas software firewalls are paid services. Software firewalls are locally installed on a device, whereas virtual firewalls run in the cloud. Virtual firewalls are used on almost all devices, whereas software firewalls are mostly used by enterprises.
Software firewalls are locally installed on a device, whereas virtual firewalls run in the cloud.
Which of the following is NOT used for authentication? Somewhere you are Something you exhibit Something you can do Something you can find
Something you can find
Which of these is NOT a factor in determining restoration order? Dependencies Speed of implementation Process of fundamental importance Alternative business practices
Speed of implementation
Sofie needs to configure the VPN to preserve bandwidth. Which configuration would she choose? Narrow tunnel Split tunnel Full tunnel Wide tunnel
Split tunnel
Emilie is reviewing a log file of a new firewall. She notes that the log indicates packets are being dropped for incoming packets for which the internal endpoint did not initially create the request. What kind of firewall is this? Stateful packet filtering Connection-aware firewall Proxy firewall Packet filtering firewall
Stateful packet filtering
What is the result of an ARP poisoning attack? The ARP cache is compromised. Users cannot reach a DNS server. MAC addresses are altered. An internal DNS must be used instead of an external DNS.
The ARP cache is compromised. - select third option as well if two options are needed
Which of these is NOT used in scheduling a load balancer? The IP address of the destination packet. Data within the application message itself. Round-robin. Affinity.
The IP address of the destination packet.
How do NACs ensure that a device is safe to connect to a secure network? The NAC encrypts all of the data on an unknown device before connecting it to the secured network. The NAC moves suspicious data on an unknown device onto an external storage device. The NAC issues a health certificate, only allowing healthy devices to connect to the secured network. The NAC ensures the safety of the device by deleting all suspicious files.
The NAC issues a health certificate, only allowing healthy devices to connect to the secured network.
What is Bash? The command-language interpreter for Linux/UNIX OSs. The open source scripting language that contains many vulnerabilities. A substitute for SSH. The underlying platform on which macOS is built.
The command-language interpreter for Linux/UNIX OSs.
Which of these is NOT a reason that users create weak passwords? A lengthy and complex password can be difficult to memorize. A security policy requires a password to be changed regularly. Having multiple passwords makes it hard to remember all of them. The length and complexity required force users to circumvent creating strong passwords.
The length and complexity required force users to circumvent creating strong passwords.
What is a definition of RPO (recovery point objective)? The maximum length of time that can be tolerated between backups. Length of time it will take to recover data that has been backed up. The frequency that data should be backed up. How a backup utility reads an archive bit.
The maximum length of time that can be tolerated between backups.
Which of the following is NOT correct about high availability across zones? In a cloud computing environment, reliability and resiliency are achieved through duplicating processes across one or more geographical areas. An Availability Zone (AZ) is one or more data centers within a Region, each with redundant power, networking, and connectivity. They are more highly available, fault tolerant, and scalable than would be possible with a single data center. They require that specific security appliances be located on-prem so that the local data center can be considered as a qualified Zone.
They require that specific security appliances be located on-prem so that the local data center can be considered as a qualified Zone.
Which of the following is NOT a concern for users regarding the usage of their privacy data? Associations with groups Individual inconveniences and identity theft Timeliness of data Statistical inferences
Timeliness of data
Which option for dealing with risk involves the purchase of insurance? Acceptance Transference Avoidance Mitigation
Transference
Wiktoria is frustrated that her company is using so many different cloud services that span multiple cloud provider accounts and even different cloud providers. She wants to implement a technology to give full control and visibility over all the cloud resources, including network routing and security. What product does Wiktoria need? Thin virtual visibility appliance (TVVA) SWG CASB Transit gateway
Transit gateway - An Amazon Web Services (AWS) technology that allows organizations to connect all existing virtual private clouds (VPC), physical data centers, remote offices, and remote gateways into a single managed source
Which of the following is NOT a Microsoft defense against macros? Protected View Trusted documents Trusted domain Trusted location
Trusted domain
Estevan has recommended that the organization hire and deploy two security guards in the control room to limit the effect if one of the guards has been compromised. What is Estevan proposing? Dual observation protocol (DOP) Compromise mitigation assessment (CMA) Two-person integrity/control Multiplayer recognition
Two-person integrity/control
Which of these appliances provides the broadest protection by combining several security functions? NAT WAF UTM NGFW
UTM (unified threat management)
Which of the following is NOT a NAC option when it detects a vulnerable endpoint? Deny access to the network. Give restricted access to the network. Update Active Directory to indicate the device is vulnerable. Connect to a quarantine network.
Update Active Directory to indicate the device is vulnerable.
Why are dictionary attacks successful? Password crackers using a dictionary attack require less RAM than other types of password crackers. They link known words together in a "string" for faster processing. Users often create passwords from dictionary words. They use pregenerated rules to speed up the processing.
Users often create passwords from dictionary words.
Which cloud security control provides reliability and resiliency through the duplication of processes across geographical areas? Conducting audits Implementing secrets management Using regions and zones Enforcing functional area mitigations
Using regions and zones
Which of the following is NOT a firewall rule parameter? Visibility Time Context Action
Visibility
Which of these is NOT a type of wireless AP probe? Wireless device probe WNIC probe Dedicated probe AP probe
WNIC probe
Which technical specification of the Wi-Fi Alliance is the same as ad hoc mode in a Wi-Fi network? Ad hoc II Dynamic ad hoc Alliance IBSS Wi-Fi Direct
Wi-Fi Direct
Eros wants to change a configuration file on his Linux computer. He first wants to display the entire file contents. Which tool would he use? head show display cat
cat
Which of the following is a GUI tool that it used to capture and analyze packets? a. Tcpdump b. PowerShell c. Tcpreplay d. Wireshark
d. Wireshark