Book Cards (set 3)

Question 1

What provides a detailed breakdown of the work to be performed, the timeline for completion, the expected deliverables, and the agreed-upon compensation?

Answer 1

Statement of Work (SOW)

Question 2

What signifies that an organization acknowledges its responsibilities and will adhere to the prescribed regulations?

Answer 2

Attestation

Question 3

How might you recover old data from an encrypted smart card?

Answer 3

A key escrow will have an old copy of the private keys

Question 4

What agreement type is measured in metrics?

Answer 4

Service Level Agreement (SLA)

Question 5

Apart from due diligence, what would prevent you from selecting a particular vendor?

Answer 5

Conflicts of interest

Question 6

What type of pen testing works on a rewards basis?

Answer 6

Bug Bounty

Question 7

What is your risk strategy if you take no action?

Answer 7

Risk Acceptance

Question 8

How can you find out who amended a medical record?

Answer 8

Review the audit trail

Question 9

What is Nessus?

Answer 9

A remote scanning tool that can identify vulnerabilities that hackers can exploit

Question 10

What looks at payment terms, resolution mechanism disputes, confidentiality clauses, and liability provisions?

Answer 10

A Master Service Agreement

Question 11

What is an on-path attack?
Name 2 attack type examples.

Answer 11

An interception Attack

Man-in-the-Middle and replay attacks

Question 12

What type of attack uses a tar.gz file extension?

Answer 12

Remote Access Trojan (RAT)

Question 13

Code phrases 1=1 and SELECT * are indicative of what kind of attack?

Answer 13

SQL Injection

Question 14

What log files detail the surfing habits of a user?

Answer 14

DNS Log files

Question 15

What framework examines the adversary, capabilities, infrastructure, and victim in an attack?

Answer 15

The Diamond Model of Intrusion Analysis

Question 16

What type of attacks use HTML tags and JavaScript?

Answer 16

Cross Site Scripting (XSS)

Question 17

How can you tell if a script is JavaScript?

Answer 17

It has a .js file extension

Question 18

How can you identify which websites an individual has visited?

Answer 18

Check DNS log files

Question 19

In what type of attack would multiple board members be sent an email asking for their bank details?

Answer 19

Spear Phishing attack

Question 20

How can a CSP load balance data?

Answer 20

using geographical dispersion

Question 21

What type of attack redirects you from a legitimate website to a fraudulent one?

Answer 21

Pharming or DNS Poisoning

Question 22

If you steal someone elses cookie, what type of attack is this?

Answer 22

Session Replay, sometimes know as session hijacking

Question 23

Why would you use a honeypot?

Answer 23

To attract an attacker and monitor their attack methods

Question 24

What would happen if a financial institution failed a PCI DSS inspection?

Answer 24

The institution would be issued a regulatory fine

Question 25

How could an administrator access a network with a VPN?

Answer 25

using a jump server