TestOut Sec+ Ch. 2
Which of the following tools would you use to validate the bandwidth on your network and identify when the bandwidth significantly below what it should be?
Throughput tester
Match the general attack strategy on the left with the appropriate description on the right. 1. Stealing information 2. Preparing a computer to perform additional tasks in the attack: 3. Crashing Systems 4. Gathering system hardware information: 5. Penetrating system defenses to gain unauthorized access: 6. Configuring additional rights to do more than breach the system:
1. Exploitation 2. Staging 3. Exploitation 4. Reconnaissance 5. Breaching 6. Escalating Privileges
Drag the security layer on the left to the appropriate description on the right. (Security layers may be used once, more than once, or not at all) 1. Includes OS hardening, patch management, malware, and password attacks. 2. Includes how to manage employee onboarding and off-boarding. 3. Includes cryptography and secure transmissions. 4. Includes user education and manageable network plans. 5. Includes firewalls using ACLs and securing the wireless network.
1. Host 2. Policies, Procedures, and Awareness 3. Data 4. Policies, Procedures, and Awareness 5. Perimeter
Drag the security layer on the left to the appropriate description on the right. (Security layers may be used once, more than once, or not at all) 1. Includes fences, door locks, mantraps, turnstiles, device locks, and server cages. 2. Includes each individual workstation, laptop, and mobile device. 3. Includes authentication and authorization, user management, and group policies. 4. Includes cameras, motion detectors, and even environmental controls. 5. Includes implementation of VLANs, penetration testing, and the utilization of virtualization.
1. Physical 2. Host 3. Application 4. Physical 5. Network
Match the general defense methodology on the left with the appropriate description on the right. 1. The constant change in personal habits and passwords to prevent anticipated events and exploitation: 2. Diversifying layers of defense: 3. Giving users only the access they need to do their job and nothing more: 4. Implementing multiple security measures to protect the same asset: 5. Eliminating Single points of failure: 6. Giving groups only the access they need to do their job and nothing more.
1. Randomness 2. Variety 3. Principle of least privilege 4. Layering 5. Layering 6. Principle of least privilege
Which of the following reduce the risk of a threat agent being able to exploit a vulnerability 1) Secure data transmissions 2) Manageable network plans 3) Countermeasures 4) Implementation of VLANs
3) Countermeasures
Which of the following is the single greatest threat to network security? 1) Weak Passwords 2) Insecure physical access to network resources 3) Email phishing 4) Employees
4) Employees
Which of the following is a security approach that combines multiple security controls and defenses and is sometime called defense in depth? 1) Perimeter Security 2) Countermeasure security 3) Cumulative Security 4) Layered Security 5) Network Security
4) Layered Security
Which of the following accurately describes what a protocol analyzer is used for? (Select two.)
A device that does not allow you to capture, modify, and retransmit frames (to perform an attack). A passive device that is used to copy frames and allow you to view frame contents.
Which of the following is the best definition of the term hacker?
A general term used to describe any individual who uses their technical knowledge to gain unauthorized access to an organization.
Need to know access is required which types of resources?
Compartmentalized resources
You have discovered a computer that is connected to your network and was used for an attack. You have disconnected the computer from the network to isolate it and stop the attack. What should you do next?
Perform a memory dump
Which type of media preparation is sufficient for media that will be reused in a different security contexts within your organization?
Sanitization
Which security principle prevents any one administrator from having sufficient access to compromise the security of the overall IT solution?
Separation of duties
You want to make sure that any reimbursement checks issued by your company cannot be issued by a single person. Which security principle should you implement to accomplish this goal?
Separation of duties
Which is the cryptography mechanism that hides secret communications within various forms of data?
Steganography
After an intrusion has occurred and the intruder has been removed from the system, which of the following is the best next step or action to take?
Back up all logs and audits regarding the incident
Which of the following is an important aspect of evidence gathering?
Backing up all log files and audit trails
When duplicating a drive for forensic investigation purposes, which of the following copying methods is most appropriate?
Bit-level cloning
You have been asked to draft a document related to evidence-gathering that contains details about personnel in possession and control of evidence from the time of discovery up through the time of presentation in court. What type of document is this?
Chain of custody
What is the most important element related to evidence in addition to the evidence itself?
Chain of custody document.
Which of the following threat actors seeks to defame, shed light on, or cripple an organization or government?
Hacktivist
Which method can you use to verify that a bit-level image copy of a hard drive is an exact clone of the original hard drive collected as evidence?
Hashing
An access control list (ACL) contains a list of users and allowed permissions. What is it called if the ACL automatically prevents access to anyone who is not on the list?
Implicit Deny
You want to implement an access control list where only the users you specifically authorize have access to the resource. Anyone not on the list should be prevented from having access. Which of the following methods of access control will the access list use?
Explicit allow, implicit deny
You are running a packet sniffer on your workstation so you can identify the types of traffic on your network. You expect to see all the traffic on the network, but the packet sniffer only seems to be capturing frames that are addressed to the network interface on your workstation. Which of the following must you configure in order to see all of the network traffic?
Configure the network interface to use promiscuous mode
Which of the following reduce the risk of a threat agent being able to exploit a vulnerabilitiy?
Countermeasures
How can a criminal investigator ensure the integrity of a removable media device found while collecting evidence?
Create a checksum using a hashing algorithm
Which of the following is an example of privilege escalation?
Creeping privileges
What is the cryptography method of recovering original data that has been encrypted without having access to the key used in the encryption process.
Cryptanalysis
The IT manager in your organization proposes taking steps to protect against a potential threat actor. The proposal includes the following: * Create and follow onboarding and off-boarding procedures * Employ the principal of least privilege * Have appropriate physical security controls in place Which type of threat actor do these steps guard against?
Insider.
You are concerned that the accountant in your organization might have the chance to modify financial information and steal from the company. You want to periodically have another person take over all accounting responsibilities to catch any irregularities. Which security principle are you implementing by periodically shifting accounting responsibilities?
Job Rotation
A script kiddie is a threat actor who lacks knowledge and sophistication. Script kiddie attacks often seek to exploit well-known vulnerabilities in systems. What is the best defense against script kiddie attacks?
Keep systems up-to-date and use standard security practices.
Which of the following is a security approach that combines multiple security controls and defenses and is sometime called defense in depth?
Layered Security
The chain of custody is used for which purposes?
Listing people coming into contact with evidence
Which of the following algorithms combines a random value with plain text to produce cipher text?
One-time pad
Which type of cipher changes the position of the characters in a plain text message?
Transposition
When a cryptographic system is used to protect the data confidentiality, what actually takes place?
Unauthorized users are prevented from viewing or accessing the resource
What is the best definition of a security incident?
Violation of a security policy
During a recent site survey, you found a rogue wireless access point on your network. Which of the following actions should you take first to protect your network while still preserving evidence?
Disconnect the access point from the network.
You are considering a forensic investigation. The attack has been stopped. Which of the following actions should you perform first?
Document what's on the screen
Which of the following is the single greatest threat to network security?
Employees
Which of the following is not a valid example of steganography?
Encrypting a data file with an encryption key
Which of the following tools would you use to simulate a large number of client connections to a website, test file downloads for an FTP site, or simulate large volumes of email?
Load Tester
You manage the network for your company. You have recently discovered information on a computer hard drive that might indicate evidence of illegal activity. You want to perform forensic activities on the disk to see what kind of information it contains. What should you do first?
Make a bit-level copy of the disk.
Which of the following principles is implemented in a mandatory access control model to determine object access by classification level?
Need to know
What is the primary purpose of separation of duties?
Prevent conflict of interest
Separation of duties is an example of which type of access control?
Preventive
You assign access permissions so that users can only access the resources required to accomplish their specific work tasks. Which security principle are you complying with?
Principle of least privilege
You want to examine the data on your network to find out if any of the following are happening: * Users are connecting to unauthorized websites * Cleartext passwords are allowed by protocols or services * Unencrypted traffic that contains sensitive data is on the network Which of the following tools would you use?
Protocol Analyzer