Intro to Info Sec. Midterm
As a security compliance specialist, you are asked to produce CP and CPS documents. Which of the following statements most accurately defines these two types of documents? Select three.
A CPS can be referenced in the OID of a digital certificate. A CP is a set of rules that govern the operation of a PKI. A CPS is a more technical document than a CP.
Spiro is doing research on HIDS, HIPS, and EDRs in his quest to implement a stronger security posture in a small company that was recently awarded a government contract. Which of the following statements are true regarding the technologies he is researching? Select two.
A HIPS attempts to block a malicious attack. EDR tools perform analytics that identify patterns and detect anomalies.
Divya logs in to her online bank account using a username and password, then proceeds to transfer money from one bank account to another. What likely safeguards has the bank implemented to secure her login credentials?
A digest of the current password Divya set is stored for comparison.
Assume a REAL ID can be used for federal identification and a traditional ID cannot. Which of the following, in the form of an analogy, can be used to authenticate the person requesting a digital certificate?
A digital certificate authenticated with a birth certificate is like a REAL ID.
Gemalyn enters websiteA.com in the address bar of a browser but is redirected to websiteB.com due to an infected DNS. What type of exploit did Gemalyn experience?
A redirection technique called pharming.
A MAC cloning attack is most likely to affect what type of device and how?
A switch with the purpose of redirecting traffic.
A threat actor manages to spoof the MAC address in the cache of a computer with the goal of redirecting traffic. What type of attack is the threat actor launching?
ARP poisoning
Which of the following are features typically available when enabling loss or theft services on a mobile device? Select two.
Ability to remotely erase sensitive data stored on the device. Ability to remotely lock the device.
Evin thinks one of the computer systems where he works may have been compromised. He does not currently have a good way of determining if an unauthorized user logged in successfully. Which of the following can Evin implement that will, going forward, help him identify who logs in?
Accounting
Which of the following accurately describes the differences or similarities between mainstream attack surfaces and specialized threat vectors? Select three.
An imposter calling the elderly is exploiting a specialized threat vector. One targets client-based software, the other targets supply chain components. A network is an example of a mainstream attack surface.
In a credential relay attack, which of the following best describes how the credentials are compromised? Select two?
Attackers use their own device to set up a MITM attack to intercept credentials. Attackers try to intercept digests of user passwords as they are being transmitted.
A visitor is trying to access a military base. The visitor needs to supply their license and enter other personal information via a kiosk. The visitor is eventually allowed to enter the base but is limited to certain areas only. What security principles are being employed? Select two.
Authentication Authorization
If MAC is more restrictive than DAC, why does Windows include the use of DAC when granting access?
Because it first checks any requests against MIC and, if they pass, it then checks DAC.
Which of the following is a true statement regarding the indicated block cipher mode? Select two.
CBC uses the output of a round of encryption as input for the next round. GCM computes a MAC to ensure the message was not tampered with during transmission.
Hitee is asked to provide a local entity from which the status of digital certificates can be viewed. Which of the following should she set up?
CR
A friend gets a virus and asks if you can help them fix the problem. You boot the computer with a bootable flash drive containing security-related tools and remove the virus. What type of control did you employ?
Corrective
Which of the following is a characteristic that helps determine the strength of a key? Select three.
Cryptoperiod Key space Randomness
Which of the following most accurately describes the differences or similarities between typo squatting and cybersquatting? Select two.
Cybersquatting is registering a domain that contains trademarks and then selling it. A domain name with a one-letter change relative to an authentic site is an example of typo squatting.
A threat actor launches an attack to restrict access to a particular website. The attack targets NTP to realize a significant increase in traffic compared to the amount of traffic originally sent. Which of the following best describes the type of attack the threat actor is engaging in? Select three.
DDoS attack Reflection attack NTP multiplier attack
An entity is determined and decides to commit to a multiyear intrusion campaign with the goal of obtaining national security information. Which of the following describes the type of attack the entity is most likely to engage in? Select two.
Data exfiltration APT
A company needs a lot of data to test an application. They want to make a copy of their production data and modify it in such a way that the original data cannot be recovered. Which of the following best describes the process the company should use to ensure the privacy of the original data? Select two.
Data masking Data sanitation
Which of the following examples best describes the states in which data could reside? Select three.
Data sitting in RAM about to be transmitted Data on a hard drive about to be accessed Downloading an image from a website
Yandelli is responsible for protecting data in transit. However, the scheme he is attempting to adopt will encapsulate encrypted information with unencrypted information. What is a potential consequence of this behavior?
Data will be transmitted securely.
A vulnerability in a web application infrastructure is most likely to affect which of the following? Select three.
Databases Network App servers
Which of the following statements are true relative to security constraints and cryptography regarding embedded systems and specialized devices? Select two.
Decreasing latency in a cryptographic algorithm makes it run faster. A cryptographic algorithm should have low latency.
A software quality assurance associate is testing two modules in an application on a web server. One module generates data and the other reads data. However, whenever data is being generated, as soon as the module that reads data is initiated, the application crashes. Which of the following is most likely to be causing the problem?
Dereferencing a pointer with a NULL value.
Three entities know and trust each other completely. In a public key infrastructure setting, which of the following could be used to describe this type of trust? Select two.
Direct trust Web of trust
Which of the following most accurately describes the differences or similarities between misinformation and disinformation? Select two.
Disinformation is a type of misinformation. A false warning is an example of disinformation.
A commuter sees a flyer on a train with a QR code advertising high interest rates at an online bank. The commuter scans the code, but the website indicates the promotion has ended. Within a few days the commuter's phone starts sending messages to everyone in the contacts with a malicious link. How could this have been prevented?
Do not scan QR codes from unfamiliar sources.
An attacker is scanning wireless networks and discovers that one of them is set up to support the two most recent protocols. What type of attack is the malicious actor most likely to launch to try to breach the security settings of the wireless device?
Downgrade attack
Identify the differences and/or similarities between static analysis and dynamic analysis regarding AV software. Select two.
Dynamic analysis looks for characteristics of a virus. Static analysis uses signature-based monitoring.
A criminal organization has decided to leave their traditional ways and pursue cyberattacks as their new mode of operation. Why would they do this?
Easier to hide their tracks
You are hired as a consultant to create a SecDevOps program at a software development firm. Which of the following are you most likely to implement? Select two.
Employ automation wherever possible. Embrace continuous modifications through the process with provision to roll back as needed.
Which of the following represents capabilities that UEM provides? Select all that apply.
Enforce encryption settings. Apply default device settings. Install applications remotely. Install applications remotely. Push notification services.
Amara is responsible for monitoring events from a wide variety of devices connected to the network including copiers and printers. When a new piece of networking equipment is added to the network and successfully deployed (processing and/or forwarding traffic), she uses a specific protocol to remotely query the device for information. If the device she is trying to contact does not respond, what can she do to troubleshoot the problem?
Ensure the SNMP agent is installed and running on the device she is trying to query.
After a recent breach in your industry, you are asked to ensure the databases your company uses are encrypted. They also request performance degradation be kept to a minimum. Which database encryption method are you most likely to implement?
File-level encryption
A company is developing an online app that will require users to sign in using their email and a password. What should the company do to prevent SQLi attacks?
Filter inputs
In the process of monitoring traffic, a security team has seen a significant increase in network traffic flowing outside of the network perimeter. They also noticed a particular software monitoring agent has been disabled. What should they use to prevent the threat actor from interfering with the data collection effort?
Flow analysis
Which of the following accurately describes the activities that fall under security monitoring? Select three.
Generating relevant documentation. Retaining relevant historical documents and records. Isolating compromised systems.
For security reasons, an app has the restriction that it can only be used within a one-kilometer radius of a secure facility. What is being used to enforce this restriction?
Geofencing
A group of threat actors has a strong aversion to certain political ideologies. They launch a cyberattack against the organization to which its perceived adversarial counterpart belongs. This type of threat actor could most appropriately be classified under what category?
Hacktivist
Which of the following statements is true regarding hashing?
Hashing can be used to help verify the integrity of a message.
Barrabi mined Bitcoin years ago that is now worth millions of dollars. He encrypted the password but can't remember the key he used to encrypt it. Upon employing the services of Barnum, a skilled security professional, he was eventually able to determine the key. Which of the following best explains what Barnum did or used to determine the key?
He performed a cyphertext attack.
A security professional is performing penetration testing that includes a variety of port scans. The security professional knows that unless network monitoring is temporarily disabled, it will unconditionally generate an alert, which for the time being is not the desired effect. What monitoring methodology should the security professional temporarily disable?
Heuristic monitoring
Identify the differences or similarities between the Raspberry Pi and the Arduino. Select three.
ICs on the Raspberry Pi and Arduino are not user programmable. The Arduino is designed as a controller for other devices. The Raspberry Pi has more processing power than the Arduino.
A company designs an artifact. To secure protection against competitors who may attempt to copy it, the company applies for, and is granted, a patent. What type of data is being protected?
IP
Which of the following statements represents steps that can be taken to harden SCADA systems? Select two.
Identify all connections to SCADA networks. Disconnect unnecessary connections to the SCADA network.
Which of the following statements are true regarding physiological biometrics? Select two.
In some cases, retinal patterns may change during a person's lifetime. It is more difficult to imitate cognitive biometrics than physiological biometrics.
When analyzing a security breach, Acer determines the attacker was able to change the price of an item from $200 to $20. What security protection was compromised?
Integrity
A security professional is analyzing passwords. What two observations (select two) can the analyst make regarding the following password: L0nd0nbr1dge!3
It is a relatively weak password. It exhibits characteristics of predictable patterns found among passwords.
Which of the following statements best describes how a Faraday cage prevents data leakage?
It is used to prevent EMI from escaping the enclosure.
Which of the following are likely reasons why Attaqui, a threat actor, prefers to use password spraying attacks when targeting accounts? Select two.
It will not lock out the user account. It is less likely to raise any alarms.
A network is an example of a mainstream attack surface.
Key escrow
A security audit firm recommends using a technology that will help protect password digests at a corporation. Their recommendation will dramatically reduce the efficiency of password cracking endeavors should the password digest ever be stolen. Which of the following reflects what the security audit firm may have recommended? Select two.
Key stretching Argon2
On December 15, a small company starts transitioning to a new accounting package during their holiday break. Suddenly, on January 2, when employees return to work at 9:00 a.m., all computers in the accounting department repeatedly shut down within 15 minutes of being powered up. What type of malware is likely to have infected the computers?
Logic bomb
Abeni is responsible for managing mobile devices where she works. She needs the ability to restrict jailbroken and rooted devices. In addition, she wants the ability to approve or quarantine new mobile devices. What tool should she deploy?
MDM
You are tasked with installing a system in a large warehouse that is capable of detecting levels of daylight to dim interior lights to conserve energy. In addition, if an intruder enters the warehouse an alarm should be triggered. The system you install will most likely support what type of signal/radio wave?
Microwave
Pooma is researching the viability of implementing keystroke dynamics to authenticate users. She writes a report highlighting some of the benefits. Which of the following statements is she most likely to include in the report as well as consider in the implementation plan? Select two.
No additional steps are required beyond entering the username and password. It requires no specialized hardware.
An employee tries to mask his identity by programmatically changing the From field to"a-nony-mouse" in an email. He uses periodic intervals to send the email to the entire company promoting a product he is selling online. An investigation reveals who sent the message. What capability of cryptography was used to confirm the sender's identity?
Nonrepudiation
Kuruvilla is looking for a new online game to play. During his exploration, the browser gives an indication that there was a network error. Which of the following may have caused this condition?
OCSP was not able to access the server it was trying to contact.
Guang buys a mobile device at an Apple store. He wants to harden the device using two strong methods of authentication. Which of the following would you advise Guang to use? Select two.
Password Facial recognition
A large company wants to manage passwords in such a way to, among other things, require users to log a valid reason for accessing specific resources. In addition, they want to revoke access to those resources after a user session to safeguard privileged accounts. Which of the following should the company implement?
Password vaulting
Which of the following can be included under the physical security controls umbrella? Select three.
Perimeter defenses Data leakage Gel-based paint
Johnny develops an app to encrypt short messages. He runs the encryption program, but it is designed to deliberately introduce a 5- to 15-second delay before encryption begins. What type of data is Johnny about to encrypt?
Plaintext
Company Beta does some testing on a highly anticipated software application and soon installs it in a production environment. Problems ensue so they contact Company Alpha, the company who released the software. While investigating the problem, Company Alpha discovers a buffer overflow vulnerability. What could have caused the vulnerability?
Poor coding practices
Which one of the following technologies is most likely to be used in a system that is able to detect when a vehicle enters a restricted area and the direction in which it is headed?
Pressure sensors
You are unable to access google.com from your computer, so you check the local host file. You notice it has an entry that reads (without quotes) "127.0.0.1 www.google.com". How can you best remedy the situation?
Remove the entry from the file.
A company uses a fence to deter physical access. An audit report concluded that since the fence can be easily scaled, additional measures should be implemented. What additional fencing-deterrent measure could the company implement to gain an added layer of protection? Select three.
Roller barrier Rotating spikes Anticlimb collar
Onjolee wants to ensure she can use one digital certificate for www.mysite.com, www.mysite.org, and www.mysite.info. Which of the following best describes the type of digital certificate she should use?
SAN
Which of the following represents a true statement regarding software and hardware encryption? Select three.
SEDs require successful authentication before access is granted. Hardware encryption cannot be exploited like software encryption. TEE protects the confidentiality and integrity of its code and data.
Salvadori wants to send a message halfway around the world via email. He would like to convey the hash corresponding to the message over the phone to the recipient. Which of the following hash algorithms should Salvadori use? Select three.
SHA-2 RipeMD Whirlpool
To bypass institutional overhead, a well-intentioned networking instructor purchases a wireless router and connects it to the network. The goal is to allow students to establish connectivity with each other by connecting through the wireless router. In what activity did the instructor participate?
Shadow IT
Pamela installed a program that scanned the internet for coupons. A week later her bank account was hacked. How was Pamela's bank account most likely compromised?
She installed a computer Trojan.
Florentina is analyzing a network and notices an unusual amount of traffic is being generated by some computers. Additional investigation reveals that most of the traffic is in the form of images being transmitted to an unfamiliar site. What specific type of malware was most likely installed on the compromised systems?
Software keylogger
Viraa works at a virology lab that requires her to place her hand on a specialized "medical" device to scan certain genetic characteristics before being granted access. Which of the following is being used to prove her authenticity?
Something you exhibit
Alexandria works at a secure installation that requires a special ID card with her picture to gain access. An officer at the gate needs to scan the ID card before allowing employees to enter the installation. One day she forgets her card. However, since the officer recognizes her, the officer lets her pass through the gate. Which of the following elements, if any, did the officer violate (not enforce)?
Something you have
Which of the following most accurately describes the similarities and/or differences between spear phishing and whaling? Select two.
Spear phishing uses customized information to target specific users. Whaling targets wealthy individuals and senior executives in a business.
Which of the following represents a true statement regarding the similarities or differences between keyloggers and spyware?
Spyware does not capture keyboard input.
Which of the following statements accurately describes the differences or similarities between RB-RBAC and ABAC? Select two.
The RB-RBAC scheme can dynamically assign roles to subjects based on a set of rules. ABAC uses flexible policies that can combine attributes.
Zikomo's company uses Outlook in employee offices as part of their email framework. The email header in one of the messages Zikomo received contains an analysis of the email with an indicator of SAP. What does this mean?
The attachment is safe.
Which of the following represents a disadvantage of signature-based monitoring?
The corresponding database must be constantly updated.
A senior software engineer starts working at a small company that wants to incorporate secure coding practices. Quality assurance currently begins after the application has been tested but before production. The engineer sees an opportunity and recommends adopting a method that breaks down the project into smaller biweekly development "bursts" that include testing. Which of the following statements are true? Select two.
The engineer prefers using the agile model. The company is currently using the waterfall model.
Bodhi is leading a team responsible for writing the specifications of a new hashing algorithm. What factor does the team need to keep in mind to ensure it is secure? Select three.
The output should always be of a fixed size. The output should be original. Every unique input should render unique output.
Chafik works at Company A. He apparently receives an email from Jon Dough of the purchasing department. The email includes a link along with a request to fill out a survey because they want to improve the procurement process. The from field in the email reads as follows:
The recipient is potentially more likely to click on the link because a reason was supplied. This is an example of a potential phishing attack.
Kalaki subscribes to an online computer digest. Kalaki notices a string of characters with a message next to a link that reads "... use to verify file integrity after downloading." What does the string of characters represent? Select four.
The result of a one-way algorithm A message digest A digital fingerprint A hash
The CEO of a small retail chain is visiting a client. They call the help desk in a panic and request a password reset because it expired. The technician says they are not allowed to manually reset passwords but to kindly use the online password reset system. The CEO gets irate, says "You're fired," and hangs up. Which of the following best characterizes what happened, or what should have happened?
The technician did the right thing.
A company's network is infected with ransomware. They are told data has been stolen. In addition, they are told to pay a ransom to decrypt the data on their servers, or the stolen data will be released to the public. Which of the following would be the best option for the company?
There is no best option.
Which of the following are true statements regarding session IDs? Select three.
They can be intercepted and used to impersonate a user. They are typically hashed using a secure hashing algorithm. They can be used for a specific type of replay attack.
Alpha and Beta are having a conversation in English. Gamma, who is a gifted conversationalist and tends to monopolize conversations, approaches Alpha and Beta. As soon as Alpha and Beta see Gamma, they start speaking in Spanish, but Gamma does not understand. What did Alpha and Beta just do?
They employed a form of encryption.
Which statement best describes why devices and systems that are optimized to draw very low levels of power lack the ability to perform strong security measures?
To preserve battery life.
An individual places a new USB cable near one of the charging stations at a busy airport. They wait from a nearby distance hoping someone will use the cable. What is the intent of the individual?
To send malicious commands to the device.
What means of protection can be used to help ensure a browsing experience is not susceptible to unauthorized interception of certain elements of the transmission? Select two.
Use HTTPS Use secure cookies
You are serving as a contractor at a company to help harden endpoints. Which of the following could you implement to help achieve the goal? Select two.
Use an application allow list. Use a patch management system.
A company uses the COPE enterprise deployment model. Every six months they delete outdated sales data from the mobile devices. However, sometimes users submit a help desk ticket to restore personal data that was accidentally deleted. How could this problem be prevented?
Use containerization.
An attacker tries to break into a DNS server to redirect traffic to his website. After multiple unsuccessful attempts, the attacker decides to take a more basic approach and starts by sending a request to a valid DNS server to resolve the name of his website. How can the attacker's goal of redirecting traffic be thwarted?
Validate DNS responses to ensure they are from an authoritative source.
Which of the following best describes what could be considered a security buffer? Select two.
Waiting room at a doctor's office Reception area of a company
A series of individuals (engineers and executives) from a large electronics firm are members of a professional organization. They visit the website of the organization, often to contribute papers, do research, and sign up for a variety of conferences. An attacker attempts to target the individuals by infecting the website. What type of attack is this?
Watering hole attack
Which of the following represents valid entities for which digital certificates can be used? Select all that apply.
Word document Email PDF file Software Printer
Hissana enters information on a compromised website, which does a poor job sanitizing the input. As a result, the web server sends back a response that infects her system. What type of attack is this?
XSS
A company determines that some of their computers are using specially coded attack commands that have been posted on certain social media sites. Every single one of the infected computers is considered a ________.
zombie
