5 Flashcards
Grace recently completed a risk assessment of her organization’s exposure to data breaches and determined that there is a high level of risk related to the loss of sensitive personal information. She is considering a variety of approaches to managing this risk.
Grace’s first idea is to add a web application firewall to protect her organization against SQL injection attacks. What risk management strategy does this approach adopt?
Risk avoidance
Risk acceptance
Risk mitigation
Risk transference
Risk mitigation
Kevin recently identified a new security vulnerability and computed its CVSS base score as 6.5. Which risk category would this vulnerability fall into?
Low
Medium
High
Critical
Medium
Alaina wants to maintain chain of custody documentation and has created a form. Which of the following is not a common element on a chain of custody form?
Signature of the person transferring the item
Item identifier number
Signature of the person receiving the item
Method of transport
Method of transport
Gary wants to use secure protocols for email access for his end users. Which of the following groups of protocols should he implement to accomplish this task?
POPS, IMAPS, HTTPS
SPF, POPS, IMAPS
DMARC, DKIM, SPF
DKIM, DMARC, HTTPS
POPS, IMAPS, HTTPS
Alaina has implemented WPA2 and uses enterprise authentication for access points in infrastructure mode. What encryption protocol is her network using?
WEP
IV
TKIP
CCMP
CCMP
Glenn recently obtained a wildcard certificate for *. mydomain.com. Which one of the following domains would not be covered by this certificate?
core.mydomain.com
mydomain.com
dev.www.mydomain.com
mail.mydomain.com
dev.www.mydomain.com
Nick wants to display the ARP cache for a Windows system. What command should he run to display the cache?
arpcache -show
arp -d
showarp
arp /a
arp /a
Jim wants to view log entries that describe actions taken by applications on a CentOS Linux system. Which of the following tools can he use on the system to view those logs?
logger
tail
syslog-ng
journalctl
journalctl
Fran’s organization uses a Type I hypervisor to implement an IaaS offering that it sells to customers. Which one of the following security controls is least applicable to this environment?
The provider must maintain security patches on the hypervisor.
Customers must maintain security patches on guest operating systems.
Customers must manage security groups to mediate network access to guest operating systems.
The provider must maintain security patches on the host operating system.
The provider must maintain security patches on the host operating system.
Precompiled SQL statements that only require variables to be input are an example of what type of application security control?
Encoding data
Appropriate access controls
Parameterized queries
Input validation
Parameterized queries
Kevin discovered that his web server was being overwhelmed by traffic, causing a CPU bottleneck. Using the interface offered by his cloud service provider, he added another CPU to the server. What term best describes Kevin’s action?
Vertical scaling
Elasticity
High availability
Horizontal scaling
Vertical scaling
Olivia wants to install a host-based security package that can detect attacks against the system coming from the network, but she does not want to take the risk of blocking the attacks since she fears that she might inadvertently block legitimate traffic. What type of tool could she install that will meet this requirement?
A data loss prevention tool
A host intrusion prevention system
A host firewall
A host intrusion detection system
A host intrusion detection system
Frank is concerned about the admissibility of his forensic data. Which of the following is not an element he should be concerned about?
Whether the forensic source data has remained unaltered
Whether the forensic information includes a timestamp
Whether the evidence is relevant to the case
Whether the practices and procedures would survive review by experts
Whether the forensic information includes a timestamp
Nicole accidentally types www.smazon.com into her browser and discovers that she is directed to a different site loaded with ads and pop-ups. Which of the following is the most accurate description of the attack she has experienced?
Pharming
Typosquatting
Hosts file compromise
DNS hijacking
Typosquatting
Ryan is planning to conduct a vulnerability scan of a business-critical system using dangerous plug-ins. What would be the best approach for the initial scan?
Run the scan during business hours.
Do not run the scan to avoid disrupting the business.
Run the scan against production systems to achieve the most realistic results possible.
Run the scan in a test environment.
Run the scan in a test environment.
Lucca is prototyping an embedded system and wants to use a device that can run a full Linux operating system so that he can install and use a firewall and other security software to protect a web service he will run on it. Which of the following solutions should he use?
An FPGA
An Arduino
None of the above
A Raspberry Pi
A Raspberry Pi
Naomi receives a report of smishing. What type of attack should she be looking for?
Text message–based phishing
Server-based phishing
Compressed files in phishing
Voicemail-based phishing
Text message–based phishing
Skimming attacks are often associated with what next step by attackers?
Vishing
Cloning
Phishing
Dumpster diving
Cloning
Grace recently completed a risk assessment of her organization’s exposure to data breaches and determined that there is a high level of risk related to the loss of sensitive personal information. She is considering a variety of approaches to managing this risk.
Grace’s company decided to install the web application firewall and continue doing business. They are still worried about other risks to the information that were not addressed by the firewall and are considering purchasing an insurance policy to cover those risks. What strategy does this use?
Risk acceptance
Risk mitigation
Risk transference
Risk avoidance
Risk transference
Bart needs to assess whether a three-way TCP handshake is occurring between a Linux server and a Windows workstation. He believes that the workstation is sending a SYN but is not sure what is occurring next. If he wants to monitor the traffic, and he knows that the Linux system does not provide a GUI, what tool should he use to view that traffic?
dd
tcpreplay
Wireshark
tcpdump
tcpdump
Chris has turned on logon auditing for a Windows system. Which log will show them?
The Windows Application log
The Windows Security log
The Windows System log
All of the above
The Windows Security log
Gurvinder has been asked to assist a company that recently fired one of their developers. After the developer was terminated, the critical application that they had written for the organization stopped working and now displays a message reading “You shouldn’t have fired me!” If the developer’s access was terminated and the organization does not believe that they would have had access to any systems or code after they left the organization, what type of malware should Gurvinder look for?
A RAT
A PUP
A logic bomb
A keylogger
A logic bomb
Frank is investigating a security incident where the attacker entered a very long string into an input field, which was followed by a system command. What type of attack likely took place?
Command injection
Cross-site request forgery
Server-side request forgery
Buffer overflow
Buffer overflow
Ken is conducting threat research on Transport Layer Security (TLS) and would like to consult the authoritative reference for the protocol’s technical specification. What resource would best meet his needs?
Academic journal
Internet RFCs
Textbooks
Subject matter expert
Internet RFCs
Ben wants to analyze Python code that he believes may be malicious code written by an employee of his organization. What can he do to determine if the code is malicious?
Submit the Python code to a malware testing website.
Test the code using an antivirus tool.
Open the file using a text editor to review the code.
Run a decompiler against it to allow him to read the code.
Open the file using a text editor to review the code.
A PIN is an example of what type of factor?
Something you know
Something you are
Something you have
Something you set
Something you know
Kira would like to implement a security control that can implement access restrictions across all of the SaaS solutions used by her organization. What control would best meet her needs?
Resource policy
Security group
CASB
SWG
CASB
Chris is responding to a security incident that compromised one of his organization’s web servers. He believes that the attackers defaced one or more pages on the website. What cybersecurity objective did this attack violate?
Availability
Nonrepudiation
Confidentiality
Integrity
Integrity
Chuck wants to provide route security for his organization, and he wants to secure the BGP traffic that his routers rely on for route information. What should Chuck do?
Choose a TLS-enabled version of BGP
Turn on BGP route protection
Use signed BGP by adopting certificates for each BGP peer
None of the above
None of the above
Michelle enables the Windows 10 picture password feature to control logins for her laptop. Which type of attribute will it provide?
Someone you know
Somewhere you are
Something you can do
Something you exhibit
Something you can do
Amanda notices traffic between her systems and a known malicious host on TCP port 6667. What type of traffic is she most likely detecting?
Command and control
A RAT
A hijacked web browser
A worm
A RAT
Greg is implementing a data loss prevention system. He would like to ensure that it protects against transmissions of sensitive information by guests on his wireless network. What DLP technology would best meet this goal?
Host-based
Watermarking
Pattern recognition
Network-based
Network-based
Joanna recovers a password file with passwords stored as MD5 hashes. What tool can she use to crack the passwords?
John the Ripper
Netcat
GPG
MD5sum
John the Ripper
Mike is sending David an encrypted message using a symmetric encryption algorithm. What key should he use to encrypt the message?
Shared secret key
David’s public key
Mike’s private key
Mike’s public key
Shared secret key
Jade’s organization recently suffered a security breach that affected stored credit card data. Jade’s primary concern is the fact that the organization is subject to sanctions for violating the provisions of the Payment Card Industry Data Security Standard. What category of risk is concerning Jade?
Operational
Strategic
Financial
Compliance
Compliance
Joe is authoring a document that explains to system administrators one way in which they might comply with the organization’s requirement to encrypt all laptops. What type of document is Joe writing?
Standard
Policy
Guideline
Procedure
Guideline
Michelle wants to prevent unauthorized applications from being installed on a system. What type of tool can she use to allow only permitted applications to be installed?
A HIPS
An allow list application
A deny list application
A hardening application
An allow list application
Edward Snowden was a government contractor who disclosed sensitive government documents to journalists to uncover what he believed were unethical activities. Which two of the following terms best describe Snowden’s activities? (Choose two.)
APT
Hacktivist
State actor
Insider
Organized crime
Hacktivist
Insider
Amanda is assessing a vehicle’s internal network. What type of bus is she most likely to discover connecting its internal sensors and controllers?
An SoC bus
A CAN bus
A Zigbee bus
Narrowband bus
A CAN bus
Isaac is performing a forensic analysis on two systems that were compromised in the same event in the same facility. As he performs his analysis, he notices that the event appears to have happened almost exactly one hour earlier on one system than the other. What is the most likely issue he has encountered?
One system is set to an incorrect time zone.
