Mock Exam 3 Flashcards

1
Q

You are the systems administrator for a large multinational corporation that is going to open a new research and development department in their London office. The CEO has informed you that a new product is due to be released and he wants to prevent anyone logging into the research and development department’s desktops. What is the BEST way for these laptops to be set up?

A

a. VLAN
b. Port forwarding
c. Split tunnel
d. Air gap

When a computer or device is air gapped, it is not connected to the network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q
  1. A company has rolled out new laptops with Windows 10; however, the auditor has observed that each of the laptops has different patches and updates. It has recommended that they are recalled and updated. Which of the following should have been done prior to the rollout to ensure they are patched?
A

a. Application whitelist
b. Secure baseline
c. Blocklist
d. Snapshot

A baseline is a list of installed applications, updates, and settings. If a baseline had been used, everyone would have the same settings.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q
  1. The security administrator has received an updated security bulletin that mentions that some new attacks have appeared in the last week. The security industry does not have much information on the attack vectors. What action should they take to gather more information on the new attacks?
A

a. Read the security bulletin weekly
b. Roll out a honeypot
c. Ensure Windows updates are current
d. Ensure antivirus updates are current

A honeypot allows the security administrator to attract potential attackers and monitor the attack method being utilized.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A company is rolling out new mobile phones and needs to secure them from data theft. Which of the following items should be implemented? Choose three.

A

a. Simple passwords
b. Containerization
c. Strong passwords
d. Content manager
e. FDE
f. Antivirus
g. Screen saver

When you use additional storage on a device such as an SD card, this is known as containerization or storage segmentation. Also, an isolated guest virtual machine is known as containers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q
  1. Which of the following cloud models give you the MOST control?
A

a. SaaS
b. IaaS
c. MaaS
d. SECaaS
e. PaaS

Infrastructure as a service is where you install, configure, and patch the operating system, therefore having more control over how it is set up and configured.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q
  1. A sales person’s company phone has broken and it will take two weeks to replace it so he has agreed to use his personal phone as a BYOD device. The security administrator is not happy that he will have personal and company data on the same device, so they will put a SD card into the phone to host the business data. What is this technique known as? Choose TWO.
A

a. Separation
b. Isolation
c. Containerization
d. Splitting
e. Storage segmentation

When you use additional storage on a device such as an SD card, this is known as containerization or storage segmentation. Also, an isolated guest virtual machine is known as containers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q
  1. What type of device category are tablets and life support systems? Select the BEST answer.
A

a. Hybrid
b. Digital
c. SoC
d. ICS
e. Electronic

Both the tablet and life support systems use integrated circuits known as chips. Apple watches, smartphones, and computer motherboards come under this category known as system on a chip (SoC).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

8.A multinational corporation is going to employee a group of 20 contractors for six-month periods but want to create a secure environment for them to work in for that time. Which of the following would be the BEST solution?

A

a. VDE
b. VDI
c. RDP
d. SSH
e. VPN

VDI is a virtual desktop infrastructure where a pool of virtual desktops is created and each person has their own desktop that is accessed only by them. Note, the question did not say these workers were remote, therefore the VPN was ruled out.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
  1. A systems administrator needs to choose a system that will provide fault tolerance and provides the most resilience. The system must be able to use four disks. Which of the following is the best choice?
A

a. RAID 0
b. RAID 1
c. RAID 5
d. RAID 6

Both RAID 5 and 6 can use four disks, however, RAID 5 has single parity and can only lose one disk. RAID 6 has dual parity and can lose two disks, making it more resilient. RAID 10 provides better redundancy than RAID 6.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q
  1. A company is replacing its existing Multi-Functional Devices (MFD) with more modern versions. A risk assessment was carried out, listing potential attack vectors. Which of the following poses the GREATEST risk?
A

a. Network interface
b. Driver shimming
c. Patching
d. Default passwords
e. Containerization
f. Malicious insiders

Most MFD devices have a network interface enabling them to be accessed by everyone on the network. The network interface could be used by a remote attacker.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q
  1. An attacker managed to use an unmanaged virtual machine to attack the virtual machine host. The security administrator conducted lessons learned. During his report, why did he say the virtual machine was not hardened? Select the BEST choice.
A

a. VM escape
b. System sprawl
c. Pivoting
d. VM sprawl

VM sprawl is where an unmanaged virtual machine is placed on your virtual network. Because the administrator does not know about its existence, it is never patched, making it vulnerable.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

12.Which of the following can prevent data emissions from leaving the company network?

A

a. Security baseline
b. Disconnect the network cable
c. Patch management
d. Faraday cage
e. Host-based firewall

A Faraday cage acts as a force field to prevent electrical current and wireless emissions from coming into or leaving a network. The Faraday cage prevents electromagnetic radiation emanating from electronic equipment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q
  1. Which of the following is a major benefit to a new successful company that’s using cloud technologies? Select the BEST answer.
A

a. Redundancy
b. Cost
c. Elasticity
d. Security

CSP can increase or decrease cloud resources at the drop of a hat. Therefore, as a new company increases its sales and number of employees, the CSP can provide them with the resources they need.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A developer, while creating a new application, has asked the cyber security analyst the best way for him to set up error handling. Which of the following options will the cyber security analyst recommend to the developer? Choose the three BEST answers.

A

a. Users should see the full error as a long version with all the required details.
b. The system administrator should see the full error as a long version with all the required details.
c. None of the errors should be logged so that the application runs.
d. All the errors should be logged and stop the application from running.
e. Users should see a shortened version of the error that is not detailed.
f. All the errors should be logged and the application should run.

g. The system administrator should see a shortened version of the error.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q
  1. A company is looking for a software development life cycle model that is incremental and very similar to scrum. Which of the following is the BEST solution?
A

a. Agile
b. Waterfall
c. PRINCE 2
d. V-shaped model
Agile and scrum are very similar where they can incrementally start different phases of the SDLC to provide faster delivery and customer satisfaction.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q
  1. Which of the following cloud models gives you more control?
A

a. Private
b. Public
c. Hybrid
d. Community

A private cloud is known as a single tenant where you have total control of the environment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q
  1. A company needs to set up a web portal so that distributors can view their latest price list and order new products. Which of the following is the most suitable?
A

a. Intranet
b. LAN
c. Extranet
d. Internet
e. DMZ

An intranet website sits on your LAN and has company sensitive data. An extranet is located in the DMZ, a boundary layer, and is accessed by username and password. This would be used to share information with distributors or suppliers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q
  1. A company wants to ensure that their customers don’t want to bring any lawsuits against them. Which of the following is the BEST to adopt?
A

a. Exceed regulatory framework standards
b. Exceed general-purpose guides
c. Exceed platform-specific guides
d. Exceed vendor-specific guides

Regulatory framework standards are legally enforceable whereas user guides are not. If we exceed the regulatory standards, we can prove to a court that we are very responsible and compliant with current regulations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

An attacker breaks into a company during the night and attempts to log into the employee’s computers. The following is a log file from a real-time security system:

Computer 1 – login attempt 1
Computer 2 – login attempt 2
Computer 3 – login attempt 3 – locked out

What type of security system is this from?

A

a. NIPS
b. NIDS
c. HIDS
d. SIEM

A SIEM system is a real-time monitoring system that has a correlation engine. In this example, the attacker is attempting to only log in once to each machine, so he does not get locked out and records events in the security log. If a SIEM system provides a false positive, it will be due to using the wrong input filter.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q
  1. system administrator tried to install a bespoke piece of software but keeps getting errors. What action does the system administrator need to take? Choose the MOST likely answer.
A

a. Remove the software from the blacklist
b. Add the software to the blacklist
c. Use a group policy to install the software
d. Add the software to the whitelist
e. Remove a group policy to prevent installation
f. Remove the software from the whitelist

Whitelists are used to control what software can be installed, therefore, if it is not on the whitelist, you can never install it. Blacklists are used to control banned applications.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q
  1. A network administrator is connecting more hosts to the network. Which of the following does he need to install to help secure the network cables?
A

a. Conduit
b. Switch
c. Router
d. Flood guard

A conduit is used to house and protect the cables that he is laying.

21
Q
  1. A systems administrator is upgrading a system when a problem occurs, resulting in the system crashing and being taken out of action. He was then able to roll back to the previous state. Which of the following was he using that allowed him to achieve this? Select the BEST answer.
A

a. Imaging
b. Baseline
c. Ghost
d. Non-persistent configuration

Non-persistent configuration allows you to roll back to a previous state and an example of this could be a snapshot of a virtual machine.

22
Q
  1. The cloud administrator needs to implement a cloud model when resources are shared. Which of the following should be implemented?
A

a. CASB
b. Private cloud
c. Public cloud
d. Community cloud

A community cloud is where people in the same industry share the cost and running of a cloud application. For example, a group of lawyers are not happy with the retail software so they contribute to have a cloud provider create a bespoke application that they all use.

23
Q
  1. A multinational corporation suspects its Chief Financial Officer (CFO) of corruption and have contacted the cybersecurity administrator. The CEO has instructed him to capture all of the traffic flowing into the CFO’s desktop. Which of the following is the MOST suitable?
A

a. Port mirror
b. Monitor the desktop with a SIEM
c. Mirror the disk activity
d. Use video capture software

A port mirror captures the traffic in and out of a port and stores it on another device. Sometimes this is known as a tap.

23
Q
  1. The system administrator decided to put two legacy printers in their own VLAN while the modern printers were left on the network. Why did he choose to isolate the legacy printers? Select the BEST answer.
A

a. Legacy printers work better when placed in a VLAN
b. The legacy printers were contaminated with a virus
c. To enable them to print faster
d. There were no driver updates, making the printers vulnerable

Placing any device into a VLAN separates it from the rest of the network. The administrator realized the legacy devices were vulnerable to attack as no updates were available.

24
Q
  1. What benefit does the security team get if all their computers had their operating system installed by using a master image? Select the BEST answer.
A

a. It saves time and resources
b. The computers are fully patched
c. It is very easy to implement
d. It provided a consistent security baseline

An image can be created with least functionality and all of the latest security updates installed. This way, the security team knows what the security baseline of each computer is.

25
Q
  1. A security administrator has noticed that a dynamically expanding virus is attacking the company network. What is the first stage in protecting the network?
A

a. Reporting
b. Quarantine
c. Identifying the source
d. Recovery

When attacks are being made, the first step is usually identifying the source of the attack, however, if it is a rapidly spreading virus, it is an exception and it must be quarantined, isolated, or contained to stop it spreading

26
Q
  1. A security administrator is rolling out new laptops to the sales team that will travel worldwide. What is the BEST method to secure the laptops?
A

a. Least privilege
b. Least functionality
c. Fully patched
d. Baseline
e. Whitelist

Although many of the selections could be implemented, the best method for securing the laptops is to introduce least functionality in this method—only the essentials applications and services are available.

27
Q
  1. A company has just built a new data center in Galway but they have noticed that 60% of the server’s temperature has risen. What should they implemented to prevent this from happening? Select the BEST answer.
A

a. More ventilation within the building
b. Implement a mantrap
c. Install ceiling fans
d. Install a HVAC system
e. Install a fire suppression system

Data centers will normally have a HVAC system that consists of hot and cold aisles that regulate the air temperature by cold airflow inward and the hot airflow outward.

28
Q
  1. A company wishes to move its customized applications to the cloud. Which cloud model should be selected?
A

a. Software as a Service
b. Infrastructure as a Service
c. Monitoring as a Service
d. Platform as a Service

Platform as a service is a cloud environment where applications can be developed. SaaS is bespoke software provided with the cloud provider and cannot be modified.

29
Q
  1. A company has a virtual network suffering from an attack on one of its three host computers. After an investigation, it was established that the attacker gained access via a guest machine. What is this attack known as?
A

a. Pivoting
b. Remote exploit
c. VM sprawl
d. VM escape

VM escape is where a guest machine is exploited so that the host can be attacked, taking down the virtual host. Pivoting is where an attacker (in a physical environment) gains access via a vulnerable computer to attack a computer on the network.

30
Q
  1. The security administrators of a retail outlet have noticed that there has been a rise in the number of tablets being stolen from their sales staff. What should they implement to mitigate the risk of this happening in the future?
A

a. Cable locks
b. CCTV
c. Change management
d. Replace tablets with laptops

Cable locks can lock either laptops or tablets to a desktop to prevent theft. If you visit a store selling tablets, all of these tablets have cable locks so that the tablet can be picked up but not stolen.

31
Q
  1. You are a cybersecurity administrator for a multinational airline that has an array of web servers that connect to a backend SQL database located in the DMZ. A hacker managed to carry out a SQL injection attack by using the phrase 1=1 in a SQL statement. What is the BEST way prevents future SQL injection attacks? Choose the BEST answer.
A

a. Input validation
b. Enable Kerberos
c. SIEM system monitoring the SQL database
d. Stored procedures

Stored procedures are sealed SQL scripts and the BEST way to prevent SQL injection attacks. Another way is to use input validation.

32
Q
  1. Which of the following cloud models is known as being multi-tenant?
A

a. Public
b. Private
c. Hybrid
d. Community

A public cloud is when a CSP will host many different companies on the same hardware.

33
Q
  1. You are the systems administrator and have been testing a new application with production data. Which of the following describes what you are doing?
A

a. Development
b. Testing
c. Staging
d. Production
e. White box testing

Staging is the process of testing an application with production data. SDLC is development—where an application is created. Testing—they test the functionality. Staging—test with production data. Production—it is rolled out.

34
Q
  1. A security administrator has found out that an attacker has managed to insert more data than expected into a web-based application. He sets up input validation to prevent this type of attack. What type of attack had been carried out? Select the BEST answer.
A

a. SQL injection
b. Integer overflow
c. Cross site scripting
d. Buffer overflow

When too much data is inserted into a data field, this is known as a buffer overflow attack.

35
Q
  1. What type of system replaces rather than repairs components?
A

a. Immutable system
b. Mutable system
c. Race condition
d. Trusted system
e. SoC

An immutable system is where components are replaced rather than repaired.

36
Q
  1. A company has built a guest Wi-Fi network. Which of the following people could benefit from this new network? Select ALL that apply.
A

a. Visitors
b. Customer services
c. System administrators
d. Script kiddies
e. Employees at lunchtime

A guest hotspot would allow visitors to access the internet. Employees may not have internet access when at work due to their personal devices being prohibited, therefore, they could use the guest Wi-Fi at lunchtime.

37
Q
  1. A security team wants to be notified immediately if anyone’s account has a higher level of privilege. Which of the following is the BEST way to achieve this?
A

a. Least privilege
b. Permissions audit and review
c. Continuous monitoring
d. Security auditing

The only way to identify when a person’s access level increases is by continuous monitoring. With permission auditing and review, you might only audit every 3 or 6 months and this is not immediate.

38
Q
  1. Which of the following can be used by obfuscation?
A

a. Race condition
b. XOR
c. Input validation
d. Buffer overlap
e. Immutable system
f. Code signing

Obfuscation obscures source code so that it cannot be read by a third party. Expression OR (XOR) can swap values of distinct variables, making them obscure.

39
Q
  1. A company wishes to test a new application without impacting any of the current infrastructure. What should the company use to test the application?
A

a. Snapshot
b. Production
c. Staging
d. Sandboxing

Sandboxing is an isolated virtual machine that can be used to test, patch, or isolate an application or operating system.

40
Q
  1. A company has its headquarters in New York and has opened a new branch office in Miami. These two offices need to have a secure connection so that they can transfer data between the sites daily. Which of the following technologies is the MOST cost-effective?
A

a. Site-to-site VPN
b. Lease line
c. Fiber connection
d. TACACS+

A site-to-site VPN in “always-on” mode is a permanent connection between two sites. It is much cheaper than purchasing a lease line or running a fiber cable.

41
Q
  1. Following a recent audit, the CEO has written a new policy to make the network more secure. The systems administrator followed the policy by implementing secure controls. What type of controls have been implemented? Select the BEST answer.
A

a. Administrative control
b. Control diversity
c. Technical control
d. Risk mitigation
e. Physical control

The CEO has used an administrative control and the systems administrator has then implemented technical controls. As two controls were used, this should be deemed control diversity.

42
Q
  1. Which of the following can capture motion and provide non-repudiation?
A

a. Tape recorder
b. Camera
c. SIEM
d. SoC

A camera can take pictures and capture video. They can be used in evidence in case of an investigation.

43
Q
  1. Which of the following is an example of a SCADA system? Select ALL that apply.
A

a. Waterworks
b. Oil refinery

c. Bakery
d. Supermarket

SCADA systems are used to control and monitor plant and equipment on an industrial basis. They have a control room with different stages of production.

44
Q
  1. A systems administrator has to install full disk encryption on all of their laptops. What piece of hardware is required before FDE can be installed?
A

a. SLE
b. TPM
c. SoC
d. ICS
e. MDM

BitLocker is an example of FDE and needs either a TPM chip or HSM to install the keys.

45
Q
  1. A company has bought a huge department store that they will convert into a data center. They are looking at controlling access to everyone who enters the data center. Which of the following are the BEST to implement? Choose two.
A

a. HVAC
b. Mantrap
c. Proximity card
d. Guards
e. SIEM
f. CCTV

Guards check the identity of those people entering the data center. A mantrap ensures that only one person accesses the data center at a time and can be controlled by the guard.

46
Q
  1. Interpol is investigating criminal activity between London, Paris, and New York. They launch raids on the criminals simultaneously and collect evidence. Now, they want to obtain a much clearer picture of the lines of communication between the criminals. What should they adopt?
A

a. Time offset
b. Normalization
c. Chain of custody
d. Memorandum of understanding
e. Evidence log updates

When evidence is collected, they take the regional time known as the record time offset. They can use time normalization by converting it into the same time zone, such as GMT, to establish how data is moved between the criminals.

47
Q
  1. A project manager has stated that each stage of the project should be completely finished before moving into the next stage. What model is he adopting?
A

a. Scrum
b. Agile
c. Waterfall
d. Big Bang model

Waterfall is one of the oldest SDLC methodologies, where one stage of the project is finished before moving onto the next stage.

48
Q
  1. The auditor has carried out an audit of the company’s servers and noticed that all of the email servers are located inside the LAN. The mobile sales team have all of their emails on a server known as Mail1. The auditor recommended that Mail1 needs to be isolated from the other mail servers. Which of the following is the BEST solution?
A

a. Place it in its own subnet
b. Attach it to an 802.1x managed switch
c. Air gap the mail server
d. Place the mail server in the DMZ

There are only two ways to isolate the mail server: put it in a VLAN or a DMZ. Air gapping it would mean that nobody could access any email