Exam 1 Flashcards

1
Q

A company recently transitioned to a strictly BYOD culture due to the cost of replacing lost or damaged corporate-owned mobile devices. Which of the following technologies would be BEST to balance the BYOD culture while also protecting the company’s data?

a. Containerization
b. Geofencing
c. Full-disk encryption
d. Remote Wipe

A

c. Full-Disk Encryption

Explanation
BYOD (bring your own device). Some organizations allow employees to bring their own mobile devices and connect them to the network.

Employees are responsible for selecting and supporting the device, and often must adhere to a BYOD policy when connecting their devices to the network. The most effective method of protecting the confidential information of companies using the BYOD model is to use full disk encryption. Using strong encryption, information will not be compromised if the device is lost.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

The key priorities of a Security Office (SOs) are to improve preparedness, response, and recovery practices to minimize system downtime and increase organizational resilience to ransomware attacks. Which of the following BEST meets SO’s goals?

a. Use email filtering software and centralized account mgt, patch high-risk systems, and restrict administrative privileges
b. Purchase cyber insurance from a reputable provider to reduce costs during an incident.
c. Invest in end-user awareness training to change the long-term culture and behavior of staff and mangers, reducing the org’s susceptibility to phishing attacks.
d. Implement application whitelisting and centralized event log management, and perform regular testing and verification of full backups.

A

d. Implement application whitelisting and centralized event log management, and perform regular testing and verification of full backups.

Explanation
There are some basic practices that should be followed to minimize the downtime of a system. These: Preventing unwanted applications from running on systems (Creating a White-Black Program list) Ensuring that the events occurring in the systems are followed from a single place (centralized event-log management) Taking backups of the critical systems used in accordance with a certain policy and making sure that these backups are working.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

It is detected that wireless barcode scanners and wireless computers in a warehouse are intermittently transmitting data to the main server. The network engineer was asked to investigate the cause of these outages. Barcode scanners and computers are all found on forklifts and move around the warehouse during their regular use. Which of the following should the engineer do to identify the problem? (Choose two.)

a. Perform a site survey
b. Deploy an FTK Imager
c. Create a heat map
d. Scan for rogue access points
e. Upgrade the security protocols
f. Install a captive portal

A

a. Perform a site survey
c. Create a heat map

Explanation
Site scanning allows seeing the connection strength of wireless devices. In this way, the health status of the device’s communication with the AP is determined.

Using a heat map allows you to determine how devices behave in which positions and see it as a picture.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which of the following is MOST likely to outline the roles and responsibilities of data controllers and data processors?

a. SSAE SOC 2
b. PCI DSS
c. GDPR
d. ISO 31000

A

c. GDPR

Explanation
General Data Protection Regulation (GDPR) is a regulation created to protect personal data.

SSAE SOC 2 is an audit procedure that enables your service providers to securely manage your data to protect the interests of your organization and the privacy of their customers.

PCI DSS, Payment Card Industry Data Security Standard, is an information security standard for organizations using branded credit cards from major card schemes.

ISO 31000 provides principles and general guidelines for managing risks faced by organizations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Phishing and spear-phishing attacks are occurring more frequently in your company against company personnel. Which of the following can help minimize this problem?

a. DNS query logging
b. Exact mail exchanger record in the DNS
c. DNSSEC and DMARC
d. The addition of DNS conditional forwarders.

A

c. DNSSEC and DMARC

Explanation
Targeted phishing is a form of targeted phishing. Rather than indiscriminately emailing everyone, a targeted phishing attack tries to target specific user groups or even a single user.

Targeted phishing attacks can target employees within a company or customers of a company.

DNSSEC (Domain Name System Security Extensions): DNSSEC consists of security add-ons developed against attacks such as DNS cache poisoning. Basically, it aims to verify the source of DNS answers, ensure DNS data integrity, and provide non-repudiation security objectives.

DMARC (Domain-based Message Authentication, Reporting & Conformance): The DMARC system has been developed to prevent fraudulent e-mail sending, Phishing, and Spam submissions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Retrieval of live data for forensic analysis is MOST dependent on which of the following? (Choose two.)

a. Data accessibility
b. Data retention legislation
c. Value and volatility of data
d. Right-to-audit clauses
e. Legal hold
f. Cryptographic or hash algorithm

A

c. Value and volatility of data
d. Right-to-audit clauses

Explanation
Live Acquisition refers to the acquisition of a machine that is still in operation and capable of receiving volatile data, both static and dynamic.

Such data may be volatile, its value may change, and the right of Control to the data may not be obtained.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A cybersecurity person was asked to determine if the web server is vulnerable to a recently discovered attack on an older version of SSH. What technique should you use to determine the current version of SSH running on web servers?

a. Vulnerability scanning
b. Protocol analysis
c. Passive scanning
d. Banner grabbing

A

d. Banner grabbing

Explanation
You can connect to a server using telnet or netcat, and the server’s responses can be collected. The information collected usually includes the operating system the server is running, the SSH running on the server, and the version number.

Banner capture is accomplished by actively connecting to the server using telnet or netcat and collecting the web server’s response. This header usually contains the operating system running by the server and the version number of the service running (SSH). This is the fastest and easiest way to determine the SSH version running on this web server. While it is possible to use a vulnerability scanner, protocol analyzer, or perform a passive scan to determine the SSH version, these take more time and are not entirely accurate methods for determining the version running.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Trish got a call from a friend asking why she had sent him an email with obscene and unconventional content. She doesn’t remember sending such an e-mail to her friend. What kind of attack might Trish have been the victim of?

a. Spear phishing
b. Hijacked email
c. Phishing
d. Ransomware

A

c. Phishing

Explanation
Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers. It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message.
Hijacked email happens when someone hacks your email account and sends messages on your behalf. Compromised email can happen after a system has been compromised by an attacker. The victim usually finds out when someone asks about an email the victim sent them, or when the victim automatically sees an out-of-office reply from one of the recipients of the victim’s emails.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

An agreement was signed for penetration testing by a third company to perform an assessment. However, the company wants to remove it from the list of authorized activities as part of the social engineering test. Which of the following documents contains this limitation?

a. Acceptable use policy
b. Memorandum of understanding
c. Rules of engagement
d. Service level agreement

A

c. Rules of engagement

Explanation
Penetration testing Contract documents define the scope of testing, what will be tested, while the rules of engagement define how this testing will take place. The participation rules state that no social engineering is allowed, no external website browsing, etc. can specify.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

If you want to determine whether the target system’s configuration settings are correct in a scan test, which of the following vulnerability scans will provide the best results?

a. Non-credentialed scan
b. Internal scan
c. External scan
d. Credentialed scan

A

d. Credentialed scan

Explanation
In credential scans, it logs into a system and retrieves configuration information using the credentials of the credential. Therefore, it provides the best results. Non-credential scans are external scans and find configuration settings that can be changed or incorrect.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

A security auditor reviews vulnerability scanning data provided by an internal security team. Which of the following options BEST indicates using valid credentials?

a. Scan detects expired SSL certificates
b. Scan results show open ports, protocols, and services on the target host
c. Scanned numbered software versions of installed programs
d. The scan generated a list of vulnerabilities on the target host

A

c. Scanned numbered software versions of installed programs

Explanation
When scanning with valid identity information while performing a security scan, detailed information about the scanned system can be obtained.

In other types of scans, information about systems with security vulnerabilities can be collected during external scans.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which of the following BEST describes the difference between a data owner and a data controller?

a. The data subject grants technical permissions for data access, while the data controller maintains database access controls to the data.
b. The data subject is responsible for controlling the data, and the data controller is responsible for maintaining the chain of custody while processing the data.
c. The data owner is responsible for complying with the rules regarding the use of data, and the data controller is responsible for determining the corporate management of the data.
d. The data subject is responsible for determining how the data can be used, and the data controller is responsible for implementing data protection.

A

c. The data owner is responsible for complying with the rules regarding the use of data, and the data controller is responsible for determining the corporate management of the data.

Explanation
The data owner is responsible for complying with the rules regarding the use of data, and the data controller is responsible for determining the corporate management of the data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which of the following incident response steps includes actions to protect critical systems while maintaining business operations?

a. Investigation
b. Recovery
c. Lessons learned
d. Enclosure

A

d. Enclosure

Explanation
When responding to an incident, there should be an incident response plan to follow.

The main purpose of all transactions is to protect the system.

The steps mentioned in the other options are for the clarification of the incident and the measures to be taken to prevent the same incident from happening again.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

The company manager asked the network engineer to develop a solution that would allow guests at the company headquarters to access the Internet over WiFi.

The company manager requests that the solution not allow access to the internal company network, but that guests sign an acceptable use policy before accessing the Internet.

Which of the following should a Network Engineer use to meet these requirements?

a. Implement explicit PSK on APs
b. Config. WIPS on APs
c. Install captive portal
d. Deploy a WAF

A

c. Install a captive portal

Explanation
By setting up a Captiva portal, the Network Engineer can receive confirmation that guests have accepted company policies before accessing the internet.

In addition, captiva can isolate the VLAN it uses for the portal from other VLANs, preventing guests from accessing internal access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which of the following cloud models provides customers with nothing more than just servers, storage, and networking?

a. SaaS
b. PaaS
c. DaaS
d. IaaS

A

d. IaaS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A network administrator was asked to create a new data center focused on flexibility and uptime. Which of the following best meets this goal? (Choose two.)

a. Automatic OS upgrades
b. NIC teaming
c. Dual power supply
d. Offsite backups
e. Scheduled pen testing
f. Network-attached storage

A

c. Dual power supply
d. Offsite backups

Explanation
All systems used in system centers that focus on flexibility and uptime should be designed as redundant. Also, system backup should be kept in a different location against emergencies.

17
Q

A company is developing an authentication service for use in ports of entry and exit of country borders. With the service, it will use data broadcasts obtained from CCTV systems, passport systems, passenger manifests and high-definition video broadcasts at the ports. The service will include machine learning techniques to eliminate biometric registration while allowing authorities to identify passengers with increasing accuracy over time. The more often passengers travel, the more accurately the service will identify them. Which of the following biometrics will be used as MOST without registration? (Choose two.)

a. voice
b. face
c. retina
d. fingerprint
e. gait
f. vein

A

b. face
e. gait

Explanation
Only B and E options can enable passengers to be recognized without touching any system or logging in.

18
Q

An organization needs to enforce tighter controls over administrator/root credentials and service accounts. Requirements for the project include:

  • Logging access to credentials
  • Ability to use but not know the password
  • Automatic password changes
  • Entry/exit operations of credentials
  • Which of the following solutions satisfies the requirements?

a. An OpenID Connect authentication system
b. OAuth 2.0
c. Safe Zone
d. A privileged access mgt system

A

a. An OpenID Connect authentication system

Explanation
OpenID Connect works with OAuth 2.0 and allows clients to authenticate end-users without managing their credentials.

In this context, a client is typically a website or application that needs to authenticate users.

OpenID Connect provides identification services without requiring the application to process credentials. It also simplifies the user experience for users.

19
Q

Several employees are returning to work after attending a tech trade show. That same day, the security manager notices several malware alerts from each of the employees’ computers. The security manager starts investigating the situation. But it doesn’t find any signs of attack in the perimeter firewall or NIDS. Which of the following causes the most malware alerts?

a. A fileless virus on a vCard trying to perform an attack
b. A trojan that traverses hosts and executes malicious code
c. A worm launched by presentation media and propagating itself on the intranet
d. A USB flash drive that tries to run malicious code but is blocked by the host firewall

A

c. A worm launched by presentation media and propagating itself on the intranet

Explanation
Since the warning messages come only from the computers of the participants, there is probably a worm in the Presentation media that they receive at the fair, which is started when the presentation is tried to be opened and spreads itself on the intranet.