for 433 class final Flashcards by Calvin R

Which of the following is NOT part of the “CIA Triad”?
-Confidentiality
-Information
-Integrity
-Availability

Information

How well did you know this?

Not at all

Perfectly

Which “Security Control” makes use of firewalls and anti-virus software?
-Physical
-Network
-Operational
-Technical

Technical

How well did you know this?

Not at all

Perfectly

Security guards and training programs are an example of what type of control?
-Technical
-Operational
-Managerial
-Physical

Operational

How well did you know this?

Not at all

Perfectly

An employee’s contract that sets out disciplinary procedures or causes for dismissal if they do not comply with policies and procedures is an example of what type of control?
-Deterrent
-Directive
-Compensating
-Managerial

Directive

How well did you know this?

Not at all

Perfectly

____________ ensures that data is not modified or tampered with.
-Non-repudiation
-Confidentiality
-Persistence
-Integrity

Integrity

How well did you know this?

Not at all

Perfectly

A backup system that restores data damaged during an intrusion is an example of what type of control?
-Directive
-Technical
-Corrective
-Deterrent

Corrective

How well did you know this?

Not at all

Perfectly

_______________ is the process of identifying security issues and deciding which countermeasures to take in reducing risk to an acceptable level.
-Risk acceptance
-Risk triage
-Risk management
-Risk avoidance

Risk management

How well did you know this?

Not at all

Perfectly

Which of the following is a weakness that allows a threat to be carried out?
-Threat
-None of these
-Vulnerability
-Exploit

Vulnerability

How well did you know this?

Not at all

Perfectly

____________ provides validation of a message’s origin.
-Non-repudiation
-Confidentiality
-Persistence
-Integrity

Non-repudiation

How well did you know this?

Not at all

Perfectly

Which type of control is used after an attack?
-Preventive
-Corrective
-Operational
-Detective

Corrective

How well did you know this?

Not at all

Perfectly

Which type of hacker usually seek to exploit security vulnerabilities for some kind of financial reward or revenge.
-Cyber terrorists
-Cyber spies
-Cybercriminals
-Script kiddies

Cybercriminals

How well did you know this?

Not at all

Perfectly

Which type of attack uses common internet tools and protocols, making it difficult to distinguish an attack from legitimate traffic.
-Indistinguishable attack
-Common attack
-Sophisticated attack
-Varied behavior attack

Sophisticated attack

How well did you know this?

Not at all

Perfectly

Alarms, gateways, locks, lighting, and security cameras are an example of what type of control?
-Technical
-Physical
-Operational
-Managerial

Physical

How well did you know this?

Not at all

Perfectly

Which of the following is a procedure or product that takes advantage of a vulnerability to carry out a threat?
-Vulnerability
-Threat
-Exploit
-None of these

Exploit

How well did you know this?

Not at all

Perfectly

Which of the following is NOT one of the four (4) broad categories of “Security Controls”?
-Network
-Operational
-Managerial
-Physical

Network

How well did you know this?

Not at all

Perfectly

What type of “Threat Actor” typically lacks the skills and sophistication of legitimate hackers.
-Hacktivist
-Gray hat
-Script Kiddies
-White hat

Script Kiddies

How well did you know this?

Not at all

Perfectly

Which of the following is an example of “Availability Loss”?
-Phishing
-Identity theft
-Unauthorized file transfers
-Customer access denied

Customer access denied

How well did you know this?

Not at all

Perfectly

A ___________ automatically replicates itself without an activation mechanism and can travel across computer networks without any user assistance.
-trojan horse
-worm
-fileless virus
-zombie

worm

How well did you know this?

Not at all

Perfectly

A _________ is a set of programs that allows attackers to maintain permanent administrator-level, hidden access to a computer.
-rootkit
-logic bomb
-zombie
-spyware

rootkit

How well did you know this?

Not at all

Perfectly

What is the process of manipulating others into providing sensitive information?
-None of these
-Subterfuge
-Reconnaissance
-Social Engineering

Social Engineering

How well did you know this?

Not at all

Perfectly

___________ is based on the premise that no single layer is completely effective in securing assets.
-Variety
-Defense in depth
-Randomness
-Principle of least privilege

Defense in depth

How well did you know this?

Not at all

Perfectly

According to the lecture, what is a primary objective of an attacker?
-Creating backdoors
-Breaching the system
-Exploiting vulnerabilities
-Escalating privileges

Escalating privileges

How well did you know this?

Not at all

Perfectly

A ____________ uses legitimate programs to infect a computer. It leaves no footprint, making it undetectable by most antivirus, whitelisting, and other traditional endpoint security solutions.
-worm
-fileless virus
-zombie
-trojan horse

fileless virus

How well did you know this?

Not at all

Perfectly

Which of the following are sources of OSINT?
-All of these are sources of OSINT.
-Media (newspapers, magazines, advertisements)
-Professional and academic publications (journals, academic papers, dissertations)
-Internet (websites, blogs, social media)

All of these are sources of OSINT.

How well did you know this?

Not at all

Perfectly

The _____________ is all the points at which a malicious threat actor could try to exploit a vulnerability. -threat vector -attack vector -network vector -attack surface

attack surface

Organized crime groups often utilize _________ attacks. -random -persistent -targeted -opportunistic

targeted

Which of the following is NOT a device vulnerability? -Weak security configurations -Hard coded credentials -Updated firmware -Misconfigurations

Updated firmware

A ___________ is the path that a threat actor uses to execute a data exfiltration, service disruption, or disinformation attack. -attack vector -attack surface -network vector -threat vector

threat vector

Which of the following is NOT a type of motivation or manipulation normally used in social engineering? -Greed -Trust -Ignorance -Patriotism

Patriotism

Which "Threat Actor" type often crosses ethical/legal lines, but does so with good intentions? -Brown hat -Black hat -Gray hat -White hat

Gray hat

What type of homomorphic encryption allows only select simple math functions (such as addition) to be performed an unlimited number of times on the encrypted values? -Partially Homomorphic Encryption (PHE) -Somewhat Homomorphic Encryption (SHE) -Additive Homomorphic Encryption (AHE) -Full Homomorphic Encryption (FHE)

Partially Homomorphic Encryption (PHE)

What term describes a hardware chip on the motherboard that can generate and store cryptographic keys? -BIOS -SHA -HSM -TPM

TPM

Which type of encryption is useful when a large amount of data needs to be encrypted as the encryption process requires less CPU power than other encryption methods? -Hybrid -Asymmetric -Symmetric -None of these

Symmetric

Which cryptographic method is one of the newer methods being implemented, and is able to generate smaller keys that are more secure than most other methods? -RC -Perfect Forward Secrecy -ECC -DES

ECC

What term describes a reputable organization, responsible for issuing public certificates to other companies or organizations for secure communication over the internet? -OCSP -PKI -CRL -CA

What one of the biggest limitations of encryption? -Weakness in keys -Speed -Availability -Resources

Speed

What term describes the technique of hiding or concealing a file, message, image, or video within another file, message, image, or video? -Hashing -Steganography -Salting -Cryptography

Steganography

hat type of attack tries to find two inputs that produce the same hash value? -Downgrade -Dictionary -Birthday -Collision

Collision

Mary wants to send a message to Sam in such a way that only Sam can read it. Which key should be used to encrypt the message? -Mary's private key -Mary's public key -Sam's public key -Sam's private key

Sam's public key

Which of the following statements regarding Digital Signatures is NOT true? -A digital signature verifies that the data is legitimate. -A digital signature provides non-repudiation. -Utilizes asymmetric encryption. -By combining a user's public encryption key and a hash of the data, a user can create a digital signature.

By combining a user's public encryption key and a hash of the data, a user can create a digital signature.

What is an encryption tool that encrypts emails, digitally signs emails, and encrypts documents, and is an implementation of the Pretty Good Privacy (PGP) Protocol? -Bitlocker -GPG -EFS -TMP

GPG

Which of the following is used to verify that a downloaded file has not been altered? -Hash -Asymmetric encryption -Symmetric encryption -Private key

Hash

What term describes the type of key that is generated for each new session or message sent, and is often used with instant messaging apps? -Salted -Ephemeral -Static -Dynamic

Ephemeral

What term describes a table of passwords and their generated hashes that a hacker could use to try to match hashes instead of the actual passwords? -Hash table -Collision table -Rainbow table -One-way table

Rainbow table

A PKI is an implementation for managing which type of encryption? -Symmetric -Asymmetric -Hashing -Steganography

Asymmetric

_________ is defined as the process of writing or solving messages using a secret code. -Cryptography -Cipher -Encryption -Hashing

Cryptography

Which method of data encryption encrypts data at rest, which is data not being currently used? -None of these -Column-level Encryption -Transparent Data Encryption -Application-level Encryption

Transparent Data Encryption

________ is the process of converting one value into another using a mathematical algorithm like MD5 or SHA. -Hashing -Cipher -Cryptography -Encryption

Hashing

Which of the following encryption mechanisms offers the least security because of weak keys? -TwoFish -AES -IDEA -DES

DES

What term describes a random number of characters are added to the password before the hash is created? -Cipher -Padding -Offset -Salt

Salt

What is the process whereby two communicating entities authenticate each other? -Mutual Authentication -Transitive Authentication -Dual Authentication -Mutual Identity

Mutual Authentication

What is a digital document that identifies a user or a computer, and includes a subject name, which is the name of a user or a computer? -Certificate -Digital signature -Smart card -Token

Certificate

Which of the following is a way of proving identity? -Something you are -Something you have -Something you know -All of the above

All of the above

Which type of "Access Control" is often used for managing user access to one or more systems? -Mandatory Access Control -Discretionary Access Control -Role-Based Access Control -Rule-Based Access Control

Rule-Based Access Control

A __________ is a group of domains that have established trust and therefore shared authorizations. -alliance -attestation -transitive trust -federation

federation

What networking model is based on peer-to-peer networking and does not require any specialized software? -Workgroup -Domain -Stand-alone -Client-Server

Workgroup

What term describes the practice of granting each user or group of users only the necessary access to do their job or perform their official duties? -Separation of duties -Mutual authentication -Job rotation -Principle of least privilege

Principle of least privilege

Which of the following statements regarding "Organizational Units (OUs)" is NOT true? -Simplifies security administration -Can hold other organizational units -Is a leaf object

Is a leaf object

Authentication and Authorization are two of the "A's" in AAA. What is the third "A"? -Accounting -Actualization -Authenticity -None of these

Accounting

A(n) ________ is a group of related domains that share the same contiguous DNS namespaces. -tree -organizational unit (OU) -forest -workgroup

Tree

What authentication protocol was developed by M.I.T. and is used by Windows, Linux, and UNIX? -Kerberos -OAuth -Shibboleth -OPEN ID Connect

Kerberos

Which Linux file contains password information? -/etc/password -/etc/user -/etc/passwd -/etc/shadow

/etc/shadow

Which of the following statements regarding Windows Active Directory is NOT true? -The domain is the basic administrative unit of an Active Directory structure. -With Active Directory, all computers share the same central database on a remote computer called a domain controller. -Active Directory is a non-hierarchical database. -Active Directory is a centralized database that contains user account and security information.

Active Directory is a non-hierarchical database.

What is a cloud-based identity and access management service provided by Microsoft? -Azure Active Directory -Office 365 AD -AWS AD -Active Directory

Azure Active Directory

A Windows "Picture Password" would be an example of what type of biometrics? -Behavioral -Geolocation -Geolocation -Standard

Cognitive

A _________ is a type of firewall that stands as an intermediary between clients requesting resources from other servers and is often called an application-level gateway because it performs filtering at the Application layer. -proxy server -VPN -validation server -DMZ

proxy server

A ________ is a special network created to trap potential attackers. -unsecured zone -guest zone -honeynet -ad hoc zone

honeynet

Which OSI networking layer processes frames and forwards traffic based on MAC addresses? -Layer 1 (Physical Layer) -Layer 3 (Network Layer) -Layer 4 (Transport Layer) -Layer 2 (Data Link Layer)

Layer 2 (Data Link Layer)

What is the main component of secure network-architecture concepts? -Network Access Control (NAC) -None of these -Firewalls -Network segmentation

Network segmentation

Which type of switch attack overloads the switch's MAC forwarding table to make the switch function like a hub? -MAC spoofing -MAC flooding -ARP poisoning -Denial of Service

MAC flooding

A ___________ VPN uses a server (called a VPN concentrator) configured to accept VPN connections from individual hosts. -host-to-host -site-to-site -remote-access -concentrated

remote-access

An ___________ makes security decisions based on information contained within the data portion of a packet. -proxy server -stateless firewall -Application layer firewall -stateful inspection firewall

Application layer firewall

Which type of ACL should be placed as close to the destination as possible? -Dynamic -Extended -Static -Standard

Standard

When utilizing switch port security, what type of address is used to identify allowed and denied devices? -UDP -IP -TCP -MAC

MAC

Which switch security feature is a logical grouping of computers based on switch ports? -MAC Filtering/Port Security -NAC -Port Authentication -VLAN

VLAN

Which port is used by SSL, and is already open in most firewalls? -443 -1701 -500 -30

443

Which of the following represents an "inherent vulnerability"? -Internet of Things (IoT) devjces -Supervisory Control and Data Acquisition (SCADA) devices -If your organization needs to use an older version of Windows for a particular application. -All of these

All of these

Which of the following is an example of P2P software? -Network Protocols -BitTorrent -Office Productivity Software -DOS

BitTorrent

What is a device or software running on a device that inspects network traffic and allows or blocks traffic based on a set of rules? -Firewall -Multi-homed gateway -Extranet -VPN

Firewall

Which of the following is an example of a network segmentation zone? -honeynet -All of these -wireless -extranet

honeynet,wireless,extranet

What type of NAC agent is downloaded, or a temporary connection is established, and is removed once the user is done with it? -Dissolvable -Permanent -Agentless -One-time

Dissolvable

The __________ is located between the private network and an untrusted network (such as the internet) and is protected by a firewall. -VPN -Intranet -Extranet -DMZ

DMZ

How many broadcast domains are present in the network shown below? -2 -1 -0 -4

2 vlans

Trying to brute-force the root password on a web server is considered what type of attack? -External -Active -Passive -Internal

Active

What type of "traffic control device" often separates "security zones"? -Server -Firewall -Switch -Honeypot

Firewall

When it comes to Physical Security, which step below should be deployed first? -Delay the violator to allow for response -Detect the intrusion -Deter initial access attempts -Deny direct physical access

Deter initial access attempts

Which type of offline password attack conducts a statistical analysis on the stolen passwords that is used to create a mask to break the largest number of passwords? -Brute force attack -Rule attack -Mask attack -Rainbow table attack

Rule attack

____________ is a process in which controls are implemented in layers to ensure that defeating one level of security does not allow an attacker subsequent access. -Physical security -Network security -Effective security -Defense in depth

Defense in depth

Which type of offline password attack creates a large pre-generated data set of candidate digests? -Mask attack -Rainbow table attack -Brute force attack -Rule attack

Rainbow table attack

___________ is the protection of corporate assets from threats, such as theft or damage. -Logical security -Corporate security -Physical security -Internal security

Physical security

Which of the following tools is used during the reconnaissance phase of pen testing? -theHarvester -Sn1per -Nessus -All of the above

All of the above

Mantraps can be used to prevent what type of facility penetration technique? -Network -Faraday attack -Piggybacking -Brute force

Piggybacking

In network monitoring, what term is used for computers that send the most data, either from your network or into your network? -Promiscuous clients -Top talkers -Active clients -Active communicators

Top talkers

The _____ line of defense in protecting computer systems is to control access to the location where the computers are located. -last -third -first -second

first

What is the most critical factor in a strong password? -Length -Complexity -Non-personal information -Expiration date

Length

Which type of man-in-the-middle attack sends a malicious ARP request to a computer and a router to update their ARP caches, remapping the IP address of each to the attacker's MAC address. -MAC flooding -MAC spoofing -ARP spoofing -ARP Poisoning

ARP Poisoning

_________ readers transmit a low radio frequency (RF). When a card is within a certain distance, the card uses the RF signal to transmit the code to the reader. -Proximity card -Magnetic stripe -Area card -Barcode

Proximity card

Which of the following is NOT a common protocol analyzer? -TCPdump -Wireshark -Nessus -Ethereal

Nessus

What network monitoring tool captures transmitted frames and analyzes the traffic that exists on the network along with the source and destination of that traffic? -Throughput tester -IP scanner -Packet sniffer -Protocol analyzer

Protocol analyzer

What is a special network device that imitates valid network devices and is used to attract attackers and capture information about them? -IDS -IP Scanner -Honeypot -Nessus

Honeypot

Which of the following statements is NOT true regarding change-control policies? -Help to Help to make user community aware of changes -Help to reduce the risk associated with these changes -Help to streamline any changes made to new or existing software -Provide awareness to the consequences of an outage

Help to make user community aware of changes

Which of the following standards relates to the use of credit cards? -PCI DSS -SOX -Financial audit -PoLP

PCI DSS

Which of the following laws was designed to protect a child's information on the internet? -GLBA -GDPR -COPPA -CCPA

COPPA

Which type of vulnerability scan can be performed on production systems? -Non-credentialed scan -Intrusive scan -Credentialed scan -Non-intrusive scan

Non-intrusive scan

Which of the following statements is NOT true regarding Rights Management? -Identifies sensitive files. -Security policy is stored on a centralized server. -Allows continued control access to the file even when it's no longer in your system. -Data is protected at the file level.

Security policy is stored on a centralized server.

In which of the following states is DLP NOT monitored? -While in motion as it is transmitted over the network -While at rest on endpoint systems -While at rest on a storage medium -While being transmitted to or from cloud-based systems

While at rest on endpoint systems

Which security team are the referees of cybersecurity? -Blue team -Red team -White team -Purple team

White team

What term identifies a crucial component of the vulnerability management process, with specialized tools utilized to identify potential weaknesses in an organization's digital assets automatically. -Vulnerability scanning -Vulnerability analysis -Vulnerability remediation -Port scanning

Vulnerability scanning

Which CVSS v2.0 severity rating has a base score between 7.0 and 8.9? -Severe -Medium -Critical -High

High

Which DLP implementation solution could be something as simple as restricting the use of USB devices? -Cloud DLP -Endpoint DLP -Network DLP -File-Level DLP

Endpoint DLP

Which DLP implementation is also referred to as Chinese Wall solution? -Cloud DLP -Network DLP -Endpoint DLP -Folder-level DLP

Endpoint DLP

Which type of vulnerability scan is difficult to manage in a large network? -Intrusive scan -Credentialed scan -Non-credentialed scan -Non-intrusive scan

Credentialed scan

Which type of vulnerability scan simulates the view of an outside attacker? -Intrusive scan -Non-credentialed scan -Non-intrusive scan -Credentialed scan

Non-credentialed scan

Which security team is responsible for stopping the red team's advances? -Blue team -White team -Red team -Purple team

Blue team

Which of the following is NOT a DLP implementation? -Network DLP -Cloud DLP -Folder-Level DLP -Endpoint DLP

Folder-Level DLP

Which DLP implementation solution analyzes network traffic in an attempt to detect sensitive data that is being transmitted in violation of an organization's security policies? -File-Level DLP -Endpoint DLP -Network DLP -Cloud DLP

Network DLP

Which of the following is NOT true regarding false positive scans? -Shows a vulnerability when none exists. -Requires follow up to verify? -Usually occurs due to a scan misconfiguration. -Happens often.

Usually occurs due to a scan misconfiguration.

What do Apple's macOS vulnerabilities often stem from? -Its UNIX-based architecture -Its large install base -General complacency on the part of Apple -Its proprietary code

Its UNIX-based architecture

In which phase of the penetration testing life cycle does the team attempt to extract information such as usernames, computer names, network resources, share names, and running services? -Reconnaissance -Ennumeration -Footprinting -Extraction

Ennumeration

What term describes the process of identifying vulnerabilities in a system or network? -Threat Hunting -Vulnerability management -Vulnerability assessment -Vulnerability scanning

Vulnerability assessment

What is the name of the built-in Linux firewall? -iptables -netstat -droptables -nmap

iptables

Which wireless network access method should be used only in public places that want to offer free wireless access? -Pre-shared key (PSK) -Open Network -Wi-Fi Protected Setup (WPS) -Captive Portal

Open Network

Which form of EAP was created by Cisco and uses a Protected Access Credential (PAC) to authenticate users? -EAP-FAST -EAP-TLS -EAP-TTLS -PEAP

EAP-FAST

Which type of update includes all previously released bug fixes? -None of these -Service Pack -Patch -Hotfix

Service Pack

In which type of Wi-Fi attack is a rogue AP configured to mimic the legitimate network, and the attacker uses a jamming or disassociation attack to knock users off the legitimate network. -Disassociation -Rogue Access Point -Jamming -Evil twin

Evil twin

During an Agile sprint, how many features does a developer work on? -1-2 -4 or less -1 -2-3

Which of the following is NOT correct regarding TFTP? -Utilizes TCP -Provides no encryption -Faster than FTP -Provides no authentication

Utilizes TCP

What application development term refers to removing a resource that is no longer needed? -Hardening -Baselining -Deprovisioning -Provisioning

Deprovisioning

What encryption standard is used by SSL? -AES -RSA -IDEA -DES

AES

Which of the following functions are not present in a Small Office Home Office (SOHO) wireless router? -A switch -A wireless LAN controller -An access point -A router

A wireless LAN controller

Which type of wireless site survey uses software, building blueprints, and can be completed remotely? -Active survey -Passive survey -Remote survey -Predictive survey

Predictive survey

Which form of EAP is considered to be one of the most secure EAP standards available and requires signed client-side and server-side certificate authority (CA) PKI certificates ? -EAP-TLS -PEAP -EAP-FAST -EAP-TTLS

EAP-TLS

Which type of resource is primarily vulnerable to denial-of-service (DoS) and access attacks? -Email -File and print -Web -DNS

File and print

What is a patch management tool that allows clients on a network to download only Microsoft software updates from a server internal to their organization? -SSH -FTP -Group policy -WSUS

WSUS

Which of the following statements is NOT true regarding Internet Key Exchange (IKE)? -Uses mutual authentication that is provided by either pre-shared keys on both endpoints or certificates issued by a CA. -Uses a Diffie-Hellman key exchange to set up a shared session secret from which cryptographic keys are derived. -Can be implemented to automate the selection of the best security association for each connection. -Uses UDP port 443.

Uses UDP port 443.

Security templates are used for which of the following? -Compare the actual settings on a device to the settings required by the configuration baseline. -All of these -Quickly apply settings to one or more computers. -Configure consistent security settings between devices.

All of these

What method of public key cryptography does SSH use for both connection and authentication? -RSA -IDEA -DES -Blowfish

RSA

What is the most commonly used access method for wireless networks? -Open Network -Wi-Fi Protected Setup (WPS) -Pre-shared key (PSK) -Captive Portal

Pre-shared key (PSK)

What is a software testing technique that exposes security problems by providing invalid, unexpected, or random data to the inputs of an application? -Static testing -Integrity testing -Fuzz testing -Stress testing

Fuzz testing

In Windows how do you create a "hidden share"? -Append a $ sign to the beginning of the share name -Append a . (period) to the end of the share name -Append a $ sign to the end of the share name -Append a . (period) to the beginning of the share name

Append a $ sign to the end of the share name

What type of wireless antenna usually has a gain rating between 2 and 9 dBi? -Normal-gain -Omnidirectional -Low-gain -High-gain

Normal-gain

Which secure file transfer protocol uses Secure Shell version 2 (SSH2) to secure data transfers? -SFTP -Secure FTP -FTPS -SCP

SFTP

Which of the following file transfer protocols is least secure? -SSH -IPSec -TLS -FTP

FTP

Which of the following statements regarding IPSec AH is NOT true? -Authenticates packets by digitally signing them. -Provides data encryption. -Uses a keyed hash based on all the bytes in the packet for the authentication information. -Provides protection against replay and man-in the-middle attacks.

Provides data encryption.

What type of application security testing utilizes "Black box testing"? -Interactive Application Security Testing -Runtime Application Security Testing -Static Application Security Testing -Dynamic Application Security Testing

Dynamic Application Security Testing

Which type of recovery site is generally run by a commercial disaster recovery service? -Commercial site -Cold site -Hot site -Warm site

Hot site

What term refers to a system's ability to deal with malfunctions? -Fault tolerance -Resiliency -Redundancy -Fault resilience

Fault tolerance

Which of the following is an "open source" log collector? -Journalctl -Nxlog -Syslog -Windows

Nxlog

When does evident "chain of custody" start? -When the evidence is first collected. -When the evidence is turned over to the security team. -When the evidence is turned over to law enforcement. -When the evidence is determined to be relevant.

When the evidence is first collected.

According to the forensic "order of volatility", which of the following data is considered most volatile? -Page files -Hard drive -RAM -Swap files

RAM

A ________ is a checklist style document that specifies the steps to be taken in response to a threat or incident. -script -incident plan -runbook -playbook

playbook

________ are a condition-based series of protocols you can use to establish automated processes for security incident response. -Runbooks -Playbooks -Incident plans -Scripts

Runbooks

________ are the SIEM's way of letting the IT team know that a pre-established parameter is not within the acceptable range. -Sensors -Dashboards -Alerts -Trends

Alerts

Which type of recovery site requires the customer to provide and install all equipment needed to continue operations? -Hot site -Warm site -Commercial site -Cold site

Cold site

What term describes the action taken to stop an incident in process, collect all data relative to an incident, and implement the appropriate response? -Security action -Incident response -Security response -Incident action plan

Incident response

During incident response, what is the first step after detection? -Quarantine -Containment -Segmentation -Isolation

Containment

What type of data requires a sector-by-sector copy? -Disk data -Page file -RAM -Remote logs

Disk data

________ is considered easier to do since the lists tend to be smaller. -Whitelisting -Blacklisting -Graylisting -Quarantining

Blacklisting

Which of the following is NOT a type of security incident? -Employee errors -Internal intrusion attempts -Unethical gathering of competitive information -Virus and harmful code attacks

Internal intrusion attempts

_________ allows an IT admin to control the applications, IP addresses, URLs, and email addresses that are allowed onto the network. -Blacklisting -Graylisting -Quarantining -Whitelisting

Whitelisting

Which mobile device term describes the ability to restrict the device to a particular geographical area? -Geoblocking -Geolocation -Geotagging -Geofencing

Geofencing

Security as a Service (SECaaS) is based on what cloud computing model? -SaaS -DaaS -PaaS -IaaS

SaaS

What is a best practice regarding email virus threats? -Detect viruses and messages on the email server before it gets to the client -Install antivirus software on the client machines -Block all attachments -Enable spam filters on the email server

Detect viruses and messages on the email server before it gets to the client

Which cloud service is by far the most used model? -DaaS -SaaS -IaaS -PaaS

SaaS

Which is the following is NOT a best practice in order to mitigate the possibility of an open-relay threat? -Configure your mail server to accept mail only from authenticated users or specific email servers that you authorize. -Require SSL encryption to connect to the server. -None of the above -Implement restrictions for accessing the server and relaying email for your environment if feasible.

Require SSL encryption to connect to the server.

In which layer of SDN do switches, routers, and other network appliances reside? -Control layer -Infrastructure/Physical layer -Application layer -Management plane

Infrastructure/Physical layer

Which type of mobile device management solution provides the ability to manage security settings, such as lock screens, passwords, etc? -Mobile device management (MDM) -Mobile application management (MAM) -Unified endpoint management (UEM) -Enterprise mobility management (EMM)

Mobile device management (MDM)

Like an offsite virtual network, all _____ servers and desktops are virtualized and managed by a contracted third party. -DaaS -NaaS -SaaS -IaaS

NaaS

Which of the following is a disadvantage of SDN? -Requires new networking hardware -Higher overall cost and labor -Standards are still being developed -Decentralized management

Standards are still being developed

Which type of hypervisor runs as an application on a conventional operating system, and is most often used as a development sandbox? -Type 3 -Native hypervisor -Type 1 -Type 2

Type 2

A __________ attack is an attack on open relays in which the attacker accesses your email server and sends spoofed emails to others, making them appear as if they came from you. -open-email -repudiation -obscurity -spam

repudiation

Which of the following is NOT a typical component of virtualization. -Virtual machine -Hypervisor -Guest machine -Virtual hard drive

Guest machine

Which type of hypervisor is like a thin operating system that directly interfaces with the computer hardware? -Type 1 -Type 4 -Type 2 -Type 3

Type 1

What type of DRP exercise simulates an emergency situation but in an informal and stress-free environment? -Business continuity planning exercise -Succession planning exercise -Threat modeling exercise -Tabletop exercise

Tabletop exercise

According to the Risk Matrix/Heat map, when a risk likelihood is unlikely, and the risk severity is severe, what level of risk would we assign this? -Medium -High -Extreme -Low

High

What type of planning ensures that the right competencies are recruited into the organization to be nurtured and developed over time to guarantee smooth transitions for future vacancies? -Future leadership planning -Replacement planning -Succession planning -Business continuity planning

Succession planning

Which of the following terms identifies the process of reviewing log files for suspicious activity and threshold compliance? -CompSec -Auditing -Phishing -Scanning

Auditing

Which type of agreement covers the following: - Dispute management - Organizational responsibilities -Performance expectations -Termination conditions 1.Memorandum of Understanding 2.Service Level Agreement 3.Business Partnership Agreement 4.Interconnection Security Agreement

Service Level Agreement

Which of the following risk management strategies is seldom an appropriate response? -Risk reduction -Risk avoidance -Risk transfer -Risk rejection

Risk rejection

What term describes a systematic and methodical evaluation of the security posture of the enterprise -- it examines the exposure to attackers, forces of nature, and any potentially harmful entity. -Threat evaluation -Security posture -Vulnerability assessment -Security assessment

Vulnerability assessment

________ is the practice of determining which identified threats are relevant and pressing to the organization. -Risk management -Vulnerability assessment -Risk analysis -Threat modeling

Risk analysis

Which of the equations below can be used to quantify our loss expectancy when performing a risk assessment? -SLE x ARO = ALE -ALE / ARO = SLE -SLE x ALE = ARO -ALE x ARO = SLE

SLE x ARO = ALE

Which of the following documents is NOT normally part of an interoperability agreement? -Service level agreement -Blanket purchase order -Non-disclosure agreement -Non-compete agreement

Non-compete agreement

What term describes a process that allows us to understand attackers and their methods, and is often done by constructing threat scenarios? -Threat modeling -Threat evaluation -Vulnerability assessment -Security assessment

Threat modeling

Which of the following is NOT part of the typical outline of a DRP? -Communications team -Restoration Procedures -Emergency Procedures -Recovery Team

Communications team

What is the goal of Threat Modeling? -Understand attackers and their methods -Provide a visual representation of potential attacks -Creation of an inverted tree structure -List potential threats that come from threat agents

Understand attackers and their methods

What is the first step in any security protection plan? -Threat identification -Assessment of threats -Vulnerability appraisal -Assessment of the security posture

Assessment of the security posture

Which type of agreement covers the following: -Summary of the relationship -Who is doing what -Whey they are doing it 1.Memorandum of Understanding 2.Service Level Agreement 3.Interconnection Security Agreement 4.Business Partnership Agreement

Memorandum of Understanding

Which of the following is NOT a category of data classification used by the United States government -Secret -Confidential -Proprietary -Sensitive

Proprietary

Data _______ policies define how information in your possession is maintained and for how long. -Destruction -Classification -Retention -Privacy

Retention

What is the process of changing the polarity of the particles inside of a hard drive, rendering it unusable? -Degaussing -Wiping -Overwriting -Reformatting

Degaussing

Which of the following is NOT a United States data privacy law? -HIPPA -COPPA -CCPA -GDPR

GDPR

GDPR violations can carry fines up to _____ of annual revenue. -10% -4% -8% -20%

Which of the following establishes clear requirements and desired qualifications for each role within an organization? -Non-disclosure Agreement (NDA) -Service Level Agreement (SLA) -Acceptable Use Policy -Job Descriptions

Job Descriptions

The concept of _______ ensures that a user has access only to the information and resources needed to effectively do the employee's job. -Bell-LaPadula -Least Privilege -Data Classification -Need to know

Least Privilege

Which data privacy law requires security control implementations to safeguard the Protected Health Information (PHI) of data subjects? -COPPA -FERPA -HIPPA -CCPA

HIPAA

Which of the following are potential consequences of a data breach? -Identity Theft -Fines -Reputational Damage -All of the above

All of the above

Which agreement would contain requirements around the protection of company Intellectual Property (IP)? -Acceptable Use Policy (AUP) -Memorandum of Understanding (MOU) -Non-disclosure Agreement (NDA) -Service Level Agreement (SLA)

Non-disclosure Agreement (NDA)

Which of the following policies set expectations for the secure use of company software and equipment? -Data Protection Policy -Change Management Policy -Acceptable Use Policy -Risk Management Policy

Acceptable Use Policy

T/f? Signing a Non-disclosure Agreement (NDA) is an example of an onboarding process.

True

Which of these controls aims to mitigate the most vulnerable attack surface in an organization? -Comprehensive firewall rules -User Education and Security Awareness Training -Intrusion detection systems -Encryption of data at-rest

User Education and Security Awareness Training

T/f? It is best practice to complete a background check prior to a new hire's start date.

True

for 433 class final Flashcards

cram more