CompTIA Security+ SYO-601 Post-Assessment Quiz

Which of the following typical commercial data types can be considered more highly sensitive than the others? a. Confidential b. Private c. Critical d. Public

a. Confidential Correct. Confidential data has the highest level of data sensitivity. It should only be made available to users with the highest level of pre-approved authentication.

Which of the following can enhance privacy data protection by modifying it without destroying it? a. Data anonymization b. Public notification c. Data shredding d. Data pulping

a. Data anonymization Correct. Data anonymization obfuscates sensitive information in data, which enhances security.

For which of the following systems is resilience through redundancy the least important? a. Desktops b. Servers c. Data d. Networks

a. Desktops Correct. Resilience through redundancy is less important for ubiquitous commodities like desktop or laptop computers, which, if necessary, can be quickly replaced

Which of the following is a valid biometric authentication method? a. Gait recognition b. Weight recognition c. Height recognition d. Speech recognition

a. Gait recognition Correct. The gait recognition recognizes the manner of walking to authenticate the authorized party.

Which of the following trust models has only one CA signing digital certificates? a. Hierarchical trust model b. Distributed trust model c. Bridge trust model d. Web of trust model

a. Hierarchical trust model Correct. In a hierarchical trust model, only one master CA, the root, is responsible for signing the organization's digital certificates. The root signs all digital certificate authorities with a single key.

Which of the following recovery sites is more expensive to maintain? a. Hot site b. Cold site c. Warm site d. Onsite

a. Hot site Correct. Hot sites are the most expensive to maintain, as hot sites are equipped with every required working resource.

Why is the UEFI framework considered to be better than the BIOS framework? a. It has a better user interface and supports remote troubleshooting. b. It restricts the hardware support to less than 1TB, offering better security than BIOS. c. It can identify the virus and malware in a device before the system is launched. d. It comes with additional features of OS hardening and anti-intrusion systems.

a. It has a better user interface and supports remote troubleshooting. Correct. UEFI provides access to hard drives larger than 2TB, support for unlimited partitions, faster booting, and network functionality.

What is virtual desktop infrastructure? a. It is the process of running a user desktop inside a VM residing on a server. b. It is the process of virtualizing hardware for different uses. c. It is the process of using a virtual network to access the cloud. d. It is the process of maintaining compliance between cloud and on-premises networks.

a. It is the process of running a user desktop inside a VM residing on a server. Correct. Virtual desktop infrastructure (VDI) refers to accessing a desktop hosted on another server for use from various devices.

Which of the following refers to the method by which an iOS user can access root privileges on the device? a. Jailbreaking b. Rooting c. Keylogging d. Sideloading

a. Jailbreaking Correct. Jailbreaking is how iOS users get access to a UNIX shell with root privileges, essentially allowing them to do anything on the device.

You are the security administrator in your organization and have been asked to choose a deployment method that ensures the utmost security, where the data is stored in a centralized server and can be accessed by authorized employees using their own devices. Which of the following should you choose? a. Virtual desktop infrastructure (VDI) b. Choose your own device (CYOD) c. Corporate-owned personally enabled (COPE) d. Corporate-owned devices (COD)

a. Virtual desktop infrastructure (VDI) Correct. Virtual desktop infrastructure (VDI) stores sensitive applications and data on a remote server and can be accessed through employee devices. An enterprise can centrally protect and manage apps and data on the server.

In an interview, you are provided the following statements regarding virtualization security. Which statement should you identify as correct? a. Software-defined visibility (SDV) is a framework that allows users to make any network structure transparent. b. A software-defined network virtualizes parts of the physical network to be more quickly and easily reconfigured. c. A user can make a sandbox before performing extensive modifications or alterations to a virtual machine (VM). d. A guest operating system that has remained dormant is updated when the underlying host operating system is updated.

b. A software-defined network virtualizes parts of the physical network to be more quickly and easily reconfigured. Correct. A software-defined network can decide the path taken by data as it virtualizes parts of the physical network to be more quickly and easily reconfigured.

What is a thin client? a. A thin client is a computing device with limited storage capacity used for latency reduction. b. A thin client is a computer that runs from resources stored on a central cloud server. c. A thin client is a type of virtualized hardware with computing capabilities. d. A thin client is a computer that runs from resources stored on the localized hard drive.

b. A thin client is a computer that runs from resources stored on a central cloud server. Correct. Thin clients connect remotely to the cloud computing environment where applications and data are stored, and processing takes place.

You are hired by a startup company as a security expert. You are asked to choose an effective method to host all the enterprise's services, which must be highly secure, easily scalable, and cost-effective. Which of the following platforms is ideal in this situation? a. Legacy platform b. Cloud platform c. On-premises platform d. Root platform

b. Cloud platform

For which of the following is the Encapsulating Security Protocol (ESP) applied? a. Authentication b. Confidentiality c. Key management d. Applications

b. Confidentiality Correct. Confidentiality is achieved through the Encapsulating Security Protocol (ESP). ESP supports the authentication of the sender and the encryption of data.

What is data masking? a. Encrypting of files to prevent unauthorized access b. Creating the copy of data by obfuscating sensitive elements c. Protecting sensitive data using strong authentication d. Hiding the data to prevent unauthorized access

b. Creating the copy of data by obfuscating sensitive elements Correct. Data masking changes sensitive data elements into unintelligible words.

Which type of vulnerability scan mimics the work of a threat actor who has already exploited a vulnerability and compromised credentials to access the network? a. Non-credentialed scan b. Credentialed scan c. Intrusive scan d. Nonintrusive scan

b. Credentialed scan Correct. In a credentialed scan, valid authentication credentials, such as usernames and passwords, are supplied to the vulnerability scanner to mimic the work of a threat actor who possesses these credentials

Which of the following are country-specific requirements that apply to data? a. Data minimization b. Data sovereignty c. Data destruction d. Data masking

b. Data sovereignty Correct. Data sovereignty is country-specific requirements that apply to data.

You have been instructed to set up a system in a conference room where only trusted employees can access both the secure internal corporate network and the internet, and public users are restricted from accessing the internet from the same network. Which protocol or standard should you use? a. EAP-TLS b. IEEE 802.1x c. EAP-FAST d. CBC-MAC

b. IEEE 802.1x Correct. The IEEE 802.1x is commonly used on wireless networks. It permits the trusted employees to access both the secure internal corporate network and the internet while restricting public users to internet access only from the same network connection.

Which of the following is a snooping malware? a. Cryptomalware b. Keylogger c. PUP d. Backdoor

b. Keylogger Correct. Keyloggers are a type of snooping malware

Which devices are used as a contactless alternative to cash or a credit card payment system? a. Bluetooth b. NFC c. RFID d. WLAN

b. NFC Correct. Near field communication (NFC) is a set of standards used to establish communication between devices in proximity. Once the devices are brought within four centimeters of each other or taped together, two-way communication is established. The NFC devices are most often used as an alternative to cash or a credit card as a payment method.

Which of the following performs a real-time lookup of a certificate status? a. Certificate repository b. Online certificate status protocol (OCSP) c. Certificate revocation list (CRL) d. Offline CA

b. Online certificate status protocol (OCSP) Correct. An online certificate status protocol (OCSP) does a real-time lookup of a certificate's status. The OCSP is called a request-response protocol. The browser sends the certificate's information to a trusted entity like the CA, known as an OCSP responder. The OCSP responder then provides revocation information on that one specific certificate.

Shaun is an external penetration testing consultant. The Chief Information Security Officer (CISO) of the organization he is working with indicated that none of the internal higher management executives should receive any kind of spear-phishing emails during Shaun's testing. Which part of the rules of engagement would cover this limitation? a. Authorization b. Other boundaries c. Initiation d. Target locations

b. Other boundaries Correct. Other boundaries are an element of the "scope" rule of engagement in a penetration test. "Other boundaries" include physical security and limitations on who should be targeted by social engineering attacks, including the exclusion of specific users.

Which application protocol is used to exchange cyber threat intelligence over HTTP? a. STIX b. TAXII c. TCP d. UDP

b. TAXII Correct. TAXII (trusted automated exchange of intelligence information) is an application protocol used to exchange cyber threat intelligence over HTTP.

Which configuration of WLANs has the following flaws? The last PIN character is only a checksum. The PIN is divided into two shorter values. There is no lockout limit for entering PINs. a. WEP b. WPS c. MAC d. WPA

b. WPS Correct. Wi-Fi protected setup (WPS) has these flaws. Because the PIN is divided into two shorter values, only 11,000 different PINs need to be attempted before determining the correct value. If the attacker's computer can generate 1.3 PIN attempts per second, the attacker can crack the PIN in less than four hours and become connected to the WLAN. The lack of lockout limits for entering PINs increases the likelihood that an attacker will gain access.

Which of the following can be used to enforce strong credential policies for an organization? a. Acceptable Use Policy b. Windows Active Directory c. Windows Defender d. Windows Firewall

b. Windows Active Directory Correct. Good credential policies can be enforced through Windows Active Directory.

Which of the following is an improvement of UEFI over BIOS? a. Compatible with older devices b. enhanced boot security c. Validates the operating system before loading it. d. Shares the boot log to a secure server.

b. enhanced boot security Correct. Boot security is enhanced in UEFI over BIOS.

Accounting is an important security concept in an enterprise environment. Which of the following best describes accounting in this context? a. Accounting refers to keeping track of all financial activities of the enterprise. b. Accounting refers to effective financial management for cybersecurity. c. Accounting refers to recording actions of a user on enterprise resources. d. Accounting refers to maintaining security devices in compliance with enterprise policies.

c. Accounting refers to recording actions of a user on enterprise resources. Correct. For enhanced security, accounting records who accessed the network, what resources they accessed, and when they disconnected from the network.

Which cryptography method provides cryptographic solutions uniquely customized to low-power devices that need to manage resources instead of security constraints? a. Asymmetric cryptography b. Private key cryptography c. Lightweight cryptography d. Symmetric cryptography

c. Lightweight cryptography Correct. Lightweight cryptography adds cryptography to low-power devices. It can be a problem because the algorithms require both time and energy, which are typically in short supply for low-power devices and applications needing ultra-fast response times. This results in prioritizing resources rather than security constraints.

Which of the following best describes attacks due to application vulnerabilities that trick the vulnerable application(s) into producing more executable files in the system? a. Executable files attack b. System tampering c. Process spawning control d. Deprovisioning

c. Process spawning control Correct. Process spawning control tricks the vulnerable application into spawning executable files on the system.

When assessing expected annual monetary loss due to risks, you found that the expected loss from your customer database was twice as high as the expected loss from your product database. You used these figures to justify allocating more resources to protect the customer database. Which risk assessment was used here? a. Risk control self-assessment b. Qualitative risk assessment c. Quantitative risk assessment d. Risk likelihood assessment

c. Quantitative risk assessment Correct. Quantitative risk calculation attempts to create "hard" numbers associated with a system element's risk by using historical data, by which more resources will be allocated to high-risk entities.

Which protocol can send cryptographic confirmation that an endpoint is who it claims to be so that ARP poisoning is hindered? a. DNSSEC b. SFTP c. SEND d. SMTP

c. SEND Correct. The Secure Neighbour Discovery (SEND) can confirm that an endpoint is who it claims to be.

Your enterprise network's security was breached when a non-employee connected a device to the network. In a security review meeting, you were asked to employ appropriate measures to prevent this from happening in the future while, at the same time, continuing to allow outsiders to connect to the network. Which of the following actions should you take? a. Set up a virtual private network b. Set up an access control list c. Set up a network access control d. Set up data loss prevention

c. Set up a network access control Correct. Network access control (NAC) examines an endpoint's current state before it can connect to the network. Any device that does not meet a specified set of criteria will be restricted from accessing the network.

Ricky entered a restricted lab by scanning his finger on the fingerprint scanner outside the door. Which type of authentication credential allowed Ricky to enter the lab? a. Someone you know. b. Something you have. c. Something you are. d. Something you can do.

c. Something you are. Correct. "Something you are" refers to biometric authentication that confirms identity using features and characteristics of the individual, like fingerprints.

Which of the following encrypts one character at a time? a. ECB b. CBC c. Stream d. Block

c. Stream Correct. Stream cipher encrypts one character of the plaintext at a time.

Frank is authorized to issue mandatory security guidelines for IoT device manufacturers in the United States. Which of the following guidelines should Frank NOT issue? a. The devices' embedded systems should use network protocols that have advanced security features. b. The devices should have authentication features. c. The devices should present a cost-effective solution for consumers. d. The devices should receive updates provided by the manufacturer at least once every six months.

c. The devices should present a cost-effective solution for consumers. Correct. The device's cost-effectiveness has nothing to do with the betterment of device security; hence, Frank should not include this in the guidelines.

The mean time to recovery (MTTR) of a system is zero. What does this imply? a. The system is not resilient to distractions. b. The system cannot be recovered. c. The system is highly resilient. d. The system cannot be recovered quickly.

c. The system is highly resilient. Correct. If MTTR is zero, the system can be recovered quickly, which implies the system is highly resilient.

Hassan has been asked to choose a mobile management tool that can provide a single management interface for application, content, and device management. Which of the following is the best solution? a. Mobile content management (MCM) tool b. Mobile device management (MDM) tool c. Unified environment management (UEM) tool d. Mobile application management (MAM) tool

c. Unified environment management (UEM) tool Correct. UEM is a group or class of software tools with a single management interface for mobile devices and computer devices. It provides capabilities for managing and securing mobile devices, applications, and content.

Which category of cybersecurity vulnerability is exploited by attackers before anyone else knows about it? a. Patches b. Platforms c. Zero day d. Third parties

c. Zero day Correct. A zero-day vulnerability is uncovered by the threat actor first. This allows the vulnerability to be exploited by attackers before anyone else even knows it exists.

An attack where the threat actor changes the value of the variable outside of the programmer's intended range is known as _____________. a. Improper input handling b. Race condition c. Buffer overflow d. Integer overflow

d. Integer overflow Correct. In an integer overflow attack, an attacker changes the value of a variable to something outside the programmer's intended range by using an integer overflow.

Which keys are supposed to be kept confidential and not shared with anyone? a. Public key b. Ephemeral keys c. Key pairs d. Private key

d. Private key Correct. A private key, also known as a secret key, can only be shared with the person who has created the key and not with anyone else, making it highly secure. Private keys play an important role in symmetric cryptography, asymmetric cryptography, and cryptocurrencies.

You are the security administrator for an enterprise that follows the bring your own device (BYOD) deployment model. What is the first action that you should take to protect sensitive enterprise data from exposure if an employee device is stolen and can't be located? a. You should seek the help of legal authorities. b. You should search for the thief on your own. c. You should change the data access credentials. d. You should perform a remote wipe.

d. You should perform a remote wipe. Correct. Performing a remote wipe will protect the data from being accessed by the attacker.

Which wireless probe is designed exclusively to monitor the airwaves for RF transmissions? a. Access point probe b. Dedicated probes c. Desktop probe d. Wireless device probe

b. Dedicated probes Correct. The dedicated probe is designed to exclusively monitor the RF for transmissions. Unlike access point probes that serve as both an AP and a probe, dedicated probes only monitor the airwaves. Dedicated probes look much like standard access points.

Bob is sending a message to John. Which algorithm should John use to ensure that Bob is the actual sender of the message and not anyone else? a. Message digest b. Digital signature algorithm c. RIPEMD d. Symmetric cryptographic algorithm

b. Digital signature algorithm Correct. The digital signature algorithm is proof that can be provided with asymmetric cryptography. It does this by creating a digital signature, which is an electronic verification of the sender. John can use this option to ensure that the sender is actually Bob.

Which attack creates false deauthentication management frames that appear to come from another client device, which causes the client to disconnect from AP? a. Bluesnarfing b. Disassociation c. Injecting malware d. Jamming

b. Disassociation Correct. An attacker can create false deauthentication or disassociation management frames that appear to come from another client device, causing the client to disconnect from the AP.

Which of the following systems combines the functions of a printer, copier, scanner, fax machine, and special-purpose computer with a CPU? a. HVAC b. MFP c. SCADA d. UAV

b. MFP Correct. Multifunctional printers (MFP) combine the functions of a printer, copier, scanner, and fax machine. These peripheral devices are essentially special-purpose computers with a CPU; a hard drive that stores all received print jobs, faxes, and scanned images; a LAN or wireless LAN connection; a telephone connection for faxes; and a USB port that allow users to print documents stored on that device. Smart MFDs even have an OS that allows additional applications to be installed that extend the abilities of the MFD

You want to use different passwords for different accounts by remembering just one password. Which of the following tools fits your need? a. Hardware module b. Password vault c. Windowed token d. PDKF2

b. Password vault Correct. Password vaults can store and retrieve passwords when needed. You only need to remember the credentials to access the password vault.

Meta is a penetration testing engineer assigned to pen test the security firm's network. So far, she cannot tunnel through the network looking for additional systems accessible through advanced privileges. What should Meta do to gain repeated and long-term access to the system in the future? a. Perform privilege escalation b. Perform backdoor installation c. Perform data exfiltration d. Perform lateral movement

b. Perform backdoor installation Correct. Installing backdoors after tunneling through the network using lateral movement gives threat actors repeated and long-term access to the system. The backdoors are not related to the initial vulnerability, so access remains even if the initial vulnerability is corrected.

An enterprise's annual financial statement reported an overall profit when there was actually a loss. Which of the following risks has occurred? a. Inherent risk b. Residual risk c. Control risk d. Internal risk

c. Control risk Correct. Control risk is the probability that financial statements are materially misstated because of failures in the enterprise's controls system.

Which layer of the OSI model is targeted by the threat actors for layer 2 attack? a. Physical layer b. Application layer c. Data link layer d. Transport layer

c. Data link layer Correct. The data link layer is the second layer. It is particularly weak and a frequent target of threat actors. A data link layer attack is also called a layer 2 attack.

Which of the following provides multiple forensic tools in a single interface? a. memdump b. winhex c. FTK imager d. GNU dd

c. FTK imager Correct. FTK imager is a forensic suite in which multiple tools are available in a single interface.

Which of the following types of hackers are strongly motivated by ideology? a. Brokers b. Grey hat hackers c. Hacktivists d. Criminal syndicates

c. Hacktivists Correct. Hacktivists are strongly motivated by ideology and often attack to make a political statement.

Which of the following accounts is the least vulnerable to cyberattacks? a. Generic account b. Shared account c. Personal account d. Guest account

c. Personal account Correct. Personal accounts will be accessed and managed by a single person, making them the least vulnerable to attacks.

Which of the following protocols can protect network equipment from unauthorized access? a. POP3 b. IMAP c. SNMPv3 d. DNSSEC

c. SNMPv3 Correct. The Simple Network Management Protocol version 3 (SNMPv3), the current version of SNMP, is a networking protocol used to manage and monitor network-connected devices. It supports authentication to ensure that SNMPv3 information is available only to the intended recipient, and it uses encryption to ensure that messages can't be read by threat actors.

Which of the following is a VPN protocol? a. SMTP b. POP3 c. SSTP d. TCP

c. SSTP Correct. A secured socket tunneling protocol (SSTP) is a virtual private network (VPN) protocol.

David, a software engineer, recently bought a brand new laptop because his enterprise follows the BYOD (bring your own device) model. David was part of a software development project where the software code was leaked before its release. Further investigation proved that a vulnerability in David's laptop caused the exposure. David insists he never used the laptop to access any network or integrate any devices, and the laptop was kept in a vault while not in use. Which of the following attack vectors was used by the threat actor? a. Direct access b. Wireless c. Supply chain d. Removable media

c. Supply chain Correct. A supply chain is a network that moves a product from the supplier to the customer. The laptop might be infected by an entity within the supply chain, as all other possibilities are ruled out by the developer's strict acts.

Which of the following best describes artifacts? a. Methods followed by attackers b. Temporary files stored in the RAM c. Technology devices that may contain evidence d. Permanent files stored on hard disks

c. Technology devices that may contain evidence Correct. Artifacts are technology devices that may contain evidence.

Which of the following can be a log data source for investigating a security breach? a. rsyslog b. nxlog c. metadata d. journalctl

c. metadata Correct. Metadata is data that describes information about other data. Analyzing file, web, mobile, and email metadata can give clues regarding an attack.

ABC Automobiles is a large manufacturing company based in Munich, Germany. To ensure productivity, all departments like Finance, Purchase, Sales, R&D, Management, etc., are using computers, and for security, each department is placed in different physical and logical networks while interconnected. Johnson, the Vice President of IT, has requested your service in identifying a problem. Details provided by Johnson and your initial probe include the following: The problem started a few weeks ago in the sales department. Videos of six employees working on the computer are shared outside the organization without the users switching on the cameras or the webcam. Their personal phone numbers and email IDs are also found compromised from these devices. At specific times during the day, these computers exhibited substantial amounts of network traffic. Johnson removed these compromised machines from the network immediately to a

d. This is most probably a bot attack. Correct. This is a bot attack where the bot herder has created a network of bots from ABC Automobiles' computers. The attacker used these zombies to attack Silicon Graphics at a specific time, causing the webserver to crash with high network traffic for which the webserver was not designed. The herder has also used the bots to compromise personal user details and targeted the users through spamming.

Which of the following typical commercial data classifications is least important? a. Private b. Proprietary c. Confidential d. Sensitive

b. Proprietary Correct. Proprietary is the least important classification, as proprietary data is disclosed to trusted third parties.

Which agreement specifies how confidential material will be shared between certain parties but restricted to others? a. Service-level agreement b. Memorandum of understanding c. Nondisclosure agreement d. Business partnership agreement

c. Nondisclosure agreement Correct. A nondisclosure agreement (NDA) is a legal contract between parties that specifies how confidential material will be shared between the parties but restricted to others.

Which application intercepts user requests from the secure internal network and then processes them on behalf of the user? a. Reverse proxy b. Forward proxy c. Honeypot d. Sinkhole

b. Forward proxy Correct. A forward proxy forwards the user requests from the internal network to the internet.

Which part of the NIST Cybersecurity frameworks defines the activities needed to attain the different cybersecurity results? a. Information sources b. Framework core c. Implementation tiers d. Profiles

b. Framework core Correct. The first part of the NIST Cybersecurity frameworks is the framework cores, which are broken down further into four elements and define the activities needed to attain different cybersecurity results.

Which of the following is the safest authentication method? a. Authentication using an SMS OTP b. Authentication using a smartphone c. Authentication using security keys d. Authentication using a smart card

c. Authentication using security keys Correct. Security keys can authenticate a user when inserted into a port or in proximity to a specific device. It contains all the necessary cryptographic information to authenticate the user.

Which of the following is NOT a characteristic of a trusted platform module (TPM)? a. TPM provides cryptographic services in hardware instead of software. b. TPM generates asymmetric cryptographic public and private keys. c. TPM can easily be transported to another computer. d. TPM includes a pseudorandom number generator.

d. TPM includes a pseudorandom number generator. Correct. A trusted platform module (TPM) does not include a pseudorandom number generator (PRNG).

You want to install a non-biometric authentication method to reduce overall costs. Which of the following is the best fit? a. Keystroke dynamics b. Face recognition c. Gait recognition d. Security keys

d. Security keys Correct. The security key is a non-biometric authentication method.

Identifying the attack, containing its spread, recovering, and improving the defenses can be done by which of the following? a. Using access control lists b. Using access control schemes c. Preparing incident response plans d. Using Weak accounts

c. Preparing incident response plans Correct. Preparing incident response plans allows one to handle the attacks and analyze them for better defense in the future.

Which of the following is an attack that affects data availability? a. Rogue AP b. MAC address c. On-path attack d. DDoS attack

d. DDoS attack Correct. A distributed denial-of-service (DDoS) attack is an attack from multiple infected systems that seeks to disrupt the victim, often affecting the system's ability to respond, making the services and data unavailable.

What is NOT a firewall feature? a. Packet filtering b. URL filtering c. Network address translation d. Deceiving attackers

d. Deceiving attackers Correct. Attackers are deceived using deception instruments like honeypots and sinkholes.

Rob made a physical security review report of his organization in which he proposed replacing physical locks with electronic ones. Which of the following is the best justification for Rob to include in his report? a. Electronic locks are invulnerable b. Electronic locks keep track of the accessing time and user identity. c. Physical locks are time-consuming and easy to forget to lock and unlock. d. Physical locks are difficult for most users to manage.

b. Electronic locks keep track of the accessing time and user identity. Correct. Electronic locks can keep track of who accessed the lock and at what time the lock is accessed, which would result in increased security.

Jennifer created an e-learning web application where a login form has to be filled by the user entering the application. Jennifer created an 8-byte buffer for the user name file while developing the application. One day, the application halted with denial of service. An attack on the web application due to the incorrect entry of input values in the login screen was then discovered. What caused the denial of service issue? a. This is due to a backdoor attack. b. This is due to a buffer overflow attack. c. This is due to a race condition caused by the attack. d. This is due to an application program interface attack.

b. This is due to a buffer overflow attack. Correct. A buffer overflow attack occurs when a process attempts to store data in RAM beyond the boundaries of a fixed-length storage buffer.

Which of the following social engineering attacks continues to be a primary weapon used by threat actors? a. Vishing b. Spear phishing c. Phishing d. Google dorking

c. Phishing Correct. Phishing is considered one of the largest and most consequential cyberthreats facing both businesses and consumers. In the third quarter of 2019, phishing attacks saw a 46% increase from the previous quarter, and it is estimated that this trend will continue

A zero-day vulnerability has been found in an e-commerce website used to purchase electronics. Neither the website owner nor the general public knows about the vulnerability; it was discovered by a computer security specialist making a purchase. What should the specialist do? a. Make a report of the zero-day vulnerability and launch it to the public to make them aware. b. Be a broker and sell this zero-day vulnerability to the potential buyers so that they can decide for themselves what to do with it. c. Privately share their findings regarding the zero-day vulnerability with the e-commerce company. d. Ignore it; it is not the specialist's job to alert the website's owner about the vulnerability.

c. Privately share their findings regarding the zero-day vulnerability with the e-commerce company. Correct. If the vulnerability is shared with the owner or developer of the application, they can then take the appropriate action to either close it or reduce its impact if exploited.

Which technique added to cryptographic algorithms can change a single character of plaintext into multiple characters of ciphertext? a. Eavesdropping b. Collision c. Confusion d. Diffusion

d. Diffusion Correct. Diffusion is added to a cryptographic algorithm to thwart known ciphertext attacks by making the ciphertext more difficult to analyze. Diffusion changes a single character of plaintext into multiple characters of ciphertext.

You are working in a data center when you suddenly notice a small fire in the server room. Which of the following measures should you take to suppress the fire? a. Use a Faraday cage b. Use a handheld fire extinguisher c. Rely on the water sprinkler system d. Rely on the stationary fire suppression system

d. Rely on the stationary fire suppression system Correct. Since the fire is small, relying on the integrated stationary fire suppression system is the best way to ensure the fire is suppressed in the server room.

Your firewall is configured to deny all packets from the address range 192.110.20.30-192.110.20.100, but you want to allow packets from 192.168.20.73. How should you resolve this issue? a. Make an allow rule for the source address 192.168.20.73. b. Make a force allow rule for source address 192.168.20.73. c. Make a deny rule for source address 192.168.20.73. d. Make a log-only rule for source address 192.168.20.73.

b. Make a force allow rule for source address 192.168.20.73. Correct. The force allow rule takes precedence, allowing the IP to send and receive packets.

Which of the following best describes password spraying? a. Cracking the password of a user by trying all possible alphanumeric combinations b. Trying a common password on different user accounts c. Creating a wordlist using stolen passwords d. Creating a unique password using uppercase, lowercase, numerals, and special symbols

b. Trying a common password on different user accounts Correct. Password spraying is trying a commonly used password on different accounts to gain unauthorized access.

In a practical test, you are given a computer with a Windows host OS. You are asked to install a guest machine with Linux OS. What should you do? a. Use Type I hypervisor program b. Use Type II hypervisor program c. Use a container hypervisor d. Use a hardware hypervisor

b. Use Type II hypervisor program Correct. A Type II hypervisor runs the guest machine on the host OS, which is necessary for this scenario.

Which of the following is a physical security measure? a. Secured socket layer b. Full disk encryption c. Industrial camouflage d. Packet analysis

c. Industrial camouflage Correct. Industrial camouflage attempts to make the physical presence of a building as nondescript as possible so that, to a casual viewer, the building does not look like it houses anything important. It is a physical security measure.

Which of the following policies restricts the introduction of malicious programs into an enterprise network or server? a. Asset management b. Onboarding and offboarding c. Data governance d. Acceptable use

d. Acceptable use Correct. An acceptable use policy (AUP) is a written policy that defines approved user actions while accessing systems and networking equipment.

Quinton has been asked to analyze the TTPs of an attack that recently occurred and prepare an SOP to hunt for future treats. When researching the recent attack, Quinton discovered that after penetrating the system, the threat actor moved through the network using elevated credentials. Which technique was the threat actor using to move through the network? a. Initial compromise b. Lateral movement c. Privilege escalation d. Data exfiltration

b. Lateral movement Correct. With advanced privileges, threat actors use lateral movement to tunnel through networks, looking for additional systems they can access from their elevated position.

Which of the following is the Windows network analysis tool that checks the connection to each hop between source and destination? a. Netstat b. Pathping c. Traceroute d. Curl

b. Pathping Correct. Pathping is a combination of ping and tracert that tests the connection to each hop.

In WPA3, what is designed to increase security at the handshake, when keys are being exchanged, even if the password is small or weak? a. OWE b. SAE c. PEAP d. CCMP

b. SAE Correct. The WPA3 includes simultaneous authentication of equals (SAE). SAE is designed to increase security at the time of the handshake when keys are being exchanged. The result is that WPA3 can give stronger security, even if short or weak passwords are used.

Joseph, a white hat hacker, is approached by Sigma Technology to check the enterprise's security. He is told that the system is being checked to verify whether the higher-security mode of operations is moved automatically to another version during a cyberattack on the network, making it easier to attack. Which mode should Joseph use to test this vulnerability, and why? a. Downgrade attack because, in a downgrade attack, an attacker forces the system to abandon the current mode of operation and instead move it to implement a less secure mode. b. Ciphertext attack because, in a ciphertext attack, an attacker forces the system to abandon the current mode of operation instead of moving it to implement a less secure mode. c. Attacks on misconfigurations because, in a misconfiguration attack, attackers utilize weak configurations to exploit vulnerabilities. d. Collision attack because, in a collision attack, attackers util

a. Downgrade attack because, in a downgrade attack, an attacker forces the system to abandon the current mode of operation and instead move it to implement a less secure mode. Correct. In a downgrade attack, an attacker forces the system to abandon the current higher-security mode of operation and instead "fall back" to implementing an older and less secure mode. The threat actor can then attack the weaker mode.

Typically, certain employees of an organization get texts that update them on various IT activities. If there is a support ticket or downtime, they will receive texts to let them know about the activity. They have started to receive some messages via text instructing them to call the IT help desk at the provided number. When they call the help desk number, a recording asks them for their employee ID. Assuming that the IT department did not send those texts, which of the following social engineering attacks is this? a. Smishing b. Whaling c. Spimming d. Vishing

a. Smishing Correct. A variation on vishing, smishing uses short message service (SMS) text messages and callback recorded phone messages to trick people into giving up secure information such as Social Security numbers, credit card and banking numbers, or employee ID numbers.

Which of the below cryptographic protocol is an encrypted alternative to the Telnet protocol used to access remote computers? a. Transport layer security (TLS) b. Secure shell (SSH) c. Secure sockets layer (SSL) d. Secure real-time transport protocol (SRTP)

b. Secure shell (SSH) Correct. The secure shell (SSH) is an encrypted alternative to the Telnet protocol used to access remote computers. The SSH is a Linux/UNIX-based command interface and protocol for securely accessing a remote computer.

In a device driver manipulation attack, which of the following changes a device driver's existing code design? a. API attack b. Shimming c. Improper input handling d. Time of check/time of use in race conditions

b. Shimming Correct. Shimming is transparently adding a small coding library that adds a small coding library that intercepts calls made by a device and changes the parameters passed between the device and device driver.

Which of the following only encrypts the IP packet data and leaves the header unencrypted? a. Tunnel mode b. Transport mode c. Encapsulating security payload (ESP) d. Authentication header (AH)

b. Transport mode Correct. Transport mode encrypts only the data portion (payload) of each packet but leaves the header unencrypted.

John is appointed as a vulnerability assessment engineer in a financial organization. An audit report published by a third-party auditing firm revealed that most of the web servers have cross-site scripting and XML entity injection vulnerabilities. John has been told to perform a vulnerability assessment on these servers to verify if the audit report is valid. He is also told that he should not attempt to engage or exploit any vulnerabilities but still needs a deeper insight. By applying his knowledge of vulnerability assessment concepts, which type of vulnerability scanning should John use? a. Intrusive non-credentialed b. Intrusive credentialed c. Non-intrusive credentialed d. Non-intrusive non-credentialed

c. Non-intrusive credentialed Correct. Non-intrusive credentialed scans will not exploit the recognized vulnerabilities, while a credentialed scan gives deeper insight into the system by accessing a fuller range of installed software and examining its configuration settings and current security posture. Hence this method fits well for John's purpose.

Rachel has taken over as a systems administrator of Creative Network, which has a network of 300 computers in two different domains. Rachel has been instructed by the CEO to ensure all employees have access to a certain set of folders on the server. The individual workstations may have the personal data of employees in a particular folder. She was informed that there have been previous instances where employees misused the machines. What policy should Rachel be setting in individual user machines and servers?

c. Rachel should set the least functionality for both servers and user desktops Correct. Setting the least functionality for users is the recommended way to protect the network from vulnerability.

PDC Bank is working on creating an AI application that enables customers to send SMS to the AI application to allow banking activities from their registered ID. Jane, the project engineer, has taken bank customer data from the last few years from the server and is using it to train the ML to recognize and authenticate actual users and to ensure unauthorized users are barred from entering the application. Suppose the AI application has been compromised, and the reason has been identified as compromised data being used to improve the ML accuracy. What kind of attack is the PDC Bank application subjected to? a. Adversarial artificial intelligence b. ML algorithm security c. Tainted training data for ML d. Spyware

c. Tainted training data for ML Correct. Tainted ML training data teach the AI application to behave in ways the threat actor would want instead of the actual behavior planned by the developer or the organization.