security plus, SYO-601 VIS
DAC
In computer security, discretionary access control (DAC) is a type of access control defined by the Trusted Computer System Evaluation Criteria "as a means of restricting access to objects based on the identity of subjects and/or groups to which they belong
role-BAC
In computer systems security, role-based access control (RBAC) is an approach to restricting system access to authorized users. ... RBAC is sometimes referred to as role-based security. Role-based-access-control (RBAC) is a policy neutral access control mechanism defined around roles and privileges.
MAC
In cryptography, a message authentication code (MAC), sometimes known as a tag, is a short piece of information used to authenticate a message—in other words, to confirm that the message came from the stated sender (its authenticity) and has not been changed
Which SIEM feature would be best for long-term storage and security?
Logs/WORM
Malicious USB
Looks like a normal USB, but it contains additional electronics inside.
When implementing a security solution for mobile devices, which two common use cases are of primary concern? (Choose two.)
Lower power devices, low latency
When implementing a security solution for mobile devices, which two common use cases are of primary concern? (Choose two.)
Lower power devices, low latency
Password history
Remembers past passwords and prevents users from reusing them
You need to implement an independent network within your private LAN. Only users in the Research and Development department should be able to access the independent network. Which type of network should you deploy?
a VLAN
Your company is establishing new employment candidate screening processes. Which of the following should be included? (Choose all that apply.)
A employment candidate screening process should include all of the following actions: • Check all references. • Verify all education. • Review military records and experience. • Perform a background check and drug screening according to company policy.
Your company has decided to install multiple types of monitoring devices on your network. Which type of monitoring is most likely to produce a false alert?
anomaly-based
Port aggregation
A method for joining two or more switch ports logically to increase bandwidth.
NIC teaming
A type of link aggregation in which two or more NICs work in tandem to handle traffic to and from a single node.
Initialization Vector (IV)
A type of nonce. A way to add randomization to the encryption scheme that's being used. We are able to add an IV to an encryption key that we're using, making the overall encryption much stronger.
Differential backup
A type of partial backup that involves copying all changes made since the last full backup. Thus, each new differential backup file contains the cumulative effects of all activity since the last full backup.
Incremental backup
A type of partial backup that involves copying only the data items that have changed since the last partial backup. This produces a set of incremental backup files, each containing the results of one day's transactions
Which concept involves contracting with a third party who will provide a location and equipment to be used in the event of an emergency?
Alternate processing sites
Zigbee
Alternative to WIFI and Bluetooth-Longer distances than Bluetooth, Less power consumption than WIFI.(ioT uses this for communication).
Screened subnet
An additional layer of security between the Internet and you. Controlled access usually through a firewall and people coming in through the internet will have access to the services on the screen subnet.
Stream cipher
An algorithm that takes one character and replaces it with one character. Encrpy byte by byte. Quick with little hardware utilization.
Elliptic Curve Cryptography (ECC)
An algorithm that uses elliptic curves instead of prime numbers to compute keys like how asymmetric keys do.
WinHex
Forensics tool for Windows that allows collection and inspection of binary code in disk and memory images.
What is typically part of an information policy?
classification of information
Passive Footprinting
collecting information from publicly accessible sources. Part of reconnesonsce
IP config
command on windows allows you to view the configuration of network interfaces.
You are designing an access control system for a new company. The company has asked that you ensure that users are authenticated with a central server. In addition, users should only have access to the files they need to perform their jobs. When implementing access control, what is the appropriate order?
identification, authentication, and authorization
You have recently been hired as a security administrator for your company. In the security documentation, it mentions that message authentication code (MAC) is implemented. What does this ensure?
message integrity
Hybrid cloud
mix of private, public, or community
Which type of attack redirects you to a fake Web site?
hyperlink spoofing
TOTP
30 second password
A Web server is located on a DMZ segment. The Web server only serves HTTP pages, and there are no other computers on the DMZ segment. You need to configure the DMZ to ensure that communication can occur.Which port should be opened on the Internet side of the DMZ firewall?
80
Your company management has recently purchased a RADIUS server. This RADIUS server will be used by remote employees to connect to internal resources. You need to ensure that multiple client computers, including Windows Vista and Windows 7, are able to connect to the RADIUS server in a secure manner. What should you deploy?
802.1x
Jump Server/Jump Host/Jumpbox
A computer on a network used to access and manage devices in a separate security zone - Most common example: managing a host in a DMZ from trusted networks or computers
Your company issues mobile devices to certain personnel. You enable a screen lock on each of the devices that requires users to enter a code. You need to ensure that the device cannot be used if a wrong code is entered five times in a row. What should you do?
Enable lockout.
Your company issues mobile devices to certain personnel. You enable a screen lock on each of the devices that requires users to enter a code. You need to ensure that the device cannot be used if a wrong code is entered five times in a row. What should you do?
Enable lockout.
VPC Endpoint Gateway
Enables Amazon S3 and Amazon DynamoDB access from within your VPC without using an Internet gateway or NAT, and allows you to control the access using VPC endpoint policies.
Encryption protocols
Encrypt Data in transit to protect its confidentiality they include FTPS
vulnerability scanners
PASSIVELY tests security controls to identify vulnerabilities.
Recently, your organization has experienced several password attacks. Management has asked you to provide additional security to ensure that this does not happen again. You decide to implement a key stretching function. Which of the following could you use? (Check all that apply.)
PBKDF2, Bcrypt
Your client is migrating from an Apache-based server to a Windows server. Which X.509 certificate file extension is NOT going to be compatible with the new server?
PEM
Your client is migrating from a Windows-based server to an Apache server. You need to convert the current X.509 certificate so that it can be used on the new Apache server. What is the original file extension for the X.509 certificate?
PFX
Your client is migrating from a Windows-based server to an Apache server. You need to convert the current X.509 certificate so that it can be used on the new Apache server. What is the original file extension for the X.509 certificate?
PFX
Your client is migrating from a Windows-based server to an Apache server. You need to convert the current X.509 certificate so that it can be used on the new Apache server. What is the original file extension for the X.509 certificate?
PFX
You are working on a new security system for a federal courthouse. You must ensure that both employees and contractors are able to enter the building using certificate-based authentication. Which authentication system should you integrate?
PIV
You are working on a new security system for a federal courthouse. You must ensure that both employees and contractors are able to enter the building using certificate-based authentication. Which authentication system should you integrate?
PIV
MAC address
Physical address of a network adapter. 48 bits long written in hexadecimal The first three bytes is the Organizationally Unique Identifier(OUI), the manufacturer. The last three bytes is the Network Interface Controller Specific(The serial number).
code signing
The process of assigning a certificate to code. The certificate includes a digital signature and validates the code.
Shimming
The process of developing and implementing additional code between an application and the operating system to enable functionality that would otherwise be unavailable. Filling in the space between two objects-A middleman.
e-discovery
The process of identifying and retrieving relevant electronic information to support litigation efforts.
Tokenization
The process of replacing sensitive data with unique identification symbols that retain all the essential information about the data without compromising its security.
frame switching
The process that occurs every time the switch receives a frame and needs to determine where to send that information.
Signature based IDS or IPS
uses signatures to detect known attacks or vulnerabilities
OAuth
An open source standard used for authorization with Internet-based single sign-on solutions.
White Team
Staff administering, evaluating, and supervising a penetration test or incident response exercise.
EAP-TLS
"EAP-Transport Layer Security--Uses PKI, requiring both server-side and client-side certificates."
Elasticity
-Increase or decrease available resources as the workload changes
Shell script
-Scripting the Unix/Linux shell • Automate and extend the command line -Starts with a shebang or a hash-bang #! • Often has a ".sh" file extension
Python
.py file extension general purpose programming language for many OS. Commonly used in a clouyd based environment.
Management has asked you to implement MD5 to verify data integrity. However, you are concerned that MD5 is not strong enough. Which size checksum does this algorithm produce?
128-bit
Your organization has decided to implement an encryption algorithm to protect data. One IT staff member suggests that the organization use IDEA. Which strength encryption key is used in this encryption algorithm?
128-bit
Your organization has decided to implement an encryption algorithm to protect data. One IT staff member suggests that the organization use IDEA. Which strength encryption key is used in this encryption algorithm?
128-bit
MD5 - Message Digest 5
128-bit hash based on variable-length plaintext
A user complains that he is unable to communicate with a remote virtual private network (VPN) using L2TP. You discover that the port this protocol uses is blocked on the routers in your network. You need to open this port to ensure proper communication. Which port number should you open?
1701
A server is located on a DMZ segment. The server only provides FTP service, and there are no other computers on the DMZ segment. You need to configure the DMZ to ensure that communication can occur. Which port should be opened on the Internet side of the DMZ firewall?
20
A server is located on a DMZ segment. The server only provides FTP service, and there are no other computers on the DMZ segment. You need to configure the DMZ to ensure that communication can occur. Which port should be opened on the Internet side of the DMZ firewall?
20
Real-Time Transport Protocol (RTP)
A Layer 4 protocol that carries voice (and interactive video). SRTP adds encryption to this protocol.
dd command
A Linux command that can be used to write image files to a device such as a USB flash memory drive or hard disk.
Pathping
A TCP / IP command that provides information about latency and packet loss on a network.
You are the security administrator for an organization. Management decides that all communications on the network should be encrypted using the data encryption standard (DES) or Triple DES (3DES) algorithm. Which statement is true of these algorithms?
A Triple DES (3DES) algorithm uses 48 rounds of computation.
Remote Access Trojan (RAT)
A Trojan that also gives the threat agent unauthorized remote access to the victim's computer by using specially configured communication protocols.(backdoor)
SSL VPN (Secure Socket Layer VPN)
A VPN format that works with a web browser-installing a separate client is not necessary. For individuals communicating to the network from outside(public WIFI).
DLL (Dynamic Link Library)
A Windows library containing code and data. Many applications use this library.
You are creating an IDS solution for your company's network. You define a rule that prevents an e-mail client from executing the cmd.exe command and alerts you when this is attempted. Which type of IDS are you using?
A behavior-based
Thin client
A client that relies on another host for the majority of processing and hard disk resources necessary to run applications and share files over the network.
FTK Imager
A data preview and imaging tool that lets you quickly assess electronic evidence to determine if further analysis with a forensic tool is needed
Power Distribution Unit (PDU)
A device fitted with multiple outputs designed to distribute electric power, especially to racks of computers and networking equipment located within a data center.
Hardware Security Module (HSM)
A device that can safely store and manage encryption keys. This can be used in servers, data transmission, protecting log files, etc.
Blockchain
A digital ledger in which transactions made in bitcoin or another cryptocurrency are recorded chronologically and publicly. People check each other creating a check and balance.
Tabletop Exercise
A discussion-based exercise where participants talk through an event while sitting at a table or in a conference room. It is often used to test business continuity plans.
Request for Comments (RFC)
A document published by the IETF that details information about standardized Internet protocols and those in various development stages. RFC 3833:Threat analysis of the Domain Name system. RFC 7624: Confidentiality in the Face of Pervasive Surveillance.
Steganography
A field within cryptography; uses images to hide data.
Archive bit
A file attribute that can be checked (or set to "on") or unchecked (or set to "off") to indicate whether the file needs to be archived. An operating system checks a file's archive bit when it is created or changed.
Stateless firewall
A flrewall that manages and maintains the connection state of a session using the filter and ensures that only authorized packets are permitted in sequence.
Diamond Model of Intrusion Analysis
A framework for analyzing cybersecurity incidents and intrusions by exploring the relationships between four core features: adversary, capability, infrastructure, and victim
STIX (Structured Threat Information eXpression)
A framework for analyzing cybersecurity incidents.
Extensible Authentication Protocol (EAP)
A framework for transporting authentication protocols that defines the format of the messages.
Red team
A group of people authorized and organized to emulate a potential adversary's attack or exploitation capabilities against an enterprise's security posture. The Red Team's objective is to improve enterprise Information Assurance by demonstrating the impacts of successful attacks and by demonstrating what works for the defenders (i.e., the Blue Team) in an operational environment.
Trusted Platform Module (TPM)
A hardware platform for the acceleration of cryptographic functions and the secure storage of associated information.
PBKDF2 (Password-Based Key Derivation Function 2)
A key stretching technique that adds additional bits to a password as a salt. This method helps prevent brute force and rainbow table attacks. Bcrypt is a similar key stretching technique.
MITRE ATT&CK Framework
A knowledge base maintained by the MITRE Corporation for listing and explaining specific adversary tactics, techniques, and common knowledge or procedures
Water Hole Attack
A malicious attack that is directed toward a small group of specific individuals who visit the same website.
XML (Extensible Markup Language)
A markup language that is designed to carry data, in contrast to HTML, which indicates how to display data.
False Acceptance Rate (FAR)
A measurement of the percentage of invalid users that will be falsely accepted by the system. This is called a Type II error. Type II errors are more dangerous than Type I errors.
False Rejection Rate (FRR)
A measurement of valid users that will be falsely rejected by the system. This is called a Type I error.
FDE (Full Disk Encryption)
A method to encrypt an entire disk. Compare with SED.
Galois/Counter Mode (GCM)
A mode that starts with CTR mode, but adds a special data type known as a Galois field to add integrity and provide authentication.
System on a Chip (SoC)
A modern microprocessor that contain the CPU, memory, and peripheral interfaces; a miniature computer; an example is the Raspberry Pi.
Nmap
A network utility designed to scan a network and create a map. Frequently used as a vulnerability scanner.
nonce
A number used once. Cryptography elements frequently use a nonce to add randomness.
time-based one-time password (TOTP)
A one-time password that changes after a set period of time. Commonly seen with token generators.
Continuity of Operations Plan (COOP)
A predetermined set of instructions or procedures that describe how an organization's mission essential functions will be sustained within 12 hours and for up to 30 days as a result of a disaster event before returning to normal operations.
Cipher Block Chaining (CBC)
A process in which each block of unencrypted text is XORed with the block of cipher text immediately preceding it before it is encrypted using the DES algorithm.
Electronic Code Book (ECB)
A process in which plaintext is divided into blocks and each block is then encrypted separately. The problem is that theres no randomization to the key that is used. So each block of data looks very similar to the block of data thtat was there previously.
Version Control
A process to keep track of what changes were made to what files so that a specific version can be referred to and improvements in multiple versions can be merged together.
FPGA (Field Programmable Gate Array)
A processor that can be programmed to perform a specific function by a customer rather than at the time of manufacture. More flexible than SoC. Ability to add new capability or modify the functionality of the device by simply adding new software which will reprogram the FPGA.
Race Condition
A programming flaw that occurs when two sets of code attempt to access the same resource. The first one to access the resource wins, which can result in inconsistent results. If your software has not plan for these type of situation, the results can be disastrous.
Online Certificate Status Protocol (OCSP)
A protocol that performs a real-time lookup of a certificate's status.
Certificate Revocation List (CRL)
A repository that lists revoked digital certificates.
Cuckoo
A sandbox for malware-Test a file or executables in a safe environment A virtualized environment for Windows, Linux, macOS, Android Track and trace-API calls, network traffic, memory analysis, traffic captures, and screenshots.
DHCP snooping
A security feature on switches whereby DHCP messages on the network are checked and filtered.
Honeypots
A seemingly tempting, but bogus target meant to draw hacking attempts. By monitoring infiltration attempts against a honeypot, organizations may gain insight into the identity of hackers and their techniques, and they can share this with partners and law enforcement.
Indicator of Compromise (IOC)
A set of conditions or evidence that indicates a system may have been compromised.
IPSec (Internet Protocol Security)
A set of open, non-proprietary standards that you can use to secure data as it travels across the network or the Internet through data authentication and encryption. Uses AH for integrity and ESP(Encapsulations Security Payload) for encryption.
Endpoint Detection and Response (EDR)
A software agent that collects system data and logs for analysis by a monitoring system to provide early detection of threats EDR is going to use other mechanisms to find malicious software other than just signatures-Behavioral analysis, machine learning, process monitoring. This can be done from a relatively lightweight agent on the endpoint.
openSSL
A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end
adware
A software program that delivers advertising content in a manner that is unexpected and unwanted by the user.
dynamic analysis (fuzzing)
A software testing technique that deliberately provides invalid, unexpected, or random data as inputs to a computer program.
Certificate Signing Request (CSR)
A specially formatted encrypted message that validates the information the CA requires to issue a digital certificate.
Ciphertext
A string of text that has been converted to a secure form using encryption.
Registration Authority (RA)
A subordinate entity designed to handle specific CA tasks such as processing certificate requests and authenticating users.
DNSSEC (Domain Name System Security Extensions)
A suite of extensions to DNS used to protect the integrity of DNS records and prevent some DNS attacks.
protected distribution system (PDS)
A system of cable conduits that is used to protect classified information being transmitted between two secure areas. usually behind a metal conduit.
Data Loss Prevention (DLP)
A system that can identify critical data, monitor how it is being accessed, and protect it from unauthorized users.
UEBA (user and entity behavior analytics)
A system that can provide automated identification of suspicious activity by user accounts and computer hosts.
mail gateway
A system that monitors emails for unwanted content and prevents these messages from being delivered.
swap file (page file)
A temporary storage area on the hard drive where the operating system "swaps out" or moves the data or instructions from random access memory (RAM) that haven't recently been used. This process takes place when more RAM space is needed.
Managed service provider (MSP)
A third party that manages aspects of a system under some form of service agreement.
Computer hoax
A threat that doesn't actually exist, but they seem like they could be real.
spyware
A type of Malware that locates and saves data from users without them knowing about it. May capture keystrokes.
Logic bomb
A type of attack that occurs when a separate event is triggered.
Pass the Hash Attack
A type of relay attack. Attacker captures the hash value associated with a password during the authentication process. Attacker can send the hash to the server pretending to be the original user, gaining access to that password. Salt/encrypt your hash to solve this problem.
In which situation does cross-site scripting (XSS) pose the most danger?
A user accesses a financial organization's site using his or her login credentials
WPS (Wi-Fi Protected Setup)
A user-friendly—but not very secure—security setting available on some consumer-grade APs. Part of the security involves requiring a PIN in order to access the AP's settings or to associate a new device with the network. First half, 4 digits. Second half, 3 digit. Meaning the first has 10,000 possibilities, and second half, 1,000 possibilities, making it even more easy to brute force
Threat maps
A visual perspective of where attacks may be originating and where they may be going.
Recently, your organization implemented a new security policy which states that watermarks must be used for all copyrighted material. Which statement is true of a watermark?
A watermark can enable you to detect copyright violations.
Air gap
A way to provide a physical separation between devices or between networks.
SDV (software defined visibility)
APIs for reporting configuration and state data for automated monitoring and alerting.
You have a mobile sales force that must regularly access customer records from remote sites. You are concerned about security in the event a laptop or tablet is stolen. You want to implement measures that would not only include user authentication via username and password, but also evaluate other factors, such as time of day and location. What should you implement?
ABAC
symmetric encrypting
AES, DES, 3DES, Blowfish and TwoFish
Annual loss expectancy formula
ALE = SLE * ARO
Your employees are allowed to use personal fitness monitors and other wearable devices inside your facility. You are concerned about proprietary communication with these devices. Which of these technologies is the wireless communication with which you should be concerned?
ANT
Your company implements Kerberos 5 to provide authentication services. Which entity in this deployment authenticates users?
AS
Split Tunnel VPN
An encrypted connection used with VPN's that only encrypts traffic going to private IP addresses used in the private network.
reverse proxy servers
Accept traffic from the internet and forward it to one or more internal web servers. The reverse proxy server is placed in the DMZ and the web servers can be in the internal network.
Bluesnarfing Attack
Access to a Bluetooth-enabled devices and transfer data-Contact list, calendar, email, pictures/videos, etc.
What type of load balancing configuration would you install if you needed a secondary server to remain on standby until the load on the primary server reached a critical point?
Active-passive
Management has notified you that the mean time to repair (MTTR) a critical hard drive is too high. You need to address this issue with the least amount of expense. What should you do?
Add another hard drive, and implement disk mirroring.
Logger
Add entries to the system log-syslog.
Prepending
Add on something in the beginning of the URL address: pprofessormesser.com
Code Injection
Adding your own information into a data stream-often enabled due to bad programming.
You are incorporating a perimeter network into a network redesign and are adding several new devices to enhance security. Which of these would NOT be best placed in the new perimeter network?
Aggregation switches
How can you keep the production network safe from vulnerabilities that may be caused by a failed test in the R&D department?
Airgapping
How can you keep the production network safe from vulnerabilities that may be caused by a failed test in the R&D department?
Airgapping
Authentication
Allows entities to prove their identity
Fat AP
Also known as a standalone AP includes everything needed to connect wireless clients to a wireless network.
Which concept involves contracting with a third party who will provide a location and equipment to be used in the event of an emergency?
Alternate processing sites
Block Cipher
An encryption method that encrypts data in fixed-sized blocks. Compare with stream cipher.
MAC Cloning
An Attacker changes their MAC address to match the MAC address of an existing device(Clone/Spoof), that's either on the network or has recently left the network. Circumvent any filters.
You need to install a network-based intrusion detection system (NIDS) for your company. Which statement is NOT a characteristic of this device?
An NIDS analyzes encrypted information.
You need to install a network-based intrusion detection system (NIDS) for your company. Which statement is NOT a characteristic of this device?
An NIDS analyzes encrypted information.
You are researching the RSA encryption algorithm. You need to provide some basic facts about this algorithm to your organization's management team so they can decide if they want to implement it on the organization's network. Which statement is NOT true of this algorithm?
An RSA algorithm is an example of symmetric cryptography, RSA encryption algorithms do not deal with discrete logarithms,
Distinguished Encoding Rules (DER)
An X.509 encoding format. A Binary format. It is a very common format that you'll see when you're deploying things for applications using Java.
PKCS#12
An X.509 file format that is one of a numbered set of 15 standards defined by RSA Corporation.
Web Application Firewall (WAF)
An appliance, server plugin, or filter that applies a set of rules to an HTTP conversation. Generally, these rules cover common attacks such as cross-site scripting (XSS) and SQL injection
Monolithic Architecture
An application has a monolithic architecture if it contains the entire application code in a single codebase. (Single Tiered App)
Downgrade Attack
An attack in which the system is forced to abandon the current higher security mode of operation and fall back to implementing an older and less secure mode.
Wireless jamming
An attack that causes all mobile devices to lose their association with corporate access points while the attack is underway
Domain Hijacking
An attack that changes the registration of a domain name without permission from the owner.
cross-site request forgery (XSRF)
An attack that exploits the trust a website has in a user's browser in an attempt to transmit unauthorized commands to the website. Attempts gets your computer to create request on their behalf using your credential.
XML injection
An attack that injects XML tags and data into a database.
DLL injection
An attack that injects a Dynamic Link Library (DLL) into memory and runs it. Attackers rewrite DLL, inserting malicious code
Cross-Site Scripting (XSS)
An attack that injects scripts into a Web application server to direct attacks at clients.
Buffer Overflow
An attack that occurs when a process attempts to store data in RAM beyond the boundaries of a fixed-length storage buffer. Happens due to poor programming, developers need to perform bounds checks to prevent overwriting of different sections of the RAM.
Birthday attack
An attack that searches for any two digests that are the same.
Bluejacking
An attack that sends unsolicited messages to Bluetooth-enabled devices.
DNS poisoning
An attack that substitutes DNS addresses so that the computer is automatically redirected to an attacker's device.
DDoS Amplification attack
An attack that takes advantage of a resource/bandwidth disparity between an attacker and the victim. Many small requests are made that result in a large request, thus overwhelming or flooding a system.
SQL Injection
An attack that targets SQL servers by injecting commands to be manipulated by the database. Circumvent the web front end, to gain access to the database.
hacktivist
An attacker who launches attacks as part of an activist movement or to further a cause.
You have set up an auditing system for the servers on your network. Which three statements regarding an audit trail are NOT true? (Choose three.)
An audit trail is a preventive control, An audit trail does not record successful login attempts, An audit trail is reviewed only when an intrusion is detected.
Perfect Forward Secrecy (PFS)
An encryption method that ensures that a session key derived from a set of long-term keys cannot be compromised if one of the long-term keys is compromised in the future. To work properly, PFS requires two conditions: Keys must not be reused, and new keys must not be derived from previously used keys.
Symmetric encryption
An encryption method whereby the same key is used to encode and to decode the message
Hping
An enhanced Ping utility for crafting TCP and UDP packets to be used in port-scanning activities
Rainbow tables
An optimized prebuilt set of hashes. Saves time and storage space. Contains pre calculated hash chains.
During the recent development of a new application, the customer requested a change. You must implement this change according to the change control process. What is the first step you should implement?
Analyze the change request
During the recent development of a new application, the customer requested a change. You must implement this change according to the change control process. What is the first step you should implement?
Analyze the change request.
NS lookup and DIG
Are two command line tools used to query the DNS
Replay attack
Attacker can capture information that can then be replayed across the network to make it look like its coming from you.
Fake Telemetry Data
Attackers will attempt to add their own fake telemetry into the AI's data stream so it can try to trick the machine into thinking that malware is ok.
Spoofing
Attacks attempt to impersonate another system
Orchestration
Automation is the key to cloud computing-Services appear and disappear automatically, or at the push of a button.
ABAC
Attribute based access control
Code reuse/dead code
Code that can be used for some future use, project, etc. Typically better to write clean code that can be minimally modified/refactored in the future.
Which of these represents a decision made when installing a firewall?
Application-based vs. network-based
Which of these requirements would indicate that you needed to install a router as opposed to an NIPS/NIDS?
Anti-spoofing
Data in use
Any data currently being used by a computer(System RAM, CPU registers and cache).
The company who just hired you provides a fixed amount to new employees so that the employee can purchase the laptop of their choice. After the purchase, the employee only needs to submit the receipt. What should you implement so that the company is able to better track the laptops?
Asset management
Your organization has recently adopted a new security policy. As part of this policy, you must implement the appropriate technologies to provide confidentiality. Which technology provides this?
Asymmetric encryption
zero-day attack
Attack between the time a software vulnerability is discovered and a patch to fix the problem is released.
AAA Framework
Authentication, Authorization, and Accounting
Which principle behind a social engineering attack relies on the victim's belief that the attacker is someone who can be trusted, based on the attacker's supposed job title or position?
Authority
Which principle behind a social engineering attack relies on the victim's belief that the attacker is someone who can be trusted, based on the attacker's supposed job title or position?
Authority
Public cloud
Available to everyone over the internet
spraying attack
Avoids the results of a locked account by trying too much. Instead its going to try very common passwords few time and move on.
Which of these options is NOT an aspect of personnel management that relates to general security policies or standard operating procedures?
ISA
You have just installed a new FTP server, but you do not know what information the FTP server is transmitting when a user initially connects to it. Which tool could you use to discover that information, and consequently know what information an attacker could exploit?
Banner grabbing
Recipient filtering
Block all email not addressed to a valid recipient email address
Border firewalls
Block all traffic from private IP addresses
rDNS (Reverse DNS)
Block email where the sender's domain doesn't match the IP address
Which of these issues may result from poor programming processes? (Choose all that apply.)
Buffer overflow Integer overflow Memory leak Pointer dereference
You discover that an investigator made some mistakes during a recent forensic investigation. You need to ensure that the investigator follows the appropriate process for the collection, analysis, and preservation of evidence. Which term should you use for this process?
Chain of custody
You are working on a new security system for a U.S. military installation that is only accessed by military personnel. Which certificate-based authentication system should you integrate?
CAC
Which type of control is an example of a detective control?
CCTV
You are evaluating several biometric authentication systems. Which is the best metric to use to quantify the effectiveness of the subject system?
CER
You need to implement a protocol for dial-up connections that uses a challenge/response mechanism. Which protocol should you use?
CHAP
You need to implement a protocol for dial-up connections that uses a challenge/response mechanism. Which protocol should you use?
CHAP
You suspect that several users are using expired digital certificates and that other digital certificates are very close to expiration. You need to examine the list of serial numbers of digital certificates that have not expired, but should be considered invalid. Which PKI component should you examine?
CRL
VLANS
Can logically separate computers or group computers you can create the with layer three switches
You are building a public-access WiFi system for a new hotel. You want to require the users to accept a fair use policy before connecting to the Internet. Which of the following should you implement?
Captive portal
Cat
Cat If you're using Linux or Mac OS and you want to see the contents of a file, then you want to use the cat command. Cat is short for concatenate.
domain validation digital certificate
Certificate that verifies the identity of the entity that has control over the domain name.
Anything as a Service (XaaS)
Cloud model that delivers IT as a service through hybrid cloud computing and works with a combination of SaaS, IaaS, PaaS,
IP spoofing
Changes the source IP address
MAC address spoofing
Changes the source MAC address
Your company contracts with a third-party janitorial service to clean the offices every night. Which one of these policies presents the greatest risk to the organization if it is NOT implemented?
Clean desk policy
Which application attack tricks a victim into believing they are selecting a button to direct them to a legitimate web site, but that button actually takes them to another site?
Clickjacking
Which cryptographic attack attempts to produce the same hash value from a brute force attack using two inputs?
Collision
Sn1per
Combine many recon tools into a single framework-dnsenum, metasploit, nmap, theHarvester, and much more.
SSL Stripping/HTTP Downgrade
Combines an on-path attack with a downgrade attack - Difficult to implement, but big returns for the attacker • Attacker must sit in the middle of the conversation - Must modify data between the victim and web server - Proxy server, ARP spoofing, rogue Wi-Fi hotspot, etc. • Victim does not see any significant problem - Except the browser page isn't encrypted - Strips the S away from HTTPS • This is a client and server problem - Works on SSL and TLS
Domain Information Groper (DIG)
Command-line tool in non-Windows systems used to diagnose DNS problems.
Cross site requests
Common and legitimate, allows you to see other web pages on a web page. For example, when you're on a site and they link a youtube page where you can watch the youtube video from your site, this is a perfect example of a cross-site request.
macro virus
Common in Microsoft office, this virus type is usually running inside of another application.
Counter(CTR)
Common type of block cipher mode. Uses an incremental counter to be able to add randomization to the encryption process.
LDAP (Lightweight Directory Access Protocol)
Commonly used to store information about authentication(username and passwords), or other information about devices and users.
VDI (Virtual Desktop Infrastructure)
Company provides a "thin client" to the user where the desktop resides on a centralized server.
NIST SP 800-61
Computer Security Incident Handling Guide
You have developed several incident response plans for different types of incidents. Now you need to gauge the effectiveness of the incident response plans. What should you do next?
Conduct exercises.
Which automation or scripting concept can reduce the risk that new equipment might not have all the same settings, applications, and drivers as your existing equipment without changing vital user settings?
Configuration validation
Which automation or scripting concept can reduce the risk that new equipment might not have all the same settings, applications, and drivers as your existing equipment without changing vital user settings?
Configuration validation
You have discovered that hackers are gaining access to your WEP wireless network. After researching, you discover that the hackers are using war driving. You need to protect against this type of attack.What should you do? (Choose all that apply.)
Configure the network to use WPA or WPA2. Disable SSID broadcast. Configure the network to use authenticated access only. Change the default Service Set Identifier (SSID).
Routers
Connect networks and direct traffic based on the destination IP address.
Transit Gateway
Connect thousands of VPC and on-premises networks together
Network attached Storage(NAS)
Connect to a large storage array across the network. File level access. This means if you need to change any portion of a file on that NAS, you have to rewrite the entire file on that device.
Storage Area Network(SAN)
Considered a more efficient way to store data. Looks and feels like a local storage device. Block level access-Allow you to change a portion of the file, without rewriting the entire file.
Attribute-based access control (ABAC)
Controls access based on attributes of the user, the resource to be accessed, and current environmental conditions
Quantum Key Distribution (QKD)
Create unbreakable encryption. Send a random stream of qubits(the key) across a quantum network channel. Both sides can verify the key-If its identical, the key was not viewed during transmission. If an attacker was eavesdropping on the communication, it would modify the data stream, and the sender and receiver would know that the communication has been compromised.
Virtualization
Creates multiple "virtual" machines on a single computing device
Fog computing
Provisioning processing resource between the network edge of IoT devices and the data center to reduce latency.
Lightweight cryptography
Cryptographic algorithms with reduced compute requirements that are suitable for use in resource-constrained environments, such as battery-powered devices.(ioT)
Vulnerability feeds
Cybersecurity data feeds include that provide information on the latest vulnerabilities.
Self-Encrypting Drive (SED)
Encryption on a storage drive that's built into the hardware of the drive itself. No operating system software needed
The client's specifications dictate that you use a Base64 ASCII-encoded certificate. Which of the following certificate types would NOT be acceptable?
DER
The client's specifications dictate that you use a Base64 ASCII-encoded certificate. Which of the following certificate types would NOT be acceptable?
DER
Management asks you to implement an encryption standard that uses a single 56-bit encryption key to encrypt 64-bit blocks of data. Which encryption standard should you implement?
DES
Management asks you to implement an encryption standard that uses a single 56-bit encryption key to encrypt 64-bit blocks of data. Which encryption standard should you implement?
DES
Your company deploys several LDAP servers, which is used to allow users to locate resources. What contains LDAP entries?
DIT
Your company deploys several LDAP servers, which is used to allow users to locate resources. What contains LDAP entries?
DIT
Which spyware technique inserts a dynamic link library into a running process's memory?
DLL injection
Which of these are considerations when choosing a mail gateway?
DLP, Spam filter, Encryption
port 53
DNS
The new security plan for your organization states that all data on your servers must be classified to ensure appropriate access controls are implemented. Which statements are true of information classification? (Choose three.)
Data classification refers to assigning security labels to information assets, A data owner must determine the information classification of an asset, The two primary classes of data classification deal with military institutions and commercial organizations.,
The new security plan for your organization states that all data on your servers must be classified to ensure appropriate access controls are implemented. Which statements are true of information classification? (Choose three.)
Data classification refers to assigning security labels to information assets, The data owner must determine the information classification of an asset, The two primary classes of data classification deal with military institutions and commercial organizations.
Your company implements several databases. You are concerned with the security of the data in the databases. Which statement is correct for database security?
Data control language (DCL) implements security through access control and granular restrictions.
Your company implements several databases. You are concerned with the security of the data in the databases. Which statement is correct for database security?
Data control language (DCL) implements security through access control and granular restrictions.
You have just been hired as the systems administrator for a research and development firm. Your organization allows the employees to use social media at work. What particular concern should you voice to management?
Data exfiltration
Your company has recently decided to implement a BYOD policy for the network. Management has asked you to write the initial BYOD security policy. Which of the following should be included as part of this policy? (Choose all that apply.)
Data ownership, Support ownership, Patch management, Anti-virus management, Forensics, Privacy, On-boarding/off-boarding, Adherence to corporate policies, User acceptance, Architecture/infrastructure considerations, Legal concerns, Acceptable use policy, On-board camera/video.
data sovereignty
Data taht resides in a country is subject to the laws of that country.
Data in Transit (motion)
Data that is moving between computing nodes over a data network such as the Internet.
Data at rest
Data that is stored on electronic media.
Vulnerability databases
Databases that cover vulnerabilities and their severity. Popular database is the Common Vulnerabilities and Exposures database(CVE) and the National Vulnerability Database(NVD).
Which of these vulnerabilities could be created by a user who installs a SOHO router?
Default configuration
Which of the following concepts is illustrated by network segmentation, air-gaps, multiple firewalls, and virtualization?
Defense-in-depth
Rules of Engagement (ROE)
Detailed guidelines and constraints regarding the execution of information security testing. The ROE is established before the start of a security test, and gives the test team authority to conduct defined activities without the need for additional permissions.
Address Resolution Protocol (ARP)
Determine a MAC address based on an IP address.
You need to implement voice over IP (VoIP) and wireless services for your company. Which AAA implementation was created to deal with these?
Diameter
You need to implement voice over IP (VoIP) and wireless services for your company. Which AAA implementation was created to deal with these?
Diameter
Which cryptographic technique changes multiple output bits when you change a single input bit?
Diffusion
Direct access attack vectors
Direct attack on our physical systems.
Which one of these is NOT characterized by identifying or exploiting a vulnerability when found?
Discovering a false positive
Network diagram
Document the physical wire and devices in your network.
Fileless virus
Does a good job avoiding virus detection. This virus does not install itself as a file, but operates in the memory(RAM) of the computer.
Your client is developing a new website. The web administrator has indicated that she would like to use a low-cost certificate to offer Transport Layer Security (TLS) to the new domain. What type of certificate should you recommend?
Domain validation
Your client is developing a new website. The web administrator has indicated that she would like to use a low-cost certificate to offer Transport Layer Security (TLS) to the new domain. What type of certificate should you recommend?
Domain validation
SAN-to-SAN replication
Duplicate data from one data center to another.
Your organization has several applications and servers that implement different password types. You need to document the different password types that are used because your company wants to later implement a single sign-on system. Which password types are usually the hardest to remember? (Choose all that apply.)
Dynamic passwords, software-generated
Your organization is trying to decide whether to use RSA or ECC to encrypt cellular communications. What is an advantage of ECC over the RSA algorithm?
ECC requires fewer resources, more efficient
Your organization is trying to decide whether to use RSA or ECC to encrypt cellular communications. What is an advantage of ECC over the RSA algorithm?
ECC requires fewer resources.
Encryption protocol
Encryption protocol
Secure Shell (SSH)
Encryption protocol
Secure socket layer (SSL)
Encryption protocol
File transfer protocol secure (FTPS)
Encryption protocol uses SSh
Secure file transfer protocol (SFTP)
Encryption protocol uses TLS
HTTPS
Encrypts HTTP traffic in transit and uses port 443
Management has recently expressed concern over port security. You have been asked to ensure that all network ports are as secure as possible. Which of the following methods of port security should you implement? (Choose all that apply.)
Ensure that TCP and UDP ports are managed properly, Ensure that wiring closets are locked, Ensure that the MAC addresses of connected devices are monitored.
Unified Endpoint Management (UEM)
Enterprise software for controlling device settings, apps, and corporate data storage on all types of fixed, mobile, and IoT computing devices.
Which of the following secure coding techniques ensures that improper data is not allowed into the executed program?
Error handling
What is the BEST method to avoid buffer overflows?
Execute a well-written program.
Users are complaining that the new biometric identification system is difficult to use. They are saying that even though the initial login worked fine, they have difficulty logging in later. In addition to user training, what should you investigate?
FRR
port 20, 21
FTP
URL hijacking (typo squatting)
Fake sites that are spelled similarly to actual sites (also called typo squatting).
FAR
False Acceptance rate,The false acceptance rate, or FAR, is the measure of the likelihood that the biometric security system will incorrectly accept an access attempt by an unauthorized user. A system's FAR typically is stated as the ratio of the number of false acceptances divided by the number of identification attempts
Your organization needs to implement a system that logs changes to files. What category of solution should you research?
File integrity checks
Network based firewalls
Filter traffic in and out of a network, they are placed on the border of the network such as between the internet and the internal network
Grep
Find text in a file-Search through many files at a time.
false positives and false negatives
For any assessment strategy, there will be times when the test shows a problem when none exists (false positive) and times when no problem is found even though some difficulty is present (false negative)
forward proxy servers
Forward requests for services from a client it can cache content and record users internet activity
You have been hired as a security consultant for a large corporation. During a meeting with the IT department, the IT manager indicates that one of their applications uses a private key encryption standard that was developed in Russia and uses 256-bit encryption keys. Which encryption standard does the application use?
GOST
Wardriving / Warflying
Gathering information about the network/AP while driving/flying by.
Protocol Analyzer
Gathers packets on the network. Solves complex application issues
Something you do
Gestures on a touch screen
Card cloning
Get card details form a skimmer and make an exact duplicate of that credit card. Used with magnetic strip only, chips cant be cloned.
DNS Sinkhole
Gives out false information in order to prevent the use of the domain names it represents
You have been hired as the security administrator for a company. During your first weeks, you discover that most of the client and server computers are not protected from intrusions in any way. For the servers, management wants you to implement a solution that will prevent intrusions on a single server. Which system should you implement to satisfy management's request?
HIPS
You have been hired as the security administrator for a company. During your first weeks, you discover that most of the client and server computers are not protected from intrusions in any way. For the servers, management wants you to implement a solution that will prevent intrusions on a single server. Which system should you implement to satisfy management's request?
HIPS
HOTP
HMAC-based One-Time Password Use them once, never use them again.
protocol analyzer
Hardware or software that captures packets to decode and analyze their contents.
You work for a company that installs networks for small businesses. During a recent deployment, you configure a network to use the Internet Protocol Security (IPSec) protocol. The business owner asks you to explain why this protocol is being used. Which three are valid reasons for using this protocol? (Choose three.)
IPSec uses ESP and AH as security protocols for encapsulation, IPSec can work in either tunnel mode or transport mode, The IPSec framework is used in a VPN implementation to secure transmissions.
Your organization is trying to increase network security. After a recent security planning meeting, management decides to implement a protocol that digitally signs packet headers and encrypts and encapsulates packets. Which protocol should you implement?
IPsec
Which process allows you to deploy, configure, and manage data centers through scripts?
IaC
Which option includes verifying appropriate access controls, authentication controls, input validation, and proper logging, among others?
Identifying a lack of security controls
Which option includes verifying appropriate access controls, authentication controls, input validation, and proper logging, among others?
Identifying a lack of security controls
Narrowband
If the embedded device is not using the cellular network to communicate then it may be using frequencies over a narrowband connection. This is allowing communication across a very narrow range of frequencies, and it's very common to be able to send this communication over these bands across a very long distance
Line interactive UPS
If the voltage is slowly diminishing on the line, the UPS can slowly ramp up the amount of power being provided by the batteries. Useful during brownouts.
Which type of vulnerability is demonstrated by an SQL injection?
Improper input handling
Which type of vulnerability is demonstrated by buffer overflows?
Improper input handling
While developing an incident response plan for your client, you outline the roles and responsibilities of a cyber response team. You also describe the establishment and formation of that team. What time frame should you specify for the formation of a cyber-incident response team?
In advance of an incident occurring
Implicit Deny
Indicates that unless something is explicitly allowed it is denied it is the last in ACL host based firewalls filter traffic in and out of individual hosts
Nessus
Industry leader in vulnerability scanning-Extensive support, free and commercial options. Has a very large database that can identify many known vulnerabilities. Extensive reporting-a checklist of issues. Filter out the false positives.
Open-Source Intelligence (OSINT)
Information that is readily available to the public and doesn't require any type of malicious activity to obtain.
intrusion detection systems (IDS) and intrusion prevention systems (IPS)
Inspect traffic using the same functionality as a protocol analyzer
Tarpitting
Intentionally slows down the mail server and makes the process of sending an receiving the messages take an excessive amount of time.
VDI (Virtual Desktop Infrastructure)
Is a virtualization technology that hosts a desktop operating system on a centralized server in a data center.
SNMPv3
Is an internet standard protocol for collecting and organizing information about managed devices on IP networks and for modifying that information to change device behavior. Those devices are cable modems routers switches servers workstations printers and more.
File transfer protocol (FTP)
Is commonly used to transfers files over networks but does not encrypt
Minimum passwords age
Is used with password history and used to prevent users from changing their password repeatedly to get back to their original password.
Your organization has recently implemented a new security policy that includes the implementation of the principle of least privilege. You need to ensure that users understand this principle and implement the appropriate procedures to adhere to this principle. What is the best implementation of this principle?
Issuing the Run as command to execute administrative tasks during a regular user session
Management wants to install hardware and software firewalls where appropriate on your company's network. They have asked you to research the difference between hardware and software firewalls. Which of the following is a disadvantage of a hardware firewall compared to a software firewall?
It has a fixed number of available interfaces.
Management wants to install hardware and software firewalls where appropriate on your company's network. They have asked you to research the difference between hardware and software firewalls. Which of the following is a disadvantage of a hardware firewall compared to a software firewall?
It has a fixed number of available interfaces.
As part of your company's comprehensive vulnerability scanning policy, you decide to perform a passive vulnerability scan on one of your company's subnetworks. Which statement is true of this scan?
It impacts the hosts and network less than other scan types.
You need to digitally sign packets that are transmitted on IPSec connections for your organization's VPN. Which of the following should you implement?
KHMAC
APT(Advanced Persistent Threat)
It is a threat that's able to get into your network because it is advance. Its persistent because once they get into your network, they are there until you take them out. Hard to identify if a threat actors is inside of your network.
During a recent security audit, you discovered that several company servers are not adequately protected. You are working to harden your Web servers. As part of the hardening of the Web servers, you implement filters. What is the purpose of a filter in this scenario?
It limits the traffic that is allowed through.
Management at your company has requested that you implement DLP. What is the purpose of this technology?
It monitors data on computers to ensure the data is not deleted or removed.
Your organization has recently adopted a new organizational security policy. As part of this new policy, management has decided to implement an iris scanner wanting access to the secure data center. Which procedure does this use to authenticate users?
It takes a picture of the user's eye and compares the picture with pictures on file.
MAC Flooding Attack
It's the act of attempting to overload the switches content addressable memory table forcing legitimate MAC addresses out of same. This can cause a DOS against the switch. This can be countered via port security on the switch, by limiting the number of MAC addresses the port can learn.
You need to digitally sign packets that are transmitted on IPSec connections for your organization's VPN. Which of the following should you implement?
KHMAC
Your company has decided to implement IPSec on all VPN connections to provide better security. You need to ensure that packets are digitally signed on IPSec connections. What provides this in IPSec?
KHMAC
directory service
Keep all of an organization's usernames and passwords in a single central database
AAA Framework: Accounting
Keeping logs of activities and resources used
When you are hired as a security practitioner for your company, the administrator informs you that the company's authentication system grants TGTs. Which protocol is being used?
Kerberos
Which technologies provide single sign-on authentication? (Choose all that apply.)
Kerberos, SESAME, and Active Directory
Your company has recently decided to implement a Kerberos environment for user authentication. What is the most important component in a Kerberos environment?
Key Distribution Center (KDC)
You are implementing a new VPN for your organization. You need to use an encrypted tunneling protocol that protects transmitted traffic and supports the transmission of multiple protocols. Which protocol should you use?
L2TP over IPSec
You are investigating the authentication protocols used on your network. You discover that several authentication protocols are being used on your network.Which authentication protocol is the oldest?
LANMan
L2TP
Layer 2 Tunneling Protocol. Tunneling protocol used with VPNs. L2TP is commonly used with IPsec (L2TP/ IPsec). L2TP uses port 1701.
memdump command
Linux utility developed as part of the Coroner's Toolkit to dump system memory data to a file.
Open permissions - Weak configurations
Leaving the door open for hackers to find a way in.
As part of the incident response team, you have been called in to help with an attack on your company's web server. You are currently working to identify the root cause of the attack. During which step of incident response does root cause analysis occur?
Lessons Learned
As part of the incident response team, you have been called in to help with an attack on your company's web server. You are currently working to identify the root cause of the attack. During which step of incident response does root cause analysis occur?
Lessons Learned
LDAP
Lightweight Directory Access Protocol , It is an application protocol used over an IP network to manage and access the distributed directory information service. ... The primary purpose of a directory service is to provide a systematic set of records, usually organized in a hierarchical structure.
During maintenance, you often discover unauthorized devices connected to your wireless network. You need to ensure that only authorized corporate devices can connect to the network. What should you configure to increase the security of this wireless network?
MAC filtering
MAC
MAC is responsible for the transmission of data packets to and from the network-interface card, and to and from another remotely shared channel
Which hacker attack can be perpetrated by hijacking a communications session between a Web browser and a Web server?
MITM
Purple Team
Made up of both the blue and red teams to work together to maximize their cyber capabilities through continuous feedback and knowledge transfer between attackers and defenders.
Obfuscation
Making something normally understandable very difficult to understand. A method application developers use to make their code a bit more secure.
Virus
Malware that can reproduce itself. It needs you to execute the program.
Switches
Maps media access control addresses to physical ports
Visual Basic for Applications (VBA)
Microsoft has taken the idea of macro to a new level. VBA provides extensive automation inside of Microsoft office. Not only is VBA able to interact inside of Microsoft Office, there are also hooks in VBA that can talk directly to the OS. This might be a very good place for an attacker to try gaining access to an OS.
Password length
Minimum number of characters in the password
RAID 1
Mirroring Duplicate data for fault tolerance, but requires twice the disk space.
Which of these vulnerabilities is characterized by a user modifying a browser's security settings to make it more convenient to visit web sites?
Misconfiguration/weak configuration
Operational Technology (OT) DoS
Much more at stake for this type of DoS, as the result can be catastrophic with things such as electrical grids, traffic control, etc. going out. Requires a much different approach for security, as the security is critical for this sort of technology.
RAID 0+1. RAID 5+1
Multiple RAID types Combine RAID methods to increase redundancy.
You install a network device that acts as the interface between a local area network and the Internet using one IP address. Which device did you install?
NAT router
You need to ensure that backdoor applications are not installed on any devices in your network. Which tool is NOT a backdoor application?
Nessus
You need to display the current protocol statistics and port connections for Windows and UNIX/Linux computers. Which command should you use?
Netstat
NIST (National Institute of Standards and Technology)
New standards of lightweight cryptography. Provide powerful encryption, include integrity features, and keep the cost low, ideal for IoT devices.
It has been quite some time since you have updated the network documentation for your company's CAT7 network. You want to scan the network with a tool like Solar Winds or LanHelper. In addition to finding new equipment that may have been added but not documented, what are other areas in which you can focus using these tools? (Choose all that apply.)
Network mapping, Rogue system detection
Which of the following would be an example of a design weakness?
Not including a DMZ
You want to ensure that certificates that have expired, been replaced, or were revoked are no longer used. You discover that updates to the list of invalid certificates may take 24-48 hours to circulate, leaving a window of vulnerability in which invalid keys may be accepted. Which of these solutions is the BEST to use if you want to avoid accepting invalid keys?
OCSP
You need to examine some additional information about a key. Specifically, you want to validate the address information of the certificate owner. What could you examine to accomplish this?
OID
Your company must implement a subnetwork that is highly secure. Management asks you to implement an encryption method that is used only once for a single document. Which encryption method should you use?
OTP
Identification
Occurs when a user claims or professes an identity
Hash collision
Occurs when the hashing algorithm creates the same hash from different passwords
PEM(Privacy Enhanced Mail)
One of the challenges with sending a binary file over email is that some email systems might modify the attachment. One of the ways that you can prevent this is to encode that binary in base64 format.
Availability Zone (AZ)
One or more discrete data centers, each with redundant power, networking and connectivity, housed in separate facilities
Walkthorugh
One step beyond tabletop exercise. Applies the concepts from the tabletop exercise.
As your organization's security officer, you are currently completing audits to ensure that your security settings meet the established baselines. In which phase of the security management life cycle are you engaged?
Operate and Maintain
Credential harvesting
Social engineering techniques for gathering valid credentials to use to gain unauthorized access.
baseband
Opposite of a broadband. Uses a single frequency to be able to communicate-Generally a single cable with digital signal(fiber/copper).
QA(quality assurance) Team
Outside the scope of the development team, they test applications for any vulnerabilities before sending it off to production or the staging environment.
Provisioning
Provisioning is the process of making something available-Web server, database server, middleware server, user workstation configurations, certificate updates, etc.
You have two wireless networks in your building. The wireless networks do not overlap. Both of them use Wi-Fi Protected Access (WPA).
Periodically complete a site survey.
You have two wireless networks in your building. The wireless networks do not overlap. Both of them use Wi-Fi Protected Access (WPA). You want to ensure that no unauthorized wireless access points are established. What should you do?
Periodically complete a site survey.
Management has requested that you ensure all firewalls are securely configured against attacks. You examine one of your company's packet-filtering firewalls. You have configured the following rules on the firewall: • Permit all traffic to and from local hosts. • Permit all inbound TCP connections. • Permit all SSH traffic to linux1.kaplanit.com. • Permit all SMTP traffic to smtp.kaplanit.com. Which rule will most likely result in a security breach?
Permit all inbound TCP connections.
Management has requested that you ensure all firewalls are securely configured against attacks. You examine one of your company's packet-filtering firewalls. You have configured the following rules on the firewall: • Permit all traffic to and from local hosts. • Permit all inbound TCP connections. • Permit all SSH traffic to linux1.kaplanit.com. • Permit all SMTP traffic to smtp.kaplanit.com. Which rule will most likely result in a security breach?
Permit all inbound TCP connections.
Gaining unauthorized access to the data center by using another user's credentials is an example of which option?
Piggybacking
Which penetration-testing concept compromises one system so that it can be used to attack another system?
Pivot
Flood guards
Prevent MAC flood attacks on switches
What is the goal when you passively test security controls?
Probing for weaknesses
spanning tree protocols
Protect against switching loops
Web application firewall
Protects web server against web application attacks it is typically placed in the DMZ and will alert administrators of suspicious events.
Routers
Provide logical separation and segmentation using ACL's to control traffic.
Digital signature
Provides Confidentiality, not Authentication
encryption
Provides Confidentiality, not Authentication
symmetric encryption
Provides Confidentiality, not Authentication
symmetric encryption
Provides Confidentiality, not Authentication. same keys.
hashing
Provides Integrity, not Authentication. Provides assurance DATA HAS NOT BEEN MODIFIDED
Authorization
Provides access to resources based on a proven identity
integrity
Provides assurance DATA HAS NOT BEEN MODIFIDED
Domain name system security extensions
Provides validation for DNS responses and helps prevent DNS poisoning and attacks
You are designing a wireless network for commercial tenants in a shopping area. As a group, the tenants want to build a community network where their customers have internet access throughout the area, regardless of which retailer's network the customer is using. What technology would allow you to do that?
RADIUS federation
You are designing a wireless network for commercial tenants in a shopping area. As a group, the tenants want to build a community network where their customers have internet access throughout the area, regardless of which retailer's network the customer is using. What technology would allow you to do that?
RADIUS federation
You have been hired as a security consultant. The company owner asks you to implement public key encryption to protect messages traveling between two points. Which algorithm should you implement?
RSA
Which of these options is particularly dangerous because it processes data with little or no latency?
RTOs
Salt
Random data added to a password when hashing. Slows down the brute force process.
POP3
Receives email using TCP port 110
Your client's HR practices include promotion from within, and transferring people between offices on a regular basis. It seems like the most common question you hear when employees talk on the phone is "What office are you working at now and what are you doing?" What practice will ensure that a user's permissions are relevant and current?
Recertification
Your client's HR practices include promotion from within, and transferring people between offices on a regular basis. It seems like the most common question you hear when employees talk on the phone is "What office are you working at now and what are you doing?" What practice will ensure that a user's permissions are relevant and current?
Recertification
Cyber Kill Chain (7 Steps)
Reconnaissance Weaponization Delivery Exploitation Installation Command-and-control Actions on objectives
The company you work for has a large number of employees who are considered a mobile workforce. These employees need to access resources on the LAN from their home or while traveling. Which of the following tunneling/VPN solutions would be more appropriate in this situation?
Remote access
You manage the security for a small corporate network that includes a hub and firewall. You want to provide protection against traffic sniffing. What should you do?
Replace the hub with a switch.
Your organization is a subcontractor for a major government defense contractor. While writing an incident response plan, you must determine the circumstances under which to bring in an outside contractor. Which portion of the incident response plan includes this information?
Reporting and escalation guidelines
Pharming
Reroutes requests for legitimate websites to false websites-Poisoned DNS.
Your client is a small retailer that accepts orders via e-mail. The e-mail form submitted by a client's customer includes credit card information, and you demonstrate to the client how risky that is. As a result, the client adds secure credit card processing to their website, and no longer accepts e-mail orders. Which risk management concept does this represent?
Risk avoidance
Wireless attack vectors
Rogue access points, and evil twins.
You need to restrict access to resources on your company's Windows Active Directory domain. Which criteria can be used to restrict access to resources?
Roles, groups, location, time of day, and transaction type
You have been asked to implement the e-mail security method that is defined in RFC 2632 and RFC 2634. Which e-mail security method should you implement?
S/MIME
Which of these is part of a scan to identify a common misconfiguration?
Router with a default password
rule-BAC
Rule Based Access Control (RBAC) introduces acronym ambiguity by using the same four letter abbreviation (RBAC) as Role Based Access Control. Under Rules Based Access Control, access is allowed or denied to resource objects based on a set of rules defined by a system administrator
Containerization
Run multiple applications but dont require to have a separate Guest OS for each application. Contains everything you need to run an application. We still have our physical infrastructure, we would have a single host operating system, and then we would use some type of container software such as Docker, to be able to run multiple applications simultaneously in their own separate sandbox, but not have separate host operating systems for each one of those.
Your company needs to protect message integrity. Management decides that you need to implement an algorithm that uses 160-bit checksums. Which algorithm should you implement?
SHA
Your company needs to protect message integrity. Management decides that you need to implement an algorithm that uses 160-bit checksums. Which algorithm should you implement?
SHA
You need to ensure that several confidential files are not changed. You decide to use an algorithm to create message digests for the confidential files. Which algorithm should you use?
SHA-1
After a recent security audit, several security issues were found. The auditor made suggestions on technologies that your organization should deploy. One of the suggestions made is to deploy SKIP. Which statement is true of SKIP?
SKIP deploys IKE for key distribution and management.
After a recent security audit, several security issues were found. The auditor made suggestions on technologies that your organization should deploy. One of the suggestions made is to deploy SKIP. Which statement is true of SKIP?
SKIP is a key distribution protocol.
Your organization has decided to outsource its e-mail service. The company chosen for this purpose has provided a document that details the e-mail functions that will be provided for a specified period, along with guaranteed performance metrics. What is this document called?
SLA
When calculating risks by using the quantitative method, what is the result of multiplying the asset values by the exposure factor (EF)?
SLE
Smishing
SMS phishing
Which injection attack affects a database?
SQL injection
port 22
SSH
Your company implements an Ethernet network. During a recent analysis, you discover that network throughput capacity has been wasted as a result of the lack of loop protection. What should you deploy to prevent this problem?
STP
Which threat actor type can be characterized by having an unsophisticated skill level, using widely available tools, and being often motivated by the need that they can prove that they can do it?
Script kiddies
RAID 5
Scripting with parity Fault tolerant, only requires an additional disk for redundancy.
SSL/TLS
Secure Sockets layer / Transport Layer Security - An encryption layer of HTTP that uses public key cryptography to establish a secure connection.
Code Repositories
Secure service for storing source code of projects, a public example is GitHub
TAXII (Trusted Automated eXchange of Indicator Information)
Securely shares STIX data.
Zero Trust
Security design paradigm where any request (host-to-host or container-to-container) must be authenticated before being allowed.
Secure mail transfer Protocol (SMTP)
Sends email using TCP port 25
Macros
Some applications have their own way to performing scripts(macros). Designed to make the application easier to use by automating certain functions within the usability of the app itself.
Community cloud
Several businesses share cloud computing
Password complexity
Should be complex and include three of the four character types, i.e. special character
Passwords
Should be strong and changed often
Pentest
Simulate an attack
In performing a business impact analysis (BIA), you have identified that no backup method for Internet access exists if the gateway router goes down or is compromised. What did you identify?
Single point of failure
You have been asked to implement the encryption standard that is used in the Clipper Chip. Which encryption standard should you use?
Skipjack
Something you have
Smart card, CAC or token
Which of the following would take the least amount of time to restore?
Snapshots
You are planning a training session to deal with the personnel issue where an attacker tricks an employee into divulging login information. Which specific issue are you addressing?
Social engineering
Your company needs to be able to provide employees access to a suite of applications. However, you do not want the employees to install a local copy of the applications. Which method should you use to deploy the suite of applications?
Software as a Service
SDN
Software defined Network typically uses ABAC**
Continuous Delivery
Software development method in which app and platform requirements are frequently tested and validated for immediate availability.
password crackers
Software programs used to identify an unknown or forgotten password
SIEM (Security Information and Event Management)
Software that collects and analyzes security alerts, logs and other real time and historical data from security devices on the network
Information Rights Management (IRM)
Software that offers the capability not only to limit access to specific files or documents, but also to specify the actions (read, copy, print, download, etc.) that individuals who are granted access to that resource can perform. Some IRM software even has the capability to limit access privileges to a specific period of time and to remotely erase protected files.
SDK (software development kit)
Software that used to create custom applications or add features to existing applications on your mobile device.
Closed/proprietary intelligence
Someone else has already compiled the threat information, for sale.
Keyboard cadence is an example of which type of multifactor authentication?
Something you do
You are signing up for a new account on a web site. After you enter a password, the website prompts you to provide the answers to security questions, such as the name of a childhood sweetheart, or the color of your first car. What type of multifactor authentication is this?
Something you know
You are signing up for a new account on a web site. After you enter a password, the website prompts you to provide the answers to security questions, such as the name of a childhood sweetheart, or the color of your first car. What type of multifactor authentication is this?
Something you know
Five factors of authentication are
Something you know Something you have Something you are Somewhere you are Something you do
Head
Sometimes, you just need to see parts of a file. The head command allows you to view the first part of a file-The head, or beginning, of the file. "Head (option) ... (file) ..."
IP scanners
Special tools that allow a network administrator to scan the entire network to find all connected devices and their IP addresses.
Management is concerned about self-replicating malware affecting multiple devices on the enterprise. Which security threats are NOT self-replicating? (Choose all that apply.)
Spyware, viruses, and Trojan horses
Your client allows the users to choose their own logon names for their account. You have seen opsboss, vpgal, and domainadm used as logons. You care very concerned about these obvious administrative accounts. What security control should you implement?
Standard naming conventions
Your client allows the users to choose their own logon names for their account. You have seen opsboss, vpgal, and domainadm used as logons. You care very concerned about these obvious administrative accounts. What security control should you implement?
Standard naming conventions
syslog
Standard way to send log files from other devices into the central repository(SIEM).
IP scheme
Standardization for IP addressing in your organization so that you know exactly what addresses are used at which locations.
IPFIX (IP Flow Information Export)
Standards-based version of the Netflow framework.
Curl
Stands for client URL.
stateful firewall
Stateful firewalls remember the "state" of the session-Everything within a valid flow is allowed.
You are responsible for code quality and testing. What should you incorporate to ensure that memory allocations have corresponding deallocations?
Static code analyzers
Skimming
Stealing credit card information. Copy data from the magnetic stripe.
Your organization has a security policy in place that states that all precautions should be taken to prevent physical theft of mobile devices. Which precaution would prevent this?
Store mobile devices in a locked cabinet.
Your organization has a security policy in place that states that all precautions should be taken to prevent physical theft of mobile devices. Which precaution would prevent this?
Store mobile devices in a locked cabinet.
Which of the following secure coding techniques protects against injection attacks?
Stored procedures
Key streching
Strengten your key, by hashing or salting your keys.
RAID 0
Striping without parity. High performance, no fault tolerance
A huge customer data breach occurred at a retail store. It originated from the store's point-of-sales system contractor, who did not have adequate malware protection. Which risk mitigation concept could the store have implemented to avoid the breach?
Supply chain assessment
BPDU guard (Bridge Protocol Data Unit guard)
Switch port security feature that disables the port if it receives BPDU notifications related to spanning tree. This is configured on access ports where there any BPDU frames are likely to be malicious.
Aggregation
Switch, connects multiple switches together in a network.
You have been promoted to security administrator. Recently, management implemented a security policy that states that symmetric cryptography must be used. However, your research indicates the asymmetric cryptography is a better choice for your organization. Which statement is true of symmetric cryptography?
Symmetric cryptography is faster than asymmetric cryptography.
AES
Symmetric key lengths: 128, 192 and 256 bits
Which encryption techniques are used by AES, DES, and Blowfish? (Choose two.)
Symmetrical algorithm, PRNG
In role-based awareness training, which of the following user groups would need to learn about implementing, managing, and monitoring controls?
System administrators
In role-based awareness training, which of the following user groups would need to learn about implementing, managing, and monitoring controls?
System administrators
Spear Phising (Social Engineering)
Targeted phishing with inside information-Makes attack more believable.
Management wants you to provide full disk encryption for several of your organization's computers. You purchase specialized chips that will be plugged into the computers' motherboards to provide the encryption. Of what security practice is this an example?
TPM
You have been asked to implement hardware-based encryption on a Windows Server 2008 computer. What is required to do this?
TPM chip
Which of these options simulates a disaster and allows you to check the thoroughness of your disaster recovery plan?
Tabletop exercises
Worm
Takes advantage of a vulnerability in your system, and install more malicious software. Traverse through your network.
Password policies
Technical means to ensure users employ secure password practices
Ping
Test reachability
Simulation
Test with a simulated event.
CER
The Crossover Error Rate or CER is the value of FAR and FRR when the sensitivity is configured so that FAR and FRR are equal. The Crossover Error Rate is well suited to perform a quantitative comparison of different biometric solutions, applications or devices
Your company's network uses Kerberos for authentication. You have recently replaced the server that acts as the Key Distribution Center (KDC). Which of the following statements is true?
The KDC is used to store, distribute, and maintain cryptographic session keys
Your company decides to implement a wireless network. You have been asked to assess which wireless encryption protocol to implement on the wireless network. Match the descriptions on the left with the Wireless Encryption Protocols on the right.
The Wireless Encryption Protocols should be matched with the descriptions in the following way: • WEP - Uses a 40-bit or 104-bit key • WPA/WPA2 Personal - Uses a 256-bit pre-shared key • WPA/WPA2 Enterprise - Requires a RADIUS server
scalablity
The ability to increase the workload in a given infrastructure.
Match each access control type with the example that best fits with that type.
The access control types should be matched with the examples in the following manner: • Technical - encryption protocols • Administrative - security policies • Physical - locks
Header Manipulation
The act of stealing cookies and browser URL information and manipulating the header with invalid or false commands to create an insecure communication or action.
Match the wireless antenna types on the left with the descriptions given on the right.
The antennas and their descriptions should be matched in the following manner: • Omni - a multi-directional antenna that radiates radio wave power uniformly in all directions in one plane with a radiation pattern shaped like a doughnut • Yagi - a directional antenna with high gain and narrow radiation pattern • Sector - a directional antenna with a circle measured in degrees of arc radiation pattern • Dipole - the earliest, simplest, and most widely used antenna with a radiation pattern shaped like a doughnut
Match the descriptions on the left with the attack types on the right.
The attacks should be matched with the descriptions in the following manner: • Brute force attack - occurs when a hacker tries all possible values for such variables as user names and passwords • DNS poisoning - occurs when IP addresses and host names are given out with the goal of traffic diversion • Man-in-the-middle attack - occurs when a hacker intercepts messages from a sender, modifies those messages, and sends them to a legitimate receiver • Smurf - occurs when a combination of Internet Protocol (IP) spoofing and Internet Control Message Protocol (ICMP) messages saturates a network
Match the authentication mechanisms on the left with the authentication types given on the right.
The authentication mechanisms and their authentication types should be matched in the following manner: • Smart card - certificate authentication • Retina scan - biometric authentication • Token - one-time password authentication • Password - PAP authentication
Match the descriptions on the left with the cloud deployments on the right.
The cloud deployments should be matched with the descriptions in the following manner: • Platform as a Service (PaaS) - Allows organizations to deploy Web servers, databases, and development tools in a cloud • Software as a Service (SaaS) - Allows organizations to run applications in a cloud • Infrastructure as a Service (IaaS) - Allows organizations to deploy virtual machines, servers, and storage in a cloud
Cyber Threat Intelligence (CTI)
The collection and analysis of information about threats and adversaries and drawing patterns that provide an ability to make knowledgeable decisions for the preparedness, prevention, and response actions against various cyber attacks.
Match the controls on the left with the object given on the right. Each control will go with only one object. Use the controls where they are the most effective.
The controls and the object they use should be matched in the following manner: • Host-based firewall - Web server • GPS tracking - Mobile device • Biometrics - Data center • Sandboxing - Applications
Match the controls on the left with the object given on the right. Each control will go with only one object. Use the controls where they are the most effective
The controls and the object they use should be matched in the following manner: • Host-based firewall - Web server • GPS tracking - Mobile device • Biometrics - Data center • Sandboxing - Applications
Match the controls on the left with the object given on the right. Each control will go with only one object. Use the controls where they are the most effective.
The controls and the object they use should be matched in the following manner: • Host-based firewall - Web server • GPS tracking - Mobile device • Biometrics - Data center • Sandboxing - Applications
Discretionary Access Control (DAC)
The least restrictive access control model in which the owner of the object has total control over it.
Something you know
The least secure form of authorization, i.e. username and password
You are explaining to a new employee the proper process of evidence collection. As part of this explanation, you need to ensure that the new employee understands the evidence life cycle. Move the steps in the evidence life cycle from the left column to the right column, and place them in the correct order, starting with the first step at the top.
The correct order for the evidence life cycle is as follows: • Collect • Analyze • Store • Present • Return
You are explaining to a new employee the proper process of evidence collection. As part of this explanation, you need to ensure that the new employee understands the evidence life cycle. Move the steps in the evidence life cycle from the left column to the right column, and place them in the correct order, starting with the first step at the top.
The correct order for the evidence life cycle is as follows: • Collect • Analyze • Store • Present • Return
Blue Team
The defensive team in a penetration test or incident response exercise.
FRR
The false rejection rate is the measure of the likelihood that the biometric security system will incorrectly reject an access attempt by an authorized user. A system's FRR typically is stated as the ratio of the number of false rejections divided by the number of identification attempts
5G
The fifth-generation wireless broadband technology based on the 802.11ac standard engineered to greatly increase the speed and responsiveness of wireless networks
Security orchestration, automation, and response (SOAR)
The goal of SOAR is to take these processes in security that are manual or tedious and automate them so that all of it is done at the speed of the computer
When users log in to the network locally, they must provide their username and password. When users log in to the network remotely, they must provide their username, password, and smart card. Which two statements are true regarding your organization's security? (Choose two.)
The local network login uses one-factor authentication and the remote network login uses two-factor authentication.
Security Operations Center (SOC)
The location where security professionals monitor and protect critical information assets in an organization.
Match the descriptions on the left with the malware types on the right.
The malware types should be matched with the descriptions in the following manner: • Backdoor - a developer hook in a system or application that allows developers to circumvent normal authentication • Logic bomb - a program that executes when a certain predefined event occurs • Spyware - a program that monitors and tracks user activities • Trojan horse - a program that infects a system under the guise of another legitimate program
Match the descriptions on the left with the malware type on the right that BEST matches the description
The malware types should match with the descriptions in the following manner: • Adware - a software application that displays advertisements while the application is executing • Botnet - a group of computers that are hacked when a malicious program is installed on them and remotely triggered • Rootkit - a collection of programs that grants a hacker administrative access to a computer or network • Worm - a program that spreads itself through network connections
ARP(Address Resolution Protocol)
The mechanism by which individual hardware MAC addresses are matched to an IP address on a network.
Mandatory Access Control (MAC)
The most restrictive access control model, typically found in military/government settings in which security is of supreme importance.
Match the descriptions on the left with the network technologies on the right that it BEST matches.
The network technologies should be matched with the descriptions in the following way: • DMZ - A network that is isolated from other networks using a firewall • VLAN - A network that is isolated from other networks using a switch • NAT - A transparent firewall solution between networks that allows multiple internal computers to share a single Internet interface and IP address • NAC - A network server that ensures that all network devices comply with an organization's security policy
Domain reputation
The overall "health" of your branded domain as interpreted by mailbox providers. Track your security posture.
Match the password control on the left with the descriptions given on the right.
The password controls and their descriptions should be matched in the following manner: • Salting - adds text to each password before the password is hashed to prevent stored passwords from being decrypted • Lockout - allows you to configure the number of invalid logon attempts that can occur before an account is inaccessible for a pre-determined amount of time • History - allows you to configure how many new passwords must be created before an old one can be reused • Age - allows you to configure the minimum or maximum number of days that must pass before a user is required to change the password
Crossover Error Rate (CER)
The point at which FRR equals FAR. Expressed as a percentage, this is the most important metric.
Registry
The primary configuration database for Windows(OS,applications,services etc)-Almost everything can be configured from the registry.
You must configure the routers on your network to ensure that appropriate communication is allowed between the subnetworks. Your configuration must allow multiple protocols to communicate across the routers. Match the protocol from the left with the default port it uses on the right. Move the correct items from the left column to the column on the right to match the protocol with the correct default port.
The protocols given use these default ports: • Port 20 - FTP • Port 23 - Telnet • Port 25 - SMTP • Port 53 - DNS • Port 80 - HTTP FTP also uses port 21, but it was not listed in this scenario
You are responsible for managing security for a network that supports multiple protocols. You need to understand the purpose of each of the protocols that are implemented on the network. Match each description with the protocol that it BEST fits
The protocols should be matched with the descriptions in the following manner: • IPSec - A tunneling protocol that provides secure authentication and data encryption • SNMP - A network management protocol that allows communication between network devices and the management console • SFTP - A file transferring protocol that uses SSH for security • FTPS - A file transferring protocol that uses SSL for security
You are responsible for managing the security for a network that supports multiple protocols. You need to understand the purpose of each of the protocols that are implemented on the network. Match each description with the protocol that it BEST fits.
The protocols should be matched with the descriptions in the following manner: • SSH - A protocol that uses a secure channel to connect a server and a client • SSL - A protocol that secures messages between the Application and Transport layer • SCP - A protocol that allows files to be copied over a secure connection • ICMP - A protocol used to test and report on path information between network devices
You must deploy the appropriate control to a section of the network shown in the exhibit. Because of budget constraints, you can only deploy one of each of the following controls: • Proximity badges • Device encryption • Safe • CCTV You need to deploy each of these controls to a single area on the diagram. The controls may be used to protect either the entire section or a single component within that section. Match the appropriate control to the best deployment location on the network exhibit. All four locations require a control. Each control should be used only once.
The proximity badges will control access to the data center and limit access to approved employees. The safe will provide a location in the office to store the laptops and tablets when they are not in use. The CCTV will provide a means to monitor activity in the customer wireless network lounge. Device encryption will ensure that the data on the laptops cannot be accessed by attackers while the sales reps are in the field.Always consider the types of controls and the numbers of each control that are required when deploying them on your network. In this scenario, you were limited to four controls. In the real world, it would be better to implement proximity badges for both the office and the data center to ensure that only employees have access to these areas. However, if you can only deploy them in one location, protecting the data center is more important. A safe could be appropriately deployed in either the data center or the office. In the real world, it would be ideal to use CCTV in the data center, the office, and the customer wireless network lounge. While you can deploy device encryption for all devices, it is most important to deploy it for any devices that are regularly used outside the organization's network, such as mobile laptops.
When users log in to the network locally, they must provide their username and password. When users log in to the network remotely, they must provide their username, password, and smart card.Which two statements are true regarding your organization's security? (Choose two.)
The remote network login uses two-factor authentication, The local network login uses one-factor authentication
Match each description with the appropriate risk management method
The risk management methods should be matched with the descriptions in the following manner: • Acceptance - Deciding to bear the cost of a potential risk • Avoidance - Deciding to no longer employ the actions associated with a particular risk • Deterrence - Discouraging certain actions from being taken to protect against risk • Mitigation - Taking steps to reduce risk • Transference - Sharing the burden of a potential risk with another entity
Match each description with the appropriate risk management method.
The risk management methods should be matched with the descriptions in the following manner: • Acceptance - Deciding to bear the cost of a potential risk • Avoidance - Deciding to no longer employ the actions associated with a particular risk • Deterrence - Discouraging certain actions from being taken to protect against risk • Mitigation - Taking steps to reduce risk • Transference - Sharing the burden of a potential risk with another entity
Persistent XSS attack
The script is permanently stored on the web server or some back-end storage. This allows the script to be used against others who log in to the system. Anyone visiting that page would be running the script.
Non-repudiation
The security principle of providing proof that a transaction occurred between identified parties. Repudiation occurs when one party in a transaction denies that the transaction took place.
digital signatures in Email
The senders Private key encrypts. the senders public key decrypts. creates a Hash
Match the social engineering principle on the left with the descriptions given on the right
The social engineering principles and their descriptions should be matched in the following manner: • Authority - the attacker claims to have certain power, often by claiming to be an official representative • Intimidation - the attacker frightens the personnel so that the information the attacker needs is revealed • Consensus - the attacker attempts to trick personnel into releasing information by proving that it is fine to release the information based on the actions of others • Scarcity - the attacker attempts to trick personnel based on people's tendency to place a higher value on resources that are not in great supply • Urgency - the attacker makes the situation seem like an emergency • Familiarity - the attacker tends to create a false sense of acquaintance with personnel by implying that the attacker knows someone the personnel knows or works with • Trust - the attacker gains the confidence or faith of the personnel
X.509 standard
The standard used when we are working with digital certificates is called the X.509 standard
Match the tests on the left with the descriptions given on the right.
The tests and their descriptions should be matched in the following manner: • Vulnerability scan - a test carried out by internal staff that discovers weaknesses in systems to improve or repair them before a breach occurs • Penetration test - a form of vulnerability scan performed using an automated tool by a trained white hat security team rather than by internal security staff • Black box test - a test conducted with the assessor having no knowledge about the systems being tested • White box test - a test conducted with the assessor having all of the knowledge about the systems being tested • Gray box test - a test conducted with the assessor having a little of the knowledge about the systems being tested
Match the attacks on the left with the descriptions given on the right.
The tests and their descriptions should be matched in the following manner: • Wireless jamming - an attack that causes all mobile devices to lose their association with corporate access points while the attack is underway • War driving - the act of discovering unprotected wireless network by using a laptop outside an office building • Bluejacking - an attack that sends unsolicited messages over a Bluetooth connection • Bluesnarfing - the act of gaining unauthorized access to a device (and the network it is connected to) through its Bluetooth connection
You are configuring a wireless access point in the network shown in the exhibit:most secure encryption method with RADIUS. You need to configure the Security section of the access point. In the work area, match the options on the left with the settings given on the right. Not all options will be used.
The wireless access point settings should be matched in the following manner: • Security Mode - WPA2 Enterprise • Encryption - AES • RADIUS Server - 192.168.0.4 • RADIUS Port - 1812
Match the descriptions on the left with the corresponding wireless security issues on the right.
The wireless security issues should be matched with the descriptions in the following way: • WEP/WPA cracking - Mathematical algorithms are used to determine the pre-shared key used on the access point. This is considered a WEP/WPA attack. • Warchalking - SSID and other authentication details regarding a wireless network are written down in a prominent public place. • Evil twin - A rogue access point is configured with the same SSID as a valid access point.
Chmod
There may be times when you want to change how a file is viewed, or whether a file might be able to be written to or even executed in your operating system. The way you would define these parameters is by using the chmod command, which allows you to change the mode of a file system object. r=read, w=write, x=execute. Can also use octal notation. Set for the file owner(u), the group(g), others(o), or all(a).
Next-Gen Secure Web Gateway (SWG)
This is going to provide security for all of our users, across all of their devices, regardless of where they may be connecting from. '
Identity provider(IdP)
This IDP will be responsible for identifying and controlling users based on who the user name might be, and what devices they might be using. Commonly used by SSO(single sign on) applications, or an authentication process-Cloud based services need to know who you are.
faraday cage
This is a mesh of conductive material that either restricts or prevents radio signals from traversing through this particular cage. Not a comprehensive solution-Not all signal types are blocked, some signal types are not blocked at all. Can restrict access to mobile networks-Some very specific contingencies would need to be in place for emergency calls.
S/MIME (Secure/Multipurpose Internet Mail Extensions)
This is a public private key encryption mechanism that allows you to protect the information using that encryption and to provide digital signatures for integrity
EAP-FAST (EAP Flexible Authentication via Secure Tunneling)
This is a way to make sure that the authentication server and the supplicant are able to transfer information between each other over a secure tunnel-Authentication server(AS) and the supplicant shares a protected access credential(PAC)(shared secret).
PEAP (Protected Extensible Authentication Protocol)
This is also using TLS to be able to send this information, but instead of it being based on a shared secret with the PAC, we're using the same method as a traditional web server, by using a digital certificate.
Web application firewall(WAF)
This is not like a traditional firewall that is able to allow or disallow traffic based on IP address or port numbers. And this is not like a next gen firewall which is examining application flow. This is a firewall specifically built for web based applications, and its going to apply rules to the conversations that are taking place for your HTTP and HTTPs based applications.
Common name(CN)
This is the fully qualified Doman name associated with the certificate
Continous Integration (CI)
This is when the application developers may constantly be updating an application and perhaps even merging it into the central repository many times a day. This of course can open up chances for security problems. So we need to make sure that we have the automation in place to perform this security check.
Microservice Architecture
This is where you break solutions into smaller, independent pieces. For example, you may split a website into a container hosting your front end, another hosting your back end, and a third for storage. This allows you to separate portions of your app into logical sections that can be maintained, scaled, or updated independently.
Subscriber identity module(SIM)
To connect over one of these cellular networks, you need to have a SIM card. This is a universal standard for integrated circuit cards, and it's common to see one in our mobile phones. IoT also has sim cards inside of them, allowing them to use these 5G networks.
NAT
Translates public IP addresses to private IP addresses private back to public and hides IP addresses on the internal network from users on the internet.
You are setting up a complex PKI where clients might have to get a certificate from somewhere other than their own CA. What should you include in the implementation to define the relationships between the various CAs?
Trust model
NFC (Near Field Communication)
Two way wireless communication-builds on RFID(which is mostly uni- directional). Common to see in store payment system.
Time bomb
Type of a logic bomb that occurs when a particular time and date has been reached.
Which type of attack relies on mistakes made by users when they input Web addresses?
URL hijacking, or typo squatting
You have several independent security monitoring solutions, each with different logging mechanisms. You are concerned that they are not working well together, and that the separate logs may not present all the necessary information. In addition, the costs of maintaining the separate products are rising. You need to provide a centralized solution that will include centralized logging. What could you replace them with?
UTM
You have several independent security monitoring solutions, each with different logging mechanisms. You are concerned that they are not working well together, and that the separate logs may not present all the necessary information. In addition, the costs of maintaining the separate products are rising. You need to provide a centralized solution that will include centralized logging. What could you replace them with?
UTM
Tactics, Techniques, and Procedures (TTP)
Understand the methods that the attackers are using to get into your network, and the process they're going through once they get access.
Spam over Instant Messaging (spim)
Unsolicited messages sent over an instant messaging service, such as Windows Messenger. (16)
What is the best countermeasure for a buffer overflow attack on a commercial application?
Update the software with the latest patches, updates, and service packs.
Dictionary attacks
Use a dictonary to find common words for a brute force attack.
You need to enforce several security settings for all of the computers on your Windows network in as efficient manner as possible. What should you do?
Use group policies.
Routers
Use rules within ACL's as a anti-spoofing method
Routers and firewalls
Use rules within access control lists to allow or block traffic.
NTPsec (Network Time Protocol Secure)
Used for security on time synchronization.
Your client operates a 24-hour call center. Several different employees may log in to the same workstation in the course of a week. Machine (computer) certificates are currently used, but they do not provide sufficient security safeguards because more than one employee logs in to each machine. You need to ensure that each employee has his or her own credential. What should you implement?
User certificate
Your client operates a 24-hour call center. Several different employees may log in to the same workstation in the course of a week. Machine (computer) certificates are currently used, but they do not provide sufficient security safeguards because more than one employee logs in to each machine. You need to ensure that each employee has his or her own credential. What should you implement?
User certificate
IMAP
Uses TLS on port 993 or with STARTTLS on port 143
POP
Uses TLS on port 995 or with STARTTLS on port secure
HTTP
Uses port 80 for web traffic
IMAP4
Using TCP port secure
Something you are
Using biometrics i.e. fingerprints, retina scans
HTML5 VPN
Using features of HTML5 to implement remote desktop/VPN connections via browser software (clientless).
Somewhere you are
Using geolocation, computer name or a MAC address
Influence Campaigns -Hybrid Warfare
Using social engineering to sway attention and sympathy in a particular direction.
dnsenum
Utility that is used for DNS enumeration to locate all DNS servers and DNS entries for a given organization
Scanless
Utility that runs port scans through third-party websites to evade detection.
Bob manages the sales department. Most of his sales representatives travel among several client sites. He wants to enable these sales representatives to check the shipping status of their orders online. This information currently resides on the company intranet, but it is not accessible to anyone outside the company firewall. Bob has asked you to make the information available to traveling sales representatives. You decide to create an extranet to allow these employees to view their customers' order status and history. Which technique could you use to secure communications between network segments sending order-status data via the Internet?
VPN
You are designing a network. In addition to placing devices in a peripheral network, you need to place security devices in several key departments. Which of the following security devices could NOT be placed wherever they are needed in the network?
VPN concentrators
Tail
View the last part of a file. The tail, or end, of the file. "Tail (option) ... (file) ..."
Which technology will phreakers attack?
VoIP
Vishing
Voice Phishing
Which of these vulnerabilities is characterized by bad policies, such as not qualifying vendors, failing to perform (or follow up on) background checks, and allowing unlicensed software to be installed inside the network perimeter?
Vulnerable business processes
Which two suppression methods are recommended when paper, laminates, and wooden furniture are the elements of a fire in the facility? (Choose two.)
Water, soda acid
Which two suppression methods are recommended when paper, laminates, and wooden furniture are the elements of a fire in the facility? (Choose two.)
Water, soda acid
Radio frequency(RF) jamming
Way for an attacker to disrupt a wireless network and effectively create a denial of service situation. Can be unintentional(Microwave, fluorescent lights).
Which of the following transmit data via WiFi or Bluetooth only to a host device and are vulnerable to data interception and attack?
Wearable technology
Management wants to protect all traffic on the company's HTTP/HTTPS server. You have been asked to recommend a solution. Which device is the BEST solution?
Web application firewall
Management wants to protect all traffic on the company's HTTP/HTTPS server. You have been asked to recommend a solution. Which device is the BEST solution?
Web application firewall
You find general purpose guides and platform/vendor-specific guides for deploying the items below. Which of the following should you deploy using vendor-specific guides as a best practice? (Choose all that apply.)
Web server, Network infrastructure devices, Application server, Operating system
sFlow
Web standard for using sampling to record network traffic statistics.
Typosquatting/URL hijacking
Websites with names similar to real websites ProfessormessOr.com
API Attack (Application Programming Interface)
When an attacker tries to manipulate the application programming interface of an application, to gain access to data that would not normally be available.
Refactoring
When downloading malware, it downloads a unique version of tha malware that will not match any of the signatures your antimalware has.
Compute Cloud Instances
When we're creating our cloud based applications, we need some components that will perform the actual calculation. These are our compute cloud instances. A good example of this would be the AMazon Elastic Compute Cloud(EC2), Google Compute Engine(GCE), and Microsoft Azure Virtual Machines.
You are creating a wireless network for your company. You need to implement a wireless protocol that provides maximum security while providing support for older wireless clients.Which protocol should you choose?
Wi-Fi Protected Access (WPA)
Your company has a website based on their domain name. In addition to the website, they also operate mail and FTP servers using the same domain name. Which of the following options would simplify certificate management?
Wildcard certificates
ipconfig/ifconfig
Windows TCP/IP configuration Linux interface configuration
Homomorphic Encryption (HE)
You can perform calculations on data, in its encrypted form, and save the results as encrypted data, the entire time never having decrypted any of that information.
Private cloud
Your own virtualized local data center
After a recent vulnerability assessment, your company has decided to implement several new security devices and mechanisms, including anomaly-based monitoring. You are researching several different anomaly-based monitoring products. What must be in place for this type of monitoring to be effective?
a baseline
After a recent vulnerability assessment, your company has decided to implement several new security devices and mechanisms, including anomaly-based monitoring. You are researching several different anomaly-based monitoring products. What must be in place for this type of monitoring to be effective?
a baseline
You have recently been notified by an application vendor that the application includes a rootkit. The manufacturer has released a patch that will remove the vulnerability from the application. What is a rootkit?
a collection of programs that grants a hacker administrative access to a computer or network
Embedded system
a computer and software that has been built for a very specific purpose. A device created to perform a single task, or it may be working with many other devices to be able to perform additional tasks.
To which type of attack are password files stored on a server vulnerable?
a dictionary attack
An IT technician has been assigned to install a new embedded firewall. What statement best describes this type of firewall?
a firewall that is integrated into a router
An IT technician has been assigned to install a new embedded firewall. What statement best describes this type of firewall?
a firewall that is integrated into a router
Pretexting
a form of social engineering in which one individual lies to obtain confidential data about another individual "hello Im calling from Visa..."
Extranet
a network configuration that allows selected outside organizations to access internal information systems
Intranet
a network designed for the exclusive use of computer users within an organization that cannot be accessed by users outside the organization
Privilege Escalation
a network intrusion attack that takes advantage of programming errors or design flaws to grant the attacker elevated access to the network and its associated data and applications
Data masking
a program that protects privacy by replacing personal information with fake values
You have decided to attach a digital timestamp to a document that is shared on the network. Which attack does this prevent?
a replay attack
Your company's network has multiple networks that are connected via different devices. Which device is designed to provide the most efficient transmission of traffic that is NOT specifically denied between networks?
a router
Password manager
a software application that stores and organizes encrypted passwords for a user and is accessed using a single, strong master password
What is vishing?
a special type of phishing that uses Voice over IP (VoIP)
container virtualization
a specialized version of a type 2 hyper visor.
Virtual Private Cloud (VPC)
a subset of a public cloud that has highly restricted, secure access
Virtual Private Cloud (VPC)
a subset of a public cloud that has highly restricted, secure access ACcess using VPC endpoint
NetFlow
a tool used to gather information about data flowing through a network
asymmetric encryption
a type of cryptographic based on algorithms that require two keys -- one of which is secret (or private) and one of which is public (freely known to others).
Session ID
a unique number that a Web site's server assigns a specific user for the duration of that user's visit (session). The session ID can be stored as a cookie, form field, or URL
traceroute
a utility application that monitors the network path of packet data sent to a remote computer
Your company has decided to install multiple types of monitoring devices on your network. Which type of monitoring is most likely to produce a false alert?
anomaly-based
Next gen Firewall(NGFW)
able to identify the applications that are flowing across the network, regardless of the IP address or port number that might be in use. The security professional can set policies to allow or disallow access to those applications on the network. NGFW can be called different names-Application layer gateway, Stateful multilayer inspection, Deep packet inspection
Transparent proxy
accepts and forwards requests without modifying them
What type of load balancing configuration would you install if you needed a secondary server to remain on standby until the load on the primary server reached a critical point?
active-passive
mobile application management (MAM)
administers and delivers applications to corporate and personal smart phones and tablets
A user notifies you that a software application displays advertisements while the application is executing. Of which security threat is this an example?
adware
SDN (Software Defined Networking)
aims at separating the infrastructure (hardware) layer from the control layer -directly programmable from a central location, flexible, vendor neutral, based on open standards. -basically just "network virtualization"- allows data transmission paths, comm decision trees, flow control to be virtualized
As a security administrator, you are responsible for ensuring that your organization's IT staff understands the security mechanisms employed on the network. You are currently documenting the security mechanisms as part of the IT training. During the documentation, you realize that many of the IT staff does not understand the basic terms used in IT security. You need to document the terms and definitions that you will use. What is a mathematical formula that is used in cryptography to encrypt data?
algorithm
As a security administrator, you are responsible for ensuring that your organization's IT staff understands the security mechanisms employed on the network. You are currently documenting the security mechanisms as part of the IT training. During the documentation, you realize that many of the IT staff does not understand the basic terms used in IT security. You need to document the terms and definitions that you will use. What is a mathematical formula that is used in cryptography to encrypt data?
algorithm
As part of a new security initiative, your organization has decided that all employees must undergo security awareness training. What is the aim of this training?
all employees understand their security responsibilities, the ethical conduct expected from them, and the acceptable use of an effective security program
You administer a small corporate network. On Friday evening, after close of business, you performed a full backup of the hard disk of one of the company's servers. On Monday evening, you performed a differential backup of the same server's hard disk, and on Tuesday, Wednesday, and Thursday evenings you performed incremental backups of the server's hard disk.Which files are recorded in the backup that you performed on Thursday?
all of the files on the hard disk that were changed or created since the backup on Wednesday
You administer a small corporate network. On Friday evening, after close of business, you performed a full backup of the hard disk of one of the company's servers. On Monday evening, you performed a differential backup of the same server's hard disk, and on Tuesday, Wednesday, and Thursday evenings you performed incremental backups of the server's hard disk. Which files are recorded in the backup that you performed on Thursday?
all of the files on the hard disk that were changed or created since the incremental backup on Wednesday
You administer a small corporate network. On Friday evening, after close of business, you performed a full backup of the hard disk of one of the company's servers. On Monday evening, you performed a differential backup of the same server's hard disk, and on Tuesday, Wednesday, and Thursday evenings you performed incremental backups of the server's hard disk.Which files are recorded in the backup that you performed on Thursday?
all of the files on the hard disk that were changed or created since the incremental backup on Wednesday
Full Tunnel VPN
all traffic goes through the encrypted tunnel while the user is connected to the VPN
ARP command
allows you to view and manipulate the ARP cache
net stat
allows you to view statistics for TCP/IP protocols and view all active network connections this can be useful if you suspect malware is causing a computer to connect with a remote computer.
typo squatting
also called URL hijacking attackers buy domain names with minor typographical errors
Recently, an IT administrator contacted you regarding a file server. Currently, all users are granted access to all of the files on this server. You have been asked to change the configuration and designate which users can access the files. What should you use to do this?
an ACL
What is the best description of an evil twin?
an access point with the same SSID as the legitimate access point
You have been authorized by management to use a vulnerability scanner once every three months. What is this tool?
an application that identifies security issues on a network and gives suggestions on how to prevent the issues
Diffie-Hellman key exchange
an asymmetric standard for exchanging keys. Combine your private key with a public key on the other side to create a symmetric key.
Application DoS
an attack that causes a service to fail by exploiting a vulnerable application feature
ARP poisoning
an attack that convinces the network that the attacker's MAC address is the one associated with an allowed address so that traffic is wrongly sent to the attacker's machine
You need to ensure that your company's security awareness training includes examples of social engineering attacks. Which of the following is an example of a social engineering attack?
an e-mail hoax
You need to ensure that your company's security awareness training includes examples of social engineering attacks. Which of the following is an example of a social engineering attack?
an e-mail hoax
Which policy defines the sensitivity of a company's data?
an information policy
Your company recently implemented an internal public key infrastructure (PKI). You need to ensure that all of the PKI components are secure and are currently researching the vulnerabilities on the entity that signs the certificates. Which entity are you examining?
an issuer
Which controls should you implement to mitigate the security risks of a Supervisory Control and Data Acquisition (SCADA) systems? (Choose all that apply.)
application firewalls, firmware version control, network segments, and access control lists (ACLs)
You are researching the different types of firewalls that you can install to protect your company's network and assets. Which type of firewall is most detrimental to network performance?
application-level proxy firewall
Function as a service(FaaS)
applications are separated into individual, autonomous functions. Remove the operating system from the equation, and instead perform individual tasks based on the functions that are requested by the application
quantitative risk
are assessments that use numbers such as cost and asset values
administrative controls
are primarily administrative and include items such as risk and vulnerability assessments.
Three primary security control types
are technical implemented with technology, administrative using administrative or management methods, and physical using controls that you can physically touch.
MDM (mobile device management)
are tools that help ensure that devices meet the minimum security requirements. they can restrict applications on devices segment and encrypt and enforce strong authentication methods and implement security methods such as screen locks and remote wipe.
You have been asked to research the encryption algorithms available and make recommendations to management about which to implement. One of the encryption algorithms that you are researching is RSA. Which type of encryption algorithm does this algorithm represent?
asymmetric with authentication
ARP poisoning attacks
attempt to mislead computers or switches about the actual MAC address of a system
preventative controls
attempt to prevent security incidents example include system hardening, user training, guards, change management, and account disablement policies.
Federation
authenticate and authorize users across organization and applications
VDI (virtual desktop infrastructure)
is a virtual desktop that can be created so that users can access them from a mobile device
AAA Framework: Authorization
based on your identification and authentication, what you are authorized to access
You need to provide security training for a group of managers at your company. As part of this training, you need to explain the purpose of baselines, guidelines, standards, and procedures. Which of these defines the minimum level of security?
baselines
You need to provide security training for a group of managers at your company. As part of this training, you need to explain the purpose of baselines, guidelines, standards, and procedures. Which of these defines the minimum level of security?
baselines
MDM tools
block network access for jailbroken or rooted devices.
Which attack sends unsolicited messages over a Bluetooth connection?
blue jacking
You discover that a malicious program has been installed on several host computers on your network. This program's execution was remotely triggered. Of which malware is this an example?
botnet
You are responsible for managing your company's virtualization environment. Which feature should NOT be allowed on a virtualization host?
browsing the Internet
Your company recently discovered that an attacker carried out an exhaustive password attack. Which type of password attack is often referred to as this?
brute force attack
The business continuity team is interviewing users to gather information about business units and their functions. Which part of the business continuity plan includes this analysis?
business impact analysis (BIA)
How does an unsigned Java applet enforce security in JDK 1.1?
by using sandboxes
input validation
checks the data before passing it to the application and prevents many types of attacks including buffer overflow, SQL injection, command injection, and cross site scripting attacks.
IPS
can actively monitor data streams detect malicious content and prevent it from reaching a network. in contrast an IDS is out of band
ping command
can be used to check connectivity, check name resolution and verify that routers, firewalls, and intrusion prevention systems block ICMP.
a host based IDS (HIDS)
can detect attacks on local systems such as work stations and servers the HIDS protects local resources on the host and can detect some malware that isn't detected by traditional anti virus software.
wireless scanners
can detect rouge access points in a network many can crack passwords used by the AP.
a non transparent proxy
can modify or filter requests such as filtering traffic based on destination URL's
Which principle stipulates that multiple changes to a computer system should NOT be made at the same time?
change management
NAT Network address translation
changes a private IP to a Public IP.
Service Integration and Management (SIAM)
consolidate the view of all of the different services into one single management interface. This is the next step when you begin deploying these different application instances to multiple providers.
Stateless firewall
controls traffic between networks using rules within an ACL the ACL can block traffic based on ports IP addresses subnets and some protocols.
Which attack involves changing a text file in which a Web server stores persistent settings?
cookie poisoning
You need to ensure that a set of users can access information regarding departmental expenses. However, each user should only be able to view the expenses for the department in which they work. Senior managers should be able to view the expenses for all departments. Which database security feature provides this granular access control?
database view
You need to ensure that a set of users can access information regarding departmental expenses. However, each user should only be able to view the expenses for the department in which they work. Senior managers should be able to view the expenses for all departments. Which database security feature provides this granular access control?
database view
You have just discovered that an application that your company purchased is intentionally embedded with software code that allows a developer to bypass the regular access and authentication mechanisms. Which software code is being described?
debugging or maintenance hook
You have just discovered that an application that your company purchased is intentionally embedded with software code that allows a developer to bypass the regular access and authentication mechanisms. Which software code is being described?
debugging or maintenance hook
attribute based access control
defines an access control paradigm whereby access rights are granted to users through the use of policies which combine attributes together. The policies can use any type of attributes (user attributes, resource attributes, object, environment attributes etc.). used in many SDN software defined networks.
Software as a Service (SaaS)
delivers applications over the cloud using a pay-per-use revenue model Log into the system and begin to use it.
Infrastructure as a Service (IaaS)
delivers hardware networking capabilities, including the use of servers, networking, and storage, over the cloud using a pay-per-use revenue model
network based IDS (NIDS)
detects attacks on NETWORKS
Your company develops an incident response plan. When the Web server undergoes a DoS attack, the incident response team follows the incident response plan and returns the Web server to normal operation. What should be the final outcome of this incident?
documented incident
active footprinting
e're going to actively send information into this network or devices on to this network in order to gain more information about what might be there If someone is monitoring network communication or capturing packets, they will see us perform these active footprinting tasks
Digital signatures
electronic certificates that are used to authenticate the validity of individuals and companies conducting business electronically
RTOS (real time operating system)
embedded systems. require minimal user interaction. Programs are written specifically for the needs of devices and their functions. Impeded in anti lock brakes in cars for fast decision making.
A hacker has used a design flaw in an application to obtain unauthorized access to the application. Which type of attack has occurred?
escalation of privileges
Host-based Firewalls (Application-based)
filter traffic in and out of individual hosts; some Linux systems use iptables/xtables for firewall capabilities
Statefull firewalls
filters traffic based on the state of a packet within a session
What is an example of privilege escalation?
gaining access to a file you should not have rights to access by changing the permissions of your valid account
On Line/Double conversion UPS
his UPS is always Online and always providing power to your devices. IF the power does go out, there's no switching process, because you're already on battery power.
You are deploying a virtual private network (VPN) for remote users. You want to meet the following goals: • The VPN gateway should require the use of Internet Protocol Security (IPSec). • All remote users must use IPSec to connect to the VPN gateway. • No internal hosts should use IPSec. Which IPSec mode should you use?
host-to-gateway
Which two alternate data center facilities are the easiest to test? (Choose two.)
hot site, redundant site
What is defined in an acceptable use policy?
how users are allowed to employ company hardware
port 80
http
port 443
https
network mapping
identifies the IP addresses of hosts within a network
port 143
imap
You have been hired by a small company to ensure that their internal network is protected against attacks. You must implement a secure network. As part of this implementation, what should be the default permission position?
implicit deny
You have been hired by a small company to ensure that their internal network is protected against attacks. You must implement a secure network. As part of this implementation, what should be the default permission position?
implicit deny
Diffusion
important characteristic of data encryption is the concept of diffusion. This means that if you change one piece of information(one character) in the plaintext, that the resulting ciphertext is going to be dramatically different between these different versions.
CYOD (choose your own device)
includes a list of acceptable devices and allows employees to connect them to the network.
Unified threat management security appliance
includes multiple layers of protection such as URL filters content inspection malware inspection and a distributed denial of service mitigator UTM's typically raise alerts and send them to administrators to interpret.
software as a service (SaaS)
includes web based applications such as email
False positive
incorrectly raises an alert indicating an attack when an attack is not active.
ARO (annual rate of occurrence)
indicates how many times the loss will occur annually
gray box testing
indicates some knowledge of the environment.
white box testing
indicates that the testers have full knowledge of the environment.
Non-persistent XSS attack
injected script not persisted or stored, but rather is immediately executed and passed back via the web server Usually this attack is send through an email, and relies the user to click on the link so the malicous script can run.
Your company has recently adopted a new security policy that states that all confidential e-mails must be signed using a digital signature. Which three elements are provided by implementation of this technology?(Choose three.)
integrity, authentication, and non-repudiation
Trusted platform module
is a chip included with many laptops and some mobile devices it provides full disk encryption.
lease functionality
is a core secure system design principal. A system should be deployed with only the application services and protocols it needs to function.
Virtual Private Cloud (VPC)
is a subset of a public cloud that has highly restricted, secure access. Requires a VPN connection, communicating to the transit gateway. to gain access.
Least privilege
is a technical control that uses access controls it specifies that individuals are granted only the rights and permissions needed to perform assigned tasks and functions but no more.
penetration test
is an ACTIVE test that attempts to exploit discovered vulnerabilities.
driver shim
is an additional code that can be run instead of the original driver
Replay attacks
is possible if the attacker has both the plain text and the cipher text created by encrypting the plain text
SLE (single loss expectancy )
is the cost of any single loss
server side input validation
is the most secure.
side loading
is the process of copying an application to an android device instead of installing it from an online store.
SNMPv3
is used to monitor and configure network devices and uses notification messages known as traps it uses strong authentication mechanisms to protect the confidentiality of credentials and uses UDP ports 161 & 162.
DNSSEC
is used to protect DNS.
False negative
is when an attack is active but not reported
You need to ensure that wireless clients can only communicate with the wireless access point and not with other wireless clients. What should you implement?
isolation mode
You need to ensure that wireless clients can only communicate with the wireless access point and not with other wireless clients. What should you implement?
isolation mode
You are a security consultant. An organization hires you to implement a biometric system. This system should work in conjunction with a password to provide increased security. Which method should you implement?
keystroke dynamics
Which operation must you undertake to avoid mishandling of tapes, CDs, DVDs, and printed material?
labeling
tracert
lists the routers also called HOPS between two systems
What is another term for technical controls?
logical controls
After troubleshooting an issue on a Windows computer, the IT technician determines that the computer has been infected by a platform-independent virus that was written in an application's language and is capable of infecting any files using that language. Which virus is present?
macro virus
MAC
mandatory access control MAC-enabled systems allow policy administrators to implement organization-wide security policies. Under MAC (and unlike DAC), users cannot override or modify this policy, either accidentally or intentionally. This allows security administrators to define a central policy that is guaranteed (in principle) to be enforced for all users.
Smart devices and Internet of Things (IoT) are growing rapidly. Which of these include embedded systems that are security risks? (Choose all that apply.)
medical devices, wearable technology, home automation, and printers.
Your company has just adopted a remote wipe policy. IT technicians have now been tasked with documenting the remote wipe process. On which devices are you most likely to use this process?
mobile devices
Your company has just adopted a remote wipe policy. IT technicians have now been tasked with documenting the remote wipe process. On which devices are you most likely to use this process?
mobile devices
DNS Poisoning attacks
modify DNS data and can redirect users to malicious sites.
Edge Computing
moving processing and data storage away from a centralized location to the "edges" of a network
SCADA/ICS
network that centrally controls large pieces of equipment in real time. often used in manufacturing or power distribution. multi site Industrial control Systems(ICS).
UTM(Unified Threat Management)
newer version of the firewalls These devices include a number of additional features-URL filter/Content inspection, Malware inspection, Spam filter, CSU/DSU, Router, switch capabilities, Firewall, IDS/IPS, Bandwidth shaper, VPN endpoint.
Which component of a computer use policy should state that the data stored on a company computer is not guaranteed to remain confidential?
no expectation of privacy
Which factor does NOT minimize the security breach incidents committed by internal employees?
nondisclosure agreements signed by employees
MAC Table
on a switch, a table that lists all known MAC addresses, and the bridges/switch port out which the bridge/switch should forward frames sent to each MAC address.
Last year, a new anti-virus application was purchased for your company. The application was installed on all servers and client computers. Recently, you discovered that the anti-virus application was not installed in your company's virtualization environment. You have been asked to install the antivirus application in your virtualization environment. Where should you install the antivirus application?
on both the host computer and all virtual computers
Last year, a new anti-virus application was purchased for your company. The application was installed on all servers and client computers. Recently, you discovered that the anti-virus application was not installed in your company's virtualization environment. You have been asked to install the antivirus application in your virtualization environment. Where should you install the antivirus application?
on both the host computer and all virtual computers
Last year, a new anti-virus application was purchased for your company. The application was installed on all servers and client computers. Recently, you discovered that the anti-virus application was not installed in your company's virtualization environment. You have been asked to install the antivirus application in your virtualization environment. Where should you install the antivirus application?
on both the host computer and all virtual computers
EAP-TTLS (Extensible Authentication Protocol-Tunneled Transport Layer Security)
only needs a single digital certificate on the authentication server-Does not require digital certificates on every device. Build a TLS tunnel using this digital certificate. Once the TLS is in place, we can then send other authentication protocols across that tunnel-Other EAPs, MSCHAPv2, anything else.
Which attack involves the use of a promiscuous mode for data analysis?
packet sniffing
You have been asked to install a new firewall that only examines the packet header information. Which type of firewall are you installing?
packet-filtering firewall
You have been asked to install a new firewall that only examines the packet header information. Which type of firewall are you installing?
packet-filtering firewall
You discover that users are reusing old passwords quite frequently. You need to configure how many new passwords must be created before an old one can be reused. Which password policy setting should you use?
password history
Your company has hired a security firm to test your network's security. Which tool would need to be used outside your network?
penetration test
Your company has hired a security firm to test your network's security. Which tool would need to be used outside your network?
penetration test
infrastructure as a service
provides hardware resources via the cloud.
hash
plaintext that has been transformed into short code. A digital fingerprint.
BYOD (bring your own device)`
policies allow employees to connect their mobile devices to the organizations network.
Your organization has asked the security team to add terrorist attacks to the organization's business continuity plan. Which type of threat does this represent?
politically motivated threat
port 110
pop
Rootkit
program that hides in a computer and allows someone from a remote location to take full control of the computer. Can modify the kernel of the OS. UEFI BIOS can prevent rootkits
potentially unwanted program (PUP)
program that installs itself on a computer, typically without the user's informed consent. Common on Trojan horse.
Loop protection
protects against switching loop problems such as when a user connects two switch together with a cable
DMZ
provides a layer of protection for servers that are accessible from the internet
platform as a service
provides an easy to configure operating system and on demand computing for customers.
802.1x server
provides strong port security using port based authentication. It prevents rouge devices from connecting to a network by ensuring that only authorized clients can connect.
Powershell
ps1 file extension in Windows. Extend command line functionality to almost every aspect of the Windows. Run command line prompts, and PowerShell exclusive command.
You are providing end-user security awareness training. As part of this training, you explain why the organization uses asymmetric encryption and how it works. What is used to decrypt a file in this type of encryption?
public key AKA asymmetric encryption.
banner grabbing
queries remote systems to detect their operating system, services, protocols and applications running on a remote system.
What are some disadvantages to using a cold site? (Choose all that apply.)
recovery time, testing availability
jailbreaking
removes all software restriction on apple devices.
Heuristic based or behavioral IDS's
require a base line and detect attacks based on anomalies or when traffic is outside expected boundaries.
Your CIO has decided that the organization needs to implement password policies for better security. Which password policy will NOT strengthen password security?
requiring users to use only alphabetic words as passwords
Your company's network has multiple networks that are connected via different devices. Which device is designed to provide the most efficient transmission of traffic that is NOT specifically denied between networks?
router
Your manager has asked you to improve network security by confining sensitive internal data traffic to computers on a specific subnet using access control lists (ACLs). On which device(s) should the ACLs be deployed?
routers
type 2 hyper visor
run as software within a host operating system
Type 1 hyper visor
run directly on system hardware
Which tool is used to perform a vulnerability test?
scanning tool
Port scanner
scans systems for open ports attempts to discover what services are running
Your company has recently decided to create a custom application instead of purchasing a commercial alternative. As the security administrator, you have been asked to develop security policies and procedures on examining the written code to discover any security holes that may exist. Which assessment type will be performed as a result of this new policy?
secure code review
SEAndroid (Security-Enhanced Android)
security enhancements for Android or SEAndroid. This is effectively taking the SELinux functionality and including it as part of the Android operating system. This provides some additional access controls security policies and includes different policies for configuring the security of these mobile devices.
A company implements an application that accesses confidential information from a database. You need to allow guest access that uses time-sensitive passwords. Which device will generate these passwords?
security token
A company implements an application that accesses confidential information from a database. You need to allow guest access that uses time-sensitive passwords. Which device will generate these passwords?
security token
What is another name for a cross-site request forgery (XSRF)?
session riding
You have been asked to implement a biometric method that analyzes both the physical motions that are performed when a signature is signed and the specific features of a person's signature. Which biometric system should you implement?
signature dynamics
You install a type of monitoring that requires updates to be regularly obtained to ensure effectiveness. Which type of monitoring did you install?
signature-based
You have installed an intrusion detection system (IDS) that watches for intrusions that match a known identity. Which type of IDS did you install?
signature-based IDS
Your company's network consists of multiple subnetworks that each implements its own authentication system. Often users must log in separately to each subnetwork to which they want access. You have been asked to implement technology that allows users to freely access all systems to which their account has been granted access after the initial authentication. Which of the following should you implement?
single sign-on
port 25
smtp
Which hacker attack is a combination of IP spoofing and the saturation of a network with ICMP messages?
smurf
To which attacks are passwords susceptible? (Choose all that apply.)
sniffing, dictionary attacks, brute force attacks, social engineering attacks.
A hacker has called a company employee and learned the employee's user name and password by posing as a member of corporate technical support. Which type of attack has the company suffered?
social engineering
A hacker has called a company employee and learned the employee's user name and password by posing as a member of corporate technical support.Which type of attack has the company suffered?
social engineering attack
Which attack involves impersonating the identity of another host to gain access to privileged resources that are typically restricted?
spoofing
Which attack involves impersonating the identity of another host to gain access to privileged resources that are typically restricted?
spoofing
While holding security awareness training for employees, you discuss a security threat that often uses tracking cookies to collect and report on a user's activities. Which threat are you discussing?
spyware
Your company has recently decided to implement a BYOD policy for the network. Management has asked you to write the initial BYOD security policy. Which of the following should be included as part of this policy? (Choose all that apply.)
support ownership data ownership patch management application white-listing and black-listing
Platform as a Service (PaaS)
supports the deployment of entire systems including hardware, networking, and applications using a pay-per-use revenue model Put the building blocks together-Develop your app from what's available on the platform.
Automated Indicator Sharing (AIS)
system that enables the sharing of attack indicators between the US government and the private sector as soon as the treat is verified. An automated process that move this information between organizations at the sped of the internet.
Port 23
telnet
black box testing
testers perform a penetration test with 0 prior knowledge of the environment.
After researching different security mechanisms, your company decides to implement PGP instead of a formal PKI and formal trust certificates. Which of the following is a characteristic of PGP?
the establishment of a web of trust between the users
What is DNS poisoning?
the practice of dispensing IP addresses and host names with the goal of traffic diversion
Management has asked you to ensure that the certificates that have been validated in the corporate PKI are protected. What must be secured in the PKI?
the private key of the root CA
You have recently implemented a new public key infrastructure (PKI) for your organization. You need to back up the entity that is responsible for certifying the public key pair of the root CA. Which entity must you back up?
the root CA
HTTP Secure Headers
this is a way to configure our web server to restrict the capabilities of a browser to be able to perform certain functions. This means that we can tell the end user's browser to either allow, or not allow certain tasks to occur while this application is in use.
Your company has recently implemented a content inspection application on a perimeter firewall. What is the purpose of content inspection?
to search for malicious code or suspicious behavior
As the security administrator for your company, you are primarily concerned with protecting corporate assets. Currently, you are working to ensure confidentiality for corporate data. Which activity is NOT covered under this objective?
treason or subversion
Your company has a backup solution that performs a full backup each Saturday evening and a differential backup Monday through Friday evenings. A vital system crashes on Tuesday morning. How many backups will need to be restored?
two
Your company has a backup solution that performs a full backup each Saturday evening and a differential backup Monday through Friday evenings. A vital system crashes on Tuesday morning. How many backups will need to be restored?
two
Your company has a backup solution that performs a full backup each Saturday evening and an incremental backup all other evenings. A vital system crashes on Monday morning. How many backups will need to be restored?
two
Your company has a backup solution that performs a full backup each Saturday evening and an incremental backup all other evenings. A vital system crashes on Monday morning. How many backups will need to be restored?
two
You have implemented the three databases that your organization uses to ensure that an entire transaction must be executed to ensure data integrity. If a portion of a transaction cannot complete, the entire transaction is not performed. Which database security mechanism are you using?
two-phase commit
You have implemented the three databases that your organization uses to ensure that an entire transaction must be executed to ensure data integrity. If a portion of a transaction cannot complete, the entire transaction is not performed. Which database security mechanism are you using?
two-phase commit
CASB(Cloud Access Security Broker)
use a CASB to help enforce the security policies that we've already created with data that we're storing in the cloud. This can be implemented as software that's running on individual devices, we may have a security compliance that's local on our corporate network, or the CASB may be located in the cloud, and that's where we're making our security policy decisions.
You are training several IT professionals on security and access control. You need to explain to the professionals the most common form of identification and authentication. What identification and authentication mechanism should you explain?
user identification with reusable password
code signing
uses a digital signature within a certificate to authenticate and validate software code
LDAP
uses port 389
LDAPS
uses port 636
RFID (radio frequency identification)
uses radio signals to communicate with a tag placed in or attached to an object
technical controls
uses technology to reduce vulnerabilities, encryption, antivirus software IDS's, firewalls, and the principal of least privilege
Software defined network (SDN)
uses virtualization technologies to route traffic instead of using hardware routers and switches.
What is an example of a brute force attack?
using a program to guess passwords from a SAM file
Invoice Scams
using fraudulent invoices to steal from a company
Which types of computers are targeted by RedPill and Scooby Doo attacks?
virtual machines
Your company has decided to implement a biometric system to ensure that only authorized personnel is able to access several secure areas at the facility. However, management is concerned that users will have privacy concerns when the biometric system is implemented. You have been asked to recommend the least intrusive biometric system of the listed options. Which option is considered the least intrusive?
voice print
Recently, several confidential messages from your company have been intercepted. Your company has decided to implement PGP to encrypt files. Which type of model does this encryption use?
web
Server-Side Request Forgery (SSRF)
web security vulnerability that allows an attacker to induce the server-side application to make HTTP requests to an arbitrary domain of the attacker's choosing
juice jacking
when a hacker steals data from or transfers malware to the device via a USB cable at a charging station
What is cross-site request forgery (XSRF)?
when unauthorized commands are executed on a Web server by a trusted user
PKCS #7
you will commonly see this sent as a .p7b file. Like the PEM format, the PKCS number 7 format is also in a ASCII format-Easily read and easily transferred over email.
Attestation
you're having this system a test, that the hardware that is connecting into your network is the hardware that you originally set up as something trustworthy, that is allowed access in your network.
Match the descriptions on the left with the malware type on the right that BEST matches the description.
• Adware - a software application that displays advertisements while the application is executing • Botnet - a group of computers that are hacked when a malicious program is installed on them and remotely triggered • Rootkit - a collection of programs that grants a hacker administrative access to a computer or network • Worm - a program that spreads itself through network connections
You have discovered that hackers are gaining access to your WEP wireless network. After researching, you discover that the hackers are using war driving. You need to protect against this type of attack.What should you do? (Choose all that apply.)
• Change the default SSID - This prevents hackers from being able to use the wireless network based on the access point's default settings. • Disable SSID broadcast - This prevents the SSID from being broadcast. Although there are other ways to discover the SSID, disabling the broadcast will cut down on attacks. • Configure the network to use authenticated access only - This ensures that no unauthenticated connections can occur. • Configure the network to use WPA or WPA2 - WEP is easily broken. Wireless networks should use WPA or WPA2.
script kiddies
• Runs premade scripts without any knowledge of what's really happening • Not necessarily a youngster • Can be internal or external • But usually external • Not very sophisticated • No formal funding • Looking for low hanging fruit • Motivated by the hunt • Working the ego, trying to make a name
On-path browser attack
• the middleman was on the same computer as the victim, typically installed by a malware. - Malware/Trojan does all of the proxy work - Formerly known as man-in-the-browser • Huge advantages for the attackers - Relatively easy to proxy encrypted traffic - Everything looks normal to the victim • The malware in your browser waits for you to login to your bank - And cleans you out