Final ITN260
Which type of monitoring methodology looks for statistical deviations from a baseline?
Anomaly monitoring
Theo uses the Python programming language and does not want his code to contain vulnerabilities. Which of the following best practices would Theo NOT use?
Only use compiled and not interpreted Python code
Which of the following will a BIA NOT help determine?
b. Percentage availability of systems
Which of the following types of hackers are strongly motivated by ideology?
c. Hacktivists
Which cloud model requires the highest level of IT responsibilities?
c. IaaS
Which of the following is a physical security measure?
c. Industrial camouflage
Which of these is a set of permissions that is attached to an object?
d. ACL
Which of these is used to send SMS text messages to selected users or groups of users?
Push notification services
What is the term used to describe the connectivity between an organization and a third party?
System integration
Giovanni is completing a report on risks. To which risk option would he classify the action that the organization has decided not to construct a new a data center because it would be located in an earthquake zone?
d. Avoidance
Which of the following is the most fragile and should be captured first in a forensics investigation?
d. CPU cache
Which human characteristic is NOT used for biometric identification?
d. Height
Which of the following is NOT a context-aware authentication?
On-body detection, Trusted places, and Trusted devices
Which of these is NOT a reason that users create weak passwords?
c. The length and complexity required force users to circumvent creating strong passwords.
Egor wanted to use a digital signature. Which of the following benefits will the digital signature NOT provide?
Verify the receiver
The mean time to recovery (MTTR) of a system is zero. What does this imply?
c. The system is highly resilient.
If Bob wants to send a secure message to Alice using an asymmetric cryptographic algorithm, which key does he use to encrypt the message?
Alice's public key
What is the difference between a Trojan and a RAT?
A RAT gives the attacker unauthorized remote access to the victim's computer
Which block cipher mode of operating requires that both the message sender and receiver access a counter that computes a new value whenever a ciphertext block is exchanged?
CTR
In her job interview, Xiu asks about the company policy regarding smartphones. She is told that employees may choose from a limited list of approved devices but that she must pay for the device herself; however, the company will provide her with a monthly stipend. Which type of enterprise deployment model does this company support?
CYOD
What is the name of the fields in an X.509 digital certificate that are used when the parties negotiate a secure connection?
Certificate attributes
A centralized directory of digital certificates is called a(n) _____.
Certificate repository (CR)
Luka has been asked by his supervisor to monitor the dark web for any IOCs concerning their organization. The next week, Luca reports back that he was unable to find anything due to how looking for information on the dark web is different from using the regular web. Which of the following is not different about looking for information on the dark web?
Dark web search engines are identical to regular search engines
What type of analysis is heuristic monitoring based on?
Dynamic analysis
Which of the following attacks targets the external software component that is a repository of both code and data?
Dynamic-link library (DLL) injection attack
How is confidentiality achieved through IPsec?
ESP
Which of the following is NOT a means by which a bot communicates with a C&C device?
What word is used today to refer to network-connected hardware devices?
Endpoint
Luna is reading a book about the history of cybercrime. She read that the very first cyberattacks that occured were mainly for what purpose?
Fame
Which of the following contains honeyfiles and fake telemetry?
High-interaction honeypot
Calix was asked to protect a system from a potential attack on DNS. What are the locations he would need to protect?
Host table and external DNS server
Which ISO contains controls for managing and controlling risk?
ISO 31000
Which of the following is NOT a reason that threat actors use PowerShell for attacks?
It can be invoked prior to system boot
Which of the following is NOT a characteristic of the Trusted Platform Module (TPM)?
It can easily be transported to another computer
Which of the following is FALSE about "security through obscurity"?
It can only provide limited security
What does containerization do?
It separates personal data from corporate data
Which of the following is NOT an advantage of crowdsourced penetration testing?
Less expensive
What does Windows 10 Tamper Protection do?
Limits access to the registry
Deacon has observed that the switch is broadcasting all packets to all devices. He suspects it is the result of an attack that has overflowed the switch MAC address table. Which type of attack is this?
MAC flooding attack
Which tool manages the distribution and control of apps?
MAM
Cryptography can prevent an individual from fraudulently reneging on an action. What is this known as?
Nonrepudiation
Elton needs his application to perform a real-time lookup of a digital certificate's status. Which technology would he use?
Online Certificate Status Protocol (OCSP)
Which of the following is an application protocol for exchanging cyberthreat intelligence over HTTPS?
TAXII
What is the result of an ARP poisoning attack?
The ARP cache is compromised
Lykke's supervisor is evaluating whether to use internal security employees to conduct a penetration test. Lykke does not consider this a good idea and has created a memo with several reasons they should not be used. Which of the following would NOT be part of that memo?
They would have to stay overnight to perform the test.
Which of the following is NOT a Microsoft defense against macros?
Trusted domain
Which of the following is NOT a general information source that can provide valuable in-depth information on cybersecurity?
What is a collision?
Two files produce the same digest
Which of the following is NOT a NAC option when it detects a vulnerable endpoint?
Update Active Directory to indicate the device is vulnerable.
Which of the following refers to the method by which an iOS user can access root privileges on the device?
a. Jailbreaking
Bob is sending a message to John. Which algorithm should John use to ensure that Bob is the actual sender of the message and not anyone else?
b. Digital signature algorithm
Which attack creates false deauthentication management frames that appear to come from another client device, which causes the client to disconnect from AP?
b. Disassociation
Mary Alice has been asked to help develop an outline of procedures to be followed in the event of a major IT incident or an incident that directly impacts IT. What type of planning is this?
b. Disaster recovery planning
Rob made a physical security review report of his organization in which he proposed replacing physical locks with electronic ones. Which of the following is the best justification for Rob to include in his report?
b. Electronic locks keep track of the accessing time and user identity.
Zariah is writing an email to an employee about a wireless attack that is designed to capture the wireless transmissions from legitimate users. Which type of attack is Zariah describing?
b. Evil twin
Bob needs to create an agreement between his company and a third-party organization that demonstrates a "convergence of will" between the parties so that they can work together. Which type of agreement will Bob use?
b. MOU
Your firewall is configured to deny all packets from the address range 192.110.20.30-192.110.20.100, but you want to allow packets from 192.168.20.73. How should you resolve this issue?
b. Make a force allow rule for source address 192.168.20.73.
Which of the following is typically a monthly discussion of a scenario conducted in an informal and stress-free environment to evaluate an incident response plan?
b. Tabletop
Accounting is an important security concept in an enterprise environment. Which of the following best describes accounting in this context?
c. Accounting refers to recording actions of a user on enterprise resources.
Eros wants to change a configuration file on his Linux computer. He first wants to display the entire file contents. Which tool would he use?
cat
Which policy restricts the introduction of malicious programs into an enterprise network or server?
d. Acceptable use
John is appointed as a vulnerability assessment engineer in a financial organization. An audit report published by a third-party auditing firm revealed that most of the web servers have cross-site scripting and XML entity injection vulnerabilities. John has been told to perform a vulnerability assessment on these servers to verify if the audit report is valid. He is also told that he should not attempt to engage or exploit any vulnerabilities. By applying his knowledge of vulnerability assessment concepts, which type of vulnerability scanning should John use?
d. Credentialed
What is NOT a firewall feature?
d. Deceiving attackers
Simona needs to research a control that attempts to discourage security violations before they occur. Which control will she research?
d. Deterrent control
Which technique added to cryptographic algorithms can change a single character of plaintext into multiple characters of ciphertext?
d. Diffusion
Minh has been asked to recommend an EAP for a system that uses both passwords and tokens with TLS. Which should she recommend?
d. EAP-FAST
Angelo has received notification that a business partner will no longer sell or update a specific product. What type of notification is this?
d. EOL
Which of the following threats would be classified as the actions of a hactivist?
d. External threat
Alicja is working on a project to deploy automated guided vehicles on the industrial shop floor of the manufacturing plant in which she works. What location of computing would be best for this project?
d. Fog
A BIA can be a foundation for which of the following?
d. Functional recovery plan
Which of the following is NOT true about data sovereignty?
d. Governments cannot force companies to store data within specific countries.
You are the security administrator for an enterprise that follows the bring your own device (BYOD) deployment model. What is the first action that you should take to protect sensitive enterprise data from exposure if an employee device is stolen and can't be located?
d. You should perform a remote wipe.
Complete this definition of information security: That which protects the integrity, confidentiality, and availability of information _____.
through products, people, and procedures on the devices that store, manipulate, and transmit the information
Gregory wants to look at the details about the patch a packet takes from his Linux computer to another device. Which Linux command-line utility will he use?
traceroute
Which of the following can a digital certificate NOT be used for?
To verify the authenticity of the CA
Which of the following does NOT describe an area that separates threat actors from defenders?
Containment space
Which of the following is NOT a symmetric cryptographic algorithm?
SHA
Which of these creates a format of the candidate password to significantly reduce the time needed to crack a password?
a. Mask
Which of these is NOT a response to risk?
a. Resistance
What is a list of potential threats and associated risks?
a. Risk register
Which configuration of WLANs has the following flaws?
b. WPS
Which of the following accounts is the least vulnerable to cyberattacks?
c. Personal account
Which of the following is NOT a threat classification category?
c. Tactical
What is the file extension for a Cryptographic Message Syntax Standard based on PKCS#7 that defines a generic syntax for defining digital signature and encryption?
.P7B
Akira is explaining to his team members the security constraints that have made it a challenge for protecting a new embedded system. Which of the following would Akira NOT include as a constraint?
Availability
Which type of malware relies on LOLBins?
Fileless virus
Which of the following tries to detect and stop an attack?
HIPS
Which boot security mode sends information on the boot process to a remote server?
Measured Boot
_____ are symmetric keys to encrypt and decrypt information exchanged during the session and to verify its integrity.
Session keys
What is Bash?
The command-language interpreter for Linux/UNIX OSs
Which type of access control scheme uses predefined rules that makes it the most flexible scheme?
a. ABAC
What can be used to provide both filesystem security and database security?
a. ACLs
Which of the following is NOT part of the AAA framework?
a. Access
Pablo has been asked to look into security keys that have a feature of a key pair that is "burned" into the security key during manufacturing time and is specific to a device model. What feature is this?
a. Attestation
Which of the following data types has the highest level of data sensitivity?
a. Confidential
Which of the following data types have the highest level of data sensitivity?
a. Confidential
What does an incremental backup do?
a. Copies all files changed since the last full or incremental backup
Which of the following can be used to enhance privacy data protection?
a. Data anonymization
Which of the following uses data anonymization?
a. Data masking
Which of these is NOT used in scheduling a load balancer?
a. Data within the application message itself
For which of the following systems is resilience through redundancy the least important?
a. Desktops
Ella wants to research an attack framework that incorporates adversary, infrastructure, capability, and victim. Which of the following would she choose?
a. Diamond Model of Intrusion Analysis
Joseph, a black hat hacker, is approached by Sigma Technology to check the enterprise's security. He is told that the system is being checked to verify whether the higher-security mode of operations is moved automatically to another version during a cyberattack on the network, making it easier to attack. Which mode should Joseph use to test this vulnerability, and why?
a. Downgrade attack because, in a downgrade attack, an attacker forces the system to abandon the current mode of operation and instead move it to implement a less secure mode.
Which of the following is a valid biometric authentication method?
a. Gait recognition
Which of the following is not a legally enforceable agreement but is still more formal than an unwritten agreement?
b. MOU
Which of the following is the Microsoft version of EAP?
b. MS-CHAP
Which one-time password is event driven?
a. HOTP
Which of the following trust models has only one CA signing digital certificates?
a. Hierarchical trust model
Which of the following recovery sites is more expensive to maintain?
a. Hot site
Which type of site is essentially a duplicate of the production site and has all the equipment needed for an organization to continue running?
a. Hot site
Which of these is a 24-bit value that changes each time a packet is encrypted and then is combined with a shared secret key?
a. IV
Thea has received a security alert that someone in London attempted to access the email account of Sigrid, who had accessed it in Los Angeles one hour before. What feature determined an issue and send this alert to Thea?
a. Impossible Travel
Why is the UEFI framework considered to be better than the BIOS framework?
a. It has a better user interface and supports remote troubleshooting.
Maryam is explaining the Extensible Authentication Protocol (EAP). What would be the best explanation of EAP?
a. It is a framework for transporting authentication protocols.
Which of the following is NOT true about RAID?
a. It is designed primarily to backup data.
What is virtual desktop infrastructure?
a. It is the process of running a user desktop inside a VM residing on a server.
Which of the following is NOT correct about L2TP?
a. It must be used on HTML5 compliant devices.
Which of the following is true about secrets management?
a. It provides a central repository.
Ilya has been asked to recommend a federation system technology that is an open source federation framework that can support the development of authorization protocols. Which of these technologies would he recommend?
a. OAuth
What device is always running off its battery while the main power runs the battery charger?
a. Online UPS
Which attack uses one or a small number of commonly used passwords to attempt to log in to several different user accounts?
a. Password spraying attack
Which of the following is a document that outlines specific requirements or rules that must be met?
a. Policy
Which of the following can a UPS NOT perform?
a. Prevent certain applications from launching that will consume too much power
What is the average amount of time that it will take a device to recover from a failure that is not a terminal failure?
b. MTTR
Which of the following virtualizes parts of a physical network?
a. SDN
Which of the following provides the highest level of security?
a. SFTP
What is a definition of RPO?
c. The maximum length of time that can be tolerated between backups
Typically, certain employees of an organization get texts that update them on various IT activities. If there is a support ticket or downtime, they will receive texts to let them know about the activity. They have started to receive some messages via text instructing them to call the IT help desk at the provided number. When they call the help desk number, a recording asks them for their employee ID.
a. Smishing
Which of these is NOT a factor in determining restoration order?
a. Speed of implementation
What is the amount of time added to or subtracted from Coordinated Universal Time to determine local time?
a. Time offset
You are the security administrator in your organization and have been asked to choose a deployment method that ensures the utmost security, where the data is stored in a centralized server and can be accessed by authorized employees using their own devices. Which of the following should you choose?
a. Virtual desktop infrastructure (VDI)
In an interview, you are provided the following statements regarding virtualization security. Which statement should you identify as correct?
b. A software-defined network virtualizes parts of the physical network to be more quickly and easily reconfigured.
What is a thin client?
b. A thin client is a computer that runs from resources stored on a central cloud server.
Nyla is investigating a security incident in which the smartphone of the CEO was compromised and confidential data was stolen. She suspects that it was an attack that used Bluetooth. Which attack would this be?
b. Bluesnarfing
What is a platform used to provide telephony, video, and web conferences that can serve as an entry point to a threat actor?
b. Call manager
For which of the following is the encapsulating security payload (ESP) protocol applied?
b. Confidentiality
Imani has been asked to purchase wireless LAN controllers (WLCs) for the office. What type of APs must she also purchase that can be managed by a WLC?
b. Controller AP
What is a disadvantage of biometric readers?
b. Cost
What is data masking?
b. Creating the copy of data by obfuscating sensitive elements
Which type of vulnerability scan mimics the work of a threat actor who has already exploited a vulnerability and compromised credentials to access the network?
b. Credentialed scan
Maja has been asked to investigate DDoS mitigations. Which of the following should Maja consider?
b. DNS sinkhole
Which of the following are country-specific requirements that apply to data?
b. Data sovereignty
Which wireless probe is designed exclusively to monitor the airwaves for RF transmissions?
b. Dedicated probes
Which application intercepts user requests from the secure internal network and then processes them on behalf of the user?
b. Forward proxy
Which part of the NIST Cybersecurity frameworks defines the activities needed to attain the different cybersecurity results?
b. Framework core
Which of the following is NOT used to identify or enforce what mobile devices can do based on the location of the device?
b. Geo-spatial
You have been instructed to set up a system in a conference room where only trusted employees can access both the secure internal corporate network and the internet, and public users are restricted from accessing the internet from the same network.
b. IEEE 802.1x
Which of the following is NOT a means by which a threat actor can perform a wireless denial of service attack?
b. IEEE 802.iw separate
Shaun is an external penetration testing consultant. The Chief Information Security Officer (CISO) of the organization he is working with indicated that none of the internal higher management executives should receive any kind of spear-phishing emails during Shaun's testing. Which part of the rules of engagement would cover this limitation?
b. Internal targets
How is key stretching effective in resisting password attacks?
b. It takes more time to generate candidate password digests.
Which of the following is a snooping malware?
b. Keylogger
Quinton has been asked to analyze the TTPs of an attack that recently occurred and prepare an SOP to hunt for future treats. When researching the recent attack, Quinton discovered that after penetrating the system, the threat actor moved through the network using elevated credentials. Which technique was the threat actor using to move through the network?
b. Lateral movement
Which of these is a vulnerability of MAC address filtering in a WLAN?
b. MAC addresses are initially exchanged unencrypted.
Which of the following systems combines the functions of a printer, copier, scanner, fax machine, and special-purpose computer with a CPU?
b. MFP
Linnea is researching a type of storage that uses a single storage device to serve files over a network and is relatively inexpensive. What type of storage is Linnea researching?
b. NAS
Which devices are used as a contactless alternative to cash or a credit card payment system?
b. NFC
Aaliyah has been asked to do research in a new payment system for the retail stores that her company owns. Which technology is predominately used for contactless payment systems that she will investigate?
b. Near field communication (NFC)
Which of the following performs a real-time lookup of a certificate status?
b. Online certificate status protocol (OCSP)
Which of the following control categories includes conducting workshops to help users resist phishing attacks?
b. Operational
Fernando is explaining to a colleague how a password cracker works. Which of the following is a valid statement about password crackers?
b. Password crackers differ as to how candidates are created.
You want to use different passwords for different accounts by remembering just one password. Which of the following tools fits your need?
b. Password vault
Meta is a penetration testing engineer assigned to pen test the security firm's network. So far, she cannot tunnel through the network looking for additional systems accessible through advanced privileges. What should Meta do to gain repeated and long-term access to the system in the future?
b. Perform backdoor installation
What is a difference between NFC and RFID?
b. RFID is designed for paper-based tags while NFC is not.
Adabella was asked by her supervisor to adjust the frequency spectrum settings on a new AP. She brought up the configuration page and looked through the different options. Which of the following frequency spectrum settings would she NOT be able to adjust?
b. RFID spectrum
In a device driver manipulation attack, which of the following changes a device driver's existing code design?
b. Refactoring
Which of the following is NOT an element that should be part of a BCP?
b. Robustness
In WPA3, what is designed to increase security at the handshake, when keys are being exchanged, even if the password is small or weak?
b. SAE
Emiliano needs to determine the expected monetary loss every time a risk occurs. Which formula will he use?
b. SLE
Which of the below cryptographic protocol is an encrypted alternative to the Telnet protocol used to access remote computers?
b. Secure shell (SSH)
Which of the following should be performed in advance of an incident?
b. Segmentation
What does the term "serverless" mean in cloud computing?
b. Server resources of the cloud are inconspicuous to the end user.
Cheryl has been asked to set up a user account explicitly to provide a security context for services running on a server. What type of account will she create?
b. Service account
Which application protocol is used to exchange cyber threat intelligence over HTTP?
b. TAXII
Jennifer created an e-learning web application where a login form has to be filled by the user entering the application. Jennifer created an 8-byte buffer for the user name file while developing the application. One day, the application halted with denial of service. An attack on the web application due to the incorrect entry of input values in the login screen was then discovered.
b. This is due to a buffer overflow attack.
Which of the following only encrypts the IP packet data and leaves the header unencrypted?
b. Transport mode
Which of the following best describes password spraying?
b. Trying a common password on different user accounts
In a practical test, you are given a computer with a Windows host OS. You are asked to install a guest machine with Linux OS. What should you do?
b. Use Type II hypervisor program
Which of the following can be used to enforce strong credential policies for an organization?
b. Windows Active Directory
Which of these is NOT a risk when a home wireless router is not securely configured?
b. Wireless endpoints must be manually approved to connect to the WLAN.
Which of the following is an improvement of UEFI over BIOS?
b. enhanced boot security
Which of the following best describes attacks due to application vulnerabilities that trick the vulnerable application(s) into producing more executable files in the system?
c. Process spawning control
Which of the following is the safest authentication method?
c. Authentication using security keys
Which of the following is NOT a cloud computing security issue?
c. Bandwidth utilization
Which of the following is NOT an MFA using a smartphone?
c. Biometric gait analysis
Which of these attacks is the last-resort effort in cracking a stolen password digest file?
c. Brute force
Timur was making a presentation regarding how attackers break passwords. His presentation demonstrated the attack technique that is the slowest yet most thorough attack that is used against passwords. Which of these password attacks did he demonstrate?
c. Brute force attack
Which of these is the encryption protocol for WPA2?
c. CCMP
Which of the following is a federal initiative that is designed to encourage organizations to address how critical operations will continue under a broad range of negative circumstances?
c. COOP
Aleksandra, the company HR manager, is completing a requisition form for the IT staff to create a type of cloud that would only be accessible to other HR managers like Aleksandra who are employed at manufacturing plants. The form asks for the type of cloud that is needed. Which type of cloud would best fit Aleksandra's need?
c. Community cloud
An enterprise's annual financial statement reported an overall profit when there was actually a loss. Which of the following risks has occurred?
c. Control risk
Which layer of the OSI model is targeted by the threat actors for layer 2 attack?
c. Data link layer
Which of the following is NOT a consequence to an organization that has suffered a data security breach?
c. De-escalation of reporting requirements
Nadia has been asked to perform dynamic resource allocation on specific cloud computing resources. What action is Nadia taking?
c. Deprovisioning resources that are no longer necessary
Which of the following will NOT protect a container?
c. Eliminate APIs.
Which of the following provides multiple forensic tools in a single interface?
c. FTK imager
The company that developed the office productivity software used on both static and mobile devices by your organization has audited some code and noticed a potential security issue. To address the issue, they have released and automatically scheduled an update to ensure that all users receive it.
c. Firmware
Which of the following is NOT a characteristic of cloud computing?
c. Invisible resource pooling
How does BPDU guard provide protection?
c. It detects when a BPDU is received from an endpoint.
Which statement about Rule-Based Access Control is true?
c. It dynamically assigns roles to subjects based on rules.
Which cryptography method provides cryptographic solutions uniquely customized to low-power devices that need to manage resources instead of security constraints?
c. Lightweight cryptography
Frank is authorized to issue mandatory security guidelines for IoT device manufacturers in the United States. Which of the following guidelines should Frank NOT issue?
c. The devices should present a cost-effective solution for consumers.
Which access control scheme is the most restrictive?
c. MAC
Hanna has received a request for a data set of actual data for testing a new app that is being developed. She does not want the sensitive elements of the data to be exposed. What technology should she use?
c. Masking
Which agreement specifies how confidential material will be shared between certain parties but restricted to others?
c. Nondisclosure agreement
Which of these does not require authentication?
c. Open method
Which of these Wi-Fi Protected Setup (WPS) methods is vulnerable?
c. PIN method
Which of the following social engineering attacks continues to be a primary weapon used by threat actors?
c. Phishing
Which of the following should NOT be stored in a secure password database?
c. Plaintext password
Identifying the attack, containing its spread, recovering, and improving the defenses can be done by which of the following?
c. Preparing incident response plans
A zero-day vulnerability has been found in an e-commerce website used to purchase electronics. Neither the website owner nor the general public knows about the vulnerability; it was discovered by a computer security specialist making a purchase. What should the specialist do?
c. Privately share their findings regarding the zero-day vulnerability with the e-commerce company.
Which of the following approaches to risk calculation typically assigns a numeric value (1-10) or label (High, Medium, or Low) to represent a risk?
c. Qualitative risk calculation
When assessing risks, you found that a customer database in your enterprise has a higher risk calculation than a product database and allocated more resources to protect the customer database.
c. Quantitative risk assessment
Rachel has taken over as a systems administrator of Creative Network, which has a network of 300 computers in two different domains. Rachel has been instructed by the CEO to ensure all employees have access to a certain set of folders on the server. The individual workstations may have the personal data of employees in a particular folder. She was informed that there have been previous instances where employees misused the machines.
c. Rachel should set the least functionality for both servers and user desktops.
Which of these is NOT an incident response process step?
c. Reporting
Which WPA3 security feature is designed to increase security at the time of the handshake?
c. SAE
Which protocol can send cryptographic confirmation that an endpoint is who it claims to be so that ARP poisoning is hindered?
c. SEND
Which of the following protocols can protect network equipment from unauthorized access?
c. SNMP
Which of the following is a VPN protocol?
c. SSTP
Which of the following is NOT a feature of a next-generation SWG?
c. Send alerts to virtual firewalls
Your enterprise network's security was breached when a non-employee connected a device to the network. In a security review meeting, you were asked to employ appropriate measures to prevent this from happening in the future while, at the same time, continuing to allow outsiders to connect to the network. Which of the following actions should you take?
c. Set up a network access control
Which of the following is an authentication credential used to access multiple accounts or applications?
c. Single sign-on
Ricky entered a restricted lab by scanning his finger on the fingerprint scanner outside the door. Which type of authentication credential allowed Ricky to enter the lab?
c. Something you are.
Which of the following is NOT used for authentication?
c. Something you can find
Which of the following encrypts one character at a time?
c. Stream
David, a software engineer, recently bought a brand new laptop because his enterprise follows the BYOD (bring your own device) model. David was part of a software development project where the software code was leaked before its release. Further investigation proved that a vulnerability in David's laptop caused the exposure. David insists he never used the laptop to access any network or integrate any devices, and the laptop was kept in a vault while not in use. Which of the following attack vectors was used by the threat actor?
c. Supply chain
PDC Bank is working on creating an AI application that enables customers to send SMS to the AI application to allow banking activities from their registered ID. Jane, the project engineer, has taken bank customer data from the last few years from the server and is using it to train the ML to recognize and authenticate actual users and to ensure unauthorized users are barred from entering the application.
c. Tainted training data for ML
Which of the following best describes artifacts?
c. Technology devices that may contain evidence
Which of the following is NOT correct about high availability across zones?
c. They require that specific security appliances be located on-prem so that the local data center can be considered as a qualified Zone.
Which of the following is NOT a problem associated with log management?
c. Time-stamped log data
Wiktoria is frustrated that her company is using so many different cloud services that span multiple cloud provider accounts and even different cloud providers. She wants to implement a technology to give full control and visibility over all the cloud resources, including network routing and security. What product does Wiktoria need?
c. Transit gateway
Which type of hypervisor runs directly on the computer's hardware?
c. Type I
Hassan has been asked to choose a mobile management tool that can provide a single management interface for application, content, and device management. Which of the following is the best solution?
c. Unified environment management (UEM) tool
Which category of cybersecurity vulnerability is exploited by attackers before anyone else knows about it?
c. Zero day
Which of the following is a Linux utility that displays the contents of system memory?
c. memdump
Which of the following can be a log data source for investigating a security breach?
c. metadata
Which of the following is a packet sampling protocol that gives a statistical sample instead of the actual flow of packets?
c. sFlow
Which tool is an open source utility for UNIX devices that includes content filtering?
c. syslog-ng
Flavio visits a local coffee shop on his way to school and accesses its free Wi-Fi. When he first connects, a screen appears that requires him to agree to an acceptable use policy (AUP) before continuing. What type of AP has he encountered?
d. Captive portal
Margaux is reviewing the corporate policy that stipulates the processes to be followed for implementing system changes. Which policy is she reviewing?
d. Change control policy
_____ biometrics is related to the perception, thought processes, and understanding of the user.
d. Cognitive
Which of the following is NOT correct about containers?
d. Containers require a full OS whenever APIs cannot be used.
Enzo is reviewing the financial statements and has discovered a serious misstatement. What type of risk has he found?
d. Control risk
Which of the following is an attack that affects data availability?
d. DDoS attack
Raul has been asked to serve as the individual to whom day-to-day actions have been assigned by the owner. What role is Raul taking?
d. Data custodian/steward
An attack where the threat actor changes the value of the variable outside of the programmer's intended range is known as _____________.
d. Integer overflow
Fatima has just learned that employees have tried to install their own wireless router in the employee lounge. Why is installing this rogue AP a security vulnerability?
d. It allows an attacker to bypass network security configurations.
How is the Security Assertion Markup Language (SAML) used?
d. It allows secure web domains to exchange user authentication and authorization data.
Which statement regarding a demilitarized zone (DMZ) is NOT true?
d. It contains servers that are used only by internal network users.
The CEO is frustrated by the high costs associated with security at the organization and wants to look at a third party assuming part of their cybersecurity defenses. Nikola has been asked to look into acquiring requests for proposal (RFPs) from different third parties. What are these third-party organizations called?
d. MSSPs
Molly needs to access a setting in Microsoft Windows Group Policy to change the type of a network to which a computer is attached. Which setting must Molly change?
d. Network Location
In which of the following threat classifications would a power blackout be classified?
d. Operational
Oliwia has been given a project to manage the development of a new company app. She wants to use a cloud model to facilitate the development and deployment. Which cloud model will she choose?
d. PaaS
Blaise needs to create a document that is a linear-style checklist of required manual steps and actions needed to successfully respond to a specific type of incident. What does she need to create?
d. Playbook
Which keys are supposed to be kept confidential and not shared with anyone?
d. Private key
Sergio has been asked to make a set of data that was once restricted now available to any users. What data type will Sergio apply to this set of data?
d. Public
Zuzana is creating a report for her supervisor about the cost savings associated with cloud computing. Which of the following would she NOT include on her report on the cost savings?
d. Reduction in broadband costs
You want to install a non-biometric authentication method to reduce overall costs. Which of the following is the best fit?
d. Security keys
Which of the following is NOT a characteristic of a trusted platform module (TPM)?
d. TPM includes a pseudorandom number generator.
ABC Automobiles is a large manufacturing company based in Munich, Germany. To ensure productivity, all departments like Finance, Purchase, Sales, R&D, Management, etc., are using computers, and for security, each department is placed in different physical and logical networks while interconnected. Johnson, the Vice President of IT, has requested your service in identifying a problem.
d. This is most probably a bot attack.
Which of the following is NOT a concern for users regarding the usage of their privacy data?
d. Timeliness of data
You are working in a data center when you suddenly notice a fire in the server room. Which of the following measures should you take first to suppress the fire?
d. Use the stationary fire suppression system
Which of these is NOT created and managed by a microservices API?
d. User experience (UX)
Why are dictionary attacks successful?
d. Users often create passwords from dictionary words.
Which of these is NOT a type of wireless AP probe?
d. WNIC probe
Which utility sends custom TCP/IP packets?
hping
Which of the following is a third-party OS penetration testing tool?
sn1per
Which of the following is a standard for the handling of customer card information?
PCI DSS
Leah is researching information on firewalls. She needs a firewall that allows for more generic statements instead of creating specific rules. What type of firewall should Leah consider purchasing that supports her need?
Policy-based firewall
Which stage conducts a test that will verify the code functions as intended?
Staging stage
What is a virtual firewall?
A firewall that runs in the cloud
Which is an IPsec protocol that authenticates that packets received were sent from the source?
AH
Which of the following is technology that imitates human abilities?
AI
What are the two limitations of private information sharing centers?
Access to data and participation
What is another name for footprinting?
Active reconnaissance
In which of the following configurations are all the load balancers always active?
Active-active
Which of these is the strongest symmetric cryptographic algorithm?
Advanced Encryption Standard
Which tool is most commonly associated with state actors?
Advanced Persistent Threat (APT)
Which firewall rule action implicitly denies all other traffic unless explicitly allowed?
Allow
Deo has been asked to explain RSA to his colleague. After his explanation, Deo is asked what, if any, weaknesses RSA has. How would Deo respond?
As computers become more powerful, the ability to compute factoring has increased
Which of the following is NOT a means by which a newly approved root digital certificate is distributed?
Application updates
Hisoka is creating a summary document for new employees about their options for different mobile devices. One part of his report covers encryption. What would Hisoka NOT include in his document?
Apple uses file-based encryption to offer a higher level of security
Agape has been asked to experiment with different hardware to create a controller for a new device on the factory floor. She needs a credit-card-sized motherboard that has a microcontroller instead of a microprocessor. Which would be the best solution?
Arduino
Which of the following is NOT a characteristic of a penetration test?
Automated
Oskar has been receiving emails about critical threat intelligence information from a public information sharing center. His team leader has asked him to look into how the process can be automated so that the information can feed directly into their technology security. What technology will Oskar recommend?
Automated Indicator Sharing (AIS)
What penetration testing level name is given to testers who have no knowledge of the network and no special privileges?
Black box
Gabriel's sister called him about a message that suddenly appeared on her screen that says her software license has expired and she must immediately pay $500 to have it renewed before control of the computer will be returned to her. What type of malware has infected her computer?
Blocking ransomware
What is the category of threat actors that sell their knowledge of vulnerabilities to other attackers or governments?
Brokers
Which type of memory vulnerability attack manipulates the "return address" of the memory location of a software program?
Buffer overflow attack
What is the name of the device protected by a digital certificate?
CN
Which group is responsible for the Cloud Controls Matrix?
CSA
Which of the following attacks is based on the principle that when a user is currently authenticated on a website and then loads another webpage, the new page inherits the identity and privileges of the first website?
CSRF
Which of these is NOT a characteristic of a secure hash algorithm?
Collisions should occur no more than 15 percent of the time
Which of the following ensures that only authorized parties can view protected information?
Confidentiality
What entity calls in crypto modules to perform cryptographic tasks?
Crypto service provider
Marius's team leader has just texted him that an employee, who violated company policy by bringing in a file on her USB flash drive, has just reported that her computer is suddenly locked up with cryptomalware. Why would Marius consider this a dangerous situation?
Cryptomalware can encrypt all files on any network that is connected to the employee's computer
Which is the final rule of engagement that would be conducted in a pen test?
Reporting
Tomaso is explaining to a colleague the different types DNS attacks. Which DNS attack would only impact a single user?
DNS poisoning attack
Which of the following is NOT a characteristic of malware?
Diffusion
Which of the following is not to be decrypted but is only used for comparison purposes?
Digest
What is the strongest technology that would assure Alice that Bob is the sender of a message?
Digital certificate
What is the difference between a DoS and a DDoS attack?
DoS attacks use fewer computers than DDoS attacks
Juan needs a certificate that must only authenticate that a specific organization has the right to use a particular domain name. What type of certificate does he need?
Domain validation
Basil was reading about a new attack that forces the system to abandon a higher cryptographic security mode of operation and instead fall back to an older and less secure mode. What type of attack is this?
Downgrade attack
Which of the following functions does a network hardware security module NOT perform?
Fingerprint authentication
Which device intercepts internal user requests and then processes those requests on behalf of the users?
Forward proxy server
What enforces the location in which an app can function by tracking the location of the mobile device?
Geofencing
What is the process of identifying the geographical location of a mobile device?
Geolocation
Which of these provides cryptographic services and is external to the device?
Hardware Security Module (HSM)
Which of the following is not something that a SIEM can perform?
Incident response
Which of the following of the CIA Triad ensures that the information is correct, and no unauthorized person has altered it?
Integrity
Which of the following is FALSE about a quarantine process?
It holds a suspicious application until the user gives approval
Which of the following is NOT true about VBA?
It is being phased out and replaced by PowerShell
What is the advantage of a secure cookie?
It is sent to the server over HTTPS
An IOC occurs when what metric exceeds its normal bounds?
KRI
Which refers to a situation in which keys are managed by a third party, such as a trusted CA?
Key escrow
Josh is researching the different types of attacks that can be generated through a botnet. Which of the following would NOT be something distributed by a botnet?
LOLBins
Which of these is NOT a security feature for locating a lost or stolen mobile device?
Last known good configuration
When researching how an attack recently took place, Nova discovered that the threat actor, after penetrating the system, started looking to move through the network with their elevated position. What is the name of this technique?
Lateral movement
Which of the following is not a basic configuration management tool?
MAC address schema
Which of the following is not used to describe those who attack computer systems?
Malicious agent
Which attack intercepts communications between a web browser and the underlying OS?
Man-in-the-browser (MITB)
What allows a device to be managed remotely?
Mobile Device Management (MDM)
Which of the following is not a reason why a legacy platform has not been updated?
No compelling reason for any updates
Which of the following is not a recognized attack vector?
On-prem
Proteus has been asked to secure endpoints that can be programmed and have an IP address so that they cannot be used in a DDoS attack. What is the name for this source of DDoS attack?
Operational Technology
Randall's roommate is complaining to him about all of the software that came pre-installed on his new computer. He doesn't want the software because it slows down the computer. What type of software is this?
PUP
Which of these is considered the strongest type of passcode to use on a mobile device?
Password
Which of the following is not an issue with patching?
Patches address zero-day vulnerabilities
What are public key systems that generate different random public keys for each session?
Perfect forward secrecy
What is data called that is to be encrypted by inputting it into a cryptographic algorithm?
Plaintext
Ebba has received a new initiative for her security team to perform an in-house penetration test. What is the first step that Ebba should undertake?
Planning
What are the two concerns about using public information sharing centers?
Privacy and speed
Which of the following is false about the CompTIA Security+ certification?
Professionals who hold the Security+ certification earn about the same or slightly less than security professionals who have not achieved this certification.
Which of the following classifications of data is least important?
Proprietary
Which of the following sensors can detect an object that enters the sensor's field?
Proximity
Which of the following technologies can convert a texting app into a live chat platform?
RCS
Brielle is researching substitution ciphers. She came across a cipher in which the entire alphabet was rotated 13 steps. What type of cipher is this?
ROT13
Which type of OS is typically found on an embedded system?
RTOS
Linnea has requested to be placed on the penetration testing team that scans for vulnerabilities to exploit them. Which team does she want to be placed on?
Red Team
What term refers to changing the design of existing code?
Refactoring
Who verifies the authenticity of a CSR?
Registration authority
Which of the following are developed by established professional organizations or government agencies using the expertise of seasoned security professionals?
Regulations
What are documents that are authored by technology bodies employing specialists, engineers, and scientists who are experts in those areas?
Requests for comments (RFCs)
Which of the following is NOT an important OS security configuration?
Restricting patch management
Which of these is NOT a basic security protection for information that cryptography can provide?
Risk
Banko's sister has just downloaded and installed an app that allows her to circumvent the built-in limitations on her Android smartphone. What is this called?
Rooting
Cicero is researching hash algorithms. Which algorithm would produce the longest and most secure digest?
SHA3-512
Which of the following can automate an incident response?
SOAR
Tuva's supervisor wants to share a recent audit outside the organization. Tuva warns him that this type of audit can only be read by those within the organization. What audit does Tuva's supervisor want to distribute?
SSAE SOC 2 Type II
Which of the following manipulates the trusting relationship between web servers?
SSRF
What prevents a mobile device from being used until the user enters the correct passcode?
Screen lock
Tilde is working on a contract with the external penetration testing consultants. She does not want any executives to receive spear-phishing emails. Which rule of engagement would cover this limitation?
Scope
Which of the following groups have the lowest level of technical knowledge?
Script kiddies
Which is a protocol for securely accessing a remote computer in order to issue a command?
Secure Shell (SSH)
Which of the following is true regarding the relationship between security and convenience?
Security and convenience are inversely proportional
Which of the following is not true regarding security?
Security is a war that must be won at all costs
After Bella earned her security certification, she was offered a promotion. As she reviewed the job responsibilities, she saw that in this position she will report to the CISO and will be a supervisor over a group of security technicians. Which of these generally recognized security positions has she been offered?
Security manager
Which of these would NOT be considered the result of a logic bomb?
Send an email to Rowan's inbox each Monday morning with the agenda of that week's department meeting.
Which statement regarding a keylogger is NOT true?
Software keyloggers are generally easy to detect
Sofie needs to configure the VPN to preserve bandwidth. Which configuration would she choose?
Split tunnel
Which of the following groups use Advanced Persistent Threats?
State actors
Emilie is reviewing a log file of a new firewall. She notes that the log indicates packets are being dropped for incoming packets for which the internal endpoint did not initially create the request. What kind of firewall is this?
Stateful packet filtering
Which of the following hides the existence of information?
Steganography
Which of the following is not an improvement of UEFI over BIOS?
Support of USB 3.0
Which privacy protection uses four colors to indicate the expected sharing limitations that are to be applied by recipients of the information?
TLP
Which of the following is a tool for editing packets and then putting the packets back onto the network to observe their behavior?
Tcpreplay
What is low latency?
The time between when a byte is input into a cryptographic cipher and when the output is obtained
Olivia is explaining to a friend about digital certificates. Her friend asks what two entities a digital certificate associates or binds together. What would Olivia say?
The user's identity with their public key
Which is the first step in a key exchange?
The web browser sends a message ("ClientHello") to the server
Which of the following is NOT a limitation of a threat map?
They are difficult to vizualize
How do vendors decide which should be the default settings on a system?
Those settings that provide the means by which the user can immediately begin to use the product.
Which premise is the foundation of threat hunting?
Threat actors have already infiltrated our network
What race condition can result in a NULL pointer/object dereference?
Time of check/time of use race condition
What is the purpose of certificate chaining?
To group and verify digital certificates
What is an objective of state-sponsored attackers?
To spy on citizens
Estevan has recommended that the organization hire and deploy two security guards in the control room to limit the effect if one of the guards has been compromised. What is Estevan proposing?
Two-person integrity/control
Hakaku needs a tool with a single management interface that provides capabilities for managing and securing mobile devices, applications, and content. Which tool would be the best solution?
UEM
Enki received a request by a technician for a new subnotebook computer. The technician noted that he wanted USB OTG support and asked Enki's advice regarding its. Which of the following would Enki NOT tell him?
USB OTG is only available for connecting Android devices to a subnotebook
Which of these appliances provides the broadest protection by combining several security functions?
UTM
Which of the following is NOT an advantage to an automated patch update service?
Users can disable or circumvemt updates just as they can if their computer is configured to use the vendor's online update service
Which of the following is NOT a firewall rule parameter?
Visibility
Which model uses a sequential design process?
Waterfall model
Which type of hacker will probe a system for weaknesses and then privately provide that information back to the organization?
White hat hackers
Which of these is a list of preapproved applications?
Whitelist
Aoi has been asked to provide research regarding adding a new class of Android smartphones to a list of approved devices. One of the considerations is how frequently the smartphones receive firmware OTA updates. Which of the following reasons would Aoi NOT list in her report as a factor in the frequency of Android firmware OTA updates?
Wireless carriers are reluctant to provide firmware OTA updates because of the bandwidth the updates consume on their wireless networks
Which of the following is known as a network virus?
Worm
Which of the following attacks is based on a website accepting user input without sanitizing it?
XSS
Which technical specification of the Wi-Fi Alliance is the same as ad hoc mode in a Wi-Fi network?
a. Wi-Fi Direct
Which of the following is the Windows network analysis tool that checks the connection to each hop between source and destination?
b. Pathping
Which commercial data classification level would be applied to a data set of the number of current employees at an organization and would only cause a small amount of harm if disclosed?
b. Public