Pocket Prep 3 Flashcards
Under GDPR, what does data ownership entail?
A. Only responsibility for data
B. Responsibility for and possession of data
C. Only possession of data
D. Responsibility for, encryption of, and posession of data
B. Responsibility for and possession of data
Explanation:
Data ownwership refers to both possession and repsonsibility. While encryption is important for maintaining privacy, data ownership does not inherently imply encryption
Which of the following is the code that results from compiling source code from a high level lanaguage like Java and is the intermeediary between machine code and source code?
A. Byte
B. Script
C. Unknown environment
D. Object oriented
A. Byte
Explanation:
Byte code is the intermediary code that results from compiling source code.
Script code is a generic term for code in a script file. Computer scripts are written in scripting languages like Bash, Python and Powershell
Object oritented programming is a type of programming where code is using data objects
Which of the following is NOT a default SMTP port?
A. 645
B. 25
C. 587
D. 465
A. 645
Explanation:
The default port for SMTP is 25. Versions of SNMP that uses SSL/TLS use ports 587 and 465. 645 is not a default SMTP port
In TPM, which type of key is stored in persistent memory and is installed by the manufacturer?
A. Storage key
B. SRK
C. AIK
D. EK
D. EK
Explanation:
A Trusted Platform Module chip provides services for protecting keys and encrypting drives. The Endorsement Key (EK) is installed by the manufacturer and contains a public/private key pair
Software may, at times, have functionality that is not initially enabled. This is done so that the service is not available to an attacker unless the user enables functionality. What type of security principle does this illustrate?
A. Security by default
B. Security by design
C. Security by accident
D. Security by deployment
A. Security by default
Explanation:
Security by default means that, without changes, a system uses secure settings. For example, some server products have plaintext network protocols like FTP and HTTP disabled by default.
Security by design deals with security principles being incoludeed in the coding and design of a systems
Which technology provides a system with a separate CPU that keeps the system protected even if the kernel is compromised?
A. Secure enclave
B. ASLR
C. TPM
D. XN bit
A. Secure enclave
Explanation:
A secure enclave is a part of a system that cannot be compromised even if the operating system kernel is comprmised. It aims to minimize the amount of time that data is unencrypted when it is being used.
Which of the following is one of the primary issues with symmetric encryption?
A. Key management
B. Speed
C. Reliability
D. Ciphertext cannot be decrypted
A. Key management
Explanation:
The three primary issues with symmetric encryption:
- Key Distribution - Symmetric encryption requires shared keys that encrypt plaintext and decrypt ciphertext to be distributred over a securre out of band channel to remain secure
- Key Management - As the number of participants that need to exchange keys increases with symmetric encryption, key management gets more complex.
- Only provides confidentiality
Which of the following tools is used fo reverse engineering software?
A. Metasploit
B. Nessus
C. diStorm3
D. Burp Suite
C. diStorm3
Explanation:
There are many software tools to help reverse engineer software, such as Apktool, dex2jar, diStorm3, edb-bugger
A security analyst is looking at a routers firmware to see if there are any vulnerabilities on backdoors. What tool should they use for analyzing this?
A. Ghidra
B. Binwalk
C. Foremost
D. ssdeep
B. Binwalk
Explanation:
Binwalk is a tool in Linux that is used for searching, analyzing and reverse engineering firmware images. It is useful for checking the security of network and IoT devices.
Hex Dump is a tool for analyzing binary data in a user specified format. Foremost is a tool for recovering files from a drive. The ssdeep utility is used for computing hashes
Which is a bidding process document issued by an organization that outlines their requirements for a supplier to potentially fulfill?
A. RFP
B. MOU
C. ISA
D. SLA
A. RFP
Explanation:
An RDP (request for proposal) is a bidding process document an organization issues that outlines their requirements for a supplier. It details the specifics of a product or service the organization wants to purchase. Suppliers use the RFP as a guideline for submitting a formal proposal
What advantage does ECC have over RSA?
A. Ability to use larger key sizes
B. Reduced storage and transmission requirements
C. Combability with older hardware
D. Greater level of security
B. Reduced storage and transmission requirements
Explanation:
The primary benefit of ECC is its efficient. It can use smaller key sizes but still have the same security level as RSA
‘
RSA is able to use large key sizes, has good compatibility with older systems, and has comparable levels of security to ECC
A company has numerous compensating controls on users endpoint devices. They now want to add more controls that monitor the whole network. Which of the following technologies will help them with that?
A. Host based firewall
B. EDR
C. HIDS
D. EUBA
D. EUBA
Explanation:
User and Entity Behavior Analysis (UEBA) is a technique for detecting anomalies on a network. For example, an increase in traffic above normal levels could indicate a threat.
Endpoint Detection Response, Host Based Intrusion Detection Systems and host based firewalls run on end user systems
Which is NOT a single protocol but a framework for port based access control?
A. EAP
B. PAP
C. CHAP
D. RDP
A. EAP
Explanation:
Extensible Authentication Protocol (EAP) is not a single protocol but a suite, or framework, for port based access control.
Which type of encryption simultaneously assures confidentiality and authenticity of data?
A. Hash based message authentication code
B. AES
C. DES
D. Authentication encryption with associated data
D. Authentication encryption with associated data
Explanation:
Authentication Encryption with Associated Data (AEAD) encrypts data with a symmetric key and generates an authentication tag that can verify the data’s authenticity.
What authentication protocol involves the server sending a random string to request authentication and the client encrypting that string with a password?
A. PAP
B. PEAP
C. EAP
D. CHAP
D. CHAP
Explanation:
Challenge Handshake Authentication Protocol involves the server sending a random string to request authentication and the client encrypting that string with a password. The client then sends the encrypted string back to the server. If the server can decrypt the string successfully with the password, authentication is successful
A company wants to have granular control over applications that run on mobile devices. What type of solution enables this?
A. MFA
B. MAM
C. NFC
D. HSM
B. MAM
Explanation:
Mobile Application Management is a software that secures the mobile environment on devices used for business purposes. It allows IT admins to enforce corporate policies on these devices
A company has released a new web application. However, when a user accesses a certain link, an error message is generated that mentions the web applications platform. What type of issue should be addressed in this situation?
A. Poor exception handling
B. Broken Authentication
C. Unsecure references
D. Improper headers
A. Poor exception handling
Explanation:
When a web application in production encounters an error, it should have a default error page that does not give public users any insight into the underlying architecture of the application. Detailed error information should only be shown in development environments
An attacker has embedded themselves between two communicating devices within a companys network. He impersonates each device to the other in an attempt to change and eavesdrop on communications
What type of attack is this?
A. Reverse engineering attack
B. Meet in the middle attack
C. On path attack
D. Factoring attack
C. On path attack
Explanation:
On path attack, known previously as man in the middle is when an attacker eavesdrops on communications and changes their content. During the execution of this attack, an attacker pretends to be one of the parties in the communication.
Diffie Hellman is highly vulnerable to on path attacks
A factoring attack attempts to break down, or factor, the large numbers that the RSA algorithm uses to protect and encrypt the data. It is this resistance to detection that makes the asymmetric algorithms like RSA function, but, ultimately, devices like quantum computing may render them obsolete. This is due to the ability to factor the numbers at impossibly fast speeds, enabling the algorithms to be cracked quickly with ease
A company is considering options for their data classification, labeling and tagging. They want to implement a standard from an attribute based access control system that is decoupled from the application or local machine. Which solution will help with this?
A. XUL
B. XSS
C. XSLT
D. XACML
D. XACML
Explanation:
The eXtensible Access Control Markup Language (XACML) is an XML based language for access control policies. It can be used to exchange access control policies between different systems
Which of the following is an XML based protocol specification that web services use for one way transmission between endpoints?
A. LDAP
B. SOAP
C. COBOL
D. SSH
B. SOAP
Explanation:
Web servers typically use Simple Object Access Protocol (SOAP) to exchange structured information. SOAP uses Extensible Markup Language (XML) , which is insecure by itself, but when implemented with Web Services Security, can provide additional security for web services. WS Security has three primary mechanisms to provide integrity: SOAP message signing, encrypting the SOAP message signing, encrypting the SOAL messages for confidentiality, and attaching security tokens to ensure a senders identity is genuine
Bob is a security engineer at Acme Inc. He deploys a network of partially vulnerable machines to distract attackers from his production networks. What term best describes the network Bob deployed to distract attackers?
A. Honeypots
B. Honeynets
C. SAST box
D. CMDB
B. Honeynets
Explanation:
A honeynet is a partially vulnerable network for baiting or distracting attackers from a real network
A honeypot is a vulnerable system deployed with the intent of attracting attackers. Honeypots arte common tools in security research
A payment processing company and a data storage company draft a formal agreement specifying they will use standards based communication and support specific transaction codes to ensure their systems work properly together. This agreement is an example of which of the following?
A. IA
B. ISA
C. MOU
D. SLA
A. IA
Explanation:
An interoperability agreement is a formal agreement between two or more organizations defining technical information like communications protocols and how the businesses work together
All of the following are relevant information sources for day to day security threats except:
A. NIST
B. NSA
C. CISA
D. Microsoft
A. NIST
Explanation:
The National Institute of Standards and Technology (NIST) website provides standards and guidelines for various aspects of technology and security, but does not provide real time information on cyber threats
What are the four basic components of the DIamond Model of Instrusion Analysis?
A. Reconnaissance, Exploitation, Command and Control, Acttions on Objectives
B. Reconnaissance, Weaponization, Delivery, Exploitation
C. Collection, Command and Control, DIscovery, Evasion
D. Adversary, Infrastructure, Capabilities, Victim
D. Adversary, Infrastructure, Capabilities, Victim
Explanation:
The Diamond Model of Intrusion Analysis focuses on the relationships and characteristics of four components to understand threats and intrusions. It considers each step that an attacker takes as using one of their capabilities against the victims infrastructrure in order to meet their objective
A company has a Linux system that has its file system corrupted. They want to recover some important image files from this system. Which tool should they use to accomplish this?
A. ExifTool
B. Strings
C. Ghidra
D. Foremost
D. Foremost
Explanation:
Foremost is a Linux based file carving tool used to recover datal. Foremost is primarily used to recover images from hard drives and iPhones
Strings is used to find text strings. Ghidra is a reverse engineering tool. ExifTool is for reading and writing metadata
There are multiple one way hashing algorithms used for cybersecurity use cases, including password verification and validation of file integrity. Of the following, which is NOT one of the common hashing methods?
A. ARGON2
B. bcrypt
C. SHA
D. AES
D. AES
Explanation:
Advanced Encryption Standard (AES) is used for data encryption, not creating one way hashes.
SHA, bcrypt, and ARGON2 are all one way hash algorithms
A Linux systems administrator wants to monitor how a process interacts with other processes and the kernel. Which tool lets them do this?
A. ldd
B. strace
C. objdump
D. readelf
B. strace
Explanation:
The srace tool is used in Linux to trace system calls made by a process. It is used to isolate bugs, do sanity checks, and detect race conditions
What is the formula to calculate SLE?
A. SLE = AV x ARO
B. SLE = AV x EF
C. SLE = EV x ARO
D. SLE = ALE x ARO
B. SLE = AV x EF
Explanation:
The SLE (single loss expectancy) formula is:
SLE = AV x EF
Asset value indicates the value of an asset. Exposure Factor indicates tthe percent of value lost if the event occurs
A company is looking to improve the resiliency of its website. They already have a cluster of load balanced servers. They now want to build in logic that can help the cluster better react to changes in the environment in real time. What type of solution should they implement?
A. Distributed allocation
B. Course of action orchestration
C. Runbooks
D. Steganalysis
B. Course of action orchestration
Explanation:
Course of action orchestration is used to automate entire workflows. It can be used to address changing workflows.
Distributed allocation referes to locating critical assets in different locations. Runbooks are step by stpe instructions for IT teams to follow during incidents.
As a security engineer at Acme Inc, you have been tasked with implementing a solution that will detect an unidentified device connects to your wireless network. Which of the tools below offers the BEST solution?
A. HIDS
B. WIDS
C. WAF
D. SSH
B. WIDS
Explanation:
A WIDS is like an NIDs for wireless networks. A wireless intrusion detection systemn can detect and alert when an unidentified wireless device connects to a wireless network.
Which of the following pieces of information should a security administrator use SCAP to obtain?
A. DNS Records
B. IP Addresses to MAC address mappings
C. Percentage of guests accounts disabled
D. SNMP Traps
C. Percentage of guests accounts disabled
Explanation:
Security Content Automation Protocol (SCAP) is used to automate processes like compliance and vulnerability management. Percentage of guest accounts enabled across an organization is an example of information security administrators can obtain using SCAP.
What is a security consideration that needs to be taken into account with regards to a CAN bus?
A. Inability to implement physical controls
B. Lack of encryption
C. Dependency on host computers security controls
D. Vulnerabilities with CPU virtualization support
B. Lack of encryption
Explanation:
A Controller Area Network (CAN) bus is a protocol for devices to communicate without a host computer. It is a low level protocol designed to be fast and does not support encryption
A device using CAN can implement its own physical security controls. A CAN device does not use a host computer. CAN devices are used for specific purposes, so they do not need that virtualization support
A company wants to secure 3 subdomains: dev.acme.com, qa.acme.com and prod.acme.com with the same digital certificate. What type of certificate do you recommend they use?
A. CRL
B. Multidomain
C. CA
D. Wildcard
D. Wildcard
Explanation:
A wildcard certificate is useful for multiple subdomains, but not multiple domains.
How many keys does asymmetric encryption use?
A. 2
B. 1
C. 3
D. 64
A. 2
Explanation:
Asymmetric eencryption uses 2 keys, a public and a private key. Symmetric encryption uses 1 shared key
You have been tasked with reporting on all the different potential threats to a company’s internal file server. As a part of this task, you were asked to include the potential monetary impact for each individual threat occurrence. What should you do?
A. Determine the ALE for each threat occurrence
B. Determine the SLE for each threat occurrence
C. Determine the ARO for each threat occurrence
D. Determine the exposure factor for each threat occurrence
B. Determine the SLE for each threat occurrence
Explanation:
Which of the following is one of the primary issues with symmetric encryption?
A. Key distribution
B. Lack of shared keys
C. Ciphertext cannot be decrypted
D. Plaintext cannot be encrypted
A. Key distribution
Explanation:
Three problems with symmetric:
1. Key Distribution - symmetric encryption required shared keys that encrypt plaintext and decrypt ciphertext to be distributed over a secure out of band channel to remain secure
Key Management - As the number of participants that need to exchange key increases with symmetric encryption, the key management gets significantly more complex
3. Only provides confidentiality - Symmetric encryption provides confidentiality, but does not provide authentication like asymmetric encryption does
Which of the following is an advantage of a third party security assessment compared to a self assessment?
A. Flexibility
B. Continuous Improvement
C. Cost savings
D. Objectivity
D. Objectivity
Explanation:
Self assessment can be biased. Third party assessments are periodically required for their objectivity and because they give better results
Which process shouold occur whenever an application receives data from a third party?
A. Regression testing
B. Input validation
C. Client Side Processing
D. VM Escape
B. Input validation
Explanation:
Whenever an application takes data from an external source, the data should be validated and sanitized.
Which of the following is a standard type of HTTP header?
A. GET
B. API
C. Response
D. POST
C. Response
Explanation:
An HTTP response header is a header sent from a server to a client that includes details like file size.
A company is trying to implement data loss prevention. They want a solution that will monitor traffic as it leaves the network and decrypt any encrypted data to inspect it. What type of solution will enable this?
A. DPI
B. External media blocking
D. DRIM
D. Watermarking
A. DPI
Explanation:
Deep Packet Inspection can be used to inspect data at the edge of a network to make sure that sensitive data does not pass through. If the data is encrypted, it will need the decryption key and this analysis can slow down traffic
A company wants to securely hash passwords by using a salt to guard against rainbow table attacks. Which solution should they implement for this?
A. Bcrypt
B. SHA
C. HMAC
D. MD
A. Bcrypt
Explanation:
Bcrypt is used for hashing passwords and it uses a salt to protect against rainbow table attacks. A salt is a random data value added to input before it is hashed.
What type of error can occur if a website visitor leaves out the www part of a URL if that part is included in the digital certificate?
A. Name mismatch
B. Certificate signed by unknown server
C. Certificate not issued by a trusted certificate authority
D. Wrong certificate type
A. Name mismatch
Explanation:
A name mismatch can occur if the cert name does not match the site it was meant to protect. This can be addressed by having a certificate that covers the different domain names thast users will access the site by
Which of the following storage media is the least volatile?
A. Routing tables
B. Registers
C. Disk
D. Physical Configurations
D. Physical Configurations
Explanation:
1. Cache Registers
2. Routing tables
3. Temp file systems
4. Disks
5. Remote logging data and monitoring data
6. Physical configurations
7. Archival Media
How can the trust model for CAs be described?
A. Federated identity
B. Hierarchical
C. Web of trust
D. Proof of work
B. Hierarchical
Explanation:
Certificate Authorities use a hierarchical trust model which uses subordinate/intermediate CAs. The top level of the hierarchy is a root CA, which is the most trusted entity and is self signed
An attacker has gained access to a LAN with virtual machine hostsl They gain access to a virtual machine running in a type 1 hypervisor and exploit it to run malicious code on the hypervisor.
What type of attacks is this?
A. VM Escape
B. Hyperjacking
C. DoS
D. VM Insertion Attack
B. Hyperjacking
Explanation:
A hyperjacking attack occurs when a guest operating system is able to break out from the encapsulation provided by a type 1 hypervisor and interact with the host directly. Comparable attacks against the type 2 hypervisors are called VM escape attacks
What process protects an LDAP server from LDAP injection?
A. Input validation
B.Sandboxing
C. Code Signing
D. Cross certification
A. Input validation
Explanation:
LDAP Injection involves entering metacharacters into queries to change the behavior and response of the LDAP server. This can be addressed by properly validating and sanitizing input to LDAP servers
What is the difference between a runbook and a playbook?
A. Playbooks deal with responses to a larger issue; runbooks define a specific process.
B. Nothing; they are the same
C. Runbooks deal with responses to a larger issue; playbooks define a specific process
D. Runbooks are written in Python; playbooks are written in Java
A. Playbooks deal with responses to a larger issue; runbooks define a specific process.
Explanation:
Playbooks deal with responses to larger issues; runbooks define a specific process
Playbooks are larger in scope than runbooks. Specifically, playbooks deal with responses to larger issues; runbooks define a specific process.
A video recording company wants to use a integrated chip that is specifically designed for the type of video compression software they will use. What type of embedded technology should they use?
A. FPGA
B. SoC
C. ASIC
D. PLC
C. ASIC
Explanation:
An Application Specific Integrated Circuit (ASIC) is a chip that is specially designed for one specific purpose This is is the most efficient technique to use when the end purpose for the circuit will not change
A business needs to create hashes of an application they offer for partnering companiesl IN addition, the hash value should be password protected. What type of solution will enable this?
A. RIPEMD
B. HMAC
C. POLY1305
D. MD6
B. HMAC
Explanation:
Hash Based Message Authentication Code (HMAC) can be used to create a hash that also needs a password. This adds an extra layer of authentication
Which of the following is a hash function that can replace MD4- and is used as SHA256 alternative on the BItcoin blockchain?
A. RIPEMD-160
B. MD5
C. AES
D. DES
A. RIPEMD-160
Explanation:
RIPEMD (RACE integrity primititives evaluation message digest) is a hashing function used in Bitcoin. The original RIEPMD has been strengthened by multiple later variants including RIPEMD-169
A disgruntled employee had access to a virtual machine running in a type 2 hypervisor and proceeded to gain administrator access on the host operating system. What type of attack is this?
A. Privilege Escalation
B. Insertion
C. DoS
D. Sideloading
A. Privilege Escalation
Explanation:
PrivEsc attack occurs when a user gains high level privileges thran they are authorized to have
Which of the following is true about data sovereignty?
A. Data sovereignty is determined by the data’s transmission medium
B. Under GDPR, data sovereignty and data ownership are equivalent
C. Data sovereignty is determined by the data’s source
D. Data sovereignty is determined by where the data is physically stored
D. Data sovereignty is determined by where the data is physically stored
Which extension to an X.509 cert allows for specifying additional host names for a single SSL/TLS certificate?
A. SAN
B. CN
C. Subject unique identifier
D. Validity
A. SAN
Explanation:
The Subject Alternative Name (SAN) extension is used often in SSL/TLS. It allows for securing multiple hostnames with a single cert
Which of the following is NOT a potential security issue related to a single hypervisor based platform hosting virtual machines for multiple tenants from different organizations?
A. Improper separation of duties can lead to a security breach
B. Physical access to a server may enable access to virtual machines
C. Misconfigurations can impact all tenants
D. Tenants’ applications are not logically isolated from one another
D. Tenants’ applications are not logically isolated from one another
Explanation:
Applications running in different virtual machines run in operating systems that are logically isolated from one another. However, there are a variety of other potential security issues related to a single hypervisor based platform hosting virtual machines for multiple tenants
A companys firewall admins and server admins drafted a written agreement that details each of their responsibilities in the event of an outage. What type of agreement is this?
A. COOP
B. MOU
C. ISA
D. OLA
D. OLA
Explanation:
An operational level agreement (OLA) is an agreement about responsibilities between different support teams
A Community of Operations (COOP) documents details the procedures and practices that will enable a business to continue operations in the event of a natural disaster or similarly severe service disruption
Applications may use the actual name or key of an element when generating a web page. Applications dont always verify that a user is authorized for the target. What type of vulnerability does this result in?
A. Application specific allocation
B. Direct reference insecurity
C. Insecure direct object reference
D. Direct Link Bypassing
C. Insecure direct object reference
Explanation:
An IDOR vulnerability occurs when a web application attempts to access an object directly by the name or key of the object without any additional access controls.
