ITSY 1342 Final exam

Ace your homework & exams now with Quizwiz!

Which of the following documents provide alternative modes of operation for interrupted business activities?

Business continuity plan

Which of the following best describes skimming?

Capturing information from the magnetic stripe of a smartcard

You are a data steward. You have been asked to restrict User A, who has an access clearance of "top secret" in a MAC-enabled network, from accessing files with the access label "secret." This, in turn, does not affect any other user.

Change the access clearance of User A to "confidential"

In a multifactor authentication-enabled facility, you are asked the following question: "What type of food was served on your child's first birthday?" Which of the following is the authentication method used here?

Cognitive Biometrics

Which of the following best describes a preimage attack?

Comparing a known digest with an unknown digest

In an interview, Tom was asked to give a brief on how containers perform virtualization. How should Tom reply?

Containers use OS components for virtualization

Which of the following is a network set up with intentional vulnerabilities?

Honeynet

Which of the following can be done to obfuscate sensitive data?

Masking

You are a cloud administrator, and you are asked to configure a VPC such that backend servers are not publicly accessible. What should you do to achieve this goal?

Use private subnets for backend servers

Pat is asked to automate critical security functions like responding to detected threat patterns in an enterprise network. Which of the following should be done by Pat?

Use software-device visibility

Which of the following outlines the process of a proxy server?

User - forward proxy - Internet - reverse proxy - user

Which of the following best describes VBA?

VBA is an event-driven programming language

Which of the following human characteristic is used for authentication?

Veins

As a cybersecurity expert, you are asked to take adequate measures to mitigate DDoS attacks on your enterprise servers. Which of the following techniques should you apply?

You should set up a DNS sinkhole.

The head of cybersecurity at your enterprise has asked you to set up an IDS that can create the baseline of all system activities and raise an alarm whenever any abnormal activities take place, without waiting to check the underlying cause. Which of the following actions should you take?

You should set up an IDS with anomaly-based monitoring methodology.

Which of the following correctly differentiates between a man-in-the-middle (MITM) attack and a man-in- the-browser (MITB)?

A MITM attack occurs between two endpoints, whereas a MITB attack occurs between a browser and underlying computer.

In a security meeting, you are asked to suggest access control schemes in which you have high flexibility when configuring access to the enterprise resources. Which of the following should you suggest?

Attribute-based access control

You are working as a security administrator. Your enterprise has asked you to choose an access control scheme in which a user is authorized to access the resources if the user has a specific attribute and denied if they don't. Which of the following access control schemes should you choose?

Attribute-based access control

Which of the following types of risk control occurs during an attack?

Detective control

Which control discourages security violations before their occurrence?

Deterrent control

Which of the following access management controls best fits a home network?

Discretionary access control

. Which of the following statements about domain reputation is correct?

Domain reputation will be low if the domain is used for distributing malware or launching attacks

Which of the following contains the field that indicates the function of the packet and an identifier field used to match requests and responses and the type of data being transported along with the data itself?

EAP

In which type of RFID attack can unauthorized users listen to communications between RFID tags and readers?

Eavesdropping

What is the difference between protecting against eavesdropping and protecting against a man-in-the-middle (MITM) attack?

Eavesdropping can be prevented by being aware of one's surroundings while using NFC technology, while MITM attack can be prevented by configuring in a pairing method so only one side can send and the other can receive it at a time

Which type of wireless attack is designed to capture wireless transmissions coming from legitimate users?

Evil Twin

In an interview, you are asked about the role played by virtual machines in load balancing. Which of the following should be your reply?

If the virtual machine's load increases, the virtual machine can be migrated to another physical machine with more capabilities.

You are working as a cloud administrator, and are asked to migrate a virtual machine to a more capable physical machine, as the demand for the service hosted on the VM increased past its limit. As your enterprise still uses conventional switches, migration took time and resulted in customer dissatisfaction. How should you mitigate this issue in the future?

Implement a software-defined network

Several quantitative tools like mean time between failure (MTBF), mean time to recovery (MTTR), mean time to failure (MTTF), and failure in time (FIT) can be used to predict the likelihood of the risk. Which of these tools perform similar functions?

MTBF and FIT

As a senior security consultant, which of the following attacks should you mention in the charge sheet?

Mac Cloning attack

In an interview, you are given the following scenario: David sent a message to Tina saying, "There is no school today!" For some reason, the message showed up on Tina's device as, "Come to the school ASAP!" You (the candidate) are asked to name the type of attack that would cause this situation. Which of the following should you identify?

Man in the Middle

Why are jamming attacks generally rare?

They require expensive, sophisticated equipment

Which of the following is NOT a part of business continuity planning?

Contingency actions

What type of APs can be managed by wireless LAN controllers (WLCs)?

Controller AP

Marnus is working as a cloud administrator, and he has been asked to perform segmentation on specific cloud networks. Which of the following should be done by Marnus?

Create network rules for the services permitted between accessible zones to make sure endpoints belonging to other approved zones can reach them

In a practical test, Steve was asked to securely connect different on-premises computing devices with a database deployed in the cloud. What action is Steve taking?

Creating a Virtual Network

Your enterprise recently approved using fingerprint scanners to authenticate employees who access restricted areas. You are assigned to conduct a study on how secure fingerprint authentication is. Which of the following should you report?

Fingerprint scanners can be used for trickery in rare cases.

Which of the following is the most versatile cloud model?

IaaS

While analyzing a security breach, you found the attacker followed these attack patterns:The attacker initially tried the commonly used password "passw0rd" on all enterprise user accounts and then started trying various intelligible words like "passive," "partner," etc. Which of the following attacks was performed by the attacker?

Initially, a password spraying attack and then a brute force attack.

In a security review meeting, you are asked to implement a detective control to ensure enhanced security during an attack. Which of the following actions should you take?

Install motion detection sensors in strategic areas

In an interview, you are asked to explain how gamification contributes to enterprise security. How should you reply

Instructional gaming can train employees on the details of different security risks while keeping them engaged

In a security review meeting, you are asked to calculate the single loss expectancy (SLE) of an enterprise building worth $100,000,000, 75% of which is likely to be destroyed by a flood. Flood insurance data suggest that a severe flood is likely to occur once every 100 years. Which formula should you use to calculate the SLE?

100,000,000 * 0.75/.01

Which of the following best describes a host-based firewall?

A host-based firewall is a software firewall that protects a single endpoint device.

Which of the following best describes a network address translation?

A network address translation (NAT) enables a private IP network to connect to the internet.

You are analyzing the settings for your network's firewall. There is currently a log-only rule set for the source address 112.101.2.4. Which of the following has created a log entry in the firewall?

A rule is set to allow all packets from 112.101.2.1 through 112.101.2.22.

Which of the following is a layer 2 attack?

ARP poisoning

You are asked to configure your firewall in such a way that the traffic from source address range 117.112.10.25 through 117.112.15.100 is allowed, while traffic from 117.112.12.25 through 117.112.13.25 is denied, and traffic from 117.112.12.200 through 117.112.13.10 is allowed. How should you configure the firewall?

Allow 117.112.10.25 through 117.112.15.100; deny 117.112.12.25 through 117.112.13.25; force- allow 117.112.12.200 through 117.112.13.10

Which of the following statements correctly defines jamming?

An attacker intentionally floods the RF spectrum with extraneous RF signal "noise" that creates interference and prevents communications.

While talking to a new client, the client asked you why access control is mostly used in enterprise networks rather than home networks. How should you reply?

An enterprise network will have more sensitive and confidential information.

You are asked to construct a server cluster to provide resilience to the webserver hosted by your enterprise. Which of the following clustering systems should you implement to ensure the standby server only works when the other server fails?

Asymmetric

Which of the following best describes bash?

Bash is a command language interpreter.

Which type of attack can give an attacker access to a device and allow them to copy personal information using an unauthorized radio frequency connection?

Bluesnarfing

During an interview, you are provided the following scenario: The enterprise that you recently joined is using the ISP DNS server to resolve domain names. You are asked which specific attack will need to be mitigated first to secure the enterprise network. Which of the following attacks should you choose?

DNS Hijacking

Tyler is a cybersecurity expert assigned to look after the security of a public DNS server. One day, during his usual inspection of the DNS server, he found that the DNS table has been altered, resulting in URL redirection for some users.

DNS Hijacking

Which specific type of attack occurs when a threat actor redirects network traffic by modifying the local host file to send legitimate traffic anywhere they choose?

DNS poisoning

Which of the following can be achieved using availability zones in cloud computing?

Fault Tolerance

Which type of intrusion detection system can also block attacks?

Inline

Which of the following types of risk would organizations being impacted by an upstream organization's vulnerabilities be classified as?

Multiparty risk

An attacker collected many usernames from a website and tried to login into the accounts using the password "passw0rd". What type of attack was this?

Password spraying

Which risk remains after additional controls are applied?

Residual risk

The following data is being used for a password attack: "?u ?l ?l ?l ?l ?d ?d ?d ?d." Which of the following types of attack is this?

Rule attack

Which of the following is a deception instrument?

Sinkhole

Which site survey tool is used to visually represent wireless network details such as channel bandwidth, channel coverage, data rate, and interference, among others

WiFi analyzers

Which of the following attacks is considered easy, allowing threat actors to access user data and read through passwords and PINs, and why is it considered so?

A WLAN consumer attack, because many users fail to properly configure security on their home WLANs.

Which of the following best describes the cloud access security broker?

CASB ensures the security policies of the enterprise comply with the cloud.

Who implements access control based on the security level determined by the data owner?

Data Custodian

Who ensures the enterprise complies with data privacy laws and its own privacy policies?

Data privacy officer

After a disaster disrupted your organization's functioning, you were assigned to determine the sequence for reinstating systems. Which of the following documents should you refer to when deciding the restoration order?

Data recovery plan

Which of the following is a feature of secrets management?

Default Encryption

Which of the following access control schemes is most secure?

Mandatory access control

Dave is preparing a COOP for his company. In it, he included how and where employees and resources will be relocated in case of a natural disaster, how data will be recovered in case a terrorist attack shuts down public networks, and how the company's critical services and processes will be affected by an IT system failure. Did Dave compile the COOP correctly?

No. Dave's COOP plan should not include how critical services and processes will be affected by an IT system failure.

Sam is working as a cybersecurity expert. An enterprise that manages nuclear powerplants approached Sam's company to install an authentication facility for its employees when they access the nuclear plant. The enterprise is demanding multifactor authentication with high security, lowest false acceptance rate, and lowest false rejection rates. Which of the following authentication methods should Sam apply?

Pin and gait recognition

What do servers connected in a cluster use to communicate with each other?

Private cluster connection

Which of the following can prevent macros attacks?

Protected View

Which of the following RAID configurations have no fault tolerance?

RAID 0

You are working as a cybersecurity expert in an enterprise. While examining the newly established enterprise network, you found that when a request to write data to the drive is made, the controller sends that request to each drive. When a read action is required, the data is read twice, once from each drive. Which type of RAID is used in the newly established network?

Raid level 1

One of the important systems in your organization was accidentally exposed to malware. Which of the following features should you use to manage the risk of malware?

Revert to a known state

You are a cyber forensic specialist, and you are asked to retrieve the password of an employee account suspected of being an imposter. As you are provided with the enterprise's strong password policy, which of the following methods will be the easiest for you to use when retrieving the password?

Rule Attack

You are working as a security admin in an enterprise and have been asked to choose an access control method so that all users can access multiple systems without crossing their limit of access. Which of the following access control methods is the best fit?

Rule-based access control

You are asked to choose a secure authentication method other than a username and password for the employees to access your enterprise's database. Which of the following should you choose?

Security key authentication

Which of the following best describes a Fake RAID?

Software RAID

In an interview, Max was asked to tell one difference between a software firewall and a virtual firewall. How should Max answer?

Software firewalls are locally installed on a device, whereas virtual firewalls run in the cloud.

You are a security admin for an enterprise, and you were asked to ensure high availability of data using redundancy. Which of the following action should you perform?

Store the same data in different devices across different locations

David is asked to test a new configuration on a virtual machine; if it does not work, it should roll back to the older state. What should David do before testing the new configuration so he can roll it back to the previous state if needed?

Take a snapshot of the virtual machine before testing the configuration

The risk of DDoS attacks, SQL injection attacks, phishing, etc., is classified under which threat category?

Technical

Your company has hired a contractor to build fences surrounding the office building perimeter and install signs that say "premises under 24-hour video surveillance." When do these controls occur?

The fence and the signs should both be installed before an attack

In an interview, you are asked to explain the major objective of having resilience in an organization. How should you respond?

The major objective of resilience in an organization is to provide uninterrupted services.

You work at the headquarters of an enterprise known for unethical practices. The company has many remote sites, but most functions are performed at one location. Your enterprise recently hired a third-party vendor known for high-accuracy business impact analyses. The BIA performed by the vendor has since proved wrong, as an incident impacted the business significantly more than forecast. You are assigned to conduct a study on the BIA's misconception and submit a report. What should you investigate as the possible reason for the BIA's inaccuracy?

The vendor overlooked the organization's remote sites.

Windows switches to Secure Desktop Mode when the UAC prompt appears. What is the objective of Secure Desktop Mode?

To prevent malware from tricking users by spoofing what appears on the screen

Which of the following best describes trusted location in MS Office?

Trusted location allows you to run macros-enabled files with no security restrictions.

The devices in your enterprise are configured with mandatory access control in which salaries.xlsx is labeled "secret," transactions.xlsx is labeled "top secret," and employees.xlsx is labeled "confidential." You were asked to configure the user clearance so that User A can access all three files, while User B can only access employees.xlsx.

User A: top secret; User B: confidential

In which of the following attacks do attackers use intentional interference to flood the RF spectrum with enough interference to prevent a device from effectively communicating with the AP?

Wireless denial of service attacks

Which wireless probe is designed to scan and record wireless signals within its range at regular intervals and report the information to a centralized database?

Wireless device probe

Your enterprise is hosting a web app that has limited security. As a security administrator, you are asked to take appropriate measures to restrict threat actors from hijacking users' sessions. Which of the following is the most appropriate action for you to take?

You should implement cryptography using OpenSSL

You want to implement an authentication method so that different password attacks, like dictionary attacks, brute force attacks, etc., will not result in unauthorized access to the web application hosted by your enterprise. You want to do this by not using any specialized hardware or making any changes to the user's activity during the authentication process. Which of the following methods should you apply?

You should implement keystroke dynamics

You are the cybersecurity chief of an enterprise. A risk analyst new to your company has come to you about a recent report compiled by the team's lead risk analyst. According to the new analyst, the report overemphasizes the risk posed by employees who currently have broad network access and puts too much weight on the suggestion to immediately limit user access as much as possible. According to the new analyst, not only does the report not mention the risk posed by a hacktivist group that has successfully attacked other companies in the same industry, it doesn't mention data points related to those breaches and your company's risk of being a future target of the group. How should you address this issue so that future reports and risk analyses are more accurate and cover as many risks as needed?

You should implement risk control self-assessment.

As a cybersecurity specialist, you are asked to defend the web app hosted by your enterprise from web application attacks like cross-site scripting, SQL injections, etc. Which of the following actions should you take?

You should install a WAF

In an interview, you were asked to crack a password and told that the password is a commonly used word. Which of the following methods should you apply?

You should perform a dictionary attack

You are a senior security admin in your enterprise. You have been asked to perform an incident response exercise so that you and your colleagues can analyze every possible scenario in case of an attack in the most realistic manner. Which of the following actions should you take?

You should run a plausible simulated attack on the network.

In 2016, your enterprise issued an end-of-life notice for a product. In 2020, an end-of-service notice was issued for the same product. What does this mean?

Your company stopped manufacturing a product in 2016, and all maintenance services for the product stopped in 2020.


Related study sets

Final Exam What To Study - French II

View Set

0813 Insurance - New York State Law Quiz

View Set

Quiz - Primary, Secondary sources and Map skills

View Set

Chapter 3: Types of Insurance Policies

View Set

Bio L 152 Final Review - SELU Jennifer White

View Set

Evaluating Algebraic Expressions

View Set

GEN BIO II EXAM 3 MODULE 5 SUPERQUIZ

View Set