Network Security CI120 (A & B)

Ace your homework & exams now with Quizwiz!

5 GHz Band

802.11a uses frequencies in this band.

WEP

802.11i updates the flawed security deployed in this protocol.

shell

A _________ is a command-line user interface to an operating system.

VPN

A ____________________ is a way to create a virtual network link across a public network that allows the endpoints to act as though they are on the same network.

A load balancer

A dedicated network device that can direct requests to different servers based on a variety of factors.

Router

A device that routes packets based on IP addresses

Geo-Tagging

A feature that can disclose a user's position when sharing photos.

User Habits

A foundational security tool in engaging the workforce to improve the overall security posture of an organization.

Network

A group of two or more computers linked together to share data.

Business Partnership Agreement

A legal agreement between organizations establishing the terms, conditions, and expectations of the relationship between them

Memorandum of Understanding

A legal document used to describe a bilateral agreement between parties.

Hardware Security Module (HSM)

A physical device that safeguards cryptographic keys.

Shoulder Surfing

A procedure in which attackers position themselves in such a way as to be able to observe an authorized user entering the correct access code.

Initialization Vector

A random number used in combination with a secret key as a means to encrypt data. Part of the RC4 cipher that has a weak implementation in WEP.

Tailgating

A simple tactic of following closely behind a person who has just used their access card or PIN to gain physical access to a room or building.

CCTV

A system where the camera and monitor are directly linked.

Nonrepudiation

A term used to describe the condition where a user cannot deny that an event has occurred.

10

Acme Widgets has 10 employees and they all need the ability to communicate with one another using a symmetric encryption system. The system should allow any two employees to securely communicate without other employees eavesdropping. If an 11th employee is added to the organization, how many new keys must be added to the system?

Hackers

Actors who deliberately access computer systems and networks without authorization.

Static code analysis

Adam is conducting software testing by reviewing the source code of the application. What type of code testing is Adam conducting?

Pharming

Alaina discovers that someone has set up a website that looks exactly like her organization's banking website. Which of the following terms best describes this sort of attack?

CCMP

Alaina has implemented WPA2 and uses enterprise authentication for access points in infrastructure mode. What encryption protocol is her network using?

Spam over Instant Messaging

Alaina suspects that her organization may be targeted by a SPIM attack. What technology is she concerned about?

Method of transport

Alaina wants to maintain chain of custody documentation and has created a form. Which of the following is not a common element on a chain of custody form? Item identifier number Signature of the person transferring the item Signature of the person receiving the item Method of transport

Shoulder surfing

Alan reads Susan's password from across the room as she logs in. What type of technique has he used?

Homomorphic encryption

Alan's team needs to perform computations on sensitive personal information but does not need access to the underlying data. What technology can the team use to perform these calculations without accessing the data?

A supply chain attack

Alex discovers that the network routers that his organization has recently ordered are running a modified firmware version that does not match the hash provided by the manufacturer when he compares them. What type of attack should Alex categorize this attack as?

Files will remain but file indexes will not.

Alex has been handed a flash media device that was quick-formatted and has been asked to recover the data. What data will remain on the drive? No data will remain on the drive. Files will remain but file indexes will not. File indexes will remain, but the files will be gone. Files and file indexes will remain on the drive.

Standard

Allan is developing a document that lists the acceptable mechanisms for securely obtaining remote administrative access to servers in his organization. What type of document is Allan writing?

A deny list tool

Alyssa wants to prevent a known Microsoft Word file from being downloaded and accessed on devices she is responsible for. What type of tool can she use to prevent this?

A microSD HSM

Alyssa wants to use her Android phone to store and manage cryptographic certificates. What type of solution could she choose to do this using secure hardware?

A CAN bus

Amanda is assessing a vehicle's internal network. What type of bus is she most likely to discover connecting its internal sensors and controllers? A Zigbee bus An SoC bus A CAN bus Narrowband bus

A heatmap

Amanda wants to create a view of her buildings that shows Wi-Fi signal strength and coverage. What is this type of view called? A channel overlay A PSK A heatmap A SSID chart

Degaussing

Amanda wants to securely destroy data held on DVDs. Which of the following options is not a suitable solution for this?

SSID

An Access Point uses this to advertise its existence to potential wireless clients.

Evil twin

An ________________ is a malicious fake access point that is set up to appear to be a legitimate, trusted network.

Time of Day Restriction

An access control method that would allow you to control access to records only when someone is scheduled to work.

Protocol

An agreed-upon method of exchanging information between systems.

Kerberos

An authentication model designed around the concept of using tickets for accessing objects.

Single Sign-On (SSO)

An authentication process where the user can enter their user ID and password once and then be able to move from application to application without having to supply further authentication.

Backdoor

An avenue that can be used to access a system while circumventing normal security mechanisms.

PBX (Private Branch Exchange)

An extension of the telephone service into a firm's telecommunications network.

Script Kiddie

An individual who does not have the technical expertise to develop scripts or discover new vulnerabilities in software but who has just enough understanding of computer systems to be able to download and run scripts that others have developed.

A walk-through

As part of their yearly incident response preparations, Ben's organization goes through a sample incident step by step to validate what each person will do in the incident. What type of exercise is this?\

Purpose limitation

Asa believes that her organization is taking data collected from customers for technical support and using it for marketing without their permission. What principle is most likely being violated?

Basic Authentication

Authentication that is sent in plaintext with only Base64 encoding.

Point-to-point

Bart knows that there are two common connection methods between Wi-Fi devices. Which of the following best describes ad hoc mode? Point-to-point NFC Point-to-multipoint RFID

tcpdump

Bart needs to assess whether a three-way TCP handshake is occurring between a Linux server and a Windows workstation. He believes that the workstation is sending a SYN but is not sure what is occurring next. If he wants to monitor the traffic, and he knows that the Linux system does not provide a GUI, what tool should he use to view that traffic?

Firewall

Basic packet filtering occurs here.

Dumpster diving

Ben searches through an organization's trash looking for sensitive documents, internal notes, and other useful information. What term describes this type of activity?

RAID 10

Ben wants to implement a RAID array that combines both read and write performance while retaining data integrity if a drive fails. Cost is not a concern compared to speed and resilience. What RAID type should he use?

LDAPS

Bonita has discovered that her organization is running a service on TCP port 636. What secure protocol is most likely in use?

Steganography

Brian discovers that a user suspected of stealing sensitive information is posting many image files to a message board. What technique might the individual be using to hide sensitive information in those images?

Residual risk

Brian recently conducted a risk mitigation exercise and has determined the level of risk that remains after implementing a series of controls. What term best describes this risk?

Resource policy

Brian would like to limit the ability of users inside his organization to provision expensive cloud server instances without permission. What type of control would best help him achieve this goal?

Structured Threat

Characterized by a greater amount of planning, a longer period of time to conduct the activity, more financial backing to accomplish it, and the possible corruption of, or collusion with, insiders

Performing user input validation

Charles is worried about users conducting SQL injection attacks. Which of the following solutions will best address his concerns?

Interview the individual.

Charles needs to know about actions an individual performed on a PC. What is the best starting point to help him identify those actions? Review the system log. Review the event log. Interview the individual. Analyze the system's keystroke log.

Elicitation

Charles wants to find out about security procedures inside his target company, but he doesn't want the people he is talking to realize that he is gathering information about the organization. He engages staff members in casual conversation to get them to talk about the security procedures without noticing that they have done so. What term describes this process in social engineering efforts?

tail

Charles wants to monitor changes to a log file via a command line in real time. Which of the following command-line Linux tools will let him see the last lines of a log file as they change? head logger tail chmod

Use the VM host to create a snapshot.

Charles wants to obtain a forensic copy of a running virtual machine. What technique should he use to capture the image? Run dd from within the running machine. Use FTK Imager from the virtual machine host. Use the VM host to create a snapshot. Use WinHex to create a copy from within the running machine.

The Windows Security log

Chris has turned on logon auditing for a Windows system. Which log will show them?

Integrity

Chris is responding to a security incident that compromised one of his organization's web servers. He believes that the attackers defaced one or more pages on the website. What cybersecurity objective did this attack violate? Confidentiality Nonrepudiation Integrity Availability

UEFI/Measured boot

Chris wants systems that connect to his network to report their boot processes to a server where they can be validated before being permitted to join the network. What technology should he use to do this on the workstations? BIOS/Measured boot UEFI/Measured boot BIOS/Trusted boot UEFI/Trusted boot

None of the above (which are: Use signed BGP by adopting certificates for each BGP peer/ Turn on BGP route protection/ Choose a TLS-enabled version of BGP)

Chuck wants to provide route security for his organization, and he wants to secure the BGP traffic that his routers rely on for route information. What should Chuck do?

TAXII

Cindy wants to send threat information via a standardized protocol specifically designed to exchange cyber threat information. What should she choose?

Mandatory vacations

Colin would like to implement a security control in his accounting department that is specifically designed to detect cases of fraud that are able to occur despite the presence of other security controls. Which one of the following controls is best suited to meet Colin's need?

Information Warfare

Conducted against the information and information-processing equipment used by an adversary.

pathping

Connor believes that there is an issue between his organization's network and a remote web server, and he wants to verify this by checking each hop along the route. Which tool should he use if he is testing from a Windows 10 system?

Lighting

Continuous, standby, Trip, and emergency are all types of __________

A snapshot

Cynthia wants to clone a virtual machine. What should she do to capture a live machine, including the machine state?

dd

Cynthia wants to make an exact copy of a drive using a Linux command-line tool. What command should she use?

SAE

Daniel knows that WPA3 has added a method to ensure that brute-force attacks against weak preshared keys are less likely to succeed. What is this technology called?

Wireshark

Danielle wants to capture traffic from a network so that she can analyze a VoIP conversation. Which of the following tools will allow her to review the conversation most effectively?

SOC 2 Type 1

Darren is working with an independent auditor to produce an audit report that he will share with his customers under NDA to demonstrate that he has appropriate security controls in place. The auditor will not be assessing the effectiveness of those controls. What type of audit report should Darren expect?

Role-Based Access Control (RBAC)

Designed around the type of tasks people perform.

Bridge or Switch

Distributes traffic based on MAC addresses.

Improper error handling

During a web application test, Ben discovers that the application shows SQL code as part of an error provided to application users. What should he note in his report?

Use a degausser.

Elaine wants to securely erase the contents of a tape used for backups in her organization's tape library. What is the fastest secure erase method available to her that will allow the tape to be reused? Wipe the tape by writing a random pattern of 1s and 0s to it. Wipe the tape by writing all 1s or all 0s to it. Use a degausser. Incinerate the tape.

SRTP

Elle is implementing a VoIP telephony system and wants to use secure protocols. If she has already implemented SIPS, which other protocol is she most likely to use?

An air gap

Florian wants to ensure that systems on a protected network cannot be attacked via the organization's network. What design technique should he use to ensure this?

Whether the forensic information includes a timestamp

Frank is concerned about the admissibility of his forensic data. Which of the following is not an element he should be concerned about?

Implement and use a data classification scheme.

Frank's organization is preparing to deploy a data loss prevention (DLP) system. What key process should they undertake before they deploy it? Implement and use a data classification scheme. Define data lifecycles for all nonsensitive data. Tag all data with the name of the creator or owner. Encrypt all sensitive data.

Out-of-band management

Fred wants to ensure that the administrative interfaces for the switches and routers are protected so that they cannot be accessed by attackers. Which of the following solutions should he recommend as part of his organization's network design?

Containerization

Fred's company issues devices in a BYOD model. That means that Fred wants to ensure that corporate data and applications are kept separate from personal applications on the devices. What technology is best suited to meet this need? Biometrics Full-device encryption Context-aware authentication Containerization

On disk

Gabby wants to capture the pagefile for a system. Where will she find the pagefile stored? In memory On disk In a CPU register In device firmware

RAID 1

Gabby wants to implement a mirrored drive solution. What RAID level does this describe?

POPS, IMAPS, HTTPS

Gary wants to use secure protocols for email access for his end users. Which of the following groups of protocols should he implement to accomplish this task?

RTO

Gene recently conducted an assessment and determined that his organization can be without its main transaction database for a maximum of two hours before unacceptable damage occurs to the business. What metric has Gene identified?

dev. www.mydomain.com

Glenn recently obtained a wildcard certificate for *. mydomain.com . Which one of the following domains would not be covered by this certificate?

Risk transference

Grace's company decided to install the web application firewall and continue doing business. They are still worried about other risks to the information that were not addressed by the firewall and are considering purchasing an insurance policy to cover those risks. What strategy does this use?

Supply chain

Greg believes that an attacker may have installed malicious firmware in a network device before it was provided to his organization by the supplier. What type of threat vector best describes this attack?

Network-based

Greg is implementing a data loss prevention system. He would like to ensure that it protects against transmissions of sensitive information by guests on his wireless network. What DLP technology would best meet this goal?

WinHex

Greg wants to use a tool that can directly edit disks for forensic purposes. What commercial tool could he select from this list? dd memdump WinHex df

Geographic dispersal

Gurvinder identifies a third-party datacenter provider over 90 miles away to run his redundant datacenter operations. Why has he placed the datacenter that far away?

Backups

Gurvinder wants to follow the order of volatility to guide his forensic data acquisition. Which of the following is the least volatile?

COPE

Gurvinder wants to select a mobile device deployment method that provides employees with devices that they can use as though they're personally owned to maximize flexibility and ease of use. Which deployment model should he select? CYOD COPE BYOD MOTD

A disaster recovery plan

Gwen is building her organization's documentation and processes and wants to create the plan for what the organization would do if her datacenter burned down. What type of plan would typically cover that type of scenario?

Masking

Gwen is exploring a customer transaction reporting system and discovers the table shown here. What type of data minimization has most likely been used on this table?

SaaS

Helen designed a new payroll system that she offers to her customers. She hosts the payroll system in AWS and her customers access it through the web. What tier of cloud computing best describes Helen's service?

Data processor

Helen's organization maintains medical records on behalf of its customers, who are individual physicians. What term best describes the role of Helen's organization?

Vulnerability scans

Henry wants to check to see if services were installed by an attacker. What commonly gathered organizational data can he use to see if a new service appeared on systems? Registry dumps from systems throughout his organization Firewall logs Vulnerability scans Flow logs

Autopsy

Henry wants to use an open source forensic suite. Which of the following tools should he select? Autopsy EnCase FTK WinHex

All of the above. (It ensures that a vulnerability in a single company's product will not impact the entire infrastructure. If a single vendor goes out of business, the company does not need to replace its entire infrastructure. It means that a misconfiguration will not impact the company's entire infrastructure.)

How does technology diversity help ensure cybersecurity resilience?

All should have equal weight

Howard is assessing the legal risks to his organization based upon its handling of PII. The organization is based in the United States, handles the data of customers located in Europe, and stores information in Japanese datacenters. What law would be most important to Howard during his assessment?

David's private key

If David wishes to digitally sign the message that he is sending Mike, what key would he use to create the digital signature?

Default Deny

Implicit Deny is an operationalization of this principle.

ERM

In an _______________ program, organizations take a formal approach to risk analysis

Command and Control

In the Cyber Kill Chain, this stage access allows two-way communication and continued control of the remote system. __________________

Reconnaissance

In the Cyber Kill Chain, this stage identifies targets. __________________

Risk acceptance

In the end, Grace found that the insurance policy was too expensive and opted not to purchase it. She is taking no additional action. What risk management strategy is being used in this situation?

SaaS

In what cloud security model does the cloud service provider bear the most responsibility for implementing security controls?

One system is set to an incorrect time zone.

Isaac is performing a forensic analysis on two systems that were compromised in the same event in the same facility. As he performs his analysis, he notices that the event appears to have happened almost exactly one hour earlier on one system than the other. What is the most likely issue he has encountered? The attacker took an hour to get to the second system. One system is set to an incorrect time zone. The attacker changed the system clock to throw off forensic practitioners. The forensic tool is reading the timestamps incorrectly.

PEAP

Isabelle needs to select the EAP protocol that she will use with her wireless network. She wants to use a secure protocol that does not require client devices to have a certificate, but she does want to require mutual authentication. Which EAP protocol should she use? EAP-FAST EAP-TTLS PEAP EAP-TLS

Access Tokens

Items carried by the user to allow them to be authenticated.

Disable ARP on all accessible ports

James is concerned about preventing broadcast storms on his network. Which of the following solutions is not a useful method of preventing broadcast storms on his network?

Removed the vulnerability

Jen identified a missing patch on a Windows server that might allow an attacker to gain remote control of the system. After consulting with her manager, she applied the patch. From a risk management perspective, what has she done?

A captive portal

Jerome wants to allow guests to use his organization's wireless network, but he does not want to provide a preshared key. What solution can he deploy to gather information such as email addresses or other contact information before allowing users to access his open network?

When the machine is off

Jim configures a Windows machine with the built-in BitLocker full disk encryption tool. When is the machine least vulnerable to having data stolen from it? When the machine is booted and logged in but is unlocked When the machine is booted and logged in but is locked When the machine is off When the machine is booted and logged in but is asleep

journalctl

Jim wants to view log entries that describe actions taken by applications on a CentOS Linux system. Which of the following tools can he use on the system to view those logs? logger syslog-ng journalctl tail

John the Ripper

Joanna recovers a password file with passwords stored as MD5 hashes. What tool can she use to crack the passwords?

Guideline

Joe is authoring a document that explains to system administrators one way in which they might comply with the organization's requirement to encrypt all laptops. What type of document is Joe writing?

Timing-based SQL injection

Joe is examining the logs for his web server and discovers that a user sent input to a web application that contained the string WAITFOR. What type of attack was the user likely attempting?

Directory traversal

Joe's adventures in web server log analysis are not yet complete. As he continues to review the logs, he finds the request http://www.mycompany.com/../../../etc/passwd What type of attack was most likely attempted?

Robotic sentries

Kathleen wants to discourage potential attackers from entering the facility she is responsible for. Which of the following is not a common control used for this type of preventive defense?

Elasticity

Kevin would like to ensure that his software runs on a platform that is able to expand and contract as needs change. Which one of the following terms best describes his goal?

CASB

Kira would like to implement a security control that can implement access restrictions across all of the SaaS solutions used by her organization. What control would best meet her needs?

White hat

Kolin is a penetration tester who works for a cybersecurity company. His firm was hired to conduct a penetration test against a health-care system, and Kolin is working to gain access to the systems belonging to a hospital in that system. What term best describes Kolin's work?

PSK

Laura wants to deploy a WPA2 secured wireless for her small business, but she doesn't have a RADIUS server set up. If she wants her Wi-Fi to be encrypted, what is her best option for wireless authentication? EAP PSK EAP-TLS Open Wi-Fi with a captive portal

A Raspberry Pi

Lucca is prototyping an embedded system and wants to use a device that can run a full Linux operating system so that he can install and use a firewall and other security software to protect a web service he will run on it. Which of the following solutions should he use? A Raspberry Pi An FPGA An Arduino None of the above

Text messages and multimedia messages

Madhuri disables SMS, MMS, and RCS on phones in her organization. What has she prevented from being sent?

Active/active

Madhuri is designing a load-balancing configuration for her company and wants to keep a single node from being overloaded. What type of design will meet this need?

In the photo's metadata

Madhuri wants to check a PNG-formatted photo for GPS coordinates. Where can she find that information if it exists in the photo? In the location.txt file appended to the PNG On the original camera In the photo's metadata In the photo as a steganographically embedded data field

Motion detection

Madhuri wants to implement a camera system but is concerned about the amount of storage space that the video recordings will require. What technology can help with this?

Standard Operating Procedures

Mandatory step-by-step instructions set by the organization so that in the performance of their duties employees will meet the stated security objectives of the firm.

Compare the hashes of the source and target drive.

Maria has acquired a disk image from a hard drive using dd, and she wants to ensure that her process is forensically sound. What should her next step be after completing the copy?

Managerial

Matt is updating the organization's threat assessment process. What category of control is Matt implementing?

Capability

Megan's organization uses the Diamond Model of Intrusion Analysis as part of their incident response process. A user in Megan's organization has discovered a compromised system. What core feature would help her determine how the compromise occurred?

Wireshark

Melissa wants to capture network traffic for forensic purposes. What tool should she use to capture it?

Use forensic memory acquisition techniques.

Michael wants to acquire the firmware from a running device for analysis. What method is most likely to succeed? Use forensic memory acquisition techniques. Use disk forensic acquisition techniques. Remove the firmware chip from the system. Shut down the system and boot to the firmware to copy it to a removable device.

syslog-ng

Michael wants to log directly to a database while also using TCP and TLS to protect his log information and to ensure it is received. What tool should he use? syslog rsyslog syslog-ng journalctl

An allow list application

Michelle wants to prevent unauthorized applications from being installed on a system. What type of tool can she use to allow only permitted applications to be installed?

An allow list application

Michelle wants to prevent unauthorized applications from being installed on a system. What type of tool can she use to allow only permitted applications to be installed? A HIPS A hardening application A deny list application An allow list application

A bollard

Mike wants to stop vehicles from traveling toward the entrance of his building. What physical security control should he implement?

Routing

Moving packets from source to destination across multiple networks.

21, 23, and 80

Naomi has discovered the following TCP ports open on a system she wants to harden. Which ports are used for unsecure services and thus should be disabled to allow their secure equivalents to continue to be used? 21 22 23 80 443

Right to forensic examination

Naomi is preparing to migrate her organization to a cloud service and wants to ensure that she has the appropriate contractual language in place. Which of the following is not a common item she should include?

Text message-based phishing

Naomi receives a report of smishing. What type of attack should she be looking for?

A load balancer

Naomi wants to deploy a tool that can allow her to scale horizontally while also allowing her to patch systems without interfering with traffic to her web servers. What type of technology should she deploy?

arp /a

Nick wants to display the ARP cache for a Windows system. What command should he run to display the cache?

Confidentiality

Nolan is writing an after action report on a security breach that took place in his organization. The attackers stole thousands of customer records from the organization's database. What cybersecurity principle was most impacted in this breach?

Bluesnarfing

Octavia discovers that the contact list from her phone has been acquired via a wireless attack. Which of the following is the most likely culprit?

Email

Of the threat vectors listed here, which one is most commonly exploited by attackers who are at a distant location?

A host intrusion detection system

Olivia wants to install a host-based security package that can detect attacks against the system coming from the network, but she does not want to take the risk of blocking the attacks since she fears that she might inadvertently block legitimate traffic. What type of tool could she install that will meet this requirement? A host intrusion detection system A host firewall A host intrusion prevention system A data loss prevention tool

Peer-to-Peer Trust Model

One CA is not subordinate to another CA, and there is no established trust anchor between the CAs involved.

22

Port _____ is used for Secure Shell (SSH).

389

Port ________ is used for LDAP.

Parameterized queries

Precompiled SQL statements that only require variables to be input are an example of what type of application security control?

BIOS Passwords

Prevents an attacker from making a machine boot from its DVD drive.

$500,000

Questions 3-7 refer to the following scenario: Aziz is responsible for the administration of an e-commerce website that generates $100,000 per day in revenue for his firm. The website uses a database that contains sensitive information about the firm's customers. He expects that a compromise of that database would result in $500,000 of fines against his firm. Aziz is assessing the risk of a SQL injection attack against the database where the attacker would steal all of the customer personally identifiable information (PII) from the database. After consulting threat intelligence, he believes that there is a 5 percent chance of a successful attack in any given year. What is the asset value (AV)?

Risk mitigation

Questions 8-11 refer to the following scenario: Grace recently completed a risk assessment of her organization's exposure to data breaches and determined that there is a high level of risk related to the loss of sensitive personal information. She is considering a variety of approaches to managing this risk. Grace's first idea is to add a web application firewall to protect her organization against SQL injection attacks. What risk management strategy does this approach adopt?

None of the above (which are: SDHCP/ LDAPS/ ARPS)

Randy wants to prevent DHCP attacks on his network. What secure protocol should he implement to have the greatest impact?

2

Referring to the scenario in question 9, if Acme Widgets switched to an asymmetric encryption algorithm, how many keys would be required to add the 11th employee?

Keyspace

Refers to every possible value for a cryptographic key.

Transitive Trust

Refers to the condition where trust is extended to another domain that is already trusted.

Bootdisk

Removable media from a computer which can be booted.

Gray-hat hacking

Renee is a cybersecurity hobbyist. She receives an email about a new web-based grading system being used by her son's school and she visits the site. She notices that the URL for the site looks like this: https://www.myschool.edu/grades.php&studentID=1023425 (Links to an external site.) She realizes that 1023425 is her son's student ID number and she then attempts to access the following similar URLs: https://www.myschool.edu/grades.php&studentID=1023423 (Links to an external site.) https://www.myschool.edu/grades.php&studentID=1023424 (Links to an external site.) https://www.myschool.edu/grades.php&studentID=1023426 (Links to an external site.) https://www.myschool.edu/grades.php&studentID=1023427 (Links to an external site.) When she does so, she accesses the records of other students. She closes the records and immediately informs the school principal of the vulnerability. What term best describes Renee's work?

Hub

Repeats all data traffic across all connected ports.

Key Management

Required for symmetric encryption.

A differential backup

Rick performs a backup that captures the changes since the last full backup. What type of backup has he performed?

Third-party control

Ryan is selecting a new security control to meet his organization's objectives. He would like to use it in their multicloud environment and would like to minimize the administrative work required from his fellow technologists. What approach would best meet his needs?

The restoration order documentation

Sally is working to restore her organization's operations after a disaster took her datacenter offline. What critical document should she refer to as she restarts systems?

Exploitation

Selah is following the Cyber Kill Chain model and has completed the delivery phase. What step is next according to the Kill Chain?

Cloning

Skimming attacks are often associated with what next step by attackers?

Software-As-A-Service (SaaS)

Software-As-A-Service (SaaS) Offers software to end users from the cloud.

Retention policies

Susan has discovered that an incident took place on her network almost six months ago. As she prepares to identify useful data for the incident, which common policy is most likely to cause her difficulties during her investigation? Configuration standards Communication policies Incident response policies Retention policies PreviousNext

Remote wipe and FDE

Susan wants to ensure that the threat of a lost phone creating a data breach is minimized. What two technologies should she implement to do this?

Subnet Mask

Tells you what portion of a 32-bit IP address is being used as the Network ID and what portion is being used as the Host ID

eradication

The __________________ stage involves removing the artifacts associated with the incident.

Certificate Signing Request (CSR)

The actual request to a CA containing a public key and the requisite information needed to generate a certificate.

Certificate Authority (CA)

The actual service that issues certificates based on the data provided during the initial registration process.

Layered Defense

The architecture in which multiple methods of security defense are applied to prevent realization of threat-based risks.

Reverse Social Engineering

The attacker hopes to convince the target to initiate contact.

Audit

The board of directors of Kate's company recently hired an independent firm to review the state of the organization's security controls and certify those results to the board. What term best describes this engagement?

A microcontroller, and on physical security

The company that Hui works for has built a device based on an Arduino and wants to standardize its deployment across the entire organization. What type of device has Hui's organization deployed, and where should Hui place her focus on securing it? A GPU, and on network security An FPGA, and on network security An ICS, and on physical security A microcontroller, and on physical security

Cryptanalysis

The evaluation of a cryptosystem to test its security.

Preparation

The following figure shows the Security+ incident response cycle. What item is missing? (Hint: First step) Planning Reporting Monitoring Preparation

XOR

The function most commonly seen in cryptography. A "bitwise eXclusive OR"

MAC Address

The hardware address that uniquely identifies each device on a network.

checksum

The hash value for a drive or image can also be used as a __________________ to ensure that it has not changed.

Entropy

The measure of randomness in a system.

Biometrics

The measurement of unique biological properties such as fingerprints or irises.

Workstation

The name for a typical computer a user uses on a network.

An RTOS

The organization that Lynn works for wants to deploy an embedded system that needs to process data as it comes in to the device without processing delays or other interruptions. What type of solution does Lynn's company need to deploy? A HIPS An RTOS An MFP An SoC

Three-Way Handshake

The packet exchange sequence that initiates a TCP connection. SYN, SYN-ACK, ACK.

Economy of Mechanism

The principle in security where protection mechanisms should be kept as simple and small as possible.

Least Privilege

The principle that states that a subject has only the necessary rights and privileges to perform its task with no additional permissions.

Key Escrow

The process of giving keys to a third party so they can decrypt and read sensitive information if the need arises.

Dumpster Diving

The process of going through a target's trash searching for information that can be used in an attack or to gain knowledge about a system or network.

TEMPEST

The program to control electronic emanations from electrical equipment.

Network Address Translation (NAT)

The protocol that allows the use of private, internal IP addresses for internal traffic and public IP addresses for external traffic.

Topology

The shape or arrangement of a network, such as bus or star.

IEEE 802.11

The standard for wireless local area networks.

Registration Authority (RA)

The trusted authority for certifying individuals' identities and creating an electronic document indicating that individuals are who they say they are.

Mobile Device Management (MDM)

The type of application used to control security across multiple mobile devices in an enterprise.

Storage segmentation

Theresa has implemented a technology that keeps data for personal use separate from data for her company on mobile devices used by members of her staff. What is this concept called?

PHI

Tina works for a hospital system and manages the system's patient records. What category of personal information best describes the information that is likely to be found in those records?

Code signing

Tom is a software developer who creates code for sale to the public. He would like to assure his users that the code they receive actually came from him. What technique can he use to best provide this assurance?

AUP

Tonya discovers that an employee is running a side business from his office, using company technology resources. What policy would most likely contain information relevant to this situation?

Transit gateway

Ursula would like to link the networks in her on-premises datacenter with cloud VPCs in a secure manner. What technology would help her best achieve this goal?

Cross-Certification Certificate

Used when independent CAs establish peer-to-peer trust relationships.

Account Disablement

Used whenever an employee leaves a firm. All associated accounts should be disabled to prevent further access.

SSH, port 22

Valerie wants to replace the telnet access that she found still in use in her organization. Which protocol should she use to replace it, and what port will it run on?

IoC

Vince recently received the hash values of malicious software that several other firms in his industry found installed on their systems after a compromise. What term best describes this information?

A browser plug-in

Wayne is concerned that an on-path attack has been used against computers he is responsible for. What artifact is he most likely to find associated with this attack?

Session cookie

Wendy is a penetration tester who wishes to engage in a session hijacking attack. What information is crucial for Wendy to obtain if her attack will be successful?

API keys

Wendy is scanning cloud-based repositories for sensitive information. Which one of the following should concern her most, if discovered in a public repository?

27701

What ISO standard provides guidance on privacy controls?

Face recognition and fingerprint recognition

What are the two most commonly deployed biometric authentication solutions for mobile devices? Voice recognition and face recognition Fingerprint recognition and gait recognition Face recognition and fingerprint recognition Voice recognition and fingerprint recognition

PCI DSS

What compliance obligation applies to merchants and service providers who work with credit card information?

HIPAA

What compliance regulation most directly affects the operations of a healthcare provider?

Hypervisor

What component of a virtualization platform is primarily responsible for preventing VM escape attacks?

Tokenization

What data minimization technique replaces personal identifiers with unique identifiers that may be cross-referenced with a lookup table?

An unencrypted HTTP connection

What does an SSL stripping attack look for to perform an on-path attack?

$25,000

What is the annualized loss expectancy (ALE)?

0.05

What is the annualized rate of occurrence (ARO)?

Chain of custody

What is the document that tracks the custody or control of a piece of evidence called?

100%

What is the exposure factor (EF)?

Privacy

What is the most frequent concern that leads to GPS tagging being disabled by some companies via an MDM tool? Chain of custody The ability to support geofencing Privacy Context-aware authentication

SFlow samples only network traffic, meaning that some detail will be lost.

What is the primary concern with SFlow in a large, busy network?

$500,000

What is the single loss expectancy (SLE)?

XML

What language is STIX based on?

GDPR

What law creates privacy obligations for those who handle the personal information of European Union residents?

Center for Internet Security

What organization is known for creating independent security benchmarks covering hardware and software platforms from many different vendors?

ISACs

What organizations did the U.S. government help create to help share knowledge between organizations in specific verticals?

Identification

What phase in the incident response process leverages indicators of compromise and log analysis as part of a review of events? Preparation Containment Eradication Identification

TLS

What protocol is used to securely wrap many otherwise insecure protocols?

PowerShell

What scripting environment is native to Windows systems? Bash PowerShell Python CMD

USB-OTG

What standard allows USB devices like cameras, keyboards and flash drives to be plugged into mobile devices and used as they normally would be?

Distributing them in parking lots as though they were dropped

What technique is most commonly associated with the use of malicious flash drives by penetration testers?

Data encryption

What technology uses mathematical algorithms to render information unreadable to those lacking the required key?

Control objectives

What term best describes an organization's desired security state?

Data in motion

What term best describes data that is being sent between two systems over a network connection?

Data controller

What term is given to an individual or organization who determines the reasons for processing personal information?

EDR

What term is used to describe tools focused on detecting and responding to suspicious activities occurring on endpoints like desktops, laptops, and mobile devices? IAM FDE EDR ESC

SOAR

What tool is specifically designed to support incident responders by allowing unified, automated responses across an organization? IPS COOP SOAR IRC

Man-in-the-middle

What type of attack places an attacker in the position to eavesdrop on communications between a user and a web server?

Stream cipher

What type of cipher operates on one character of text at a time?

DOM-based XSS

What type of cross-site scripting attack would not be visible to a security professional inspecting the HTML source code in a browser?

EV

What type of digital certificate provides the greatest level of assurance that the certificate owner is who they claim to be?

A nation-state

What type of malicious actor is most likely to use hybrid warfare?

An access control vestibule

What type of physical security control is shown here? (A closed room with Door 1 which leads to Door 2, which leads to a secure area (or room).)

A warm site

What type of recovery site has some or most systems in place but does not have the data needed to take over operations?

Code of conduct

What type of security policy often serves as a backstop for issues not addressed in other policies?

False Rejection

When a biometric system (like fingerprints) fails to let you into a system when it should.

Authority

When a caller was recently directed to Amanda, who is a junior IT employee at her company, the caller informed her that they were the head of IT for her organization and that she needed to immediately disable the organization's firewall due to an ongoing issue with their e-commerce website. After Amanda made the change, she discovered that the caller was not the head of IT, and that it was actually a penetration tester hired by her company. Which social engineering principle best matches this type of attack?

Vishing

When you combine phishing with Voice over IP, it is known as:

Hybrid cloud

Which cloud computing deployment model requires the use of a unifying technology platform to tie together components from different providers?

Two-person control

Which of the following controls helps prevent insider threats?

Volatility

Which of the following is a memory forensics toolkit that includes memdump? FTK Imager WinHex dd Volatility

Form factor

Which of the following is not a common constraint of an embedded system? Form factor Network Compute Authentication

Use of weak encryption

Which of the following is not a typical security concern with MFPs? Acting as a reflector for network attacks Acting as an amplifier for network attacks Exposure of sensitive data from copies and scans Use of weak encryption

Documentation and reporting

Which of the following is not one of the four phases in COOP?

Detail

Which of the following measures is not commonly used to assess threat intelligence?

IPv6's NAT implementation is insecure.

Which of the following statements about the security implications of IPv6 is not true?

Nation-state actors

Which of the following threat actors typically has the greatest access to resources?

Top Secret

Which one of the following U.S. government classification levels requires the highest degree of security control?

Frequent flyer number

Which one of the following data elements is not commonly associated with identity theft?

Tokenization

Which one of the following data protection techniques is reversible when conducted properly?

Port scans

Which one of the following information sources would not be considered an OSINT source?

Create specific technology requirements for an organization.

Which one of the following is not a common use of the NIST Cybersecurity Framework?

Preventing injection attacks

Which one of the following is not an advantage of database normalization?

Using a cloud provider's web interface to provision resources

Which one of the following is not an example of infrastructure as code?

Contain

Which one of the following is not one of the five core security functions defined by the NIST Cybersecurity Framework?

Anonymous

Which one of the following is the best example of a hacktivist group?

Proposed revision to the security policy

Which one of the following items is not normally included in a request for an exception to security policy?

Nonrepudiation

Which one of the following objectives is not one of the three main objectives that information security professionals must achieve to protect their organizations against cybersecurity threats?

Data retention policy

Which one of the following policies would typically answer questions about when an organization should destroy records?

Guideline

Which one of the following security policy framework components does not contain mandatory guidance for individuals in the organization?

Agile

Which one of the following software development models focuses on the early and continuous delivery of software?

Controls used to fulfill one PCI DSS requirement may be used to compensate for the absence of a control needed to meet another requirement.

Which one of the following statements is not true about compensating controls under PCI DSS?

Threat map

Which one of the following threat research tools is used to visually display information about the location of threat actors?

CRM

Which one of the following would not commonly be available as an IaaS service offering?

Requirement to use AES-256 encryption

Which one of the following would not normally be found in an organization's information security policy?

Management

Which team member acts as a primary conduit to senior management on an IR team?

To prevent EMI

Why are Faraday cages deployed?

WTLS (Wireless Transport Layer Security)

Wireless Access Points use this protocol to attempt to ensure confidentiality of data.

Reduced the probability

You notice a high number of SQL injection attacks against a web application run by your organization, so you install a web application firewall to block many of these attacks before they reach the server. How have you altered the severity of this risk?

Data ownership policy

_____ clearly states the ownership of information created or used by the organization.

Password policy

_____ sets forth requirements for password length, complexity, reuse, and similar issues.

MSA

_______ provides an umbrella contract for the work that a vendor does with an organization over an extended period of time.

Procedures

_________ are detailed, step-by-step processes that individuals and organizations must follow in specific circumstances.

SCADA

_________ is a type of system architecture that combines data acquisition and control devices, computers, communications capabilities, and an interface to control and monitor an entire architecture.

SLA

__________ are written contracts that specify the conditions of service that will be provided by the vendor and the remedies available to the customer if the vendor fails to meet the SLA.

Continuous monitoring policy

__________ describes the organization's approach to monitoring and informs employees that their activity is subject to monitoring in the workplace.

Asset management

__________ describes the process an organization will follow for accepting new assets (such as computers and mobile devices) into inventory, tracking those assets over their lifetime, and properly disposing of them at the end of their useful life.

MOU

__________ is an informal mechanism that allows the parties to document their relationship to avoid future misunderstandings.

Standards

__________ provide mandatory requirements describing how an organization will carry out its information security policies.

Separation of duties

__________ requires the participation of two people to perform a single sensitive action.

Guidelines

___________ provide best practices and recommendations related to a given concept, technology, or task.

Whitelist blacklist block list

____________ and ____________ or ____________ are all terms used to describe allowing you to build a list of software, applications, and other system components that are allowed to exist or blocked from a system.

Policies

____________ are high-level statements of management intent.

AUP

____________ provides network and system users with clear direction on permissible uses of information resources.

Least privilege

____________ says that individuals should be granted only the minimum set of permissions necessary to carry out their job functions.

Preparation

____________. In this phase, you build the tools, processes, and procedures to respond to an incident.

Asset management

_____________ ___________ describe how the organization will follow for accepting new assets (such as computers and mobile devices) into inventory, tracking those assets over their lifetime, and properly disposing of them at the end of their useful life.

Embedded systems

_______________ are computer systems that are built into other devices.

Data stewards

_______________ are individuals who carry out the intent of the data controller and are delegated responsibility from the controller.

External risks

_______________ are those risks that originate from a source outside the organization.

Multi-party risks

_______________ are those that impact more than one organization.

Vulnerabilities

_______________ are weaknesses in our systems or controls that could be exploited by a threat.

Sandbox

_______________ describes an isolated environment where potentially dangerous or problematic software can be run.

Risk avoidance

_______________ is a risk management strategy where we change our business practices to completely eliminate the potential that a risk will materialize.

Risk acceptance

_______________ is the final risk management strategy and it boils down to deliberately choosing to take no other risk management strategy and to simply continue operations as normal in the face of the risk

Risk mitigation

_______________ is the process of applying security controls to reduce the probability and/or magnitude of a risk.

Risk management

_______________ is the process of systematically addressing the risks facing an organization.

Risks

_______________ occur at the intersection of a vulnerability and a threat that might exploit that vulnerability.

Legacy systems

_______________ pose a unique type of risk to organizations.

Risk identification process

_______________ requires identifying the threats and vulnerabilities that exist in your operating environment.

Port mirror

_______________ sends a copy of all the traffic sent to one switch port to another switch port for monitoring.

Qualitative risk assessments

_______________ substitute subjective judgments and categories for strict numerical analysis, allowing the assessment of risks that are difficult to quantify.

Quantitative risk assessments

_______________ use numeric data in the analysis, resulting in assessments that allow the very straightforward prioritization of risks.

802.11b

________________ Wi-Fi standard operates on the 11 Mbit/s and 2.4GHz frequency.

Load balancers

________________ are used to distribute traffic to multiple systems, provide redundancy, and allow for ease of upgrades and patching.

Network segmentation

________________ divides a network up into logical or physical groupings that are frequently based on trust boundaries, functional requirements, or other reasons that help an organization apply controls or assist with functionality.

Full disk encryption

________________ encrypts the disk and requires that the bootloader or a hardware device provide a decryption key and software or hardware to decrypt the drive for use.

EAP-TLS

________________ implements certificate-based authentication as well as mutual authentication of the device and network.

Port security

________________ is a capability that allows you to limit the number of MAC addresses that can be used on a single port

RFID

________________ is a relatively short-range (from less than a foot of some passive tags to about 100 meters for active tags) wireless technology that uses a tag and a receiver to exchange information.

Bluetooth

________________ is a short-range wireless standard limited to typically 5-30 meters.

DMZs Demilitarized zones

________________ or ________________ are network zones that contain systems that are exposed to less trusted areas.

Information security policy

_________________ contains a series of documents designed to describe the organization's cybersecurity framework.

Patch management

_________________ ensures that systems and software are up to date helps ensure endpoint security by removing known vulnerabilities.

Loop prevention

_________________ focuses on detecting loops and then disabling ports to prevent the loops from causing issues.

Right-to-audit clauses

__________________ __________________ , which are part of the contract between the cloud service and an organization.

Incident response policies

__________________ __________________ __________________ are commonly defined as part of building an IR capability.

Communication plans

__________________ __________________ are critical to incident response processes.

FTK imager

__________________ __________________ is a free tool for creating forensic images.

Disaster recovery

__________________ __________________ plans define the processes and procedures that an organization will take when a disaster occurs.

Business continuity

__________________ __________________ plans focus on keeping an organizational functional when misfortune or incidents occur.

Hardening

__________________ a system or application involves changing settings on the system to increase its overall level of security and reduce its vulnerability to attack.

Containers

__________________ have grown significantly in use and create new challenges for forensic examiners.

IoT

__________________ is a broad term that describes network-connected devices that are used for automation, sensors, security, and similar tasks.

Autopsy

__________________ is an open source forensic suite with broad capabilities.

Walk-throughs

__________________ take a team through an incident step by step.

Configuration management

__________________ tools are one of the most powerful options security professionals and system administrators have to ensure that the multitude of systems in their organizations have the right security settings and to help keep them safe.

Signature-based detection

__________________ uses a hash or other signature generation method to identify files or components of the malware that have been previously observed.

BPDU

____________________ guard protects STP by preventing ports that should not send BPDU messages from sending them.

Sanitizing drives or media

_____________________ involves wiping the data or destroying the media.

Data loss prevention tools

_____________________ protect organizational data from both theft and inadvertent exposure.

DHCP

_______________________ snooping focuses on preventing rogue DHCP servers from handing out IP addresses to clients in a managed network.

Broadcast storm prevention storm control

________________________, sometimes called __________________, prevents broadcast packets from being amplified as they traverse a network.


Related study sets

Art History Exam 3 Review (Chapters 29-32)

View Set

Decision Rules for Attribute-Based Choices

View Set

Vocabulario Capítulo 36 - Luchar en la Segunda Guerra Mundial

View Set

American Government: Chapter 12 Test Study Guide

View Set

MUSIC 004 Lesson 10,11,12,13,14 Unit 3 Exam

View Set

NYS LAH- Insurance Regulation other part 1

View Set

Phrasal Verbs Sent., ENG-RUS, 3 of 8

View Set

Pm - rozmisťování a propouštění pracovníků

View Set

strategic management 4180 Exam 1 questions

View Set

LMC wk 6 Comprehensive Industry Issues

View Set