Exam 1 Flashcards
A company recently transitioned to a strictly BYOD culture due to the cost of replacing lost or damaged corporate-owned mobile devices. Which of the following technologies would be BEST to balance the BYOD culture while also protecting the company’s data?
a. Containerization
b. Geofencing
c. Full-disk encryption
d. Remote Wipe
c. Full-Disk Encryption
Explanation
BYOD (bring your own device). Some organizations allow employees to bring their own mobile devices and connect them to the network.
Employees are responsible for selecting and supporting the device, and often must adhere to a BYOD policy when connecting their devices to the network. The most effective method of protecting the confidential information of companies using the BYOD model is to use full disk encryption. Using strong encryption, information will not be compromised if the device is lost.
The key priorities of a Security Office (SOs) are to improve preparedness, response, and recovery practices to minimize system downtime and increase organizational resilience to ransomware attacks. Which of the following BEST meets SO’s goals?
a. Use email filtering software and centralized account mgt, patch high-risk systems, and restrict administrative privileges
b. Purchase cyber insurance from a reputable provider to reduce costs during an incident.
c. Invest in end-user awareness training to change the long-term culture and behavior of staff and mangers, reducing the org’s susceptibility to phishing attacks.
d. Implement application whitelisting and centralized event log management, and perform regular testing and verification of full backups.
d. Implement application whitelisting and centralized event log management, and perform regular testing and verification of full backups.
Explanation
There are some basic practices that should be followed to minimize the downtime of a system. These: Preventing unwanted applications from running on systems (Creating a White-Black Program list) Ensuring that the events occurring in the systems are followed from a single place (centralized event-log management) Taking backups of the critical systems used in accordance with a certain policy and making sure that these backups are working.
It is detected that wireless barcode scanners and wireless computers in a warehouse are intermittently transmitting data to the main server. The network engineer was asked to investigate the cause of these outages. Barcode scanners and computers are all found on forklifts and move around the warehouse during their regular use. Which of the following should the engineer do to identify the problem? (Choose two.)
a. Perform a site survey
b. Deploy an FTK Imager
c. Create a heat map
d. Scan for rogue access points
e. Upgrade the security protocols
f. Install a captive portal
a. Perform a site survey
c. Create a heat map
Explanation
Site scanning allows seeing the connection strength of wireless devices. In this way, the health status of the device’s communication with the AP is determined.
Using a heat map allows you to determine how devices behave in which positions and see it as a picture.
Which of the following is MOST likely to outline the roles and responsibilities of data controllers and data processors?
a. SSAE SOC 2
b. PCI DSS
c. GDPR
d. ISO 31000
c. GDPR
Explanation
General Data Protection Regulation (GDPR) is a regulation created to protect personal data.
SSAE SOC 2 is an audit procedure that enables your service providers to securely manage your data to protect the interests of your organization and the privacy of their customers.
PCI DSS, Payment Card Industry Data Security Standard, is an information security standard for organizations using branded credit cards from major card schemes.
ISO 31000 provides principles and general guidelines for managing risks faced by organizations.
Phishing and spear-phishing attacks are occurring more frequently in your company against company personnel. Which of the following can help minimize this problem?
a. DNS query logging
b. Exact mail exchanger record in the DNS
c. DNSSEC and DMARC
d. The addition of DNS conditional forwarders.
c. DNSSEC and DMARC
Explanation
Targeted phishing is a form of targeted phishing. Rather than indiscriminately emailing everyone, a targeted phishing attack tries to target specific user groups or even a single user.
Targeted phishing attacks can target employees within a company or customers of a company.
DNSSEC (Domain Name System Security Extensions): DNSSEC consists of security add-ons developed against attacks such as DNS cache poisoning. Basically, it aims to verify the source of DNS answers, ensure DNS data integrity, and provide non-repudiation security objectives.
DMARC (Domain-based Message Authentication, Reporting & Conformance): The DMARC system has been developed to prevent fraudulent e-mail sending, Phishing, and Spam submissions.
Retrieval of live data for forensic analysis is MOST dependent on which of the following? (Choose two.)
a. Data accessibility
b. Data retention legislation
c. Value and volatility of data
d. Right-to-audit clauses
e. Legal hold
f. Cryptographic or hash algorithm
c. Value and volatility of data
d. Right-to-audit clauses
Explanation
Live Acquisition refers to the acquisition of a machine that is still in operation and capable of receiving volatile data, both static and dynamic.
Such data may be volatile, its value may change, and the right of Control to the data may not be obtained.
A cybersecurity person was asked to determine if the web server is vulnerable to a recently discovered attack on an older version of SSH. What technique should you use to determine the current version of SSH running on web servers?
a. Vulnerability scanning
b. Protocol analysis
c. Passive scanning
d. Banner grabbing
d. Banner grabbing
Explanation
You can connect to a server using telnet or netcat, and the server’s responses can be collected. The information collected usually includes the operating system the server is running, the SSH running on the server, and the version number.
Banner capture is accomplished by actively connecting to the server using telnet or netcat and collecting the web server’s response. This header usually contains the operating system running by the server and the version number of the service running (SSH). This is the fastest and easiest way to determine the SSH version running on this web server. While it is possible to use a vulnerability scanner, protocol analyzer, or perform a passive scan to determine the SSH version, these take more time and are not entirely accurate methods for determining the version running.
Trish got a call from a friend asking why she had sent him an email with obscene and unconventional content. She doesn’t remember sending such an e-mail to her friend. What kind of attack might Trish have been the victim of?
a. Spear phishing
b. Hijacked email
c. Phishing
d. Ransomware
c. Phishing
Explanation
Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers. It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message.
Hijacked email happens when someone hacks your email account and sends messages on your behalf. Compromised email can happen after a system has been compromised by an attacker. The victim usually finds out when someone asks about an email the victim sent them, or when the victim automatically sees an out-of-office reply from one of the recipients of the victim’s emails.
An agreement was signed for penetration testing by a third company to perform an assessment. However, the company wants to remove it from the list of authorized activities as part of the social engineering test. Which of the following documents contains this limitation?
a. Acceptable use policy
b. Memorandum of understanding
c. Rules of engagement
d. Service level agreement
c. Rules of engagement
Explanation
Penetration testing Contract documents define the scope of testing, what will be tested, while the rules of engagement define how this testing will take place. The participation rules state that no social engineering is allowed, no external website browsing, etc. can specify.
If you want to determine whether the target system’s configuration settings are correct in a scan test, which of the following vulnerability scans will provide the best results?
a. Non-credentialed scan
b. Internal scan
c. External scan
d. Credentialed scan
d. Credentialed scan
Explanation
In credential scans, it logs into a system and retrieves configuration information using the credentials of the credential. Therefore, it provides the best results. Non-credential scans are external scans and find configuration settings that can be changed or incorrect.
A security auditor reviews vulnerability scanning data provided by an internal security team. Which of the following options BEST indicates using valid credentials?
a. Scan detects expired SSL certificates
b. Scan results show open ports, protocols, and services on the target host
c. Scanned numbered software versions of installed programs
d. The scan generated a list of vulnerabilities on the target host
c. Scanned numbered software versions of installed programs
Explanation
When scanning with valid identity information while performing a security scan, detailed information about the scanned system can be obtained.
In other types of scans, information about systems with security vulnerabilities can be collected during external scans.
Which of the following BEST describes the difference between a data owner and a data controller?
a. The data subject grants technical permissions for data access, while the data controller maintains database access controls to the data.
b. The data subject is responsible for controlling the data, and the data controller is responsible for maintaining the chain of custody while processing the data.
c. The data owner is responsible for complying with the rules regarding the use of data, and the data controller is responsible for determining the corporate management of the data.
d. The data subject is responsible for determining how the data can be used, and the data controller is responsible for implementing data protection.
c. The data owner is responsible for complying with the rules regarding the use of data, and the data controller is responsible for determining the corporate management of the data.
Explanation
The data owner is responsible for complying with the rules regarding the use of data, and the data controller is responsible for determining the corporate management of the data
Which of the following incident response steps includes actions to protect critical systems while maintaining business operations?
a. Investigation
b. Recovery
c. Lessons learned
d. Enclosure
d. Enclosure
Explanation
When responding to an incident, there should be an incident response plan to follow.
The main purpose of all transactions is to protect the system.
The steps mentioned in the other options are for the clarification of the incident and the measures to be taken to prevent the same incident from happening again.
The company manager asked the network engineer to develop a solution that would allow guests at the company headquarters to access the Internet over WiFi.
The company manager requests that the solution not allow access to the internal company network, but that guests sign an acceptable use policy before accessing the Internet.
Which of the following should a Network Engineer use to meet these requirements?
a. Implement explicit PSK on APs
b. Config. WIPS on APs
c. Install captive portal
d. Deploy a WAF
c. Install a captive portal
Explanation
By setting up a Captiva portal, the Network Engineer can receive confirmation that guests have accepted company policies before accessing the internet.
In addition, captiva can isolate the VLAN it uses for the portal from other VLANs, preventing guests from accessing internal access.
Which of the following cloud models provides customers with nothing more than just servers, storage, and networking?
a. SaaS
b. PaaS
c. DaaS
d. IaaS
d. IaaS