Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CASP+ Prepare for ISSAP > Pocket Prep 3 > Flashcards

Pocket Prep 3 Flashcards

1
Q

Under GDPR, what does data ownership entail?

A. Only responsibility for data
B. Responsibility for and possession of data
C. Only possession of data
D. Responsibility for, encryption of, and posession of data

A

B. Responsibility for and possession of data

Explanation:
Data ownwership refers to both possession and repsonsibility. While encryption is important for maintaining privacy, data ownership does not inherently imply encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which of the following is the code that results from compiling source code from a high level lanaguage like Java and is the intermeediary between machine code and source code?

A. Byte
B. Script
C. Unknown environment
D. Object oriented

A

A. Byte

Explanation:
Byte code is the intermediary code that results from compiling source code.

Script code is a generic term for code in a script file. Computer scripts are written in scripting languages like Bash, Python and Powershell

Object oritented programming is a type of programming where code is using data objects

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which of the following is NOT a default SMTP port?

A. 645
B. 25
C. 587
D. 465

A

A. 645

Explanation:
The default port for SMTP is 25. Versions of SNMP that uses SSL/TLS use ports 587 and 465. 645 is not a default SMTP port

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

In TPM, which type of key is stored in persistent memory and is installed by the manufacturer?

A. Storage key
B. SRK
C. AIK
D. EK

A

D. EK

Explanation:
A Trusted Platform Module chip provides services for protecting keys and encrypting drives. The Endorsement Key (EK) is installed by the manufacturer and contains a public/private key pair

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Software may, at times, have functionality that is not initially enabled. This is done so that the service is not available to an attacker unless the user enables functionality. What type of security principle does this illustrate?

A. Security by default
B. Security by design
C. Security by accident
D. Security by deployment

A

A. Security by default

Explanation:
Security by default means that, without changes, a system uses secure settings. For example, some server products have plaintext network protocols like FTP and HTTP disabled by default.

Security by design deals with security principles being incoludeed in the coding and design of a systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which technology provides a system with a separate CPU that keeps the system protected even if the kernel is compromised?

A. Secure enclave
B. ASLR
C. TPM
D. XN bit

A

A. Secure enclave

Explanation:
A secure enclave is a part of a system that cannot be compromised even if the operating system kernel is comprmised. It aims to minimize the amount of time that data is unencrypted when it is being used.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which of the following is one of the primary issues with symmetric encryption?

A. Key management
B. Speed
C. Reliability
D. Ciphertext cannot be decrypted

A

A. Key management

Explanation:
The three primary issues with symmetric encryption:

  1. Key Distribution - Symmetric encryption requires shared keys that encrypt plaintext and decrypt ciphertext to be distributred over a securre out of band channel to remain secure
  2. Key Management - As the number of participants that need to exchange keys increases with symmetric encryption, key management gets more complex.
  3. Only provides confidentiality
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which of the following tools is used fo reverse engineering software?

A. Metasploit
B. Nessus
C. diStorm3
D. Burp Suite

A

C. diStorm3

Explanation:
There are many software tools to help reverse engineer software, such as Apktool, dex2jar, diStorm3, edb-bugger

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A security analyst is looking at a routers firmware to see if there are any vulnerabilities on backdoors. What tool should they use for analyzing this?

A. Ghidra
B. Binwalk
C. Foremost
D. ssdeep

A

B. Binwalk

Explanation:
Binwalk is a tool in Linux that is used for searching, analyzing and reverse engineering firmware images. It is useful for checking the security of network and IoT devices.

Hex Dump is a tool for analyzing binary data in a user specified format. Foremost is a tool for recovering files from a drive. The ssdeep utility is used for computing hashes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which is a bidding process document issued by an organization that outlines their requirements for a supplier to potentially fulfill?

A. RFP
B. MOU
C. ISA
D. SLA

A

A. RFP

Explanation:
An RDP (request for proposal) is a bidding process document an organization issues that outlines their requirements for a supplier. It details the specifics of a product or service the organization wants to purchase. Suppliers use the RFP as a guideline for submitting a formal proposal

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What advantage does ECC have over RSA?

A. Ability to use larger key sizes
B. Reduced storage and transmission requirements
C. Combability with older hardware
D. Greater level of security

A

B. Reduced storage and transmission requirements

Explanation:
The primary benefit of ECC is its efficient. It can use smaller key sizes but still have the same security level as RSA

RSA is able to use large key sizes, has good compatibility with older systems, and has comparable levels of security to ECC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

A company has numerous compensating controls on users endpoint devices. They now want to add more controls that monitor the whole network. Which of the following technologies will help them with that?

A. Host based firewall
B. EDR
C. HIDS
D. EUBA

A

D. EUBA

Explanation:
User and Entity Behavior Analysis (UEBA) is a technique for detecting anomalies on a network. For example, an increase in traffic above normal levels could indicate a threat.

Endpoint Detection Response, Host Based Intrusion Detection Systems and host based firewalls run on end user systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which is NOT a single protocol but a framework for port based access control?

A. EAP
B. PAP
C. CHAP
D. RDP

A

A. EAP

Explanation:
Extensible Authentication Protocol (EAP) is not a single protocol but a suite, or framework, for port based access control.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which type of encryption simultaneously assures confidentiality and authenticity of data?

A. Hash based message authentication code
B. AES
C. DES
D. Authentication encryption with associated data

A

D. Authentication encryption with associated data

Explanation:
Authentication Encryption with Associated Data (AEAD) encrypts data with a symmetric key and generates an authentication tag that can verify the data’s authenticity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What authentication protocol involves the server sending a random string to request authentication and the client encrypting that string with a password?

A. PAP
B. PEAP
C. EAP
D. CHAP

A

D. CHAP

Explanation:
Challenge Handshake Authentication Protocol involves the server sending a random string to request authentication and the client encrypting that string with a password. The client then sends the encrypted string back to the server. If the server can decrypt the string successfully with the password, authentication is successful

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A company wants to have granular control over applications that run on mobile devices. What type of solution enables this?

A. MFA
B. MAM
C. NFC
D. HSM

A

B. MAM

Explanation:
Mobile Application Management is a software that secures the mobile environment on devices used for business purposes. It allows IT admins to enforce corporate policies on these devices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

A company has released a new web application. However, when a user accesses a certain link, an error message is generated that mentions the web applications platform. What type of issue should be addressed in this situation?

A. Poor exception handling
B. Broken Authentication
C. Unsecure references
D. Improper headers

A

A. Poor exception handling

Explanation:
When a web application in production encounters an error, it should have a default error page that does not give public users any insight into the underlying architecture of the application. Detailed error information should only be shown in development environments

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

An attacker has embedded themselves between two communicating devices within a companys network. He impersonates each device to the other in an attempt to change and eavesdrop on communications

What type of attack is this?

A. Reverse engineering attack
B. Meet in the middle attack
C. On path attack
D. Factoring attack

A

C. On path attack

Explanation:
On path attack, known previously as man in the middle is when an attacker eavesdrops on communications and changes their content. During the execution of this attack, an attacker pretends to be one of the parties in the communication.
Diffie Hellman is highly vulnerable to on path attacks

A factoring attack attempts to break down, or factor, the large numbers that the RSA algorithm uses to protect and encrypt the data. It is this resistance to detection that makes the asymmetric algorithms like RSA function, but, ultimately, devices like quantum computing may render them obsolete. This is due to the ability to factor the numbers at impossibly fast speeds, enabling the algorithms to be cracked quickly with ease

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

A company is considering options for their data classification, labeling and tagging. They want to implement a standard from an attribute based access control system that is decoupled from the application or local machine. Which solution will help with this?

A. XUL
B. XSS
C. XSLT
D. XACML

A

D. XACML

Explanation:
The eXtensible Access Control Markup Language (XACML) is an XML based language for access control policies. It can be used to exchange access control policies between different systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Which of the following is an XML based protocol specification that web services use for one way transmission between endpoints?

A. LDAP
B. SOAP
C. COBOL
D. SSH

A

B. SOAP

Explanation:
Web servers typically use Simple Object Access Protocol (SOAP) to exchange structured information. SOAP uses Extensible Markup Language (XML) , which is insecure by itself, but when implemented with Web Services Security, can provide additional security for web services. WS Security has three primary mechanisms to provide integrity: SOAP message signing, encrypting the SOAP message signing, encrypting the SOAL messages for confidentiality, and attaching security tokens to ensure a senders identity is genuine

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Bob is a security engineer at Acme Inc. He deploys a network of partially vulnerable machines to distract attackers from his production networks. What term best describes the network Bob deployed to distract attackers?

A. Honeypots
B. Honeynets
C. SAST box
D. CMDB

A

B. Honeynets

Explanation:
A honeynet is a partially vulnerable network for baiting or distracting attackers from a real network

A honeypot is a vulnerable system deployed with the intent of attracting attackers. Honeypots arte common tools in security research

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

A payment processing company and a data storage company draft a formal agreement specifying they will use standards based communication and support specific transaction codes to ensure their systems work properly together. This agreement is an example of which of the following?

A. IA
B. ISA
C. MOU
D. SLA

A

A. IA

Explanation:
An interoperability agreement is a formal agreement between two or more organizations defining technical information like communications protocols and how the businesses work together

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

All of the following are relevant information sources for day to day security threats except:

A. NIST
B. NSA
C. CISA
D. Microsoft

A

A. NIST

Explanation:
The National Institute of Standards and Technology (NIST) website provides standards and guidelines for various aspects of technology and security, but does not provide real time information on cyber threats

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What are the four basic components of the DIamond Model of Instrusion Analysis?

A. Reconnaissance, Exploitation, Command and Control, Acttions on Objectives
B. Reconnaissance, Weaponization, Delivery, Exploitation
C. Collection, Command and Control, DIscovery, Evasion
D. Adversary, Infrastructure, Capabilities, Victim

A

D. Adversary, Infrastructure, Capabilities, Victim

Explanation:
The Diamond Model of Intrusion Analysis focuses on the relationships and characteristics of four components to understand threats and intrusions. It considers each step that an attacker takes as using one of their capabilities against the victims infrastructrure in order to meet their objective

25
Q

A company has a Linux system that has its file system corrupted. They want to recover some important image files from this system. Which tool should they use to accomplish this?

A. ExifTool
B. Strings
C. Ghidra
D. Foremost

A

D. Foremost

Explanation:
Foremost is a Linux based file carving tool used to recover datal. Foremost is primarily used to recover images from hard drives and iPhones

Strings is used to find text strings. Ghidra is a reverse engineering tool. ExifTool is for reading and writing metadata

26
Q

There are multiple one way hashing algorithms used for cybersecurity use cases, including password verification and validation of file integrity. Of the following, which is NOT one of the common hashing methods?

A. ARGON2
B. bcrypt
C. SHA
D. AES

A

D. AES

Explanation:
Advanced Encryption Standard (AES) is used for data encryption, not creating one way hashes.

SHA, bcrypt, and ARGON2 are all one way hash algorithms

27
Q

A Linux systems administrator wants to monitor how a process interacts with other processes and the kernel. Which tool lets them do this?

A. ldd
B. strace
C. objdump
D. readelf

A

B. strace

Explanation:
The srace tool is used in Linux to trace system calls made by a process. It is used to isolate bugs, do sanity checks, and detect race conditions

28
Q

What is the formula to calculate SLE?

A. SLE = AV x ARO
B. SLE = AV x EF
C. SLE = EV x ARO
D. SLE = ALE x ARO

A

B. SLE = AV x EF

Explanation:
The SLE (single loss expectancy) formula is:

SLE = AV x EF

Asset value indicates the value of an asset. Exposure Factor indicates tthe percent of value lost if the event occurs

29
Q

A company is looking to improve the resiliency of its website. They already have a cluster of load balanced servers. They now want to build in logic that can help the cluster better react to changes in the environment in real time. What type of solution should they implement?

A. Distributed allocation
B. Course of action orchestration
C. Runbooks
D. Steganalysis

A

B. Course of action orchestration

Explanation:
Course of action orchestration is used to automate entire workflows. It can be used to address changing workflows.

Distributed allocation referes to locating critical assets in different locations. Runbooks are step by stpe instructions for IT teams to follow during incidents.

30
Q

As a security engineer at Acme Inc, you have been tasked with implementing a solution that will detect an unidentified device connects to your wireless network. Which of the tools below offers the BEST solution?

A. HIDS
B. WIDS
C. WAF
D. SSH

A

B. WIDS

Explanation:
A WIDS is like an NIDs for wireless networks. A wireless intrusion detection systemn can detect and alert when an unidentified wireless device connects to a wireless network.

31
Q
A
32
Q

Which of the following pieces of information should a security administrator use SCAP to obtain?

A. DNS Records
B. IP Addresses to MAC address mappings
C. Percentage of guests accounts disabled
D. SNMP Traps

A

C. Percentage of guests accounts disabled

Explanation:
Security Content Automation Protocol (SCAP) is used to automate processes like compliance and vulnerability management. Percentage of guest accounts enabled across an organization is an example of information security administrators can obtain using SCAP.

33
Q

What is a security consideration that needs to be taken into account with regards to a CAN bus?

A. Inability to implement physical controls
B. Lack of encryption
C. Dependency on host computers security controls
D. Vulnerabilities with CPU virtualization support

A

B. Lack of encryption

Explanation:
A Controller Area Network (CAN) bus is a protocol for devices to communicate without a host computer. It is a low level protocol designed to be fast and does not support encryption

A device using CAN can implement its own physical security controls. A CAN device does not use a host computer. CAN devices are used for specific purposes, so they do not need that virtualization support

34
Q

A company wants to secure 3 subdomains: dev.acme.com, qa.acme.com and prod.acme.com with the same digital certificate. What type of certificate do you recommend they use?

A. CRL
B. Multidomain
C. CA
D. Wildcard

A

D. Wildcard

Explanation:
A wildcard certificate is useful for multiple subdomains, but not multiple domains.

35
Q

How many keys does asymmetric encryption use?

A. 2
B. 1
C. 3
D. 64

A

A. 2

Explanation:
Asymmetric eencryption uses 2 keys, a public and a private key. Symmetric encryption uses 1 shared key

36
Q

You have been tasked with reporting on all the different potential threats to a company’s internal file server. As a part of this task, you were asked to include the potential monetary impact for each individual threat occurrence. What should you do?

A. Determine the ALE for each threat occurrence
B. Determine the SLE for each threat occurrence
C. Determine the ARO for each threat occurrence
D. Determine the exposure factor for each threat occurrence

A

B. Determine the SLE for each threat occurrence

Explanation:

37
Q

Which of the following is one of the primary issues with symmetric encryption?

A. Key distribution
B. Lack of shared keys
C. Ciphertext cannot be decrypted
D. Plaintext cannot be encrypted

A

A. Key distribution

Explanation:
Three problems with symmetric:
1. Key Distribution - symmetric encryption required shared keys that encrypt plaintext and decrypt ciphertext to be distributed over a secure out of band channel to remain secure
Key Management - As the number of participants that need to exchange key increases with symmetric encryption, the key management gets significantly more complex
3. Only provides confidentiality - Symmetric encryption provides confidentiality, but does not provide authentication like asymmetric encryption does

38
Q

Which of the following is an advantage of a third party security assessment compared to a self assessment?

A. Flexibility
B. Continuous Improvement
C. Cost savings
D. Objectivity

A

D. Objectivity

Explanation:
Self assessment can be biased. Third party assessments are periodically required for their objectivity and because they give better results

39
Q

Which process shouold occur whenever an application receives data from a third party?

A. Regression testing
B. Input validation
C. Client Side Processing
D. VM Escape

A

B. Input validation

Explanation:
Whenever an application takes data from an external source, the data should be validated and sanitized.

40
Q

Which of the following is a standard type of HTTP header?

A. GET
B. API
C. Response
D. POST

A

C. Response

Explanation:
An HTTP response header is a header sent from a server to a client that includes details like file size.

41
Q

A company is trying to implement data loss prevention. They want a solution that will monitor traffic as it leaves the network and decrypt any encrypted data to inspect it. What type of solution will enable this?

A. DPI
B. External media blocking
D. DRIM
D. Watermarking

A

A. DPI

Explanation:
Deep Packet Inspection can be used to inspect data at the edge of a network to make sure that sensitive data does not pass through. If the data is encrypted, it will need the decryption key and this analysis can slow down traffic

42
Q

A company wants to securely hash passwords by using a salt to guard against rainbow table attacks. Which solution should they implement for this?

A. Bcrypt
B. SHA
C. HMAC
D. MD

A

A. Bcrypt

Explanation:
Bcrypt is used for hashing passwords and it uses a salt to protect against rainbow table attacks. A salt is a random data value added to input before it is hashed.

43
Q

What type of error can occur if a website visitor leaves out the www part of a URL if that part is included in the digital certificate?

A. Name mismatch
B. Certificate signed by unknown server
C. Certificate not issued by a trusted certificate authority
D. Wrong certificate type

A

A. Name mismatch

Explanation:
A name mismatch can occur if the cert name does not match the site it was meant to protect. This can be addressed by having a certificate that covers the different domain names thast users will access the site by

44
Q

Which of the following storage media is the least volatile?

A. Routing tables
B. Registers
C. Disk
D. Physical Configurations

A

D. Physical Configurations

Explanation:
1. Cache Registers
2. Routing tables
3. Temp file systems
4. Disks
5. Remote logging data and monitoring data
6. Physical configurations
7. Archival Media

45
Q

How can the trust model for CAs be described?

A. Federated identity
B. Hierarchical
C. Web of trust
D. Proof of work

A

B. Hierarchical

Explanation:
Certificate Authorities use a hierarchical trust model which uses subordinate/intermediate CAs. The top level of the hierarchy is a root CA, which is the most trusted entity and is self signed

46
Q

An attacker has gained access to a LAN with virtual machine hostsl They gain access to a virtual machine running in a type 1 hypervisor and exploit it to run malicious code on the hypervisor.

What type of attacks is this?

A. VM Escape
B. Hyperjacking
C. DoS
D. VM Insertion Attack

A

B. Hyperjacking

Explanation:
A hyperjacking attack occurs when a guest operating system is able to break out from the encapsulation provided by a type 1 hypervisor and interact with the host directly. Comparable attacks against the type 2 hypervisors are called VM escape attacks

47
Q

What process protects an LDAP server from LDAP injection?

A. Input validation
B.Sandboxing
C. Code Signing
D. Cross certification

A

A. Input validation

Explanation:
LDAP Injection involves entering metacharacters into queries to change the behavior and response of the LDAP server. This can be addressed by properly validating and sanitizing input to LDAP servers

48
Q

What is the difference between a runbook and a playbook?

A. Playbooks deal with responses to a larger issue; runbooks define a specific process.
B. Nothing; they are the same
C. Runbooks deal with responses to a larger issue; playbooks define a specific process
D. Runbooks are written in Python; playbooks are written in Java

A

A. Playbooks deal with responses to a larger issue; runbooks define a specific process.

Explanation:
Playbooks deal with responses to larger issues; runbooks define a specific process

Playbooks are larger in scope than runbooks. Specifically, playbooks deal with responses to larger issues; runbooks define a specific process.

49
Q

A video recording company wants to use a integrated chip that is specifically designed for the type of video compression software they will use. What type of embedded technology should they use?

A. FPGA
B. SoC
C. ASIC
D. PLC

A

C. ASIC

Explanation:
An Application Specific Integrated Circuit (ASIC) is a chip that is specially designed for one specific purpose This is is the most efficient technique to use when the end purpose for the circuit will not change

50
Q

A business needs to create hashes of an application they offer for partnering companiesl IN addition, the hash value should be password protected. What type of solution will enable this?

A. RIPEMD
B. HMAC
C. POLY1305
D. MD6

A

B. HMAC

Explanation:
Hash Based Message Authentication Code (HMAC) can be used to create a hash that also needs a password. This adds an extra layer of authentication

51
Q

Which of the following is a hash function that can replace MD4- and is used as SHA256 alternative on the BItcoin blockchain?

A. RIPEMD-160
B. MD5
C. AES
D. DES

A

A. RIPEMD-160

Explanation:
RIPEMD (RACE integrity primititives evaluation message digest) is a hashing function used in Bitcoin. The original RIEPMD has been strengthened by multiple later variants including RIPEMD-169

52
Q

A disgruntled employee had access to a virtual machine running in a type 2 hypervisor and proceeded to gain administrator access on the host operating system. What type of attack is this?

A. Privilege Escalation
B. Insertion
C. DoS
D. Sideloading

A

A. Privilege Escalation

Explanation:
PrivEsc attack occurs when a user gains high level privileges thran they are authorized to have

53
Q

Which of the following is true about data sovereignty?

A. Data sovereignty is determined by the data’s transmission medium
B. Under GDPR, data sovereignty and data ownership are equivalent
C. Data sovereignty is determined by the data’s source
D. Data sovereignty is determined by where the data is physically stored

A

D. Data sovereignty is determined by where the data is physically stored

54
Q

Which extension to an X.509 cert allows for specifying additional host names for a single SSL/TLS certificate?

A. SAN
B. CN
C. Subject unique identifier
D. Validity

A

A. SAN

Explanation:
The Subject Alternative Name (SAN) extension is used often in SSL/TLS. It allows for securing multiple hostnames with a single cert

55
Q

Which of the following is NOT a potential security issue related to a single hypervisor based platform hosting virtual machines for multiple tenants from different organizations?

A. Improper separation of duties can lead to a security breach
B. Physical access to a server may enable access to virtual machines
C. Misconfigurations can impact all tenants
D. Tenants’ applications are not logically isolated from one another

A

D. Tenants’ applications are not logically isolated from one another

Explanation:
Applications running in different virtual machines run in operating systems that are logically isolated from one another. However, there are a variety of other potential security issues related to a single hypervisor based platform hosting virtual machines for multiple tenants

56
Q

A companys firewall admins and server admins drafted a written agreement that details each of their responsibilities in the event of an outage. What type of agreement is this?

A. COOP
B. MOU
C. ISA
D. OLA

A

D. OLA

Explanation:
An operational level agreement (OLA) is an agreement about responsibilities between different support teams

A Community of Operations (COOP) documents details the procedures and practices that will enable a business to continue operations in the event of a natural disaster or similarly severe service disruption

57
Q

Applications may use the actual name or key of an element when generating a web page. Applications dont always verify that a user is authorized for the target. What type of vulnerability does this result in?

A. Application specific allocation
B. Direct reference insecurity
C. Insecure direct object reference
D. Direct Link Bypassing

A

C. Insecure direct object reference

Explanation:
An IDOR vulnerability occurs when a web application attempts to access an object directly by the name or key of the object without any additional access controls.

58
Q
A

CASP+ Prepare for ISSAP (24 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions