ALL Flashcards

1
Q

<p>what is a public cloud?</p>

A

<p>the standard cloud computing model where a service provider makes resources available to the public over the internet</p>

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

<p>what does OS fingerprinting involve?</p>

A

<p>using active fingerprinting to look at the ports (open/closed and the types of responses) and passive fingerprinting to examine the traffic to and from the computer (looking for the default window size or TTL of packets)</p>

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

<p>what are the three main protocols that can be used for wireless networks?</p>

A

<p>wired equivalent privacy (WEP), WPAv1, WPAv2</p>

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

<p>what is the purpose of infrastructure as a service (IaaS) in cloud computing?</p>

A

<p>it provides computer and server infrastructure, typically through a virtualization environment</p>

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

<p>what do you use to control traffic from the internet to the LAN (local area network) by controlling the packets that are allowed to enter the LAN?</p>

A

<p>a firewall</p>

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

<p>what is the most common type of system used to detect intrusions into a computer network?</p>

A

<p>NIDS</p>

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

<p>what is the purpose of PaaS in cloud computing?</p>

A

<p>it provides not only a virtualized deployment platform but also a value-added solution stack and an application development platform</p>

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

<p>what is the term for an unauthorized access that a network-based intrusion detection system (NIDS) fails to detect?</p>

A

<p>missed detection or false positive</p>

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

<p>what does the acronym IDS denote?</p>

A

<p>Intrusion detection system</p>

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

<p>what is the main difference between an IDS and an IPS?</p>

A

<p>an IDS detects intrusions. an IPS prevents intrusions</p>

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

<p>what does the acronym ACL denote?</p>

A

<p>access control list</p>

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

<p>what devices can limit the effectiveness of sniffing attacks: switches or routers?</p>

A

<p>switches</p>

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

<p>what are the two major types of intrusion detection systems (IDS)?</p>

A

<p>network IDS (NIDS) and host IDS (HIDS)</p>

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

<p>which type of IDS detects attack on individual devices?</p>

A

<p>host intrusion detection system (HIDS)</p>

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

<p>which layer 3 device allows different logical networks to communicate?</p>

A

<p>router</p>

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

<p>what is the default rule found in a firewall's access control list (ACL)?</p>

A

<p>deny all</p>

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

<p>what does the acronym NIDS denote?</p>

A

<p>network-based intrusion detection system</p>

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

<p>which security control is lost when using cloud computing?</p>

A

<p>physical control of the data</p>

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

<p>what is the term for an authorized access that a network-based intrusion detection system (NIDS) incorrectly detects as an attack?</p>

A

<p>false positive</p>

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

<p>what are the four types of cloud computing based on management type?</p>

A

<p>public, private, hybrid, and community</p>

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

<p>what is hybrid cloud?</p>

A

<p>a cloud computing environment in which an organization provides and manages some resources in-house and has others provided externally via a public cloud</p>

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

<p>what is multi-tenancy cloud?</p>

A

<p>a cloud model where multiple tenants share the resources. this model allows the service providers to manage the resource utilization more efficiently</p>

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

<p>which type of system identifies suspicious patterns that may indicate a network or system attack?</p>

A

<p>intrusion detection system (IDS)</p>

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

<p>why is data isolation used in cloud environments?</p>

A

<p>to ensure that tenant data in a multi-tenant solution is isolated from other tenant' data using a tenant ID in the data labels</p>

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

<p>which information do routers use to forward packets to their destinations?</p>

A

<p>the network address and subnet mask</p>

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

<p>what does the acronym HIDS denote?</p>

A

<p>host-based intrusion detection system</p>

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

<p>what is a community cloud?</p>

A

<p>an infrastructure that is shared among several organizations from a specific group with common computing concerns</p>

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

<p>what is the purpose of software as a service (SaaS) in cloud computing?</p>

A

<p>it ensures on-demand, online access to an application suite without the need for local installation</p>

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

<p>what is a single-tenancy cloud?</p>

A

<p>a cloud model where a single client or organization uses a resource</p>

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

<p>what OS footprinting do?</p>

A

<p>it performs the fingerprinting steps as well as gathering additional information, such as polling DNS (check the status/survey), registrar queries, and so on</p>

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

<p>which type of IDS detects malicious packets on a network?</p>

A

<p>network intrusion detection system (NIDS)</p>

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

what is lightweight extensible authentication protocol (LEAP)?

A

a proprietary wireless LAN authentication method developed by Cisco Systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

which type of analysis involves identifying traffic that is abnormal?

A

anomaly analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

which wireless protocol provides the best security: WEP, WAP, WPA, or WPA2?

A

WPA2 with CCMP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

which category of IDS might increase logging activities, disable a service, or close a port as a response to a detected security breach?

A

active detection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

what does the acronym SIEM denote?

A

security information and event management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

what should you do to ensure that a wireless access point signal does not extend beyond it needed range?

A

reduce the power levels

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

which type of analysis involves examining information in the header of the packet?

A

protocol analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

what is the purpose of MAC filtering?

A

to restrict the clients that can access a wireless network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

what is protected extensible authentication protocol (PEAP)?

A

a protocol that encapsulates the EAP within an encrypted and authenticated TLS tunnel

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

what are the two modes of WAP and WPA2?

A

personal (also called preshared key or WPA-PSK / WPA2-PSK) and enterprise

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

what type of analysis focuses on the long term direction in the increase or decrease in a particular type of traffic?

A

trend analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

which security protocol is the standard encryption protocol for use with the WPA2 standard?

A

counter mode cipher block chaining message authentication code protocol (CCMP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

which security protocol was designed as an interim solution to replace WEP without requiring the replacement of legacy hardware?

A

temporal key integrity protocol (TKIP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

which intrusion detection system (IDS) watches for intrusions that match a known identity?

A

signature-based IDS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

which software can collect logs from specified devices, combine the logs, and analyze the combined logs for security issues?

A

security information and event management (SIEM)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

what doe heuristic analysis do?

A

it determines the susceptibility of a system towards a particular threat/risk using decision rules or weighing methods

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

which protocol does the enterprise mode of WPA and WPA2 use for authentication?

A

extensible authentication protocol (EAP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

which wireless mode ensures that wireless clients can only communicate with the wireless access point and not with other wireless clients?

A

isolation mode

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

which type of IDS or IPS uses an initial database of known attack types but dynamically alters their signatures base on learned behavior?

A

heuristic

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

what doe packet analysis do?

A

it examines the entire packet, including the payload

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

what are the non-overlapping channels for 802.11g/n?

A

channels 1,6, and 11

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

what are the non-overlapping channels for 802.11b?

A

channels 1,6,11, and 14

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

what is the most secure implementation of file transfer protocol (FTP)?

A

secure file transfer protocol (SFTP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

what is the name for a hole in the security of an application deliberately left in place by a designer?

A

backdoor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

which malicious software infects a system without relying upon other applications for its execution?

A

a worm

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

what does an anti-virus application signature file contain?

A

it contains identifying information about viruses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
58
Q

which application or services uses TCP/UDP port 3389?

A

remote desktop protocol (RDP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
59
Q

which port number is used by TFTP?

A

UDP port 69

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
60
Q

what is the name for a fix that addresses a specific windows system problem or set of problems?

A

hotfix

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
61
Q

which firewall port should you enable to allow SMTP trafic to flow through the firewall?

A

port 25

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
62
Q

how many TCP/UDP ports are vulnerable to malicious attacks?

A

65,536

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
63
Q

which type of virus can change its signature to avoid detection?

A

polymorphic

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
64
Q

what is the default PPTP port?

A

TCP port 1723

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
65
Q

what is the purpose of NAC?

A

network access control (NAC) ensures that the computer on the network meets an organization’s security policies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
66
Q

using role-based access control (RBAC), which entities are assigned roles?

A

users or subjects

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
67
Q

what is the name of the area that connects to a firewall and offers services to untrusted networks?

A

DMZ

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
68
Q

which virus creates many variants by modifying its code to deceive antivirus scanners?

A

polymorphic virus

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
69
Q

which port should you block at your network firewall to prevent telnet access?

A

port 23

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
70
Q

what is a good solution if you need to separate two departments into separate networks?

A

VLAN segregation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
71
Q

which port number does LDAP use for communications encrypted using SSL/TLS?

A

port 636

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
72
Q

which type of code performs malicious acts only when a certain set of conditions occurs?

A

a logic bomb

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
73
Q

which firewall port should you enable to allow IMAP4 traffic to flow through the firewall?

A

TCP port 143

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
74
Q

which two port does FTP use?

A

ports 20 and 21

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
75
Q

what does VLAN segregation accomplish?

A

it protects each individual segment by isolating the segments

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
76
Q

which port number does HTTP use?

A

port 80

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
77
Q

which port numbers are used by NetBIOS?

A

ports 137, 138, 139

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
78
Q

which type of malware appears to perform a valuable function, but actually performs malicious acts?

A

trojan horse

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
79
Q

which port number does LDAP use when communications are not secured using SSL/TLS?

A

port 389

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
80
Q

what does the acronym RBAC denote?

A

role-based access control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
81
Q

which viruses are written in macro language and typically infect operating systems?

A

macro viruses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
82
Q

who can change a resource’s category in a mandatory access control environment?

A

administrators only

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
83
Q

which port number does NNTP (network news transfer protocol) use?

A

TCP port 119

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
84
Q

what is a trojan horse?

A

malware that is disguised as a useful utility, but is embedded with a malicious code to infect computer systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
85
Q

which port number does NTP use?

A

port 123

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
86
Q

what does the acronym DAC denote?

A

discretionary access control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
87
Q

which firewall port should you enable to allow POP3 traffic to flow through the firewall?

A

TCP port 110

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
88
Q

which port number does DHCP use?

A

port 67

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
89
Q

which port number is used by SSL, FTPS, and HTTPS?

A

TCP port 443

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
90
Q

which port number is used by SSH, SCP, and SFTP?

A

port 22

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
91
Q

what is the default L2TP port?

A

UDP port 1701

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
92
Q

which type of access control associates roles with each user?

A

role-based access control (RBAC)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
93
Q

why should you install a software firewall and the latest software patches and hotfixes on your computer?

A

to reduce security risks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
94
Q

what is the name for a collection of hotfixes that have been combined into a single patch?

A

a service pack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
95
Q

which type of access control is the multi-level security mechanism used by the department of defense (DoD)?

A

mandatory access control (MAC)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
96
Q

which port number does DNS use?

A

port 53

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
97
Q

which port number is used by SMB?

A

tcp port 445

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
98
Q

what is a file considered in a mandatory access control environment?

A

an object

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
99
Q

what is the purpose of anti-spam application or filters?

A

to prevent unsolicited e-mail

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
100
Q

which type of access control was originally developed for military use?

A

mandatory access control (MAC)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
101
Q

when should you install a software patch on a production server?

A

after the patch has been tested

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
102
Q

which type of access control is most suitable for top-secret information?

A

mandatory access control (MAC)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
103
Q

which port number does SNMP use?

A

UDP port 161

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
104
Q

in a secure network, what should be the default permission position?

A

implicit deny

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
105
Q

which port number does SSH use?

A

port 22

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
106
Q

which type of virus attempts to hide from antivirus software and from the operating system by remaining in memory?

A

stealth

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
107
Q

which port is used for LDAP authentication?

A

port 389

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
108
Q

which self-replicating computer program sends copies of itself to other devices on the network?

A

worm

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
109
Q

which port number is used by microsoft SQL server?

A

tcp port 1433

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
110
Q

which TCP port number does secure sockets layer (SSL) use?

A

port 443

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
111
Q

according to the CySA+ objectives, what are the six rules of engagement for penetration testing?

A

timingscopeauthorizationexploitationcommunicationreporting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
112
Q

is a DHCP server normally placed inside a DMZ?

A

no

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
113
Q

what is meant by the term exploitation in regards to rules of engagement in penetration testing?

A

all exploits that will be attempted during a scan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
114
Q

what is decomposition?

A

the process of breaking software or malware down to discover how it works

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
115
Q

what is meant by the term scope in regards to vulnerability testing?

A

the devices or parts of the network that can be scanned and the types of scans to be performed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
116
Q

which technology enables a LAN to use one set of IP addresses for internal traffic and a second set of addresses for external traffic, while hiding internal addresses or address space?

A

NAT

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
117
Q

which assessment determines whether network security is properly configured to rebuff hacker attacks?

A

penetration test

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
118
Q

what is the purpose of network segmentation?

A

to isolate a group of devices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
119
Q

what can be used to run a possibly malicious program in a safe environment?

A

sandbox

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
120
Q

which term is used for the process of verifying the integrity of a file by using a hashing algorithm?

A

fingerprinting or hashing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
121
Q

what is the purpose of the blue team in a training exercise?

A

defending the device or network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
122
Q

which documentation reduces the likelihood that you have received counterfeit equipment?

A

OEM (original equipment manufacturer) documentation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
123
Q

which type of connectivity provides a remote user the ability to safely connect to his or her corporate network while maintaining data confidentiality and integrity?

A

VPN

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
124
Q

what is the purpose of the red team in a training exercise?

A

attacking the devices or network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
125
Q

what is meant by the term timing in regards to penetration testing?

A

the time when the test should occur and when it should not occur

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
126
Q

what is the primary security advantage of using NAT?

A

NAT hides internal IP addresses from the public network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
127
Q

what is meant by the term authorization in regards to penetration testing?

A

the written agreement and legal authority to perform a vulnerability test

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
128
Q

which type of test attempts to exploit vulnerabilities?

A

penetration test or pentest

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
129
Q

which type of test ONLY identifies vulnerabilities?

A

vulnerability test

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
130
Q

what is the purpose of rules of engagement for penetration testing?

A

they define how a penetration test should occur, including the factors that limit the penetration test

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
131
Q

what does the acronym OEM denote?

A

original equipment manufacturer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
132
Q

which team acts as the referee during a training exercise?

A

white team

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
133
Q

what is the purpose of the Trusted Foundry?

A

it identifies trusted vendors and ensures a trusted supply chain for the united states department of defense (DoD)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
134
Q

does each VLAN create its own collision domain or its own broadcast domain?

A

broadcast domain

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
135
Q

what should you consult to identify all systems that need to have a vulnerability scan?

A

the company’s asset inventory

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
136
Q

what is a flaw, loophole, or weakness in the system, software, or hardware?

A

vulnerabiltiy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
137
Q

which scan has less of an impact on the network: agent-based or server-based?

A

agent-based vulnerability scans because they run on the device and only send the report to the centralized server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
138
Q

what are the two main factors that CompTIA list as factors for prioritizing vulnerability remediation?

A

criticality and difficulty of implementation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
139
Q

how often should vulnerability scans be carried out based on PCI-DSS standards?

A

every three months and whenever systems are updated

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
140
Q

which SCAP component provides standardized names for security-related software flaws?

A

common vulnerabilities and exposures (CVE)2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
141
Q

what does the acronym CCE denote?

A

common configuration enumeration

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
142
Q

which systems provides CCE and CVE identifiers for vulnerability scans?

A

security content automation protocol (SCAP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
143
Q

which term is used for an agreement that is signed by two partnering companies?

A

business partners agreement (BPA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
144
Q

what does the acronym CVE denote?

A

common vulnerabilities and exposures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
145
Q

which term is used for an agreement between two or more parties where the parties cannot create a legally enforceable agreement?

A

memorandum of understanding (MoU)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
146
Q

what does the acronym SCAP denote?

A

security content automation protocol

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
147
Q

which step of the vulnerability management process involves assessing the documented requirements and workflow to determine when scans should occur?

A

establish scanning frequency

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
148
Q

why should you document workflow prior to setting up a vulnerability scan?

A

to help provide business constraints for the scan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
149
Q

which step of the vulnerability management process involves documenting the regulatory environment and corporate policy, classifying data, and obtaining an asset inventory?

A

identify requirements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
150
Q

in which situation will you accept a risk?

A

when the cost of the safeguard exceeds the amount of the potential loss

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
151
Q

why should you deploy remediation in a sandbox environment?

A

to test the effects of the remediation to ensure that the devices will be able to function properly after deployment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
152
Q

what is the process for the vulnerability management process?

A
  1. identify requirements2. establish scanning frequency3. configure the tools to perform the scans according to specifications4. execute the scan5. generate scan reports6. provide remediation for discovered vulnerabilities
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
153
Q

what does the acronym CVSS denote?

A

common vulnerability scoring system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
154
Q

what is a service level agreement (SLA)?

A

a contract between a network service provider and a customer that specifies the services the network service provider will furnish

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
155
Q

which range of CVSS scores indicates low priority?

A

0.1 to 3.9

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
156
Q

what is meant by the term vulnerability feed?

A

the updates to the vulnerability scanner that ensures that the scanner is able to recognize newly discovered vulnerabilities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
157
Q

which range of CVSS scores indicates high priority?

A

7.0 to 8.9

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
158
Q

what happens with an agent-based vulnerability scan?

A

agents are installed on the devices to run the scan and send the report to a centralized server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
159
Q

which range of CVSS scores indicates medium priority?

A

4.0 to 6.9

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
160
Q

what is the recommended action when the cost of the safeguard exceeds the amount of the potential loss for a given risk?

A

to accept the risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
161
Q

which permissions should you assign the account used for the vulnerability scans?

A

read only

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
162
Q

which SCAP component provides standard names for product names and versions?

A

common platform enumeration (CPE)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
163
Q

which step of the vulnerability management process includes scanning criteria, such as sensitivity levels, vulnerability feed, and scope?

A

configure the tools to perform the scans according to specifications

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
164
Q

which range of CVSS scores indicates critical priority?

A

9.0 to 10.0

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
165
Q

what is meant by the scope of a vulnerability scan?

A

the range of hosts or subnets included in the scan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
166
Q

what is the purpose of a discovery vulnerability scan?

A

to create an inventory of assets based on host or service discovery

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
167
Q

which SCAP component provides a standardized metric that measures and describes the severity of security-related software flaws?

A

common vulnerability scoring system (CVSS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
168
Q

what is the term Nessus uses for vulnerability feeds?

A

plug-ins

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
169
Q

which type of vulnerability scan includes the appropriate permissions for the different data types?

A

credentialed scan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
170
Q

what does a CVSS score of 0 indicate?

A

no issues

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
171
Q

what are the FIVE inhibitors to remediation after a vulnerability scan?

A

MOUsSLAsOrganizational GovernanceBusiness process interruptionDegrading functionality

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
172
Q

what does the acronym CPE denote?

A

common platform enumeration (CPE)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
173
Q

what are the three possible values of the availability (A) metric of the CVSS vector, and what do they stand for?

A

N - NoneP - PartialC - Complete

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
174
Q

which value of the authentication (Au) metric of the CVSS vector means no authentication mechanisms are in place to stop the exploitation of the vulnerability?

A

N

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
175
Q

which CVSS metric describes the authentication on attacker would need to get through to exploit the vulnerability?

A

the authentication (Au) metric

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
176
Q

which value of the access vector (AV) metric of the CVSS vector indicates that the attacker must have physical access to the affected system?

A

L

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
177
Q

which value of the Access Vector (AV) metric of the CVSS vector indicates the attacker can cause the vulnerability from any network?

A

N

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
178
Q

which value of the confidentiality (C) metric of the CVSS vector means all information on the system could be compromised?

A

C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
179
Q

which value of the Confidentiality (C) metric of the CVSS vector means some access to information would occur?

A

P

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
180
Q

what are the three possible values of the Access Vector (AV) metric of the CVSS vector, and what do they stand for?

A

L - LocalA - AdjacentN - Network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
181
Q

which CVSS metric describes the difficulty of exploiting the vulnerability?

A

the access complexity (AC) metric

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
182
Q

which CVSS metric describes the information disclosures that may occur if the vulnerability is exploited?

A

the confidentiality (C) metric

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
183
Q

what are the three main possible values of the authentication (Au) metric of the CVSS vector, and what do they stand for?

A

M - MultipleS - SingleN - None

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
184
Q

which value of the availability (A) metric of the CVSS vector means system performance is degraded?

A

P

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
185
Q

which CVSS metric describes how the attacker would exploit the vulnerability?

A

the access vector (AV) metric

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
186
Q

which value of the integrity (I) metric of the CVSS vector means some information modification would occur?

A

P

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
187
Q

what are the three possible values of the confidentiality (C) metric of the CVSS vector, and what do they stand for?

A

N - NoneP - PartialC - Complete

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
188
Q

which value of the integrity (I) metric of the CVSS vector means all information on the system could be compromised?

A

C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
189
Q

which value of the Access Complexity (AC) metric of the CVSS vector means the vulnerability does not require special conditions?

A

L

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
190
Q

which value of the availability (A) metric of the CVSS vector means the system is completely shut down?

A

C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
191
Q

which CVSS metric describes the disruption that might occur if the vulnerability is exploited?

A

the availability (A) metric

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
192
Q

what should you do for the false positives in a vulnerability scanning report once you have verified that they are indeed false?

A

configure exceptions for the false positives in the vulnerability scanner

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
193
Q

what is meant by the term false negative in a vulnerability scan?

A

when the vulnerability scan indicated no vulnerabilities existed when, in fact, one was present

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
194
Q

which value of the access vector (AV) metric of the CVSS vector indicates the attacker must be on the local network?

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
195
Q

which value of the integrity (I) metric of the CVSS vector means there is no integrity impact?

A

N

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
196
Q

which CVSS metric describes the type of data alteration that might occur?

A

the integrity (I) metric

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
197
Q

which value of the Confidentiality (C) metric of the CVSS vector means there is no confidentiality impact?

A

N

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
198
Q

which value of the authentication (Au) metric of the CVSS vector means the attacker would need to get through two or more authentication mechanisms?

A

M

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
199
Q

which value of the authentication (Au) metric of the CVSS vector means the attacker would need to get through one authentication mechanism?

A

S

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
200
Q

what are the three possible values of the Access Complexity (AC) metric of the CVSS vector, and what do they stand for?

A

H - HighM - MediumL - Low

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
201
Q

what are the three possible values of the integrity (I) metric of the CVSS vector, and what do they stand for?

A

N - NoneP - PartialC - Complete

202
Q

which value of the Availability (A) metric of the CVSS vector means there is no availability impact?

A

N

203
Q

which value of the Access Complexity (AC) metric of the CVSS vector means the vulnerability requires somewhat special conditions?

A

M

204
Q

which value of the Access Complexity (AC) metric of the CVSS vector means the vulnerability requires special conditions that are hard to find?

A

H

205
Q

what should you do if you expect that there are false positives in a vulnerability scanning report?

A

verify the false positives to ensure that you can eliminate them from the report

206
Q

in which type of attack is a user connected to a different web server than the one intended by the user?

A

hyperlink spoofing attack

207
Q

what is meant by VM escape?

A

viruses and malware can migrate multiple VMs on a single server

208
Q

which type of system does a stuxnet attack target?

A

a supervisory control and data acquisition (SCADA) system

209
Q

which type of attack involves flooding a recipient e-mail address with identical e-mails?

A

spamming attack

210
Q

what is a replay attack?

A

an attack where an intruder records the communication between a user and a server, and later plays the recorded information back to impersonate the user

211
Q

what is the purpose of GPS tracking on a mobile device?

A

it allows a mobile device to be located

212
Q

what is a command injection?

A

when an operating system command is submitted in an HTML string

213
Q

what is war chalking?

A

leaving signals about a wireless network on the outside of the building where it is housed

214
Q

which attack is an extension of the denial-of-service (DoS) attack and uses multiple computers?

A

DDoS attack

215
Q

which component of a computer use policy indicates that data stored on a company computer is not guaranteed to remain confidential?

A

a no expectation of privacy policy

216
Q

how do you ensure that data is removed from a mobile device that has been stolen?

A

use a remote wipe or remote sanitation program

217
Q

what is phishing?

A

when an e-mail request for confidential information that appears to originate from a bank or other trusted institution is received

218
Q

what is click-jacking?

A

a technique that is used to trick users into revealing confidential information or taking over the user’s computer when clicking links

219
Q

what does the acronym SCADA denote?

A

supervisory control and data acquisition

220
Q

which type of attack allows an attacker to redirect internet traffic by setting up a fake DNS server to answer client requests?

A

DNS spoofing

221
Q

what is the purpose of screen locks on mobile devices?

A

to prevent users from accessing the mobile device until a password or other factor is entered

222
Q

which type of attack is characterized by an attacker who records an encrypted transmission between a client and a server computer so that he or she can then send it to the server to gain access?

A

a replay attack

223
Q

why is it important to limit the use of flash drives and portable music devices by organization employees?

A

to prevent users from copying data to their personnel devices and possibly causing data leakage or from transferring malware to corporate computers

224
Q

which type of attack is characterized by an attacker who situates himself or herself in such a way that he or she can intercept all traffic between two hosts?

A

man-in-the-middle

225
Q

should virtual servers have the same information security requirements as physical servers?

A

Yes

226
Q

what is a smurf attack?

A

an attack where a ping request is sent to a broadcast network address with the aim of overwhelming the system

227
Q

what causes VM sprawl to occur?

A

when multiple VMs become difficult to manage

228
Q

what is an Xmas attack?

A

an attack that looks for open ports

229
Q

what is an XML injection?

A

when a user enters values in an XML query that takes advantage of security loopholes

230
Q

what is the purpose of SCADA?

A

to collect data from factories, plants, or other remote locations, and send the data to a central computer that manages and controls the data

231
Q

what does the acronym ICS denote?

A

industrial control system

232
Q

which servers are susceptible to the same type of attacks as their hosts, including denial of service attacks, detection attack, and escape attacks?

A

virtual servers

233
Q

what is spear phishing?

A

an e-mail request for confidential information that appears to come from your supervisor

234
Q

what is the main difference between virtualization and cloud computing?

A

the location and ownership of the physical components

235
Q

what is an evil twin?

A

an access point with the same SSID as the legitimate access point

236
Q

what is vishing?

A

a special type of phishing that uses VoIP

237
Q

where should you physically store mobile devices to prevent theft?

A

in a locked cabinet or safe

238
Q

what is whaling?

A

a special type of phishing that targets a single power user, such as Chief Executive Officer (CEO)

239
Q

what is the purpose of a remote sanitation application on a mobile device?

A

to ensure that the data on the mobile device can be erased remotely in the event the mobile device is lost or stolen

240
Q

which address is faked with IP spoofing attacks?

A

the source IP address

241
Q

what is bluesnarfing?

A

the act of gaining unauthorized access to a device (and the network it is connected to) through its bluetooth connection

242
Q

which attack uses clients, handles, agents, and targets?

A

DDoS attack

243
Q

when does path traversal occur?

A

when the ../ characters are entered into the URL to traverse directories that are not supposed to be available from the Web

244
Q

what is war driving?

A

the act of discovering unprotected wireless network by driving around with a laptop

245
Q

which type of attack does challenge handshake authentication protocol (CHAP) protect against?

A

replay

246
Q

what does the acronym DDoS denote?

A

distributed denial of service

247
Q

what is header manipulation?

A

when a hacker is able to manipulate a packet header to deface, hijack, or poison the packet

248
Q

what is bluejacking?

A

an attack that sends unsolicited messages over a bluetooth connection

249
Q

which attack requires that the hacker compromise as many computers as possible to initiate the attack?

A

DDoS attack

250
Q

what is an IP spoofing attack?

A

an attack in which the source IP address in an IP datagram is modified to imitate the IP address of a packet originating from an authorized source

251
Q

which type of attack searches long lists of words for a particular language to match them to an encrypted password?

A

dictionary attack

252
Q

why is GPS tracking often disabled?

A

it is considered a security threat. as long as GPS tracking is enabled and the mobile device is powered on, the device (and possibly its user) can be located

253
Q

what is spimming?

A

an instance of spam sent over an instant message application

254
Q

what is malicious insider?

A

an employee who uses his access to the network and facility to obtain confidential information

255
Q

what is the purpose of a screen lock on a mobile device?

A

to act as a deterrent if a mobile device is lost or stolen by requiring a key combination to activate the device

256
Q

encrypting all files on a system hardens which major component of a server?

A

the file system

257
Q

what is an IV attack?

A

cracking the WEP secret key using the initialization vector (IV)

258
Q

what is pharming?

A

traffic redirection to a web site that looks identical to the intended web site

259
Q

what is the purpose of mobile device encryption?

A

to ensure that the contents of the mobile device are confidential

260
Q

which type of attack sequentially generates every possible password and checks them all against a password file?

A

brute force attack

261
Q

which type of brute-force attack attempts to find any two hashed messages that have the same value?

A

a birthday attack

262
Q

what does the acronym MTD denote?

A

maximum tolerable downtime

263
Q

what is MTBF?

A

the estimated amount of time a device will operate before a failure occurs

264
Q

what are the four types of personally identifiable information (PII)?

A

personal characteristics - such as full name, DoB, height, ethnicity, place of birth, mother’s maiden name, and biometric characteristicsa unique set of numbers assigned to an individual - such as government ID number, telephone number, driver’s license number, and PINdescriptions of events or points in time - such as arrest records, employment records, and medical recordsdescription of locations or places - such as GPS tracking information

265
Q

what does the acronym RTO denote?

A

recovery time objective

266
Q

what does the acronym MTBF denote?

A

mean time between failures

267
Q

what does the acronym RPO denote?

A

recovery point objective

268
Q

which two factors should contribute to incident severity and prioritization?

A

impact scope and the type of data affected

269
Q

which attack is one discovered in live environments for which no current fix or patch exists?

A

zero-day attack

270
Q

what is RTO?

A

the shortest time period after a disaster or disruptive event within which a resource or function must be restored to avoid unacceptable consequences

271
Q

which impact scope factor refers to the amount of data corrupted or altered during the incident?

A

data integrity

272
Q

what does the acronym PHI denote?

A

personal health information

273
Q

what is meant by economic factor of an incident?

A

the cost of the incident to the organization

274
Q

which impact scope factor refers to the amount of time taken to recover from the incident?

A

recovery time

275
Q

which attack type targets a specific entity and is carried out over a long period of time?

A

advanced persistent threat (APT)

276
Q

which impact scope factor refers to the amount of time access to resource were interrupted?

A

downtime

277
Q

what is MTD?

A

the maximum amount of time that an organization can tolerate a single resource or function being down

278
Q

what does the acronym PII denote?

A

personally identifiable information

279
Q

what is RPO?

A

the point in time to which the disrupted resource or function must be returned

280
Q

what is the best method to preserve evidence on a computer: bit stream backup or standard backup?

A

bit stream backup

281
Q

what is the order of volatility from most volatile to least volatile?

A

registers, cacheswap spacerouting table, ARP cache, process table, kernel statistics, and memorytemporary file systemsdiskremote logging and monitoring data that is relevant to the system in question

282
Q

what are the FOUR documents/forms that should be part of forensic kit?

A

chain of custody form, incident response plan, incident form, call list/escalation list

283
Q

what is a write blocker?

A

a tool that permits read-only access to data storage devices without compromising the integrity of the data

284
Q

what is the purpose of imaging utilities included in a forensic kit?

A

to create a bit-level copy of drives

285
Q

what are the NINE components that should be included in a forensic kit?

A
  1. digital forensics workstation2. write blockers3. cables4. drive adaptors5. wiped removable media6. camera7. crime tape8. tamper-proof seals9. documentation/forms
286
Q

what is the purpose of the chain of custody form?

A

it will indicate who has handled the evidence, when they handled it, and the order in which the handler was in possession of the evidence

287
Q

which condition must be true of the hash values of a file to prove the file is unaltered?

A

the hash values must remain the same

288
Q

what is a SCADA device?

A

a system operating with coded signals over communication channels that provides control of remote equipment

289
Q

what is the purpose of tamper-proof seals?

A

to ensure that the chain of custody is maintained

290
Q

what is the purpose of hashing utilities included in a forensic kit?

A

to create a hash value of files so that you can prove that certain evidence has not been altered during your possession of the evidence

291
Q

what is the proper life cycle of evidence steps?

A

collection, analysis, storage, court presentation, and return to owner

292
Q

what is a digital forensics workstation?

A

a dedicated workstation for processing an investigation that includes special tools and utilities that make the process easier and more productive

293
Q

what is the purpose of an incident form?

A

it is used to describe the incident in detail

294
Q

why should the proper chain of custody be ensured?

A

so that evidence will be admissible in court

295
Q

what is the purpose of the analysis utilities included in a forensic kit?

A

to analyze the bit-level copy that is created for that purpose

296
Q

what are the three basic questions answered by the chain of custody?

A

who controlled the evidencewho secured the evidencewho obtained the evidence

297
Q

when evidence is seized, which principle should be emphasized?

A

chain of custody

298
Q

what is indicated when the hash values on a file are different?

A

the file has been altered

299
Q

which stakeholder in the incident response process communicates the importance of the incident response plan to all parts of the organization, creates agreements detailing the authority of the IR team to take over business systems if necessary, and creates decision systems for determining when key systems must be removed from the network?

A

upper management

300
Q

which stakeholder in the incident response process creates newsletters and other educational materials to be used in employee response training and coordinates with the legal team to prepare media responses and internal communications regarding incidents before they occur?

A

marketing

301
Q

what are the FOUR main stakeholder groups for the incident response process?

A

HR, Legal, Marketing, Management

302
Q

which stakeholder in the incident response process reviews the NDA to ensure legal support for incident response efforts, develops the wording of documents used to contact sites and organizations possibly affected by an incident that originated with your company’s software, hardware, or services, and assesses site liability for illegal computer activity?

A

Legal

303
Q

what is the role of law enforcement in the incident response process?

A

to assist the investigation and in some cases take over the investigation when a crime has been committed

304
Q

which stakeholder in the incident response process develops job descriptions for those persons who will be hired for positions involved in incident response and creates policies and procedures that support the removal of employees found to be engaging in improper or illegal activity?

A

HR

305
Q

what is the role of the technical IT staff in the incident response process?

A

to recognize, identify, and react to incidents, and to provide support in analyzing those incidents when an incident has occurred

306
Q

what are the FOUR main purposes of the incident response communication process?

A

limit communication to trusted partiesdisclosure based on regulatory/legislative requirementsprevent inadvertent release of informationuse secure method of communication

307
Q

what is data exfiltration?

A

the unauthorized copying, transfer or retrieval of data from a computer or server

308
Q

what should you do if you discover rogue devices on the network?

A

locate and remove them

309
Q

what happens in vertical privilege escalation?

A

the attacker obtains higher privileges by performing operations that allow the attacker to run unauthorized code

310
Q

what are the SIX network-related symptoms of incidents?

A

bandwidth consumptionbeaconingirregular peer-to-peer communicationrogue devices on the networkscan sweepsunusual traffic spikes

311
Q

what is meant by anomalous activity?

A

activity that is outside the norms

312
Q

when does an escalation of privileges attack occur?

A

when an attacker has used a design flaw in an application to obtain unauthorized access to the application

313
Q

what are scan sweeps?

A

an attempt by an unauthorized entity to map your network

314
Q

what happens in horizontal privilege escalation?

A

the attacker obtains the same level of permissions as he already has but uses a different user account to do so

315
Q

what are the eight host-related symptoms of an incident?

A

processor consumptionmemory consumptiondrive capacity consumptionunauthorized softwaremalicious processesunauthorized changes

316
Q

what is beaconing?

A

when malware attempts to remotely connect to a command and control host or network

317
Q

what are the SIX application-related symptoms of incidents?

A

anomalous activityintroduction of new accountsunexpected outputunexpected outbound communicationservice interruptionmemory overflows

318
Q

what is the best way to determine the attack vector used by a hacker?

A

reverse engineering

319
Q

why should a first responder be familiar with the incident response plan?

A

to ensure that the appropriate procedures are followed

320
Q

which eradication technique reinstalling the operating system, applying all system updates, reinstalling the anti-malware software, and implementing any organizational security settings?

A

reconstruction or re-imaging

321
Q

what are the FOUR validation techniques?

A

patching, verifying permissions, scanning, verifying logging/communication to security monitoring

322
Q

what is the name of the security process that involves recognition, verification, classification, containment, and analysis?

A

incident response

323
Q

what are the THREE eradication techniques?

A

sanitization, reconstruction or re-image, secure disposal

324
Q

what are the FOUR containment techniques?

A

segmentation, isolation, removal, reverse engineering

325
Q

which containment techniques involves limiting the scope of the incident by leveraging existing segments of the network as barriers to prevent the spread of the incident to other segments?

A

segmentation

326
Q

which containment technique involves retracing the steps in the incident as seen from the logs in the affected devices or in logs of infrastructure devices that may have been involved?

A

reverse engineering

327
Q

what is the name of the group of people appointed to respond to security incidents?

A

incident response team

328
Q

which type of review should be completed last as part of incident response?

A

a post-mortem review

329
Q

which containment technique involves either by blocking all traffic to and from the device or devices or shutting down the device or devices’ interfaces?

A

isolation

330
Q

what are the SEVEN steps in a FORENSIC INVESTIGATION?

A
  1. identification2. preservation3. collection4. examination5. analysis6. presentation
331
Q

which eradication technique removes all tracers of the threat by overwriting the drive multiple times to ensure all data is destroyed?

A

sanitization

332
Q

in which location should all changes made to your organization’s network and computers be listed?

A

in the change management system

333
Q

what are the FIVE steps in the INCIDENT RESPONSE PROCESS?

A

contain, eradicate, validate, corrective action, reporting

334
Q

what is incident management?

A

the activities of an organization to identify, analyze, and correct risks as they are identified

335
Q

which audit category will audit all instances of users exercising their rights?

A

the audit privilege use audit category

336
Q

what is another term for logical controls?

A

technical controls

337
Q

which type of controls dictates how security policies are implemented to fulfill the company’s security goals?

A

administrative or management control

338
Q

what is the name of the process for removing only the incriminating data from the audit logs?

A

scrubbing

339
Q

which type of controls is implemented to secure physical access to an object, such as building, a room, or a computer?

A

physical or operational control

340
Q

which type of controls include developing policies and procedures, screening personnel, conducting security awareness training, and implementing change control?

A

administrative controls

341
Q

what is the purpose of administrative controls?

A

to implement security policies based on procedures, standards, and guidelines

342
Q

what is the purpose of password complexity rules?

A

to ensure that users do not use passwords that are easy to guess using dictionary attacks

343
Q

what must you do for an effective security auditing policy, besides creating security logs?

A

analyze the logs

344
Q

what is the purpose of physical controls?

A

to work with administrative and technical controls to enforce physical access control

345
Q

which audit category tracks access to all objects outside active directory?

A

the audit object access audit category

346
Q

which password attack does an account lockout policy protect against?

A

a brute force attack

347
Q

if a user needs administrative-level access, how many user accounts should be issued to the user?

A

two - one for normal tasks, one for administrative-level tasks

348
Q

which setting ensures that accounts are not used beyond a certain data and/or time?

A

account expiration

349
Q

what are you trying to determine if you implement audit trails to ensure that users are not performing unauthorized functions?

A

accountability

350
Q

which setting ensures that users periodically change their account passwords?

A

password expiration

351
Q

what is the name for the process of tracking user activities by recording selected events in the server activity logs?

A

auditing

352
Q

which document is used when it is necessary to invoke legal action against an employee for inappropriate use of computer resources?

A

acceptable use policy

353
Q

which type of controls includes access control mechanisms, password management, identification methods, authentication methods, and security devices?

A

technical or logical controls

354
Q

what are the FIVE stages in the life cycle of the evidence or the chain of custody?

A
  1. collection of evidence from the site2. analysis of the evidence by a team of experts3. storage of the evidence in a secure place to ensure that the evidence is not tampered with4. presentation of the evidence by legal experts in a court of law5. returning the evidence to the owner after the proceedings are over
355
Q

what is the purpose of audit logs?

A

to document actions taken on a computer network and the party responsible for those actions

356
Q

which type of controls work to protect system access, network architecture and access, control zones, auditing, and encryption and protocols?

A

technical controls

357
Q

what is the purpose of technical controls?

A

to restrict access to objects and protect availability, confidentiality, and integrity

358
Q

when should an administrative account be used?

A

when performing administrative-level tasks

359
Q

which linux file contains encrypted user passwords that only the root user can read?

A

/etc/shadow

360
Q

what is the purpose of password age rules?

A

to ensure that users change their passwords on a regular basis

361
Q

which account should you rename immediately after installing a new operating system (OS) to harden the OS?

A

the administrator account

362
Q

which assessment examines whether network security practices follow a company’s security policy?

A

an audit

363
Q

which audit category monitors changes to user accounts and groups?

A

the audit account management audit category

364
Q

what is the purpose of the password history settings?

A

to ensure that users do not keep reusing the same passwords

365
Q

which setting ensures that repeated attempts to guess a user’s password is not possible beyond the configured value?

A

account lockout

366
Q

which account should you disable immediately after installing a new operating system (OS) to harden the OS?

A

the guest account

367
Q

which log in event viewer should you open to view events that are generated based on your auditing settings?

A

the security log

368
Q

what is a good password complexity policy?

A

a mixture of numbers, uppercase and lowercase letters, and special characters, such as rObin3*nest

369
Q

which audit category tracks all attempts to log on with a domain user account when enabled on domain controllers?

A

the audit account logon events audit category

370
Q

which type of controls includes controlling access to different parts of a building, implementing locking systems, installing fencing, implementing environmental controls, and protecting the facility perimeter?

A

physical controls

371
Q

what is the top-most level of the LDAP hierarchy?

A

root

372
Q

what is the primary function of LDAP?

A

lightweight directory access protocol (LDAP) controls client access to directories

373
Q

what are flood guards?

A

devices that protect denial of service (DoS) attacks

374
Q

what does the acronym RADIUS denote?

A

remote authentication dial-in user service

375
Q

what are the two types of eye scans?

A

iris scans and retinal scans

376
Q

which type of authentication is accomplished by authenticating both the client and server sides of a concentration through the encrypted exchange of credentials?

A

mutual authentication

377
Q

what does the acronym TACACS denote?

A

terminal access controller access control system

378
Q

which function does a single sign-on (SSO) system provide?

A

it allows a user to present authentication credentials once and gain access to all computers within the SSO system

379
Q

what is the purpose of federated identity management?

A

it allows single sign-on (SSO) between companies

380
Q

what does the acronym KDC denote?

A

key distribution center

381
Q

which authentication protocol uses UDP: TACACS+ or RADIUS?

A

RADIUS

382
Q

which security-server application and protocol implements authentication and authorization of users from a central server over TCP?

A

terminal access controller access control system plus (TACACS+)

383
Q

which authentication protocol is an open standard: TACACS+ or RADIUS?

A

RADIUS

384
Q

which authentication system includes clients, servers, and a key distribution center (KDC)?

A

kerberos

385
Q

which authentication protocol separates authentication and authorization: TACACS+ or RADIUS?

A

TACACS+

386
Q

which Cisco implementation is similar to a RADIUS implementation?

A

TACACS

387
Q

what are the two components of the kerberos key distribution center?

A

authentication server (AS) and ticket-granting server (TGS)

388
Q

which access control model is based on the data’s owner implementing and administering access control?

A

discretionary access control (DAC)

389
Q

which eye scan measures the pattern of blood vessels at the back of the eye?

A

retinal scan

390
Q

scanning fingerprints is an example of which authentication technique

A

biometrics

391
Q

using role-based access control (RBAC), which entities are assigned roles?

A

users or subjects

392
Q

which kerberos component holds all users’ and services’ cryptographic keys and generates tickets?

A

key distribution center (KDC)

393
Q

who has the responsibility for configuring access rights in discretionary access control (DAC)?

A

the data owner or data custodian

394
Q

what is the most important biometric system characteristic?

A

accuracy

395
Q

which type of attack can turn a switch into a hub?

A

MAC flooding

396
Q

what does the acronym MAC denote?

A

mandatory access control

397
Q

which type of eye scan is considered more intrusive than other eye scans?

A

retinal scan

398
Q

which fingerprint scan will analyze fingerprint ridge direction?

A

minutiae matching

399
Q

why is password disclosure a significant security issue in a single sign-on network?

A

it could compromise the entire system because authentication grants access to any systems on the network to which the actual user may have permission

400
Q

which access control model has the lowest cost?

A

role-based access control (RBAC)

401
Q

what does the acronym SSO denote?

A

single sign-on

402
Q

which authentication protocol encrypts the entire packet (not just the password): TACACS+ or RADIUS?

A

TACACS+

403
Q

which authentication protocol uses tickets to authenticate users?

A

Kerberos

404
Q

which function does RADIUS provide?

A

centralized authentication, authorization, and accounting for remote dial-in users

405
Q

which security-server application and protocol implement authentication of users from a central server over UDP?

A

remote authentication dial-in user service (RADIUS)

406
Q

which directory protocol does directory-enabled networking (DEN) use?

A

lightweight directory access protocol (LDAP)

407
Q

which access control model uses security labels for each resource?

A

mandatory access control (MAC)

408
Q

what are the two advantages of single sign-on (SSO)?

A

convenience and centralized administration

409
Q

which access control model requires assigning security clearance levels to users, such as secret, top-secret, and confidential?

A

mandatory access control (MAC)

410
Q

which internet protocol based on X.500 is used to access the data stored in a network directory?

A

lightweight directory access protocol (LDAP)

411
Q

what is the purpose of RADIUS?

A

remote access dial-in user service (RADIUS) enables remote access users to log on to a network through a shared authentication database

412
Q

which ethernet standard uses a wireless access point with a remote authentication dial-in user service (RADIUS) server to authenticate wireless users?

A

802.1x

413
Q

which type of authentication combines two or more authentication methods, like something that a person knows (such as password), something that a person owns (such as a smart card), and a characteristic about the person (such as a fingerprint)?

A

multi-factor authentication

414
Q

which technique is used to prevent network bridging?

A

network separation

415
Q

on which standard is lightweight directory access protocol (LDAP) based?

A

X.500

416
Q

what are the two types of ciphers?

A

block and streaming

417
Q

what is most commonly used to provide proof of message’s origin?

A

a digital signature

418
Q

which key is used to decrypt a digital signature: public or private?

A

public

419
Q

which cryptographic technique is based on a combination of two keys: a secret (private) key and a public key?

A

public-key cryptography

420
Q

in asymmetric encryption for a digital signature, which key is used for encryption: public or private?

A

private

421
Q

what are mandatory vacations?

A

administrative controls that ensure that employees take vacations at periodic intervals

422
Q

what are two other names for single-key cryptography?

A

symmetric key encryption and secret-key encryption

423
Q

which type of cryptography is more secure: symmetric or asymmetric?

A

asymmetric

424
Q

which security measure prevents fraud by reducing the chances of collusion?

A

separation of duties

425
Q

what are the three issues that symmetric data encryption fails to address?

A

data integrity, repudiation, scalable key distribution

426
Q

to provide checks and balances and to prevent one person from gaining too much power over a system, which type of security policy should you implement?

A

separation of duties

427
Q

what is the term for the process that applies a one-way mathematical function called a message digest function to an arbitrary amount of data?

A

hashing

428
Q

what is a dual control?

A

when two operators work together to accomplish a sensitive task

429
Q

what is segregation of duties?

A

when a sensitive activity is segregated into multiple activities and tasks are assigned to different individuals to achieve a common goal

430
Q

what is another name for public-key encryption?

A

asymmetric encryption

431
Q

what is another term used for layered security?

A

defense in depth

432
Q

what is job rotation?

A

when an individual can fulfill the tasks of more than one position in the organization and duties are regularly rotated to prevent fraud

433
Q

what is the opposite of confidentiality?

A

disclosure

434
Q

what is the purpose of filters on a web server?

A

they limit the traffic that is allowed through

435
Q

what is the purpose of sandbox in a java applet?

A

it prevents java applets from accessing unauthorized areas on a user’s computer

436
Q

which error condition arises because data is not checked before input to ensure that it has an appropriate length?

A

buffer overflow errors

437
Q

when does fuzzing occur?

A

when unexpected values are provided as input to an application to make the application crash

438
Q

what are the FIVE phases of the system development life cycle (SDLC)?

A
  1. initiation2. development and acquisition3. implementation and assessment4. operations and maintenance5. disposal
439
Q

what is the purpose of a decompiler?

A

to re-create the source code in some high-level language

440
Q

which type of attack runs code within another process’s address space by making it load a dynamic link library?

A

a DLL injection attack

441
Q

what is the purpose of fuzz testing?

A

to identify bugs and security flaws within an application

442
Q

what are alternate terms for cross-site request forgery (XSRF)?

A

session riding or one-click attack

443
Q

which application hardening method requires that your organization periodically checks with the application vendor?

A

patch management

444
Q

what is the most significant misuse of cookies?

A

misuse of personal data

445
Q

when does fuzzing occur?

A

when unexpected values are provided as input to an application in an effort to make the application crash

446
Q

what does a race condition typically attack?

A

the delay between time of check (TOC) and time of use (TOU)

447
Q

when does a cross-site scripting (XSS) attack occur?

A

it occurs when an attacker locates a vulnerability on a web site that allows the attacker to inject malicious code into a web application

448
Q

what is the name for a small piece of information that is saved on a client machine on the hard disk to enable tracking of user information on future web visits?

A

a cookie

449
Q

what is the purpose of an application disassembler?

A

to read and understand the raw language of the program

450
Q

what is the purpose of a fail-safe error handler?

A

to ensure that the application stops working, reports the error, and closes down

451
Q

what is an application backdoor?

A

lines of code that are inserted into an application to allow developers to enter the application and bypass the security mechanisms

452
Q

what is cross-site request forgery (XSRF)?

A

unauthorized commands coming from a trusted user to a user or web site, usually through social networking

453
Q

what should application developers do to prevent race condition attack?

A

create code that processes exclusive-lock resources in a certain sequence and unlocks them in reverse order

454
Q

what is the best protection against cross-site scripting? (XSS)?

A

disable the running of scripts

455
Q

what is the purpose of secure code review?

A

it examines all written code for any security holes that may exist

456
Q

what is a cookie?

A

a web client test file that stores persistent settings for a web server

457
Q

what is the purpose of input validation?

A

to ensure that data being entered into a database follows certain parameters

458
Q

what is the purpose of application hardening?

A

it ensures that an application is secure and unnecessary services are disabled

459
Q

which error occurs when the length of the input data is more than the length that processor buffers can handle?

A

buffer overflow

460
Q

which type of attack is characterized by an attacker who takes over the session of an already authenticated user?

A

hijacking

461
Q

what is a zero-day exploit?

A

an attack that exploits a security vulnerability on the day the vulnerability becomes generally known

462
Q

when does a persistent XSS attack occur?

A

when data provided to the web application is first stored persistently on the server and later displayed to users without being encoded using HTML on the Web client

463
Q

which type of attack intercepts an established TCP session?

A

TCP hijacking or session hijacking

464
Q

which type of attack enables an intruder to capture and modify data traffic by rerouting the traffic from a network device to the intruder’s computer?

A

network address hijacking

465
Q

what are the FIVE monitoring tools analyst need to know?

A

MRTG (multi router traffic grapher)NagiosSolarWindsCactiNetflow Analyzer

466
Q

what is wireshark?

A

a protocol analyzer or packet sniffer

467
Q

what are the THREE IPS tools?

A

sourcefiresnortbro

468
Q

what is unit testing?

A

the debugging performed by the programmer while coding instructions

469
Q

what are the THREE categories of exploit tools?

A

interception proxyexploit frameworkfuzzers

470
Q

what error condition arises because data is not checked before input to ensure that it has an appropriate length?

A

buffer overflow errors

471
Q

what is the purpose of content inspection?

A

to search for malicious code or behavior

472
Q

what are the TWO exploit framework tools analyst need to know?

A

Metasploit, Nexpose

473
Q

what are the six SIEM tools analyst need to know?

A

Arcsight, QRadar, Splunk, AlienVault, OSSIM, Kiwi Syslog

474
Q

what is microsoft baseline security analyzer?

A

a microsoft application that creates security reports

475
Q

what are TWO examples of input validation errors?

A

buffer overflow and boundary condition errors

476
Q

what is a proxy server?

A

a server that caches and filters content

477
Q

what are the seven categories of preventive tools?

A

IPSFirewallAnti-VirusAnti-malwareEnhanced Mitigation Experience Toolkit (EMET)Web proxyWeb application firewall

478
Q

which error occurs when the length of the input data is more than the length that processor buffers can handle?

A

a buffer overflow

479
Q

what is the most popular intrusion detection system (IDS)?

A

network-based IDS

480
Q

what are the three interception proxy tools analyst need to know?

A

Burp SuiteZapVega

481
Q

what does the acronym IDS denote?

A

intrusion detection system

482
Q

what are the SEVEN command-line tools analyst need to know?

A

netstatpingtracert/tracerouteipconfig/ifconfignslookup/digSysinternalsOpenSSL

483
Q

what is the difference between a password checker and a password cracker?

A

there is no difference. they are the same tools

484
Q

what are the SIX vulnerability scanning tools analyst need to know?

A

QualysNessusOpenVASNexposeNiktoMicrosoft Baseline Security Analyzer

485
Q

what are the TWO password cracking tools analyst need to know?

A

john the rippercain and abel

486
Q

what are the five forensic suite tools analyst need to know?

A

EnCaseFTK (forensic toolkit)HelixSysinternalsCellebrite

487
Q

which type of control is an intrusion detection system (IDS)?

A

detective technical

488
Q

which type of vulnerability assessment is more likely to demonstrate the success or failure of a possible attack?

A

a double-blind test

489
Q

what is Nessus?

A

a network vulnerability scanner

490
Q

what are the THREE categories of analytical tools?

A

vulnerability scanningmonitoring toolsinterception proxy

491
Q

what are the THREE web application firewalls (WAFs) analyst need to know?

A

ModSecurityNAXSIImperva

492
Q

what is the imaging tool analysts need to know?

A

DD

493
Q

what are the two hashing tools analyst need to know?

A

MD5sumSHAsum

494
Q

what is the network scanning tool analyst need to know?

A

NMAP

495
Q

what activity provides identification of security flaws and verification of levels of existing resistance?

A

penetration testing

496
Q

what are the THREE fuzzer tools analyst need to know?

A

UntidyPeach FuzzerMicrosoft SDL File/Regex Fuzzer

497
Q

what are the FOUR categories of forensics tools?

A

forensics suiteshashingpassword crackingimaging

498
Q

what are the four packet capture tools analyst need to know?

A

wiresharktcpdumpnetwork generalaircrack-ng

499
Q

which tool obtains a visual map of the topology of your network, including all devices on the network?

A

a network mapper, also referred to as a network enumerator

500
Q

what are the THREE firewall vendors analyst need to understand?

A

Cisco, Palo Alto, Check Point

501
Q

which tool should you use to retrieve the contents of a GET request: a protocol analyzer or port scanner?

A

protocol analyzer

502
Q

what are the SIX categories of collective tools?

A

SIEMNetworking scanningVulnerability scanningPacket captureCommand-line utilitiesIDS