ITN260 Final
In a security review meeting, you are asked to calculate the single loss expectancy (SLE) of an enterprise building worth $100,000,000, 75% of which is likely to be destroyed by a flood. Flood insurance data suggest that a severe flood is likely to occur once every 100 years. Which formula should you use to calculate the SLE?
100,000,000 * 0.75
Which of the following best describes a faraday cage?
A Faraday cage is an enclosure used to block electromagnetic fields.
Which of the following correctly differentiates between a man-in-the-middle (MITM) attack and a man-in-the-browser (MITB)?
A MITM attack occurs between two endpoints, whereas a MITB attack occurs between a browser and underlying computer.
Which of the following best describes a network hardware security module?
A network hardware security module is a trusted network computer that performs cryptographic operations.
Which of the following is a layer 2 attack?
ARP poisoning
Which of the following can protect a password digest from attackers?
Argon2
Which of the following is a major objective of packet analysis?
Assess and secure networks
Which of the following best describes skimming?
Capturing information from the magnetic stripe of a smartcard
You have been hired as a security administrator. While analyzing your organization's personnel policies, you notice the presence of multiple orphaned accounts. How should you handle this situation?
Change the account expiration settings
Which of the following is NOT a part of business continuity planning?
Contingency actions
Which type of intrusion detection system can also block attacks?
Inline
Which of the following methods can be used to destroy data on paper?
Pulping
Which of the following is an authentication system that uses UDP over TCP?
RADIUS.
In an interview, you were asked to crack a password and told that the password is a commonly used word. Which of the following methods should you apply?
You should perform a dictionary attack.
Which of the following is a third-party network analysis tool?
nmap
A source computer's ability to reach a specified destination computer can be tested using which of the following?
ping
Which of the following attacks is considered easy, allowing threat actors to access user data and read through passwords and PINs, and why is it considered so?
A WLAN consumer attack, because many users fail to properly configure security on their home WLANs.
Which of the following differentiates an access point probe and a dedicated probe?
A dedicated probe only monitors RF transmissions, while an access probe can serve as both a probe and an access point that can provide roaming to wireless users.
Which of the following best describes a host-based firewall?
A host-based firewall is a software firewall that protects a single endpoint device.
What is a Type I hypervisor?
A hypervisor that runs directly on computer hardware
Suzanne is a cybersecurity expert. She was approached by Alex with a complaint that his payment information has leaked even though he has not made any online payments or shared information with anyone. Suzanne concluded that attackers most likely bumped a portable reader against Alex's smartphone to make an NFC connection and steal the payment information stored on the phone.What should Suzanne suggest to Alex to prevent this type of attack from happening in the future?
Alex should always turn the NFC off while he's in a crowded area.
You oversee your company's physical security, and you are asked to protect their CCTV cameras. The cameras are installed along the pathway, mounted on poles. They need protection from being physically handled by potential intruders. Which of the following fencing deterrents should you use?
Anti-climb collar
You are asked to construct a server cluster to provide resilience to the webserver hosted by your enterprise. Which of the following clustering systems should you implement to ensure the standby server only works when the other server fails?
Asymmetric
In a security meeting, you are asked to suggest access control schemes in which you have high flexibility when configuring access to the enterprise resources.Which of the following should you suggest?
Attribute-based access control
You are working as a security administrator. Your enterprise has asked you to choose an access control scheme in which a user is authorized to access the resources if the user has a specific attribute and denied if they don't.Which of the following access control schemes should you choose?
Attribute-based access control
Which of the following is an external perimeter defense method?
Barrier
Which of the following best describes bash?
Bash is a command language interpreter.
Which type of attack can give an attacker access to a device and allow them to copy personal information using an unauthorized radio frequency connection?
Bluesnarfing
Shawn is approached by a medical staff team with a request to research and introduce a type of device that will help them record and transmit specific patient details.Which technology would help the team measure and monitor blood pressure and then send those patient details from the smartphone to a phone as a message in case of emergencies?
Bluetooth
Sherry needs to suggest a technology that can enable smartphones or laptops to control multiple devices like speakers, mice, etc., within a 100-meter distance. The device should also be connected without any wired connection.Which technology should Sherry suggest?
Bluetooth technology can be used to connect devices without any wired connection
Justin works for an automobile manufacturer. The company is designing a new car that enables the users to use the car as a mobile office. To achieve this, the car must provide an internet connection as an access point, mirror a smartphone screen on the LED dash display, and have a hands-free system where drivers can use voice controls to browse their phone's contact list, make and receive hands-free phone calls, and use navigation apps.Which technology should he use and why?
Bluetooth, because it can be used to pair devices, allowing for hands-free and screen mirroring features.
Which of the following documents provide alternative modes of operation for interrupted business activities?
Business continuity plan
Which of the following best describes the cloud access security broker?
CASB ensures the security policies of the enterprise comply with the cloud.
You are a data steward. You have been asked to restrict User A, who has an access clearance of "top secret" in a MAC-enabled network, from accessing files with the access label "secret." This, in turn, does not affect any other user.What action should you take?
Change the access clearance of User A to "confidential"
In a multifactor authentication-enabled facility, you are asked the following question: "What type of food was served on your child's first birthday?" Which of the following is the authentication method used here?
Cognitive biometrics
Windows picture password belongs to which of the following?
Cognitive biometrics
Which of the following protects SNMP-managed devices from unauthorized access?
Community string
In an interview, Tom was asked to give a brief on how containers perform virtualization. How should Tom reply?
Containers use OS components for virtualization
What type of APs can be managed by wireless LAN controllers (WLCs)?
Controller AP
Which of the following attack frameworks illustrate that attacks are an integrated end-to-end process, and disrupting any one of the steps will interrupt the entire attack process?
Cyber Kill Chain
Primary investigation after an enterprise security breach revealed that the breach was caused by an unauthorized device physically connected to the enterprise network. Which of the following logs should you examine first while conducting a detailed investigation?
DHCP server logs
Which of the following best describes DLP?
DLP is used to prevent leakage of confidential data.
During an interview, you are provided the following scenario:The enterprise that you recently joined is using the ISP DNS server to resolve domain names. You are asked which specific attack will need to be mitigated first to secure the enterprise network.Which of the following attacks should you choose?
DNS hijacking
Tyler is a cybersecurity expert assigned to look after the security of a public DNS server. One day, during his usual inspection of the DNS server, he found that the DNS table has been altered, resulting in URL redirection for some users.What type of attack has Tyler discovered?
DNS hijacking
Which specific type of attack occurs when a threat actor redirects network traffic by modifying the local host file to send legitimate traffic anywhere they choose?
DNS poisoning
You are the security manager of an ISP, and you are asked to protect the name server from being hijacked. Which of the following protocols should you use?
DNSSEC
Who implements access control based on the security level determined by the data owner?
Data custodian
After a disaster disrupted your organization's functioning, you were assigned to determine the sequence for reinstating systems. Which of the following documents should you refer to when deciding the restoration order?
Data recovery plan
When your enterprise's collected data information life cycle ended, you were asked to destroy the data stored on magnetic storage devices. Which of the following techniques should you use to destroy the data?
Degauss the data
Which of the following is NOT a method for destroying data stored on paper media?
Degaussing
You are a security expert asked to protect the webservers hosted in your building from exposure to anyone other than server admins. Which of the following physical security method should you implement to achieve this?
Demilitarized zones
What should be done when the information life cycle of the data collected by an organization ends?
Destroy the data
Which of the following types of risk control occurs during an attack?
Detective control
Which control discourages security violations before their occurrence?
Deterrent control
Which of the following access management controls best fits a home network?
Discretionary access control
Which of the following statements about domain reputation is correct?
Domain reputation will be low if the domain is used for distributing malware or launching attacks.
Why is maintaining a hot recovery site is important for e-commerce businesses?
E-commerce businesses cannot risk significant downtime.
Which of the following contains the field that indicates the function of the packet and an identifier field used to match requests and responses and the type of data being transported along with the data itself?
EAP
In which type of RFID attack can unauthorized users listen to communications between RFID tags and readers?
Eavesdropping
What is the difference between protecting against eavesdropping and protecting against a man-in-the-middle (MITM) attack?
Eavesdropping can be prevented by being aware of one's surroundings while using NFC technology, while MITM attack can be prevented by configuring in a pairing method so only one side can send and the other can receive it at a time.
Which type of wireless attack is designed to capture wireless transmissions coming from legitimate users?
Evil twin
The following statements regarding centralized administration concepts are presented to you in an interview in which only one of them is correct. Which of these is correct?
Extensible authentication protocol is a framework to transport authentication protocols.
Kane was transferring files from a file transfer protocol (FTP) server to his local machine simultaneously. He sniffed the traffic to find that only the control port commands are encrypted, and the data port is not encrypted. What protocol did Kane use to transfer the files?
FTPS
Which of the following is physical security equipment for computer hardware?
Faraday cage
You are a security administrator asked to restrict employees in your organization from accessing their social media accounts at their workplace. Which of the following mobile device location-based policies should you use to accomplish this?
Geofencing
In a security review meeting, you are asked to appropriately handle the enterprise's sensitive data. How should you configure the security of the data?
Give access only to employees who need and have been approved to access it
The protection of which of the following data type is mandated by HIPAA?
Health information
You decided to test a potential malware application by sandboxing. However, you want to ensure that if the application is infected, it will not affect the host operating system. What should you do to ensure that the host OS is protected?
Implement virtual machine escape protection
How does the single sign-on enhance secure authentication?
Implementing a single sign-on will reduce the number of passwords needing to be remembered.
Which of the following is a legal complication related to forensics that should be considered when creating a cloud platform?
Jurisdictional applicability
In an interview, you are asked to analyze the following statements regarding secure network designs and choose the correct one. Which of the following should you choose?
Load balancers can detect and stop protocol attacks directed at a server or application.
Which protocol should John select to prevent unwanted network access and be configured to permit traffic only from specific addresses and provide security?
MAC
Max found someone is impersonating him after discovering that data sent to him was always being received by someone else in his enterprise network. He informed the network administrator about the issue. While inspecting the switch, the administrator discovered that the threat actor was another employee at the same enterprise.As a senior security consultant, which of the following attacks should you mention in the charge sheet?
MAC cloning attack
In an interview, you are given the following scenario:David sent a message to Tina saying, "There is no school today!" For some reason, the message showed up on Tina's device as, "Come to the school ASAP!" You (the candidate) are asked to name the type of attack that would cause this situation.Which of the following should you identify?
MITM
In a security review meeting, you are asked to make sure that the cybersecurity team is constantly updated on the tactics used by threat actors when they interact with systems during an attack. To which of the following attack frameworks will you refer to meet the goal?
MITRE ATT&CK
Several quantitative tools like mean time between failure (MTBF), mean time to recovery (MTTR), mean time to failure (MTTF), and failure in time (FIT) can be used to predict the likelihood of the risk. Which of these tools perform similar functions?
MTBF and FIT
In an interview, you were asked to briefly describe how emails containing malware or other contents are prevented from being delivered. Which of the following should be your reply?
Mail gateways prevent unwanted mails from being delivered.
Which of the following access control schemes is most secure?
Mandatory access control
Which of the following can be done to obfuscate sensitive data?
Masking
Which wireless technology will John use to provide wide-range cellular service that focuses on indoor coverage, low cost, long battery life, high connection density, and has a low-power wide-area network?
Narrowband IoT
Which of the following policies propose using non-disclosure agreements (NDA)?
Onboarding and offboarding
What is the power supply device that can ensure a correct and constant power level is delivered to a server?
Online UPS
You are a security administrator asked to create a certificate signing request (CSR) to secure your enterprise's website. Which of the following tools should you use to accomplish this?
OpenSSL
Sam is working as a cybersecurity expert. An enterprise that manages nuclear powerplants approached Sam's company to install an authentication facility for its employees when they access the nuclear plant. The enterprise is demanding multifactor authentication with high security, lowest false acceptance rate, and lowest false rejection rates.Which of the following authentication methods should Sam apply?
PIN and gait recognition
Which of the following is a hardware-based solution for password security?
Password key
You want to manage your passwords for different accounts to optimally secure passwords from compromise. Which of the following password management methods should you use?
Password key
An attacker collected many usernames from a website and tried to login into the accounts using the password "passw0rd". What type of attack was this?
Password spraying
Which of the following RAID configurations have no fault tolerance?
RAID level 0
You are the chief security administrator in your enterprise. You are asked to train every employee, from top-level officers to front gate security officers, to make them aware of various security risks. Which of the following training techniques should you use?
Role-based awareness training
Which of the following network-based device logs are the least important when performing an incident investigation?
Routers and Switches
The following data is being used for a password attack: "?u ?l ?l ?l ?l ?d ?d ?d ?d."Which of the following types of attack is this?
Rule attack
You are a cyber forensic specialist, and you are asked to retrieve the password of an employee account suspected of being an imposter. As you are provided with the enterprise's strong password policy, which of the following methods will be the easiest for you to use when retrieving the password?
Rule attack
You are working as a security admin in an enterprise and have been asked to choose an access control method so that all users can access multiple systems without crossing their limit of access. Which of the following access control methods is the best fit?
Rule-based access control
In a security meeting, you were asked about which response method would require less manual intervention per response. Which of the following should you choose?
Runbook
Which of the following allows high-speed storage and transmission of large volumes of data?
SAN
Which of the following authentication methods belongs in the "something you have" category?
Security key
David is asked to test a new configuration on a virtual machine; if it does not work, it should roll back to the older state. What should David do before testing the new configuration so he can roll it back to the previous state if needed?
Take a snapshot of the virtual machine before testing the configuration
How do NACs ensure that a device is safe to connect to a secure network?
The NAC issues a health certificate, only allowing healthy devices to connect to the secured network.
What does the end-of-service notice indicate?
The enterprise will no longer offer support services for a product.
Your company has hired a contractor to build fences surrounding the office building perimeter and install signs that say "premises under 24-hour video surveillance." When do these controls occur?
The fence and the signs should both be installed before an attack
Why are jamming attacks generally rare?
They require expensive, sophisticated equipment
Which of the following is an example of evidence collected from metadata?
Time stamp
Windows switches to Secure Desktop Mode when the UAC prompt appears. What is the objective of Secure Desktop Mode?
To prevent malware from tricking users by spoofing what appears on the screen
Which of the following best describes trusted location in MS Office?
Trusted location allows you to run macros-enabled files with no security restrictions.
Which of the following is a motherboard chip that provides cryptographic services?
Trusted platform module
In an interview, the interviewer asks you to boot a PC. Before the boot process begins, an interface asks you to choose between Windows 10 and Ubuntu Linux. The interviewer then asks you to identify the type of VR monitor program being used. What should your reply be?
Type I hypervisor
You are working as a security expert in an e-commerce enterprise. Your company recently decided on a short-term collaboration with a small business named BuyMe, and the following issue arose. Whenever your customers purchase any product from BuyMe, the e-commerce website redirects them to the BuyMe website, asking for additional authentication. This results in customers abandoning their purchases. To solve this issue, both enterprises agree to use a single authentication process wherein the users, once logged in to your website, can purchase from BuyMe without additional steps.How should you implement this without storing the customers' credentials on the BuyMe server?
Use SAML
Pat is asked to automate critical security functions like responding to detected threat patterns in an enterprise network. Which of the following should be done by Pat?
Use software-device visibility
Which of the following outlines the process of a proxy server?
User - forward proxy - Internet - reverse proxy - user
Why can the accuracy of data collected from users not be verified?
Users have no right to correct or control the information gathered.
Which of the following human characteristic is used for authentication?
Veins
Sam is asked to help his company design a wireless network for their new location.Which of the following protocols has the strongest wireless security, supports a longer bit of encryption, and improved interaction capabilities with the internet of things (IoT) devices?
WPA3
Your enterprise is hosting a web app that has limited security. As a security administrator, you are asked to take appropriate measures to restrict threat actors from hijacking users' sessions. Which of the following is the most appropriate action for you to take?
You should implement cryptography using OpenSSL.
You want to implement an authentication method so that different password attacks, like dictionary attacks, brute force attacks, etc., will not result in unauthorized access to the web application hosted by your enterprise. You want to do this by not using any specialized hardware or making any changes to the user's activity during the authentication process. Which of the following methods should you apply?
You should implement keystroke dynamics.
As a cybersecurity specialist, you are asked to defend the web app hosted by your enterprise from web application attacks like cross-site scripting, SQL injections, etc. Which of the following actions should you take?
You should install a WAF.
You are asked to configure your enterprise network in such a way that the customer support team gets a higher priority in the network and can conduct customer video calls without any connectivity issues. Which of the following methods should you apply?
You should set up quality of service to give higher priority to the customer support team.
You are assigned to destroy the data stored in electrical storage by degaussing. You need to ensure that the drive is destroyed. What should you do before degaussing so that the destruction can be verified?
You should wipe the data before degaussing.
In an interview, you are asked to change the permissions of a file on a Linux system so that the file can only be accessed by its owner. Which of the following tools should you use?
chmod
In an interview, you are asked to configure a DNS server on a Linux machine. After successfully configuring the DNS server, you are asked to examine it using a client machine. After changing the nameserver of the client's machine to a newly created server, which of the following commands should you run to validate the DNS server to ensure it is working properly?
dig www.google.com
In an interview, you were asked to choose the least vulnerable password from the following list. Which of the following should you choose?
earthwaterforesttreemanworldkid
You are a cybersecurity investigator who needs query log files for faster analysis during an incident investigation. Which of the following log management tools should you use?
journalctl
Which of the following log management tools has content filtering?
syslog-ng
Which of the following best describes a mantrap?
A mantrap is a small space with two separate sets of interlocking doors.
Which of the following best describes a network address translation?
A network address translation (NAT) enables a private IP network to connect to the internet.
In an interview, you are asked to compare the following statements regarding different authentication concepts and identify the correct statement. Which of the following statements is correct?
A person's vein can be used to uniquely authenticate an individual.
Which of the following best describes an acceptable use policy?
A policy that defines the actions users may perform while accessing systems and networking equipment
You are analyzing the settings for your network's firewall. There is currently a log-only rule set for the source address 112.101.2.4. Which of the following has created a log entry in the firewall?
A rule is set to allow all packets from 112.101.2.1 through 112.101.2.22.
"Keep passwords secure and do not share accounts. Authorized users are responsible for the security of their passwords and accounts." "All computers and laptops should be secured with a password-protected screensaver, setting the automatic activation feature set at 10 minutes or less, or logging off when the host is unattended."Which policy includes these directives?
Acceptable use policy
Which of the following helps achieve data privacy in an enterprise network?
Access control schemes
You want to examine every future login attempt made on the enterprise devices. Which of the following windows group policy settings should you enable to make sure every login attempt is logged?
Account audits
You are asked to configure your firewall in such a way that the traffic from source address range 117.112.10.25 through 117.112.15.100 is allowed, while traffic from 117.112.12.25 through 117.112.13.25 is denied, and traffic from 117.112.12.200 through 117.112.13.10 is allowed. How should you configure the firewall?
Allow 117.112.10.25 through 117.112.15.100; deny 117.112.12.25 through 117.112.13.25; force-allow 117.112.12.200 through 117.112.13.10
Which of the following statements correctly defines jamming?
An attacker intentionally floods the RF spectrum with extraneous RF signal "noise" that creates interference and prevents communications
While talking to a new client, the client asked you why access control is mostly used in enterprise networks rather than home networks.How should you reply?
An enterprise network will have more sensitive and confidential information.
"Computer workstations must be locked when the workspace is unoccupied and turned off at the end of the business day." "Laptops must be either locked with a locking cable or locked in a drawer or filing cabinet."Which policy includes these directives?
Clean desk space
Which of the following best describes a preimage attack?
Comparing a known digest with an unknown digest
You are a security consultant. An enterprise client contacted you because their mail domain is blocked due to an unidentified entity using it to send spam. How should you advise them to prevent this from happening in the future?
Configure the SMTP relay to limit relays to only local users
Sansa is a network security administrator at an enterprise. She is asked to take appropriate steps to defend against a MAC address spoofing attack in the enterprise network. Which of the following methods should Sansa apply?
Configure the switch so that only one port can be assigned per MAC address
Which of the following is a virtualization instance that uses OS components for virtualization?
Container
Marnus is working as a cloud administrator, and he has been asked to perform segmentation on specific cloud networks. Which of the following should be done by Marnus?
Create network rules for the services permitted between accessible zones to make sure endpoints belonging to other approved zones can reach them.
In a practical test, Steve was asked to securely connect different on-premises computing devices with a database deployed in the cloud. What action is Steve taking?
Creating a virtual network
Who ensures the enterprise complies with data privacy laws and its own privacy policies?
Data privacy officer
In an interview, you are asked to differentiate between data protection and data privacy. How should you differentiate between data protection and data privacy?
Data protection involves securing data against unauthorized access, while data privacy is concerned with authorized data access.
Under which vulnerability can an attacker steal information from a user's phone using a device to connect to the phone without physically touching it?
Data theft
Which probe is designed exclusively to monitor the RF for transmissions and can only monitor the airwaves?
Dedicated probe
Which of the following is a feature of secrets management?
Default encryption
You are a cyber forensic expert wanting to protect devices retrieved from a crime scene from being remotely wiped of evidence. Which of the following physical security equipment should you use so that inbound and outbound signals cannot be sent or received?
Faraday bags
Melvin is moving his small business from his basement to an office building now that he has five full-time employees. What type of enterprise AP should he choose when setting up the new office's WLAN?
Fat AP
Which of the following can be achieved using availability zones in cloud computing?
Fault tolerance
Your enterprise recently approved using fingerprint scanners to authenticate employees who access restricted areas. You are assigned to conduct a study on how secure fingerprint authentication is. Which of the following should you report?
Fingerprint scanners can be used for trickery in rare cases.
A security breach recently occurred in your enterprise. During the incident investigation, you are asked to examine network-based device logs. Which of the following network devices should you examine first?
Firewall
Which of the following tools can be used to secure multiple VMs?
Firewall virtual appliance
In an interview, you are asked to explain why software forensic tools are used more than forensic hardware workstations. How should you reply?
Forensic hardware workstations are more expensive than forensic software tools.
Which mobile device location-based policy is used to identify geographical location by analyzing media files?
Geo-tagging
Your enterprise's employees prefer a kinesthetic learning style for increasing their security awareness. How should you train them?
Give employees a hands-on experience of various security constraints
Ram's enterprise is hosting a web app that requires authentication. Recently, the password digest files of other enterprises were stolen, and the attackers cracked the passwords with ease. As such, Ram was asked to implement additional security measures for the web app's passwords. Which of the following methods should Ram apply?
He should use Key stretching.
Which monitoring methodology will trigger the IDS if any application tries to scan multiple ports?
Heuristic monitoring
Which of the following is a network set up with intentional vulnerabilities?
Honeynet
Which of the following protocol can be used for secure routing and switching?
IPsec
Which of the following protocols can make accessing data using man-in-the-middle attacks difficult while web browsing?
IPv6
Which of the following is the most versatile cloud model?
IaaS
In an interview, you are asked about the role played by virtual machines in load balancing. Which of the following should be your reply?
If the virtual machine's load increases, the virtual machine can be migrated to another physical machine with more capabilities.
You are working as a cloud administrator, and are asked to migrate a virtual machine to a more capable physical machine, as the demand for the service hosted on the VM increased past its limit. As your enterprise still uses conventional switches, migration took time and resulted in customer dissatisfaction. How should you mitigate this issue in the future?
Implement a software-defined network
Which cloud app security features check the last login's location and current login attempts to restrict login if found suspicious?
Impossible travel
You were hired by a social media platform to analyze different user concerns regarding data privacy. After conducting a survey, you found that the concern of a majority of users is personalized ads. Which of the following should you mention in your report as a major concern?
Individual inconveniences
While analyzing a security breach, you found the attacker followed these attack patterns:The attacker initially tried the commonly used password "passw0rd" on all enterprise user accounts and then started trying various intelligible words like "passive," "partner," etc.Which of the following attacks was performed by the attacker?
Initially, a password spraying attack and then a brute force attack.
In a security review meeting, you are asked to implement a detective control to ensure enhanced security during an attack. Which of the following actions should you take?
Install motion detection sensors in strategic areas
In an interview, you are asked to explain how gamification contributes to enterprise security. How should you reply?
Instructional gaming can train employees on the details of different security risks while keeping them engaged.
Zara has been instructed to organize an event where top companies will come and give a webinar. Since the event is large and the number of people attending is substantial, Zara needs to ensure that there are no disturbances. She thinks preventing devices from communicating and calls from being made or received is the easiest solution.Which factor should Zara use to achieve this?
Jamming
Which of the following policies restrict employees from being in a position to manipulate security configurations by limiting the time they spend with control of those configurations?
Job rotation
Which of the following is an authentication system that issues a ticket after verifying the credentials by which you can authenticate other services?
Kerberos
Which of the following is performed during the incident response phase?
Making configuration changes
Why are mobile devices critical to a digital forensics investigation?
Mobile devices are almost continually in a user's possession.
Which of the following best describes east-west traffic?
Movement of data from one server to another within a data center
Which of the following types of risk would organizations being impacted by an upstream organization's vulnerabilities be classified as?
Multiparty risk
You are assigned to install multiple physical paths between devices and the SAN so that an interruption in one path will not affect communication. Which of the following techniques should you implement to manage the risk of interruption?
Multipath
Containment is most effective when the network is properly designed. Which of the following contributes to effective network design?
Network segmentation
Dave is preparing a COOP for his company. In it, he included how and where employees and resources will be relocated in case of a natural disaster, how data will be recovered in case a terrorist attack shuts down public networks, and how the company's critical services and processes will be affected by an IT system failure. Did Dave compile the COOP correctly?
No. Dave's COOP plan should not include how critical services and processes will be affected by an IT system failure.
Which of the following is an agreement that ensures an employee does not misuse enterprise data?
Nondisclosure agreement
How do phishing simulations contribute to enterprise security?
Phishing simulations train employees on how to recognize phishing attacks.
Which of the following techniques is the best fit for monitoring traffic on switches with large volumes of traffic?
Port TAP
After reviewing the data collection procedures in your organization, a court ordered you to issue a document that specifies how the organization uses the collected personal information. This document must be displayed to the user before allowing them to share personal data. Which of the following documents should you prepare?
Privacy notice
What do servers connected in a cluster use to communicate with each other?
Private cluster connection
Which of the following best describes an extranet?
Private network only accessed by an authorized party
Which data category can be accessed by any current employee or contractor?
Proprietary
Which of the following can prevent macros attacks?
Protected view
How does pseudo-anonymization contribute to data privacy?
Pseudo-anonymization obfuscates sensitive data elements.
You are working as a cybersecurity expert in an enterprise. While examining the newly established enterprise network, you found that when a request to write data to the drive is made, the controller sends that request to each drive. When a read action is required, the data is read twice, once from each drive. Which type of RAID is used in the newly established network?
RAID level 1
John is instructed by his CEO to introduce an employee attendance system that replaces the current manual-sign register. The system cannot use a power supply and must adhere to COVID-19 protection protocols.What method should John use for this system?
RFID
Which risk remains after additional controls are applied?
Residual risk
While preparing a continuity plan, you were asked to choose a technique by which the backup data stored on the cloud can be accessed from any location. Which of the following techniques should you choose?
Restore the data to virtual machines
What is a jump box used for?
Restricting access to a demilitarized zone
One of the important systems in your organization was accidentally exposed to malware. Which of the following features should you use to manage the risk of malware?
Revert to a known state
You are a security administrator for an enterprise. You were asked to implement a cloud app security function in your enterprise network so that login attempts from identified threat actors can be restricted. Which of the following cloud app security function should you use?
Risky IP address
Sherlin is the owner of a cosmetics store. She wanted to introduce a wireless network in the store, but her employees were against it. Sherlin ended up purchasing an inexpensive wireless router and secretly connected it to the wired network. Unfortunately, this unknowingly provided open access to the wireless signal.What type of attack has Sherlin made her store's network vulnerable to?
Rogue access point
You are asked to transfer a few confidential enterprise files using the file transfer protocol (FTP). For ensuring utmost security, which variant of FTP should you choose?
SFTP
Which of the following protocols can be used for secure video and voice calling?
SRTP
Which protocol is used to prevent looping in a switch?
STP
You are a cybersecurity forensic analyst. When conducting an investigation, which of the following actions should you perform first to ensure the highest chance of success in the investigation?
Secure the evidence
You are asked to choose a secure authentication method other than a username and password for the employees to access your enterprise's database. Which of the following should you choose?
Security key authentication
Which of the following tools can be used to protect containers from attack?
Security-Enhanced Linux
Which of the following is a deception instrument?
Sinkhole
Which of the following best describes a Fake RAID?
Software RAID assisted by BIOS
In an interview, Max was asked to tell one difference between a software firewall and a virtual firewall. How should Max answer?
Software firewalls are locally installed on a device, whereas virtual firewalls run in the cloud.
Which of the following is associated with port security?
Spanning-tree protocol
Zain, a telecom engineer, plans to relocate a particular AP antenna to a new location. Which of the following configuration options will he use to adjust frequency bands, optimum channels, and available spectrum for data transfer?
Spectrum selection
You are a security admin for an enterprise, and you were asked to ensure high availability of data using redundancy. Which of the following action should you perform?
Store the same data in different devices across different locations
Which technology under wireless communication is an integrated circuit that securely stores information used to identify and authenticate the IoT device?
Subscriber identity module
Mike, an employee at your company, approached you seeking help with his virtual machine. He wants to save the current state of the machine to roll back to the saved state in case of a malfunction. Which of the following techniques can help Mike?
Take snapshots to save the virtual machine state
Which of the following correctly differentiates between Tcpreplay and Tcpdump?
Tcpdump can only be used to analyze the packets, whereas Tcpreplay can analyze, edit, and load the edited packet back to the network.
The risk of DDoS attacks, SQL injection attacks, phishing, etc., is classified under which threat category?
Technical
Which of the following sensors is best suited for fire detection?
Temperature detection sensor
In an interview, you are asked to explain the major objective of having resilience in an organization. How should you respond?
The major objective of resilience in an organization is to provide uninterrupted services.
What action does a BPDU guard take when a BPDU is received from an endpoint and not a switch?
The port is disabled, and no traffic will be sent or received by the port.
In an interview, you were asked to explain the steps involved in a successful authentication by a RADIUS server. How should you answer?
The supplicant sends a request to the access point (AP). The AP prompts the user for credentials. Once credentials are entered, the AP sends an authentication request to the RADIUS server. If verified, the server sends the authentication acknowledgment to the AP. The user is then authorized to join the network.
You work at the headquarters of an enterprise known for unethical practices. The company has many remote sites, but most functions are performed at one location. Your enterprise recently hired a third-party vendor known for high-accuracy business impact analyses. The BIA performed by the vendor has since proved wrong, as an incident impacted the business significantly more than forecast. You are assigned to conduct a study on the BIA's misconception and submit a report.What should you investigate as the possible reason for the BIA's inaccuracy?
The vendor overlooked the organization's remote sites.
You are performing digital forensics in an enterprise that recently experienced a security breach. You successfully retrieved all volatile data, and your next focus is hard drives. How should you collect evidence from the hard drives without tainting any evidence?
Use mirror image backups
You are a cloud administrator, and you are asked to configure a VPC such that backend servers are not publicly accessible. What should you do to achieve this goal?
Use private subnets for backend servers
The devices in your enterprise are configured with mandatory access control in which salaries.xlsx is labeled "secret," transactions.xlsx is labeled "top secret," and employees.xlsx is labeled "confidential." You were asked to configure the user clearance so that User A can access all three files, while User B can only access employees.xlsx.How should you configure the user clearance?
User A: top secret; User B: confidential
Maze must establish a communication channel between two data centers. After conducting a study, she came up with the idea of establishing a wired connection between them since they have to communicate in unencrypted form. Considering the security requirements, Maze proposed using an alarmed carrier PDS over a hardened carrier PDS. Why would Maze make this suggestion in her proposal?
Using a hardened carrier PDS would require someone to conduct periodic visual inspections.
Which of the following best describes VBA?
VBA is an event-driven programming language.
Which technology allows scattered users to be logically grouped even when they are connected to different physical switches?
VLAN
Your enterprise recently decided to hire new employees as work-from-home interns. For the new employees to work from home, you need to create a network that will allow them to securely access enterprise data from remote locations.Which of the following protocols should you use?
VPN
Which of the following tools can be used for virtual machine sprawl avoidance?
Virtual machine manager
Which security protocol encrypts transmissions by using a shared secret key combined with an initialization vector (IV) that changes each time a packet is encrypted?
WEP
Which site survey tool is used to visually represent wireless network details such as channel bandwidth, channel coverage, data rate, and interference, among others?
Wi-Fi analyzers
n which of the following attacks do attackers use intentional interference to flood the RF spectrum with enough interference to prevent a device from effectively communicating with the AP?
Wireless denial of service attacks
Bob has been asked to do research into increasing the accuracy in identifying rogue APs in his enterprise. Which rogue AP system detection probe will allow his company's IT department to monitor the airwaves for traffic, scan and record wireless signals within its range (even when the device is idle or not receiving any transmission), and then report this information to a centralized database?
Wireless device probe
Which wireless probe is designed to scan and record wireless signals within its range at regular intervals and report the information to a centralized database?
Wireless device probe
In a security review meeting, you proposed using a windowed token with a time-based one-time password (TOTP) to authenticate enterprise employees, and you were asked to explain the working of TOTP.Which of the following should be your reply?
With a windowed token with TOTP, a one-time code is generated by the windowed token using a specific algorithm. The server generates the code using the same algorithm. The user enters the code generated by the windowed token. The user is authenticated if the codes match.
You are working as a security admin in an enterprise. While you were analyzing different password attacks, you found that whenever an individual user's password gets cracked, another user with the same password residing in the same password digest file also has their account compromised. How should you prevent this from happening in the future?
You should add salt to the passwords before hashing.
You are the cybersecurity chief of an enterprise. A risk analyst new to your company has come to you about a recent report compiled by the team's lead risk analyst. According to the new analyst, the report overemphasizes the risk posed by employees who currently have broad network access and puts too much weight on the suggestion to immediately limit user access as much as possible. According to the new analyst, not only does the report not mention the risk posed by a hacktivist group that has successfully attacked other companies in the same industry, it doesn't mention data points related to those breaches and your company's risk of being a future target of the group. How should you address this issue so that future reports and risk analyses are more accurate and cover as many risks as needed?
You should implement risk control self-assessment.
You are a senior security admin in your enterprise. You have been asked to perform an incident response exercise so that you and your colleagues can analyze every possible scenario in case of an attack in the most realistic manner.Which of the following actions should you take?
You should run a plausible simulated attack on the network.
Your enterprise devices are configured with mandatory access control. How should you control user access so that files with a "top secret" label cannot be accessed by any users while "secret" files remain accessible?
You should set the clearance of all users to "secret."
An employee at your enterprise is caught violating company policies by transferring confidential data to his private email. As a security admin, you are asked to prevent this from happening in the future. Which of the following actions should you perform?
You should set up a DLP.
As a cybersecurity expert, you are asked to take adequate measures to mitigate DDoS attacks on your enterprise servers. Which of the following techniques should you apply?
You should set up a DNS sinkhole.
In a security review meeting, you are asked to take appropriate security measures to mitigate IP spoofing attacks against the enterprise network. Which of the following methods should you apply?
You should set up an ACL
The head of cybersecurity at your enterprise has asked you to set up an IDS that can create the baseline of all system activities and raise an alarm whenever any abnormal activities take place, without waiting to check the underlying cause. Which of the following actions should you take?
You should set up an IDS with anomaly-based monitoring methodology.
After encountering a network attack in your enterprise network, the chief network security engineer assigned you a project. The project was to create a vulnerable network that is similar to your enterprise network and entices the threat actor to repeat the attack. This is to analyze the behavior and techniques the attacker is using to ensure better defenses to your enterprise network in the future. Which of the following appliances should you use?
You should use a honeypot.
In 2016, your enterprise issued an end-of-life notice for a product. In 2020, an end-of-service notice was issued for the same product. What does this mean?
Your company stopped manufacturing a product in 2016, and all maintenance services for the product stopped in 2020.