SEC 301
What is the formula used when a larger number needs to be represented in a 2-byte field? (256 / first byte) + second byte 256 * first byte 256 + first byte + second byte (first byte * 256) + second byte
(first byte * 256) + second byte If a larger number needs to be represented in a 2-byte field, the correct formula to do this is (first byte * 256) + second byte. For example, to represent 65,535, the formula would be (255 * 256) + 255 = 65,535. Much math is needed in this process, especially when even larger numbers are represented. Book 1 Page 67
On the Microsoft Windows operating system, C:\ is the top level directory. What is the top level directory on Linux? / (forward slash) C:/ L/ \ (backward slash)
/ (forward slash) The top of a directory structure for an operating system is known as the root directory. In Microsoft Windows, this is denoted by drive letter ( C:\ ). In Linux, this is denoted by the forward slash ( / ). All other directories branch out from there in a tree like structure. Book 1 Page 86
What is the maximum communication range of Bluetooth Class 2? 50 meters 100 meters 10 meters 1 meter
10 meters There are three classes of Bluetooth: 1, 2, and 3. By far, the most common is class 2, which has a 10-meter range. This is what you find on headsets and most other Bluetooth devices. The idea behind Bluetooth is straightforward. If you can send it over a cable of any kind, you can send it over Bluetooth. It is, simply put, a cable replacement technology. Book 4 Page 25
What is the block size of the AES algorithm? 192 bits 128 bits 64 bits 256 bits
128 bits AES always uses a 128-bit block size. It has three key lengths to choose from: 128 bit, 192 bit, and 256 bit. When we choose those key lengths, we are also choosing the number of rounds of computation: 10, 12, and 14, respectively. Book 2 Page 84
An administrator is examining a byte in order to determine its value. How many possible values can be represented by that single byte? 128 96 256 255
256 The possible values that can "fit" in a single byte range from 0 to 255. This means the total number of possible values that can exist is 256. It is essential to understand that only one combination of 1s and 0s can equal any of the 256 possible values. There is never ambiguity with byte values. Book 1 Page 40
How many steps are there in a TCP handshake? 5 4 3 2
3 There are three steps to complete the TCP handshake. The SYN, SYN/ACK, and ACK correspond to the three steps of the TCP 3-way handshake. Book 3 Page 105 Return to CourseNext Question
How many bits are there in an IPv4 IP address? 64-bits 32-bits 128-bits 48-bits
32-bits IPv4 addresses are represented by a 32-bit number. If you do the math (an exercise for the reader), that translates to more than 4.2 billion unique addresses (2^32). This might seem like a lot, but in reality the IPv4 address space was exhausted in February 2011. Book 3 Page 90
What is the longest hash length of the SHA-2 family? 384 bits 256 bits 512 bits 1024 bits
512 bits The "SHA-2" family, as it is sometimes called, is a collection of algorithms. The name of these algorithms tell you the length of the hash (The is, SHA-256 generates a 256-bit hash). There are 4 different lengths of hashes available which are 224-bit, 256-bit, 384-bit, and 512-bit. Book 2 Page 73
What is the purpose of a key derivation function (KDF)? A KDF is a method of creating a good PRNG A KDF derives an encryption key from a password A KDF is a method of exchanging public keys in email encryption A KDF derives an encryption key from a PRNG's output
A KDF derives an encryption key from a password A Key Derivation Function (KDF) gets its name because it derives a key from a password. The KDF takes a password as input, combines it with a random salt, hashes the combination many times, and the result is a crypto key. The same password always generates the same key. Book 2 Page 119
What is it called when the attacker has nothing but encrypted text and attempts to discern patterns? A weak key attack A pattern-match attack A brute force attack A ciphertext-only attack
A ciphertext-only attack A ciphertext-only attack occurs any time the attacker has nothing to look at but the ciphertext and is looking for patterns. If found, those patterns indicate how the encryption was accomplished and may lead the attacker to totally defeating the system. This attack can also be called frequency analysis. Book 2 Page 50
In Network Security, what does the term "IPTables" describe? A firewall built into the Linux kernel A virus that divides itself into multiple parts to avoid detection A Trojan that is also a virus and a worm Malware that is self-modifying
A firewall built into the Linux kernel All Linux operating systems have IPTables, which can be used as a personal firewall. Many Linux distributions turn that firewall on by default, and some do not. Even for those that have it on automatically, the default configuration can vary widely. Book 4 Page 110
In computing, what is a "Boolean Expression"? A series of eight bytes The output of artificial intelligence chatbot A shorthand method of writing hexadecimal values A logical operator that compares values and returns true or false
A logical operator that compares values and returns true or false A Boolean Expression is a logical operator. It is a comparison of true and false values. For example, they determine if value A is equal to value B, or if A is greater than B, or if A is less than B, or if A is less than or equal to B, and so on. Book 1 Page 36
In computer terminology, what is another name for a series of 4 bits? A half-byte A byte A meal A nibble
A nibble Computers see everything as strings of ones and zeros called bits. Bits are logically grouped into 8 bits to comprise one byte. A byte of 8 bits is what computers most often work with when processing data. For example, one letter of the alphabet is comprised of one 8-bit byte. Occasionally, a computer works with one-half a byte, which we call a nibble. Book 1 Page 38
What type of authentication system requires you to authenticate using a username, password, and a PIN number? A something you have authentication system. A two-factor authentication system. A single-factor authentication system. A multi-factor authentication system.
A single-factor authentication system. An authentication system that requires you to authenticate with a username, password, and a PIN number is a single-factor authentication system. This system is using three kinds of one factor for authentication—in this case, something you know. Book 3 Page 24
What is the encryption algorithm used in WPA2? Triple DES RC4 Diffie-Hellman AES
AES WPA2 uses AES encryption up to 256-bit key. There are currently no known attacks against the encryption specification of WPA2. However, in October 2017, a researcher discovered a flaw in how many vendors implemented that specification (known as the Krack attack). The flaw would allow for the decryption and, occasionally, the manipulation of data. Most vendors have issued patches that fix this flaw (though that will be slow in coming for Android and Internet of Things (IoT) devices). The Krack attack exploits one of the methods of deploying WPA2 using a Pre-Shared Key (PSK). Note this is the most common way WPA2 is deployed in the home and small office environment. It is possible for an attacker to brute force the PSK because it is a form of password. If you deploy PSK, ensure you have a proper, long PSK with plenty of entropy (unpredictability or randomness). The author recommends a minimum of 20 characters in the PSK. You should also change it periodically Book 4 Page 11
What encryption algorithm is used for Bluetooth 4.1? SAFER+ AES MD5 Triple DES
AES Version 2.1 introduced Simple Secure Pairing (SSP). It was a significant improvement, but still had issues. Version 4.1 updates SSP and makes it pretty good. SSP not only simplifies the pairing process but it also makes it more secure. Book 4 Page 28
How does a computer remember a MAC address once obtained? Non-volatile ROM ARP cache in RAM Routing Table NAS Card
ARP cache in RAM A computer remembers a MAC address, once obtained, through ARP cache in Random Access Memory (RAM). By doing this, a system does not have to re-ask the question to obtain the MAC address of another system. The cache is a temporary storage location in memory, so the address is only remembered for a period of time, depending on the operating system. Book 3 Page 97
What type of table contains each letter of the alphabet and its associated value? UTF XML LRTC ASCII
ASCII An ASCII table contains all the letters of the alphabet and their associated values. The method of encoding characters determines what value equals what printable character. There are several encoding schemes that can be used in computers, but by far the most common scheme is called ASCII, the American Standard Code for Information Interchange. Book 1 Page 61
The term "Due Care" means that senior management has a legal responsibility to do which of the following? Prevent your organization from being a tool to hurt another. Due Care is not actually a legal requirement.. Act as a reasonable person would act in protecting assets. Follow industry best practices in the security program.
Act as a reasonable person would act in protecting assets Due care means that senior management should take the actions reasonable and prudent in protecting the assets of the organization. The organization is legally required to meet a standard of due care. Book 1 Page 21
What is a type of program code that is embedded in the contents of a web page? Hypertext Static program Active content Dynamic build
Active content Active content is a term for program code that is embedded in the contents of a web page. When a web browser accesses the page, the embedded code automatically downloads and executes on the user's workstation. Common forms of active content include JavaScript, Java applications and applets, and Active X controls
At its most basic level, what is the one and only thing a computer can do? Add Reason Store data Translate
Add When you really boil a computer's functionality down to the most basic possible level, you find that a computer can do precisely one thing: it can add. The computer sees a string of ones and zeros. The ones have a particular value depending on the exact placement. (The system ignores zeros as simply placeholders.) The computer adds the values represented by the location of the ones to come up with a specific value. Book 1 Page 36
What is the name of the protocol that resolves IP addresses to MAC addresses? IP Resolution Protocol (IPRP) MAC Resolution Protocol (MRP) Transmission Control Protocol (TCP) Address Resolution Protocol (ARP)
Address Resolution Protocol (ARP) The Address Resolution Protocol (ARP) takes the IP address of a device and determines the corresponding MAC address of that device. Each device maintains an ARP cache containing IP address and the MAC address it has recently communicated with. Book 3 Page 96
What is Rijndael algorithm better known as? Data Encryption Standard (DES) Message Digest version 5 (MD5) Advanced Encryption Standard (AES) Diffie-Hellman
Advanced Encryption Standard (AES) In the late 1990s, reports started surfacing that DES could be brute forced too quickly. So the National Institute of Standards and Technology (NIST) again put out the call for encryption algorithms. One would be chosen as the new Advanced Encryption Standard. In October 2000, they chose the Rijndael algorithm to become AES. Book 2 Page 84
Why are Android anti-virus apps not as effective on smartphones as they are on a personal computer? Anti-virus logic is included in Android smartphone OSes. Anti-virus on an Android phone has no special permissions or capabilities. Malware does not exist for Android smartphones. Anti-virus cannot protect the sheer number of apps used by Android smartphones today.
Anti-virus on an Android phone has no special permissions or capabilities. Antivirus apps are now available for Android smartphones. However, they do not typically run "protected," or with special capabilities or permissions, so they are not as effective.On a PC, anti-malware (aka antivirus) often runs with special capabilities and permissions. It literally becomes a trusted part of the operating system's kernel. This is good because it makes it more difficult for malware to attack and shut down your anti-malware solution. In tablets and smartphones, anti-malware is just another app. It has no special permissions or capabilities. Other apps can potentially shut it down and evade detection by other means because of this.Phones and iPads do not have anti-virus software since the platform's security features make it impossible for one app to scan another app for malware. Book 1 Page 121
What method can be used to prevent employees from discussing sensitive information on a smartphone in public? Awareness training Social engineering App monitor and alerting Data encryption on phone
Awareness training Individuals in public places, such as hotel lobbies, airports, and airplanes, need to be aware that their conversations can be overheard by those around them. If sensitive information is being discussed, it can be heard by personnel not authorized to hear it. An organization's awareness training program needs to make sure that employees are cognizant of their surroundings when making mobile phone calls. Book 1 Page 125
What does a differential backup do? Backs up the system not, but not the data Backs up everything changed since the last backup of any kind Backs up everything Backs up everything changed since the last full backup
Backs up everything changed since the last full backup
What is the name of an attack based on the probability that certain keys are more likely to occur than other keys? Birthday Attack Mathematical Attack Weak Key Attack Brute Force Attack
Birthday Attack If we apply the Birthday Paradox concept to a PRNG and figure out which keys it is less likely to generate, the combinations that are left are automatically more likely to be created. If we can apply this concept to determine the keys most likely to occur and guess those first in our brute force attack, we can accelerate the attack a great deal. Book 2 Page 21
What is an algorithm that encrypts a specific number of bits of text at a time called? Block cipher Rotor cipher Range cipher Stream cipher
Block cipher The majority of symmetric algorithms operate as a block cipher, meaning they encrypt a block of text at a time (for example, 64 bits). Different algorithms will use different block sizes. In all cases, a block cipher must pad the end of the data to be an exact multiple of the block size. Book 2 Page 81
What is a common name for small applications that extend a browser's capability? Browser tracer Browser extensions Browser application Browser cookies
Browser extensions (aka browser add-ons) The main function of a browser extension is to prove the browser a capability it did not have before
What attack is always guaranteed to work against crypto? Birthday attack Brute force attack Mathematical attack Weak keys attack
Brute force attack In cryptography, the term Brute Force Attack simply means that you guess every possible combination of a key. Eventually, one of them will work. This is the one attack against crypto that is always guaranteed to work. It is a question of how long it will take. Book 2 Page 15
What type of attack category has a goal of making software do something it was never intended to do? Buffer Overflow Denial of Service Software Pivoting Watering Hole
Buffer Overflow The buffer overflow or BO attack has been around since the 1990s and still happens today. It is possible on any type of software, whether that be an operating system or an application. There are thousands of buffer overflow exploits "in the wild" and just as many variations of the attack. All buffer overflow attacks have two things in common... they are highly targeted against a very specific version of very specific software and they make a piece of software do something it was never intended to do. Book 4 Page 87
A security analyst is setting an account lockout policy of five incorrect passwords. What is another term for this lockout threshold? Account control Clipping level Cut baseline Lock attempts
Clipping level Another term for an account lockout threshold is a clipping level. This is the set number of incorrect passwords that can be entered before an account is locked out. The policy is an old favorite for password security settings. It has been around for a long time, and the number of attempts will vary among organizations. The important factor is that an alert is generated as soon as the threshold is hit. Book 3 Page 16
What are the elements of the CIA Triad? Confidentiality, Integrity, Availability Confidentiality, Integrity, Authorization Cryptography, Impersonation, Authorization Cryptography, Integrity, Authorization
Confidentiality, Integrity, Availability The CIA Triad consists of Confidentiality, Integrity, and Availability. This is one of the cornerstones of all security. The principles behind CIA are straightforward:• Confidentiality: Only those who need access to something have access to it.• Integrity: Data is kept pristine, meaning it is modified only by the correct people, in the correct way, and with the correct information.• Availability: If you are unable to use it, why do you have it? Whether it be a piece of data, a server, or any other resource, it has to be available when we need it, or it does us no good. Book 1 Page 9
What can be used to lessen or mitigate system vulnerabilities? Threat assessment Countermeasures Gap analysis Passwords
Countermeasures A countermeasure is anything that can lessen or mitigate a vulnerability. Countermeasures, sometimes called safeguards or controls, are any measure taken to reduce or "mitigate" a problem. They can be categorized as either Administrative, Technical or Physical. Book 1 Page 18
What is the art and science of breaking cryptography? Algorithm Cryptanalysis Cryptographic Testing Cryptojacking
Cryptanalysis Cryptanalysis, or Cryptanalytic attack, is the art and science of breaking cryptography. Throughout history, the folks wanting to hide their communications have gotten better at doing so (then, the people wanting to read those messages come up with a better way to break it), so the crypto folks get better at hiding, and the attackers get better at breaking, and so on. The cycle has repeated itself for many years and shows no sign of slowing down. Book 2 Page 12
What is the more modern and well-known name of the Lucifer algorithm? Responses Advanced Encryption Standard (AES) The RC4 Encryption Algorithm Data Encryption Standard (DES) Rijndael
Data Encryption Standard (DES) In the early 1970s, the U.S. government put out the call to have all the best encryption algorithms of the day evaluated. They would pick one to become the Data Encryption Standard. In 1975, an algorithm from IBM known as Lucifer was selected and published as this new standard. (The formal document declaring the DES standard was not published until 1975.) Book 2 Page 82
What is the name of the role with primary responsibility for data? Data owner Data custodian General user Senior manager
Data owner The data owner is the person or office with primary responsibility for a particular piece of data. The owner of the data makes decisions about the proper classification of the data and any protective measures that are needed. Book 1 Page 16
If the destination computer is not on the same network as the source computer, what is the name of the first device the source computer sends the packet to? Source Router Destination Router Router Access Default Gateway
Default Gateway The default gateway is the device to which packets are sent if they are not destined for a local IP address. An example of this would be if the network portion of the destination IP address does not match the network portion of the IP addresses on the local network. Book 3 Page 82
When hardening an OS, you disable the XYZ service. What is the next step you should perform? Delete the service from the system entirely There is nothing more you can do? Find the next service you want to disable Configure your patching software to keep the service up-to-date
Delete the service from the system entirely
What is an attack against the availability of a system called? System Availability Denial (SAD) Denial-of-Service (DoS) Obfuscation Attack (OA) Availability Attack (AA)
Denial-of-Service (DoS) Denial of service, or DoS, is one of the most common attacks in use today. It works just like it sounds: by denying useful service to a system or network. DoS attacks aim at preventing a computer or network from performing its normal duties. When this happens, service is denied to legitimate users because they cannot seem to get the server's attention. Book 4 Page 89
Signcryption combines two cryptographic processes. What are they? Digital Signature and Hybrid Cryptography Digital Signature and Asymmetric Cryptography Hybrid Cryptography and Elliptic Curve Cryptography Symmetric Cryptography and Asymmetric Cryptography
Digital Signature and Hybrid Cryptography Signcryption combines a Digital Signature and Hybrid Cryptography. This provides for nonrepudiation of a digital signature, confidentiality of hybrid cryptography, and protection of the symmetric key. Book 2 Page 114
What are the two broad categories of social engineering? Direct and indirect Indirect and phishing Physical and indirect Direct and phishing
Direct and indirect There are many and varied ways to do social engineering. Generally, though, they fall into two broad categories: Direct and indirect. 1. Direct social engineering involves the phone call or in-person meeting. The risk to the social engineer is higher with the in-person meeting, but sometimes the chance of success is higher. 2. Indirect social engineering is most commonly done through phishing scams on email. Indirect can also involve pop-ups on websites and other technological ploys to trick an unsuspecting user. Book 4 Page 38
What is the name of the protocol that resolves domain names to IP addresses? Domain Name System (DNS) Dynamic Host Control Protocol (DHCP) Top Level Domain Protocol (TLDP) Domain Control Protocol (DCP)
Domain Name System (DNS) Domain Name System (DNS) is the protocol that resolves domain names to IP addresses and vice versa. Humans find it much easier to remember names than numbers. But IP addresses are, of course, expressed as numbers. Therefore, you need a way of associating names that are easy to remember with numbers that may not be so easy to remember. Book 3 Page 113
What is the name of the protocol that assigns network settings at boot time? Transmission Control Protocol (TCP) Dynamic Host Configuration Protocol (DHCP) Automatic Host Configuration Protocol (AHCP) User Datagram Protocol (UDP)
Dynamic Host Configuration Protocol (DHCP) Network settings are assigned at boot time when using the Dynamic Host Configuration Protocol (DHCP). Organizations commonly employ this method on client computers since those do not have to have the same IP address from day to day, and dynamically assigning addresses means that network administrators do not have to manually type the addresses on each computer. This also simplifies moving a computer from one network to another Book 3 Page 110
What is the key exchange mechanism used by Secure Simple Paring? They do no use a secure key exchange mechanism. Advanced Encryption Standard (AES) Advanced Encryption Standard Diffie-Hellman (AESDH) Elliptical Curve Diffie-Hellman (ECDH)
Elliptical Curve Diffie-Hellman (ECDH) Version 2.1 introduced Simple Secure Pairing (SSP). It was a significant improvement, but still had issues. Version 4.1 updates SSP and makes it pretty good. SSP not only simplifies the pairing process but it also makes it more secure.All SSP implementations use Elliptical Curve Diffie-Hellman (ECDH) for key exchange. This is an extremely secure and fast key exchange mechanism. Book 4 Page 28
How does email commonly lead to "accidental data spills"? SMTP server failures The proliferation of email encryption Email address autofill Out of office autoreply messages
Email address autofill
What type of data traffic does S/MIME protect? File transfer traffic Web traffic Email traffic Streaming video traffic
Email traffic Secure MIME (S/MIME) is the most common email encryption system used today. It is implemented in Outlook and most other email clients. It relies on the use of certificates (most commonly X.509, but it will work with others).All email and any attachments transmit as 100% ASCII text, regardless of the type of attachment. This is because of the functionality of MIME (Multipurpose Internet Mail Extensions), which translates any attachments into a long string of ASCII. When implemented with S/MIME, the email and any attachments are all encrypted. Book 2 Page 106
What is the process of turning plaintext into ciphertext? Decryption Decipherment Obfuscation Encryption
Encryption Encryption is the process of turning plaintext into ciphertext. Another way to look at it is to transform readable into nonreadable Once text is encrypted, decryption is the process of turning ciphertext back into plaintext. The terms encipher and decipher are synonymous with encrypt and decrypt, respectively. Book 2 Page 11
If you cannot disable or remove a management utility, what must you do when hardening the OS? Ensure only system administrators can use the utility Accept the risk Rename the EXE file to some ambiguous name so attackers cannot find it Increase permissions on other tools to decrease awareness of this utility
Ensure only system administrators can use the utility
How does exploit software differ from a vulnerability scanner? Vulnerability scanners produce a lot of false negatives Exploit software manipulates the target system Exploit software focuses on only one service on the target Vulnerability scanners provide detailed solutions
Exploit software manipulates the target system
In cybersecurity, what does the term, "piggybacking" often describe? Watching someone type their password Sending a phishing email following closely by a phone call Delivering malware in phishing email Following someone through a secure door
Following someone through a secure door Social engineering techniques can also overcome physical security practices. "Piggybacking" or "tailgating" involves following someone through a secure door. This practice is easy to accomplish, especially if the "piggybacker" appears to belong. Masquerading as a service technician, UPS delivery person, or pizza delivery person makes this ploy even easier. Book 4 Page 48
What is the common name of a software brute-force testing tool? Fuzzer Nessus Brutus Blaster
Fuzzer
When reviewing a nibble, what is the term for the four leftmost place values? Low-order nibble High-order nibble Origin nibble Boolean nibble
High-order nibble Nibbles are used to help with calculations in bytes and have two components: a high-order nibble and a low-order nibble. The four leftmost place values of the nibble are known as the high-order nibble. Nibble values can range from 0 through 15, with 16 total possible values. Book 1 Page 43
What is the name of the function that intercepts and redirects functions of a virtual OS? Hypervisor Virtual Manager Virtual Machine Director Hyperdirector
Hypervisor
A municipality is installing new meters on homes in order to remotely monitor the gas and electric meters being used by those homes. What is this category of technology? Organizational application Platform segmentation Machine learning Industrial Internet of Things
Industrial Internet of Things Any device connected to the Internet is part of the Internet of Things. A rapidly growing category in this field is the Industrial Internet of Things. Municipalities are flocking to this technology to control parking meters, remotely read gas or electric meters, monitor traffic patterns, etc. Companies use it to control heating, ventilation, and air conditioning (HVAC), lighting, and other services. Keeping the lights and HVAC off in unoccupied areas saves companies money on utilities and raises profits. Book 1 Page 129
How do cryptographic processes help us with software downloaded from the internet? Cryptographic authentication proves software is legitimate Integrity checks, such as cryptographic has, ensure the software is pristine Downloading encrypted software proves it came from the software vendor Downloading encrypted software ensures it is tamper proof
Integrity checks, such as cryptographic has, ensure the software is pristine Integrity, as part of Cryptography, ensures that messages sent and received are identical. When software is downloaded from the internet, integrity protections, such as cryptographic hashes, help to ensure the software about to be installed is the legitimate software and not malware. These integrity protections can, and often do, go so far as to supply indisputable mathematical proof of integrity. Book 2 Page 6
What is the name of the protocol that deals with routing? Internet Protocol TCP Protocol ARPANET Protocol Ethernet Protocol
Internet Protocol IP (Internet Protocol) is designed to handle basic packet management on a network, including delivering packets to specific network addresses, routing packets between networks, and even splitting packets into smaller pieces and reassembling them again at their destination. Book 3 Page 88
What is the fundamental difference between the Internet of Things (IoT) and the Industrial Internet of Things (IIoT)? IoT manipulates data; IIoT manipulates physical objects IoT is only in the home; IIoT is only in organizations IoT manipulates physical objects; IIoT manipulates data IoT functions at the Network layer; IIoT functions at the Transport layer
IoT manipulates data; IIoT manipulates physical objects Any device connected to the internet is part of the Internet of Things (IoT) and the larger category of this is Industrial Internet of Things (IIoT). The main distinction between the two is what they most commonly manipulate. IoT devices deal with information technology (IT). These devices manipulate data in some way. IIoT devices deal more in the realm of operational technology (OT). They manipulate physical objects. Book 1 Page 129
What type of attack occurs when lateral movement takes place between systems on two networks owned by different companies? Eavesdropping Road tripping Island hopping Pivoting
Island hopping Island hopping is breaking into an organization and moving laterally to reach a partner organization on a separate network. It is similar to pivoting or moving laterally, which focus on systems on the same network. In island hopping, after a system is broken into on one network, the attacker discovers a system on a business partner's network with a trust relationship to the original system. The attacker can then "island hop" to the partner network. Book 4 Page 85 Return to CourseNext Question
How does IPv4 guarantee delivery of packets? It does not guarantee delivery as it is a "best effort" protocol. By ensuring a reliable connection between communicating parties Through Sequence and Acknowledgement numbers By interpreting bytes within the TCP- and UDP-contained headers
It does not guarantee delivery as it is a "best effort" protocol. IP is designed to handle basic packet management on a network, including delivering packets to specific network addresses, routing packets between networks, and even splitting packets into smaller pieces and reassembling them again at their destination. However, IP does not actually guarantee delivery of a packet—it is strictly a best effort protocol. If the packet does not arrive at the destination for any reason, there is an error notification, but not error correction. The IP protocol lacks mechanisms that track packets to make sure they arrive at their destination safely. Also, IP does not guarantee the order of packet delivery. Book 3 Page 88
When is it justifiable to put public access servers on an internal network? When they are protected by NAT It is never justifiable to do this When it is required by regulations As long as the server is fully patched
It is never justifiable to do this
We are reading through a computer manual and see the following statement "if the program returns 22, this is an error but if the program returns 55, the operation succeeded." What do these values mean? A hexadecimal 22 is an error and a hexadecimal 55 is not A decimal 22 is an error and a decimal 55 is not A decimal 22 is an error and a hexadecimal 55 is not It is unclear - the documentation doesn't indicate if those are decimal or hexadecimal values
It is unclear - the documentation doesn't indicate if those are decimal or hexadecimal values
Why is Moore's Law significant in cryptography? It states that a flaw in an algorithm's mathematical formula will lead to key decryption It proves the algorithm's peer review process has been successful It states the number of key guesses per second in a brute force attack doubles every 2 years It proves the PRNG provides sufficient randomness
It states the number of key guesses per second in a brute force attack doubles every 2 years Moore's Law states that the number of key guesses per second, in a brute force attack, doubles every two years. This means that the DES algorithm's 56-bit key that would take more than 20,000 years to brute force in 1975 can now be brute forced in a matter of hours. Book 2 Page 24
What is the central component of an operating system? Pivot Pole Kernel Root
Kernel The central component of any operating system is called the kernel. It is the software that dictates much of how the computer does what it does. The kernel is the interface between the operating system and the hardware (CPU) of a system, and it manages all computer hardware resources. It is the core—or kernel—of the operating system. Book 1 Page 84
Why is key escrow critical in cryptographic implementations for organizations? Key escrow is a backup copy of the key. Without it, decryption is not possible Key escrow assures the cryptographic implementation ensures anti-availability Key escrow ensures the keys are cryptographically hashed so they are pristine Key escrow requires regular changes to key. This protects against non-authorized use
Key escrow is a backup copy of the key. Without it, decryption is not possible A Key escrow is a highly secure backup copy of an organization's keys. All keys deserve escrow including crypto keys, physical keys, vital passwords, etc. Without key escrow, decryption is not possible and this could cause anti-availability, or no access to the data. This would ultimately defeat the purpose of cryptography. Book 2 Page 9
What is a range of values that can be used to construct a key? Algorithm Cryptanalysis Keyspace Encryption
Keyspace A keyspace is the range of values that can be used to construct a key given a particular key length. For example, the DES encryption algorithm uses a key of 56 bits. There are roughly 72 quadrillion possible combinations of 56 bits. That is the size of the keyspace for DES. Book 2 Page 13
What is an attack called when the attacker utilizes the same remote-control software used by the organization's administrators to avoid detection? Flying under the Radar (FutR) Stealth Scanning (SS) Remote Desktop Protocol Attack (RDPA) Living off the Land (LotL)
Living off the Land (LotL) When an attacker utilizes the same remote-control software used by an organization's administrator to avoid detection, this is known as a Living of the Land (LotL) attack. The remote-control software can include RDP in Windows or SSH in Linux, and the attacker will use the administrator's credentials to get access. Because they use legitimate credentials and common applications (RDP or SSH) they will generate no alarms or concerns even in organizations with the Security Operations Center (SOC) conducting continuous monitoring of traffic. Book 4 Page 72
What is the malware that waits for a preconfigured event or date to execute called? Logic bomb Virus Trojan Worm
Logic bomb Any piece of malware that waits for a preconfigured event or date before executing is known as a logic bomb. Of course, logic bombs are said to "detonate" rather than execute. Event-based logic bombs are more common than time-based. Book 4 Page 99
A current marketing term is Artificial Intelligence. What is the more accurate computing term for Artificial Intelligence? Machine learning OpenAI Actual intelligence Knowledge engineering
Machine learning Artificial Intelligence is more accurately known as Machine Learning. Machine learning is a subset of artificial intelligence (AI) that involves teaching machines to learn from data and make predictions or decisions based on that data, without being explicitly programmed. It is based on the idea that machines can learn from experience, just like humans do. Book 1 Page 5
What is software that creates malware to be sold to others as a product? Software Aided Development Malware Dark Shop Blockchain Factory Malware Development Kit
Malware Development Kit Software that creates malware which can be sold to others as a product is known as Malware Development Kits, or Factories. This is basically a point-and-click creation of malware. There are now many of these on the market, most sold on the dark web. Most of the malware factories for sale create ransomware for the simple reason that ransomware is the "hot market" today. Book 4 Page 106
A Caesar Cipher is an example of which of the following types of ciphers? Polyalphabetic cipher Monoalphabetic cipher Permutation cipher Linear cipher
Monoalphabetic cipher Probably the best-known monoalphabetic cipher is the Caesar cipher, or C3. With C3, the alphabet is shifted (or rotated) by three positions to create the ciphertext alphabet. Because the alphabet is rotated, it is also known as a rotational substitution cipher. Book 2 Page 47
Which of the following refers to two or more computing devices connected together in some way to facilitate the communication and exchange of data? Internet Cablenet Ethernet Network
Network A network is defined as two or more computing devices connected in some way to facilitate communication and exchange of data. Computing devices is an extremely broad term and can include Desktop PCs, servers, printers, tablets, and cell phones, as well as network-specific devices such as routers, switches, hubs, and many other gadgets. Book 3 Page 61
What is a common method of hiding an internal IP addresses? Network Address Hiding Anonymizer Network Address Translation Network Address Disguise
Network Address Translation Network Address Translation (NAT) is a common method of hiding an internal IP address. With NAT, an organization can have thousands of internal users and still only require a single public IP address. Without NAT, the organization would be required to have a public IP address for each of those internal users. NAT provides an efficient and secure method of IP address utilization. Book 3 Page 116
An analyst is reviewing log output as part of an investigation. The logs include a hex value of 0xB5. What is the value of 0x? Low order bit No value Decimal base 10 Zero octet
No value 0x## is a notation to show that what follows is hex. 0x has no value. The characters "B5" represent the hex value being referenced. Each hex character is one nibble of a binary byte. The first hex character is the most significate nibble, and the second character is the least significant. However, the 0x## has no value. Book 1 Page 47
What is accomplished if it is proved beyond a reasonable doubt that a particular entity sent a contract, and that the contract received is identical to that contract sent? Confidentiality Nonrepudiation Availability Integrity
Nonrepudiation With proper implementation, cryptographic functions provide a service called nonrepudiation. And nonrepudiation provides authenticity. For example, prove beyond question that a specific individual sent us a contract—that it specifically came from them and no one else. Then prove that the contract they sent is identical to the one received. With both pieces of proof in place, this is nonrepudiation. The contract's authenticity is proven. The source of the contract cannot repudiate it by saying they didn't send it or claiming the contract received is different from the one they sent. Book 2 Page 6
If both Bluetooth devices have a screen to display a 6-digit number and can accept a yes/no response, which Association Model should you use? Passkey Entry Numeric Comparison Just Works Out of Band
Numeric Comparison This setup between the two Bluetooth devices would use the numeric comparison association model. When pairing the devices, each device displays a six-digit number and provides a "Yes" or "No" response capability (e.g., a pair of buttons on a screen). If the numbers match, the user inputs a "Yes" on both devices. The devices then pair with each other. If they do not match, the user enters "No" and pairing fails. Note that unlike older Bluetooth security implementations, the 6-digit number is not part of the cryptographic key generation process. Therefore, even if an attacker obtains the six-digit number, it provides no insight into the crypto key. Book 4 Page 29
When using a smartphone, what is meant by the term "sideloading apps"? Obtaining apps from another device via Bluetooth Plugging an installation USB into the side of the device Obtaining apps from the official vendor store Obtaining apps from untrusted third-party sites
Obtaining apps from untrusted third-party sites Sideloading apps occurs anytime apps are obtained from an unauthorized app store. This is the cause of most malware on smartphone devices. It is a best practice to only obtain apps from the office store for the device (Google Play, Apple iTunes, Microsoft store). Book 1 Page 118
John the Ripper is an example of which of the following types of software? Password cracking software Password management software A password sniffer Password history software
Password cracking software Password crackers such as John the Ripper, Hashcat, and Cain and Able work offline, meaning attackers obtain your password file by some means (often some sort of an exploit). They have that file on their computer and are attempting the password attack there, which means your account lockout settings have no impact. Book 3 Page 8
In network communications, what type of data flow describes the actual path data must take to flow from the source system to the destination system? Logical data flow Secure data flow Formal data flow Physical data flow
Physical data flow For network communication to get from the source system to the destination system, it must follow the network lines and pass through gateways and other network devices. This path is known as the physical data flow. Security personnel look at this path to determine how the traffic is passed but also consider the type of communication that is passed and how those data can be controlled when necessary. Book 3 Page 79
What is the term for information that is in a human readable form? Encrypted Ciphertext Keyspace Plaintext
Plaintext Plaintext refers to unencrypted text that is in its original, human-readable format. This is also known as cleartext. Book 2 Page 11
What is a cipher that uses more than one replacement alphabet called? Permutation Cipher Monoalphabetic Cipher Rotational Substitution Cipher Polyalphabetic Cipher
Polyalphabetic Cipher Instead of replacing the plaintext alphabet with a single alphabet, polyalphabetic ciphers use multiple cipher alphabets. There is some debate as to who actually invented the notion of polyalphabetic ciphers. But there is little doubt which one is best known. Blaise de Vigenère in the 16th Century invented what became known at the Vigenère Cipher. In fact, it was often called "le chiffre indéchiffrable" in French, which translates to "the undecipherable cipher" in English. Book 2 Page 55
In home environments and some smaller enterprise environments, what is the method used to authenticate to a wireless access point? Digital certificate Pre-shared key Radius Smart token
Pre-shared key For wireless in the home environment (and in some enterprise environments as well), the most common authentication method is called a "Pre-Shared Key" or PSK. Some devices refer to this as a "Shared Secret." This is a string that you enter in the wireless access point's configuration. When you attempt to connect to the wireless access point for the first time, you enter the same string on your wireless client such as your laptop. If the string on the access point and the string on the client match, you are authenticated. You normally do not have to re-enter the PSK on the client again unless you change the PSK on the access point. Book 4 Page 18
In Social Engineering, what is "A reason given in justification that is not the real reason"? Disclosure Confession Obfuscating Pretexting
Pretexting Pretexting is used by an attacker to help assume a position of trust. Examples include: "This is the help desk and your account is broken so I need... ". None of which is true of course, but "the help desk" is a position of trust. Your account being broken is a reason given in justification that is not the real reason, which is the definition of pretexting. Book 4 Page 39
Of the three control types in Risk Management, which deals with authentication? Preventive Corrective Responsive Detective
Preventive Control types help lower risk in an organization. Authentication is a type of preventative control because its goal is to keep people from accessing your information systems if they are not authorized to do so. This type of prevention is an ideal in security. Book 1 Page 18
A user has worked at an organization for many years and has been promoted multiple times. With each promotion, the level of access granted has increased, while access to previous data and permissions is not removed. What term describes this activity? Integrity shadow Access escalation Principle of least privilege Privilege creep
Privilege creep Privilege creep is the gradual increase of access over time. Typically, this occurs when an employee moves from one role to another within an organization. The user is given access for the new role, but old access is not removed. The longer an employee works for an organization, the more likely they are to have too much access. Book 3 Page 30
In cryptography, what is the term "snake oil" often used to describe? Sneak Key Attack Proprietary Encryption Algorithms Peer-Reviewed Algorithms Weak Key Attack
Proprietary Encryption Algorithms Be aware of "snake oil". In other words, if a vendor tells you they have a "proprietary encryption algorithm," do not buy the product. In every case we know of, when that proprietary algorithm is released to the public for peer review, it is broken quickly, usually within about two weeks. Book 2 Page 22
Computers cannot create truly random values. Therefore, what tool is used to help generate a value for the cryptographic key? Typical Random Number Generator (TRNG) Virtual Random Number Generator (VRNG) Pseudo-Random Number Generator (PRNG) Mostly Random Number Generator (MRNG)
Pseudo-Random Number Generator (PRNG) Computers utilize a pseudo-random number generator (PRNG) to generate a "random enough" value for a cryptographic key. This is a result of computers not being able to generate a truly random value. They can come close, but it is not truly random. Book 2 Page 17
What type of systems do you put in the DMZ? Public access systems A DMZ has no servers, just client PCs Firewalls Servers with sensitive data only
Public access systems the DMZ is the public access area of your network, in other words, where you put all the servers that you will let people you don't know connect to
What are the three categories of Linux file permissions? User, Group, and Root Privileged, Non-Privileged, and Semi-Privileged Modify, Read, and Full Control Read, Write, and Execute
Read, Write, and Execute In Linux permissions, the user can Read, Write, and execute (the system displays them as rwx). Each of these does just what the name implies. Read permission gives us the ability to see the contents of a file. The write permission allows us to modify the file. The execute permission allows us to run the file as a program or script. Book 3 Page 47
To encrypt a message before sending, which key would you use? Recipient Public Key Recipient Private Key Sender Public Key Sender Private Key
Recipient Public Key When using asymmetric key crypto, there are four possible processes you might want to accomplish. There are also four keys. One of the most common mistakes people make with these systems is using the wrong key for the wrong purpose. To encrypt a message before sending it, the sender would use the recipient's public key. Book 2 Page 91
What are the 5 phases of an attack in normal order of execution? Reconnaissance, Gaining Access, Maintaining Access, Scanning, Covering Tracks Reconnaissance, Scanning, Gaining Access, Maintaining Access, Covering Tracks Scanning, Reconnaissance, Covering Tracks, Gaining Access, Maintaining Access Phishing, Access, Exfiltration, Public Posting, Covering Tracks
Reconnaissance, Scanning, Gaining Access, Maintaining Access, Covering Tracks The commonly accepted order of the 5 phases of an attack is reconnaissance, scanning, gaining access, maintaining access, and covering tracks. Book 4 Page 53
A web browser requests a page from a web site, and the server running at that site returns a 300 code. What does this 300 code represent? All ok Server error Redirect Client error
Redirect
Which Risk Strategy deals with stopping risky activities or business practices? Risk Transference Risk Avoidance Risk Mitigation Risk Deterrence
Risk Avoidance Risk Avoidance means stopping activities that cause risk to your organization. Book 1 Page 22
Which Risk Strategy involves buying insurance? Risk Transference Risk Avoidance Risk Mitigation Risk Deterrence
Risk Transference Risk Transference involves buying insurance to protect your organization. Basically, you perform all the mitigation you can, accept the residual risk, and then transfer that risk to an insurance company. This strategy is most common in the financial sector. Book 1 Page 23
What term describes a fake access point broadcasting in a public area? War Sitting Rogue Access Point Can Antenna Broadcast Set Socket
Rogue Access Point A Rogue Access Point is a fake access point set up in areas where public Wi-Fi is available (airports, hotels, coffee shops, etc.). People attempt to connect to the fake access point since it has a name that is very similar to the valid access point. Book 4 Page 23
What type of Access Control System allows the owner of a file to grant another user access to that file? Role-Based Access Control (RBAC) Rule-Set Base Access Control (RSBAC) Functional Access Control (FAC) Discretionary Access Control (DAC)
Role-Based Access Control (RBAC) Discretionary access control allows the owner of a file to change permissions and grant access to the file at their discretion. Every file on a computer has an account assigned as its owner, and the owner has the discretion to grant access to other users. Book 3 Page 54
What is malware that usually provides a backdoor and hides the attacker's activities from administrators called? Adware Virus Spyware Rootkit
Rootkit Software that allows a hacker to get into a compromised system and control its functions while not being detected is known as a rootkit. There are different types of rootkits, but there tend to be some similarities among root kits as well. They almost always insert a back door on the system to allow the attacker easy access, and they commonly hide the attacker's files, system processes, etc. from the administrator. Book 4 Page 100
What is it called when the cryptographic key and the message are the same length? Running key Message key Direct key Long key
Running key Initial implementations of the Vigenère Cipher utilized a repeating key. For example, if you chose a key of LEMON, you would just repeat that key (LEMONLEMONLEMONLEMON ...) until you had all your text encrypted. It took many years, but, eventually, someone figured out an advanced statistical analysis attack and defeated the repeating key method.It then became common to use a "running key." This means the key must be the same length as the plaintext—your message contains 1,000 letters, so does your key. Book 2 Page 59
The Diffie-Hellman algorithm performs one task. What is this task? Symmetric cryptography Elliptic Curve crytography Polymorphic cryptography Secure key exchange
Secure key exchange Diffie-Hellman was the first publicly released asymmetric algorithm and was release in 1976. The algorithm is one of those things that does only one thing and does it extremely well. It allows two computers, which may never have communicated in the past, to securely exchange a symmetric key. They then use that symmetric key to exchange data. Book 2 Page 95
What is breaking up of a network for better management known as? Departmental Organization Segmentation Network division Compartamentalization
Segmentation
Which role always has ultimate responsibility for security in an organization? Data owner Data custodian Senior manager General user
Senior manager The senior manager has the ultimate responsibility for security within an organization, including the legal responsibility to protect all assets. The authority can be delegated to the chief information security officer, but the responsibility rests on the senior manager's shoulders. Book 1 Page 16
What is the first field of a TCP header? Destination Port Destination IP port Source IP port Source port
Source port The source port is the first field of the TCP header. If you are sniffing packets on the network, looking at the source and destination ports is a good way to determine what application is being used and what the relationship between the systems may be. Book 3 Page 103
How is spear phishing different from phishing? Phishing is highly targeted while spear phishing is not. Spear Phishing is highly targeted while phishing is not. Spear Phishing requires a telephone call. Spear Phishing always involves a reward of some type for the victim.
Spear Phishing is highly targeted while phishing is not. Spear phishing is, by some accounts, the most common and most successful attack today. It is simply a highly targeted phishing email. Typically, the attacker finds out about an interest of the victim through a variety of means (often including social media). Book 4 Page 42
What is malware that monitors and reports your online activity called? Spyware Rootkit Virus Adware
Spyware Spyware is specifically designed to quietly track information about a machine's activity. It is the latest twist on the age-old game of getting information from users' systems without the users knowing about it. Spyware is often also a form of Trojan Horse in that it masquerades as a program that you want but hides the fact that it tracks your activity—hence it has a known desired function as well as an unknown undesired function, which defines a Trojan. Book 4 Page 101
What is a cipher that replaces letters of a message with new letters called? Replacement Stream Transposition Substitution
Substitution Whereas a transposition cipher changes the order of the letters in a message, a substitution cipher replaces the letters using one of several formulas.A very simple example comes from literature. In the book 2001: A Space Odyssey, Arthur C. Clarke came up with the name of the computer in that story by using an anagram of letters. When that book was written, THE computer company was IBM. To come up with the computer named HAL, he simply took the letters before IBM in the alphabet: H before I, A before B, and L before M. Book 2 Page 44
What algorithm is being used when the key that encrypts must decrypt? Symmetric cryptography Synchronous cryptography Asynchronous cryptography Asymmetric cryptography
Symmetric cryptography If the key that is used to encrypt the data must be used to decrypt the data, then the algorithm is symmetric. If the key that encrypts cannot decrypt (it takes a different key), then the algorithm is asymmetric. Book 2 Page 76 Return to CourseNext Question
Which of the following algorithm types is almost always the fastest? Asymmetric cryptography Symmetric cryptography Hybrid cryptography Signcryption cryptography
Symmetric cryptography Symmetric cryptography requires smaller keys to achieve the same work factor as asymmetric cryptography. Also, Symmetric keys are not based on prime numbers, as are asymmetric keys. These two factors make symmetric cryptophraphy 100 and 10,000 times faster. Book 2 Page 74
What category of token-based authentication system generates new authentication information at specified time intervals? Asynchronous Possession-based Synchronous Temporal-based
Synchronous "Something we have" authentication, or token-based authentication, is some type of device we hold in our hand. Most commonly, this is some type of small token or smart card. When this token generates new authentication information at a specified time interval, it is known as synchronous token-based authentication. Book 3 Page 18
What is the default port number for HTTPS? TCP port 80 UDP port 80 UDP port 443 TCP port 443
TCP port 443 The HTTPS protocol uses TCP port 443. This protocol encrypts all data between browser and web server in both directions. It requires configuration on the server and no editing of the HTML. The use of TCP port 443 is an absolute standard. Book 2 Page 125
What type of information can a cookie contain? Scripts Images Software Text
Text Cookies are small text files placed on a computer by a web server
What is the common name of the level of the Internet where 90% of web sites can be found? The Standard Web The Deep Web The Surface Web The Dark Web
The Deep Web
What does the NTFS Security Access Token contain? The Security ID Number (SID) for the user The Access Control Entry (ACE) for the user and any group they belong to The Access Control Entry (ACE) for the user The Security ID Number (SID) for the user and any groups they belong to
The Security ID Number (SID) for the user and any groups they belong to The true basis of all security in the Windows environment lies in the implementation of SIDs and SATs. Even the most advanced security feature relies on these controls being in place. The security access token or SAT is the number the computer assigns to everything. The SAT is created dynamically at login. The security access token contains (among other things) our user SID and the SID of each group we belong to. The SAT attaches to our user process. When we attempt to access a file, the operating system looks at all the SIDs in our SAT to determine proper access. Book 3 Page 43
Which access control model is characterized by "Never Trust - Always Verify"? Biba Model Rigorous Access Control Model Attribute Based Security Model The Zero Trust Security Model
The Zero Trust Security Model The Zero Trust security model is an approach to network security that challenges the traditional perimeter-based security paradigm. Instead of assuming trust based on network location, Zero Trust adopts a "never trust, always verify" philosophy, requiring verification for every access request, regardless of whether it originates from inside or outside the network perimeter. Book 3 Page 58
What does it indicate when a port scanner sends a SYN packet and receives an RST packet in response from the server? The port is filtered The port is open The port status is unfiltered The port is closed
The port is closed A server response of "RST" to a port scanner indicates the port is closed. The port scanner sends a SYN packet to the server's port. The server's port responds with an RST packet, and this ends the handshake, as there is no next step in the process. Book 4 Page 69
What fundamental principle of cyber security guides all decisions regarding access to data? The principle of Due Diligence Confidentiality, Integrity, and Availability Authentication, Authorization, and Availability The principle of least privilege
The principle of least privilege Without question, the most critical principle in cyber security is the principle of least privilege. It states that everyone can do everything they need to do, and nothing more. The principle is the guide that provides the correct answer for any cyber security questions such as who should have user accounts, what those accounts should access, and what firewall rules are needed to control traffic. Book 1 Page 7
What is Authentication? The process of verifying identity. A capability decision process. A process that allows one computer to talk to another. The process of entering a password.
The process of verifying identity Authentication is the process of verifying someone's identity. Book 3 Page 4
What does the protocol field of the IP header identify? The protocol that the IP packet is encapsulating The use of the Application (OSI Layer 7) protocol The version of IP the packet is based on The identification of Ethernet or ARP for the transmission
The protocol that the IP packet is encapsulating The Protocol field indicates the subprotocol that this packet is encapsulating. Recall that IP is concerned only with packet delivery. If an application needs to add intelligence to the packet delivery system, for example, packet order checking or reliability, it needs to use some other protocol on top of IP. The Protocol field indicates the protocol that this IP packet is encapsulating. Book 3 Page 90
Before two parties can communicate using asymmetric key cryptography, what even must occur? They must perform the asymmetric three-step handshake They must exchange their public keys They must exchange their private keys They must generate each other's public keys
They must exchange their public keys Before two parties can communicate using asymmetric key cryptography, they must exchange their public keys. Each side must provide their public key to the other. How the key is exchanged is not important. What is important is that until there is a key exchange, no communication is possible. Book 2 Page 89
In Wireless Networking, what is the purpose of a Service Set Identifier (SSID)? To provide enterprise level authentication To distinguish one WLAN from another To allow connections from wireless to wired transmissions To provide encryption for wireless transmissions
To distinguish one WLAN from another In wireless technology, a Service Set Identifier (SSID) is a network name that separates or distinguishes one WLAN from another. For example, a home network may have one access point with two networks: one called "Family" and one called "Family-Guest." The "Family" network is for your family and allows access to the internal network in your house, while "Family-Guest" is for others visiting your home. "Family-Guest" allows access to the Internet but not to your internal network. In this example, "Family" and "Family-Guest" are SSIDs. Book 4 Page 17
What is the most fundamental purpose of a firewall? To perform analysis and prevention of malicious traffic To compartmentalize where traffic is directed on your network Controlling where internal users are allowed to go on the Internet To keep the people off your network that do not belong there
To keep the people off your network that do not belong there
At what point in the security process do you employ penetration testing? In the middle to check your progress Toward the beginning It does not really matter, as long as you do it Toward the end
Toward the end The role of penetration testing is to see if you missed anything when locking the network down
Which of the following is a connection-oriented Layer 4 Protocol? Internet Control Message Protocol (ICMP) User Datagram Protocol (UDP) Transmission Control Protocol (TCP) Connection Control Protocol (CCP)
Transmission Control Protocol (TCP) TCP is called a connection-oriented protocol because it is primarily concerned with establishing connections between two computers, maintaining the state of those connections, and ensuring that all communications on that connection are orderly and complete. UDP is a layer 4 protocol, but it is connectionless. Book 3 Page 102
An organization wants to ensure their Wi-Fi signal is not travelling outside of their facility. What setting can be used to adjust the strength of their signal? Area Access Switch Transmit Power Control Net-spot Range Near-field Communication
Transmit Power Control An organization will want to control the distance of their Wi-Fi signal to help prevent unauthorized access. One method of doing this is to dial down the power of the antenna, or more specifically, the transmitter. This keeps the access point from sending its signal as far and therefore makes it harder to intercept from greater distances. The setting you look for to make this adjustment is called Transmit Power Control, or TPC. This is usually only a feature of enterprise-level Wi-Fi access points. Book 4 Page 22
What is a cipher that reorders the letters of a message? Transposition Deobfuscation Steganography Steganography Substitution
Transposition Transposition ciphers do pretty much what the name implies. They transpose the order of letters (or of groups of letters or of whole words in some cases). This method of encipherment is also called obfuscation and permutation. Book 2 Page 40 Return to CourseNext Question
What method do programmers use to gain access into software to test functionality - and that if not removed before released to the public, becomes a backdoor into that software? Confidential route Input validation Trapdoor function Exception handling
Trapdoor function
What is malware that has a known desired function as well as an unknown undesired function called? Trojan Horse Logic Bomb Virus Worm
Trojan Horse Any piece of software that has a "known desired function, as well as an unknown undesired function" is defined as a Trojan Horse. By some reports, trojans account for nearly 80% of all malware. This is because the trojan horse is a common delivery mechanism for other malware. Book 4 Page 98
What base is a binary numbering system? Five Two Sixteen Ten
Two Binary is a base-two numbering system, so we need two digits. Those digits are 1 and 0. With a base-two system, each place value is two times its neighbor. So, if we need to represent the value of 231, we would need to "turn on" the ones in certain place values. It happens that 128+64+32+0+0+4+2+1 equals 231. We do not add the place values of 16 and 8 because those positions have a 0 instead of a 1. Book 1 Page 45
An employee is walking through his break room when he sees a thumb drive on the floor labeled "Salary Information." He plugs it into his computer, and it immediately becomes infected by malware on the thumb drive. What type of compromise just occurred? USB Proliferation Free Drive USB Seeding Drive Propagation
USB Seeding The explosion of USB devices has created a problem known as USB Seeding, in which a USB drive containing malicious software is intentionally left in a public area for a person to pick up and plug into their machine. This can be a dangerous infection vector. Book 1 Page 128
What is another name for an all-in-one security appliance? Honeypot Server Integrated Prevention System Layered Management Application Firewall Unified Threat Management Device
Unified Threat Management Device These devices consist of several network devices inside a single box. The advantage to these devices is having only one box to buy and manage. However the disadvantage is that you may not be able to view traffic between devices.
What is the process called when a backup service keeps a copy of all revisions of an organization's documents? Versioning backup Zero knowledge backup Incremental backup Full Differential backup
Versioning backup
What is malware that must insert itself into other executable code? Virus Trojan Horse Logic Bomb Worm
Virus A virus is defined as any piece of software that, "to survive and propagate, must insert itself into other executable code." For example, if a virus is going to infect Microsoft's Word.exe, it does so by inserting itself into that .exe file. Once Word.exe is infected and you run that program, you unknowingly execute the virus code as well. The virus typically goes memory-resident and remains in RAM even after you close Microsoft Word. Hours later, you execute some other piece of software and the virus inserts itself into that executable at that time. Book 4 Page 96
What does the term Juice Jacking refer to when using a smartphone? When a phone's jailbreak software hijacks power from the phone When a phone is infected with malware via Bluetooth When a phone is infected with malware via Road Apples When a phone is infected with malware at a public charging spot
When a phone is infected with malware at a public charging spot Juice Jacking is when a phone becomes infected with malware while using a public charging spot. The charging port on virtually all smartphones and tablets is a USB port. Yes, that port can charge the device's battery. That port can also be used to exchange data with very little security. That data can, unfortunately, include malware being loaded onto the device. It can also include attackers extracting data from the device. Juice Jacking can be avoided by only using "regular" electrical outlets for charging as opposed to using "charging stations." If a charging station must be used, it is recommended to purchase inexpensive charging dongles that cannot pass data, only electricity.
What is Minimum Password Aging? When you are not allowed to change a password for a period of time. When you must change your password after a period of time. When you must change your password if it is compromised. When you cannot reuse a password for a period of time.
When you are not allowed to change a password for a period of time Minimum password aging refers to the minimum amount of time that must pass between password changes. This setting specifies that once you change your password, you cannot change it again for a certain number of days. This feature prevents users from changing a password multiple times in one day to be able to reuse a password that was previously used. Book 3 Page 14
What is Maximum Password Aging? When you are not allowed to change a password for a period of time. When you must change your password if it is compromised. When you must change your password after a period of time. When you cannot reuse a password for a period of time.
When you must change your password after a period of time. This setting requires you to change your password every 60 days or every 90 days. The purpose behind this setting is that if your password is compromised, the window of opportunity for someone to use that password is smaller. Also, it is hoped that you change your password before someone is successful in compromising it via a password cracking attack. Book 3 Page 14
What is malware that is self-standing and self-propagating in nature called? Logic bomb Trojan Virus Worm
Worm A worm is self-standing software that is self-propagating. Much like a network vulnerability scanner, it scans your network looking for a system that has a vulnerability it knows how to take advantage of. When it finds "Windows 10, patch level 2," for example, it then exploits a vulnerability that it is aware of in that specific OS and patch level. Most worms know how to take advantage of one or two things, occasionally three, at most. Book 4 Page 97
The Encryption Algorithm, AES, has a function called AddRoundKey. What is the basic functionality behind AddRoundKey? Stream Cipher Substitution XOR Permutation
XOR When AES encrypts data, it performs four separate operations on the data to produce ciphertext. The functions consist of SubBytes, ShiftRows, MixColumns, and AddRoundKey. The functionality of AddRoundKey is XOR. It is a deceptively simple XOR operation to randomize the key for each round (up to 14 rounds) of operations. Book 2 Page 85
What is the URL of the Wayback Machine? http://www.archive.org http://www.wayback.com http://www.sans.org/wayback http://www.wayback.org
http://www.archive.org The Wayback Machine is found at http://www.archive.org/. Much of the Internet has been archived on the Wayback Machine. You can see what many sites looked like at any point in time. This also means that any sensitive information that was on your, or any other site, at any time, is still available on the Wayback Machine. Book 4 Page 58
A developer would like to prevent web search engine spiders from indexing a directory containing scripts. What file on the web server should be used to hold this directory listing? cgihold.txt robots.txt pocket.txt indexblock.txt
robots.txt A web administrator should use the robots.txt file to prevent a web server directory from being searched. The robots.txt file is a world-readable ASCII text file found on a web server. It constitutes a polite request to search engine spiders used by Google, Bing, and others to please not make these directories searchable. It is a polite request that the search engine can choose to ignore. Google and Bing both honor the request, but there are a few search engines that ignore it. Book 4 Page 59
