General

Question 1

What does a digital signature consist of?

Answer 1

Hash & Private Key

Question 2

A type of OS characterized by low delay between the execution of tasks required in specific applications, such as in military missile guidance systems or in automotive braking systems, is known as:

Answer 2

RTOS - A Real Time Operating System, commonly known as an RTOS, is a software component that rapidly switches between tasks, giving the impression that multiple programs are being executed at the same time on a single processing core.

Question 3

IoT technology designed to provide communication between appliances in a home automation network?

Answer 3

Zigbee

Zigbee Definition - Zigbee is a wireless protocol that allows smart devices to communicate with each other over a Personal Area Network (PAN). Zigbee is used to link smart devices like lights, plugs, and smart locks to a home network.

Question 4

A lightly protected subnet (previously known as a DMZ) consisting of publicly available servers placed on the outside of the company’s firewall is called:

Answer 4

Screened subnet

Question 5

An asymmetric encryption key designed to be used only for a single session or transaction is known as:

Answer 5

Ephemeral key

Question 6

What are the characteristic features of a session key?

Answer 6

1) Used during a single session
2) Symmetric key

Question 7

A mathematical operation that is easy and quick to complete, but extremely difficult to reverse.

Answer 7

Trap Door

Question 8

A pseudorandom or random sequence of characters used to encrypt the first block of characters in the plaintext block.

used in block ciphers

Answer 8

initialization vector (IV)

Question 9

A suite of security extensions for an Internet service that translates domain names into IP addresses is known as:

Answer 9

DNSSEC

Question 10

A network protocol for secure file transfer over Secure Shell (SSH) is called:

Answer 10

SFTP

Secure File Transfer Protocol (SFTP) uses SSH and provides a secure way to transfer files between computers.

Question 11

Which part of the IPsec protocol suite provides authentication and integrity?

Answer 11

AH

IPSec uses two distinct protocols, Authentication Header (AH) and Encapsulating Security Payload (ESP), which are defined by the IETF. The AH protocol provides a mechanism for authentication only. AH provides data integrity, data origin authentication, and an optional replay protection service.

Question 12

POP3 is used for:

Answer 12

Email retrieval

Question 13

Which protocol enables secure, real-time delivery of audio and video over an IP network?

Answer 13

SRTP

Question 14

The practice of finding vulnerabilities in an application by feeding it incorrect input is called:

Answer 14

Fuzzing

Fuzzing is an application security testing technique that feeds invalid inputs to a software program to expose vulnerabilities.

Question 15

What is “code signing?”

Answer 15

Code signing is the process of digitally signing executables and scripts to confirm the software author and guarantee that the code has not been altered or corrupted since it was signed

Question 16

What is static code analysis?

Answer 16

a software verification activity that analyzes source code for quality, reliability, and security without executing the code

Question 17

What is dynamic code analysis?

Answer 17

Dynamic code analysis is a form of black-box vulnerability scanning that allows software teams to scan running applications and identify vulnerabilities.

Question 18

In computer security, a mechanism for safe execution of untested code or untrusted applications is referred to as:

Answer 18

Sandboxing

Question 19

In active-active mode, load balancers distribute network traffic across:

Answer 19

All servers

Question 20

802.1X is an IEEE standard for implementing:

Answer 20

Port-based NAC

Question 21

In the Kerberos-based authentication process, the purpose of the client’s timestamp is to provide countermeasure against:

Answer 21

Replay attacks

Question 22

Which protocol ensures the reliability of the Kerberos authentication process?

Answer 22

NTP

Network time Protocol, Port # 123

Question 23

What is the function of a C2 server?

C2 = Command-and-Control

Answer 23

Botnet control

Question 24

Remapping a domain name to a rogue IP address is an example of what kind of exploit?

Answer 24

DNS poisoning

Question 25

In the context of MDM, the isolation of corporate applications and data from other parts of the mobile device is referred to as:

Answer 25

Containerization

Question 26

The term “Rooting” refers to the capability of gaining administrative access to the operating system and system applications on:

Answer 26

Android devices

Question 27

Mobile device updates delivered over a wireless connection are known as:

Answer 27

OTA

Over The Air

Question 28

Which of the following answers refers to a trusted third-party service for validating user identity in a federated identity system?

Answer 28

IdP

IdP is an acronym for Identity Provider. It’s a service that stores and verifies user identity. IdPs are typically cloud-hosted services, and they often work with single sign-on (SSO) providers to authenticate users

Question 29

Installing mobile apps from websites and app stores other than the official marketplaces is referred to as:

Answer 29

Sideloading

Question 30

Which technology enables establishing direct communication links between two USB devices?

Answer 30

OTG

It stands for USB on-the-go. It allows you to connect multiple mobile devices directly together without using any type of computer.

Question 31

What is COPE?

Answer 31

COPE (corporate-owned personally enabled) is a business model in which an organization provides its employees with mobile computing devicesand allows the employees to use them as if they were personally owned notebook computers, tablets or smartphones.

Question 32

Which of the answers listed below refers to an obsolete authentication protocol that sends passwords in cleartext?

PAP
CHAP
EAP
MS-CHAP

Answer 32

PAP

What is the PAP authentication method?
PAP, or password authentication protocol, is a point-to-point protocol (PPP) authentication method that uses passwords to validate users. It is an internet standard (RFC 1334), password-based authentication protocol. Using PAP, data is not encrypted. It is sent to the authentication server as plain text.

Question 33

Which of the answers listed below refers to an XML-based markup language for exchanging authentication and authorization data?

SAML
OpenID Connect
Shibboleth
OAuth

Answer 33

SAML

Question 34

OAuth is an open standard for:

Answer 34

Authorization

Question 35

OpenID Connect is a protocol used for:

Answer 35

Authentication

Question 36

______________ is a remote access authentication protocol that periodically re-authenticates client at random intervals to prevent session hijacking

Answer 36

Challenge Handshake Authentication Protocol (CHAP)

Question 37

Which digital certificate type allows multiple subdomains to be protected by a single certificate?

Answer 37

Wildcard certificate

Question 38

A digital certificate which allows multiple domains to be protected by a single certificate is known as:

Answer 38

Subject Alternative Name (SAN) certificate

Question 39

Which of the answers listed below refers to a method for requesting a digital certificate?

CBC
CSR
CFB
CRL

Answer 39

CSR

A certificate signing request (CSR) is one of the first steps towards getting your own SSL/TLS certificate. Generated on the same server you plan to install the certificate on, the CSR contains information (e.g. common name, organization, country) the Certificate Authority (CA) will use to create your certificate.

Question 40

A trusted third-party storage solution providing backup source for cryptographic keys is referred to as:

Answer 40

Key Escrow

Question 41

In PKI, an account or combination of accounts that can copy a cryptographic key from backup or escrow and restore it to a subject host or user.

Answer 41

Recovery Agent

Question 42

The practice of connecting to an open port on a remote host to gather more information about its configuration is known as:

Answer 42

Banner Grabbing

Question 43

The term “___________” refers to the process of verifying authenticity of a newly received digital certificate. Such process involves checking all the certificates in the chain of certificates from a trusted root CA, through any intermediate CAs, down to the certificate issued to the end user. A new certificate can only be trusted if each certificate in that certificate’s chain is properly issued and valid.

Answer 43

Certificate chaining

Question 44

What is the name of a Windows command-line utility that can be used to display TCP/IP configuration settings?

Answer 44

ipconfig

Question 45

Identifying the type and version of an operating system (or server application) by analyzing its responses to network scans.

Answer 45

Fingerprinting

Question 46

A Linux command-line command for displaying routing table contents is called:

Answer 46

netstat -r

Question 47

An anti-malware tool that enables automated analysis of suspicious files in a sandbox environment?

Answer 47

Cuckoo

Question 48

A Linux command that allows to display the beginning of a file (by default its first 10 lines) is known as:

Answer 48

head

Question 49

A Linux command that allows to create, view, and concatenate files is called:

Answer 49

cat

Question 49

Which of the following commands in Linux displays the last part (by default its 10 last lines) of a file?

tail
read
file
printf

Answer 49

tail

Question 50

A Linux command-line command that enables searching files for lines containing a match to a given text pattern is called

Answer 50

grep

Question 51

Which of the following answers refers to a software library used to implement encrypted connections?

SDK
DNSSEC
OpenSSL
DLL

Answer 51

OpenSSL

OpenSSL is a cryptographic software library that provides an open source implementation of the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It’s used to make communication over computer networks more secure.

OpenSSL provides functions to:
Generate private keys
Manage certificates
Equip client applications with encryption and decryption
Perform CSR (Certificate Signing Request)
Install SSL certificate

Question 52

What is the function of the Linux chmod command?

Answer 52

Changes file owner and group permissions

The chmod command is used to modify this permission so that it can grant or restrict access to directories and files

Question 53

Which of the following forensic utilities enables the extraction of RAM contents?

Memdump
WinHex
FTK imager
Autopsy

Answer 53

Memdump

A memory dump is a file that contains all the information that was stored in a device’s working memory (RAM) prior to a system failure

Question 54

A Linux command-line utility that can be used in the forensic process for creating and copying image files is called:

Answer 54

dd

Question 55

A multi-function disk and binary data editor used for low-level data processing, data recovery, and digital forensics

Answer 55

WinHex

WinHex is a commercial disk editor and universal hexadecimal editor (hex editor) used for data recovery and digital forensics.

Question 56

Which of the following answers refers to a tool for creating forensic images of computer data?

diskpart
FTK imager
fsutil
Autops

Answer 56

FTK imager

FTK Imager is a free, open-source software tool developed by AccessData for creating disk images. It can create accurate copies of original evidence without making any changes to it

Question 57

Open-source forensics platform that allows to examine the contents of a hard drive or mobile device and recover evidence from it

Answer 57

autopsy

Autopsy is a free, open-source, Windows-based desktop digital forensics tool. It’s a cyber forensic tool that can analyze Windows and UNIX file systems, recover deleted files, and show various sectors of uploaded images.

Question 58

_________ is an open-source penetration testing framework used by security engineers. It’s a Ruby-based platform that allows users to write, test, and execute exploit code. The framework contains a suite of tools that can be used to

Answer 58

Metasploit

it is an exploitation framework

Question 59

A globally accessible knowledge base of Adversary Tactics, Techniques, and Procedures (TTPs) based on observations from real-world attacks is known as:

MITRE ATT&CK
The Diamond Model of Intrusion Analysis
Cyber Kill Chai

Answer 59

MITRE ATT&CK

Question 60

Which of the following answers refers to a methodology framework for intrusion analysis developed by U.S. government intelligence community?

MITRE ATT&CK
The Diamond Model of Intrusion Analysis
Cyber Kill Chain

Answer 60

The Diamond Model of Intrusion Analysis

Question 61

Which of the following answers refers to a 7-step military model adopted by Lockheed Martin to identify the phases of a cyberattack?

MITRE ATT&CK
The Diamond Model of Intrusion Analysis
Cyber Kill Chain

Answer 61

Cyber Kill Chain

Question 62

Which of the following answers refers to a U.S. government initiative that provides the details on how to ensure continued performance of essential functions during unexpected events?

SLA
COOP
RPO
COPE

Answer 62

COOP

Continuity of Operations Planning (COOP) is a set of instructions or procedures that describe how an organization’s mission essential functions will be sustained during a disaster event.

Question 63

Which type of server is used for collecting diagnostic and monitoring data from networked devices?
Proxy server
UC server
Syslog server
ICS server

Answer 63

Syslog Server

A syslog server is a device on a network that receives, stores, and forwards log messages generated by other devices. Syslog servers can be used to:

Question 64

Which of the following is a cross-platform log-managing tool?

NetFlow
rsyslog
NXLog
sFlow
syslog-ng

Answer 64

NXLog

NXLog is a multi-platform log collection and centralization tool. It offers log processing features, including log enrichment (parsing, filtering, and conversion) and log forwarding

Question 65

Which of the following is a Cisco-designed IP traffic collection method that by default does not offer packet sampling?

IPFIX
NetFlow
NXLog
sFlow

Answer 65

Netflow

NetFlow is a network protocol system created by Cisco that collects and analyzes active IP network traffic. NetFlow is the standard for acquiring IP operational data from IP networks

Question 66

Which of the following answers refers to a cross-platform IP traffic collection method that takes advantage of packet sampling to optimize bandwidth and hardware resources usage?

sFlow
NXLog
NetFlow
IPFIX

Answer 66

sFlow

sFlow is a multi-vendor, packet sampling technology used to monitor network devices including routers, switches, host devices and wireless access points. sFlow is an embedded technology – it is implemented through dedicated hardware chips embedded in the router/switch.

Question 67

An IETF specification that defines how IP flow information is to be formatted and transferred from an exporter to a collector is called:
NetFlow
IPFIX
sFlow
NXLog

Answer 67

IPFIX

Question 68

A _____ playbook is a checklist of actions that can be performed in response to a security incident.

Answer 68

SOAR

Question 69

In forensic procedures, a chronological record outlining persons in possession of an evidence is referred to as:

Answer 69

Chain of custody

Question 70

In forensic procedures, a sequence of steps in which different types of evidence should be collected is known as:

Answer 70

Order of volatility

Question 71

Which memory type provides a CPU with the fastest access to frequently used data?

Answer 71

Cache Memory

Question 72

A type of file that an OS uses to hold parts of programs and data files that cannot be stored in RAM due to insufficient memory space is called: (Select 2 answers)

Swap file
Temporary file
Pagefile
Signature file
Archive file

Answer 72

Swap file

Page File

Swap file - A swap file is a file on your computer’s hard drive that is used as virtual memory. It is an extension of the computer’s physical memory random-access memory (RAM) and acts as a temporary storage space for data that doesn’t fit in the RAM.

Pagefile - In storage, a pagefile is a reserved portion of a storage drive that is used as an extension of random access memory for data in RAM that hasn’t been used recently. A pagefile can be read from the storage drive as one contiguous chunk of data and thus faster than re-reading data from various original locations.

Question 73

Which of the following answers refers to an example order of volatility for a typical computer system?
Cache memory -> RAM -> Disk files -> Temporary files -> Swap/Pagefile -> Archival media
Archival media -> Disk files -> Temporary files -> Swap/Pagefile -> RAM -> Cache memory
Cache memory -> RAM -> Swap/Pagefile -> Temporary files -> Disk files -> Archival media
Temporary files -> RAM -> Cache memory -> Swap/Pagefile -> Archival media -> Disk files

Answer 73

Cache memory -> RAM -> Swap/Pagefile -> Temporary files -> Disk files -> Archival media

Question 74

Which certificate attribute describes the computer or machine it belongs to? (Select all that apply.)

Company name

Common name

Subject alternate name

Certificate authority name

Answer 74

Common name

Subject alternate name

The common name (CN) attribute identifies the computer or machine by name, usually a fully qualified domain name (FQDN), such as www.comptia.org.

The subject alternate name (SAN) extension field is structured to represent different types of identifiers, including domain names. This is more commonly used as the CN attribute has been deprecated.

Question 75

The ________ for a software product occurs when a product will no longer be produced or sold. These products are most likely to be replaced by a newer version or model.

Answer 75

(EOL) End of Life

Question 76

The __________ occurs when a product will no longer be supported by a vendor. Updates and patches will no longer be produced.

Answer 76

(EOS) End of Service

Question 77

allows a third-party to send unsolicited messages to another
device using Bluetooth. The attack in this example did not use Bluetooth
as an attack vector.

Answer 77

Bluejacking

Question 78

separates the control plane of
networking devices from the data plane. This allows for more automation
and dynamic changes to the infrastructure.

Answer 78

SDN (Software-Defined Networking)

Question 79

________ is an algorithm used for two devices to create identical
shared keys without transferring those keys across the network.

Answer 79

Diffie-Hellman

Question 80

Auditing software that collects status and configuration information from network devices. Many products are based on the Simple Network Management Protocol (SNMP).

Answer 80

Network Monitor

Question 81

A solution that provides real-time or near-real-time analysis of security alerts generated by network hardware and applications.

Answer 81

SIEM

Question 82

What are the three main types of log collection in siem?

Answer 82

Agent Based - with this approach, you must install an agent service on each host. As events occur on the host, logging data is filtered, aggregated, and normalized at the host, then sent to the SIEM server for analysis and storage.

Listener/collector - rather than installing an agent, hosts can be configured to push updates to the SIEM server using a protocol such as syslog or SNMP. A process runs on the management server to parse and normalize each log/monitoring source.

Sensor - —as well as log data, the SIEM might collect packet captures and traffic flow data from sniffers.

Question 83

Devising an AI/ML algorithm that can describe or classify the intention expressed in natural language statements.

Answer 83

Sentiment Analysis

Question 84

All-in-one security appliances and agents that combine the functions of a firewall, malware scanner, intrusion detection, vulnerability scanner, data loss prevention, content filtering, and so on.

Answer 84

UTM

Question 85

Host or network firewall capable of parsing application layer protocol headers and data (such as HTTP or SMTP) so that sophisticated, content-sensitive ACLs can be developed.

Answer 85

NGFW

Question 86

An appliance or proxy server that mediates client connections with the Internet by filtering spam and malware and enforcing access restrictions on types of sites visited, time spent, and bandwidth consumed.

Answer 86

SWG

Question 87

A type of software that reviews system files to ensure that they have not been tampered with

Answer 87

File Integrity Monitoring

Question 88

A firewall designed specifically to protect software running on web servers and their back-end databases from code injection and DoS attacks.

Answer 88

WAF