EXAM 1

Question 1

Passive reconnaissance

Answer 1

Passive reconnaissance focuses on gathering as much information from open sources such as social media, corporate websites, and business

Question 2

Regulatory audit

Answer 2

A regulatory audit is a detailed security analysis based on existing laws or private guidelines. A regulatory audit commonly requires access to internal systems and data.

Question 3

DMARC

Answer 3

(Domain-based Message Authentication Reporting and
Conformance) specifies the disposition of spam emails. The legitimate owner of the originating email domain can choose to have these messages accepted, sent to a spam folder, or rejected.

Question 4

DKIM

Answer 4

DKIM (Domain Keys Identified Mail) provides a way to validate all digitally signed messages from a specific email server. DKIM does not determine how the receiving server categorizes these digitally signed
messages

Question 5

What is the acronym of a predection of how often a repairable system will fail or what is the average time expected between outages.

Answer 5

MTBF Mean Time Between Failures

Question 6

An MOA (Memorandum of Agreement)

Answer 6

An MOA (Memorandum of Agreement) is a formal document where both sides agree to a broad set of goals and objectives associated with the partnership.

Question 7

What is a Deterrent control

Answer 7

A deterrent control does not directly stop an attack, but it may discourage an action; splash screen, front reception desk, warning signs.

deterrent discourages an intrusion attempt, but it doesn’t directly prevent the access. An application splash screen or posted warning sign would be categorized as a deterrent.

Question 8

What is a Detective control

Answer 8

A detective control may not prevent access, but it can identify and record when an intrusion has occurred; for example, going through system logs and login reports, motion detectors.

An IPS can detect, alert, and log an intrusion attempt. The IPS could also be categorized as a preventive control, since it has the ability to actively
block known attacks.

Question 9

What is a Directive control

Answer 9

A directive control is relatively weak control which relies on security compliance from the end users. Direct a user towards security compliance. “Authorized Personal Only”

Question 10

COPE

Answer 10

A device that is COPE (Corporately Owned and Personally Enabled) is commonly purchased by the corporation and allows the use of the mobile device for both business and personal use. The use of a COPE device does not provide any policy management of the device.

Question 11

What is a compensating control

Answer 11

Compensating controls are used to mitigate a vulnerability when an optimal security response may not be available. For example, if a company can’t deploy a patch for a vulnerability, they can revoke or limit application access until a patch is provided.

A compensating security control doesn’t prevent an attack, but it does restore from an attack using other means. In this example, the UPS (Uninterruptible Power Supply) does not stop a power outage, but it does provide alternative power if an outage occurs.

Question 12

802.1X

Answer 12

802.1X uses a centralized authentication server, and this allows all users to use their corporate credentials during the login process.

Question 13

What is Discretionary access

Answer 13

Discretionary access control is used in many operating systems, and this model allows the owner of the resource to control who has access.

Question 14

Development lifecycle

Answer 14

A formal software development lifecycle defines the specific policies associated with the design, development, testing, deployment, and maintenance of the application development process.

Question 15

hybrid cloud model

Answer 15

A hybrid cloud includes more than one private or public cloud. This adds additional complexity to the overall infrastructure, and it’s common to inadvertently apply different authentication options and user permissions
across multiple cloud providers.

Question 16

A manufacturing company would like to track the progress of parts used on an assembly line

Answer 16

The ledger functionality of a blockchain can be used to track or verify components, digital media, votes, and other physical or digital objects.

Question 17

administrator is downloading an updated version of her Linux distribution. The download site shows a link to the ISO and a SHA256 hash value, why?

Answer 17

Verifies that the file was not corrupted during
the file transfer Once the file is downloaded, the administrator can calculate the file’s SHA256 hash and confirm that it matches the value on the website.

Question 18

What decreases threat level?

Answer 18

Mitigation decreases the threat level. This is commonly done through the use of additional security systems and monitoring, such as an NGFW (Next-Generation Firewall).

Question 19

What is enumeration

Answer 19

Enumeration describes the detailed listing of all parts in a particular device. For a computer, this could include the CPU type, memory, storage drive details, keyboard model, and more.

Question 20

security awareness campaign

Answer 20

A security awareness campaign often involves automated phishing attempts, and most campaigns will include a process for users to report a suspected phishing attempt to the IT security team.

Question 21

SCAP

Answer 21

Automate the validation and patching of security issues
SCAP (Security Content Automation Protocol) focuses on the standardization of vulnerability management across multiple security tools. This allows different tools to identify and act on the same security criteria.

Question 22

HSM

Answer 22

An HSM (Hardware Security Module) is a high-end cryptographic hardware appliance that can securely store keys and certificates for all devices.

Question 23

ALE

Answer 23

ALE (Annual Loss Expectancy) is the financial loss over an entire 12-month period.

Question 24

SLE

Answer 24

SLE (Single Loss Expectancy) describes the financial impact of a single event.

Question 25

ARO

Answer 25

The ARO (Annualized Rate of Occurrence) is the number of times an event will occur in a 12-month period.

Question 26

Worm

Answer 26

A worm is malware that can replicate itself between systems without any user intervention, so a spreadsheet that requires additional a user to click warning messages would not be categorized as a worm.

Question 27

penetration test

Answer 27

A penetration test can be used to actively exploit potential vulnerabilities in a system or application. This could cause a denial of service or loss of data, so the best practice is to perform the penetration test during nonproduction hours or in a test environment

Question 28

Technical controls

Answer 28

a control that has been implemented by using some kind of technical system; firewalls, antivirus.

Question 29

managerial controls

Answer 29

are security policies to explain to users the best way to manage their data, etc.

Question 30

operational controls

Answer 30

controls implemented by a person instead of systems; for example, security guards, awareness programs at work.

Question 31

physical controls

Answer 31

controls that will limit someone’s access to a building, room, or device; guard shack, fences, badge readers are examples of physical controls
.

Question 32

preventive control type

Answer 32

block access to a resource for example, firewall rule or a guard shack checking everyone identities.

Question 33

Corrective control

Answer 33

Occurs after the event has been detected. for example, if a computer has been infected by ransomware and the drive has been encrypted, restoring it from a backup is a corrective control. Putting out a fire with a fire extinguisher, or calling law enforcement to manage a criminal activity.

Question 34

Examples of ‘something you know”

Answer 34

passwords, PIN

Question 35

Examples of “something you have”

Answer 35

smart cards, USB security key, hardware device token, software token, sms text messages.

Question 36

something you are

Answer 36

biometric authentication , finger print, voice.

Question 37

somewhere you are

Answer 37

based on your location

Question 38

What is journaling

Answer 38

Journaling writes data to a temporary journal before writing the information to the database. If power is lost, the system can recover the last transaction from the journal when power is restored.

Question 39

data owner

Answer 39

The data owner is accountable for specific data, so this person is often a senior officer of the organization

Question 40

OSINT

Answer 40

OSINT (Open Source Intelligence) describes the process of obtaining information from open sources such as social media sites, corporate websites, online forums, and other publicly available locations.

Question 41

Partially known environment

Answer 41

partially known environment test is performed when the attacker knows some information about the victim, but not all information is available. Which is different for a passive reconnaissance.

Passive reconnaissance is the process of gathering information from publicly available sites, such as social media or corporate websites.

Question 42

asymmetric encryption

Answer 42

user in the accounting department would like to email a spreadsheet with sensitive information to a list of third-party vendors. Which of the following would be the BEST way to protect the data in this email?

Asymmetric encryption uses a recipient’s public key to encrypt data, and this data can only be decrypted with the recipient’s private key. This encryption method is commonly used with software such as PGP or GPG.

Question 43

What is the acronym for the time required to repair a product or system after a failure.

Answer 43

MTTR Mean time to Repair

Question 44

RTO

Answer 44

RTO (Recovery Time Objectives) define the minimum objectives required to get up and running to a particular service level.

Question 45

What is the terminology to act honestly and in good faith which is often associated with third-party activities and tends to refer to internal activities.

Answer 45

Due Care

Question 46

A fact about alert tuning

Answer 46

Monitoring systems are not always perfect, and many require ongoing tuning to properly configure alerts and notifications.

Question 47

a fact about misinformation campaign

Answer 47

Misinformation campaigns are carefully crafted attacks that exploit social media and traditional media.

Question 48

MD5 hashes due to collision problems

Answer 48

Two different messages share the same hash
A well-designed hashing algorithm will create a unique hash value for every possible input. If two different inputs create the same hash, the hash
algorithm has created a collision.

Question 49

A security administrator has identified the installation of ransomware on a database server and has quarantined the system. Which of the following should be followed to ensure that the integrity of the evidence is maintained?

Answer 49

A chain of custody is a documented record of the evidence. The chain of custody also documents the interactions of every person who comes into
contact with the evidence to maintain the integrity.

Question 50

E-discovery

Answer 50

E-discovery is the process of collecting, preparing, reviewing, interpreting, and producing electronic documents. However, e-discovery does not provide any additional integrity of the data.

Question 51

Which of the following vulnerabilities would be the MOST significant security concern when protecting against a hacktivist

Answer 51

Lack of patch updates on an Internet-facing
database server. One of the easiest ways for a third-party to obtain information is through an existing Internet connection. A hacktivist could potentially exploit an unpatched server to obtain unauthorized access to the operating system and data.

Question 52

UTM

Answer 52

A UTM (Unified Threat Management) appliance acts as a traditional firewall, and many UTMs may also include additional features such as intrusion prevention and content filtering. However, UTMs are not commonly used for protection of web-based applications.

Question 53

WAF

Answer 53

A WAF (Web Application Firewall) is designed as a firewall for web-based applications. WAFs are commonly used to protect against application attacks such as injections, cross-site scripting, and invalid input types.

Question 54

TPM

Answer 54

A TPM (Trusted Platform Module) is part of a computer’s motherboard, and it’s specifically designed to assist and protect with cryptographic functions. Full disk encryption (FDE) can use the burned-in TPM keys to verify the local device hasn’t changed, and there are security features in
the TPM to prevent brute-force or dictionary attacks against the full disk encryption login credentials.

Question 55

Mandatory

Answer 55

Mandatory access control uses a series of security levels (i.e., public, private, secret) and assigns those levels to each object in the operating system. Users are assigned a security level, and they would only have access
to objects that meet or are below that assigned security level

Question 56

Role based

Answer 56

Role-based access control assigns a user’s permissions based on their role in the organization. For example, a manager would have a different set of rights and permissions than a team lead.