Security+ Post Assessment, Network Security Final Exam Review 2602, Implementing Operating System Security CIST 2602 Final Review, Network Security 2602 Final Review
What is not a main feature of the Cisco Email Security Appliance?
Inbound Message Control
What security goal do the following common controls address: hashing, digital signatures, certificates, nonrepudiation tools?
Integrity and Non-repudiation.
What type of management system can help distribute and manage public and corporate apps?
Mobile Device Management
What is a series of commands that determines whether a device forwards or drops packets based on information found in the packet header?
Packet forwarding tool (FPL)
Bluetooth is an example of what type of technology?
Personal Area Network (PAN)
Which of the following social engineering attacks continues to be a primary weapon used by threat actors?
Phishing
Most enterprise networks must be up and running at all times. The term used to measure network down minutes per year is known as ?
Preferred uptime
PC1 and PC3 are on different networks separated by a router, RT1. PC1 issues an ARP request because it needs to send a packet to PC3. In this scenario, what will happen next?
RT1 will send an ARP reply with its own MAC address
An access point that is unauthorized and allows an attacker to bypass network security configurations is considered to be what type of access point?
Rogue
What is not a job role in the Security Operations Center (SOC)?
SOC Director
Which of the following threat actors is considered to be the least skilled?
Script Kiddie
What is the name for a cumulative package of all patches and hot-fixes as well as additional features up to a given point?
Service Pack
Which type of attack broadcasts a network request to multiple computers but changes the address from which the request came to the victim's computer
Smurf Attack
Name the method for classifying the various instances of malware by using the primary trait that the malware possesses?
Source
Which type of phishing attack targets specific users?
Spear Phishing
Name the type of phishing attack that targets specific users.
Spear phishing
Which major types of access involving system resources are controlled by ACLs?
System Access, User Access, Application Access
Which application protocol is used to exchange cyber threat intelligence over HTTP?
TAXII
Syslog logging service does not provide which of the following?
The ability to specify the source of captured syslog messages
Which of the below is not an example of Personally Identifiable Information (PII):
The name of your high school
Which of the following SOC functions is considered to be a role of a Tier 3 analyst?
Threat Hunting
Know the definition of virtualization:
To create a virtual version of something (like a virtual machine).
Why would you use a cable lock?
To protect computers and other devices from theft.
TFTP is a simplified file transfer protocol that uses the port:
UDP 69
The term VPN stands for ?
Virtual Private Network (VPN)
Which is NOT a basic characteristic of IP?
Wired and connectionless
Which of the following can be used to enforce strong credential policies for an organization?
a. Acceptable Use Policy
Which of the following can be used to enhance privacy data protection?
a. Data anonymization
Which of the following is a valid biometric authentication method?
a. Gait recognition
What is virtual desktop infrastructure?
a. It is the process of running a user desktop inside a VM residing on a server.
What is data masking?
b. Creating the copy of data by obfuscating sensitive elements
Rob made a physical security review report of his organization in which he proposed replacing physical locks with electronic ones. Which of the following is the best justification for Rob to include in his report?
b. Electronic locks keep track of the accessing time and user identity.
Which of the following is a snooping malware?
b. Keylogger
Which of the following is the Windows network analysis tool that checks the connection to each hop between source and destination?
b. Pathping
Jennifer created an e-learning web application where a login form has to be filled by the user entering the application. Jennifer created an 8-byte buffer for the user name file while developing the application. One day, the application halted with denial of service. An attack on the web application due to the incorrect entry of input values in the login screen was then discovered. What caused the denial of service issue?
b. This is due to a buffer overflow attack.
The company that developed the office productivity software used on both static and mobile devices by your organization has audited some code and noticed a potential security issue. To address the issue, they have released and automatically scheduled an update to ensure that all users receive it. Which of the following might still be vulnerable after the patch?
c. Firmware
Which of the following accounts is the least vulnerable to cyberattacks?
c. Personal account
What is NOT a firewall feature?
d. Deceiving attackers
Know the definition of a hub.
A network device that sends information passing through it to any other connected device.
Know the definition of a smurf attack.
A type of denial of service attack where a system is flooded with spoofed ping messages.
Which algorithm can ensure data confidentiality?
AES
What type of an attack is being executed if an attacker substituted an invalid MAC address for the network gateway so no users can access external networks?
ARP Poisoning
Which of the following statements is false?
All of the above statements are true
Name the two most common asymmetric cryptographic algorithms.
DH, RSA
Which technique added to cryptographic algorithms can change a single character of plaintext into multiple characters of ciphertext?
Diffusion
Know that ELLIPTIC CURVE cryptography and DIGITAL SIGNATURE ALGORITHMS are common asymmetric cryptographic algorithms
Elliptic Curve Digital Signature Algorithm
What type of threat is a threat related to the natural surroundings of an enterprise?
Environmental Threat
What type of threat is a threat related to the natural surroundings of an enterprise?
Environmental threat
Which technology should not be included in a SOC information and event management system?
Event log management
At what stage can a certificate no longer be used for any type of authentication?
Expiration
Know that FTP is an unsecured protocol
FTP ports 20/21
T/F - One of the functions of a digital signature is to protect the public key
False
TCP also provides for ___, which is the amount of data that the destination can receive and process reliably.
Flow Control
In a hierarchical CA topology, where can a subordinate CA obtain a certificate for itself?
From the root CA or another subordinate CA at a higher level
What uses location services on mobile devices?
GPS and other location-based apps like Uber.
Know the definition of GEO location
Geolocation
To add authentication to integrity assurance, ___ is used.
HMAC
An early networking device that functioned at layer 1 of the OSI model and added devices to a single segment is known as?
Hub
What is the main weakness associated with the use of passwords?
Human Memory
What is the weakness associated with the use of passwords?
Human memory
After a security incident is verified in a SOC, an incident responder reviews the incident but cannot identify the source of the incident and form an effective mitigation procedure. To whom should the incident tickets be escalated?
A subject matter expert for further investigation
A computer is presenting a user with a screen requesting payment before the user data is allowed to be accessed by the same user. What type of malware is this?
A type of ransomware
Know the definition of a vulnerability scan.
A vulnerability scan detects and classifies system weaknesses in computers and networks.
What item defines the actions a user may perform while accessing systems and networking equipment?
Acceptable Use Policies
Know the definition of an AUP.
Acceptable Use Policy - A list of rules you must follow in order to use a website or Internet service.
What is the entry in an ACL called?
An access control entry (ACE)
When Bob needs to send Alice a message with a digital signature, whose private key is used to encrypt the hash?
Bob's private key
When bob needs to send Alice a message with a digital signature, whose private key is used to encrypt the hash?
Bob's private key
Which type of attack does the use of HMACs protect against?
Brute Force
How can the security information and event management system in a SOC be used to help personnel to fight against security threats?
By collecting and filtering data
Know the definition of an asset.
It's any item that has a positive economic value.
Know Stateful packet filtering and stateless packet filtering:
Stateful packing filtering inspects packets and blocks/allows them based on the source/destination IP or other factors; stateless filtering does not do this (Access Control Lists).
Which layer of the OSI model contains the TCP protocol, which is used for establishing connections and reliable data transport between devices?
Transport Layer
Quinton has been asked to analyze the TTPs of an attack that recently occurred and prepare an SOP to hunt for future treats. When researching the recent attack, Quinton discovered that after penetrating the system, the threat actor moved through the network using elevated credentials. Which technique was the threat actor using to move through the network?
b. Lateral movement
Which agreement specifies how confidential material will be shared between certain parties but restricted to others?
c. Nondisclosure agreement
Which protocol can send cryptographic confirmation that an endpoint is who it claims to be so that ARP poisoning is hindered?
c. SEND
Which of the following protocols can protect network equipment from unauthorized access?
c. SNMP
Which of the following is NOT a characteristic of a trusted platform module (TPM)?
d. TPM includes a pseudorandom number generator.
Which organization is an international nonprofit organization that offers the CISSP certification?
(ISC)2
In both Windows and Linux, what port (number) must be open to provide for Internet (HTTP) access?
80
Which IPV4 address class is designed to support the largest number of host addresses?
A
What is a Certificate practice statement (CPS)?
A document from a certificate authority or a member of a web of trust which describes their practice for issuing and managing public key certificates.
Know the definition of a security policy.
A document that states in writing how a company plans to protect the company's physical and IT assets.
Know the definition of nounce.
An arbitrary number that can be used just once in a cryptographic communication.
Know each OSI layer and what it is responsible for (Not the TCP/IP OSI layer)
Application: Network applications. Presentation: Encoding, formatting, and encryption. Session: Establishes and maintains sessions. Transport: End to end delivery. Network: Transmission of data from one host to another (and routing). Data Link: Node to node delivery of the message. Physical: Physical connections between devices.
What type of cryptography uses the two keys instead of just one, generating both a private and public key?
Asymmetric
Name the type of cryptography which uses two keys instead of just one, generating both a private and a public key?
Asymmetric cryptography
When you bring your own phone to work, it is called?
BYOD
Which enterprise deployment model allows users to use their personal mobile devices for business purposes?
BYOD
What term is used to describe an attack that sends unsolicited messages to Bluetooth enabled devices?
Bluejacking
A Bluetooth attack in which the attacker accesses unauthorized information from a wireless device using a Bluetooth connection, is known as
Bluesnarfing
Most portable devices, and some computer monitors have a special steel bracket security slot built into the case. What is this device called?
Cable Lock
A document that describes in detail how a CA uses and manages certificates, as well as how end users register for a digital certificate, is known as?
Certificate Practice Statement (CPS)
What is the purpose of the cd\ command?
Changes directory to the root directory
When setting up an IPV4 address on a computer, which setting identifies the device used to reach remote networks
Default Gateway
Know that Google Glass is known as Wearable Technology.
Google Glass
What name is given to hackers who hack for a political or social cause?
Hacktivist
Know the definition of confidentiality, integrity, and availability.
Integrity
What type of attack intercepts communication between parties to steal or manipulate the data?
Man-in-the-Middle attack
Which of the following is an input value that must be unique within some specified scope, such as for a given period or an entire session?
Nonce
Which protocol is used to manage network equipment and is supported by most network equipment manufacturers?
SNMP
Know the term used to describe individuals who want to attack computers yet lack the knowledge of computers and networks needed to do so.
Script Kiddies
Which term is used to describe individuals who want to attack computers yet lack the knowledge of computers and networks needed to do so?
Script Kiddies
What is not considered to be one of the three categories of network components?
Services
Know the definition of antivirus.
Software designed to detect and remove computer malware.
Know the definition of an asset.
Something with value to an organization.
Which of the following data types have the highest level of data sensitivity?
a. Confidential
Which of the following refers to the method by which an iOS user can access root privileges on the device?
a. Jailbreaking
In an interview, you are provided the following statements regarding virtualization security. Which statement should you identify as correct?
b. A software-defined network virtualizes parts of the physical network to be more quickly and easily reconfigured.
In a device driver manipulation attack, which of the following changes a device driver's existing code design?
b. Refactoring
Rachel has taken over as a systems administrator of Creative Network, which has a network of 300 computers in two different domains. Rachel has been instructed by the CEO to ensure all employees have access to a certain set of folders on the server. The individual workstations may have the personal data of employees in a particular folder. She was informed that there have been previous instances where employees misused the machines.
c. Rachel should set the least functionality for both servers and user desktops.
Which of the following can be a log data source for investigating a security breach?
c. metadata
Know what a mail gateway is.
A machine that handles connections between networks that run different communications protocols or communications between different networks that use the same protocol.
A digital certificate is equivalent to a(n)
An electronic passport
In order to work in an SOC, it is good to study and earn various cybersecurity certifications. In addition to certifications, which of the skills shown below would be particularly useful in a SOC career?
Computer programming
What is the database in which Windows stores all information about hardware, applications, users and system settings?
In the registry
A firewall that keeps a record of the state of a connection between an internal computer and an external device is using what technology?
Stateful Packet Filtering
Which of the following encrypts one character at a time?
Stream
What is Bluejacking?
The sending of unsolicited messages (spam) over Bluetooth to Bluetooth-enabled devices.
Know the definition of Bluesnarfing.
The unauthorized access of information from a wireless device through a Bluetooth connection.
When two individuals trust each other because of the trust that exists between the individuals and a separate entity, what type of trust has been established?
Third-Party
Which type of vulnerability scan mimics the work of a threat actor who has already exploited a vulnerability and compromised credentials to access the network?
b. Credentialed scan
Which of the following are country-specific requirements that apply to data?
b. Data sovereignty
Which attack creates false deauthentication management frames that appear to come from another client device, which causes the client to disconnect from AP?
b. Disassociation
Which application intercepts user requests from the secure internal network and then processes them on behalf of the user?
b. Forward proxy
Which part of the NIST Cybersecurity frameworks defines the activities needed to attain the different cybersecurity results?
b. Framework core
Which of the following systems combines the functions of a printer, copier, scanner, fax machine, and special-purpose computer with a CPU?
b. MFP
In WPA3, what is designed to increase security at the handshake, when keys are being exchanged, even if the password is small or weak?
b. SAE
Which of the following only encrypts the IP packet data and leaves the header unencrypted?
b. Transport mode
Identifying the attack, containing its spread, recovering, and improving the defenses can be done by which of the following?
c. Preparing incident response plans
Which of the following is a VPN protocol?
c. SSTP
Ricky entered a restricted lab by scanning his finger on the fingerprint scanner outside the door. Which type of authentication credential allowed Ricky to enter the lab?
c. Something you are.
Which of the following best describes artifacts?
c. Technology devices that may contain evidence
You are working in a data center when you suddenly notice a fire in the server room. Which of the following measures should you take first to suppress the fire?
d. Use the stationary fire suppression system
You are the security administrator for an enterprise that follows the bring your own device (BYOD) deployment model. What is the first action that you should take to protect sensitive enterprise data from exposure if an employee device is stolen and can't be located?
d. You should perform a remote wipe.
There are many websites and mobile applications that advertise for jobs in the technology field. Which of the below is not considered one of these sites?
glassdoor.com
In a Windows DOS shell the "dir" command is used to display the contents of the current directory. In Linux what is the equivalent command?
ls
Know the definition of ARP poisoning.
An attack where an attacker changes the Media Access Control (MAC) address and attacks an Ethernet LAN by changing the target computer's ARP cache with a forged ARP request and reply packets. The target computer then unintentionally sends the frames to the hacker's computer first instead of sending it to the original destination.
What specific software can examine a computer for any infections as well as monitor computer activity and scan new documents that might contain a virus?
Antivirus
Name the method four methods for classifying the various instances of malware by using the primary trait that the malware possesses?
Circulation, Infection, Concealment, and Payload Capabilities
Which technology is a means of managing and presenting computer resources by function without regard to their physical layout or location?
Cloud Computing
Name the three protections. Which of the three protections ensures that only authorized parties can view information?
Confidentiality, Integrity, Availability. Confidentiality ensures that only authorized parties can view information.
A web server must be accessible to untrusted outside users. What can be done to isolate this host and any additional hosts with similar requirements from more secured hosts on a network?
Create a DMZ, add necessary hosts
Name the major types of access involving system resources that are controlled by ACLs.
Discretionary, mandatory, role-based
When assessing risks, you found that a customer database in your enterprise has a higher risk calculation than a product database and allocated more resources to protect the customer database. Which risk assessment was used here?
c. Quantitative risk assessment
Which of the following is an attack that affects data availability?
d. DDoS attack
You want to install a non-biometric authentication method to reduce overall costs. Which of the following is the best fit?
d. Security keys
ABC Automobiles is a large manufacturing company based in Munich, Germany. To ensure productivity, all departments like Finance, Purchase, Sales, R&D, Management, etc., are using computers, and for security, each department is placed in different physical and logical networks while interconnected. Johnson, the Vice President of IT, has requested your service in identifying a problem. Details provided by Johnson and your initial probe include the following: The problem started a few weeks ago in the sales department. Videos of six employees working on the computer are shared outside the organization without the users switching on the cameras or the webcam. Their personal phone numbers and email IDs are also found compromised from these devices. At specific times during the day, these computers exhibited substantial amounts of network traffic. Johnson removed these compromised machines from the network immediately to avoid vulnerabilities spreading in the network. He monitored these machines for any unusual behavior for 40 continuous hours. He could not find anything unusual, except that employees who were using these machines were receiving spam messages on their phones. He also scanned these computers using antivirus software but could not find any viruses. He connected these machines back to the network after these checks, but the computers showed the same behaviors. While the infected machines were off the network, a few other machines started showing similar issues, including sudden network traffic during certain times. During the next three days, the Finance and Purchase departments reported similar complaints on their devices. Johnson was contacted yesterday by the IT admin of Silicon Graphics, saying that their web server crashed. A large number of requests coming from various computers at ABC caused the crash. Silicon Graphics's claims were correct; ABC's computers were sending large amounts of HTTP data packets during the specified time. What is your inference based on the discussion with Johnson?
d. This is most probably a bot attack.
In Linux the term CLI referst to the?
Command Line Interface
Which of the following performs a real-time lookup of a certificate status?
b. Online certificate status protocol (OCSP)
John is appointed as a vulnerability assessment engineer in a financial organization. An audit report published by a third-party auditing firm revealed that most of the web servers have cross-site scripting and XML entity injection vulnerabilities. John has been told to perform a vulnerability assessment on these servers to verify if the audit report is valid. He is also told that he should not attempt to engage or exploit any vulnerabilities. By applying his knowledge of vulnerability assessment concepts, which type of vulnerability scanning should John use?
d. Credentialed
Know the definition of Access Control Entry.
It's is an entry in an ACL (ACE).
Know the definition of a security policy.
Security policy, which is A written document that states how an organization plans to protect the company's information technology assets.
What is a malicious computer code that reproduces itself on the same computer?
Virus
Bob is sending a message to John. Which algorithm should John use to ensure that Bob is the actual sender of the message and not anyone else?
b. Digital signature algorithm
You have been instructed to set up a system in a conference room where only trusted employees can access both the secure internal corporate network and the internet, and public users are restricted from accessing the internet from the same network. Which protocol or standard should you use?
b. IEEE 802.1x
Which devices are used as a contactless alternative to cash or a credit card payment system?
b. NFC
Which policy restricts the introduction of malicious programs into an enterprise network or server?
b. Onboarding and offboarding
You want to use different passwords for different accounts by remembering just one password. Which of the following tools fits your need?
b. Password vault
Which of the following classifications of data is least important?
b. Proprietary
Accounting is an important security concept in an enterprise environment. Which of the following best describes accounting in this context?
c. Accounting refers to recording actions of a user on enterprise resources.
Which of the following is the safest authentication method?
c. Authentication using security keys
An enterprise's annual financial statement reported an overall profit when there was actually a loss. Which of the following risks has occurred?
c. Control risk
Which layer of the OSI model is targeted by the threat actors for layer 2 attack?
c. Data link layer
Which of the following provides multiple forensic tools in a single interface?
c. FTK imager
Which of the following is a physical security measure?
c. Industrial camouflage
A zero-day vulnerability has been found in an e-commerce website used to purchase electronics. Neither the website owner nor the general public knows about the vulnerability; it was discovered by a computer security specialist making a purchase. What should the specialist do?
c. Privately share their findings regarding the zero-day vulnerability with the e-commerce company.
Which of the following best describes attacks due to application vulnerabilities that trick the vulnerable application(s) into producing more executable files in the system?
c. Process spawning control
Which objective of secure communications is achieved by encrypting data?
Confidentiality
Which of the three protections ensures that only authorized parties can view information?
Confidentiality
The management in your corporate office needs to group users on the network together logically even though they are attached to separate network switches. How can this be done?
Create a VLAN (Virtual Local Area Network)
The management in your corporate office want to group users on the network together logically even though they are attached to separate network switches.- Know the definition of VLAN.
Create a VLAN and add the users' computers/ports to the correct VLAN
When an attack is designed to prevent authorized users from accessing a system, it is called what kind of attack?
Denial of Service
Which cryptography method provides cryptographic solutions uniquely customized to low-power devices that need to manage resources instead of security constraints?
c. Lightweight cryptography
An attack where the threat actor changes the value of the variable outside of the programmer's intended range is known as _____________.
d. Integer overflow
What type of undocumented yet benign hidden feature launches after a special set of commands, key combinations, or mouse clicks?
Easter Egg
What is SNMP?
Simple Network Management Protocol
The term SNMP is
Simple Network Management Protocol (SNMP)
Typically, certain employees of an organization get texts that update them on various IT activities. If there is a support ticket or downtime, they will receive texts to let them know about the activity. They have started to receive some messages via text instructing them to call the IT help desk at the provided number. When they call the help desk number, a recording asks them for their employee ID. Assuming that the IT department did not send those texts, which of the following social engineering attacks is this?
Smishing
What is geolocation?
The process of finding, determining, and providing the exact physical location of a computer or other device.
Know the definition of third-party trust.
Third-party trust refers to a situation in which two individuals implicitly trust each other even though they have not previously established a personal relationship.
Which scan examines the current security, using a passive method?
Vulnerability Scan
What is the default Virus/Malware protection program provided by windows?
Windows Defender
What is the name of the following is malicious computer code that reproduces itself on the same computer?
Worm
Which of the following contains self propagation mechanism.
Worm
Which IETF standard defines the PKI digital certificate format?
X.590
Which of the following trust models has only one CA signing digital certificates?
a. Hierarchical trust model
Which of the following recovery sites is more expensive to maintain?
a. Hot site
Why is the UEFI framework considered to be better than the BIOS framework?
a. It has a better user interface and supports remote troubleshooting.
You are the security administrator in your organization and have been asked to choose a deployment method that ensures the utmost security, where the data is stored in a centralized server and can be accessed by authorized employees using their own devices. Which of the following should you choose?
a. Virtual desktop infrastructure (VDI)
Your firewall is configured to deny all packets from the address range 192.110.20.30-192.110.20.100, but you want to allow packets from 192.168.20.73. How should you resolve this issue?
b. Make a force allow rule for source address 192.168.20.73.
In a practical test, you are given a computer with a Windows host OS. You are asked to install a guest machine with Linux OS. What should you do?
b. Use Type II hypervisor program
Which configuration of WLANs has the following flaws? The last PIN character is only a checksum. The PIN is divided into two shorter values. There is no lockout limit for entering PINs.
b. WPS
Which of the following is an improvement of UEFI over BIOS?
b. enhanced boot security
Frank is authorized to issue mandatory security guidelines for IoT device manufacturers in the United States. Which of the following guidelines should Frank NOT issue?
c. The devices should present a cost-effective solution for consumers.
The mean time to recovery (MTTR) of a system is zero. What does this imply?
c. The system is highly resilient.
Hassan has been asked to choose a mobile management tool that can provide a single management interface for application, content, and device management. Which of the following is the best solution?
c. Unified environment management (UEM) tool
Which category of cybersecurity vulnerability is exploited by attackers before anyone else knows about it?
c. Zero day
Which keys are supposed to be kept confidential and not shared with anyone?
d. Private key
Name the type of undocumented yet benign hidden feature launches after a special set of commands, key combinations, or mouse clicks?
Easter egg
Which of the following types of hackers are strongly motivated by ideology?
Hacktivists
Which statement describes the use of hashing?
Hashing can be used to detect accidental changes, but does not protect against deliberate changes.
What term is frequently used to describe the tasks of securing information that is in a digital format?
Information Security
Which term below is frequently used to describe the tasks of securing information that is in a digital format?
Information Security
Name the three functions of a digital signature.
Integrity, Authentication, Non-repudiation
In a modern computer network, end devices are connected to the network
Intermediary devices
What is a rogue wireless hotspot?
Is a hotspot that appears to be from a legitimate business but was actually set up by someone without the permission from the business
What is cyber warfare?
It is an attack designed to disrupt, corrupt, or exploit national interests.
Which group is generally not considered to be a potential cybercrime victim?
Linux Programmers
Know that mobile devices with GPS make use of Location Services.
Location Services
Which is not a symmetric encryption algorithm?
MD5
What specific software can examine a computer for any infections as well as monitor computer activity and scan new documents that might contain a virus?
Mail Gateway
What type of attack intercepts communication between parties to steal or manipulate the data ?
Man-in-the-middle
What type of management system below can help distribute and manage public and corporate apps?
Mobile device management
What is NTP?
Network Time Protocol (NTP)
How do you protect a web server from outside threats?
Only have necessary services running; harden the OS; put the server behind a firewall; use input validation; audit logs; perform regular backups.
Computer programming is an essential skill for anyone wishing to pursue a career in cybersecurity. What might be a good "first language to learn" when learning to program?
Python
Which of the following is NOT a digital certificate that authenticates the source, guarantees the integrity of the data, and provides non-repudiation for the transaction?
SMTP
Which one of the following is not a means to secure network infrastructure devices and hosts?
SMTP protocols
What position is considered an entry-level position for a person who has the necessary technical skills?
Security Technician
For which of the following systems is resilience through redundancy the least important?
a. Desktops
Joseph, a black hat hacker, is approached by Sigma Technology to check the enterprise's security. He is told that the system is being checked to verify whether the higher-security mode of operations is moved automatically to another version during a cyberattack on the network, making it easier to attack. Which mode should Joseph use to test this vulnerability, and why?
a. Downgrade attack because, in a downgrade attack, an attacker forces the system to abandon the current mode of operation and instead move it to implement a less secure mode.
What is a thin client?
b. A thin client is a computer that runs from resources stored on a central cloud server.
For which of the following is the encapsulating security payload (ESP) protocol applied?
b. Confidentiality
Which wireless probe is designed exclusively to monitor the airwaves for RF transmissions?
b. Dedicated probes
Shaun is an external penetration testing consultant. The Chief Information Security Officer (CISO) of the organization he is working with indicated that none of the internal higher management executives should receive any kind of spear-phishing emails during Shaun's testing. Which part of the rules of engagement would cover this limitation?
b. Internal targets
Meta is a penetration testing engineer assigned to pen test the security firm's network. So far, she cannot tunnel through the network looking for additional systems accessible through advanced privileges. What should Meta do to gain repeated and long-term access to the system in the future?
b. Perform backdoor installation
Which of the below cryptographic protocol is an encrypted alternative to the Telnet protocol used to access remote computers?
b. Secure shell (SSH)
Which of the following best describes password spraying?
b. Trying a common password on different user accounts
Your enterprise network's security was breached when a non-employee connected a device to the network. In a security review meeting, you were asked to employ appropriate measures to prevent this from happening in the future while, at the same time, continuing to allow outsiders to connect to the network. Which of the following actions should you take?
c. Set up a network access control
David, a software engineer, recently bought a brand new laptop because his enterprise follows the BYOD (bring your own device) model. David was part of a software development project where the software code was leaked before its release. Further investigation proved that a vulnerability in David's laptop caused the exposure. David insists he never used the laptop to access any network or integrate any devices, and the laptop was kept in a vault while not in use. Which of the following attack vectors was used by the threat actor?
c. Supply chain
PDC Bank is working on creating an AI application that enables customers to send SMS to the AI application to allow banking activities from their registered ID. Jane, the project engineer, has taken bank customer data from the last few years from the server and is using it to train the ML to recognize and authenticate actual users and to ensure unauthorized users are barred from entering the application. Suppose the AI application has been compromised, and the reason has been identified as compromised data being used to improve the ML accuracy. What kind of attack is the PDC Bank application subjected to?
c. Tainted training data for ML
