ALL Flashcards
What are the properties of a secure information processing system?
Confidentiality, Integrity, and Availability (and Non-repudiation).
What term is used to describe the property of a secure network where a sender cannot deny having
sent a message?
Non-repudiation.
A multinational company manages a large amount of valuable intellectual property (IP) data, plus
personal data for its customers and account holders. What type of business unit can be used to
manage such important and complex security requirements?
A security operations center (SOC).
A business is expanding rapidly and the owner is worried about tensions between its established IT
and programming divisions. What type of security business unit or function could help to resolve
these issues?
Development and operations (DevOps) is a cultural shift within an organization to encourage much more
collaboration between developers and system administrators. DevSecOps embeds the security function within these teams as well.
You have implemented a secure web gateway that blocks access to a social networking site. How
would you categorize this type of security control?
It is a technical type of control (implemented in software) and acts as a preventive measure.
A company has installed motion-activated floodlighting on the grounds around its premises. What class and function is this security control?
It would be classed as a physical control and its function is both detecting and deterring.
A firewall appliance intercepts a packet that violates policy. It automatically updates its Access
Control List to block all further packets from the source IP. What TWO functions is the security
control performing?
Preventive and corrective.
If a security control is described as operational and compensating, what can you determine about
its nature and function?
That the control is enforced by a a person rather than a technical system, and that the control has been
developed to replicate the functionality of a primary control, as required by a security standard.
If a company wants to ensure it is following best practice in choosing security controls, what type of
resource would provide guidance?
A cybersecurity framework and/or benchmark and secure configuration guides.
Which of the following would be assessed by likelihood and impact: vulnerability, threat, or risk?
Risk. To assess likelihood and impact, you must identify both the vulnerability and the threat posed by a potential exploit.
True or false? Nation state actors primarily only pose a risk to other states.
False—nation state actors have targeted commercial interests for theft, espionage, and extortion.
You receive an email with a screenshot showing a command prompt at one of your application
servers. The email suggests you engage the hacker for a day’s consultancy to patch the vulnerability.
How should you categorize this threat?
This is either gray hat (semi-authorized) hacking or black hat (non-authorized) hacking. If the request for
compensation via consultancy is an extortion threat (if refused, the hacker sells the exploit on the dark web),
then the motivation is purely financial gain and can be categorized as black hat. If the consultancy is refused and the hacker takes no further action, it can be classed as gray hat.
Which type of threat actor is primarily motivated by the desire for social change?
Hacktivist.
Which three types of threat actor are most likely to have high levels of funding?
State actors, criminal syndicates, and competitors.
You are assisting with writing an attack surface assessment report for a small company. Following
the CompTIA syllabus, which two potential attack vectors have been omitted from the following
headings in the report? Direct access, Email, Remote and wireless, Web and social media, Cloud.
Removable media and supply chain.
You are consulting on threat intelligence solutions for a supplier of electronic voting machines.
What type of threat intelligence source would produce the most relevant information at the lowest
cost?
For critical infrastructure providers, threat data sharing via an Information Sharing and Analysis Center (ISAC) is
likely to be the best option.
Your CEO wants to know if the company’s threat intelligence platform makes effective use of OSINT.
What is OSINT?
Open-source intelligence (OSINT) is cybersecurity-relevant information harvested from public websites and data records. In terms of threat intelligence specifically, it refers to research and data feeds that are made publicly available.
You are assessing whether to join AIS. What is AIS and what protocol should your SIEM support in
order to connect to AIS servers?
Automated Indicator Sharing (AIS) is a service offered by the Department of Homeland Security (DHS) for
participating in threat intelligence sharing. AIS uses the Trusted Automated eXchange of Indicator Information
(TAXII) protocol as a means of transmitting CTI data between servers and clients.
You suspect that a rogue host is acting as the default gateway for a subnet in a spoofing attack.
What command-line tool(s) can you use from a Windows client PC in the same subnet to check the
interface properties of the default gateway?
Use ipconfig to check the IP addresses of the default gateway and the DHCP server. Use arp to check the MAC addresses associated with those IP addresses and investigate possible spoofing. You could also use the route command to verify the properties of the default route.
You suspect the rogue host is modifying traffic before forwarding it, with the side effect of
increasing network latency. Which tool could you use to measure latency on traffic routed from this
subnet?
From a Windows host, the pathping tool can be used to measure latency along a route.
What type of tool could you use to fingerprint the host acting as the default gateway?
This requires a tool that performs fingerprinting—service and version detection—by examining responses to network probes and comparing them to known responses from common platforms. Nmap is very widely used for this task, or you could use hping or Netcat.
You are investigating a Linux server that is the source of suspicious network traffic. At a terminal on
the server, which tool could you use to check which process is using a given TCP port?
You can use the netstat command to do this.
What is a zone transfer and which reconnaissance tools can be used to test whether a server will
allow one?
A zone transfer is where a domain name server (DNS) allows a client to request all the name records for a
domain. nslookup (Windows) and dig (principally Linux) can be used to test whether this query is allowed. You
could also mention the dnsenum tool, which will check for zone transfers along with other enumeration tests on DNS infrastructure.
What type of organizational security assessment is performed using Nessus?
Nessus is an automated network vulnerability scanner that checks for software vulnerabilities and missing
patches.
You are developing new detection rules for a network security scanner. Which tool will be of use in
testing whether the rules match a malicious traffic sample successfully?
The tcpreplay tool can be used to stream captured traffic from a file to a monitored network interface.
What security posture assessment could a pen tester make using Netcat?
Whether it is possible to open a network connection to a remote host over a given port.
You are recommending that a business owner invest in patch management controls for PCs and
laptops. What is the main risk from weak patch management procedures on such devices?
Vulnerabilities in the OS and applications software such as web browsers and document readers or in PC and adapter firmware can allow threat actors to run malware and gain a foothold on the network.
You are advising a business owner on security for a PC running Windows XP. The PC runs process
management software that the owner cannot run on Windows 10. What are the risks arising from
this, and how can they be mitigated?
Windows XP is a legacy platform that is no longer receiving security updates. This means that patch management cannot be used to reduce risks from software vulnerabilities. The workstation should be isolated from other systems to reduce the risk of compromise.
As a security solutions provider, you are compiling a checklist for your customers to assess
potential weak configuration vulnerabilities, based on the CompTIA Security+ syllabus. From
the headings you have added so far, which is missing and what vulnerability does it relate to?
Default settings, Unsecured root accounts, Open ports and services, Unsecure protocols, Weak
encryption, Errors.
Open permissions refers to misconfigured access rights for data folders, network file shares, and cloud storage.
You are advising a customer on backup and disaster recovery solutions. The customer is confused
between data breaches and data loss and whether the backup solution will protect against both.
What explanation can you give?
Backup solutions mitigate risks from data loss, where files or information is deleted, corrupted, or otherwise
destroyed. Backup does not mitigate risks from data breach, where confidential or private data is stolen
(exfiltrated) and made public or sold for criminal profit. Mitigating risks of data breach requires effective secure processing, authorization, and authentication security controls.
A system integrator is offering a turnkey solution for customer contact data storage and
engagement analytics using several cloud services. Does this solution present any supply chain risks
beyond those of the system integrator’s consulting company?
Yes, the system integrator is proposing the use of multiple vendors (the cloud service providers), with potentially complex issues for collecting, storing, and sharing customer personal data across these vendors. Each company in the supply chain should be assessed for risk and compliance with cybersecurity and privacy standards.