General Flashcards

1
Q

What does a digital signature consist of?

A

Hash & Private Key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A type of OS characterized by low delay between the execution of tasks required in specific applications, such as in military missile guidance systems or in automotive braking systems, is known as:

A

RTOS - A Real Time Operating System, commonly known as an RTOS, is a software component that rapidly switches between tasks, giving the impression that multiple programs are being executed at the same time on a single processing core.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

IoT technology designed to provide communication between appliances in a home automation network?

A

Zigbee

Zigbee Definition - Zigbee is a wireless protocol that allows smart devices to communicate with each other over a Personal Area Network (PAN). Zigbee is used to link smart devices like lights, plugs, and smart locks to a home network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A lightly protected subnet (previously known as a DMZ) consisting of publicly available servers placed on the outside of the company’s firewall is called:

A

Screened subnet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

An asymmetric encryption key designed to be used only for a single session or transaction is known as:

A

Ephemeral key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are the characteristic features of a session key?

A

1) Used during a single session
2) Symmetric key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A mathematical operation that is easy and quick to complete, but extremely difficult to reverse.

A

Trap Door

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A pseudorandom or random sequence of characters used to encrypt the first block of characters in the plaintext block.

used in block ciphers

A

initialization vector (IV)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A suite of security extensions for an Internet service that translates domain names into IP addresses is known as:

A

DNSSEC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A network protocol for secure file transfer over Secure Shell (SSH) is called:

A

SFTP

Secure File Transfer Protocol (SFTP) uses SSH and provides a secure way to transfer files between computers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which part of the IPsec protocol suite provides authentication and integrity?

A

AH

IPSec uses two distinct protocols, Authentication Header (AH) and Encapsulating Security Payload (ESP), which are defined by the IETF. The AH protocol provides a mechanism for authentication only. AH provides data integrity, data origin authentication, and an optional replay protection service.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

POP3 is used for:

A

Email retrieval

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which protocol enables secure, real-time delivery of audio and video over an IP network?

A

SRTP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

The practice of finding vulnerabilities in an application by feeding it incorrect input is called:

A

Fuzzing

Fuzzing is an application security testing technique that feeds invalid inputs to a software program to expose vulnerabilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is “code signing?”

A

Code signing is the process of digitally signing executables and scripts to confirm the software author and guarantee that the code has not been altered or corrupted since it was signed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is static code analysis?

A

a software verification activity that analyzes source code for quality, reliability, and security without executing the code

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is dynamic code analysis?

A

Dynamic code analysis is a form of black-box vulnerability scanning that allows software teams to scan running applications and identify vulnerabilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

In computer security, a mechanism for safe execution of untested code or untrusted applications is referred to as:

A

Sandboxing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

In active-active mode, load balancers distribute network traffic across:

A

All servers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

802.1X is an IEEE standard for implementing:

A

Port-based NAC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

In the Kerberos-based authentication process, the purpose of the client’s timestamp is to provide countermeasure against:

A

Replay attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Which protocol ensures the reliability of the Kerberos authentication process?

A

NTP

Network time Protocol, Port # 123

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What is the function of a C2 server?

C2 = Command-and-Control

A

Botnet control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Remapping a domain name to a rogue IP address is an example of what kind of exploit?

A

DNS poisoning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

In the context of MDM, the isolation of corporate applications and data from other parts of the mobile device is referred to as:

A

Containerization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

The term “Rooting” refers to the capability of gaining administrative access to the operating system and system applications on:

A

Android devices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Mobile device updates delivered over a wireless connection are known as:

A

OTA

Over The Air

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Which of the following answers refers to a trusted third-party service for validating user identity in a federated identity system?

A

IdP

IdP is an acronym for Identity Provider. It’s a service that stores and verifies user identity. IdPs are typically cloud-hosted services, and they often work with single sign-on (SSO) providers to authenticate users

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Installing mobile apps from websites and app stores other than the official marketplaces is referred to as:

A

Sideloading

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Which technology enables establishing direct communication links between two USB devices?

A

OTG

It stands for USB on-the-go. It allows you to connect multiple mobile devices directly together without using any type of computer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

What is COPE?

A

COPE (corporate-owned personally enabled) is a business model in which an organization provides its employees with mobile computing devicesand allows the employees to use them as if they were personally owned notebook computers, tablets or smartphones.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Which of the answers listed below refers to an obsolete authentication protocol that sends passwords in cleartext?

PAP
CHAP
EAP
MS-CHAP

A

PAP

What is the PAP authentication method?
PAP, or password authentication protocol, is a point-to-point protocol (PPP) authentication method that uses passwords to validate users. It is an internet standard (RFC 1334), password-based authentication protocol. Using PAP, data is not encrypted. It is sent to the authentication server as plain text.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Which of the answers listed below refers to an XML-based markup language for exchanging authentication and authorization data?

SAML
OpenID Connect
Shibboleth
OAuth

A

SAML

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

OAuth is an open standard for:

A

Authorization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

OpenID Connect is a protocol used for:

A

Authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

______________ is a remote access authentication protocol that periodically re-authenticates client at random intervals to prevent session hijacking

A

Challenge Handshake Authentication Protocol (CHAP)

37
Q

Which digital certificate type allows multiple subdomains to be protected by a single certificate?

A

Wildcard certificate

38
Q

A digital certificate which allows multiple domains to be protected by a single certificate is known as:

A

Subject Alternative Name (SAN) certificate

39
Q

Which of the answers listed below refers to a method for requesting a digital certificate?

CBC
CSR
CFB
CRL

A

CSR

A certificate signing request (CSR) is one of the first steps towards getting your own SSL/TLS certificate. Generated on the same server you plan to install the certificate on, the CSR contains information (e.g. common name, organization, country) the Certificate Authority (CA) will use to create your certificate.

40
Q

A trusted third-party storage solution providing backup source for cryptographic keys is referred to as:

A

Key Escrow

41
Q

In PKI, an account or combination of accounts that can copy a cryptographic key from backup or escrow and restore it to a subject host or user.

A

Recovery Agent

42
Q

The practice of connecting to an open port on a remote host to gather more information about its configuration is known as:

A

Banner Grabbing

43
Q

The term “___________” refers to the process of verifying authenticity of a newly received digital certificate. Such process involves checking all the certificates in the chain of certificates from a trusted root CA, through any intermediate CAs, down to the certificate issued to the end user. A new certificate can only be trusted if each certificate in that certificate’s chain is properly issued and valid.

A

Certificate chaining

44
Q

What is the name of a Windows command-line utility that can be used to display TCP/IP configuration settings?

A

ipconfig

45
Q

Identifying the type and version of an operating system (or server application) by analyzing its responses to network scans.

A

Fingerprinting

46
Q

A Linux command-line command for displaying routing table contents is called:

A

netstat -r

47
Q

An anti-malware tool that enables automated analysis of suspicious files in a sandbox environment?

A

Cuckoo

48
Q

A Linux command that allows to display the beginning of a file (by default its first 10 lines) is known as:

A

head

49
Q

A Linux command that allows to create, view, and concatenate files is called:

A

cat

49
Q

Which of the following commands in Linux displays the last part (by default its 10 last lines) of a file?

tail
read
file
printf

A

tail

50
Q

A Linux command-line command that enables searching files for lines containing a match to a given text pattern is called

A

grep

51
Q

Which of the following answers refers to a software library used to implement encrypted connections?

SDK
DNSSEC
OpenSSL
DLL

A

OpenSSL

OpenSSL is a cryptographic software library that provides an open source implementation of the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It’s used to make communication over computer networks more secure.

OpenSSL provides functions to:
Generate private keys
Manage certificates
Equip client applications with encryption and decryption
Perform CSR (Certificate Signing Request)
Install SSL certificate

52
Q

What is the function of the Linux chmod command?

A

Changes file owner and group permissions

The chmod command is used to modify this permission so that it can grant or restrict access to directories and files

53
Q

Which of the following forensic utilities enables the extraction of RAM contents?

Memdump
WinHex
FTK imager
Autopsy

A

Memdump

A memory dump is a file that contains all the information that was stored in a device’s working memory (RAM) prior to a system failure

54
Q

A Linux command-line utility that can be used in the forensic process for creating and copying image files is called:

A

dd

55
Q

A multi-function disk and binary data editor used for low-level data processing, data recovery, and digital forensics

A

WinHex

WinHex is a commercial disk editor and universal hexadecimal editor (hex editor) used for data recovery and digital forensics.

56
Q

Which of the following answers refers to a tool for creating forensic images of computer data?

diskpart
FTK imager
fsutil
Autops

A

FTK imager

FTK Imager is a free, open-source software tool developed by AccessData for creating disk images. It can create accurate copies of original evidence without making any changes to it

57
Q

Open-source forensics platform that allows to examine the contents of a hard drive or mobile device and recover evidence from it

A

autopsy

Autopsy is a free, open-source, Windows-based desktop digital forensics tool. It’s a cyber forensic tool that can analyze Windows and UNIX file systems, recover deleted files, and show various sectors of uploaded images.

58
Q

_________ is an open-source penetration testing framework used by security engineers. It’s a Ruby-based platform that allows users to write, test, and execute exploit code. The framework contains a suite of tools that can be used to

A

Metasploit

it is an exploitation framework

59
Q

A globally accessible knowledge base of Adversary Tactics, Techniques, and Procedures (TTPs) based on observations from real-world attacks is known as:

MITRE ATT&CK
The Diamond Model of Intrusion Analysis
Cyber Kill Chai

A

MITRE ATT&CK

60
Q

Which of the following answers refers to a methodology framework for intrusion analysis developed by U.S. government intelligence community?

MITRE ATT&CK
The Diamond Model of Intrusion Analysis
Cyber Kill Chain

A

The Diamond Model of Intrusion Analysis

61
Q

Which of the following answers refers to a 7-step military model adopted by Lockheed Martin to identify the phases of a cyberattack?

MITRE ATT&CK
The Diamond Model of Intrusion Analysis
Cyber Kill Chain

A

Cyber Kill Chain

62
Q

Which of the following answers refers to a U.S. government initiative that provides the details on how to ensure continued performance of essential functions during unexpected events?

SLA
COOP
RPO
COPE

A

COOP

Continuity of Operations Planning (COOP) is a set of instructions or procedures that describe how an organization’s mission essential functions will be sustained during a disaster event.

63
Q

Which type of server is used for collecting diagnostic and monitoring data from networked devices?
Proxy server
UC server
Syslog server
ICS server

A

Syslog Server

A syslog server is a device on a network that receives, stores, and forwards log messages generated by other devices. Syslog servers can be used to:

64
Q

Which of the following is a cross-platform log-managing tool?

NetFlow
rsyslog
NXLog
sFlow
syslog-ng

A

NXLog

NXLog is a multi-platform log collection and centralization tool. It offers log processing features, including log enrichment (parsing, filtering, and conversion) and log forwarding

65
Q

Which of the following is a Cisco-designed IP traffic collection method that by default does not offer packet sampling?

IPFIX
NetFlow
NXLog
sFlow

A

Netflow

NetFlow is a network protocol system created by Cisco that collects and analyzes active IP network traffic. NetFlow is the standard for acquiring IP operational data from IP networks

66
Q

Which of the following answers refers to a cross-platform IP traffic collection method that takes advantage of packet sampling to optimize bandwidth and hardware resources usage?

sFlow
NXLog
NetFlow
IPFIX

A

sFlow

sFlow is a multi-vendor, packet sampling technology used to monitor network devices including routers, switches, host devices and wireless access points. sFlow is an embedded technology – it is implemented through dedicated hardware chips embedded in the router/switch.

67
Q

An IETF specification that defines how IP flow information is to be formatted and transferred from an exporter to a collector is called:
NetFlow
IPFIX
sFlow
NXLog

A

IPFIX

68
Q

A _____ playbook is a checklist of actions that can be performed in response to a security incident.

A

SOAR

69
Q

In forensic procedures, a chronological record outlining persons in possession of an evidence is referred to as:

A

Chain of custody

70
Q

In forensic procedures, a sequence of steps in which different types of evidence should be collected is known as:

A

Order of volatility

71
Q

Which memory type provides a CPU with the fastest access to frequently used data?

A

Cache Memory

72
Q

A type of file that an OS uses to hold parts of programs and data files that cannot be stored in RAM due to insufficient memory space is called: (Select 2 answers)

Swap file
Temporary file
Pagefile
Signature file
Archive file

A

Swap file

Page File

Swap file - A swap file is a file on your computer’s hard drive that is used as virtual memory. It is an extension of the computer’s physical memory random-access memory (RAM) and acts as a temporary storage space for data that doesn’t fit in the RAM.

Pagefile - In storage, a pagefile is a reserved portion of a storage drive that is used as an extension of random access memory for data in RAM that hasn’t been used recently. A pagefile can be read from the storage drive as one contiguous chunk of data and thus faster than re-reading data from various original locations.

73
Q

Which of the following answers refers to an example order of volatility for a typical computer system?
Cache memory -> RAM -> Disk files -> Temporary files -> Swap/Pagefile -> Archival media
Archival media -> Disk files -> Temporary files -> Swap/Pagefile -> RAM -> Cache memory
Cache memory -> RAM -> Swap/Pagefile -> Temporary files -> Disk files -> Archival media
Temporary files -> RAM -> Cache memory -> Swap/Pagefile -> Archival media -> Disk files

A

Cache memory -> RAM -> Swap/Pagefile -> Temporary files -> Disk files -> Archival media

74
Q

Which certificate attribute describes the computer or machine it belongs to? (Select all that apply.)

Company name

Common name

Subject alternate name

Certificate authority name

A

Common name

Subject alternate name

The common name (CN) attribute identifies the computer or machine by name, usually a fully qualified domain name (FQDN), such as www.comptia.org.

The subject alternate name (SAN) extension field is structured to represent different types of identifiers, including domain names. This is more commonly used as the CN attribute has been deprecated.

75
Q

The ________ for a software product occurs when a product will no longer be produced or sold. These products are most likely to be replaced by a newer version or model.

A

(EOL) End of Life

76
Q

The __________ occurs when a product will no longer be supported by a vendor. Updates and patches will no longer be produced.

A

(EOS) End of Service

77
Q

allows a third-party to send unsolicited messages to another
device using Bluetooth. The attack in this example did not use Bluetooth
as an attack vector.

A

Bluejacking

78
Q

separates the control plane of
networking devices from the data plane. This allows for more automation
and dynamic changes to the infrastructure.

A

SDN (Software-Defined Networking)

79
Q

________ is an algorithm used for two devices to create identical
shared keys without transferring those keys across the network.

A

Diffie-Hellman

80
Q

Auditing software that collects status and configuration information from network devices. Many products are based on the Simple Network Management Protocol (SNMP).

A

Network Monitor

81
Q

A solution that provides real-time or near-real-time analysis of security alerts generated by network hardware and applications.

A

SIEM

82
Q

What are the three main types of log collection in siem?

A

Agent Based - with this approach, you must install an agent service on each host. As events occur on the host, logging data is filtered, aggregated, and normalized at the host, then sent to the SIEM server for analysis and storage.

Listener/collector - rather than installing an agent, hosts can be configured to push updates to the SIEM server using a protocol such as syslog or SNMP. A process runs on the management server to parse and normalize each log/monitoring source.

Sensor - —as well as log data, the SIEM might collect packet captures and traffic flow data from sniffers.

83
Q

Devising an AI/ML algorithm that can describe or classify the intention expressed in natural language statements.

A

Sentiment Analysis

84
Q

All-in-one security appliances and agents that combine the functions of a firewall, malware scanner, intrusion detection, vulnerability scanner, data loss prevention, content filtering, and so on.

A

UTM

85
Q

Host or network firewall capable of parsing application layer protocol headers and data (such as HTTP or SMTP) so that sophisticated, content-sensitive ACLs can be developed.

A

NGFW

86
Q

An appliance or proxy server that mediates client connections with the Internet by filtering spam and malware and enforcing access restrictions on types of sites visited, time spent, and bandwidth consumed.

A

SWG

87
Q

A type of software that reviews system files to ensure that they have not been tampered with

A

File Integrity Monitoring

88
Q

A firewall designed specifically to protect software running on web servers and their back-end databases from code injection and DoS attacks.

A

WAF