Cybersecurity Analyst

Question 1

Which one of the following objectives is not one of the three main objectives that information security professionals must achieve to protect their organizations against cybersecurity threats?

A. Integrity

B. Nonrepudiation

C. Availability

D. Confidentiality

Answer 1

Answer:

B. The three primary objectives of cybersecurity professionals are confidentiality, integrity, and availability.

Question 2

Tommy is assessing the security of several database servers in his datacenter and realizes that one of them is missing a critical Oracle security patch. What type of situation has Tommy detected?

A. Risk

B. Vulnerability

C. Hacker

D. Threat

Answer 2

Answer:

B. In this scenario, Tommy identified a deficiency in the security of his web server that renders it vulnerable to attack. This is a security vulnerability. Tommy has not yet identified a specific risk because he has not identified a threat (such as a hacker) that might exploit this vulnerability.

Question 3

Ben is preparing to conduct a cybersecurity risk assessment for his organization. If he chooses to follow the standard process proposed by NIST, which one of the following steps would come first?

A. Determine likelihood

B. Determine impact

C. Identify threats

D. Identify vulnerabilities

Answer 3

Answer:

C. The NIST risk assessment process says that organizations should identify threats before identifying vulnerabilities or determining the likelihood and impact of risks.

Question 4

Cindy is conducting a cybersecurity risk assessment and is considering the impact that a failure of her city’s power grid might have on the organization. What type of threat is she considering?

A. Adversarial

B. Accidental

C. Structural

D. Environmental

Answer 4

Answer:

D. Widespread infrastructure failures, such as those affecting the power grid or telecommunications circuits, are considered man-made disasters and fall under the category of environmental threats.

Question 5

Which one of the following categories of threat requires that cybersecurity analysts consider the capability, intent, and targeting of the threat source?

A. Adversarial

B. Accidental

C. Structural

D. Environmental

Answer 5

Answer:

A. Adversarial threat analysis requires examining the capability of the threat source, the intent of the threat source, and the likelihood that the threat will target the organization.

Question 6

Vincent is responding to a security incident that compromised one of his organization’s web servers. He does not believe that the attackers modified or stole any information, but they did disrupt access to the organization’s website. What cybersecurity objective did this attack violate?

A. Confidentiality

B. Nonrepudiation

C. Integrity

D. Availability

Answer 6

Answer:

D. In an availability attack, the attacker disrupts access to information or a service by legitimate users. In this attack, the attacker disrupted access to the organization’s website, violating the principle of availability.

Question 7

Which one of the following is an example of an operational security control?

A. Encryption software

B. Network firewall

C. Antivirus software

D. Penetration tests

Answer 7

Answer:

D. Penetration tests are an example of an operational security control. Encryption software, network firewalls, and antivirus software are all examples of technical security controls.

Question 8

Paul recently completed a risk assessment and determined that his network was vulnerable to hackers connecting to open ports on servers. He implemented a network firewall to reduce the likelihood of a successful attack. What risk management strategy did Paul choose to pursue?

A. Risk mitigation

B. Risk avoidance

C. Risk transference

D. Risk acceptance

Answer 8

Answer:

A. Any action that an organization takes to reduce the likelihood or impact of a risk is an example of risk mitigation. In this case, Paul chose to implement a technical control—a network firewall—to mitigate the likelihood of a successful attack.

Question 9

Robert’s organization has a Bring Your Own Device (BYOD) policy, and he would like to ensure that devices connected to the network under this policy have current antivirus software. What technology can best assist him with this goal?

A. Network firewall

B. Network access control (NAC)

C. Network segmentation

D. Virtual private network

Answer 9

Answer:

B. Network access control (NAC) solutions are able to verify the security status of devices before granting them access to the organization’s network. Devices not meeting minimum security standards may be placed on a quarantine network until they are remediated.

Question 10

When performing 802.1x authentication, what protocol does the authenticator use to communicate with the authentication server?

A. 802.11g

B. EAP

C. PEAP

D. RADIUS

Answer 10

Answer:

D. The Remote Access Dial-In User Service (RADIUS) is an authentication protocol used for communications between authenticators and the authentication server during the 802.1x authentication process.

Question 11

uan is configuring a new device that will join his organization’s wireless network. The wireless network uses 802.1x authentication. What type of agent must be running on the device for it to join this network?

A. Supplicant

B. Authenticator

C. Authentication server

D. Command and control

Answer 11

Answer:

A. Any device that wishes to join an 802.1x network must be running an 802.1x supplicant that can communicate with the authenticator before joining the network.

Question 12

Rick is preparing a firewall rule that will allow network traffic from external systems to a web server running the HTTPS protocol. What TCP port must he allow to pass through the firewall?

A. 25

B. 80

C. 143

D. 443

Answer 12

Answer:

D. The Secure HTTP (HTTPS) protocol uses TCP port 443 for communications between web browsers and the web server.

Question 13

What type of firewall provides the greatest degree of contextual information and can include information about users and applications in its decision-making process?

A. NGFW

B. WAF

C. Packet filter

D. Stateful inspection

Answer 13

Answer:

A. Next-generation firewalls (NGFWs) incorporate contextual information about users, applications, and business processes in their decision-making process.

Question 14

Wayne is configuring a jump box server that system administrators will connect to from their laptops. Which one of the following ports should definitely not be open on the jump box?

A. 22

B. 23

C. 443

D. 3389

Answer 14

Answer:

B. Port 23, used by the Telnet protocol, is unencrypted and insecure. Connections should not be permitted to the jump box on unencrypted ports. The services running on ports 22 (SSH), 443 (HTTPS), and 3389 (RDP) all use encryption.

Question 15

Tom would like to deploy consistent security settings to all of his Windows systems simultaneously. What technology can he use to achieve this goal?

A. GPO

B. HIPS

C. IPS

D. DNS

Answer 15

Answer:

A. Administrators may use Group Policy Objects (GPOs) to control a wide variety of Windows settings and create different policies that apply to different classes of system.

Question 16

During what phase of a penetration test should the testers obtain written authorization to conduct the test?

A. Planning

B. Attack

C. Discovery

D. Reporting

Answer 16

Answer:

A. During the planning phase of a penetration test, the testers should confirm the timing, scope, and authorization for the test in writing.

Question 17

Which step occurs first during the attack phase of a penetration test?

A. Gaining access

B. Escalating privileges

C. Browsing the system

D. Installing additional tools

Answer 17

Answer:

A. After the completion of the discovery phase, penetration testers first seek to gain access to a system on the targeted network and then may use that system as the launching point for additional attacks.

Question 18

Barry is participating in a cybersecurity wargame exercise. His role is to attempt to break into adversary systems. What team is he on?

A. Red team

B. Blue team

C. White team

D. Black team

Answer 18

Answer:

A. The red team plays the role of the attacker and uses reconnaissance and exploitation tools to attempt to gain access to the protected network.

Question 19

Which one of the following techniques might be used to automatically detect and block malicious software that does not match known malware signatures?

A. MAC

B. Hashing

C. Decompiling

D. Sandboxing

Answer 19

Answer:

D. Sandboxing is an approach used to detect malicious software based on its behavior rather than its signatures. Sandboxing systems watch systems and the network for unknown pieces of code and, when they detect an application that has not been seen before, immediately isolate that code in a special environment known as a sandbox where it does not have access to any other systems or applications.

Question 20

Kevin would like to implement a specialized firewall that can protect against SQL injection, cross-site scripting, and similar attacks. What technology should he choose?

A. NGFW

B. WAF

C. Packet filter

D. Stateful inspection

Answer 20

Answer:

B. Web application firewalls (WAFs) are specialized firewalls designed to protect against web application attacks, such as SQL injection and cross-site scripting.