Infotec CySA
A normally quiet host has suddenly started to generate a lot of traffic, but due to the size of the network it hasn't made much impact on overall network utilization. What kind of analytics would most likely highlight it as a potential problem? Choose the best response. Anomaly analysis Availability analysis Heuristic analysis Traffic analysis
A
One of a router's interfaces just failed. When it reports the event to its Syslog server, what severity level would indicate it needs immediate attention, but that the router is not entirely unusable? Alert Critical Emergency Error
A
What security feature makes it more difficult for an attacker to trick you into installing a fraudulent Ethernet driver that reports on your network activities? Choose the best response. Code signing Firewall HIDS Trusted hardware
A
Your supervisor wants a methodical way to find missing or misconfigured security controls on your production network, but it's unfortunately full of critical services fragile enough to have problems when they receive excessive or non-standard traffic. This makes it important to use the least intrusive method possible. Which of the following would you recommend? Choose the best response. A black box penetration test A credentialed vulnerability scan A non-credentialed vulnerability scan A white box penetration test
A credentialed vulnerability scan
According to firewall logs, exactly every ten minutes a host on your internal network is attempting to contact a foreign network domain that you've seen associated with criminal activity. What kind of attack is the most likely explanation? Choose the best response. A malware infection on an internal workstation A session hijacking attempt A user responding to a phishing attempt A VM escape attempt
A malware infection on an internal workstation
Your security policy calls for the company's financial data archive to have its confidentiality, integrity, availability, and accountability protected. Presently it's stored on two redundant servers protected by strong passwords and transport encryption. What additional control would achieve your security goals? Choose the best response. A version management system that tracks all user access and revisions Full-disk encryption Regular data backups Two-factor authentication
A version management system that tracks all user access and revisions
What secure protocols add SSL/TLS security to protocols which were insecure on their own? Choose all that apply. FTPS HTTPS SFTP SNMPv3 SSH
A,B,D
You're hardening your web application against cross-site scripting. The lead developer assures you that with the new input sanitization routines the front-end server won't allow executable scripts to be stored in the database. What kind of XSS attacks might still affect your users? Choose all that apply. DOM based Persistent Reflective XSRF
A,C
While developing a web application, you're defining security requirements. Which of the following would be valid non-functional requirements? Choose all that apply. Ability to maintain 99.99% uptime An online password reset page Data sanitization following all user input HIPAA-compliant protection of all PHI Protection from web application attacks
A,C,D
You want to disable use of insecure protocols over an untrusted network segment. Which TCP ports might you want to block? Choose all that apply. 21 22 23 143 443
A,C,D
Which of the following are examples of context-based authentication? Choose all that apply. After hours logins are permitted, but send an alert to the network administrator on duty. All workstations on the secure network require both passwords and smart cards for each login. While running an automated script sending repeated network requests, you're forced to enter your credentials again. You give a mobile app access to your Facebook contact list, but don't permit it to make posts on your behalf. You must complete a two-factor authentication process the first time you sign in from a new physical location.
A,C,E
You're reviewing a web application. Which of these features are security warning signs? Choose all that apply. Input errors are logged and clearly displayed to users in full detail. The web server and database software are on separate physical servers, both similarly secured. Input validation is performed more rigorously on the client side than the server side. The HTTPOnly flag is set on session cookies. Secret cookies are used to prevent XSRF attacks.
A,C,E
Your company is considering joining an identity federation with several others providing related services. Which of the following are most likely true? Choose all that apply. A security compromise by one member can compromise the entire federation. Since providers never exchange user information, this shouldn't affect existing user privacy policies. The federation will make it easier to implement single sign-on between your services. You should consider a trusted third party that certifies all federation members, depending on the size of individual members. You should consider a trusted third party that certifies all federation members, depending on the number of members in the federation.
A,C,E
Through your organization you've seen a pattern of attacks of different types. Login attempts, malware, phishing emails, application exploits, and so on. None of the individual techniques are that exotic or hard to stop, but they're seemingly endless and most seem to be the work of the same group of attackers. What kind of threat is this? Choose the best response. APT Structural Unknown Zero-day
APT
A web server with access to customer PII has a serious vulnerability which is going to be very time-consuming and expensive to fix. Fortunately, your company compliance officer verified that you can configure a WAF as a compensating control until you replace the server. In the meantime, how can you deal with the serious vulnerability appearing every time someone runs a scan? Choose the best response. Mark it as a false positive. Document it as a security exception. Get used to reminding people. Do nothing since the WAF will hide the vulnerability on the scanner, too.
B
According to NIST, what is the effective strength of a 168-bit 3DES key? Choose the best response. 56-bit 80-bit 112-bit 168-bit
B
In Event Viewer you're told to look for events matching the following criteria. "Event ID: 4672; Task Category: Special Logon; Keywords: Audit Success". Which log should you look in first? Choose the best response. Application Security Setup System
B
In the following log entry, what is the destination IP and port number? Sep 3 15:12:20 192.168.99.1 Checkpoint: 3Sep2007 15:11:41 drop 192.168.99.1 >eth8 rule: 134; rule_uid: {11111111-2222-3333-BD17-711F536C7C33}; src: 192.168.99.195; dst: 192.168.56.10; proto: tcp; product: VPN-1 & FireWall-1; service: 3013; s_port: 1352; Choose the best response. 192.168.56.10, port 1352 192.168.56.10, port 3013 192.168.99.195, port 1352 192.168.99.195 port 3013
B
Provided they have applications and data of similar sensitivity, what hardening feature is more important on a company-issued smartphone than on a workstation in a secure area? Choose the best response. Antimalware suite Full disk encryption Host-based firewall Operating system updates
B
Qualitative risk assessment is generally best suited for tangible assets. True or false? True False
B
What type of cryptography is usually used for password storage? Choose the best response. Asymmetric encryption Hashing One-Time Pad Symmetric encryption
B
What's the most essential tool for segmenting broadcast domains? Choose the best response. Bridges Routers Switches VLANs
B
You're helping to evaluate a NAC system for remote access to a high security network. Client systems should have their security postures monitored at all times, even when not connected to the network. When they are connected, each request to the network will be evaluated to make sure it conforms with network policies. What kind of solution would meet these needs? Inline and agentless NAC Inline NAC with a persistent agent Out-of-band NAC with a dissolvable agent Out-of-band NAC with a persistent agent
B
You're looking for evidence of an unauthorized network scan in a Wireshark log. While browsing past a FIN packet you realize there's just too much traffic to do this manually, so how can you find out whether someone performed a FIN scan? Choose the best response. Apply a capture filter on FIN packets Apply a display filter on FIN packets Follow the TCP stream of that packet Follow the UDP stream of that packet
B
You're reviewing logs from a DNS server, and filtered for requests from outside addresses. Which of the following single query types against your domain name is most likely to indicate a DNS harvesting attempt? Choose the best response. AAAA AXFR MX SOA
B
You've just rebuilt the back end of an application to boost server performance, and you're ready to test the new version. What kind of test would discover if the changes caused any problems with existing security features? Choose the best response. Protocol Fuzzing Regression test Stress test User acceptance test
B
Your company just created the root certificate for its CA. Its private key won't be needed very often, so it will be stored in a safe when not needed. What security procedure could you use to make sure that no single employee can open the safe and get the key? Choose the best response. Cross training Dual control Manual review Separation of duties
B
Users are reporting a server responding slowly in what sounds like a high network load, but overall traffic to the server isn't high enough to explain the problem. What evidence can you look for in that traffic to find out if it's a network DoS attack? Choose all that apply. Excessive ICMP ping packets Excessive SYN packets Malformed packets Replay packets VLAN hopping
B, C
You're reviewing a firewall log. Which of the following entries might merit closer investigation even if they only happen once? An attempted connection to a port with no running services. An internal web server initiating a session with an external host. An external host initiating a session with an internal web server. A failed attempt to log into the firewall interface by an unfamiliar internet address. A successful attempt to log into the firewall interface by an unfamiliar internet address.
B,E
While conducting a vulnerability assessment, you're given a set of documents representing the network's intended security configuration along with current network performance data. Which type of review are you most likely to perform? Choose the best response. Architecture review Baseline review Code review Design review
Baseline review
For business reasons, your company isn't at all secretive about its WHOIS information. What reconnaissance type does this make easier for attackers? Choose the best response. OS fingerprinting Packet capture Social engineering Topology discovery
C
The management interface for your firewall has some known vulnerabilities, so you're worried that someone already on the network could log onto the firewall and change its settings. Which of the following methods could reduce that threat? Choose the best response. Deploy a sinkhole Switch to in-band management Switch to out-of-band management Switch to stateful filtering
C
What order are the steps of the Deming cycle? Choose the best response. Check, Plan, Act, Do Check, Plan, Do, Act Plan, Do, Check, Act Plan, Check, Do, Act
C
What policy document generally describes mutual goals between organizations? Choose the best response. BPA ISA MOU SLA
C
When scanning the local subnet with Zenmap you're about to try an Intense scan, but a coworker suggests you run Intense scan, no ping instead. If you take that advice, what will the likely result be? Choose the best response. It will complete faster but probably find fewer hosts and services. It will complete faster and probably find more hosts and services. It will take longer but probably find more hosts and services. It will take longer and probably find fewer hosts and services.
C
You researched an authentication system vulnerability last month, and while it had serious impact in theory, there was no demonstrated code that could exploit it. Last week a security researcher demonstrated such code. How will this affect the vulnerability's CVSS score? Choose the best response. It will change the Base metrics. It will change the Environmental metrics. It will change the Temporal metrics. It will change all three metrics. It won't change any metrics.
C
You want a system that can recognize and block an unauthorized network scan. What option should you use? Choose the best response. Application layer firewall IDS IPS Stateful firewall
C
You want to take some proactive actions against a new family of malware that's been spreading around. It has spyware and botnet functions, and infected computers connect to external servers. You have a list of the domain names the malware contacts. What security tool would help you to recognize that malware on your network? Honeypot IDS Sinkhole WAF
C
You're evaluating NAC solutions. One feature you need is to make sure that when sales users join the network remotely they'll automatically be joined to the Sales network and given access to its resources. What kind of solution should you look for? Choose the best response. Agentless Location-based Role-based Rule-based
C
You're evaluating a new system that uses Security Enhanced Linux to handle classified government information. What kind of access control model should you expect it to use? Choose the best response. ABAC DAC MAC RBAC
C
You're installing a new web server, and your coworker is downloading a CIS benchmark for it. What part of the security process will that help with? Choose the best response. Patch management Sandboxing Security baselining Source authenticity verification
C
Your company is developing an application a private US-based hospital will use to give patients online access to their medical records. Regardless of what other data the application handles, what kind of compliance do you already know you need to research? Choose the best response. FERPA FISMA HIPAA PCI-DSS
C
You think attackers are using packet sniffers on your Wi-Fi network. The network is using strong WPA2 encryption, but what can the attackers still learn without the key? Choose all valid responses. Active applications IP addresses MAC addresses Most active hosts SSIDs
C,D,E
You've been charged with conducting a vulnerability scan. Which of the following actions are you likely to perform? Choose all that apply. Bypassing security controls Exploiting vulnerabilities Finding open ports Identifying vulnerabilities Passively testing security controls
C,D,E
A Linux server is behaving sluggishly and you want to know what process is using all the CPU and memory usage. Which of the following tools would suit your purposes? Choose the best response. Event Viewer Netstat Sysinternals Top
D
ACLs are based on which assumption? Choose the best response. Explicit Allow Explicit Deny Implicit Allow Implicit Deny
D
Coming in late to a meeting, you hear that one new cybersecurity framework under evaluation bases everything around the Architecture Development Model. What framework is likely being discussed? Choose the best response. COBIT 5 ITIL ISO 27001 TOGAF
D
For regulatory compliance, you're required to use unique user IDs for all computer access, but there's one critical isolated system that doesn't actually support user-based access and must be used by multiple people. What might be a valid compensatory control? Choose the best response. Enabling system logging on that computer Encrypting all connections from that computer Placing a firewall between that computer and the network Using security cameras and a logbook to track access to the computer itself
D
You're mapping a network and looking for rogue devices and services. Which tool are you most likely to use? Choose the best response. MBSA Nessus Nikto Nmap
D
Your latest vulnerability scan uncovered a serious and time-critical vulnerability, but you can't fix it immediately because the company change management process mandates a review period before making the necessary changes. What kind of remediation problem are you having? Choose the best response. Business process interruption Degrading functionality MOU Organizational governance
D
Order the following encryption ciphers from weakest to strongest. 3DES AES Blowfish DES
D,A,C,B
You require your users to log on using a user name, password, and rolling 6-digit code sent to a keyfob device. They are then allowed computer, network, and email access. What type of authentication have you implemented? Choose all that apply. Basic single-factor authentication Context-based authentication Federated identity management Multi-factor authentication Single sign-on
D,E
You're writing a policy document using a rather minimalist template. What kinds of information would you put in the "Scope" section? Choose all that apply. What consequences there are for non-compliance What risk the policy is meant to reduce What systems and data the policy protects When the policy was last changed Who is affected by the policy
D,E
Your internal network is protected by a Cisco firewall between the WAN and the internal network. While it's not having any problems, your boss suggests installing a Fortinet firewall between the Cisco firewall and the trusted LAN in order to create a new DMZ. Which security principles does this promote? Choose all that apply. Availability Defense in depth Security by design Security by obscurity Vendor diversity
Defense in depth
A security program alerts you of a failed logon attempt to a secure system. On investigation, you learn the system's normal user accidentally had caps lock turned on. What kind of alert was it? True positive True negative False positive False negative
False positive
An IDS sends you an alert with a form input to a web application. When you view the packet, the form input itself reads 1' OR '1'='1. What kind of attack does this most likely indicate? Choose the best response. Buffer overflow Cross-site scripting Injection Integer overflow
Injection
You work for a contracting company closely aligned with the US federal government. Which organization's publications are likely to be most closely related to your security compliance standards? Choose the best response. CIS NIST NSA W3C
NIST
Your company has long maintained an email server, but it's insecure and unreliable. You're considering just outsourcing email to an external company who provides secure cloud-based email services. What risk management strategy are you employing? Choose the best response. Risk acceptance Risk avoidance Risk deterrence Risk mitigation Risk transference
Risk transference
An attacker remotely stole data from a server using an employee's account. According to the employee, he couldn't have done it: While he did log in that day, he was almost immediately disconnected with a message about unplanned server downtime. Assuming the employee is telling the truth, what kind of attack took place? Choose the best response. DoS Downgrade IP spoofing Session hijacking
Session hijacking
You're asked to generate a vulnerability report that shows the number and types of vulnerabilities and fixes you've encountered every month in the last year. What kind of report would that be? Choose the best response. Change report Scope report Trend report Workflow report
Trend report
You've found signs of unauthorized access to a web server, and on further review the attacker exploited a software vulnerability you didn't know about. On contacting the vendor of the server software, you learn that it's a recently discovered vulnerability, but a hotfix is available pending the next software update. What kind of vulnerability did they exploit? Choose the best response. APT Structural Unknown Zero-day
Unknown
After performing a vulnerability scan on a database server, you manually verify that each reported vulnerability actually exists on the server. What are you looking for? Choose the best response. False positives False negatives Both Neither
A
Order the steps of the incident response process. Containment Eradication Follow-up Identification Investigation Preparation Recovery
6, 4, 1, 5, 2, 7, 3
The incident response process? Preparation Identification Containment Investigation Eradication Recovery Follow-up
A
Which of the following is not true about writing an incident summary report? It isn't the appropriate place to point out shortcomings in initial staff response. It should be filed as part of a compiled list of incident statistics so that you can recognize developing trends. It should contain a detailed list of actions taken during the response process. It should list any remaining vulnerabilities or steps that could be taken to prevent recurrence.
A
You want to gather statistics about the network traffic between a particular webserver and its back end database server. What protocol would be most useful for that purpose? Choose the best response. NetFlow Netstat SNMP Syslog
A
You're configuring a router, and want it to check the properties of incoming traffic before passing it on. What will this require? Choose the best response. Configuring ACLs Configuring routing tables Either would have the same effect Only a fully featured firewall can do this
A
You're researching a recent XSS attack against a web application. The developer showed you the JavaScript code used to sanitize and validate input in the browser; even if you're not a coder, it seems like it would have prevented the attack. What is the most likely reason the web application was vulnerable? Choose the best response. Client-side validation can be easily bypassed. Input validation doesn't reliably protect against XSS attacks. Server-side validation can be easily bypassed. The attacker performed an injection attack to bypass input validation.
A
You've discovered multiple computers on your network infected with the same spyware. Which of the following would be valid short-term containment options? Choose all that apply. Isolate the affected systems from the network Perform hard drive degaussing Perform system sanitization Reimage the affected systems Shut down the infected systems
A,E
What is eDiscovery? Choose the best response. A process for identifying security incidents. A process for sharing electronic forensic data. A standard for forensic backup software. A software application used to track security incidents.
B
Your company is developing a custom web app for the sales team. It should be able to access a list of Salesforce contacts, but for security reasons the app shouldn't be able to access the actual Salesforce account. What standard would allow this? Choose the best response. Kerberos OAuth OpenID Connect SAML
B
Your wireless network is configured in 802.1X mode. What kind of server does it most likely use as a backend? Choose the best response. KERBEROS RADIUS TACACS+ TKIP
B
Which of the following are examples of point-in-time data analysis? Choose all that apply. Anomaly analysis Behavioral analysis Packet analysis Traffic Analysis Trend analysis
B,C
As a penetration tester you want to get a username and password for an important server, but lockout and monitoring systems mean you'll be detected if you try brute force guessing. What techniques might directly find the credentials you need? Choose all that apply. DNS harvesting Packet capture Phishing Service discovery Social engineering
B,C,E
While conducting a penetration test you've exploited an application flaw to get temporary access on a proxy server. Part of your goal is to use that server as a pivot. Which of the following steps directly achieve that goal? Choose all that apply. Creating a new account you can log in from again Creating a tunnel through the proxy server to the internal network Establishing administrative credentials Running a network scan from that server Searching through data folders on the server
B,D
You've been tracking unauthorized access to a web application. On examining the source code you find a hidden routine that allows access to any account using the password wrtsglz, regardless of the normal password associated with that account. What kind of vulnerability have you uncovered? Choose the best response. Backdoor Logic bomb Privilege escalation Rootkit
Backdoor
Once a third-party penetration test begins, it's your job to secure the network and stop attacks before the penetration testers achieve their goal. What team are you on? Choose the best response. Black team Blue team Red team White team
Blue team
An attack on your web application began with a long string of numbers sent to a field that's only supposed to hold a four-digit variable. What kind of attack was it? Choose the best response. Buffer overflow Integer overflow LDAP injection XSRF
Buffer overflow
Which of the following is not true of incident response teams? Choose the best response. A single spokesperson for the entire incident response team can help prevent misunderstandings with other parties First responders must have training in both technical issues and security principles. Human Resources should be involved from the beginning of any security incident. It's generally a good idea to train a variety of people as incident responders and assemble teams as needed for particular incidents.
C
Your company is contracting with a US Federal agency, and you have to make sure your solutions are compatible with their policy framework. Which framework are you most likely to become familiar with? Choose the best response. COBIT 5 ISO 27000 NIST 800 series NISF CSF
C
After a security incident you rush to take a screenshot of a telltale running process before you leisurely take a backup of suspicious files on the hard drive. What forensic principle are you exercising? Choose the best response Audit trail Chain of custody eDiscovery Order of volatility
D
As part of a forensic investigation, you need to analyze files on a USB drive. What tool might be especially useful? Choose the best response. Log viewer Password cracker Process analysis Write blocker
D
What kind of symptom are you most likely to see during a DoS attack? Choose the best response. Beaconing from a number of hosts on the network Creation of new user accounts Scan sweeps Unusual spikes in network traffic
D
You're reviewing an automated password reset system. Which element of it is the biggest security risk? Choose the best response. Before users get a new a password, they must either enter the old password or verify their identity by other means. No password hints are displayed to a user who hasn't authenticated yet. Users can verify their identities by requesting a password reset link be sent to their primary email address, Users can verify their identities by answering challenge questions such as their childhood street or mother's maiden name.
D
You're using CMMI as a maturity model for application development. What maturity level are you at if you've just established organized testing and evaluation of security processes and controls for the application? Choose the best response. Defined Managed Optimizing Qualitatively Managed
D
You've been asked to help consult for security on an application that's designed to interoperate with Google and Salesforce SSO systems. What protocol should you study first? Choose the best answer. Kerberos LDAP RADIUS SAML
D
How might you likely discover a data exfiltration incident? Choose all that apply. Detecting repeated buffer overflows Detecting a ping scan Monitoring memory consumption Monitoring network traffic Reviewing system logs Tracking network outages
D,E
What application attacks directly target the database programs sitting behind web servers? Choose all that apply. Command injection Cross-site scripting Session hijacking SQL injection XML injection
D,E
You're testing an unknown program on a VM to make sure it isn't malware. Another security analyst suggests disabling the hypervisor's resource sharing features first. What kind of attack is this step meant to discourage? Choose the best response. Privilege escalation Rootkit VM escape VM sprawl
VM escape
You're instructed to assist outside penetration testers by giving them complete documentation on your network and its configuration. What kind of test are they performing? Choose the best response. Black box Black hat White box White hat
White box
After running a vulnerability scan you learn that a number of the identified vulnerabilities don't actually exist on the system. What should you do? Choose the best response. Mark them as false positives Mark them as false negatives Mark them as low critical File them as an SLA.
A
Your secure ICS network is isolated enough to prevent any direct logins from the main corporate network, but you want to manage a device on the ICS network from your own workstation. What technology can you configure to do so? Choose the best response. Jump box Mandatory access control Network access control VLAN segmentation
A
Your remote access system currently uses RADIUS, but one administrator is proposing replacing it with TACACS+. What benefits might this provide? Choose all that apply. Better able to support non-IP protocols Better suited to large networks Less complicated to administer More secure More focused on user authentication
A,B,D
You've been instructed to implement two-factor authentication for a secure system. What of the following would qualify? Choose all that apply. Password and OTP Smart card and OTP Smart card and fingerprint scan Iris scan and fingerprint scan Password and iris scan
A,C,E
Unlike LDAP, LDAPS ______ ? Choose all that apply. Includes SSL or TLS encryption Is compatible with Unix-based operating systems Is safe for use on the pubic internet Uses port 389 Uses port 636
A,E
A third-party team is going to formally examine your organization's overall security practices in order to make sure they meet regulatory compliance goals. Your organization may be fined if it fails. What would this verification process best be called? Choose the best response. Assessment Audit Certification Evaluation
B
Why is it important to record a time offset when collecting evidence? Choose the best response. To compensate for logging systems that don't record precise times To compensate for time differences between multiple systems To document the precise order of events To document the precise timing of events
B
You want to take a complete forensic image of a hard drive. Which tool might best suit your needs? Choose the best response. Cellebrite dd John the Ripper MD5
B
You're checking a host for active network connections and listening ports. Which of the following tools would suit your purposes? Choose the best response. NetFlow Analyzer Netstat SNMP Top
B
You've discovered users running an unauthorized file sharing program. While it does no harm in itself, it could be used for data exfiltration, digital piracy or to spread malware. What security technique could prevent this? Choose the best response. Antimalware Application whitelisting Patching Security templates
B
After malware was discovered on some workstations, you instructed some technicians to reimage the systems rather than bother with sanitizing them. On reflection, you're not entirely sure the latest images incorporate the critical browser security updates you just deployed the other day. In which phase of the recovery process should the technicians make sure those unrelated updates are applied? Choose the best response. Eradication Lessons learned Validation None: you will need to do this manually
C
After some security incidents involving removable USB drives on Windows systems, you'd like to disable them on secure systems. What method could you use to do this? Choose the best response. Antimalware Application whitelisting Group policies Isolation
C
For an outside attacker, what reconnaissance method is much easier on wireless networks than wired ones? Choose the best response. DNS harvesting Log review Packet capture Service discovery
C
What are vulnerability analyzer updates typically called? Choose the best response. ACLs Rules Plug-ins Signatures
C
Which framework incorporates five core publications forming a Service Lifecycle? Choose the best response. COBIT 5 ISO 27000 ITIL NIST CSF
C
Which of the following is true about working with law enforcement? Choose the best response. All computer-related crime reports should go directly to federal agencies. You should notify all relevant law enforcement agencies about any criminal matter. You should report an incident to only one law enforcement agency unless otherwise instructed. You should notify law enforcement whenever you encounter the possibility of criminal activity.
C
Your SCAP-compliant vulnerability feed includes a long list of uniquely defined vulnerabilities. Which SCAP component is used to actually identify each vulnerability? Choose the best response. CCE CPE CVE OVAL
CVE
What element of your risk mitigation strategy helps keep future additions to your network from introducing new security vulnerabilities? Choose the best response. Change management Incident management Security audits Technical controls
Change management
The development team has just created a control flow graph for a new application. What stage of development are they in? Choose the best response. Manual code review Provisioning Security requirements definition Static code analysis
D
Which of the following is true for any security incident? Choose the best response. All parties who are being informed about the incident should receive identical reports. It's better to report too much about an ongoing incident than too little Reports to management should include full technical details of the incident. You should maintain a single line of communication with a given outside party.
D
While clearing space on an old server, you've found some files associated with a long inactive account. What policy would you most importantly check to find out whether it's appropriate for them to be deleted? Choose the best response. Account management policy Data classification policy Data ownership policy Data retention policy
D
You have a critical server configured as a SNMP agent, in part so you can tell remotely when one particularly fragile service on it crashes again. What kind of PDU should the server immediately send to the SNMP manager when the service fails? Get Put Response Trap
D
You have a document specifying security software and settings that must be enabled on every user workstation in your department. What would the document best be called? Choose the best response. Guideline Procedure Policy Standard
D
You're configuring a SAML-based authentication system. What kind of attack do you need to specifically prepare against? Choose the best response. Golden ticket Session ID collisions Spoofed Access-Request messages XML signature wrapping
D
You just found an unexpected configuration change in a router's DHCP server. It now directs all connecting clients to use a non-standard, unauthorized DNS server. What kind of attack do you suspect? Choose the best response. Domain hijacking DNS poisoning Rogue AP Session hijacking
DNS poisoning
You've been tracking a new form of malware on your network. It seems to primarily work by attacking web browsers when they visit certain external websites. What parts of the network should your analysis focus on? Choose the best response. Endpoints Network appliances SCADA devices Servers
Endpoints
You've taken the company Wi-Fi down for maintenance, but your phone still shows a network with the same SSID as available. What kind of attack do you suspect? Choose the best answer. ARP Spoofing Denial of Service Evil twin Replay
Evil twin
You're shopping for a new A/C unit for your server room, and are comparing manufacturer ratings. Which combination will minimize the time you'll have to go without sufficient cooling? Choose the best response. High MTBF and high MTTR High MTBF and low MTTR Low MTBF and high MTTR Low MTBF and low MTTR
High MTBF and low MTTR
For your new security consulting position, you're helping a hospital secure its HR database. It includes employee records such as contact information, employment history, and payment data. What would this information be classified as? Choose the best response. IP PCI PHI PII
PII
You overhear the end of a conversation about a recent series of attacks against your organization. Your supervisor says email filters might help but the solution is going to have to rely partly on security awareness training for end users. What kind of vulnerability is most likely being discussed? Choose the best answer. Internet of Things Mobile devices Phishing VM sprawl
Phishing
In further analysis of the web application you've discovered a hidden combination of commands any authenticated user can use to unlock a management console that gives administrative access to the application. What kind of vulnerability have you uncovered? Choose the best response. Backdoor Logic bomb Privilege escalation Rootkit
Privilege escalation
What application vulnerability can be exploited by providing a series of normal data inputs with a specific sequence and timing? Choose the best response. Buffer overflow Injection Race condition Request forgery
Race condition
