2 Flashcards
Henry wants to use an open source forensic suite. Which of the following tools should he select?
FTK
Autopsy
EnCase
WinHex
Autopsy
Jen identified a missing patch on a Windows server that might allow an attacker to gain remote control of the system. After consulting with her manager, she applied the patch. From a risk management perspective, what has she done?
Removed the threat
Reduced the vulnerability
Reduced the threat
Removed the vulnerability
Removed the vulnerability
Gurvinder wants to follow the order of volatility to guide his forensic data acquisition. Which of the following is the least volatile?
Backups
RAM
Remote logs
Data on the hard drive
Backups
Charles needs to know about actions an individual performed on a PC. What is the best starting point to help him identify those actions?
Review the event log.
Analyze the system’s keystroke log.
Interview the individual.
Review the system log.
Interview the individual.
Brian ran a penetration test against a school’s grading system and discovered a flaw that would allow students to alter their grades by exploiting a SQL injection vulnerability. What type of control should he recommend to the school’s cybersecurity team to prevent students from engaging in this type of activity?
Confidentiality
Alteration
Integrity
Availability
Integrity
Referring to the scenario in question 9, if Acme Widgets switched to an asymmetric encryption algorithm, how many keys would be required to add the 11th employee?
1
2
11
10
2
Charles wants to obtain a forensic copy of a running virtual machine. What technique should he use to capture the image?
Use the VM host to create a snapshot.
Use WinHex to create a copy from within the running machine.
Run dd from within the running machine.
Use FTK Imager from the virtual machine host.
Use the VM host to create a snapshot.
Grace recently completed a risk assessment of her organization’s exposure to data breaches and determined that there is a high level of risk related to the loss of sensitive personal information. She is considering a variety of approaches to managing this risk.
Grace is considering dropping the customer activities that collect and store sensitive personal information. What risk management strategy would this approach use?
Risk transference
Risk acceptance
Risk avoidance
Risk mitigation
Risk avoidance
Sally is working to restore her organization’s operations after a disaster took her datacenter offline. What critical document should she refer to as she restarts systems?
The HOTP documentation
The restoration order documentation
The TOTP documentation
The last-known good configuration documentation
The restoration order documentation
Maria has acquired a disk image from a hard drive using dd, and she wants to ensure that her process is forensically sound. What should her next step be after completing the copy?
Selected Answer:
Incorrect [None Given]
Answers:
Update her chain-of-custody document.
Securely wipe the target drive.
Securely wipe the source drive.
Compare the hashes of the source and target drive
Compare the hashes of the source and target drive
Greg would like to find a reference document that describes how to map cloud security controls to different regulatory standards. What document would best assist with this task?
PCI DSS
CSA CCM
NIST SP 500-292
ISO 27001
CSA CCM
Daniel knows that WPA3 has added a method to ensure that brute-force attacks against weak preshared keys are less likely to succeed. What is this technology called?
SAE
PSK
CCMP
WPS
SAE
Darren is working with an independent auditor to produce an audit report that he will share with his customers under NDA to demonstrate that he has appropriate security controls in place. The auditor will not be assessing the effectiveness of those controls. What type of audit report should Darren expect?
SOC 2 Type 1
SOC 2 Type 2
SOC 3 Type 1
SOC 3 Type 2
SOC 2 Type 1
Naomi wants to provide guidance on how to keep her organization’s new machine learning tools secure. Which of the following is not a common means of securing machine learning algorithms?
Require third-party review for bias in ML algorithms
Understand the quality of the source data
Build a secure working environment for ML developers
Ensure changes to ML algorithms are reviewed and tested
Require third-party review for bias in ML algorithms
Gurvinder identifies a third-party datacenter provider over 90 miles away to run his redundant datacenter operations. Why has he placed the datacenter that far away?
Network traffic latency concerns
Geographic tax reasons
Because it is required by law
Geographic dispersal
Geographic dispersal
Fred’s company issues devices in a BYOD model. That means that Fred wants to ensure that corporate data and applications are kept separate from personal applications on the devices. What technology is best suited to meet this need?
Containerization
Full-device encryption
Context-aware authentication
Biometrics
Containerization
Joe is examining the logs for his web server and discovers that a user sent input to a web application that contained the string WAITFOR. What type of attack was the user likely attempting?
Selected Answer:
Incorrect [None Given]
Answers:
Cross-site scripting
Content-based SQL injection
HTML injection
Timing-based SQL injection
Timing-based SQL injection
Ben wants to observe malicious behavior targeted at multiple systems on a network. He sets up a variety of systems and instruments to allow him to capture copies of attack tools and to document all the attacks that are conducted. What has he set up?
A tarpit
A honeynet
A beartrap
A honeypot
A honeynet
Michelle has deployed iPads to her staff who work her company’s factory floor. She wants to ensure that the devices work only in the factory and that if they are taken home they cannot access business data or services. What type of solution is best suited to her needs?
Unified endpoint management (UEM)
Context-aware authentication
Geofencing
Geolocation
Geofencing
Alaina discovers that someone has set up a website that looks exactly like her organization’s banking website. Which of the following terms best describes this sort of attack?
Tailgating
Pharming
Typosquatting
Phishing
Pharming
David would like to send Mike a message using an asymmetric encryption algorithm. What key should he use to encrypt the message?
Mike’s public key
David’s private key
Mike’s private key
David’s public key
Mike’s public key
Aziz is responsible for the administration of an e-commerce website that generates $100,000 per day in revenue for his firm. The website uses a database that contains sensitive information about the firm’s customers. He expects that a compromise of that database would result in $500,000 of fines against his firm.
Aziz is assessing the risk of a SQL injection attack against the database where the attacker would steal all of the customer personally identifiable information (PII) from the database. After consulting threat intelligence, he believes that there is a 5 percent chance of a successful attack in any given year.
What is the asset value (AV)?
$100,000
$5,000
$500,000
$600,000
$500,000
Matt uploads a malware sample to a third-party malware scanning site that uses multiple antimalware and antivirus engines to scan the sample. He receives several different answers for what the malware package is. What has occurred?
Different vendors use different names for malware packages.
The package contains more than one piece of malware.
The malware is polymorphic and changed while being tested.
The service is misconfigured.
Different vendors use different names for malware packages.
Elle is implementing a VoIP telephony system and wants to use secure protocols. If she has already implemented SIPS, which other protocol is she most likely to use?
SFTP
S/MIME
SRTP
UDP/S
SRTP
Melissa wants to capture network traffic for forensic purposes. What tool should she use to capture it?
WinHex
A forensic suite
dd
Wireshark
Wireshark
Aziz is responsible for the administration of an e-commerce website that generates $100,000 per day in revenue for his firm. The website uses a database that contains sensitive information about the firm’s customers. He expects that a compromise of that database would result in $500,000 of fines against his firm.
Aziz is assessing the risk of a SQL injection attack against the database where the attacker would steal all of the customer personally identifiable information (PII) from the database. After consulting threat intelligence, he believes that there is a 5 percent chance of a successful attack in any given year.
What is the annualized rate of occurrence (ARO)?
0.05
0.20
2.00
5.00
0.05
Lou mounted the sign below on the fence surrounding his organization’s datacenter. What control type best describes this control?
Deterrent
Detective
Compensating
Physical
Deterrent
In which of the following cloud categories are customers typically charged based on the number of virtual server instances dedicated to their use?
SaaS only
IaaS and PaaS
IaaS only
IaaS, SaaS, and PaaS
IaaS and PaaS
Of the threat vectors listed here, which one is most commonly exploited by attackers who are at a distant location?
Direct access
Wireless
Removable media
Octavia discovers that the contact list from her phone has been acquired via a wireless attack. Which of the following is the most likely culprit?
An evil twin
Bluejacking
Bluesnarfing
An evil maid
Bluesnarfing
Brian would like to limit the ability of users inside his organization to provision expensive cloud server instances without permission. What type of control would best help him achieve this goal?
Resource policy
Security group
Secure web gateway
Multifactor authentication
Resource policy
Renee is a cybersecurity hobbyist. She receives an email about a new web-based grading system being used by her son’s school and she visits the site. She notices that the URL for the site looks like this:
https://www.myschool.edu/grades.php&studentID=1023425
She realizes that 1023425 is her son’s student ID number and she then attempts to access the following similar URLs:
https://www.myschool.edu/grades.php&studentID=1023423
https://www.myschool.edu/grades.php&studentID=1023424
https://www.myschool.edu/grades.php&studentID=1023426
https://www.myschool.edu/grades.php&studentID=1023427
When she does so, she accesses the records of other students. She closes the records and immediately informs the school principal of the vulnerability. What term best describes Renee’s work?
Gray-hat hacking
Green-hat hacking
White-hat hacking
Black-hat hacking
Gray-hat hacking
Mike discovers that attackers have left software that allows them to have remote access to systems on a computer in his company’s network. How should he describe or classify this malware?
A backdoor
Crypto malware
A Trojan
A worm
A backdoor
Aziz is responsible for the administration of an e-commerce website that generates $100,000 per day in revenue for his firm. The website uses a database that contains sensitive information about the firm’s customers. He expects that a compromise of that database would result in $500,000 of fines against his firm.
Aziz is assessing the risk of a SQL injection attack against the database where the attacker would steal all of the customer personally identifiable information (PII) from the database. After consulting threat intelligence, he believes that there is a 5 percent chance of a successful attack in any given year.
What is the single loss expectancy (SLE)?
$600,000
$500,000
$5,000
$100,000
$500,000
Kolin is a penetration tester who works for a cybersecurity company. His firm was hired to conduct a penetration test against a health-care system, and Kolin is working to gain access to the systems belonging to a hospital in that system. What term best describes Kolin’s work?
Black hat
White hat
Green hat
Gray hat
White hat
Aziz is responsible for the administration of an e-commerce website that generates $100,000 per day in revenue for his firm. The website uses a database that contains sensitive information about the firm’s customers. He expects that a compromise of that database would result in $500,000 of fines against his firm.
Aziz is assessing the risk of a SQL injection attack against the database where the attacker would steal all of the customer personally identifiable information (PII) from the database. After consulting threat intelligence, he believes that there is a 5 percent chance of a successful attack in any given year.
What is the annualized loss expectancy (ALE)?
$5,000
$100,000
$25,000
$500,000
$25,000
A person’s name, age, location, or job title are all examples of what?
Selected Answer:
Incorrect [None Given]
Answers:
Account permissions
Biometric factors
Identity factors
Attributes
Attributes
Renee is configuring her vulnerability management solution to perform credentialed scans of servers on her network. What type of account should she provide to the scanner?
Selected Answer:
Incorrect [None Given]
Answers:
Local administrator
Domain administrator
Read-only
Root
Read-only
Madhuri wants to implement a camera system but is concerned about the amount of storage space that the video recordings will require. What technology can help with this?
Facial recognition
Motion detection
PTZ
Infrared cameras
Motion detection
In what cloud security model does the cloud service provider bear the most responsibility for implementing security controls?
IaaS
SaaS
FaaS
PaaS
SaaS
