5

Question 1

Grace recently completed a risk assessment of her organization’s exposure to data breaches and determined that there is a high level of risk related to the loss of sensitive personal information. She is considering a variety of approaches to managing this risk.

Grace’s first idea is to add a web application firewall to protect her organization against SQL injection attacks. What risk management strategy does this approach adopt?

Risk avoidance

Risk acceptance

Risk mitigation

Risk transference

Answer 1

Risk mitigation

Question 2

Kevin recently identified a new security vulnerability and computed its CVSS base score as 6.5. Which risk category would this vulnerability fall into?

Low

Medium

High

Critical

Answer 2

Medium

Question 3

Alaina wants to maintain chain of custody documentation and has created a form. Which of the following is not a common element on a chain of custody form?

Signature of the person transferring the item

Item identifier number

Signature of the person receiving the item

Method of transport

Answer 3

Method of transport

Question 4

Gary wants to use secure protocols for email access for his end users. Which of the following groups of protocols should he implement to accomplish this task?

POPS, IMAPS, HTTPS

SPF, POPS, IMAPS

DMARC, DKIM, SPF

DKIM, DMARC, HTTPS

Answer 4

POPS, IMAPS, HTTPS

Question 5

Alaina has implemented WPA2 and uses enterprise authentication for access points in infrastructure mode. What encryption protocol is her network using?

WEP

IV

TKIP

CCMP

Answer 5

CCMP

Question 6

Glenn recently obtained a wildcard certificate for *. mydomain.com. Which one of the following domains would not be covered by this certificate?

core.mydomain.com

mydomain.com

dev.www.mydomain.com

mail.mydomain.com

Answer 6

dev.www.mydomain.com

Question 7

Nick wants to display the ARP cache for a Windows system. What command should he run to display the cache?

arpcache -show

arp -d

showarp

arp /a

Answer 7

arp /a

Question 8

Jim wants to view log entries that describe actions taken by applications on a CentOS Linux system. Which of the following tools can he use on the system to view those logs?

logger

tail

syslog-ng

journalctl

Answer 8

journalctl

Question 9

Fran’s organization uses a Type I hypervisor to implement an IaaS offering that it sells to customers. Which one of the following security controls is least applicable to this environment?

The provider must maintain security patches on the hypervisor.

Customers must maintain security patches on guest operating systems.

Customers must manage security groups to mediate network access to guest operating systems.

The provider must maintain security patches on the host operating system.

Answer 9

The provider must maintain security patches on the host operating system.

Question 10

Precompiled SQL statements that only require variables to be input are an example of what type of application security control?

Encoding data

Appropriate access controls

Parameterized queries

Input validation

Answer 10

Parameterized queries

Question 11

Kevin discovered that his web server was being overwhelmed by traffic, causing a CPU bottleneck. Using the interface offered by his cloud service provider, he added another CPU to the server. What term best describes Kevin’s action?

Vertical scaling

Elasticity

High availability

Horizontal scaling

Answer 11

Vertical scaling

Question 12

Olivia wants to install a host-based security package that can detect attacks against the system coming from the network, but she does not want to take the risk of blocking the attacks since she fears that she might inadvertently block legitimate traffic. What type of tool could she install that will meet this requirement?

A data loss prevention tool

A host intrusion prevention system

A host firewall

A host intrusion detection system

Answer 12

A host intrusion detection system

Question 13

Frank is concerned about the admissibility of his forensic data. Which of the following is not an element he should be concerned about?

Whether the forensic source data has remained unaltered

Whether the forensic information includes a timestamp

Whether the evidence is relevant to the case

Whether the practices and procedures would survive review by experts

Answer 13

Whether the forensic information includes a timestamp

Question 14

Nicole accidentally types www.smazon.com into her browser and discovers that she is directed to a different site loaded with ads and pop-ups. Which of the following is the most accurate description of the attack she has experienced?

Pharming

Typosquatting

Hosts file compromise

DNS hijacking

Answer 14

Typosquatting

Question 15

Ryan is planning to conduct a vulnerability scan of a business-critical system using dangerous plug-ins. What would be the best approach for the initial scan?

Run the scan during business hours.

Do not run the scan to avoid disrupting the business.

Run the scan against production systems to achieve the most realistic results possible.

Run the scan in a test environment.

Answer 15

Run the scan in a test environment.

Question 16

Lucca is prototyping an embedded system and wants to use a device that can run a full Linux operating system so that he can install and use a firewall and other security software to protect a web service he will run on it. Which of the following solutions should he use?

An FPGA

An Arduino

None of the above

A Raspberry Pi

Answer 16

A Raspberry Pi

Question 17

Naomi receives a report of smishing. What type of attack should she be looking for?

Text message–based phishing

Server-based phishing

Compressed files in phishing

Voicemail-based phishing

Answer 17

Text message–based phishing

Question 18

Skimming attacks are often associated with what next step by attackers?

Vishing

Cloning

Phishing

Dumpster diving

Answer 18

Cloning

Question 19

Grace recently completed a risk assessment of her organization’s exposure to data breaches and determined that there is a high level of risk related to the loss of sensitive personal information. She is considering a variety of approaches to managing this risk.

Grace’s company decided to install the web application firewall and continue doing business. They are still worried about other risks to the information that were not addressed by the firewall and are considering purchasing an insurance policy to cover those risks. What strategy does this use?

Risk acceptance

Risk mitigation

Risk transference

Risk avoidance

Answer 19

Risk transference

Question 20

Bart needs to assess whether a three-way TCP handshake is occurring between a Linux server and a Windows workstation. He believes that the workstation is sending a SYN but is not sure what is occurring next. If he wants to monitor the traffic, and he knows that the Linux system does not provide a GUI, what tool should he use to view that traffic?

dd

tcpreplay

Wireshark

tcpdump

Answer 20

tcpdump

Question 21

Chris has turned on logon auditing for a Windows system. Which log will show them?

The Windows Application log

The Windows Security log

The Windows System log

All of the above

Answer 21

The Windows Security log

Question 22

Gurvinder has been asked to assist a company that recently fired one of their developers. After the developer was terminated, the critical application that they had written for the organization stopped working and now displays a message reading “You shouldn’t have fired me!” If the developer’s access was terminated and the organization does not believe that they would have had access to any systems or code after they left the organization, what type of malware should Gurvinder look for?

A RAT

A PUP

A logic bomb

A keylogger

Answer 22

A logic bomb

Question 23

Frank is investigating a security incident where the attacker entered a very long string into an input field, which was followed by a system command. What type of attack likely took place?

Command injection

Cross-site request forgery

Server-side request forgery

Buffer overflow

Answer 23

Buffer overflow

Question 24

Ken is conducting threat research on Transport Layer Security (TLS) and would like to consult the authoritative reference for the protocol’s technical specification. What resource would best meet his needs?

Academic journal

Internet RFCs

Textbooks

Subject matter expert

Answer 24

Internet RFCs

Question 25

Ben wants to analyze Python code that he believes may be malicious code written by an employee of his organization. What can he do to determine if the code is malicious?

Submit the Python code to a malware testing website.

Test the code using an antivirus tool.

Open the file using a text editor to review the code.

Run a decompiler against it to allow him to read the code.

Answer 25

Open the file using a text editor to review the code.

Question 26

A PIN is an example of what type of factor?

Something you know

Something you are

Something you have

Something you set

Answer 26

Something you know

Question 27

Kira would like to implement a security control that can implement access restrictions across all of the SaaS solutions used by her organization. What control would best meet her needs?

Resource policy

Security group

CASB

SWG

Answer 27

CASB

Question 28

Chris is responding to a security incident that compromised one of his organization’s web servers. He believes that the attackers defaced one or more pages on the website. What cybersecurity objective did this attack violate?

Availability

Nonrepudiation

Confidentiality

Integrity

Answer 28

Integrity

Question 29

Chuck wants to provide route security for his organization, and he wants to secure the BGP traffic that his routers rely on for route information. What should Chuck do?

Choose a TLS-enabled version of BGP

Turn on BGP route protection

Use signed BGP by adopting certificates for each BGP peer

None of the above

Answer 29

None of the above

Question 30

Michelle enables the Windows 10 picture password feature to control logins for her laptop. Which type of attribute will it provide?

Someone you know

Somewhere you are

Something you can do

Something you exhibit

Answer 30

Something you can do

Question 31

Amanda notices traffic between her systems and a known malicious host on TCP port 6667. What type of traffic is she most likely detecting?

Command and control

A RAT

A hijacked web browser

A worm

Answer 31

A RAT

Question 32

Greg is implementing a data loss prevention system. He would like to ensure that it protects against transmissions of sensitive information by guests on his wireless network. What DLP technology would best meet this goal?

Host-based

Watermarking

Pattern recognition

Network-based

Answer 32

Network-based

Question 33

Joanna recovers a password file with passwords stored as MD5 hashes. What tool can she use to crack the passwords?

John the Ripper

Netcat

GPG

MD5sum

Answer 33

John the Ripper

Question 34

Mike is sending David an encrypted message using a symmetric encryption algorithm. What key should he use to encrypt the message?

Shared secret key

David’s public key

Mike’s private key

Mike’s public key

Answer 34

Shared secret key

Question 35

Jade’s organization recently suffered a security breach that affected stored credit card data. Jade’s primary concern is the fact that the organization is subject to sanctions for violating the provisions of the Payment Card Industry Data Security Standard. What category of risk is concerning Jade?

Operational

Strategic

Financial

Compliance

Answer 35

Compliance

Question 36

Joe is authoring a document that explains to system administrators one way in which they might comply with the organization’s requirement to encrypt all laptops. What type of document is Joe writing?

Standard

Policy

Guideline

Procedure

Answer 36

Guideline

Question 37

Michelle wants to prevent unauthorized applications from being installed on a system. What type of tool can she use to allow only permitted applications to be installed?

A HIPS

An allow list application

A deny list application

A hardening application

Answer 37

An allow list application

Question 38

Edward Snowden was a government contractor who disclosed sensitive government documents to journalists to uncover what he believed were unethical activities. Which two of the following terms best describe Snowden’s activities? (Choose two.)

APT

Hacktivist

State actor

Insider

Organized crime

Answer 38

Hacktivist
Insider

Question 39

Amanda is assessing a vehicle’s internal network. What type of bus is she most likely to discover connecting its internal sensors and controllers?

An SoC bus

A CAN bus

A Zigbee bus

Narrowband bus

Answer 39

A CAN bus

Question 40

Isaac is performing a forensic analysis on two systems that were compromised in the same event in the same facility. As he performs his analysis, he notices that the event appears to have happened almost exactly one hour earlier on one system than the other. What is the most likely issue he has encountered?

Answer 40

One system is set to an incorrect time zone.