security+ 7 / 8

Ace your homework & exams now with Quizwiz!

Which of the following type of security controls involves installing bollards? Directive Preventive Corrective Deterrent Detective

deterrent

Which is an IPsec protocol that authenticates that packets received were sent from the source? a. AH b. CER c. PXP d. DER

a. AH (Authentication header) Canonical Encoding Rules (CER) X.509 format Distinguished Encoding Rules (DER) X.509 format

Tomaso is explaining to a colleague the different types DNS attacks. Which DNS attack would only impact a single user? a. DNS poisoning attack b. DNS resource attack c. DNS hijack attack d. DNS overflow attack

a. DNS poisoning attack

Which of the following is NOT a means by which a newly approved root digital certificate is distributed? a. OS updates b. Application updates c. Web browser updates d. Pinning

b. Application updates pinning - a digital certificate is hard-coded (pinned) within the app (program) that is using the certificate.

What is the name of the device protected by a digital certificate? a. RCR b. CN c. TLXS d. V2X2

b. CN (common name)

Which block cipher mode of operating requires that both the message sender and receiver access a counter that computes a new value whenever a ciphertext block is exchanged? a. CD b. CTR c. CXL d. CN

b. CTR Counter (CTR)

Which of the following does NOT describe an area that separates threat actors from defenders? a. Secure area b. Containment space c. DMZ d. Air gap

b. Containment space DMZ, an area that separates threat actors from defenders (also called a physical air gap). Enterprises often have DMZs or secure areas in a building or office to separate the secure facilities from unknown and potentially hostile outsiders.

What is the strongest technology that would assure Alice that Bob is the sender of a message? a. Digital signature b. Digital certificate c. Digest d. Encrypted signature

b. Digital certificate

Deacon has observed that the switch is broadcasting all packets to all devices. He suspects it is the result of an attack that has overflowed the switch MAC address table. Which type of attack is this? a. MAC cloning attack b. MAC flooding attack c. MAC overflow attack d. MAC spoofing attack

b. MAC flooding attack

Proteus has been asked to secure endpoints that can be programmed and have an IP address so that they cannot be used in a DDoS attack. What is the name for this source of DDoS attack? a. IoT b. Operational Technology c. Application d. Network

b. Operational Technology (Automobiles, drones, robots) (endpoints that can be programmed) Sources of DDoS Attacks Network = computers Applications = IoT Operational Technology = above

Who verifies the authenticity of a CSR? a. Certificate authority b. Registration authority c. Certificate signatory d. Signature authority

b. Registration authority a registration authority must verify the CSR (Certificate Signing Request), an intermediate CA (intermediate certificate authority) must process the CSR, the digital certificate must be placed in a CR (certificate repository) and moved to a CRL (Certificate Revocation List) when it expires, and so on.

Which of the following can a digital certificate NOT be used for? a. To encrypt channels to provide secure communication between clients and servers b. To verify the authenticity of the CA c. To verify the identity of clients and servers on the Web d. To encrypt messages for secure email communications

b. To verify the authenticity of the CA

Estevan has recommended that the organization hire and deploy two security guards in the control room to limit the effect if one of the guards has been compromised. What is Estevan proposing? a. Dual observation protocol (DOP) b. Two-person integrity/control c. Multiplayer recognition d. Compromise mitigation assessment (CMA)

b. Two-person integrity/control

What is the name of the fields in an X.509 digital certificate that are used when the parties negotiate a secure connection? a. Electronic Code Book (ECB) repositories b. PFX c. Certificate attributes d. CTR

c. Certificate attributes

Which of the following sensors can detect an object that enters the sensor's field? a. Field detection b. IR verification c. Proximity d. Object recognition

c. Proximity

Which is a protocol for securely accessing a remote computer in order to issue a command? a. Secure Sockets Layer (SSL) b. Secure Hypertext Transport Protocol (SHTTP) c. Secure Shell (SSH) d. Transport Layer Security (TLS)

c. Secure Shell (SSH)

_____ are symmetric keys to encrypt and decrypt information exchanged during the session and to verify its integrity. a. Digital certificates b. Digital digests c. Session keys d. Encrypted signatures

c. Session keys Domain Digital Certificates

What is the purpose of certificate chaining? a. To hash the private key b. To ensure that a web browser has the latest root certificate updates c. To group and verify digital certificates d. To lookup the name of intermediate RA

c. To group and verify digital certificates

Which of the following is NOT a Microsoft defense against macros? a. Protected View b. Trusted location c. Trusted domain d. Trusted documents

c. Trusted domain

Which utility sends custom TCP/IP packets? a. shape b. curl c. hping d. pingpacket

c. hping curl - transfers data to or from a a server

Which of the following can be used to detect malicious activities? [Choose all that apply] Alarms Signage CCTV Cameras Badges

Alarms CCTV Cameras

Which of the following is used to target SSL-enabled sessions and non-SSL-enabled links to sniff their contents? Nessus OpenSSL Stunnel SSL Strip

SSL Strip

The SSL has been replaced by which cryptographic protocol? SSH TLS SRTP HTTPS

TLS

Which of the following tool can be used to automate the setup of an evil twin? Wi-Fi Apple Wi-Fi Root Wi-Fi Pineapple Wi-Fi Orange

Wi-Fi Pineapple

Which of the following nmap command is used for file-exclusion? nmap -os nmap -iL /tmp/scanlist.txt --excludefile /tmp/exclude.txt nmap -o nmap -iLex /tmp/scanlist.txt --excludefile /tmp/exclude.txt

nmap -iL /tmp/scanlist.txt --excludefile /tmp/exclude.txt

Which of the following command is used to perform FIN scan? nmap -sF nmap -sS nmap -sX -v nmap -sT

nmap -sF

What is a session ID? A session ID is a unique number that a web browser assigns to a specific user for the duration of the user's visit. A session ID is a unique number that an administrator assigns to a specific user for the duration of the user's visit. A session ID is a unique number that a web server assigns to a specific user for the duration of the user's visit. A session ID is a unique number that an ISP assigns to a specific user for the duration of the user's visit.

A session ID is a unique number that a web server assigns to a specific user for the duration of the user's visit.

Eros wants to change a configuration file on his Linux computer. He first wants to display the entire file contents. Which tool would he use? a. display b. cat c. show d. head

b. cat

Which refers to a situation in which keys are managed by a third party, such as a trusted CA? a. Remote key administration b. Trusted key authority c. Key authorization d. Key escrow

d. Key escrow

Which of the following is NOT a reason that threat actors use PowerShell for attacks? a. It can be invoked prior to system boot. b. Most applications flag it as a trusted application. c. It leaves behind no evidence on a hard drive. d. It cannot be detected by antimalware running on the computer.

a. It can be invoked prior to system boot.

How is confidentiality achieved through IPsec? a. AuthX b. ISAKMP c. AHA d. ESP

d. ESP AH (Authentication Header ) protocol = Authentication ESP (Encapsulating Security Payload) = confidentiality

Which of the following command is used to perform xmas tree scan? nmap -sX -v nmap -sF nmap -sT nmap -sS

nmap -sX -v

Which of the following best describes two-person integrity control? Assigning two individuals as the head of the organization Assigning two security guards to protect the building Assigning two administrators to a single server Allowing only two people to access specific resources at one time

Assigning two security guards to protect the building

Which of the following is achieved by Security Orchestration, Automation, Response (SOAR)? Availability Automation Integrity Confidentiality

Automation

Craig needs to ensure that both sender and receiver access a counter that computes a new value whenever a ciphertext block is exchanged. Which cipher mode would Craig use to achieve this? ECB CTR CBC CPS

CTR Counter (CTR)

Which of the following is responsible for issuing digital certificates? Certificate signing request (CSR) Certificate authority (CA) International Standards Organization (IS0) Registration authority

Certificate authority (CA)

Which of the following contains the set of rules that govern the operation of a PKI? Electronic code book (ECB) Certificate policy (CP) Signature resource guide (SRG) Certificate practice statement (CPS)

Certificate policy (CP) (Public Key Infrastructure (PKI))

In which cipher mode is each block of plaintext XORed with the previous block of ciphertext before being encrypted? Electronic code book (ECB) Cipher block chaining (CBC) Counter (CTR) Galois/counter (GCM)

Cipher block chaining (CBC)

Which of the following tools can be used to conduct a Distributed Denial-of-Service (DDoS) attack? [Choose all that apply] DAVOSET HTTP Unbearable Load King (HULK) Nemesy UDP Flooder

DAVOSET HTTP Unbearable Load King (HULK) Nemesy UDP Flooder

You are assigned to hunt for traces of a dangerous DNS attack in a network. You need to capture DNS attacks that can compromise DNS replies to all devices in the network. What type of DNS attack should you look for? DNS poisoning DNS hijacking DNS amplification attack DNS botnet attack

DNS hijacking

Which of the following attack is also known as DNS spoofing? Domain Hijacking DNS poisoning Universal Resource Locator (URL) Redirection DNS Hijacking

DNS poisoning

You are working as a cybersecurity administrator for your country's government. You are asked to block certain websites in your country deemed critical of those in power. Which of the following methods should you use? MITM DNS poisoning DDoS Session replay

DNS poisoning

Which of the following type of security control are CCTV cameras? [Choose all that apply] Deterrent Preventive Detective Corrective

Deterrent Detective

John is planning to send a critical company document online to Edwin. There is a high risk that John's competitor, Sam, might intervene in this exchange by making malicious changes to the document before Edwin receives it, tricking Edwin into thinking that this document is from John. Which technology should John use to ensure that this type of fraud does not take place? Digital signature Digital certificate Digital digest Physical signature

Digital certificate

A root CA should always be kept online. [TRUE/FALSE] TRUE FALSE

FALSE

Which of the following is a condition that is shown as a result when it does not exist? False Negative False Positive Negative Negative True Positive

False Positive False Positive = alarm / no problem False Negative = no alarm / problem

Before a user requests a certificate from a CA, which of the following tasks must be completed? Embed the public key into the certificate Sign the Certificate Signing Request (CSR) with a public key Complete the information for CSR Generate private and public keys

Generate private and public keys

The CEO of a 10-person organization has asked Rick to implement digital certificates while keeping the cost low. Which of the following model should Rick implement? Distributed trust model Bridge trust mode Hierarchical trust model Web of trust model

Hierarchical trust model

Which secure protocol allows users without any specialized training for specific security procedures to use security tools by executing programs and applications without depending on underlying communications protocols and not requiring programs and software to be modified while using it? Transport layer security (TLS) IP security (IPsec) Hypertext transport protocol secure (HTTPS) Real-time transport protocol (RTP)

IP security (IPsec)

Which of the following type of vulnerability scan can also attempt to exploit the vulnerabilities? Intrusive Non-credentialed Credentialed Non-intrusive

Intrusive

Which of the following is globally unique in the system? MAC address Gateway Subnet Mask IP address

MAC address

Which of the following can be triggered when a document opens? PowerShell script Python script Bash script Macro

Macro

Which of the following method of threat hunting includes disrupt, deny, destroy, and degrade actions? Intelligence Fusion Security Advisory Threat Feeds Maneuvering

Maneuvering

Which of the following can be used to detect if a Trojan has infected a system? Netstat Fortify Telnet Acunetix

Netstat

You submitted a network security review report for your organization. After an inspection, the report was returned for corrections with comments from the organizational head. The review report you sent was a pdf file, whereas the returned report was a Microsoft Word file. Word warns you that the file might not be safe to open. Which of the following actions should you take to prevent a possible macros attack? Open the file in protected view Move the file to a trusted location Designate the file as a trusted document Delete the file permanently

Open the file in protected view

Which of the following is an open source toolkit used to implement the SSLv3 and TLS v1 protocols? Stunnel Nessus OWASP OpenSSL

OpenSSL

You are asked to create a certificate signing request for a website that your organization recently developed. Which of the following tools should you use? dnsenum theHarvester OpenSSL nslookup

OpenSSL

Which type of certificate file format contains private and public keys and is protected by a password? .cer Privacy enhanced mail (PEM) P12 Personal information exchange (PFX)

Personal information exchange (PFX)

If you are using a USB data blocker, which type of security control are you using? Preventive Corrective Detective Directive Deterrent

Preventive

Which of the following entity in the certificate authority (CA) hierarchy validates the certificate request from a client? Root CA Intermediate CA Leaf CA Registration Authority (RA)

Registration Authority (RA)

Which of the following best describes robot sentries? Robot sentries are robots that have access to an enterprise's secret data. Robot sentries are robots that act as fire suppressors. Robot sentries are robots that have an internal CCTV system installed. Robot sentries are robots that have access to all the confidential data of an enterprise.

Robot sentries are robots that have an internal CCTV system installed.

Which protocol provides a secure extension to transmissions using the real-time transport protocol? Secure shell (SSH) Transport layer security (TLS) Hypertext transport protocol secure (HTTPS) Secure real-time transport protocol (SRTP)

Secure real-time transport protocol (SRTP) --- Secure Real-time Transport Protocol (SRTP) has several similarities to S/MIME. Just as S/MIME is intended to protect MIME communications, SRTP is a secure extension protecting transmissions using the Real-time Transport Protocol (RTP). Also, as S/MIME is designed to protect only email communications, SRTP provides protection for Voice over IP (VoIP) communications. SRTP adds security features, such as message authentication and confidentiality, for VoIP communications.

ABC Manufacturing Company is located in Hiroshima, Japan. Being prone to earthquakes, the company decided to implement a backup of their data on a Singapore server. The IT administrator contacted you to identify the optimal command interface protocol for this backup. Which command interface protocol should you advise? Secure sockets layer Transport layer security Secure shell Hypertext transport protocol secure

Secure shell

Which of the following is used for continuous monitoring of logs? User Behavior Analysis (UBA) Security information and event management (SIEM) Intrusion Detection Systems (IDS) Firewall

Security information and event management (SIEM)

Which of the following certificates should you use with a Web server for testing purposes? Code Signing Wildcard Self-Signed Subject Alternative Name (SAN)

Self-Signed

In an organization, in which of the following places would you install a fire suppression system? [Choose all that apply] Cafetaria Building Entrance Server Room Datacenter

Server Room Datacenter

In an interview, you are asked about the objective of Microsoft Office's protected view function. Which of the following should be your answer? To protect your devices from infections To protect your devices from physical damage To protect your eyes from blue light strain To protect your files from unauthorized access

To protect your devices from infections

You are a security expert asked to install physical security equipment in your enterprise. This device should ensure that employee devices are protected from unauthorized access when they are away. Which equipment should you install? Bollards Protected cable distribution Faraday cage Vaults

Vaults

Which of the following tools has a graphical user interface (GUI)? Traceroute Ping Wireshark Tcpdump

Wireshark

What entity calls in crypto modules to perform cryptographic tasks? a. Crypto service provider b. Intermediate CA c. Certificate Authority (CA) d. OCSP

a. Crypto service provider

Juan needs a certificate that must only authenticate that a specific organization has the right to use a particular domain name. What type of certificate does he need? a. Domain validation b. Website validation c. Root d. Extended validation

a. Domain validation

Calix was asked to protect a system from a potential attack on DNS. What are the locations he would need to protect? a. Host table and external DNS server b. Web server buffer and host DNS server c. Reply referrer and domain buffer d. Web browser and browser add-on

a. Host table and external DNS server Host table is the local cache stored in the /etc/ directory or Windows\System32\drivers\etc

Which of the following is NOT true about VBA? a. It is being phased out and replaced by PowerShell. b. It is commonly used to create macros. c. It is built into most Microsoft Office applications. d. It is included in select non-Microsoft products.

a. It is being phased out and replaced by PowerShell. (Visual Basic for Applications (VBA)) -event-driven Microsoft programming language -automate processes

What is the result of an ARP poisoning attack? a. The ARP cache is compromised. b. Users cannot reach a DNS server. c. MAC addresses are altered. d. An internal DNS must be used instead of an external DNS.

a. The ARP cache is compromised. (IP address and the corresponding MAC address are stored in an ARP cache Threat actors take advantage of a MAC address stored in a ARP cache to change the data so that an IP address points to a different device. This attack is known as ARP poisoning and uses spoofing, which is deceiving by impersonating another's identity.)

Olivia is explaining to a friend about digital certificates. Her friend asks what two entities a digital certificate associates or binds together. What would Olivia say? a. The user's identity with their public key b. The user's symmetric key with the public key c. The user's public key with their private key d. A private key with a digital signature

a. The user's identity with their public key

Gregory wants to look at the details about the path a packet takes from his Linux computer to another device. Which Linux command-line utility will he use? a. traceroute b. tracert c. tracepacket d. trace

a. traceroute

Which of the following is a tool for editing packets and then putting the packets back onto the network to observe their behavior? a. Tcpdump b. Wireshark c. Tcpreplay d. Packetdump

c. Tcpreplay Tcpdump - command line packet analyser wireshark - a packet scanner (has GUI)

What is Bash? a. The open source scripting language that contains many vulnerabilities b. The underlying platform on which macOS is built c. The command-language interpreter for Linux/UNIX OSs d. A substitute for SSH

c. The command-language interpreter for Linux/UNIX OSs

Which is the first step in a key exchange? a. The web server sends a message ("ServerHello") to the client. b. The web browser verifies the server certificate. c. The web browser sends a message ("ClientHello") to the server. d. The browser generates a random value ("pre-master secret").

c. The web browser sends a message ("ClientHello") to the server.

What is the file extension for a Cryptographic Message Syntax Standard based on PKCS#7 that defines a generic syntax for defining digital signature and encryption? a. .P12 b. .cer c. .xdr d. .P7B

d. .P7B X.509 File Formats

A centralized directory of digital certificates is called a(n) _____. a. Digital signature permitted authorization (DSPA) b. Authorized digital signature (ADS) c. Digital signature approval List (DSAP) d. Certificate repository (CR)

d. Certificate repository (CR)

What is the difference between a DoS and a DDoS attack? a. DoS attacks are faster than DDoS attacks. b. DoS attacks do not use DNS servers as DDoS attacks do. c. DoS attacks use more memory than DDoS attacks. d. DoS attacks use fewer computers than DDoS attacks.

d. DoS attacks use fewer computers than DDoS attacks.

Which attack intercepts communications between a web browser and the underlying OS? a. DIG b. Interception c. ARP poisoning d. Man-in-the-browser (MITB)

d. Man-in-the-browser (MITB)

Elton needs his application to perform a real-time lookup of a digital certificate's status. Which technology would he use? a. Staple b. Certificate Revocation List (CRL) c. Real-Time CA Verification (RTCAV) d. Online Certificate Status Protocol (OCSP)

d. Online Certificate Status Protocol (OCSP)

Theo uses the Python programming language and does not want his code to contain vulnerabilities. Which of the following best practices would Theo NOT use? a. Download only vetted libraries. b. Use the latest version of Python. c. Use caution when formatting strings. d. Only use compiled and not interpreted Python code.

d. Only use compiled and not interpreted Python code.

Which of the following is a third-party OS penetration testing tool? a. scanless b. Nessus c. theHarvester d. sn1per

d. sn1per

Which of the following command is used to detect OS on a target? nmap -iLex /tmp/scanlist.txt --excludefile /tmp/exclude.txt nmap -iL /tmp/scanlist.txt --exclude /tmp/exclude.txt nmap -o nmap -os

nmap -o


Related study sets

COMP (Chapter 2: Strategy - Totality of Decisions)

View Set

CHAPTER 13: NERVOUS SYSTEM (SPINAL AND SPINAL NERVES)

View Set

Islam and Christianity in Dialogue Midterm

View Set

eunsik chang exam 1 review homework questions 1-4

View Set

Geography U.S. and Canada Chapter 6

View Set