Domain 2: Security

Question 1

Difference between procedural & logical security controls

Answer 1

-Procedural are enforced by people
-Logical are enforced by cyber systems & software

Question 2

2-step verification

Answer 2

Authentication mechanism that uses a separate channel to authorize a sign-on attempt or to transmit an additional credential. E.g. email, text or voice call.

Question 3

Risk

Answer 3

Likelihood and impact (or consequence) of a threat actor exercising a vulnerability

Question 4

Vulnerability scanner

Answer 4

A class of software designed to detect noncompliant systems

Question 5

Difference between unprotected system and a noncompliant system

Answer 5

An unprotected system has at least one security control either missing or improperly configured

-a noncompliance system has drifted from its hard configuration

Question 6

Exploit

Answer 6

Malicious code that can use a vulnerability to compromise a host

Question 7

True or false: an evil twin is an on-path attack

Answer 7

True

Question 8

XSS

Answer 8

Cross-site scripting

Malicious script hosted on the attacker’s site or coded in a link injected onto a trusted site designed to compromise clients browsing the trusted site, circumventing the browser’s security model of trusted zones.

Question 9

SQL Injection

Answer 9

Structured Query Language Injection

Attack that injects a database query into the input data directed at a server by accessing the client side of the application

Question 10

Hash

Answer 10

Function that converts an arbitrary-length stream into a fixed-length string input

Question 11

The main drawback of asymmetric encryption

Answer 11

A message cannot be larger than the key size

Question 12

For what is asymmetric encryption often used?

Answer 12

To encrypt cryptographic hashes and to encrypt symmetric encryption keys, then referred to as session keys

Question 13

Exploit

Answer 13

Specific method by which malware code infects a target host, often via some vulnerability in a software process

Question 14

Why CCMP makes replay attacks harder than TKIP did

Answer 14

CCMP provides authenticated encryption

Question 15

True or False: enterprise networks support, RADIUS, TACACS+, and Kerberos for authentication

Answer 15

False
Kerberos communication is tunneled & not directly supported

Question 16

Photo I.D. Authentication type

Answer 16

Something you are

Question 17

Yellow ports on a home router

Answer 17

LAN ports

Question 18

How to update the firmware on a router

Answer 18

Download the update from the vendor’s website & then in the management app select the firmware upgrade option and browse for the firmware file you downloaded

Question 19

How a Soho router performs content filtering

Answer 19

It downloads curated reputation databases

Question 20

Port forwarding

Answer 20

Process in which a router takes requests from the Internet for a particular app and sends them to a designated host on the LAN

Question 21

Port triggering

Answer 21

Mechanism to configure access through a firewall for applications that require more than one port

Question 22

UPnP

Answer 22

Setting on a Soho router that allows an app to send instructions to the firewall with the correct configuration perimeters

Question 23

DMZ or DMZ host on a home router

Answer 23

A computer on the LAN that is not protected by the router’s firewall

Question 24

Minimum password length for non-administrative user accounts

Answer 24

12+

Question 25

Pre-boot authentication

Answer 25

The loading of an authentication application by UEFI firmware in order to contact an authentication server on the network & allow the user to submit the credentials for their account

Question 26

System user password

Answer 26

A password that is shared by all users & is required before any operating system can boot (very rarely used)

Question 27

Lunchtime attack

Answer 27

A threat actor is able to access a computer that has been left unlocked

Question 28

How to lock a Windows computer

Answer 28

From the power icon or START+L

Question 29

What should happen when the default administrator account is used

Answer 29

Generation of an alert

Question 30

Where account policies are configured on a standalone workstation

Answer 30

Local Security Policy snap-in
(or
Group Policy Editor snap-in)

Question 31

4 examples of account policies for security

Answer 31

• Restricted login times
• Timeout/screen lock
• Failed attempts lockout
• Concurrent logins

Question 32

Execution control

Answer 32

Process of determining what additional software may be installed on a client or server computer beyond its baseline to prevent the use of unauthorized software

Question 33

2 types of antivirus software updates

Answer 33

• Definition/pattern updates
• Scan engine/component updates (i.e. the program itself)

Question 34

Difference between
1) port security triggers
2) application security triggers
and
3) Address triggers
in firewalls

Answer 34

They are based on
1) port number
2) the process that listens for connections
3) IP or FQDN of the server or client hosts

Question 35

EFS

Answer 35

NTFS feature supporting file & folder encryption, not available in Home editions

Question 36

Main advantages of full disk encryption vs. file/folder encryption

Answer 36

It doesn’t depend on the user to remember to encrypt data. It also encrypts more, such as swap files, print queues, & temp files

Question 37

BitLocker To Go

Answer 37

BitLocker for removable drives

Question 38

TPM

Answer 38

Trusted Platform Module
Specification for secure hardware-based storage of encryption keys, hashed passwords, & other user- and platform-identification information

Question 39

7-item security checklist for workstations

Answer 39

• Password best practices
• End-user best practices
• Account management
• Disable or change the password of the default administrator account
• Disable AutoRun/AutoPlay
• Windows Update, Antivirus, & firewall are enabled
• Data-at-rest encryption, i.e. EFS or BitLocker

Question 40

Method most websites now use instead of plug-ins to serve dynamic & interactive content more safely

Answer 40

HTML version 5

Question 41

What 1) hamburger & 2) meatball menus look like

Answer 41

1) 3 horizontal lines stacked on top of each other
2) 3 horizontally or vertically aligned dots

Question 42

What you must do when using enterprise certificates for internal sites & a third-party browser

Answer 42

Ensure that the internal CA root certificate is added to the browser

Question 43

The main function of web browser privacy controls

Answer 43

Governing sites’ use of tracking tools such as cookies

Question 44

Cookie

Answer 44

A text file used to store session data

Question 45

What an incognito window does

Answer 45

Disables the caching features of the browser so that no
- cookies
- browsing history
- form fields
- passwords
or
- temp files
will be stored when the session is closed

Question 46

Primary indicator that must be verified before using a web form

Answer 46

Lock icon indicating the site uses a trusted certificate

Question 47

6 file extensions for executable code

Answer 47

.exe
.msi
.dll
.com
.scr
.jar

Question 48

Virus

Answer 48

Malware concealed within the code of an executable process image stored as a file on disk

Question 49

Worm

Answer 49

Malware that replicates between processes in system memory

Question 50

Fileless malware

Answer 50

Code that uses the host’s scripting environment to create malicious processes in memory

Question 51

RAT

Answer 51

Remote access Trojan
Malware that implements a access to a PC

Question 52

RAT (detailed)

Answer 52

Remote access Trojan
A.k.a backdoor. Often uses command sequences embedded in HTTPS or DNS traffic to establish a connection between the compromised host and a command and control (C2 or C&C) host or network

Question 53

8 things Spyware can do

Answer 53

• allow tracking cookies
• change default search providers
• open arbitrary pages at startup
• add bookmarks
• monitor local app activity
• take screenshots
• activate recording devices
• redirect DNS

Question 54

Rootkit

Answer 54

Malware running with system level privileges

[pg. 273]

Question 55

2 ways rootkits hide

Answer 55

• Make changes so that Explorer, Task Manager, ps, or top no longer reveal their presence
• Clean system logs

Question 56

Cryptominer

Answer 56

Hijack’s the resources of the host to perform cryptocurrency mining

Question 57

5 types of malware as defined according to vector

Answer 57

Viruses
Boot sector viruses
Trojans
Worms
Fileless malware

Question 58

3 common malware infection symptoms

Answer 58

• the computer fails to boot or experiences lock ups
• Performance at startup or in general is very slow
• The host cannot access the network and/or Internet access or network performance is slow

Question 59

What antivirus, firewall, or Windows Update not working, & crashing software from reputable vendors (including Windows tools) is all a symptom of

Answer 59

Malware infection

Question 60

Malware symptoms that are unlikely to have other causes

Answer 60

File system errors & anomalies

Question 61

Rogue antivirus

Answer 61

A type of malware that pretends to have found an infection on the victim’s computer

Question 62

3 most common causes of certificate warnings

Answer 62

• The certificate is self-signed or issued by a CA that is not trusted
• The FQDN requested by the browser is different from the subject name listed in the certificate
• The certificate has expired or is listed as revoked

Question 63

2 types of malware which might cause browser redirection

Answer 63

Adware & spyware

Question 64

Best practice procedure for malware removal
Step 1

Answer 64

Investigate & verify malware symptoms

Question 65

Best practice procedure for malware removal
Step 2

Answer 65

Quarantine infected systems

Question 66

Best practice procedure for malware removal
Step 3

Answer 66

Disable System Restore in Windows

Question 67

Best practice procedure for malware removal
Step 4

Answer 67

Remediate infected systems:
a) Update anti-malware software
b) Scanning & removal techniques (e.g., safe mode, preinstallation environment)

Question 68

Best practice procedure for malware removal
Step 5

Answer 68

Schedule scans & run updates

Question 69

Best practice procedure for malware removal
Step 7

Answer 69

Educate the end user

Question 70

On-access scanning

Answer 70

When A-V software intercepts an OS call to open a file & scans the file before allowing or preventing its opening

Question 71

How “no-root” firewalls work

Answer 71

Creating a VPN & controlling app access to it

Question 72

COBO

Answer 72

Corporate owned, business only

The device is the property of the company & may only be used for company business

Question 73

COPE

Answer 73

The device is chosen and owned by the company and remains its property. The employee may use it for personal things, subject to the AUP.

Question 74

CYOD

Answer 74

Choose your own device

The device is chosen by the employee and owned by the company and remains its property. The employee may use it for personal things, subject to the AUP.

Question 75

Enterprise wipe

Answer 75

Remote-initiated wipe of a mobile device that removes corporate apps and data only

Question 76

4 ways to destroy a disk

Answer 76

• Shredding with a mechanical shredder
• Incinerating in a furnace designed for media sanitization
• Degaussing with a powerful magnet
• Drill/hammer [less secure]