1 Flashcards
Scott notices that one of the systems on his network contacted a number of systems via encrypted web traffic, downloaded a handful of files, and then uploaded a large amount of data to a remote system. What type of infection should he look for?
A keylogger
A backdoor
A logic bomb
A bot
A bot
Angela has chosen to federate with other organizations to allow use of services that each organization provides. What role does Angela’s organization play when they authenticate their users and assert that those users are valid to other members of the federation?
Authentication provider
Relying party
Identity provider
Service provider
Identity provider
Samantha wants to set an account policy that ensures that devices can be used only while the user is in the organization’s main facility. What type of account policy should she set?
Geofencing
Impossible travel time
Time of day
Time-based logins
Geofencing
Brian has deployed a system that monitors sensors and uses that data to manage the power distribution for the power company that he works for. Which of the following terms is commonly used to describe this type of control and monitoring solution?
HVAC
SCADA
SIM
AVAD
SCADA
Every time Susan checks code into her organization’s code repository, it is tested and validated, and then if accepted, it is immediately put into production. What is the term for this?
Continuous delivery
Continuous integration
Agile development
A security nightmare
Continuous delivery
Connor believes that there is an issue between his organization’s network and a remote web server, and he wants to verify this by checking each hop along the route. Which tool should he use if he is testing from a Windows 10 system?
pathping
route
tracert
traceroute
pathping
Howard is assessing the legal risks to his organization based upon its handling of PII. The organization is based in the United States, handles the data of customers located in Europe, and stores information in Japanese datacenters. What law would be most important to Howard during his assessment?
Japanese law
U.S. law
All should have equal weight
European Union law
All should have equal weight
Naomi has discovered the following TCP ports open on a system she wants to harden. Which ports are used for unsecure services and thus should be disabled to allow their secure equivalents to continue to be used?
21
22
23
80
443
22 and 443
21 and 80
21, 23, and 80
21, 22, and 80
21, 23, and 80
Mike wants to stop vehicles from traveling toward the entrance of his building. What physical security control should he implement?
A hot aisle
An air gap
A robotic sentry
A bollard
A bollard
Joe checks his web server logs and sees that someone sent the following query string to an application running on the server:
http://www.mycompany.com/servicestatus.php?serviceID=892&serviceID=892’ ;
DROP TABLE Services;–
What type of attack was most likely attempted?
Cross-site scripting
Session hijacking
Man-in-the-middle
Parameter pollution
Parameter pollution
Charles has implemented LDAP for his organization. What type of service has he enabled?
A federation
An attestation service
A directory service
A biometric identity provider
A directory service
Rick believes that a system he is responsible for has been compromised with malware that uses a rootkit to obtain and retain access to the system. When he runs a virus scan, the system doesn’t show any malware. If he has other data that indicates the system is infected, what should his next step be if he wants to determine what malware may be on the system?
The system is not infected and he should move on.
Mount the drive on another system and scan it that way.
Disable the systems antivirus because it may be causing a false negative.
Rerun the antimalware scan.
Mount the drive on another system and scan it that way.
Michael wants to log directly to a database while also using TCP and TLS to protect his log information and to ensure it is received. What tool should he use?
journalctl
syslog
rsyslog
syslog-ng
syslog-ng
Nina’s organization uses SSH keys to provide secure access between systems. Which of the following is not a common security concern when using SSH keys?
Weak encryption
Inadvertent exposure of the private key
SSH key sprawl
Weak passwords/passphrases
Weak encryption
Greg believes that an attacker may have installed malicious firmware in a network device before it was provided to his organization by the supplier. What type of threat vector best describes this attack?
Cloud
Removable media
Supply chain
Direct access
Supply chain
As part of their yearly incident response preparations, Ben’s organization goes through a sample incident step by step to validate what each person will do in the incident. What type of exercise is this?
A simulation
A checklist exercise
A tabletop exercise
A walk-through
A walk-through
Sharif receives a bill for services that he does not believe his company requested or had performed. What type of social engineering technique is this?
Reconnaissance
An invoice scam
Credential harvesting
A hoax
An invoice scam
Bart knows that there are two common connection methods between Wi-Fi devices. Which of the following best describes ad hoc mode?
RFID
Point-to-point
NFC
Point-to-multipoint
Point-to-point
Helen designed a new payroll system that she offers to her customers. She hosts the payroll system in AWS and her customers access it through the web. What tier of cloud computing best describes Helen’s service?
PaaS
FaaS
SaaS
IaaS
SaaS
Crypto malware is a type of what sort of malware?
Rootkit
Worms
PUP
Ransomware
Ransomware
Kathleen wants to discourage potential attackers from entering the facility she is responsible for. Which of the following is not a common control used for this type of preventive defense?
Robotic sentries
Signs
Lighting
Fences
Robotic sentries
Grace recently completed a risk assessment of her organization’s exposure to data breaches and determined that there is a high level of risk related to the loss of sensitive personal information. She is considering a variety of approaches to managing this risk.
In the end, Grace found that the insurance policy was too expensive and opted not to purchase it. She is taking no additional action. What risk management strategy is being used in this situation?
Risk avoidance
Risk mitigation
Risk transference
Risk acceptance
Risk acceptance
Fred wants to ensure that the administrative interfaces for the switches and routers are protected so that they cannot be accessed by attackers. Which of the following solutions should he recommend as part of his organization’s network design?
NAC
Out-of-band management
Port security
Trunking
Out-of-band management
Jerome wants to allow guests to use his organization’s wireless network, but he does not want to provide a preshared key. What solution can he deploy to gather information such as email addresses or other contact information before allowing users to access his open network?
A captive portal
WPA2
WPS capture mode
Kerberos
A captive portal
Brian is selecting a CASB for his organization and he would like to use an approach that interacts with the cloud provider directly. Which CASB approach is most appropriate for his needs?
Comprehensive CASB
Inline CASB
API-based CASB
Outsider CASB
API-based CASB
Joe’s adventures in web server log analysis are not yet complete. As he continues to review the logs, he finds the request
http://www.mycompany.com/../../../etc/passwd
What type of attack was most likely attempted?
Directory traversal
SQL injection
Session hijacking
File upload
Directory traversal
James notices that a macro virus has been detected on a workstation in his organization. What was the most likely path for the infection?
A drive-by download via a web browser
A user intentionally enabled macros for an infected file
A remote access Trojan was used to install the macro virus
A worm spread the macro virus
A user intentionally enabled macros for an infected file
Colin would like to implement a security control in his accounting department that is specifically designed to detect cases of fraud that are able to occur despite the presence of other security controls. Which one of the following controls is best suited to meet Colin’s need?
Separation of duties
Least privilege
Dual control
Mandatory vacations
Mandatory vacations
If David wishes to digitally sign the message that he is sending Mike, what key would he use to create the digital signature?
David’s public key
Mike’s public key
Mike’s private key
David’s private key
David’s private key
Cynthia wants to clone a virtual machine. What should she do to capture a live machine, including the machine state?
A snapshot
A LiveCD
A full backup
A differential backup
A snapshot
Naomi wants to deploy a tool that can allow her to scale horizontally while also allowing her to patch systems without interfering with traffic to her web servers. What type of technology should she deploy?
NIC teaming
A load balancer
Geographic diversity
A multipath network
A load balancer
Asa believes that her organization is taking data collected from customers for technical support and using it for marketing without their permission. What principle is most likely being violated?
Selected Answer:
Incorrect [None Given]
Answers:
Data minimization
Data sovereignty
Purpose limitation
Data retention
Purpose limitation
Frank’s organization is preparing to deploy a data loss prevention (DLP) system. What key process should they undertake before they deploy it?
Implement and use a data classification scheme.
Encrypt all sensitive data.
Define data lifecycles for all nonsensitive data.
Tag all data with the name of the creator or owner.
Implement and use a data classification scheme.
Helen’s organization maintains medical records on behalf of its customers, who are individual physicians. What term best describes the role of Helen’s organization?
Data steward
Data owner
Data processor
Data controller
Data processor
Cynthia wants to make an exact copy of a drive using a Linux command-line tool. What command should she use?
Selected Answer:
Incorrect [None Given]
Answers:
ln
cp
df
dd
dd
Laura wants to deploy a WPA2 secured wireless for her small business, but she doesn’t have a RADIUS server set up. If she wants her Wi-Fi to be encrypted, what is her best option for wireless authentication?
Open Wi-Fi with a captive portal
PSK
EAP
EAP-TLS
PSK
Nancy is concerned that there is a software keylogger on the system she is investigating. What data may have been stolen?
All keyboard input
All files the user accessed while the keylogger was active
Keyboard and other input from the user
All files on the system
Keyboard and other input from the user
Susan has discovered that an incident took place on her network almost six months ago. As she prepares to identify useful data for the incident, which common policy is most likely to cause her difficulties during her investigation?
Incident response policies
Communication policies
Retention policies
Configuration standards
Retention policies
Alyssa wants to prevent a known Microsoft Word file from being downloaded and accessed on devices she is responsible for. What type of tool can she use to prevent this?
A deny list tool
A SIEM
An allow list tool
A COOP
A deny list tool
Kevin would like to ensure that his software runs on a platform that is able to expand and contract as needs change. Which one of the following terms best describes his goal?
Elasticity
Agility
Cost effectiveness
Scalability
Elasticity
