2

Question 1

Henry wants to use an open source forensic suite. Which of the following tools should he select?

FTK

Autopsy

EnCase

WinHex

Answer 1

Autopsy

Question 2

Jen identified a missing patch on a Windows server that might allow an attacker to gain remote control of the system. After consulting with her manager, she applied the patch. From a risk management perspective, what has she done?

Removed the threat

Reduced the vulnerability

Reduced the threat

Removed the vulnerability

Answer 2

Removed the vulnerability

Question 3

Gurvinder wants to follow the order of volatility to guide his forensic data acquisition. Which of the following is the least volatile?

Backups

RAM

Remote logs

Data on the hard drive

Answer 3

Backups

Question 4

Charles needs to know about actions an individual performed on a PC. What is the best starting point to help him identify those actions?

Review the event log.

Analyze the system’s keystroke log.

Interview the individual.

Review the system log.

Answer 4

Interview the individual.

Question 5

Brian ran a penetration test against a school’s grading system and discovered a flaw that would allow students to alter their grades by exploiting a SQL injection vulnerability. What type of control should he recommend to the school’s cybersecurity team to prevent students from engaging in this type of activity?

Confidentiality

Alteration

Integrity

Availability

Answer 5

Integrity

Question 6

Referring to the scenario in question 9, if Acme Widgets switched to an asymmetric encryption algorithm, how many keys would be required to add the 11th employee?

1

2

11

10

Answer 6

2

Question 7

Charles wants to obtain a forensic copy of a running virtual machine. What technique should he use to capture the image?

Use the VM host to create a snapshot.

Use WinHex to create a copy from within the running machine.

Run dd from within the running machine.

Use FTK Imager from the virtual machine host.

Answer 7

Use the VM host to create a snapshot.

Question 8

Grace recently completed a risk assessment of her organization’s exposure to data breaches and determined that there is a high level of risk related to the loss of sensitive personal information. She is considering a variety of approaches to managing this risk.

Grace is considering dropping the customer activities that collect and store sensitive personal information. What risk management strategy would this approach use?

Risk transference

Risk acceptance

Risk avoidance

Risk mitigation

Answer 8

Risk avoidance

Question 9

Sally is working to restore her organization’s operations after a disaster took her datacenter offline. What critical document should she refer to as she restarts systems?

The HOTP documentation

The restoration order documentation

The TOTP documentation

The last-known good configuration documentation

Answer 9

The restoration order documentation

Question 10

Maria has acquired a disk image from a hard drive using dd, and she wants to ensure that her process is forensically sound. What should her next step be after completing the copy?

Selected Answer:
Incorrect [None Given]
Answers:
Update her chain-of-custody document.

Securely wipe the target drive.

Securely wipe the source drive.

Compare the hashes of the source and target drive

Answer 10

Compare the hashes of the source and target drive

Question 11

Greg would like to find a reference document that describes how to map cloud security controls to different regulatory standards. What document would best assist with this task?

PCI DSS

CSA CCM

NIST SP 500-292

ISO 27001

Answer 11

CSA CCM

Question 12

Daniel knows that WPA3 has added a method to ensure that brute-force attacks against weak preshared keys are less likely to succeed. What is this technology called?

SAE

PSK

CCMP

WPS

Answer 12

SAE

Question 13

Darren is working with an independent auditor to produce an audit report that he will share with his customers under NDA to demonstrate that he has appropriate security controls in place. The auditor will not be assessing the effectiveness of those controls. What type of audit report should Darren expect?

SOC 2 Type 1

SOC 2 Type 2

SOC 3 Type 1

SOC 3 Type 2

Answer 13

SOC 2 Type 1

Question 14

Naomi wants to provide guidance on how to keep her organization’s new machine learning tools secure. Which of the following is not a common means of securing machine learning algorithms?

Require third-party review for bias in ML algorithms

Understand the quality of the source data

Build a secure working environment for ML developers

Ensure changes to ML algorithms are reviewed and tested

Answer 14

Require third-party review for bias in ML algorithms

Question 15

Gurvinder identifies a third-party datacenter provider over 90 miles away to run his redundant datacenter operations. Why has he placed the datacenter that far away?

Network traffic latency concerns

Geographic tax reasons

Because it is required by law

Geographic dispersal

Answer 15

Geographic dispersal

Question 16

Fred’s company issues devices in a BYOD model. That means that Fred wants to ensure that corporate data and applications are kept separate from personal applications on the devices. What technology is best suited to meet this need?

Containerization

Full-device encryption

Context-aware authentication

Biometrics

Answer 16

Containerization

Question 17

Joe is examining the logs for his web server and discovers that a user sent input to a web application that contained the string WAITFOR. What type of attack was the user likely attempting?

Selected Answer:
Incorrect [None Given]
Answers:
Cross-site scripting

Content-based SQL injection

HTML injection

Timing-based SQL injection

Answer 17

Timing-based SQL injection

Question 18

Ben wants to observe malicious behavior targeted at multiple systems on a network. He sets up a variety of systems and instruments to allow him to capture copies of attack tools and to document all the attacks that are conducted. What has he set up?

A tarpit

A honeynet

A beartrap

A honeypot

Answer 18

A honeynet

Question 19

Michelle has deployed iPads to her staff who work her company’s factory floor. She wants to ensure that the devices work only in the factory and that if they are taken home they cannot access business data or services. What type of solution is best suited to her needs?

Unified endpoint management (UEM)

Context-aware authentication

Geofencing

Geolocation

Answer 19

Geofencing

Question 20

Alaina discovers that someone has set up a website that looks exactly like her organization’s banking website. Which of the following terms best describes this sort of attack?

Tailgating

Pharming

Typosquatting

Phishing

Answer 20

Pharming

Question 21

David would like to send Mike a message using an asymmetric encryption algorithm. What key should he use to encrypt the message?

Mike’s public key

David’s private key

Mike’s private key

David’s public key

Answer 21

Mike’s public key

Question 22

Aziz is responsible for the administration of an e-commerce website that generates $100,000 per day in revenue for his firm. The website uses a database that contains sensitive information about the firm’s customers. He expects that a compromise of that database would result in $500,000 of fines against his firm.

Aziz is assessing the risk of a SQL injection attack against the database where the attacker would steal all of the customer personally identifiable information (PII) from the database. After consulting threat intelligence, he believes that there is a 5 percent chance of a successful attack in any given year.

What is the asset value (AV)?

$100,000

$5,000

$500,000

$600,000

Answer 22

$500,000

Question 23

Matt uploads a malware sample to a third-party malware scanning site that uses multiple antimalware and antivirus engines to scan the sample. He receives several different answers for what the malware package is. What has occurred?

Different vendors use different names for malware packages.

The package contains more than one piece of malware.

The malware is polymorphic and changed while being tested.

The service is misconfigured.

Answer 23

Different vendors use different names for malware packages.

Question 24

Elle is implementing a VoIP telephony system and wants to use secure protocols. If she has already implemented SIPS, which other protocol is she most likely to use?

SFTP

S/MIME

SRTP

UDP/S

Answer 24

SRTP

Question 25

Melissa wants to capture network traffic for forensic purposes. What tool should she use to capture it?

WinHex

A forensic suite

dd

Wireshark

Answer 25

Wireshark

Question 26

Aziz is responsible for the administration of an e-commerce website that generates $100,000 per day in revenue for his firm. The website uses a database that contains sensitive information about the firm’s customers. He expects that a compromise of that database would result in $500,000 of fines against his firm.

Aziz is assessing the risk of a SQL injection attack against the database where the attacker would steal all of the customer personally identifiable information (PII) from the database. After consulting threat intelligence, he believes that there is a 5 percent chance of a successful attack in any given year.

What is the annualized rate of occurrence (ARO)?

0.05

0.20

2.00

5.00

Answer 26

0.05

Question 27

Lou mounted the sign below on the fence surrounding his organization’s datacenter. What control type best describes this control?

Deterrent

Detective

Compensating

Physical

Answer 27

Deterrent

Question 28

In which of the following cloud categories are customers typically charged based on the number of virtual server instances dedicated to their use?

SaaS only

IaaS and PaaS

IaaS only

IaaS, SaaS, and PaaS

Answer 28

IaaS and PaaS

Question 29

Of the threat vectors listed here, which one is most commonly exploited by attackers who are at a distant location?

Direct access

Email

Wireless

Removable media

Answer 29

Email

Question 30

Octavia discovers that the contact list from her phone has been acquired via a wireless attack. Which of the following is the most likely culprit?

An evil twin

Bluejacking

Bluesnarfing

An evil maid

Answer 30

Bluesnarfing

Question 31

Brian would like to limit the ability of users inside his organization to provision expensive cloud server instances without permission. What type of control would best help him achieve this goal?

Resource policy

Security group

Secure web gateway

Multifactor authentication

Answer 31

Resource policy

Question 32

Renee is a cybersecurity hobbyist. She receives an email about a new web-based grading system being used by her son’s school and she visits the site. She notices that the URL for the site looks like this:
https://www.myschool.edu/grades.php&studentID=1023425

She realizes that 1023425 is her son’s student ID number and she then attempts to access the following similar URLs:
https://www.myschool.edu/grades.php&studentID=1023423
https://www.myschool.edu/grades.php&studentID=1023424
https://www.myschool.edu/grades.php&studentID=1023426
https://www.myschool.edu/grades.php&studentID=1023427

When she does so, she accesses the records of other students. She closes the records and immediately informs the school principal of the vulnerability. What term best describes Renee’s work?

Gray-hat hacking

Green-hat hacking

White-hat hacking

Black-hat hacking

Answer 32

Gray-hat hacking

Question 33

Mike discovers that attackers have left software that allows them to have remote access to systems on a computer in his company’s network. How should he describe or classify this malware?

A backdoor

Crypto malware

A Trojan

A worm

Answer 33

A backdoor

Question 34

Aziz is responsible for the administration of an e-commerce website that generates $100,000 per day in revenue for his firm. The website uses a database that contains sensitive information about the firm’s customers. He expects that a compromise of that database would result in $500,000 of fines against his firm.

Aziz is assessing the risk of a SQL injection attack against the database where the attacker would steal all of the customer personally identifiable information (PII) from the database. After consulting threat intelligence, he believes that there is a 5 percent chance of a successful attack in any given year.

What is the single loss expectancy (SLE)?

$600,000

$500,000

$5,000

$100,000

Answer 34

$500,000

Question 35

Kolin is a penetration tester who works for a cybersecurity company. His firm was hired to conduct a penetration test against a health-care system, and Kolin is working to gain access to the systems belonging to a hospital in that system. What term best describes Kolin’s work?

Black hat

White hat

Green hat

Gray hat

Answer 35

White hat

Question 36

Aziz is responsible for the administration of an e-commerce website that generates $100,000 per day in revenue for his firm. The website uses a database that contains sensitive information about the firm’s customers. He expects that a compromise of that database would result in $500,000 of fines against his firm.

Aziz is assessing the risk of a SQL injection attack against the database where the attacker would steal all of the customer personally identifiable information (PII) from the database. After consulting threat intelligence, he believes that there is a 5 percent chance of a successful attack in any given year.

What is the annualized loss expectancy (ALE)?

$5,000

$100,000

$25,000

$500,000

Answer 36

$25,000

Question 37

A person’s name, age, location, or job title are all examples of what?

Selected Answer:
Incorrect [None Given]
Answers:
Account permissions

Biometric factors

Identity factors

Attributes

Answer 37

Attributes

Question 38

Renee is configuring her vulnerability management solution to perform credentialed scans of servers on her network. What type of account should she provide to the scanner?

Selected Answer:
Incorrect [None Given]
Answers:
Local administrator

Domain administrator

Read-only

Root

Answer 38

Read-only

Question 39

Madhuri wants to implement a camera system but is concerned about the amount of storage space that the video recordings will require. What technology can help with this?

Facial recognition

Motion detection

PTZ

Infrared cameras

Answer 39

Motion detection

Question 40

In what cloud security model does the cloud service provider bear the most responsibility for implementing security controls?

IaaS

SaaS

FaaS

PaaS

Answer 40

SaaS