Pocket Prep 1

Question 1

Which of the following decouples the network hardware layer from the network control layer?

A. VLAN
B. MPLS
C. SDN
D. VPC

Answer 1

C. SDN

Explanation:
SDN is the virtualization of network technologies that creates a software defined control plane that is decoujpled from hardware.
Virtualizing the control plane enables more flexibility and control in the network management

MPLS (Multiprotocol label switching) is a network protocol used to connect multiple network locations

Question 2

A company wants to enable integration by using middleware to move messages beween unlike services. What type of solution should they adopt for this?

A. LDAP
B. SOA
C. DNS
D. ESB

Answer 2

D. ESB

Explanation:
The Enterprise Service Bus (ESB) is the middleware that handles the communication between software applications in an SOA. Different providers of SDB provide products with varying functionalities

Service Oriented Architecture (SOA) is an approach to building modular, reusable, and interoperable services. DNS is used to translatre domain names to IP addresses

Question 3

A CISO wants to improve security for users on the internal network. They decide to implement a device that can intercept connections between users desktops and the external sites that they visit so they can monitor for malware and filter content. What type of device should they use?

A. Internet gateway
B. Reverse Proxy
C. VPN
D. Forward Proxy

Answer 3

D. Forward Proxy

Explanation:
A forward proxy is also called a transparent, inline, intercepting or forced proxy. It sits between clients and the internet and can be used for such purposes as contennt filtering, caching and anonymity.

Question 4

When it comes to information classification, what is the difference between a Government Classification System and a Commericial Classification System?

A. Government Classification System has an integrity focus, while a Commercial Classification System has a confidentiality focus
B. Government Classification System has a confidentiality focuses, while a Commericial Classification System has an integrity focus
C. Governement Classification System has an availability focus, while a Commercial Classification system has a confidentiality focus
D. Governement Classification System has an availability focus, while a Commercial Classification System has an authentication focus

Answer 4

B. Government Classification System has a confidentiality focuses, while a Commericial Classification System has an integrity focus

Explanation:
The core difference between a Government Classification System and a Commercial Classification System is that Government Classification System has a confidentiality focus, while a Commericial Classification system has an integrity focus

Question 5

A company has a VPN tunnel that a partner organization uses. Sensitive information passes through the tunnel, so the company wants to be sure that a session key cannot be compromised if one of the long term keys is ever compromised. What do they need to implement for this?

A. Password based key derivation 2
B. Authenticated encryption with associated data
C. Key streching
D. Perfect forward secrecy

Answer 5

D. Perfect forward secrecy

Explanation:
Perfect Forward Secrecy (PFS) ensures that even if a threat actor accesses a long term encryption key, they cannot use it to decrypt past or future keys. THis is important because if an attacker could store traffic and later try to decrypt it when the long term key is exposed.

Question 6

From a quantitative risk perspective, when will SLE and AV be equal?

A. When ARO is %100
B. When AV is 50%
C. When EF is 50%
D. When EF is 100%

Answer 6

D. When EF is 100%

Explanation:
AV (asset value) is how much an asset is worth

EF (Exposure factor) is how much a particularly threat could impact a given asset, expressed as a percentage

SLE (Single loss eexpectancy) is the amount of loss expected if an even occurs. The SLE formula is:

SLE = AV x EF

Therefore, SLE will equal AV when EF is 100% because the formula becomes:

SLE= AV x 1.00

Question 7

Which of the following is an open standard that allows users to be authenticated by multiple sites while using the same identity?

A. LDAP
B. RFB
C. SAML
D. OpenID

Answer 7

D. OpenID

Explanation:
OpenID is an open standard and decentralized protocol that allows users to be authenticated by multiple sites.

Question 8

Which of the following is an approach to data zone creation that focuses on attack vectors?

A. Vector oriented
B. Vector enclaves
C. Protectected enclaves
D. Information-centric

Answer 8

A. Vector oriented

Explanation:
A vector oriented approach to data zone creation focuses on attack veoctors that threats in an environment could exploit

Question 9

A company uses a third party certificate based authentication method that ties its identity to the key and verifies its validity. What type of framework are they using to implement this?

A. PKI
B. GPG
C. PGP
D. ECC

Answer 9

A. PKI

Explanation:
Public Key Infrastructure (PKI) is a framework for secure communication in a networked environment. It uses certificate authorities to issue digital certificates after verifying the owners identity

Question 10

Of the following, which is a device that provides Type 1 encryption over otherwise insecure networks?

A. IDS
B. SIEM
C. INE
D. IPS

Answer 10

C. INE

Explanation:
An inline nnetwork encryptor (INE) is a type of 1 encryption device. Type 1 is an NSA term that descruves devices that provide encryption and allow network functionality. INEs are used for securing connections over otherwise insecure networks

Question 11

Which of the following statements about WPA3 is true?

A. It enables the use of Zigbee
B. It uses TKIP
C. It reduces the risk of replay attacks
D. It is less secure than WEP

Answer 11

C. It reduces the risk of replay attacks

Explanation:
WPA3 is a WiFi security standard introduced in 2018. It provides stronger protect against replay attacks than WPA2 and earlier wireless security protocls

Zugbee is a wireless communication protocol that is nnot enabled by using WPA3

Question 12

What rating does a CVSS 3.1 score of 9.0 have?

A. High
B. Critical
C. Severe
D. Medium

Answer 12

B. Critical

Explanation:
Critical 9.0-10.0
High 7-8.9
Medium 4.0-6.9
Low 0.1-3.9n

Question 13

What denial of service attack involves to use of spoofed ICMP packets that use the targets address as the source of a broadcast message?

A. Ping of death
B. Syn flood
C. Land
D. Smurf

Answer 13

D. Smurf

Explanation:
Smurf attacks are a type of DoS attack that involve the attacker sending an ICMP packet that uses the targets address as the source of a boradcast message. THis leads to the target being spammed with broadcast responses and potentially exhausting its resources

Question 14

How many bits of AES encryption does the personal version of WPA3 use?

A. 4096
B. 2048
C. 192
D. 1024

Answer 14

C. 192

Explanation:
Both the enterprise and personal version of WPA3 enable the use of 192 bit AES encryption

Question 15

Which of the following is a patented block cipher that was considered as a replacement for DES, but patent royalties limited its adoption?

A. IDEA
B. AES
C. 3DES
D. CMDB

Answer 15

A. IDEA

Explanation:
IDEA (international data encryption algorithm) is a block cipher patened by a Swiss company. IDEA was considered as a replacement for DES, but the patent royalties limited its adoption. AES has emerged as a popular replacement for DES.

Question 16

Which of the following is a non automated response method to attacks?

A. IPS
B. SOAR
C. SCAP
D. DRP

Answer 16

D. DRP

Explanation:
A Disaster Recovery Plan is a document with steps that should be followed to recover from an incident. This is a non automated method.

Question 17

What set of IEE standards provides specifications like supported frquency bands and data rates for WiFi networks?

A. 802.1x
B. 802.11
C. RFC 5424
D. RFC 3164

Answer 17

B. 802.11

Explanation
The IEEE 802.11 standards provide specifications for how WiFi networks work. For example, 201.11ax defines support frequency bands and data rates WiFi 6/6E

Question 18

How can eFuse be used to improve the security of a mobile device?

A. By encrypting all data on a mobile device
B. By altering the hardware of a mobile device in real time
C. By remotely wiping data on the device when it si replaced as lost or stolen
D. By allowing firmware and software to be upgraded wirelessly

Answer 18

B. By altering the hardware of a mobile device in real time

Explanation:
The technology of eeFusee allows for hardware to be reconfigured so that it cannot be used. This can be useful if it has been determined that a device has been tampered with.

Question 19

What built in tool does Windows have for filter integrity monitoring?

A. SFC
B. Tripwire
C. Task Manager
D. CHKDSK

Answer 19

A. SFC

Explanation:
The System File Checker (SFC) tool checks and verifies the system files on a Windows computer. It can replace corrupted files with their correct versions

Tripwire is a third party tool for file integrity monitoring. Task Manager is a Windows utility for managing and monitoring system resources

Question 20

Which of the following is an open XML based standard for exchanging identity management information that uses components such as request authority, a provisioning service provider, and a provisioning service target?

A. SOAP
B. XACML
C. OAUTH
D. SPML

Answer 20

D. SPML

Explanation:
Service Provisioning Markup Language (SPML) is an open standard for exhcnaging identity management information

Question 21

A security analyst wants to enumerate information about nodes on a subnet by gathering the data that passes through it. What type of tool should they use for this?

A. HTTP Interceptor
B. Network traffic analyzer
C. Password cracker
D. FPGA

Answer 21

B. Network traffic analyzer

Explanation:
A network traffic analyzer is a tool that can enumerate the network. It can use protocols such as ICMP and SNMP to find information about hosts on the network

Question 22

Which of the following is an approach to data zone creation that focuses on implementing controls based on the importance and sensitivity of the data in a given area?

A. Protected enclaves
B. Vector oriented
C. Information centric
D. Vector enclaves

Answer 22

A. Protected enclaves

Explanation:
A protected enclaves approach to data zone creation focuses on implementing controls based on the importance and sensitivity of the data in a given area. Examples of controls related to protected enclaves include VLANs, firewalling, microsegmentation and VPNs

An information centric approach to data zone creation focuses on placing control on data. Examples of controls related to an information centric approach include application and network controls

Question 23

What does WPA3 use to mitigate the risk of offline password attacks?

A. 802.11b
B. SAE
C. STARTTLS
D. SSID Redundancy

Answer 23

B. SAE

Explanation:
WPA3 uses Simultaneous Authentication of Equals (SAE) to mitigate the risk of offline password attacks against WIFI networks

STARTTLS is a command used to initiate encrypted network communications

Question 24

Which of the following is one of the primary issues with symmetric encryption?

A. It only provides authentication
B. It is not as fast as asymmetric encryption
C. It only provides confidentiality
D. Ciphertext cannot be decrypted

Answer 24

C. It only provides confidentiality

Explanation:

Question 25

Of the following, which is the correct syntax for a set of rules that will allow all IP traffic from source device 192.168.5.1 toward destination device 10.6.6.6?

A. access-list 101 10.6.6.6 permit IP 192.168.5.1
B. access-list 101 permit 192.168.5.1 10.6.6.6 IP
C. access-list 101 10.6.6.6 192.168.5.1 IP permit
D. access-list 101 permit IP 192.168.5.1 10.6.6.6

Answer 25

D. access-list 101 permit IP 192.168.5.1 10.6.6.6

Explanation:
Firewall rules are created to allow only permitted traffic to come through the network; the rest of the traffic is blocked. The rules are applied from left to right or top to bottom, depending on how they are written. The first rule that matches the traffic overrides all the rules after it

Question 26

The team has just finished implementing a storage solution that networks high capacity drives on a private network using a dedicated switch. What type of storage implementation is this?

A. SAN
B. NAS
C. Virtual storage
D. Cloud storage

Answer 26

A. SAN

Explanation:
A storage area network, or SAN, is a network of high capacity storage devices connected by a high speed private network using a storage specific switch.

Question 27

A user reports that a web servers ceretificate has expired, although the certificate is still within its validity period. What could be cuasing this issue?

A. Server needs to be restarted
B. The certificate is self signed
C. Wrong date and time on the computer
D. Root CA is invalid

Answer 27

C. Wrong date and time on the computer

Explanation:
One of the most common reasons for this error is that the device has the wrong date and time. Have the user check that their system date is correct

Question 28

A PKI must validate that an entitty claiming to have the key is a valid entity using the certificate. Certificates can be issued to:

A. People and organizations
B. Web browsers
C. Certificate authorities
D. Registration authorities

Answer 28

A. People and organizations

Explanation:
A PKI issues a certificate to entities such as a person, a hardware device, a department or a company. A digital certificate provides an entity, usually a user, with the credentials to prove their identitiy with a public key.

Question 29

The company asks you to identify the key systems and services the organization would have to bring online to support business in the event of a disaster. Which of the following should you perform?

A. BIA
B. DRP
C. RPO
D. RTO

Answer 29

A. BIA

Explanation:
A business impact analysis is a process that identifies the critical functions and systems that must be restored in the event of a disaster

Question 30

At what stage of the Microsoft Key Lifecycle are key object attributes set?

A. Creation
B. Initialization
C. Active
D. Full distribution

Answer 30

B. Initialization

Explanation:
1. Creation - When the keey is created
2. Initialization - Attributes set on key objects
3. Full Distribution - Key made available to domain controllers
4. Active - Key is initialized for use
5. Inactive - Key is deactivated and no longer available for use
6. Terminated - Deletion from all domain controllers

Question 31

An executive needs to digitally sign a message to ensure authenticity, nonrepudiation and integrity. What is the first step in the digital signature process that they need to perform?

A. Decrypt a hash value from their public key
B. Encrypt the data with the senders private key
C. Attach the senders private key to the message
D. Obtain a hash value of the data to be signed

Answer 31

D. Obtain a hash value of the data to be signed

Explanation:
A digital signature is an encrypted hash value that has been encrypted by the senders private keys and is meant to ensure authenticity and integrity. The first stpe in this example is to create a hash value

Question 32

Management has requested a solution that will connect an in house Java application with another internally developed .NET solution in order to provide a front end to sales that incorporates the data into a cohesive front end.

Of the following, which solution would you recommend?

A. GRC
B. CRM
C. ESB
D. SOA

Answer 32

C. ESB

Explanation:
An ESB (enterprise service bus) is a type of midddleware abstraction layer that is used to enable communication between different services ini an SOA (Service oriented architecture)

Question 33

How many keys are needed if 6 people need to communicate using symmetric encryption?

A. 2
B. 6
C. 60
D. 15

Answer 33

D. 15

Explanation:
The formula to calculate how many keys are needed for symmetric encryption is n(n-1) / 2

Where n = the number of enetities that requires a key

Question 34

A company wants to ensure that users’ systems do not reconfigure their systems to be less secure. Which type of tool can they use for this?

A. ActiveX
B. Honeypot
C. Dynamic network configuration
D. SCAP Scanner

Answer 34

C. Dynamic network configuration

Explanation:
A dynamic network configuration tool can be used to confirm that user have not overridden the configurations of their systems.

Question 35

Of the following, which is a document a supplier uses to provide an approximate cost for products and services?

A. RFQ
B. RFP
C. MOU
D. SLA

Answer 35

A. RFQ

Explanation:
An RFQ (request for quote) is a document a supplier provides that includes an approximate cost for products or services. RFQs are a key part of the bidding process

RFP (Request for proposal) documents outline a buyers requirements for a supplier to fulfill

Question 36

A security researcher wants to share ifnormationn about a vulnerability in some softwaree that they have discovered. What language should they use to share the technical details of the vulnerability in a way that security tools and services can interpret it?

A. SQL
B. OVAL
C. SAML
D. NLP

Answer 36

B. OVAL

Explanation:
The Open Vulnerability and Assessment Language (OVAL) is a standard method for transferring security information. It is one part of the Security Content Automation Protocol (SCAP)

Question 37

Bob is a citizen in the European Union. The companys website collects Bob’s personal data and has it processed by Third Party Processing LLC. Third Party Processing LLC processes the data based on the companys specific instructions.

Under GDPR, what term describes the company?

A. Data classifier
B. Data subject
C. Data processor
D. Data controller

Answer 37

D. Data controller

Explanation:
GDPR is an EU data privacy law that grants data subjects multiple rights and enforces data security and privacy requirements related to how organizations handle data belong to citizens of the EU

Question 38

What DoS attack involves the use of oversized packets and fragmentation?

A. Ping of death
B. Smurf
C. SYN Flood
D. Land

Answer 38

A. Ping of death

Explanation:
Ping of death is a DoS attack that sends overside packets using fragmentation

Smurf attacks are a type of DoS attack involve that attacker sendinng an ICMP packet that uses the targets address as the source of a broadcast message.

Question 39

A company needs a secure confined space which is completely protected from electronic surveillance and unauthorized access. Which technical specification should they follow to achieve this type of space?

A. SCIF
B. CPTED
C. ATT&CK
D. RIPEDM

Answer 39

A. SCIF

Explanation:
Sensitive Compartmented Information Facilities (SCIF) is a technical specification from the National Counterintelligence and security center (NCSC)

Question 40

All of the following are advantages of using REST/JSON over SOAP/XML EXCEPT:

A. REST/JSON is less bloated
B. REST/JSON supports transactional services
C. REST/JSON makes it easier to parse data
D. REST/JSON has interfaces that are easier to implement

Answer 40

B. REST/JSON supports transactional services

Explanation:
REST/JSON supports transactional services.

REST/JSON and SOAP/XML are both web service protocols, but have different advantages. SOAP is more complex and is preferred in transactional services such as banking

Question 41

A company wants to proactively track the risks that impact their business. What type of tool can they use that records their assets, vulnerabilities, and eefforts to address vulnerabilities and the results of those efforts?

A. DRP
B. Gap Analysis
C. Risk Register
D. BCP

Answer 41

C. Risk Register

Explanation:
A risk register is a document or a spreadsheet that keeps track of each risk as it occurs. It is used continually throughout the risk management life cycle.

Question 42

What Linux command line tool is used to compute fuzzy hashes (also known as context triggered piecewise hashes)?

A. sha256sum
B. ssdeep
C. netstat
D. lsof

Answer 42

B. ssdeep

Explanation:
The ssdeep tool creates computes fuzzy hashes (also known as context triggered piecewise hashes) that are useful for simple and fast file identification use cases.

Question 43

What is SCAP?

A. A secure file transfer protocol
B. A protocol that standardizes vulnerability and compliance management
C. A markup language similar to XML
D. An organization that defines Internet standards related to web security

Answer 43

B. A protocol that standardizes vulnerability and compliance management

Explanation:
A protocol that standardizes vulnerability and compliance management

The Security Content Automation Protocol (SCAP) combines multiple specifications to help standardize and automate manage security vulnerabilities and compliance

Question 44

Which authentication protocol sends credentials in cleartext?

A. MS-CHAP
B. CHAP
C. EAP
D. PAP

Answer 44

D. PAP

Explanation:
Password authentication protocol (PAP) provides authentication but is insecure because it transmits credentials such as username and password in cleartext, which is easily located with network sniffers

Question 45

Which of the following is a technique that updates routing tables to drop unwanted traffic before it reaches a destination network?

A. Port security
B. RTBH filtering
C. Reverse proxy
D. Multihoming

Answer 45

B. RTBH filtering

Explanation:
RTBH (remotely triggered black hole) filtering is a router security technique that updates routing tables to drop unwantyed traffic before it reaches a destination network.

Question 46

A company wants to implement APIs to better connect with consumers. All of the following are security issues they should be aware of when managing these APIs except:

A. Authenticattion
B. Response formats
C. Authorization
D. Data scoping

Answer 46

B. Response formats

Explanation:
Using APIs to let clients can open up vulnerabilities. However, response formats, such as JSON or XML are not related to security

Question 47

A company issues mobile devices to users and they want to prevent unauthorized deactivation of features. All of the following can help them achieve this goal EXCEPT:

A. Disabling discovery mode in Bluetooth
B. Disabling FDE
C. Disabling installation of apps from unknown sources
D. Enabling automatic updates

Answer 47

B. DIsabling FDE

Explanation:
An unauthorized deactivation of features can occur if a device is compromised by an attacker. FDE is used to increase security in case a device is lost or stolen

Question 48

What Linux command line tool is used to compute fuzzy hashes (also known as context triggered piecewise hashes)?

A. lsof
B. sha256sum
C. netstat
D. ssdeep

Answer 48

D. ssdeep

Explanation:
The ssdeep tool creates computers “fuzzy hashes” that are useful for simple and fast file identification use cases

Question 49

What does the following iptables command do?

‘iptables -F’

A. Deletes every iptables rule in the chain
B. Displays the iptables help page
C. Reloads iptables rules
D. Blocks ICMP traffic

Answer 49

A. Deletes every iptables rule in the chain

Explanation:
iptables is a popular open source firewall used on many linux systsms
A list of iptables rules on a system is called a chain. The -F option deletes or flushes a rule(s) in the iptables chain

Question 50

A companys SOC is investigating an ongoing incident and discovered Emotet commodity malware on several endpoints. What type of threat intelligence does this discovery represent?

A. Tactical threat intelligence
B. Operational threat intelligence
C. Strategic threat intelligence
D. Threat actor intelligence

Answer 50

A. Tactical threat intelligence

Explanation:
Tactical intelligence is more tightly focused on specific incidents and here and now information. It includes information like the discovery of a specific type of malware during an incident

Operational intelligence aims to keep business activities running normally, identify risks that threaten an organization before they become a security incident, and involves proactive tasks like threat hunting.

Threat actor intelligence is not one of the 3