701 - Section 4

Question 1

What makes up a secure baseline?

Answer 1

The specific device or applications foundational security policy

Question 2

In my working experience, what is a secure baseline that I have used?

Answer 2

STIG checklists

Question 3

What is it called to apply these foundational secure configurations to the associated system?

Answer 3

Hardening

Question 4

What are three general ways to harden a mobile device?

Answer 4

Always apply updates when ready, segment the company and user data, control with an MDM, which is a mobile device manager

Question 5

What are three ways to harden a workstation?

Answer 5

Apply and automate monthly patches, connect to a policy management system, such as active directory group policy, remove unnecessary software to limit the threats

Question 6

How do you harden network infrastructure devices?

Answer 6

Always check with the manufacturer because when they do put out security updates, while not frequent, they are usually very important.

Question 7

What are three ways to harden cloud infrastructure?

Answer 7

Apply least privilege to services, network settings, etc… configure endpoint detection and response (EDR), always have an offsite back up

Question 8

What are four general ways to harden a server?

Answer 8

Always apply all updates service packs, and patches… apply best practices to user accounts, limit network access, monitor and secure with antivirus anti-malware software

Question 9

How do you harden an embedded system because they can be difficult to upgrade?

Answer 9

Apply security patches when available, prevent access from unauthorized users

Question 10

How do you harden an RTOS?

Answer 10

Isolate the system, run with the minimum services needed, protect with a host-based firewall

Question 11

How do you harden IOT devices?

Answer 11

Change the default passwords, deploy updates quickly, segment these devices by putting them on their own VLAN

Question 12

What is another name for a map of an organizations wireless network?

Answer 12

A site survey

Question 13

What are some of the benefits of a site survey?

Answer 13

They identify existing access points, they allow you to lay out and plan for interference, they identify wireless signal strengths

Question 14

What is an especially helpful wireless survey tool?

Answer 14

Spectrum analyzer

Question 15

What are three Features that an MDM provides?

Answer 15

Centralize management of the mobile devices, sets policies on apps, data, camera… Manages access control for things like screen locks and PINs

Question 16

What does BYOD stand for?

Answer 16

Bring your own device

Question 17

What does COPE stand for? And what is it?

Answer 17

Corporate owned personally enabled… When the company buys and controls the device but allows you to use it as a personal device as well

Question 18

What are three security concerns with a cellular network?

Answer 18

Traffic monitoring, location tracking, worldwide access to any mobile device

Question 19

What are three securities concerns with the Wi-Fi network?

Answer 19

Data capture so encrypt your data, on path attacks, denial of service

Question 20

What is another name for Bluetooth?

Answer 20

PAN or personal area network

Question 21

How do we ensure that all wireless communication is confidential?

Answer 21

By encrypting the wireless data

Question 22

What is MIC? And what is it used for?

Answer 22

Message integrity check, and it is used to confirm that the received data is identical to the original #DATA sent

Question 23

What is the problem with WPA2?

Answer 23

It is vulnerable to a pre-shared key (PK) brute force attack

Question 24

What is a pre-shared key?

Answer 24

It is the wireless key that everyone uses when they connect

Question 25

What protocol solves the WPA two PSK problem?

Answer 25

WPA3 and GCMP

Question 26

What is GCMP and what does it offer?

Answer 26

Galois counter mode protocol. It offers #DATA confidentiality with AES, MIC with Galios message authentication code GMAC

Question 27

How does W PA3 resolve the issues with WPA2?

Answer 27

It includes mutual authentication, creates a shared session key without sending that key across the network, no more four-way handshakes or ashes which eliminates the brute force attack vector

Question 28

What is SAE stand for, and how does it work,

Answer 28

Simultaneous authentication of equals… it uses a Diffie-Hellman derived key exchange with an authentication component, uses a different session key even with the same pre-shared key, and includes an eye EEE standard the dragonfly handshake

Question 29

Where do you configure security on a wireless network?

Answer 29

On your wireless access point or wireless router

Question 30

What are three wireless security modes?

Answer 30

Open system, which means no authentication password is required, WPA3 personal or WPA3 PSK, WPA3 Enterprise or WPA3-802.1x

Question 31

What does radius stand for?

Answer 31

Remote authentication dial-in user service

Question 32

What is RADIUS? And what does it do?

Answer 32

One of the more common AAA protocols and is supported on a wide variety of platforms and devices… it’s centralizes the authentication for users

Question 33

What is the AAA framework?

Answer 33

Authentication, authorization, accounting

Question 34

What is EAP, and what standard is it integrated with?

Answer 34

Extensible authentication protocol. It is an authentication framework… It integrates with 802.1X

Question 35

What is a primary methodology that developers can use to secure their application?

Answer 35

Validate the input fields

Question 36

What is a secure cookie?

Answer 36

A cookie that has its secure attribute set a browser will only send it over HTTPS

Question 37

True or false it is OK to store sensitive information within a cookie?

Answer 37

False, they are not designed to be secure storage

Question 38

What are four methods for securing application code?

Answer 38

Static code analyzers, code signing, sandboxing, application security monitoring

Question 39

What method of securing code uses automated tools to identify security flaws?

Answer 39

Static code analyzers also known as static application security testing SAST

Question 40

What method of application code security is used to confirm that the application was written by a specific developer? And how does it work?

Answer 40

Code signing, which means the application code is digitally signed by the developers private key

Question 41

Which form of application code security separates the application where it cannot access unrelated resources? And where else can it be used?

Answer 41

Sandboxing… it can be used in many different types of deployment, such as the M, mobile devices, browser Iframes

Question 42

Which form of application code security separates the application where it cannot access unrelated resources? And where else can it be used?

Answer 42

Sandboxing… it can be used in many different types of deployment, such as the M, mobile devices, browser Iframes

Question 43

Which form of application security uses real time logging information?

Answer 43

Application security monitoring

Question 44

What is this testing methodology called that throws random data at input fields on a form?

Answer 44

Fuzz testing

Question 45

What is the name of the multi step process for requesting and obtaining goods and services?

Answer 45

Acquisition or procurement process

Question 46

What does an organization use to track IT equipment purchased and who it is assigned to?

Answer 46

A central asset tracking system

Question 47

What is the process called to completely remove #DATA so no usable information remains?

Answer 47

System disposal or decommissioning

Question 48

What is usually contained on an asset tag?

Answer 48

Barcode, RF ID, visible tracking number, organization name

Question 49

What can be used to physically destroy an asset like a hard drive?

Answer 49

Shredder or pulverizer, a drill or hammer, degaussing Which removes the magnetic field or incineration

Question 50

When a third-party physically destroys an IT acid, what do you receive in return that confirms the assets has been destroyed and how it was destroyed?

Answer 50

A certificate of destruction

Question 51

What is it called when you back up your data and keep it for a period of time?

Answer 51

Data retention

Question 52

What are two reasons why data is retained?

Answer 52

Regulatory compliance or operation needs

Question 53

Is vulnerability scanning the same thing as penetration testing?

Answer 53

No

Question 54

What is it? An example of vulnerability scanning that I have used in the past? And what is one example within the scans?

Answer 54

ACAS or Nessus, a port scan to see what ports are open

Question 55

What is SAST and what does it do?

Answer 55

Static application secure testing, and it is used to help identify security flaws within application code… it can identify security, vulnerabilities such as buffer, overflows, and database injections

Question 56

True or false, knowing who the threat actors are is helpful with threat intelligence?

Answer 56

True

Question 57

True or false, knowing who the threat actors are is helpful with threat intelligence?

Answer 57

True

Question 58

What does OSINT stand for?

Answer 58

Open source intelligence

Question 59

This type of threat intelligence is compiled and available for sale and is constantly monitoring for new threats so it’s always being updated?

Answer 59

Proprietary or third-party intelligence

Question 60

What is CTA?

Answer 60

Cyber threat alliance… A member group who compiles, classifies threat intelligence for CTA members

Question 61

What is the internet area where hacking groups provide tools and techniques and other information for sale, including credit cards and account and passwords?

Answer 61

Dark web… it is good to monitor this area for signs of your or your companies information..

Question 62

The process of simulating and attack is called what?

Answer 62

Penetration testing

Question 63

What is the organization that provides technical guides and testing and assessment procedures for penetration testing?

Answer 63

The national Institute of standards and technology… NIST

Question 64

This is an important document that outlines the purpose and scope and makes everyone aware of the test parameters for the penetration test?

Answer 64

Rules of engagement

Question 65

What are some of the items within the rules of engagement?

Answer 65

The type of testing (physical, internal/external)and schedule, and the rules

Question 66

What are some of the rules that might be outlined and the rules of engagement?

Answer 66

IP address ranges, emergency contacts, how to handle sensitive information

Question 67

What are some of the dangers of penetration testing?

Answer 67

Could cause a denial of service or loss of data, buffer overflows can cause instability, privilege escalations can occur

Question 68

And penetration testing, once you were able to gain access to a system, what are some important moves to test?

Answer 68

Lateral movement or moving from system to system, which tests if the network is relatively unprotected, being persistent, and ensuring once in that you can get back in by setting up a back door building fake user accounts, changing or verifying default passwords

Question 69

What is called a reward offered for discovery of vulnerabilities?

Answer 69

A bug bounty program

Question 70

At what point is a vulnerability publicly announced?

Answer 70

After the manufacturer has created a fix

Question 71

What is a vulnerability that is identified that doesn’t really exist called?

Answer 71

False positive

Question 72

What is a vulnerability that exist but is not detected?

Answer 72

False negative

Question 73

It is important to have the latest of these when performing vulnerability scans?

Answer 73

Signatures

Question 74

What does CVSS stand for and what is it?

Answer 74

Common vulnerability scoring system… It provides a quantitative scoring of a vulnerability from 0 to 10

Question 75

What does CVE stand for, and what is it?

Answer 75

Common vulnerabilities and Exposures… Each vulnerability is assigned a CV and contains a CVSS score

Question 76

What types of systems are generally included in a vulnerability scan?

Answer 76

Desktop, mobile apps, web application, misconfigured firewalls, open ports

Question 77

What is the loss of value or business activity if the vulnerability and an organization is exploited called?

Answer 77

The exposure factor and it’s usually expressed as a percentage… This is also a useful metric when assigning priority

Question 78

This type of variable for assigning a vulnerability priority when it impacts things such as internal servers, public cloud, or test lab?

Answer 78

Environmental type

Question 79

This type of variable for assigning a vulnerability priority when it impacts things such as hospitals or power plants?

Answer 79

Industry or Organizational impact

Question 80

What is the amount of risk acceptable to an organization called?

Answer 80

Risk tolerance

Question 81

What is the most common mitigation technique for vulnerability remediation?

Answer 81

Patching

Question 82

An unscheduled patch that has the highest priority is generally for what type of vulnerability?

Answer 82

Zero day

Question 83

What can an organization purchase for a cyber security event does occur that causes loss?

Answer 83

Cyber security liability insurance

Question 84

To limit the scope of an exploit, an organization will separate devices into their own networks/VLANS… what is that called?

Answer 84

Segmentation

Question 85

What type of segmentation is it when the application is completely disconnected from everything?

Answer 85

And air gap

Question 86

What can be used to block unwanted unnecessary internal traffic between VLANs?

Answer 86

NGFWs

Question 87

What are the two types of segmentation?

Answer 87

Physical and logical

Question 88

What device is required when you want to communicate between VLANs?

Answer 88

A layer 3 device or router

Question 89

What is it called when the optical security method may not be available so you apply this instead?

Answer 89

Compensating controls

Question 90

Name several examples of compensating controls?

Answer 90

Disabling a problematic service, revoking access to an application, limiting external access

Question 91

Sometimes these are given for a vulnerability, an example of this is a vulnerability that may require a local login only?

Answer 91

Exceptions and exemptions

Question 92

What are two ways to validate the vulnerability remediation?

Answer 92

Rescan and QA testing

Question 93

In my experience, what does the navy call the process of ongoing vulnerability processing?

Answer 93

Continuous monitoring

Question 94

What is an SIEM? And what does it do?

Answer 94

Security information and event manager, it consolidates many different logs to a central database and allows alerting and reporting on the data collected

Question 95

What are the different logs that can be consolidated into an SIEM?

Answer 95

Server logs, firewall logs, database logs, Internet server, logs, VPN logs

Question 96

What can workstation/server scanning provide to an organization? And in my experience, what am I familiar with this type of software?

Answer 96

It is actively checking systems and devices, and reporting back operating system type and versions, device driver, versions and installed applications…Belarc

Question 97

What are three uses for system scan software data?

Answer 97

It can report on number of devices that are up-to-date and in compliance, devices running older operating systems, and when a new vulnerability is found it can identify the number systems that may be vulnerable

Question 98

What is the average period of time for a company to identify and contain a breach?

Answer 98

9 months

Question 99

What are some of the pros and cons of SIEM alerts?

Answer 99

The alerts can enable quick response by sending up-to-date status information
There may be false positives, and false negatives to the alerts as they will require tuning over time.

Question 100

What are some examples of events that may trigger and SIEM alert?

Answer 100

An increase in authentication errors, large file transfers

Question 101

What is SCAP? And what does it do?

Answer 101

Security content automation protocol… through the standards created, It allows the many available security tools to identify and act on the same criteria

Question 102

What are some of the advantages of SCAP?

Answer 102

SCAO content can be shared between tools, it is especially useful in large environments with many different operating systems and applications, and the specification standard enables automation between different tools

Question 103

What is it called when an organization applies security best practices to everything and these are well documented? In my experience what have i used?

Answer 103

Benchmarks, STIG checklists

Question 104

What are some example benchmarks for a mobile device?

Answer 104

Disable screenshots, disable screen recordings, prevent voice calls when locked, and force encryption back ups

Question 105

What are the two types of compliance software?

Answer 105

Agent and agentless

Question 106

This type of security compliance software is installed on the device always monitors for real time notifications but must be maintained and updated?

Answer 106

Agent

Question 107

This type of security compliance software does not require a installation. It performs its checks and then disappears, but will not inform or alert if it is not running?

Answer 107

Agentless

Question 108

True or false antivirus and anti-malware are effectively the same these days?

Answer 108

True

Question 109

What is DLP? And what does it do?

Answer 109

Data loss prevention…when it detects sensitive data being transmitted across the network, it will block the data in real time and prevent it from being stolen

Question 110

What is SNMP?

Answer 110

Simple network management protocol

Question 111

What is MIB stand for, and what is it? And what does it contain?

Answer 111

Management information base, it is a database of data… it contains OIDs which are object identifiers

Question 112

What does SNMP do?

Answer 112

It polls devices at fixed intervals in order to capture data

Question 113

What port does SNMP use?

Answer 113

udp 161

Question 114

What is an SNMP trap? And what port does it use?

Answer 114

It is an alert that can be configured on the monitor device that if a threshold is really reached, it will send a trap which will allow the monitoring station to react immediately… it uses UDP port 162

Question 115

What gathers traffic statistics for all network traffic flows and can be used to watch network communications?

Answer 115

Netflow

Question 116

Which firewall filters traffic by port number in which by application?

Answer 116

Traditional, NGFW

Question 117

When you VPN between sites, what does a firewall do with the traffic?

Answer 117

It encrypt the traffic

Question 118

What other function can a firewall serve and what are some of the things that they do in that function?

Answer 118

They can act as layer three devices or routers, perform network address translation and dynamic routing

Question 119

An application layer gateway, a state full multi layer inspection, deep packet inspection… These are all different names for what device?

Answer 119

NGFW

Question 120

What does an NGFW do?

Answer 120

It analyzes, categorizes and applies a security decision to every packet

Question 121

Name the application that operates on these ports… TCP port 80 and 443, TCP port 22, TCP port 3389, UDP port 53, UDP port 123…

Answer 121

Web server, SSH server, RDP, DNS query, NTP

Question 122

With fire wall rules, where are the more specific rules generally located at? And what about the more general rules?

Answer 122

Usually at the top, near the bottom

Question 123

What do firewalls include at the bottom of the rules?

Answer 123

An implicit deny

Question 124

Firewalls can also include these which allow or disallow traffic by category groupings source IP destination, IP time of day?

Answer 124

Access control list

Question 125

What is an additional layer of security that organizations will place between you and the Internet that allows public access to public resources and that private data remains in accessible in the internal network?

Answer 125

A screened subnet

Question 126

What is usually integrated into an NGFW?

Answer 126

An IPS

Question 127

What are two ways that IPS rules can be built?

Answer 127

Signature based and anomaly based

Question 128

What is the web filtering called when you control web traffic based on data within the content? And what are two types?

Answer 128

Contant filtering… URL filtering and website category filtering

Question 129

What is the web filtering that allows or restricts based on the URL or URI?

Answer 129

URL scanning

Question 130

What do organizations use for web filtering that is installed software on all user devices?

Answer 130

Agent based filters

Question 131

This device also can perform Web filtering, and it sits between the users and the external network? In addition to Web filtering what other services can this device offer?

Answer 131

Proxy server… cashing, access control, content scanning

Question 132

What are three other methods of Web filtering based on the URL or IP address?

Answer 132

Block rules, reputation, DNS filtering

Question 133

This method of web filtering can be performed on a specific URL, cat category of site content, and can utilize different dispositions, for example allow and alert or block and alert?

Answer 133

Block rules

Question 134

This method of web filtering, filters URLs, based on their perceived risk such as trustworthy, low risk, medium risk, high risk?

Answer 134

Reputation

Question 135

This method of Web filtering utilizes the IP address combined with real time threat intelligence?

Answer 135

DNS filtering

Question 136

What is the database that contains everything on the network, such as computers, useraccounts, fileshares, printers, groups… It is primarily window-based?

Answer 136

Active directory

Question 137

What are some examples of functionality that can be performed on active directory?

Answer 137

Manage user accounts, centralized access control, reset passwords

Question 138

What can be used to manage computer or users with such things as login script, network configurations, security parameters?

Answer 138

Group policy

Question 139

This adds mandatory access control to Linux?

Answer 139

Security enhanced Linux or SELinux

Question 140

In Linux… what is MAC and what is DAC? Which one is traditionally used by Linux?

Answer 140

Mandatory access control, and discretionary access control… Linux traditionally uses DAC

Question 141

What does MAC provide to Linux?

Answer 141

Least privilege

Question 142

What are some examples of unencrypted protocols? And what are their secure alternative?

Answer 142

Telnet, FTP, HTTP, IMAP
SSH, SFTP, HTTPS, IMAPS

Question 143

True or false… A generally recognized secure port number always guarantees that security is being used on that port?

Answer 143

False, the port number does not guarantee security, you will need to confirm the security features are enabled

Question 144

What are three other ways to ensure secure protocols will be used?

Answer 144

WPA3 when using 802.11 wireless and using a VPN

Question 145

Why is it easy to spoof an email?

Answer 145

Because the protocols used to transfer emails include relatively few security checks

Question 146

What can a reputable sender do to configure email validation?

Answer 146

Configure email validation on the senders DNS server

Question 147

What can be set up to evaluate the source of inbound email messages and block it before it reaches the user if need be?

Answer 147

A mail gateway

Question 148

What is SPF? And what does it do?

Answer 148

Sender policy framework… It is a list of authorized sending mail servers that are added to a DNSTXT record. The receiving mail server will perform a check to see if the incoming mail really did come from an authorized host.

Question 149

What is DKIM? And what does it do?

Answer 149

Domain keys identified mail… The outgoing email server will digitally sign all outgoing email and the receiving email server will validate the signature… The public key is contained in the DKIM TXT record

Question 150

What is DMARC? And what does it do?

Answer 150

Domain based message, authentication, reporting and conformance… This is an extension of SPF and DKIM and the policy is written into a DNS TXT record… the domain owner will decide what receiving email servers should do with emails not validated using SPF and DKIM. This data can be used for reporting purposes…

Question 151

What is FIM? And what does it do?

Answer 151

File integrity monitoring… It monitors, important operating system, and application files For when changes occur…

Question 152

What is windows FIM and what is Linux FIM?

Answer 152

System file checker SFC and tripwire

Question 153

Where are three places that DLP systems are installed and what are they monitoring?

Answer 153

On individual computers for data and use, on a network for data in motion, on a server for data at rest

Question 154

What is USB blocking?

Answer 154

It is deployed on workstation and bands, removable flash media and storage devices

Question 155

In addition to local computer, server and network installations, where else can DLP be implemented?

Answer 155

Cloud and email… for the cloud it can manage access to URLs and block viruses and malware… For email it can monitor every inbound and outbound email including attachments

Question 156

Why is the endpoint so important for security? And why is it so difficult?

Answer 156

Because it’s the common place for all inbound and outbound attacks… And it is difficult because there are so many different types of platforms to protect

Question 157

What is it called to perform a health check on a device before connect to the network? And what sort of checks are performed?

Answer 157

Posture assessment… Is it a trusted device, is it running an up-to-date antivirus, or the applications installed trusted by the organization…

Question 158

What are the three types of agents that perform a posture assessment?

Answer 158

Persistent agent, dissolvable agent, agentless NAC

Question 159

Which posture assessment agent is permanently installed on a system and requires periodic updates?

Answer 159

Persistent agent

Question 160

Which posture assessment agent requires no installation and runs during the posture assessment terminates when no longer required?

Answer 160

Dissolvable agent

Question 161

Which posture assessment agent integrates with active directory, and the checks are made during login and log off?

Answer 161

Agentless NAC

Question 162

What happens when a device fails a posture assessment

Answer 162

The device is not allowed to connect to the network… It can connect to a quarantine network in order to get the device up-to-date

Question 163

What is EDR? And what does it do?

Answer 163

And point detection and response… It can detect, investigate, and respond to a threat

Question 164

What does EDR use to detect a threat?

Answer 164

Behavioral analysis, machine learning, and process monitoring

Question 165

What is XDR? And what does it do?

Answer 165

Extended detection and response… It is a further evolution of EDR that improves on miss detections, false positives, and long investigation times… It also can investigate and respond to network anomalies

Question 166

How does XDR work?

Answer 166

It watches users, hosts, network traffic and creates a baseline of normal activity. After the baseline is established, it uses a set of rules pattern matching in statistical analysis to watch for anything unusual.

Question 167

What is IAM? And what does it do?

Answer 167

Identity and access management… It ensures the right permissions are given to the right people at the right time to prevent unauthorized access

Question 168

With IAM, every entity, both human and non-human gets a what?

Answer 168

Digital identity

Question 169

An IAM what is it called to track and entities resource access?

Answer 169

Identity governance

Question 170

AnIAM, what are the events that could cause provisioning and or deprovisioning to occur?

Answer 170

Hiring, transfers, promotions, job separation

Question 171

In IAM, what is an important part of the process?

Answer 171

An initial checkpoint to limit access and nobody gets administrator access

Question 172

In IAM, no privileged access is given to what?

Answer 172

The operating system

Question 173

In IAM, How does identity proofing occur?

Answer 173

My validation using such things as password and security questions… And by verification/attestation using such things as a passport, drivers license, in person meeting…

Question 174

What is it called when credentials are provided one time and that can be used across multiple resources and or systems?

Answer 174

Single sign on

Question 175

What is LDAP? And what specification does it use?

Answer 175

Lightweight directory access protocol… X.500

Question 176

How does LDAP work with X.500?

Answer 176

LDAP is the protocol used to query and update an X.500 directory

Question 177

What structure is the X.500 directory? And what are the two objects called with examples?

Answer 177

Hierarchical or tree structure… Container object (country, organization, organizational unit), and leaf object (users, computers, printers, files)..

Question 178

What is SAML? And what does it do?

Answer 178

Security assertion, markup language… It is an open standard for authentication and authorization

Question 179

What is the authorization framework that was created by Twitter, Google and others that provides significant industry support?

Answer 179

OAuth

Question 180

What is the process that allows authentication and authorization between several networks that also requires a trust relationship between them?

Answer 180

Federation

Question 181

What is it where there are many different ways to communicate with an authentication server across multiple device types?

Answer 181

Interoperability

Question 182

With authorization the process of ensuring only authorized rights are exercised is called what?

Answer 182

Policy enforcement

Question 183

With authorization, the process of determining rights is called what?

Answer 183

Policy definition

Question 184

This type of access control limits the object based on security levels, a label and predefined rules on those objects?

Answer 184

Mandatory access control or MAC

Question 185

With this type of access control, it is used and most operating systems the owner establishes who can access their objects?

Answer 185

Discretionary access control, or DAC

Question 186

This type of access control is defined by the role in the organization?

Answer 186

Role based access control or RBAC

Question 187

This type of access control is determined through system enforced rules, and the rule is associated with the object?

Answer 187

Rule-based access control

Question 188

This type of access control is considered a next generation authorization model which combines an evaluates multiple parameters, such as resource information, IP address, time of day, desired action, relationship to the data?

Answer 188

Attribute based access control or ABAC

Question 189

An access control what is it called when you secure objects based on certain times or days of the week?

Answer 189

Time of day restrictions

Question 190

What are the different factors in MFA?

Answer 190

Something you know, something you have, something you are, somewhere you are

Question 191

In MTA, a password, a pin, a pattern or all what factor?

Answer 191

Something you know

Question 192

In MTA, a smart card a USB security key, a hardware or software token or your phone or all what factor?

Answer 192

Something you have

Question 193

In MTA, a biometric authentication such as a fingerprint, an Irish scan, a voice print are all examples of what factor?

Answer 193

Something you are

Question 194

In MTA, an IP address or a mobile device location are examples of what factor?

Answer 194

Somewhere you are

Question 195

What is password entropy?

Answer 195

The process of increasing a password complexity

Question 196

What can be used to store all of your passwords?

Answer 196

Password manager

Question 197

What are some examples of password less authentication?

Answer 197

Facial recognition or a security key

Question 198

What type of authentication creates a time limited account where the credentials are used for one session and then are deleted?

Answer 198

Just in time permissions

Question 199

What are the four steps to the incident response lifecycle?

Answer 199

Preparation, detection and analysis, containment/eradication/recovery, post incident activity

Question 200

What are five ways to prepare for an incident?

Answer 200

Team communication methods, incident handling hardware and software, incident analysis resources, incident mitigation software, the policies needed for incident handling

Question 201

True or false it is generally a good idea to let an incident run its course

Answer 201

False

Question 202

After an incident occurs, what should occur within an organization after the incident has been resolved?

Answer 202

Lessons learned sessions

Question 203

What can organizations do to test themselves before an actual event?

Answer 203

Perform an exercise or tabletop

Question 204

What is the process to determine the ultimate cause of an incident by asking why?

Answer 204

Root cause analysis

Question 205

What is the process to collect and protect information relating to an intrusion?

Answer 205

Digital forensics

Question 206

What is a legal technique to preserve relevant information to prepare for impending litigation and is initiated by legal counsel?

Answer 206

A legal hold

Question 207

What is usually required when needing to store copies of different data sources and data types during an investigation?

Answer 207

A separate repository for electronically stored information ESI

Question 208

What is called to maintain the integrity of the data during investigation and includes everyone who contacts the evidence uses hashes and digital signatures

Answer 208

Chain of custody

Question 209

During digital forensics, what is the process called to gather all of the needed data?

Answer 209

E discovery

Question 210

True or false E discovery also includes analysis of the data

Answer 210

False

Question 211

Name five types of log files instrumental in detecting and stopping an attack?

Answer 211

Security logs, firewall logs, application logs, endpoint logs, operating system, specific security logs, IPS and IDS logs, network logs

Question 212

What is data that describes other data sources?

Answer 212

Meta-data

Question 213

What can be used to detect a lack of security controls for example no firewall, no antivirus, no anti-spyware and miss configurations, like open shares, and guest access accounts?

Answer 213

Vulnerability scans

Question 214

What can an SIEM produce that serve as an alert?

Answer 214

Automated reports, think SPLUNK

Question 215

What can SIEMs Produce that display summaries on a single screen?

Answer 215

A dashboard

Question 216

What can be used to solve complex application issues by viewing detailed network traffic information?

Answer 216

Packet capture