Domain 2

Question 1

While installing a windows patch file on a test workstation, the file fails to install. The installation instructions are easy to follow and include a long set of numbers in the form of 35533ce129738fb447deb9003fd54c17. Why is this long set of numbers important to know?

Answer 1

A checksum is a set of digits as a result of a cryptographic formula. The integer in question is a result of an MD5 checksum. Capturing the same checksum result from the source file and the copied file (at its destination) proves the file was not changed in transit.

Question 2

A systems administrator is developing the organization’s standard naming conventions. When considering naming user accounts, why is it important for the administrator to avoid using nicknames or common words?

Answer 2

Nicknames and common words anonymize users and should not be used in standard naming conventions. Usernames should identify a person by some combination of first and last name and/or initials.

Question 3

Hardware Security Module (HSM)

Answer 3

A Hardware Security Module (HSM) is a device used to generate, maintain and store cryptographic keys. It can be an external device and can easily be added to a system. The HSM will maintain the integrity of the key.

Question 4

Trusted Platform Module (TPM)

Answer 4

is a hardware-based encryption solution that is embedded in the system and provides secure key storage for full disk encryption.

Question 5

hardware root of trust

Answer 5

is a known secure starting point by embedding a private key in the system. The key remains private until the public key is matched.

Question 6

System on a chip (SoC)

Answer 6

system on a chip includes all the functionality of a system in a compact solution. Mobile computing devices typically have this.

Question 7

Code obfuscation

Answer 7

is the method of disguising coding methods by way of renaming variables, replacing strings, and hiding code comments.

Question 8

Private cloud

Answer 8

A private cloud is defined as computing services offered either over the Internet or within a private internal network. Only certain authorized users can access a private cloud infrastructure.

Question 9

A company would like to steer away from the use of proprietary hardware to route traffic at the data plane level through virtualization. Which of the following is a good solution for the company?

Answer 9

A Software Defined Network (SDN) separates data and control planes in a network. It uses virtualization to route traffic to its intended destination, instead of using proprietary hardware.

Question 10

Devices strategically placed where servers may deliver functionality to consumers quickly and where data is pulled to the center for processing is considered which of the following?

Answer 10

Edge computing is a distributed model that is accomplished at or near the source of the data where it is needed. These devices perform early processing of data to and from edge devices to enable prioritization.

Question 11

what is fog computing?

Answer 11

Fog computing is the placement of a node or nodes for processing resources close to the physical location of Internet of things (IoT) sensors. The fog node prioritizes traffic, analyzes and remediates conditions, and backhauls remaining data to the data center for storage and analysis

Question 12

Thin client

Answer 12

A thin client is a low power computer that runs from resources stored on a central server. A thin client works by connecting remotely to a server-based computing environment in which applications, data, and memory are stored.

Question 13

Remote Desktop Protocol (RDP)

Answer 13

Remote Desktop Protocol (RDP) provides a secure means to remotely access a user interface on a system in a separate location.

Question 14

VM Sprawl

Answer 14

Virtualization sprawl is a phenomenon that occurs when the number of virtual machines (VMs) on a network reaches a point where the administrator can no longer manage them effectively. This can happen by patch mismanagement or simply too many virtual machines.

Question 15

VM Escape

Answer 15

Virtual machine escape is a vulnerability that enables a user to gain access to the primary hypervisor and associated virtual machines.

Question 16

Continuous integration

Answer 16

allows for the merging of code changes into a central repository. The code is built and tested each time it is checked into the environment, providing a more efficient method to code production.

Question 17

Agile

Answer 17

The Agile methodology of software development focuses on cross-functional teams working together throughout the life cycle of a project.

Question 18

waterfall

Answer 18

The waterfall method of development maintains a top to bottom approach. When one stakeholder has finished his or her piece of work, then another can begin.

Question 19

Which of the following secure coding techniques makes code more difficult to read for an attacker?

Answer 19

Code obfuscation is the method of disguising coding methods by way of renaming variables, replacing strings, and hiding comments. This a secure coding practice.

Question 20

While developing an online service application for a grocery store, a programmer implements an open source application programming interface. This implementation reduces the testing effort and speeds up the programming effort. What technique did the programmer execute?

Answer 20

Code reuse is the practice of using existing code (code previously developed) for a new function in a system. Because the code was previously built and published, it has also been tested for vulnerabilities and errors.

Question 21

Version control

Answer 21

Version control tracks the versions of software in real time. It will record who has accessed the code, and what was changed. Version Control also allows for rollback if necessary.

Question 22

A developer uses a group of SQL statements to accept input data for validation. What technique did the developer use to protect from SQL injection attacks?

Answer 22

A stored procedure is a set of Structured Query Language (SQL) statements stored in a database as a group, so it can be reused and shared by multiple programs. Stored procedures can validate input.

Question 23

state table

Answer 23

A state table contains information about sessions between network hosts. This type of data is gathered by a stateful firewall.

Question 24

A capability delivery team (CDT) reduces software development risk and cost while increasing the speed of delivery to the customer with updated software. What is the CDT providing the customer?

Answer 24

Continuous delivery is an agile software engineering approach that streamlines the processes of building, testing, and releasing software. This leads directly to faster delivery of software updates to the customer, reduced development risk through frequent, smaller updates, and cost reductions through process efficiency.

Question 25

Continuous deployment

Answer 25

automates the process of delivering software to a production environment, which can decrease the software development lifecycle. However, while this can indirectly lead to the benefits described in the question, it doesn’t directly answer the question’s focus on reducing risk, cutting cost, and faster delivery to the customer.

Question 26

Continuous integration

Answer 26

is a method that frequently merges code changes into a main repository where it’s regularly built and tested. This practice reduces integration issues and bugs in the development phase, but it doesn’t directly address the reduction of risk, cost, and speed of delivery to the customer as described in the question.

Question 27

DevSecOps

Answer 27

with its continual security focus and stakeholder interaction, is a critical process in software development, it doesn’t directly tackle the question’s emphasis on risk reduction, cost cutting, and accelerated delivery to the customer. It’s more focused on integrating security considerations into every phase of the development process.

Question 28

During testing, an application demonstrates poor performance in the amount of time a function to the database retrieves results. What should developers ensure in the database, to improve performance?

Answer 28

Normalization is used to optimize database performance by removing duplicates, use of primary keys, and related data contained in separate tables.

Question 29

Which input validation method in a client-server architecture can improve application performance by catching deformed input on the front-end and is not used as the only form of security?

Answer 29

Client side input validation verifies data is valid upon entry to the system. Proper input validation uses a set of rules to validate entries in fields for proper use. In the event an entry is invalid, the application will reject the entry.

Question 30

Server side

Answer 30

validations occur on the web server or back-end and take more time to complete. Validation on the server side is more secure than client side validation.

Question 31

A development team considers software quality and cybersecurity analysis both early and throughout the software lifecycle. It enables building, testing, and releasing of software faster and more frequently. Which of the following objectives does this most likely provide the customer?

Answer 31

Continuous delivery is an agile software engineering approach that allows for the building, testing, and releasing of software with greater speed and frequency, providing the customer a continuous product.

Question 32

The software development lifecycle (SDLC)

Answer 32

of a project consists of the following attributes: defining requirements, design, implementation, verification, and maintenance.

Question 33

Model verification

Answer 33

Is testing to ensure the software meets the customers functional and physical requirements.

Question 34

Upon the company launching a new hiring campaign, a system administrator is tasked with increasing resources to meet the new demand but also ensuring that similar cost ratios are maintained. What strategy is the administrator using to meet these new requirements?

Answer 34

Scalability

Question 35

Which of the following describes the ability of a system to adapt to current demands by provisioning and deprovisioning resources as needed?

Answer 35

Elasticity

Question 36

False Rejection Rate (FRR)

Answer 36

The False Rejection Rate (FRR) is when a legitimate user is incorrectly rejected in a biometric system. The FRR commutates the number of times a false rejection occurs as a percentage.

Question 37

False Acceptance Rate (FAR)

Answer 37

is the calculation of when a biometric system incorrectly identifies an unauthorized user as an authorized user as a percentage.

Question 38

The Crossover Error Rate (CER)

Answer 38

is the position where the False Rejection Rate (FRR) and the False Acceptance Rate (FAR) cross one another. A lower CER indicates a more accurate biometric system.

Question 39

rate of return (RoR)

Answer 39

is considered the net gain or loss of an investment over a specified period of time and generally expressed as a percentage of the initial cost.

Question 40

The security team for a large company performed a risk assessment and identified three main entry points for biometric scanner installation. They install an iris scanner and are engaged in fine-tuning the system. Which metric is the security team currently adjusting?

Answer 40

The process of fine-tuning a biometric system involves adjusting the Crossover Error Rate (CER), the point at which the false rejection rate and false acceptance rate meet.

Question 41

An employee logs into the network with credentials, and then the network provides an access key. This key accesses network resources, such as shared files and printers, which the employee uses to complete tasks. Based on this scenario, what does the employee utilize?

Answer 41

Directory services are the principle means of providing privilege management and authorization on an enterprise network. A key will be generated for the user, which contains the group members of the authenticated user.

Question 42

When considering installing a biometric recognition system in a company facility, which of the following considerations is least relevant to managing traffic control?

Answer 42

False rejection rate is the least relevant figure because it only causes inconvenience to users, who should have access and are rejected in error.

Question 43

What major advantage does Time-Based One-Time Password Algorithm (TOTP) have over HMAC-Based One-Time Password Algorithm (HOTP)?

Answer 43

TOTP adds an expiration time to the token, making it more difficult to gain access to resources if a device is intercepted.

Question 44

An organization implements Directory Services as a management access control. Which of the following attributes will be used for authentication and role identification?

Answer 44

Directory Services provide privilege management and authorization to a network by storing user information such as groups, roles, and services allowed into a Distinguished Name (DN). Directory services are used to structure user management and implement access security.

Question 45

A startup company adds a firewall, an IDS, and a HIPS to its infrastructure. At the end of the week, they will install HVAC in the server room. The company has scheduled penetration testing every month. Which type of layered security does this represent?

Answer 45

Control diversity is the use of multiple security control types. The firewall, Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) are technical controls. The Heating, Ventilation and Cooling (HVAC) is a physical control and the penetration testing is administrative.

Question 46

To provide new functionality in a company’s business processes, the system requires a new Line of Business (LOB) application. The application awaits installation. Which of the following is the BEST approach for implementation of the new application on the server?

Answer 46

Snapshots are backups of a system that can be used to quickly recover from erroneous installs of new applications or patches. The snapshot should be taken before the application or update is installed. The new application should be tested before applying to production.

Question 47

A company is implementing the use of an alternate site in the event of a disaster. The plan is to replicate data between the main site and the alternate site on a continuous basis. The sites are a few hundred miles apart. Which statements are true regarding replication? (Select all that apply.)

Answer 47

Synchronous replication is particularly sensitive to distance. With synchronous replication, sites will replicate with each other at the same time. Latency is a possibility with slow links and long distances. Asynchronous replication is a data protection process that indicates data is mirrored from a primary site to a secondary site.

Question 48

Differential

Answer 48

A differential backup begins with a full backup, and copies information that has changed since the previous full backup. Backups are copies of data created to ensure data can be restored if corrupted or lost. Restoring this data would only need two backup sets.

Question 49

incremental backup

Answer 49

An incremental backup copies all data that has been changed since the last full or incremental backup. A full backup followed by each incremental would restore the system.

Question 50

PDU-Power Distribution unit

Answer 50

A power distribution unit (PDU) distributes power to networking equipment within racks. It provides protection against electrical spikes and can integrate with UPS.

Question 51

Uninterruptible Power Supply (UPS)

Answer 51

Uninterruptible Power Supply (UPS) consists of a collection of batteries, their charging circuit, and an inverter to generate AC voltage from the DC voltage in the batteries. A UPS can be placed at the system level to provide data availability.

Question 52

Severe weather recently caused a power outage at a small company. Once the power restored, a Jr. Level Systems administrator brought all systems back online. However, users immediately began reporting issues. The Jr. Systems Administrator admitted to not having an order of restoration plan, resulting in difficulties resetting the systems. Evaluate the following options and select a plan that the administrator should have followed to correctly complete the task.

Answer 52

Step 1. Enable and test power

Step 2. Enable and test infrastructure

Step 3. Enable and test critical network servers

Question 53

A company has implemented a Virtual Desktop Infrastructure (VDI) where the user’s desktop operates as a Virtual Machine (VM) on a centralized server. When users log off the machine, any changes made at the VM level are not saved. Which of the following ensures non-persistence has been implemented?

Answer 53

The company has implemented a revert to known state mechanism that allows for the Virtual Machines (VM) to use a centralized server. The desktop is the same for all users and when the users log off, the desktop reverts to the last known configuration or snapshot.

Question 54

Live Boot Media

Answer 54

creates a non-persistent bootable installation that includes the operating system and runs directly from a disk or similar storage device into a computer’s memory.

Question 55

trusted platform module (TPM)

Answer 55

is a hardware chip on a motherboard that provides a local secure boot process where the encryption key is placed inside the CPU.

Question 56

A service tech working for a major ISP is installing a new VoIP system for a corporate customer. Recommend a method of securing data transport for the VoIP system in order to protect audio data from calls.

Answer 56

Secure Real-time Transport Protocol (SRTP) is the secure version of Real-time Transport Protocol (RTP), a network protocol used for transport of voice and video data. SRTP provides confidentiality for the actual call data.

Question 57

Session Initiation Protocol Secure (SIPS)

Answer 57

is the encrypted version of Session Initiation Protocol (SIP), a session control protocol used to establish, manage, and disestablish communications sessions. SIPS protects session data and end-user devices.

Question 58

PBX

Answer 58

is a private telephone network that is used by a business or company. PBX users can communicate internally and externally through various channels of communication including Voice through IP.

Question 59

Quality of Service (QOS)

Answer 59

refers to data traffic management technology that reduces network packet loss, jitter and latency.

Question 60

Crypto

Answer 60

features are widely used on network but limited to IoT devices. Producing, for example cryptographic identification, is a part of network security.

Question 61

Authentication to IoT

Answer 61

Authentication to IoT devices are mostly non-existent because of the limited compute and functionality of the devices. Local and remote access cannot be audited properly in this manner.

Question 62

Implied trust

Answer 62

Implied trust means that every device that has been added to the network is trusted, on the assumption that it was added and continues to be operated by a legitimate administrator. Many of these devices are plug-n-play, and a compromised device may infect other devices on the network.

Question 63

LTE Machine Type Communication (LTE-M)

Answer 63

is a type of baseband radio that supports cellular network bandwidth of up to 1 Megabit per second (Mbps).

Question 64

Narrowband-IoT (NB-IoT)

Answer 64

is a type of baseband radio that has limited data rates between 20 to 100 Kilobits per second (Kbps). This is more suitable for inaccessible locations that require signal penetrating power.

Question 65

Zigbee

Answer 65

is a wireless communications protocol used primarily for home automation. Zigbee is an open source solution that uses 2.4 GHz frequency band. It has no communication hop limitation with multiple devices in a singular network.

Question 66

subscriber identity module (SIM

Answer 66

is an identifier of the subscriber using the LTE-based cellular radio device such as a smart phone.

Question 67

Raspberry Pi

Answer 67

is an example of a System on Chip (SoC) board that was initially devised as an educational tool. It is now widely used for industrial application and hacking.

Question 68

Arduino

Answer 68

is an example of a SoC board that was initially devised as an educational tool. It is now widely used for industrial application and hacking.

Question 69

Field programmable gate array (FPGA)

Answer 69

is a type of embedded controller that a customer can program the logic for, to run a specific application. These are used specifically for industrial purposes.

Question 70

Real time operating system (RTOS)

Answer 70

is a type of embedded system that operate devices that perform acutely time-sensitive tasks. These are not made for educational purposes.

Question 71

The Demilitarized Zone (DMZ)

Answer 71

is between the two firewalls providing a layer of protection for the internet facing servers. It is an area of a network that is designed for public and company use. The DMZ is a buffer network between the public untrusted Internet and the private trusted LAN.

Question 72

An Ad Hoc zone

Answer 72

s created when two or more wireless devices connect to one another creating an on-demand network.

Question 73

Which of the following use asymmetric algorithms?

Answer 73

RSA is an asymmetric algorithm used to create digital signatures. It can be used to encrypt short messages. Digital Signature Algorithm (DSA) is an asymmetric algorithm used by NIST that adopts ElGamal’s algorithm. It uses the private and public keys from Diffie-Hellman in a similar way to RSA key pairs.

Question 74

Data Encryption Standard (DES)

Answer 74

is a symmetric block cipher using 64-bit blocks and a 56-bit key. 3DES (Triple DES) is where the plaintext is encrypted three times using different subkeys.

Question 75

Advanced Encryption Standard (AES)

Answer 75

is a symmetric block cipher with a block size of 128 bits and key sizes of 128, 192, or 256 bits. It is faster and more secure than 3DES.

Question 76

What are the differences between RC4 and 3DES ciphers?

Answer 76

RC4 is a stream cipher meaning each byte or bit of data in the plaintext is encrypted one at a time.3DES uses 64-bit blocks and a 56-bit key, but the plaintext is encrypted three times using different subkeys

Question 77

Digital signatures on an email rely on a Public Key Infrastructure (PKI). The certificate used for this purpose can be safely stored on a smart card. What is the purpose of a digital signature, and how is the sender’s private key used?

Answer 77

The sender’s private key is used to encrypt the message digest of the email. The message digest is a result of a pre-agreed hashing algorithm, such as SHA-256 or MD5.A digital signature is for non-repudiation. This process involves a person sending an email, with their digital signature on the email.

Question 78

Developers are testing an application in the lab where two servers are communicating in a very secure manner. Each session is encrypted using perfect forward secrecy. How is this secured communication possible?

Answer 78

Ephemeral key is the main component of ECDHE that gives it perfect forward secrecy. There is a different secret key for each session during transport. ECDHE (ECC with D-H ephemeral mode) uses ephemeral keys for each session which provide perfect forward secrecy. It is a step above security for regular ECC, and better than RSA’s algorithm.

Question 79

Elliptic curve cryptography (ECC)

Answer 79

although better than RSA’s algorithm, has the problem that a compromise of its encryption keys will affect all communications.

Question 80

A complex control system for a utility company has been developed. It includes workstations, servers, sensors, control boxes and some operating logic. It is designed to use cryptography so that a compromise of a small part of the system does not compromise the rest of the system. How does cryptography assist with this level or resiliency?

Answer 80

A system is resilient if it prevents a compromise of a small part of the system compromising the whole system. Cryptography assists this goal by ensuring the authentication and integrity of messages delivered over the control system.

Question 81

Two servers are deployed in a lab. A systems administrator wants to test implementing a secure means of communication. There is an option to implement ECDHE (ECC with D-H ephemeral mode). Why would this preferred to other options like RSA?

Answer 81

Perfect forward secrecy ensures that a compromise of long-term encryption keys will not compromise data encrypted by these keys in the past. An ephemeral key is the main component of ECDHE that makes it a perfect forward secrecy. There is a different secret key for each session during transport.

Question 82

A client browser does not support secure connections to web server. A Transport Layer Security (TLS) connection is being established with Diffie-Hellman Ephemeral (DHE) mode. Why does the browser not support DHE?

Answer 82

Ephemeral key in this case is used as Elliptic Curve Diffie-Hellman Ephemeral (ECDHE) for Perfect Forward Secrecy (PFS). ECDHE will only work if both client and server support the same PFS-compatible suite or ephemeral keys. Otherwise, Elliptic Curve Diffie-Hellman (ECDH) without Ephemeral should be used.

Question 83

Rivest, Shamir, Adleman (RSA)

Answer 83

is widely deployed as a solution for creating digital signatures and key exchange. Client browsers support RSA.

Question 84

Advanced Encryption Standard (AES)

Answer 84

using 128-bit key lengths is a standard for many technologies including email and Kerberos. Browsers support AES128.

Question 85

Message Digest Algorithm (MDA)

Answer 85

also known as MD5, and Secure Hash Algorithm (SHA) are hashing algorithms. In this case, SHA256 is being used.

Question 86

A mobile application communicates with a central web server and sends blocks of data of 128 bits. The software developer wants to use an optimal cypher algorithm that will support confidentiality in the fastest way possible. Which cipher and mode should be used in this situation?

Answer 86

A block cipher is optimal because the block size is already defined by the application. A cipher like AES will provide the confidentiality required.
Electronic Code Book (ECB) is a mode operation that will process the encryption in blocks using the same key. This is the simplest and fastest mode.