Comptia review questions

Question 1

You go out the back door of your building and notice someone looking
through your company’s trash. If this person were trying to acquire sensitive
information, what would this attack be known as?

Answer 1

Dumpster diving

Question 2

User education can help to defend against which type of attacks?

Answer 2

Social engineering

Question 3

You can often configure your email servers or email cloud services to add
a message in the email subject line to identify emails that are coming from
outside of the organization. This technique is also known as __________.

Answer 3

Prepending

Question 4

What is the most common reason that social engineering succeeds?

Answer 4

Lack of user awareness

Question 5

In which two environments would social engineering attacks be most effective?

Answer 5

A public building with shared office space

Question 6

What is a social engineering technique used by adversaries that leverages user
errors (“typos”) when entering a given URL in their web browser for a given
website?

Answer 6

Typo squatting

Question 7

A man pretending to be a data communications repair technician enters your
building and states that there is networking trouble and he needs access to the
server room. What is this an example of?

Answer 7

Social engineering

Question 8

Turnstiles, double entry doors, and security guards are all preventive measures
for what kind of social engineering?

Answer 8

Tailgating

Question 9

What is the social engineering technique where the attacker redirects the
victim from a valid website or resource to a malicious one that could be made
to appear as the valid site to the user?

Answer 9

Pharming

Question 10

Why would you implement password masking and privacy screens/filters?

Answer 10

To deter shoulder surfing

Question 11

What is a group of compromised computers that have software installed by a
worm or Trojan?

Answer 11

Botnet

Question 12

What term is often used to describe a compromised system that can be
updated automatically and remotely?

Answer 12

Bot

Question 13

What is a common symptom of spyware?

Answer 13

Pop-up windows with advertisements

Question 14

You noticed that your DHCP server is flooded with information. After analyzing this condition, you found that the information is coming from more than
100 computers on the network. What is most likely the reason?

Answer 14

You have been infected with a worm

Question 15

Which type of malicious software encrypts sensitive files and asks the user to
pay in order to obtain a key recover those files?

Answer 15

Ransomware

Question 16

What is a malicious attack that executes at the same time every week?

Answer 16

Logic bomb

Question 17

What is still one of the most common ways that attackers spread ransomware?

Answer 17

Through email

Question 18

What is a type of malware that appears to a user as legitimate but actually
enables unauthorized access to the user’s computer?

Answer 18

Trojan

Question 19

What tool is used by many penetration testers, attackers, and even malware
that can be useful for retrieving password hashes from memory?

Answer 19

Mimikatz

Question 20

What is the act of restructuring driver code called?

Answer 20

Driver refactoring

Question 21

What type of attack occurs when the attacker performs an MITM attack and
can redirect a client to an insecure HTTP connect?

Answer 21

SSL stripping attack

Question 22

What is a modern framework of API documentation and development that is
the basis of the OpenAPI Specification (OAS)?

Answer 22

Swagger

Question 23

What type of attack occurs when a user browsing the web is tricked into clicking something different than what the user thought he or she was clicking?

Answer 23

Clickjacking

Question 24

What type of attack is difficult to exploit because it takes advantage of the
small window of time between when a service is used and its corresponding
security control is executed in an application, operating system, or when temporary files are created?

Answer 24

Race condition

Question 25

What feature is supported in most modern operating systems that can help
prevent the exploitation of buffer overflows, remote code execution, and memory corruption vulnerabilities?

Answer 25

Address space layout randomization (ASLR)

Question 26

What is a type of input validation vulnerability and attack against an application that parses XML input?

Answer 26

XML External Entity (XXE)

Question 27

What is a Microsoft scripting language that attackers have used to perform
postexploitation activities such as privilege escalation or to enumerate users?

Answer 27

PowerShell

Question 28

What is a standard that was designed to thwart spammers from spoofing your
domain to send email?

Answer 28

DMARC

Question 29

What is a web application vulnerability that could allow an attacker to perform
a URL redirection attack?

Answer 29

Cross-site scripting (XSS)

Question 30

What is the modification of name resolution information that should be in a
DNS server’s cache?

Answer 30

DNS poisoning

Question 31

In what type of attack does the attacker sniff the network for valid MAC
addresses and then use those MAC addresses to perform other actions?

Answer 31

MAC cloning or spoofing

Question 32

What includes the tactics and techniques that adversaries use while preparing
for an attack, including gathering of information (open-source intelligence,
technical and people weakness identification, and more)?

Answer 32

MITRE PRE-ATT&CK

Question 33

What standard was designed to document threat intelligence in a machinereadable format?

Answer 33

STIX

Question 34

What standard was designed as a transport mechanism of threat intelligence
and to perform automated indicator sharing (AIS)?

Answer 34

TAXII

Question 35

What is the vulnerability database maintained by NIST?

Answer 35

National Vulnerability Database (NVD)

Question 36

What is the attack vector where evil twins are used?

Answer 36

Wireless

Question 37

You were hired to perform a penetration test against three different applications for a large enterprise. You are considered a(n) ______________ hacker.

Answer 37

Authorized or ethical

Question 38

You are hired to investigate a cyber attack. Your customer provided different
types of information collected from compromised systems such as malware
hashes and the IP address of a potential command and control (C2). What are
these elements often called?

Answer 38

Indicators of compromise (IoCs)

Question 39

What name is often used to describe a government or state-sponsored
persistent and sophisticated attack?

Answer 39

Advanced persistent threat (APT)

Question 40

What is the term used when an employee or a group of employees use IT
systems, network devices, software, applications, and services without the
approval of the corporate IT department?

Answer 40

Shadow IT

Question 41

What software tool or service acts as the gatekeeper between a cloud offering
and the on-premises network, allowing an organization to extend the reach of
its security policies beyond its internal infrastructure?

Answer 41

Cloud access security broker (CASB)

Question 42

What is the name given to a type of vulnerability that is disclosed by an
individual or exploited by an attacker before the creator of the software can
create a patch to fix the underlying issue?

Answer 42

Zero-day vulnerability

Question 43

What cloud architecture model is a mix of public and private, but one where
multiple organizations can share the public portion?

Answer 43

Community cloud

Question 44

What type of vulnerability occurs when an attacker obtains control of a target
computer through some sort of vulnerability, gaining the power to execute
commands on that remote computer?

Answer 44

Remote code execution (RCE)

Question 45

What protocol uses TCP ports 465 or 587 in most cases?

Answer 45

SMTP with TLS encryption

Question 46

What type of vulnerability scanner can be used to assess vulnerable web
services?

Answer 46

A web application vulnerability scanner

Question 47

1

Answer 47

1

Question 48

What documents do vendors, vulnerability coordination centers, and security
researchers publish to disclose security vulnerabilities?

Answer 48

Security advisories and bulletins

Question 49

What term is used to describe an organization that can assign CVEs to
vulnerabilities?

Answer 49

CVE Numbering Authorities (CNAs)

Question 50

What public database can anyone use to obtain information about security
vulnerabilities affecting software and hardware products?

Answer 50

National Vulnerability Database (NVD)

Question 51

How many score “groups” are supported in CVSS?

Answer 51

Three

Question 52

A vulnerability with a CVSS score of 4.9 is considered a ___________ severity
vulnerability.

Answer 52

Medium

Question 53

What is the process of iteratively looking for threats that may have bypassed
your security controls?

Answer 53

Threat hunting

Question 54

You were hired to perform a penetration test against a set of applications. After
the exploitation phase, you need to maintain a foothold in a compromised
system to perform additional tasks such as installing and/or modifying services
to connect back to the compromised system. This process is referred to as
_____________.

Answer 54

Persistence

Question 55

What is the process of elevating the level of authority (privileges) of a
compromised user or a compromised application?

Answer 55

Privilege escalation

Question 56

What is the term used to define the type of testing where the penetration
testers may be provided credentials but not full documentation of the network
infrastructure?

Answer 56

Partially known environment

Question 57

What is the term used when an organization provides recognition or
compensation to security researchers and ethical hackers who report security
vulnerabilities or bugs? Often organizations can use brokers and companies
that manage the compensation and communication with the security
researchers.

Answer 57

Bug bounties

Question 58

OSINT is used in the ________ reconnaissance phase of the penetration
testing lifecycle.

Answer 58

Passive

Question 59

In the context of site resiliency, a ________ will have backups of data that
might need to be restored; they will probably be several days old. This type
of site is chosen most often by organizations because it has a good amount of
configuration yet remains less expensive than a hot site

Answer 59

Warm site

Question 60

What can be used as bait files intended to lure adversaries to access and then
send alarms to security analysts for detection?

Answer 60

Honeyfiles

Question 61

What is the name given to a set of access control technologies that are used to
control the use of proprietary hardware, software, and copyrighted works?

Answer 61

Digital rights management (DRM)

Question 62

What term is used when data is actively used and undergoing constant
change? For instance, data could be stored in databases or spreadsheets and be
processed by running applications.

Answer 62

Data in use/processing

Question 63

What is the process of generating a random value for plaintext data and
storing the mapping in a database?

Answer 63

Tokenization

Question 64

What system can be used to interconnect a virtual private cloud (VPC) and
on-premises networks?

Answer 64

Transit gateway

Question 65

___________ are used in the process of creating, assigning, and managing rules
over the cloud resources that systems (virtual machines, containers, and so on)
or applications use.

Answer 65

Resource policies

Question 66

What is a series of tools and technologies used to connect different systems,
applications, code repositories, and physical or virtual network infrastructure
to allow the real-time exchange of data and processes?

Answer 66

Cloud services integration

Question 67

AWS Lambda is an example of which type of cloud service architecture?

Answer 67

Serverless architecture

Question 68

OpenDaylight (ODL) is an example of a(n) _________ controller.

Answer 68

SDN

Question 69

What type of debugging is carried out by examining the code without executing the program? It can be done by scrutinizing code visually, or with the aid
of specific automated tools—static code analyzers—based on the language
being used

Answer 69

Static analysis

Question 70

What is the process of measuring your source code’s quality when it is passed
on to the quality assessment (QA)?

Answer 70

Software integrity measurement

Question 71

What is the software development environment where you create your code
on your computer or in the cloud?

Answer 71

Development

Question 72

What is a development environment that allows you to test your code or application but is as similar to the production environment as it can be? This environment allows you to ensure that each component of your application still
does its job with everything else going on around it.

Answer 72

. Staging

Question 73

What is a software development and project management process where a
project is managed by breaking it up into several stages and involving constant
collaboration with stakeholders and continuous improvement and iteration at
every stage?

Answer 73

Agile

Question 74

What can replicate data widely to increase availability and reliability and thus
reduce response time?

Answer 74

Directory services

Question 75

What directory service operation targets a specific, unique entry, such as a
domain name?

Answer 75

Lookup

Question 76

What is the process where one system is responsible for authentication of a
user and provides that information to another resource as authenticated?

Answer 76

Federation

Question 77

Which biometric method uses blood vessel patterns as a personal identifying
factor?

Answer 77

Vein or vein authentication

Question 78

What is the study of a human motion, body mechanics, and activity of the
muscles?

Answer 78

Gait analysis

Question 79

What is the point where the false rejection rate (FRR) and the false acceptance
rate (FAR) are equal?

Answer 79

The crossover error rate (CER) describes the point where the false rejection
rate (FRR) and false acceptance rate (FAR) are equal. The crossover error rate
describes the overall accuracy of a biometric system.

Question 80

What is geographical dispersal?

Answer 80

Geographical dispersal is the practice of placing valuable data assets around
the city, state, country, or world to provide an extra level of protection from
attacks, mistakes, and disasters.

Question 81

What is disk redundancy?

Answer 81

In the simplest of terms, disk redundancy is a system’s ability to write data to
two or more disks at the same time. Having the same data stored on separate
disks enables you to recover the data in the event of a disk failure.

Question 82

What is a UPS?

Answer 82

An uninterruptible power supply or uninterruptible power source (UPS) is
an electrical device that provides emergency power to a load when the input
power source or mains power fails. Generally, UPSs are battery based—a bank
of batteries and circuits that provide power during main power failure.

Question 83

What is replication?

Answer 83

Data replication via a SAN is the most common method of replication. Replicating data from one data center to another via dual SANs allows you to replicate large volumes of data quickly using SAN technology

Question 84

What is reverting to known state?

Answer 84

Reverting to known state is returning the system to a state prior to a specific
moment in time or state of existence.

Question 85

What is an Arduino device?

Answer 85

Arduino devices are hardware and software combined into an extremely flexible platform; they can read inputs such as a light on a sensor or a button press.
The Arduino software is easy for beginners to use yet flexible enough for
advanced users. It runs on Mac, Windows, and Linux.

Question 86

What is the purpose of an FPGA?

Answer 86

Field-programmable gate arrays (FPGAs) are integrated circuits designed to
be configured by a customer or designer after manufacturing—hence the term
field programmable

Question 87

What systems do the SCADA/ICS control systems actually control in the
manufacturing process?

Answer 87

In the manufacturing process, control systems can help with the reduction of
product errors and discards, due to earlier problem detection and remedies.
These systems improve productivity, maximizing the effectiveness of machine
uptime.

Question 88

Look around your house. What IoT-related devices do you own? What is the
number one problem with IoT devices being developed and sold?

Answer 88

Cybersecurity and attacks on the platform are the biggest problem with IoT
devices being developed and sold. Cybersecurity must be designed into IoT
devices from the ground up and at all points in the ecosystem to prevent vulnerabilities in one part from jeopardizing the security of the entire system.

Question 89

Today’s vehicles are mostly computerized. Which protocol/system do most
vehicles use for ECU to communicate between themselves?

Answer 89

The CAN bus system enables each ECU to communicate with all other
ECUs, without complex dedicated wiring. An ECU can prepare and broadcast
information (that is, sensor data) via the CAN bus, consisting of two wires—
CAN low and CAN high. The broadcasted data is accepted by all other ECUs
on the CAN network.

Question 90

What are badges used for in physical security controls?

Answer 90

An access badge is a credential used to gain entry to an area having automated
readers for access control entry points

Question 91

What purpose does signage serve in controlling security in a building or
factory?

Answer 91

Appropriately placed signage provides direction and guidance for staff and
visitors; it also provides clear expectations and the repercussions for failure to
abide by those rules.

Question 92

What does industrial camouflage accomplish in today’s business and industrial
environment?

Answer 92

It enables corporate, industrial, and data centers to blend into their environment. When you surround the premises with trees, bushes, and vegetation and
implement low-profile security measures around the perimeter, the building
becomes one with the area. This ensures it does not stick out and become a
highly visible target.

Question 93

How does two-person integrity/control ensure systems and corporate data
integrity are accomplished?

Answer 93

One of the two people is there as an observer; this person monitors the person
performing the work and ensures that person is performing work exactly as
described in the change request and can also question any variance. The monitor typically reports any unusual or suspicious activity immediately to security
or the guards’ office.

Question 94

What sensors provide access to an area?

Answer 94

A proximity reader or prox reader, typically an RFID reader, reads a card by
placing it near (within proximity of) the reader. The reader sends energy in the
form of a field to the card, powering up the card, which enables the reader to
read the information stored on the prox card. Prox cards are used as part of an
access control system.

Question 95

Digital signatures employ which stream type?

Answer 95

Digital signatures employ asymmetric cryptography. In many instances, they
provide a layer of validation and security to messages sent through a nonsecure
channel. Properly implemented, a digital signature gives the receiver reason to
believe the message was sent by the claimed sender

Question 96

2

Answer 96

2

Question 97

What are key stretching techniques used for?

Answer 97

Key stretching techniques are used to make a possibly weak key, typically a
password or passphrase, more secure against brute-force attacks by increasing
the resources (time and possibly space) needed to test each possible key

Question 98

What does salting passwords protect against?

Answer 98

Salts defend against a precomputed hash attack. Because salts are different in
each case, they also protect commonly used passwords, or those users who use
the same password on several sites, by making all salted hash instances for the
same password different from each other.

Question 99

What type of key do block ciphers use?

Answer 99

Block ciphers are an encryption method that applies a deterministic algorithm
along with a symmetric key to encrypt a block of text instead of encrypting
one bit at a time as in stream ciphers.

Question 100

What type of encryption is known as public key cryptography?

Answer 100

Asymmetric encryption is also known as public key cryptography; asymmetric
encryption uses two keys to encrypt plaintext. Secret keys are exchanged over
the network. This type of encryption ensures that malicious persons do not
misuse the keys. It is important to note that anyone with the secret key can
decrypt the message, and this is why asymmetric encryption uses two related
keys to boost security.

Question 101

With an asymmetric key system, to send an encrypted message to someone,
what must you encrypt the message with?

Answer 101

In an asymmetric key system, each user has a pair of keys: a private key and a
public key. To send an encrypted message, you must encrypt the message with
the recipient’s public key. The recipient then decrypts the message with his or
her private key. The easiest thing to remember is that public keys encrypt and
private keys decrypt

Question 102

What kind of key is designed to be used for a single transaction or session?

Answer 102

Ephemeral describes something of a temporary or short duration. Ephemeral keys are designed to be used for a single transaction or session. The term
ephemeral is increasingly used in computer technology.

Question 103

What is a secure protocol?

Answer 103

A cryptographic protocol or encryption protocol is an abstract of a protocol
that performs a security-related function and applies cryptographic methods,
often as sequences of cryptographic primitives.

Question 104

How does SSH help secure connections?

Answer 104

SSH uses encryption to ensure secure transfer of information between the host
and the client. Host refers to the remote server you are trying to access, and
the client is the computer you are using to access the host.

Question 105

What cryptography method does S/MIME use?

Answer 105

S/MIME is based on asymmetric cryptography, which uses a pair of mathematically related keys to operate: a public key and a private key.

Question 106

Secure Real-Time Transport Protocol uses which cipher by default?

Answer 106

SRTP and SRTCP use the Advanced Encryption Standard (AES) as the
default cipher

Question 107

LDAPS is a secure version of LDAP that is used to communicate with Active
Directory. What TCP port does LDAPS over SSL/TLS use?

Answer 107

You can enable LDAPS by installing a properly formatted certificate from a
certificate authority (CA) according to the guidelines. LDAPS over SSL/TLS
uses TCP port 636.

Question 108

What are the three strategies that antimalware software uses to protect systems from malicious software?

Answer 108

Antimalware software uses signature-based detection, behavior-based detection, and sandboxing

Question 109

What is the first step toward achieving a trusted infrastructure on computers
and networking devices?

Answer 109

Boot integrity refers to using a secure method to boot a system and verify the
integrity of the operating system and loading mechanism. Boot integrity represents the first step toward achieving a trusted infrastructure

Question 110

In boot attestation, what is measured and committed during the boot process?

Answer 110

In boot attestation, software integrity measurements are immediately committed to during boot, thus relaxing the traditional requirement for secure
storage

Question 111

What places an exterior guard on the internal contents of a device?

Answer 111

Full-disk encryption (FDE) is a cryptographic method that applies encryption
to the entire hard drive, including data, files, operating system, and software
programs. FDE encryption places an exterior guard on the internal contents of
the device

Question 112

What aspect of a disk array requires that replacement drives be configured to
match the encryption protection at installation?

Answer 112

Self-encrypting drives (SEDs) are disk drives that use an encryption key to
secure the data stored on the disk. This encryption protects the data and array
from data theft when a drive is removed from the array. Because SED operates
across all disks in an array at once, the drive must be configured as an SED
when introduced to the array

Question 113

During an audit of your servers, you notice that most servers have large
amounts of free disk space and have low memory utilization. What is the primary impact on your organization when utilizing this type of practice?

Answer 113

Cost

Question 114

What concept of network security can help defend against pivoting during a
compromise?

Answer 114

Network segmentation

Question 115

Which kind of VPN implementation does not install software on the host system to establish the VPN connection?

Answer 115

Clientless

Question 116

In which type of attack does an attacker generate a high number of requests
over port 53?

Answer 116

DNS amplification

Question 117

Which type of network security control could be used to control access to a
network based on the security posture?

Answer 117

Network access control (NAC)

Question 118

Which type of management access would require an alternative path?

Answer 118

Out-of-Band

Question 119

Which feature present in most Cisco switches is used to provide access control
by restricting the MAC address that can connect?

Answer 119

Port security

Question 120

Which type of appliance secures a network by keeping machines behind it
anonymous?

Answer 120

Proxy server

Question 121

Which type of ACL would control access based on MAC address?

Answer 121

Layer 2

Question 122

Which routing protocol is most common in route manipulation attacks?

Answer 122

Border Gateway Protocol (BGP)

Question 123

Which QOS feature can be used for guaranteed bandwidth?

Answer 123

Class-based weighted fair queuing (CBWFQ)

Question 124

Which type of IPv6 address is structured like a unicast address?

Answer 124

Anycast

Question 125

What is one of the key enhancements in WPA3 and a replacement for PSKl?

Answer 125

SAE

Question 126

What type of EAP authentication uses the protected access credential?

Answer 126

EAP-FAST

Question 127

What type of EAP authentication uses the protected access credential?

Answer 127

CCMP

Question 128

What encryption protocol addresses some of the vulnerabilities of TKIP?

Answer 128

Supplicant

Question 129

Which component of 802.1X is a software client?

Answer 129

Authenticator

Question 130

3

Answer 130

3

Question 131

Which tool can be used to get a visual picture of Wi-Fi channel saturation?

Answer 131

Wi-Fi Analyzer

Question 132

Which encryption protocol is used with WPA2 and WPA3?

Answer 132

AES

Question 133

What solution do some organizations use to address BYOD challenges, where
users connect to an environment to access all the applications and data needed
to do their work?

Answer 133

Virtual desktop infrastructure (VDI)

Question 134

What is a security enhancement based on mandatory access control (MAC)?

Answer 134

SEAndroid

Question 135

What is the adding of data to content that would help gather location-specific
information?

Answer 135

Geotagging

Question 136

What is the denial of individual applications called?

Answer 136

Application deny/block list

Question 137

What is the sending of unsolicited messages to Bluetooth-enabled devices such
as mobile phones?

Answer 137

Bluejacking

Question 138

What mobile phone feature allows a phone to connect an external device such
as a USB flash drive?

Answer 138

USB On-The-Go (USB OTG)

Question 139

What is the unauthorized access of information from a wireless device through
a Bluetooth connection?

Answer 139

Bluesnarfing

Question 140

What is the art of loading third-party apps from a location outside the official
application store for that device?

Answer 140

Sideloading

Question 141

. In cloud computing environments, which type of policy would be used to control access to things like CPU and memory allocation?

Answer 141

Resource policies

Question 142

What cloud security control is utilized by a cloud computing environment to
handle API keys?

Answer 142

Secrets management

Question 143

In cloud computing environments, what is a term used for storage instances?

Answer 143

Buckets

Question 144

Which type of subnet would have a route to the Internet?

Answer 144

Public subnet

Question 145

What tool is used to control access to cloud-based environments?

Answer 145

CASB

Question 146

What cloud security solution would help to enable remote worker access more
efficiently?

Answer 146

SWG

Question 147

Which Open Systems Interconnection (OSI) layer do cloud-based firewalls
focus on?

Answer 147

Application

Question 148

Which type of cloud control is typically provided by the actual cloud
computing environment vendor?

Answer 148

Cloud native

Question 149

Which command can be used to determine who is logged in to a Linux
system?

Answer 149

whoami

Question 150

What factor of multifactor authentication utilizes something you are?

Answer 150

Biometrics

Question 151

How many factors are needed for multifactor authentication?

Answer 151

Two

Question 152

Which type of password is generated by an external entity and synchronized
with internal resources?

Answer 152

One-time password (OTP)

Question 153

What type of access control is dynamic and context-aware?

Answer 153

Attribute-based access control (ABAC)

Question 154

_________ is the actual method of determining the physical location of the
user trying to authenticate.

Answer 154

Geolocation

Question 155

What is a security model where users are given only the number of privileges
needed to do their job?

Answer 155

Least privilege

Question 156

What concept denies all traffic to a resource unless the users who generate the
traffic are specifically granted access to the resource?

Answer 156

Implicit deny

Question 157

What kind of file system permissions are broken down into read, write, and
execute?

Answer 157

Linux

Question 158

What is an access model based on roles or sets of permissions involved in an
operation?

Answer 158

Role-based access control (RBAC)

Question 159

What is an access model where access is controlled by the owner?

Answer 159

Discretionary access control (DAC)

Question 160

What is a system used to centrally manage access to privileged accounts?

Answer 160

Privileged access management (PAM)

Question 161

What is an access model where permissions are determined by the system?

Answer 161

Mandatory access control (MAC)

Question 162

What is an authentication protocol designed by MIT that enables computers
to prove their identity to each other in a secure manner?

Answer 162

Kerberos

Question 163

What is an access control model that is dynamic and context-aware?

Answer 163

Attribute-based access control (ABAC)

Question 164

What is a physical device that can act as a secure cryptoprocessor?

Answer 164

Hardware security module (HSM)

Question 165

What is an authentication based on knowledge of information associated with
an individual?

Answer 165

Knowledge-based authentication (KBA)

Question 166

In X.509, the owner does not use a ______ key.

Answer 166

In X.509, the owner does not use a symmetric key.

Question 167

What two items are included in a digital certificate?

Answer 167

A digital certificate includes the certificate authority’s digital signature and the
user’s public key. A user’s private key should be kept private and should not be
within the digital certificate.

Question 168

Rick has a local computer that uses software to generate and store key pairs.
What type of PKI implementation is this?

Answer 168

Decentralized. When creating key pairs, PKI has two methods: centralized
and decentralized. In centralized, keys are generated at a central server and are
transmitted to hosts. In decentralized, keys are generated and stored on a local
computer system for use by that system.

Question 169

What ensures that a CRL is authentic and has not been modified?

Answer 169

Certificate revocation lists are digitally signed by the certificate authority for
security purposes. If a certificate is compromised, it will be revoked and placed
on the CRL. CRLs are later generated and published periodically.

Question 170

What encryption concept is PKI based on?

Answer 170

The public key infrastructure is based on the asymmetric encryption concept.

Question 171

You are in charge of PKI certificates. What should you implement so that stolen certificates cannot be used?

Answer 171

You should implement a certificate revocation list so that stolen certificates, or
otherwise revoked or held certificates, cannot be used.

Question 172

What should you publish a compromised certificate to?

Answer 172

A compromised certificate should be published to the certificate revocation list.

Question 173

You have been asked to set up authentication through PKI and encryption of
a database using a different cryptographic process to decrease latency. What
encryption types should you use?

Answer 173

Public key encryption to authenticate users and private keys to encrypt the
database. PKI uses public keys to authenticate users. If you are looking for
a cryptographic process that allows for decreased latency, then symmetrical
keys (private) would be the way to go. So, the PKI system uses public keys to
authenticate the users, and the database uses private keys to encrypt the data.

Question 174

Describe key escrow

Answer 174

A key escrow is implemented to secure a copy of the user’s private key (not the
public key) in case it is lost.

Question 175

When a user’s web browser communicates with a CA, what PKI element does
the CA require from the browser?

Answer 175

The browser must present the public key, which is matched against the CA’s
private key.

Question 176

What IP tool on Windows and Linux measures transit delays between packets
across a network?

Answer 176

In computing, traceroute is a computer network diagnostic command for displaying possible routes and measuring transit delays of packets across a network.

Question 177

What open-source software allows you to take a suspicious file, isolate it, and
run tests to provide a report on its behavior?

Answer 177

Cuckoo Sandbox is open-source software for automating analysis of suspicious
files. To do so, it makes use of custom components that monitor the behavior
of the malicious processes while running in an isolated environment. You can
throw any suspicious file at it, and in a matter of minutes, Cuckoo will provide
a detailed report outlining the behavior of the file when executed inside a realistic but isolated environment.

Question 178

What IP level tool is mainly used to verify connectivity to other hosts and uses
ICMP?

Answer 178

ping verifies IP-level connectivity to another TCP/IP computer by sending
Internet Control Message Protocol (ICMP) echo request messages.

Question 179

Which IP tool supports TCP, UDP, ICMP, and RAW IP protocols; has the
ability to send files and perform firewall testing; and has many advanced
features including operating system fingerprinting?

Answer 179

hping supports TCP, UDP, ICMP, and RAW-IP protocols; has a traceroute
mode; can send files between a covered channel, and provides many other
features. It has a wide range of additional uses, including firewall testing,
manual path MTU discovery, advanced traceroute, remote OS fingerprinting,
advanced port scanning, remote uptime guessing, and TCP/IP stack auditing.

Question 180

.

Answer 180

.

Question 181

The curl tool can be used to transfer data from host to host by using which
protocol?

Answer 181

The curl command-line tool can transfer data to or from a server, using any
of the supported protocols: HTTP, FTP, IMAP, POP3, SCP, SFTP, SMTP,
TFTP, TELNET, LDAP, or FILE. Curl is powered by Libcurl.

Question 182

Having an incident response plan is imperative; the first step is identifying and
having the right people with the right skill sets and experience available and
ready to respond. How often should you test and update your plan?

Answer 182

You should regularly test and update your incident response plan. Everyone
who is part of the plan should understand their role and the role of others to
help reduce confusion during a real event.

Question 183

Part of your incident response process includes the Eradication phase. During
this phase, how long afterward should you increase your monitoring?

Answer 183

Regardless of how you choose to eradicate an infection, you need to have a
plan for increased monitoring of any affected systems for some period of time
after the eradication process within 30 days.

Question 184

Incident response simulations are fundamentally about what?

Answer 184

Incident response simulations are internal events that provide a structured
opportunity to practice your incident response plan and procedures during a
realistic scenario. SIRS events are fundamentally about being prepared and
iteratively improving your response capabilities.

Question 185

Which attack framework emphasizes the relationships and characteristics of
four basic components?

Answer 185

The Diamond Model of Intrusion Analysis emphasizes the relationships and
characteristics of four basic components: the adversary, capabilities, infrastructure, and victims.

Question 186

The cyber kill chain is a series of eight steps that trace stages of a cyber attack.
What is step 4?

Answer 186

Privilege escalation: Attackers often need more privileges on a system to get
access to more data and permissions: for this, they need to escalate their privileges, often to an Admin.

Question 187

What is an indicator of a host on your network being compromised?

Answer 187

Indicators can be anything from additional TCP/UDP ports being shown as
open to detection of unauthorized software, or scheduled host system events
and even unrecognized outbound communications.

Question 188

How does a SIEM use data correlation to help with discovering what took
place during an incident?

Answer 188

Data correlation allows you to take data and logs from disparate systems, like
Windows server events, firewalls logs, VPN connections, and RAS devices, and
bring them all together to see exactly what took place during that event

Question 189

Application logging can help an investigator by building a picture of what
________ looks like

Answer 189

Logging for critical process information about user, system, and web application behavior can help incident responders build a better understanding of
what normal looks like when an application is running and being used.

Question 190

There are nearly a dozen logs available from DNS. They include which two
message types?

Answer 190

The DNS protocol has two message types: queries and replies. Both use the
same format. These messages are used to transfer resource records (RRs). An
RR contains a name, a time-to-live (TTL), a class (normally IN), a type, and
a value. There are nearly a dozen different types of logs that are of particular
interest; obtaining and including them in your investigation can help build a
full picture.

Question 191

What platform would cybercriminals use to make nearly anonymous calls?

Answer 191

VoIP technology is an attractive platform to criminals. The reason is that call
managers and VoIP systems are global telephony services, in which it is difficult to verify the user’s location and identification.

Question 192

What is the purpose of an application approved list?

Answer 192

The purpose is to specify an index of approved software applications or executable files that are permitted to be present and active on a computer system.

Question 193

When a file or application is quarantined, what happens to it?

Answer 193

When a file is quarantined, the file is moved to a location on disk where it cannot be executed.

Question 194

5

Answer 194

5

Question 195

In data loss prevention (DLP) systems, how is exfiltration of sensitive data
protected?

Answer 195

A set of tools and processes is used to ensure that sensitive data is not lost,
misused, or accessed by unauthorized users. These tools allow only authorized
persons to have access and to run copy/move commands on those specific files.

Question 196

What is the purpose of revoking a certificate?

Answer 196

Certificate revocation is the act of invalidating a certificate before its scheduled
expiration date. A certificate should be revoked immediately when its private
key shows signs of being compromised.

Question 197

SOAR requires runbooks and playbooks. Whereas playbooks consist of a
number of plays, runbooks are a series of what types of steps?

Answer 197

A runbook consists of a series of conditional steps to perform actions such as
enriching data, containing threats, and sending notifications automatically as
part of the incident response or security operations process.

Question 198

What are the three rules for evidence?

Answer 198

Whether evidence is admissible is determined by following three rules:
(1) Best evidence means that courts prefer original evidence rather than copies to avoid alteration of evidence. (2) The exclusionary rule means that data
collected in violation of the Fourth Amendment (no unreasonable searches or
seizures) is not admissible. (3) Hearsay is second-hand evidence and is often
not admissible, but some exceptions apply.

Question 199

What are three standards for evidence?

Answer 199

It must be (1) sufficient, which is to say convincing without question; (2) competent, which means it is legally qualified; and (3) relevant, which means it
must matter to the case at hand.

Question 200

When are checksums useful?

Answer 200

Computers use checksum-style techniques to check data for problems in the
background. You could also use checksums to verify the integrity of any other
type of file, from applications to documents and media. Forensic investigators use checksums to ensure data is not tampered with after it has been collected
from an incident.

Question 201

What is the role of a hash in computer forensics?

Answer 201

By definition, forensic copies are exact, bit-for-bit duplicates of the original. To
verify this, you can use a hash function to produce a type of unique checksum
of the source data. Hash functions have four defining properties that make
them useful; they are deterministic, collision resistant, pre-image resistant, and
computationally efficient

Question 202

What does NFAT mean in the context of network forensics?

Answer 202

Network forensic analysis tools (NFATs) typically provide the same functionality as packet sniffers, protocol analyzers, and SIEM software in a single product. NFAT software focuses primarily on collecting, examining, and analyzing
network traffic

Question 203

What control category is addressed by an organization’s management?

Answer 203

Managerial

Question 204

What control category is designed to increase individual and group system
security?

Answer 204

Operational

Question 205

What control category would include firewalls?

Answer 205

Technical

Question 206

What control type enforces security policy?

Answer 206

Preventative

Question 207

What control type is intended to discourage someone from violating policies?

Answer 207

Deterrent

Question 208

What control type warns that physical security measures are being violated?

Answer 208

Detective

Question 209

What control type includes all the controls used during an incident?

Answer 209

Corrective

Question 210

What control type is also known as an alternative control?

Answer 210

Compensating

Question 211

Which type of control would include something like door access?

Answer 211

Physical

Question 212

Which type of control would you put in place to control access to a server room?

Answer 212

Physical

Question 213

What regulation was established in the European Union to protect data and
privacy?

Answer 213

General Data Protection Regulation (GDPR)

Question 214

6

Answer 214

6

Question 215

What act governs the disclosure of financial and accounting information?

Answer 215

Sarbanes-Oxley Act (SOX)

Question 216

What act governs the disclosure and protection of health information?

Answer 216

Health Insurance Portability and Accountability Act (HIPAA)

Question 217

Which nonprofit organization enstablished in 2000 focuses on security best
practices guides?

Answer 217

Center for Internet Security

Question 218

Which organization developed the Cybersecurity Framework in 2014?

Answer 218

National Institute of Standards and Technology

Question 219

Which nonprofit organization established in 2008 is focused on cloud security
best practices?

Answer 219

Cloud Security Alliance

Question 220

_______________ was created to provide a standardized solution for security
automation.

Answer 220

Security Content Automation Protocol (SCAP)

Question 221

What policy defines the rules that restrict how a computer, network, or other
system may be used?

Answer 221

Acceptable use policy (AUP)

Question 222

What is the security concept where more than one person is required to
complete a particular task or operation?

Answer 222

Separation of duties

Question 223

Your company expects its employees to behave in a certain way. How could a
description of this behavior be documented?

Answer 223

Code of ethics

Question 224

Employees are asked to sign a document that describes the methods of
accessing a company’s servers. What best describes this document?

Answer 224

Acceptable use policy (AUP)

Question 225

One of the developers for your company asks you what to do before making
a change to the code of a program’s authentication. What process should you
instruct this developer to follow?

Answer 225

Change management

Question 226

As a network administrator, you are responsible for dealing with Internet
service providers. You want to ensure that a provider guarantees end-to-end
traffic performance. What is this known as?

Answer 226

Service-level agreement (SLA)

Question 227

What is considered information that available to anyone?

Answer 227

Public information

Question 228

One of the accounting people is forced to change roles with another
accounting person every three months. What is this an example of?

Answer 228

. Job rotation

Question 229

When it comes to security policies, what should HR personnel be trained in?

Answer 229

Guidelines and enforcement

Question 230

Which type of plan is based on the determination of disaster impact?

Answer 230

Recovery plan

Question 231

____________is the time required for a service to be restored after a disaster.

Answer 231

Recovery time objective (RTO)

Question 232

What procedure is used to determine a disaster’s full impact on the
organization?

Answer 232

Impact determination

Question 233

What is considered the risk left over after a detailed security plan and disaster
recovery plan have been implemented?

Answer 233

Residual risk

Question 234

What is considered an element, object, or part of a system that, if it fails,
causes the whole system to fail?

Answer 234

Single point of failure

Question 235

___________ defines the average number of failures per million hours of
operation for a product in question

Answer 235

Mean time between failures (MTBF)

Question 236

Which type of assessment measures risk by using exact monetary values?

Answer 236

Quantitative risk assessment

Question 237

What term is used when risk is reduced or eliminated altogether?

Answer 237

Risk mitigation

Question 238

Which type of assessment assigns numeric values to the probability of a risk
and the impact it can have on the system or network?

Answer 238

Qualitative risk assessment

Question 239

What is the attempt to determine the number of threats or hazards that could
possibly occur in a given amount of time to your computers and networks?

Answer 239

Risk assessment

Question 240

Unauthorized access to ______ information could cause severe damage to the
organization

Answer 240

Private

Question 241

A compromise of __________ data could cause grave damage to national
security?

Answer 241

Top secret

Question 242

Telephone and fax numbers are a form of which type of information?

Answer 242

PII

Question 243

Medical records are a form of which type of information?

Answer 243

PHI

Question 244

The term ___________ is used to explain reducing the amount of data as a
privacy tool.

Answer 244

Data minimization

Question 245

What form of data obfuscation is performed by replacing data in a reversable
manner?

Answer 245

Tokenization

Question 246

What is the role of the individual who has the greatest responsibility in data
privacy?

Answer 246

Data controller

Question 247

What leadership role in an organization is responsible for the overall protection and adherence to the data protection process?

Answer 247

Data protection officer (DPO)