Systems Security 1 Final Exam Review
Which of the following is false about the CompTIA Security+ certification? a. Professionals who hold the Security+ certification earn about the same or slightly less than security professionals who have not achieved this certification. b. The Security+ certification is a vendor-neutral credential. c. Security+ is internationally recognized as validating a foundation level of security skills and knowledge. d. Security+ is one of the most widely acclaimed security certifications
Professionals who hold the Security+ certification earn about the same or slightly less than security professionals who have not achieved this certification.
What can be used to provide both filesystem security and database security? a. ACLs b. RBASEs c. LDAPs d. CHAPs
a. ACLs
If Bob wants to send a secure message to Alice using an asymmetric cryptographic algorithm, which key does he use to encrypt the message? a. Alice's public key b. Bob's public key c. Alice's private key d. Bob's private key
a. Alice's public key
Which group is responsible for the Cloud Controls Matrix? a. CSA b. OSINT c. NIST d. CIS
a. CSA
Which one-time password is event driven? a. HOTP b. POTP c. ROTP d. TOTP
a. HOTP
An IOC occurs when what metric exceeds its normal bounds? a. KRI b. EXR c. LRG d. IRR
a. KRI
Which WPA3 security feature is designed to increase security at the time of the handshake? a. SAE b. OWE c. MIT d. WEP
a. SAE
Which type of hypervisor runs directly on the computer's hardware? a. Type I b. Type III c. Type II d. Type IV
a. Type I
Which of the following is NOT a context-aware authentication? a. Trusted places b. On-body detection c. Trusted devices d. Trusted contacts
b. On-body detection
Which of these is NOT an incident response process step? a. Recovery b. Reporting c. Lessons learned d. Eradication
b. Reporting
Tilde is working on a contract with the external penetration testing consultants. She does not want any executives to receive spear-phishing emails. Which rule of engagement would cover this limitation? a. Exploitation b. Scope c. Limitations and exclusion d. Targets
b. Scope
Which is a protocol for securely accessing a remote computer in order to issue a command? a. Secure Sockets Layer (SSL) b. Secure Shell (SSH) c. Secure Hypertext Transport Protocol (SHTTP) d. Transport Layer Security (TLS)
b. Secure Shell (SSH)
Which of the following should be performed in advance of an incident? a. Containment b. Segmentation c. Capture d. Isolation
b. Segmentation
Which of the following is an application protocol for exchanging cyberthreat intelligence over HTTPS? a. STIX b. TAXII c. TCP-Over-Secure (ToP) d. AIP-TAR
b. TAXII
What word is used today to refer to network-connected hardware devices? a. Device b. Client c. Endpoint d. Host
c. Endpoint
What is data called that is to be encrypted by inputting it into a cryptographic algorithm? a. Byte-text b. Ciphertext c. Plaintext d. Cleartext
c. Plaintext
Which of the following groups use Advanced Persistent Threats? a. Criminal syndicates b. Shadow IT c. State actors d. Brokers
c. State actors
What is the category of threat actors that sell their knowledge of vulnerabilities to other attackers or governments? a. Resource managers b. Cyberterrorists c. Competitors d. Brokers
d. Brokers
Raul has been asked to serve as the individual to whom day-to-day actions have been assigned by the owner. What role is Raul taking? a. Data privacy officer b. Data controller c. Data processor d. Data custodian/steward
d. Data custodian/steward
Alicja is working on a project to deploy automated guided vehicles on the industrial shop floor of the manufacturing plant in which she works. What location of computing would be best for this project? a. Remote b. Off-premises c. Edge d. Fog
d. Fog
Which of the following is not a recognized attack vector? a. Email b. Supply chain c. Social media d. On-prem
d. On-prem
Which of these is NOT a response to risk? a. Avoidance b. Transference c. Mitigation d. Resistance
d. Resistance
Which of the following is NOT a characteristic of a penetration test? a. Finds deep vulnerabilities b. Automated c. Performed occasionally d. May use internal employees or external consultants
b. Automated
How is confidentiality achieved through IPsec? a. AHA b. ESP c. ISAKMP d. AuthX
b. ESP
Which of the following is NOT a means by which a threat actor can perform a wireless denial of service attack? a. Disassociation b. IEEE 802.iw separate c. Jamming d. Manipulate duration field values
b. IEEE 802.iw separate
Which of the following sensors can detect an object that enters the sensor's field? a. Field detection b. Proximity c. Object recognition d. IR verification
b. Proximity
Sofie needs to configure the VPN to preserve bandwidth. Which configuration would she choose? a. Full tunnel b. Split tunnel c. Wide tunnel d. Narrow tunnel
b. Split tunnel
Which of the following is NOT a firewall rule parameter? a. Action b. Visibility c. Context d. Time
b. Visibility
Which privacy protection uses four colors to indicate the expected sharing limitations that are to be applied by recipients of the information? a. CISA b. FOIA c. TLP d. PCII
c. TLP
Who verifies the authenticity of a CSR? a. Certificate signatory b. Registration authority c. Signature authority d. Certificate authority
d. Certificate authority
What is the difference between a Trojan and a RAT? a. A RAT gives the attacker unauthorized remote access to the victim's computer. b. A Trojan can carry malware while a RAT cannot. c. A RAT can infect only a smartphone and not a computer. d. There is no difference
a. A RAT gives the attacker unauthorized remote access to the victim's computer.
In which of the following configurations are all the load balancers always active? a. Active-active b. Active-load-passive-load c. Passive-active-passive d. Active-passive
a. Active-active
Which tool is most commonly associated with state actors? a. Advanced Persistent Threat (APT) b. Closed-Source Resistant and Recurrent Malware (CSRRM) c. Network Spider and Worm Threat (NSAWT) d. Unlimited Harvest and Secure Attack (UHSA)
a. Advanced Persistent Threat (APT)
Which of the following is NOT a means by which a newly approved root digital certificate is distributed? a. Application updates b. Pinning c. OS updates d. Web browser updates
a. Application updates
Giovanni is completing a report on risks. To which risk option would he classify the action that the organization has decided not to construct a new a data center because it would be located in an earthquake zone? a. Avoidance b. Rejection c. Prevention d. Transference
a. Avoidance
Gabriel's sister called him about a message that suddenly appeared on her screen that says her software license has expired and she must immediately pay $500 to have it renewed before control of the computer will be returned to her. What type of malware has infected her computer? a. Blocking ransomware b. Cryptomalware c. Persistent lockware d. Impede-ware
a. Blocking ransomware
Which of the following is a federal initiative that is designed to encourage organizations to address how critical operations will continue under a broad range of negative circumstances? a. COOP b. BIA c. MTBF d. DPPR
a. COOP
In her job interview, Xiu asks about the company policy regarding smartphones. She is told that employees may choose from a limited list of approved devices but that she must pay for the device herself; however, the company will provide her with a monthly stipend. Which type of enterprise deployment model does this company support? a. CYOD b. Corporate owned c. BYOD d. COPE
a. CYOD
Margaux is reviewing the corporate policy that stipulates the processes to be followed for implementing system changes. Which policy is she reviewing? a. Change control policy b. Change modification policy c. Change format policy d. Change management policy
a. Change control policy
_____ biometrics is related to the perception, thought processes, and understanding of the user. a. Cognitive b. Behavioral c. Intelligent d. Standard
a. Cognitive
Which of these is NOT a characteristic of a secure hash algorithm? a. Collisions should occur no more than 15 percent of the time. b. A message cannot be produced from a predefined hash. c. The hash should always be the same fixed size. d. The results of a hash function should not be reversed.
a. Collisions should occur no more than 15 percent of the time.
What does an incremental backup do? a. Copies all files changed since the last full or incremental backup b. Copies all files since the last full backup c. Copies only user-selected files d. Copies all files
a. Copies all files changed since the last full or incremental backup
What entity calls in crypto modules to perform cryptographic tasks? a. Crypto service provider b. Intermediate CA c. Certificate Authority (CA) d. OCSP
a. Crypto service provider
Tomaso is explaining to a colleague the different types DNS attacks. Which DNS attack would only impact a single user? a. DNS poisoning attack b. DNS overflow attack c. DNS hijack attack d. DNS resource attack
a. DNS poisoning attack
Which of the following is NOT a consequence to an organization that has suffered a data security breach? a. De-escalation of reporting requirements b. IP theft c. Monetary fine d. Reputation damage
a. De-escalation of reporting requirements
Nadia has been asked to perform dynamic resource allocation on specific cloud computing resources. What action is Nadia taking? a. Deprovisioning resources that are no longer necessary b. Creating security groups to segment computing resources into logical groupings that form network perimeters c. Expanding the visibility of intrusion prevention devices d. Decreasing the network bandwidth to the cloud
a. Deprovisioning resources that are no longer necessary
Minh has been asked to recommend an EAP for a system that uses both passwords and tokens with TLS. Which should she recommend? a. EAP-FAST b. EAP-TTLS c. EAP-SSL d. EAP-TLS
a. EAP-FAST
Which of the following threats would be classified as the actions of a hactivist? a. External threat b. Internal threat c. Environmental threat d. Compliance threat
a. External threat
Which of the following functions does a network hardware security module NOT perform? a. Fingerprint authentication b. Random number generator c. Key exchange d. Key management
a. Fingerprint authentication
Calix was asked to protect a system from a potential attack on DNS. What are the locations he would need to protect? a. Host table and external DNS server b. Web server buffer and host DNS server c. Web browser and browser add-on d. Reply referrer and domain buffer
a. Host table and external DNS server
Thea has received a security alert that someone in London attempted to access the email account of Sigrid, who had accessed it in Los Angeles one hour before. What feature determined an issue and send this alert to Thea? a. Impossible Travel b. Remote IP address c. Incompatible Location d. Risky IP address
a. Impossible Travel
Fatima has just learned that employees have tried to install their own wireless router in the employee lounge. Why is installing this rogue AP a security vulnerability? a. It allows an attacker to bypass network security configurations. b. It uses the weaker IEEE 80211i protocol. c. It requires the use of vulnerable wireless probes on all mobile devices. d. It conflicts with other network firewalls and can cause them to become disabled.
a. It allows an attacker to bypass network security configurations.
Which statement regarding a demilitarized zone (DMZ) is NOT true? a. It contains servers that are used only by internal network users. b. It can be configured to have one or two firewalls. c. It typically includes an email or web server. d. It provides an extra degree of security.
a. It contains servers that are used only by internal network users.
How does BPDU guard provide protection? a. It detects when a BPDU is received from an endpoint. b. BPDUs are encrypted so that attackers cannot see their contents. c. All firewalls are configured to let BPDUs pass to the external network. d. It sends BPDU updates to all routers.
a. It detects when a BPDU is received from an endpoint.
Which of the following is FALSE about a quarantine process? a. It holds a suspicious application until the user gives approval. b. It can send a sanitized version of the attachment. c. It can send a URL to the document that is on a restricted computer. d. It is most often used with email attachments.
a. It holds a suspicious application until the user gives approval.
Which of the following is NOT true about RAID? a. It is designed primarily to backup data. b. Nested levels can combine other RAID levels. c. It can be implemented in hardware or software. d. The most common levels of RAID are Level 0, 1, 5, 6, and 10.
a. It is designed primarily to backup data.
What does containerization do? a. It separates personal data from corporate data. b. It slows down a mobile device to half speed. c. It places all keys in a special vault. d. It splits operating system functions only on specific brands of mobile devices.
a. It separates personal data from corporate data.
How is key stretching effective in resisting password attacks? a. It takes more time to generate candidate password digests. b. It requires the use of GPUs. c. It does not require the use of salts. d. The license fees are very expensive to purchase and use it.
a. It takes more time to generate candidate password digests.
Which of the following is NOT a characteristic of malware? a. Launch b. Diffusion c. Imprison d. Deceive
a. Launch
Deacon has observed that the switch is broadcasting all packets to all devices. He suspects it is the result of an attack that has overflowed the switch MAC address table. Which type of attack is this? a. MAC flooding attack b. MAC spoofing attack c. MAC overflow attack d. MAC cloning attack
a. MAC flooding attack
The CEO is frustrated by the high costs associated with security at the organization and wants to look at a third party assuming part of their cybersecurity defenses. Nikola has been asked to look into acquiring requests for proposal (RFPs) from different third parties. What are these third-party organizations called? a. MSSPs b. MHerrs c. MSecs d. MPSs
a. MSSPs
What is the average amount of time that it will take a device to recover from a failure that is not a terminal failure? a. MTTR b. MTBF c. RPO d. RTO
a. MTTR
Which of the following control categories includes conducting workshops to help users resist phishing attacks? a. Managerial b. Operational c. Administrative d. Technical
a. Managerial
Hanna has received a request for a data set of actual data for testing a new app that is being developed. She does not want the sensitive elements of the data to be exposed. What technology should she use? a. Masking b. PII Hiding c. Data Object Obfuscation (DOO) d. Tokenization
a. Masking
Linnea is researching a type of storage that uses a single storage device to serve files over a network and is relatively inexpensive. What type of storage is Linnea researching? a. NAS b. ARI c. SAN d. RAID
a. NAS
Ilya has been asked to recommend a federation system technology that is an open source federation framework that can support the development of authorization protocols. Which of these technologies would he recommend? a. OAuth b. Open ID c. Shibboleth d. NTLM
a. OAuth
Proteus has been asked to secure endpoints that can be programmed and have an IP address so that they cannot be used in a DDoS attack. What is the name for this source of DDoS attack? a. Operational Technology b. Network c. IoT d. Application
a. Operational Technology
Which attack uses one or a small number of commonly used passwords to attempt to log in to several different user accounts? a. Password spraying attack b. Role attack c. Offline brute force attack d. Online brute force attack
a. Password spraying attack
Which of the following is not an issue with patching? a. Patches address zero-day vulnerabilities b. Delays in patching OSs c. Few patches exist for application software d. Difficulty patching firmware
a. Patches address zero-day vulnerabilities
Which commercial data classification level would be applied to a data set of the number of current employees at an organization and would only cause a small amount of harm if disclosed? a. Public b. Private c. Confidential d. Open
a. Public
Which of these is used to send SMS text messages to selected users or groups of users? a. Push notification services b. Pull notification services c. Replay notification distribution (RND) d. MAM mass SMS
a. Push notification services
Adabella was asked by her supervisor to adjust the frequency spectrum settings on a new AP. She brought up the configuration page and looked through the different options. Which of the following frequency spectrum settings would she NOT be able to adjust? a. RFID spectrum b. Channel selection c. Channel width d. Frequency band
a. RFID spectrum
Brielle is researching substitution ciphers. She came across a cipher in which the entire alphabet was rotated 13 steps. What type of cipher is this? a. ROT13 b. XOR c. XAND13 d. Alphabetic
a. ROT13
Linnea has requested to be placed on the penetration testing team that scans for vulnerabilities to exploit them. Which team does she want to be placed on? a. Red Team b. White Team c. Blue Team d. Purple Team
a. Red Team
Which of the following are developed by established professional organizations or government agencies using the expertise of seasoned security professionals? a. Regulations b. White papers c. Legislation d. Benchmarks
a. Regulations
What are documents that are authored by technology bodies employing specialists, engineers, and scientists who are experts in those areas? a. Requests for comments (RFCs) b. Blue papers c. Cybersecurity feeds d. White notebooks
a. Requests for comments (RFCs)
Which of the following virtualizes parts of a physical network? a. SDN b. SDA c. SDX d. SDV
a. SDN
Which of the following is not a legally enforceable agreement but is still more formal than an unwritten agreement? a. SLA b. MSA c. MOU d. BPA
a. SLA
Which of the following manipulates the trusting relationship between web servers? a. SSRF b. CSRF c. SCSI d. EXMAL
a. SSRF
Which stage conducts a test that will verify the code functions as intended? a. Staging stage b. Development stage c. Testing stage d. Production stage
a. Staging stage
Emilie is reviewing a log file of a new firewall. She notes that the log indicates packets are being dropped for incoming packets for which the internal endpoint did not initially create the request. What kind of firewall is this? a. Stateful packet filtering b. Proxy firewall c. Connection-aware firewall d. Packet filtering firewall
a. Stateful packet filtering
Which of the following is not an improvement of UEFI over BIOS? a. Support of USB 3.0 b. Stronger boot security c. Networking functionality in UEFI d. Access larger hard drives
a. Support of USB 3.0
What is the term used to describe the connectivity between an organization and a third party? a. System integration b. Resource migration c. Network layering d. Platform support
a. System integration
Which of the following is typically a monthly discussion of a scenario conducted in an informal and stress-free environment to evaluate an incident response plan? a. Tabletop b. Walkthrough c. Simulation d. Incident Response Plan Evaluation (IRP-E)
a. Tabletop
What race condition can result in a NULL pointer/object dereference? a. Time of check/time of use race condition b. Conflict race condition c. Value-based race condition d. Thread race condition
a. Time of check/time of use race condition
Which of the following is NOT a Microsoft defense against macros? a. Trusted domain b. Trusted documents c. Protected View d. Trusted location
a. Trusted domain
Which of the following is NOT a general information source that can provide valuable in-depth information on cybersecurity? a. Twitter b. Local industry groups c. Vendor websites d. Conferences
a. Twitter
Which of the following is NOT a NAC option when it detects a vulnerable endpoint? a. Update Active Directory to indicate the device is vulnerable. b. Give restricted access to the network. c. Deny access to the network. d. Connect to a quarantine network.
a. Update Active Directory to indicate the device is vulnerable.
Which of these is NOT a risk when a home wireless router is not securely configured? a. Wireless endpoints must be manually approved to connect to the WLAN. b. Usernames, passwords, credit card numbers, and other information sent over the WLAN could be captured by an attacker. c. An attacker can steal data from any folder with file sharing enabled. d. Malware can be injected into a computer connected to the WLAN.
a. Wireless endpoints must be manually approved to connect to the WLAN.
Which of the following is known as a network virus? a. Worm b. C&C c. TAR d. Remote exploitation virus (REV)
a. Worm
Which utility sends custom TCP/IP packets? a. hping b. curl c. pingpacket d. shape
a. hping
Which of the following is a Linux utility that displays the contents of system memory? a. memdump b. dd c. WinHex d. Autopsy
a. memdump
Which tool is an open source utility for UNIX devices that includes content filtering? a. syslog-ng b. nxlog c. rsyslog d. syslog
a. syslog-ng
Gregory wants to look at the details about the patch a packet takes from his Linux computer to another device. Which Linux command-line utility will he use? a. traceroute b. tracert c. tracepacket d. trace
a. traceroute
Oskar has been receiving emails about critical threat intelligence information from a public information sharing center. His team leader has asked him to look into how the process can be automated so that the information can feed directly into their technology security. What technology will Oskar recommend? a. Linefeed Access b. Automated Indicator Sharing (AIS) c. Bidirectional Security Protocol (BSP) d. Lightwire JSON Control
b. Automated Indicator Sharing (AIS)
What device is always running off its battery while the main power runs the battery charger? a. Online UPS b. Backup UPS c. Offline UPS d. Secure UPS
b. Backup UPS
Timur was making a presentation regarding how attackers break passwords. His presentation demonstrated the attack technique that is the slowest yet most thorough attack that is used against passwords. Which of these password attacks did he demonstrate? a. Custom attack b. Brute force attack c. Hybrid attack d. Dictionary attack
b. Brute force attack
Which type of memory vulnerability attack manipulates the "return address" of the memory location of a software program? a. Factor overflow attack b. Buffer overflow attack c. Integer overflow attack d. Shim overflow attack
b. Buffer overflow attack
Which of these is the encryption protocol for WPA2? a. CBD-MAC b. CCMP c. CPB d. CMAC-RSTS
b. CCMP
What is the name of the device protected by a digital certificate? a. V2X2 b. CN c. TLXS d. RCR
b. CN
What is a platform used to provide telephony, video, and web conferences that can serve as an entry point to a threat actor? a. SIP b. Call manager c. VoIP d. IP voice
b. Call manager
What is the name of the fields in an X.509 digital certificate that are used when the parties negotiate a secure connection? a. Electronic Code Book (ECB) repositories b. Certificate attributes c. CTR d. PFX
b. Certificate attributes
A centralized directory of digital certificates is called a(n) _____. a. Authorized digital signature (ADS) b. Certificate repository (CR) c. Digital signature permitted authorization (DSPA) d. Digital signature approval List (DSAP)
b. Certificate repository (CR)
Which of the following does NOT describe an area that separates threat actors from defenders? a. DMZ b. Containment space c. Air gap d. Secure area
b. Containment space
What is a disadvantage of biometric readers? a. Speed b. Cost c. Weight d. Standards
b. Cost
Which of these is NOT used in scheduling a load balancer? a. Round-robin b. Data within the application message itself c. The IP address of the destination packet d. Affinity
b. Data within the application message itself
Ella wants to research an attack framework that incorporates adversary, infrastructure, capability, and victim. Which of the following would she choose? a. Cyber Kill Chain b. Diamond Model of Intrusion Analysis c. Mitre ATT&CK d. Basic-Advanced Incident (BAI) Framework
b. Diamond Model of Intrusion Analysis
Angelo has received notification that a business partner will no longer sell or update a specific product. What type of notification is this? a. EOS b. EOA c. EOL d. EOP
b. EOA
Which of the following will NOT protect a container? a. Only use containers in a protected cloud environment. b. Eliminate APIs. c. Use reduced-visibility images to limit the risk of a compromise. d. Use a hardened OS
b. Eliminate APIs.
Which of the following is NOT a means by which a bot communicates with a C&C device? a. Command sent through Twitter posts b. Email c. Signing in to a third-party website d. Signing in to a website the bot herder operates
b. Email
Which firewall rule action implicitly denies all other traffic unless explicitly allowed? a. Bypass b. Force Deny c. Force Allow d. Allow
b. Force Deny
What is the process of identifying the geographical location of a mobile device? a. Geomonitoring b. Geolocation c. GeoID d. Geotracking
b. Geolocation
Which of the following is NOT true about data sovereignty? a. Generally, data is subject to the laws of the country in which it is collected or processed. b. Governments cannot force companies to store data within specific countries. c. Data sovereignty is a concept that until recently was less of an issue. d. Regulations are not necessarily on where an organization is headquartered.
b. Governments cannot force companies to store data within specific countries.
Which ISO contains controls for managing and controlling risk? a. ISO 27555 b. ISO 31000 c. ISO XRS d. ISO 271101
b. ISO 31000
Which of these is a 24-bit value that changes each time a packet is encrypted and then is combined with a shared secret key? a. SSD b. IV c. RC d. SL
b. IV
Which of the following is NOT a reason that threat actors use PowerShell for attacks? a. It cannot be detected by antimalware running on the computer. b. It can be invoked prior to system boot. c. Most applications flag it as a trusted application. d. It leaves behind no evidence on a hard drive.
b. It can be invoked prior to system boot.
Which of the following is true about secrets management? a. It can only be used on-prem for security but has a connection to the cloud. b. It provides a central repository. c. It cannot be audited for security purposes. d. It requires AES-512.
b. It provides a central repository.
Which of these is NOT a security feature for locating a lost or stolen mobile device? a. Thief picture b. Last known good configuration c. Remote lockout d. Alarm
b. Last known good configuration
What is a definition of RPO? a. The frequency that data should be backed up b. Length of time it will take to recover data that has been backed up c. The maximum length of time that can be tolerated between backups d. How a backup utility reads an archive bit
b. Length of time it will take to recover data that has been backed up
Which access control scheme is the most restrictive? a. DAC b. MAC c. Role-Based Access Control d. Rule-Based Access Control
b. MAC
Which tool manages the distribution and control of apps? a. MCM b. MAM c. MFM d. MDM
b. MAM
Which of the following is the Microsoft version of EAP? a. EAP-MS b. MS-CHAP c. AD-EAP d. PAP-Microsoft
b. MS-CHAP
Aaliyah has been asked to do research in a new payment system for the retail stores that her company owns. Which technology is predominately used for contactless payment systems that she will investigate? a. Wi-Fi b. Near field communication (NFC) c. Radio frequency ID (RFID) d. Bluetooth
b. Near field communication (NFC)
Which of the following is not a reason why a legacy platform has not been updated? a. An application only operates on a specific OS version b. No compelling reason for any updates c. Limited hardware capacity d. Neglect
b. No compelling reason for any updates
Which of the following is a standard for the handling of customer card information? a. OSS XRS b. PCI DSS c. DRD STR d. RMR CDC
b. PCI DSS
Which of the following should NOT be stored in a secure password database? a. Salt b. Plaintext password c. Password digest d. Iterations
b. Plaintext password
Ebba has received a new initiative for her security team to perform an in-house penetration test. What is the first step that Ebba should undertake? a. Budgeting b. Planning c. Approval d. Documentation
b. Planning
Blaise needs to create a document that is a linear-style checklist of required manual steps and actions needed to successfully respond to a specific type of incident. What does she need to create? a. Runbook b. Playbook c. ARC Codebook d. SIEM-book
b. Playbook
Leah is researching information on firewalls. She needs a firewall that allows for more generic statements instead of creating specific rules. What type of firewall should Leah consider purchasing that supports her need? a. Proprietary firewall b. Policy-based firewall c. Content/URL filtering firewall d. Hardware firewall
b. Policy-based firewall
What are the two concerns about using public information sharing centers? a. Regulatory approval and sharing b. Privacy and speed c. Security and privacy d. Cost and availability
b. Privacy and speed
Sergio has been asked to make a set of data that was once restricted now available to any users. What data type will Sergio apply to this set of data? a. Available b. Public c. Open d. Unrestricted
b. Public
Which of the following approaches to risk calculation typically assigns a numeric value (1-10) or label (High, Medium, or Low) to represent a risk? a. Quantitative risk calculation b. Qualitative risk calculation c. Policy-based risk calculation d. Rule-based risk calculation
b. Qualitative risk calculation
Which of the following technologies can convert a texting app into a live chat platform? a. SMS b. RCS c. QR d. MMS
b. RCS
What is a difference between NFC and RFID? a. RFID is faster than NFC. b. RFID is designed for paper-based tags while NFC is not. c. NFC is based on wireless technology while RFID is not. d. NFC devices cannot pair as quickly as RFID devices.
b. RFID is designed for paper-based tags while NFC is not.
What term refers to changing the design of existing code? a. Library manipulation b. Refactoring c. Shimming d. Design driver manipulation
b. Refactoring
Which is the final rule of engagement that would be conducted in a pen test? a. Cleanup b. Reporting c. Exploitation d. Communication
b. Reporting
Which of these is NOT a basic security protection for information that cryptography can provide? a. Integrity b. Risk c. Authenticity d. Confidentiality
b. Risk
What is a list of potential threats and associated risks? a. Risk portfolio b. Risk register c. Risk matrix d. Risk assessment
b. Risk register
Banko's sister has just downloaded and installed an app that allows her to circumvent the built-in limitations on her Android smartphone. What is this called? a. Jailbreaking b. Rooting c. Ducking d. Sideloading
b. Rooting
Which of the following provides the highest level of security? a. FTPS b. SFTP c. XFTP d. FTP
b. SFTP
Cicero is researching hash algorithms. Which algorithm would produce the longest and most secure digest? a. MD5 b. SHA3-512 c. SHA6-6 d. SHA-256
b. SHA3-512
Which of the following can automate an incident response? a. SOSIA b. SOAR c. SIEM d. CVCC
b. SOAR
Which of the following is true regarding the relationship between security and convenience? a. Security and convenience are equal in importance. b. Security and convenience are inversely proportional. c. Security and convenience have no relationship. d. Security is less importance than convenience.
b. Security and convenience are inversely proportional.
Cheryl has been asked to set up a user account explicitly to provide a security context for services running on a server. What type of account will she create? a. Generic account b. Service account c. Privilege account d. User account
b. Service account
_____ are symmetric keys to encrypt and decrypt information exchanged during the session and to verify its integrity. a. Encrypted signatures b. Session keys c. Digital digests d. Digital certificates
b. Session keys
Which statement regarding a keylogger is NOT true? a. Keyloggers can be used to capture passwords, credit card numbers, or personal information. b. Software keyloggers are generally easy to detect. c. Hardware keyloggers are installed between the keyboard connector and computer keyboard USB port. d. Software keyloggers can be designed to send captured information automatically back to the attacker through the Internet.
b. Software keyloggers are generally easy to detect.
What is the result of an ARP poisoning attack? a. MAC addresses are altered. b. The ARP cache is compromised. c. Users cannot reach a DNS server. d. An internal DNS must be used instead of an external DNS.
b. The ARP cache is compromised.
Which of these is NOT a reason that users create weak passwords? a. A security policy requires a password to be changed regularly. b. The length and complexity required force users to circumvent creating strong passwords. c. Having multiple passwords makes it hard to remember all of them. d. A lengthy and complex password can be difficult to memorize.
b. The length and complexity required force users to circumvent creating strong passwords.
What is low latency? a. The requirements for an IoT device that is using a specific network. b. The time between when a byte is input into a cryptographic cipher and when the output is obtained. c. The delay between when a substitution cipher decrypts the first block and when it finishes with the last block. d. A low-power source requirement of a sensor.
b. The time between when a byte is input into a cryptographic cipher and when the output is obtained.
Olivia is explaining to a friend about digital certificates. Her friend asks what two entities a digital certificate associates or binds together. What would Olivia say? a. A private key with a digital signature b. The user's identity with their public key c. The user's symmetric key with the public key d. The user's public key with their private key
b. The user's identity with their public key
What is the purpose of certificate chaining? a. To lookup the name of intermediate RA b. To group and verify digital certificates c. To ensure that a web browser has the latest root certificate updates d. To hash the private key
b. To group and verify digital certificates
What is an objective of state-sponsored attackers? a. To sell vulnerabilities to the highest bidder b. To spy on citizens c. To right a perceived wrong d. To amass fortune over of fame
b. To spy on citizens
Which of the following can a digital certificate NOT be used for? a. To encrypt channels to provide secure communication between clients and servers b. To verify the authenticity of the CA c. To encrypt messages for secure email communications d. To verify the identity of clients and servers on the Web
b. To verify the authenticity of the CA
Wiktoria is frustrated that her company is using so many different cloud services that span multiple cloud provider accounts and even different cloud providers. She wants to implement a technology to give full control and visibility over all the cloud resources, including network routing and security. What product does Wiktoria need? a. CASB b. Transit gateway c. Thin virtual visibility appliance (TVVA) d. SWG
b. Transit gateway
What is a collision? a. Two keys are the same length. b. Two files produce the same digest. c. Two algorithms have the same key. d. Two ciphertexts have the same length.
b. Two files produce the same digest.
Estevan has recommended that the organization hire and deploy two security guards in the control room to limit the effect if one of the guards has been compromised. What is Estevan proposing? a. Multiplayer recognition b. Two-person integrity/control c. Compromise mitigation assessment (CMA) d. Dual observation protocol (DOP)
b. Two-person integrity/control
Hakaku needs a tool with a single management interface that provides capabilities for managing and securing mobile devices, applications, and content. Which tool would be the best solution? a. MDM b. UEM c. MMAM d. MCCM
b. UEM
Which of the following is NOT an advantage to an automated patch update service? a. Downloading patches from a local server instead of using the vendor's online update service can save bandwidth and time because each computer does not have to connect to an external server. b. Users can disable or circumvent updates just as they can if their computer is configured to use the vendor's online update service. c. Administrators can approve or decline updates for client systems, force updates to install by a specific date, and obtain reports on what updates each computer needs. d. Specific types of updates that the organization does not test, such as hotfixes, can be automatically installed whenever they become available.
b. Users can disable or circumvent updates just as they can if their computer is configured to use the vendor's online update service.
Egor wanted to use a digital signature. Which of the following benefits will the digital signature NOT provide? a. Enforce nonrepudiation b. Verify the receiver c. Verify the sender d. Prove the integrity of the message
b. Verify the receiver
Which model uses a sequential design process? a. Agile model b. Waterfall model c. Rigid model d. Secure model
b. Waterfall model
Eros wants to change a configuration file on his Linux computer. He first wants to display the entire file contents. Which tool would he use? a. show b. cat c. head d. display
b. cat
Which of the following is a third-party OS penetration testing tool? a. theHarvester b. sn1per c. Nessus d. scanless
b. sn1per
Juan needs a certificate that must only authenticate that a specific organization has the right to use a particular domain name. What type of certificate does he need? a. Extended validation b. Website validation c. Domain validation d. Root
c. Domain validation
Zariah is writing an email to an employee about a wireless attack that is designed to capture the wireless transmissions from legitimate users. Which type of attack is Zariah describing? a. Bluetooth grabber b. WEP-II c. Evil twin d. Rogue access point
c. Evil twin
What enforces the location in which an app can function by tracking the location of the mobile device? a. Graphical Management Tracking (GMT) b. Location resource management c. GPS tagging d. Geofencing
c. GPS tagging
Which of the following is NOT used to identify or enforce what mobile devices can do based on the location of the device? a. Geo-tagging b. Geofencing c. Geo-spatial d. Geolocation
c. Geo-spatial
Which of these provides cryptographic services and is external to the device? a. encrypted hardware-based USB devices b. self-encrypting hard disk drives (SED) c. Hardware Security Module (HSM) d. Trusted Platform Module (TPM)
c. Hardware Security Module (HSM)
Which of the following contains honeyfiles and fake telemetry? a. Honeyserver b. Attacker-interaction honeypot c. High-interaction honeypot d. Honeypotnet
c. High-interaction honeypot
Which of the following is not something that a SIEM can perform? a. Log aggregation b. User behavior analysis c. Incident response d. Sentiment analysis
c. Incident response
Which of the following is FALSE about "security through obscurity"? a. It is essentially impossible. b. Proprietary cryptographic algorithms are an example. c. It can only provide limited security. d. It attempts to hide the existence from outsiders.
c. It can only provide limited security.
Which of the following is NOT true about VBA? a. It is built into most Microsoft Office applications. b. It is commonly used to create macros. c. It is being phased out and replaced by PowerShell. d. It is included in select non-Microsoft products.
c. It is being phased out and replaced by PowerShell.
What is the advantage of a secure cookie? a. It only exists in RAM and is deleted once the web browser is closed. b. It cannot be stored on the local computer without the user's express permission. c. It is sent to the server over HTTPS. d. It is analyzed by AV before it is transmitted.
c. It is sent to the server over HTTPS.
When researching how an attack recently took place, Nova discovered that the threat actor, after penetrating the system, started looking to move through the network with their elevated position. What is the name of this technique? a. Twirling b. Squaring up c. Lateral movement d. Jumping
c. Lateral movement
Which of the following is NOT an advantage of crowdsourced penetration testing? a. Faster testing b. Ability to rotate teams c. Less expensive d. Conducting multiple tests simultaneously
c. Less expensive
What does Windows 10 Tamper Protection do? a. Compresses and locks the registry b. Creates a secure backup copy of the registry c. Limits access to the registry d. Prevents any updates to the registry until the user approves the update.
c. Limits access to the registry
Which attack intercepts communications between a web browser and the underlying OS? a. Interception b. DIG c. Man-in-the-browser (MITB) d. ARP poisoning
c. Man-in-the-browser (MITB)
Which boot security mode sends information on the boot process to a remote server? a. Trusted Boot b. UEFI Native Mode c. Measured Boot d. Secure Boot
c. Measured Boot
Molly needs to access a setting in Microsoft Windows Group Policy to change the type of a network to which a computer is attached. Which setting must Molly change? a. Network Location b. Wi-Fi/Wired Network Policy c. Network Type d. Network Config
c. Network Type
Which of these does not require authentication? a. Initialization method b. PSK c. Open method d. Enterprise method
c. Open method
Which of these Wi-Fi Protected Setup (WPS) methods is vulnerable? a. Piconet method b. Click-to-connect method c. PIN method d. Push-button method
c. PIN method
Randall's roommate is complaining to him about all of the software that came pre-installed on his new computer. He doesn't want the software because it slows down the computer. What type of software is this? a. Spyware b. Bot c. PUP d. Keylogger
c. PUP
Oliwia has been given a project to manage the development of a new company app. She wants to use a cloud model to facilitate the development and deployment. Which cloud model will she choose? a. XaaS b. SaaS c. PaaS d. IaaS
c. PaaS
Which type of OS is typically found on an embedded system? a. COPE b. OTG c. RTOS d. SoC
c. RTOS
Which of the following is NOT an important OS security configuration? a. Disabling default accounts b. Employing least functionality c. Restricting patch management d. Disabling unnecessary services
c. Restricting patch management
Emiliano needs to determine the expected monetary loss every time a risk occurs. Which formula will he use? a. ARO b. ALE c. SLE d. AV
c. SLE
Zuzana is creating a report for her supervisor about the cost savings associated with cloud computing. Which of the following would she NOT include on her report on the cost savings? a. Resiliency b. Pay-per-use c. Scalability d. Reduction in broadband costs
c. Scalability
Which of the following is not true regarding security? a. Security includes the necessary steps to protect from harm. b. Security is a goal. c. Security is a war that must be won at all costs. d. Security is a process.
c. Security is a war that must be won at all costs.
Which of the following is NOT a feature of a next-generation SWG? a. DLP b. Can be placed on endpoints, at the edge, or in the cloud c. Send alerts to virtual firewalls d. Analyze traffic encrypted by SSL
c. Send alerts to virtual firewalls
Which of the following is an authentication credential used to access multiple accounts or applications? a. Federal login b. Credentialization c. Single sign-on d. Identification authentication
c. Single sign-on
Which of the following is NOT a concern for users regarding the usage of their privacy data? a. Timeliness of data b. Individual inconveniences and identity theft c. Statistical inferences d. Associations with groups
c. Statistical inferences
What is Bash? a. The open source scripting language that contains many vulnerabilities b. A substitute for SSH c. The command-language interpreter for Linux/UNIX OSs d. The underlying platform on which macOS is built
c. The command-language interpreter for Linux/UNIX OSs
Which of the following is NOT a limitation of a threat map? a. Threat actors usually mask their real locations so what is displayed on a threat map is incorrect. b. Because threat maps show anonymized data it is impossible to know the identity of the attackers or the victims. c. They can be difficult to visualize. d. Many maps claim that they show data in real time, but most are simply a playback of previous attacks.
c. They can be difficult to visualize.
Which of the following is NOT correct about high availability across zones? a. They are more highly available, fault tolerant, and scalable than would be possible with a single data center. b. In a cloud computing environment, reliability and resiliency are achieved through duplicating processes across one or more geographical areas. c. They require that specific security appliances be located on-prem so that the local data center can be considered as a qualified Zone. d. An Availability Zone (AZ) is one or more data centers within a Region—each with redundant power, networking, and connectivity.
c. They require that specific security appliances be located on-prem so that the local data center can be considered as a qualified Zone.
What is the amount of time added to or subtracted from Coordinated Universal Time to determine local time? a. Daylight savings time b. Civil time c. Time offset d. Greenwich Mean Time (GMT)
c. Time offset
Which of these is NOT created and managed by a microservices API? a. Authentication b. Logs c. User experience (UX) d. Database
c. User experience (UX)
Why are dictionary attacks successful? a. They link known words together in a "string" for faster processing. b. They use pregenerated rules to speed up the processing. c. Users often create passwords from dictionary words. d. Password crackers using a dictionary attack require less RAM than other types of password crackers.
c. Users often create passwords from dictionary words.
Which type of hacker will probe a system for weaknesses and then privately provide that information back to the organization? a. Black hat hackers b. Gray hat hackers c. White hat hackers d. Red hat hackers
c. White hat hackers
Aoi has been asked to provide research regarding adding a new class of Android smartphones to a list of approved devices. One of the considerations is how frequently the smartphones receive firmware OTA updates. Which of the following reasons would Aoi NOT list in her report as a factor in the frequency of Android firmware OTA updates? a. OEMs are hesitant to distribute Google updates because it limits their ability to differentiate themselves from competitors if all versions of Android start to look the same through updates. b. Because many of the OEMs have modified Android, they are reluctant to distribute updates that could potentially conflict with their changes. c. Wireless carriers are reluctant to provide firmware OTA updates because of the bandwidth the updates consume on their wireless networks. d. Because OEMs want to sell as many devices as possible, they have no financial incentive to update mobile devices that users would then continue to use indefinitely.
c. Wireless carriers are reluctant to provide firmware OTA updates because of the bandwidth the updates consume on their wireless networks.
Which of the following attacks is based on a website accepting user input without sanitizing it? a. RSS b. SQLS c. XSS d. SSXRS
c. XSS
What are public key systems that generate different random public keys for each session? a. Public Key Exchange (PKE) b. Diffie-Hellman (DH) c. perfect forward secrecy d. Elliptic Curve Diffie-Hellman (ECDH)
c. perfect forward secrecy
Which of the following is a packet sampling protocol that gives a statistical sample instead of the actual flow of packets? a. journalctl b. IPFIX c. sFlow d. NetFlow
c. sFlow
Which of these is NOT a factor in determining restoration order? a. Speed of implementation b. Process of fundamental importance c. Dependencies d. Alternative business practices
d. Alternative business practices
Hisoka is creating a summary document for new employees about their options for different mobile devices. One part of his report covers encryption. What would Hisoka NOT include in his document? a. All modern versions of mobile device OS encrypt all user data by default. b. Encryption occurs when the mobile device is locked. c. Data backed up to an Apple or Google server could be unlocked by a court order. d. Apple uses file-based encryption to offer a higher level of security.
d. Apple uses file-based encryption to offer a higher level of security.
Pablo has been asked to look into security keys that have a feature of a key pair that is "burned" into the security key during manufacturing time and is specific to a device model. What feature is this? a. Authentication b. Authorization c. Accountability d. Attestation
d. Attestation
Which of the following is NOT a cloud computing security issue? a. Insecure APIs b. Compliance regulations c. System vulnerabilities d. Bandwidth utilization
d. Bandwidth utilization
Nyla is investigating a security incident in which the smartphone of the CEO was compromised and confidential data was stolen. She suspects that it was an attack that used Bluetooth. Which attack would this be? a. Bluestealing b. Blueswiping c. Bluejacking d. Bluesnarfing
d. Bluesnarfing
Which of the following attacks is based on the principle that when a user is currently authenticated on a website and then loads another webpage, the new page inherits the identity and privileges of the first website? a. DRCR b. SSFR c. DLLS d. CSRF
d. CSRF
Aleksandra, the company HR manager, is completing a requisition form for the IT staff to create a type of cloud that would only be accessible to other HR managers like Aleksandra who are employed at manufacturing plants. The form asks for the type of cloud that is needed. Which type of cloud would best fit Aleksandra's need? a. Public cloud b. Group cloud c. Hybrid cloud d. Community cloud
d. Community cloud
Which of the following is NOT a threat classification category? a. Financial b. Strategic c. Tactical d. Compliance
d. Compliance
Which of the following data types has the highest level of data sensitivity? a. Secure b. Private c. Sensitive d. Confidential
d. Confidential
Which of the following is NOT correct about containers? a. Containers start more quickly. b. Containers include components like binary files and libraries. c. Containers reduce the necessary hard drive storage space to function. d. Containers require a full OS whenever APIs cannot be used.
d. Containers require a full OS whenever APIs cannot be used.
Imani has been asked to purchase wireless LAN controllers (WLCs) for the office. What type of APs must she also purchase that can be managed by a WLC? a. Fat AP b. Standalone AP c. Any type of AP can be managed by a WLC d. Controller AP
d. Controller AP
Marius's team leader has just texted him that an employee, who violated company policy by bringing in a file on her USB flash drive, has just reported that her computer is suddenly locked up with cryptomalware. Why would Marius consider this a dangerous situation? a. It sets a precedent by encouraging other employees to violate company policy. b. The organization may be forced to pay up to $500 for the ransom. c. The employee would have to wait at least an hour before her computer could be restored. d. Cryptomalware can encrypt all files on any network that is connected to the employee's computer.
d. Cryptomalware can encrypt all files on any network that is connected to the employee's computer.
Maja has been asked to investigate DDoS mitigations. Which of the following should Maja consider? a. MAC pit b. IP denier c. DDoS Prevention System (DPS) d. DNS sinkhole
d. DNS sinkhole
Luka has been asked by his supervisor to monitor the dark web for any IOCs concerning their organization. The next week, Luca reports back that he was unable to find anything due to how looking for information on the dark web is different from using the regular web. Which of the following is not different about looking for information on the dark web? a. It is necessary to use Tor or IP2. b. Dark web merchants open and close their sites without warning. c. The naming structure is different on the dark web. d. Dark web search engines are identical to regular search engines
d. Dark web search engines are identical to regular search engines
Which of the following uses data anonymization? a. Tokenization b. Data minimization c. Data obfuscation sanitization (DOS) d. Data masking
d. Data masking
Simona needs to research a control that attempts to discourage security violations before they occur. Which control will she research? a. Preventive control b. Corrective control c. Detective control d. Deterrent control
d. Deterrent control
Which of the following is not to be decrypted but is only used for comparison purposes? a. Key b. Algorithm c. Stream d. Digest
d. Digest
What is the strongest technology that would assure Alice that Bob is the sender of a message? a. Digital signature b. Digest c. Encrypted signature d. Digital certificate
d. Digital certificate
What is the difference between a DoS and a DDoS attack? a. DoS attacks are faster than DDoS attacks. b. DoS attacks do not use DNS servers as DDoS attacks do. c. DoS attacks use more memory than DDoS attacks. d. DoS attacks use fewer computers than DDoS attacks.
d. DoS attacks use fewer computers than DDoS attacks.
Basil was reading about a new attack that forces the system to abandon a higher cryptographic security mode of operation and instead fall back to an older and less secure mode. What type of attack is this? a. Pullback attack b. Obfuscation attack c. Deprecation attack d. Downgrade attack
d. Downgrade attack
Which of the following attacks targets the external software component that is a repository of both code and data? a. Application program interface (API) attack b. OS REG attack c. Device driver manipulation attack d. Dynamic-link library (DLL) injection attack
d. Dynamic-link library (DLL) injection attack
Which device intercepts internal user requests and then processes those requests on behalf of the users? a. Intrusion prevention device b. Reverse proxy server c. Host detection server d. Forward proxy server
d. Forward proxy server
A BIA can be a foundation for which of the following? a. Resumption assessment plan b. Contingency reaction plan c. Site risk assessment d. Functional recovery plan
d. Functional recovery plan
Which human characteristic is NOT used for biometric identification? a. Fingerprint b. Iris c. Retina d. Height
d. Height
Which type of site is essentially a duplicate of the production site and has all the equipment needed for an organization to continue running? a. Replicated site b. Cold site c. Warm site d. Hot site
d. Hot site
Mary Alice has been asked to help develop an outline of procedures to be followed in the event of a major IT incident or an incident that directly impacts IT. What type of planning is this? a. Disaster recovery planning b. Business impact analysis planning c. Risk IT planning d. IT contingency planning
d. IT contingency planning
Which of the following of the CIA Triad ensures that the information is correct, and no unauthorized person has altered it? a. Availability b. Assurance c. Confidentiality d. Integrity
d. Integrity
How is the Security Assertion Markup Language (SAML) used? a. It is no longer used because it has been replaced by LDAP. b. It serves as a backup to a RADIUS server. c. It is an authenticator in IEEE 802.1x. d. It allows secure web domains to exchange user authentication and authorization data
d. It allows secure web domains to exchange user authentication and authorization data
Which of the following is NOT a characteristic of the Trusted Platform Module (TPM)? a. It can generate asymmetric cryptographic public and private keys. b. It includes a pseudorandom number generator (PRNG). c. It provides cryptographic services in hardware instead of software. d. It can easily be transported to another computer.
d. It can easily be transported to another computer.
Which statement about Rule-Based Access Control is true? a. It requires that a custodian set all rules. b. It is no longer considered secure. c. It is considered a real-world approach by linking a user's job function with security. d. It dynamically assigns roles to subjects based on rules.
d. It dynamically assigns roles to subjects based on rules.
Maryam is explaining the Extensible Authentication Protocol (EAP). What would be the best explanation of EAP? a. It is the transport protocol used in TCP/IP for authentication. b. It is a subset of WPA2. c. It is a technology used by IEEE 802.11 for encryption. d. It is a framework for transporting authentication protocols.
d. It is a framework for transporting authentication protocols.
Which of the following is NOT correct about L2TP? a. It is paired with IPSec. b. It does not offer encryption. c. It is used as a VPN protocol. d. It must be used on HTML5 compliant devices.
d. It must be used on HTML5 compliant devices.
Which refers to a situation in which keys are managed by a third party, such as a trusted CA? a. Key authorization b. Remote key administration c. Trusted key authority d. Key escrow
d. Key escrow
Josh is researching the different types of attacks that can be generated through a botnet. Which of the following would NOT be something distributed by a botnet? a. Spam b. Ad fraud c. Malware d. LOLBins
d. LOLBins
Which of the following is not a basic configuration management tool? a. Diagrams b. Baseline configuration c. Standard naming convention d. MAC address schema
d. MAC address schema
Which of these is a vulnerability of MAC address filtering in a WLAN? a. APs use IP addresses instead of MACs. b. The user must enter the MAC. c. Not all operating systems support MACs. d. MAC addresses are initially exchanged unencrypted.
d. MAC addresses are initially exchanged unencrypted.
Bob needs to create an agreement between his company and a third-party organization that demonstrates a "convergence of will" between the parties so that they can work together. Which type of agreement will Bob use? a. ISA b. SLA c. BPA d. MOU
d. MOU
Which of the following is not used to describe those who attack computer systems? a. Attacker b. Hacker c. Threat actor d. Malicious agent
d. Malicious agent
Which of these creates a format of the candidate password to significantly reduce the time needed to crack a password? a. Rainbow b. Overlay c. Pass the hash d. Mask
d. Mask
Which of the following is NOT a characteristic of cloud computing? a. Immediate elasticity b. Universal client support c. Visible resource pooling d. Metered services
d. Metered services
What allows a device to be managed remotely? a. Mobile resource management (MRM) b. Mobile application management (MAM) c. Mobile wrapper management (MWM) d. Mobile device management (MDM)
d. Mobile device management (MDM)
Cryptography can prevent an individual from fraudulently reneging on an action. What is this known as? a. Obfuscation b. Integrity c. Repudiation d. Nonrepudiation
d. Nonrepudiation
Elton needs his application to perform a real-time lookup of a digital certificate's status. Which technology would he use? a. Staple b. Real-Time CA Verification (RTCAV) c. Certificate Revocation List (CRL) d. Online Certificate Status Protocol (OCSP)
d. Online Certificate Status Protocol (OCSP)
Theo uses the Python programming language and does not want his code to contain vulnerabilities. Which of the following best practices would Theo NOT use? a. Use caution when formatting strings. b. Use the latest version of Python. c. Download only vetted libraries. d. Only use compiled and not interpreted Python code.
d. Only use compiled and not interpreted Python code.
Which of these is considered the strongest type of passcode to use on a mobile device? a. Fingerprint swipe b. Draw connecting dots pattern c. PIN d. Password
d. Password
Fernando is explaining to a colleague how a password cracker works. Which of the following is a valid statement about password crackers? a. Due to their advanced capabilities, they require only a small amount of computing power. b. A password cracker attempts to uncover the type of hash algorithm that created the digest because once it is known, the password is broken. c. Most states prohibit password crackers unless they are used to retrieve a lost password. d. Password crackers differ as to how candidates are created.
d. Password crackers differ as to how candidates are created.
Which of the following can a UPS NOT perform? a. Prevent any new users from logging on b. Notify all users that they must finish their work immediately and log off c. Disconnect users and shut down the server d. Prevent certain applications from launching that will consume too much power
d. Prevent certain applications from launching that will consume too much power
Tuva's supervisor wants to share a recent audit outside the organization. Tuva warns him that this type of audit can only be read by those within the organization. What audit does Tuva's supervisor want to distribute? a. SSAE SOC 3 Type IV b. SSAE SOC 2 Type III c. SSAE SOC 3.2 Type X d. SSAE SOC 2 Type II
d. SSAE SOC 2 Type II
After Bella earned her security certification, she was offered a promotion. As she reviewed the job responsibilities, she saw that in this position she will report to the CISO and will be a supervisor over a group of security technicians. Which of these generally recognized security positions has she been offered? a. Security officer b. Security technician c. Security administrator d. Security manager
d. Security manager
Which of these would NOT be considered the result of a logic bomb? a. Erase the hard drives of all the servers 90 days after Alfredo's name is removed from the list of current employees. b. If the company's stock price drops below $50, then credit Oscar's retirement account with one additional year of retirement credit. c. Delete all human resource records regarding Augustine one month after he leaves the company. d. Send an email to Rowan's inbox each Monday morning with the agenda of that week's department meeting.
d. Send an email to Rowan's inbox each Monday morning with the agenda of that week's department meeting.
Which of the following will a BIA NOT help determine? a. Percentage availability of systems b. Identification of critical systems c. Mission-essential functions d. Single point of failure
d. Single point of failure
Which of the following is NOT used for authentication? a. Something you can do b. Somewhere you are c. Something you exhibit d. Something you can find
d. Something you can find
Which of the following hides the existence of information? a. Ciphering b. Decryption c. Encryption d. Steganography
d. Steganography
Which of the following is a tool for editing packets and then putting the packets back onto the network to observe their behavior? a. Packetdump b. Wireshark c. Tcpdump d. Tcpreplay
d. Tcpreplay
Which is the first step in a key exchange? a. The web browser verifies the server certificate. b. The web server sends a message ("ServerHello") to the client. c. The web browser sends a message ("ClientHello") to the server. d. The browser generates a random value ("pre-master secret")
d. The browser generates a random value ("pre-master secret")
Lykke's supervisor is evaluating whether to use internal security employees to conduct a penetration test. Lykke does not consider this a good idea and has created a memo with several reasons they should not be used. Which of the following would NOT be part of that memo? a. Employees may have a reluctance to reveal a vulnerability. b. The employees could have inside knowledge of the network that would give them an advantage. c. There may be a lack of expertise. d. They would have to stay overnight to perform the test.
d. They would have to stay overnight to perform the test.
Which premise is the foundation of threat hunting? a. Attacks are becoming more difficult. b. Cybercrime will only increase. c. Pivoting is more difficult to detect than ever before. d. Threat actors have already infiltrated our network.
d. Threat actors have already infiltrated our network.
Which of the following is NOT a problem associated with log management? a. Large volume of log data b. Different log formats c. Multiple devices generating logs d. Time-stamped log data
d. Time-stamped log data
Which of these is NOT a type of wireless AP probe? a. Dedicated probe b. Wireless device probe c. AP probe d. WNIC probe
d. WNIC probe
Which of these is a list of preapproved applications? a. Blacklist b. Redlist c. Greenlist d. Whitelist
d. Whitelist
Which technical specification of the Wi-Fi Alliance is the same as ad hoc mode in a Wi-Fi network? a. Dynamic ad hoc b. Alliance IBSS c. Ad hoc II d. Wi-Fi Direct
d. Wi-Fi Direct
Complete this definition of information security: That which protects the integrity, confidentiality, and availability of information _____. a. on electronic digital devices and limited analog devices that can connect via the Internet or through a local area network b. through a long-term process that results in ultimate security c. using both open-sourced as well as supplier-sourced hardware and software that interacts appropriately with limited resources d. through products, people, and procedures on the devices that store, manipulate, and transmit the information
d. through products, people, and procedures on the devices that store, manipulate, and transmit the information
Which of the following is NOT an element that should be part of a BCP? a. Diversity b. Scalability c. High availability d. Robustness
a. Diversity
Which of the following is NOT a symmetric cryptographic algorithm? a. SHA b. DES c. 3DES d. Blowfish
a. SHA
Which of these is a set of permissions that is attached to an object? a. Object modifier b. ACL c. SRE d. Entity attribute (EnATT)
b. ACL
Which of the following is technology that imitates human abilities? a. XLS b. AI c. RC d. ML
b. AI
What are the two limitations of private information sharing centers? a. Timing of reports and remote access b. Access to data and participation c. Bandwidth and CPU d. Government approval and cost
b. Access to data and participation
What is another name for footprinting? a. Modeling b. Active reconnaissance c. High-level reconnaissance d. Revealing
b. Active reconnaissance
What type of analysis is heuristic monitoring based on? a. Code analysis b. Dynamic analysis c. Input analysis d. Static analysis
b. Dynamic analysis
In which of the following threat classifications would a power blackout be classified? a. Strategic b. Technical c. Managerial d. Operational
b. Technical
Flavio visits a local coffee shop on his way to school and accesses its free Wi-Fi. When he first connects, a screen appears that requires him to agree to an acceptable use policy (AUP) before continuing. What type of AP has he encountered? a. Rogue portal b. Control portal c. Captive portal d. Authenticated portal
c. Captive portal
Which of the following ensures that only authorized parties can view protected information? a. Integrity b. Availability c. Confidentiality d. Authorization
c. Confidentiality
Enki received a request by a technician for a new subnotebook computer. The technician noted that he wanted USB OTG support and asked Enki's advice regarding its. Which of the following would Enki NOT tell him? a. A device connected via USB OTG can function as a host. b. Connecting a mobile device to an infected computer using USB OTG could allow malware to be sent to that device. c. USB OTG is only available for connecting Android devices to a subnotebook. d. A device connected via USB OTG can function as a peripheral for external media access.
c. USB OTG is only available for connecting Android devices to a subnotebook.
Which of these appliances provides the broadest protection by combining several security functions? a. NAT b. WAF c. UTM d. NGFW
c. UTM
Which is an IPsec protocol that authenticates that packets received were sent from the source? a. CER b. PXP c. DER d. AH
d. AH
Which of the following is NOT part of the AAA framework? a. Authorization b. Accounting c. Authentication d. Access
d. Access
Which cloud model requires the highest level of IT responsibilities? a. SaaS b. PaaS c. Hybrid cloud d. IaaS
d. IaaS
What prevents a mobile device from being used until the user enters the correct passcode? a. Screen timeout b. Swipe identifier (SW-ID) c. Touch swipe d. Screen lock
d. Screen lock
Which of the following groups have the lowest level of technical knowledge? a. State actors b. Insiders c. Hactivists d. Script kiddies
d. Script kiddies
What does the term "serverless" mean in cloud computing? a. The cloud network configuration does not require any servers. b. Servers are run as VMs. c. All appliances are virtual and do not interact with physical servers. d. Server resources of the cloud are inconspicuous to the end user.
d. Server resources of the cloud are inconspicuous to the end user.
How do vendors decide which should be the default settings on a system? a. Those that are the most secure are always the default settings. b. The default settings are always mandated by industry standards. c. There is no reason behind why specific default settings are chosen. d. Those settings that provide the means by which the user can immediately begin to use the product.
d. Those settings that provide the means by which the user can immediately begin to use the product.
Enzo is reviewing the financial statements and has discovered a serious misstatement. What type of risk has he found? a. Financial risk b. Monetary risk c. Reporting risk d. Control risk
a. Financial risk
Deo has been asked to explain RSA to his colleague. After his explanation, Deo is asked what, if any, weaknesses RSA has. How would Deo respond? a. RSA has no known weaknesses. b. As computers become more powerful, the ability to compute factoring has increased. c. The digest produced by the RSA algorithm is too short to be secure. d. RSA weaknesses are based on ECC.
b. As computers become more powerful, the ability to compute factoring has increased.
Which of these is the strongest symmetric cryptographic algorithm? a. RC1 b. Advanced Encryption Standard c. Triple Data Encryption Standard d. Data Encryption Standard
b. Advanced Encryption Standard
Which type of monitoring methodology looks for statistical deviations from a baseline? a. Behavioral monitoring b. Anomaly monitoring c. Heuristic monitoring d. Signature-based monitoring
b. Anomaly monitoring
Agape has been asked to experiment with different hardware to create a controller for a new device on the factory floor. She needs a credit-card-sized motherboard that has a microcontroller instead of a microprocessor. Which would be the best solution? a. Raspberry Pi b. Arduino c. FPGA d. SoC
b. Arduino
Which of the following tries to detect and stop an attack? a. RDE b. HIDS c. HIPS d. SOMA
c. HIPS
What is the file extension for a Cryptographic Message Syntax Standard based on PKCS#7 that defines a generic syntax for defining digital signature and encryption? a. .P12 b. .xdr c. .P7B d. .ce
c. .P7B
What is a virtual firewall? a. A firewall that runs in the cloud b. A firewall that blocks only incoming traffic c. A firewall that runs in an endpoint virtual machine d. A firewall appliance that runs on a LAN
c. A firewall that runs in an endpoint virtual machine
Which type of access control scheme uses predefined rules that makes it the most flexible scheme? a. MAC b. NAC c. ABAC d. DAC
c. ABAC
Akira is explaining to his team members the security constraints that have made it a challenge for protecting a new embedded system. Which of the following would Akira NOT include as a constraint? a. Cost b. Power c. Availability d. Authentication
c. Availability
Which of the following is NOT an MFA using a smartphone? a. SMS text message b. Authentication app c. Biometric gait analysis d. Automated phone call
c. Biometric gait analysis
What penetration testing level name is given to testers who have no knowledge of the network and no special privileges? a. White box b. Purple box c. Black box d. Gray box
c. Black box
Which of these attacks is the last-resort effort in cracking a stolen password digest file? a. Hybrid b. Mask c. Brute force d. Rule list
c. Brute force
Which of the following is the most fragile and should be captured first in a forensics investigation? a. RAM b. Kernel statistics c. CPU cache d. ARP cache
c. CPU cache
Which block cipher mode of operating requires that both the message sender and receiver access a counter that computes a new value whenever a ciphertext block is exchanged? a. CXL b. CN c. CTR d. CD
c. CTR
Which type of malware relies on LOLBins? a. PUP b. File-based virus c. Fileless virus d. Bot
c. Fileless virus
Luna is reading a book about the history of cybercrime. She read that the very first cyberattacks that occurred were mainly for what purpose? a. Financial gain b. Fortune c. Personal security d. Fame
d. Fame