4

Question 1

Greg would like to create an umbrella agreement that provides the security terms and conditions for all future work that his organizations does with a vendor. What type of agreement should Greg use?

MOU

SLA

MSA

BPA

Answer 1

MSA

Question 2

Cindy wants to send threat information via a standardized protocol specifically designed to exchange cyber threat information. What should she choose?

STIX 2.0

STIX 1.0

TAXII

OpenIOC

Answer 2

TAXII

Question 3

Gwen is building her organization’s documentation and processes and wants to create the plan for what the organization would do if her datacenter burned down. What type of plan would typically cover that type of scenario?

A disaster recovery plan

A stakeholder management plan

An incident response plan

A business continuity plan

Answer 3

A disaster recovery plan

Question 4

Lila is working on a penetration testing team and she is unsure whether she is allowed to conduct social engineering as part of the test. What document should she consult to find this information?

Statement of work

Rules of engagement

Lessons learned report

Contract

Answer 4

Rules of engagement

Question 5

James is concerned about preventing broadcast storms on his network. Which of the following solutions is not a useful method of preventing broadcast storms on his network?

Enable Spanning Tree Protocol

Enable loop protect features on switches

Limit the size of VLANs

Disable ARP on all accessible ports

Answer 5

Disable ARP on all accessible ports

Question 6

Greg wants to use a tool that can directly edit disks for forensic purposes. What commercial tool could he select from this list?

dd

WinHex

memdump

df

Answer 6

WinHex

Question 7

Alyssa wants to use her Android phone to store and manage cryptographic certificates. What type of solution could she choose to do this using secure hardware?

SEAndroid

MDM

A wireless TPM

A microSD HSM

Answer 7

A microSD HSM

Question 8

Megan’s organization uses the Diamond Model of Intrusion Analysis as part of their incident response process. A user in Megan’s organization has discovered a compromised system. What core feature would help her determine how the compromise occurred?

Infrastructure

Adversary

Victim

Capability

Answer 8

Capability

Question 9

Ben searches through an organization’s trash looking for sensitive documents, internal notes, and other useful information. What term describes this type of activity?

Dumpster diving

Dumpster harvesting

Trash pharming

Waste engineering

Answer 9

Dumpster diving

Question 10

Randy wants to prevent DHCP attacks on his network. What secure protocol should he implement to have the greatest impact?

ARPS

LDAPS

SDHCP

None of the above

Answer 10

None of the above

Question 11

Ian has been receiving hundreds of false positive alerts from his SIEM every night when scheduled jobs run across his datacenter. What should he adjust on his SIEM to reduce the false positive rate?

Dashboard configuration

Trend analysis

Correlation rules

Sensitivity

Answer 11

Sensitivity

Question 12

Lucca’s organization runs a hybrid datacenter with systems in Microsoft’s Azure cloud and in a local facility. Which of the following attacks is one that he can establish controls for in both locations?

Dumpster diving

Tailgating

Phishing

Shoulder surfing

Answer 12

Phishing

Question 13

Susan wants to ensure that the threat of a lost phone creating a data breach is minimized. What two technologies should she implement to do this?

Remote wipe and FDE

Geofencing and remote wipe

Containerization and NFC

Wi-Fi and NFC

Answer 13

Remote wipe and FDE

Question 14

Alan reads Susan’s password from across the room as she logs in. What type of technique has he used?

A man-in-the-middle attack

Shoulder surfing

Pretexting

A man-in-the-room attack

Answer 14

Shoulder surfing

Question 15

Madhuri is designing a load-balancing configuration for her company and wants to keep a single node from being overloaded. What type of design will meet this need?

Active/active

Active/passive

Duck-duck-goose

A daisy chain

Answer 15

Active/active

Question 16

During a vulnerability scan, Brian discovered that a system on his network contained this vulnerability:

File integrity monitoring

Threat hunting

Patch management

Intrusion detection

Answer 16

Patch management

Question 17

Selah wants to ensure that malware is completely removed from a system. What should she do to ensure this?

Use the delete setting in her antimalware software rather than the quarantine setting.

Wipe the drive and reinstall from known good media.

There is no way to ensure the system is safe and it should be destroyed.

Run multiple antimalware tools and use them to remove all detections.

Answer 17

Wipe the drive and reinstall from known good media.

Question 18

Acme Widgets has 10 employees and they all need the ability to communicate with one another using a symmetric encryption system. The system should allow any two employees to securely communicate without other employees eavesdropping. If an 11th employee is added to the organization, how many new keys must be added to the system?

11

2

10

1

Answer 18

10

Question 19

Michael wants to acquire the firmware from a running device for analysis. What method is most likely to succeed?

Remove the firmware chip from the system.

Use disk forensic acquisition techniques.

Shut down the system and boot to the firmware to copy it to a removable device.

Use forensic memory acquisition techniques.

Answer 19

Use forensic memory acquisition techniques.

Question 20

Charles is worried about users conducting SQL injection attacks. Which of the following solutions will best address his concerns?

Performing user input validation

Enabling logging on the database

Using secure session management

Implementing TLS

Answer 20

Performing user input validation

Question 21

Grace would like to determine the operating system running on a system that she is targeting in a penetration test. Which one of the following techniques will most directly provide her with this information?

Port scanning

Vulnerability scanning

Footprinting

Packet capture

Answer 21

Footprinting

Question 22

Charles wants to monitor changes to a log file via a command line in real time. Which of the following command-line Linux tools will let him see the last lines of a log file as they change?

head

tail

chmod

logger

Answer 22

tail

Question 23

Florian wants to ensure that systems on a protected network cannot be attacked via the organization’s network. What design technique should he use to ensure this?

An air gap

Protected cable distribution

A hot aisle

A cold aisle

Answer 23

An air gap

Question 24

Bruce is conducting a penetration test for a client. The client provided him with details of their systems in advance. What type of test is Bruce conducting?

Gray-box test

White-box test

Black-box test

Blue-box test

Answer 24

White-box test

Question 25

Ryan is selecting a new security control to meet his organization’s objectives. He would like to use it in their multicloud environment and would like to minimize the administrative work required from his fellow technologists. What approach would best meet his needs?

Internally developed control

Third-party control

Cloud-native control

Any of the above

Answer 25

Third-party control

Question 26

Brian recently conducted a risk mitigation exercise and has determined the level of risk that remains after implementing a series of controls. What term best describes this risk?

Residual risk

Control risk

Inherent risk

Risk appetite

Answer 26

Residual risk

Question 27

Kevin is participating in a security exercise for his organization. His role in the exercise is to use hacking techniques to attempt to gain access to the organization’s systems. What role is Kevin playing in this exercise?

White team

Blue team

Purple team

Red team

Answer 27

Red team

Question 28

Alaina suspects that her organization may be targeted by a SPIM attack. What technology is she concerned about?

Spam over Internal Media

Spam over Instant Messaging

Social Persuasion and Intimidation by Managers

Social Persuasion by Internet Media

Answer 28

Spam over Instant Messaging

Question 29

Scott sends his backups to a company that keeps them in a secure vault. What type of backup solution has he implemented?

Offline

Safe

Nearline

Online

Answer 29

Offline

Question 30

Greg recently conducted an assessment of his organization’s security controls and discovered a potential gap: the organization does not use full-disk encryption on laptops. What type of control gap exists in this case?

Deterrent

Preventive

Corrective

Detective

Answer 30

Preventive

Question 31

Melissa is planning on implementing biometric authentication on her network. Which of the following should be a goal for any biometric solution she selects?

Low CER

High FAR, low FRR

High CER

High FRR, low FAR

Answer 31

Low CER

Question 32

During a site survey, Chris discovers that there are more access points broadcasting his organization’s SSID than he expects there to be. What type of wireless attack has he likely discovered?

A split SSID

An alternate access point

An identical twin

An evil twin

Answer 32

An evil twin

Question 33

Alex has been handed a flash media device that was quick-formatted and has been asked to recover the data. What data will remain on the drive?

Files and file indexes will remain on the drive.

File indexes will remain, but the files will be gone.

Files will remain but file indexes will not.

No data will remain on the drive.

Answer 33

Files will remain but file indexes will not.

Question 34

Nolan is writing an after action report on a security breach that took place in his organization. The attackers stole thousands of customer records from the organization’s database. What cybersecurity principle was most impacted in this breach?

Integrity

Availability

Nonrepudiation

Confidentiality

Answer 34

Confidentiality

Question 35

A caller reached a member of the IT support person at Carlos’s company and told them that the chairman of the company’s board was traveling and needed immediate access to his account but had been somehow locked out. They told the IT support person that if the board member did not have their password reset, the company could lose a major deal. If Carlos receives a report about this, which of the principles of social engineering should he categorize the attacker’s efforts under?

Consensus

Familiarity

Urgency

Scarcity

Answer 35

Urgency

Question 36

Madhuri disables SMS, MMS, and RCS on phones in her organization. What has she prevented from being sent?

Phone calls and texts

Text messages and firmware updates

Text messages and multimedia messages

Phone calls and multimedia messages

Answer 36

Text messages and multimedia messages

Question 37

During a web application test, Ben discovers that the application shows SQL code as part of an error provided to application users. What should he note in his report?

Improper error handling

A default configuration issue

SQL injection

Code exposure

Answer 37

Improper error handling

Question 38

Matt is updating the organization’s threat assessment process. What category of control is Matt implementing?

Managerial

Technical

Operational

Corrective

Answer 38

Managerial

Question 39

Naomi is preparing to migrate her organization to a cloud service and wants to ensure that she has the appropriate contractual language in place. Which of the following is not a common item she should include?

Data breach notification timeframe

Right-to-audit clauses

Right to forensic examination

Choice of jurisdiction

Answer 39

Right to forensic examination

Question 40

Gwen is exploring a customer transaction reporting system and discovers the table shown here. What type of data minimization has most likely been used on this table?

Answer 40

Masking