Book Cards (set 2) Flashcards
How can you determine how critical a vulnerability is?
Check CVSS
When customer data is being collected, what role does the customer fullfil?
Data Subject
What can be used in a database if you only want to see the last three digits of a VISA card number?
Masking
How can data be stolen from an air-gapped network?
Removable device such as a USB
How can you verify the last time a file had been updated?
Check its metadata or version control
What is VM Escape?
An attack in which a hacker attacks the host, hypervisor, or guest from a vulnerable guest virtual machine
What is the purpose of a snapshot?
A snapshot allows you to roll back a virtual machine to a previous set of settings
What tool could an attacker use to carry out a pivoting attack?
nmap
What virtual environment is controlled by the company and accessed by a thin client?
Virtual Desktop Infrastructure (VDI)
What would allow you to roll back to an old operating system or configuration?
Snapshot
An IT Technician tried to apply an update to an Exchange Server for the first time but was unsuccessful. What is the most likely reason for this?
The organization has implemented the principle of least privilege and has not granted the technician the correct permissions to do so.
In an IaaS model, who is responsible for securing the data?
The client
What type of attack changes its hash value as it replicates?
A polymorphic virus replicates and mutates as it moves from host to host, which changes the hash.
What is the easiest way to check a servers settings on a daily base?
Use automation
What is the easiest way to set up desktops in a cloud environment?
Using Infrastructure as Code
How can the IT Team protect a managers laptop when away from the office?
by implementing a Secure Web Gateway (SWG)
What are you searching for when you are trying to find out the cause of an incident?
Root Cause Analysis
When you deliver normal training followed by more advanced training, what is this called?
Phased Rollout
How should you investigate potentially dangerous malware?
Test it in a virtual machine or cuckoo sandbox
What type of board provides oversight, governance, and an additional layer of assurance that an organization is effective?
Audit committee
What involves the meticulous examination of an organizations processes, practices, and policies to ensure they align with regulatory requirements?
Due diligence
You have rolled out 10 Wireless Access Points (WAP) across a company but are unable to connect them all to the wireless network. What should you have done before implementing the rollout?
A site survey should have been carried out before installing a wireless network as many factors can interfere with the communication
How can you circumvent a captive portal at an airport?
You could spoof a MAC address to bypass it
What type of wireless payment is commonly used on mobile telephones?
Near Field Communication (NFC)
What do you need to install on a wireless device that is going to use EAP-TLS for authentication?
EAP-TLS requires a valid certificate to be installed on the endpoint
