Architecture and Design Flashcards by Tafari Hal

Nicole’s organization does not have the budget or staff to conduct 24/7 security monitoring of their network. To supplement her team, she contracts with a managed SOC service. Which of the following services or providers would be best suited for this role?

A. SaaS
B. PaaS
C. MSSP
D. IaaS

C.MSSP

How well did you know this?

Not at all

Perfectly

Which of the following cryptographic algorithms is classified as asymmetric?

A. Diffie Hellman
B. Blowfish
C. AES
D. RC4

A.Diffie-Hellman

How well did you know this?

Not at all

Perfectly

Your organization requires the use of TLS or IPsec for all communications with an organization’s network. Which of the following is this an example of?

A. Data at Rest
B. Data in Use
C. DLP
D. Data in Transit

D. Data in Transit

How well did you know this?

Not at all

Perfectly

You are attending a cybersecurity conference and just watched a security researcher demonstrating the exploitation of a web interface on a SCADA/ICS component. This caused the device to malfunction and be destroyed. You recognize that the same component is used throughout your company’s manufacturing plants. Which of the following mitigation strategies would provide you with the most immediate protection against this emergent threat?

A. Demand that the Manufacture
B. Elevate if the web interface
C. Replace the affected
D. Logically or Physically

B. Elevate if the web interface

How well did you know this?

Not at all

Perfectly

Aymen is creating a procedure for the remediation of vulnerabilities discovered within his organization. He wants to ensure that any vendor patches are tested before deploying them into the production environment. What type of environment should his organization establish?

A. Honeypot
B. Staging
C. Development
D. Fuzzing

B. Staging

How well did you know this?

Not at all

Perfectly

Fail to Pass Systems has recently moved its corporate offices from France to Westeros, a country with no meaningful privacy regulations. The marketing department believes that this move will allow the company to resell all of its customer’s data to third-party companies and shield the company from any legal responsibility. Which policy is violated by this scenario?

A. Data Minimization
B. Data Sovereignty
C. Data Enrichment
D. Data Limitation

B. Data Sovereignty

How well did you know this?

Not at all

Perfectly

Dion Training has contracted a software development firm to create a bulk file upload utility for its website. During a requirements planning meeting, the developers asked what type of encryption is required for the project. After some discussion, Jason decides that the file upload tool should use a cipher capable of encrypting 64 bits of data at a time before transmitting the files from the web developer’s workstation to the webserver. What of the following should be selected to meet this security requirement?

A. Block Cipher
B. Stream Cipher
C. CRC
D. Hashing Algorithm

A. Block Cipher

How well did you know this?

Not at all

Perfectly

Dion Training wants to install a new accounting system and is considering moving to a cloud-based solution to reduce cost, reduce the information technology overhead costs, improve reliability, and improve availability. Your Chief Information Officer is supportive of this move since it will be more fiscally responsible. Still, the Chief Risk Officer is concerned with housing all of the company’s confidential financial data in a cloud provider’s network that might be shared with other companies. Since the Chief Information Officer is determined to move to the cloud, what type of cloud-based solution would you recommend to account for the Chief Risk Officer’s concerns?

A. PaaS in a hybrid cloud
B. SaaS in public cloud
C. PaaS in community cloud
D. SaaS in private Cloud

D. SaaS in a Private Cloud

How well did you know this?

Not at all

Perfectly

You have recently been hired as a security analyst at Dion Training. On your first day, your supervisor begins to explain the way their network is configured, showing you the physical and logical placement of each firewall, IDS sensor, host-based IPS installations, the networked spam filter, and the DMZ. What best describes how these various devices are placed into the network for the highest level of security?

A. Network Segmentation
B. Defense in Depth
C. UTM
D. Load Balancer

B. Defense in Depth

How well did you know this?

Not at all

Perfectly

A cybersecurity analyst is working for a university that is conducting a big data medical research project. The analyst is concerned about the possibility of an inadvertent release of PHI data. Which of the following strategies should be used to prevent this?

A. Utilize formal methods of verification against the application processing the PHI
B. Utilize Saas model to processes the PHI data instead of an on premise solution
C. Use the DevSpecOps to build application that processes the Phi
D. Conduct tokeninzation of the PHI data before ingesting it into the big data application

D. Conduct tokeninzation of the PHI data before ingesting it into the big data application

How well did you know this?

Not at all

Perfectly

(Sample Simulation – On the real exam for this type of question, you would drag and drop the authentication factor into the spot for the correct category.)

A. PIN, Signature, Fingerprint, Smart Card, and GPS Coordinator
B. Signature, Pin, Fingerprint, Smart Card, and GPS Coordinator
C. PIN, Smart Card, Fingerprint, Signature, GPS Coordinator
D. Smart Card, PIN, Fingerprint, Signature, GPS Coordinator

C. PIN, Smart Card, Fingerprint, Signature, GPS Coordinator

OBJ-2.4: For the exam, you need to know the different factors of authentication. If you use two or more of these factors, you are using multi-factor authentication. The five factors are something you know (knowledge), something you have (possession), something you are (biometrics), something you do (action), and somewhere you are (location).

How well did you know this?

Not at all

Perfectly

Your company has decided to move all of its data into the cloud. Your company is concerned about the privacy of its data due to some recent data breaches that have been in the news. Therefore, they have decided to purchase cloud storage resources that will be dedicated solely for their use. Which of the following types of clouds is your company using?

A. Public
B. Hybrid
C. Community
D. Private

D. Private

How well did you know this?

Not at all

Perfectly

What is a reverse proxy commonly used for?

A. Allowing access to a virtual private cloud
B. To obfuscate the origin of a user within the network
C. To prevent the unauthorized of the cloud service from the local network
D. Directing traffic to internal services if the contents of the traffic comply with the policy

D. Directing traffic to internal services if the contents of the traffic comply with the policy

How well did you know this?

Not at all

Perfectly

You are developing a containment and remediation strategy to prevent the spread of an APT within your network. Your plan suggests creating a mirror of the company’s databases, routing all externally sourced network traffic to it, and gradually updating with pseudo-realistic data to confuse and deceive the APT as they attempt to exfiltrate the data. Once the attacker has downloaded the corrupted database, your company would then conduct remediation actions on the network and restore the correct database information to the production system. Which of the following types of containment strategies does the plan utilize?

A. Isolation Based Containment by disconnecting
B. Segmentation Based Containment disrupts the APT
C. Segmentation Based Containment that deceives the attack
D. Isolation Based Containment by removing

C. Segmentation Based Containment that deceives the attack

How well did you know this?

Not at all

Perfectly

Which of the following cryptographic algorithms is classified as symmetric?

A. Blowfish
B. RSA
C. ECC
D. PGP

A. Blowfish

How well did you know this?

Not at all

Perfectly

Which of the following hashing algorithms results in a 128-bit fixed output?

A. SHA -1
B. RIPEMD
C. SHA -2
D. MD -5

D. MD -5

How well did you know this?

Not at all

Perfectly

You are installing Windows 2019 on a rack-mounted server and hosting multiple virtual machines within the physical server. You just finished the installation and now want to begin creating and provisioning the virtual machines. Which of the following should you utilize to allow you to create and provision virtual machines?

A. Terminal Service
B. Hypervisor
C. Device Manager
D. Disk Management

B. Hypervisor

How well did you know this?

Not at all

Perfectly

The paparazzi have found copies of pictures of a celebrity’s new baby online. The celebrity states they were never publicly released but were uploaded to their cloud provider’s automated photo backup. Which of the following threats was the celebrity MOST likely a victim of?

A. Unauthorized Camera Activation
B. Unintended Bluetooth Pairing
C. Leaked personal files
D. Unauthorized Root Access

C. Leaked personal files

How well did you know this?

Not at all

Perfectly

Which of the following cryptographic algorithms is classified as asymmetric?

A. DSA
B. DES
C. AES
D. RC4

A. DSA

How well did you know this?

Not at all

Perfectly

Which protocol is paired with OAuth2 to provide authentication of users in a federated identity management solution?

A. OpenID Connect
B. SAML
C. ADFS
D. Kerberos

A. OpenID Connect

How well did you know this?

Not at all

Perfectly

Dave’s company utilizes Google’s G-Suite environment for file sharing and office productivity, Slack for internal messaging, and AWS for hosting their web servers. Which of the following cloud models type of cloud deployment models is being used?

A. Multi-Cloud
B. Community
C. Public
D. Private

A. Multi-Cloud

How well did you know this?

Not at all

Perfectly

You are working as part of the server team for an online retail store. Due to the upcoming holidays, your boss is worried that the current servers may not be able to handle the increased demand during a big sale. Which of the following cloud computing concepts can quickly allow services to scale upward during busy periods and scale down during slower periods based on the changing user demand?

A. Metered Service
B. On-Demand
C. Rapid Elasticity
D. Resource Pooling

C. Rapid Elasticity

How well did you know this?

Not at all

Perfectly

Which of the following describes the overall accuracy of a biometric authentication system?

A. Crossover Error Rate
B. False Positive Rate
C. False Rejection Rate
D. False Acceptance Rate

A. Crossover Error Rate

How well did you know this?

Not at all

Perfectly

Dion Training has added a salt and cryptographic hash to their passwords to increase the security before storing them. To further increase security, they run this process many times before storing the passwords. What is this technique called?

A. Key Stretching
B. Salting
C. Collision Resistance
D. Rainbow Table

A. Key Stretching

How well did you know this?

Not at all

Perfectly

Dion Training has set up a lab consisting of 12 laptops for students to use outside of normal classroom hours. The instructor is worried that a student may try to steal one of the laptops. Which of the following physical security measures should be used to ensure the laptop is not stolen or moved out of the lab environment? A. USB Lock B. Biometric Locks C. Cable Locks D. Key Fob

C. Cable Locks

Your company has just finished replacing all of its computers with brand new workstations. Colleen, one of your coworkers, has asked the company's owner if she can have the old computers that are about to be thrown away. Colleen would like to refurbish the old computers by reinstalling a new operating system and donating them to a local community center for disadvantaged children in the neighborhood. The owner thinks this is a great idea but is concerned that the private and sensitive corporate data on the old computer’s hard drives might be placed at risk of exposure. You have been asked to choose the best solution to sanitize or destroy the data while ensuring the computers will still be usable by the community center. What type of data destruction or sanitization method do you recommend? A. Wiping B. Shredding C. Degaussing D. Destroying

A. Wiping

What type of scan will measure the size or distance of a person's external features with a digital video camera? A. Facial Recognition Scan B. Signature Kinetics Scan C. Iris Scan D. Retinal Scan

A. Facial Recognition Scan

Your company has decided to move all of its data into the cloud. Your company is small and has decided to purchase some on-demand cloud storage resources from a commercial provider (such as Google Drive) as its primary cloud storage solution. Which of the following types of clouds is your company using? A. Hybrid B. Community C. Private D. Public

D.Public

Which of the following cryptographic algorithms is classified as asymmetric? A. ECC B. Twofish C. DES D. RC4

A.ECC

Taylor needs to sanitize hard drives from some leased workstations before returning them to a supplier at the end of the lease period. The workstations' hard drives contained sensitive corporate data. Which is the most appropriate choice to ensure that data exposure doesn’t occur during this process? A. Clear, Validate, and document the sanitization of the drives B. Purge, Validate, and document the santization of the drive C. The drives must be destroyed to ensureno date loss D. Clear the drives

B. Purge, Validate, and document the santization of the drive

You just received an email from Bob, your investment banker, stating that he completed the wire transfer of $10,000 to your bank account in Vietnam. The problem is, you do not have a bank account in Vietnam, so you immediately call Bob to ask what happened. Bob explains that he received an email from you requesting the transfer. You insist you never sent that email to Bob initiating this wire transfer. What aspect of PKI could be used to BEST ensure that a sender sent a particular email message and avoid this type of situation? A. Recovery Agents B. Trust Models C. CRL D. Non-Repudiation

D. Non-Repudiation

Which of the following cryptographic algorithms is classified as symmetric? A. Diffie- Elleman B. AES C. RSA D. ECC

B. AES

Frank and John have started a secret club together. They want to ensure that when they send messages to each other, they are truly unbreakable. What encryption key would provide the STRONGEST and MOST secure encryption? A. ECC with a 256-bit key B. Randomized one-time use pad C. AES with 256-bit key D. DES witha 56-bit key

B. Randomized one-time use pad

Which of the following would a virtual private cloud (VPC) infrastructure be classified as? A. Infrastructure of Service B. Function of Service C. Platform of Service D. Software of Service

A. Infrastructure of Service

Which of the following cryptographic algorithms is classified as asymmetric? A. DES B. RSA C. AES D. RC4

RSA

You have just completed identifying, analyzing, and containing an incident. You have verified that the company uses older unencrypted SSDs as part of their default configuration, and the manufacturer does not provide a SE utility for the devices. The storage devices contained top-secret data that would bankrupt the company if it fell into a competitor’s hands. After safely extracting the device's data and saving it to a new self-encrypting drive, you have been asked to dispose of the SSDs securely. Which of the following methods should you use? A. Conduct zero-fill on storage device B. Platform cryptographic erase(CE) on storage device C. Physically remove the storage device D. Use a secure erase(SE) utility on storage device.

C. Physically remove the storage device

(Sample Simulation – On the real exam for this type of question, you may receive a list of different RAID types and be asked to visually display which hard drives in the RAID are used for redundant data storage as either a stripe or a mirror. You will then have to identify which RAID type is most appropriate for each type of server shown.) You are configuring a RAID drive for a Media Streaming Server. Your primary concern is the speed of delivery of the data. This server has two hard disks installed. What type of RAID should you install, and what type of data will be stored on Disk 1 and Disk 2? A. RAID 0 - DISK 1(Stipe) and DISK 2(Stipe) B. RAID 1 - DISK 1(Stipe) and DISK 2(Stipe) C. RAID 0 - DISK 1(Mirror) and DISK 2(Mirror) D. RAID 1 - DISK 1(Mirror) and DISK 2(Mirror)

A. RAID 0 - DISK 1(Stipe) and DISK 2(Stipe)

Which type of media sanitization would you classify degaussing as? A. Destruction B. Clearing C. Purging D. Erasing

C. Purging

During her login session, Sally is asked by the system for a code sent to her via text (SMS) message. Which of the following concerns should she raise to her organization’s AAA services manager? A. SMS messages may be accessible to attackers via VoIP or other systems B. SMS should be paired with a third factor C. SMS should be encrypted to be secure D. SMS is a costly method of providing a second factor of authentication

A. SMS messages may be accessible to attackers via VoIP or other systems

You want to play computer-based video games from anywhere in the world using your laptop or tablet. You heard about a new product called a Shadow PC that is a virtualized Windows 10 Home gaming PC in the cloud. Which of the following best describes this type of service? A. DaaS B. IaaS C. SaaS D. PaaS

A. DaaS

(Sample Simulation – On the real exam for this type of question, you would have to fill in the blanks by dragging and dropping them into place.) A. FM-200,Biometric locks, Mantrap, Antivirus B. Strong Password, Biometrics, Mantrap, Cable Lock C. GPS Tracking, Biometrics, Proximity Badges, Remote Wipes D. Antivirus, Mantrap, Cable Lock, GPS Tracking

A. FM-200,Biometric locks, Mantrap, Antivirus OBJ-2.7: The best option based on your choices is FM-200, Biometric locks, Mantrap, and Antivirus. FM-200 is a fire extinguishing system commonly used in data centers and server rooms to protect the servers from fire. Biometric locks are often used in high-security areas as a lock on the access door. Additionally, biometric authentication could be used for a server by using a USB fingerprint reader. Mantraps often are used as part of securing a data center as well. This area creates a boundary between a lower security area (such as the offices) and the higher security area (the server room). Antivirus should be installed on servers since they can use signature-based scans to ensure files are safe before being executed.

Which of the following biometric authentication factors uses an infrared light shone into the eye to identify the pattern of blood vessels? A. Iris Scan B. Retinal Scan C. Pupil Dilation D. Facial Recognition

B. Retinal Scan

(Sample Simulation – On the real exam for this type of question, you would receive 3-5 pictures and be asked to drag and drop them into place next to the correct term.) A. Multifactor Authentication B. PAP Authentication C. Biometric Authentication D. One Time Password Athentication

B. PAP Authentication OBJ-2.4: For the exam, you need to know the different authentication categories and what type of authentication methods belong to each category. A username and password are used as part of the Password Authentication Protocol (PAP) authentication system. A username and password are also considered a knowledge factor in an authentication system.

Your company has decided to begin moving some of its data into the cloud. Currently, your company's network consists of both on-premise storage and some cloud-based storage. Which of the following types of clouds is your company currently using? A. Hybrid B. Community C. Publlic D. Private

A. Hybrid

What is used as a measure of biometric performance to rate the system’s ability to correctly authenticate an authorized user by measuring the rate that an unauthorized user is mistakenly permitted access? A. False Rejection Rate B. False Acceptance Rate C. Crossover Acceptance Rate D. Failure to Capture

B. False Acceptance Rate

(Sample Simulation – On the real exam for this type of question, you would receive 3-5 pictures and be asked to drag and drop them into place next to the correct term.) A. Biometric Authentication B. PAP Authentication C. Multifactor Authentication D. One Time Password Athentication

C. Multifactor Authentication OBJ-2.4: For the exam, you need to know the different authentication categories and what type of authentication methods belong to each category. This is an example of multifactor authentication because you are using both a username/password combination with an SMS code. This provides a knowledge factor (username/password) and a possession factor (your smartphone) to provide two factors of authentication, making this the best option.

What is the lowest layer (bottom layer) of a bare-metal virtualization environment? A. Hypervisor B. Guest Operating System C. Physical Hardware D. Host Operating System

C. Physical Hardware

You want to create a website for your new technical support business. You decide to purchase an on-demand cloud-based server and install Linux, Apache, and WordPress on it to run your website. Which of the following best describes which type of service you have just purchased? A. PaaS B. DaaS C. SaaS D. Iaas

D. Iaas

An electronics store was recently the victim of a robbery where an employee was injured, and some property was stolen. The store's IT department hired an external supplier to expand its network to include a physical access control system. The system has video surveillance, intruder alarms, and remotely monitored locks using an appliance-based system. Which of the following long-term cybersecurity risks might occur based on these actions? A. There are no new risk B. These devices are insecure C. These devices should be scanned D. These devices should be isolated

D. These devices should be isolated

Which of the following biometric authentication factors relies on matching patterns on the eye's surface using near-infrared imaging? A. Pupil Dilation B. Facial Recognition C. Iris Scan D. Retinal Scan

C. Iris Scan

Which of the following is not considered an authentication factor? A. Something you are B. Something you know C. Something you want D. Something you have

C. Something you want

Which of the following cryptographic algorithms is classified as symmetric? A. ECC B. 3DES C. PGP D. RSA

B. 3DES

You have been asked to develop a solution for one of your customers. The customer is a software development company, and they need to be able to test a wide variety of operating systems to test the software applications their company is developing internally. The company doesn't want to buy a bunch of computers to install all of these operating systems for testing. Which of the following solutions would BEST meet the company's requirements? A. Purchase a high end computer B. Purchase one computer C. Purchase multi workstation D. Purchas multiply inexpensive workstation

A. Purchase a high end computer

Fail To Pass Systems has just been the victim of another embarrassing data breach. Their database administrator needed to work from home this weekend, so he downloaded the corporate database to his work laptop. On his way home, he left the laptop in an Uber, and a few days later, the data was posted on the internet. Which of the following mitigations would have provided the greatest protection against this data breach? A. Require all new employees to sign NDA B. Require data at rest encryption on all endpoints C. Require data masking for info stored in the database D. Require a VPN to be utilized for all telework employees

B. Require data at rest encryption on all endpoints

Which of the following hashing algorithms results in a 256-bit fixed output? A. SHA-2 B. NTLM C. SHA-1 D. MD-5

C. SHA-1

Your company recently suffered a small data breach caused by an employee emailing themselves a copy of the current customer's names, account numbers, and credit card limits. You are determined that something like this shall never happen again. Which of the following logical security concepts should you implement to prevent a trusted insider from stealing your corporate data? A. Strong Passwords B. DLP C. MDM D. Firewall

B. DLP

Dion Training is concerned with the possibility of employees accessing another user's workstation in secured areas without their permission. Which of the following would BEST be able to prevent this from happening? A. Install security cameras B. Require usernames and passwords for login C. Enforce a policy that requires passwords to be changed every 30 days D. Require biometrics identification for user logins

D. Require biometrics identification for user logins

When conducting forensic analysis of a hard drive, what tool would BEST prevent changing the hard drive contents during your analysis? A. Forensic File duplicator B. Hardware Write Blocker C. Software Write Blocker D. Deguasser

B. Hardware Write Blocker

Your company is making a significant investment in infrastructure-as-a-service (IaaS) hosting to replace its data centers. Which of the following techniques should be used to mitigate the risk of data remanence when moving virtual hosts from one server to another in the cloud? A. Span multiple virtual disks to fragment data B. Zero Wipe drives before moving system C. User full disk encryption D. User data masking

C. User full disk encryption

Which party in a federation provides services to members of the federation? A. SSO B. IdP C. RP D. SAML

C. RP

Which of the following hashing algorithms results in a 160-bit fixed output? A. SHA-2 B.RIPMD C.MD-5 D.MD-6

B.RIPMD

Which term is used in software development to refer to the method in which app and platform updates are committed to a production environment rapidly? A. Continuous Delivery B. Continuous Deployment C. Continuous Monitoring D. Continuous Integration

B. Continuous Deployment

(Sample Simulation – On the real exam for this type of question, you would receive 3-5 pictures and drag and drop them into place next to the correct term.) How would you appropriately categorize the authentication method displayed here? A. One time Password Authentication B. Biometric Authentication C. PAP Authentication D. Mutifactor Authentication

B. Biometric Authentication

Dion Training is concerned with students entering the server room without permission. To prevent this from occurring, the organization wants to purchase and install an access control system that will allow each instructor to have access using an RFID device. Which of the following authentication mechanisms should Dion Training use to meet this requirement? A. Biometric Reader B. CCTV C. Access Control Vestibule D. Proximity Badge

D. Proximity Badge OBJ-2.7: The best option is to use a proximity badge. This type of badge embeds an RFID chip into the card or badge. When an authorized user swipes their card or badge over the reader, it sends an RF signal that uniquely identifies the card's holder or badge. While some of the other options presented could be used for authentication (such as biometrics), these options do not use an RFID as stated in the requirements. Closed-circuit television is a type of video surveillance where video cameras transmit a signal to a specific place using a limited set of monitors. An access control vestibule is a physical security access control system comprising a small space with two sets of interlocking doors, such that the first set of doors must close before the second set opens. Biometrics are identifying features stored as digital data that can be used to authenticate a user. Typical features used include facial pattern, iris, retina, or fingerprint pattern, and signature recognition. This requires a relevant scanning device, such as a fingerprint reader, and a database of biometric information for authentication to occur.

Which of the following vulnerabilities involves leveraging access from a single virtual machine to other machines on a hypervisor? A. VM Data Remnant B. VM Migration C. VM Escape D. VM Sprawl

C. VM Escape

Which of the following authentication mechanisms involves receiving a one-time use shared secret password, usually through a token-based key fob or smartphone app, that does not expire? A. HOTP B. Smart Card C. TOTP D. EAP

A. HOTP

You work for Dion Training as a physical security manager. You are concerned that the physical security at the entrance to the company is not sufficient. To increase your security, you are determined to prevent piggybacking. What technique should you implement first? A. Install an RFID badge reader at the entrance B. Install CCTV to monitor the Entrance C. Require all employees to wear security badges when entering the building D. Install an access control vestibule at the entrance

D. Install an access control vestibule at the entrance

Which of the following cryptographic algorithms is classified as symmetric? A. Diffie-Hellman B. RSA C. RC4 D. ECC

C. RC4

Which of the following utilizes a well-written set of carefully developed and tested scripts to orchestrate runbooks and generate consistent server builds across an enterprise? A. SaaS B. IaaS C. PaaS D. IaC

D. IaC

Assuming that Dion Training trusts Thor Teaches, and Thor Teaches trusts Udemy, then we can assume Dion Training also trusts Udemy. What concept of IAM does the previous statement represent? A. Certificate Authority Trust B. Public Key Trust C. Transitive Trust D. Domain Level Trust

C. Transitive Trust

Which of the following techniques would be the most appropriate solution to implementing a multi-factor authentication system? A. Username and Password B. Smartcard and PIN C. Fingerprint and Retina Scan D. Password and Security question

B. Smartcard and PIN

Which of the following cryptographic algorithms is classified as symmetric? A. DES B. ECC C. DSA D. GPG

A. DES

Dion Training wants to require students to log on using multifactor authentication to increase the security of the authorization and authentication process. Currently, students log in to diontraining.com using a username and password. What proposed solution would best meet the goal of enabling multifactor authentication for the student login process? A. Require students to create a unique pin after username and password is entered B. Require students to chose an image as secondary verification C. Require students to enter a cognitive passwords requirement ('select a dog pics') D. Require students to enter unique six digit number that sent via SMS

D. Require students to enter unique six digit number that sent via SMS

You have signed up for a web-based appointment scheduling application to help you manage your new IT technical support business. What type of solution would this be categorized as? A. PaaS B. IaaS C. SaaS D. DaaS

C. SaaS

Which of the following is NOT considered part of the Internet of Things? A. Smart Television B. LAPTOP C. ICS D. SCADA

B. LAPTOP

During a security audit, you discovered that customer service employees have been sending unencrypted confidential information to their personal email accounts via email. What technology could you employ to detect these occurrences in the future and send an automated alert to the security team? A. UTM B. MDM C. DLP D. SSL

C. DLP

Dion Training has recently opened an Internet café for students to use during their lunch break. Unfortunately, Dion Training doesn’t have any wireless networks in their building, so they have placed three laptops in the Internet café. What protection should be installed to best prevent the laptops from being stolen? A. CCTV B. Cable Lock C. Proximity Badge D. Safe

B. Cable Lock OBJ-2.7: The best option is to use a cable lock for each laptop to ensure that they won’t get stolen from the Internet café. CCTV is useful as a detective control and could be used to find out who stole the laptops after they were taken, but a cable lock is a preventative control that would stop the theft from occurring in the first place. Proximity badges are a poor choice because students would likely not have a proximity badge, and the Internet café is an area with open access for students and instructors. Similarly, a safe may be useful to lock up the laptops at night, but during the day, the laptops would need to be available at the Internet café, so the cable locks are still a better choice.

Which type of authentication method is commonly used with physical access control systems and relies upon RFID devices embedded into a token? A. Smart Card B. TOTP C. Proximity Cards D. HOTP

C. Proximity Cards

Which of the following physical security controls would be the most effective in preventing an attacker from driving a vehicle through the glass doors at the front of the organization's headquarters? A. Security Gaurd B. Bollards C. Access Control Vestibule D. Intrusion Alarm

B. Bollards

You have just completed identifying, analyzing, and containing an incident. You have verified that the company uses self-encrypting drives as part of its default configuration. As you begin the eradication and recovery phase, you must sanitize the storage devices' data before restoring the data from known-good backups. Which of the following methods would be the most efficient to use to sanitize the affected hard drives? A. Conduct zero-fill on storage devices B. Use a secure erase (SE) utility storage C. Perform a (CE) on storage devices D. Incinerate and replace the storage devices

C. Perform a (CE) on storage devices

The local electric power plant contains both business networks and ICS/SCADA networks to control their equipment. Which technology should the power plant’s security administrators look to implement first as part of configuring better defenses for the ICS/SCADA systems? A. Anti Virus Software B. Intrusion Prevention Systems C. Log Consolidation D. Automated Patch Deployment

B. Intrusion Prevention Systems

What sanitization technique uses only logical techniques to remove data, such as overwriting a hard drive with a random series of ones and zeroes? A. Destroy B. Degauss C. Clear D. Purge

C. Clear

You want to create a new mobile application and develop it in the cloud. You just signed up for a cloud-based service provider's offering to allow you to develop it using their programming environment. Which of the following best describes which type of service you have just purchased? A. SaaS B. PaaS C. DaaS D. IaaS

B. PaaS

Which of the following cryptographic algorithms is classified as asymmetric? A. 3DES B. PAP C. PGP D. RC4

C. PGP

You work for a bank interested in moving some of its operations to the cloud, but it is worried about security. You recently discovered an organization called CloudBank that was formed by 15 local banks as a way for them to build a secure cloud-based environment that can be accessed by the 15 member banks. Which cloud model BEST describes the cloud created by CloudBank? A. Community Cloud B. Private Cloud C. Hybrid Cloud D. Public Cloud

A. Community Cloud

Which of the following is NOT a means of improving data validation and trust? A. Implementing Tripware B. Encrypting data in transit C. Decrypting data at rest D. Using MD5 checksums for files

C. Decrypting data at rest

Which cloud computing concept is BEST described as focusing on replacing the hardware and software required when creating and testing new applications and programs from a customer's environment with cloud-based resources? A. PaaS B. SECaaS C. IaaS D. SaaS

A. PaaS

Which of the following authentication mechanisms involves receiving a one-time use shared secret password, usually, through a token-based key fob or smartphone app, that automatically expires after a short period of time (for example, 60 seconds)? A. HOTP B. Smart Card C. EAP D. TOTP

D. TOTP

Which of the following cryptographic algorithms is classified as asymmetric? A. DES B. AES C. RSA D. RC4

C. RSA

Karen lives in an area that is prone to hurricanes and other extreme weather conditions. She asks you to recommend an electrical conditioning device that will prevent her files from being corrupted if the building's power is unstable or lost. Additionally, she would like the computer to maintain power for up to an hour of uptime to allow for a graceful shutdown of her programs and computer. Which of the following should you recommend? A. PDU B. Surge Protection C. Line Cordinator D. UPS

D. UPS

Which of the following cryptographic algorithms is classified as symmetric? A. ECC B. RSA C. Twofish D. Diffie-Hellman

C. Twofish

(Sample Simulation – On the real exam for this type of question, you would receive 3-5 pictures and be asked to drag and drop them into place next to the correct term.) How would you appropriately categorize the authentication method being displayed here? (Note: the hardware token is being by itself used for authentication.) A. Biometric Authentication B. PAP Authentication C.. Multifactor Authentication D. One time Password Authentication

D. One time Password Authentication

You are helping to set up a backup plan for your organization. The current plan states that all of the organization's Linux servers must have a daily backup conducted. These backups are then saved to a local NAS device. You have been asked to recommend a method to ensure the backups will work when needed for restoration. Which of the following should you recommend? A. Set up scripts to automatically reattempt any failed backup jokes B. Attempt to restore to a test server C. Create a additional copy of the backup in off site database D. Frequently restore the server from backup

B. Attempt to restore to a test server

Which cloud computing concept is BEST described as focusing on the replacement of physical hardware at a customer's location with cloud-based resources? A. IaaS B. SECaaS C. PaaS D. SaaS

C. IaaS

Your company is adopting a cloud-first architecture model. Management wants to decommission the on-premises SIEM your analysts use and migrate it to the cloud. Which of the following is an issue with using this approach? A. The company has less control of the SEIM B. The company will be dependent on the cloud service C. A VM escape exploit cloud allow an attacker to gain access to the SEIM D. Legal and Regulatory issue may prevent data mitigation

D. Legal and Regulatory issue may prevent data mitigation

You have been asked to scan your company’s website using the OWASP ZAP tool. When you perform the scan, you received the following warning: "The AUTOCOMPLETE output is not disabled in HTML FORM/INPUT containing password type input. Passwords may be stored in browsers and retrieved." You begin to investigate further by re Based on your analysis, which of the following actions should you take? A. This is a false positive B. You tell the developer to review their code and implemented a bug/code fix C. You recommend that the system admin disable SSL on server D. You recommend that the system admin pushes GPO

B. You tell the developer to review their code and implemented a bug/code fix OBJ-2.3: Since your company owns the website, you can require the developer to implement a bug/code fix to prevent the form from allowing the AUTOCOMPLETE function to work on this website. The code change to perform is quite simple, simply adding "autocomplete=off" to the code's first line. The resulting code would be

You were conducting a forensic analysis of an iPad backup and discovered that only some of the information is within the backup file. Which of the following best explains why some of the data is missing? A. The backup is encrypted B. The backup was interrupted C. The backup is stored in iCloud D. The backup is a differential backup

D. The backup is a differential backup

You have been hired as a consultant by Dion Training to review their current disaster recovery plans. The CEO has requested that the plans ensure that the company can limit downtime in the event of a disaster. Still, due to staffing concerns, he cannot approve the budget to implement or maintain a fully redundant offsite location to ensure 99.999% availability. Based on that limitation, what should you recommend to the CEO? A. Retain hardware B. Install redundant servers C. Retain the hardwware D. Redundant Hardware

D. Redundant Hardware

Which of the following type of threats did the Stuxnet attack rely on to cross an air gap between a business and an industrial control system network? A. Cross Site Scripting B. Session Hijacking C. Removable Media D. Directory Traversal

C. Removable Media

The speed of striping, the redundancy of mirroring. You need at least 4 drives.

Raid 10

File blocks spit between physical drives -High performance -No redundancy -Minimum 2 drives

Raid 0

File block striped along with parity block -efficient use of disk space -High redundancy -Minimum 3 drives

Raid 5

File blocks duplicated between physical drives -Mirroring -High disk space utilization -Minimum 2 drives

Raid 1

Parallel transfer with parity bit -Data and parity written in different areas -Requires 3 Drives. -Performs bad with alot of small task

Raid 3

-Add disk redundancy for a critcal server -Two drive failure for better fault tolerance.

RAID 6

Brainscape's Knowledge GenomeTM

Architecture and Design Flashcards

Brainscape's Knowledge Genome^TM