Mom's Study Guide

Question 1

What do you call asymmetric encryption that has a Certificate Authority and the associated infrastructure to support issuing and managing certificates?

Answer 1

Public Key Infrastructure

Question 2

What is the ultimate authority of PKI that holds the root key for signing all of the certificates that it gives the intermediary, who in turn issues the certificate to the requester?

Answer 2

Certificate Authority

Question 3

What kind of Certificate Authority is always up and running so that people in the company can request a certificate at any time of the day or night?

Answer 3

Online Certificate Authority

Question 4

What kind of Certificate Authority is for military or secure environments where clearance and vetting muste be completed before someone can be issued with a certificate?

Answer 4

Offline Certificate Authority

Question 5

What do you call a certificate authority that is also known as a third-party CA and is commercially accepted as an authority for issuing public certificates?

Answer 5

Public Certificate Authority

Question 6

Who validates and accepts the incoming requests for certificates from users on the network and notifies the CA to issue the certificates?

Answer 6

Registration Authority

Question 7

What do you call an intermediary CA?

Answer 7

Subordinate Certificate Authority

Question 8

What prevents the compromising of the CA, certificate fraud and SSL man-in-the-middle attacks?

Answer 8

Certificate Pinning

Question 9

What do you call the root certificate in a PKI environment from which the whole chain of trust is derived. AKA the root CA?

Answer 9

Trust anchor

Question 10

What proves the authenticity of a certificate?

Answer 10

Trust models

Question 10

What trust model uses a hierarchy from the root CA down the intermediary; the normal PKI model?

Answer 10

Hierarchical Trust Model

Question 11

What trust model is peer-to-peer, where two separate PKI environments trust each other?

Answer 11

Bridge Trust Model

Question 12

What shows the trust from the vendor, the vendor CA, and the computer where the certificate is installed?

Answer 12

Certificate Chaining

Question 13

What hashing algorithm results in a 160 bit message digest?

Answer 13

SHA-1

Question 14

What hashing algorithm results in a 256 bit message digest?

Answer 14

SHA-2

Question 15

What hashing algorithm results in a 512 bit message digest?

Answer 15

SHA3

Question 16

What hashing algorithm results in a 128-bit message digest?

Answer 16

MD5

Question 17

What is the difference between SHA1 and MD5 hashing algorithms?

Answer 17

SHA1 is more secure but MD5 is faster

Question 18

What is the concept of protecting a company’s data with a series of protective layers so that if one layer fails, another layer will already be in place to thwart an attack?

Answer 18

Defense in Depth

Question 19

What controls are written by managers to create organizational policies and procedures to reduce risk within companies?

Answer 19

Managerial Controls

Question 20

What controls are executed by company personnel during their day-to-day operations?

Answer 20

Operational controls

Question 21

What do you call an annual event where you are reminded about what you should be doing on a daily basis to keep the company safe?

Answer 21

Annual Security Awareness Training

Question 22

What do you call the process that a company adopts so that changes made don’t cause any security risks to the company?

Answer 22

Change Management

Question 23

What do you call the contingency planning to keep the businesses up and running when a disaster occurs by identifying any single point of failure that would prevent the company from remaining operational?

Answer 23

Business Continuity Plan

Question 24

What do you call controls implemented by the IT team to reduce the risk to the business?

Answer 24

Technical controls

Question 25

What type of control is Annual Risk Assessment?

Answer 25

Managerial Control

Question 26

What type of control is Penetration Testing?

Answer 26

Managerial Control

Question 27

What type of control is Change management?

Answer 27

Operational control

Question 28

What type of control is a business continuity plan?

Answer 28

Operational control

Question 29

What type of control is firewall rules?

Answer 29

Technical control

Question 30

What type of control is antivirus/antimalware?

Answer 30

Technical Control

Question 31

What type of control is IPS and IDS?

Answer 31

Technical control

Question 32

What type of control is CCTV?

Answer 32

Deterrent control

Question 33

What type of control is motion sensors?

Answer 33

Deterrent control

Question 34

What kind of controls are used to investigate an incident that has happened and needs to be investigated?

Answer 34

Detective controls

Question 35

What type of controls are the actions you take to recover from an incident?

Answer 35

Corrective controls

Question 36

What controls are used instead of a primary control that has failed or is not available?

Answer 36

Compensating/Alternative/Secondary Controls

Question 37

What types of controls are put in place to deter any attack?

Answer 37

Preventative Controls

Question 38

What kind of control involves New Technology File System (NTFS) file permissions, which are used in Microsoft operating systems?

Answer 38

Discretionary Access Control

Question 39

What kind of control is based on the classification level of the data?

Answer 39

Mandatory Access Control (MAC)

Question 40

What is the classification of the person who writes the data, and they are the only person that can determine the classification?

Answer 40

Data Owner

Question 41

What is the classification of the person responsible for labeling the data?

Answer 41

Data Steward

Question 42

What is the classification of the person who stores and manages classified data?

Answer 42

Data Custodian

Question 43

Who is the person who gives access to classified data once clearance has been approved?

Answer 43

Security Administrator

Question 44

In what kind of access control is a rule applied to all of the people within a department?

Answer 44

Rule-based Access Control

Question 45

In what kind of access control is access restricted based on an attribute in the account?

Answer 45

Attribute-based Access Control

Question 46

“Linux file permissions come in a numerical format; the first number represents the _______, the second represents the _______, and the third represents _________?”

Answer 46

Owner, group, all other users

Question 47

In Linux file permissions the numerical value 4 means?

Answer 47

Read

Question 48

In Linux file permissions the numerical value 2 means?

Answer 48

Write

Question 49

In Linux file permissions the numerical value 1 means?

Answer 49

Execute

Question 50

What controls are put in place to stop unauthorized access to the company or accessing the data. (Controls that you can touch)

Answer 50

Physical Security Controls

Question 51

In what stage of Cloud Forensic Process 26 do we verify the purpose of cloud forensics?

Answer 51

Stage A

Question 52

In what stage of Cloud Forensic Process 26 do we verify the type of cloud service?

Answer 52

Stage B

Question 53

In what stage of Cloud Forensic Process 26 do we verify the type of technology behind the cloud?

Answer 53

Stage C

Question 54

In what stage of Cloud Forensic Process 26 do we verify the role of the user and negotiate with the CSP to collect the evidence required?

Answer 54

Stage D

Question 55

The first stage in checking whether a certificate is valid, no matter the scenario, is to what?

Answer 55

Check the Certificate Revocation List

Question 56

What comes into play when the CRL is going slow?

Answer 56

Online Certificate Status Protocol (OCSP)

Question 57

What is used when a web server bypasses the CRL to use the OCSP for a faster confirmation, irrespective of whether or not a certificate is valid?

Answer 57

OCSP Stapling/Certificate Stapling

Question 58

Certificate validity can only be done by who?

Answer 58

CRL or OCSP

Question 59

What do you call the process of requesting a new certificate?

Answer 59

Certificate Signing Request (CSR)

Question 60

What holds the private keys for third parties and stores them in a HSM?

Answer 60

Key Escrow

Question 61

What do you call a piece of hardware attached to the server or a portable device that is attached to store the keys?

Answer 61

Hardware Security Module (HSM)

Question 62

If a user can not access their data because their private key is corrupted, who will recover the data for them by getting the private key from the key escrow?

Answer 62

Data Recovery Agent (DRA)

Question 63

A certificate is identified by it’s what?

Answer 63

Object Identifier (OID)

Question 64

What kind of certificates are issued by the same entity that is using it?

Answer 64

Self-Signed Certificates

Question 65

What kind of certificate is an X.509 certificate that proves ownership of a domain name?

Answer 65

Domain Validation Certificate

Question 66

What kind of certificate can be used on multiple domain names and also can have other information inserted into them such as an IP address?

Answer 66

Subject Alternative Name (SAN)

Question 67

What kind of certificates are used to digitally sign software so that its authenticity is guaranteed?

Answer 67

Code Signing Certificates

Question 68

What kind of certificate is used to identify a computer within a domain?

Answer 68

Computer/Machine

Question 69

What kind of certificate provides authenticity to a user for the applications that they use?

Answer 69

User Certificate

Question 70

What kind of certificates provide a higher level of trust in identifying the entitiy that is using the certificate?

Answer 70

Extended Validation

Question 71

What kind of certificates can be installed on multiple public facing websites as a cheaper option?

Answer 71

Wildcard Certificates

Question 72

Turning plaintext into ciphertext is known as?

Answer 72

Encryption

Question 73

What creates a secure tunnel for symmetric data to pass through when it is in transit?

Answer 73

Diffie Hellman (DH)

Question 74

What encryption standard comes in 3 key strengths: 128, 192, and 256 bit. It is commonly used for L2TP/IPSec VPNs?

Answer 74

Advanced Encryption Standard (AES)

Question 75

What encryption standard groups data in to 64 bit blocks but is seen as a 56-bit key?

Answer 75

Data Encryption Standard (DES)

Question 76

What encryption standard applies the DES key 3x and is said to be a 168 bit key?

Answer 76

Triple DES (3DES)

Question 77

What encryption standard is 40 bits and is used by WEP and is seen as a stream cipher?

Answer 77

Rivest Cipher 4 (RC4)

Question 78

What kind of encryption is commonly used with AES, several symmetric ciphers, and a one time pad?

Answer 78

Exclusive OR (XOR)

Question 79

What kind of encryption is used to encrypt large amounts of data?

Answer 79

Symmetric Encryption

Question 80

What mode of operation adds XOR to each plaintext block from the ciphertext block that was previously produced?

Answer 80

Cipher Block Chaining (CBC)

Question 81

What mode of operation replaces each block of the clear text with the block of ciphertext.?

Answer 81

Electronic Code Book (ECB)

Question 82

What mode of operation is a block cipher mode of operation that uses universal hashing over a binary Galois field to provide authenticated encryption? It can be implemented in hardware and software to achieve high speeds with low cost and low latency?

Answer 82

Galois/Counter Mode

Question 83

What mode of operation turns a block cipher into a stream cipher?

Answer 83

Counter Mode (CTR)

Question 84

Quantum computing uses qubits, which can be switched on or off at the same time or somewhere in between. This is known as?

Answer 84

A superposition

Question 85

Hashing is a ___________ function, that can not be __________.

Answer 85

One-way
reversed.

Question 86

What are used to verify the integrity of an email so that you know it has not been tampered with in transit?

Answer 86

Digital Signatures

Question 87

RIPEMD is used for?

Answer 87

Hashing data

Question 88

What do you call short-lived keys that are used for a one-time only session?

Answer 88

Ephemeral Keys

Question 89

What are the two types of ephemeral keys?

Answer 89

Diffie Hellman Ephemeral (DHE) and Elliptic Curve Diffie Hellman Ephemeral (ECDHE)

Question 90

Asymmetric Algorithms should not be using a key whose strength is what?

Answer 90

2046 or lower

Question 91

What is the only VPN that uses an SSL certificate and works with legacy clients?

Answer 91

SSL VPN

Question 92

What kind of algorithm takes the data from a document and generates a hexadecimal value from that input?

Answer 92

Hashing algorithm

Question 93

What is a one-way function to ensure that the integrity of the data is intact?

Answer 93

Hashing

Question 94

What do you call a combination of hardware and software that implements cryptofunctions such as digital signatures, encryption, random number generation, and decryption?

Answer 94

Crypto module

Question 95

What do you call data that is not being used and is stored on either a hard drive or external storage?

Answer 95

Data-at-rest

Question 96

How would you protect data on a laptop or desktop?

Answer 96

Full Disk Encryption (FDE) and DLP

Question 97

How would you keep the data on tablets/phones from being stolen?

Answer 97

Full Disk Encryption

Question 98

How would you keep the data on USB’s or removable devices from being stolen?

Answer 98

Full Disk Encryption

Question 99

What is the process where you take source code and make it look obscure, so that if it is stolen it would not be understood?

Answer 99

Obfuscation

Question 100

What process is used to mask data?

Answer 100

Obfuscation

Question 101

What prevents an attacker from using the servers private key to decrypt a key exchange session, even if the VPN server has been compromised?

Answer 101

Perfect forward secrecy

Question 102

What is it called when a document, image, audio file, or video file can be hidden inside another document, image, audio file, or video file?

Answer 102

Steganography

Question 103

What kind of encryption allows an accountant to run calculations against data while it is still encrypted and could be used with data stored in the cloud?

Answer 103

Homomorphic Encryption

Question 104

What is the technique where you change one character of the input, which will change multiple bits of the output?

Answer 104

Diffusion

Question 105

To prevent data form being accessed, we would do what?

Answer 105

Encrypt the data

Question 106

When people access the company’s network from a remote location they should use a what?

Answer 106

L2TP/IPSec VPN Tunnel using AES

Question 107

Encryption could be coupled with what to ensure that data is secure and kept confidential?

Answer 107

Mandatory Access control

Question 108

What could we do to data stored on a file server to prove that it has not been tampered with?

Answer 108

Hash the data

Question 109

Small Internet of Things devices will need to use what for encryption?

Answer 109

ECC Elliptic Curve Cryptography

Question 110

What type of certificate does a CA have?

Answer 110

A CA has a root certificate, which it uses to sign keys

Question 111

If I am going to use a CA internally, what type of CA should I use?

Answer 111

a Private CA for internal use only

Question 112

If I want to carry out B2B activity with 3rd-party companies or sell products on the web, what type of CA should I use?

Answer 112

A public CA

Question 113

Why would I make my CA offline when not in use?

Answer 113

To prevent it from being compromised.

Question 114

Who builds the CA or intermediary authorities?

Answer 114

An architect

Question 115

Who signs X509 certificates?

Answer 115

CA

Question 116

What can I use to prevent my CA from being compromised and fraudulent certificates being used?

Answer 116

Certificate pinning

Question 117

If two entities want to set up a cross-certification, what must they set up first?

Answer 117

A bridge trust model

Question 118

What type of trust model does PGP use?

Answer 118

Web of Trust

Question 119

How can I tell whether my certificate is valid?

Answer 119

by using a CRL

Question 120

If the CRL is going slow, what should I implement?

Answer 120

OCSP

Question 121

Explain certificate stapling/OCSP stapling?

Answer 121

Certificate stapling/OCSP stapling is where a web server uses an OCSP for faster certificate authentication, bypassing the CRL

Question 122

What is the process of obtaining a new certificate?

Answer 122

CSR

Question 123

What is the purpose of the key escrow?

Answer 123

The key escrow stores and manages private keys for third parties.

Question 124

What is the purpose of the HSM?

Answer 124

A HSM is used by the key escrow as it securely stores and manages certificates.

Question 125

What is the purpose of the DRA and what does it need in order to complete its role effectively?

Answer 125

When a user’s private key becomes corrupt, the DRA recovers the data by obtaining a copy of the private key from the key escrow.

Question 126

How can I identify each certificate?

Answer 126

by its OID

Question 127

What format is a private certificate and what file extension does it have?

Answer 127

A private certificate is in P12 format with a .pfx extension

Question 128

What format is a public certificate and what file extension does it have?

Answer 128

A public certificate is in P7B format with a .cer extension

Question 129

What format is a PEM certificate?

Answer 129

A PEM certificate is in Base64 format.

Question 130

What type of certificate can be used on multiple servers in the same domain?

Answer 130

A wildcard certificate can be used on multiple servers in the same domain.

Question 131

What should I do with my software to verify that it is original and not a fake copy?

Answer 131

Code-signing software is similar to hashing the software and ensuring the integrity of the software.

Question 132

What is the purpose of extended validation of an X509?

Answer 132

it provides a higher level of trust for the X509; when it is used, the URL background turns green.

Question 133

What type of cipher is the Caesar cipher and how does it work it it uses ROT4?

Answer 133

The Caesar cipher is a substitution cipher; each letter would be substituted by a letter four characters along in the alphabet.

Question 134

What is encryption and what are the inputs and outputs called?

Answer 134

Encryption is when plain text is taken and turned into ciphertext.

Question 135

What type of encryption will be used to encrypt large amounts of data?

Answer 135

Symmetric encryption is used to encrypt large amounts of data as it uses one key.

Question 136

What is the purpose of DH?

Answer 136

DH is an asymmetric technique that creates a secure tunnel; during a VPN connection, it is used during the IKE phase and uses UDP port 500 to create the VPN tunnel.

Question 137

What is the first stage in any encryption, no matter whether it is asymmetric or symmetric?

Answer 137

Key exchange

Question 138

If Carol is encrypting data to send to Bob, what key will they each use?

Answer 138

Carol uses Bob’s public key to encrypt the data, and then Bob will use his private key to decrypt the data.

Question 139

If George encrypted data 4 years ago with an old CAC card, can he unencrypt the data with his new CAC card?

Answer 139

George must obtain the old private key to decrypt the data as the encryption was done with a different key pair.

Question 140

If Janet is digitally signing an email to send to John to prove that it has not been tampered with in transit, what key will they each use?

Answer 140

Janet will digitally sign the email with her private key and John will check its validity with Janet’s public key, which he would have received in advance.

Question 141

What 2 things does digitally signing an email provide?

Answer 141

Integrity and Non-repudiation

Question 142

What asymmetric encryption algorithm should I use to encrypt data on a smartphone?

Answer 142

ECC as it is small and fast and uses the DH handshake

Question 143

What shall I use to encrypt a military mobile phone?

Answer 143

AES-256

Question 144

Name 2 key stretching algorithms

Answer 144

bcrypt and PBKDF2

Question 145

What is the purpose of key stretching?

Answer 145

Key stretching salts the password being stores so that duplicate passwords are never stored, and it also increases the length of the keys to make things harder for a brute-force attack.

Question 146

What is the difference between stream and block cipher modes, and which one will you use to encrypt large blocks of data?

Answer 146

Streams encrypt one bit at a time and block ciphers take blocks of data. A block cipher will be used for large amounts of data.

Question 147

What happens with cipher block chaining if I don’t have all of the blocks?

Answer 147

CBC needs all of the blocks of data to decrypt the data; otherwise, it will not work.

Question 148

If I want to ensure the integrity of data, what shall I use? Name two algorithms.

Answer 148

Hashing ensures the integrity of data. MD5 and SHA-1

Question 149

If I want to ensure the protection of data, what shall I use?

Answer 149

Encryption is used to protect data so that it cannot be reviewed or accessed.

Question 150

Is a hash a one-way or two-way function and is it reversible?

Answer 150

A hash is a one-way function and cannot be reversed?

Question 151

What type of man-in-the-middle attack is SSL 3.0 (CBC) vulnerable to?

Answer 151

POODLE is a man-in-the-middle attack on a downgraded SSL 3.0 (CBC)

Question 152

Explain why we would use Diffie Hellman Ephemeral (DHE) and Elliptic Curve Diffie Hellman Ephemeral (ECDHE)?

Answer 152

DHE and ECDHE are both ephemeral keys that are short-lived, one -time keys.

Question 153

What are the strongest and weakest methods of encryption with an L2TP/IPSec VPN tunnel?

Answer 153

The strongest encryption for an L2TP/IPSec VPN tunnel is AES and the weakest is DES.

Question 154

What is the name of the key used to ensure the security of communication between a computer and a server or a computer to another computer?

Answer 154

A session key ensures the security of communications between a computer and a server or a computer and another computer.

Question 155

What should I do to protect data at rest on a laptop?

Answer 155

Data at rest on a laptop is protected by FDE.

Question 156

What should I do to protect data at rest on a tablet or smartphone?

Answer 156

Data at rest on a tablet or smartphone is protected by FDE

Question 157

What should I do to protect data at rest on a backend server?

Answer 157

Data at rest on a backend server is stored on a database, so it needs database encryption.

Question 158

What should I do to protect data at rest on a removable device, such as a USB flash drive or an external hard drive?

Answer 158

Data at rest on a USB flash drive or external hard drive is done via FDE

Question 159

What two protocols could we use to protect data in transit?

Answer 159

Data in transit could be secured using TLS, HTTPS, or an L2TP/IPSec tunnel.

Question 160

How can you protect data in use?

Answer 160

Data in use could be protected by full memory encryption

Question 161

What is the purpose of obfuscation?

Answer 161

Obfuscation is used to make the source code look obscure so that if it is stolen, it can not be understood. It masks the data and could use either XOR or ROT13 to obscure the data.

Question 162

What is the purpose of perfect forward secrecy?

Answer 162

Perfect forward secrecy ensures that there is no link between the server’s private key and the session key. If the VPN server’s key was compromised, it could not decrypt the session.

Question 163

What type of attack tries to find two hash values that match?

Answer 163

A collision attack

Question 164

What is the purpose of rainbow tables?

Answer 164

Rainbow tables are a list of precomputed words showing their hash value. You will get rainbow tables for MD5 and different rainbow tables for SHA-1.

Question 165

Explain the concept of steganography.

Answer 165

Steganography is used to conceal data; you can hide a file, image, video, or audio, inside another image, video, or audio file.

Question 166

What are the 2 purposes of DLP?

Answer 166

DLP prevents sensitive or PII information from being emailed out of a company of being stolen from a file server using a USB device.

Question 167

What is the purpose of salting a password?

Answer 167

Salting a password ensures that duplicate passwords are never stored and makes things more difficult for brute-force attacks by increasing the key size. It appends the salt to the password making it longer than before hashing.

Question 168

What are the 4 key elements to Identify and Access Management?

Answer 168

Identity, Authentication, Authorization, and Accounting.

Question 169

What is an entity that can validate that the credentials that are presented are valid?

Answer 169

Identify Provider (IdP)

Question 170

What type of account has no real access?

Answer 170

A user account

Question 171

What type of account is a legacy account that was designed to give limited access to a single computer without the need to create a user account?

Answer 171

Guest Account

Question 172

What type of account is used for external speakers who may need access to the internet while delivering their presentation?

Answer 172

Sponsored guest account

Question 173

What type of accounts have much higher access to the system and tend to e used by members of the IT team?

Answer 173

Privilege Account

Question 174

What type of accounts can install software and manage the configuration of a server or a computer?

Answer 174

Administrative account

Question 175

What type of accounts have the privileges to create, delete, and manage user accounts?

Answer 175

Administrative accounts

Question 176

What type of account is used for installing software on a computer or server; it needs higher levels of privilege to run the software but also needs a lower-level administrative account?

Answer 176

Service Account

Question 177

What type of account is used when a group of people perform the same duties?

Answer 177

Shared Account

Question 178

What types of accounts are default administrative accounts created by manufacturers for devices? They all have default usernames and passwords.

Answer 178

Generic Accounts

Question 179

What kind of certificate-based authentication is used by governmental and military personnel as they provide both authentication and identification as it has a picture of the user on it?

Answer 179

Common Access Card (CAC)

Question 180

What kind of certificate-based authentication is very similar to the CAC, but it is used by federal agencies rather than the military?

Answer 180

Personal Identity Verification (PIV)

Question 181

What is the port-based authentication protocol that is used when a device is connected to a switch or when a user authenticates to a WAP?

Answer 181

IEEE 802.1x

Question 182

Authentication with a password that has a short lifespan will be a?

Answer 182

TOTP

Question 183

What can be used to establish a region and can pinpoint whether or not you are in that region and if you are not, you will not be able to log in?

Answer 183

Geofencing

Question 184

What helps prevent fraud when someone from a foreign country attempts to log in to your systems?

Answer 184

Geofencing

Question 185

What concept can be used to block any attempt to login outside of the locations that have been determined as allowed regions?

Answer 185

Context-aware location

Question 186

What concept can be used to identify where your phone is located by using the GPS?

Answer 186

Smart phone location services

Question 187

What concept is a security feature used by cloud providers such as Microsoft to prevent fraud? If a person is located in Toronto and then 30 minutes later is deemed to be in Las Vegas, their attempt to log in will be blocked.

Answer 187

Impossible Time Travel

Question 188

What concept is a security feature used by cloud providers where they have a database of the devices used by each user? An email will be sent when the device is not recognized and only upon verification will the new device get access.

Answer 188

Risky Login

Question 189

What is an internet standard where the server signs a token with its private key and sends it to a user to prove who they are? Can also be used to digitally sign documents and email and is used by OAuth

Answer 189

Javascript Object Notation Web Token (JWT)

Question 190

What codes change after a period of time, and are commonly used by broadband engineers?

Answer 190

Static Codes

Question 191

What type of authentication management looks like a USB device and works in conjunction with your password to provide multifactor authentication?

Answer 191

Password Keys

Question 192

What type of authentication management are stored locally on the device and store all of your passwords so that you don’t need to remember them? Uses AES-256 encryption.

Answer 192

Password Vault

Question 193

What type of authentication management are chips normally built into the motherboard of a computer and are used when you are using FDE (like Bitlocker)?

Answer 193

Trusted Platform Module (TPM)

Question 194

What type of authentication management can be a removable device that can be attached to a computer or server via a USB connection? Used to store encryption keys.

Answer 194

Hardware Security Module (HSM)

Question 195

What type of authentication management is normally used by banks, financial institutions, or email providers to identify someone when they want to password reset?

Answer 195

Knowledge-Based Authentication

Question 196

What is an authentication framework allowing point-to-point connections?

Answer 196

Extensible Authentication Protocol (EAP)

Question 197

What version of EAP encapsulates the EAP data and makes it more secure for WLANS?

Answer 197

Protected Extensible Authentication Protocol (PEAP)

Question 198

What version of EAP does not use certificates, but protected access credentials instead? Used in wireless networks.

Answer 198

EAP-FAST (Flexible Authenticate via Secure Tunneling)

Question 199

What version of EAP needs X509 certificates installed on the endpoints for authentication?

Answer 199

EAP-TLS

Question 200

What version of EAP needs the certificates to be installed on the server? It creates a tunnel for the users credentials to travel through.

Answer 200

EAP-TTLS

Question 201

What are the two main AAA servers?

Answer 201

Microsoft’s RADIUS and CISCO’s TACACS+

Question 202

What server is UDP-based, and authenticates servers such as VPN servers, RAS servers, and the 802.1x authenticating switch?

Answer 202

RADIUS server

Question 203

Every RADIUS client needs the ______ to join the RADIUS environment?

Answer 203

secret key/session key/share secret

Question 204

What is the more modern version of RADIUS that works on TCP? It is the AAA server that uses EAP.

Answer 204

Diameter

Question 205

What is the CISCO AAA server that used TCP, and uses TCP port 49 for authentication?

Answer 205

TACACS+

Question 206

What allows someone working remotely, either from a hotel room or home, to connect securely through the internet to the corporate network?

Answer 206

A VPN

Question 207

What is a legacy protocol that pre-dated the VPN? It used modems and a dial-up network using telephone lines, and was very restricted in speed.

Answer 207

Remote Access Services (RAS)

Question 208

What authentication method should be avoided at all costs as the passwords are transmitted as clear text and can be easily captured?

Answer 208

Password Authentication Protocol (PAP)

Question 209

What authentication method was used to connect to to an RAS server with a four-stage process?

Answer 209

Challenge Handshake Authentication Protocol (CHAP)

Question 210

What is a solution that helps protect the privilege accounts within a domain, preventing attacks such as pass the hash, pass the ticket, and privilege escalation? It also gives visibility in terms of who is using privilege accounts and what tasks they are being used for.

Answer 210

Privilege Access Management

Question 211

What kind of access control is based on the classification level of the data?

Answer 211

Mandatory Access Control (MAC)

Question 212

What kind of access control applies a rule to all of the people within a department?

Answer 212

Rule-based Access Control

Question 213

What kind of access control restricts access based on an attribute in the account?

Answer 213

Attribute-based Access Control

Question 214

What protocol manages the users in groups?

Answer 214

LDAP

Question 215

What is the Microsoft authentication protocol that uses tickets, updated sequence numbers (USN), and it is time stamped?

Answer 215

Kerberos

Question 216

What kind of server can be placed on your LAN to keep the domain computers and servers in sync with each other?

Answer 216

Network Time Protocol server

Question 217

What are used when two different companies want to authenticate between each other when they participate in a joint venture?

Answer 217

Federation Services

Question 218

When the exam talks about authentication using the phrase ‘third-party’ or extended attributes, think of?

Answer 218

Federation services

Question 219

What is an open source federation service product that uses SAML authentication? It would be used in a small federation service environment and can use cookies.

Answer 219

Shibboleth

Question 220

When two companies need to exchange the extended attribute information and require a special protocol to do so, they use?

Answer 220

Security Assertion Mark-up Language (SAML)

Question 221

What provides authorization to enable third-party applications to obtain limited access to a web service?

Answer 221

OAuth 2.0

Question 222

What uses OAuth to allow users to log in to a web application without needing to manage the users account? It allows users to authenticate by using their Google, Facebook, or Twitter account.

Answer 222

Open ID Connect

Question 223

What kind of system is used for real time monitoring and can be used to aggregate, decipher, and normalize non-standard log formats? It can also filter out fake positives.

Answer 223

Security Information and Event Management

Question 224

What can be run against the system to discover accounts that have not been used for a certain period of time?

Answer 224

Discovery service query

Question 225

What prevents someone from just reusing the same password? Mainly used for Windows OS’s

Answer 225

Password history

Question 226

What is another term used for password history that refers to any other products than a Windows operating system?

Answer 226

Password Reuse

Question 227

What is the maximum number of days that a password can be used for before you are required to change it?

Answer 227

Maximum Password Age

Question 228

What is the most common form of authentication that is most likely to be entered incorrectly?

Answer 228

A Password

Question 229

When I purchase a new wireless access point what should I do first?

Answer 229

Change the default username and password

Question 230

What is password history?

Answer 230

The number of passwords you can use before you can reuse your current password

Question 231

How can I prevent someone from reusing the same password?

Answer 231

Set up password history

Question 232

Explain what format a complex password takes?

Answer 232

Uppercase and lowercase letters, numbers, and special characters not used in programming

Question 233

How can I prevent a hacker from inserting a password multiple times?

Answer 233

Set up an account lockout with a low value

Question 234

What type of factor authentication is a smart card?

Answer 234

Multi-factor or dual factor

Question 235

How many factors is it if I have a password, Pin and date of birth?

Answer 235

A password, Pin, and date of birth are all factors that you know; therefore it is single-factor.

Question 236

What is biometric authentication?

Answer 236

where you use a part of your body or voice for authentication

Question 237

What authentication method can be used by two third parties that participate in a joint venture?

Answer 237

Federated services

Question 238

What is an XML-based authentication protocol?

Answer 238

Security Assertion Markup Language

Question 239

What is a Shibboleth?

Answer 239

A small open source Federation Services protocol.

Question 240

What protocol is used to store and search for Active Directory objects?

Answer 240

LDAP

Question 241

What is the format of a distinguished name for a user called Fred who works in the IT department for a company with a domain called Company A that is a dotcom?

Answer 241

CN=Fred
OU=IT
DC=Company
DC=Com

Question 242

What authentication factor uses tickets, timestamps, and updated sequence numbers and is used to prevent replay attacks?

Answer 242

Kerberos

Question 243

What is a TGT session?

Answer 243

A Ticket-Granting Ticket process is where a user logs in to an Active Directory domain using Kerberos authentication and receives a service ticket.

Question 244

What is a single sign on? Give two examples.

Answer 244

where a user inserts their credentials only once and accesses different resources without needing to re-enter the credentials. Kerberos, Federation services, or a smart card.

Question 245

How can I prevent a pass-the-hash attack?

Answer 245

Pass-the-hash attacks exploit older systems such as Microsoft NT4.0, which uses NT LAN Manager. You can prevent this by enabling Kerberos or disabling NTLM.

Question 246

Give an example of when you would use Open ID Connect?

Answer 246

OpenID connect is where you access a device or portal using your Facebook, Twitter, Google, or Hotmail credentials. The portal itself does not manage the account

Question 247

Name two AAA servers and the ports associated with them.

Answer 247

Microsoft RADIUS, using port 1812 and Cisco TACACS+ and uses TCP port 49

Question 248

What is used for accounting in an AAA server?

Answer 248

Accounting is an AAA server where they log the details of when someone logs in and logs out; this can be used for billing purposes. Accounting is normally logged into a database such as SQL. RADIUS accounting used UDP port 1813.

Question 249

What is the purpose of a VPN solution?

Answer 249

A VPN solution creates a secure connection from a remote location to your corporate network or vice versa. The most secure tunneling protocol is L2TP/IPSec.

Question 250

Why should we never use PAP authentication?

Answer 250

PAP authentication uses a password in clear text; this could be captured easily by a packet sniffer.

Question 251

What type of device is an iris scanner?

Answer 251

An iris scanner is a physical device used for biometric authentication.

Question 252

What could be the 2 drawbacks of using facial recognition?

Answer 252

Facial recognition could be affected by light or turning your head slightly to one side; some older facial recognition systems accept photographs.

Question 253

What is Type II in biometric authentication and why is it a security risk?

Answer 253

Type II in biometric authentication is Failure Acceptance Rate, where people that are not permitted to access your network are given access.

Question 254

What is a time limited password?

Answer 254

TOTP

Question 255

How many times can you use an HOTP password? Is there a time restriction associated with it?

Answer 255

HOTP is a one time password that does not expire until it used.

Question 256

How does a CAC differ from a smart card and who uses CAC?

Answer 256

A CAC is used by the military and has a picture and the details of the user on the front, as well as their blood group and Geneva convention category on the reverse side.

Question 257

What is a port-based authentication that authenticate both users and devices?

Answer 257

IEE802.1x is port-based authentication that authenticates both users and devices.

Question 258

What type of account is a service account?

Answer 258

A service account is a type of administrative account that allows an application to have a higher level of privileges to run on a desktop or server.

Question 259

How many accounts should a system admin for a multinational corporation have and why?

Answer 259

2 accounts: a user account for day-to-day tasks, and an administrative account for administrative tasks.

Question 260

What do I need to do when I purchase a baby monitor and why?

Answer 260

You should rename the default admin account and change the default password to prevent someone from using it to hack into your home.

Question 261

What is a privilege account?

Answer 261

An account with administrative rights

Question 262

What is the drawback for security if the company uses shared accounts?

Answer 262

When monitoring and auditing are carried out, the employees responsible cannot be traced from more than one person shared accounts.

Question 263

What is a default account? Is it a security risk?

Answer 263

Default accounts and passwords for devices and software can be found on the internet and used to hack your network or home devices.

Question 264

The system admin in a multinational corporation creates a user account using an employee’s first name and last name. Why are they doing this time after time?

Answer 264

They are using a standard naming convention.

Question 265

What two actions do I need to complete when John Smith leaves the company?

Answer 265

You need to disable his account and reset the password

Question 266

What is account recertification?

Answer 266

An audit of user accounts and permissions that is usually carried out by an auditor. This is also referred to as a user account review.

Question 267

What is the purpose of a user account review?

Answer 267

A user account review ensures that old accounts have been deleted and that all current users have the appropriate access to resources and not a higher level of privilege.

Question 268

What can I implement to find out immediately when a user is placed in a group that may give them a higher level of privilege?

Answer 268

A SIEM system can carry out active monitoring and notify the admin or any changes to user accounts or logs

Question 269

What will be the two possible outcomes if an auditor finds any working practices that do not conform to company policy?

Answer 269

Either change management or a new policy will be put in place to rectify any area not conforming to company policy.

Question 270

If a contractor brings in five consultants for two months of mail server migration, show should I set up their accounts?

Answer 270

The contractor’s account should have an expiry date equal to the last day of the contract.

Question 271

How can I ensure that 3rd party contractors can only access the company network from 9am - 5pm daily?

Answer 271

Rule-based access should be adopted so that the contractors can access the company network between 9am and 5pm daily.

Question 272

If I have a company that has 5 consultants who work in different shift patterns, how can I set up their accounts so that each of them can only access the network during their individual shifts?

Answer 272

Time and day restrictions should be set up against each individual’s user account matching their shift pattern.

Question 273

A brute-force attack cracks a password using all combinations of characters and will eventually crack a password. What can I do to prevent a brute-force attack?

Answer 273

Account lockout with a low value will prevent brute-force attacks.

Question 274

The IT team have a global group called IT Admin; each member of the IT team are members of this group and therefore have full control access to the departmental data. Two new apprentices are joining the company and they need to have read access to the IT data. How can you achieve this with the minimum amount of administrative effort?

Answer 274

Create a group called IT apprentices, and then add the apprentices accounts to the group Give the group read access to the IT data.

Question 275

I have different login details and passwords to access Airbnb, Twitter, Facebook, but I keep getting them mixed up and have locked myself out of these accounts from time to time. What can I implement on my Windows 10 laptop to help me?

Answer 275

The credential manager can be used to store generic and Windows 10 accounts. The user therefore does not have to remember the account details.

Question 276

I have moved departments, but the employees in my old department still use my old account for access; what should the company have done to prevent this from happening? What should their next action be?

Answer 276

The company should have disabled the account and reset the password. A user account review needs to be carried out to find accounts in a similar situation.

Question 277

What is the purpose of the ssh-copy-id command?

Answer 277

To copy and install the public key on the SSH server and add to the list of authorized keys.

Question 278

When I log in to my Dropbox account from my phone, I get an email asking me to confirm that this was a legal login. What have I been subjected to?

Answer 278

Risky login

Question 279

What is the purpose of a password vault and how secure is it?

Answer 279

A password vault is an application that stores passwords using an AES-256 encryption and it is only as secure as the master key.

Question 280

What type of knowledge-based authentication would a bank normally use?

Answer 280

A dynamic KBA that would ask you details about your account that are not previously stored questions.

Question 281

What is the difference between FAR and FRR?

Answer 281

FAR allows unauthorized user access, and FRR rejects authorized user access.

Question 282

What is a solution that helps protect privilege accounts?

Answer 282

Privileged Access Management is a solution that stores the privileged account in a bastion domain to help protect them from attack?

Question 283

What is the danger to households with IoT devices?

Answer 283

Some people don’t realize that there are generic accounts controlling the devices that make them vulnerable to attack.

Question 284

Why do cloud providers adopt a zero-trust model?

Answer 284

Some devices being used do not belong to a domain so every connection should be considered unsafe.

Question 285

Which authentication model gives access to a computer system even though the wrong credentials are being used?

Answer 285

Biometric authentication allows unauthorized users access to the system.

Question 286

In a cloud environment, what is elasticity?

Answer 286

Elasticity allows you to increase and decrease cloud resources as you need them.

Question 287

In which cloud environment would I install the software and then have to update the patches?

Answer 287

IaaS requires you to install the OS and patch the machines. The CSP provides bare-metal computers.

Question 288

What cloud model would I not be allowed to migrate to?

Answer 288

SaaS is a custom application written by a vendor and you cannot migrate to it.

Question 289

What is the major benefit of using a public cloud?

Answer 289

No capital expenditure.

Question 290

What is a cloud single-tenant model?

Answer 290

Private cloud

Question 291

What is a cloud multitenant model?

Answer 291

Public Cloud

Question 292

Describe how a community cloud operates.

Answer 292

A community cloud is where people from the same industry, such as a group of lawyers, design and share the cost of bespoke application and its hosting, making it cost-effective.

Question 293

Who is responsible for the disaster recovery of hardware in a cloud environment?

Answer 293

The CSP is responsible for the hardware fails.

Question 294

What is a Cloud Access Security Broker (CASB)?

Answer 294

The CASB ensures that the policies between on-premises and the cloud are enforced.

Question 295

What model is it if you own the premises and all of the IT infrastructure resides
there?

Answer 295

On-premises is where you own the building and work solely from there.

Question 296

What is a hybrid cloud model?

Answer 296

A hybrid cloud is where a company is using a mixture of on-premises and the cloud.

Question 297

What is distributive allocation?

Answer 297

Distributive allocation is where the load is spread evenly across a number of resources, ensuring no one resource is over-utilized. An example of this is using a load balancer.

Question 298

What type of model deals with identity management?

Answer 298

SECaaS provides secure identity management.

Question 299

Where will a diskless virtual host access its storage?

Answer 299

A diskless virtual host will get its disk space from an SAN

Question 300

If you have a virtual switch that resides on a SAN, what connector will you use for
a VLAN?

Answer 300

A VLAN on an SAN will use an iSCSI connector.

Question 301

What type of disks does a SAN use?

Answer 301

A SAN will use fast disks, such as SSDs

Question 302

What is the machine that holds a number of VMs called?

Answer 302

A host holds a number of virtual machines - it needs fast disks, memory, and CPU cores.

Question 303

What is a guest, and what can you use as a rollback option?

Answer 303

A guest is a virtual machine, for example, a Windows 10 virtual machine. A snapshot can be used to roll back to a previous configuration.

Question 304

In a virtual environment, what is sandboxing and how does it relate to chroot jail?

Answer 304

Sandboxing is where you isolate an application for patching or testing because it is dangerous. A chroot jail is for sandboxing in a Linux environment.

Question 305

Which is faster for data recovery: a snapshot or a backup tape?

Answer 305

A snapshot is faster at recovering than any other backup solution.

Question 306

What is a Type 1 hypervisor?

Answer 306

A Type 1 hypervisor is a bare-metal hypervisor (requires no OS). Some examples are Hyper-V, ESX, and Xen.

Question 307

What is a Type 2 hypervisor?

Answer 307

A Type 2 hypervisor is a hypervisor that sits on top of an operating system, for example, VirtualBox, which could be installed on a Windows 10 desktop.

Question 308

Why does HVAC produce availability for a data center?

Answer 308

HVAC keeps the servers cool by importing cold air and exporting hot air. If a servers CPU overheats, it will cause the server to crash.

Question 309

What do you call the cloud model where people from the same industry share
resources and the cost of the cloud model?

Answer 309

A community cloud is where people from the same industry share resources.

Question 310

What is an example of cloud storage for a personal user?

Answer 310

Cloud storage for personal users could be iCloud, Google Drive, Microsoft OneDrive, or Dropbox

Question 311

Explain the functionality of fog computing.

Answer 311

Fog computing is an intermediary between the device and the cloud. It allows the data to be processed closer to the device. It reduces latency and cost.

Question 312

What is edge computing?

Answer 312

It allows data storage to be closer to the sensors rather than miles away in a data center.

Question 313

What are containers?

Answer 313

A container allows the isolation of the applications and its files and libraries so that the application is independent.

Question 314

What is IaC?

Answer 314

Infrastructure as code allows you to automate your infrastructure, for example, using PowerShell DSC.

Question 315

Describe services integration.

Answer 315

The is the combination of business and IT functions into a single business solution.

Question 316

What are cloud resource policies?

Answer 316

These are the policies that state the actions and access levels someone has in relation to a particular resource.

Question 317

What is system sprawl, and what is a way to prevent it?

Answer 317

This is where a virtual machine or host has run out of resources. The best way to avoid this is to use thin provisioning.

Question 318

What is the best way to protect against VM escape?

Answer 318

VM escape is where an attacker will use a vulnerable virtual machine to attack the host of another virtual machine. The best protection against this attack is to ensure that the hypervisor and all virtual machines are fully patched.

Question 319

What is a cloud region, and how can it provide redundancy?

Answer 319

A cloud region consists of multiple physical locations called zones; data can be spread across multiple zones for redundancy.

Question 320

What is secret management, and what encryption levels protect the secret
management key?

Answer 320

Secrets management uses a vault to store keys, passwords, tokens, and SSH keys used for privilege accounts. It uses RSA 2048-bit keys to protect the secret management access key.

Question 321

Explain the main difference between LRS and ZRS. Which one is the cheapest?

Answer 321

LRS replicates 3 copies of your data to a single physical location. This is the cheapest option. ZRS is where three copies of the data are replicated to 3 separate zones within your region.

Question 322

Why would a VPC use private and public subnets?

Answer 322

They would be used as a form of network segmentation.

Question 323

What type of resources would be held on a public subnet?

Answer 323

Resources that need access to the internet, for example, company web servers. A NAT gateway and an internet gateway would also be on these subnets.

Question 324

What type of resources would be held on a private subnet?

Answer 324

Resources that should not have direct internet access, such as database servers, domain controllers, and email servers.

Question 325

How would someone connect to a VPC?

Answer 325

A VPN connection using L2TP/IPSec should be used to connect to a VPC.

Question 326

Where should a default route be pointing for a device within a private subnet,
and what is its purpose?

Answer 326

The default rout of 0.0.0.0 should be pointing to either the NAT gateway or the internet gateway. When network traffic does not know where to go, it will be sent to the default route as a last resort.

Question 327

Why might a third-party cloud solution be better than a cloud-native solutions?

Answer 327

The third-party tools will offer more flexibility.

Question 328

Which pen tester would be given source code?

Answer 328

The white box tester can access the source code.

Question 329

Why would a shared account pose a problem to monitoring?

Answer 329

It would prevent you from monitoring or auditing an individual.

Question 330

Which pen tester would be given no access prior to the test but, at the last minute,
is given a diagram of the desktops?

Answer 330

The gray box pen tester would be given at least one piece of information; normally they get limited data.

Question 331

What needs to be established prior to a pen test commencing?

Answer 331

Rules of engagement must be established.

Question 332

While carrying out an unannounced pen test, how does the tester know if the
internal security team are on to him?

Answer 332

He would have regular meetings with the client, who would tell him if he has been discovered.

Question 333

What is the scope of rules of engagement?

Answer 333

The scope determines whether the pen test is black, gray, or white.

Question 334

If the pen test has been announced to the IT team, what information should they
give regarding the test prior to the test starting?

Answer 334

The pen tester would give the internal IT team their IP address so that they can establish whether or not it is the pen tester or an attacker.

Question 335

What is the main difference between a credentialed and a non-credentialed
vulnerability scan?

Answer 335

The credentialed scan has more permissions than a non-credentialed one and has the ability to audit, scan documents, check account information, check certificates, and provide more accurate information.

Question 336

At what phase of a pen test does the tester return the systems back to the original
state or inform the IT team of vulnerabilities that need patching?

Answer 336

The cleanup phase is where the systems are returned back to the original state.

Question 337

What is OSINT? Is it legal?

Answer 337

Open source intelligence; this is legal intelligence that is obtained from the public domain.

Question 338

What is the purpose of the red team?

Answer 338

They fulfill the role of the attacker.

Question 339

What is the purpose of the blue team?

Answer 339

They fulfill the role of the defender.

Question 340

What is the purpose of the white team?

Answer 340

They organize and judge the cybersecurity events, ensure reports are accurate and the correct countermeasures are recommended.

Question 341

What is the purpose of the purple team?

Answer 341

They carry out the roles of both the red and blue teams; these are external consultants or auditors.

Question 342

When evaluating CVSS scores, which vulnerabilities should you deal with first?

Answer 342

You must deal with the most critical vulnerabilities first.

Question 343

Describe a false positive.

Answer 343

When a monitoring system and manual inspection differ. For example, a SIEM system says there is an attack, and a manual inspection confirms that there is no attack.

Question 344

What is a true positive?

Answer 344

When a monitoring system and manual inspection agree on events.

Question 345

What is the difference between intrusive and non-intrusive scans?

Answer 345

An intrusive scan will cause damage whereas a non-intrusive scan is passive and wont cause damage.

Question 346

What is regression testing and who will carry it out?

Answer 346

Regression testing is where a coding expert checks the code written for an application to ensure that there are no flaws.

Question 347

When would dynamic analysis be carried out?

Answer 347

Dynamic analysis is evaluating a program where it is running in real time.

Question 348

What is a syslog server and what purpose does it serve?

Answer 348

The syslog server collects data from various sources in an event logging database. It filters out legitimate events and forwards the rest of the data to the SIEM server for further analysis.

Question 349

Why does a SIEM server rely on synchronized time clocks between all of the servers
and devices that it collects data from?

Answer 349

A SIEM server puts events into chronological order. If the clocks are not synchronized, then events cannot be put into sequential order.

Question 350

What is the purpose of threat hunting?

Answer 350

The IT team carries out threat hunting in their own systems to try and discover whether they have been subjected to a cyber attack.

Question 351

What refers to the rules required by different applications for the exchange of data?

Answer 351

Protocols

Question 352

What are the 2 types of ports?

Answer 352

TCP and UDP

Question 353

What is the main difference between Transmission Control Protocol and User Datagram Protocol?

Answer 353

The main difference between the two is that TCP is connection-oriented
as it uses a three-way handshake, and UDP is faster but less reliable as it is connectionless.

Question 354

If I wish to upload files to a web server, I would use what port?

Answer 354

FTP on port 20

Question 355

If I was downloading files from a web server, I would use what port?

Answer 355

FTP on port 21, Passive FTP

Question 356

What is the downside of using FTP and what should replace it?

Answer 356

The transfer is done in clear test, so a packet sniffer could view the information. It could be replaced by SFTP or FTPS.

Question 357

What insecure protocol was used to run remote commands on devices such as routers?

Answer 357

Telnet

Question 358

What is the problem with Telnet?

Answer 358

the session is in clear text and not secure. SSH has replaced it.

Question 359

What insecure protocol allocates IP addresses dynamically to computers?

Answer 359

DHCP

Question 360

What insecure protocol is used to access websites?

Answer 360

HTTP

Question 361

What insecure protocol ensures that the clock times of all computers and servers are synchronized?

Answer 361

NTP

Question 362

What insecure protocol creates, stores, and manages objects in a directory service?

Answer 362

LDAP

Question 363

What insecure protocol is used to transfer files between different mail servers and is used for outbound emails?

Answer 363

SMTP

Question 364

What insecure protocol is an email client that pulls email from the mail server, but when the email is downloaded, it does not retain a copy on the mail server itself?

Answer 364

POP3

Question 365

What is a hierarchical naming system that takes a hostname and resolves it to an IP address?

Answer 365

DNS

Question 366

What stores recently resolved host names?

Answer 366

DNS Cache

Question 367

What is a flat file where entries are manually inserted and read from top to bottom?

Answer 367

The host file

Question 368

What server normally maintains only the hostnames for your domain?

Answer 368

DNS Server

Question 369

What server refers requests to the .com server, which in turn refers requests to the authoritative DNS server for the domain, which then replies with the IP address of the website?

Answer 369

Root server

Question 370

What is the Microsoft legacy naming convention that has a flat namespace that can have a max of 15 characters with a service identifier?

Answer 370

NETBIOS

Question 371

What insecure protocol transfers the video conferencing traffic once Session Initiation Protocol has established a session?

Answer 371

RTP

Question 372

What protocol allows different methods of video and voice to communicate with each other? For example, if you use an XMPP gateway, you can connect Jabber clients to a Skype session.

Answer 372

Media Gateway

Question 373

What protocol was invented to replace Telnet so that commands could be run securely? It is commonly used when you want remote access to network devices.

Answer 373

SSH

Question 374

What protocol is used to transfer files securely between hosts in a Linux environment?

Answer 374

SCP (Secure Copy Protocol)

Question 375

What protocol allows us to encrypt authentication and download files securely so that they cannot be tampered with? It is secure as it is packaged with SSH.

Answer 375

SFTP

Question 376

What protocol was introduced to prevent someone from gaining access to DNS records?

Answer 376

DNSSEC

Question 377

What is the authentication system used to log in to directory services and uses tickets for authentication?

Answer 377

Kerberos

Question 378

What is the secure version of SNMP, as it authenticates and encrypts data packets?

Answer 378

SNMP v3

Question 379

When objects are created in directory services, they are securely managed by what protocol?

Answer 379

LDAPS

Question 380

What protocol can be used to secure a web page but is more commonly used when making a purchase on a website?

Answer 380

HTTPS

Question 381

What protocol is used to protect data in transit and is an upgraded version of SSL that is used to encrypt communications on the internet, such as email or internet faxing, and transfer data securely?

Answer 381

TLS

Question 382

What protocol can be used with L2TP/IPSec to provide a VPN session?

Answer 382

IPSec

Question 383

What part of the IPSec packet is hashed by using SHA1 or MD5 to confirm the integrity of the packet?

Answer 383

AH

Question 384

What part of the IPSec packet is the data that is encrypted by DES, 3DES, or AES?

Answer 384

ESP

Question 385

What mode of IPSec is used with L2TP/IPSec VPN’s, where both the AH and the ESP are encrypted? It is normally used externally.

Answer 385

Tunnel Mode

Question 386

What mode of IPSec is used between two servers or hosts on an internal network, where only the ESP is encrypted?

Answer 386

Transport mode

Question 387

What protocol is secure SMTP and uses TLS for encryption? It uses the STARTTLS command, which secures email.

Answer 387

SMTPS

Question 388

What protocol is an email client that has the ability to manage tasks and diaries?

Answer 388

IMAP 4

Question 389

What protocol is a legacy email client that does not leave copies of messages on the mail server?

Answer 389

SPOP3

Question 390

What protocol uses Public Key Infrastructure (PKI) to either encrypt emails or digitally sign emails to prove the integrity of the message?

Answer 390

S/MIME

Question 391

What protocol is used to transfer large files securely, as it uses TLS to set up a secure tunnel before downloading the files, and this makes it faster?

Answer 391

FTPS

Question 392

What protocol is a Microsoft product that allows you to run a secure remote access session on a Windows desktop or server?

Answer 392

RDP

Question 393

What protocol is used to secure video-conferencing traffic? it normally uses TCP port 5061.

Answer 393

SRTP

Question 394

What protocol uses port 21?

Answer 394

FTP

Question 395

What protocol uses port 23?

Answer 395

Telnet

Question 396

What protocol uses port 25?

Answer 396

SMTP

Question 397

What protocol uses port 53?

Answer 397

DNS

Question 398

What protocol uses UDP port 67/68?

Answer 398

DHCP

Question 399

What protocol uses UDP port 69?

Answer 399

Trivial FTP

Question 400

What protocol uses port 80?

Answer 400

HTTP

Question 401

What protocol uses port 110?

Answer 401

POP3

Question 402

What protocol uses port 123?

Answer 402

NTP

Question 403

What protocol uses UDP ports 137-139?

Answer 403

NETBIOS

Question 404

What protocol uses port 143?

Answer 404

IMAP

Question 405

What protocol uses UDP port 161?

Answer 405

SNMP

Question 406

What protocol uses port 389?

Answer 406

LDAP

Question 407

What protocols use port 22?

Answer 407

SSH, SCP, SFTP

Question 408

What protocol uses TCP/UDP port 53?

Answer 408

DNSSEC

Question 409

What protocol uses port 88?

Answer 409

Kerberos

Question 410

What protocol uses UDP port 162?

Answer 410

SNMP v3

Question 411

What protocol uses port 389?

Answer 411

LDAPS

Question 412

What protocols use port 443?

Answer 412

HTTPS, TLS, SSL

Question 413

What protocol uses UDP port 500?

Answer 413

IPSec

Question 414

What protocol uses port 587?

Answer 414

SMTPS

Question 415

What protocols use port 993?

Answer 415

IMAP4 and S/MIME

Question 416

What protocol uses port 995?

Answer 416

SPOP3

Question 417

What protocol uses ports 989/990?

Answer 417

FTPS

Question 418

What protocol uses port 3389?

Answer 418

RDP

Question 419

What protocol uses ports 5060/5061?

Answer 419

SIP

Question 420

What protocol uses port 5061?

Answer 420

SRTP

Question 421

What is used to remotely access the router and run commands securely?

Answer 421

SSH

Question 422

A managed switch is called?

Answer 422

802.1x

Question 423

What is it called when a port in a switch is switched off to prevent someone from plugging their laptop into a wall jack?

Answer 423

Port security

Question 424

What is used in a switch to prevent MAC flooding, where the switch is flooded with a high volume of fake MAC addresses? This prevents DDoS attacks?

Answer 424

Flood Guard

Question 425

What can be set up on a switch to segment network traffic?

Answer 425

VLAN

Question 426

What protocol has an algorithm that sets up some ports to forward, listen, or block traffic to prevent looping?

Answer 426

Spanning Tree Protocol

Question 427

What is the authentication protocol that uses tickets and prevents replay attacks?

Answer 427

When using Kerberos authentication, a TGT session is established, where the user obtains an encrypted service ticket. Kerberos uses USN and timestamps to prevent replay attacks.

Question 428

Describe how IPSec tunnel mode works.

Answer 428

IPSec in tunnel mode is used with an L2TP/IPSec VPN session where both the AH and ESP are encrypted.

Question 429

Describe how IPSec transport mode works.

Answer 429

IPSec in transport mode is server to server on a LAN where only the ESP is encrypted.

Question 430

If an IT administrator uses Telnet to run remote commands on a router,
which secure protocol can it be replaced with?

Answer 430

SSH is a secure protocol that replaces Telnet.

Question 431

What is the purpose of a router?

Answer 431

A router connects external networks and routes IP packets.

Question 432

What is the purpose of a switch?

Answer 432

A switch is an internal device connecting computers being used in the same location.

Question 433

What type of service is Spotify?

Answer 433

A subscription service where the user pays a monthly fee.

Question 434

Explain how port security works.

Answer 434

Port security is where a port on a switch is disabled to prevent someone from using a particular wall jack.

Question 435

Describe how a managed switch with 802.1x works.

Answer 435

802.1x authenticates users and devices connecting to a switch. Normally the user or a device has a certificate to authenticate them without the need to disable ports on the switch. An unauthorized user is prevented from using the port as they have no certificate.

Question 436

What are the three portions of a distinguished name and the order that
they come in?

Answer 436

The three portions of a distinguished name from left to right are CN, OU, and then DC.

Question 437

Which protocol can I use to prevent DNS poisoning?

Answer 437

DNSSEC, which produces RRSIG records that prevent DNS poisoning.

Question 438

What are the two reasons why a computer might not receive an IP address from
a DHCP server?

Answer 438

A computer might not receive an IP address from a DHCP server due to resource exhaustion or network connectivity.

Question 439

What type of server would both an SIEM server and a Microsoft domain controller
benefit from having installed on their network?

Answer 439

An NTP server to keep the clock times on the hosts up to date.

Question 440

If two companies rented offices on the same floor of a building, what could the
building administrator implement to isolate them from each other?

Answer 440

VLAN’s

Question 441

What is the purpose of STP?

Answer 441

Spanning Tree Protocol prevents switches form looping, which slows the switch down.

Question 442

If a network administrator wanted to collect the statuses and reports of network
devices, what secure protocol could they use?

Answer 442

SMTP v3 to securely collect the status and reports from network devices.

Question 443

If a network administrator wants to set up a VPN, what is the most secure protocol
that they can use?

Answer 443

AES is the strongest protocol for an L2TP/IPSec VPN as it can use 256 bits

Question 444

Which secure protocol can be used to prevent a pass-the-hash attack?

Answer 444

A pass-the-hash attack is a hash collision attack against NLTM authentication. Kerberos prevents this attack.

Question 445

Which protocol protects data in transit?

Answer 445

TLS protects data in transit.

Question 446

Which protocol can be used to digitally sign an email between two people?

Answer 446

S/MIME

Question 447

Which protocol can be used to secure video conferencing?

Answer 447

SRTP

Question 448

Which protocol allows a user to put a Skype session on hold, speak to another
person, and then come back to the first caller?

Answer 448

SIP

Question 449

A system administrator is managing a directory service using a protocol that uses
TCP port 389. What protocol are they using and which protocol can be used to
carry out the same task securely?

Answer 449

LDAP uses TCP port 389 and is used to manage directory services. It can be replaced by LDAPS TCP port 636, which is more secure.

Question 450

Say I use the nbtstat -an command and the output shows me the following:
IAN <00>
IAN <20>
What naming convention is used and what format is being shown?

Answer 450

The format is NETBIOS, the host is called Ian;<00> indicates the workstation service and <20> indicates the server service.

Question 451

What protocol can be used to transfer large files remotely?

Answer 451

FTPS is used to transfer large files as it uses two ports: 989/990

Question 452

What are the frames that contain information about the STP?

Answer 452

BPDU’s

Question 453

What is set up on a port of a switch so that when the data arrives at that port, a splitter sends a copy to another device for later investigation?

Answer 453

Tap/Port Mirror

Question 454

What can be used to examine the attack methods that hackers use?

Answer 454

a honeypot

Question 455

What kind of server controls requests from clients seeking resources on the internet or an external network?

Answer 455

Proxy server

Question 456

What do you call a hardened host that could be used as an intermediary device or as a gateway for administrators who would then connect to other servers for remote authentication?

Answer 456

Jump server/jump host/jump box

Question 457

What do you call a device that is used when there is a high volume of traffic coming into the company’s network or web server?

Answer 457

Network load balancer

Question 458

What do you call a legacy server where dial-up networking is used? Located on the company network and the speed of the modem was up to 56Kbps - very slow and pages look like a map.

Answer 458

Remote Access Server

Question 459

What is the most secure tunneling protocol that can use certification, Kerberos authentication, or a pre-shared key? Provides both a secure tunnel and authentication,

Answer 459

L2TP/IPSec

Question 460

What tunneling protocol works on legacy systems and uses SSL certificates for authentication? A newer version is TLS VPN.

Answer 460

Secure Socket Layer (SSL) VPN

Question 461

What mode of IPSec is used across the internet?

Answer 461

Tunnel mode

Question 462

What mode of IPSec is created with an internal network using client/server-to-server communication?

Answer 462

Transport Mode

Question 463

The purpose of the ___________ is to set up the secure tunnel during the IKE phase.

Answer 463

VPN concentrator

Question 464

What kind of VPN’s use an SSL certificate, and only need a web browser to make a connection?

Answer 464

SSL VPN

Question 465

What kind of attack is where a secure VPN session is connected and then the user opens an unsecured session that would allow the hacker to come in through the unsecured session and gain access?

Answer 465

Split tunneling

Question 466

What is the go to version of secure remote access?

Answer 466

SSH

Question 467

What do you call a network where packets are routed through a controller rather than traditional routes, which improves performance?

Answer 467

Software-Defined Networking

Question 468

What do you call a secure network with very fast links and a web server, called the intranet, that holds internal-only information, such as classified data, manufacturing price lists, or the internal forms library?

Answer 468

LAN

Question 469

What do you call the boundary layer between the LAN and the WAN that holds information that companies may want people from the internet to access?

Answer 469

Screened Subnet

Question 470

What checks that the device being used is fully patched?

Answer 470

NAC

Question 471

What component of the NAC checks the health of the incoming device to ensure that it is fully patched?

Answer 471

Host Health checks (HAuth)

Question 472

What kind of attack sees attackers attempt to poison the DNS cache by putting in wrong entries to divert you to a server where they can attack you?

Answer 472

DNS poisoning

Question 473

What is a flat file where entries are manually inserted and read from the top to the bottom?

Answer 473

Hosts file

Question 474

What is the process of capturing your network traffic, and mapping all of the network devices, protocols, and IP address ranges so that they have information that will help an attacker get an idea of how your network is laid out?

Answer 474

Fingerprinting

Question 475

What is the process of looking at the network topology and gathering as much information as you can, such as email addresses? They will identify vulnerabilities within a company that can be used as an attack vector.

Answer 475

Footprinting

Question 476

What brings back the replies when you use command-line tools?

Answer 476

Internet Control Message Protocol (ICMP)

Question 477

What command is used to test connectivity to another host?

Answer 477

Ping

Question 478

What command uses the ping -t command and is used for diagnostic testing?

Answer 478

Continuous Ping

Question 479

What command tool can be used as a TCP/IP packet assembler and analyzer? It allows you to test the security of your network devices, such as firewall rules and open ports, and analyzes network traffic, including packet formats and traceroute.

Answer 479

Hping

Question 480

What command shows the route taken from a computer to a website? It can show any latency traveling through a particular router.

Answer 480

Tracert/Traceroute

Question 481

What command has the functionality of both ping packets and tracert? It also calculates statistics after the trace, showing the packet loss ate each router it passes through.

Answer 481

Pathping

Question 482

What command is used to see the established connections and the listening ports? It can also let you know what services are running on a computer.

Answer 482

Netstat

Question 483

What command is a diagnostic tool for verifying the IP address of a hostname in the DNS server database?

Answer 483

Nslookupd

Question 484

What does the “set type=MX” command do?

Answer 484

brings back the DNS details on all mail servers in the domain

Question 485

What command is the equivalent of nslookup in a Linux/Unix environment?

Answer 485

Dig

Question 486

What command is used to translate the IP address to a MAC address?

Answer 486

ARP

Question 487

What commands show the IP configuration?

Answer 487

ipconfig (windows)/ip/ifconfig (Linux)

Question 488

What command is used to clear out all entries in the DNS cache?

Answer 488

ipconfig/flushdns

Question 489

What command is used by Linux/Unix as a packet sniffer command?

Answer 489

tcpdump

Question 490

What command is a free and open source network mapper that can be used to create an inventory of all the devices on you network and can be used for banner grabbing?

Answer 490

Nmap

Question 491

What command is a utility for showing network connections in a Linux/Unix environment?

Answer 491

Netcat/nc

Question 492

What can scan all IP addresses in a given range?

Answer 492

IP scanners

Question 493

What is the command-tool used to transfer data? It can also be used in banner grabbing; this is fetching remote banner information from web servers.

Answer 493

Curl

Question 494

What is a passive tool that comes with Kali Linux and we can use it to harvest the email addresses of an organization?

Answer 494

The Harvester

Question 495

What is a pen test reconnaissance tool that can be used for automated tests? It can look for vulnerabilities in your network, open ports, it can diagnose DNS, issues it has Nmap capabilities, and it can find application weaknesses.

Answer 495

Sn1per

Question 496

What is a port scanner that has the ability to be anonymous so that the scan cannot be traced back to your IP address?

Answer 496

Scanless

Question 497

What tool can identify DNS records, such as MX, mail exchange servers, NS and host A records for a domain?

Answer 497

Dnsenum

Question 498

What is a remote scanning tool that can highlight vulnerabilities that can be exploited by hackers?

Answer 498

Nessus

Question 499

What tool creates a sandbox that can be used for analyzing files for malware inspection?

Answer 499

Cuckoo

Question 500

What tools will scan the computer on a regular basis and then produce reports?

Answer 500

Anti-virus/Advanced Malware Tools

Question 501

What tool can replace corrupted files by replacing them with a copy held in a compressed folder with system32? You run it with the sfc /scannow command.

Answer 501

File Integrity Checker

Question 502

What do you call the Microsoft utility that can check the hash value of system files to ensure that there has been no tampering?

Answer 502

File Checksum Integrity Verifier (FCIV)

Question 503

What command in Linux can be used to create files, view files, and also concatenate a number of files into another file?

Answer 503

Concatenate (Cat)

Question 504

The most important file in Linux is the /var/log/messages file, which shows system events such as a shutdown and reboot. What command can we use to check the top 10 messages from that log?

Answer 504

Head

Question 505

What command can we used to view the last 10 messages in the /var/log/messages log file?

Answer 505

Tail

Question 506

What command is used to search text and log files for specific values?

Answer 506

Grep

Question 507

What command is used to change the permission level?

Answer 507

chmod

Question 508

What command can you use to add a message to the local system log file or to a remote syslog server?

Answer 508

logger

Question 509

What can capture the traffic flowing through the network, including passwords in clear text and any commands being sent to network-based applications?

Answer 509

Protocol Analyzer/Packet sniffer

Question 510

What is an open source tool that can be used to analyze .pcap files generated by either Wireshark or tcpdump and then replay the traffic and send it to the NIPS to see whether it detects it?

Answer 510

tcpreplay

Question 511

What kind of tools can develop and execute exploit code against a remote target computer? This can be used to harden your IT systems before they are attacked.

Answer 511

Exploitation Framework tools

Question 512

When the forensics team are going to investigate an image on a desktop or laptop, what command can be used to clone a disk or copy a folder in a Linux/Unix environment?

Answer 512

dd

Question 513

What is the command line
dd if =/dev/sda of = /dev/sdb
doing?

Answer 513

Copying the entire disk /dev/sda to /dev/sdb

Question 514

What is the command
dd if=/dev/sda of=~/sdadisk.img

Answer 514

Taking the disk /dev/sda and making it into a disk image.

Question 515

What command is an enhanced version of the dd command and can be used to obtain forensic information such as the hash of the drive?

Answer 515

dcfldd

Question 516

What tool analyzed dump files?

Answer 516

Blue screen review or memdump (linux)

Question 517

What tool can be used on any version of Windows OS’s to help forensics team find evidence? Its a hexadecimal editor that can be used to find deleted or lost data and recover data from a corrupt drive?

Answer 517

WinHex

Question 518

What can be used to collect copies of data without making changes to the original evidenct?

Answer 518

FTK imager

Question 519

What can be used to analyze hard drives, smartphones, and media cards? It has a built-in translator to translate foreign languages into English.

Answer 519

Autopsy

Question 520

When you see names in clear text followed by hashes, the hash is a hash of what?

Answer 520

the password

Question 521

What tools can be used to crack the passwords and create password hashes? Such as the Cain portion of Cain and Able or LOphtcrack.

Answer 521

Password Crackers

Question 522

What range of IP addresses have the first number on the left starting with 1-126?

Answer 522

Class A

Question 523

What range of IP addresses is 172.16.x.x to 172.31.x.x? It is only a partial address range.

Answer 523

Class B

Question 524

What range of IP addresses begin at 192.168.x.x and is the complete address range?

Answer 524

Class C

Question 525

What is used to divide IP addresses into blocks so that different subnets have their own IP address range? It can also tell whether the packet delivery is local or remote?

Answer 525

Subnet masks

Question 526

If you cannot get an IP address from a DHCP server, you will get what instead?

Answer 526

an APIPA address starting with 169.254.x.x.

Question 527

What hexadecimal address range can be used externally? They start on the right-hand side with values of 2001, 2002, or 2003.

Answer 527

Public addresses

Question 528

What hexadecimal address range are restricted to one subnet and start with fe80?

Answer 528

Link Local

Question 529

What hexadecimal address range are restricted to a site and start with either fc00 and fd00? Also known as site-local addresses.

Answer 529

Unique Local

Question 530

An IP version 6 address can be simplified by what?

Answer 530

Removing leading zeros and replacing a number of blocks of 0000 with a double colon.

Question 531

Cloud providers allocate IP addresses for VPC by using different what?

Answer 531

CIDR blocks for each network

Question 532

What is the purpose of a web application firewall and where is it normally placed?

Answer 532

The web application firewall is normally installed on a web server as its job is to protect web applications from attack.

Question 533

What is Implicit Deny and which two devices does it affect?

Answer 533

Implicit Deny is used by both the firewall and the router. If there is no allow rule they get the last rule which is deny all. This is known as Implicit Deny.

Question 534

What is the firewall that does content filtering, URL filtering, and malware
inspection?

Answer 534

UTM is a firewall that provides value for money as it can provide URL filtering, content filtering, and malware inspection as well as firewall functionality.

Question 535

Which network device connects two networks together?

Answer 535

A router connects different networks together and works at Layer 3 of the OSI reference model (Network Layer)

Question 536

Which type of internal device connects users on the same network?

Answer 536

A switch connects users on an internal network, normally in a star topology.

Question 537

Which type of device hides the internal network from hackers on the internet?

Answer 537

A NAT hides the internal network from those on the external network.

Question 538

What is an inline NIPS?

Answer 538

An inline NIPS is where the incoming traffic passes through and is screened by the NIPS.

Question 539

Which type of IPS protects virtual machines from attack?

Answer 539

A Host-Based IPS is installed inside the guest virtual machine to protect it from attacks.

Question 540

Which type of IPS is placed behind the firewall as an additional layer of security?

Answer 540

A Network-based IPS is placed behind the firewall as an additional layer of security. The firewall prevents unauthorized access to the network.

Question 541

If I don’t have a NIDS on my network, which device can passively monitor
network traffic?

Answer 541

A NIPS can passively monitor the network as it can fulfill the functionality of a NIDS if there is no NIDS on your network.

Question 542

What is the difference between a signature and anomaly-based NIDS?

Answer 542

A signature-based NIDS works off a known database of variants, whereas an anomaly-based one starts with the database and can learn about new patterns or threats.

Question 543

What is the passive device that sits on your internal network?

Answer 543

A passive device that sits inside your network is a NIPS

Question 544

If I receive an alert that server 1 has a virus and I inspect the server and there are no
viruses, what is this known as?

Answer 544

If one of the monitoring systems reports a virus and you manually check and find no virus, this is known as a false positive.

Question 545

How can I prevent someone from accessing a medical center’s network by plugging
their laptop into a port in the waiting room?

Answer 545

You should enable port security. This would prevent further use of the wall jack.

Question 546

How can I prevent someone form plugging a rogue access point into my network?

Answer 546

You would enable 802.1x on the switch itself to ensure that the device is authenticated before using the port.

Question 547

How do 802.1x and port security differ? Which one gives me more functionality?

Answer 547

A managed switch uses 802.1x, which authenticates the device but does not disable the port when port security merely disables the port. 802.1x is therefore more functional.

Question 548

Which is the purpose of web caching on a proxy server?

Answer 548

Web caching on a web server keeps copies of the web pages locally, ensuring faster access to the web pages and preventing the need to open a session to the internet.

Question 549

What is the purpose of a VPN?

Answer 549

The purpose of a VPN is to create a tunnel across unsafe networks from home or a hotel to the workplace.

Question 550

What happens in the IKE phase of a VPN session?

Answer 550

In the IKE phase of an IPSec session, Diffie Hellman using port 500 sets up a secure session before the data is transferred.

Question 551

What is the purpose of a VPN concentrator?

Answer 551

To set up a secure session for a VPN

Question 552

What is the most secure VPN tunneling protocol?

Answer 552

The most secure VPN tunnel is L2TP/IPSec, which uses AES encryption for the ESP.

Question 553

What modes would you use in a L2TP/IPSec tunnel over the internet and
then internally?

Answer 553

IPSec in tunnel mode is used across the internet or external networks, and IPSec in transport mode is used between hosts internally.

Question 554

Which VPN session type would you use on a site-to-site VPN?

Answer 554

When setting the site-to-site VPN, it should be used in always-on mode as opposed to dial-on-demand.

Question 555

What network device should you use to manage a high volume of web traffic?

Answer 555

A load balancer should be used to manage a high volume of web traffic as it sends the requests to the least-utilized node that is healthy.

Question 556

What type of network is used by a virtual network so that the route requests
are forwarded to a controller?

Answer 556

SDN is used in a virtual environment when the routing requests are forwarded to a controller.

Question 557

What is the purpose of a screened subnet and what type of web server is located
there?

Answer 557

The screened subnet is a boundary layer that hosts an extranet server; it is sometimes known as the extranet zone. It used to be called the DMZ.

Question 558

If I want to find out what attack methods a potential hacker is using, what do I need
to set up?

Answer 558

If you set up a honeypot, which is a website with lower security, you will be able to monitor the attack methods being used and then be able to harden your actual web server against potential attacks.

Question 559

What is the purpose of network access control? Name the two agents that it uses.

Answer 559

Network access control ensures that devices connecting to your network are fully patched. There are two agents: one that is permanent and another that is dissolvable that is for single use.

Question 560

What type of device can be used to automate the collection of log files across many
different devices?

Answer 560

A SIEM server can correlate log files from many devices and notify you of potential attacks.

Question 561

If I wanted to back up data to a backup device but, at the same time, prevent
someone from deleting the data, what device do I need to use?

Answer 561

If data is backed up to a Write-Once Read-Many (WORM) drive, the data cannot be deleted or altered.

Question 562

Explain the port mirror process and name another device that could be used for the
same process?

Answer 562

A port mirror can make a copy of the data going to a port and divert it to another device for analysis. A tap is another device that can be used for the same purpose. However, a tap is more expensive.

Question 563

What type of records are created by DNSSEC?

Answer 563

DNSSEC creates RRSIG records for each DNS host and a DNSKEY record used to sign the KSK or ZSK.

Question 564

What are the two portions of an IPSec packet?

Answer 564

An IPSec packet that has the authenticated header that uses either SHA-1 or MD5 and an Encapsulated Payload that uses DES, 3DES, or AES.

Question 565

How can I tell whether my laptop fails to get an IP address from a DHCP server?

Answer 565

If you cannot get an IP address from a DHCP server, you would receive a 169.254.x.x IP address. This is known as APIPA. This could be caused by network connectivity or resource exhaustion.

Question 566

What type of IP address is

2001:123A:0000:0000:ABC0:00AB:0DCS:0023

and how can we simplify it?

Answer 566

It is an IP version 6 address and you can simplify it by changing the leading zeros to

2001:123A: :ABC0:AB:DCS:23.

Question 567

What is the benefit of an HTML 5 VPN?

Answer 567

An HTML5 VPN has no infrastructure to be set up as it uses certificates for encryption.

Question 568

What mode is an L2TP/IPSec VPN if it encrypts both the header and the payload?

Answer 568

Tunnel mode used externally

Question 569

What is the purpose of a jump server?

Answer 569

To allow a remote SSH session to a device or a virtual machine in a screened subnet or the cloud.

Question 570

What is load balancing persistence or affinity?

Answer 570

This is where the host is sent to the same server for the session.

Question 571

What is the downside to using two load balancers in an active/active mode?

Answer 571

Both of the load balancers are working close to capacity and if one of these load balancers fail, then the users would find that the traffic is slower.

Question 572

Three different groups of workers are in an open plan office and they are all
connected to the same physical switch. What can be done to isolate them from
each other?

Answer 572

A VLAN can be used for departmental isolation on the same switch.

Question 573

How does East-West traffic operate?

Answer 573

East-West traffic moves laterally between servers within a data center.

Question 574

What is a zero-trust network and where is it likely to be used?

Answer 574

A zero-trust network is where nothing is trusted, and every user or device must prove their identity before accessing the network. This would be used in the cloud.

Question 575

Why would someone use Angry IP?

Answer 575

Angry IP is an IP scanner that would scan an IP range to determine hosts that are active or inactive.

Question 576

When can I use curl or nmap?

Answer 576

curl or nmap could be used for banner grabbing.

Question 577

When would someone use the Harvester tool?

Answer 577

The harvester tool is used to collect the email addresses of a particular domain from search engine such as Google.

Question 578

How can an attacker find the DNS records from your domain?

Answer 578

They can use the dnsenum tool

Question 579

Why would I use the scanless tool?

Answer 579

It allows anonymous port scanning so that it cannot be traced back to you.

Question 580

What tools can I use as a sandbox to analyze files for malware?

Answer 580

You could use the tool called cuckoo to carry out this activity.

Question 581

What is the purpose of DHCP snooping

Answer 581

This is to prevent rogue DHCP servers from operating openly on your network.

Question 582

What are the two main reason why I would receive an APIPA address of
169.254.1.1?

Answer 582

It could be resource exhaustion, where the DHCP server has run out of IP addresses or it could be network connectivity between the client and the DHCP server.

Question 583

What kind of wireless controller is a standalone WAP, similar to that used at home? It has its own pool of DHCP addresses, and all configurations for the wireless network are installed on the WAP.

Answer 583

Fat controller

Question 584

What kind of wireless controller allows multiple WAP’s to be controlled remotely by a single controller; this is ideal in a corporate environment where there are quite a few WAP’s?

Answer 584

Thin Controllers

Question 585

To control access to a WAP, we do what?

Answer 585

We insert the MAC address into MAC filtering, then only those devices with a MAC address will be allowed access.

Question 586

On what channel should you place your first wireless device?

Answer 586

Channel 1

Question 587

On what channel should you place your second wireless device?

Answer 587

Channel 11

Question 588

On what channel should you place your 3rd wireless device?

Answer 588

Channel 6

Question 589

We place the device’s channels as far apart as possible to prevent?

Answer 589

The overlap of adjacent channels and interference.

Question 590

If we want to set up a wireless network for the general public to access without any encryption or any passwords, we could use?

Answer 590

Open System Authentication

Question 591

What type of wireless encryption is the weakest form of wireless security, with a 40-bit key that is very easy to crack?

Answer 591

Wired Equivalent Privacy (WEP)

Question 592

What type of wireless encryption replaced WEP as it used the Temporal Key Integrity Protocol?

Answer 592

Wi-Fi Protected Access

Question 593

What concept uses the GPS or RFID to define geographical boundaries? Once the device is taken past the defined boundaries, the security team will be alerted.

Answer 593

Geofencing

Question 594

What concept uses GPS to give the actual location of a mobile device?

Answer 594

Geolocation

Question 595

What control ensures that mobile devices that connect to your network are fully patched and compliant before obtaining access to the internal network?

Answer 595

NAC

Question 596

What concept is having an application package in .apk format and then installing it on a mobile device? This is useful for developers who want to trial 3rd party apps, but also allow unauthorized software to be run on a mobile device.

Answer 596

Sideloading

Question 597

What two groups of people might use a guest wireless network?

Answer 597

Visitors and employees on their lunchtime break

Question 598

What is the difference between fat and thin wireless controllers?

Answer 598

The FAT wireless controller is standalone; it has its own setting and DHCP addresses configured locally A thin wireless controller pushes out the setting to multiple WAP’s.

Question 599

What is the WAP master password, and how would you protect it?

Answer 599

The WAP master password is the admin password, and it should be encrypted to protect it.

Question 600

What two things can a Wi-Fi Analyzer perform?

Answer 600

Wi-Fi analyzers can troubleshoot wireless connectivity and discover the SSID inside a packet going to the WAP.

Question 601

What is the purpose of MAC filtering?

Answer 601

MAC filtering controls who can access a WAP. If your MAC address is not added to the WAP, then you are denied access.

Question 602

Why should you place your first WAP on channel 1, your second WAP on channel
11, and your third WAP on channel 6?

Answer 602

To prevent interference by overlapping the wireless channels.

Question 603

Why would an engineer carry out a site survey prior to installing a wireless
network?

Answer 603

He would ensure that the WAP’s are placed where there is no interference.

Question 604

Would you go to your online banking if you are in a hotel that uses Open
Authentication

Answer 604

No, because it is not secure.

Question 605

What is the weakest version of wireless encryption?

Answer 605

WEP is the weakest as it only has 40-bit encryption.

Question 606

If a friend comes to visit me in my house and asks for the wireless password, what
am I giving them?

Answer 606

You are giving them the Pre-shared Key.

Question 607

What is the most secure version of WPA2?

Answer 607

It is WPA2-CCMP as it uses AES encryption that is 128 bits.

Question 608

When using WPA3-Personal, what replaces the pre-shared key?

Answer 608

Simultaneous Authentication of Equals (SAE) replaces the PSK; it is more secure as the password is never transmitted, and it is immune to offline attacks.

Question 609

When using a WPA3 wireless, what replaces WPA2-Open Authentication?

Answer 609

Wi-Fi Enhanced Open is the WPA3 equivalent of Open System Authentication; it does not use a password and prevents eavesdropping.

Question 610

What is the most secure version of wireless?

Answer 610

This is WAP3 as it has AES encryption up to 256 bit, whereas WPA2 only uses 128 bit encryption.

Question 611

How do I access a wireless network if I use WPS and what type of attack is it
vulnerable against?

Answer 611

With WPS, you push the button to connect to the wireless network. It is susceptible to a brute-force attack as it has a password stored on the device.

Question 612

What is the purpose of a captive portal for a wireless network?

Answer 612

A captive portal can ask you to agree to an AUP and provide additional validation, such as your email address or Facebook or Google account details.

Question 613

What benefit does WPA3 bring to IoT devices?

Answer 613

Wi-Fi Easy Connect makes it very easy to connect to IoT devices such as a smartphone by simply using a QR code.

Question 614

What needs to be installed on the endpoint if you are going to use EAP-TLS for
wireless authentication?

Answer 614

A certificate on the endpoint as TLS needs an x509 certificate.

Question 615

If a user installs pirate software on their corporate laptop, which policy have they
violated?

Answer 615

They have violated the Acceptable Use Policy (AUP)

Question 616

What would be the benefit to first-line support if the company were to adopt CYOD
instead of BYOD?

Answer 616

If they adopt BYOD, they might have to support hundreds of different devices, whereas if they adopt CYOD, there would be a limited number of devices to make support easier.

Question 617

If I am staying in a hotel and their Wi-Fi is not working, how can I get access to the
internet?

Answer 617

You could use your cellular phone as a hotspot.

Question 618

If my cell phone has been lost or stolen, what should be done using MDM?

Answer 618

You should remote wipe it.

Question 619

What three things should I do to protect the data stored on my smartphone?

Answer 619

You should use screen locks and strong passwords, and use FDE to protect the data at rest.

Question 620

If a company has suffered several thefts of company laptops, what could you use to
prevent further thefts?

Answer 620

You could tag the laptops and set up geofencing to prevent thefts. RFID is another option.

Question 621

How can we keep company data separate from personal data on a cell phone that is
being used as a BYOD device so that offboarding is easy to achieve?

Answer 621

You could segment the data using storage segmentation or containerization.

Question 622

What is the purpose of using SE Android?

Answer 622

To segment business data and prevent applications outside of the Knox container from accessing resources inside the container.

Question 623

What is a wireless short-range payment type?

Answer 623

NFC

Question 624

What kind of attacks commonly use port 1900?

Answer 624

Virus

Question 625

What kind of password attack uses the most common passwords one at a time against the list of employees in the hope that one matches?

Answer 625

Spraying attack

Question 626

Card cloning is also referred to?

Answer 626

Skimming

Question 627

What kind of attack is where a malicious plugin
or script has been downloaded and the browser has been compromised.

Answer 627

MITB attack

Question 628

What kind of attack is an MITM attack that intercepts data but replays
it at a later date.

Answer 628

Replay attack

Question 629

What can prevent a replay attack?

Answer 629

Kerberos

Question 630

What kind of attack is where an attacker gains access to the network via a vulnerable host.
It then attacks a critical server, such as a domain controller or a database server.
In a virtual world, this would be called VM Escape.

Answer 630

Pivoting

Question 631

What kind of attack is an attack that must be done locally and can redirect you to
another website similar to DNS poisoning.

Answer 631

ARP poisoning

Question 632

What attack is the theft of the MAC address of another
networked device, which is then used to gain access to the network; for example,
a wireless access point that uses MAC filtering.

Answer 632

MAC spoofing attack

Question 633

What attack is where an attacker floods a switch with Ethernet packets so
that it consumes the limited memory that a switch has? This can be prevented by
using an 802.1x managed switch with an AAA server.

Answer 633

MAC flooding

Question 634

If I install a freeware program that analyzes my computer and then finds 40,000
exploits and asks me to purchase the full version, what type of attack is this?

Answer 634

Because you have parted with the money, this is a subtle form of ransomware.

Question 635

Describe how a fileless virus operates.

Answer 635

A fileless virus piggybacks itself onto a legitimate application, and they both launch together. Using Malwarebytes would alert you of both launching at the same time.

Question 636

How does an attacker carry out credential harvesting?

Answer 636

by a phishing attack where you are warned that an account has been hacked, and it gives you a link to a website to resolve it. That way, when you try to log in, they collect your details.

Question 637

How is pretexting used in an attack?

Answer 637

Pretexting is where an attacker manufactures a scenario such as saying that there is suspicious activity on your account, and they ask you to confirm your account details. This way, they can steal them.

Question 638

How does an invoice scam work?

Answer 638

An attacker obtains the details of a legitimate invoice and sends the company reminders that it needs to be paid, but they substitute the bank details with their own.

Question 639

How does an attacker carry out password spraying?

Answer 639

An attacker works out what standard naming convention a company is using, and they then obtain the names of employees from the internet. They then try common passwords against those accounts.

Question 640

How does an attacker use a malicious USB drive?

Answer 640

An attacker leaves a malicious USB drive inside a company where it can be found. There is only one shortcut, so when the finder puts it in their computer to try and find the owner, they click on the only visible file and get infected.

Question 641

How does artificial intelligence tainting help attackers?

Answer 641

AI uses machine learning to teach the machine to think like a human and detect attacks. So if it is tainted, it will ignore attacks by the attackers.

Question 642

When I go to a restaurant, how can I protect myself against card cloning?

Answer 642

When you go to a restaurant, please ensure that the server does not disappear with your card; make sure it is always visible to you.

Question 643

What is an on-path attack?

Answer 643

An on-path attack is an interception attack, for example, a replay or man-in-the-middle attack.

Question 644

Why is operational technology vulnerable to attack?

Answer 644

Operational technology is where we have removed CCTV standalone systems that were air-gapped and we now use a fully integrated solution that is fully connected, leaving them vulnerable to attacks.

Question 645

What is crypto-malware?

Answer 645

An example of crypto-malware is ransomware where the victim’s hard drive is encrypted and held for ransom. It could also have popups

Question 646

What type of virus replicates itself and uses either ports 4444 or 5000?

Answer 646

A worm

Question 647

What type of virus inserts .dll into either the SysWOW64 or System32 folder?

Answer 647

A Trojan

Question 648

What is an RAT?

Answer 648

Remote Access Trojan; a Trojan that sends the user’s username and password to an external source so that a remote session can be created.

Question 649

What type of virus attacks the Windows/System32 folder on Windows, or the
Bash shell on Linux?

Answer 649

A rootkit

Question 650

How does a logic bomb virus work?

Answer 650

A logic bomb virus is triggered by an event.

Question 651

What is the purpose of a keylogger?

Answer 651

to record all the keystrokes being used.

Question 652

What is a botnet?

Answer 652

A group of computers that have been infected so that they can be used to carry out malicious acts without the real attacker being identified.

Question 653

Explain a phishing attack.

Answer 653

A phishing attack is when a user receives an email asking them to fill in a form requesting their bank details

Question 654

How does spear phishing differ from a phishing attack?

Answer 654

Spear phishing is a phishing attack that has been sent to a group of users.

Question 655

What is a whaling attack?

Answer 655

A whaling attack targets a CEO or high-level executive in a company.

Question 656

What type of attack can include leaving voicemail?

Answer 656

Vishing attack

Question 657

What is tailgating?

Answer 657

where someone has used a smart card or entered a pin to access a door, and then someone behind them passes through the door before it closes, entering no credentials

Question 658

What is social engineering?

Answer 658

Social engineering exploits an individual’s character in a situation that they are not used to. This is hacking the human, putting them under pressure to make a snap decision.

Question 659

What type of attack could involve dressing as a police officer?

Answer 659

Impersonation attack

Question 660

What type of attack is it if a fireperson arrives and you let them into the server room
to put out a fire?

Answer 660

A social engineering urgency attack.

Question 661

What type of attack is it if I am in an ATM queue and someone has their phone to
one side so that they can film the transaction?

Answer 661

Shoulder surfing attack

Question 662

What type of attack is distributing fake software?

Answer 662

Fake software that will not install is a hoax. An email alert telling you to delete a system file as it is a virus is also a hoax.

Question 663

What is a watering hole attack?

Answer 663

A watering hole attack infects a trusted website that a certain group of people visits regularly.

Question 664

What type of attack is it if I receive an email from my company’s CEO, telling me
to complete the form attached by clicking on a link in the email?

Answer 664

Authority attack

Question 665

One of my bosses asks me to give them information that one of my peers gave them
last week. I am not too sure, but I give them the information. What type of attack
is this?

Answer 665

Consensus attack

Question 666

What type of attack is a multiple SYN flood attack on a well-known website that
takes it down?

Answer 666

DDoS attack

Question 667

Explain a man-in-the-middle attack.

Answer 667

A MITM attack is an on-path attack where a connection between hosts is intercepted and the conversation is changed and then replayed, but the people involved still believe that they are talking directly to each other.

Question 668

How does a replay attack differ from a man-in-the-middle attack?

Answer 668

A replay attack is similar to a MITM attack but the intercepted packet is replayed at a later date.

Question 669

What type of attack is a man-in-the-middle attack using an SSL3.0 browser that uses
a CBC?

Answer 669

A POODLE attack is a MITM attack using an SSL3.0 browser that uses CBC.

Question 670

What type of attack is a man-in-the-browser attack?

Answer 670

a MITB attack is a Trojan that intercepts your session between your browser and the internet; it aims to obtain financial transactions.

Question 671

How can I prevent a replay attack in a Microsoft environment?

Answer 671

Kerberos Authentication uses USN and timestamps and can prevent a replay attack, as the USN packets and the timestamps need to be sequential.

Question 672

How can I prevent a pass-the-hash attack?

Answer 672

Enabling Kerberos or disabling NTLM would prevent a pass-the-hash attack.

Question 673

What type of attack uses HTML tags with JavaScript?

Answer 673

XSS uses HTML tags with Javascript.

Question 674

What type of exploit has no patches and cannot be detected by NIDS or NIPS?

Answer 674

A zero-day virus

Question 675

What is domain hijacking?

Answer 675

Domain Hijacking is where someone tries to register your domain, access your hosted control panel, and set up a website that is similar to yours.

Question 676

What is bluejacking?

Answer 676

Bluejacking is hijacking someone’s Bluetooth phone so that you can take control of it and send text messages.

Question 677

What is Bluesnarfing?

Answer 677

Bluesnarfing is when you steal someone’s contacts from their Bluetooth phone.

Question 678

What type of attack is a local attack and how can I prevent that attack?

Answer 678

An ARP attack is a local attack that can be prevented by using IPSec.

Question 679

For what type of attack would I use the strcpy tool?

Answer 679

strcpy can be used for a buffer overflow attack.

Question 680

What is an integer overflow attack?

Answer 680

An integer overflow inserts a number larger than what is allowed.

Question 681

What type of attack uses the phrase 1=1?

Answer 681

An attack that uses the phrase 1=1 is a SQL injection attack.

Question 682

Name two methods for preventing a SQL injection attack.

Answer 682

Input validation and stored procedures can prevent a SQL injection attack. Stored procedures are the best.

Question 683

What type of attack is session hijacking?

Answer 683

Session hijacking is where your cookies are stolen so that someone can pretend to be you.

Question 684

If I misspell a website but still get there, what type of attack is this?

Answer 684

Typosquatting is where an attacker launches a website with a similar name to a legitimate website in the hope that victims misspell the URL.

Question 685

What type of attack would I use shimming or refactoring for?

Answer 685

Shimming and refactoring are used for driver manipulation attacks.

Question 686

What type of system is susceptible to a birthday attack?

Answer 686

Digital signatures are susceptible to a birthday attack.

Question 687

What are rainbow tables?

Answer 687

Rainbow tables are pre-computed lists of passwords with the relevant hash in either MD5 or SHA-1

Question 688

How can I store passwords to prevent a dictionary attack?

Answer 688

Salting passwords inserts a random value and prevents dictionary attacks, as a dictionary does not contain random characters.

Question 689

Name two tools that can be used for key stretching.

Answer 689

bcrypt and PBKDF2

Question 690

What is the fastest password attack that can crack any password?

Answer 690

A brute-force attack is the fastest password attack that will crack any password, as it uses all combinations of characters, letters, and symbols.

Question 691

What is the only way to prevent a brute-force attack?

Answer 691

An account locked with a low value is the only way to prevent a brute-force attack.

Question 692

What can we do to slow down a brute-force attack?

Answer 692

If account lockout is not available, the best way to slow down a brute-force attack is to make the password length longer or to salt passwords.

Question 693

What type of authentication is the most prone to errors?

Answer 693

Using passwords for authentication is more prone to errors as certificates and smart cards don’t tend to have many errors.

Question 694

What is an evil twin?

Answer 694

An evil twin is a WAP that is made to look like a legitimate WAP.

Question 695

How can I prevent an attack by a rogue WAP?

Answer 695

Using an 802.1x authentication switch can prevent an attack by a rogue WAP, as the device needs to authenticate itself to attach to the switch.

Question 696

I am trying to use the internet, but my wireless session keeps crashing, what type of
attack is this?

Answer 696

A wireless disassociation attack is where the attack prevents the victim from connecting to the WAP.

Question 697

How close does an attacker need to be for an NFC attack?

Answer 697

An attacker needs to be within 4cm of a card to launch an NFC attack.

Question 698

What is a pivot?

Answer 698

A pivot is where you gain access to a network so that you can launch an attack on a secondary system.

Question 699

What is a vulnerability in relation to risk management?

Answer 699

A vulnerability is a weakness that an attacker could exploit.

Question 700

What is the purpose of BPA?

Answer 700

A BPA is used by companies in a joint venture and it lays out each party’s contribution, their rights and responsibilities, how decisions are made, and who makes them.

Question 701

What is multiparty risk?

Answer 701

A multi-party risk is where someone wins a contract and sub-contracts to a third party who could sabotage your systems.

Question 702

What is IP theft?

Answer 702

The is where your intellectual property has been stolen, for example, trade secrets, copyright, and patents.

Question 703

What is the difference between an MOU and an MOA?

Answer 703

A MOU is a formal agreement between two parties, but it is not legally binding, whereas a memorandum of agreement is similar but legally binding.

Question 704

What is tokenization and why is it stronger than encryption?

Answer 704

Tokenization is where data is replaced by a stateless token and the actual data is held in a vault by a payment provider.

Question 705

One of the junior members of the IT team installs more copies of a piece of software
than are allowed by the licenses that the company has purchased. What have
they just carried out?

Answer 705

He has carried out a software licensing compliance violation.

Question 706

What is the purpose of an ISA?

Answer 706

An Interconnection Security Agreement (ISA) states how connections should be made between two business partners. They decide on the type of connection and how to secure it; for example, they may use a VPN to communicate.

Question 707

How does the shadow IT threat actor operate and what type of attack could benefit
from their actions?

Answer 707

Shadow IT would connect their own computers to your network without your consent and could lead to pivoting.

Question 708

What is an inherent risk?

Answer 708

An inherent risk is a raw risk before it has been mitigated.

Question 709

What are the four stages of the information life cycle?

Answer 709

Creation, use, retention, and disposal.

Question 710

Why would you use STIX\TAXII?

Answer 710

They work together so that Cyber Threat Intelligence (CTI) can be distributed over HTTP.

Question 711

What is the benefit of introducing a separation of duties in the finance department?

Answer 711

We would ensure that nobody in the department carried out both parts of a transaction. For example, we would have one person collecting revenue and another person authorizing payments.

Question 712

What is the purpose of a risk register?

Answer 712

A risk register lays out all of the risks that a company faces; each risk will have a risk owner who specializes in that area and decides on the risk treatment.

Question 713

What is an impact assessment?

Answer 713

Impact assessment is where you evaluate the risk of collecting big data and what tools can be used to mitigate the risk of holding so much data.

Question 714

A company has a leak in the roof, and before it can be repaired, there’s heavy rain,
resulting in 6 laptops being water-damaged. What type of disaster is this?

Answer 714

Environmental Threat

Question 715

What is the purpose of job rotation?

Answer 715

Job rotation ensures that employees work in all departments so that if someone leaves at short notice or is ill, cover can be provided. It also ensures that any fraud or theft can be detected.

Question 716

What is the purpose of a privacy notice?

Answer 716

A privacy notice gives consent for data only to be collected and used for one specific purpose.

Question 717

What is data masking?

Answer 717

This is where data is stored, showing only portions of the data; for example you might see only the last four digits of a credit card, as follows: ** ** ** 1232

Question 718

If a company suffered a data breach, what would be the impact if one of their
customers suffered identity fraud?

Answer 718

The are most likely going to be sued by the customer.

Question 719

What is a SOC type 2 report and what is its distribution?

Answer 719

It deals with the effectiveness of controls and has limited access as it provides a detailed report about a company.

Question 720

What is the purpose of mandatory vacations?

Answer 720

Mandatory vacations ensure that an employee takes at least 5 days of holiday and someone provides cover for them; this also ensures that fraud or theft can be detected.

Question 721

Why would an auditor look for single items that could cause the failure of whole
computer systems?

Answer 721

He is measuring BIA as the most important factor to avoid is a single point of failure.

Question 722

What is the first stage in risk assessment?

Answer 722

The first stage in risk assessment is identifying and classifying an asset. How the asset is treated accessed, or sored is based on the classification.

Question 723

What type of threat intelligence does the Malware Information Sharing Project
provide?

Answer 723

The Malware Information Sharing Platform provides Open Source Intelligence (OSINT)

Question 724

Your company has carried out a tabletop exercise followed by a walk-through.
What type of plan has just been carried out?

Answer 724

This is an example of a functional recovery plan.

Question 725

Why would a company introduce a clean-desk policy?

Answer 725

A clean desk policy is to ensure that no documents containing company data are left unattended overnight.

Question 726

Why would someone use the website www.virustotal.com?

Answer 726

This is a code repository that holds information about malware signatures and code.

Question 727

If someone brought their own laptop to be used at work, apart from an on-boarding
policy, what other policy should be introduced?

Answer 727

Someone bringing their own laptop is called BYOD and this is governed by the onboarding policy and the AUP.

Question 728

What is the purpose of an exit interview?

Answer 728

An exit interview is to find out the reason why the employee has decided to leave. The information from an exit interview may help the employer improve their working conditions and therefore have a higher retention rate.

Question 729

What is the MITRE ATT&CK framework used for?

Answer 729

MITRE ATT&CK is a spreadsheet that shows group adversaries, which can be drilled down to see the attack methods and tools used by them.

Question 730

What is the purpose of GDPR?

Answer 730

GDPR was developed by the EU to protect an individual’s right to privacy.

Question 731

What type of hacker might participate in a bug bounty program?

Answer 731

Gray hat hacker as he is provided limited information.

Question 732

What do hackers that use tools from the dark web use to remain anonymous?

Answer 732

Tor software, The Onion Router, which has thousands of relays to prevent detection.

Question 733

What is the purpose of Capture the Flag exercises?

Answer 733

This is training for both red and blue teams where they capture a flag when they achieve each level of training. When they have completed all levels, they are fit to become full-blown red or blue team members.

Question 734

What is the purpose of risk avoidance?

Answer 734

When a risk is deemed too dangerous or high risk and could end in loss of life or financial loss, we would trat the risk with risk avoidance and avoid the activity.

Question 735

What is the purpose of risk transference?

Answer 735

Risk Transference is where the risk is medium to high and you wish to offload the risk to a third party, for example, insuring your car.

Question 736

Who uses AIS and what is its distribution?

Answer 736

Automated Indicator Sharing was invented by the US federal government to exchange data about cyber attacks from the state down to the local level.

Question 737

What is the purpose of the ISO standard 27701?

Answer 737

27701 was developed as a standard as an extension of 27001/27002 to be used for privacy information management.

Question 738

What are rules of behavior?

Answer 738

Rules of behavior are how people should conduct themselves at work to prevent discrimination or bullying.

Question 739

What is the purpose of IOCs?

Answer 739

IOC informs members of their IT security community of IP addresses, hashes, or URLs where they have discovered newly released malware.

Question 740

What is the motivation of a script kiddie?

Answer 740

A script kiddie wants to be on national news and TV as they seek fame.

Question 741

Why would a company run an annual security awareness training program?

Answer 741

Annual security awareness training advises employees of the risk of using email, the internet, and posting information on social media websites. It also informs employees of any new risks posed since the last training.

Question 742

What would happen if I tried to sell my car and sent an email about it to everyone
who worked in my company using my Gmail account?

Answer 742

Sending an email to everyone who works in your company using your Gmail account is a violation of the AUP and could lead to disciplinary action.

Question 743

Why would I make a risk assessment for one of my main suppliers?

Answer 743

A manufacturing company would carry out a supply chain risk assessment because they need a reputable supplier of raw materials so that they can manufacture goods.

Question 744

What is the driving force of a BIA?

Answer 744

Business impact analysis is just the money; it looks at the financial impact following an event.

Question 745

What is the relationship between the RPO and the RTO?

Answer 745

The Recovery Point Object (RPO) is the acceptable downtime that a company can suffer without causing damage to the company, whereas the Recovery Time Object (RTO) is the time it takes for the company to return to an operational state - this should be within the RPO

Question 746

What information can be established from an MTTR?

Answer 746

Mean Time to Repair (MTTR) is the average time it takes to repair a system, but in the exam, it could be seen as the time to repair a system and not the average time.

Question 747

What type of threat actor could damage a company’s production system?

Answer 747

A competitor would seek to damage your production systems and steal your trade secrets.

Question 748

What type of threat actor would demand payment from you or threaten to publish
customer information that you hold on social media?

Answer 748

Criminal syndicates would threaten you and demand payment as they are financially driven.

Question 749

What is the purpose of MTBF?

Answer 749

Mean Time Between Failure (MTBF) is the measurement of the reliability of a system.

Question 750

What is the purpose of SSAE?

Answer 750

SSAE assists CPA in carrying out the auditing of SOC reports.

Question 751

What is the purpose of SLE and how is it calculated?

Answer 751

Single Loss Expectancy (SLE) is the cost of the loss of one item; if I lose a tablet worth $1,000, then the SLE is $1,000.

Question 752

How can we calculate the ALE?

Answer 752

The Annual Loss Expectancy (ALE) is calculated by multiplying the SLE by the ARO (the number of losses per year). If I lose six laptops a year worth $1,000 each, the ALE would be $6,000.

Question 753

What is an embedded electronic system? Give two examples.

Answer 753

Embedded electronic systems have software embedded into the hardware; some use SoC. Examples are microwave ovens, gaming consoles, security cameras, wearable technology, Smart TV’s, medical devices, such as defibrillators, or self-driving cars.

Question 754

What is the purpose of a SCADA system?

Answer 754

SCADA systems are industrial control systems used in the refining of uranium, oil, or gas, or the purification of water.

Question 755

What category of device are Smart TV’s and wearable technology.

Answer 755

IoT devices

Question 756

What is home automation?

Answer 756

Home automation is where you can control the temperature, lighting, entertainment systems, alarm systems, and many appliances

Question 757

What is the purpose of SoC?

Answer 757

SoC is a low power integrated chip that integrates all of the components of a computer or electronic system. An example would be the controller for a defibrillator. Think of it as an OS stored on a small chip.

Question 758

If a process does not suffer buffer overflow but fails within a specific period of time and this causes the process to fail, what method am I using?

Answer 758

The Real-Time Operating System (RTOS) processes data as it comes in without any buffer delays. The process will fail if it is not carried out within a certain period of time.

Question 759

What is the most likely way an attacker would gain control of an MFP?

Answer 759

Through its network interface.

Question 760

What is the purpose of the security team controlling the HVAC in a data center?

Answer 760

`They can ensure that the temperature is regulated and the servers remail available. They also know which rooms are occupied based on the use of air conditioning and electricity.

Question 761

Someone at work has suffered a cardiac arrest, and the first aid delegate takes out a defibrillator that gives instructions on steps to take. What had been built into the device to give these instructions?

Answer 761

An SoC gives instructions on the steps to take when using a defibrillator; however, if it detects a pulse, it will not send a charge.

Question 762

Give an example of embedded systems that can be used with vehicles.

Answer 762

Self parking or self driving vehicles.

Question 763

What is a UAV? Give two examples.

Answer 763

Unmanned aerial vehicles are drones or small, model aircraft that can be sent t o areas where manned aircraft can not go. They can be fitted with a camera to record events or take aerial photographs; an example of these would be to determine the spread of a forest fire.

Question 764

What is the main problem with a race condition when using an application?

Answer 764

A race condition is when two threads of an application access the same data.

Question 765

What is the perfect way to set up error handling in an IT system?

Answer 765

The perfect way to set up error handling is for the user to get generic information but for the log files to include a full description of the error.

Question 766

Explain input validation and name three types of attacks that this could prevent.

Answer 766

Input Validation is where data that is in the correct format is validated prior to being inserted into the system. SQL injection, buffer overflow, and integer overflow are prevented by using input validation.

Question 767

How can I prevent a SQL injection attack other than with input validation?

Answer 767

Using stored procedures.

Question 768

What is the purpose of code signing?

Answer 768

Code singing confirms that the code has not been tampered with.

Question 769

What is the purpose of obfuscation?

Answer 769

Obfuscation is taking code and masking the data, making it obscure so that if it is stolen, it will not be understood. XOE and ROT13 could be used for obfuscation.

Question 770

What is dead code and how should it be treated?

Answer 770

Dead code is code that is never used but could introduce errors into the program life cycle; it should be removed.

Question 771

If I am an Android developer, what can I obtain from the internet to help me get an
application to market quickly?

Answer 771

Using a third-party library will help a developer obtain code from the internet to help make an application and get it to market quickly. There are many for Android and JavaScript.

Question 772

What is the purpose of a measured boot?

Answer 772

The measured boot logs information about the firmware and application and stores this log in the TPM chips. This can be used to check the health status of the host and anti-malware can check during the boot process that the software is trustworthy.

Question 773

What is needed for a secure boot – UEFI or BIOS?

Answer 773

UEFI is a modern version of the BIOS and is needed for a secure boot.

Question 774

If BitLocker is checking upon boot up that the software has not been tampered with,
what is this known as?

Answer 774

Checking the integrity of the software as it is being loaded is known as attestation.

Question 775

What is the purpose of an endpoint protection and response solution?

Answer 775

It is a centralized console that continuously monitors the computer and makes automatic alerts when a threat has been detected. It uses machine learning.

Question 776

Why do we use fingerprinting?

Answer 776

Fingerprinting is the deep analysis of a host.

Question 777

What type of firewall can act as an intrusion prevention device, a stateful firewall,
and can inspect encrypted SSL and HTTPS packets?

Answer 777

A NGFW has the ability to act as a stateful firewall by carrying out deep packet filtering.

Question 778

Why is tokenization deemed more secure than encryption?

Answer 778

Tokenization takes sensitive data, such as a credit card number, and replaces it with random data, so it cannot be reversed. Encryption can be reversed.

Question 779

What is the purpose of secure cookies?

Answer 779

We can set the secure flag on the website to ensure that cookies are only downloaded when there is a secure HTTPS session.

Question 780

What is the purpose of using HSTS?

Answer 780

HSTS ensures that the web browser only accepts secure connections and prevents XSS.

Question 781

When a developer wants to analyze code when it is running, what type of code
analyzer will they use?

Answer 781

They will use dynamic code analysis so that they can use fuzzing to test the code.

Question 782

What is the benefit of using the Docker tool to protect your registry?

Answer 782

The Docker tool allows you to isolate applications into a separate space called containers. The registry can now be isolated in a separate container, making it more secure.

Question 783

Why would a cybersecurity team change the SSD hard drives in the company’s
laptop to an Opal drive?

Answer 783

Opal is a self-encrypting drive where the encryption keys are stored on the hard drive controller and are therefore immune to a cold boot attack and are compatible with all operating systems. They do not have the vulnerabilities of software-based encryption. As a hardware solution, they outperform software solutions.

Question 784

As part of application development, when would you apply quality assurance?

Answer 784

Quality assurance is completed during the staging environment where users test the new application with real data.

Question 785

What RAID model has a minimum of three disks? How many disks can it afford
to lose?

Answer 785

RAID 5 has a minimum of 3 disks and you can afford to lose one disk without losing data.

Question 786

What RAID models has a minimum of four disks?

Answer 786

RAID 6 has a minimum of four disks.

Question 787

What is the difference between RAID 5 and RAID 6?

Answer 787

RAID 5 has single parity and can lose one disk, whereas RAID 6 has double parity and can lose two disks.

Question 788

Where will a diskless virtual host access its storage?

Answer 788

A diskless virtual host will get its disk space from a SAN.

Question 789

What types of disks does a SAN use?

Answer 789

A SAN will use fast disks, such as SSD’s.

Question 790

What is an example of cloud storage available to a personal user?

Answer 790

Cloud storage for personal users could be iCloud, Google Drive, Microsoft OneDrive, or Dropbox.

Question 791

At what stage of incident response procedures would you reduce the services
running on a computer on a domain controller that is infected with malware?

Answer 791

Eradication is where we remove viruses and reduce the services being used. It should be isolated, and this is the containment phase. The virus would be removed in the eradication phase, and then be placed back online. This is the recovery phase.

Question 792

During a disaster recovery exercise, the IRP team is given a scenario to respond to.
What type of exercise are they likely to carry out?

Answer 792

A simulation is where the IRP team is given a specific scenario to deal with.

Question 793

Why would a cybersecurity team use the MITRE ATT&CK Framework?

Answer 793

This is an aid to help prepare your business against different adversaries. You can drill down from an adversary into the tactics and techniques that they use. You can then take mitigation steps to avoid being attacked.

Question 794

What are the four key elements of the Diamond Model of Intrusion Analysis
framework?

Answer 794

Adversary, capabilities, infrastructure, and victims.

Question 795

Why are the roles and responsibilities of the IRP team important?

Answer 795

If they understand their roles and responsibilities, it can make them more effective when disaster happens.

Question 796

What type of file is created when your computer suffers a blue screen of death?

Answer 796

The contents of memory are saved in a dump file and this can be used to investigate the event.

Question 797

What is the purpose of SFlow?

Answer 797

It gives you clear visibility of network traffic patterns and can identify malicious traffic.

Question 798

What type of HTTP status code lets you know you have made a successful
connection to a web server?

Answer 798

An HTTP status code of “200 ok” lets you know that a successful connection has been made.

Question 799

What is the purpose of a SOAR system playbook?

Answer 799

Playbooks contain a set of rules to enable the SOAR to take preventative action as an event occurs.

Question 800

What is the benefit of network card teaming?

Answer 800

It can help load balance the network traffic and provide redundancy if one card fails.

Question 801

What is the purpose of a UPS?

Answer 801

The UPS is basically a battery that is a standby device so that when the computer power fails, it kicks in. It is designed to keep the system going for a few minutes to allow the server team to close the servers down gracefully. It can also be used to clean up the power coming from the National Grid, such as spikes, surges, and voltage fluctuations.

Question 802

What can be installed on a node of a SAN to provide redundancy?

Answer 802

Two Host Bus Adapters (HBA’s) on each node will give two separate paths to them.

Question 803

Why would a company use two different vendors for their broadband?

Answer 803

This would be vendor diversity, so that if one vendor had a disaster, the other would keep providing the broadband.

Question 804

What is the purpose of an incident response plan?

Answer 804

An incident response plan is written for a particular incident and lays out how it should be tackled and the key personnel required.

Question 805

Name three different categories of incident.

Answer 805

-Unauthorized access
-Loss of computers or data
-Loss of availability
-malware attack
-DDoS attack
-Power failure
-Natural Disasters
-Cybersecurity incidents

Question 806

Name three different roles required to deal with an incident.

Answer 806

Incident Response Manager
Security Analyst
IT auditor
Risk analyst
HR
Legal
Public Relations

Question 807

What should the help desk do when an incident has just been reported?

Answer 807

The help desk identifies the incident response plan required and the key personnel that need to be notified.

Question 808

What is the purpose of an incident response exercise?

Answer 808

An incident response exercise is for carrying out the incident response plan and planning for any shortfalls.

Question 809

What is the first phase of the incident response process and what happens there?

Answer 809

The first phase of the incident response is the preparation phase, where the plan is already written in advance of any attack.

Question 810

What is the last phase of the incident response process?

Answer 810

The last phase of the incident response process is lessons learned, where we review why the incident was successful.

Question 811

What would happen if the last process of the incident response process was not
carried out?

Answer 811

If we do not carry out lessons learned, the incident may re-occur. Lessons learned is a detective control where we try to identify and address any weaknesses.

Question 812

What happens during the containment phase of the disaster recovery process?

Answer 812

This is where we isolate or quarantine an infected machine.

Question 813

What happens during the eradication phase of the disaster recovery process?

Answer 813

This is where we remove malware and turn off services that we do not need.

Question 814

What happens during the recovery phase of the disaster recovery process?

Answer 814

This is where we put infected machines back online, restore data or reimage desktops,