Incorrectly Answered Subject Areas

Question 1

Dave’s company utilizes Google’s G-Suite environment for file sharing and office productivity, Slack for internal messaging, and AWS for hosting their web servers. Which of the following cloud models type of cloud deployment models is being used?

Multi-cloud
Community
Public
Private

Answer 1

Multi-cloud

Multi-cloud is a cloud deployment model where the cloud consumer uses multiple public cloud services

OBJ-2.2: Summarize Virtualization and Cloud Computing concepts

Question 2

You are working as part of the server team for an online retail store. Due to the upcoming holidays, your boss is worried that the current servers may not be able to handle the increased demand during a big sale. Which of the following cloud computing concepts can quickly allow services to scale upward during busy periods and scale down during slower periods based on the changing user demand?

Metered services
Rapid elasticity
On-demand
Resource pooling

Answer 2

Rapid elasticity

OBJ-2.3: Summarize secure application development, deployment, and automation concepts

Question 3

You are helping to set up a backup plan for your organization. The current plan states that all of the organization’s servers must have a daily backup conducted on them. These backups are then saved to a local NAS device. You have been asked to recommend a method to ensure the backups will work when they are needed for restoration. Which of the following should you recommend?

Frequently restore the server from backup files to test them

Create an additional copy of the backups in an off-site datacenter

Set up scripts to automatically reattempt any failed backup jobs

Attempt to restore a test server from one of the backup files to verify them

Answer 3

Attempt to restore a test server from one of the backup files to verify them

OBJ: Given a scenario, implement security resilence

Question 4

Your company has just finished replacing all of its computers with brand new workstations. Colleen, one of your coworkers, has asked the owner of the company if she can have the old computers that are about to be thrown away. Colleen would like to refurbish the old computers by reinstalling a new operating system and donate them to a local community center for disadvantaged children in the neighborhood. The owner thinks this is a great idea but is concerned that the private and sensitive corporate data on the old computer’s hard drives might be placed at risk of exposure. You have been asked to choose the best solution to sanitize or destroy the data while ensuring the computers will still be usable by the community center. What type of data destruction or sanitization method do you recommend?

Degaussing
Shredding
Wiping
Purging

Answer 4

Wiping

Data wiping or clearing occurs by using a software tool to overwrite the data on a hard drive in an effort to destroy all electronic data on a hard disk or other media

Obj. 2.7: Explain the importance of physical security controls

Question 5

In an effort to improve the security of the Dion Training corporate network, a security administrator wants to update the configuration of their wireless network to have IPSec built into the protocol by default. Additionally, the security administrator would like for NAT to no longer be required for extending the number of IP addresses available. What protocol should the administrator implement on the wireless network to achieve their goals?

WEP
IPv6
IPv4
WPA2

Answer 5

IPv6

IPv6 includes IPSec built into the protocol by default. Additionally, IPv6 also provides an extended IP address range for networks, which eliminates the need for using NAT

OBJ-3.1: Given a scenario, implement secure protocols

Question 6

Michelle has just finished installing a new database application on her server. She then proceeds to uninstall the sample configuration files, properly configures the application settings, and updates the software to the latest version according to her company’s policy. What best describes the actions Michelle just took?

Application hardening
Vulnerability scanning
Input validation
Patch management

Answer 6

Application hardening

Obj-3.2: Given a scenario, implement host or application security solutions

Question 7

Dion Training wants to reduce the management and administrative costs of using multiple digital certificates for all of their subdomains of diontraining.com. Which of the following solutions would allow the company to use one digital certificate for all of its subdomains?

OCSP
Wildcards
CRL
Key escrow

Answer 7

Wildcards

Wildcards are certificates that allow your company unlimited subdomains on a parent domain. Object identifiers identify an object. Key escrow is for key storage. OCSP is a protocol used to query CA about the revocation status of a certificate.

OBJ-3.9: Given Scenario, implement public key infrastructure

Question 8

You are notified by an external organization that an IP address associated with your company’s email server has been sending spam emails requesting funds as part of a lottery collection scam. An investigation into the incident reveals the email account used was Connor from the sales department, and that Connor’s email account was only used from one workstation. You analyze Connor’s workstation and discover several unknown processes running, but netflow analysis reveals no attempted lateral movement to other workstations on the network. Which containment strategy would be most effective to use in this scenario?

Request disciplinary action for Connor for causing this incident

Isolate the workstation computer by disabling the switch port and reset Connor’s username/password

Unplug the workstation’s network cable and conduct a complete reimaging of the workstation

Isolate the network segment Connor is on and conduct a forensic review of all workstations in the sales department

Answer 8

Isolate the workstation computer by disabling the switch port and reset Connor’s username/password

OBJ-4.4: Given an Incident, apply mitigation techniques or controls to secure an enviroment

Question 9

If an administrator cannot fully remediate a vulnerability, which of the following should they implement?

A policy
Access requirements
A compensating control
An engineering tradeoff

Answer 9

A compensating control

OBJ-5.1: Compare and Contrast various types of controls

Question 10

What regulation protects the privacy of student educational records?

GLBA
SOX
FERPA
HIPAA

Answer 10

FERPA

OBJ-5.2 Explain the importance of policies to organizational security

Question 11

Dion Training has performed an assessment as part of their disaster recovery planning. The assessment found that the organization’s RAID takes, on average, about 8 hours to repair when two drives within the RAID fail. Which of the following metrics would best represent this time period?

RTO
RPO
MTTR
MTBF

Answer 11

MTTR

Mean time to repair (MTTR) is a basic measure of the maintainability of repairable items. It represents the average time required to repair a failed component or device.

OBJ-5.4: Summarize Risk Management processes and concepts

Question 12

After completing an assessment, you create a chart listing the associated risks based on the vulnerabilities identified with your organization’s privacy policy. The chart contains listings such as high, medium, and low. It also utilizes red, yellow, and green colors based on the likelihood and impact of a given incident. Which of the following types of assessments did you just complete?

Quantitative risk assessment
Qualitative risk assessment
Privacy assessment
Supply chain assessment

Answer 12

Qualitative risk assessment

OBJ-5.4: Summarize Risk Management processes and concepts

Question 13

Which of the following categories would contain information about an individual’s race or ethnic origin?

DLP
SPI
PHI
PII

Answer 13

SPI

OBJ: 5.5 Explain Privacy and sensitive data concepts in relation to security

Question 14

Which of the following techniques would be the most appropriate solution to implementing a multi-factor authentication system?

Fingerprint and retinal scan
Password and security question
Username and password
Smartcard and PIN

Answer 14

Smartcard and PIN

OBJ-2.4: Summarize Authentication and authorizations design concepts

Question 15

An insurance company has developed a new web application to allow its customers to choose and apply for an insurance plan. You have been asked to help perform a security review of the new web application. You have discovered that the application was developed in ASP and used MSSQL for its backend database. You have been able to locate an application’s search form and introduced the following code in the search input field: -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- IMG SRC=vbscript:msgbox(“Vulnerable_to_Attack”);> originalAttribute=”SRC” originalPath=”vbscript:msgbox(“Vulnerable_to_Attack “);>” -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- When you click submit on the search form, your web browser returns a pop-up window that displays Vulnerable_to_Attack. Which of the following vulnerabilities did you discover in the web application?

SQL injection
Cross-site request forgery
Command injection
Cross-site scripting

Answer 15

Cross-site scripting

Question 16

You are troubleshooting an issue with a Windows desktop and need to display the active TCP connections on the machine. Which of the following commands should you use?

ping
netstat
ipconfig
net use

Answer 16

netstat

OBJ-4.1: Use the appropriate tool to assess organizational security

Question 17

You have been asked to assist with an investigation into a malicious user’s activities. Unfortunately, your organization did not have full packet capture available for the time period of the suspected activities. Instead, you have received netflow data that contains statistics and information about the network traffic during that time period. Which of the following best represents the type of data you can obtain from this netflow data to support the investigation?

File contents
Email messages
Application logs
Metadata

Answer 17

Metadata

OBJ-4.3: Utilize Data sources to support an investigation

Question 18

Which of the following identity and access management controls relies upon using a certificate-based authentication mechanism?

HOTP
Proximity card
TOTP
Smart card

Answer 18

Smart card

Smart cards, PIV, and CAC devices are used as an identity and access management control. These devices contain a digital certificate embedded within the smart card (PIV/CAC) that is presented to the system when it is inserted into the smart card reader.

Question 19

Fail To Pass Systems has just been the victim of another embarrassing data breach. Their database administrator needed to work from home this weekend, so he downloaded a copy of the corporate database to his work laptop. On his way home, he forgot the laptop in an Uber, and a few days later, the data was posted on the internet. Which of the following mitigations would have provided the greatest protection against this data breach?

Require data masking for any information stored in the database

Require data at rest encryption on all endpoints

Require all new employees to sign an NDA

Require a VPN to be utilized for all telework employees

Answer 19

Require data at rest encryption on all endpoints

Question 20

Which protocol relies on mutual authentication of the client and the server for its security?

LDAPS
Two-factor authentication
CHAP
RADIUS

Answer 20

LDAPS

OBJ-3.1: Implement Secure Protocols

Question 21

Which of the following access control models is the most flexible and allows the owner of the resource to control the access permissions?

RBAC
ABAC
MAC
DAC

Answer 21

DAC

Discretionary access control (DAC) stresses the importance of the owner. The original creator of the resource is considered the owner and can then assigned permissions and ownership to others. The owner has full control over the resource and the ability to modify its ACL to grant rights to others

OBJ-3.8: Implement Authentication and Authorization solutions

Question 22

What is used as a measure of biometric performance to rate the system’s ability to correctly authenticate an authorized user by measuring the rate that an unauthorized user is mistakenly permitted access?

Failure to capture
False rejection rate
False acceptance rate
Crossover error rate

Answer 22

False acceptance rate

False acceptance rate (FAR), or Type II, is the measure of the likelihood that the biometric security system will incorrectly accept an access attempt by an unauthorized user

OBJ-2.4: Summarize Authentication and Authorization Design Concepts

Question 23

Dion Training has performed an assessment as part of their disaster recovery planning. The assessment found that the organization can only tolerate a maximum of 60 minutes worth of data loss in the event of a disaster. Therefore, the organization has implemented a system of database snapshots that are backed up every hour. Which of the following metrics would best represent this time period?

RTO
MTBF
RPO
MTTR

Answer 23

RPO

Recovery point objective (RPO) describes a period of time in which an enterprise’s operations must be restored following a disruptive event, e.g., a cyberattack, natural disaster or communications failure

OBJ-5.4: Summarize risk management processes and concepts

Question 24

Susan, a help desk technician at Dion Training, has received several trouble tickets today related to employees receiving the same email as part of a phishing campaign. She has determined that the malicious link in the email is not being blocked by the company’s security suite when a user clicks the link. Susan asks you what action can be performed to prevent a user from reaching the website that is associated with the malicious link in the phishing email. What action do you recommend she utilize?

Add the malicious domain name to your content filter and web proxy’s blacklist

Forward this phishing email to all employees with a warning not to click on the embedded links

Block the IP address of the malicious domain in your firewall’s ACL

Enable TLS on your organizatin’s mail server

Answer 24

Add the malicious domain name to your content filter and web proxy’s blacklist

OBJ-3.3: Implement Secure Network Designs

Question 25

Which cloud computing concept is BEST described as focusing on the replacement of applications and programs on a customer’s workstation with cloud-based resources?

IaaS
DBaaS
PaaS
SaaS

Answer 25

SaaS

Software as a Service (SaaS) is used to provide web applications to end-users. This can be a calendar, scheduling, invoicing, word processor, database, or other programs. For example, Google Docs and Officer 365 are both word processing SaaS solutions.

Obj-2.2: Summarize Virtualization and Cloud Computing Concepts

Question 26

You have been asked to provide some training to Dion Training’s system administrators about the importance of proper patching of a system prior to deployment. To demonstrate the effects of deploying a new system without patching it first, you ask for the system administrators to provide you with an image of a brand-new server they plan to deploy. How should you deploy the image to demonstrate the vulnerabilities that are being exposed while maintaining the security of the corporate network?

Utilize a server with multiple virtual machine snapshots installed o it, restore from a known compromised image, then scan it for vulnerabilities

Deploy the system image within a virtual machine, ensure it is in an isolated sandbox environment, then scan it for vulnerabilities

Deploy the vulnerable image to a virtual machine on a physical server, create an ACL to restrict all incoming connections to the system, then scan it for vulnerabilities

Deploy the image to a brand new physical server, connect it to the corporate network, then conduct a vulnerability scan to demonstrate how many vulnerabilities are now on the network

Answer 26

Deploy the system image within a virtual machine, ensure it is in an isolated sandbox environment, then scan it for vulnerabilities

Obj-3.2: Given a scenario, implement host or application security solutions

Question 27

You have been asked by the incident response team leader to perform a forensic examination on a workstation that is suspected to have been infected with malware. You remember from your training that you must collect digital evidence in the proper order to protect it from being changed during your evidence collection efforts. Which of the following describes the correct sequence to collect the data from the workstation?

CPU cache, RAM, Swap, Hard drive
Swap, RAML, CPU cache, Hard drive
Hard drive, Swap, CPU cache, RAM
RAM, CPU cache, Swap, Hard drive

Answer 27

CPU cache, RAM, Swap, Hard drive

4.5 Explain key aspects of digital forensics

Question 28

Which of the following terms is used to describe the period of the time taken to correct a fault so that the system is restored to full operations after a failure or incident?

MTBF
MTTR
RTO
RPO

Answer 28

MTTR

Mean time to repair (MTTR) is a measure of the time taken to correct a fault so that the system is restored to full operation. MTTR is often used to descibe the average time to replace or recover a system or product

Question 29

Which of the protocols listed is NOT likely to be a trigger for a vulnerability scan alert when it is used to support a virtual private network (VPN)?

SSLv2
IPSec
SSLv3
PPTP

Answer 29

IPSec

IPSec is the most secure protocol that works with VPNs.

OBJ-3.3: Implement Secure Network Designs

Question 30

Taylor needs to sanitize hard drives from some leased workstations that are being returned to a supplier at the end of the lease period. The workstations’ hard drives contained sensitive corporate data. Which is the most appropriate choice to ensure that data exposure doesn’t occur during this process?

Clear, validate, and document the sanitization of the drives

The drives must be destroyed to ensure no data loss

Clear the drives

Purge, validate, and document the sanitization of the drives

Answer 30

Purge, validate, and document the sanitization of the drives

Purging the drives, validating that the purge was effective, and documenting the sanitization is the best response. Purging includes methods that eliminate information from being feasibly recovered even in a lab environment. For example, performing a cryptographic erasure (CE) would sanitize and purge the data from the drives without harming the drives themselves.

OBJ-2.7: Explain the importance of physical security

Question 31

You want to provide controlled remote access to the remote administration interfaces of multiple servers hosted on a private cloud. What type of segmentation security solution is the best choice for this scenario?

Jumpbox
Bastion hosts
Physical
Airgap

Answer 31

Jumpbox

Installing a jumpbox as a single point of entry for the administration of servers within the cloud is the best choice for this requirement. The jumpbox only runs the necessary administrative port and protocol (typically SSH)

OBJ-3.3: Implement Secure Network Designs

Question 32

A systems administrator is looking for a low-cost application-hosting solution that is cloud-based.

Which of the following meets these requirements?

Serverless framework
Type 1 hypervisor
SD-WAN
SDN

Answer 32

Serverless framework

Question 33

In 2014, Apple’s implementation of SSL had a severe vulnerability that, when exploited, allowed an attacker to gain a privileged network position that would allow them to capture or modify data in an SSL/TLS session. This was caused by poor programming in which a failed check of the connection would exit the function too early. Based on this description, what is this an example of?

Use of insecure functions
Insufficient logging and monitoring
Improper error handling
Insecure object reference

Answer 33

Improper error handling

Question 34

An independent cybersecurity researcher has contacted your company with proof of a buffer overflow vulnerability in one of your applications. Which technique would have been most likely to identify this vulnerability in your application during development?

Static code analysis
Pair programming
Dynamic code analysis
Manual Peer Review

Answer 34

Static code analysis

Buffer overflows are most easily detected by conducting a static code analysis

Question 35

Your email client has been acting strangely recently. Every time you open an email with an image embedded within them, the image is not displayed to your screen. Which of the following is the MOST likely cause of this issue?

Incorrect settings in your web browser’s trusted site configuration

Incorrect settings in your email proxy server

Incorrect email settings in the anti-virus
software

Incorrect settings in the host-based firewall

Incorrect security settings in the email client

Answer 35

Incorrect security settings in the email client

Question 36

You received an incident response report that indicates a piece of malware was introduced into the company’s network through a remote workstation that was connected to the company’s servers over a VPN connection. Which of the following controls should be applied to prevent this type of incident from occurring again?

SPF
MAC filtering
NAC
ACL

Answer 36

NAC

Question 37

You have decided to have DNA genetic testing and analysis performed to determine your exact ancestry composition and possibly find some lost relatives through their database. Which of the following types of data should this be classified?

PHI
PII
IP
CUI

Answer 37

PHI

Question 38

Which role validates the user’s identity when using SAML for authentication?

User agent
SP
RP
IdP

Answer 38

IdP

SAML is a solution for providing single sign-on (SSO) and federated identity management. It allows a service provider (SP) to establish a trust relationship with an identity provider (IdP) so that the identity of a user (the principal) can be trusted by the SP without the user having to authenticate directly with the SP.

Question 39

You have run finished running an nmap scan on a server are see the following output: -=-=-=-=-=-=–=-=-=-=-=-=–=-=-=-=-=-=–=-=-=-=-=-=- # nmap diontraining.com Starting Nmap ( http://nmap.org ) Nmap scan report for diontraining.com (64.13.134.52) Not shown: 996 filtered ports PORT STATE 22/tcp open 23/tcp open 53/tcp open 443/tcp open Nmap done: 1 IP address (1 host up) scanned in 2.56 seconds -=-=-=-=-=-=–=-=-=-=-=-=–=-=-=-=-=-=–=-=-=-=-=-=- Based on the output above, which of the following ports listed as open represents the most significant security vulnerability to your network?

53
23
443
22

Answer 39

23

Question 40

During which phase of the incident response process does an organization assemble an incident response toolkit?

Containment, eradication, and recovery
Detection and analysis
Post-incident activity
Preparation

Answer 40

Preparation

Question 41

What is a reverse proxy commonly used for?

Directing traffic to internal services if the contents of the traffic comply with the policy

Allowing access to a virtual private cloud

To obfuscate the origin of a user within a network

To prevent the unauthorized use of cloud services from the local network

Answer 41

Directing traffic to internal services if the contents of the traffic comply with the policy

Question 42

Which of the following type of threats did the Stuxnet attack rely on to cross an airgap between a business and an industrial control system network?

Session hijacking
Cross-site scripting
Directory traversal
Removable media

Answer 42

Removable media

Airgaps are designed to remove connections between two networks in order to create a physical segmentation between them. The only way to cross an airgap is to have a physical device between these systems, such as using a removable media device to transfer files between them

Question 43

Your company wants to provide a secure SSO solution for accessing both the corporate wireless network and its network resources

Which of the following technologies should be used?

WEP
WPS
WPA2
RADIUS

Answer 43

RADIUS

With RADIUS and SSO configured, users on the network can provide their user credentials one time (when they initially connect to the wireless access point or another RADIUS client), and they are automatically authenticated to all of the network’s resources

Question 44

You are working as a network administrator for Dion Training. The company has decided to allow employees to connect their devices to the corporate wireless network under a new BYOD policy. You have been asked to separate the corporate network into an administrative network (for corporate-owned devices) and an untrusted network (for employee-owned devices). Which of the following technologies should you implement to achieve this goal?

VLAN
MAC filtering
WPA2
VPN

Answer 44

VLAN

A virtual local area network (VLAN) is a type of network segmentation that is configured in your network switches that prevent communications between different VLANs without using a router. This allows two virtually separated networks to exist on one physical network and separates the two virtual network’s data

Question 45

A corporate workstation was recently infected with malware. The malware was able to access the workstation’s credential store and steal all the usernames and passwords from the machine. Then, the malware began to infect other workstations on the network using the usernames and passwords it stole from the first workstation. The IT Director has directed its IT staff to come up with a plan to prevent this type of issue from occurring again in the future. Which of the following would BEST prevent this from reoccurring?

Install a host-based intrusion detection system on all of the corporate workstations

Install an anti-virus or anti-malware solution that uses heuristic analysis

Install a Unified Threat Management system on the network to monitor for suspicious traffic

Monitor all workstations for failed login attempts and forward them to a centralized SYSLOG server

Answer 45

Install an anti-virus or anti-malware solution that uses heuristic analysis

Question 46

Which of the following terms is used to describe the period of time following a disaster that an individual IT system may remain offline?

MTTR
MTBF
RTO
RPO

Answer 46

RTO

Question 47

Hot Site

Question 48

cold site

Answer 48

there’s really no hardware there waiting for you. There’s nothing available for rack space. These are things that you would have to bring yourself should an emergency occur.

Question 49

warm site

Answer 49

So it may be a location where you have all of your equipment, but the hardware is stored in a separate roo

Question 50

hot site

Answer 50

You’ve got a complete duplicate of a data center at a remote site. So whenever you’re buying hardware, you naturally buy duplicates of that hardware, put it on your hot site, get it up and running

Question 51

Bluejacking

Answer 51

Bluetooth device is used to hijack another device and transmit unsolicited messages, such as spam.

Question 52

Bluesnarfing

Answer 52

a cyberattack where the security vulnerabilities of a Bluetooth connection are exploited to access the sensitive data of the target device