Book Cards (set 2)

Question 1

How can you determine how critical a vulnerability is?

Answer 1

Check CVSS

Question 2

When customer data is being collected, what role does the customer fulfil?

Answer 2

Data Subject

Question 3

What can be used in a database if you only want to see the last three digits of a VISA card number?

Answer 3

Masking

Question 4

How can data be stolen from an air-gapped network?

Answer 4

Removable device such as a USB

Question 5

How can you verify the last time a file had been updated?

Answer 5

Check its metadata or version control

Question 6

What is VM Escape?

Answer 6

An attack in which a hacker attacks the host, hypervisor, or guest from a vulnerable guest virtual machine

Question 7

What is the purpose of a snapshot?

Answer 7

A snapshot allows you to roll back a virtual machine to a previous set of settings

Question 8

What tool could an attacker use to carry out a pivoting attack?

Answer 8

nmap

Question 9

What virtual environment is controlled by the company and accessed by a thin client?

Answer 9

Virtual Desktop Infrastructure (VDI)

Question 10

What would allow you to roll back to an old operating system or configuration?

Answer 10

Snapshot

Question 11

An IT Technician tried to apply an update to an Exchange Server for the first time but was unsuccessful. What is the most likely reason for this?

Answer 11

The organization has implemented the principle of least privilege and has not granted the technician the correct permissions to do so.

Question 12

In an IaaS model, who is responsible for securing the data?

Answer 12

The client

Question 13

What type of attack changes its hash value as it replicates?

Answer 13

A polymorphic virus replicates and mutates as it moves from host to host, which changes the hash.

Question 14

What is the easiest way to check a server�s settings on a daily base?

Answer 14

Use automation

Question 15

What is the easiest way to set up desktops in a cloud environment?

Answer 15

Using Infrastructure as Code

Question 16

How can the IT Team protect a manager�s laptop when away from the office?

Answer 16

by implementing a Secure Web Gateway (SWG)

Question 17

What are you searching for when you are trying to find out the cause of an incident?

Answer 17

Root Cause Analysis

Question 18

When you deliver normal training followed by more advanced training, what is this called?

Answer 18

Phased Rollout

Question 19

How should you investigate potentially dangerous malware?

Answer 19

Test it in a virtual machine or cuckoo sandbox

Question 20

What type of board provides oversight, governance, and an additional layer of assurance that an organization is effective?

Answer 20

Audit committee

Question 21

What involves the meticulous examination of an organization�s processes, practices, and policies to ensure they align with regulatory requirements?

Answer 21

Due diligence

Question 22

You have rolled out 10 Wireless Access Points (WAP) across a company but are unable to connect them all to the wireless network. What should you have done before implementing the rollout?

Answer 22

A site survey should have been carried out before installing a wireless network as many factors can interfere with the communication

Question 23

How can you circumvent a captive portal at an airport?

Answer 23

You could spoof a MAC address to bypass it

Question 24

What type of wireless payment is commonly used on mobile telephones?

Answer 24

Near Field Communication (NFC)

Question 25

What do you need to install on a wireless device that is going to use EAP-TLS for authentication?

Answer 25

EAP-TLS requires a valid certificate to be installed on the endpoint