A1 Build Your Own Flashcards by Guadalupe Banuelos

During the acquisition process of forensic evidence, it is crucial to take the order of volatility into account. Data stored in which of the following would be considered the MOST volatile?

A
Backups

B
Optical drives

C
RAM

D
Disk drives

C
RAM

How well did you know this?

Not at all

Perfectly

Which type of log files holds information about potentially malicious traffic that was blocked on an interface?

A
Network

B
OS-specific

C
Endpoint

D
Firewall

How well did you know this?

Not at all

Perfectly

Acme Inc. is a software development company and is conducting an audit of its security. The auditor notices that the company utilizes numerous third-party libraries in their code but lacks controls for ensuring those libraries are not compromised.

What type of activity should they implement to address this?

Package monitoring

Penetration testing

Data masking

Sandboxing

A
Package monitoring

How well did you know this?

Not at all

Perfectly

Which of the following types of security controls is a highly visible CCTV camera?

A
Preventative

B
Compensating

C
Deterrent

D
Corrective

C
Deterrent

How well did you know this?

Not at all

Perfectly

For a large company with complex compliance requirements, what can they use to improve efficiency and reduce human error?

A
Attestation

B
External audit

C
Due diligence

D
Automation

How well did you know this?

Not at all

Perfectly

An auditor is examining a small company’s network infrastructure. They discover that user workstations are in the same segment as the company’s public web server. What should the auditor recommend that the company implement based on this information?

A Security zones
B Proxy servers
C Load balancing
D Containerization

A
Security zones

How well did you know this?

Not at all

Perfectly

Which of the following concerns is a valid security consideration that needs to be taken into account when using cloud compute resources?

A
Running containers on multi-purpose servers to improve efficiency

B
Segmenting containers

C
Removing containers from security groups

D
Disabling dynamic resource allocation for automatically adding or removing containers

B
Segmenting containers

How well did you know this?

Not at all

Perfectly

An organization is responding to a security incident to one of their web servers. After removal of the remnants of malware and attacker access to the server, what step of the incident response procedure should they start?

A
Eradication

B
Recovery

C
Detection

D
Containment

B
Recovery

How well did you know this?

Not at all

Perfectly

A company wants to block all requests to a known malicious domain name. What type of web filtering should they use?

A
URL scanning

B
Port filtering

C
Reputation-based filtering

D
Content categorization

A
URL scanning

How well did you know this?

Not at all

Perfectly

Which of the following components manages security in SDN?

A
Management plane

B
SASE

C
Data plane

D
Controller

How well did you know this?

Not at all

Perfectly

Question 15
/ 250
Which type of device includes antivirus and anti-spam capabilities?

A
Application-layer firewall

B
WAF

C
UTM

D
NGFW

C
UTM

How well did you know this?

Not at all

Perfectly

What is the purpose of a chain of custody?

A
To provide physical security to end-user computing devices

B
To secure digital forensics data so that it cannot be stolen

C
To provide a complete account of the handling and storage of all evidence

D
To provide a secure and decentralized method of recording and verifying transactions

C
To provide a complete account of the handling and storage of all evidence

How well did you know this?

Not at all

Perfectly

Which of the following memory issues can cause a computer to run out of available memory?

A
Memory leak

B
Buffer overflow

C
Pointer dereference

D
Integer overflow

A
Memory leak

How well did you know this?

Not at all

Perfectly

What is a specific advantage of using IaC when moving an application to a live environment?

A
Risk transference

B
Patch availability

C
Availability

D
Ease of deployment

How well did you know this?

Not at all

Perfectly

A food processing company allows a third party to log in to some of their systems to update data. After an audit, it was discovered that one of those accounts was logging in from locations that involved impossible travel and was attempting to access other areas of the network.

What threat vector needs to be addressed in this situation?

A Bluetooth
B Vendor

C Removable device

D IM-based

B
Vendor

How well did you know this?

Not at all

Perfectly

Which of the following types of logs could record information about failed driver launches or a computer shutting down?

A
System

B
Security

C
Dump files

D
Application

A
System

How well did you know this?

Not at all

Perfectly

Payroll in HR is reviewing their payroll and invoice payment processes that involve large sums of money. They want to prevent fraud and provide enhanced accountability. They have decided to incorporate a second employee into the process, so it can’t be done by one person.

Which type of access control is being used?

A Least privilege

B Separation of duties

C Implicit deny

D Job rotation

B
Separation of duties

How well did you know this?

Not at all

Perfectly

Which concept is used in risk analysis to describe the chance of a specific event occurring in qualitative terms?

A
Likelihood

B
Threshold

C
Probability

D
Impact

A
Likelihood

How well did you know this?

Not at all

Perfectly

A company has many distributed offices that need to connect remotely. They want the network that connects the offices to have high availability and utilize various connectivity services to improve its performance, agility, and cost-effectiveness.

What type of solution should they use for this?

A NAC

B HTTPS

C VLAN

D SD-WAN

D
SD-WAN

How well did you know this?

Not at all

Perfectly

A load balancer at Acme Inc. is fielding requests from the internet to Acme’s new web portal that provides hospitals access to their medical tool catalog. They are receiving quite a bit of traffic from around the country and have configured the load balancer to keep users’ requests local to the server that first accepts the request. For example, user 1 visits the website and is routed to server 3; all subsequent visits send user 1 to server 3 for their web access.

This is an example of which of the following?

A Round-robin
B Agent-based
C Source address affinity
D Weight-based

C
Source address affinity

How well did you know this?

Not at all

Perfectly

Which of the following vectors is MOST likely to be used during passive reconnaissance?

A
Removable media

B
Social media

C
Supply chain

D
Phishing

B
Social media

How well did you know this?

Not at all

Perfectly

An administrator is reviewing a system that hosts a secure site for users to track banking information. In addition to hosting the web application, this server also handles the TLS connections between the server and client. Logs are indicating that the system is maxing out its CPU and RAM usage, which is impacting the website speed.

Which of the following would enhance this secure website’s function?

A Scale up the server with more RAM and CPU

B Limit the number of connections to the server

C Reduce the number of requests accepted per connection

D Offload encryption functionality to a dedicated device

D
Offload encryption functionality to a dedicated device

How well did you know this?

Not at all

Perfectly

An administrator has a network that should be kept entirely secret from other networks in an organization. What should they implement so that there is no physical connection between the secret network and other networks in the organization?

A
Firewall

B
Collision domain

C
Modem

D
Air gap

How well did you know this?

Not at all

Perfectly

This phase of the incident response process occurs before an incident and provides guidance to personnel on how to appropriately respond. Which of the following is the first step in the incident response process?

A
Containment

B
Identification

C
Preparation

D
Eradication

C
Preparation

How well did you know this?

Not at all

Perfectly

A blockchain company utilizes a certain consensus mechanism to validate transactions on its chain. It recently heard news that a similar blockchain suffered an exploit. They now want to run a risk assessment to determine if their chain is vulnerable, as well. What type of risk assessment will they be running? Ad hoc Continuous One-time Recurring

A Ad hoc

Which of the following attacks could be used for an on-path attack? A ARP poisoning B ARP flooding C MAC cloning D MAC flooding

A ARP poisoning

Which of the following impacts of a cyberattack is HARDEST to quantify? A Availability B Reputational C Data D Financial

B Reputational

A company ran a vulnerability assessment and subsequently implemented corrective measures to address the vulnerabilities they found. Now they want to have ongoing monitoring that assures that no new vulnerabilities emerge. What type of process should they implement? A Audit B Verification C Rescanning D Threat scope reduction

B Verification

A global company has a customer information database that needs to be available at all times. If the main database server fails, they need a secondary server that will take over with all the same data as the main server. What type of backup architecture should they use in this situation? A Incremental B Snapshot C Replication D Journaling

C Replication

Virtual machines use the resources provided by the physical host, which can make a compromised virtual machine a threat. Which kind of attack occurs when an attacker leverages their access to intrude upon other VMs? A XSS B VM escape C Resource reuse D VM sprawl

B VM escape

A receptionist at Acme Inc. receives a call from an individual who says he is on location with an executive who is about to give a presentation to Acme's largest customer, but that the files are corrupt and they need replacement files immediately. Initially, the receptionist tries to decline, but the individual states that, without the files, the customer will retract their business, and Acme Inc. will lose millions of dollars. Which of the following social engineering principles is this an example of? A Scarcity B Authority C Consensus D Intimidation

D Intimidation

Which type of penetration test simulates attacks while also evaluating the effectiveness of controls? A Integrated B Defensive C Offensive D Physical

A Integrated

It is important to be familiar with tools used by security professionals and how they are used to improve an organization's security posture. This can improve performance or turnaround time. What is one common vulnerability scanner used by security experts? A Nmap B Nessus C Visio D LANsurveyor

B Nessus

An administrator at a small business is concerned that there are security issues on their systems that could be exploited. They want to employ a technique that identifies threats on the network but does not exploit them. What type of tool should they use in this situation? Network mapping White hat hacking Penetration testing Vulnerability scanning

D Vulnerability scanning

A penetration testing is starting with a reconnaissance phase. They are currently running a vulnerability scan to identify exploitable vulnerabilities. What type of technique are they doing? A Passive B Known environment C Active D Physical

C Active

Two organizations, Acme Inc. and Smith Manufacturing, are working together to provide services for their customers. They want to provide a combined working space along with a combined authentication model. They also want to permit users from Acme Inc. to access resources on Smith Manufacturing's network and vice versa. What security model can they use that involves an arrangement made between several enterprises that allows their users to access all networks of the enterprise group with one sign-on? -Sender policy framework -File integrity monitoring -Federated identity management -Network access control

C Federated identity management

A new HR employee is starting at Acme Inc. The network administrator creates their account and places it in the HR group, which includes the HR managers and HR employees, so they have the same access. The network administrator explains to the employee that there are areas of the HR application that they have access to, but that those areas are only for managers. This violates which of the following technical control principles? -Job rotation -Version control -Least privilege -Acceptable use policies

-Least privilege

A user is reporting that some software on their system is crashing frequently. Which type of log file should be looked at to diagnose the issue? A Endpoint B IPS C Firewall D Application

D Application

Which type of penetration test focuses on evaluating how an organization can defend itself from attacks? A Integrated B Defensive C Physical D Offensive

B Defensive

Which of the following types of backups only backs up files with the archive bit set and clears the archive bit afterward? A Incremental B Snapshot C Full D Differential

A Incremental

Which of the following attacks does NOT require physical access? A Tailgating B Shoulder surfing C Dumpster diving D Impersonation

D Impersonation

It is important to outline to employees what is permissible and what is prohibited when using work resources. Which of the following would be used to define the rules that restrict how a computer or a network can be used? A AUP B NDA C IDS D SOW

A AUP

A company wants to ensure the integrity and availability of its network devices and cloud solutions. What type of monitoring should they implement? A Application B Infrastructure C System D Audit

B Infrastructure

Which of the following policies is MOST relevant when an organization is looking to restore normal operations after a security incident? A BIA B BCP C SDLC D DRP

D DRP

An organization has decided to accept a risk (i.e., do nothing). This decision is MOST related to which of the following? A Control risk B Risk appetite C Residual risk D Inherent risk

B Risk appetite

Which of the following techniques is commonly used on receipts to conceal credit card numbers? A Data minimization B Data masking C Pseudo-anonymization D Tokenization

B Data masking

An administrator is interested in gauging changes in performance over time within the environment. They need to determine what bottlenecks may exist, but there are no previous reports on this data to refer to. What is used to measure performance consistently over a period of time? A Task Manager B Group Policy Editor C Baseline D Security template

C Baseline

A company is making considerations for the infrastructure of their web application. They want to include a clause in the SLA with their cloud provider that guarantees that if there is a problem with the load balancer, they will fix it within 1 hour. What type of factor are they looking to implement in this situation? A Inability to patch B Scalability C Ease of deployment D Risk transference

D Risk transference

New developments in the production environment are causing issues with user operations and an increase in support requests. The executives want to implement a proper process to handle updates that are being rolled out. What is a structured way of changing the state of a computer system? A Change management B Playbooks C Acceptable use policy D Terms of service

A Change management

Which of the following activities is performed by drones? A Passive reconnaissance B Footprinting C War driving D War flying

D War flying

The key stakeholders of an organization meet to discuss hypothetical attacks and how they would respond. What type of activity are they engaged in? A Threat hunting B Tabletop exercise C Root cause analysis D Simulation

B Tabletop exercise

Which of the following types of logs provides information on VoIP and videoconferencing usage on a network? A Web B System C Network D SIP Traffic

D SIP Traffic

Terraforma Landscaping is overhauling their workstation and server environment to be better protected, but they realize they are not aware of what threats they may encounter. What can they use to determine the number of threats against their organization's network and computers? A Incident response B User guidance and training C Risk assessment D Compliance monitoring

C Risk assessment

During an incident response, the team leaves the infected system in place but uses firewalls to limit the traffic the system can send and receive. What type of technique are they using? A Containment B Isolation C Root cause analysis D Segmentation

A Containment

Which of the following deployment models creates the MOST complexity for IT device management and security? A COBO B CYOD C BYOD D COPE

C BYOD

An application developer wants to check if their application is vulnerable to buffer overflow attacks. What type of testing would be MOST appropriate for determining this? A Unit B Dynamic analysis C Fuzzing D Static analysis

B Dynamic analysis

Which type of threat actor is primarily concerned with making money? A Script kiddies B Hacktivists C Organized crime D APTs

C Organized crime

Which type of hardening technique is typically used for devices that use an RTOS? A Installing antimalware software B Changing default passwords C Hiding SSIDs D Implementing strong physical security controls

B Changing default passwords

You have an AV of 5, an EF of 0.5, and an ARO of 10. What is your ALE? A 1 B 100 C 25 D 0.25

C 25

An attacker has created a fake account on social media with the intent to spread untrue information about a politician they do not like. Which of the following are they performing? A Pharming B Misinformation C Disinformation D Identity fraud

C Disinformation

An attacker tries to convince a target to do something because "everyone is doing it." Which principle of effectiveness are they appealing to? A Intimidation B Consensus C Familiarity

B Consensus

An organization needs to deploy Wi-Fi in their manufacturing plant for their monitoring machines, but their attached retail location has customer access. They want to ensure that only the specific subset of computers in the manufacturing plant is able to access the wireless. What security technique can they use on the Wi-Fi hotspot to stop rogue computers from connecting to the network? A Account lockout B Username and password C Host-based intrusion protection system D MAC filtering

D MAC filtering

Which of the following protocols uses digital signatures to verify the authenticity of the provided data? A HTTP B SNMP C DNSSEC D FTP

C DNSSEC

An administrator is examining the risks associated with the raw materials their company needs to operate. What type of activity are they doing? A External audit B Change management C System hardening D Supply chain analysis

D Supply chain analysis

A web development company has identified a security incident with some of their staging servers. What should their next step be before containing it? A Preparation B Recovery C Analysis D Lessons learned

C Analysis

Which term describes the maximum amount of risk an organization is willing to take in pursuit of its objectives? A Risk tolerance B Risk register C Risk appetite D Risk exception

A Risk tolerance

During the course of browsing the web, a home user ends up on a malicious web page that delivers malware. The malware enables the attacker to log in to the victim's system at any time and collect sensitive information such as keystrokes, usernames, and passwords. Which of the following BEST describes the method of attack here? A Rootkit B Botnet C RAT D Spyware

C RAT

An attacker sends a command with characters to a web application that is not anticipating it. The application starts to exhibit unusual behavior and is becoming unresponsive. With a successful result, the attacker continues to send commands with unexpected data with malicious code attached in an attempt to get it to run. Which of the following BEST describes this scenario? A DLL injection B TOCTOU C Pointer dereference D Buffer overflow

D Buffer overflow

A credit reporting agency works with a third party to handle customer service. Two years after working together, a vulnerability in the third party's web application leads to a data breach that exposes many users' personal information. What type of activity should be undertaken to minimize this type of incident? A Sanctions B Compliance reporting C Vendor monitoring D Due diligence

C Vendor monitoring

You are explaining the elements of security to a junior administrator in the organization. You are discussing methods that a hacker has used to gain access to a system. These are examples of which of the following? A Risks B Threat vectors C Threat actors D Intelligence sources

B Threat vectors

An organization issues laptops to users so they can work remotely. They want to be able to enforce their acceptable use policy for web browsing regardless of where the employee is working. What type of solution should they implement so that each laptop does not need to route through a dedicated network device? A Agent-based B IPS C Centralized proxy D DLP

A Agent-based

An administrator is interested in a network device that is capable of watching for well-known threats and stopping them within a short time period. What type of monitoring could the administrator use that analyzes frames and packets of network traffic for attack patterns? A Stateless B Anomaly-based C Stateful D Signature-based

D Signature-based

Which of the following policies is important to ensure that the appropriate individuals are informed of important developments as they are occurring during an incident response? A Disaster recovery plan B Retention policy C Stakeholder management plan D Business continuity plan

C Stakeholder management plan

While sitting in a coffee shop, an individual decides to play a prank. They send maintenance messages and other carrier codes to users in the shop to make their devices act strangely. Which attack is this person performing that sends messages to mobile devices to make it appear that they are malfunctioning? A IV attack B Bluejacking C War driving D DDoS

B Bluejacking

A company wants to automate their vulnerability scanners so they are continually up-to-date with recent security configurations. Which protocol will they use to accomplish this? A SIEM B SOAP C SCAP D SNMP

C SCAP

An organization wants to be compliant with data privacy laws all over the world. To ensure that they have only collected data that they intend to use, what technique should they use? A Data masking B Data minimization C Tokenization D Anonymization

B Data minimization

Which of the following types of devices monitors network traffic without actively interfering with it? A Packet sniffer B Firewall C Load balancer D Intrusion protection system

A Packet sniffer

Which type of plan should an organization have to ensure that it can function even during a disaster? A DRP B AUP C BCP D BYOD

C BCP

A developer is working on a new application, but internal testers have reported that there are problems with the business logic of the application. What type of practice should the developer perform to help troubleshoot this issue? A Input validation B Vulnerability scan C Code obfuscation D Static code analysis

D Static code analysis

One of the first steps in a penetration test is footprinting the network to determine what systems are connected, where they may be on the network, and what connections they have open. What can be used to find open connections that a system may be listening to? A OSINT B WHOIS queries C Fuzzing D Port scanner

D Port scanner

Which of the following is an example of backdoor malware? A RAT B Ransomware C Logic bomb D Keylogger

A RAT

Which of the following access control models involves clearance and classification levels? A MAC B DAC C ABAC D RBAC

A MAC

An administrator has received reports from a user that their system is acting oddly and slowly in general. Running the antivirus several times did not yield any results, but the administrator was able to find an application running and was able to determine that it was changing its coding and name, thus potentially avoiding detection. Which type of virus changes every time it runs to avoid antivirus detection? A Macro B Polymorphic C Email D Boot sector

B Polymorphic

Which of the following is intended to manage the threat that a suspicious file poses to an endpoint? A Blocklisting B Archiving C Alert tuning D Quarantine

D Quarantine

An administrator is interested in creating a federation with several websites so that users do not need to log in to each one individually. The users access several different sites through the portal, and unifying the authentication would provide easier interactions for them. Which of the following technologies will handle the authentication and authorization in this process? A SAML B LDAP C JSON D HTML

A SAML

An organization wants decision-making to be spread out across various levels rather than concentrated at the top. What type of governance structure are they embracing? A Decentralized B Government entities C Centralized D Boards

A Decentralized

A company has been managing its IT infrastructure manually, which has led to errors in configuration. What practice can they start using to define and manage their IT infrastructure through scripts to improve automation, scalability, and repeatability? A IDF B IaaS C IaC D SaaS

C IaC

Which indicator of attack often occurs when an attacker brute-forces login attempts? A Resource consumption B Missing logs C Account lockout D Blocked content

C Account lockout

A company is trying to improve their security posture. Security staff craft fake emails that entice employees to click on them. When an employee clicks on a link, they are sent to a special training session that will help them better recognize fake messages. What type of security awareness program is the company implementing? A Phishing campaign B Gamification C Role-based training D Capture the flag

A Phishing campaign

The CFO at Smith Industries has requested a risk assessment that will determine and document the relative costs (monetary value) of the impact of each threat. What type of risk assessment is he asking for? A Quantitative B Qualitative C One-time D Ad hoc

A Quantitative

Which technical implication is related to changes when there are legacy applications involved? A Lack of vendor support B Software added to deny lists C Security lapses during application restarts D Inability to put software in an allow list

A Lack of vendor support

Which of the following principles works MOST effectively with shoulder surfing and tailgating? A Intimidation B Scarcity C Urgency D Familiarity

D Familiarity

Acme Inc. and Smith Consulting have reached an agreement in which they will provide complementary solutions and support each other's products and services in exchange for profit sharing. What type of document should they agree to in this situation? A SOW B BPA C MOU D MSA

B BPA

Two governmental agencies are experiencing issues with needing access to one another's resources from time to time. The current process involves requesting documents and file copies from points of contact (POCs), and they end up having multiple versions of a file floating around. The two agencies want to establish a way they can share these resources. Which of the following solutions would be the MOST appropriate? A Tokenization B Federation C Obfuscation D Impersonation

B Federation

Which feature of an SIEM involves detecting patterns from various log files? A Correlation B Alerting C Reporting D Collection

A Correlation

The identities of an organization's customers are tracked using ID numbers rather than names or other personal data. This is an example of which of the following privacy-enhancing technologies? A Data masking B Data minimization C Tokenization D Anonymization

C Tokenization

Which of the following is a passive device? A Firewall B IPS C IDS D UTM

C IDS

Which of the following is a framework for creating effective information security management systems, including aspects such as risk assessment and management? A PCI DSS B GDPR C ISO 27001 D HIPAA

C ISO 27001

An attacker gains access to an older company's network and begins footprinting the environment. The attacker discovers that the network is still using NTLM for authentication due to the presence of Windows XP and Server 2003 machines. The attacker is able to intercept the authentication stream and resend the encoded password to gain access to various systems. Which of the following MOST likely occurred in this scenario? A Dictionary attack B Birthday attack C Pass the hash attack D Rainbow table attack

C Pass the hash attack

What is the primary motivation for hacktivists? A Espionage B Financial gain C Revenge D Philosophical/political beliefs

D Philosophical/political beliefs

Why would an organization choose SELinux over standard Linux distributions? A They need to have the system connect to Active Directory B They need to use mandatory access control C They need to support the SSH protocol D They need to utilize the system as a web server

B They need to use mandatory access control

In which of the following exercises might participants be required to restore from backups or have systems turned off to emulate outages? A Simulation B Walkthrough C Documentation review D Tabletop

A Simulation

A telephone services company has discovered that an attacker has been accessing their systems and viewing sensitive plans related to the release of a new product. What type of attacker motivation is driving the attacker? A Data exfiltration B Service disruption C Ethical D Philosophical beliefs

A Data exfiltration

Which of the following is a cloud-native security architecture that integrates networking and security functionalities? A SASE B Defense in depth C Zero trust D Perimeter-based

A SASE

A vulnerability in a web page has enabled an attacker to exploit the website to construct a statement that is run against the directory services database. Which type of attack gives a hacker access to directory services information from a web page? A Brute force B LDAP injection C Denial of service D DLL injection

B LDAP injection

Which of the following statements accurately describes a security concern with IoT devices? A They often include weak default settings B They typically rely on insecure RTUs and PLCs C They regularly use FDE to store data D They usually run on an RTOS that prioritizes multi-tasking

A They often include weak default settings

Which of the following types of backups does NOT read archive bits when deciding which files to back up and then clears them afterward? A Snapshot B Incremental C Full D Differential

C Full

According to the hardware manufacturer, a system is expected to experience failures with a component every two years. Which of the following does this measure? A MTBF B RPO C RTO D MTTR

A MTBF

A developer wants to provide secure access to a major payment processor so that they can outsource credit card handling. The developer needs to incorporate an open standard for this authorization so that it can connect to the payment processor without sharing credentials. Which of the following protocols will they likely use for authorization? A OAuth B OpenID C Kerberos D SAML

A OAuth

Which of the following attacks is designed to find passwords like Tr3buchet? A Rainbow table B Password spraying C Brute force D Dictionary

D Dictionary

Which of the following is a free tool for creating forensic images? A FTK Imager B Nessus C Memdump D Snort

A FTK Imager

An attacker enters a locked server room by kicking down the door. This is an example of which type of attack? A Environmental B Injection C RFID cloning D Brute force

D Brute force

A company employs a security technique that protects employees by maintaining a list of websites and domains that they cannot have access to. What type of security are they using? A DNS filtering B DKIM C DMARC D Layer 4 firewall

A DNS filtering

An IoT device is using Bluetooth 4.2 for communications. As a result, it is likely to have which of the following limitations? A Range B Power C Implied trust D Cost

A Range

An attack has just been discovered within a production server. The administrators scramble to collect information in a forensic manner while alerting the authorities. The concern now is how to ensure that evidence of the attack is preserved. Which term is used to summarize the life expectancy of various types of data that should be captured during forensic analysis? A Chain of custody B Time of check C Order of volatility D Time of use

C Order of volatility

A disgruntled employee creates malicious code that will execute if they are dismissed from their job and certain other conditions are met. What type of attack have they created? A RAT B Keylogger C Ransomware D Logic bomb

D Logic bomb

A startup organization is working on launching a new software as a service (SaaS) and wants to identify the possibility of an attack or other unfortunate event that can disrupt their business. What are they trying to identify in this scenario? A Vulnerability B Threat C Risk D Malware

C Risk

Which process is used to ensure that data is retained long enough to keep a business in compliance with legal requirements? A Alerting B Scanning C Reporting D Archiving

D Archiving

Which of the following attacks does NOT require a computer, smartphone, or similar device? A Whaling B SPIM C Spear phishing D Vishing

D Vishing

Which type of data is regulated by the Sarbanes-Oxley Act? A PII B PHI C Legal D Financial

D Financial

A developer is writing code and test cases. Which environment should they be working in? A Test B Development C Production D Staging

B Development

Which of the following is commonly used by VMs and tools like Windows System Restore and macOS's Time Machine? A Differential backup B Snapshot C Full backup D Partial backup

B Snapshot

Which type of authentication method does NOT require users to remember long, complex passwords? A Federation B Something-you-know factors C Passwordless authentication D SSO

C Passwordless authentication

A virtual storage organization provides services for many professors, giving them a centralized location for research data and information. The organization wants to ensure that each of the users will have total control over their data. Since they want a type of access control policy determined by the object or data owner, which should they choose? A Attribute-based B Role-based C Mandatory D Discretionary

D Discretionary

A cloud services provider discovers a security flaw in a web application server they use that was developed by a third party. There is no patch available that can fix the issue, so the administrator quickly adds an extra layer of security that blocks attacks that could exploit the vulnerability. What type of solution is the administrator implementing? A Exception B Compensating control C Exemption D Segmentation

B Compensating control

How should embedded systems be secured? A By requiring all stored and transferred data to be encrypted B By ensuring they run consumer operating systems such as Windows 10 or macOS C By applying most of the same principles as when securing traditional computers D By removing their ability to connect to the internet

C By applying most of the same principles as when securing traditional computers

An administrator at Acme Inc. has taken a snapshot of the configuration settings for a standard desktop computer at their company. They are now using a central management tool to implement those configuration settings on all other workstations. What process are they performing? A Patch management B Deploying a baseline C Maintaining a baseline D Establishing a baseline

B Deploying a baseline

What is the process of applying security controls to reduce the probability of a risk occurring called? A Risk avoidance B Risk transference C Risk acceptance D Risk mitigation

D Risk mitigation

An attacker has gained access to a victim's network but is unable to advance the attack due to an IDS that looks at the hard-coded addresses attached to the network interface cards ( NIC). The attacker uses software to impersonate the hard-coded address of a legitimate workstation to avoid detection and advance the attack. Which of the following has occurred in this scenario? A DNS poisoning B MAC cloning C Privilege escalation D Evil twin

B MAC cloning

An administrator is evaluating the current configuration of an IIS server within their environment. They are working through validating the permitted connections and have opened up the Windows firewall to check the rules. What type of firewall are they checking? A Host-based B Network-based C NGFW D WAF

A Host-based

A user is attempting to access their e-banking site and accidentally adds an extra character to the URL. They are presented with a valid-looking website providing a login prompt. The user enters their information and presses the login button, but the page appears to refresh without logging in. Later on, they discover that their account has been hacked and money is missing. Which of the following is this an example of? A Domain hijacking B Brand impersonation C Clickjacking D Typosquatting

D Typosquatting

A hardware manufacturer is planning to partner with a software development company. They need a formal document that meticulously outlines the roles and responsibilities of each party, including resource allocation, risk management, and performance metrics. What type of document should they create for this? A MOA B MOU C SLA D BPA

A MOA

A junior administrator is being briefed on the network configuration and computer systems. They are being instructed about the various public-facing servers, such as the email server and web server for customer access. The lead administrator explains that these devices sit in a part of the network that is specially designed to be public- and private-facing, with enhanced security and precautions to keep them separate. What section of the network is this? A Intranet B Airgap network C Internet D Perimeter network

D Perimeter network

An email comes through to the HR managers of a company that addresses them individually by name. The request is for personnel files and appears to relate to the questions that might be used for password reset authentication. What type of attack is being performed? A Vishing B Smishing C Spear phishing D Watering hole

C Spear phishing

A financial organization is concerned with attackers tailgating into their new headquarters. They want to ensure that each individual has authorization, so they are investigating options to stop intruders from following employees into the building. What is a physical security option they can use to secure the entrance of the building? A Firewalls B Bollards C SSID D Mantraps

D Mantraps

Which of the following values could be estimated from historical data, insurance claims, or statistical analysis? A SLE B ARO C AV D EF

B ARO

Outages have been occurring with recent applications of various patches to the servers. The administrators are growing frustrated with the restoration work required after a failed patch and want to ensure that this does not continue. Which of the following methods should they implement? A Applying the patches one server at a time B Testing the patches in a sandboxed environment C Taking system images before the patches and restoring them immediately upon issue D Applying the patches to a small subset of production servers

B Testing the patches in a sandboxed environment

Which of the following attacks takes advantage of weaknesses in how passwords are stored? A Password spraying B Rainbow table C Brute force D Dictionary

B Rainbow table

What type of hardening technique should be applied on a web application server? A Segmenting interfaces into virtual networks B Blocking or allowing access through interfaces based on rulesets C Changing default SSIDs D Promptly applying security patches

D Promptly applying security patches

Information on zone transfers would appear in which of the following types of log files? A Web B DNS C System D Security

B DNS

After gaining access to a victim's network, an attacker crafts an ICMP packet that is destined for all other hosts on the network. They spoof the IP address of a resident web server and attach it to the packet, then send it off. Shortly thereafter, the web server is rendered unavailable because of the flood of responses. Which of the following is this an example of? A ARP spoofing B Pharming attack C Amplification attack D DNS poisoning

C Amplification attack

Smith Industries has a recovery site where they store all the necessary hardware and infrastructure, but the data is only periodically transferred, to keep it relevant. Which of the following resiliency strategies are they using? A Gray site B Warm site C Cold site D Hot site

B Warm site

A small business owner is configuring a domain for their website. They use their Gmail account as the registrant for the website; however, they do not check that account frequently. An attacker has been watching the small business owner and through footprinting the owner's social media, they brute-force their way into the Gmail account. The attacker then resets the password on the registrant account, changes the domain ownership, and removes all email records. Which of the following has just occurred? A Domain hijacking B Typosquatting C URL redirection D DNS poisoning

A Domain hijacking

After a recent security incident, a company that analyzes DNA has determined that it needs a meticulous review of all of its documents and processes by a third party. What type of activity do they need? A Rescanning B Verification C Audit D Sanitization

C Audit

Which of the following types of IDS systems detects attacks based on an established baseline? A Anomaly-based B Heuristic-based C Signature-based D Rule-based

A Anomaly-based

Which type of network attack can be identified by an IDS based on signatures? A On-path B DDoS: reflected C DNS attacks D Malicious code

D Malicious code

An organization wants to perform a self-assessment of its security posture. Which type of group should be formed to handle this? A Independent third party B Audit committee C Change advisory board D Security operations center

B Audit committee

You are instructing a group of junior administrators on the OSI model. You've explained that the data link layer is the one that transfers information between adjacent network nodes. Several different protocols operate on this level, including the two sublayers, logical link control, and media access control. This layer also houses several authentication technologies. What is an example of a data link layer authentication technology? A 802.16 B 802.3 C 802.1x D 802.11

C 802.1x

A company wants an external audit that focuses on the completeness of its financial records. What type of audit should they seek? A Regulatory B Independent third-party audit C Examination D Assessment

C Examination

Traveling salespeople at Acme Inc. are concerned that their mobile devices are prone to Bluetooth attacks and want to know the best prevention methods. What can be done to ensure that a Bluetooth device cannot be hacked in public? A Set it to undiscoverable B Set to security mode 1 C Turn off the device D Use fixed PINs for devices

A Set it to undiscoverable

A penetration tester was hired by Smith Industries to evaluate their web application for security. Test results indicate that the server has SSL 2, TLS 1.1, and TLS 1.2 enabled, uses input validation on a username and password field, performs server-side validation, and uses a WAF. Which of the following should be performed to enhance security? A Disable the WAF B Disable server-side validation and enable client-side validation C Disable TLS D Disable SSL

D Disable SSL

An administrator found a word processing document and wants to find out who authored it. Where can they look for this information? A Endpoint log B Firewall log C Metadata D Packet captures

C Metadata

A contractor is actively using common attack methods to see if they can compromise an organization's security. What BEST defines the type of activity they are engaged in? A Penetration testing B Risk assessment C Threat hunting D Tabletop exercise

A Penetration testing

What type of process should an organization follow when it needs to acquire more hardware? A Procurement B Decommissioning C Provisioning D Sanitization

A Procurement

A grocery store contracts with a third party to develop their mobile application. Each time they want to add a new feature to the app, they want to send over a formal document that outlines the individual tasks to be performed, along with timelines. What type of document should they use for this? A MOU B BPA C SLA D SOW

D SOW

Which of the following risks is MOST associated with employee offboarding? A Software compliance/licensing B Multiparty C IP theft D Legacy systems

C IP theft

An automation engineer is working with a security administrator at Acme Inc. to ensure that the embedded systems that are deployed are secure. Which of the following would NOT be a consideration for the security of an embedded system? A Keeping the system up to date B Checking for issues with default configurations C Encrypting the file store D Implementing an air-gapped network

C Encrypting the file store

Which of the following is an indicator of attack? A Decommissioning B Parallel processing C Out-of-cycle logging D Masking

C Out-of-cycle logging

An administrator is reviewing the workstations used by the sales department. They discover that the computers have been infected with a virus that is sending out a large number of requests to websites and services. The administrator suspects that the computer has become part of a botnet and is now a " zombie." What is it MOST likely being used for? A DDoS attacks B On-path attacks C Buffer overflow D Password cracking

A DDoS attacks

Which of the following wireless authentication methods is in use by a coffee shop that posts the Wi-Fi password on the wall? A Captive portal B WPA2 Enterprise C RADIUS D WPA2 Personal

D WPA2 Personal

An employee is traveling and wants to use a VPN to connect to their company's network. They want to use a web browser as the client. Which type of VPN solution should they use? A IPSec B SSL C Split-tunnel D Site-to-site

B SSL

During the course of a reorganization, Smith Industries is interested in implementing best practices for access control. Which ISO document should they look to for information regarding this? A 27018 B 27002 C 27001 D 27017

B 27002

What type of protected data includes copyrights and trademarks? A Intellectual property B PII C PHI D Biometric

A Intellectual property

Which of the following is an advantage for an organization using a multi-cloud system? A Reducing the risk of VM escape B Removing the complexity of resource management C Avoiding vendor lock-in D Lowering the attack surface

C Avoiding vendor lock-in

Which of the following threat vectors can occur if a user has administrative access to their workstation? A Misconfigured NAC B Wireless access points with default passwords C Outdated web server software D Unsupported systems and applications

D Unsupported systems and applications

A company has a satellite office that needs a constant connection to the headquarters' network. What type of solution should they implement to create a secure network channel between locations? A Managed switch B Network emulator C Remote access VPN D Site-to-site VPN

D Site-to-site VPN

What type of factor is adhering to PCI-DSS for an online retailer? A Legal B Global C National D Local/regional

B Global

Which of the following protocols does NOT use port 22? A SFTP B SSH C FTPS D SCP

C FTPS

Which password policy is used to ensure that users do not cycle through passwords until they can use an older one? A Password minimum age B Password complexity C Password reuse D Password length

A Password minimum age

A malicious individual has managed to gain access to a user's system through a spear phishing email. The attacker extracted usernames and passwords from the local registry files and proceeded to obtain administrator privileges to continue the attack. What term is given to an attack like this, in which a hacker manages to use a lower-access account to amass more permissions and gain access to resources that they shouldn't have? A Privilege escalation B Brute force C Downgrade attack D Memory leak

A Privilege escalation

Which of the following types of injection can be used to extract data from a customer database? A LDAP injection B DLL injection C SQL injection D XML injection

C SQL injection

An attacker is modifying the hosts file on a computer. Which of the following attacks are they MOST likely to be performing? A DNS poisoning B URL redirection C Domain reputation D Domain hijacking

A DNS poisoning

To test a development version of a business application, the file is presented to users to operate and run in order to verify the functionality of the program. The file should not be moved, edited, or deleted, so the administrator wants to apply the proper permissions. When you only want a user to run or open a file, such as an application installation file, what permission do you give? A Read B Execute C Write D Modify

B Execute

An attacker is working on gaining access to a target network and has succeeded in gaining access to a user's workstation. The attacker then begins to use that workstation to attack other targets and to continue access escalation. Which of the following did the attacker perform after gaining access? A Pivot B Social engineering C Cross-site scripting D Privilege escalation

A Pivot

How does user behavior analytics determine if threats are present? A By using rules-based algorithms to detect known attack patterns of malicious users B By using decoy systems to attract malicious users and learn their techniques C By matching signatures of known threats D By looking for anomalies in user patterns

D By looking for anomalies in user patterns

An attacker has gained access to the file system backend of a web server through a vulnerability in the web portal. They now have access to all the files and folders on the web server. Which type of attack was used? A Directory traversal B SQL injection C Cross-site scripting D Zero day

A Directory traversal

Smith Industries is currently using a cloud service in which they are provided access to servers but need to configure and install any necessary software themselves. They are also responsible for patching and updating their system. What type of cloud service is Smith Industries using? A SaaS B IaaS C PaaS D FaaS

B IaaS

Which framework is used to standardize the sharing of security-related information? A SCAP B RADIUS C EAP D OCSP

A SCAP

Which of the following cloud security controls may be necessary to ensure that a company can meet its SLAs? A Encryption B High availability C Permissions D Replication

B High availability

A company is relying on third-party threat feeds for information on securing their network devices. They want to get the information at the application layer via HTTPS for real-time retrieval. What protocol enables them to do so? A TAXII B SMTP C SNMP D STIX

A TAXII

Which of the following could be used to block a malicious download on a website that a user is browsing? A Firewall rule B DLP C URL filter D Content filter

D Content filter

A junior network administrator is shadowing the team lead in order to get familiar with the network and environment. They are currently being briefed on the network border, which is an untrusted zone where the network connects to a WAN. What type of device is placed at this point of a network? A Access point B Switch C Router D Jump server

C Router

An attacker is scanning IoT devices for a vulnerability discovered years previously. Which of the following IoT constraints are they trying to exploit? A Weak encryption B Implied trust C Inability to patch D Authentication

C Inability to patch

A financial analyst is working on a laptop issued to them by their company. What account type should they be using? A Administrator B User C Service D Guest

B User

A consultant has been hired by a financial startup that is interested in controlling and filtering content for their users on the internet. The consultant recommends using a type of server that will sit between the client and the internet while filtering requests to certain sites. What type of server is the consultant recommending? A Proxy B Firewall C Router D Web

A Proxy

A company is currently putting together a communications plan and instructions for personnel to follow in case of an incident that could halt operations. What type of activity are they working on? A ERP B DRP C COOP D BCP

C COOP

Which of the following mobile device deployment methods allows personal use of corporate devices? A COBO B CYOD C COPE D BYOD

C COPE

An online retailer has recently terminated an employee who had access to the private key that encrypts their web traffic and ensures end users of the site's authenticity. Where should the digital certificate be added so that it cannot be used improperly by the previous employee? A Secure enclave B CRL C Firewall D TPM

B CRL

After a server's hard drive fails, it typically takes about 30 minutes to get the drive repaired or replaced to fix the issue. Which of the following does this measure? A MTBF B MTTR C RPO D RTO

B MTTR

An administrator at a software development company is researching how many computing resources they need to meet their company's virtualization needs for the upcoming year. What type of activity are they involved in? A Capacity planning for infrastructure B Capacity planning for technology C Continuity of operations D Capacity planning for people

B Capacity planning for technology

Which of the following types of NIDS detects attacks based on known hashes of threats? A Signature-based B URL-based C Rule-based D Anomaly-based

A Signature-based

Which aspect of a web filter can be used to block access to specific domains? A DLP B URL scanning C Malware inspection D IPS

B URL scanning

A company has configured a Windows 11 workstation, and they want this configuration to be used for all other workstations added to the network. What should they establish from this system so they can apply the configuration to other systems? A Sandbox B Heat map C Site survey D Baseline

D Baseline

Which of the following roles defined by the GDPR is in charge of determining reasons for processing data and directing the methods for its processing? A Data custodian B Data controller C Data owner D Data processor

B Data controller

Which of the following regulations defines data security controls for EU citizens' personal data? A ISO/IEC 27002 B HIPAA C PCI DSS D GDPR

D GDPR

What unique advantage do APTs have over hacktivists, shadow IT, and unskilled attackers? A High levels of sophistication B Highly motivated attackers due to political or social ideologies C Access to off-the-shelf hacking tools D Users motivated by wanting to increase their productivity

A High levels of sophistication

In a data center, a legal company has a large store of legal documents that contain sensitive and private information about their clients. They're concerned about data leakage, as they are archiving the data for long periods and that might open them up to liability. What type of solution identifies whether confidential data has made it to long-term storage such as data centers? A MaaS B DLP C OCSP D XDR

B DLP

A developer has discovered that one of the frameworks they are using in their web application may have a new vulnerability that the vendor has yet to patch. Which type of attack are they documenting? A Rootkit B Cryptographic C APT D Zero day

D Zero day

An administrator is interested in improving the retrieval speeds for data on the server. They want to spread the data out across two disks in order to utilize the read/write speed of both combined. They will be using a RAID configuration. Which RAID number is used for striping? A 3 B 2 C 1 D 0

D 0

An attacker used a tool called "hcitool" to obtain unauthorized access to a Bluetooth-enabled device to collect email, contact lists, calendars, and text messages from their victim. What is this an example of? A Bluebugging B SIM cloning C Cryptojacking D Bluesnarfing

D Bluesnarfing

An administrator is forming their BCP and trying to determine how much of the system should be restored in case of failure. What BEST describes what they are attempting to define? A MTBF B RPO C RTO D MTTR

B RPO

A company is evaluating server products. They want to look through publicly available threat feeds to see how frequently each server type has reported threat information. What type of threat feed should they use to identify this information? A Penetration test B Dark web C Proprietary D OSINT

D OSINT

What process should an organization follow in order to ensure they have enough resources to effectively meet current and future demands? A Change management B Capacity planning C BCP D DRP

B Capacity planning

Apps such as Google Authenticator commonly have one-time codes that change at regular intervals. What form of OTP are they using? A HOTP B TOTP C SMS-based D Push notification

B TOTP

Various outages have forced the SysOps manager at Acme Inc. to review the overall incidents to predict potential failures. They are trying to identify the arithmetic mean time for a system to be made functional again. Considering they have several maintenance contracts, they want to ensure that these values are within their contractual limits. Which of the following would the SysOps manager be calculating? A MTBF B RPO C MTTR D RTO

C MTTR

The COO approaches you as the administrator at Acme Inc. and questions whether users can put data on USB drives. Her concern is that this information could easily leave the premises without being adequately tracked. Which of the following could be used to prevent leakage of information through devices like USB drives? A DLP B GCM C Firewalls D Content filters

A DLP

A security assessment firm has developed a list of risks that are likely to occur at Acme Inc. and has presented them in order of priority and impact on the organization. There are no financial figures tied to the risk analysis. Which type of analysis have they completed? A Qualitative risk assessment B SLE C Quantitative risk assessment D ALE

A Qualitative risk assessmen

You need to ensure the integrity of data obtained during a forensic investigation. What can be used for integrity and validation? A Hashing B Encryption C Event logs D FDE

A Hashing

Which of the following application security best practices is designed to protect against injection attacks? A Secure cookies B Input validation C Code signing D HTTP headers

B Input validation

Which of the following malicious activities is a type of physical attack? A Directory traversal B Collision C Bloatware D RFID cloning

D RFID cloning

Which of the following attacks does NOT involve sending an email or other message to a target? A SPIM B Watering hole attack C Smishing D Phishing

B Watering hole attack

A warehousing company is interested in implementing RFID trackers for their shipments and packages to have greater monitoring capabilities. They are concerned about the potential attacks they may encounter. Which of the following is NOT a common RFID attack/concern? A DoS B Replay attack C Sniffing D Privilege escalation

D Privilege escalation

A startup company needs to start creating user guidance and training for new employees they are hiring. They want to create a module in their training to help them notice anomalous behavior at the workforce. What type of training should they include for this? A Remote work environments B Situational awareness C Operational security D Password management

B Situational awareness

Recently, Acme Inc. has experienced significant growth and has hired new employees. Management wants to provide education to all the new employees so they understand the organizational security policies. What can they use for this purpose? A Onboarding B Offboarding C Separation of duties D Mandatory vacations

A Onboarding

A user has attempted to install an application that they can use to create custom greeting cards. The application is not blocked by their antivirus software, so they quickly click through the installation dialogue box to start using the program. After installation, they notice extra icons on their desktop for applications they did not intend to install. Which of the following terms BEST describes the applications that have newly appeared on their computer? A Trojan horse B Spyware C Worm D Bloatware

D Bloatware

Which of the following types of locks is NOT used to secure access to a particular area? A Cable B Electronic C Biometric D Physical

A Cable

An organization is growing rapidly while the rules applying to network security are beginning to expand as well. What should be created to document security procedures? A Password policy B BYOD policy C Security policy D Group policy

C Security policy

A DLP system notices that a regular user account has started trying to access numerous sensitive files. What category of IoC is being triggered? A Account lockout B Impossible travel C Blocked content D Concurrent session usage

C Blocked content

Which advantage of using SOAR refers to the ability to provision and deprovision resources efficiently without compromising safety? A Scaling in a secure manner B Workforce multiplier C Reaction time D Employee retention

A Scaling in a secure manner

Which of the following is an integrated circuit that includes all the functionality of a computing system within the hardware, typically including an application contained in read-only memory (ROM), EEPROM, or flash memory? A SCADA B SoC C RTOS D ICS

B SoC

A web search company is being accused of engaging in anti-competitive behavior by a regulatory organization. Prior to filing a lawsuit, the regulatory organization wants to inform the company that they should not destroy any data or records. What should they send to the company to notify them of this? A Chain of custody B NDA C BPA D Legal hold

D Legal hold