SY0-601 Study test

Which of the following utilizes both symmetric and asymmetric encryption?

*Digital envelope* Digital certificate Digital evidence Digital signature

Which of the following has a cyber security framework (CSF) that focuses exclusively on IT security, rather than IT service provisioning?

*National Institute of Standards and Technology (NIST)* International Organization for Standardization (ISO) Control Objectives for Information and Related Technologies (COBIT) Sherwood Applied Business Security Architecture (SABSA)

A client contacts a server for a data transfer. Instead of requesting TLS1.3 authentication, the client claims legacy systems require the use of SSL. What type of attack might a data transfer using this protocol facilitate?

Credential harvesting Key stretching Phishing *Man-in-the-middle*

Which of the following is NOT a use of cryptography?

Non-repudiation Obfuscation *Security through obscurity* Resiliency

The _____ requires federal agencies to develop security policies for computer systems that process confidential information.

Sarbanes-Oxley Act (SOX) *Computer Security Act* Federal information Security Management Act (FISMA) Gramm-Leach-Bliley Act (GLBA)

Which certificate field shows the name of the Certificate Authority (CA) expressed as a Distinguished Name (DN)?

Version Signature algorithm *Issuer* Subject

Before leaving for lunch, an employee receives a phone call, but there is no one on the line. Distracted by the odd interruption, the employee forgets to log out of the computer. Earlier that day, a person from the building across the street watched the employee entering login credentials using high-powered binoculars. Which form of social engineering is being used in this situation?

Vishing Lunchtime attack *Shoulder surfing* Man-in-the-middle attack

A hacker set up a Command and Control network to control a compromised host. What is the ability of the hacker to use this remote connection method as needed known as?

Weaponization *Persistence* Reconnaissance Pivoting

Key _______________ occurs during the initial distribution of the key, or after having revoked one.

generation

Identify the command that can be used to detect the presence of a host on a particular IP address.

ipconfig ifconfig ip *ping*

A network manager needs a map of the network's topology. The network manager is using Network Mapper (Nmap) and will obtain the visual map with the Zenmap tool. If the target IP address is 192.168.1.1, determine the command within Nmap that will return the necessary data to build the visual map of the network topology.

nmap -sn --ipconfig 192.168.1.1 nmap -sn --ifconfig 192.168.1.1 *nmap -sn --traceroute 192.168.1.1* nmap -sn --nslookup 192.168.1.1

Which statement describes the mechanism by which encryption algorithms help protect against birthday attacks?

Encryption algorithms utilize key stretching. Encryption algorithms use secure authentication of public keys. *Encryption algorithms add salt when computing password hashes.* Encryption algorithms must utilize a blockchain.

Which of the following depict ways a malicious attacker can gain access to a target's network? (Select all that apply.)

Ethical hacking *Phishing* *Shoulder surfing* Mantrap

Which statement most accurately describes the mechanisms by which blockchain ensures information integrity and availability?

Blockchain ensures availability by cryptographically linking blocks of information, and integrity through decentralization. *Blockchain ensures availability through decentralization, and integrity through cryptographic hashing and timestamping.* Blockchain ensures availability through cryptographic hashing and timestamping, and integrity through decentralization. Blockchain ensures both availability and integrity through decentralization and peer-to-peer (P2P) networking.

After a poorly handled security breach, a company updates its security policy to include an improved incident response plan. Which security controls does this update address?

Compensating Deterrent *Corrective* Detective

A Certificate Revocation List (CRL) has a publish period set to 24 hours. Based on the normal procedures for a CRL, what is the most applicable validity period for this certificate?

*26 hours* 1 hour 23 hours 72 hours

If not managed properly, certificate and key management can represent a critical vulnerability. Assess the following statements about key management and select the true statements. (Select all that apply.)

If a key used for signing and encryption is compromised, it can be easily destroyed with a new key issued. *It is exponentially more difficult to ensure the key is not compromised with multiple backups of a private key.* *If a private key, or secret key, is not backed up, the storage system represents a single point of failure.* The same private key can securely encrypt and sign a document.

Examine each attack vector. Which is most vulnerable to escalation of privileges?

Software *Operating System (OS)* Applications Ports

A security team is in the process of selecting a cryptographic suite for their company. Analyze cryptographic implementations and determine which of the following performance factors is most critical to this selection process if users primarily access systems on mobile devices.

Speed Latency *Computational overhead* Cost

Evaluate the differences between stream and block ciphers and select the true statement.

A block cipher is suitable for communication applications. A stream cipher is subjected to complex transposition and substitution operations, based on the value of the key used. *A block cipher is padded to the correct size if there is not enough data in the plaintext.* A stream cipher's plaintext is divided into equal-sized blocks

What is the purpose of a server certificate?

Allow signing and encrypting email messages. Guarantee the validity of a browser plug-in or software application. Provide identification for the certificate authority. *Guarantee the identity of e-commerce sites and other websites that gather and store confidential information.*

Encryption vulnerabilities allow unauthorized access to protected data. Which component is subject to brute-force enumeration?

An unsecured protocol A software vulnerability *A weak cipher* A lost decryption key

A hospital must balance the need to keep patient privacy information secure and the desire to analyze the contents of patient records for a scientific study. What cryptographic technology can best support the hospital's needs?

Blockchain Quantum computing is not yet sufficiently secure to run current cryptographic ciphers. Perfect forward security (PFS) Homomorphic encryption

An employee handling key management discovers that a private key has been compromised. Evaluate the stages of a key's life cycle and determine which stage the employee initiates upon learning of the compromise.

Certificate generation Key generation Expiration and renewal *Revocation*

A hacker is able to install a keylogger on a user's computer. What is the hacker attempting to do in this situation?

Key management Encryption Obfuscation *Steal confidential information*

An employee works on a small team that shares critical information about the company's network. When sending emails that have this information, what would be used to provide the identity of the sender and prove that the information has not been tampered with?

Private key *Digital signature* Public key RSA algorithm

Consider the life cycle of an encryption key. Which of the following is NOT a stage in a key's life cycle?

Storage *Verification* Expiration and renewal Revocation

When exploring the deep web, a user will need which of the following to find a specific and hidden dark web site?

The Onion Router (TOR) Dark web search engine *A specific URL* Open Source Intelligence (OSINT)

Which of the following could be considered as an insider threat? (Select all that apply.)

*Former employee* *Contractor* Customer White hat hacker

A contractor has been hired to conduct penetration testing on a company's network. They have decided to try to crack the passwords on a percentage of systems within the company. They plan to annotate the type of data that is on the systems that they can successfully crack to prove the ease of access to data. Evaluate the penetration steps and determine which are being utilized for this task. (Select all that apply.)

*Test security controls* Bypass security controls Verify a threat exists *Exploit vulnerabilities*

An outside security consultant updates a company's network, including data cloud storage solutions. The consultant leaves the manufacturer's default settings when installing network switches, assuming the vendor shipped the switches in a default-secure configuration. Examine the company's network security posture and select the statements that describe key vulnerabilities in this network. (Select all that apply.)

*The network is open to third-party risks from using an outside contractor to configure cloud storage settings.* *The default settings in the network switches represent a weak configuration.* The use of network switches leaves numerous unused ports open. The default settings in the network switches represent unsecured protocols.

Any external responsibility for an organization's security lies mainly with which individuals?

*The owner* Tech staff Management Public relations

During a penetration test, systems administrators for a large company are tasked to play on the white team for an affiliated company. Examine each of the following roles and determine which role the systems admins will fill.

*The systems admins will arbitrate the exercise, setting rules of engagement and guidance.* The systems admins will try to infiltrate the target system. The systems admins will operate monitoring and alerting controls to detect and prevent the infiltration. The systems admins will collaborate with attackers and defenders to promote constructive developments.

A security engineer investigates a recent system breach. When compiling a report of the incident, how does the engineer classify the actor and the vector?

*Threat* Vulnerability Risk Exploit

A user with authorized access to systems in a software development firm installs a seemingly harmless, yet unauthorized program on a workstation without the IT department's sanction. Identify the type of threat that is a result of this user's action.

*Unintentional insider threat* Malicious insider threat Intentional attack vector External threat with insider knowledge

A system administrator downloads and installs software from a vendor website. Soon after installing the software, the administrator's computer is taken over remotely. After closer investigation, the software package was modified, probably while it was downloading. What action could have prevented this incident from occurring?

*Validate the software using a checksum* Validate the software using a private certificate Validate the software using a key signing key Validate the software using Kerberos

Select the appropriate methods for packet capture. (Select all that apply.)

*Wireshark* Packet analyzer Packet injection *Tcpdump*

Analyze the following attacks to determine which best illustrates a pharming attack.

A customer gets an email that appears to be from their insurance company. The email contains a link that takes the user to a fake site that looks just like the real insurance company site. An employee gets a call from someone claiming to be in the IT department. The caller says there was a problem with the network, so they need the employee's password in order to restore network privileges. A company's sales department often has after-hour training sessions, so they order dinner delivery online from the restaurant across the street. An attacker is able to access the company's network by compromising the restaurant's unsecure website. *A customer enters the correct URL address of their bank, which should point to the IP address 172.1.24.4. However, the browser goes to 168.254.1.1, which is a fake site designed to look exactly like the real bank site.*

Which of the following statements best describes the trade-off when considering which type of encryption cipher to use?

Asymmetric encryption is the strongest hashing algorithm, which produces longer and more secure digests than symmetric encryption. *Asymmetric encryption requires substantially more overhead computing power than symmetric encryption. Asymmetric encryption is inefficient when transferring or encrypting large amounts of data.* Symmetric encryption requires substantially more overhead computing power than asymmetric encryption. Symmetric encryption is inefficient when transferring or encrypting large amounts of data. Symmetric encryption is not considered as safe as asymmetric encryption, but it might be required for compatibility between security products.

Which security related phrase relates to the integrity of data?

Availability is authorized *Modification is authorized* Knowledge is authorized Non-repudiation is authorized

Compare and contrast the modes of operation for block ciphers. Which of the following statements is true?

ECB and CBC modes allow block ciphers to behave like stream ciphers. *CTR and GCM modes allow block ciphers to behave like stream ciphers.* ECB and GCM modes allow block ciphers to behave like stream ciphers. CBC and CTR modes allow block ciphers to behave like stream ciphers.

One aspect of threat modeling is to identify potential threat actors and the risks associated with each one. When assessing the risk that any one type of threat actor poses to an organization, what are the critical factors to profile? (Select all that apply.)

Education Socioeconomic status *Intent* *Motivation*

An employee has requested a digital certificate for a user to access the Virtual Private Network (VPN). It is discovered that the certificate is also being used for digitally signing emails. Evaluate the possible extension attributes to determine which should be modified so that the certificate only works for VPN access.

Extension ID *Critical* Value Distinguished encoding rules

The X.509 standard defines the fields (information) that must be present in a digital certificate. Which of the following is NOT a required field?

Extensions Public key *Endorsement key* Subject

Examine each statement and determine which most accurately describes a major limitation of quantum computing technology.

Presently, quantum computers do not have the capacity to run useful applications. Quantum computing is not yet sufficiently secure to run current cryptographic ciphers. Quantum computing is not sufficiently agile to update the range of security products it most frequently uses. Attackers may exploit a crucial vulnerability in quantum computing to covertly exfiltrate data.

A Department of Defense (DoD) security team identifies a data breach in progress, based on some anomalous log entries, and take steps to remedy the breach and harden their systems. When they resolve the breach, they want to publish the cyber threat intelligence (CTI) securely, using standardized language for other government agencies to use. The team will transmit threat data feed via which protocol?

Structured Threat Information eXpression (STIX) Automated Indicator Sharing (AIS) *Trusted Automated eXchange of Indicator Information (TAXII)* A code repository protocol

A website with many subdomains has a single Domain Validation (DV) server certificate. The certificate has been issued to the parent domain and all subdomains are accepted as valid down one level. Determine which type of certificate is in use.

Subject Alternative Name (SAN) *Wildcard domain* Root Code signing

Following a data breach at a large retail company, their public relations team issues a statement emphasizing the company's commitment to consumer privacy. Identify the true statements concerning this event. (Select all that apply.)

The data breach must be an intentional act of corporate sabotage. *The privacy breach may allow the threat actor to sell the data to other malicious actors.* *Data exfiltration by a malicious actor may have caused the data breach.* The data breach event may compromise data integrity, but not information availability.

A security technician needs to transfer a large file to another user in a data center. Which statement best illustrates what type of encryption the technician should use to perform the task?

The technician should use symmetric encryption for authentication and data transfer. *The technician should use asymmetric encryption to verify the data center user's identity and agree on a symmetric encryption algorithm for the data transfer.* The technician should use asymmetric encryption for authentication and data transfer. The technician should use symmetric encryption to verify the data center user's identity and agree on an asymmetric encryption algorithm for the data transfer.

Which situation would require keyboard encryption software be installed on a computer?

To set up single sign-on privileges To comply with input validation practices For the purpose of key management *To protect against spyware*

A user's PC is infected with a virus that appears to be a memory resident and loads anytime an external universal serial bus (USB) thumb drive is attached. Examine the following options and determine which describes the infection type.

Uses a local scripting engine. *Written to the partition table of a disk.* Replicates over network resources. Monitors local application activity.

Compare and contrast vulnerability scanning and penetration testing. Select the true statement from the following options.

Vulnerability scanning is conducted by a "white hat" and penetration testing is carried out by a "black hat." *Vulnerability scanning by eavesdropping is passive, while penetration testing with credentials is active.* Penetration testing and vulnerability scanning are considered "black hat" practices. Vulnerability scanning is part of network reconnaissance, but penetration testing is not.

In which of these situations might a non-credentialed vulnerability scan be more advantageous than a credentialed scan? (Select all that apply.)

When active scanning poses no risk to system stability *External assessments of a network perimeter* Detection of security setting misconfiguration *Web application scanning*

Select the statement which best describes the difference between a zero-day vulnerability and a legacy platform vulnerability.

*A legacy platform vulnerability is unpatchable, while a zero-day vulnerability may be exploited before a developer can create a patch for it.* A zero-day vulnerability is unpatchable, while a legacy platform vulnerability can be patched, once detected. A zero-day vulnerability can be mitigated by responsible patch management, while a legacy platform vulnerability cannot be patched. A legacy platform vulnerability can be mitigated by responsible patch management, while a zero-day vulnerability does not yet have a patch solution.

Which statement best illustrates the importance of a strong true random number generator (TRNG) or pseudo-random number generator (PRNG) in a cryptographic implementation?

*A weak number generator leads to many published keys sharing a common factor.* A weak number generator creates numbers that are never reused. A strong number generator creates numbers that are never reused. A strong number generator adds salt to encryption values.

Which of the following statements summarizes a disadvantage to performing an active vulnerability scan? (Select all that apply.)

*Active scanning consumes more network bandwidth.* *Active scanning runs the risk of causing an outage.* Active scanning may fail to identify all of a system's known vulnerabilities. Active scanning techniques do not use system login.

A manufacturing company hires a pentesting firm to uncover any vulnerabilities in their network with the understanding that the pen tester receives no information about the company's system. Which of the following penetration testing strategies is the manufacturing company requesting?

*Black box* Sandbox Gray box White box

A network administrator uses two different automated vulnerability scanners. They regularly update with the latest vulnerability feeds. If the system regularly performs active scans, what type of error is the system most likely to make?

*False positive* False negative Validation error Configuration error

Analyze and eliminate the item that is NOT an example of a reconnaissance technique.

*Initial exploitation* Open Source Intelligence (OSINT) Social engineering Scanning

A company has an annual contract with an outside firm to perform a security audit on their network. The purpose of the annual audit is to determine if the company is in compliance with their internal directives and policies for security control. What broad class of security control that accurately demonstrates the purpose of the audit?

*Managerial* Technical Physical Compensating

A contractor has been hired to conduct security reconnaissance on a company. The contractor browses the company's website to identify employees and then finds their Facebook pages. Posts found on Facebook indicate a favorite bar that employees frequent. The contractor visits the bar and learns details of the company's security infrastructure through small talk. What reconnaissance phase techniques does the contractor practice? (Select all that apply.)

*Open Source Intelligence (OSINT)* Scanning *Social engineering* Persistence

When using a digital envelope to exchange key information, the use of what key agreement mitigates the risk inherent in the Rivest-Shamir-Adleman (RSA) algorithm, and by what means?

*Perfect forward secrecy (PFS) uses Diffie-Hellman (DH) key agreement to create ephemeral session keys without using the server's private key.* The Cipher Block Chaining (CBC) key agreement mode uses an initialization vector (IV) to create ephemeral session keys without using the server's private key. Counter mode in key agreement makes the advanced encryption standard (AES) algorithm work as a stream cipher, by applying an initialization vector to issue a security certificate. A certificate authority (CA) validates the public key's owner and creates an initialization vector to protect the exchange from snooping

Examine each statement and determine which most accurately describes a major limitation of quantum computing technology.

*Presently, quantum computers do not have the capacity to run useful applications* Quantum computing is not yet sufficiently secure to run current cryptographic ciphers. Quantum computing is not sufficiently agile to update the range of security products it most frequently uses. Attackers may exploit a crucial vulnerability in quantum computing to covertly exfiltrate data.

The IT department head returns from an industry conference feeling inspired by a presentation on the topic of defense in depth. A meeting is scheduled with IT staff to brainstorm ideas for implementing defense in depth throughout the organization. Which of the following ideas are consistent with this industry best practice? (Select all that apply.)

*Provide user training on identifying cyber threats.* Adopt a vendor-specific stance. *Align managerial and technical controls with control functions.* Move endpoint security to the firewall.

An individual receives a text message that appears to be a warning from a well-known order fulfillment company, informing them that the carrier has tried to deliver his package twice, and that if the individual does not contact them to claim it, the package will not be delivered. Analyze the scenario and select the social engineering technique being used.

*SMiShing* Phishing Vishing Prepending

During a penetration test, an adversary operator sends an encrypted message embedded in an attached image. Analyze the scenario to determine what security principles the operator is relying on to hide the message. (Select all that apply.)

*Security by obscurity* Integrity Prepending *Confidentiality*

Which statement best describes key differences between symmetric and asymmetric cryptographic ciphers?

*Symmetric encryption is used for confidentiality, and uses the same key for encryption and decryption.* Asymmetric encryption is primarily used for confidentiality, and uses different keys for encryption and decryption. Symmetric encryption is used for authentication, and is the most efficient method of encryption for large data transfers. Asymmetric encryption is used for non-repudiation and is the most efficient method of encryption for large data transfers.

Which statement best explains the differences between black box, white box, and gray box attack profiles used in penetration testing?

A black box pen tester acts as a privileged insider and must perform no reconnaissance. A white box pen tester has no access, and reconnaissance is necessary. A gray box actor is a third-party actor who mediates between a black box and white box pen tester. A black box pen tester acts as the adversary in the test, while the white box pen tester acts in a defensive role. A gray box pen tester is a third-party actor who mediates between a black box pen tester and a white box pen tester. *In a black box pen test, the contractor receives no privileged information, so they must perform reconnaissance. In contrast, a white box pen tester has complete access and skips reconnaissance. A gray box tester has some, but not all information, and requires partial reconnaissance.* In a white box pen test, the contractor receives no privileged information, so they must perform reconnaissance. In contrast, a black box pen tester has complete access and skips reconnaissance. A gray box tester has some, but not all information, and requires partial reconnaissance.

An employee calls IT personnel and states that they received an email with a PDF document to review. After the PDF was opened, the system has not been performing correctly. An IT admin conducted a scan and found a virus. Determine the two classes of viruses the computer most likely has. (Select all that apply.)

Boot sector *Program* *Script* Macro

A company technician goes on vacation. While the technician is away, a critical patch released for Windows servers is not applied. According to the National Institute of Standards and Technology (NIST), what does the delay in applying the patch create on the server?

Control Risk Threat *Vulnerability*

An IT manager in the aviation sector checks the industry's threat intelligence feed to keep up on the latest threats and ensure the work center implements the best practices in the field. What type of threat intelligence source is the IT manager most likely accessing?

Open Source Intelligence (OSINT) *An Information Sharing and Analysis Center (ISAC)* A vendor website, such as Microsoft's Security Intelligence blog A closed or proprietary threat intelligence platform

An IT director reads about a new form of malware that targets a system widely utilized in the company's network. The director wants to discover whether the network has been targeted, but also wants to conduct the scan without disrupting company operations or tipping off potential attackers to the investigation. Evaluate vulnerability scanning techniques and determine the best tool for the investigation.

Credentialed scan Configuration review Penetration testing *Threat hunting*

An engineer looks to implement security measures by following the five functions in the National Institute of Standards and Technology (NIST) Cybersecurity Framework. When documenting the "detect" function, what does the engineer focus on?

Evaluate risks and threats Install, operate, and decommission assets *Ongoing proactive monitoring* Restoration of systems and data

The National Institute of Standards and Technology (NIST) provides a framework that classifies security-related functions. Which description aligns with the "respond" function?

Evaluate risks, threats, and vulnerabilities. Perform ongoing, proactive monitoring. Implement resilience to restore systems. *Identify, analyze, and eradicate threats.*

A system administrator has just entered their credentials to enter a secure server room. As the administrator is entering the door, someone is walking up to the door with their hands full of equipment and appears to be struggling to move items around while searching for their credentials. The system administrator quickly begins to assist by getting items out of the person's hands, and they walk into the room together. This person is not an employee, but someone attempting to gain unauthorized access to the server room. What type of social engineering has occurred?

Familiarity/liking *Consensus/social proof* Authority and intimidation Identity fraud

Which two cryptographic functions can be combined to authenticate a sender and prove the integrity of a message?

Hashing and symmetric encryption Public key cryptography and digital enveloping Hashing and digital enveloping *Public key cryptography and hashing*

An attacker uses a cryptographic technology to create a covert message channel in transmission control protocol (TCP) packet data fields. What cryptographic technique does this attack strategy employ?

Homomorphic encryption Blockchain *Steganography* Key stretching

A company has a critical encryption key that has an M-of-N control configuration for protection. Examine the examples and select the one that correctly illustrates the proper configuration for this type of protection of critical encryption keys.

M=1 and N=5 *M=3 and N=5* M=6 and N=5 M=0 and N=5

How might the goals of a basic network management not be well-aligned with the goals of security?

Management focuses on confidentiality and availability. Management focuses on confidentiality over availability. Management focuses on integrity and confidentiality. *Management focuses on availability over confidentiality.*

A system administrator must scan the company's network to identify which ports are open and which software and software versions are running on each. Determine the syntax that should be used to yield the desired information if the administrator will be executing this task from a Linux command line.

Netstat -a *Nmap -A 10.1.0.0/24* Nmap -O 10.1.0.0/24 Netstat -r

What is Open Source Intelligence (OSINT)?

Obtaining information, physical access to premises, or even access to a user account through the art of persuasion The means the organization will take to protect the confidentiality, availability, and integrity of sensitive data and resources *Using web search tools and social media to obtain information about the target* Using software tools to obtain information about a host or network topology

An employee handles key management and has learned that a user has used the same key pair for encrypting documents and digitally signing emails. Prioritize all actions that should be taken and determine the first action that the employee should take.

Revoke the keys. *Recover the encrypted data.* Generate a new key pair. Generate a new certificate.

A gaming company decides to add software on each title it releases. The company's objective is to require the CD to be inserted during use. This software will gain administrative rights, change system files, and hide from detection without the knowledge or consent of the user. Consider the malware characteristics and determine which is being used.

Spyware Keylogger *Rootkit* Trojan