CertMike’s Practice Question of the Week

Question 1

Harry Believes That An Employee Of His Organization Launched A Privilege Escalation Attack To Gain Root Access On One Of The Organization’s Database Servers. The Employee Does Have An Authorized User Account On The Server. What Log File Would Be Most Likely To Contain Relevant Information?

A. Database Application Log
B. Firewall Log
C. Operating System Log
D. IDS Log

Answer 1

C. Operating System Log

A privilege escalation attack takes place against the operating system and information relevant to this attack is most likely found in the operating system logs. It is unlikely that the database application itself would be involved, so that application’s logs would not likely contain relevant information. The user has authorized access to the system, so the firewall and IDS logs would simply show that authorized access taking place.

Question 2

Peter Is Analyzing Network Flow Logs And Finds That A Server In His Organization Is Sending A Large Amount Of Traffic To A Single Destination. Upon Further Investigation, He Sees That The Server Is Receiving Very Small Repeated Requests From The Same Source On UDP Port 53 And Sends Very Large Responses. What Type Of Attack Should Peter Suspect?

A. DNS Amplification
B. DNS Spoofing
C. ARP Spoofing
D. ARP Amplification

Answer 2

Correct Answer: A

UDP port 53 is used by the Domain Name Service (DNS), so we can immediately eliminate the two answers that are about ARP-based attacks.The attack described in this scenario is indicative of an amplification attack, where the DNS requests are spoofed with a false source address belonging to the attack victim. This causes the DNS server to flood the victim with traffic. While this attack does use IP spoofing to insert a false source address, it is not a DNS spoofing attack because no DNS information is tampered with during the attack.

Question 3

Tonya Is Configuring Vulnerability Scans For A System That Is Subject To The PCI DSS Compliance Standard. What Is The Minimum Frequency With Which She Must Conduct Scans?

A. Daily
B. Weekly
C. Monthly
D. Quarterly

Answer 3

Correct Answer: D

PCI DSS requires that organizations conduct vulnerability scans on at least a quarterly basis, although many organizations choose to conduct scans on a much more frequent basis.

Question 4

Carmen Recently Collected Evidence From A Variety Of Sources And Is Concerned That The Clocks On The Systems Generating The Evidence May Not Be Synchronized. What Would Be Her Best Course Of Action?

A. Modify the system clocks
B. Configure the systems to use an NTP server
C. Record the time offsets for each device
D. Modify the time stamps in the evidence to match real time

Answer 4

Correct Answer: C

At this point, Carmen has already collected the evidence, so changing the system clocks (manually or through NTP) would have no effect. Carmen should never modify evidence that has already been collected, so her best course of action is to record the time offsets and make the adjustments in her analysis.

Question 5

Jodie Is Helping Her Organization Move Services Into A New Cloud-Based Service. This Includes Transferring PII About Her Company’s Customers. She Is Concerned About The Regulatory Impact Of That Move. What Country/Countries May Have Jurisdiction Over Customer PII Used In The New Cloud Service?

A. The countries where Jodie’s company is headquartered and the customer resides
B. The countries where the data is stored, Jodie’s company is headquartered and the customer resides
C. The country where the customer resides
D. The country where Jodie’s company is headquartered

Answer 5

Correct Answer: B

The use of cloud services is complicated from a regulatory perspective. It is possible that each of the countries involved has some jurisdiction over the data.These include the country where the cloud provider has its data centers, the country where the customer resides, and the home country of Jodie’s company.

Question 6

Renee Is Configuring Her Vulnerability Management Solution To Perform Credentialed Scans Of Servers On Her Network. What Type Of Account Should She Provide To The Scanner?

A. Domain Administrator
B. Local Administrator
C.Root Account
D. Read Only Account

Answer 6

Correct Answer: D

Question 7

Alison Is Preparing To Testify In Court About The Results Of A Forensic Investigation Conducted After A Security Breach. As An Expert Witness, She Will Be Sharing Her Interpretation Of The Evidence Collected By Others. What Type Of Evidence Will Alison Be Giving?

A. Hearsay
B. Documentary
C. Testimonial
D. Tangible

Answer 7

Correct Answer: C

Question 8

Beth Is Using The Cyber Kill Chain Approach To Analyzing The Actions Of An Intruder On Her Network. She Finds Evidence That The Most Recent Activity Of The Attacker Was To Successfully Use A Buffer Overflow Attack To Gain Control Of A System. What Stage Is The Attacker In?

A. Attacker in exploitation
B. Weaponization
C. Command and Control
D. Installation

Answer 8

Correct Answer: A

Question 9

Vickie Recently Gathered Digital Evidence And Would Like To Be Able To Provide Future Users Of That Evidence With The Ability To Verify Non-Repudiation. How Can She Provide This?

A. Generate a hash value from the evidence
B. Digitally sign the evidence
C. Encrypt the evidence
D. Generate a checksum from the evidence

Answer 9

Correct Answer: B

Question 10

You Are Seeking To Secure A Windows Server And Would Like To Find A Security Standard That Is Independent Of Both Government Agencies And The Vendors Involved In Providing Your Operating System And Software. Which One Of The Following Sources Would Best Meet Your Needs?

A. CIS
B. NIST
C. NSA
D. Microsoft

Answer 10

Correct Answer: A