SEC - 160 MIDTERM
host address: 192.168.100.161/25 203.0.113.100/24 network address: 10.10.10.128/25 172.110.12.64/28 broadcast address: 192.168.1.191/26 10.0.0.159/27
--
desirable for an ISP or large business mail is deleted as it is downloaded does not require a centralized backup solution
POP characteristics
It is part of the internet that can only be accessed with special software.
What is the dark web
street address credit card number
Which two examples of personally identifiable information PII
MTTD
average time that it takes fro the SOC personnel to identify that valid security incidents have occurred in the network
25 53 443 22 23
ports: SMTP DNS HTTPS SSH Telnet
/var/log/dmesg
stores information related to hardware devices and their drivers:
The administrator has more control over the operating system.
1. Why would a network administrator choose Linux as an operating system in the Security Operations Center (SOC)?
UEFI
25. What technology was created to replace the BIOS program on modern personal computer motherboards?
Client information is stolen.
28. What is the result of an ARP poisoning attack?
connectionless
36. What is a basic characteristic of the IP protocol?
53
6. What is the well-known port address number used by DNS to serve requests?
TCP: FTP, HTTP, SMTP. UDP: TFTP, DHCP.
TCP AND UDP Services
private
1. When a wireless network in a small office is being set up, which type of IP addressing is typically used on the networked devices?
alert analyst
10. What job would require verification that an alert represents a true security incident or a false positive?
the domain name mapped to mail exchange servers
10. What type of information is contained in a DNS MX record?
packet capture software
10. Which type of tool allows administrators to observe and understand every detail of a network transaction?
ransomware
11. When a user turns on the PC on Wednesday, the PC displays a message indicating that all of the user files have been locked. In order to get the files unencrypted, the user is supposed to send an email and include a specific ID in the email title. The message also includes ways to buy and submit bitcoins as payment for the file decryption. After inspecting the message, the technician suspects a security breach occurred. What type of malware could be responsible?
It is an open source Linux security distribution containing many penetration tools.
11. Why is Kali Linux a popular choice in testing the network security of an organization?
10 segments
12. A PC is downloading a large file from a server. The TCP window is 1000 bytes. The server is sending the file using 100-byte segments. How many segments will the server send before it requires an acknowledgment from the PC?
rogue access point
12. An employee connects wirelessly to the company network using a cell phone. The employee then configures the cell phone to act as a wireless access point that will allow new employees to connect to the company network. Which type of security threat best describes this situation?
host unreachable
13. A user issues a ping 192.168.250.103 command and receives a response that includes a code of 1 . What does this code represent?
NTFS supports larger files NTFS provides more security features
14. What are two advantages of the NTFS file system compared with FAT32? (Choose two.)
netstat -r route print
14. Which two commands can be used on a Windows host to display the routing table? (Choose two.)
a list of all established active TCP connections
15. A PC user issues the netstat command without any options. What is displayed as the result of this command?
amateur
15. A company has just had a cybersecurity incident. The threat actor appeared to have a goal of network disruption and appeared to use a common security hack tool that overwhelmed a particular server with a large amount of traffic. This traffic rendered the server inoperable. How would a certified cybersecurity analyst classify this type of threat actor?
protocol unreachable
15. A user issues a ping 2001:db8:FACE:39::10 command and receives a response that includes a code of 2 . What does this code represent?
the ICMPv6 Router Advertisement
16. What message informs IPv6 enabled interfaces to use stateful DHCPv6 for obtaining an IPv6 address?
nslookup cisco.com ping cisco.com
16. Which two commands could be used to check if DNS name resolution is working properly on a Windows PC? (Choose two.)
to provide feedback of IP packet transmissions
17. What is the purpose of ICMP messages?
to review the settings of password and logon requirements for users
17. What is the purpose of using the net accounts command in Windows?
HIPPA
17. Which regulatory law regulates the identification, storage, and transmission of patient personal healthcare information?
PHI
18. A worker in the records department of a hospital accidentally sends a medical record of a patient to a printer in another department. When the worker arrives at the printer, the patient record printout is missing. What breach of confidentiality does this situation describe?
4xx = client error 3xx = redirection 2xx = sucess 1xx = information 5xx = server error
18. Match the HTTP status code group to the type of message generated by the HTTP server.
Change the startup type for the utility to Automatic in Services .
19. A technician has installed a third party utility that is used to manage a Windows 7 computer. However, the utility does not automatically start whenever the computer is started. What can the technician do to resolve this problem?
DNS
19. What network service uses the WHOIS protocol?
worm
19. What type of cyberwarfare weapon was Stuxnet?
SOAR automates incident investigation and responds to workflows based on playbooks.
2. What is a benefit to an organization of using SOAR as part of the SIEM system?
Enforce the password history mechanism. Ensure physical security.
2. Which two methods can be used to harden a computing device? (Choose two.)
host portion network portion
2. Which two parts are components of an IPv4 address? (Choose two.)
It sends a DHCPREQUEST that identifies which lease offer the client is accepting.
20. What action does a DHCPv4 client take if it receives more than one DHCPOFFER from multiple DHCP servers?
An email is sent to the employees of an organization with an attachment that looks like an antivirus update, but the attachment actually consists of spyware.
20. Which example illustrates how malware might be concealed?
It is used to share network resources.
20. Which statement describes the function of the Server Message Block (SMB) protocol?
PowerShell script
21. A user creates a file with .ps1 extension in Windows. What type of file is it?
inside global
21. Refer to the exhibit. From the perspective of users behind the NAT router, what type of NAT address is 209.165.201.1?
websites to make purchases
21. What websites should a user avoid when connecting to a free and open wireless hotspot?
Install the latest firmware versions for the devices.
22. In a smart home, an owner has connected many home devices to the Internet, such as the refrigerator and the coffee maker. The owner is concerned that these devices will make the wireless network vulnerable to attacks. What action could be taken to address this issue?
Right-click the application and choose Run as Administrator .
23. A user logs in to Windows with a regular user account and attempts to use an application that requires administrative privileges. What can the user do to successfully use the application?
It is encapsulated in a Layer 2 frame.
23. What is done to an IP packet before it is transmitted over the physical medium?
botnet
24. A group of users on the same network are all complaining about their computers running slowly. After investigating, the technician determines that these computers are part of a zombie network. Which type of malware is used to control these computers?
Windows Defender Firewall with Advanced Security
24. An IT technician wants to create a rule on two Windows 10 computers to prevent an installed application from accessing the public Internet. Which tool would the technician use to accomplish this task?
segment
24. Which PDU is processed when a host computer is de-encapsulating a message at the transport layer of the TCP/IP model?
client/server
25. Which networking model is being used when an author uploads one chapter document to a file server of a book publisher?
It is Internet-based conflict that involves the penetration of information systems of other nations.
25. Which statement describes cyberwarfare?
multicast
26. Which type of transmission is used to transmit a single video stream such as a web-based video conference to a select number of users?
Most IoT devices do not receive frequent firmware updates.
26. Why do IoT devices pose a greater risk than other computing devices on a network?
the MAC address of the G0/0 interface on R1
27. Refer to the exhibit. PC1 attempts to connect to File_server1 and sends an ARP request to obtain a destination MAC address. Which MAC address will PC1 receive in the ARP reply?
The man man command provides documentation about the man command
27. What is the outcome when a Linux administrator enters the man man command?
DDoS
27. Which cyber attack involves a coordinated attack from a botnet of zombie computers?
to gain advantage over adversaries
28. What is the main purpose of cyberwarfare?
improved performance increase in the size of supported files
29. What are two benefits of using an ext4 partition instead of ext3? (Choose two.)
to request an HTML page from a web server
29. What is the function of the HTTP GET message?
pwd
3. Which Linux command can be used to display the name of the current working directory?
Tier 3 SME
3. Which personnel in a SOC are assigned the task of hunting for potential threats and implementing threat detection tools?
SMB
30. Which protocol is a client/server file sharing protocol and also a request/response protocol?
A DHCPDISCOVER message is sent with the broadcast IP address as the destination address.
31. How is a DHCPDISCOVER transmitted on a network to reach a DHCP server?
to configure networking parameters for the PC
31. What is the purpose of entering the netsh command on a Windows PC?
32. What is a description of a DNS zone transfer?
32. What is a description of a DNS zone transfer?
cmdlets
32. Which type of Windows PowerShell command performs an action and returns an output or object to the next command that will be executed?
Powershell script
33. A user creates a file with .ps1 extension in Windows. What type of file is it?
64 bytes 1518 bytes
33. What are the two sizes (minimum and maximum) of an Ethernet frame? (Choose two.)
DHCP
34. Which process failed if a computer cannot access the internet and received an IP address of 169.254.142.5?
IP relies on upper layer services to handle situations of missing or out-of-order packets.
35. Which statement describes a feature of the IP protocol?
file system structure, file permissions, and user account restrictions
36. Why is Linux considered to be better protected against malware than other operating systems?
Tracert shows each hop, while ping shows a destination reply only.
37. Which statement describes the ping and tracert commands?
bring your own device
38. A large corporation has modified its network to allow users to access network resources from their personal laptops and smart phones. Which networking trend does this describe?
Local Security Policy
38. Which Windows tool can be used by a cybersecurity administrator to secure stand-alone computers that are not part of an active directory domain?
2001:0420:0059:0000:0001:0000:0000:000a
4. What is the full decompressed form of the IPv6 address 2001:420:59:0:1::a/64?
security monitoring threat intelligence log management
4. Which three technologies should be included in a SOC security information and event management system? (Choose three.)
terminal emulator
5. A Linux system boots into the GUI by default, so which application can a network administrator use in order to access the CLI environment?
arp -a
5. A cybersecurity analyst believes an attacker is spoofing the MAC address of the default gateway to perform a man-in-the-middle attack. Which command should the analyst use to view the MAC address a host is using to reach the default gateway?
Tier 1 personnel
5. The term cyber operations analyst refers to which group of personnel in a SOC?
the MAC address of the default gateway
6. A user sends an HTTP request to a web server on a remote network. During encapsulation for this request, what information is added to the address field of a frame to indicate the destination?
by combining data from multiple technologies
6. How does a security information and event management system (SIEM) in a SOC help the personnel fight against security threats?
Threat Hunter
7. An SOC is searching for a professional to fill a job opening. The employee must have expert-level skills in networking, endpoint, threat intelligence, and malware reverse engineering in order to search for cyber threats hidden within the network. Which job within an SOC requires a professional with those skills?
destination MAC address to a destination IPv4 address
7. What addresses are mapped by ARP?
root user
7. Which user can override file permissions on a Linux computer?
IP address to MAC address mappings
8. What type of information is contained in an ARP table?
technologies processes people
8. Which three are major categories of elements in a security operations center? (Choose three.)
Time to Control
9. Which KPI metric does SOAR use to measure the time required to stop the spread of malware in the network?
downloads copies of email messages to the client requires a larger amount of disk space original messages must be manually deleted
IMAP
(ISC)2
Which organization is an international nonprofit organization that offers the CISSP certification?
Step one: The Windows boot loader Winload.exe loads Step two: Ntosknl.exe and hal.dll are loaded Step three: Winload.exe reads the registry, chooses a hardware profile, and loads the device drivers. Step four: Ntoskrnl.exe takes over the process. Step five: Winlogon.exe is loaded and excutes the logon process.
Windows boot process
/var/log/messages
contains generic computer activity logs, and is used to store informational and noncritical system messages
MTTR
the average time that it takes to stop and remediate a security threat
dwell time
the length of time that threat actors have access to the network before they are detected and access is stopped
message encoding
the process of converting information from one format to another acceptable for transmission
MTTC
the time required to stop the incident from causing further damage to the systems or data
/var/log/auth.log
used by Debian and Ubuntu computers and stores all authentication-related events:
/var/log/secure
used by RedHat and CentOS computers and tracks authentication-related events:
