for 433 class final Flashcards
cram more
Which of the following is NOT part of the “CIA Triad”?
-Confidentiality
-Information
-Integrity
-Availability
Information
Which “Security Control” makes use of firewalls and anti-virus software?
-Physical
-Network
-Operational
-Technical
Technical
Security guards and training programs are an example of what type of control?
-Technical
-Operational
-Managerial
-Physical
Operational
An employee’s contract that sets out disciplinary procedures or causes for dismissal if they do not comply with policies and procedures is an example of what type of control?
-Deterrent
-Directive
-Compensating
-Managerial
Directive
____________ ensures that data is not modified or tampered with.
-Non-repudiation
-Confidentiality
-Persistence
-Integrity
Integrity
A backup system that restores data damaged during an intrusion is an example of what type of control?
-Directive
-Technical
-Corrective
-Deterrent
Corrective
_______________ is the process of identifying security issues and deciding which countermeasures to take in reducing risk to an acceptable level.
-Risk acceptance
-Risk triage
-Risk management
-Risk avoidance
Risk management
Which of the following is a weakness that allows a threat to be carried out?
-Threat
-None of these
-Vulnerability
-Exploit
Vulnerability
____________ provides validation of a message’s origin.
-Non-repudiation
-Confidentiality
-Persistence
-Integrity
Non-repudiation
Which type of control is used after an attack?
-Preventive
-Corrective
-Operational
-Detective
Corrective
Which type of hacker usually seek to exploit security vulnerabilities for some kind of financial reward or revenge.
-Cyber terrorists
-Cyber spies
-Cybercriminals
-Script kiddies
Cybercriminals
Which type of attack uses common internet tools and protocols, making it difficult to distinguish an attack from legitimate traffic.
-Indistinguishable attack
-Common attack
-Sophisticated attack
-Varied behavior attack
Sophisticated attack
Alarms, gateways, locks, lighting, and security cameras are an example of what type of control?
-Technical
-Physical
-Operational
-Managerial
Physical
Which of the following is a procedure or product that takes advantage of a vulnerability to carry out a threat?
-Vulnerability
-Threat
-Exploit
-None of these
Exploit
Which of the following is NOT one of the four (4) broad categories of “Security Controls”?
-Network
-Operational
-Managerial
-Physical
Network
What type of “Threat Actor” typically lacks the skills and sophistication of legitimate hackers.
-Hacktivist
-Gray hat
-Script Kiddies
-White hat
Script Kiddies
Which of the following is an example of “Availability Loss”?
-Phishing
-Identity theft
-Unauthorized file transfers
-Customer access denied
Customer access denied
A ___________ automatically replicates itself without an activation mechanism and can travel across computer networks without any user assistance.
-trojan horse
-worm
-fileless virus
-zombie
worm
A _________ is a set of programs that allows attackers to maintain permanent administrator-level, hidden access to a computer.
-rootkit
-logic bomb
-zombie
-spyware
rootkit
What is the process of manipulating others into providing sensitive information?
-None of these
-Subterfuge
-Reconnaissance
-Social Engineering
Social Engineering
___________ is based on the premise that no single layer is completely effective in securing assets.
-Variety
-Defense in depth
-Randomness
-Principle of least privilege
Defense in depth
According to the lecture, what is a primary objective of an attacker?
-Creating backdoors
-Breaching the system
-Exploiting vulnerabilities
-Escalating privileges
Escalating privileges
A ____________ uses legitimate programs to infect a computer. It leaves no footprint, making it undetectable by most antivirus, whitelisting, and other traditional endpoint security solutions.
-worm
-fileless virus
-zombie
-trojan horse
fileless virus
Which of the following are sources of OSINT?
-All of these are sources of OSINT.
-Media (newspapers, magazines, advertisements)
-Professional and academic publications (journals, academic papers, dissertations)
-Internet (websites, blogs, social media)
All of these are sources of OSINT.
The _____________ is all the points at which a malicious threat actor could try to exploit a vulnerability.
-threat vector
-attack vector
-network vector
-attack surface
attack surface
Organized crime groups often utilize _________ attacks.
-random
-persistent
-targeted
-opportunistic
targeted
Which of the following is NOT a device vulnerability?
-Weak security configurations
-Hard coded credentials
-Updated firmware
-Misconfigurations
Updated firmware
A ___________ is the path that a threat actor uses to execute a data exfiltration, service disruption, or disinformation attack.
-attack vector
-attack surface
-network vector
-threat vector
threat vector
Which of the following is NOT a type of motivation or manipulation normally used in social engineering?
-Greed
-Trust
-Ignorance
-Patriotism
Patriotism
Which “Threat Actor” type often crosses ethical/legal lines, but does so with good intentions?
-Brown hat
-Black hat
-Gray hat
-White hat
Gray hat
What type of homomorphic encryption allows only select simple math functions (such as addition) to be performed an unlimited number of times on the encrypted values?
-Partially Homomorphic Encryption (PHE)
-Somewhat Homomorphic Encryption (SHE)
-Additive Homomorphic Encryption (AHE)
-Full Homomorphic Encryption (FHE)
Partially Homomorphic Encryption (PHE)
What term describes a hardware chip on the motherboard that can generate and store cryptographic keys?
-BIOS
-SHA
-HSM
-TPM
TPM
Which type of encryption is useful when a large amount of data needs to be encrypted as the encryption process requires less CPU power than other encryption methods?
-Hybrid
-Asymmetric
-Symmetric
-None of these
Symmetric
Which cryptographic method is one of the newer methods being implemented, and is able to generate smaller keys that are more secure than most other methods?
-RC
-Perfect Forward Secrecy
-ECC
-DES
ECC
What term describes a reputable organization, responsible for issuing public certificates to other companies or organizations for secure communication over the internet?
-OCSP
-PKI
-CRL
-CA
CA
What one of the biggest limitations of encryption?
-Weakness in keys
-Speed
-Availability
-Resources
Speed
What term describes the technique of hiding or concealing a file, message, image, or video within another file, message, image, or video?
-Hashing
-Steganography
-Salting
-Cryptography
Steganography
hat type of attack tries to find two inputs that produce the same hash value?
-Downgrade
-Dictionary
-Birthday
-Collision
Collision
Mary wants to send a message to Sam in such a way that only Sam can read it. Which key should be used to encrypt the message?
-Mary’s private key
-Mary’s public key
-Sam’s public key
-Sam’s private key
Sam’s public key
Which of the following statements regarding Digital Signatures is NOT true?
-A digital signature verifies that the data is legitimate.
-A digital signature provides non-repudiation.
-Utilizes asymmetric encryption.
-By combining a user’s public encryption key and a hash of the data, a user can create a digital signature.
By combining a user’s public encryption key and a hash of the data, a user can create a digital signature.
What is an encryption tool that encrypts emails, digitally signs emails, and encrypts documents, and is an implementation of the Pretty Good Privacy (PGP) Protocol?
-Bitlocker
-GPG
-EFS
-TMP
GPG
Which of the following is used to verify that a downloaded file has not been altered?
-Hash
-Asymmetric encryption
-Symmetric encryption
-Private key
Hash
What term describes the type of key that is generated for each new session or message sent, and is often used with instant messaging apps?
-Salted
-Ephemeral
-Static
-Dynamic
Ephemeral
What term describes a table of passwords and their generated hashes that a hacker could use to try to match hashes instead of the actual passwords?
-Hash table
-Collision table
-Rainbow table
-One-way table
Rainbow table
A PKI is an implementation for managing which type of encryption?
-Symmetric
-Asymmetric
-Hashing
-Steganography
Asymmetric
_________ is defined as the process of writing or solving messages using a secret code.
-Cryptography
-Cipher
-Encryption
-Hashing
Cryptography
Which method of data encryption encrypts data at rest, which is data not being currently used?
-None of these
-Column-level Encryption
-Transparent Data Encryption
-Application-level Encryption
Transparent Data Encryption
________ is the process of converting one value into another using a mathematical algorithm like MD5 or SHA.
-Hashing
-Cipher
-Cryptography
-Encryption
Hashing
Which of the following encryption mechanisms offers the least security because of weak keys?
-TwoFish
-AES
-IDEA
-DES
DES
What term describes a random number of characters are added to the password before the hash is created?
-Cipher
-Padding
-Offset
-Salt
Salt
What is the process whereby two communicating entities authenticate each other?
-Mutual Authentication
-Transitive Authentication
-Dual Authentication
-Mutual Identity
Mutual Authentication
What is a digital document that identifies a user or a computer, and includes a subject name, which is the name of a user or a computer?
-Certificate
-Digital signature
-Smart card
-Token
Certificate
Which of the following is a way of proving identity?
-Something you are
-Something you have
-Something you know
-All of the above
All of the above
Which type of “Access Control” is often used for managing user access to one or more systems?
-Mandatory Access Control
-Discretionary Access Control
-Role-Based Access Control
-Rule-Based Access Control
Rule-Based Access Control
A __________ is a group of domains that have established trust and therefore shared authorizations.
-alliance
-attestation
-transitive trust
-federation
federation
What networking model is based on peer-to-peer networking and does not require any specialized software?
-Workgroup
-Domain
-Stand-alone
-Client-Server
Workgroup
What term describes the practice of granting each user or group of users only the necessary access to do their job or perform their official duties?
-Separation of duties
-Mutual authentication
-Job rotation
-Principle of least privilege
Principle of least privilege
Which of the following statements regarding “Organizational Units (OUs)” is NOT true?
-Simplifies security administration
-Can hold other organizational units
-Is a leaf object
Is a leaf object
Authentication and Authorization are two of the “A’s” in AAA. What is the third “A”?
-Accounting
-Actualization
-Authenticity
-None of these
Accounting
A(n) ________ is a group of related domains that share the same contiguous DNS namespaces.
-tree
-organizational unit (OU)
-forest
-workgroup
Tree
What authentication protocol was developed by M.I.T. and is used by Windows, Linux, and UNIX?
-Kerberos
-OAuth
-Shibboleth
-OPEN ID Connect
Kerberos
Which Linux file contains password information?
-/etc/password
-/etc/user
-/etc/passwd
-/etc/shadow
/etc/shadow
Which of the following statements regarding Windows Active Directory is NOT true?
-The domain is the basic administrative unit of an Active Directory structure.
-With Active Directory, all computers share the same central database on a remote computer called a domain controller.
-Active Directory is a non-hierarchical database.
-Active Directory is a centralized database that contains user account and security information.
Active Directory is a non-hierarchical database.
What is a cloud-based identity and access management service provided by Microsoft?
-Azure Active Directory
-Office 365 AD
-AWS AD
-Active Directory
Azure Active Directory
A Windows “Picture Password” would be an example of what type of biometrics?
-Behavioral
-Geolocation
-Geolocation
-Standard
Cognitive
A _________ is a type of firewall that stands as an intermediary between clients requesting resources from other servers and is often called an application-level gateway because it performs filtering at the Application layer.
-proxy server
-VPN
-validation server
-DMZ
proxy server
A ________ is a special network created to trap potential attackers.
-unsecured zone
-guest zone
-honeynet
-ad hoc zone
honeynet
Which OSI networking layer processes frames and forwards traffic based on MAC addresses?
-Layer 1 (Physical Layer)
-Layer 3 (Network Layer)
-Layer 4 (Transport Layer)
-Layer 2 (Data Link Layer)
Layer 2 (Data Link Layer)
What is the main component of secure network-architecture concepts?
-Network Access Control (NAC)
-None of these
-Firewalls
-Network segmentation
Network segmentation
Which type of switch attack overloads the switch’s MAC forwarding table to make the switch function like a hub?
-MAC spoofing
-MAC flooding
-ARP poisoning
-Denial of Service
MAC flooding
A ___________ VPN uses a server (called a VPN concentrator) configured to accept VPN connections from individual hosts.
-host-to-host
-site-to-site
-remote-access
-concentrated
remote-access
An ___________ makes security decisions based on information contained within the data portion of a packet.
-proxy server
-stateless firewall
-Application layer firewall
-stateful inspection firewall
Application layer firewall
Which type of ACL should be placed as close to the destination as possible?
-Dynamic
-Extended
-Static
-Standard
Standard
When utilizing switch port security, what type of address is used to identify allowed and denied devices?
-UDP
-IP
-TCP
-MAC
MAC
Which switch security feature is a logical grouping of computers based on switch ports?
-MAC Filtering/Port Security
-NAC
-Port Authentication
-VLAN
VLAN
Which port is used by SSL, and is already open in most firewalls?
-443
-1701
-500
-30
443
Which of the following represents an “inherent vulnerability”?
-Internet of Things (IoT) devjces
-Supervisory Control and Data Acquisition (SCADA) devices
-If your organization needs to use an older version of Windows for a particular application.
-All of these
All of these
Which of the following is an example of P2P software?
-Network Protocols
-BitTorrent
-Office Productivity Software
-DOS
BitTorrent
What is a device or software running on a device that inspects network traffic and allows or blocks traffic based on a set of rules?
-Firewall
-Multi-homed gateway
-Extranet
-VPN
Firewall
Which of the following is an example of a network segmentation zone?
-honeynet
-All of these
-wireless
-extranet
honeynet,wireless,extranet
What type of NAC agent is downloaded, or a temporary connection is established, and is removed once the user is done with it?
-Dissolvable
-Permanent
-Agentless
-One-time
Dissolvable
The __________ is located between the private network and an untrusted network (such as the internet) and is protected by a firewall.
-VPN
-Intranet
-Extranet
-DMZ
DMZ
How many broadcast domains are present in the network shown below?
-2
-1
-0
-4
2 vlans
Trying to brute-force the root password on a web server is considered what type of attack?
-External
-Active
-Passive
-Internal
Active
What type of “traffic control device” often separates “security zones”?
-Server
-Firewall
-Switch
-Honeypot
Firewall
When it comes to Physical Security, which step below should be deployed first?
-Delay the violator to allow for response
-Detect the intrusion
-Deter initial access attempts
-Deny direct physical access
Deter initial access attempts
Which type of offline password attack conducts a statistical analysis on the stolen passwords that is used to create a mask to break the largest number of passwords?
-Brute force attack
-Rule attack
-Mask attack
-Rainbow table attack
Rule attack
____________ is a process in which controls are implemented in layers to ensure that defeating one level of security does not allow an attacker subsequent access.
-Physical security
-Network security
-Effective security
-Defense in depth
Defense in depth
Which type of offline password attack creates a large pre-generated data set of candidate digests?
-Mask attack
-Rainbow table attack
-Brute force attack
-Rule attack
Rainbow table attack
___________ is the protection of corporate assets from threats, such as theft or damage.
-Logical security
-Corporate security
-Physical security
-Internal security
Physical security
Which of the following tools is used during the reconnaissance phase of pen testing?
-theHarvester
-Sn1per
-Nessus
-All of the above
All of the above
Mantraps can be used to prevent what type of facility penetration technique?
-Network
-Faraday attack
-Piggybacking
-Brute force
Piggybacking
In network monitoring, what term is used for computers that send the most data, either from your network or into your network?
-Promiscuous clients
-Top talkers
-Active clients
-Active communicators
Top talkers
The _____ line of defense in protecting computer systems is to control access to the location where the computers are located.
-last
-third
-first
-second
first
What is the most critical factor in a strong password?
-Length
-Complexity
-Non-personal information
-Expiration date
Length
Which type of man-in-the-middle attack sends a malicious ARP request to a computer and a router to update their ARP caches, remapping the IP address of each to the attacker’s MAC address.
-MAC flooding
-MAC spoofing
-ARP spoofing
-ARP Poisoning
ARP Poisoning
_________ readers transmit a low radio frequency (RF). When a card is within a certain distance, the card uses the RF signal to transmit the code to the reader.
-Proximity card
-Magnetic stripe
-Area card
-Barcode
Proximity card
Which of the following is NOT a common protocol analyzer?
-TCPdump
-Wireshark
-Nessus
-Ethereal
Nessus
What network monitoring tool captures transmitted frames and analyzes the traffic that exists on the network along with the source and destination of that traffic?
-Throughput tester
-IP scanner
-Packet sniffer
-Protocol analyzer
Protocol analyzer
What is a special network device that imitates valid network devices and is used to attract attackers and capture information about them?
-IDS
-IP Scanner
-Honeypot
-Nessus
Honeypot
Which of the following statements is NOT true regarding change-control policies?
-Help to Help to make user community aware of changes
-Help to reduce the risk associated with these changes
-Help to streamline any changes made to new or existing software
-Provide awareness to the consequences of an outage
Help to make user community aware of changes
Which of the following standards relates to the use of credit cards?
-PCI DSS
-SOX
-Financial audit
-PoLP
PCI DSS
Which of the following laws was designed to protect a child’s information on the internet?
-GLBA
-GDPR
-COPPA
-CCPA
COPPA
Which type of vulnerability scan can be performed on production systems?
-Non-credentialed scan
-Intrusive scan
-Credentialed scan
-Non-intrusive scan
Non-intrusive scan
Which of the following statements is NOT true regarding Rights Management?
-Identifies sensitive files.
-Security policy is stored on a centralized server.
-Allows continued control access to the file even when it’s no longer in your system.
-Data is protected at the file level.
Security policy is stored on a centralized server.
In which of the following states is DLP NOT monitored?
-While in motion as it is transmitted over the network
-While at rest on endpoint systems
-While at rest on a storage medium
-While being transmitted to or from cloud-based systems
While at rest on endpoint systems
Which security team are the referees of cybersecurity?
-Blue team
-Red team
-White team
-Purple team
White team
What term identifies a crucial component of the vulnerability management process, with specialized tools utilized to identify potential weaknesses in an organization’s digital assets automatically.
-Vulnerability scanning
-Vulnerability analysis
-Vulnerability remediation
-Port scanning
Vulnerability scanning
Which CVSS v2.0 severity rating has a base score between 7.0 and 8.9?
-Severe
-Medium
-Critical
-High
High
Which DLP implementation solution could be something as simple as restricting the use of USB devices?
-Cloud DLP
-Endpoint DLP
-Network DLP
-File-Level DLP
Endpoint DLP
Which DLP implementation is also referred to as Chinese Wall solution?
-Cloud DLP
-Network DLP
-Endpoint DLP
-Folder-level DLP
Endpoint DLP
Which type of vulnerability scan is difficult to manage in a large network?
-Intrusive scan
-Credentialed scan
-Non-credentialed scan
-Non-intrusive scan
Credentialed scan
Which type of vulnerability scan simulates the view of an outside attacker?
-Intrusive scan
-Non-credentialed scan
-Non-intrusive scan
-Credentialed scan
Non-credentialed scan
Which security team is responsible for stopping the red team’s advances?
-Blue team
-White team
-Red team
-Purple team
Blue team
Which of the following is NOT a DLP implementation?
-Network DLP
-Cloud DLP
-Folder-Level DLP
-Endpoint DLP
Folder-Level DLP
Which DLP implementation solution analyzes network traffic in an attempt to detect sensitive data that is being transmitted in violation of an organization’s security policies?
-File-Level DLP
-Endpoint DLP
-Network DLP
-Cloud DLP
Network DLP
Which of the following is NOT true regarding false positive scans?
-Shows a vulnerability when none exists.
-Requires follow up to verify?
-Usually occurs due to a scan misconfiguration.
-Happens often.
Usually occurs due to a scan misconfiguration.
What do Apple’s macOS vulnerabilities often stem from?
-Its UNIX-based architecture
-Its large install base
-General complacency on the part of Apple
-Its proprietary code
Its UNIX-based architecture
In which phase of the penetration testing life cycle does the team attempt to extract information such as usernames, computer names, network resources, share names, and running services?
-Reconnaissance
-Ennumeration
-Footprinting
-Extraction
Ennumeration
What term describes the process of identifying vulnerabilities in a system or network?
-Threat Hunting
-Vulnerability management
-Vulnerability assessment
-Vulnerability scanning
Vulnerability assessment
What is the name of the built-in Linux firewall?
-iptables
-netstat
-droptables
-nmap
iptables
Which wireless network access method should be used only in public places that want to offer free wireless access?
-Pre-shared key (PSK)
-Open Network
-Wi-Fi Protected Setup (WPS)
-Captive Portal
Open Network
Which form of EAP was created by Cisco and uses a Protected Access Credential (PAC) to authenticate users?
-EAP-FAST
-EAP-TLS
-EAP-TTLS
-PEAP
EAP-FAST
Which type of update includes all previously released bug fixes?
-None of these
-Service Pack
-Patch
-Hotfix
Service Pack
In which type of Wi-Fi attack is a rogue AP configured to mimic the legitimate network, and the attacker uses a jamming or disassociation attack to knock users off the legitimate network.
-Disassociation
-Rogue Access Point
-Jamming
-Evil twin
Evil twin
During an Agile sprint, how many features does a developer work on?
-1-2
-4 or less
-1
-2-3
1
Which of the following is NOT correct regarding TFTP?
-Utilizes TCP
-Provides no encryption
-Faster than FTP
-Provides no authentication
Utilizes TCP
What application development term refers to removing a resource that is no longer needed?
-Hardening
-Baselining
-Deprovisioning
-Provisioning
Deprovisioning
What encryption standard is used by SSL?
-AES
-RSA
-IDEA
-DES
AES
Which of the following functions are not present in a Small Office Home Office (SOHO) wireless router?
-A switch
-A wireless LAN controller
-An access point
-A router
A wireless LAN controller
Which type of wireless site survey uses software, building blueprints, and can be completed remotely?
-Active survey
-Passive survey
-Remote survey
-Predictive survey
Predictive survey
Which form of EAP is considered to be one of the most secure EAP standards available and requires signed client-side and server-side certificate authority (CA) PKI certificates ?
-EAP-TLS
-PEAP
-EAP-FAST
-EAP-TTLS
EAP-TLS
Which type of resource is primarily vulnerable to denial-of-service (DoS) and access attacks?
-Email
-File and print
-Web
-DNS
File and print
What is a patch management tool that allows clients on a network to download only Microsoft software updates from a server internal to their organization?
-SSH
-FTP
-Group policy
-WSUS
WSUS
Which of the following statements is NOT true regarding Internet Key Exchange (IKE)?
-Uses mutual authentication that is provided by either pre-shared keys on both endpoints or certificates issued by a CA.
-Uses a Diffie-Hellman key exchange to set up a shared session secret from which cryptographic keys are derived.
-Can be implemented to automate the selection of the best security association for each connection.
-Uses UDP port 443.
Uses UDP port 443.
Security templates are used for which of the following?
-Compare the actual settings on a device to the settings required by the configuration baseline.
-All of these
-Quickly apply settings to one or more computers.
-Configure consistent security settings between devices.
All of these
What method of public key cryptography does SSH use for both connection and authentication?
-RSA
-IDEA
-DES
-Blowfish
RSA
What is the most commonly used access method for wireless networks?
-Open Network
-Wi-Fi Protected Setup (WPS)
-Pre-shared key (PSK)
-Captive Portal
Pre-shared key (PSK)
What is a software testing technique that exposes security problems by providing invalid, unexpected, or random data to the inputs of an application?
-Static testing
-Integrity testing
-Fuzz testing
-Stress testing
Fuzz testing
In Windows how do you create a “hidden share”?
-Append a $ sign to the beginning of the share name
-Append a . (period) to the end of the share name
-Append a $ sign to the end of the share name
-Append a . (period) to the beginning of the share name
Append a $ sign to the end of the share name
What type of wireless antenna usually has a gain rating between 2 and 9 dBi?
-Normal-gain
-Omnidirectional
-Low-gain
-High-gain
Normal-gain
Which secure file transfer protocol uses Secure Shell version 2 (SSH2) to secure data transfers?
-SFTP
-Secure FTP
-FTPS
-SCP
SFTP
Which of the following file transfer protocols is least secure?
-SSH
-IPSec
-TLS
-FTP
FTP
Which of the following statements regarding IPSec AH is NOT true?
-Authenticates packets by digitally signing them.
-Provides data encryption.
-Uses a keyed hash based on all the bytes in the packet for the authentication information.
-Provides protection against replay and man-in the-middle attacks.
Provides data encryption.
What type of application security testing utilizes “Black box testing”?
-Interactive Application Security Testing
-Runtime Application Security Testing
-Static Application Security Testing
-Dynamic Application Security Testing
Dynamic Application Security Testing
Which type of recovery site is generally run by a commercial disaster recovery service?
-Commercial site
-Cold site
-Hot site
-Warm site
Hot site
What term refers to a system’s ability to deal with malfunctions?
-Fault tolerance
-Resiliency
-Redundancy
-Fault resilience
Fault tolerance
Which of the following is an “open source” log collector?
-Journalctl
-Nxlog
-Syslog
-Windows
Nxlog
When does evident “chain of custody” start?
-When the evidence is first collected.
-When the evidence is turned over to the security team.
-When the evidence is turned over to law enforcement.
-When the evidence is determined to be relevant.
When the evidence is first collected.
According to the forensic “order of volatility”, which of the following data is considered most volatile?
-Page files
-Hard drive
-RAM
-Swap files
RAM
A ________ is a checklist style document that specifies the steps to be taken in response to a threat or incident.
-script
-incident plan
-runbook
-playbook
playbook
________ are a condition-based series of protocols you can use to establish automated processes for security incident response.
-Runbooks
-Playbooks
-Incident plans
-Scripts
Runbooks
________ are the SIEM’s way of letting the IT team know that a pre-established parameter is not within the acceptable range.
-Sensors
-Dashboards
-Alerts
-Trends
Alerts
Which type of recovery site requires the customer to provide and install all equipment needed to continue operations?
-Hot site
-Warm site
-Commercial site
-Cold site
Cold site
What term describes the action taken to stop an incident in process, collect all data relative to an incident, and implement the appropriate response?
-Security action
-Incident response
-Security response
-Incident action plan
Incident response
During incident response, what is the first step after detection?
-Quarantine
-Containment
-Segmentation
-Isolation
Containment
What type of data requires a sector-by-sector copy?
-Disk data
-Page file
-RAM
-Remote logs
Disk data
________ is considered easier to do since the lists tend to be smaller.
-Whitelisting
-Blacklisting
-Graylisting
-Quarantining
Blacklisting
Which of the following is NOT a type of security incident?
-Employee errors
-Internal intrusion attempts
-Unethical gathering of competitive information
-Virus and harmful code attacks
Internal intrusion attempts
_________ allows an IT admin to control the applications, IP addresses, URLs, and email addresses that are allowed onto the network.
-Blacklisting
-Graylisting
-Quarantining
-Whitelisting
Whitelisting
Which mobile device term describes the ability to restrict the device to a particular geographical area?
-Geoblocking
-Geolocation
-Geotagging
-Geofencing
Geofencing
Security as a Service (SECaaS) is based on what cloud computing model?
-SaaS
-DaaS
-PaaS
-IaaS
SaaS
What is a best practice regarding email virus threats?
-Detect viruses and messages on the email server before it gets to the client
-Install antivirus software on the client machines
-Block all attachments
-Enable spam filters on the email server
Detect viruses and messages on the email server before it gets to the client
Which cloud service is by far the most used model?
-DaaS
-SaaS
-IaaS
-PaaS
SaaS
Which is the following is NOT a best practice in order to mitigate the possibility of an open-relay threat?
-Configure your mail server to accept mail only from authenticated users or specific email servers that you authorize.
-Require SSL encryption to connect to the server.
-None of the above
-Implement restrictions for accessing the server and relaying email for your environment if feasible.
Require SSL encryption to connect to the server.
In which layer of SDN do switches, routers, and other network appliances reside?
-Control layer
-Infrastructure/Physical layer
-Application layer
-Management plane
Infrastructure/Physical layer
Which type of mobile device management solution provides the ability to manage security settings, such as lock screens, passwords, etc?
-Mobile device management (MDM)
-Mobile application management (MAM)
-Unified endpoint management (UEM)
-Enterprise mobility management (EMM)
Mobile device management (MDM)
Like an offsite virtual network, all _____ servers and desktops are virtualized and managed by a contracted third party.
-DaaS
-NaaS
-SaaS
-IaaS
NaaS
Which of the following is a disadvantage of SDN?
-Requires new networking hardware
-Higher overall cost and labor
-Standards are still being developed
-Decentralized management
Standards are still being developed
Which type of hypervisor runs as an application on a conventional operating system, and is most often used as a development sandbox?
-Type 3
-Native hypervisor
-Type 1
-Type 2
Type 2
A __________ attack is an attack on open relays in which the attacker accesses your email server and sends spoofed emails to others, making them appear as if they came from you.
-open-email
-repudiation
-obscurity
-spam
repudiation
Which of the following is NOT a typical component of virtualization.
-Virtual machine
-Hypervisor
-Guest machine
-Virtual hard drive
Guest machine
Which type of hypervisor is like a thin operating system that directly interfaces with the computer hardware?
-Type 1
-Type 4
-Type 2
-Type 3
Type 1
What type of DRP exercise simulates an emergency situation but in an informal and stress-free environment?
-Business continuity planning exercise
-Succession planning exercise
-Threat modeling exercise
-Tabletop exercise
Tabletop exercise
According to the Risk Matrix/Heat map, when a risk likelihood is unlikely, and the risk severity is severe, what level of risk would we assign this?
-Medium
-High
-Extreme
-Low
High
What type of planning ensures that the right competencies are recruited into the organization to be nurtured and developed over time to guarantee smooth transitions for future vacancies?
-Future leadership planning
-Replacement planning
-Succession planning
-Business continuity planning
Succession planning
Which of the following terms identifies the process of reviewing log files for suspicious activity and threshold compliance?
-CompSec
-Auditing
-Phishing
-Scanning
Auditing
Which type of agreement covers the following:
- Dispute management
- Organizational responsibilities
-Performance expectations
-Termination conditions
1.Memorandum of Understanding
2.Service Level Agreement
3.Business Partnership Agreement
4.Interconnection Security Agreement
Service Level Agreement
Which of the following risk management strategies is seldom an appropriate response?
-Risk reduction
-Risk avoidance
-Risk transfer
-Risk rejection
Risk rejection
What term describes a systematic and methodical evaluation of the security posture of the enterprise – it examines the exposure to attackers, forces of nature, and any potentially harmful entity.
-Threat evaluation
-Security posture
-Vulnerability assessment
-Security assessment
Vulnerability assessment
________ is the practice of determining which identified threats are relevant and pressing to the organization.
-Risk management
-Vulnerability assessment
-Risk analysis
-Threat modeling
Risk analysis
Which of the equations below can be used to quantify our loss expectancy when performing a risk assessment?
-SLE x ARO = ALE
-ALE / ARO = SLE
-SLE x ALE = ARO
-ALE x ARO = SLE
SLE x ARO = ALE
Which of the following documents is NOT normally part of an interoperability agreement?
-Service level agreement
-Blanket purchase order
-Non-disclosure agreement
-Non-compete agreement
Non-compete agreement
What term describes a process that allows us to understand attackers and their methods, and is often done by constructing threat scenarios?
-Threat modeling
-Threat evaluation
-Vulnerability assessment
-Security assessment
Threat modeling
Which of the following is NOT part of the typical outline of a DRP?
-Communications team
-Restoration Procedures
-Emergency Procedures
-Recovery Team
Communications team
What is the goal of Threat Modeling?
-Understand attackers and their methods
-Provide a visual representation of potential attacks
-Creation of an inverted tree structure
-List potential threats that come from threat agents
Understand attackers and their methods
What is the first step in any security protection plan?
-Threat identification
-Assessment of threats
-Vulnerability appraisal
-Assessment of the security posture
Assessment of the security posture
Which type of agreement covers the following:
-Summary of the relationship
-Who is doing what
-Whey they are doing it
1.Memorandum of Understanding
2.Service Level Agreement
3.Interconnection Security Agreement
4.Business Partnership Agreement
Memorandum of Understanding
Which of the following is NOT a category of data classification used by the United States government
-Secret
-Confidential
-Proprietary
-Sensitive
Proprietary
Data _______ policies define how information in your possession is maintained and for how long.
-Destruction
-Classification
-Retention
-Privacy
Retention
What is the process of changing the polarity of the particles inside of a hard drive, rendering it unusable?
-Degaussing
-Wiping
-Overwriting
-Reformatting
Degaussing
Which of the following is NOT a United States data privacy law?
-HIPPA
-COPPA
-CCPA
-GDPR
GDPR
GDPR violations can carry fines up to _____ of annual revenue.
-10%
-4%
-8%
-20%
4%
Which of the following establishes clear requirements and desired qualifications for each role within an organization?
-Non-disclosure Agreement (NDA)
-Service Level Agreement (SLA)
-Acceptable Use Policy
-Job Descriptions
Job Descriptions
The concept of _______ ensures that a user has access only to the information and resources needed to effectively do the employee’s job.
-Bell-LaPadula
-Least Privilege
-Data Classification
-Need to know
Least Privilege
Which data privacy law requires security control implementations to safeguard the Protected Health Information (PHI) of data subjects?
-COPPA
-FERPA
-HIPPA
-CCPA
HIPAA
Which of the following are potential consequences of a data breach?
-Identity Theft
-Fines
-Reputational Damage
-All of the above
All of the above
Which agreement would contain requirements around the protection of company Intellectual Property (IP)?
-Acceptable Use Policy (AUP)
-Memorandum of Understanding (MOU)
-Non-disclosure Agreement (NDA)
-Service Level Agreement (SLA)
Non-disclosure Agreement (NDA)
Which of the following policies set expectations for the secure use of company software and equipment?
-Data Protection Policy
-Change Management Policy
-Acceptable Use Policy
-Risk Management Policy
Acceptable Use Policy
T/f? Signing a Non-disclosure Agreement (NDA) is an example of an onboarding process.
True
Which of these controls aims to mitigate the most vulnerable attack surface in an organization?
-Comprehensive firewall rules
-User Education and Security Awareness Training
-Intrusion detection systems
-Encryption of data at-rest
User Education and Security Awareness Training
T/f? It is best practice to complete a background check prior to a new hire’s start date.
True
