1

Question 1

Scott notices that one of the systems on his network contacted a number of systems via encrypted web traffic, downloaded a handful of files, and then uploaded a large amount of data to a remote system. What type of infection should he look for?

A keylogger

A backdoor

A logic bomb

A bot

Answer 1

A bot

Question 2

Angela has chosen to federate with other organizations to allow use of services that each organization provides. What role does Angela’s organization play when they authenticate their users and assert that those users are valid to other members of the federation?

Authentication provider

Relying party

Identity provider

Service provider

Answer 2

Identity provider

Question 3

Samantha wants to set an account policy that ensures that devices can be used only while the user is in the organization’s main facility. What type of account policy should she set?

Geofencing

Impossible travel time

Time of day

Time-based logins

Answer 3

Geofencing

Question 4

Brian has deployed a system that monitors sensors and uses that data to manage the power distribution for the power company that he works for. Which of the following terms is commonly used to describe this type of control and monitoring solution?

HVAC

SCADA

SIM

AVAD

Answer 4

SCADA

Question 5

Every time Susan checks code into her organization’s code repository, it is tested and validated, and then if accepted, it is immediately put into production. What is the term for this?

Continuous delivery

Continuous integration

Agile development

A security nightmare

Answer 5

Continuous delivery

Question 6

Connor believes that there is an issue between his organization’s network and a remote web server, and he wants to verify this by checking each hop along the route. Which tool should he use if he is testing from a Windows 10 system?

pathping

route

tracert

traceroute

Answer 6

pathping

Question 7

Howard is assessing the legal risks to his organization based upon its handling of PII. The organization is based in the United States, handles the data of customers located in Europe, and stores information in Japanese datacenters. What law would be most important to Howard during his assessment?

Japanese law

U.S. law

All should have equal weight

European Union law

Answer 7

All should have equal weight

Question 8

Naomi has discovered the following TCP ports open on a system she wants to harden. Which ports are used for unsecure services and thus should be disabled to allow their secure equivalents to continue to be used?

21
22
23
80
443

22 and 443

21 and 80

21, 23, and 80

21, 22, and 80

Answer 8

21, 23, and 80

Question 9

Mike wants to stop vehicles from traveling toward the entrance of his building. What physical security control should he implement?

A hot aisle

An air gap

A robotic sentry

A bollard

Answer 9

A bollard

Question 10

Joe checks his web server logs and sees that someone sent the following query string to an application running on the server:

http://www.mycompany.com/servicestatus.php?serviceID=892&serviceID=892’ ;
DROP TABLE Services;–

What type of attack was most likely attempted?

Cross-site scripting

Session hijacking

Man-in-the-middle

Parameter pollution

Answer 10

Parameter pollution

Question 11

Charles has implemented LDAP for his organization. What type of service has he enabled?

A federation

An attestation service

A directory service

A biometric identity provider

Answer 11

A directory service

Question 12

Rick believes that a system he is responsible for has been compromised with malware that uses a rootkit to obtain and retain access to the system. When he runs a virus scan, the system doesn’t show any malware. If he has other data that indicates the system is infected, what should his next step be if he wants to determine what malware may be on the system?

The system is not infected and he should move on.

Mount the drive on another system and scan it that way.

Disable the systems antivirus because it may be causing a false negative.

Rerun the antimalware scan.

Answer 12

Mount the drive on another system and scan it that way.

Question 13

Michael wants to log directly to a database while also using TCP and TLS to protect his log information and to ensure it is received. What tool should he use?

journalctl

syslog

rsyslog

syslog-ng

Answer 13

syslog-ng

Question 14

Nina’s organization uses SSH keys to provide secure access between systems. Which of the following is not a common security concern when using SSH keys?

Weak encryption

Inadvertent exposure of the private key

SSH key sprawl

Weak passwords/passphrases

Answer 14

Weak encryption

Question 15

Greg believes that an attacker may have installed malicious firmware in a network device before it was provided to his organization by the supplier. What type of threat vector best describes this attack?

Cloud

Removable media

Supply chain

Direct access

Answer 15

Supply chain

Question 16

As part of their yearly incident response preparations, Ben’s organization goes through a sample incident step by step to validate what each person will do in the incident. What type of exercise is this?

A simulation

A checklist exercise

A tabletop exercise

A walk-through

Answer 16

A walk-through

Question 17

Sharif receives a bill for services that he does not believe his company requested or had performed. What type of social engineering technique is this?

Reconnaissance

An invoice scam

Credential harvesting

A hoax

Answer 17

An invoice scam

Question 18

Bart knows that there are two common connection methods between Wi-Fi devices. Which of the following best describes ad hoc mode?

RFID

Point-to-point

NFC

Point-to-multipoint

Answer 18

Point-to-point

Question 19

Helen designed a new payroll system that she offers to her customers. She hosts the payroll system in AWS and her customers access it through the web. What tier of cloud computing best describes Helen’s service?

PaaS

FaaS

SaaS

IaaS

Answer 19

SaaS

Question 20

Crypto malware is a type of what sort of malware?

Rootkit

Worms

PUP

Ransomware

Answer 20

Ransomware

Question 21

Kathleen wants to discourage potential attackers from entering the facility she is responsible for. Which of the following is not a common control used for this type of preventive defense?

Robotic sentries

Signs

Lighting

Fences

Answer 21

Robotic sentries

Question 22

Grace recently completed a risk assessment of her organization’s exposure to data breaches and determined that there is a high level of risk related to the loss of sensitive personal information. She is considering a variety of approaches to managing this risk.

In the end, Grace found that the insurance policy was too expensive and opted not to purchase it. She is taking no additional action. What risk management strategy is being used in this situation?

Risk avoidance

Risk mitigation

Risk transference

Risk acceptance

Answer 22

Risk acceptance

Question 23

Fred wants to ensure that the administrative interfaces for the switches and routers are protected so that they cannot be accessed by attackers. Which of the following solutions should he recommend as part of his organization’s network design?

NAC

Out-of-band management

Port security

Trunking

Answer 23

Out-of-band management

Question 24

Jerome wants to allow guests to use his organization’s wireless network, but he does not want to provide a preshared key. What solution can he deploy to gather information such as email addresses or other contact information before allowing users to access his open network?

A captive portal

WPA2

WPS capture mode

Kerberos

Answer 24

A captive portal

Question 25

Brian is selecting a CASB for his organization and he would like to use an approach that interacts with the cloud provider directly. Which CASB approach is most appropriate for his needs?

Comprehensive CASB

Inline CASB

API-based CASB

Outsider CASB

Answer 25

API-based CASB

Question 26

Joe’s adventures in web server log analysis are not yet complete. As he continues to review the logs, he finds the request

http://www.mycompany.com/../../../etc/passwd

What type of attack was most likely attempted?

Directory traversal

SQL injection

Session hijacking

File upload

Answer 26

Directory traversal

Question 27

James notices that a macro virus has been detected on a workstation in his organization. What was the most likely path for the infection?

A drive-by download via a web browser

A user intentionally enabled macros for an infected file

A remote access Trojan was used to install the macro virus

A worm spread the macro virus

Answer 27

A user intentionally enabled macros for an infected file

Question 28

Colin would like to implement a security control in his accounting department that is specifically designed to detect cases of fraud that are able to occur despite the presence of other security controls. Which one of the following controls is best suited to meet Colin’s need?

Separation of duties

Least privilege

Dual control

Mandatory vacations

Answer 28

Mandatory vacations

Question 29

If David wishes to digitally sign the message that he is sending Mike, what key would he use to create the digital signature?

David’s public key

Mike’s public key

Mike’s private key

David’s private key

Answer 29

David’s private key

Question 30

Cynthia wants to clone a virtual machine. What should she do to capture a live machine, including the machine state?

A snapshot

A LiveCD

A full backup

A differential backup

Answer 30

A snapshot

Question 31

Naomi wants to deploy a tool that can allow her to scale horizontally while also allowing her to patch systems without interfering with traffic to her web servers. What type of technology should she deploy?

NIC teaming

A load balancer

Geographic diversity

A multipath network

Answer 31

A load balancer

Question 32

Asa believes that her organization is taking data collected from customers for technical support and using it for marketing without their permission. What principle is most likely being violated?

Selected Answer:
Incorrect [None Given]
Answers:
Data minimization

Data sovereignty

Purpose limitation

Data retention

Answer 32

Purpose limitation

Question 33

Frank’s organization is preparing to deploy a data loss prevention (DLP) system. What key process should they undertake before they deploy it?

Implement and use a data classification scheme.

Encrypt all sensitive data.

Define data lifecycles for all nonsensitive data.

Tag all data with the name of the creator or owner.

Answer 33

Implement and use a data classification scheme.

Question 34

Helen’s organization maintains medical records on behalf of its customers, who are individual physicians. What term best describes the role of Helen’s organization?

Data steward

Data owner

Data processor

Data controller

Answer 34

Data processor

Question 35

Cynthia wants to make an exact copy of a drive using a Linux command-line tool. What command should she use?

Selected Answer:
Incorrect [None Given]
Answers:
ln

cp

df

dd

Answer 35

dd

Question 36

Laura wants to deploy a WPA2 secured wireless for her small business, but she doesn’t have a RADIUS server set up. If she wants her Wi-Fi to be encrypted, what is her best option for wireless authentication?

Open Wi-Fi with a captive portal

PSK

EAP

EAP-TLS

Answer 36

PSK

Question 37

Nancy is concerned that there is a software keylogger on the system she is investigating. What data may have been stolen?

All keyboard input

All files the user accessed while the keylogger was active

Keyboard and other input from the user

All files on the system

Answer 37

Keyboard and other input from the user

Question 38

Susan has discovered that an incident took place on her network almost six months ago. As she prepares to identify useful data for the incident, which common policy is most likely to cause her difficulties during her investigation?

Incident response policies

Communication policies

Retention policies

Configuration standards

Answer 38

Retention policies

Question 39

Alyssa wants to prevent a known Microsoft Word file from being downloaded and accessed on devices she is responsible for. What type of tool can she use to prevent this?

A deny list tool

A SIEM

An allow list tool

A COOP

Answer 39

A deny list tool

Question 40

Kevin would like to ensure that his software runs on a platform that is able to expand and contract as needs change. Which one of the following terms best describes his goal?

Elasticity

Agility

Cost effectiveness

Scalability

Answer 40

Elasticity