4 Flashcards
Greg would like to create an umbrella agreement that provides the security terms and conditions for all future work that his organizations does with a vendor. What type of agreement should Greg use?
MOU
SLA
MSA
BPA
MSA
Cindy wants to send threat information via a standardized protocol specifically designed to exchange cyber threat information. What should she choose?
STIX 2.0
STIX 1.0
TAXII
OpenIOC
TAXII
Gwen is building her organization’s documentation and processes and wants to create the plan for what the organization would do if her datacenter burned down. What type of plan would typically cover that type of scenario?
A disaster recovery plan
A stakeholder management plan
An incident response plan
A business continuity plan
A disaster recovery plan
Lila is working on a penetration testing team and she is unsure whether she is allowed to conduct social engineering as part of the test. What document should she consult to find this information?
Statement of work
Rules of engagement
Lessons learned report
Contract
Rules of engagement
James is concerned about preventing broadcast storms on his network. Which of the following solutions is not a useful method of preventing broadcast storms on his network?
Enable Spanning Tree Protocol
Enable loop protect features on switches
Limit the size of VLANs
Disable ARP on all accessible ports
Disable ARP on all accessible ports
Greg wants to use a tool that can directly edit disks for forensic purposes. What commercial tool could he select from this list?
dd
WinHex
memdump
df
WinHex
Alyssa wants to use her Android phone to store and manage cryptographic certificates. What type of solution could she choose to do this using secure hardware?
SEAndroid
MDM
A wireless TPM
A microSD HSM
A microSD HSM
Megan’s organization uses the Diamond Model of Intrusion Analysis as part of their incident response process. A user in Megan’s organization has discovered a compromised system. What core feature would help her determine how the compromise occurred?
Infrastructure
Adversary
Victim
Capability
Capability
Ben searches through an organization’s trash looking for sensitive documents, internal notes, and other useful information. What term describes this type of activity?
Dumpster diving
Dumpster harvesting
Trash pharming
Waste engineering
Dumpster diving
Randy wants to prevent DHCP attacks on his network. What secure protocol should he implement to have the greatest impact?
ARPS
LDAPS
SDHCP
None of the above
None of the above
Ian has been receiving hundreds of false positive alerts from his SIEM every night when scheduled jobs run across his datacenter. What should he adjust on his SIEM to reduce the false positive rate?
Dashboard configuration
Trend analysis
Correlation rules
Sensitivity
Sensitivity
Lucca’s organization runs a hybrid datacenter with systems in Microsoft’s Azure cloud and in a local facility. Which of the following attacks is one that he can establish controls for in both locations?
Dumpster diving
Tailgating
Phishing
Shoulder surfing
Phishing
Susan wants to ensure that the threat of a lost phone creating a data breach is minimized. What two technologies should she implement to do this?
Remote wipe and FDE
Geofencing and remote wipe
Containerization and NFC
Wi-Fi and NFC
Remote wipe and FDE
Alan reads Susan’s password from across the room as she logs in. What type of technique has he used?
A man-in-the-middle attack
Shoulder surfing
Pretexting
A man-in-the-room attack
Shoulder surfing
Madhuri is designing a load-balancing configuration for her company and wants to keep a single node from being overloaded. What type of design will meet this need?
Active/active
Active/passive
Duck-duck-goose
A daisy chain
Active/active
During a vulnerability scan, Brian discovered that a system on his network contained this vulnerability:
File integrity monitoring
Threat hunting
Patch management
Intrusion detection
Patch management
Selah wants to ensure that malware is completely removed from a system. What should she do to ensure this?
Use the delete setting in her antimalware software rather than the quarantine setting.
Wipe the drive and reinstall from known good media.
There is no way to ensure the system is safe and it should be destroyed.
Run multiple antimalware tools and use them to remove all detections.
Wipe the drive and reinstall from known good media.
Acme Widgets has 10 employees and they all need the ability to communicate with one another using a symmetric encryption system. The system should allow any two employees to securely communicate without other employees eavesdropping. If an 11th employee is added to the organization, how many new keys must be added to the system?
11
2
10
1
10
Michael wants to acquire the firmware from a running device for analysis. What method is most likely to succeed?
Remove the firmware chip from the system.
Use disk forensic acquisition techniques.
Shut down the system and boot to the firmware to copy it to a removable device.
Use forensic memory acquisition techniques.
Use forensic memory acquisition techniques.
Charles is worried about users conducting SQL injection attacks. Which of the following solutions will best address his concerns?
Performing user input validation
Enabling logging on the database
Using secure session management
Implementing TLS
Performing user input validation
Grace would like to determine the operating system running on a system that she is targeting in a penetration test. Which one of the following techniques will most directly provide her with this information?
Port scanning
Vulnerability scanning
Footprinting
Packet capture
Footprinting
Charles wants to monitor changes to a log file via a command line in real time. Which of the following command-line Linux tools will let him see the last lines of a log file as they change?
head
tail
chmod
logger
tail
Florian wants to ensure that systems on a protected network cannot be attacked via the organization’s network. What design technique should he use to ensure this?
An air gap
Protected cable distribution
A hot aisle
A cold aisle
An air gap
Bruce is conducting a penetration test for a client. The client provided him with details of their systems in advance. What type of test is Bruce conducting?
Gray-box test
White-box test
Black-box test
Blue-box test
White-box test
Ryan is selecting a new security control to meet his organization’s objectives. He would like to use it in their multicloud environment and would like to minimize the administrative work required from his fellow technologists. What approach would best meet his needs?
Internally developed control
Third-party control
Cloud-native control
Any of the above
Third-party control
Brian recently conducted a risk mitigation exercise and has determined the level of risk that remains after implementing a series of controls. What term best describes this risk?
Residual risk
Control risk
Inherent risk
Risk appetite
Residual risk
Kevin is participating in a security exercise for his organization. His role in the exercise is to use hacking techniques to attempt to gain access to the organization’s systems. What role is Kevin playing in this exercise?
White team
Blue team
Purple team
Red team
Red team
Alaina suspects that her organization may be targeted by a SPIM attack. What technology is she concerned about?
Spam over Internal Media
Spam over Instant Messaging
Social Persuasion and Intimidation by Managers
Social Persuasion by Internet Media
Spam over Instant Messaging
Scott sends his backups to a company that keeps them in a secure vault. What type of backup solution has he implemented?
Offline
Safe
Nearline
Online
Offline
Greg recently conducted an assessment of his organization’s security controls and discovered a potential gap: the organization does not use full-disk encryption on laptops. What type of control gap exists in this case?
Deterrent
Preventive
Corrective
Detective
Preventive
Melissa is planning on implementing biometric authentication on her network. Which of the following should be a goal for any biometric solution she selects?
Low CER
High FAR, low FRR
High CER
High FRR, low FAR
Low CER
During a site survey, Chris discovers that there are more access points broadcasting his organization’s SSID than he expects there to be. What type of wireless attack has he likely discovered?
A split SSID
An alternate access point
An identical twin
An evil twin
An evil twin
Alex has been handed a flash media device that was quick-formatted and has been asked to recover the data. What data will remain on the drive?
Files and file indexes will remain on the drive.
File indexes will remain, but the files will be gone.
Files will remain but file indexes will not.
No data will remain on the drive.
Files will remain but file indexes will not.
Nolan is writing an after action report on a security breach that took place in his organization. The attackers stole thousands of customer records from the organization’s database. What cybersecurity principle was most impacted in this breach?
Integrity
Availability
Nonrepudiation
Confidentiality
Confidentiality
A caller reached a member of the IT support person at Carlos’s company and told them that the chairman of the company’s board was traveling and needed immediate access to his account but had been somehow locked out. They told the IT support person that if the board member did not have their password reset, the company could lose a major deal. If Carlos receives a report about this, which of the principles of social engineering should he categorize the attacker’s efforts under?
Consensus
Familiarity
Urgency
Scarcity
Urgency
Madhuri disables SMS, MMS, and RCS on phones in her organization. What has she prevented from being sent?
Phone calls and texts
Text messages and firmware updates
Text messages and multimedia messages
Phone calls and multimedia messages
Text messages and multimedia messages
During a web application test, Ben discovers that the application shows SQL code as part of an error provided to application users. What should he note in his report?
Improper error handling
A default configuration issue
SQL injection
Code exposure
Improper error handling
Matt is updating the organization’s threat assessment process. What category of control is Matt implementing?
Managerial
Technical
Operational
Corrective
Managerial
Naomi is preparing to migrate her organization to a cloud service and wants to ensure that she has the appropriate contractual language in place. Which of the following is not a common item she should include?
Data breach notification timeframe
Right-to-audit clauses
Right to forensic examination
Choice of jurisdiction
Right to forensic examination
Gwen is exploring a customer transaction reporting system and discovers the table shown here. What type of data minimization has most likely been used on this table?
Masking
