B.3.1 Security+ SY0-601 Domain 1: Attacks, Threats, and Vulnerabilities Flashcards

150 questions (plus some of my own)

1
Q

Which of the following attacks tricks victims into providing confidential information (such as identity information or logon credentials) through emails or websites that impersonate an online entity that the victim trusts?

A

Phishing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Users in your organization receive email messages informing them that suspicious activity has been detected on their bank accounts. They are directed to click a link in the email to verify their online banking username and password. The URL in the link is in the .ru top-level DNS domain.

What kind of attack occurred?

A

Phishing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which of the following is one of the MOST common attacks on employees?

A

Phishing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

As the security analyst for your organization, you have noticed an increase in emails that attempt to trick users into revealing confidential information. Which web threat solution should you implement to protect against these threats?

A

Anti-phishing software

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which of the following BEST describes phishing?

A

A fraudulent email that claims to be from a trusted organization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which of the following social engineering attacks uses voice over IP (VoIP) to gain sensitive information?

A

Vishing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which of the following are functions of gateway email spam filters? (Select two.)

A

Blocks email from specific senders
Filters messages containing specific content

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

If an SMTP server is not properly and securely configured, it can be hijacked and used maliciously as an SMTP relay agent. Which activity could result if this happens?

A

Spamming

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which type of malicious activity can be described as numerous unwanted and unsolicited email messages sent to a wide range of victims?

A

Spamming

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

An attacker sends an unwanted and unsolicited email message to multiple recipients with an attachment that contains malware.

Which kind of attack has occurred in this scenario?

A

Spam

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

As the security analyst for your organization, you have noticed an increase in user computers being infected with malware. Which two solutions should you implement and configure to remedy this problem? (Select two.)

A

Virus scanner
Spam filters

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

You are instant messaging a coworker, and you get a malicious link. Which type of social engineering attack is this?

A

Spim

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which of the following is susceptible to social engineering exploits?

A

Instant messaging

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which of the following is considered a major problem with instant messaging applications?

A

Loss of productivity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

You are the security analyst for your organization and have recently noticed a large amount of spim on the company mobile devices. Employees rely on the IM app to communicate with each other.

Which of the following countermeasures should you implement?

A

Use an IM blocker

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

You are cleaning your desk at work. You toss several stacks of paper in the trash, including a sticky note with your password written on it. Which of the following types of non-technical password attacks have you enabled?

A

Dumpster diving

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Which of the following are examples of social engineering attacks? (Select three.)

A

Shoulder surfing
Impersonation
Keylogging

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Which of the following best describes shoulder surfing?

A

Someone nearby watching you enter your password on your computer and recording it

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Brandon is helping Fred with his computer. He needs Fred to enter his username and password into the system. Fred enters the username and password while Brandon is watching him. Brandon explains to Fred that it is not a good idea to allow anyone to watch you type in usernames or passwords.

Which type of social engineering attack is Fred referring to?

A

Shoulder surfing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Compliments, misinformation, feigning ignorance, and being a good listener are tactics of which social engineering technique?

A

Elicitation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

An attack that targets senior executives and high-profile victims is referred to as what?

A

Whaling

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

In which phase of an attack does the attacker gather information about the target?

A

Reconnaissance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Which of the following is a common social engineering attack?

A

Distributing hoax virus-information emails

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Pretending to be somebody else and approaching a target to extract information is called what?

A

Impersonation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Carl received a phone call from a woman who states that she is calling from his bank. She tells him that someone has tried to access his checking account, and she needs him to confirm his account number and password to discuss further details. He gives her his account number and password.

Which of the following types of non-technical password attack has occurred?

A

Social engineering

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

What is social engineering?

A

It relies on human error. It works by feigning trustworthiness to convince someone to share information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

An organization’s receptionist received a phone call from an individual claiming to be a partner in a high-level project and requesting sensitive information. The individual is engaging in which type of social engineering?

A

Authority

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Social engineers are master manipulators. Which of the following are tactics they might use?

A

Moral obligation, ignorance, and threatening

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Any attack involving human interaction of some kind is referred to as what?

A

Social engineering

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

A type of malware that prevents the system from being used until the victim pays the attacker money is known as what?

A

Ransomware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Which of the following is a program that appears to be a legitimate application, utility, game, or screensaver, but performs malicious activities surreptitiously?

A

Trojan horse

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

In 2001, a worm exploited vulnerabilities in Microsoft Internet Information Services (IIS) to infect over 250,000 systems in under nine hours. What was this worm called?

A

Code Red

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Which kind of virus operates only in memory and usually exploits a trusted application like PowerShell to circumvent traditional endpoint security solutions?

A

Fileless virus

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

A collection of zombie computers have been set up to collect personal information. Which type of malware do the zombie computers represent?

A

Botnet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Which of the following describes a logic bomb?

A

A program that performs a malicious activity at a specific time or after a triggering event.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

Which of the following best describes spyware?

A

It monitors the actions you take on your machine and sends the information back to its originating source.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

Which kind of malware provides an attacker with administrative control over a target computer through a backdoor?

A

Remote Access Trojan (RAT)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

Which of the following are characteristics of a rootkit? (Select two.)

A

Resides below regular antivirus software detection
Requires administrator-level privileges for installation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

While developing a network application, a programmer adds functionally that allows her to access the running program without authentication so she can capture debugging data. The programmer forgets to remove this functionality prior to finalizing the code and shipping the application.

Which type of security weakness does this describe?

A

Backdoor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

An attacker was able to gain unauthorized access to a mobile phone and install a Trojan horse so that he or she could bypass security controls and reconnect later.

Which type of attack is this an example of?

A

Backdoor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

In an effort to increase the security of your organization, programmers have been informed they can no longer bypass security during development.

Which vulnerability are you attempting to prevent?

A

Backdoor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

You have installed antivirus software on the computers on your network. You update the definition and engine files and configure the software to update those files every day.

What else should you do to protect your systems from malware? (Select two.)

A

Educate users about malware
Schedule regular full-system scans

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

In a variation of the brute force attack, an attacker may use a predefined list of common usernames and passwords to gain access to existing user accounts. Which countermeasure best addresses this issue?

A

A strong password policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

Which type of password attack employs a list of pre-defined passwords that it tries against a login prompt?

A

Dictionary attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

Which of the following is most vulnerable to a brute-force attack?

A

Password authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

You are using a password attack that tests every possible keystroke for each single key in a password until the correct one is found.

Which of the following technical password attacks are you using?

A

Brute force attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

Which of the following password attacks uses preconfigured matrices of hashed dictionary words?

A

Rainbow table attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

Which of the following strategies can protect against a rainbow table password attack?

A

Add random bits to the password before hashing takes place

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

Jack is tasked with testing the password strength for the users of an organization. He has limited time and unlimited storage space.

Which of the following would be the BEST password attack for him to choose?

A

Rainbow attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

A birthday attack focuses on which of the following?

A

Hashing algorithms

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

An attacker is attempting to crack a system’s password by matching the password hash to a hash in a large table of hashes he or she has.

Which type of attack is the attacker using?

A

Rainbow

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

When two different messages produce the same hash value, what has occurred?

A

Collision

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

A relatively new employee in the data entry cubical farm was assigned a user account similar to the other data entry employees’ accounts. However, audit logs have shown that this user account has been used to change ACLs on several confidential files and has accessed data in restricted areas.

This situation indicates which of the following has occurred?

A

Privilege escalation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

An attacker has obtained the logon credentials for a regular user on your network.

Which type of security threat exists if this user account is used to perform administrative functions?

A

Privilege escalation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

Which of the following is an example of privilege escalation?

A

Privilege creep

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

A user is able to access privileged administrative features with an account that is not granted administrator rights.
Which type of vulnerability is this?

A

Privilege escalation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

Travis and Craig are both standard users on the network. Each user has a folder on the network server that only they can access. Recently, Travis has been able to access Craig’s folder.

This situation indicates which of the following has occurred?

A

Privilege escalation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
58
Q

Which of the following is an attack that injects malicious scripts into web pages to redirect users to fake websites to gather personal information?

A

XSS (Cross-site scripting)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
59
Q

Which of the following are subject to SQL injection attacks?

A

Database servers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
60
Q

You have a website that accepts input from users for creating customer accounts. Input on the form is passed to a database server where the user account information is stored.

An attacker is able to insert database commands in the input fields and have those commands execute on the server.

Which type of attack has occurred?

A

SQL injection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
61
Q

An attacker inserts SQL database commands into a data input field of an order form used by a web-based application. When submitted, these commands are executed on the remote database server, causing customer contact information from the database to be sent to the malicious user’s web browser.

Which practice would have prevented this exploit?

A

Implementing client-side validation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
62
Q

In 2011, Sony was targeted by an SQL injection attack that compromised over one million emails, usernames, and passwords.

Which of the following could have prevented the attack?

A

Careful configuration and penetration testing on the front end

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
63
Q

SQL injections are a result of which of the following flaws?

A

Web applications

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
64
Q

Which of the following functions does a single quote (‘) perform in an SQL injection?

A

Indicates that data has ended and a command is beginning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
65
Q

Which of the following attacks is a form of software exploitation that transmits or submits a longer stream of data than the input variable is designed to handle?

A

Buffer overflow attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
66
Q

A programmer that fails to check the length of input before processing leaves his code vulnerable to which form of common attack?

A

Buffer overflow attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
67
Q

Having poor software development practices and failing to program input validation checks during development of custom software can result in a system vulnerable to which type of attack?

A

Buffer overflow attack

68
Q

Which type of attack is the act of exploiting a software program’s free acceptance of input in order to execute arbitrary code on a target?

A

Buffer overflow attack

69
Q

Sam has used malware to access Sally’s computer on the network. He has found information that allows him to use the underlying NTLM to escalate his privileges without needing the plaintext password.

Which of the following types of attacks did he use?

A

Pass-the-hash attack

70
Q

Which of the following best describes an evil twin?

A

An access point that is configured to mimic a valid access point to obtain logon credentials and other sensitive information

71
Q

Your company security policy states that wireless networks are not to be used because of the potential security risk they present to your network.

One day, you find that an employee has connected a wireless access point to the network in his office.

Which type of security risk is this?

A

Rogue access point

72
Q

What is a Rogue access point?

A

It is an unauthorized access point added to a network, or it is an access point that is configured to mimic a valid access point

73
Q

Which of the following best describes Bluesnarfing?

A

Viewing calendar, emails, and messages on a mobile device without authorization

74
Q

Which of the following sends unsolicited business cards and messages to a Bluetooth device?

A

Bluejacking

75
Q

You are the security analyst for your organization. Clients are complaining about being unable to connect to the wireless network. After looking into the issue, you have noticed short bursts of high-intensity RF signals are interfering with your wireless network’s signal.

Which type of attack are you most likely experiencing?

A

Jamming

76
Q

Which type of Radio Frequency Identification (RFID) tag can send a signal over a long distance?

A

Active

77
Q

An attacker has intercepted near-field communication (NFC) data and is using that information to masquerade as the original device.

Which type of attack is being executed?

A

Relay

78
Q

Which type of attack is WEP extremely vulnerable to?

A

IV attack

79
Q

Which of the following describes a man-in-the-middle attack?

A

A false server intercepts communications from a client by impersonating the intended server.

80
Q

Capturing packets as they travel from one host to another with the intent of altering the contents of the packets is a form of which type of attack?

A

Man-in-the-middle attack

81
Q

Which of the following switch attacks associates the attacker’s MAC address with the IP address of the victim’s devices?

A

ARP spoofing/poisoning

82
Q

Which of the following attacks tries to associate an incorrect MAC address with a known IP address?

A

ARP poisoning

83
Q

What does ARP spoofing/poisoning do?

A

It associates the attacker’s MAC address with the IP address of a victim’s device

84
Q

Which of the following is the term used to describe what happens when an attacker sends falsified messages to link their MAC address with the IP address of a legitimate computer or server on a network?

A

ARP poisoning

85
Q

Which of the following attacks, if successful, causes a switch to function like a hub?

A

MAC flooding

86
Q

What is the appropriate switch attack for ARP spoofing/poisoning?

A

The source device sends frames to the attacker’s MAC address instead of to the correct device.

87
Q

What is the appropriate switch attack for Dynamic Trunking Protocol?

A

Should be disabled on the switch’s end user (access) ports before implementing the switch configuration into the network

88
Q

What is the appropriate switch attack for MAC flooding?

A

Causes packets to fill up the forwarding table and consumes so much of the switch’s memory that it enters a state called Fail Open Mode

89
Q

What is the appropriate switch attack for MAC spoofing?

A

Can be used to hide the identity of the attacker’s computer or impersonate another device on the network

90
Q

What is the correct definition of MAC spoofing?

A

Allows an attacker’s computer to connect to a switch using an authorized MAC address.

91
Q

What is the correct definition of MAC flooding?

A

The process of intentionally overwhelming the CAM table with Ethernet frames, each originating from a different MAC address.

92
Q

What is the correct definition of ARP poisoning?

A

The MAC address of the attacker can be associated with the IP address of another host.

93
Q

What is the correct definition of Port mirroring?

A

Creates a duplicate of all network traffic on a port and sends it to another device.

94
Q

Which type of denial-of-service (DoS) attack occurs when a name server receives malicious or misleading data that incorrectly maps host names and IP addresses?

A

DNS poisoning

95
Q

When does DNS poisoning occur?

A

It occurs when a name server receives malicious or misleading data that incorrectly maps host names and IP addresses

96
Q

While using the internet, you type the URL of one of your favorite sites in the browser. Instead of going to the correct site, the browser displays a completely different website. When you use the IP address of the web server, the correct site is displayed.

Which type of attack has likely occurred?

A

DNS poisoning

97
Q

An attacker uses an exploit to push a modified hosts file to client systems. This hosts file redirects traffic from legitimate tax preparation sites to malicious sites to gather personal and financial information.

Which kind of exploit has been used in this scenario?

A

DNS poisoning

98
Q

An attacker sets up 100 drone computers that flood a DNS server with invalid requests. This is an example of which kind of attack?

A

Distributed Denial-of-Service (DDoS)

99
Q

What is a distributed denial-of-service (DDoS) attack?

A

A distributed denial-of-service (DDoS) attack employs multiple attackers

100
Q

Which of the following is the single greatest threat to network security?

A

Employees

101
Q

The IT manager in your organization proposes taking steps to deflect a potential threat actor. The proposal includes the following:

  • Create and follow onboarding and off-boarding procedures.
  • Employ the principal of least privilege.
  • Have appropriate physical security controls in place.

Which type of threat actor do these steps guard against?

A

Insider

102
Q

An employee stealing company data could be an example of which kind of threat actor?

A

Internal threat

103
Q

Which of the following BEST describes an inside attacker?

A

An unintentional threat actor

104
Q

Which of the following threat actors seeks to defame, shed light on, or cripple an organization or government?

A

Hacktivist

105
Q

What is a hacktivist?

A

A hacktivist is any individual whose attacks are politically motivated

106
Q

A script kiddie is a threat actor who lacks knowledge and sophistication. Script kiddie attacks often seek to exploit well-known vulnerabilities in systems.

What is the BEST defense against script kiddie attacks?

A

Keep systems up to date and use standard security practices

107
Q

Which of the following best describes a script kiddie?

A

A hacker who uses scripts written by much more talented individuals

108
Q

Which of the following is the BEST definition of the term hacker?

A

A general term used to describe any individual who uses their technical knowledge to gain unauthorized access to an organization

109
Q

Which of the following is the correct definition of a threat?

A

Any potential danger to the confidentiality, integrity, or availability of information or systems

110
Q

Which of the following BEST describes a cyber terrorist?

A

Disrupts network-dependent institutions

111
Q

Which of the following could an employee also be known as?

A

Internal threat

112
Q

What is the storage location called that holds all the development source files that version control systems use?

A

Repository

113
Q

John is the IT manager at a mid-sized company. He has been tasked with improving the physical security of the company’s server room.

Which of the following actions would be the MOST effective in enhancing the physical security of the server room?

A

Installing a biometric access control system

114
Q

In your role as a security analyst, you need to stay up to date on the latest threats. You are currently reviewing the latest real-time updates on cyberthreats from across the world.

Which of the following resources are you MOST likely using?

A

Threat feeds

115
Q

Which of the following is an example of a vulnerability?

A

An enabled USB port

116
Q

The root account has all privileges and no barriers. Which of the following is another name for the root account?

A

Superuser account

117
Q

Which of the following authentication protocols transmits passwords in cleartext and, therefore, is considered too unsecure for modern networks?

A

PAP

118
Q

Which of the following is the weakest hashing algorithm?

A

MD5

119
Q

You have transferred an encrypted file across a network using the Server Message Block (SMB) Protocol. What happens to the file’s encryption?

A

The file is unencrypted when moved.

120
Q

Every ACME computer comes with the same account created at the factory. Which kind of vulnerability is this?

A

Default accounts and passwords

121
Q

Which of the following do security templates allow you to do? (Select two.)

A

Quickly apply settings to multiple computers
Configure consistent security settings between devices

122
Q

What does the netstat -a command show?

A

All listening and non-listening sockets

123
Q

You need to increase the security of your Linux system by finding and closing open ports. Which of the following commands should you use to locate open ports?

A

nslookup

124
Q

In which of the iptables default chains would you configure a rule to allow an external device to access the HTTPS port on the Linux server?

A

Input

125
Q

A wireless access point configured to use Wired Equivalent Privacy (WEP) is an example of which kind of vulnerability?

A

Weak security configurations

126
Q

You are deploying a brand new router. What is one of the first things you should do?

A

Update the firmware

127
Q

When confidential or protected data is exposed, either intentionally or accidentally, it is considered to be which of the following?

A

Data breach

128
Q

DNS tunneling is a common method that allows an attacker to accomplish which attack?

A

Data exfiltration

129
Q

Which impact of vulnerabilities occurs when an attacker uses information gained from a data breach to commit fraud by doing things like opening new accounts with the victim’s information?

A

Identity theft

130
Q

Sometimes, an attacker’s goal is to prevent access to a system rather than to gain access. This form of attack is often called a denial-of-service attack and causes which impact?

A

Availability loss

131
Q

Which formula is used to determine a cloud provider’s availability percentage?

A

Uptime/uptime + downtime

132
Q

You have configured an NIDS to monitor network traffic. Which of the following describes harmless traffic that has been identified as a potential attack by the NIDS device?

A

False positive

133
Q

Which of the following describes a false positive when using an IPS device?

A

Legitimate traffic being flagged as malicious

134
Q

In your role as a security analyst, you ran a vulnerability scan, and several vulnerabilities were reported. Upon further inspection, none of the vulnerabilities actually existed.

Which type of result is this?

A

False positive

135
Q

Which of the following describes the worst possible action by an IDS?

A

The system identified harmful traffic as harmless and allowed it to pass without generating any alerts.

136
Q

A security administrator logs onto a Windows server on her organization’s network. Then she runs a vulnerability scan on that server.

Which type of scan was conducted in this scenario?

A

Credentialed scan

137
Q

A security administrator needs to run a vulnerability scan that analyzes a system from the perspective of a hacker attacking the organization from the outside.

Which type of scan should he or she use?

A

Non-credentialed scan

138
Q

You have run a vulnerability scanning tool and identified several patches that need to be applied to a system. What should you do next after applying the patches?

A

Run the vulnerability assessment again.

139
Q

You have implemented a new application control solution. After monitoring traffic and use for a while, you have noticed an application that continuously circumvents blocking.

How should you configure the application control software to handle this application?

A

Tarpit

140
Q

You want to be able to identify the services running on a set of servers on your network. Which tool would BEST give you the information you need?

A

Vulnerability scanner

141
Q

For some reason, when you capture packets as part of your monitoring, you aren’t seeing much traffic. What could be the reason?

A

You forgot to turn on promiscuous mode for the network interface.

142
Q

Which SIEM component is responsible for gathering all event logs from configured devices and securely sending them to the SIEM system?

A

Collectors

143
Q

You are concerned that an attacker can gain access to your web server, make modifications to the system, and alter the log files to hide his or her actions. Which of the following actions would best protect the log files?

A

Use syslog to send log entries to another server

144
Q

Which of the following systems is able to respond to low-level security events without human assistance?

A

SOAR

145
Q

A company has recently experienced a significant increase in the volume of security alerts. The security team is struggling to keep up with the volume and is concerned that they may miss a critical alert.

The company is considering implementing a Security Orchestration, Automation, and Response (SOAR) system.

Which of the following would be the MOST likely benefit of implementing a SOAR system?

A

The SOAR system will automate routine, tedious, and time-consuming tasks

146
Q

You have been hired to perform a penetration test for an organization. You are given full knowledge of the network before the test begins.

Which type of penetration test are you performing?

A

White box

147
Q

As part of a special program, you have discovered a vulnerability in an organization’s website and reported it to the organization. Because of the severity, you are paid a good amount of money.

Which type of penetration test are you performing?

A

Bug bounty

148
Q

Which of the following uses hacking techniques to proactively discover internal vulnerabilities?

A

Penetration testing

149
Q

Which of the following activities are typically associated with a penetration test?

A

Attempt social engineering

150
Q

What is the primary purpose of penetration testing?

A

Test the effectiveness of your security perimeter

151
Q

Which phase or step of a security assessment is a passive activity?

A

Reconnaissance

152
Q

Which of the following items would be implemented at the Network layer of the security model?

A

Penetration testing

153
Q

Which of the following is a very detailed document that defines exactly what is going to be included in the penetration test?

A

Scope of work

154
Q

Which step in the penetration testing life cycle is accomplished using rootkits or Trojan horse programs?

A

Maintain access

155
Q

The process of walking around an office building with an 802.11 signal detector is known as?

A

War driving

156
Q

Gathering as much personally identifiable information (PII) on a target as possible is a goal of which reconnaissance method?

A

OSINT

157
Q

What is OSINT?

A

Open-source intelligence

158
Q

You are the security analyst for your organization and have discovered evidence that someone is attempting to brute-force the root password on the web server. Which classification of attack type is this?

A

Active

159
Q

Which classification of attack type does packet sniffing fall under?

A

Passive

160
Q

Which type of reconnaissance is dumpster diving?

A

Passive

161
Q

Which passive reconnaissance tool is used to gather information from a variety of public sources?

A

theHarvester

162
Q

You have been hired as part of the team that manages an organization’s network defense.

Which security team are you working on?

A

Blue

163
Q

What are the Blue team members?

A

The defense of the system. This team is responsible for stopping the red team’s advances.

164
Q

You have been promoted to team lead of one of the security operations teams.

Which security team are you now a part of?

A

White

165
Q

What are White team members?

A

The referees of cybersecurity. This team is responsible for managing the engagement between the red and blue teams. This group typically consists of the managers or team leads.

166
Q

What are Purple team members?

A

Members of the purple team work on both offense and defense. This team is a combination of the red and blue teams.