cist 2601
Important aspects of physical security include which of the following?
Preventing interruptions of computer services caused by problems such as fire
An attacker needs the following information about his target: domain ownership, domain names, IP addresses, and server types. Which tool is BEST matched for this operation?
Whois
When performing an authorized security audit of a website, you are given only the website address and asked to find other hosts on that network that might be vulnerable to attack. Which of the following tools might be used to lead you to the following Nmap output? (Select two.)
nslookup whois.org
Which type of information contains intellectual property?
operations
Which information type is a hacker working with when they gather geographical information, entry control points, and employee routines?
physical security
What are the three factors to keep in mind with physical security?
prevention detection recovery
You have a set of DVD-RW discs that were used to archive files from your latest project. You need to prevent the sensitive information on the discs from being compromised. Which of the following methods should you use to destroy the data?
shred the discs
Any attack involving human interaction of some kind is referred to as which of the following?
social engineering
You are instant messaging a coworker, and you get a malicious link. Which type of social engineering attack is this?
spim
As a security consultant, you have been tasked with checking what company data is currently visible to the public. Using theHarvester tool, you query for information and receive too much information coming from too many sources. The following image represents your query. Which of the commands below limits the number of results to 750 and only queries Google?
theHarvester -d rmksupplies.com -l 750 -b google
You want to properly dispose of papers with sensitive content. You want to ensure that it's nearly impossible for a dumpster diver to put the information back together. What should you do?
use a crosscut shredder
A resentful employee hacks into a company's website and replaces all the text and images with obscene material. They also replace all links with malicious ones. This is an example of which of the following?
vandalism
Kjell is a security analyst and needs to see if any sensitive information is available through old website snapshots. Which tool is BEST suited for this purpose?
wayback machine
When performing active reconnaissance, a malicious actor may try to do which of the following?
work at peak hours to blend in
Which of the following best describes a script kiddie?
A hacker who uses scripts written by much more talented individuals.
Robyn, a new employee, needs to choose a password to log into the system. She doesn't want to forget it, but she needs to meet certain criteria required by security. What should she do?
Choose a password that's easy to remember but doesn't include any personal information.
The following output was displayed using the Social Engineering Toolkit (SET). Which attack method was used to capture the user's input?
Credential harvesting attack method
What is vandalism?
Damaging or defacing assets
As a security technician who is in charge of physical security for computer and network resources, you are responsible for ensuring a quick recovery should an event occur. A physical storage device controlling data backups has failed, causing corruption for a weekly full backup. It failed on Saturday. On Monday, you noticed the errors and have since run a restore of needed data and a full backup to ensure continuity. The failed device has been replaced. Since each work day creates unique data to be backed up, which type of backup would be the preferred method to make certain each day's data was properly maintained while ensuring efficiency? (The time required for backup is not a primary concern, but the time needed to restore data is, as is backup data storage space.)
Differential backup
A speaker was invited to a company-wide training meeting. When he arrived, he identified himself at the front desk, and the receptionist gave him directions on how to find the conference room. What important step did the receptionist miss?
Escorting him to the conference room
What information will be returned from the following google search?
Excel documents with the word "password" in the title, but not from .gov and .gov.uk websites.
The receptionist receives a call from a customer who asks for the customer support manager's name and email address to send them a thank you email. How should the receptionist proceed?
Forward the call to the help desk
A company is in the process of hiring Jill, a new technician. HR has checked the background and references of the candidate. What are some next steps in the hiring process that HR should take?
Have her sign an NDA and AUPs.
You are in the process of implementing policies and procedures that require employee identification. You observe employees holding a secure door for others to pass through. Which of the following training sessions should you implement to help prevent this in the future?
How to prevent piggybacking and tailgating
A company has a list of high-value assets (HVAs). As a security analyst, what must you do to help protect those assets? (Select two.)
Make sure an incident involving one of the HVAs is always high priority. Make sure the response team can easily identify the HVAs.
Which of the following BEST describes what asset criticality does?
Prioritizes systems for scanning and remediation.
A person in a dark grey hoodie has jumped the fence at your research center. A security guard has detained this person, denying them physical access. Which of the following areas of physical security is the security guard currently in?
Security sequence
Brandon is helping Fred with his computer. He needs Fred to enter his username and password into the system. Fred enters the username and password while Brandon is watching him. Brandon explains to Fred that it is not a good idea to allow anyone to watch you type in usernames or passwords. Which type of social engineering attack is Fred referring to?
Shoulder surfing
Which of the following indicate the email highlighted below may be suspicious? (Select two
The link in the email is to an IP address; it is not to Microsoft's website. There are several mispellings
You are a security consultant and have been hired to evaluate an organization's physical security practices. All employees must pass through a locked door to enter the main work area. Access is restricted using a biometric fingerprint lock. A receptionist is located next to the locked door in the reception area. They use an iPad application to log any security events that may occur. They also use their iPad to complete work tasks as assigned by the organization's CEO. What could you do to add an additional layer of security to this organization?
Train the receptionist to keep his or her iPad in a locked drawer.
You have implemented a regular backup schedule for a Windows system, backing up data files every night and creating a system image backup once per week. For security reasons, your company has decided not to store a redundant copy of the backup media at an off-site location. Which of the following would be the best backup and storage option?
Use incremental backups and store them in a locked, fireproof safe.
A security analyst and their team go through the entire list of assets in the company and assign each item a level of priority. Then they group the assets in the same levels together so they can create defense strategies for each group. What is this process called?
bundling critical assets
Ron, a hacker, wants to gain access to a prestigious law firm he has been watching for a while. June, an administrative assistant at the law firm, is having lunch at the food court around the corner from her office. Ron notices that June has a picture of a dog on her phone. He casually walks by and starts a conversation about dogs. Which phase of the social engineering process is Ron in?
development phase
A hacker wants to leverage social media to glean information coming from a certain location. Which tool is BEST suited for the job?
echosec
Compliments, misinformation, feigning ignorance, and being a good listener are tactics of which social engineering technique?
elicitation
Gathering information about a system, its components, and how they work together is known as which of the following?
footprinting
Hackers use social networking, dumpster diving, social engineering, and web surfing during which portion of their reconnaissance?
information gathering techniques
Which of the following BEST describes a physical barrier used to deter an aggressive intruder?
large flowerpots
While reviewing video files from your organization's security cameras, you notice a suspicious person using piggybacking to gain access to your building. The individual in question did not have a security badge. Which of the following would you most likely implement to keep this from happening in the future?
mantraps
Which of the following are tactics social engineers might use?
moral obligation, ignorance, and threatening