UCERTIFY QUIZZES
WHAT FEATURE PRIMARILY HELPS TO PROTECT AGAINST POISONING ATTACKS? FLOOD GUARD FEATURES SNMPV3 ARP INSPECTION LOOP PROTECTION
ARP INSPECTION
A THIRD-PARTY TEAM IS GOING TO FORMALLY EXAMINE YOUR ORG'S OVERALL SEC PRACTICES TO MAKE SURE THEY MEET REG COMPLIANCE GOALS. YOUR ORG MAY BE FINED IF IT FAILS. WHAT WOULD THIS VERIFICATION PROCESS BE CALLED? (SECURITY FUNDAMENTALS) AUDIT CERTIFICATION EVALUATION ASSESSMENT
AUDIT
WHICH OF THE FOLLOWING IS A SITE W/O HARDWARE SET UP IN ADVANCE? COLD SPARE COLD SITE HOT SPARE HOT SITE
COLD SITE
WHICH OF THE FOLLOWING SHOULD YOU FOLLOW FOR SECURING ACCOUNTS IN ALMOST ANY IDENTITY SYSTEM? WHEN GIVING MULTIPLE ACCOUNTS TO A SINGLE USER ENSURE THAT EACH ACCOUNT HAS THE SAME PASSWORD USE GENERIC ACCOUNTS ASSIGN PERMISSIONS TO INDIVIDUAL ACCOUNTS RATHER THAN GROUPS CHOOSE USER NAMES CAREFULLY ACCORDING TO A STD NAMING CONVENTION
- CHOOSE USER NAMES CAREFULLY ACCORDING TO NAMING CONVENTION - WHERE POSSIBLE, ASSIGN PERMISSIONS TO GROUPS RATHER THAN INDIVIDUAL ACCOUNTS - WHERE POSSIBLE, AVOID THE USE OF GENERIC ACCOUNTS (GUEST ACCOUNTS) - ASSIGN ADMINISTRATORS 2 ACCOUNTS EACH: AN ADMINISTRATOR ACCOUNT FOR TASKS THAT REQUIRE ESCALATED PRIVILEGES, AND A STD USER ACCT FOR EVERYTHING ELSE - WHEN GIVING MULTIPLE ACCOUNTS TO A SINGLE USER, ENSURE THAT EACH ACCOUNT HAS A SEPARATE PASSWORD
YOU'RE HARDENING A WEB APPLICATION. WHICH OF THESE FEATURES YOU SHOULD ENSURE WHILE HARDENING THE UNDERLYING HOST AND NETWORK? - MAKE SURE THAT APP COMPONENTS AND USERS OP IN A MOST PRIVILEGE ENVIRONMENT - CONDUCT YEARLY SECURITY AUDITS - ENABLE UNNECESSARY APPS, SERVICES, AND USER ACCTS - ENSURE HOST IS KEPT UPDATED - PROTECT NETWORK WITH FIREWALLS, NIDS/NIPS, OR EVEN SPECIFIC WEB APP FIREWALLS
- ENSURE HOST IS KEPT UPDATED - PROTECT THE NETWORK WITH FIREWALLS, NIDS/NIPS, OR EVEN SPECIFIC WEB APP FIREWALLS - DISABLE UNNECESSARY APPS, SERVICES, AND USER ACCOUNTS - APPLY ANTIVRUS AND HIDS/HIOS SOFTWARE ON HOST - IF APP USES MULTIPLE SERVERS
12 MANDATED CONTROLS OF PCI DSS
- INSTALL & MAINTAIN FIREWALL CONFIGURATION TO PROTECT CARDHOLDER DATA - DO NOT USE VENDOR-SUPPLIED DEFAULTS FOR SYSTEM PASSWORDS & OTHER SECURITY PARAMETERS - PROTECT STORED CARDHOLDER DATA - ENCRYPT TRANSMISSION OF CARDHOLDER DATA ACROSS OPEN, PUBLIC NETWORKS - USE AND REG. UPDATE ANTIVIRUS SOFTWARE OR PROGRAMS - DEVELOP AND MAINTAIN SECURE SYSTEMS AND APPLICATIONS - RESTRICT ACCESS TO CARDHOLDER DATA BY BUSINESS NEED TO KNOW - ASSIGN A UNIQUE ID TO EACH PERSON W/COMPUTER ACCESS - RESTRICT PHYSICAL ACCESS TO CARDHOLDER DATA - TRACK AND MONITOR ALL ACCESS TO NETWORK RESOURCES AND CARDHOLDER DATA - REGULARLY TEST SECURITY SYSTEMS AND PROCESSES - MAINTAIN A POLICY THAT ADDRESSES INFO SEC FOR ALL PERSONNEL
HOW MANY HARD DRIVES DOES RAID 10 REQUIRE? - 2 HARD DRIVES FOR THE DISK MIRROR AND 1 MORE DISK TO STRIPE THE MIRRORED DISKS - 4 HARD DRIVES FOR THE DISK MIRROR AND 1 MORE DISK TO STRIPE THE MIRRORED DISKS - 1 HARD DRIVE FOR THE DISK MIRROR AND 2 MORE DISKS TO STRIPE THE MIRRORED DISKS - 2 HARD DRIVES FOR THE DISK MIRROR AND 2 MORE DISKS TO STRIPE THE MIRRORED DISKS
2 HARD DRIVES FOR THE DISK MIRROR AND 2 MORE DISKS TO STRIPE THE MIRRORED DISKS
IN ACTIVE DIRECTORY, WHAT IS THE BEST PLACE TO ASSIGN PERMISSIONS? A UNIVERSAL GROUP AN INDIVIDUAL USER A GLOBAL GROUP A DOMIN LOCAL GROUP
A DOMAIN LOCAL GROUP
WHICH OF THE FOLLOWING STATEMENTS IS TRUE REGARDING VIRTUALIZATION? - ITS DIFFICULT TO CREATE A SNAPSHOT OF A VM - VIRTUAL TEST ENVIRONMENTS ARE AN IDEAL PLACE TO THOROUGHLY TEST SEC CONTROLS AFTER DEPLOYING THEM ON THE "REAL" NETWORK - A TEST VM IS ALSO USEFUL FOR TESTING AN OS OR APPLICATION PATCHES TO MAKE SURE THEY DONT INTRODUCE ANY PROBLEMS - ITS REASONABLY EASY TO MAINTAIN LOW AVAILABILITY FOR SERVICES HOSTED ON A VM
A TEST VM IS ALSO USEFUL FOR TESTING AN OS OR APPLICATION PATCHES TO MAKE SURE THEY DONT INTRODUCE ANY PROBLEMS
YOU WANT TO USE YOUR ANDROID PHONE TO STORE AND MANAGE CRYPTOGRAPHIC CERTIFICATES. WHICH TYPE OF SOLUTION WILL YOU CHOOSE TO DO THIS USING SECURE HARDWARE? MDM A WIRELESS TPM SEAndriod A microSD HSM
A microSD HSM (A Hardware Security Module)
WHICH AAA ELEMENT TRACKS THE ACTIONS OF AN AUTHENTICATED USER FOR LATER REVIEW? AUTHORIZATION IDENTIFICATION ACCOUNTING AUTHENTICATION
ACCOUNTING TRACKS ACTIONS OF AN AUTHENTICATED USER FOR LATER REVIEW AUTHENTICATION VERIFIES PRINCIPALS ID AUTHORIZATION SPECIFIES EXACT RESOURCES A GIVEN PRINCIPAL IS ALLOWED TO ACCESS
WHICH OF THE FOLLOWING IS A LIST ATTACHED TO A RESOURCE, GIVING PERMISSIONS OR RULES ABOUT PRECISELY WHO CAN ACCESS IT? QOS 802.1Q DIFFERENTIATED SERVICES ACL
ACL
WHICH OF THE FOLLOWING DELIVERS ADVERTISEMENTS TO THE INFECTED SYSTEM, USUALLY WITHIN A BROWSER OR OTHER APPLICATION WINDOWS? TROJAN ADWARE WORM VIRUS
ADWARE
IF ALICE WISHES TO DIGITALLY SIGN THE MESSAGE THAT SHE IS SENDING TO BOB, WHAT KEY WOULD SHE USE TO CREATE THE DIGITAL SIGNATURE? (CRYPTOGRAPHY) ALICE'S PRIVATE KEY BOB'S PUBLIC KEY BOB'S PRIVATE KEY ALICE'S PUBLIC KEY
ALICE'S PRIVATE KEY
WHICH ONE OF THE FOLLOWING STATEMENTS IS NOT TRUE ABOUT COMPENSATING CONTROLS UNDER PCI DSS? (SECURITY FUNDAMENTALS) DO NOT USE. ENDOR-SUPPLIED DEFAULT FOR SYSTEM PASSWORDS & OTHER SECURITY PARAMETERS ALLOW PHYSICAL ACCESS TO CARDHOLDER ENCRYPT TRANSMISSION OF CARDHOLDER DATA ACROSS OPEN PUBLIC NETWORKS USE & REGULARLY UPDATE ANTIVIRUS SOFTWARE OR PROGRAMS
ALLOW PHYSICAL ACCESS TO CARDHOLDER DATA
WHICH OF THE FOLLOWING CAN YOU USE FOR NETWORK MAPPING AND SERVICE ENUMERATION THOUGH THEY CAN PERFORM OTHER TASKS? RISK MGMT) ANGRY IP SCANNER AIRCRACK-NG WIFITE KISMET
ANGRY IP SCANNER
WHAT CONNECTION TYPE IS VERY SIMILAR TO BLUETOOTH BUT IS USED BY MORE SPECIALIZED DEVICES? NFC RFID ANT+ GPS
ANT+
WHICH OF THE FOLLOWING ASSESSMENTS WILL USE FOR IDENTIFYING INSIDER THREATS? (RISK MGMT) BEHAVIORAL INSTINCTUAL HABITUAL IOCS
BEHAVIORAL
WHAT KIND OF PENETRATION TEST INVOLVES A TESTER WITH NO KNOWLEDGE OF YOUR NETWORK CONFIGURATION BEFORE THE TEST? (RISK MGMT) BLACK HAT BLACK BOX WHITE HAT WHITE BOX
BLACK BOX
WHICH OF THE FOLLOWING ATTACKS USES STATEMENTS THAT SHOULD CREATE VERIFIABLE CHANGES IN PAGE OUTPUT, OR ELSE PERFORMS TIME-INTENSIVE OPS AND WATCHES FOR SERVER DELAY? STACKED QUERY XSRF BLIND INJECTION SIGNATURE EVASION
BLIND INJECTION
A COMPANY CONFIGURES WORKSTATIONS TO RUN SOFTWARE ON AN UNAPPROVED LIST. WHAT IS THIS AN EXAMPLE OF? ALLOW LISTING SANDBOXING HARDENING BLOCK LISTING
BLOCK LISTING (DENY LISTS) USES A LIST OF SOFTWARE THAT IS NOT ALLOWED FOR USE (BLACKLISTING)
CAMILLA WANTS TO CREATE AN AGREEMENT DEFINING THE GENERAL RELATIONSHIP BETWEEN BUSINESS PARTNERS THAT DEFINES HOW EACH ORG SHARES PROFITS, LOSSES, PROPERTY, AND LIABILITY. WHAT TYPE OF AGREEMENT SHOULD CAMILLA USE? BPA ISA NDA MOU
BPA (BUSINESS PARTNERSHIP AGREEMENT)
WHICH OF THE FOLLOWING IS AN ON-PATH ATTACK IN WHICH A TROJAN OR OTHER SPYWARE MODIFIES THE WEB PAGES THAT THE USER VIEWS OR THE ACTIONS THAT THE USER TAKES? MODIFIED HOSTS FILE BROWSER-BASED COMPROMISED ROUTER COMPROMISED SERVER
BROWSER-BASED
YOU HAVE INVESTIGATED AN ATTACK WHERE THE ATTACKER HAS ENTERED A VERY LOG STRING INTO AN INPUT FIELD, WHICH WAS FOLLOWED BY A SYSTEM COMMAND. WHAT TYOE OF ATTACK LIKELY TOOK PLACE? XSS BUFFER OVERFLOW XSRF LDAP INJECTION
BUFFER OVERFLOW
SOMEONE STOLE THOUSANDS OF CUSTOMER RECORDS FROM YOUR ORG'S DATABASE. WHAT ASPECT OF SECURITY WAS PRIMARILY ATTACKED? (SECURITY FUNDAMENTALS) INTEGRITY AVAILABILITY PORTABILITY CONFIDENTIALITY
CONFIDENTIALITY
WHICH OF THE FOLLOWING MAKES THE MATHEMATICAL RELATIONSHIP BETWEEN THE PLAINTEXT AND THE KEY AS COMPLEX AS POSSIBLE, SO THAT A PARTIALLY CORRECT KEY IS USELESS TO AN ATTACKER? (CRYPTOGRAPHY) DIFFUSION CONFUSION TRANSPOSITION ONE-TIME PAD l
CONFUSION
YOUR ANALYSIS REVEALS THAT A WEB APPLICATION OUTAGE WAS CAUSED BY ONE OF THE COMPANY'S DEVELOPERS UPLOADING A NEWER VERSION OF THE THIRD PARTY LIBRARIES THAT WERE SHARED AMONG SEVERAL APPS. WHICH OF THE FOLLOWING IMPLEMENTATIONS WOULD BE BEST TO PREVENT THE ISSUE FROM REOCCURRING? SECURITY GROUPS INSTANCE AWARENESS CONTAINERIZATION API INSPECTION
CONTAINERIZATION
WHAT AUTHENTICATION STD IS USED BY ACTIVE-DUTY US MILITARY PERSONNEL? OTP PIV CAC SIM
CAC (COMMON ACCESS CARD)
WHICH OF THE FOLLOWING SOLUTIONS WOULD BE BEST IN ALLOWING AN ENTERPRISE TO CENTRALLY APPLY ITS SECURITY POLICIES AND PROVIDE MANAGEABILITY AND VISIBILITY INTO THE PLATFORMS? PRIVATE DEPLOYMENT SECURITY AS A SERVICE CASB OFF-PREMISE POLICIES
CASB
YOU NEED TO INSTALL A NEW METAL FIRE EXTINGUISHER NEXT TO THE SERVER CLOSET. WHAT CLASS WOULD BE MOST USEFUL? CLASS D CLASS A CLASS B CLASS K
CLASS D
WHICH POLICY ENSURES THAT ALL THE IMPORTANT DOCUMENTS, CONFIDENTIAL LETTERS, ETC. ARE REMOVED AND LOCKED AWAY WHEN AN EMPLOYEE LEAVES HIS/HER WORKSTATION? SEPARATION OF DUTIES MANDATORY VACATION CLEAN DESK POLICY AUP
CLEAN DESK POLICY
YOU ARE DEVELOPING AN APPLICATION FOR SALE TO THE PUBLIC. YOU WANT TO ASSURE YOUR USERS THAT THE APP THEY RECEIVE ACTUALLY CAME FROM YOU. TRUSTED HARDWARE CODE SIGNING FIREWALL HIDS
CODE SIGNING
YOU'RE BRINGING ALL THE CODE CHANGES FROM. MULTIPLE TEAM MEMBERS INTO THE SAME DEVELOPMENT PROJECT THRU AUTOMATION. WHICH OF THE FOLLOWING BEST DESCRIBES THIS PROCESS? - CONTINUOUS DELIVERY - CONTINUOUS DEPLOYMENT - CONTINUOUS INTEGRATION - CONTINUOUS MONITORING
CONTINUOUS INTEGRATION
STEF WANTS TO SELECT A MOBILE DEVICE DEPLOYMENT THAT PROVIDES EMPLOYEES WITH DEVICES THAT ARE COMPANY-ISSUED AND SUPPORTED, BUT EMPLOYEES CAN USE THEM FOR PERSONAL REASONS TOO. WHICH OF THE FOLLOWING IS THE MOST LIKELY CULPRIT? BYOD CYOD COBO COPE
COPE
YOU ARE ASKED TO ANALYZE THE AGGREGATED EVENTS TO FIND USEFUL DATA THAT MIGHT NEED ADDITIONAL HUMAN REVIEW. WHICH OF THE FOLLOWING SIEM SOFTWARE FEATURES WILL YOU USE? LOG RETENTION AGGREGATION CORRELATION ALERTS
CORRELATION
A Sec analyst has been asked to investigate a situation after the SOC started to receive alerts from the SIEM. The analyst first looks at the domain controller and finds that an attack took place where the "dictionary " is made up of a stolen username & password pairs from another compromised system. Which of the following events has taken place? ZERO DAY MITM CRED STUFFING BIRTHDAY
CRED STUFFING
ASSUMING THAT ALL 4 ROLES EXIST SEPARATELY AT YOUR COMPANY, WHO OVEERSEES STRATEGIC SECURITY NEEDS, WITH A FOCUS ON ORGANIZATIONAL RISK MGMT? (SECURITY FUNDAMENTALS) CPO CIO CCO CSO
CSO - CHIEF SECURITY OFFICER
IN WHICH OF THE FOLLOWING CAN THE EMPLOYEE CHOOSE BETWEEN A LIST OF DEVICES THE COMPANY HAS APPROVED FOR SECURITY FEATURES AND SUPPORT? ASSET TRACKING BYOD GPS CYOD
CYOD (CHOOSE YOUR OWN DEVICE)
WHICH OF THE FOLLOWING INCLUDES EXPLICIT ACES SET ON THE OBJECT, INHERITED ACES RECEIVED FROM ITS PARENTS, AND GENERIC ACES FROM ITS CLASS? DACL IdP KBA SID
DACL - FULL LIST OF ACES THAT APPLY TO AN OBJECT
WHO AMONG THE FOLLOWING IS A SYSTEM ADMINISTRATOR RESPONSIBLE FOR CREATING AND ENFORCING THE TECHNICAL CONTROLS REGARDING ACCESS TO DATA, UNDER THE DIRECTION OF ITS OWNER? DATA STEWARD PRIVACY OWNER DATA CUSTODIAN DATA OWNER
DATA CUSTODIAN
Which of the following is the correct sequence of encryption ciphers from the weakest to the strongest? (CRYPTOGRAPHY) DES - BLOWFISH - AES - 3DES 3DES - DES - AES - BLOWFISH 3DES -BDES - BLOWFISH - AES DES - 3DES - BLOWFISH - AES
DES - 3DES - BLOWFISH - AES
WHAT KIND OF INFORMATION IS MOST IMPORTANT FOR AN INCIDENT RESPONSE TEAM? - DETAILED FORENSICS PROCEDURES AND RELATED LEGAL REQUIREMENTS - DETAILED SYSTEM DOCUMENTATION AVAILABLE AT ALL TIMES - AWARENESS OF THE EXTRA PERMISSIONS THEY'VE BEEN GIVEN - HIGH-LEVEL UNDERSTANDING OF ASSETS OF THE ORG
DETAILED FORENSICS PROCEDURES AND RELATED LEGAL REQUIREMENTS
YOU ARE LOOKING FORNA CONTROL THST WOULD DISCOURAGE THE ATTACKER FROM ATTEMPTING TO GAIN ACCESS. WHAT TYPE OF SECURITY CONTROL WILL YOU IMPLEMENT? PREVENTIVE CORRECTIVE DETERRENT DETECTIVE
DETERRENT
ALICE, A SECURITY ANALYST, PERFORMS A BACKUP THAT CAPTURES THE CHANGES SINCE THE LAST FULL BACKUP. WHAT TYPE OF BACKUP HAS SHE PERFORMED? DIFFERENTIAL BACKUP INCREMENTAL BACKUP NEW FULL BACKUP SNAPSHOT
DIFFERENTIAL BACKUP
WHAT SERVICE GETS ENABLED WHEN YOU IMPLEMENT LDAP FOR YOUR ORG? DIRECTORY SERVICE BIOMETRIC ID PROVIDER ATTESTATION FEDERATION
DIRECTORY SERVICE
WHICH OF THE FOLLOWING MIGHT PROTECT USERS FROM COPYING SENSITIVE FILES TO EXTERNAL MEDIA? FDE TPM HSM DLP
DLP (DATA LOSS PREVENTION) - PROTECTS ALL SENSITIVE DATA THAT PASSES THRU ENDPOINT ITS INSTALLED ON
YOU' VE JUST DISCOVERED A KIND OF MALWARE THAT OVERWRITES THE HOSTS FILE TO REDIRECT WEB SEARCHES TO A MALICIOUS SITE. WHAT TECHNIQUES DOES IT MOST LIKELY USE? ARP POISONING VLAN HOPPING DOMAIN HIJACKING DNS POISONING
DNS POISONING
WHAT TYPE OF XSS ATTACK WOULD NOT BE VISIBLE TO A SECURITY ANALYST INSPECTING THE HTML SOURCE CODE IN A BROWSER? DOM-BASED PERSISTENT PARAMETER POLLUTION XSRF
DOM-BASED (DOCUMENT OBJECT MODEL)
WHICH OF THE FOLLOWING STATEMENTS IS CORRECT REGARDING DOWNGRADES? DOWNGRADES DONT REQUIRE FULL INSTALLATION DOWNGRADES MUST BE COMPLETED ALL AT ONCE DOWNGRADES REQUIRE MORE COMPLEX PROCEDURES THAN UPGRADES DOWNGRADES ARE GENERALLY LESS SUPPORTED THAN UPGRADES
DOWNGRADES ARE GENERALLY LESS SUPPORTED THAN UPGRADES
WHICH DOCUMENT IS A TECHNICAL PROCEDURE FOR RESTORING SERVICES AND OPERATIONS AFTER SIGNIFICANT DISRUPTIONS? DRP COOP BIA BCP
DRP (DISASTER RECOVERY PLAN)
Which of the following is a NIST std that uses a discrete logarithm & is faster for data encryption & signature verification? (CRYPTOGRAPHY) DSA ECC HMAC DH
DSA (Digital Signature Algorithm)
A NEW PRIVACY LAW DEMANDS MORE ROBUST PROTECTION FOR YOUR CUSTOMER DATABASE. FORST, YOU RESEARCHED DATABASE SECURITY PRODUCTS TO FIND WHICH WOULD RELIABLY MEET YOUR NEEDS. NOW THAT YOU'VE SELECTED AND INSTALLED ONE, YOU'RE CURRENTLY TRAINING ADMINISTRATORS TO PERFORM INTEGRITY CHECKS, UPDATE THE SOFTWARE, AND REVIEW LOGS FOR SUSPICIOUS ACTIVITIES. WHAT ARE YOU PRACTICING? (SECURITY FUNDAMENTALS) REGULATORY COMPLIANCE DUE CARE AVAILABILITY NEGLIGENCE
DUE CARE
WHICH OF THE FOLLOWING IS THE TECHNIQUE USED TO LOOK FOR INFORMATION IN TRASH OR AROUND DUSTBIN CONTAINER? BAITING PIGGYBACKING DUMPSTER DIVING PRETEXTING
Dumpster diving
WHICH OF THE FOLLOWING IS A PROCESS WHERE YOU IDENTIFY, SECURE, AND ANALYZE DATA WITH THE INTENT OF USING IT IN A CRIMINAL OR CIVIL COURT CASE? INDUSTRIAL CAMOUFLAGE SIGNAL SURVEYS EDISCOVERY DUAL CONTROL VIOLATION
EDISCOVERY
WHICH OF THE FOLLOWING IS AN EXTENSION OF THE DIFFIE-HELLMAN KEY EXCHANGE INTO A COMPLETE DISCRETE LOGARITHM CRYPTOSYSTEM, ALLOWING FOR TASKS LIKE GENERAL ENCRYPTION? (CRYPTOGRAPHY) RSA MD5 EIGamal RIPEMD
EIGamal
WHICH OF THE FOLLOWING STATEMENTS IS CORRECT REGARDING TACACS+ OVER RADIUS? - ENCRYPTS ENTIRE ACCESS REQUEST PACKETS - BETTER ABLE TO SUPPORT IP PACKETS - LESS COMPLICATED TO ADMINISTER - USES TCP PORT 149
ENCRYPTS ENTIRE ACCESS REQUEST PACKETS
WHICH OF THE FOLLOWING ENCRYPTS THE PACKET PAYLOAD, ALONG WITH INTEGRITY AND AUTHENTICATION INFORMATION? AH CLIENTLESS VPN ESP IKE
ESP (ENCAPSULATING SECURITY PAYLOAD)
WHICH OF THE FOLLOWING IS A ROGUE AP THAT HAS THE SAME SSID AND SECURITY SETTINGS AS A LEGIT AP, SO THAT USER'S MIGHT CONNECT TO IT INSTEAD OF THE REAL ONE/ JAMMING EVIL TWIN NFC VULNERABILITIES BLUEJACKING
EVIL TWIN
WHAT KIND OF PROXY WOULD YOU USE TO MEDIATE COMMS BET. LAN CLIENTS AND INTERNET SERVERS BUT REQUIRE CLIENT-SIDE CONFIGURATION? REVERSE FORWARD ANONYMOUS TRANSPARENT
FORWARD
Which of the following is a certificate backed by a stricter identity validation process than the CA's default? (CRYPTOGRAPHY) Extended Validation Email Domain validation Machine Authentication
Extended Validation
YOUR COMPANY HAS RECEIVED AN EMAIL THAT CONTAINED A VIRUS ATTACHED. LATER, YOU HAVE REALIZED THAT NO ALARM IS RAISED AS THE EMAIL SECURITY SOLUTION THAT YOUR COMPANY USES DIDNT DETECT THE THREAT. WHAT OCCURRED? (SECURITY FUNDAMENTALS) True negative True positive False negative False positive
FALSE NEGATIVE
THE US GOVT AGENCY PLANS TO MIGRATE SOME OF ITS INTERNALLY HOSTED DATA TO A CLOUD-BASED SERVICE. YOU NEED TO MAKE SURE THE PROPOSED VENDOR CAN MEET THE SAME SEC REQS AS THE CURRENT SOLUTION. WHAT ARE YOU CURRENTLY PRACTICING? (SECURITY FUNDAMENTALS) FISMA COMPLIANCE DUE DILIGENCE DUE CARE GLBA COMPLIANCE GDPR COMPLIANCE
FISMA COMPLIANCE & DUE DILIGENCE
WHICH OF THE FOLLOWING IS AN INTEGRATED CIRCUIT WITH A LOGICAL STRUCTURE THAT CAN BE REPROGRAMMED AFTER MANUFACTURE, IN CONTRAST TO THE PRE-PRINTED LOGIC FUNCTION FOUND IN A MICROPROCESSOR OR ASIC? SoC FPGA RTOS IoT
FPGA (FIELD-PROGRAMMABLE GATE ARRAY)
WHICH OF THE FOLLOWING SECURE PROTOCOLS ADD SSL/TLS SECURITY TO PROTOCOLS THAT WER INSECURE ON THEIR OWN? FTPS HTTPS SFTP SNMPV3 SSH
FTPS, HTTPS, SNMPV3
YOUR FRIEND IS A GOVT CONTRACTOR WHO DISCLOSED SENSITIVE GOVT INFO TO YOU TO UNCOVER WHAT HE BELIEVED WERE UNETHICAL ACTIVITIES. WHICH OF THE FOLLOWING TERMS BEST DESCRIBES HIS ACTIVITIES? CHOOSE 2 (RISK MGMT) HACKTIVIST INSIDER ORG CRIME APT STATE ACTOR
HACKTIVIST & INSIDER
WHICH CATEGORY OF ATTACKERS MIGHT ALSO BE CALLED CYBERTERRORISTS? (RISK MGMT) HACKTIVISTS INSIDERS SCRIPT KIDDIES COMPETITORS
HACKTIVISTS
WHICH OF THE FOLLOWING IS LEAST VOLATILE ACCORDING TO THE FORENSIC ORDER OF VOLATILITY? HARD DRIVES ROUTING TABLES CACHE MEMORY CPU REGISTERS
HARD DRIVES ORDER OF VOLATILITY: - CPU REGISTERS & CACHE MEMORY - ROUTING TABLES, ARP CACHE, PROCESS TABLES, AND KERNEL STATS - OTHER RAM CONTEXTS - SWAP FILES OR OTHER TEMP FILE SYSTEMS - OTHER DATA ON HARD DRIVES OR FLASH MEDIA - NETWORK LOGGING DATA - FIRMWARE OR PHYSICAL CONFIGURATION - ARCHIVAL MEDIA SUCH AS OPTICAL DISCS OR PRINT-OUTS
YOUR COMPANY IS DEVELOPING AN APPLICATION IN WHICH A PRIVATE US-BASED HOSPITAL WILL ALLOW PATIENTS TO ACCESS THEIR MEDICAL RECORDS ONLINE. REGARDLESS OF WHAT OTHER DATA THE APPLICATION HANDLES, WHAT KIND OF COMPLIANCE DO YOU ALREADY KNOW YOU NEED TO RESEARCH? (SECURITY FUNDAMENTALS) FERPA FISMA HIPPA PCI DSS
HIPPA
WHICH OF THE FOLLOWING ARE USED IN DATA CENTERS AS PART OF AIRFLOW AND THERMAL REGISTRATION? AIR GAPS BOLLARDS HOT AND COLD AISLES VISITOR LOGS
HOT AND COLD AISLES
What type of cryptography is best suited for key generation? (CRYPTOGRAPHY) Symmetric encryption One-Time Pad Hashing Asymmetric encryption
Hashing
YOUR DEPARTMENT HAS IMPLEMENTED A DECOY HAVING NO USEFUL RESOURCES AND ISOLATED IT FROM THE REST OF THE NETWORK SO THAT COMPROMISING IT WON'T EVEN BE USEFUL FOR MOUNTING AN INSIDE ATTACK. WHAT TECHNIQUE IS BEING USED? IPS HONEYPOT ANOMALY ANALYSIS NGFW
Honeypot
WHICH OF THE FOLLOWING REPS THE CORRECT ORDER OF STEPS INVOLVED IN A COMPLETE RISK ASSESSMENT? (RISK MGMT) - ID ASSETS AT RISK - EVAL THREAT PROBABILITY - CONDUCT THREAT ASSESSMENT - ANALYZE BUSINESS IMPACT - PRIORITIZE RISKS - CREATE MITIGATION STRATEGY - ID ASSETS AT RISK - CREATE A MITIGATION STRATEGY - CONDUCT A THREAT ASSESSMENT - ANALYZE BUSINESS IMPACT - EVAL THREAT PROBABILITY - PRIORITIZE RISKS -ID ASSETS AT RISK - CONDUCT A THREAT ASSESSMENT - ANALYZE BUSINESS IMPACT - EVAL THREAT PROBABILITY - PRIORITIZE RISKS - CREATE A MITIGATION STRATEGY - ID ASSETS AT RISK - CONDUCT A THREAT ASSESSMENT - EVAL THREAT PROBABILITY - PRIORITIZE RISKS - ANALYZE BUSINESS IMPACT - CREATE A MITIGATION STRATEGY
ID ASSETS AT RISK - CONDUCT A THREAT ASSESSMENT - ANALYZE BUSINESS IMOACT - EVAL THREAT PROBABILITY - PRIORITIZE RISKS - CREATE A MITIGATION STRATEGY
YOU HAVE IMPLEMENTED A PASSIVE MONITORING SYSTEM THAT IS DESIGNED TO KEEP ADMINISTRATORS AWARE OF MALICIOUS ACTIVITY AND CAN RECORD DETECTED INTRUSIONS IN A DATABASE AND SEND ALERT NOTIFICATIONS SO THAT THE ADMINISTRATORS CAN TAKE ACTION. WHICH OF THE FOLLOWING HAVE YOU IMPLEMENTED? APPLICATION LAYER FIREWALL IDS IPS STATEFUL FIREWALL
IDS
WHICH OF THE FOLLOWING STATEMENTS IS TRUE REGARDING RAID? - ALWAYS USE RAID AS A SUBSTITUTE FOR MAKING REGULAR DATA BACKUPS - IF RAID CONTROLLER FAILS, OR IF MALWARE OR OTHER SOFTWARE WRITES CORRUPTED DATA TO THE DISK, IT MATTERS HOW MANY MIRRORED OR PARITY DISKS YOU HAVE - MOST USE HOT-SWAPPABLE DRIVES SO THAT YOU CAN REPLACE A FAILED DRIVE AND REBUILD ARRAY - IF ONE OF THE DRIVES IN THE ARRAY FAILS, THE DATA STORED ON THE FAILED DRIVE CAN BE RECREATED FOR THE PARITY DATA ON THE REMAINING DRIVES
IF ONE OF THE DRIVES IN THE ARRAY FAILS, THE DATA STORED ON THE FAILED DRIVE CAN BE RECREATED FOR THE PARITY DATA ON THE REMAINING DRIVES
WHICH OF THE FOLLOWING IS A SPECIFIC IMPLEMENTATION OF THE ISAKMP FRAMEWORK AND AUTHENTICATES SAS BETWEEN 2 HOSTS AND EXCHANGES ENCRY7KEYS TO SET UP A SECURE CHANNEL? AH ESP IKE L2TP
IKE (INTERNET KEY EXCHANGE)
WHICH OF THE FOLLOWING IS A MODEL FOR ACCESS SECURITY THAT DENIES THE ACCESS UNLESS A RULE EXPLICITLY ALLOWS IT? EXPLICIT ALLOW EXPLICIT DENY IMPLICIT ALLOW IMPLICIT DENY
IMPLICIT DENY
WHICH ELEMENT OF YOUR RISK MITIGATION STRATEGY PROVIDES THE BEST HELP WHEN SOMETHING DOES GO WRONG WITH SECURITY, YOU NEED TO DETERMINE WHAT HARM WAS DONE, AND RESTORE THE SYSTEM TO A SECURE STATE? (RISK MGMT) SECURITY AUDITS TECHNICAL CONTROLS CHANGE MGMT INCIDENT MGMT
INCIDENT MGMT
WHICH DOCUMENT SPECIFICALLY COVERS PROCEDURES FOR RESTORING INDIVIDUAL INFORMATION SYSTEMS AFTER A DISASTER OR FOR MAINTAINING PARTIAL FUNCTION DURING THE RECOVERY PROCESS? BCP BIA ISCP COOP
ISCP (INFORMATION SYSTEM CONTINGENCY PLAN)
YOU'RE DISCUSSING WITH YOUR COLLEAGUES ABOUT WPA AUTHENTICATION AND ONE OF THEM HAS ASKED ABOUT THE CAPTIVE PORTAL. WHICH OF THE FOLLOWING WILL YOU ANSWER? IT RELIES ON WIRELESS-SPECIFIC TECH USERS CAN FREELY ACCESS THE NETWORK UNTIL THEY SATISFY THE CONDITIONS OF THE PORTAL IT CAN BE BYPASSED AND ONLY PROVIDE ENCRYPTION WHEN USED WITH THE OPEN FEATURE OF WPA3 IT IS THE PART OF THE WI-FI SPECIFICATION
IT CAN BE BYPASSED AND ONLY PROVIDE ENCRYPTION WHEN USED WITH THE OPEN FEATURE OF WPA3
WHICH OF THE FOLLOWING STATEMENTS IS CORRECT REGARDING BITLOCKER? EACH USER ACCOUNT HAS A SEPARATE BITLOCKER KEY STORED IN ITS SETTINGS IT PROTECTS ENTIRE DRIVES W/PERSONAL AND SYSTEM FILES ANY USER CAN INDEPENDENTLY ENCRYPT FILES USING BITLOCKER BITLOCKER ENCRYPTED FILES ARE UNREADABLE TO OTHER USERS ON THE SAME COMPUTER
IT PROTECTS ENTIRE DRIVES WITH PERSONNEL AND SYSTEM FILES ALL USERS ON A BITLOCKER-ENCRYPTED SYSTEM CAN ACCESS THE FULL SYSTEM BITLOCKER MUST BE ENABLED FOR THE ENTIRE COMPUTER BY ANY ADMINISTRATOR BITLOCKER USES A KEY FOR THE ENTIRE SYSTEM, WHICH MUST BE SUPPLIED ON SYSTEM STARTUP
WHICH OF THE FOLLOWING USES MACHINE-READABLE DEFINITION FILES TO GENERATE AND DEPLOY SERVICE COMPONENTS IN AN AUTOMATED PROCESS? VPC EBS IoT IaC
IaC
WHICH OF THE FOLLOWING IS A ROLE IN A SAML SYSTEM THAT HOLDS A DIRECTORY OF USERS AND THEIR PERMISSION? OWNER SP PRINCIPAL IDP
IdP SAML (SECURITY MARKUP LANGUAGE) = OPEN XML-BASED STD USED TO EXCHANGE AUTHENTICATION & AUTHORIZATION INFO. WORKS BY SENDING XML-BASED MSGS BET. SYSTEMS & IS TRANSPARENT TO THE END-USER ROLES: Principal: client seeking to be authenticated, typically an end-user IdP: An Identity Provider is an authentication server that holds a directory of users & their permissions SP: Service Provider is a server containing resources
WHICH OF THE FOLLOWING LANGUAGES DOES XSS TARGET? HTML PYTHON PHP JAVASCRIPT
JAVASCRIPT
YOUR ORG HAS ITS EMPLOYEES SWITCH DUTY RESPONSIBILITIES EVERY 3 MONTHS. WHAT SECURITY PRINCIPLE ARE THEY EMPLOYING? MANDATORY VACATIONS JOB ROTATION SEPARATION OF DUTIES LEAST PRIVILEGE
JOB ROTATION
Your employer demands a copy of all private keys used on devices you use for work, since regulatory requirements require them to be able to decrypt any official communications when legally requested. What is this an example of? (CRYPTOGRAPHY) KEY ESCROW KEY RECOVERY PKI HIERARCHY REVOCATION
KEY ESCROW
WHAT INJECTION ATTACK IS FREQUENTLY USED FOR NETWORK DIRECTORY SERVICES, SUCH AS ACCESSING USER NAMES AND PASSWORDS, CORPORATE EMAIL DIRECTORIES, SYSTEM OR NETWORK INFORMATION? COMMAND INJECTION NoSQL INJECTION LDAP INJECTION DLL INJECTION
LDAP INJECTION (LIGHTWEIGHT DIRECTORY ACCESS PROTOCOL)
WHAT ORDER DOES WINDOWS PROCESS GPOS IN? LOCAL - CHILD OU - SITE - DOMAIN - ORG UNIT SITE - DOMAIN - LOCAL - ORG UNIT - CHILD LOCAL - SITE - DOMAIN - ORG UNIT - CHILD OU DOMAIN - CHILD - LOCAL - ORG UNIT - SITE
LOCAL - SITE - DOMAIN - ORG UNIT - CHILD OU
Jacob is planning his organization's biometric authentication system and is considering retina scans. What concern may be raised about retina scans by others in his organization? HIGH FAR & LOW FRR HIGH FRR & LOW FAR LOW CER HIGH CER
LOW CER = LOW FALSE REJECTION RATE & LOW FALSE ACCEPTANCE RATE
WHICH OF THE FOLLOWING AREAS OF EXPERTISE DOES A FULL INCIDENT RESPONSE TEAM MIGHT INCLUDE? ASSOCIATE LEADERSHIP CULTURAL KNOWLEDGE COMMUNICATIONS
Leadership & Communications
IN WHICH ACCESS CONTROL MODEL, CAN THE ADMINISTRATORS ASSIGN SECURITY CLASSIFICATIONS, OR LABELS, TO EACH USER AND EACH RESOURCE, AND A USER CAN ONLY ACCESS A GIVEN RESOURCE IF THEIR LABELS ARE COMPATIBLE? RBAC DAC MAC TEMPORARY
MAC (MANDATORY ACCESS CONTROL) - DEV FOR MILITARY USE - COMMON IN HIGH-SECURITY ENVIRONMENTS
YOU WANT TO USE A SEC STD THAT ADDS AUTHENTICATION AND ENCRYPTION TO LAYER 2 PROTOCOLS OVER ETHERNET, SUCH AS ARP OR DHCP. WHICH OF THE FOLLOWING WILL YOU USE? MACSEC PORT SECURITY DHCP SNOOPING MAC FILTERING
MACSEC
Which of the following statements is correct regarding threat vector? (SECURITY FUNDAMENTALS) A THREAT VECTOR IS AN UNINTENTIONAL THREAT THE MECHANISM OF MINIMIZING VULNERABILITIES IS CALLED A THREAT VECTOR MALWARE IS A COMMON EXAMPLE OF A THREAT VECTOR A THREAT VECTOR REFERS TO THE PATHWAY THAT ORG TAKES TO FIND THE ATTACKERS
MALWARE IS A COMMON EXAMPLE OF A THREAT VECTOR
WHICH OF THE FOLLOWING IS A SPECIFIC PIECE OF CODE THAT ONLY RUNS WHEN TRIGGERED BY AN OUTSIDE EVENT RECEIVED FROM THE CSP PLATFORM? SOA-BASED WEB APPLICATION MICRO SERVICE CRM APPLICATION BLOB STORAGE SERVICE
MICRO SERVICE
WHAT POLICY DOCUMENT IS SOMETIMES SYNONYMOUS WITH A LETTER OF INTENT? BPA ISA MOU SLA
MOU
WHO AMONG THE FOLLOWING ARE THE INTELLIGENCE AGENCIES & DEDICATED CYBER WARFARE ORGS EMPLOYED TO ATTACK RIVSL GOVTS, BUSINESSES, POLITICAL ORGS AS THEY PERCEIVE TO BE A THREAT TO THE COUNTRY'S NATIONAL INTERESTS? (RISK MGMT) NATION-STATE ACTORS ORGANIZED CRIME HACKTIVISTS INSIDER THREATS
NATION-STATE ACTORS
A CRITICAL NETWORK SERVICE IS HOSTED ON A LEGACY SERVER RUNNING AN OBSOLETE OS, AND YOU CAN'T REPLACE IT UNTIL THE NEXT FISCAL YEAR. YOU JUST LEARNED IT IS INCREDIBLY VULNERABLE TO A NEW WORM THAT'S APPEARED ON OTHER COMPUTERS ON YOUR NETWORK, BUT YOU CAN'T UPDATE THE SERVER OR INSTALL SOFTWARE THAT WILL PROTECT IT. WHAT CAN YOU PLACE BETWEEN THE SERVER AND THE REST OF THE NETWORK TO PROTECT IT? HIDS NIPS AIRGAP FIREWALL
NIPS (NETWORK IPS)
WHICH OF THE FOLLOWING IS A US GOVT AGENCY CHARGED WITH DEVELOPING AND SUPPORTING STDS USED BY OTHER GOVT ORGS? (SECURITY FUNDAMENTALS) ISOC OWASP W3C NIST
NIST
WHICH OF THE FOLLOWING NETWORK SERVICES SYNCHRONIZES CLOCKS BETWEEN NETWORKED COMPUTERS AND DEVICES, RATHER THAN TRANSFERRING USER DATA? DNS DHCP LDAP NTP
NTP
YOUR COMPANY HAS DEVELOPED AN ONLINE GAME AND IT ASKS TO ACCESS YOUR ACCT TO POST YOUR IN-GAME ACHIEVEMENTS AS STATUS UPDATES. YOU ARE WORRIED THAT YOUR COMPANY MAY ACCESS YOUR PRIVATE MESSAGES AND PHOTOS OR CHANGE YOUR ACCT SETTINGS. WHICH OF THE FOLLOWING WILL YOU USE TO SOLVE THIS PROBLEM? ACTIVE DIRECTORY OAUTH TACACS+ SAML
OAUTH (OPEN AUTHORIZATION) STD
What is seen as the most modern & flexible way to find out if a certificate has been revoked? (CRYPTOGRAPHY) CRL CSR OCSP ASN1
OCSP - request/response protocol used over HTTP
WHAT SNMP COMPONENT IS A UNIQUE NUMBER CORRESPONDING TO AN OBJECT PROPERTY THST CAN BE MONITORED ON A MANAGED DEVICE? OID MIB MANAGER AGENT
OID (Object Identifier)
WHAT KIND OF POLICY GOVERNS A SET OF PROCESS FOR HOW AN EMPLOYEE NEEDS TO PREPARE A DEVICE TO NOIN THE PROGRAM? ONBOARDING OFF-BOARDING STORAGE SEGMENTATION ASSET TRACKING
ONBOARDING
WHICH OF THE FOLLOWING STATEMENTS IS CORRECT REGARDING PASSWORD POLICIES? - ONE WAY TO CREATE A VERY LONG PASSWORD IS BY USING A PASSPHRASE, WHICH ONLY HAS MEANING TO THE USER - PASSWORDS SHOULD BE HARD FOR THE USER TO REMEMBER, BUT EASY FOR ANYONE ELSE TO GUESS, EVEN IF THEY KNOW THE USER VERY WELL - PASSWORDS THAT HAVE BEEN CHANGED SHOULD BE REUSED - SHORTER PASSWORDS ARE STRONGER
ONE WAY TO CREATE A VERY LONG PASSWORD IS BY USING A PASSPHRASE, WHICH ONLY HAS MEANING TO THE USER -longer passwords are stronger: user-chosen passwords should be at least 8 characters, and max length should be very permissive, at least t4 characters - even if complexity isn't required, allowing users to use more character types enhances security - one way to create a very long password is by using a passphrase, which only has meaning to the user - passwords should be compared to a list of known simple/easily compromised passwords before they're approved - passwords should always be changed when there's reason to believe they've been compromised - passwords that have been changed should not be reused
WHICH OF THE FOLLOWING IS THE BEST CERTIFICATE FORMAT THAT COMMONLY USES THE WEB OF TRUST MODEL? (CRYPTOGRAPHY) OPENPGP X.509 ASN.1 BRIDGE
OPENPGP
WHICH OF THE FOLLOWING CONTROLS PRIMARILY PROTECT DATA AVAILABILITY? (SEC FUNDAMENTALS) VERSION CONTROL HASHING PATCH MGMT DIGITAL SIGNATURES
PATCH MGMT
WHICH STD DO YOU NEED TO USE WHEN HANDLING CREDIT CARD DATA? PCI DSS NIST HIPAA PKI
PCI DSS
WHICH OF THE FOLLOWING ISN'T AN EAP AUTHENTICATION METHOD, BUT RATHER A PROTOCOL THAT SECURES EAP AUTHENTICATION IN A TLS TUNNEL? EAP-SIM EAP-TLS PEAP EAP-TTLS
PEAP (PROTECTED EAP)
WHICH OF THE FOLLOWING IS THE CORRECT ORDER OF THE DEMING CYCLE? (SECURITY FUNDAMENTALS) ACT - CHECK - PLAN - DO CHECK - ACT - DO - PLAN ACT - CHECK - DO - PLAN PLAN - DO - CHECK - ACT
PLAN - DO - CHECK -ACT
YOU'VE FOUND A COMPUTER INFECTED BY A MALWARE THAT IS CHANGING IS CODE WHENEVER IT IS SPREADING IN ORDER TO EVADE DETECTION. WHAT KIND OF MALWARE IS IT? FILELESS MALWARE ARMORED VIRUS POLYMORPHIC MALWARE ROOTKIT
POLYMORPHIC MALWARE
WHAT SEC FEATURE IS ESPECIALLY IMPORTANT FOR PREVENTING ROGUE DEVICES ON THE NETWORK? LOOP PROTECTION DMZ VPN PORT SECURITY
PORT SECURITY
WHICH VPN PROTOCOL WAS INITIALLY DEVELOPED BY A VENDOR CONSORTIUM AND ENCAPSULATES PPP PACKETS OVER GRE TO PROVIDE VPN TUNNELING FEATURES? SSL/TLS L2TP/IPSEC PPTP SSH
PPTP (POINT-TO-POINT TUNNELING PROTOCOL)
WHICH OF THE FOLLOWING IS THE CORRECT ORDER OF THE INCIDENT RESPONSE PROCESS? — ERADICATION - IDENTIFICATION - CONTAINMENT - PREPARATION - INVESTIGATION - RECOVERY - FOLLOW UP — IDENTIFICATION - CONTAINMENT - PREPARATION - INVESTIGATION - ERADICATION - RECOVERY - FOLLOW UP — IDENTIFICATION - PREPARATION - CONTAINMENT - INVESTIGATION - ERADICATION - RECOVERY - FOLLOW UP — PREPARATION - IDENTIFICATION - CONTAINMENT - INVESTIGATION - ERADICATION - RECOVERY - FOLLOW UP
PREPARATION - IDENTIFICATION - CONTAINMENT - INVESTIGATION - ERADICATION - RECOVERY - FOLLOW UP
WHAT KIND OF TOOL IS OFTEN USED TO CAPTURE AND ANALYZE NETWORK TRAFFIC? NETWORK MAPPER DATABASE VULNERABILITY TESTER WIRELESS ANALYZER PROTOCOL ANALYZER
PROTOCOL ANALYZER
WHICH OF THE FOLLOWING TECHNIQUES SENDS FORGED, REPLAYED, OR OTHERWISE NON-STD PACKETS TO A NETWORK APP? APPLICATION FUZZING VALIDATION FILE FORMAT FUZZING PROTOCOL FUZZING
PROTOCOL FUZZING
JOE WANTS TO ALLOW GUESTS TO USE HIS ORG'S WIRELESS NETWORK BY PROVIDING A PRESHARED KEY. WHAT SOLUTION CAN HE DEPLOY TO ALLOW USERS TO ACCESS HIS OPEN NETWORK? WI-FI EASY CONNECT PSK CAPTIVE PORTAL 802.1X
PSK (Pre-shared key)
YOU'VE TRACED SOME ANOMALOUS NETWORK ACTIVITY INFECTING THE WHOLE DEPARTMENT's COMPUTERS BY STEALING INFORMATION. THEY'RE INSTALLED AS ADD-ONS WITH LEGITIMATE FREE SOFTWARE APPS BY POPULAR DOWNLOAD SITES. WHAT KIND OF MALWARE IS IT? SPYWARE PUP BOTNET TROJAN
PUP (POTENTIALLY UNWANTED PROGRAM)
WHICH OF THE FOLLOWING TECHNIQUES IS ALSO DEFINED AS TAILGATING? PHISHING PIGGYBACKING BAITING PRETEXTING
Piggybacking
WHICH OF THE FOLLOWING STATEMENTS IS CORRECT REGARDING QUALITATIVE RISK ASSESSMENT? (RISK MGMT) - QUALITATIVE RISK ASSESSMENT RELIES ON HAVING CONCRETE FINANCIAL VALUE FOR THE IMPACT OF LOSSES, OR STRICT PERCENTAGE FOR LIKELIHOOD - QUALITATIVE RISK ASSESSMENT CAN GIVE A CLEAR COST-BENEFIT ANALYSIS FOR A GIVEN SEC CONTROL - QUALITATIVE RISK ASSESSMENT IS GENERALLY BEST SUITED FOR INTANGIBLE ASSETS - QUALITATIVE RISK ASSESSMENT ASSIGNS AN OBJECTIVE VALUE, TYPICALLY A MONETARY FIGURE TO EACH RISK
QUALITATIVE RISK ASSESSMENT IS GENERALLY BEST SUITED FOR INTANGIBLE ASSETS
YOU HAVE OBSERVED AN UNEXPECTED RESULT WHEN TEH 2 OPS ARE ATTEMPTED AT THE SAME TIME AND THE ACTIONS DO NOT OCCUR IN THE EXPECTED ORDE. WHAT TYPE OF FLAW DOES THE APPLICATION HAVE? BUFFER OVERFLOW REQUEST FORGERY RACE CONDITION INJECTION
RACE CONDITION
JOE WANTS TO IMPLEMENT AN AAA SYSTEM FOR DIAL-IN USERS TO NETWORKS. WHICH OF THE FOLLOWING IS AN AAA SYSTEM SHE COULD IMPLEMENT? SAML RADIUS LDAP OAUTH
RADIUS
WHICH OF THE FOLLOWING ALLOWS REDUNDANCY BY SAVING DATA TO MULTIPLE HARD DRIVES AT ONCE? - REDUNDANT POWER SUPPLY - BACK POWER SOURCE - NIC TEAMING - RAID
RAID (REDUNDANT ARRAY OF INDEPENDENT/INEXPENSIVE DISKS)
YOU WANT TO IMPLEMENT A MIRRORED DRIVE SOLUTION. WHAT RAID LEVEL DOES THIS DESCRIBE? RAID 0 RAID 1 RAID 5 RAID 6
RAID 1
CRYPTO-MALWARE IS A TYPE OF WHAT SORT OF MALWARE? TROJAN ROOTKIT RANSOMWARE KEYLOGGER
RANSOMWARE
WHICH OF THE FOLLOWING CONTAINS A 64-BIT ARM CPU AND SUPPORTS LINUX NATIVELY AND HAS THE RESOURCES AND HARDWARE TO RUN THE OS AND SERVICES? RTOS SYSTEM ON A CHIP FPGA RASPBERRY PI
RASPBERRY PI
Which of the following was initiallly designed as a stream cipher? (CRYPTOGRAPHY) BLOWFISH AES TWOFISH RC4
RC4
WHAT USER PERMISSIONS WOULD A LINUX FILE HAVE IF ITS PERMISSIONS ARE DISPLAYED AS ' -rwxrw-r—'? READ, WRITE, AND EXECUTE READ ONLY READ AND WRITE WRITE ONLY
READ, WRITE, AND EXECUTE (rwx) rwx = User rw = Group r = Others
WHICH OF THE FOLLOWING RELIES ON IP SPOOFING TO GENERATE OVERWHELMING TRAFFIC FROM UNRELATED HOSTS, OFTEN ONES THE TARGET WOULDN'T WANT TO BLOCK? VLAN HOPPING BLUESNARFING MALFORMED PACKETS REFLECTED ATTACK
REFLECTED ATTACK
YOU HAVE DETECTED A POTENTIAL SOCIAL ENGINEERING ATTACK BECAUSE THE RETURN EMAIL ADDRESS IS A DOMAIN ASSOCIATED WITH SCAMMERS. WHICH OF THE FOLLOWING IS A THREST INDICATOR THAT REPS THE SCENARIO IN THE BEST WAY POSSIBLE? (RISK MGMT) BEHAVIORAL RISK REGISTER REPUTATIONAL VULNERABILITY
REPUTATIONAL INDICATOR
IN WHICH OF THE FOLLOWING RISK MGMT STRATEGIES WOULD CYBERSECURITY BE USED? (RISK MGMT) RISK ACCEPTANCE RISK TRANSFERENCE RISK DETERRENCE RISK AVOIDANCE
RISK TRANSFERENCE
YOUR ORG WANTS TO IMPLEMENT AN ACCESS CONTROL SCHEME THAT SETS PERMISSIONS BASED ON WHAT THE INDIVIDUAL'S JOB REQUIRES. WHICH OF THE FOLLOWING SCHEME IS MOST SUITED TO THIS TYPE OF IMPLEMENTATION? ATTRIBUTE-BASED ACCESS CONTROL ROLE-BASED ACCESS CONTROL MANDATORY ACCESS CONTROL DISCRETIONARY ACCESS CONTROL
ROLE-BASED ACCESS CONTROL
WHAT IS THE MOST ESSENTIAL TOOL FOR SEGMENTING BROADCAST DOMAINS? VLANS SWITCHES ROUTERS BRIDGES
ROUTERS
WHICH OF THE FOLLOWING IS THE MAXIMUM EXPECTED AMOUNT OF DOWNTIME BETWEEN WHEN A SERVICE IS TAKEN OFFLINE BY A DISASTER AND WHEN ITS FUNCTIONS WILL BE FULLY RESTORED? RTO RPO MTBF MTTR
RTO (RECOVERY TIME OBJECTIVE)
WHICH ACCESS CONTROL MODEL IS USED BY NETWORK HARDWARE SUCH AS ROUTERS? MANDATORY ROLE-BASED RULE-BASED DISCRETIONARY
RULE-BASED - STATIC| DYNAMIC| TRIGGERED BY EVENTS
WHICH OF THE FOLLOWING IS USED TO MONITOR STATE CHANGES IN LARGE SCALE DISTRIBUTION SYSTEMS SUCH AS ELECTRICAL GRIDS, WASTE CONTROL SYSTEMS, AND TRANSPORTATION? DCS IOT SCADA VOIP
SCADA (SUPERVISORY CONTROL AND DATA ACQUISITION)
YOU'VE RECEIVED AN ASSORTMENT OF FILES ALONG W/ACCOMPANYING HASHES TO GUARANTEE INTEGRITY. SOME OF THE HASH VALUES ARE 256-BIT AND SOME ARE 512-BIT. ASSUMING THEY ALL USE THE SAME BASIC ALGORITHM, WHAT MIGHT IT BE? (CRYPTOGRAPHY) MD5 SHA2 SHA1 RIPEMD
SHA2
WHAT IS A RISK CALLED WHEN USING ANY DISPLAY WHERE SOMEONE CAN SEE IT? DENIAL OF SERVICE ATTACK WIRELESS ATTACK MITM ATTACK SHOULDER SURFING
SHOULDER SURFING
YOU HAVE NOTICED THAT SOMEONE READ YOUR PASSWORD FROM THE ROOM BEYOND YOU AS YOU LOG IN. WHAT TYPE OF TECHNIQUE IS USED? PIGGYBACKING DUMPSTER DIVING SHOULDER SURFING SMURFING
SHOULDER SURFING
————- IS A CONTACT-BASED SMART CARD STORING THE INTERNATIONAL MOBILE SUBSCRIBER IDENTITY (IMSI) NUMBER AND KEY ASSOCIATED WITH A MOBILE NETWORK USER CAC PIV OTP SIM
SIM (SUBSCRIBER IDENTITY MODULE)
WHICH OF THE FOLLOWING IS A TYPE OF BACKUP THAT IS USED TO QUICKLY CAPTURE THE STATE OF A SYSTEM AT A GIVEN POINT WITH A LIMITED IMPACT ON ONGOING OPS? DIFFERENTIAL FULL INCREMENTAL SNAPSHOT
SNAPSHOT
VIRTUAL PLATFORMS: SNAPSHOTS|| SANDBOXING|| SECURITY CONTROL TESTING|| PATCH COMPATIBILITY || HOST AVAILABILITY/ELASTICITY
SNAPSHOTS: EASY TO CREATE SNAPSHOT OF A VM SANDBOXING: SINCE A VM CAN ONLY ACCESS HOST RESOURCES THRU THE HYPERVISOR AND DOESN'T INTERACT DIRECTLY W/OTHER VMS. ITS EFFECTIVELY A SANDBOX ENVIRONMENT ISOLATED FROM THE REST OF THE HOST SECURITY CONTROL TESTING: VIRTUAL TEST ENVIRONMENTS ARE AN IDEAL PLACE TO THOROUGHLY TEST SECURITY CONTROLS BEFORE DEPLOYING THEM ON THRE REAL NETWORK PATCH COMPATIBILITY: A TEST VM IS ALSO USEFUL FOR TESTING AN OS/APPLICATION PATCHES TO MAKE SURE THEY DONT INTRODUCE ANY PROBLEMS HOST AVAILABILITY/ELASTICITY: ITS REASONABLY EASY TO MAINTAIN HIGH AVAILABILITY FOR SERVICES HOSTED ON A VM - AFTER ALL, ITS EASY TO TRANSFER THE VM IF THE PHYSICAL HOST HAS PROBLEMS OR NEEDS MAINTENANCE
WHICH OF THE FOLLOWING IS A SPECIAL FORM OF ATTACK USING WHICH HACKER'S EXPLOIT HUMAN PSYCHOLOGY? CROSS SITE SCRIPTING SOCIAL ENGINEERING REVERSE ENGINEERING INSECURE NETWORK
SOCIAL ENGINEERING
WHICH OF THE FOLLOWING IS USUALLY TARGETED BY NATURE WHERE THE EMAILS ARE EXCLUSIVELY DESIGNED TO TARGET ANY EXACT USER? SMISHING VISHING SPEAR PHISHING ALGO-BASED PHISHING
SPEAR PHISHING
WHICH OF THE FOLLOWING IS USED FOR SECURE REMOTE ACCESS BUT CAN ALSO CREATE PROXY CONNECTIONS TO OBSCURE YOUR NETWORK LOCATION? (RISK MGMT) CURL HPING SSH PATHPING
SSH
WHAT ALLOWS USERS TO ACCESS MANY SERVICES WITH 1 SET OF CREDS? PRINCIPLE OF LEAST PRIVILEGE FEDERATED ID MGMT REMOTE ATTESTATION SSO
SSO (SINGLE SIGN ON)
IN WHICH OF THE FOLLOWING, THE SERVER PERIODICALLY VERIFIES ITS OWN CERTIFICATE STATUS & RECEIVES A TIME-STAMPED RESPONSE SIGNED BY THE CA? (CRYPTOGRAPHY) KEY PINNING TRANSPOSITION STAPLING ESCROW
STAPLING
Which DMZ topology is displayed in the figure? Wkstn — Trusted LAN — FIREWALL——-WAN Bastion Host UTM Firewall Single Firewall Dual Firewall
Single Firewall
TACACS+ (Terminal Access Controller Access Control System) ADVANTAGES OVER RADIUS (Remote Authentication Dial-in User)
TACACS+: TCP PORT 49| ENCRYPTS ENTIRE ACCESS REQUEST PACKETS| ENTIRELY SEPARATES ALL 3 STEPS OF AAA PROCESS| SUPPORTS MORE NON-IP PROTOCOLS RADIUS: UDP (CONNECTION-LESS)| COMBOS AUTHENTICATION & AUTHORIZATION INTO SINGLE STEP
YOU WANT TO SEND THREAT INFO VIA A STD PROTOCOL SPECIFICALLY DESIGNED TO EXHANGE CYBER THREAT INFO. WHAT SHOULD YOU CHOOSE? (RISK MGMT) OPENIC STIX 2.0 STIX 1.0 TAXII
TAXII (TRUSTED AUTOMATED EXCHANGE OF INDICATOR INFO)
JOE IS TUNING HER ORGANIZATION'S FIREWALL RULES TO PREVENT IP SPOOFING. WHAT TYPE OF CONTROL IS JOE IMPLEMENTING? (SECURITY FUNDAMENTALS) Technical Physical Managerial Operational
TECHNICAL | TECHNICAL CONTROLS ENFORCE CONFIDENTIALITY, INTEGRITY, & AVAILABILITY IN DIGITAL SPACE
WHICH OF THE FOLLOWING STATEMENTS IS CORRECT REGARDING SOCIAL ENGINEERING ATTACKS? - THESE ATTACKS ARE MOST COMMONLY EITHER IN PERSON OR OVER ELECTRONIC MEDIA RATHER THAN ON THE PHONE - IT DOESN'T TAKE ADVANTAGE OF INSECURE BEHAVIORS IN THE REAL WORLD - IT DOESN'T TAKE ANY ADVANTAGE OF HUMAN BEHAVIORS TO STEAL INFO DIRECTLY - THE MOST COMMON FACTOR IN SOCIAL ENGINEERING ATTACKS IS IMPERSONATION
THE MOST COMMON FACTOR IN SOCIAL ENGINEERING ATTACKS IS IMPERSONATION
WHICH OF THE FOLLOWING STATEMENTS IS CORRECT REGARDING PRIVILEGED USERS? - THEY NEED TO BE AWARE OF THE EXTRA PERMISSIONS THEY'VE BEEN GIVEN, WHAT RESPONSIBILITIES COME WITH THEM, AND THE IMPORTANCE OF NOT SHARING THEIR CREDS WITH OTHER USERS - THEY NEED TO BE REGULARLY KEPT ABROAD OF NETWORK CHANGES AND EVOLVING THREATS AND TO HAVE DETAILED SYSTEM DOCUMENTATION AVAILABLE AT ALL TIMES - THEY NEED TO BE AWARE OF THE IMPORTANCE OF SHARING THEIR CREDS WITH ITHER USERS - NEEDS ADDITIONAL FOCUS ON RECOGNIZING SOCIAL ENGINEERING ATTACKS AND PROTECTING THE ORG'S REPUTATION
THEY NEED TO BE AWARE OF THE EXTRA PERMISSIONS THEY'VE BEEN GIVEN, WHAT RESPONSIBILITIES COME WITH THEM, AND THE IMPORTANCE OF NOT SHARING THEIR CREDS WITH OTHER USERS
YOUR ORG WANTS U]YOU TO VISUALLY DISPLAY INFO ABOUT THE LOCATION OF THREAT ACTORS. WHICH OF THE FOLLOWING THREAT RESEARCH TOOLS WILL YOU USE? (RISK MGMT) STIX VULNERABILITY FEED PREDICTIVE ANALYTICS THREAT MAP
THREAT MAP
WHY ARE FARADAY CAGES DEPLOYED? TO PREVENT TAILGATING TO PREVENT EMI TO ASSIST W/FIRE SUPPRESSION TO PREVENT DEGAUSSING
TO PREVENT EMI
WHY WOULD YOU CONFIGURE A PASSWORD HISTORY THAT TRACKS PREVIOUS PASSWORDS? TO PREVENT ATTACKERS FROM EASILY. RACKING PASSWORDS TO PREVENT PASSWORD REUSE TO KEEP USERS FROM CHOOSING SIMPLE PASSWORDS TO MAKE SURE USERS CHANGE THEIR PASSWORDS REGULARLY
TO PREVENT PASSWORD USE
WHICH OF THE FOLLOWING COMMANDS WILL DISPLAY THE LAST 30 LINES OF A FILE NAMES LOGFILE2.TXT? Head -n 30 logfile2.txt Tail -n 30 logfile2.txt Grep -n 30 logfile2.txt Cat -n 30 logfile2.txt
Tail -n 30 logfile2.txt
WHAT DO FAIL-SAFE/FAIL-OPEN LOCKS MEANS? GOOD FOR SAFETY AND SECURITY BAD FOR SAFETY AND SECURITY UNLOCKS WHEN POWER IS CUT LOCKS WHEN POWER IS CUT
UNLOCKS WHEN POWER IS CUT
MARK WANTS TO SECURELY ERASE ERASE THE CONTENTS OF A TAPE USED FOR BACKUPS IN HIS ORG'S TAPE LIBRARY. WHAT IS THE FASTEST SECURE ERASE METHOD WILL HE USE THAT WILL ALLOW THE TAPE TO BE REUSED? BURN THE TAPE INCINERATE THE TAPE WIPE THE TAPE BY WRITING A RANDOM PATTERN OF 1S AND 0S TO IT USE A DEGAUSSER
USE A DEGAUSSER
YOUR INTERNAL NETWORK IS PROTECTED FROM INTERNET ATTACKS BY A CISCO FIREWALL. TO IMPROVE SECURITY, YOUR SUPERVISOR SUGGESTS INSTALLING A FORTINET FIREWALL BETWEEN THE CISCO FIREWALL & THE TRUSTED LAN, THEN USING THE SPACE BETWEEN AS A PERIMETER NETWORK. WHICH SECURITY PRINCIPLES DOES THIS PROMOTE? (SECURITY FUNDAMENTALS) Security by obscurity Vendor diversity Availability Defense in depth Security by design
VENDOR DIVERSITY & DEFENSE IN DEPTH
AS PART OF MONTHLY INCIDENT RESPONSE PREPARATIONS, YOUR ORG GOES THROUGH A SAMPLE INCIDENT STEP BY STEP TO VALIDATE WHAT EACH PERSON WILL DO IN THE INCIDENT. WHAT TYPE OF EXERCISE IS THIS? ISCP CHECKLIST TEST WALKTHROUGH SIMULATION TEST
WALKTHROUGH
WHICH OF THE FOLLOWING SYSLOG SEVERITY LEVELS IS AN ERROR OR A PROBLEM CONDITION THAT IS IMMEDIATELY HARMLESS OR CORRECTABLE BUT MIGHT NEED USER REVIEW? WARNING ERROR NOTICE INFORMATIONAL
WARNING
WHAT IS THE FIRST VERSION OF WINDOWS TO INCLUDE REAL-TIME ANTIVIRUS SCANNING? WINDOWS 7 WINDOWS VISTA WINDOWS XP SERVICE PACK 2 WINDOWS 8
WINDOWS 8
WHAT KIND OF MALWARE REPLICATES ITSELF BY EXPLOITING SYSTEM VULNERABILITIES? TROJAN HORSE VIRUS WORM LOGIC BOMB
WORM
A SECURITY ANALYST IS REVIEWING A NEW WEBSITE THAT WILL SOON BE MADE PUBLICLY AVAILABLE. THE ANALYST SEES THE FOLLOWING IN THE URL: http://dev-site.UCertify.com/home/show.php?sessionID=7772554&loc=uk THE ANALYST THEN SENDS AN INTERNAL USER A LINK TO THE NEW WEBSITE FOR TESTING PURPOSES, AND WHEN THE USER CLICKS THE LINK, THE ANALYST IS ABLE TO BROWSE THE WEBSITE WITH THE FOLLOWING URL: http://dev-site.UCertify.com/home/show.php?sessionID=9899475&loc=uk WHICH OF THE FOLLOWING APPLICATION ATTACKS IS BEING TESTED? SQL INJECTION XSS XSRF BUFFER OVERFLOW
XSRF (CROSS-SITE REQUEST FORGERY)
WHICH OF THE FOLLOWING IS A PROPRIETARY WIRELESS STD MAINTAINED BY SILICON LABS AND SUPPORTS THROUGHPUT UP TO 40 KPBS OVER DISTANCES OF 10-100M BETWEEN NODES? ZWAVE ZIGBEE CAN BUS NB-IoT
Z-WAVE
WHICH OF THE FOLLOWING ALLOWS YOU TO REDIRECT WORKFLOWS THRU SAAS OFFERING FROM DIFFERENT PROVIDERS, OR TO FEED ON-PREMISES DATA COLLECTION INTO A CLOUD ANALYTICS PLATFORM? AaaS MaaS iPaaS FWaaS
iPaaS