security plus exam final cts1120
Which of the following best describes bash?
Bash is a command language interpreter.
Star Technology is working on a project that needs a communication mode specializing in encryption, where only authorized parties should understand the information. The company also requires accuracy, completeness, and reliability of data throughout the project. The company has contacted you for an ideal cipher mode solution . Which mode should you suggest?
CBC
Which of the following is an example of a request forgery malware?
CSRF
Shanise is an IT security professional for a large private bank. She got an alert that the bank website received a funds transfer request that was correctly credentialed but flagged as being out of the account owner's usual pattern. If the alert is correct, what type of attack has likely occurred?
CSRF attack
Which of the following best describes skimming?
Capturing information from the magnetic stripe of a smartcard
You are a data steward. You have been asked to restrict User A, who has an access clearance of "top secret" in a MAC-enabled network, from accessing files with the access label "secret." This, in turn, does not affect any other user.What action should you take?
Change the access clearance of User A to "confidential"
Which of the following protects SNMP-managed devices from unauthorized access?
Community string
n an interview, the interviewer introduced the following scenario:An enterprise is hosting all its computing resources on a cloud platform, and you need to identify which vulnerability is most likely to occur.Which of the following should you choose?
Configuration vulnerability
Which of the following statements correctly describes the disadvantage of a hardware-based keylogger?
A hardware-based keylogger must be physically installed and removed without detection.
What is a Type I hypervisor?
A hypervisor that runs directly on computer hardware
Which of the following best describes a network address translation?
A network address translation (NAT) enables a private IP network to connect to the internet.
Which of the following is a deception instrument?
A sinkhole is a deception instrument used to attract attackers by steering their traffic away from the intended destination.
Which cryptographic method should Susanne use to ensure that a document can be encrypted with a key and decrypted with a different key?
Asymmetric
John needs to add an algorithm for his company communication process, in which encryption uses two keys. One is the public key, and the other one is a private key. Which algorithm will be suitable to achieve this?
Asymmetric cryptographic
In a security meeting, you are asked to suggest access control schemes in which you have high flexibility when configuring access to the enterprise resources.Which of the following should you suggest?
Attribute-based access control
You are a security consultant. An enterprise client contacted you because their mail domain is blocked due to an unidentified entity using it to send spam. How should you advise them to prevent this from happening in the future?
Configure the SMTP relay to limit relays to only local users
Sansa is a network security administrator at an enterprise. She is asked to take appropriate steps to defend against a MAC address spoofing attack in the enterprise network. Which of the following methods should Sansa apply?
Configure the switch so that only one port can be assigned per MAC address
Which of the following is NOT a part of business continuity planning?
Contingency actions
Tyler is a cybersecurity expert assigned to look after the security of a public DNS server. One day, during his usual inspection of the DNS server, he found that the DNS table has been altered, resulting in URL redirection for some users.What type of attack has Tyler discovered?
DNS hijacking
You are the security manager of an ISP, and you are asked to protect the name server from being hijacked. Which of the following protocols should you use?
DNSSEC
Which of the following is a state of data, where data is transmitted across a network?
Data in transit
Who ensures the enterprise complies with data privacy laws and its own privacy policies?
Data privacy officer
Which of the following is a physical social engineering technique?
Dumpster diving
What additional measure should be enacted to increase the security on a computer network after secure boot, protective measures from attacks like antimalware, and intrusion detection systems are implemented in all the computers on the network?
Implement hardening at endpoints with patch management and operating system safeguards
you are working in the headquarters of an organization and you're asked to deal with the interruption in services due to network issues found in the ISP servers. How will you tackle this sitiuation? Using RAID Using NIC teaming Using UPS Backing up data
NIC teaming provides redundancy for the network by which different ISP can be integrated for reliable perfomance.
Simon is working in a telecom firm. Being an HOD, he was asked to suggest a lock pattern for their mobile devices with the following features:The device should have a prerecord of its user's walking and other body movement patterns, and on sensing any change in the regular movements, should be able to lock the device.Which lock pattern should Simon suggest?
On-body detection
Which of the following techniques is a method of passive reconnaissance?
Open Source Intelligence (OSINT)
An organization is planning a revamp of the existing computer hardware with new ones. The IT manager has informed department heads that some computers have faced BIOS attacks in the past. He has requested help in preventing future BIOS attacks.As an expert, which of these solutions can you use to effectively improve boot security when the new computers are implemented in the network?
Implement measured boot with UEFI
Which of the following packets contains the field that indicates the function of the packet and an identifier field used to match requests and responses and the type of data being transported along with the data itself?
Incorrect. Dynamic host configuration protocol (DHCP) is a network management protocol used on Internet Protocol networks. Instead of using an enterprise-grade AP, a small office or home commonly uses another device that combines multiple features into a single hardware unit. These features often include an AP, firewall, router, (DHCP) server, and other features.
Which of the following attacks is considered easy, allowing threat actors to access user data and read through passwords and PINs, and why is it considered so?
Incorrect. In a disassociation attack, an attacker can create false deauthentication or disassociation management frames that appear to come from another client device, causing the client to disconnect from the AP. This attack does not allow an attacker to access user data.
You were hired by a social media platform to analyze different user concerns regarding data privacy. After conducting a survey, you found that the concern of a majority of users is personalized ads. Which of the following should you mention in your report as a major concern?
Individual inconveniences
Which of the following is a disadvantage of the secure boot process?
It makes third party non-vendor-approved software difficult to implement.
A company monitors the network activity of the organization and stores the logs in a database. You have been asked to identify whether there are any malicious activities in the network. Which of the following can denote the upper and lower bounds of their various network activities?
KRI
Which of the following is defined as a structure for governing all the elements involved in digital certificate management?
PKI
An attacker collected many usernames from a website and tried to login into the accounts using the password "passw0rd". What type of attack was this?
Password spraying attacks try commonly used passwords on different user accounts.
Social engineering is a means of eliciting information by relying on the weaknesses of individuals. How should you differentiate between the social engineering techniques of phishing and pharming?
Phishing involves sending an email message or displaying a web announcement that falsely claims to be from a legitimate enterprise, whereas pharming is a redirection technique that attempts to exploit how a URL is converted into its corresponding IP.
How do phishing simulations contribute to enterprise security?
Phishing simulations train employees on how to recognize phishing attacks.
You are the chief security administrator in your enterprise. You are asked to train every employee, from top-level officers to front gate security officers, to make them aware of various security risks. Which of the following training techniques should you use?
Role-based awareness training
In an interview, Max was asked to tell one difference between a software firewall and a virtual firewall. How should Max answer?
Software firewalls are locally installed on a device, whereas virtual firewalls run in the cloud.
What is a variation of a common social engineering attack targeting a specific user?
Spear phishing
Which attack embeds malware-distributing links in instant messages?
Spim
You are a security admin for an enterprise, and you were asked to ensure high availability of data using redundancy. Which of the following action should you perform?
Store the same data in different devices across different locations Storing the same data on different devices across different locations provides high availability of data through redundancy.
Which of the following protocols are used to secure HTTP?
TLS and SSL
Which of the following are categories of vulnerabilities in mobile device connections that can also be exploited by threat actors?
Tethering, USB-on-the-go (OTG), malicious USB cable, hotspots
In an interview, you were asked to explain the steps involved in a successful authentication by a RADIUS server. How should you answer?
The supplicant sends a request to the access point (AP). The AP prompts the user for credentials. Once credentials are entered, the AP sends an authentication request to the RADIUS server. If verified, the server sends the authentication acknowledgment to the AP. The user is then authorized to join the network.
Why are jamming attacks generally rare?
They require expensive, sophisticated equipment
Kelly is asked to choose a mobile management tool that provides a single management interface for all applications, content, and device management. Which of the following is the best one-step solution?
Unified environment management (UEM) tool
As a cybersecurity specialist, you are asked to defend the web app hosted by your enterprise from web application attacks like cross-site scripting, SQL injections, etc. Which of the following actions should you take?
You should install a WAF.
n an interview, you were asked to crack a password and told that the password is a commonly used word. Which of the following methods should you apply?
You should perform a dictionary attack.
In a security review meeting, you are asked to take appropriate security measures to mitigate IP spoofing attacks against the enterprise network. Which of the following methods should you apply?
You should set up an ACL.
Japan's cybercrime control center noticed that around 200,000 Tokyo computers are infected by bots, and all these bots are remotely controlled by a single attacker. What is this attacker referred to as?
`Bot herder
James is a black hat hacker employed as an authorized officer at Apple. He has credentials and signed a non-disclosure agreement to perform advanced penetration testing on the iOS 6.1.6 operating system, and has already gained low-level access to the mobile device using a backdoor. The process by which John could design/create his own custom firmware to exploit underlying vulnerabilities and gain a higher level of access to a UNIX shell with root privileges, essentially allowing them to do anything on the device is ?MMSb. Jailbreakingc. RCSd. Mobile content management
. Incorrect. Mobile Content Management is used for subsequent editing and management of content.
Wilson has requested your help to suggest an encryption method that will provide the highest security against attacks. Which encryption process should you suggest?
AES
While talking to a new client, the client asked you why access control is mostly used in enterprise networks rather than home networks.How should you reply?
An enterprise network will have more sensitive and confidential information.
Sigma Technology is a company based in Singapore, with branches in 24 countries. It needs multiple CAs in different locations to verify and sign digital certificates for the company. They are looking for an option where, even in the absence of a CA, other CAs can issue the certificates. Additionally, they are also looking for CAs who will overlook other CAs in different locations. In such a scenario, which PKI trust model should they use?
Bridge trust mode
Which of the following documents provide alternative modes of operation for interrupted business activities?
Business continuity plan
Sigma Solutions use hash algorithms in the communications between departments while transferring confidential files. A human resource employee informed you that one of the employees' salary statements sent from her end looks tampered with and requested your help.Which of the following tasks would enable you to identify whether the file is tampered with or not, and how will you make the determination?
Check the digest of the file with the original digest. If the values are different, it can be confirmed that the file has been tampered with.
A company has its network compromised. As an expert professional, the organization has hired you to identify the probable cause of the attack and fix it. As a security professional, you have noticed the pattern of compromise is unlike anything previously seen. You are looking to find new information on vulnerabilities like the attack that occurred.Which of the following actions would help achieve this objective?
Checking the dark web
Which of the following mobile device enterprise deployment models are implemented so that employees in an organization are offered a suite of security, reliability, and durability choices that the company has already approved?
Choose your own device (CYOD)
Which of the following is a combination of encryption, authentication, and MAC algorithms, like a collection of instructions on securing a network?
Cipher suite
Which attack sees an attacker attempt to determine the hash function's input strings that produce the same hash result?
Collision attack
Primary investigation after an enterprise security breach revealed that the breach was caused by an unauthorized device physically connected to the enterprise network. Which of the following logs should you examine first while conducting a detailed investigation?
DHCP server logs
Dave is preparing a COOP for his company. In it, he included how and where employees and resources will be relocated in case of a natural disaster, how data will be recovered in case a terrorist attack shuts down public networks, and how the company's critical services and processes will be affected by an IT system failure. Did Dave compile the COOP correctly?
Dave's COOP plan should not include how critical services and processes will be affected by an IT system failure.
When your enterprise's collected data information life cycle ended, you were asked to destroy the data stored on magnetic storage devices. Which of the following techniques should you use to destroy the data?
Degauss the data
After a disaster disrupted your organization's functioning, you were assigned to determine the sequence for reinstating systems. Which of the following documents should you refer to when deciding the restoration order?
Disaster recovery plan
A company has multiple CAs and intermediate CAs issuing digital certificates in different departments, with no one cross-checking their work. Which PKI trust model should the company use?
Distributed trust model
Which of the following is a process where a private key is split into two halves, encrypted, and stored separately for future use?
Escrow is a process in which keys are managed by a trusted third party. The private key is split into two halves, encrypted, and stored in a separate location. A user can retrieve the two halves, combine them, and use this copy of the private key for decryption.
Kane was transferring files from a file transfer protocol (FTP) server to his local machine simultaneously. He sniffed the traffic to find that only the control port commands are encrypted, and the data port is not encrypted. What protocol did Kane use to transfer the files?
FTPS
Your enterprise recently approved using fingerprint scanners to authenticate employees who access restricted areas. You are assigned to conduct a study on how secure fingerprint authentication is. Which of the following should you report?
Fingerprint scanners can be used for trickery in rare cases.
Kile is assigned a role as a grey box penetration tester in the financial sector. He has to conduct a pen testing attack on all the application servers in the network. Which of the following tasks should he perform first while conducting a penetration testing attack on a network?
Footprinting
Which of the following penetration testing consultants have limited knowledge of the network and some elevated privileges?
Gray box
The protection of which of the following data type is mandated by HIPAA?
Health information
Which of the following is a network set up with intentional vulnerabilities?
Honeynet
In an interview, you are asked about the role played by virtual machines in load balancing. Which of the following should be your reply?
If the virtual machine's load increases, the virtual machine can be migrated to another physical machine with more capabilities.
Alice, a vulnerability assessment engineer at a bank, is told to find all the vulnerabilities on an internet-facing web application server running on port HTTPS. When she finishes the vulnerability scan, she finds several different vulnerabilities at different levels. How should she proceed?
Look at the priority and the accuracy of the vulnerability
Max found someone is impersonating him after discovering that data sent to him was always being received by someone else in his enterprise network. He informed the network administrator about the issue. While inspecting the switch, the administrator discovered that the threat actor was another employee at the same enterprise.As a senior security consultant, which of the following attacks should you mention in the charge sheet?
MAC cloning attack
In an interview, you are given the following scenario:David sent a message to Tina saying, "There is no school today!" For some reason, the message showed up on Tina's device as, "Come to the school ASAP!" You (the candidate) are asked to name the type of attack that would cause this situation.Which of the following should you identify?
MITM
Which of the following best describes an extranet?
Private network only accessed by an authorized party
Which data category can be accessed by any current employee or contractor?
Proprietary
Which of the following can prevent macros attacks?
Protected view
Which of the following methods can be used to destroy data on paper?
Pulping
What does ransomware do to an endpoint device?
Ransomware attacks the endpoint device holding it hostage by preventing it from functioning unless the user fulfills the ransom payment demanded.
Fatima is responsible for conducting business transactions for XYZ Company, and she only had the stored private key. She is on leave and currently unavailable, and the organization needs to complete an urgent business transaction. Which of the following methods should enable the organization to access Fatima's private key and digital certificate?
Recovery
You are working as a security admin in an enterprise and have been asked to choose an access control method so that all users can access multiple systems without crossing their limit of access. Which of the following access control methods is the best fit?
Rule-based access control
You are asked to transfer a few confidential enterprise files using the file transfer protocol (FTP). For ensuring utmost security, which variant of FTP should you choose?
SFTP
Which of the following protocols can be used for secure video and voice calling?
SRTP
A cyber analyst needs to quickly do a vulnerability scan on an enterprise network with many devices. Which approach should the analyst take?
Scan the most important devices for as long as it takes for each device
Windows switches to Secure Desktop Mode when the UAC prompt appears. What is the objective of Secure Desktop Mode?
To prevent malware from tricking users by spoofing what appears on the screen
In an interview, the interviewer asks you to boot a PC. A hypervisor screen appears at the start of the boot process. The interviewer then asks you to identify the type of VM monitor program being used. What should your reply be?
Type I hypervisor
Which of the following vulnerabilities involves connecting a flash drive infected with malware to a mobile device?
USB-on-the-go (OTG)
Which of the following outlines the process of a proxy server?
User - forward proxy - Internet - reverse proxy - server
Which of the following best describes VBA?
VBA is an event-driven programming language. Visual basic for applications (VBA) is an event-driven programming language. VBA allows developers and users to automate processes that normally would take multiple steps or levels of steps.
Which of the following human characteristic is used for authentication?
Veins
Which of the following tools can be used for virtual machine sprawl avoidance?
Virtual machine manager
Juan, a cybersecurity expert, has been hired by an organization whose networks have been compromised by a malware attack. After analyzing the network systems, Juan submits a report to the company mentioning that the devices are infected with malware that uses a split infection technique on files.Which malware attack is Juan reporting?
Virus
There is often confusion between vulnerability scanning and penetration testing. What is the best explanation of the difference between vulnerability scanning and penetration testing?
Vulnerability scanning is performed using an automated tool to scan a network for known vulnerability signatures. Penetration testing involves attempting to manually uncover deep vulnerabilities just as a threat actor would, and then exploiting them.
Which security protocol encrypts transmissions by using a shared secret key combined with an initialization vector (IV) that changes each time a packet is encrypted?
WEP n wired equivalent privacy (WEP), the shared secret key is combined with an initialization vector (IV). The IV and the key are combined and used as a seed for generating a random number necessary in the encryption process. The IV and encrypted ciphertext are both transmitted to the receiving device. Upon arrival, the receiving device first separates the IV from the encrypted text and then combines the IV with its shared secret key to decrypt the data.
Attackers have taken over a site commonly used by an enterprise's leadership team to order new raw materials. The site is also visited by leadership at several other enterprises, so infecting this site will allow for attacks on many organizations.Which type of malicious activity is this?
Watering hole
Which site survey tool is used to visually represent wireless network details such as channel bandwidth, channel coverage, data rate, and interference, among others?
Wi-Fi analyzers
Which wireless probe can be designed by configuring a laptop computer to scan and record wireless signals within its range at regular intervals and report the information to a centralized database?
Wireless device probe
Which HTTP response header should be used to prevent attackers from displaying their content on a website?
X-Frame-Option
You want to implement an authentication method so that different password attacks, like dictionary attacks, brute force attacks, etc., will not result in unauthorized access to the web application hosted by your enterprise. You want to do this by not using any specialized hardware or making any changes to the user's activity during the authentication process. Which of the following methods should you apply?
You should implement keystroke dynamics.
Zain, a telecom engineer, plans to relocate a particular AP antenna to a new location. Which of the following configuration options will he use to adjust frequency bands, optimum channels, and available spectrum for data transfer?
ncorrect. Wi-Fi analyzers are tools used when installing wireless networks; they do not affect those networks' configuration.