Comp TIA practice questions
Security has become the utmost priority at your organization. You're no longer content to act reactively to incidents when they occur—you want to start acting more proactively. Which system performs active network monitoring and analysis and can take proactive steps to protect a network?
IDS
A socket is a combination of which components
IP and port number
Load balancing that is used for distributing HTTP requests received is sometimes called
IP spraying
Provides network security for tunneling protocols
IPSec
William would like to use full-disk encryption on his laptop. He is worried about slow performance, though, so he has requested that the laptop have an onboard hardware-based cryptographic processor. Based on this requirement, what should William ensure the laptop contains?
TPM
a value in the IP header used to prevent loops at Layer 3.
TTL (Time to live)
You are conducting a review of a VPN device's logs and found the following URL being accessed: -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- https://sslvpn/dana-na/../diontraining/html5acc/teach/../../../../../../etc/passwd?/diontraining/html5acc/teach/ -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Based upon this log entry alone, which of the following most likely occurred?
The /etc/password file was downloaded using a directory transversal attack if input validation of the URL was not conducted
provides an excellent methodology for communicating cyber events and allowing an analyst to derive mitigation strategies implicitly.
The Diamond Model
a client-server model for mutual authentication. is used to enable access to a directory of resources (workstations, users, information, etc.).
The Lightweight Directory Access Protocol (LDAP)
provides remote control, patch management, software distribution, operating system deployment, network access protection, and hardware and software inventory.
The Microsoft System Center Configuration Manager (SCCM)
Which of the following are used to verify the status of a certificate?
The Online Certificate Status Protocol (OCSP) and the certificate revocation list (CRL)
Your company is setting up a system to accept credit cards in their retail and online locations. Which of the following compliance types should you be MOST concerned with dealing with credit cards?
The Payment Card Industry Data Security Standard (PCI DSS)
The process of proposing a new standard or method on the Internet is referred to by which acronym?
The Request for Comments (RFC)
Which statement accurately describes an access control list characteristic?
The structure behind an access control list table can be complex.
What is the role of a router?
To forward packets across different computer networks
all or part of data in a field is replaced with a randomly generated token.
Tokenization
Which of the following standards ensures privacy between communicating applications and clients on the Web and has been designed to replace SSL?
Transport Layer Security
is used to secure web connections over port 443.
Transport Layer Security (TLS)
Jennifer decided that the licensing cost for a piece of video editing software was too expensive. Instead, she decided to download a keygen program to generate her own license key and install a pirated version of the editing software. After she runs the keygen, a license key is created, but her system performance becomes very sluggish, and her antimalware suite begins to display numerous alerts. Which type of malware might her computer be infected with?
Trojan
You have just received a phishing email disguised to look like it came from [email protected] asking you to send your username and password because your account has been locked out due to inactivity. Which of the following social engineering principles is being used in this email?
Trust
a hardware-based cryptographic processing component that is a part of the motherboard.
Trusted Platform Module (TPM)
Which of the following occurs under the security policy administered by a trusted security domain?
Trusted transaction
Karen lives in an area that is prone to hurricanes and other extreme weather conditions. She asks you to recommend an electrical conditioning device that will prevent her files from being corrupted if the building's power is unstable or lost. Additionally, she would like the computer to maintain power for up to an hour of uptime to allow for a graceful shutdown of her programs and computer. Which of the following should you recommend?
Uninterruptible power supply
Your organization has just migrated to provisioning its corporate desktops as virtual machines and accessing them using thin clients. The organization believes this will enhance security since the desktop can be rewritten with a new baseline image every time the user logs into it. Based on this scenario, which of the following technologies has the organization adopted?
VDI (Virtual desktop infrastructure )
You are working as a network administrator for Dion Training. The company has decided to allow employees to connect their devices to the corporate wireless network under a new BYOD policy. You have been asked to separate the corporate network into an administrative network (for corporate-owned devices) and an untrusted network (for employee-owned devices). Which of the following technologies should you implement to achieve this goal?
VLAN
You're the administrator for Mercury Technical. Due to several expansions, the network has grown exponentially in size within the past two years. Which of the following is a popular method for breaking a network into smaller private networks that can coexist on the same wiring and yet be unaware of each other?
VLAN
A switch can be used to prevent broadcast storms between connected systems through the use of what?
VLANs
Your organization has discovered the cost savings associated with virtual machines and is encouraging rapid adoption. Which concept should you implement before things get out of control?
VM sprawl avoidance
Which of the following is not normally part of an endpoint security suite?
VPN
You need to determine the best way to test operating system patches in a lab environment before deploying them to your automated patch management system. Unfortunately, your network has several different operating systems in use, but you only have one machine available to test the patches on. What is the best environment to utilize to perform the testing of the patches before deployment?
Virtualization
An organization is looking for a mobile solution that allows both executives and employees to discuss sensitive information without having to travel to secure company locations. Which of the following fulfills this requirement?
Voice Encryption
serve as a compensating control and protect against web application vulnerabilities like an SQL injection until the application can be fully remediated.
WAF (Web Application Firewall)
Riaan's company runs critical web applications. During a vulnerability scan, Riaan found a serious SQL injection vulnerability in one of their web applications. The system cannot be taken offline to remediate the vulnerability. Which of the following compensating controls should Riaan recommend using until the system can be remediated?
WAF (web application firewall)
Which protocol is mainly used to enable access to the Internet from a mobile phone or PDA?
WAP (wireless application protocol)
Which of the following vulnerabilities is the greatest threat to data confidentiality?
Web Application SQL injection Vulnerability
You want to implement a technology solution for a small organization that can function as a single point of policy control and management for access to Internet content. Which of the following should you choose?
Web security gateway
Another name for social engineering
Wetware
You want to provide controlled remote access to the remote administration interfaces of multiple servers hosted on a private cloud. What type of segmentation security solution is the best choice for this scenario?
jumpbox
Digital signatures can be created using all but which of the following?
key escrow
You are reviewing the logs in your IDS and see that entries were showing SYN packets received from a remote host targeting each port on your web server from 1 to 1024. Which of the following MOST likely occurred?
port scan
Which of the following copies the traffic from all ports to a single port and disallows bidirectional traffic on that port?
port spanning
POP3
port110
Which of the following cryptographic algorithms is classified as asymmetric?
pretty good privacy (PGP)
You are conducting an intensive vulnerability scan to detect which ports might be open to exploitation. During the scan, one of the network services becomes disabled and impacts the production server. Which of the following sources of information would provide you with the most relevant information for you to use in determining which network service was interrupted and why?
syslog
centralized log management solution
syslog
The management at Steven's work is concerned about rogue devices being attached to the network. Which of the following solutions would quickly provide the most accurate information that Steve could use to identify rogue devices on a wired network?
router and switched-based MAC address reporting
A penetration tester has been hired to conduct an assessment, but the company wants to exclude social engineering from the list of authorized activities. Which of the following documents would include this limitation?
rules of engagement
Which of the following is a best practice that should be followed when scheduling vulnerability scans of an organization's data center?
schedule scans to run during periods of low activity
What is a major security risk that could occur when you comingle hosts/servers with different security requirements in a single network?
security policy violations
an area that is a smaller component of the entire facility.
security zone
a contract between a service provider and a customer that specifies the nature of the service to be provided and the level of service that the provider will offer to the customer.
service level agreement (SLA)`
The administrator at MTS was recently fired, and it has come to light that he didn't install updates and fixes as they were released. As the newly hired administrator, your first priority is to bring all networked clients and servers up-to-date. What is a bundle of one or more system fixes in a single product called?
service pack
an attacker steals a valid session ID of a user and resends it to the server with the intent of gaining unauthorized access or tricking the server into unauthorized operations.
session replay attack
An attacker uses the nslookup interactive mode to locate information on a Domain Name Service (DNS). What command should they type to request the appropriate records for only name servers?
set type=ns
A web developer wants to protect their new web application from a man-in-the-middle attack. Which of the following controls would best prevent an attacker from stealing tokens stored in cookies?
setting the secure attribute on the cookie
Which of the following answers refers to a script file type designed to be run in Unix command line?
sh
What is another name for working copies?
shadow copies
Which of the following alters the external behavior of an application and at the same time does not introduce any changes to the application's code?
shimming
Antivirus
should be installed on servers since they can use signature-based scans to ensure files are safe before being executed.
Which of the following implies ignoring an attack and is a common response?
shunning
You are performing a web application security test, notice that the site is dynamic, and must be using a back-end database. You decide you want to determine if the site is susceptible to a SQL injection. What is the first character that you should attempt to use in breaking a valid SQL request? Semicolon (Incorrect)
single quote
Ensuring that a wireless LAN can provide its intended functionality and meet its required design goals can best be achieved through?
site survey
occurs when an attacker sends a ping to a subnet broadcast address and devices reply to spoofed IP (victim server), using up bandwidth and processing power.
smurf attack
Which password attack bypasses account-lockout policies
spraying attack
Which of the following attacks would most likely be used to create an inadvertent disclosure of information from an organization's database?
sql injection
Aymen is creating a procedure for the remediation of vulnerabilities discovered within his organization. He wants to ensure that any vendor patches are tested before deploying them into the production environment. What type of environment should his organization establish?
staging
An independent cybersecurity researcher has contacted your company to prove a buffer overflow vulnerability exists in one of your applications. Which technique would have been most likely to identify this vulnerability in your application during development?
static code analysis
You are investigating a suspected compromise. You have noticed several files that you don't recognize. How can you quickly and effectively check if the files have been infected with malware?
submit the files to open-source intelligence provider
Networks are usually segmented by using _______________ to divide the network into a hierarchy.
switches
Your company has created a baseline image for all of its workstations using Windows 10. Unfortunately, the image included a copy of Solitaire, and the CIO has created a policy to prevent anyone from playing the game on the company's computers. You have been asked to create a technical control to enforce the policy (administrative control) that was recently published. What should you implement?
application blacklist
Dion Training wants to implement technology within their corporate network to BEST mitigate the risk that a zero-day virus might infect their workstations. Which of the following should be implemented FIRST?
application whitelisting
Clear
applies logical techniques to sanitize data in all user-addressable storage locations for protection against simple non-invasive data recovery techniques.
Cross-Site Scripting (XSS) attacks
are a type of injection in which malicious scripts are injected into otherwise benign and trusted websites. attacks occur when an attacker uses a web application to send malicious code, generally in a browser side script, to a different end-user.
IPS
are designed to protected network devices based on ports, protocols, and signatures.
Which of the following is the area of an application that is available to users—those who are authenticated and more importantly those who are not?
attack surface
To improve the Dion Training corporate network's security, a security administrator wants to update the configuration of their wireless network to have IPSec built into the protocol by default. Additionally, the security administrator would like for NAT to no longer be required for extending the number of IP addresses available. What protocol should the administrator implement on the wireless network to achieve their goals?
IPv6
Which of the following agreements is used between companies and employees, between companies and contractors, and between two companies to protect information assets?
NDA
has sensors that monitor the traffic entering and leaving a firewall, and reports back to the central device for analysis
NIDS
creates a 128-bit fixed output.
NTLM
What tool can be used to scan a network to perform vulnerability checks and compliance auditing?
Nessus
a popular vulnerability scanner. It can be used to check how vulnerable your network is by using various plugins to test for vulnerabilities.
Nessus
What protocol, running on top of TCP/IP, is often used for name registration and resolution with Windows-based clients?
NetBIOS
flow analysis tool that captures metadata and statistics about the network traffic.
Netflow
You received an incident response report indicating a piece of malware was introduced into the company's network through a remote workstation connected to the company's servers over a VPN connection. Which of the following controls should be applied to prevent this type of incident from occurring again?
Network Access Control (NAC)
an approach to computer security that attempts to unify endpoint security technology (such as anti-virus, host intrusion prevention, and vulnerability assessment), user or system authentication, and network security enforcement.
Network Access Control (NAC)
Which type of switch network monitoring is best suited for high-speed networks that have a large volume of traffic?
Network tapping
occurs when a sender cannot claim they didn't send an email when they did.
Non-repudiation
Which of the following terms describes an attempt to read a variable value from an invalid memory address?
Null-pointer dereference
Which type of DDoS attack targets industrial equipment and infrastructure?
OT
What is a significant difference between vulnerability scanners and penetration testing?
One only tests internal weaknesses.
Which protocol allows a certificate's authenticity to be immediately verified?
Online Certificate Status Protocol (OCSP)
Which protocol is paired with OAuth2 to provide authentication of users in a federated identity management solution?
Open ID Connect
A security analyst conducts a nmap scan of a server and found that port 25 is open. What risk might this server be exposed to?
Open Mail Relay
contains a depth of research on APTs but does not integrate the detections and mitigation strategy.
OpenIOC
Which device is used to connect voice, data, pagers, networks, and almost any other conceivable application into a single telecommunications system
PBX (Private branch exchange)
applies to companies of any size that accept credit card payments.
PCI-DSS
Which of the following is a common attack model of an APT attack?
Quietly gathers information from compromised systems
David noticed that port 3389 was open on one of the POS terminals in a store during a scheduled PCI compliance scan. Based on the scan results, what service should he expect to find enabled on this terminal?
RDP
Which of the following hashing algorithms results in a 160-bit fixed output?
RIPEMD
Which party in a federation provides services to members of the federation?
RP
a period of time in which an enterprise's operations must be restored following a disruptive event
RPO
You are conducting a routine vulnerability scan of a server when you find a vulnerability. You locate a patch for the vulnerability on the software vendor's website. What should you do next?
Request for Change should be submitted.
Which of the following biometric authentication factors uses an infrared light shone into the eye to identify the pattern of blood vessels?
Retinal Scan
often referred to as anti-antiviruses. They can render your antivirus software unusable and leave you exposed to other, less-formidable viruses.
Retrovirus
Which of the following algorithms is now known as the Advanced Encryption Standard (AES)?
Rijndael
strategy that is accomplished anytime you take steps to reduce the risk
Risk Mitigation
An analyst just completed a port scan and received the following results of open ports: -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- TCP: 80 TCP: 110 TCP: 443 TCP: 1433 TCP: 3306 TCP: 3389 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Based on these scan results, which of the following services are NOT currently operating?
SSH
Which type of exploit allows an attacker to take control over a server and use it as a proxy for unauthorized actions?
SSRF
policies are designed to reduce the risk of fraud and prevent other losses in an organization
Separation of Duties
Which of the following does a User Agent request a resource from when conducting a SAML transaction?
Service Provider (SP)
Which of the following hashing algorithms results in a 256-bit fixed output?
Sha-2
While working as a security analyst, you have been asked to monitor the SIEM. You observed network traffic going from an external IP to an internal host's IP within your organization's network over port 443. Which of the following protocols would you expect to be in use?
TLS
Which of the following fragments of input might indicate an XML injection attack attempt?
... p@$$w0rd</password></user><user><name>attacker</name> ....
represents the system of digital certificates and certificate authorities
.Public key infrastructure (PKI)
Which redundancy strategy has one spare part for every component in use?
1+1
If an organization takes a full backup every Sunday morning and a daily differential backup each morning, what is the fewest number of backups that must be restored following a disaster on Friday?
2
A weakness of FTPS is that although the control port commands are encrypted, the data port (_______________) may or may not be encrypted.
20
Which port does the File Transfer Protocol (FTP) use for commands?
21
Which port does the Microsoft Terminal Server use?
3389
Your company just installed a new webserver within your DMZ. You have been asked to open up the port for secure web browsing on the firewall. Which port should you set as open to allow users to access this new server?
443
A limitation of Secure Copy Protocol (SCP)?
A file transfer cannot be interrupted and then resumed in the same session.
used to facilitate incident response, threat hunting, and security configuration by orchestrating automated runbooks and delivering data enrichment.
A security orchestration, automation, and response (SOAR)
You're working late one night, and you notice that the hard disk on your new computer is very active even though you aren't doing anything on the computer and it isn't connected to the Internet. What is the most likely suspect?
A virus is spreading in your system.
What type of threat actor is highly funded and often backed by nation-states?
APT
Which of the following best describes why a requesting device might believe that incoming ARP replies are from the correct devices?
ARP does not require validation
The goal of _____ is to minimize the possibility of exploitation by reducing the amount of code and limiting potential damage.
ASR
Every new employee at Dion Training must sign a document to show they understand the proper rules for using the company's computers. This document states that the new employee has read the policy that dictates what can and cannot be done from the corporate workstations. Which of the following documents BEST describes this policy?
AUP
Which of the following policies describes how the employees in an organization can use company systems and resources, both software and hardware?
Acceptable use
Policy statement that address who is responsible for ensure that is is enforced
Accountability
Which of the following is the most useful when you're dealing with data that is stored in a shared cloud environment?
Application-level encryption
_______________ can be prevented with loop protection.
Broadcast storms
Dion Training has set up a lab consisting of 12 laptops for students to use outside of normal classroom hours. The instructor is worried that a student may try to steal one of the laptops. Which of the following physical security measures should be used to ensure the laptop is not stolen or moved out of the lab environment?
Cable Locks
What is STIX?
Common language for describing cyber threat information
Which of the following vulnerability scans would provide the best results if you want to determine if the target's configuration settings are correct?
Credentialed scans log into a system and retrieve their configuration information
The process of requiring interoperability
Cross certification
The process of requiring interoperability is called:
Cross certification
Which type of attack uses more than one computer to attack the victim?
DDoS
A collection of precompiled functions designed to be used by more than one Microsoft Windows application simultaneously to save system resources is known as:
DLL
Which systems monitor the contents of systems (workstations, servers, networks) to make sure key content is not deleted or removed?
DLP
Your company recently suffered a small data breach caused by an employee emailing themselves a copy of the current customer's names, account numbers, and credit card limits. You are determined that something like this shall never happen again. Which of the following logical security concepts should you implement to prevent a trusted insider from stealing your corporate data?
DLP
software detects potential data breaches/data ex-filtration transmissions and prevents them by monitoring, detecting, and blocking sensitive data while in use (endpoint actions), in-motion (network traffic), and at rest (data storage).
DLP (Data Loss Prevention)
An analyst reviews a triple-homed firewall configuration that connects to the internet, a private network, and one other network. Which of the following would best describe the third network connected to this firewall?
DMZ
llegal or unauthorized zone transfers are a significant and direct threat to what type of network server?
DNS
provides a full virtualized desktop environment from within a cloud-based service.
DaaS or VDI
You are conducting threat hunting for an online retailer. Upon analyzing their web server, you identified that a single HTML response returned as 45 MB in size, but an average response is normally only 275 KB. Which of the following categories of potential indicators of compromise would you classify this as?
Data exfiltration
A wireless jamming attack is a type of:
Denial-of-Service (DoS) attack
If RF levels become too high, it can cause the receivers in wireless units to become deaf. This process is called:
Desensitizing
Which authentication mechanism does 802.1x usually rely upon?
EAP
Certificate revocation is the process of revoking a certificate before it:
EXPIRES
Which of the following is most directly associated with providing or supporting perfect forward secrecy?
Elliptic Curve Diffie-Hellman Ephemeral or Elliptic Curve Ephemeral Diffie-Hellman (ECDHE)
Policy statement that may include an escalation contact, in the event that the person dealing with a situation need to know whom to contact
Exception
_______________ was created as a more secure alternative than the weak Challenge Handshake Authentication Protocol (CHAP) and Password Authentication Protocol (PAP)
Extensible authentication protocol (EAP)
Which role validates the user's identity when using SAML for authentication?
IdP
how the MAC address on the Linux or Unix-based workstation.
Ifconfig
Which cloud computing service model provides the customer the highest level of control?
Infrastructure as a Service (IaaS)
Which of the following is an example of spyware
Keyogget
Which of the following types of access control provides the strongest level of protection?
MAC
creates a 128-bit fixed output.
MD-5
A junior administrator bursts into your office with a report in his hand. He claims that he has found documentation proving that an intruder has been entering the network on a regular basis. Which of the following implementations of IDS detects intrusions based on previously established rules that are in place on your network?
MD-IDS
By comparing attack signatures and audit trails, a misuse-detection IDS determines whether an attack is occurring.
MD-IDS
Nicole's organization does not have the budget or staff to conduct 24/7 security monitoring of their network. To supplement her team, she contracts with a managed SOC service. Which of the following services or providers would be best suited for this role?
MSSP
MAC is an acronym for what as it relates to cryptography?
Message authentication code
You have been asked to assist with an investigation into a malicious user's activities. Unfortunately, your organization did not have full packet capture available for the time period of the suspected activities. Instead, you have received netflow data that contains statistics and information about the network traffic during that time period. Which of the following best represents the type of data you can obtain from this netflow data to support the investigation?
Metadata
What tool can be used as an exploitation framework during your penetration tests?
Metasploit
Which security control would prevent unauthorized users from connecting to a company's wireless network?
NAC
You received an incident response report indicating a piece of malware was introduced into the company's network through a remote workstation connected to the company's servers over a VPN connection. Which of the following controls should be applied to prevent this type of incident from occurring again?
NAC
Which utility allows the identification of all devices conducting network traffic both to and from a network segment?
Protocol analyzer
Dion Training uses an authentication protocol to connect a network client to a networked file server by providing its authentication credentials. The file server then uses the authentication credentials to issue an authentication request to the server running this protocol. The server can then exchange authentication messages with the file server on behalf of the client. Throughout this process, a shared secret is used to protect the communication. Which of the following technologies relies upon the shared secret?
RADIUS
Users connecting to an SSID appear to be unable to authenticate to the captive portal. Which of the following is the MOST likely cause of the issue?
RADIUS
Your company wants to provide a secure SSO solution for accessing both the corporate wireless network and its network resources. Which of the following technologies should be used?
Radius
Frank and John have started a secret club together. They want to ensure that when they send messages to each other, they are truly unbreakable. What encryption key would provide the STRONGEST and MOST secure encryption?
Randomized one-time use pad
Dion Training has performed an assessment as part of their disaster recovery planning. The assessment found that the organization can only tolerate a maximum of 30 minutes of downtime for their public-facing webserver. Which of the following metrics would best represent this time period?
Recovery Time Objective (RTO)
Dion Training has performed an assessment as part of their disaster recovery planning. The assessment found that the organization can only tolerate a maximum of 60 minutes worth of data loss in the event of a disaster. Therefore, the organization has implemented a system of database snapshots that are backed up every hour. Which of the following metrics would best represent this time period?
Recovery point objective (RPO)
a networking protocol operating on port 1812 that provides centralized Authentication, Authorization, and Accounting (AAA or Triple-A) management for users who connect and use a network service.
Remote Authentication Dial-In User Service (RADIUS)
accomplished anytime you take steps to reduce the risk?
Risk Mitigation
Which of the following indicates an SQL injection attack attempt?
SELECT * FROM users WHERE userName = 'Alice' AND password = '' OR '1' = '1';
Which of the following answers refers to a deprecated encryption protocol?
SSL
A cloud computing service model offering remote access to applications based on monthly or annual subscription fee is called:
SaaS
You have signed up for a web-based appointment scheduling application to help you manage your new IT technical support business. What type of solution would this be categorized as?
SaaS
Which of the following methods is the most effective way to physically secure laptops that are used in an environment such as an office?
Security cables
creates a 256-bit fixed output.
Sha-2
Remote Desktop Protocol (RDP)
TCP/UDP Port 3389
Which of the following terms refers to a vulnerability caused by race conditions?
Time-of-check to time-of-use
What is the role of a switch?
To connect networks together so that they function as a single network segment
Your company has just finished replacing all of its computers with brand new workstations. Colleen, one of your coworkers, has asked the company's owner if she can have the old computers that are about to be thrown away. Colleen would like to refurbish the old computers by reinstalling a new operating system and donate them to a local community center for disadvantaged children in the neighborhood. The owner thinks this is a great idea but is concerned that the private and sensitive corporate data on the old computer's hard drives might be placed at risk of exposure. You have been asked to choose the best solution to sanitize or destroy the data while ensuring the computers will still be usable by the community center. What type of data destruction or sanitization method do you recommend?
Wiping
A recent vulnerability scan found several vulnerabilities on an organization's public-facing IP addresses. To reduce the risk of a breach, which of the following vulnerabilities should be prioritized for remediation?
a buffer overflow that is known to allow remote code execution
Virtual private cloud (VPC)
a private network segment made available to a single cloud consumer on a public cloud.
In intrusion detection system parlance, which account is responsible for setting the security policy for an organization?
administrator
A cybersecurity analyst has received an alert that sensors continuously observe well-known call home messages at their network boundary. Still, the organization's proxy firewall is properly configured to successfully drop the messages before leaving the network. Which of the following is MOST likely the cause of the call home messages being sent?
an infected workstation is attempting to reach a command and control server
As a cybersecurity analyst conducting vulnerability scans, you have just completed your first scan of an enterprise network comprising over 10,000 workstations. As you examine your findings, you note that you have less than 1 critical finding per 100 workstations. Which of the following statement does BEST explain these results?
an uncredentialled scan of the network was preferred
During a meeting, you present management with a list of the access controls used on your network. You explain that these controls include preventative, detective, and corrective controls. Which control is an example of a corrective control?
anti-virus software
The Payment Card Industry Data Security Standard (PCI DSS)
applies to companies of any size that accept credit card payments
Due to a worldwide pandemic in 2020 caused by the COVID-19 virus, Dion Training Solutions instituted teleworking for all of its employees. This was part of a preplanned response so that the company's students could continue to learn and receive support throughout the pandemic. Which of the following plans should contain the company's pandemic response plan?
business continuity plan (BCP)
a contract that establishes partner profit percentages, partner responsibilities, and exit strategies for partners.
business partners agreement (BPA)
WAF (web application firewall)
can serve as a compensating control and protect against web application vulnerabilities like an SQL injection until the application can be fully remediated.
A(n) _______________ access point (AP) uses a standard web browser to provide information, and gives the wireless user the opportunity to agree to a policy or present valid login credentials, providing a higher degree of security.
captive portal
Which of the following elements is LEAST likely to be included in an organization's data retention policy?
classification of information
Which of the following terms best describes threat actors that engage in illegal activities to get the know-how and gain market advantage?
competitors
A cybersecurity analyst is analyzing what they believe to be an active intrusion into their network. The indicator of compromise maps to suspected nation-state group that has strong financial motives, APT 38. Unfortunately, the analyst finds their data correlation lacking and cannot determine which assets have been affected, so they begin to review the list of network assets online. The following servers are currently online: PAYROLL_DB, DEV_SERVER7, FIREFLY, DEATHSTAR, THOR, and DION. Which of the following actions should the analyst conduct first?
conduct a data criticality and prioritization analysis
Following a root cause analysis of an edge router's unexpected failure, a cybersecurity analyst discovered that the system administrator had purchased the device from an unauthorized reseller. The analyst suspects that the router may be a counterfeit device. Which of the following controls would have been most effective in preventing this issue?
conduct secure supply chain management raining
Passive information gathering
consists of numerous activities where the penetration tester gathers open-source or publicly available information without the organization under investigation being aware that the information has been accessed.
OpenIOC
contains a depth of research on APTs but does not integrate the detections and mitigation strategy.
Which of the following is NOT a means of improving data validation and trust?
decrypting data at rest
You have recently been hired as a security analyst at Dion Training. On your first day, your supervisor begins to explain the way their network is configured, showing you the physical and logical placement of each firewall, IDS sensor, host-based IPS installations, the networked spam filter, and the DMZ. What best describes how these various devices are placed into the network for the highest level of security?
defense in depth
A _______________ functions as a separate network that rests outside the secure network perimeter.
demilitarized zone (DMZ)
Risk appetite
describes how much risk an organization is willing to accept.
What is a reverse proxy commonly used for?
directing traffic to internal services if the contents of the traffic comply with the policy
A cybersecurity analyst is reviewing the logs of a proxy server and saw the following URL, http://test.diontraining.com/../../../../etc/shadow. What type of attack has likely occurred?
directory traversing
Which of the following factors has the biggest impact on domain reputation?
distribution of spam
Your company develops an incident response plan. When the Web server undergoes a DoS attack, the incident response team follows the incident response plan and returns the Web server to normal operation. What should be the final outcome of this incident?
document incident`
SSL stripping is an example of
downgrade attack and Denial of service (DOS) attack
All wireless network interface card (NIC) adapters have _______________ antennas.
embedded
A cybersecurity analyst has deployed a custom DLP signature to alert on any files that contain numbers in the format of a social security number (xxx-xx-xxxx). Which of the following concepts within DLP is being utilized?
exact data match
Several users have contacted the help desk to report that they received an email from a well-known bank stating that their accounts have been compromised and they need to "click here" to reset their banking password. Some of these users are not even customers of this particular bank, though. Which of the following social engineering principles is being utilized as a part of this phishing campaign?
familiarity
A _______________ is a feature that controls a device's tolerance for unanswered service requests and helps to prevent a denial of service (DoS) attack.
flood guard
Fibre Channel over Ethernet (FCoE) encapsulates Fibre Channel _______________ over Ethernet networks.
frames
Which of the following methods should a cybersecurity analyst use to locate any instances on the network where passwords are being sent in cleartext?
full packet capture
Which of the following is commonly used in the banking sector to secure numerous large bulk transactions?
hardware security modules (HSMs)
What is a system that is intended or designed to be broken into by an attacker called?
honeypot
Which of the following enables client-side URL redirection?
hosts
Which of state of digital data requires data to be processed in an unencrypted form?
in proccessing
Your email client has been acting strangely recently. Every time you open an email with an image embedded within it, the image is not displayed on your screen. Which of the following is the MOST likely cause of this issue?
incorrect security settings in the email client
Which of the following would a virtual private cloud infrastructure be classified as?
infrastructure as a service
an agreement between organizations that have connected IT systems.
interconnection security agreement (ISA)
a device or software application that monitors a network for malicious activity or policy violations
intrusion detection system (IDS)
Which of the following biometric authentication factors relies on matching patterns on the eye's surface using near-infrared imaging?
iris scan
Aircrack-ng
is a complete suite of wireless security assessment and exploitation tools that includes monitoring, attacking, testing, and cracking of wireless networks
With subnetting, rather than simply having networks and hosts, networks can effectively be divided into three parts: _______________.
network, subnet, and host
The world's most popular open-source port scanning utility
nmap
What popular open-source port scanning tool is commonly used for host discovery and service identification?
nmap
You just received an email from Bob, your investment banker, stating that he completed the wire transfer of $10,000 to your bank account in Vietnam. The problem is, you do not have a bank account in Vietnam!, so you immediately call Bob to ask what happened. Bob explains that he received an email from you requesting the transfer. You insist you never sent that email to Bob initiating this wire transfer. What aspect of PKI could be used to BEST ensure that a sender actually sent a particular email message and avoid this type of situation?
non- repudiation
What is a legal contract outlining the confidential material or information that will be shared by the pentester and the organization during an assessment?
non-disclosure agreement (NDA)
"set type=ns"
nslookup only reports information on name servers.
Which type of monitoring would utilize a network tap?
passive
Which of the following involves trying to get access to your system from an attacker's perspective?
penetration testing
You have just completed identifying, analyzing, and containing an incident. You have verified that the company uses older unencrypted SSDs as part of their default configuration, and the manufacturer does not provide a SE utility for the devices. The storage devices contained top-secret data that would bankrupt the company if it fell into a competitor's hands. After safely extracting the device's data and saving it to a new self-encrypting drive, you have been asked to dispose of the SSDs securely. Which of the following methods should you use?
physically destroy the storage devices
What type of malware changes its binary pattern in its code on specific dates or times to avoid detection by antimalware software?
polymorphic virus
SNMP
port 161
L2TP
port 1701
SCP
port 22
telnet
port 23
SMTP
port 25
RDP
port 3389
What technique is most effective in determining whether or not increasing end-user security training would benefit the organization during your technical assessment of their network?
social engineering
Which of the following types of attacks occurs when an attacker sends unsolicited messages over Facebook messenger?
spimming
Which type of risk control involves enforcing technology to control risk, such as antivirus software, firewalls, and encryption?
technical
Which of the following types of remote access technologies should NOT be used in a network due to its lack of security?
telnet
Risk acceptance
the act of accepting the identified risk and not taking additional actions to reduce the risk because the risk is low enough.
An employee contacts the service desk because they cannot open an attachment they receive in their email. The service desk agent conducts a screen sharing session with the user and investigates the issue. The agent notices that the attached file is named Invoice1043.pdf, and a black pop-up window appears and then disappears quickly when the attachment was double-clicked. Which of the following is most likely causing this issue?
the attachment is using a double file extension to mask its identity
An attacker has compromised a virtualized server. You are conducting forensic analysis as part of the recovery effort but found that the attacker deleted a virtual machine image as part of their malicious activity. Which of the following challenges do you now have to overcome as part of the recovery and remediation efforts?
the attack widely fragmented the image across the host file system
You were conducting a forensic analysis of an iPad backup and discovered that only some of the information is within the backup file. Which of the following best explains why some of the data is missing?
the backup is a differential backup
Which of the following statements does not apply to the concept of OSINT?
Active reconnaissance in penetration testing
Which of the following describes the behavior of a threat actor?
Adversary tactics, techniques, and procedures (TTP)
Raj is working to deploy a new vulnerability scanner for an organization. He wants to verify the information he gets is the most accurate view of the configurations on the organization's traveling salespeople's laptops to determine if any configuration issues could lead to new vulnerabilities. Which of the following technologies would work BEST to collect the configuration information in this situation?
Agent-based scanning
What tool is used to collect wireless packet data?
Aircrack-ng
provides the most detailed and explicit type of access control over a resource because it is capable of making access decisions based on a combination of subject and object attributes, as well as context-sensitive or system-wide attributes.
Attribute-based access control (ABAC)
Which law requires government agencies and other organizations that operate systems on behalf of government agencies to comply with security standards?
FISMA
Using the image provided, select four security features that you should use to best protect your servers in the data center. This can include physical, logical, or administrative protections.
FM-200, Biometric locks, Mantrap, and Antivirus.
A server is located on a DMZ segment. The server only provides FTP service, and there are no other computers on the DMZ segment. You need to configure the DMZ to ensure that communication can occur. Which port should be opened on the Internet side of the DMZ firewall?
FTP uses port 20
Which statement accurately describes a characteristic of FTP Secure (FTPS)?
FTPS is a combination of two technologies (FTP and SSL or TLS).
Which type of biometric authentication system is not subject to false rejection due to illness or minor injury?
Facial Recognition
A registration authority (RA) can do all the following except:
Give recommendations
help clarify processes to maintain standards. tend to be less formal than policies or standards.
Guidelines
Jack is assessing the likelihood of reconnaissance activities being performed against his organization. Which of the following would best classify the likelihood of a port scan being conducted against his DMZ?
HIGH
When conducting forensic analysis of a hard drive, what tool would BEST prevent changing the hard drive contents during your analysis?
Hardware write Blocker
ifconfig
command is used to display information about the current wired network connection on a macOS or Linux system, including its IP address, subnet mask, and MAC address.
Using the image provided, select four security features that you should use with a workstation or laptop within your organization?
Host-based firewall, Network sniffer, a Cable lock, and CAT5e STP cables
appropriate security features to use with a corporate workstation or laptop
Host-based firewall, Network sniffer, a Cable lock, and CAT5e STP cables
Which of the following ports should you block at the firewall if you want to prevent a remote login to a server from occurring?
22 or 23
You have just finished running an nmap scan on a server are see the following output: -=-=-=-=-=-=--=-=-=-=-=-=--=-=-=-=-=-=--=-=-=-=-=-=- # nmap diontraining.com Starting Nmap ( http://nmap.org ) Nmap scan report for diontraining.com (64.13.134.52) Not shown: 996 filtered ports PORT STATE 22/tcp open 23/tcp open 53/tcp open 443/tcp open Nmap done: 1 IP address (1 host up) scanned in 2.56 seconds -=-=-=-=-=-=--=-=-=-=-=-=--=-=-=-=-=-=--=-=-=-=-=-=- Based on the output above, which of the following ports listed as open represents the most significant security vulnerability to your network?
23
What is the size of the initialization vector (IV) that WEP uses for encryption?
24-bit
port used for the Remote Desktop Protocol. (RDP)
3389
You're the administrator for Acme Widgets. After attending a conference on buzzwords for management, your boss informs you that an IDS should be up and running on the network by the end of the week. Which of the following systems should be installed on a host to provide IDS capabilities?
A host-based IDS (HIDS)
Which of the following enables the exchange of information between computer programs
API
Which of the following access control methods provides the most detailed and explicit type of access control over a resource?
ABAC
compatible with x.509
AES, PKCS, and SSL/TLS are all compatible
Your company has decided to begin moving some of its data into the cloud. Currently, your company's network consists of both on-premise storage and some cloud-based storage. Which of the following types of clouds is your company currently using?
Hybrid
The risk-assessment component, in conjunction with the ________, provides the organization with an accurate picture of the situation facing it.
BIA (Business Impact Analysis)
Which of the following physical security controls would be the most effective in preventing an attacker from driving a vehicle through the glass doors at the front of the organization's headquarters?
Bollards
a physical security control that is designed to prevent a vehicle-ramming attack
Bollards
What is the function of a C2 server?
Botnet Control
An attack against encrypted data that relies heavily on computing power to check all possible keys and passwords until the correct one is found is known as:
Brute-force attack
a virtual machine monitor, is a process that creates and runs virtual machines (VMs). allows one host computer to support multiple guest VMs by virtually sharing its resources, like memory and processing.
hypervisor
Which of the following makes it difficult for an eavesdropper to spot patterns and contains a message integrity method to ensure that messages have not been tampered with?
CCMP
The encryption protocol used for WPA2 is the _______________.
CCMP (Computer Mode with Cipher Block chaining message authentication code Protocol)
An industry standard for assessing the severity of computer system security vulnerabilities is known as:
CCVS
Order of Volatility
CPU cache, RAM, swap, hard drive
Which of the following provides a standard nomenclature for describing security-related software flaws?
CVE (common vulnerabilities and exposure)
A cybersecurity analyst has determined that an attack has occurred against your company's network. Fortunately, your company uses a good logging system with a centralized Syslog server, so all the logs are available, collected, and stored properly. According to the cybersecurity analyst, the logs indicate that the database server was the only company server on the network that appears to have been attacked. The network is a critical production network for your organization. Therefore, you have been asked to choose the LEAST disruptive actions on the network while performing the appropriate incident response actions. Which actions do you recommend as part of the response efforts?
Capture network traffic using a sniffer, schedule a period of downtime to image and remediate the affected server, and maintain the chain of custody
From a private corporate perspective, which of the following is most secure?
Centralized key management
a structured approach that is followed to secure company assets
Change Management
A smurf attack attempts to use a broadcast ping on a network; the return address of the ping may be a valid system in your network. Which protocol does a smurf attack use to conduct the attack?
ICMP
What sanitization technique uses only logical techniques to remove data, such as overwriting a hard drive with a random series of ones and zeroes?
Clear
Which term refers to a pay-per-use computing model in which customers pay only for the online computing resources they need?
Cloud Computing
The process of establishing boundaries for information sharing
Compartmentalization
Which of the following is a commonly applied principle for fault tolerance against accidental faults designed into critical facilities planning?
Control redundancy
Adding a token for every POST or GET request that is initiated from the browser to the server can be used to mitigate which of the following attacks?
Cross-site request forgery (XSRF)
Which of the following types of attacks can be done by either convincing the users to click on an HTML page the attacker has constructed or insert arbitrary HTML in a target website that the users visit?
Cross-site request forgery (XSRF)
The encryption technology associated with WPA
TKIP
Remapping a domain name to a rogue IP address is an example of what kind of exploit?
DNS Poisoning
Joseph would like to prevent hosts from connecting to known malware distribution domains. What type of solution should be used without deploying endpoint protection software or an IPS system?
DNS blackholing
Which of the following is an example of fake telemetry?
DNS sinkhole - Return false DNS query results
Review the following packet captured at your NIDS: -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- 23:12:23.154234 IP 86.18.10.3:54326 > 71.168.10.45:3389 Flags [P.], Seq 1834:1245, ack1, win 511, options [nop,nop, TS val 263451334 erc 482862734, length 125 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- After reviewing the packet above, you discovered there is an unauthorized service running on the host. Which of the following ACL entries should be implemented to prevent further access to the unauthorized service while maintaining full access to the approved services running on this host?
Deny IP host 86.18.10.3 EQ 3389
You want to play computer-based video games from anywhere in the world using your laptop or tablet. You heard about a new product called a Shadow PC that is a virtualized Windows 10 Home gaming PC in the cloud. Which of the following best describes this type of service?
Desktop as a Service (DaaS)
Which form of media sanitization might be required for flash-based solid state drives to be considered fully sanitized?
Destruction
Which analysis framework provides a graphical depiction of the attacker's approach relative to a kill chain?
Diamond Model
Your home network is configured with a long, strong, and complex pre-shared key for its WPA2 encryption. You noticed that your wireless network has been running slow, so you checked the list of "connected clients" and see that "Bob's Laptop" is connected to it. Bob lives downstairs and is the maintenance man for your apartment building. You know that you never gave Bob your password, but somehow he has figured out how to connect to your wireless network. Which of the following actions should you take to prevent anyone from connecting to your wireless network without the WPA2 password?
Disabled WPS
Which of the following access control models is the most flexible and allows the resource owner to control the access permissions?
Discretionary access control (DAC
A newer secure version of DNS known as _______________ allows DNS information to be digitally signed so that an attacker cannot forge DNS information.
Domain Name System Security Extensions (DNSSEC)
TEMPEST deals with which of the following forms of environmental control?
EMI shielding
Which of the following answers refers to a cloud computing service model in which clients, instead of buying all the hardware and software, purchase computing resources as an outsourced service from suppliers who own and maintain all the necessary equipment and software?
IaaS
Which role validates the user's identity when using SAML for authentication?
IdP (identity Provider
During an assessment of the POS terminals that accept credit cards, a cybersecurity analyst notices a recent Windows operating system vulnerability exists on every terminal. Since these systems are all embedded and require a manufacturer update, the analyst cannot install Microsoft's regular patch. Which of the following options would be best to ensure the system remains protected and are compliant with the rules outlined by the PCI DSS?
Identify, implement and document compensating controls
Dion Training allows its visiting business partners from CompTIA to use an available Ethernet port in their conference room to establish a VPN connection back to the CompTIA internal network. The CompTIA employees should obtain internet access from the Ethernet port in the conference room, but nowhere else in the building. Additionally, if a Dion Training employee uses the same Ethernet port in the conference room, they should access Dion Training's secure internal network. Which of the following technologies would allow you to configure this port and support both requirements?
Implement Network access control (NAC)
A supplier needs to connect several laptops to an organization's network as part of their service agreement. These laptops will be operated and maintained by the supplier. Victor, a cybersecurity analyst for the organization, is concerned that these laptops could contain some vulnerabilities that could weaken the network's security posture. What can Victor do to mitigate the risk to other devices on the network without having direct administrative access to the supplier's laptops?
Implement a jumpbox system
An incremental backup backs up files that have changed since the last full or partial backup.
Incremental backup
Which of the following answers refers to a countermeasure against code injection?
Input Validation
Which of the following secure coding best practices ensures special characters like <, >, /, and ' are not accepted from the user via a web form?
Input handling
A corporate workstation was recently infected with malware. The malware was able to access the workstation's credential store and steal all the usernames and passwords from the machine. Then, the malware began to infect other workstations on the network using the usernames and passwords it stole from the first workstation. The IT Director has directed its IT staff to develop a plan to prevent this issue from occurring again. Which of the following would BEST prevent this from reoccurring?
Install an anti-virus or antimalware solution that uses heuristic analysis
Which of the fields included within a digital certificate identifies the directory name of the entity signing the certificate?
Issuer
Which of the following technologies is NOT a shared authentication protocol?
LDAP
Which protocol relies on mutual authentication of the client and the server for its security?
LDAPS
provides a general life cycle description of how attacks occur but do not deal with the specifics of how to mitigate.
Lockheed Martin cyber Kill Chain
Which analysis framework makes no allowance for an adversary retreat in its analysis?
Lockheed martin cyber kill chain
The Security Operations Center Director for Dion Training received a pop-up message on his workstation that said, "You will regret firing me; just wait until Christmas!" He suspects the message came from a disgruntled former employee who may have set up a piece of software to create this pop-up on his machine. The director is now concerned that other code might be lurking within the network that could negatively affect Christmas. He directs his team of cybersecurity analysts to begin searching the network for this suspicious code. What type of malware should they be searching for?
Logic bomb
Dion Training is building a new data center. The group designing the facility has decided to provide additional HVAC capacity to ensure the data center maintains a consistently low temperature. Which of the following is the most likely benefit that will be achieved by increasing the designed HVAC capacity?
Longer MTBF of hardware due to lower operating temperatures
What type of wireless security measure can easily be defeated by a hacker by spoofing the hardware address of their network interface card?
MAC Filtering
Dion Training has an open wireless network called "InstructorDemos" for its instructors to use during class, but they do not want any students connecting to this wireless network. The instructors need the "InstructorDemos" network to remain open since some of their IoT devices used during course demonstrations do not support encryption. Based on the requirements provided, which of the following configuration settings should you use to satisfy the instructor's requirements and prevent students from using the "InstructorDemos" network?
MAC filtering - prevent the students from connecting to the network while still keeping the network open
Keith wants to validate the application file that he downloaded from the vendor of the application. Which of the following should he compare against the file to verify the integrity of the downloaded application?
MD5 or SHA1 hash digest of the file
Which analysis framework provides the most explicit detail regarding how to mitigate or detect a given threat?
MITRE ATT&CK Framwork
provides explicit pseudo-code examples for detecting or mitigating a given threat within a network and ties specific behaviors back to individual actors.
MITRE ATT&CK framework
An AI feature that enables it to accomplish tasks based on training data without explicit human instructions is called:
ML
Which of the following is more formal than a handshake agreement but not a legal binding contract?
MOU (A memorandum of understanding)
You are conducting an incident response and want to determine if any account-based indicators of compromise (IoC) exist on a compromised server. Which of the following would you NOT search for on the server?
Malicious Processes
requires all access to be predefined based on system classification, configuration, and authentication.
Mandatory Access Control (MAC)
Which of the following is a high-security installation that requires visual identification, as well as authentication, to gain access?
Mantrap
Dion Training is in early discussions with a large university to license its cybersecurity courses as part of their upcoming semester. Both organizations have decided to enter into an exploratory agreement while negotiating the detailed terms of the upcoming contract. Which of the following documents would best serve this purpose?
Memorandum of understanding (MOU)
used as a preliminary or exploratory agreement to express their intent for the two companies to work together.
Memorandum of understanding (MOU)
Which of the following security controls provides Windows system administrators with an efficient way to deploy system configuration settings across many devices?
Microsoft's Group Policy Object (GPO)
During your review of the firewall logs, you notice that an IP address from within your company's server subnet had been transmitting between 125 to 375 megabytes of data to a foreign IP address overnight each day. You have determined this has been occurring for approximately 5 days, and the affected server has since been taken offline for forensic review. Which of the following is MOST likely to increase the impact assessment of the incident?
PII of company employees and customers was exfiltrated
Can pass multiple protocols and is widely used today as a transport protocol for dial-up connections. Although provides no security and all activities are unsecure.
PPP
Which of the following is information that is unlikely to result in a high-level financial loss or serious damage to the organization but still should be protected?
Private data
You are in the recovery steps of an incident response. Throughout the incident, your team never successfully determined the root cause of the network compromise. Which of the following options would you LEAST likely perform as part of your recovery and remediation actions?
Proactively sanitize and reimage all of your routers and switchers
Which of the following is a common storage networking standard chosen by businesses for ease of installation, cost, and utilization of current Ethernet networks?
iSCSI (Internet Small Computer System Interface)
What term describes the amount of risk an organization is willing to accept?
Risk appetite
Which device stores information about destinations in a network
Router
Which of the following devices is the most capable of providing infrastructure security?
Router
Which statement accurately describes Secure FTP (SFTP)
SFTP is an entire protocol itself
Which statement accurately describes Secure FTP (SFTP)?
SFTP is an entire protocol itself.
During her login session, Sally is asked by the system for a code sent to her via text (SMS) message. Which of the following concerns should she raise to her organization's AAA services manager?
SMS messages may be accessible to attackers via VoIP or other systems
Which security tool is used to facilitate incident response, threat hunting, and security configuration by orchestrating automated runbooks and delivering data enrichment?
SOAR
Which of the following categories would contain information about a French citizen's race or ethnic origin?
SPI
Dion Training has just suffered a website defacement of its public-facing webserver. The CEO believes the company's biggest competitor may have done this act of vandalism. The decision has been made to contact law enforcement so that evidence can be collected properly for use in a potential court case. Laura is a digital forensics investigator assigned to collect the evidence. She creates a bit-by-bit disk image of the web server's hard drive as part of her evidence collection. What technology should Laura use after creating the disk image to verify the copy's data integrity matches that of the original web server's hard disk?
Sha-256
Which of the following protocols is commonly used to collect information about CPU utilization and memory usage from network devices?
Simple network management protocol (SNMP)
Which of the following is a primary vulnerability of a wireless environment?
Site survey
Which cloud computing concept is BEST described as focusing on the replacement of applications and programs on a customer's workstation with cloud-based resources?
Software as a Service (SaaS)
is used to provide web applications to end-users. This can be a calendar, scheduling, invoicing, word processor, database, or other programs. For example, Google Docs and Officer 365 are both word processing SaaS solutions.
Software as a Service (SaaS)
the cloud computing vendor provides access to the vendor's software applications running on a cloud infrastructure
Software as a Service (SaaS)
Which of the following types of attacks are usually used as part of a man-in-the-middle attack?
Spoofing
What kind of virus could attach itself to the boot sector of your disk to avoid detection and report false information about file sizes?
Stealth virus
What device acts primarily as a tool to improve network efficiency
Switch
Which of the following authentication protocols was developed by Cisco to provide authentication, authorization, and accounting services?
TACAS+
Which Linux utility can show if there is more than one set of documentation on the system for a command you are trying to find information on?
Whatis
When is business continuity needed?
When business processes are threatened
What information should be recorded on a chain of custody form during a forensic investigation?
any individual who worked with evidence during the investigation
You have been hired to investigate a possible insider threat from a user named Terri. Which command would you use to review all sudo commands ever issued by Terri (whose login account is terri and UID=1003) on a Linux system? (Select the MOST efficient command)
journalctl_UID=1003 | grep sudo
HTTP
port 80
kerberos
port 88
You work as a cybersecurity analyst at a software development firm. The software developers have begun implementing commercial and open source libraries into their codebase to minimize the time it takes to develop and release a new application. Which of the following should be your biggest concern as a cybersecurity analyst?
any security flaws present in the library will also be present in the developed application
You are installing Windows 2016 on a rack-mounted server and hosting multiple virtual machines within the physical server. You just finished the installation and now want to begin creating and provisioning the virtual machines. Which of the following should you utilize to allow you to create and provision the virtual machines?
hypervisor
Microsoft's Group Policy Object (GPO)
a collection of Group Policy settings that defines what a system will look like and how it will behave for a defined group of users.
FM-200
a fire extinguishing system commonly used in data centers and server rooms to protect the servers from fire.
You are reviewing a rule within your organization's IDS. You see the following output: -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any msg: "BROWSER-IE Microsoft Internet Explorer CacheSize exploit attempt"; flow: to_client,established; file_data; content:"recordset"; offset:14; depth:9; content:".CacheSize"; distance:0; within:100; pcre:"/CacheSize\s*=\s*/"; byte_test:10,>,0x3ffffffe,0,relative,string; max-detect-ips drop, service http; reference:cve,2016-8077; classtype: attempted-user; sid:65535;rev:1; -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Based on this rule, which of the following malicious packets would this IDS alert on?
a malicious outbound TCP packet
A virtual private network (VPN)
a secure tunnel created between two endpoints connected via an insecure network, typically the internet.
Risk mitigation
a strategy to prepare for and lessen the effects of threats faced by a data center. refers to applying security controls to reduce the risk of a known vulnerability.
User and entity behavior analytics (UEBA)
a system that can provide an automated identification of suspicious activity by user accounts and computer hosts.
Virtual desktop infrastructure (VDI)
a virtualization implementation that separates the personal computing environment from a user's physical computer.
In which of the following types of architecture is the user responsible for the creation of the private and public key?
a. Decentralized key management
Which type of firewall packet filtering looks at the incoming packet and permits or denies it based on the conditions that have been set by the administrator?
a. Stateless packet filtering
What is the most common protocol used today for both local area networks (LANs) and the Internet?
a. Transmission Control Protocol/Internet Protocol (TCP/IP)
policies describes how the employees in an organization can use company systems and resources, both software and hardware?
acceptable use
You are the security administrator for your company. You identify a security risk. You decide to continue with the current security plan. However, you develop a contingency plan to execute only if the security risk occurs. Which type of risk response strategy are you demonstrating?
acceptance
You collect evidence after an attack has occurred. You need to ensure that the evidence collected follows chain of custody procedures. Which stage is NOT a part of the life cycle of evidence?
accreditation
gathering information on the targeted system with the use of various non-invasive software tools and techniques, such as pinging, port scanning, or OS fingerprinting.
active reconnaissance
A cybersecurity analyst is working at a college that wants to increase its network's security by implementing vulnerability scans of centrally managed workstations, student laptops, and faculty laptops. Any proposed solution must scale up and down as new students and faculty use the network. Additionally, the analyst wants to minimize the number of false positives to ensure accuracy in their results. The chosen solution must also be centrally-managed through an enterprise console. Which of the following scanning topologies would be BEST able to meet these requirements?
active scanning engine installed on the enterprise control
Susan, a help desk technician at Dion Training, has received several trouble tickets today related to employees receiving the same email as part of a phishing campaign. She has determined that the email's malicious link is not being blocked by the company's security suite when a user clicks the link. Susan asks you what action can be performed to prevent a user from reaching the website associated with the malicious link in the phishing email. What action do you recommend she utilize?
add the malicious domain name should be added to the blacklist of the company's content filter and web proxy
What tool is used to collect wireless packet data?
aircrack-ng
Your organization is updating its Acceptable User Policy (AUP) to implement a new password standard that requires a guest's wireless devices to be sponsored before receiving authentication. Which of the following should be added to the AUP to support this new requirement?
all guests must provide valid identification when registering their wireless devices for use on the network
buffer overflow
an anomaly that occurs when a program overruns the buffer's boundary and overwrites adjacent memory locations while writing data to a buffer
Network Access Control (NAC)
an approach to computer security that attempts to unify endpoint security technology (such as anti-virus, host intrusion prevention, and vulnerability assessment), user or system authentication, and network security enforcement.
A small business recently experienced a catastrophic data loss due to flooding from a recent hurricane. The customer had no backups, and all of the hardware associated with the small business was destroyed during the flooding. As part of the rebuilding process, the small business contracts with your company to help create a disaster recovery plan to ensure this never reoccurs again. Which of the following recommendations should you include as part of the disaster recovery plan?
backups should be conducted to a cloud-based storage solution
You have been asked to determine if Dion Training's web server is vulnerable to a recently discovered attack on an older version of SSH. Which technique should you use to determine the current version of SSH running on their web server?
banner grabbing
Alexa is an analyst for a large bank that has offices in multiple states. She wants to create an alert to detect when an employee from one bank office logs into a workstation located at an office in another state. What type of detection and analysis is Alexa configuring?
behavior
An NDA (nondisclosure agreement) is typically signed by?
beta testers
A load balancer is typically located _______________ in a network configuration.
between a router and a server
Dion Training is concerned with the possibility of employees accessing another user's workstation in secured areas without their permission. Which of the following would BEST be able to prevent this from happening?
biometric identification for user logins
What tool is used in Windows to encrypt an entire volume?
bitlocker
You are conducting a penetration test on an application for a client. The client provides you with no details about the source code and development process. What type of test will you likely be conducting?
black box
data that is going to be encrypted is broken into chunks of data and then encrypted, the type of encryption
block cipher
What technology is NOT PKI x.509 compliant and cannot be used in various secure functions?
blowfish
A situation in which an application writes to an area of memory it is not supposed to have access to is referred to as:
buffer overflow
A type of exploit that relies on overwriting contents of memory to cause unpredictable results in an application is called:
buffer overflow
A cybersecurity analyst has determined that an attack has occurred against your company's network. Fortunately, your company uses a good logging system with a centralized Syslog server, so all the logs are available, collected, and stored properly. According to the cybersecurity analyst, the logs indicate that the database server was the only company server on the network that appears to have been attacked. The network is a critical production network for your organization. Therefore, you have been asked to choose the LEAST disruptive actions on the network while performing the appropriate incident response actions. Which actions do you recommend as part of the response efforts?
capture network traffic using a sniffer, schedule a period of downtime to image and remediate the affected server, and maintain the chain of custody
You conducted a security scan and found that port 389 is being used when connecting to LDAP for user authentication instead of port 636. The security scanning software recommends that you remediate this by changing user authentication to port to 636 wherever possible. What should you do?
change all devices and servers that support port 636 since encrypted services run by default on port 636
the structured approach that is followed to secure the company's assets
change management
A hacker successfully modified the sale price of items purchased through your company's web site. During the investigation that followed, the security analyst has verified the web server, and the Oracle database was not compromised directly. The analyst also found no attacks that could have caused this during their log verification of the Intrusion Detection System (IDS). What is the most likely method that the attacker used to change the items' sale price?
changing hidden form values
Hybrid Cloud
cloud computing environment that uses a mix of on-premises, private cloud, and third-party public cloud services with orchestration between these platforms.
Which of the following types of digital forensic investigations is most challenging due to the on-demand nature of the analyzed assets?
cloud services
During your annual cybersecurity awareness training in your company, the instructor states that employees should be careful about what information they post on social media. According to the instructor, if you post too much personal information on social media, such as your name, birthday, hometown, and other personal details, it is much easier for an attacker to conduct which type of attack to break your passwords?
cognitive password attack
Which of the following should be implemented if the organization wants to monitor unauthorized transfers of confidential information?
content inspection
Which term is used in software development to refer to the method in which app and platform updates are committed to a production environment rapidly?
continuous deployment
Vulnerability scanning
could only be used to detect the issue. Is a detective control
Which of the following actions should be done FIRST after forensically imaging a hard drive for evidence in an investigation?
create a hash digest of the source drive and the image file to ensure they match
Mantrap
creates a boundary between a lower security area (such as the offices) and the higher security area (the server room).
Which of the following is a senior role with the ultimate responsibility for maintaining confidentiality, integrity, and availability in a system?
data owner
A cybersecurity analyst is applying for a new job with a penetration testing firm. He received the job application as a secured Adobe PDF file, but unfortunately, the firm locked the file with a password so the potential employee could not fill in the application. Instead of asking for an unlocked copy of the document, the analyst decides to write a script in Python to attempt to unlock the PDF file by using passwords from a list of commonly used passwords until he can find the correct password or attempts every password in his list. Based on this description, what kind of cryptographic attack did the analyst perform?
dictionary attack
VPN transmissions are achieved through communicating with _______________.
endpoints
You are attending a cybersecurity conference and just watched a security researcher demonstrating the exploitation of a web interface on a SCADA/ICS component. This caused the device to malfunction and be destroyed. You recognize that the same component is used throughout your company's manufacturing plants. Which of the following mitigation strategies would provide you with the most immediate protection against this emergent threat?
evaluate if the web interface must remain open for the system to function; if it isn't needed, block the web interface
Vulnerability scans must be conducted continuously to meet regulatory compliance requirements for the storage of PHI. During the last vulnerability scan, a cybersecurity analyst received a report of 2,592 possible vulnerabilities and was asked by the Chief Information Security Officer (CISO) for a plan to remediate all the known issues. Which of the following should the analyst do next?
filter the scan results to include only those items listed as critical in the asset inventory and remediate those vulnerabilities first
a fire extinguishing system commonly used in data centers and server rooms to protect the servers from fire.
fm-200
When conducting forensic analysis of a hard drive, what tool would BEST prevent changing the hard drive contents during your analysis?
hardware write blocker
Barbara received a phone call from a colleague asking why she sent him an email with lewd and unusual content. Barbara doesn't remember sending the email to the colleague. What is Barbara MOST likely the victim of?
hijacked email
A cybersecurity analyst is attempting to classify network traffic within an organization. The analyst runs the tcpdump command and receives the following output: -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- $ tcpdump -n -i eth0 15:01:35.170763 IP 10.0.19.121.52497 > 11.154.12.121.ssh: P 105:157(52) ack 18060 win 16549 15:01:35.170776 IP 11.154.12.121.ssh > 10.0.19.121.52497: P 23988:24136(148) ack 157 win 113 15:01:35.170894 IP 11.154.12.121.ssh > 10.0.19.121.52497: P 24136:24380(244) ack 157 win 113 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Which of the following statements is true based on this output?
his output from the tcpdump command is displaying three packets in a larger sequence of events. Based solely on these three packets, we can only be certain that the server (11.154.12.121) runs an SSH server over port 22.
You have been hired as a consultant to help Dion Training develop a new disaster recovery plan. Dion Training has recently grown in the number of employees and information systems infrastructure used to support its employees. Unfortunately, Dion Training does not currently have any documentation, policies, or procedures for its student and faculty networks. What is the first action you should take to assist them in developing a disaster recovery plan?
identify the organization's assets
Which command would be used to display the IP address and subnet mask for the wired network connection on a macOS or Linux system?
ifconfig
used to display information about the current wired network connection on a macOS or Linux system, including its IP address, subnet mask, and MAC address.
ifconfig
In 2014, Apple's implementation of SSL had a severe vulnerability that, when exploited, allowed an attacker to gain a privileged network position that would allow them to capture or modify data in an SSL/TLS session. This was caused by poor programming in which a failed check of the connection would exit the function too early. Based on this description, what is this an example of?
improper error handling
SQL injection
injection is a code injection technique used to attack data-driven applications. Malicious SQL statements are inserted into an entry field for execution, such as dumping the database contents to the attacker.
What control provides the best protection against both SQL injection and cross-site scripting attacks?
input validation
A cybersecurity analyst is reviewing the logs of a proxy server and saw the following URLs: -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- https://test.diontraining.com/profile.php?userid=1546 https://test.diontraining.com/profile.php?userid=5482 https://test.diontraining.com/profile.php?userid=3618 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- What type of vulnerability does this website have?
insecure direct object reference
You have been asked to recommend a capability to monitor all of the traffic entering and leaving the corporate network's default gateway. Additionally, the company's CIO requests to block certain content types before it leaves the network based on operational priorities. Which of the following solution should you recommend to meet these requirements?
install NIPS on the internal interface and a firewall on the external interface of the router
A corporate workstation was recently infected with malware. The malware was able to access the workstation's credential store and steal all the usernames and passwords from the machine. Then, the malware began to infect other workstations on the network using the usernames and passwords it stole from the first workstation. The IT Director has directed its IT staff to develop a plan to prevent this issue from occurring again. Which of the following would BEST prevent this from reoccurring?
install an anti-virus or anti-malware solution that uses heuristic analysis
Your company has recently adopted a new security policy that states that all confidential e-mails must be signed using a digital signature. Which three elements are provided by implementation of this technology?
integrity, authentication and non-repudiation
An organization is partnering with another organization which requires shared systems. Which of the following documents would outline how the shared systems interface?
interconnection security agreement (ISA)
Your company wants to install a network appliance that can scan traffic as it is entering the network. The appliance will use signature-based detection to determine if any network traffic entering the network is malicious. If malicious traffic is observed, it will be logged and an alert created. Which of the following technologies would this network appliance be categorized as?
intrusion detection system (IDS)
Common Vulnerabilities and Exposures (CVE)
is an element of the Security Content Automation Protocol (SCAP) that provides a standard nomenclature for describing security flaws or vulnerabilities.
You are notified by an external organization that an IP address associated with your company's email server has been sending spam emails requesting funds as part of a lottery collection scam. An investigation into the incident reveals the email account used was Connor from the sales department and that Connor's email account was only used from one workstation. You analyze Connor's workstation and discover several unknown processes running, but netflow analysis reveals no attempted lateral movement to other workstations on the network. Which containment strategy would be most effective to use in this scenario?
isolate the workstation computer by disabling the switch port and reset Connor's username/password
Your organization has recently implemented a new security policy that includes the implementation of the principle of least privilege. You need to ensure that users understand this principle and implement the appropriate procedures to adhere to this principle. What is the best implementation of this principle?
issuing the run as command to execute administrative tasks during a regular user session
A cybersecurity analyst just finished conducting an initial vulnerability scan and is reviewing their results. To avoid wasting their time on results that are not really a vulnerability, the analyst wants to remove any false positives before remediating the findings. Which of the following is an indicator that something in their results would be a false positive?
items classified by the system as low or as for informational purposes only
A cybersecurity analyst just finished conducting an initial vulnerability scan and is reviewing their results. To avoid wasting time on results that are not really a vulnerability, the analyst wants to remove any false positives before remediating the findings. Which of the following is an indicator that something in their results would be a false positive?
items classified by the system as low or as for informational purposes only
Which type of system would classify traffic as malicious or benign based on explicitly defined examples of malicious and benign traffic?
machine learning
Using _______________, filters can assess if a webpage contains any malicious elements or exhibits any malicious behavior, and then flag questionable pages with a warning message.
malware inspection and filtering
What kind of attack is an example of IP spoofing?
man-in-the middle
provides security as a service (SECaaS).
managed security service provider (MSSP)
Dion Training has implemented a new mandatory vacation policy to help identify any malicious insiders or employees. Which of the following control types would this policy be categorized?
managerial
You have been asked to write a new security policy to reduce the risk of employees working together to steal information from the Dion Training corporate network. Which of the following policies should you create to counter this threat?
mandatory vacation policy
Which operating system feature is designed to detect malware that is loaded early in the system startup process or before the operating system can load itself?
measured boot
Ports can be secured through disabling unused interfaces, using _______________, and through IEEE 802.1x.
media access control (MAC) limiting and filtering
a document that outlines the terms and details of an agreement between parties, including each party's requirements and responsibilities.
memorandum of understanding (MOU)
Windows file servers commonly hold sensitive files, databases, passwords, and more. What common vulnerability is usually used against a Windows file server to expose sensitive files, databases, and passwords?
missing patches
Race Condition
occur when the outcome from execution processes is directly dependent on the order and timing of certain events.
A smurf attack
occurs when an attacker sends a ping to a subnet broadcast address and devices reply to spoofed IP (victim server), using up bandwidth and processing power.
An organization is looking for a basic mobile solution which will be used to prevent unauthorized access to users' phones. Which of the following fulfills this requirement?
passcode policy
A penetration tester hired by a bank began searching for the bank's IP ranges by performing lookups on the bank's DNS servers, reading news articles online about the bank, monitoring what times the bank's employees came into and left work, searching job postings (with a special focus on the bank's information technology jobs), and even searching the corporate office of the bank's dumpster. Based on this description, what portion of the penetration test is being conducted?
passive information gathering
gathering any type of publicly available information that can be used later for exploiting vulnerabilities found in the targeted system.
passive reconnaissance
Which of the following would NOT be useful in defending against a zero-day threat?
patching is not effective against zero-day threats
A new alert has been distributed throughout the information security community regarding a critical Apache vulnerability. What action could you take to ONLY identify the known vulnerability?
perform a scan for the specific vulnerability on all web servers
URL redirection is a characteristic feature of:
pharming
What is the lowest layer (bottom layer) of a bare-metal virtualization environment?
physical hardware
LDAP
port 389
DNS
port 53
TFTP
port 69
While performing a vulnerability scan, Christina discovered an administrative interface to a storage system is exposed to the internet. She looks through the firewall logs and attempts to determine whether any access attempts have occurred from external sources. Which of the following IP addresses in the firewall logs would indicate a connection attempt from an external source?
private IP addresses are either 10.x.x.x, 172.16-31.x.x, or 192.168.x.x. All other IP addresses are considered publicly routable over the internet (except localhost and APIPA addresses). Therefore, the answer must be 192.186.1.100
A penetration tester is using a known vulnerability to compromise an Apache webserver. After they gain access to the server, what is their next step to pivot to a protected system behind the DMZ?
privilege escalation
Lockheed Martin cyber kill chain
provides a general life cycle description of how attacks occur but do not deal with the specifics of how to mitigate.
Diamond Model
provides an excellent methodology for communicating cyber events and allowing analysts to derive mitigation strategies implicitly. is constructed around a graphical representation of an attacker's behavior.
MITRE ATT&CK framework
provides explicit pseudo-code examples for detecting or mitigating a given threat within a network and ties specific behaviors back to individual actors.
Taylor needs to sanitize hard drives from some leased workstations before returning them to a supplier at the end of the lease period. The workstations' hard drives contained sensitive corporate data. Which is the most appropriate choice to ensure that data exposure doesn't occur during this process?
purge, validate, and document the sanitation of the drives
A malfunction in a preprogrammed sequential access to a shared resource is described as:
race condition
A popular game allows for in-app purchases to acquire extra lives in the game. When a player purchases the extra lives, the number of lives is written to a configuration file on the gamer's phone. A hacker loves the game but hates having to buy lives all the time, so they developed an exploit that allows a player to purchase 1 life for $0.99 and then modifies the content of the configuration file to claim 100 lives were purchased before the application reading the number of lives purchased from the file. Which of the following type of vulnerabilities did the hacker exploit? Sensitive data exposure
race condition
You are working as part of the server team for an online retail store. Due to the upcoming holidays, your boss is worried that the current servers may not be able to handle the increased demand during a big sale. Which of the following cloud computing concepts can quickly allow services to scale upward during busy periods and scale down during slower periods based on the changing user demand?
rapid elasticity
the length of time it will take to recover the data that has been backed up.
recovery time objective (RTO)
You have been hired as a consultant by Dion Training to review their current disaster recovery plans. The CEO has requested that the plans ensure that the company can limit downtime in the event of a disaster. Still, due to staffing concerns, he cannot approve the budget to implement or maintain a fully redundant offsite location to ensure a 99.999% availability. Based on that limitation, what should you recommend to the CEO?
redundant hardware be maintained at the offsite location and configure it to be ready for the recovery of the companys backup data when needed
The practice of modifying an application's code without changing its external behavior is referred to as:
refactoring
Which of the following terms refer to software/hardware driver manipulation techniques
refactoring and shimming
Which of the following type of threats did the Stuxnet attack rely on to cross an airgap between a business and an industrial control system network?
removable data
You have been asked to install a computer in a public workspace. Only an authorized user should use the computer. Which of the following security requirements should you implement to prevent unauthorized users from accessing the network with this computer?
require authentication on wakeup
Fail To Pass Systems has just been the victim of another embarrassing data breach. Their database administrator needed to work from home this weekend, so he downloaded the corporate database to his work laptop. On his way home, he left the laptop in an Uber, and a few days later, the data was posted on the internet. Which of the following mitigations would have provided the greatest protection against this data breach?
require data at rest encryption on all endpoints
You are developing your vulnerability scanning plan and attempting to scope your scans properly. You have decided to focus on the criticality of a system to the organization's operations when prioritizing the system in the scope of your scans. Which of the following would be the best place to gather the criticality of a system?
review the asset inventory and the BCP.
Recently, you discovered an unauthorized device during a search of your corporate network. The device provides nearby wireless hosts to access the corporate network's resources. What type of attack is being utilized?
rogue access point
You are an analyst and have been asked to review and categorize the following output from a packet analysis in Wireshark: -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Source Destination Protocol Length Info 192.168.3.145 4.4.2.2 DNS 74 Standard query 0xaed A test.diontraining.com 4.4.2.2 192.168.3.145 DNS 90 Standard query response 0x3aed A test.diontraining.com A 173.12.15.23 192.168.3.145 173.12.15.23 TCP 78 48134 -80 [SYN] seq=0 Win=65635 Len=0 MSS=1426 WS=16 TSVal=486234134 Tsecr=0 SACK_PERM=1 173.12.15.23 192.168.3.145 TCP 78 80-48134 [SYN,ACK] seq=0 Ack=1 Win=65535 Len=0 MSS=1426 WS=4 TSVal=0 Tsecr=0 SACK_PERM=1 a1=486234134 Tsecr=240612 192.168.3.145 192.168.3.255 NBNS 92 Namequery NB WORKGROUP 34.250.23.14 192.168.3.145 TCP 60 443 - 48134 [RST] Seq=1 Win=0 Len=0 34.250.23.14 192.168.3.145 TCP 60 8080 - 48134 [RST] Seq=1 Win=0 Len=0 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Based on your review, what does this scan indicate?
tHIS APPEARS TO BE NORMAL TRAFFIC.
Dion Training requires that the staff simulate their response to a potential data breach. During this simulation, the staff gathers in the conference room and discusses each action they would take as part of their response. This information is then analyzed to ensure the company's data breach response playbook is up to date and would work properly when needed. Which of the following best describes what the staff did?
tabletop exercise
involves gathering the key staff of an organization and discussing their actions during a potential unwanted event.
tabletop exercise
You are creating a script to filter some logs so that you can detect any suspected malware beaconing. Which of the following is NOT a typical means of identifying a malware beacons behavior on the network?
the beacons protocol
Risk avoidance
the elimination of hazards, activities, and exposures that can negatively affect an organization's assets.
You just received a notification that your company's email servers have been blacklisted due to reports of spam originating from your domain. What information do you need to start investigating the source of the spam emails?
the full email header from one of the spam messages
You are conducting threat hunting on your organization's network. Every workstation on the network uses the same configuration baseline and contains a 500 GB HDD, 4 GB of RAM, and the Windows 10 Enterprise operating system. You know from previous experience that most of the workstations only use 40 GB of space on the hard drives since most users save their files on the file server instead of the local workstation. You discovered one workstation that has over 250 GB of data stored on it. Which of the following is a likely hypothesis of what is happening, and how would you verify it?
the host might be use as a staging area for data exfiltration -- you should conduct volume-based trend analysis on the host's storage device
An electronics store was recently the victim of a robbery where an employee was injured, and some property was stolen. The store's IT department hired an external supplier to expand its network to include a physical access control system. The system has video surveillance, intruder alarms, and remotely monitored locks using an appliance-based system. Which of the following long-term cybersecurity risks might occur based on these actions?
these devices should be isolated from the rest of the enterprise network
The Pass Certs Fast corporation has recently been embarrassed by several high profile data breaches. The CIO proposes improving the company's cybersecurity posture by migrating images of all the current servers and infrastructure into a cloud-based environment. What, if any, is the flaw in moving forward with this approach?
this approach only changes the location of the network and not the attack surface of it
What is the utilization of insights gained from threat research and threat modeling to proactively discover evidence of adversarial TTPs within a network or system called?
threat hunting
Which of the following features is supported by Kerberos but not by RADIUS and Diameter?
tickets used to identify authenticated users
Which of the following methods is used to replace all or part of a data field with a randomly generated number used to reference the original value stored in another vault or database?
tokenization
You are attempting to prioritize your vulnerability scans based on the data's criticality. This will be determined by the asset value of the data contained in each system. Which of the following would be the most appropriate metric to use in this prioritization?
type of data processed by the system
Transferring files can be performed using the File Transfer Protocol (FTP), which is a(n) _______________ TCP/IP protocol.
unsecure
Ryan needs to verify the installation of a critical Windows patch on his organization's workstations. Which method would be the most efficient to validate the current patch status for all of the organization's Windows 10 workstations?
use SCCM to validate patch status for each machine on the domain
Biometric Locks
used in high-security areas as a lock on the access door. could be used for a server by using a USB fingerprint reader.
Which technique would provide the largest increase in security on a network with ICS, SCADA, or IoT devices?
user and entity behavior analytics
You have been investigating how a malicious actor could exfiltrate confidential data from a web server to a remote host. After an in-depth forensic review, you determine that a rootkit's installation had modified the web server's BIOS. After removing the rootkit and reflash the BIOS to a known good image, what should you do to prevent the malicious actor from affecting the BIOS again?
utilize a secure boot
You have been investigating how a malicious actor could exfiltrate confidential data from a web server to a remote host. After an in-depth forensic review, you determine that a rootkit's installation had modified the web server's BIOS. After removing the rootkit and reflash the BIOS to a known good image, what should you do to prevent the malicious actor from affecting the BIOS again? Install an anti-malware application
utilize secure boot
A customer brought in a computer that has been infected with a virus. Since the infection, the computer began redirecting all three of the system's web browsers to a series of malicious websites whenever a valid website is requested. You quarantined the system, disabled the system restore, and then perform the remediation to remove the malware. You have scanned the machine with several anti-virus and anti-malware programs and determined it is now cleaned of all malware. You attempt to test the web browsers again, but a small number of valid websites are still being redirected to a malicious website. Luckily, the updated anti-virus you installed blocked any new malware from infecting the system. Which of the following actions should you perform NEXT to fix the redirection issue with the browsers?
verify the hosts.ini file has not been maliciously modified
Which of the following is a cloud-based security solution mainly found in private data centers?
virtual private cloud (VPC)
A new security appliance was installed on a network as part of a managed service deployment. The vendor controls the appliance, and the IT team cannot log in or configure it. The IT team is concerned about the appliance receiving the necessary updates. Which of the following mitigations should be performed to minimize the concern for the appliance and updates? Configuration management
vulnerability scanning
An optimal Wireless Access Point (WAP) antenna placement provides a countermeasure against:
war driving
A cybersecurity analyst is preparing to run a vulnerability scan on a dedicated Apache server that will be moved into a DMZ. Which of the following vulnerability scans is most likely to provide valuable information to the analyst?
web application vulnerability scan
Which of the following types of attacks occurs when an attacker specifically targets the CEO, CFO, CIO, and other board members during their attack?
whaling
An organization is conducting a cybersecurity training exercise. What team is Jason assigned to if he has been asked to monitor and manage the defenders' and attackers' technical environment during the exercise?
white team
Your company just launched a new invoicing website for use by your five largest vendors. You are the cybersecurity analyst and have been receiving numerous phone calls that the webpage is timing out, and the website overall is performing slowly. You have noticed that the website received three million requests in just 24 hours, and the service has now become unavailable for use. What do you recommend should be implemented to restore and maintain the availability of the new invoicing system?
whitelisting
You have been asked to scan your company's website using the OWASP ZAP tool. When you perform the scan, you received the following warning: "The AUTOCOMPLETE output is not disabled in HTML FORM/INPUT containing password type input. Passwords may be stored in browsers and retrieved." You begin to investigate further by reviewing a portion of the HTML code from the website that is listed below: -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- <form action="authenticate.php"> Enter your username: <BR> <input type="text" name="user" value="" autofocus><BR> Enter your Password: <BR> <input type="password" name="pass" value="" maxlength="32"><BR><input type="submit" value="submit"> </form> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Based on your analysis, which of the following actions should you take?
you tell the developer to review their code and implement a bug/code fix
"set type=mx"
you would receive information only about mail exchange servers.
What kind of security vulnerability would a newly discovered flaw in a software application be considered?
zero- day vulnerability
Ted, a file server administrator, has noticed that a large number of sensitive files have been transferred from a corporate workstation to an IP address outside of the local area network. Ted looks up the IP address and determines that it is located in a foreign country. Ted contacts his company's security analyst, who verifies that the workstation's anti-malware solution is up-to-date, and the network's firewall is properly configured. What type of attack most likely occurred to allow the exfiltration of the files from the workstation?
zero-day
You have noticed some unusual network traffic outbound from a certain host. The host is communicating with a known malicious server over port 443 using an encrypted TLS tunnel. You ran a full system anti-virus scan of the host with an updated anti-virus signature file, but the anti-virus did not find any infection signs. Which of the following has MOST likely occurred?
zero-day attack
A salesperson's laptop has become unresponsive after attempting to open a PDF in their email. A cybersecurity analyst reviews the IDS and anti-virus software for any alerts or unusual behavior but finds nothing suspicious. Which of the following threats would BEST classify this scenario?
zero-day malware