Exam 3 Flashcards
When peforming a vulnerability scan, Christina discovered an administrative interface to a storage system is exposed to the internet. She looks thorugh the firewall logs and attempts to determine whether any access attempts hvae occurred from external sources. Which of the following IP addresses in the firewall logs would indicate a connection attempt from an external source?
a. 172.16.1.100
b. 10.15.1.100
c. 192.186.1.100
d. 192.168.1.100
192.186.1.100
Private ranges
- x.x.x
- 16-31.x.x
- 168.x.x
In which phase of the security intelligence cycle is input collected from intelligence producers and consumers to improve the implementation of intelligence requirements?
a. Analysis
b. Feedback
c. Collection
d. Dissemination
Feedback
A fornsic analyst needs to access a macOS encrypted drive that uses FileVault 2. Which of the following methods is NOT a means of unlocking the volume?
a. Conduct a brute-force attack against the FileVault 2 encryption
b. Extract the keys from iCloud
c. Acquire the recovery key
d. Retrieve the key from memory while the volume is mounted
Conduct a brute-force attack against the FileVault 2 encryption
Based on some old SIEM alerts, you have been asked to perform a forensic analysis on a given host. You have notived that some SSL network connections are occurring over ports other than 443. The SIEM alerts indicate that copies of svchost.exe and cmd.exe have been found in the host’s %TEMPT% folder. The logs indicate that RDP connections have previously connected with an IP address that is external to the corporate intranet, as well. What threat might you have uncovered during your analysis?
a. Ransomeware
b. DDoS
c. Software vulnerability
d. APT
APT
What tool can be used as an exploitation framework during your penetration tests?
a. nmap
b. nessus
c. autopsy
d. metasploit
Metasploit
What is the term for the amount of risk that an organization is willing to accept or tolerate?
a. risk appetite
b. risk transference
c. risk deterrence
d. risk avoidance
Risk appetite
Risk avoidance - the response of deploying security controls to reduce the likelihood and/or impact of a threat scenario
Risk deterrence - the response of deploying security controls to reduce the likelihood and/or impact of a threat scenario
Risk transference - moves or shares the responsibility of risk to another entity
Review the network diagram provided:
Which of the following ACL entries should be added to the firewall to allow only the system administrator’s computer (IT) to have SSH access to the FTP, Email, and Web servers in the DMZ?
a. 192.168.0.3/24, 172.16.1.4, ANY, TCP, ALLOW
b. 192.168.0.0/24, 172.16.1.4, 22, TCP, ALLOW
c. 172.16.1.4, 192.168.0.0/24, 22, TCP ALLOW
d. 172.16.1.0/24, 192.168.0.0/24, ANY, TCP, ALLOW
172.16.1.4, 192.168.0.0/24, 22, TCP ALLOW
You have been asked to scan your company’s website using the OWASP ZAP tool. When you perform the scan, you received the following warning:
“The AUTOCOMPLETE output is not disabled in HTML FORM/INPUT containing password type input. Passwords may be stored inbrowsers and retrieved.”
You begin to investigate further by reviewing a portion of the HTML code from the website that is listed below:
Based on your analysis, which of the following actions should you take?
a. you recommend that the system administrator pushes out a GPO update to reconfigure the web browsers securtiy settings
b. this is a false positive and you should implement a scanner exception to ensure you don’t receive this again during your next scan
c. you recommend that the system administrator disabled SSL on the server and implements TLS instead
d. you tell the developer to review their code and implement a bug/code fix
You tell the developer to review their code and emplement a bug/code fix
Since your company owns the website, you can require the developer to implement a bug/code fix to prevent the form from allowing the AUTOCOMPLETE function to work on this website. The code change to perform is quite simple, simply adding “autocomplete=off” to the code’s first line. The resulting code would be
.
Which party in a federation provides services to members of the federation?
a. SAML
b. RP
c. IdP
d. SSO
RP
What sanitization technique uses only logical techniques to remove data, such as overwriting a hard drive with a random series of ones and zeroes?
a. degauss
b. destroy
c. purge
d. clear
Clear
Fail to Pass Systems recently installed a break and inspect appliance that allows their cybersecurity analyst to observe HTTPS traffic entering and leaving their network. Consider the following output from a recorded session captured by that appliance:
Which of the following statements is true?
a. this is a normal request from a host to your web server in the screened subnet
b. the passwd file was just downloaded through a webshell by an attacker
c. the web browser used in the attack was Microsoft Edge
d. a request to issue the cat command for viewing the passwd occurred but additional analysis is required to verify if the file was downloaded
A request to issue the car command for viewing the passwd occurred but additional analysis is required to verify if the file was downloaded
Which of the following lists represents the NIST cybersecurity framework’s four tiers, when ordered from least mature to most mature?
a. partial, risk informed, repeatable, adaptive
b. partial, risk informed, managed, adaptive
c. partial managed, risk informed, adaptive
d. partial, repeatable, risk informed, adaptive
Partial, risk informed, repeatable, adaptive
You are a cybersecurity analyst working for an accounting firm that manages the accounting for multiple smaller firms. You have successfully detected an APT operating in your company’s network that appears to have been there for at least 8 months. In conducting a qualitative assessment of the impact, which of the following factors should be most prominently mentioned in your report to your firm’s executives? (SELECT TWO)
a. economic
b. downtime
c. detection time
d. recovery time
e. data integrity
Economic
Data integrity
The economic impact on the business should be your top factor. This would include any possible liability and damage that will be done to the company’s reputation. Data integrity would be the second most important factor to highlight in your report since an APT may have stolen significant amounts of money by altering your financial documentation and accounts’ data integrity.
Which of the following types of information is protected by rules in the United States that specify the minimum frequency of vulnerability scanning required for device that process it?
a. insurance records
b. medical records
c. credit card data
d. driver’s license numbers
Credit card data
The management at Steven’s work is concerned about rogue devices being attached to the network. Which of the follwing solutions would quickly provide the most accurate information that Steve could use to identify rogue devicces on a wired network?
a. a discovery scan using a port scanner
b. router and switch-based MAC address reporting
c. a physical survey
d. reviewing a central administration tool like an endpoint manager
Router and switch-based MAC address reporting