Cybersecurity Analyst Flashcards

1
Q

Which one of the following objectives is not one of the three main objectives that information security professionals must achieve to protect their organizations against cybersecurity threats?

A. Integrity

B. Nonrepudiation

C. Availability

D. Confidentiality

A

Answer:

B. The three primary objectives of cybersecurity professionals are confidentiality, integrity, and availability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Tommy is assessing the security of several database servers in his datacenter and realizes that one of them is missing a critical Oracle security patch. What type of situation has Tommy detected?

A. Risk

B. Vulnerability

C. Hacker

D. Threat

A

Answer:

B. In this scenario, Tommy identified a deficiency in the security of his web server that renders it vulnerable to attack. This is a security vulnerability. Tommy has not yet identified a specific risk because he has not identified a threat (such as a hacker) that might exploit this vulnerability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Ben is preparing to conduct a cybersecurity risk assessment for his organization. If he chooses to follow the standard process proposed by NIST, which one of the following steps would come first?

A. Determine likelihood

B. Determine impact

C. Identify threats

D. Identify vulnerabilities

A

Answer:

C. The NIST risk assessment process says that organizations should identify threats before identifying vulnerabilities or determining the likelihood and impact of risks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Cindy is conducting a cybersecurity risk assessment and is considering the impact that a failure of her city’s power grid might have on the organization. What type of threat is she considering?

A. Adversarial

B. Accidental

C. Structural

D. Environmental

A

Answer:

D. Widespread infrastructure failures, such as those affecting the power grid or telecommunications circuits, are considered man-made disasters and fall under the category of environmental threats.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which one of the following categories of threat requires that cybersecurity analysts consider the capability, intent, and targeting of the threat source?

A. Adversarial

B. Accidental

C. Structural

D. Environmental

A

Answer:

A. Adversarial threat analysis requires examining the capability of the threat source, the intent of the threat source, and the likelihood that the threat will target the organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Vincent is responding to a security incident that compromised one of his organization’s web servers. He does not believe that the attackers modified or stole any information, but they did disrupt access to the organization’s website. What cybersecurity objective did this attack violate?

A. Confidentiality

B. Nonrepudiation

C. Integrity

D. Availability

A

Answer:

D. In an availability attack, the attacker disrupts access to information or a service by legitimate users. In this attack, the attacker disrupted access to the organization’s website, violating the principle of availability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which one of the following is an example of an operational security control?

A. Encryption software

B. Network firewall

C. Antivirus software

D. Penetration tests

A

Answer:

D. Penetration tests are an example of an operational security control. Encryption software, network firewalls, and antivirus software are all examples of technical security controls.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Paul recently completed a risk assessment and determined that his network was vulnerable to hackers connecting to open ports on servers. He implemented a network firewall to reduce the likelihood of a successful attack. What risk management strategy did Paul choose to pursue?

A. Risk mitigation

B. Risk avoidance

C. Risk transference

D. Risk acceptance

A

Answer:

A. Any action that an organization takes to reduce the likelihood or impact of a risk is an example of risk mitigation. In this case, Paul chose to implement a technical control—a network firewall—to mitigate the likelihood of a successful attack.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Robert’s organization has a Bring Your Own Device (BYOD) policy, and he would like to ensure that devices connected to the network under this policy have current antivirus software. What technology can best assist him with this goal?

A. Network firewall

B. Network access control (NAC)

C. Network segmentation

D. Virtual private network

A

Answer:

B. Network access control (NAC) solutions are able to verify the security status of devices before granting them access to the organization’s network. Devices not meeting minimum security standards may be placed on a quarantine network until they are remediated.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

When performing 802.1x authentication, what protocol does the authenticator use to communicate with the authentication server?

A. 802.11g

B. EAP

C. PEAP

D. RADIUS

A

Answer:

D. The Remote Access Dial-In User Service (RADIUS) is an authentication protocol used for communications between authenticators and the authentication server during the 802.1x authentication process.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

uan is configuring a new device that will join his organization’s wireless network. The wireless network uses 802.1x authentication. What type of agent must be running on the device for it to join this network?

A. Supplicant

B. Authenticator

C. Authentication server

D. Command and control

A

Answer:

A. Any device that wishes to join an 802.1x network must be running an 802.1x supplicant that can communicate with the authenticator before joining the network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Rick is preparing a firewall rule that will allow network traffic from external systems to a web server running the HTTPS protocol. What TCP port must he allow to pass through the firewall?

A. 25

B. 80

C. 143

D. 443

A

Answer:

D. The Secure HTTP (HTTPS) protocol uses TCP port 443 for communications between web browsers and the web server.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What type of firewall provides the greatest degree of contextual information and can include information about users and applications in its decision-making process?

A. NGFW

B. WAF

C. Packet filter

D. Stateful inspection

A

Answer:

A. Next-generation firewalls (NGFWs) incorporate contextual information about users, applications, and business processes in their decision-making process.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Wayne is configuring a jump box server that system administrators will connect to from their laptops. Which one of the following ports should definitely not be open on the jump box?

A. 22

B. 23

C. 443

D. 3389

A

Answer:

B. Port 23, used by the Telnet protocol, is unencrypted and insecure. Connections should not be permitted to the jump box on unencrypted ports. The services running on ports 22 (SSH), 443 (HTTPS), and 3389 (RDP) all use encryption.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Tom would like to deploy consistent security settings to all of his Windows systems simultaneously. What technology can he use to achieve this goal?

A. GPO

B. HIPS

C. IPS

D. DNS

A

Answer:

A. Administrators may use Group Policy Objects (GPOs) to control a wide variety of Windows settings and create different policies that apply to different classes of system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

During what phase of a penetration test should the testers obtain written authorization to conduct the test?

A. Planning

B. Attack

C. Discovery

D. Reporting

A

Answer:

A. During the planning phase of a penetration test, the testers should confirm the timing, scope, and authorization for the test in writing.

17
Q

Which step occurs first during the attack phase of a penetration test?

A. Gaining access

B. Escalating privileges

C. Browsing the system

D. Installing additional tools

A

Answer:

A. After the completion of the discovery phase, penetration testers first seek to gain access to a system on the targeted network and then may use that system as the launching point for additional attacks.

18
Q

Barry is participating in a cybersecurity wargame exercise. His role is to attempt to break into adversary systems. What team is he on?

A. Red team

B. Blue team

C. White team

D. Black team

A

Answer:

A. The red team plays the role of the attacker and uses reconnaissance and exploitation tools to attempt to gain access to the protected network.

19
Q

Which one of the following techniques might be used to automatically detect and block malicious software that does not match known malware signatures?

A. MAC

B. Hashing

C. Decompiling

D. Sandboxing

A

Answer:

D. Sandboxing is an approach used to detect malicious software based on its behavior rather than its signatures. Sandboxing systems watch systems and the network for unknown pieces of code and, when they detect an application that has not been seen before, immediately isolate that code in a special environment known as a sandbox where it does not have access to any other systems or applications.

20
Q

Kevin would like to implement a specialized firewall that can protect against SQL injection, cross-site scripting, and similar attacks. What technology should he choose?

A. NGFW

B. WAF

C. Packet filter

D. Stateful inspection

A

Answer:

B. Web application firewalls (WAFs) are specialized firewalls designed to protect against web application attacks, such as SQL injection and cross-site scripting.