Weaknesses
While performing a vulnerability scan, Christina discovered an administrative interface to a storage system is exposed to the internet. She looks through the firewall logs and attempts to determine whether any access attempts have occurred from external sources. Which of the following IP addresses in the firewall logs would indicate a connection attempt from an external source? (192.168.1.100 or 192.186.1.100)
192.186.1.100
Which of the following access control methods provides the most detailed and explicit type of access control over a resource? ABAC DAC RBAC MAC
ABAC
An internet marketing company decided that they didn't want to follow the rules for GDPR because it would create too much work for them. They wanted to buy insurance, but no insurance company would write them a policy to cover any fines received. They considered how much the fines might be and decided to ignore the regulation and its requirements. Which of the following risk strategies did the company choose? Mitigation Transference Avoidance Acceptance
Acceptance
Dion Training is concerned with the possibility of a data breach causing a financial loss to the company. After performing a risk analysis, the COO decides to purchase data breach insurance to protect the company in an incident. Which of the following best describes the company's risk response?
Acceptance
A cybersecurity analyst is working at a college that wants to increase its network's security by implementing vulnerability scans of centrally managed workstations, student laptops, and faculty laptops. Any proposed solution must scale up and down as new students and faculty use the network. Additionally, the analyst wants to minimize the number of false positives to ensure accuracy in their results. The chosen solution must also be centrally-managed through an enterprise console. Which of the following scanning topologies would be BEST able to meet these requirements? Active Scanning engine Passive scanning engine Combination of server/agent-based scanning engines Combination of cloud/server-based scanning engines
Active scanning engine
What role does the red team perform during a tabletop exercise (TTX)? Adversary Network Defender System Administrator Cybersecurity Analyst
Adversary
What information should be recorded on a chain of custody form during a forensic investigation? The list of former owner/operators of the workstation involved in the investigation The list of individuals who made contact with files leading to the investigation The law enforcement agent who was first on the scene Any individual who worked with evidence during the investigation
Any individual who worked with evidence during the investigation
The Pass Certs Fast corporation has recently been embarrassed by several high profile data breaches. The CIO proposes improving the company's cybersecurity posture by migrating images of all the current servers and infrastructure into a cloud-based environment. What, if any, is the flaw in moving forward with this approach?
Attack Surface Not Changed
ABAC
Attribute-based Access Control
You have been asked to determine if Dion Training's web server is vulnerable to a recently discovered attack on an older version of SSH. Which technique should you use to determine the current version of SSH running on their web server? Vulnerability Scan Banner Grabbing Passive Scan Protocol Analysis
Banner Grabbing
Alexa is an analyst for a large bank that has offices in multiple states. She wants to create an alert to detect when an employee from one bank office logs into a workstation located at an office in another state. What type of detection and analysis is Alexa configuring? Trend Anomaly Heuristic Behavior
Behavior
Which of the following cryptographic algorithms is classified as symmetric? PGP ECC RSA Blowfish
Blowfish
An attacker is searching in Google for Cisco VPN configuration files by using the filetype:pcf modifier. The attacker could locate several of these configuration files and now wants to decode any connectivity passwords that they might contain. What tool should the attacker use? Nessus Cain and Abel Nmap Netcat
Cain and Abel
Using the image provided, select four security features that you should use with a smartphone provided through a COPE policy in your organization? MDM, Location Tracking, Host-Based Firewall, Remote Wipe Remote Wipe, Location Tracking, Host-based Firewall, Cable Lock Cellular Data, Remote Wipe, Location Tracking, MDM Cable Lock, Network Sniffer, Cellular Data, Remote Wipe
Cellular Data, Remote Wipe, Location Tracking, MDM
Which of the following elements is LEAST likely to be included in an organization's data retention policy? Description of Information that needs to be retained Classification of Information Minimum Retention Period Maximum Retention Period
Classification of Information
During your annual cybersecurity awareness training in your company, the instructor states that employees should be careful about what information they post on social media. According to the instructor, if you post too much personal information on social media, such as your name, birthday, hometown, and other personal details, it is much easier for an attacker to conduct which type of attack to break your passwords? Cognitive Password Attack Rainbow Table Attack Birthday Attack Brute Force Attack
Cognitive Password Attack
You work for a bank interested in moving some of its operations to the cloud, but it is worried about security. You recently discovered an organization called CloudBank that was formed by 15 local banks as a way for them to build a secure cloud-based environment that can be accessed by the 15 member banks. Which cloud model BEST describes the cloud created by CloudBank? Private Cloud Hybrid Cloud Community Cloud Public Cloud
Community Cloud
During which incident response phase is the preservation of evidence performed? Detection and Analysis Post-incident activity Preparation Containment, eradication, and recovery
Containment, eradication, and recovery
Which term is used in software development to refer to the method in which app and platform updates are committed to a production environment rapidly? Continuous Deployment Continuous Integration Continuous Delivery Continuous Monitoring
Continuous Deployment
COPE
Corporate Owned Personally Enabled
Your company is required to remain compliant with PCI-DSS due to the type of information processed by your systems. If there was a breach of this data, which type of disclosure would you be required to provide during your incident response efforts? Who should be notified? Local Law Enforcement Federal Law Enforcement Credit Card Processor Visa & Mastercard
Credit Card Processor
Which of the following describes the overall accuracy of a biometric authentication system? Crossover Error Rate False Positive Rate False Rejection Rate False Acceptance Rate
Crossover Error Rate
A financial services company wants to donate some old hard drives from their servers to a local charity. Still, they are concerned about the possibility of residual data being left on the drives. Which of the following secure disposal methods would you recommend the company use? Secure Erase Zero-Fill Overwrite Cryptographic Erase
Cryptographic erase
Which of the following cryptographic algorithms is classified as asymmetric? DSA RC4 AES DES
DSA
Your organization requires the use of TLS or IPSec for all communications with an organization's network. Which of the following is this an example of? Data in Transit DLP Data at Rest Data in Use
Data in Transit
You have recently been hired as a security analyst at Dion Training. On your first day, your supervisor begins to explain the way their network is configured, showing you the physical and logical placement of each firewall, IDS sensor, host-based IPS installations, the networked spam filter, and the DMZ. What best describes how these various devices are placed into the network for the highest level of security? Defense in Depth Network Segmentation Load Balancer UTM
Defense in Depth
Which of the following cryptographic algorithms is classified as asymmetric? Diffie-Hellman AES Blowfish RC4
Diffie-Hellman
Sarah is working at a startup that is focused on making secure banking apps for smartphones. Her company needs to select an asymmetric encryption algorithm to encrypt the data being used by the app. Due to the need for high security of the banking data, the company needs to ensure that whatever encryption they use is considered strong, but also need to minimize the processing power required since it will be running on a mobile device with lower computing power. Which algorithm should Sarah choose to provide the same level of high encryption strength with a lower overall key length? Dieffie-Hellman ECC Twofish RSA
ECC
Which of the following cryptographic algorithms is classified as asymmetric? ECC DES RC4 Twofish
ECC
A company's NetFlow collection system can handle up to 2 Gbps. Due to excessive load, this has begun to approach full utilization at various times of the day. If the security team does not have additional money in their budget to purchase a more capable collector, which of the following options could they use to collect useful data? Enable Full Packet Capture Enable Sampling of the Data Enable Netflow Compression Enable QoS
Enable Sampling of the Data
Which of the following proprietary tools is used to create forensic disk images without making changes to the original evidence?
FTK Imager
A vulnerability scanner has reported that a vulnerability exists in the system. Upon validating the report, the analyst determines that this reported vulnerability does not exist on the system. What is the proper term for this situation? True Negative True Positive False Negative False Positive
False Positive
Several users have contacted the help desk to report that they received an email from a well-known bank stating that their accounts have been compromised and they need to "click here" to reset their banking password. Some of these users are not even customers of this particular bank, though. Which of the following social engineering principles is being utilized as a part of this phishing campaign? Intimidation Consensus Urgency Familiarity
Familiarity
Vulnerability scans must be conducted continuously to meet regulatory compliance requirements for the storage of PHI. During the last vulnerability scan, a cybersecurity analyst received a report of 2,592 possible vulnerabilities and was asked by the Chief Information Security Officer (CISO) for a plan to remediate all the known issues. Which of the following should the analyst do next? Attempt to identify all the false positives and exceptions, then resolve any remaining items Place any assets that contain PHI in a sandbox environment and then remediate all vulnerabilities Filter the scan results to include only those items listed as critical in the asset inventory and remediate those vulnerabilities first Wait to perform any additional scanning until the current list of vulnerabilities have been remediated fully
Filter the scan results to include only those items listed as critical in the asset inventory and remediate those vulnerabilities first
Which of the following methods should a cybersecurity analyst use to locate any instances on the network where passwords are being sent in cleartext? NetFlow Capture Full Packet Capture Software Design Documentation Review SIEM Event Log Monitoring
Full Packet Capture
A software assurance laboratory performs a dynamic assessment on an application by automatically generating random data sets and inputting them in an attempt to cause an error or failure condition. Which of the following is the laboratory performing? Fuzzing Stress Testing Security Regression Testing User Acceptance Testing
Fuzzing
You have been hired as a cybersecurity analyst for a privately-owned bank. Which of the following regulations would have the greatest impact on your bank's cybersecurity program? HIPAA GLBA FERPA SOX
GLBA
When conducting forensic analysis of a hard drive, what tool would BEST prevent changing the hard drive contents during your analysis? Forensic Drive Duplicator Software Write Blocker Hardware Write Blocker Degausser
Hardware Write Blocker
Chris just downloaded a new third-party email client for his smartphone. When Chris attempts to log in to his email with his username and password, the email client generates an error messaging stating that "Invalid credentials" were entered. Chris assumes he must have forgotten his password, so he resets his email username and password and then reenters them into the email client. Again, Chris receives an "Invalid credentials" error. What is MOST likely causing the "Invalid credentials" error regarding Chris's email client? His email account is locked out His smartphone has full device encryption enabled His email account requires multifactor authentication
His email account requires multifactor authentication
You have just received some unusual alerts on your SIEM dashboard and want to collect the payload associated with it. Which of the following should you implement to effectively collect these malicious payloads that the attackers are sending towards your systems without impacting your organization's normal business operations? Honeypot Sandbox Jumpbox Containerization
Honeypot
Which of the following biometric authentication factors relies on matching patterns on the eye's surface using near-infrared imaging? Facial Recognition Pupil Dilation Iris Scan Retinal Scan
Iris Scan
Which of the following technologies is NOT a shared authentication protocol? OAuth LDAP Facebook Connect OpenID Connect
LDAP
Which of the following items represents a document that includes detailed information on when an incident was detected, how impactful the incident was, how it was remediated, the effectiveness of the incident response, and any identified gaps that might require improvement? Lessons Learned Report Chain of Custody Report Trends Analysis Report Forensic Analysis Report
Lessons Learned Report
Which analysis framework makes no allowance for an adversary retreat in its analysis? AlienVault Cyber Kill Chain Lockheed Martin Cyber Kill Chain MITRE ATT&CK Framework Diamond Model of Intrusion Analysis
Lockheed Martin Cyber Kill Chain
Which of the following types of access control provides the strongest level of protection? MAC RBAC DAC ABAC
MAC
What type of wireless security measure can easily be defeated by a hacker by spoofing the hardware address of their network interface card? Disable SSID Broadcast WPS WEP MAC Filtering
MAC Filtering
Which of the following hashing algorithms results in a 128-bit fixed output? MD-5 SHA-2 SHA-1 RIPEMD
MD-5
What kind of attack is an example of IP spoofing? SQL Injections Cross-Site Scripting Man-in-The-Middle ARP Poisoning
Man-in-the-Middle
Nicole's organization does not have the budget or staff to conduct 24/7 security monitoring of their network. To supplement her team, she contracts with a managed SOC service. Which of the following services or providers would be best suited for this role? PaaS IaaS SaaS MSSP
Managed Security Service Provider (MSSP)
M-AC
Mandatory Access Control
You have been asked to write a new security policy to reduce the risk of employees working together to steal information from the Dion Training corporate network. Which of the following policies should you create to counter this threat? Mandatory Vacation Policy Acceptable Use Policy Least Privilege Policy Privacy Policy
Mandatory Vacation Policy
MDM
Master Data Management
Which operating system feature is designed to detect malware that is loaded early in the system startup process or before the operating system can load itself? MBR Analytics Advanced Anti-Malware Measured Boot Startup Control
Measured Boot
Dion Training allows its visiting business partners from CompTIA to use an available Ethernet port in their conference room to establish a VPN connection back to the CompTIA internal network. The CompTIA employees should obtain internet access from the Ethernet port in the conference room, but nowhere else in the building. Additionally, if a Dion Training employee uses the same Ethernet port in the conference room, they should access Dion Training's secure internal network. Which of the following technologies would allow you to configure this port and support both requirements? MAC Filtering Configure a SIEM Implement NAC Create an ACL to allow access
Network Access Control (NAC)
Which of the following cryptographic algorithms is classified as asymmetric? PGP 3DES AES RC4
PGP
A cybersecurity analyst is working for a university that is conducting a big data medical research project. The analyst is concerned about the possibility of an inadvertent release of PHI data. Which of the following strategies should be used to prevent this?
PHI Data Tokenization
Which type of monitoring would utilize a network tap? Router-Based Active SNMP Passive
Passive
PCI-DSS
Payment Card Industry Data Security Standard
You are working as a security administrator and need to respond to an ongoing spearphishing campaign against your organization. Which of the following should be used as a checklist of actions to perform to detect and respond to this particular incident? DRP Playbook Incident Response Plan Runbook
Playbook
What type of malware changes its binary pattern in its code on specific dates or times to avoid detection by antimalware software? Ransomware Logic Bomb Polymorphic Virus Trojan
Polymorphic Virus
Your company has decided to move all of its data into the cloud. Your company is small and has decided to purchase some on-demand cloud storage resources from a commercial provider (such as Google Drive) as its primary cloud storage solution. Which of the following types of clouds is your company using? Public Hybrid Community Private
Private Cloud
You are in the recovery steps of an incident response. Throughout the incident, your team never successfully determined the root cause of the network compromise. Which of the following options would you LEAST likely perform as part of your recovery and remediation actions? Review and Enhance Patch Management Policies Proactively Sanitize and reimage all of your routers and switches Restrict host access to peripheral protocols like USB or Bluetooth Disable Unused user accounts
Proactively Sanitize
Which of the following types of data breaches would require that the US Department of Health and Human Services and the media be notified if more than 500 individuals are affected by a data breach? Protected Health Information Personally Identifiable Information Trade Secret Information Credit Card Information
Protected Health Information
Which type of method is used to collect information during the passive reconnaissance? Social Engineering Man In the Middle Attacks Network Traffic Sniffing Publicly Accessible Sources
Publicly Accessible Sources
Which of the following cryptographic algorithms is classified as stream cipher? AES Blowfish DES RC4
RC4
Period of time following a disaster that an IT system may remain offline?
Recovery Time Objective (RTO)
Which party in a federation provides services to members of the federation? SSO SAML RP IdP
Relying Parties
Which of the following type of threats did the Stuxnet attack rely on to cross an airgap between a business and an industrial control system network? (Directory Traversal, Removable Media, Cross-site scripting, Session Hijacking)
Removable Media
The management at Steven's work is concerned about rogue devices being attached to the network. Which of the following solutions would quickly provide the most accurate information that Steve could use to identify rogue devices on a wired network? A physical survey Router and switch-based MAC address reporting A discovery scan using a port scanner Reviewing a central admin tool like SCCM
Router and switch-based MAC address reporting
Which of the following hashing algorithms results in a 160-bit fixed output? SHA-1 NTLM SHA-2 MD-5
SHA-1
Dion Training has just suffered a website defacement of its public-facing webserver. The CEO believes the company's biggest competitor may have done this act of vandalism. The decision has been made to contact law enforcement so that evidence can be collected properly for use in a potential court case. Laura is a digital forensics investigator assigned to collect the evidence. She creates a bit-by-bit disk image of the web server's hard drive as part of her evidence collection. What technology should Laura use after creating the disk image to verify the copy's data integrity matches that of the original web server's hard disk? AES RSA SHA-256 3DES
SHA-256
During her login session, Sally is asked by the system for a code sent to her via text (SMS) message. Which of the following concerns should she raise to her organization's AAA services manager? SMS should be paired with a third factor SMS should be encrypted to be secure SMS messages may be accessible to attackers via VoIP or other systems SMS is a costly method of providing a second factor of authentication
SMS messages may be accessible to attackers via VoIP or other systems
Which security tool is used to facilitate incident response, threat hunting, and security configuration by orchestrating automated runbooks and delivering data enrichment? DLP SOAR SIEM MDM
SOAR
Which of the following categories would contain information about a French citizen's race or ethnic origin? PII DLP SPI PHI
SPI
A security analyst is conducting a log review of the company's web server and found two suspicious entries: -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- [12Nov2020 10:07:23] "GET /logon.php?user=test'+oR+7>1%20—HTTP/1.1" 200 5825 [12Nov2020 10:10:03] "GET /logon.php?user=admin';%20—HTT{/1.1" 200 5845 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- The analyst contacts the web developer and asks for a copy of the source code to the logon.php script. The script is as follows: -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= php include('../../config/db_connect.php'); $user = $_GET['user']; $pass = $_GET['pass']; $sql = "SELECT * FROM USERS WHERE username = '$user' AND password = '$pass'"; $result = MySQL_query($sql) or die ("couldn't execute query"); if (MySQL_num_rows($result) !=0 ) echo 'Authentication granted!'; else echo 'Authentication failed!'; ?> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Based on source code analysis, which type of vulnerability is this web server vulnerable to? LDAP Injection SQL Injection Directory Traversal Command Injection
SQL Injection
SIEM
Security Information and Event Management
SOAR
Security Orchestration, Automation, and Response
Which of the following does a User Agent request a resource from when conducting a SAML transaction? Identity provider (IdP) Service Provider (SP) Single Sign-on (SSO) Relying Party (RP)
Service Provider
A web developer wants to protect their new web application from a man-in-the-middle attack. Which of the following controls would best prevent an attacker from stealing tokens stored in cookies? Forcing the use of TLS for the web application Setting the secure attribute on the cookie Hashing the cookie value Forcing the use of SSL for the web application
Setting the secure attribute on the cookie
You are performing a web application security test, notice that the site is dynamic, and must be using a back-end database. You decide you want to determine if the site is susceptible to a SQL injection. What is the first character that you should attempt to use?
Single quote
You are working for a government contractor who requires all users to use a PIV device when sending digitally signed and encrypted emails. Which of the following physical security measures is being implemented? Biometric Reader Smart Card Key Fob Cable Lock
Smart Card
Which of the following is the most important feature to consider when designing a system on a chip? Ability to Interface with industrial control systems Space and power savings Type of real-time operating system in use Ability to be reconfigured after manufacturing
Space and Power Savings
Aymen is creating a procedure for the remediation of vulnerabilities discovered within his organization. He wants to ensure that any vendor patches are tested before deploying them into the production environment. What type of environment should his organization establish? Staging Development HoneyPot HoneyNet
Staging
Which of the following authentication protocols was developed by Cisco to provide authentication, authorization, and accounting services? TACACS+ CHAP RADIUS Kerberos
TACACS+
Which of the following types of remote access technologies should NOT be used in a network due to its lack of security? RDP VPN SSH Telnet
Telnet
You have just finished running an nmap scan on a server are see the following output: -=-=-=-=-=-=--=-=-=-=-=-=--=-=-=-=-=-=--=-=-=-=-=-=- # nmap diontraining.com Starting Nmap ( http://nmap.org ) Nmap scan report for diontraining.com (64.13.134.52) Not shown: 996 filtered ports PORT STATE 22/tcp open 23/tcp open 53/tcp open 443/tcp open Nmap done: 1 IP address (1 host up) scanned in 2.56 seconds -=-=-=-=-=-=--=-=-=-=-=-=--=-=-=-=-=-=--=-=-=-=-=-=- Based on the output above, which of the following ports listed as open represents the most significant security vulnerability to your network? 23 22 443 53
Telnet
Which law requires government agencies and other organizations that operate systems on behalf of government agencies to comply with security standards? SOX COPPA HIPPA FISMA
The Federal Information Security Management Act (FISMA)
An attacker has compromised a virtualized server. You are conducting forensic analysis as part of the recovery effort but found that the attacker deleted a virtual machine image as part of their malicious activity. Which of the following challenges do you now have to overcome as part of the recovery and remediation efforts? All log files are stored within the VM disk image, therefore, they are lost File Formats used by some hypervisors cannot be analyzed with traditional forensic tools You will need to roll back to an early snapshot and then marge any checkpoints to the main image The attack widely fragmented the image across the host file system
The attack widely fragmented the image across the host file system
You were conducting a forensic analysis of an iPad backup and discovered that only some of the information is within the backup file. Why would that be? The Backup is encrypted The backup is a differential backup The backup is stored in iCloud The backup was interrupted
The backup is a differential backup.
You are creating a script to filter some logs so that you can detect any suspected malware beaconing. Which of the following is NOT a typical means of identifying a malware beacons behavior on the network? The removal of Known Traffic The beaconing Interval The beacon's persistence The beacon's protocol
The beacon's protocol
Which of the following methods is used to replace all or part of a data field with a randomly generated number used to reference the original value stored in another vault or database? Tokenization Anonymization Data Masking Data Minimzation
Tokenization
As a cybersecurity analyst conducting vulnerability scans, you have just completed your first scan of an enterprise network comprising over 10,000 workstations. As you examine your findings, you note that you have less than 1 critical finding per 100 workstations. Which of the following statement does BEST explain these results? An uncredentialled scan of the network was performed The network has an exceptionally strong security posture The scanner was not compatible with the devices on your network The scanner failed to connect with the majority of workstations
Uncredentialed
You are working as a network administrator for Dion Training. The company has decided to allow employees to connect their devices to the corporate wireless network under a new BYOD policy. You have been asked to separate the corporate network into an administrative network (for corporate-owned devices) and an untrusted network (for employee-owned devices). Which of the following technologies should you implement to achieve this goal? VPN WPA2 VLAN MAC Filtering
VLAN
You are conducting threat hunting on your organization's network. Every workstation on the network uses the same configuration baseline and contains a 500 GB HDD, 4 GB of RAM, and the Windows 10 Enterprise operating system. You know from previous experience that most of the workstations only use 40 GB of space on the hard drives since most users save their files on the file server instead of the local workstation. You discovered one workstation that has over 250 GB of data stored on it. Which of the following is a likely hypothesis of what is happening, and how would you verify it? The host might use as a staging area for data exfiltration - you should conduct volume-based trend analysis on the host storage device The host might be used a command and control node for a botnet - you should immediately disconnect the host from the network The host might be offline and conducted backups locally - you should contact a sysadmin to have it analyzed The host might be the victim of a remote access trojan - you should reimage the machine immediately
Volume-based Trend analysis
A new security appliance was installed on a network as part of a managed service deployment. The vendor controls the appliance, and the IT team cannot log in or configure it. The IT team is concerned about the appliance receiving the necessary updates. Which of the following mitigations should be performed to minimize the concern for the appliance and updates? Vulnerability Scanning Scan and Patch the Device Configuration Management Automatic Updates
Vulnerability Scanning
The act of looking around a building to locate wireless networks and devices
War Walking
You are trying to find a rogue device on your wired network. Which of the following options would NOT help find the device? Port Scanning War Walking Site Surveys MAC Validation
War Walking
What should be done NEXT if the final set of security controls does not eliminate all of the risks in a given system? You should accept the risk if the residual risk is low enough You should remove the current controls since they are not completely effective You should ignore any remaining Risk You should continue to apply additional controls until there is zero risk
You should accept the risk if the residual risk is low enough
