Mom's Study Guide Flashcards

Question

What do you call controls implemented by the IT team to reduce the risk to the business?

Answer 1

Technical controls

Answer 2

Managerial Control

Answer 3

Managerial Control

Answer 4

Operational control

Answer 5

Operational control

Answer 6

Technical control

Answer 7

Technical Control

Answer 8

Technical control

Answer 9

Deterrent control

Answer 10

Deterrent control

Answer 11

Detective controls

Answer 12

Corrective controls

Answer 13

Compensating/Alternative/Secondary Controls

Answer 14

Preventative Controls

Answer 15

Discretionary Access Control

Answer 16

Mandatory Access Control (MAC)

Answer 17

Data Owner

Answer 18

Data Steward

Answer 19

Data Custodian

Answer 20

Security Administrator

Answer 21

Rule-based Access Control

Answer 22

Attribute-based Access Control

Answer 23

Owner, group, all other users

Answer 24

Physical Security Controls

Answer 25

Check the Certificate Revocation List

Answer 26

Online Certificate Status Protocol (OCSP)

Answer 27

OCSP Stapling/Certificate Stapling

Answer 28

CRL or OCSP

Answer 29

Certificate Signing Request (CSR)

Answer 30

Key Escrow

Answer 31

Hardware Security Module (HSM)

Answer 32

Data Recovery Agent (DRA)

Answer 33

Object Identifier (OID)

Answer 34

Self-Signed Certificates

Answer 35

Domain Validation Certificate

Answer 36

Subject Alternative Name (SAN)

Answer 37

Code Signing Certificates

Answer 38

Computer/Machine

Answer 39

User Certificate

Answer 40

Extended Validation

Answer 41

Wildcard Certificates

Answer 42

Encryption

Answer 43

Diffie Hellman (DH)

Answer 44

Advanced Encryption Standard (AES)

Answer 45

Data Encryption Standard (DES)

Answer 46

Triple DES (3DES)

Answer 47

Rivest Cipher 4 (RC4)

Answer 48

Exclusive OR (XOR)

Answer 49

Symmetric Encryption

Answer 50

Cipher Block Chaining (CBC)

Answer 51

Electronic Code Book (ECB)

Answer 52

Galois/Counter Mode

Answer 53

Counter Mode (CTR)

Answer 54

A superposition

Answer 55

One-way reversed.

Answer 56

Digital Signatures

Answer 57

Hashing data

Answer 58

Ephemeral Keys

Answer 59

Diffie Hellman Ephemeral (DHE) and Elliptic Curve Diffie Hellman Ephemeral (ECDHE)

Answer 60

2046 or lower

Answer 61

Hashing algorithm

Answer 62

Crypto module

Answer 63

Data-at-rest

Answer 64

Full Disk Encryption (FDE) and DLP

Answer 65

Full Disk Encryption

Answer 66

Full Disk Encryption

Answer 67

Obfuscation

Answer 68

Obfuscation

Answer 69

Perfect forward secrecy

Answer 70

Steganography

Answer 71

Homomorphic Encryption

Answer 72

Encrypt the data

Answer 73

L2TP/IPSec VPN Tunnel using AES

Answer 74

Mandatory Access control

Answer 75

Hash the data

Answer 76

ECC Elliptic Curve Cryptography

Answer 77

A CA has a root certificate, which it uses to sign keys

Answer 78

a Private CA for internal use only

Answer 79

A public CA

Answer 80

To prevent it from being compromised.

Answer 81

An architect

Answer 82

Certificate pinning

Answer 83

A bridge trust model

Answer 84

Web of Trust

Answer 85

by using a CRL

Answer 86

Certificate stapling/OCSP stapling is where a web server uses an OCSP for faster certificate authentication, bypassing the CRL

Answer 87

The key escrow stores and manages private keys for third parties.

Answer 88

A HSM is used by the key escrow as it securely stores and manages certificates.

Answer 89

When a user's private key becomes corrupt, the DRA recovers the data by obtaining a copy of the private key from the key escrow.

Answer 90

by its OID

Answer 91

A private certificate is in P12 format with a .pfx extension

Answer 92

A public certificate is in P7B format with a .cer extension

Answer 93

A PEM certificate is in Base64 format.

Answer 94

A wildcard certificate can be used on multiple servers in the same domain.

Answer 95

Code-signing software is similar to hashing the software and ensuring the integrity of the software.

Answer 96

it provides a higher level of trust for the X509; when it is used, the URL background turns green.

Answer 97

The Caesar cipher is a substitution cipher; each letter would be substituted by a letter four characters along in the alphabet.

Answer 98

Encryption is when plain text is taken and turned into ciphertext.

Answer 99

Symmetric encryption is used to encrypt large amounts of data as it uses one key.

Answer 100

DH is an asymmetric technique that creates a secure tunnel; during a VPN connection, it is used during the IKE phase and uses UDP port 500 to create the VPN tunnel.

Answer 101

Key exchange

Answer 102

Carol uses Bob's public key to encrypt the data, and then Bob will use his private key to decrypt the data.

Answer 103

George must obtain the old private key to decrypt the data as the encryption was done with a different key pair.

Answer 104

Janet will digitally sign the email with her private key and John will check its validity with Janet's public key, which he would have received in advance.

Answer 105

Integrity and Non-repudiation

Answer 106

ECC as it is small and fast and uses the DH handshake

Answer 107

bcrypt and PBKDF2

Answer 108

Key stretching salts the password being stores so that duplicate passwords are never stored, and it also increases the length of the keys to make things harder for a brute-force attack.

Answer 109

Streams encrypt one bit at a time and block ciphers take blocks of data. A block cipher will be used for large amounts of data.

Answer 110

CBC needs all of the blocks of data to decrypt the data; otherwise, it will not work.

Answer 111

Hashing ensures the integrity of data. MD5 and SHA-1

Answer 112

Encryption is used to protect data so that it cannot be reviewed or accessed.

Answer 113

A hash is a one-way function and cannot be reversed?

Answer 114

POODLE is a man-in-the-middle attack on a downgraded SSL 3.0 (CBC)

Answer 115

DHE and ECDHE are both ephemeral keys that are short-lived, one -time keys.

Answer 116

The strongest encryption for an L2TP/IPSec VPN tunnel is AES and the weakest is DES.

Answer 117

A session key ensures the security of communications between a computer and a server or a computer and another computer.

Answer 118

Data at rest on a laptop is protected by FDE.

Answer 119

Data at rest on a tablet or smartphone is protected by FDE

Answer 120

Data at rest on a backend server is stored on a database, so it needs database encryption.

Answer 121

Data at rest on a USB flash drive or external hard drive is done via FDE

Answer 122

Data in transit could be secured using TLS, HTTPS, or an L2TP/IPSec tunnel.

Answer 123

Data in use could be protected by full memory encryption

Answer 124

Obfuscation is used to make the source code look obscure so that if it is stolen, it can not be understood. It masks the data and could use either XOR or ROT13 to obscure the data.

Answer 125

Perfect forward secrecy ensures that there is no link between the server's private key and the session key. If the VPN server's key was compromised, it could not decrypt the session.

Answer 126

A collision attack

Answer 127

Rainbow tables are a list of precomputed words showing their hash value. You will get rainbow tables for MD5 and different rainbow tables for SHA-1.

Answer 128

Steganography is used to conceal data; you can hide a file, image, video, or audio, inside another image, video, or audio file.

Answer 129

DLP prevents sensitive or PII information from being emailed out of a company of being stolen from a file server using a USB device.

Answer 130

Salting a password ensures that duplicate passwords are never stored and makes things more difficult for brute-force attacks by increasing the key size. It appends the salt to the password making it longer than before hashing.

Answer 131

Identity, Authentication, Authorization, and Accounting.

Answer 132

Identify Provider (IdP)

Answer 133

A user account

Answer 134

Guest Account

Answer 135

Sponsored guest account

Answer 136

Privilege Account

Answer 137

Administrative account

Answer 138

Administrative accounts

Answer 139

Service Account

Answer 140

Shared Account

Answer 141

Generic Accounts

Answer 142

Common Access Card (CAC)

Answer 143

Personal Identity Verification (PIV)

Answer 144

IEEE 802.1x

Answer 145

Geofencing

Answer 146

Geofencing

Answer 147

Context-aware location

Answer 148

Smart phone location services

Answer 149

Impossible Time Travel

Answer 150

Risky Login

Answer 151

Javascript Object Notation Web Token (JWT)

Answer 152

Static Codes

Answer 153

Password Keys

Answer 154

Password Vault

Answer 155

Trusted Platform Module (TPM)

Answer 156

Hardware Security Module (HSM)

Answer 157

Knowledge-Based Authentication

Answer 158

Extensible Authentication Protocol (EAP)

Answer 159

Protected Extensible Authentication Protocol (PEAP)

Answer 160

EAP-FAST (Flexible Authenticate via Secure Tunneling)

Answer 161

Microsoft's RADIUS and CISCO's TACACS+

Answer 162

RADIUS server

Answer 163

secret key/session key/share secret

Answer 164

Remote Access Services (RAS)

Answer 165

Password Authentication Protocol (PAP)

Answer 166

Challenge Handshake Authentication Protocol (CHAP)

Answer 167

Privilege Access Management

Answer 168

Mandatory Access Control (MAC)

Answer 169

Rule-based Access Control

Answer 170

Attribute-based Access Control

Answer 171

Network Time Protocol server

Answer 172

Federation Services

Answer 173

Federation services

Answer 174

Shibboleth

Answer 175

Security Assertion Mark-up Language (SAML)

Answer 176

Open ID Connect

Answer 177

Security Information and Event Management

Answer 178

Discovery service query

Answer 179

Password history

Answer 180

Password Reuse

Answer 181

Maximum Password Age

Answer 182

A Password

Answer 183

Change the default username and password

Answer 184

The number of passwords you can use before you can reuse your current password

Answer 185

Set up password history

Answer 186

Uppercase and lowercase letters, numbers, and special characters not used in programming

Answer 187

Set up an account lockout with a low value

Answer 188

Multi-factor or dual factor

Answer 189

A password, Pin, and date of birth are all factors that you know; therefore it is single-factor.

Answer 190

where you use a part of your body or voice for authentication

Answer 191

Federated services

Answer 192

Security Assertion Markup Language

Answer 193

A small open source Federation Services protocol.

Answer 194

CN=Fred OU=IT DC=Company DC=Com

Answer 195

A Ticket-Granting Ticket process is where a user logs in to an Active Directory domain using Kerberos authentication and receives a service ticket.

Answer 196

where a user inserts their credentials only once and accesses different resources without needing to re-enter the credentials. Kerberos, Federation services, or a smart card.

Answer 197

Pass-the-hash attacks exploit older systems such as Microsoft NT4.0, which uses NT LAN Manager. You can prevent this by enabling Kerberos or disabling NTLM.

Answer 198

OpenID connect is where you access a device or portal using your Facebook, Twitter, Google, or Hotmail credentials. The portal itself does not manage the account

Answer 199

Microsoft RADIUS, using port 1812 and Cisco TACACS+ and uses TCP port 49

Answer 200

Accounting is an AAA server where they log the details of when someone logs in and logs out; this can be used for billing purposes. Accounting is normally logged into a database such as SQL. RADIUS accounting used UDP port 1813.

Answer 201

A VPN solution creates a secure connection from a remote location to your corporate network or vice versa. The most secure tunneling protocol is L2TP/IPSec.

Answer 202

PAP authentication uses a password in clear text; this could be captured easily by a packet sniffer.

Answer 203

An iris scanner is a physical device used for biometric authentication.

Answer 204

Facial recognition could be affected by light or turning your head slightly to one side; some older facial recognition systems accept photographs.

Answer 205

Type II in biometric authentication is Failure Acceptance Rate, where people that are not permitted to access your network are given access.

Answer 206

HOTP is a one time password that does not expire until it used.

Answer 207

A CAC is used by the military and has a picture and the details of the user on the front, as well as their blood group and Geneva convention category on the reverse side.

Answer 208

IEE802.1x is port-based authentication that authenticates both users and devices.

Answer 209

A service account is a type of administrative account that allows an application to have a higher level of privileges to run on a desktop or server.

Answer 210

2 accounts: a user account for day-to-day tasks, and an administrative account for administrative tasks.

Answer 211

You should rename the default admin account and change the default password to prevent someone from using it to hack into your home.

Answer 212

An account with administrative rights

Answer 213

When monitoring and auditing are carried out, the employees responsible cannot be traced from more than one person shared accounts.

Answer 214

Default accounts and passwords for devices and software can be found on the internet and used to hack your network or home devices.

Answer 215

They are using a standard naming convention.

Answer 216

You need to disable his account and reset the password

Answer 217

An audit of user accounts and permissions that is usually carried out by an auditor. This is also referred to as a user account review.

Answer 218

A user account review ensures that old accounts have been deleted and that all current users have the appropriate access to resources and not a higher level of privilege.

Answer 219

A SIEM system can carry out active monitoring and notify the admin or any changes to user accounts or logs

Answer 220

Either change management or a new policy will be put in place to rectify any area not conforming to company policy.

Answer 221

The contractor's account should have an expiry date equal to the last day of the contract.

Answer 222

Rule-based access should be adopted so that the contractors can access the company network between 9am and 5pm daily.

Answer 223

Time and day restrictions should be set up against each individual's user account matching their shift pattern.

Answer 224

Account lockout with a low value will prevent brute-force attacks.

Answer 225

Create a group called IT apprentices, and then add the apprentices accounts to the group Give the group read access to the IT data.

Answer 226

The credential manager can be used to store generic and Windows 10 accounts. The user therefore does not have to remember the account details.

Answer 227

The company should have disabled the account and reset the password. A user account review needs to be carried out to find accounts in a similar situation.

Answer 228

To copy and install the public key on the SSH server and add to the list of authorized keys.

Answer 229

Risky login

Answer 230

A password vault is an application that stores passwords using an AES-256 encryption and it is only as secure as the master key.

Answer 231

A dynamic KBA that would ask you details about your account that are not previously stored questions.

Answer 232

FAR allows unauthorized user access, and FRR rejects authorized user access.

Answer 233

Privileged Access Management is a solution that stores the privileged account in a bastion domain to help protect them from attack?

Answer 234

Some people don't realize that there are generic accounts controlling the devices that make them vulnerable to attack.

Answer 235

Some devices being used do not belong to a domain so every connection should be considered unsafe.

Answer 236

Biometric authentication allows unauthorized users access to the system.

Answer 237

Elasticity allows you to increase and decrease cloud resources as you need them.

Answer 238

IaaS requires you to install the OS and patch the machines. The CSP provides bare-metal computers.

Answer 239

SaaS is a custom application written by a vendor and you cannot migrate to it.

Answer 240

No capital expenditure.

Answer 241

Private cloud

Answer 242

Public Cloud

Answer 243

A community cloud is where people from the same industry, such as a group of lawyers, design and share the cost of bespoke application and its hosting, making it cost-effective.

Answer 244

The CSP is responsible for the hardware fails.

Answer 245

The CASB ensures that the policies between on-premises and the cloud are enforced.

Answer 246

On-premises is where you own the building and work solely from there.

Answer 247

A hybrid cloud is where a company is using a mixture of on-premises and the cloud.

Answer 248

Distributive allocation is where the load is spread evenly across a number of resources, ensuring no one resource is over-utilized. An example of this is using a load balancer.

Answer 249

SECaaS provides secure identity management.

Answer 250

A diskless virtual host will get its disk space from an SAN

Answer 251

A VLAN on an SAN will use an iSCSI connector.

Answer 252

A SAN will use fast disks, such as SSDs

Answer 253

A host holds a number of virtual machines - it needs fast disks, memory, and CPU cores.

Answer 254

A guest is a virtual machine, for example, a Windows 10 virtual machine. A snapshot can be used to roll back to a previous configuration.

Answer 255

Sandboxing is where you isolate an application for patching or testing because it is dangerous. A chroot jail is for sandboxing in a Linux environment.

Answer 256

A snapshot is faster at recovering than any other backup solution.

Answer 257

A Type 1 hypervisor is a bare-metal hypervisor (requires no OS). Some examples are Hyper-V, ESX, and Xen.

Answer 258

A Type 2 hypervisor is a hypervisor that sits on top of an operating system, for example, VirtualBox, which could be installed on a Windows 10 desktop.

Answer 259

HVAC keeps the servers cool by importing cold air and exporting hot air. If a servers CPU overheats, it will cause the server to crash.

Answer 260

A community cloud is where people from the same industry share resources.

Answer 261

Cloud storage for personal users could be iCloud, Google Drive, Microsoft OneDrive, or Dropbox

Answer 262

Fog computing is an intermediary between the device and the cloud. It allows the data to be processed closer to the device. It reduces latency and cost.

Answer 263

It allows data storage to be closer to the sensors rather than miles away in a data center.

Answer 264

A container allows the isolation of the applications and its files and libraries so that the application is independent.

Answer 265

Infrastructure as code allows you to automate your infrastructure, for example, using PowerShell DSC.

Answer 266

The is the combination of business and IT functions into a single business solution.

Answer 267

These are the policies that state the actions and access levels someone has in relation to a particular resource.

Answer 268

This is where a virtual machine or host has run out of resources. The best way to avoid this is to use thin provisioning.

Answer 269

VM escape is where an attacker will use a vulnerable virtual machine to attack the host of another virtual machine. The best protection against this attack is to ensure that the hypervisor and all virtual machines are fully patched.

Answer 270

A cloud region consists of multiple physical locations called zones; data can be spread across multiple zones for redundancy.

Answer 271

Secrets management uses a vault to store keys, passwords, tokens, and SSH keys used for privilege accounts. It uses RSA 2048-bit keys to protect the secret management access key.

Answer 272

LRS replicates 3 copies of your data to a single physical location. This is the cheapest option. ZRS is where three copies of the data are replicated to 3 separate zones within your region.

Answer 273

They would be used as a form of network segmentation.

Answer 274

Resources that need access to the internet, for example, company web servers. A NAT gateway and an internet gateway would also be on these subnets.

Answer 275

Resources that should not have direct internet access, such as database servers, domain controllers, and email servers.

Answer 276

A VPN connection using L2TP/IPSec should be used to connect to a VPC.

Answer 277

The default rout of 0.0.0.0 should be pointing to either the NAT gateway or the internet gateway. When network traffic does not know where to go, it will be sent to the default route as a last resort.

Answer 278

The third-party tools will offer more flexibility.

Answer 279

The white box tester can access the source code.

Answer 280

It would prevent you from monitoring or auditing an individual.

Answer 281

The gray box pen tester would be given at least one piece of information; normally they get limited data.

Answer 282

Rules of engagement must be established.

Answer 283

He would have regular meetings with the client, who would tell him if he has been discovered.

Answer 284

The scope determines whether the pen test is black, gray, or white.

Answer 285

The pen tester would give the internal IT team their IP address so that they can establish whether or not it is the pen tester or an attacker.

Answer 286

The credentialed scan has more permissions than a non-credentialed one and has the ability to audit, scan documents, check account information, check certificates, and provide more accurate information.

Answer 287

The cleanup phase is where the systems are returned back to the original state.

Answer 288

Open source intelligence; this is legal intelligence that is obtained from the public domain.

Answer 289

They fulfill the role of the attacker.

Answer 290

They fulfill the role of the defender.

Answer 291

They organize and judge the cybersecurity events, ensure reports are accurate and the correct countermeasures are recommended.

Answer 292

They carry out the roles of both the red and blue teams; these are external consultants or auditors.

Answer 293

You must deal with the most critical vulnerabilities first.

Answer 294

When a monitoring system and manual inspection differ. For example, a SIEM system says there is an attack, and a manual inspection confirms that there is no attack.

Answer 295

When a monitoring system and manual inspection agree on events.

Answer 296

An intrusive scan will cause damage whereas a non-intrusive scan is passive and wont cause damage.

Answer 297

Regression testing is where a coding expert checks the code written for an application to ensure that there are no flaws.

Answer 298

Dynamic analysis is evaluating a program where it is running in real time.

Answer 299

The syslog server collects data from various sources in an event logging database. It filters out legitimate events and forwards the rest of the data to the SIEM server for further analysis.

Answer 300

A SIEM server puts events into chronological order. If the clocks are not synchronized, then events cannot be put into sequential order.

Answer 301

The IT team carries out threat hunting in their own systems to try and discover whether they have been subjected to a cyber attack.

Answer 302

TCP and UDP

Answer 303

The main difference between the two is that TCP is connection-oriented as it uses a three-way handshake, and UDP is faster but less reliable as it is connectionless.

Answer 304

FTP on port 20

Answer 305

FTP on port 21, Passive FTP

Answer 306

The transfer is done in clear test, so a packet sniffer could view the information. It could be replaced by SFTP or FTPS.

Answer 307

the session is in clear text and not secure. SSH has replaced it.

Answer 308

The host file

Answer 309

DNS Server

Answer 310

Root server

Answer 311

Media Gateway

Answer 312

SCP (Secure Copy Protocol)

Answer 313

Tunnel Mode

Answer 314

Transport mode

Answer 315

Trivial FTP

Answer 316

SSH, SCP, SFTP

Answer 317

HTTPS, TLS, SSL

Answer 318

IMAP4 and S/MIME

Answer 319

Port security

Answer 320

Flood Guard

Answer 321

Spanning Tree Protocol

Answer 322

When using Kerberos authentication, a TGT session is established, where the user obtains an encrypted service ticket. Kerberos uses USN and timestamps to prevent replay attacks.

Answer 323

IPSec in tunnel mode is used with an L2TP/IPSec VPN session where both the AH and ESP are encrypted.

Answer 324

IPSec in transport mode is server to server on a LAN where only the ESP is encrypted.

Answer 325

SSH is a secure protocol that replaces Telnet.

Answer 326

A router connects external networks and routes IP packets.

Answer 327

A switch is an internal device connecting computers being used in the same location.

Answer 328

A subscription service where the user pays a monthly fee.

Answer 329

Port security is where a port on a switch is disabled to prevent someone from using a particular wall jack.

Answer 330

802.1x authenticates users and devices connecting to a switch. Normally the user or a device has a certificate to authenticate them without the need to disable ports on the switch. An unauthorized user is prevented from using the port as they have no certificate.

Answer 331

The three portions of a distinguished name from left to right are CN, OU, and then DC.

Answer 332

DNSSEC, which produces RRSIG records that prevent DNS poisoning.

Answer 333

A computer might not receive an IP address from a DHCP server due to resource exhaustion or network connectivity.

Answer 334

An NTP server to keep the clock times on the hosts up to date.

Answer 335

Spanning Tree Protocol prevents switches form looping, which slows the switch down.

Answer 336

SMTP v3 to securely collect the status and reports from network devices.

Answer 337

AES is the strongest protocol for an L2TP/IPSec VPN as it can use 256 bits

Answer 338

A pass-the-hash attack is a hash collision attack against NLTM authentication. Kerberos prevents this attack.

Answer 339

TLS protects data in transit.

Answer 340

LDAP uses TCP port 389 and is used to manage directory services. It can be replaced by LDAPS TCP port 636, which is more secure.

Answer 341

The format is NETBIOS, the host is called Ian;<00> indicates the workstation service and <20> indicates the server service.

Answer 342

FTPS is used to transfer large files as it uses two ports: 989/990

Answer 343

Tap/Port Mirror

Answer 344

a honeypot

Answer 345

Proxy server

Answer 346

Jump server/jump host/jump box

Answer 347

Network load balancer

Answer 348

Remote Access Server

Answer 349

L2TP/IPSec

Answer 350

Secure Socket Layer (SSL) VPN

Answer 351

Tunnel mode

Answer 352

Transport Mode

Answer 353

VPN concentrator

Answer 354

Split tunneling

Answer 355

Software-Defined Networking

Answer 356

Screened Subnet

Answer 357

Host Health checks (HAuth)

Answer 358

DNS poisoning

Answer 359

Hosts file

Answer 360

Fingerprinting

Answer 361

Footprinting

Answer 362

Internet Control Message Protocol (ICMP)

Answer 363

Continuous Ping

Answer 364

Tracert/Traceroute

Answer 365

brings back the DNS details on all mail servers in the domain

Answer 366

ipconfig (windows)/ip/ifconfig (Linux)

Answer 367

ipconfig/flushdns

Answer 368

IP scanners

Answer 369

The Harvester

Answer 370

Anti-virus/Advanced Malware Tools

Answer 371

File Integrity Checker

Answer 372

File Checksum Integrity Verifier (FCIV)

Answer 373

Concatenate (Cat)

Answer 374

Protocol Analyzer/Packet sniffer

Answer 375

Exploitation Framework tools

Answer 376

Copying the entire disk /dev/sda to /dev/sdb

Answer 377

Taking the disk /dev/sda and making it into a disk image.

Answer 378

Blue screen review or memdump (linux)

Answer 379

FTK imager

Answer 380

the password

Answer 381

Password Crackers

Answer 382

Subnet masks

Answer 383

an APIPA address starting with 169.254.x.x.

Answer 384

Public addresses

Answer 385

Link Local

Answer 386

Unique Local

Answer 387

Removing leading zeros and replacing a number of blocks of 0000 with a double colon.

Answer 388

CIDR blocks for each network

Answer 389

The web application firewall is normally installed on a web server as its job is to protect web applications from attack.

Answer 390

Implicit Deny is used by both the firewall and the router. If there is no allow rule they get the last rule which is deny all. This is known as Implicit Deny.

Answer 391

UTM is a firewall that provides value for money as it can provide URL filtering, content filtering, and malware inspection as well as firewall functionality.

Answer 392

A router connects different networks together and works at Layer 3 of the OSI reference model (Network Layer)

Answer 393

A switch connects users on an internal network, normally in a star topology.

Answer 394

A NAT hides the internal network from those on the external network.

Answer 395

An inline NIPS is where the incoming traffic passes through and is screened by the NIPS.

Answer 396

A Host-Based IPS is installed inside the guest virtual machine to protect it from attacks.

Answer 397

A Network-based IPS is placed behind the firewall as an additional layer of security. The firewall prevents unauthorized access to the network.

Answer 398

A NIPS can passively monitor the network as it can fulfill the functionality of a NIDS if there is no NIDS on your network.

Answer 399

A signature-based NIDS works off a known database of variants, whereas an anomaly-based one starts with the database and can learn about new patterns or threats.

Answer 400

A passive device that sits inside your network is a NIPS

Answer 401

If one of the monitoring systems reports a virus and you manually check and find no virus, this is known as a false positive.

Answer 402

You should enable port security. This would prevent further use of the wall jack.

Answer 403

You would enable 802.1x on the switch itself to ensure that the device is authenticated before using the port.

Answer 404

A managed switch uses 802.1x, which authenticates the device but does not disable the port when port security merely disables the port. 802.1x is therefore more functional.

Answer 405

Web caching on a web server keeps copies of the web pages locally, ensuring faster access to the web pages and preventing the need to open a session to the internet.

Answer 406

The purpose of a VPN is to create a tunnel across unsafe networks from home or a hotel to the workplace.

Answer 407

In the IKE phase of an IPSec session, Diffie Hellman using port 500 sets up a secure session before the data is transferred.

Answer 408

To set up a secure session for a VPN

Answer 409

The most secure VPN tunnel is L2TP/IPSec, which uses AES encryption for the ESP.

Answer 410

IPSec in tunnel mode is used across the internet or external networks, and IPSec in transport mode is used between hosts internally.

Answer 411

When setting the site-to-site VPN, it should be used in always-on mode as opposed to dial-on-demand.

Answer 412

A load balancer should be used to manage a high volume of web traffic as it sends the requests to the least-utilized node that is healthy.

Answer 413

SDN is used in a virtual environment when the routing requests are forwarded to a controller.

Answer 414

The screened subnet is a boundary layer that hosts an extranet server; it is sometimes known as the extranet zone. It used to be called the DMZ.

Answer 415

If you set up a honeypot, which is a website with lower security, you will be able to monitor the attack methods being used and then be able to harden your actual web server against potential attacks.

Answer 416

Network access control ensures that devices connecting to your network are fully patched. There are two agents: one that is permanent and another that is dissolvable that is for single use.

Answer 417

A SIEM server can correlate log files from many devices and notify you of potential attacks.

Answer 418

If data is backed up to a Write-Once Read-Many (WORM) drive, the data cannot be deleted or altered.

Answer 419

A port mirror can make a copy of the data going to a port and divert it to another device for analysis. A tap is another device that can be used for the same purpose. However, a tap is more expensive.

Answer 420

DNSSEC creates RRSIG records for each DNS host and a DNSKEY record used to sign the KSK or ZSK.

Answer 421

An IPSec packet that has the authenticated header that uses either SHA-1 or MD5 and an Encapsulated Payload that uses DES, 3DES, or AES.

Answer 422

If you cannot get an IP address from a DHCP server, you would receive a 169.254.x.x IP address. This is known as APIPA. This could be caused by network connectivity or resource exhaustion.

Answer 423

It is an IP version 6 address and you can simplify it by changing the leading zeros to 2001:123A: :ABC0:AB:DCS:23.

Answer 424

An HTML5 VPN has no infrastructure to be set up as it uses certificates for encryption.

Answer 425

Tunnel mode used externally

Answer 426

To allow a remote SSH session to a device or a virtual machine in a screened subnet or the cloud.

Answer 427

This is where the host is sent to the same server for the session.

Answer 428

Both of the load balancers are working close to capacity and if one of these load balancers fail, then the users would find that the traffic is slower.

Answer 429

A VLAN can be used for departmental isolation on the same switch.

Answer 430

East-West traffic moves laterally between servers within a data center.

Answer 431

A zero-trust network is where nothing is trusted, and every user or device must prove their identity before accessing the network. This would be used in the cloud.

Answer 432

Angry IP is an IP scanner that would scan an IP range to determine hosts that are active or inactive.

Answer 433

curl or nmap could be used for banner grabbing.

Answer 434

The harvester tool is used to collect the email addresses of a particular domain from search engine such as Google.

Answer 435

They can use the dnsenum tool

Answer 436

It allows anonymous port scanning so that it cannot be traced back to you.

Answer 437

You could use the tool called cuckoo to carry out this activity.

Answer 438

This is to prevent rogue DHCP servers from operating openly on your network.

Answer 439

It could be resource exhaustion, where the DHCP server has run out of IP addresses or it could be network connectivity between the client and the DHCP server.

Answer 440

Fat controller

Answer 441

Thin Controllers

Answer 442

We insert the MAC address into MAC filtering, then only those devices with a MAC address will be allowed access.

Answer 443

Channel 11

Answer 444

The overlap of adjacent channels and interference.

Answer 445

Open System Authentication

Answer 446

Wired Equivalent Privacy (WEP)

Answer 447

Wi-Fi Protected Access

Answer 448

Geofencing

Answer 449

Geolocation

Answer 450

Sideloading

Answer 451

Visitors and employees on their lunchtime break

Answer 452

The FAT wireless controller is standalone; it has its own setting and DHCP addresses configured locally A thin wireless controller pushes out the setting to multiple WAP's.

Answer 453

The WAP master password is the admin password, and it should be encrypted to protect it.

Answer 454

Wi-Fi analyzers can troubleshoot wireless connectivity and discover the SSID inside a packet going to the WAP.

Answer 455

MAC filtering controls who can access a WAP. If your MAC address is not added to the WAP, then you are denied access.

Answer 456

To prevent interference by overlapping the wireless channels.

Answer 457

He would ensure that the WAP's are placed where there is no interference.

Answer 458

No, because it is not secure.

Answer 459

WEP is the weakest as it only has 40-bit encryption.

Answer 460

You are giving them the Pre-shared Key.

Answer 461

It is WPA2-CCMP as it uses AES encryption that is 128 bits.

Answer 462

Simultaneous Authentication of Equals (SAE) replaces the PSK; it is more secure as the password is never transmitted, and it is immune to offline attacks.

Answer 463

Wi-Fi Enhanced Open is the WPA3 equivalent of Open System Authentication; it does not use a password and prevents eavesdropping.

Answer 464

This is WAP3 as it has AES encryption up to 256 bit, whereas WPA2 only uses 128 bit encryption.

Answer 465

With WPS, you push the button to connect to the wireless network. It is susceptible to a brute-force attack as it has a password stored on the device.

Answer 466

A captive portal can ask you to agree to an AUP and provide additional validation, such as your email address or Facebook or Google account details.

Answer 467

Wi-Fi Easy Connect makes it very easy to connect to IoT devices such as a smartphone by simply using a QR code.

Answer 468

A certificate on the endpoint as TLS needs an x509 certificate.

Answer 469

They have violated the Acceptable Use Policy (AUP)

Answer 470

If they adopt BYOD, they might have to support hundreds of different devices, whereas if they adopt CYOD, there would be a limited number of devices to make support easier.

Answer 471

You could use your cellular phone as a hotspot.

Answer 472

You should remote wipe it.

Answer 473

You should use screen locks and strong passwords, and use FDE to protect the data at rest.

Answer 474

You could tag the laptops and set up geofencing to prevent thefts. RFID is another option.

Answer 475

You could segment the data using storage segmentation or containerization.

Answer 476

To segment business data and prevent applications outside of the Knox container from accessing resources inside the container.

Answer 477

Spraying attack

Answer 478

MITB attack

Answer 479

Replay attack

Answer 480

ARP poisoning

Answer 481

MAC spoofing attack

Answer 482

MAC flooding

Answer 483

Because you have parted with the money, this is a subtle form of ransomware.

Answer 484

A fileless virus piggybacks itself onto a legitimate application, and they both launch together. Using Malwarebytes would alert you of both launching at the same time.

Answer 485

by a phishing attack where you are warned that an account has been hacked, and it gives you a link to a website to resolve it. That way, when you try to log in, they collect your details.

Answer 486

Pretexting is where an attacker manufactures a scenario such as saying that there is suspicious activity on your account, and they ask you to confirm your account details. This way, they can steal them.

Answer 487

An attacker obtains the details of a legitimate invoice and sends the company reminders that it needs to be paid, but they substitute the bank details with their own.

Answer 488

An attacker works out what standard naming convention a company is using, and they then obtain the names of employees from the internet. They then try common passwords against those accounts.

Answer 489

An attacker leaves a malicious USB drive inside a company where it can be found. There is only one shortcut, so when the finder puts it in their computer to try and find the owner, they click on the only visible file and get infected.

Answer 490

AI uses machine learning to teach the machine to think like a human and detect attacks. So if it is tainted, it will ignore attacks by the attackers.

Answer 491

When you go to a restaurant, please ensure that the server does not disappear with your card; make sure it is always visible to you.

Answer 492

An on-path attack is an interception attack, for example, a replay or man-in-the-middle attack.

Answer 493

Operational technology is where we have removed CCTV standalone systems that were air-gapped and we now use a fully integrated solution that is fully connected, leaving them vulnerable to attacks.

Answer 494

An example of crypto-malware is ransomware where the victim's hard drive is encrypted and held for ransom. It could also have popups

Answer 495

Remote Access Trojan; a Trojan that sends the user's username and password to an external source so that a remote session can be created.

Answer 496

A logic bomb virus is triggered by an event.

Answer 497

to record all the keystrokes being used.

Answer 498

A group of computers that have been infected so that they can be used to carry out malicious acts without the real attacker being identified.

Answer 499

A phishing attack is when a user receives an email asking them to fill in a form requesting their bank details

Answer 500

Spear phishing is a phishing attack that has been sent to a group of users.

Answer 501

A whaling attack targets a CEO or high-level executive in a company.

Answer 502

Vishing attack

Answer 503

where someone has used a smart card or entered a pin to access a door, and then someone behind them passes through the door before it closes, entering no credentials

Answer 504

Social engineering exploits an individual's character in a situation that they are not used to. This is hacking the human, putting them under pressure to make a snap decision.

Answer 505

Impersonation attack

Answer 506

A social engineering urgency attack.

Answer 507

Shoulder surfing attack

Answer 508

Fake software that will not install is a hoax. An email alert telling you to delete a system file as it is a virus is also a hoax.

Answer 509

A watering hole attack infects a trusted website that a certain group of people visits regularly.

Answer 510

Authority attack

Answer 511

Consensus attack

Answer 512

DDoS attack

Answer 513

A MITM attack is an on-path attack where a connection between hosts is intercepted and the conversation is changed and then replayed, but the people involved still believe that they are talking directly to each other.

Answer 514

A replay attack is similar to a MITM attack but the intercepted packet is replayed at a later date.

Answer 515

A POODLE attack is a MITM attack using an SSL3.0 browser that uses CBC.

Answer 516

a MITB attack is a Trojan that intercepts your session between your browser and the internet; it aims to obtain financial transactions.

Answer 517

Kerberos Authentication uses USN and timestamps and can prevent a replay attack, as the USN packets and the timestamps need to be sequential.

Answer 518

Enabling Kerberos or disabling NTLM would prevent a pass-the-hash attack.

Answer 519

XSS uses HTML tags with Javascript.

Answer 520

A zero-day virus

Answer 521

Domain Hijacking is where someone tries to register your domain, access your hosted control panel, and set up a website that is similar to yours.

Answer 522

Bluejacking is hijacking someone's Bluetooth phone so that you can take control of it and send text messages.

Answer 523

Bluesnarfing is when you steal someone's contacts from their Bluetooth phone.

Answer 524

An ARP attack is a local attack that can be prevented by using IPSec.

Answer 525

strcpy can be used for a buffer overflow attack.

Answer 526

An integer overflow inserts a number larger than what is allowed.

Answer 527

An attack that uses the phrase 1=1 is a SQL injection attack.

Answer 528

Input validation and stored procedures can prevent a SQL injection attack. Stored procedures are the best.

Answer 529

Session hijacking is where your cookies are stolen so that someone can pretend to be you.

Answer 530

Typosquatting is where an attacker launches a website with a similar name to a legitimate website in the hope that victims misspell the URL.

Answer 531

Shimming and refactoring are used for driver manipulation attacks.

Answer 532

Digital signatures are susceptible to a birthday attack.

Answer 533

Rainbow tables are pre-computed lists of passwords with the relevant hash in either MD5 or SHA-1

Answer 534

Salting passwords inserts a random value and prevents dictionary attacks, as a dictionary does not contain random characters.

Answer 535

bcrypt and PBKDF2

Answer 536

A brute-force attack is the fastest password attack that will crack any password, as it uses all combinations of characters, letters, and symbols.

Answer 537

An account locked with a low value is the only way to prevent a brute-force attack.

Answer 538

If account lockout is not available, the best way to slow down a brute-force attack is to make the password length longer or to salt passwords.

Answer 539

Using passwords for authentication is more prone to errors as certificates and smart cards don't tend to have many errors.

Answer 540

An evil twin is a WAP that is made to look like a legitimate WAP.

Answer 541

Using an 802.1x authentication switch can prevent an attack by a rogue WAP, as the device needs to authenticate itself to attach to the switch.

Answer 542

A wireless disassociation attack is where the attack prevents the victim from connecting to the WAP.

Answer 543

An attacker needs to be within 4cm of a card to launch an NFC attack.

Answer 544

A pivot is where you gain access to a network so that you can launch an attack on a secondary system.

Answer 545

A vulnerability is a weakness that an attacker could exploit.

Answer 546

A BPA is used by companies in a joint venture and it lays out each party's contribution, their rights and responsibilities, how decisions are made, and who makes them.

Answer 547

A multi-party risk is where someone wins a contract and sub-contracts to a third party who could sabotage your systems.

Answer 548

The is where your intellectual property has been stolen, for example, trade secrets, copyright, and patents.

Answer 549

A MOU is a formal agreement between two parties, but it is not legally binding, whereas a memorandum of agreement is similar but legally binding.

Answer 550

Tokenization is where data is replaced by a stateless token and the actual data is held in a vault by a payment provider.

Answer 551

He has carried out a software licensing compliance violation.

Answer 552

An Interconnection Security Agreement (ISA) states how connections should be made between two business partners. They decide on the type of connection and how to secure it; for example, they may use a VPN to communicate.

Answer 553

Shadow IT would connect their own computers to your network without your consent and could lead to pivoting.

Answer 554

An inherent risk is a raw risk before it has been mitigated.

Answer 555

Creation, use, retention, and disposal.

Answer 556

They work together so that Cyber Threat Intelligence (CTI) can be distributed over HTTP.

Answer 557

We would ensure that nobody in the department carried out both parts of a transaction. For example, we would have one person collecting revenue and another person authorizing payments.

Answer 558

A risk register lays out all of the risks that a company faces; each risk will have a risk owner who specializes in that area and decides on the risk treatment.

Answer 559

Impact assessment is where you evaluate the risk of collecting big data and what tools can be used to mitigate the risk of holding so much data.

Answer 560

Environmental Threat

Answer 561

Job rotation ensures that employees work in all departments so that if someone leaves at short notice or is ill, cover can be provided. It also ensures that any fraud or theft can be detected.

Answer 562

A privacy notice gives consent for data only to be collected and used for one specific purpose.

Answer 563

This is where data is stored, showing only portions of the data; for example you might see only the last four digits of a credit card, as follows: **** **** **** 1232

Answer 564

The are most likely going to be sued by the customer.

Answer 565

It deals with the effectiveness of controls and has limited access as it provides a detailed report about a company.

Answer 566

Mandatory vacations ensure that an employee takes at least 5 days of holiday and someone provides cover for them; this also ensures that fraud or theft can be detected.

Answer 567

He is measuring BIA as the most important factor to avoid is a single point of failure.

Answer 568

The first stage in risk assessment is identifying and classifying an asset. How the asset is treated accessed, or sored is based on the classification.

Answer 569

The Malware Information Sharing Platform provides Open Source Intelligence (OSINT)

Answer 570

This is an example of a functional recovery plan.

Answer 571

A clean desk policy is to ensure that no documents containing company data are left unattended overnight.

Answer 572

This is a code repository that holds information about malware signatures and code.

Answer 573

Someone bringing their own laptop is called BYOD and this is governed by the onboarding policy and the AUP.

Answer 574

An exit interview is to find out the reason why the employee has decided to leave. The information from an exit interview may help the employer improve their working conditions and therefore have a higher retention rate.

Answer 575

MITRE ATT&CK is a spreadsheet that shows group adversaries, which can be drilled down to see the attack methods and tools used by them.

Answer 576

GDPR was developed by the EU to protect an individual's right to privacy.

Answer 577

Gray hat hacker as he is provided limited information.

Answer 578

Tor software, The Onion Router, which has thousands of relays to prevent detection.

Answer 579

This is training for both red and blue teams where they capture a flag when they achieve each level of training. When they have completed all levels, they are fit to become full-blown red or blue team members.

Answer 580

When a risk is deemed too dangerous or high risk and could end in loss of life or financial loss, we would trat the risk with risk avoidance and avoid the activity.

Answer 581

Risk Transference is where the risk is medium to high and you wish to offload the risk to a third party, for example, insuring your car.

Answer 582

Automated Indicator Sharing was invented by the US federal government to exchange data about cyber attacks from the state down to the local level.

Answer 583

27701 was developed as a standard as an extension of 27001/27002 to be used for privacy information management.

Answer 584

Rules of behavior are how people should conduct themselves at work to prevent discrimination or bullying.

Answer 585

IOC informs members of their IT security community of IP addresses, hashes, or URLs where they have discovered newly released malware.

Answer 586

A script kiddie wants to be on national news and TV as they seek fame.

Answer 587

Annual security awareness training advises employees of the risk of using email, the internet, and posting information on social media websites. It also informs employees of any new risks posed since the last training.

Answer 588

Sending an email to everyone who works in your company using your Gmail account is a violation of the AUP and could lead to disciplinary action.

Answer 589

A manufacturing company would carry out a supply chain risk assessment because they need a reputable supplier of raw materials so that they can manufacture goods.

Answer 590

Business impact analysis is just the money; it looks at the financial impact following an event.

Answer 591

The Recovery Point Object (RPO) is the acceptable downtime that a company can suffer without causing damage to the company, whereas the Recovery Time Object (RTO) is the time it takes for the company to return to an operational state - this should be within the RPO

Answer 592

Mean Time to Repair (MTTR) is the average time it takes to repair a system, but in the exam, it could be seen as the time to repair a system and not the average time.

Answer 593

A competitor would seek to damage your production systems and steal your trade secrets.

Answer 594

Criminal syndicates would threaten you and demand payment as they are financially driven.

Answer 595

Mean Time Between Failure (MTBF) is the measurement of the reliability of a system.

Answer 596

SSAE assists CPA in carrying out the auditing of SOC reports.

Answer 597

Single Loss Expectancy (SLE) is the cost of the loss of one item; if I lose a tablet worth $1,000, then the SLE is $1,000.

Answer 598

The Annual Loss Expectancy (ALE) is calculated by multiplying the SLE by the ARO (the number of losses per year). If I lose six laptops a year worth $1,000 each, the ALE would be $6,000.

Answer 599

Embedded electronic systems have software embedded into the hardware; some use SoC. Examples are microwave ovens, gaming consoles, security cameras, wearable technology, Smart TV's, medical devices, such as defibrillators, or self-driving cars.

Answer 600

SCADA systems are industrial control systems used in the refining of uranium, oil, or gas, or the purification of water.

Answer 601

IoT devices

Answer 602

Home automation is where you can control the temperature, lighting, entertainment systems, alarm systems, and many appliances

Answer 603

SoC is a low power integrated chip that integrates all of the components of a computer or electronic system. An example would be the controller for a defibrillator. Think of it as an OS stored on a small chip.

Answer 604

The Real-Time Operating System (RTOS) processes data as it comes in without any buffer delays. The process will fail if it is not carried out within a certain period of time.

Answer 605

Through its network interface.

Answer 606

`They can ensure that the temperature is regulated and the servers remail available. They also know which rooms are occupied based on the use of air conditioning and electricity.

Answer 607

An SoC gives instructions on the steps to take when using a defibrillator; however, if it detects a pulse, it will not send a charge.

Answer 608

Self parking or self driving vehicles.

Answer 609

Unmanned aerial vehicles are drones or small, model aircraft that can be sent t o areas where manned aircraft can not go. They can be fitted with a camera to record events or take aerial photographs; an example of these would be to determine the spread of a forest fire.

Answer 610

A race condition is when two threads of an application access the same data.

Answer 611

The perfect way to set up error handling is for the user to get generic information but for the log files to include a full description of the error.

Answer 612

Input Validation is where data that is in the correct format is validated prior to being inserted into the system. SQL injection, buffer overflow, and integer overflow are prevented by using input validation.

Answer 613

Using stored procedures.

Answer 614

Code singing confirms that the code has not been tampered with.

Answer 615

Obfuscation is taking code and masking the data, making it obscure so that if it is stolen, it will not be understood. XOE and ROT13 could be used for obfuscation.

Answer 616

Dead code is code that is never used but could introduce errors into the program life cycle; it should be removed.

Answer 617

Using a third-party library will help a developer obtain code from the internet to help make an application and get it to market quickly. There are many for Android and JavaScript.

Answer 618

The measured boot logs information about the firmware and application and stores this log in the TPM chips. This can be used to check the health status of the host and anti-malware can check during the boot process that the software is trustworthy.

Answer 619

UEFI is a modern version of the BIOS and is needed for a secure boot.

Answer 620

Checking the integrity of the software as it is being loaded is known as attestation.

Answer 621

It is a centralized console that continuously monitors the computer and makes automatic alerts when a threat has been detected. It uses machine learning.

Answer 622

Fingerprinting is the deep analysis of a host.

Answer 623

A NGFW has the ability to act as a stateful firewall by carrying out deep packet filtering.

Answer 624

Tokenization takes sensitive data, such as a credit card number, and replaces it with random data, so it cannot be reversed. Encryption can be reversed.

Answer 625

We can set the secure flag on the website to ensure that cookies are only downloaded when there is a secure HTTPS session.

Answer 626

HSTS ensures that the web browser only accepts secure connections and prevents XSS.

Answer 627

They will use dynamic code analysis so that they can use fuzzing to test the code.

Answer 628

The Docker tool allows you to isolate applications into a separate space called containers. The registry can now be isolated in a separate container, making it more secure.

Answer 629

Opal is a self-encrypting drive where the encryption keys are stored on the hard drive controller and are therefore immune to a cold boot attack and are compatible with all operating systems. They do not have the vulnerabilities of software-based encryption. As a hardware solution, they outperform software solutions.

Answer 630

Quality assurance is completed during the staging environment where users test the new application with real data.

Answer 631

RAID 5 has a minimum of 3 disks and you can afford to lose one disk without losing data.

Answer 632

RAID 6 has a minimum of four disks.

Answer 633

RAID 5 has single parity and can lose one disk, whereas RAID 6 has double parity and can lose two disks.

Answer 634

A diskless virtual host will get its disk space from a SAN.

Answer 635

A SAN will use fast disks, such as SSD's.

Answer 636

Cloud storage for personal users could be iCloud, Google Drive, Microsoft OneDrive, or Dropbox.

Answer 637

Eradication is where we remove viruses and reduce the services being used. It should be isolated, and this is the containment phase. The virus would be removed in the eradication phase, and then be placed back online. This is the recovery phase.

Answer 638

A simulation is where the IRP team is given a specific scenario to deal with.

Answer 639

This is an aid to help prepare your business against different adversaries. You can drill down from an adversary into the tactics and techniques that they use. You can then take mitigation steps to avoid being attacked.

Answer 640

Adversary, capabilities, infrastructure, and victims.

Answer 641

If they understand their roles and responsibilities, it can make them more effective when disaster happens.

Answer 642

The contents of memory are saved in a dump file and this can be used to investigate the event.

Answer 643

It gives you clear visibility of network traffic patterns and can identify malicious traffic.

Answer 644

An HTTP status code of "200 ok" lets you know that a successful connection has been made.

Answer 645

Playbooks contain a set of rules to enable the SOAR to take preventative action as an event occurs.

Answer 646

It can help load balance the network traffic and provide redundancy if one card fails.

Answer 647

The UPS is basically a battery that is a standby device so that when the computer power fails, it kicks in. It is designed to keep the system going for a few minutes to allow the server team to close the servers down gracefully. It can also be used to clean up the power coming from the National Grid, such as spikes, surges, and voltage fluctuations.

Answer 648

Two Host Bus Adapters (HBA's) on each node will give two separate paths to them.

Answer 649

This would be vendor diversity, so that if one vendor had a disaster, the other would keep providing the broadband.

Answer 650

An incident response plan is written for a particular incident and lays out how it should be tackled and the key personnel required.

Answer 651

-Unauthorized access -Loss of computers or data -Loss of availability -malware attack -DDoS attack -Power failure -Natural Disasters -Cybersecurity incidents

Answer 652

Incident Response Manager Security Analyst IT auditor Risk analyst HR Legal Public Relations

Answer 653

The help desk identifies the incident response plan required and the key personnel that need to be notified.

Answer 654

An incident response exercise is for carrying out the incident response plan and planning for any shortfalls.

Answer 655

The first phase of the incident response is the preparation phase, where the plan is already written in advance of any attack.

Answer 656

The last phase of the incident response process is lessons learned, where we review why the incident was successful.

Answer 657

If we do not carry out lessons learned, the incident may re-occur. Lessons learned is a detective control where we try to identify and address any weaknesses.

Answer 658

This is where we isolate or quarantine an infected machine.

Answer 659

This is where we remove malware and turn off services that we do not need.

Answer 660

This is where we put infected machines back online, restore data or reimage desktops,