Failed on 2nd practice exam

Question 1

a cloud network hub that allows users to interconnect virtual private clouds (VPC) and on-premises networks through a central console.

Answer 1

A transit gateway

Question 2

Which value is the result of a quantitative or qualitative risk analysis?

Answer 2

Inherent risk

Question 3

Which control types does a systems engineer implement when an initial locking mechanism does not perform as expected?

Answer 3

Compensating
Preventatve

Question 4

control acts to eliminate or reduce the impact of an intrusion event.

Answer 4

A corrective control is used after an attack.

Question 5

detective control

Answer 5

may not prevent or deter access, but it will identify and record any attempted or successful intrusion.

Question 6

An organization remodels an office which results in the need for higher security during construction. Placing a security guard by the data center utilizes which control types?

Answer 6

Operational
Preventative

Question 7

A control that acts to eliminate or reduce the likelihood that an attack can succeed.

Answer 7

A preventative control acts to eliminate or reduce the likelihood that an attack can succeed. A preventative control operates before an attack can take place.

Question 8

A control implemented primarily by people rather than systems.

Answer 8

Operational control

Question 9

What authentication protocol uses MSCHAP?

Answer 9

LEAP uses MSCHAP

Question 10

What authentication protocl uses MSCHAPv2

Answer 10

PEAPv0 also known as EAP-MSCHAPv2.

Question 11

What can assist in routing information on an attack to a honeynet?

Answer 11

Domain Name Service (DNS) sinkhole is used to intercept DNS requests attempting to connect to known malicious or unwanted domains and returning a fake IP address.

Question 12

What authentication method does 802.1x framework use

Answer 12

EAP or extensible authentication protocol

Question 13

What is a TAP?

Answer 13

A test access point (TAP) is a hardware device that copies signals from the physical layer and the data link layer
Test access points (TAPs) can be either active or passive.
Avoids frame loss
More reliable than SPAN
Can be active or passive

Question 14

SPAN

Answer 14

SPAN (switched port analyzer) is simply mirroring ports.
Can only be active.

Question 15

What is one way to protect against SSL stripping

Answer 15

HTTP Strict Transport Security (HSTS) forces browsers to connect using HTTPS only, mitigating downgrade attacks, such as Secure Socket Layer (SSL) stripping.

Question 16

What replaced RC4/TKIP to make WPA2 significantly more secure than WPA?

Answer 16

For WPA2, AES (Advanced Encryption Standard) deploys within CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol). AES replaces RC4, and CCMP replaces TKIP. AES is for encryption, and CCMP is for message integrity

Question 17

Devices deployed in a network and that send data to the local area network (LAN) level and process it with an Internet of things (IoT) sensor are which of the following?

Answer 17

Fog computing provides decentralized local access by deploying fog nodes throughout the network

Question 18

OCSP stapling

Answer 18

Stapling addresses the privacy issues surrounding Online Status Certificate Protocol (OCSP) by having the SSL/TLS web server periodically obtain a time-stamped response from the Certificate Authority. Then, when a client submits an OCSP request, the web server returns the time-stamped response.

Question 19

How does the General Data Protection Regulations (GDPR) classify data that can prejudice decisions, such as sexual orientation?

Answer 19

The sensitive classification is used in the context of personal data about a subject that could harm them if made public and could prejudice decisions made about them if referred to by internal procedures.

Question 20

What could a hacker use to extract passwords from a database file?

Answer 20

Hashcat is a popular password cracker developed for Linux. It is one of many password crackers the hacker could potentially use to extract passwords from the hashed password database.

Question 21

Identify types of metadata that would be associated with CDR (call detail records) of mobile devices.

Answer 21

List of towers connected
Call duration
SMS text timestamps

Question 22

when using a SIEM what can help manage log collections

Answer 22

deploying listeners
A management server can be configured to be a listener or collector to gather logs from multiple sources and parse the data before sending it to the SIEM system. Multiple listeners can better manage collections to reduce the number of systems communicating with the SIEM.

Question 23

What tool could a hacker us to obtain credentials from a Windows system?

Answer 23

Mimikatz

Question 24

hybrid password attack

Answer 24

A hybrid password attack uses a combo of dictionary and brute force attacks. It is targeted against weak and/or re-used passwords.