Practice Exam 01 Flashcards
A cybersecurity analyst is reviewing the logs of an authentication server and saw the following output:
[443] [https-get-form] host: diontraining.com login: admin password: P@$$w0rd!
[443] [https-get-form] host: diontraining.com login: admin password: C0mpT1@P@$$w0rd
[443] [https-get-form] host: diontraining.com login: root password: P@$$w0rd!
[443] [https-get-form] host: diontraining.com login: root password: C0mpT1@P@$$w0rd
[443] [https-get-form] host: diontraining.com login: dion password: P@$$w0rd!
[443] [https-get-form] host: diontraining.com login: dion password: C0mpT1@P@$$w0rd
[443] [https-get-form] host: diontraining.com login: json password: P@$$w0rd!
[443] [https-get-form] host: diontraining.com login: json password: C0mpT1@P@$$w0rd
What type of attack was most likely being attempted by the attacker?
a. Session hijacking
b. Impersonation
c. Password spraying
d. Credential stuffing
c. Password spraying
OBJ-1.2: Password spraying refers to the attack method that takes a large number of usernames and loops them with a single password. We can use multiple iterations using a number of different passwords, but the number of passwords attempted is usually low when compared to the number of users attempted. This method avoids password lockouts, and it is often more effective at uncovering weak passwords than targeting specific users. In the scenario provided, there are only one or two attempts being made to each username listed. This is indicative of a password spraying attack instead of a brute force attempt against a single user. Impersonation is the act of pretending to be another person for the purpose of fraud. Credential stuffing is the automated injection of breached username/password pairs in order to fraudulently gain access to user accounts. This is a subset of the brute force attack category: large numbers of spilled credentials are automatically entered into websites until they are potentially matched to an existing account, which the attacker can then hijack for their own purposes. Session hijacking is the exploitation of a valid computer session to gain unauthorized access to information or services in a computer system.
Which of the following is the leading cause for cross-site scripting, SQL injection, and XML injection attacks?
a. Faulty input validation
b. Directory traversals
c. Output encoding
d. File inclusions
a. Faulty input validation
OBJ-3.2: A primary vector for attacking applications is to exploit faulty input validation. The input could include user data entered into a form or URL, passed by another application or link. This is heavily exploited by cross-site scripting, SQL injection, and XML injection attacks. Directory traversal is the practice of accessing a file from a location that the user is unauthorized to access. The attacker does this by ordering an application to backtrack through the directory path so that the application reads or executes a file in a parent directory. In a file inclusion attack, the attacker adds a file to the running process of a web app or website. The file is either constructed to be malicious or manipulated to serve the attacker’s malicious purposes. Cross-site scripting (XSS) is one of the most powerful input validation exploits. XSS involves a trusted site, a client browsing the trusted site, and the attacker’s site.
Which of the following attacks would most likely be used to create an inadvertent disclosure of information from an organization’s database?
a. SQL injection
b. Buffer overflow
c. Cross-site scripting
d. Denial of service
a. SQL injection
OBJ-1.3: A SQL injection poses the most direct and more impactful threat to an organization’s database. A SQL injection could allow the attacker to execute remote commands on the database server and lead to the disclosure of sensitive information. A buffer overflow attack attempts to overwrite the memory buffer in order to send additional data into adjacent memory locations. A buffer overflow attack might target a database server, but it isn’t intended to cause a disclosure of information directly. Instead, a buffer overflow attack may be used to gain initial access to a server and allow for the running of other malicious code. A denial of service targets the availability of the information by attempting to take the server offline. A cross-site scripting attack typically is focused against the user, not the server or database.
You have run finished running an nmap scan on a server are see the following output :
nmap diontraning.com
Starting Nmap (http://nmap.org)
Nmap scan report for diontranining.com (64.13.134.52)
Not shown : 996 filtered ports
PORT STATE
22/tcp open
23/tcp open
53/tcp open
443/tcp open
Namp done : 1 IP address (1 host up) scanned in 2.56 seconds
Based on the output above, which of the following ports listed as open represents the most significant security vulnerability to your network?
a. 22
b. 53
c. 443
d. 23
d. 23
OBJ-3.1: Port 23 is used by telnet and is not considered secure because it sends all of its data in cleartext, including authentication data like usernames and passwords. As an analyst, you should recommend that telnet is disabled and blocked from use. The other ports that are open are for SSH (port 22), DNS (port 53), and HTTPS (port 443).
Which type of authentication method is commonly used with physical access control systems and relies upon RFID devices embedded into a token?
a. HOTP
b. Proximity cards
c. TOTP
d. Smart cards
b. Proximity cards
OBJ-2.7: A proximity card is a contactless card that usually utilizes RFID to communicate with the reader on a physical access system. These are commonly used to access secured rooms (such as server rooms) or even a building itself (such as at a mantrap). Some smart cards contain proximity cards within them, as well, but the best answer to this question is proximity cards since that is the function the smart card would be used to meet the requirements of this scenario.
Review the following packet captured at your NIDS:
23:12:23.154234 IP 86.18.10.3:54326 > 71.168.10.45:3389
Flags [P.], Seq 1834:1245, ack1, win 511, options
[nop, nop, TS val 263451334 erc 482862734, length 125
After reviewing the packet above, you discovered there is an unauthorized service running on the host. Which of the following ACL entries should be implemented to prevent further access to the unauthorized service while maintaining full access to the approved services running on this host?
a. DENY IP HOST 86.18.10.3 EQ 3389
b. DENY IP HOST 71.168.10.45 ANY EQ 25
c. DENY TCP ANY HOST 71.168.10.45 EQ 3389
b. DENY TCP ANY HOST 86.18.10.3 EQ 25
c. DENY TCP ANY HOST 71.168.10.45 EQ 3389
OBJ-4.4: Since the question asks you to prevent access to the unauthorized service, we need to block port 3389 from accepting connections on 71.168.10.45 (the host). This option will deny ANY workstation from connecting to this machine (host) over the Remote Desktop Protocol service that is unauthorized (port 3389).
Your company just installed a new webserver within your DMZ. You have been asked to open up the port for secure web browsing on the firewall. Which port should you set as open to allow users to access this new server?
a. 80
b. 443
c. 143
d. 21
b. 443
OBJ-3.1: Port 443 is used for HTTPS traffic. Therefore, this port must be opened. This is secure web browsing over SSL or TLS. Port 21 is used for the File Transfer Protocol (FTP). Port 80 is used for unsecured web browsing (HTTP). Port 143 is used for Internet Mail Application Protocol (IMAP).
A cybersecurity analyst is reviewing the logs of a proxy server and saw the following URL, http://test.diontraining.com/../../../../etc/shadow. What type of attack has likely occurred?
a. Directory traversal
b. Buffer overflow
c. SQL injection
d. XML injection
a. Directory traversal
OBJ-1.3: This is an example of a directory traversal. A directory traversal attack aims to access files and directories that are stored outside the webroot folder. By manipulating variables or URLs that reference files with “dot-dot-slash (../)” sequences and its variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code or configuration and critical system files. A buffer overflow is an exploit that attempts to write data to a buffer and exceed that buffer’s boundary to overwrite an adjacent memory location. XML Injection is an attack technique used to manipulate or compromise the logic of an XML application or service. SQL injection is the placement of malicious code in SQL statements, via web page input.
Which of the following type of digital forensic investigations is most challenging due to the on-demand nature of the assets being analyzed?
a. On-premise servers
b. Mobile devices
c. Cloud services
d. Employee workstations
c. Cloud services
OBJ-4.5: The on-demand nature of cloud services means that instances are often created and destroyed again, with no real opportunity for forensic recovery of any data. Cloud providers can mitigate this to some extent by using extensive logging and monitoring options. A CSP might also provide an option to generate a file system and memory snapshots from containers and VMs in response to an alert condition generated by a SIEM. Employee workstations are often the easiest to conduct forensics on since they are a single-user environment for the most part. Mobile devices have some unique challenges due to their operating systems, but there are good forensic tool suites available to ease the forensic acquisition and analysis of mobile devices. On-premise servers are more challenging that a workstation to analyze, but they do not suffer from the same issues as cloud-based services and servers.
When your credit card data is written to the customer invoicing system at Dion Training, the first 12 digits are replaced with an x before storing the data. Which of the following privacy methods is being used?
a. Data minimization
b. Data masking
c. Anonymization
d. Tokenization
b. Data masking
OBJ-5.5: Data masking can mean that all or part of the contents of a field is redacted, by substituting all character strings with x, for example. Tokenization means that all or part of data in a field is replaced with a randomly generated token. The token is stored with the original value on a token server or token vault, separate from the production database. An authorized query or app can retrieve the original value from the vault, if necessary, so tokenization is a reversible technique. Data minimization involves limiting data collection to only what is required to fulfill a specific purpose. By reducing what information is collected, it reduces the amount and type of information that must be protected. Data anonymization is the process of removing personally identifiable information from a data set so that the people whom the data describe remain anonymous.
(Sample Simulation – On the real exam for this type of question, you would receive 3-5 pictures and be asked to drag and drop them into place next to the correct term.)
(a person holding a mobile phone texting)
Which of the following types of attacks occurs when an attacker sends unsolicited messages over Facebook messenger?
a. Spear phishing
b. Spamming
c. Pharming
d. Phishing
e. Spimming
e. Spimming
OBJ-1.1: Spim is a type of spam targeting users of instant messaging (IM) services, SMS, or private messages within websites and social media. If the unsolicited messages were sent by email, they would have instead been classified as Spam.
You have been asked to write a new security policy to reduce the risk of employees working together to steal information from the Dion Training corporate network. Which of the following policies should you create to counter this threat?
a. Privacy policy
b. Least privilege policy
c. Mandatory vacation policy
d. Acceptable user policy
c. Mandatory vacation policy
OBJ-5.3: A mandatory vacation policy requires that all users take time away from work to enjoy a break from the day to day rountine of their jobs. But, there is a major side benefit to mandatory vacations in regards to your company’s security posture. By requiring mandatory vacations, it will require the company to have another employee fill in for the vacationing employee’s normal roles and responsibilities. By doing this, the employee who is filling in might come across fraud, abuse, or theft that the vacationing employee is a part of. The concept of least privilege may not stop this theft from occurring, since two employees could work together to steal information that each of them has access to as part of their job. Also, acceptable use simply outlines the types of activities that are allowed and not allowed; it won’t prevent theft from occurring. A privacy policy discusses how information should be properly stored and secured, but this won’t stop an employee from stealing information or detecting if the information was stolen.
(Sample Simulation – On the real exam for this type of question, you would have to rearrange the ports into the proper order by dragging and dropping them into place.)
- RDP
- L2TP
- LDAP
- Kerberos
1701
3389
88
389
Using the image provided, place the port numbers in the correct order with their associated protocols:
a. 3389, 1701, 389, 88
b. 88, 389, 3389, 1701
c. 1701, 3389, 88, 389
d. 389, 88, 1701, 3389
a. 3389, 1701, 389, 88
OBJ-3.1: For the exam, you need to know your ports and protocols. The Remote Desktop Protocol (RDP) operates over port 3389. Layer 2 Tunneling Protocol (L2TP) operates over port 1701. The Lightweight Directory Access Protocol (LDAP) operates over port 389. Kerberos operates over port 88.
Your company just launched a new invoicing website for use by your five largest vendors. You are the cybersecurity analyst and have been receiving numerous phone calls that the webpage is timing out, and the website overall is performing slowly. You have noticed that the website received three million requests in just 24 hours, and the service has now become unavailable for use. What do you recommend should be implemented to restore and maintain the availability of the new invoicing system?
a. VPN
b. MAC filtering
c. Intrusion Detection System
d. Whitelisting
d. Whitelisting
OBJ-3.2: By implementing whitelisting of the authorized IP addresses for the five largest vendors, they will be the only ones who will be able to access the webserver. This can be done by creating rules in the Access Control List (ACL) to deny ALL other users except these five vendors, thereby dropping a large number of requests from any other IP addresses, such as those from an attacker. Based on the description in the scenario, it appears like the system is under some form of denial of service attack, but by implementing a whitelist at the edge of the network and blackholing any traffic from IP addresses that are not whitelisted, the server will no longer be overwhelmed or perform slowly to respond to legitimate requests. MAC filtering is only applicable at layer 2 of the OSI model (which would not work for traffic being sent over the internet from your vendors to your server). A VPN is a reasonable solution to help secure the connection between the vendors and your systems, but it will not deal with the DoS condition being experienced. An intrusion detection system may detect the DoS condition, but an IDS cannot resolve the condition (whereas an IPS could).
Dion Training’s offices utilize an open concept floor plan. They are concerned that a visitor might attempt to steal an external hard drive and carry it out of the building. To mitigate this risk, the security department has recommended installing security cameras that are clearly visible to both employees and visitors. What type of security control do these cameras represent?
a. Compensating
b. Administrative
c. Deterrent
d. Corrective
c. Deterrent
OBJ-2.7: A deterrent control is designed to discourage the violation of a security policy. Since the cameras are clearly visible, they are acting as a deterrent control. A corrective control is one that is used to fix or eliminate a vulnerability. A compensating control is used to minimize a vulnerability when it is deemed too difficult or impractical to fully correct the vulnerability. An administrative control is used to create a policy or procedure to minimize or eliminate a vulnerability.
Nicole’s organization does not have the budget or staff to conduct 24/7 security monitoring of their network. To supplement her team, she contracts with a managed SOC service. Which of the following services or providers would be best suited for this role?
a. PaaS
b. MSSP
c. SaaS
d. IaaS
b. MSSP
OBJ-2.2: A managed security service provider (MSSP) provides security as a service (SECaaS). IaaS, PaaS, and SaaS (infrastructure, platform, and software as a service) do not include security monitoring as part of their core service offerings. Security as a service or a managed service provider (MSP) would be better suited for this role. This question may seem beyond the scope of the exam, but the objectives allow for “other examples of technologies, processes, or tasks pertaining to each objective may also be included on the exam although not listed or covered” in the bulletized lists of the objectives. The exam tests the equivalent to 4 years of hands-on experience in a technical cybersecurity job role. The content examples listed in the objectives are meant to clarify the test objectives and should not be construed as a comprehensive listing of all the content of this examination. Therefore, questions like this are fair game on test day. That said, your goal isn’t to score 100% on the exam; it is to pass it. Don’t let questions like this throw you off on test day. If you aren’t sure, take your best guess and move on!
Dion Training has a $15,000 server that has been crashing frequently. Over the past 12 months, the server has crashed 10 times, requiring the server to be rebooted in order to recover from the crash. Each time, this has resulted in a 5% loss of functionality or data. Based on this information, what is the Annual Loss Expectancy (ALE) for this server?
a. $1,500
b. $15,000
c. $7,500
d. $2,500
c. $7,500
OBJ-5.4: To calculate the ALE, you need to multiple the Single Loss Expectancy (SLE) by the Annual Rate of Occurrence (ARO). The SLE is calculated by multiplying the Exposure Factor (EF) by the Asset Value (AV). Therefore, SLE = EF x AV, and ALE = SLE x ARO. For this scenario, the asset value is $15,000, the annual rate of occurrence is 10 times per year, and the exposure factor is 5% (or 0.05). To calculate the SLE, SLE = 0.05 x $15,000 = $750. Therefore, the ALE = SLE x ARO = $750 x 10 = $7,500.
Marta’s organization is concerned with the vulnerability of a user’s account being vulnerable for an extended period of time if their password was compromised. Which of the following controls should be configured as part of their password policy to minimize this vulnerability?
a. Minimum password length
b. Password complexity
c. Password expiration
d. Password history
c. Password expiration
OBJ-3.7: A password expiration control in the policy would force users to change their password at specific intervals of time. This will then locks out a user who types in the incorrect password or create an alter that the user’s account has been potentially compromised. While the other options are good components of password security to prevent an overall compromise, they are not effective against the vulnerability described in this particular scenario, as it states the issue is based on time. Password history is used to determine the number of unique passwords a user must use before they can use an old password again. The Passwords must meet complexity requirements policy setting determines whether passwords must meet a series of guidelines that are considered important for a strong password. Maximum password length creates a limit to how long the password can be, but a longer password is considered stronger against a brute force attack.
As a cybersecurity analyst conducting vulnerability scans, you have just completed your first scan of an enterprise network comprising over 10,000 workstations. As you examine your findings, you note that you have less than 1 critical finding per 100 workstations. Which of the following statement does BEST explain these results?
a. The scanner was not compatible with the devices on your network
b. The network has an exceptionally strong security posture
c. An uncredentialed scan of the network was performed
d. The scanner failed to connect with the majority of workstations.
c. An uncredentialed scan of the network was performed
OBJ-1.7: Uncredentialed scans are generally unable to detect many vulnerabilities on a device. When conducting an internal assessment, you should perform an authenticated (credentialed) scan of the environment to most accurately determine the vulnerability posture of the network. In most enterprise networks, if a vulnerability exists on one machine, it also exists on most of the other workstations since they use a common baseline or image. If the scanner failed to connect to the workstations, an error would have been generated in the report.
Maria is trying to log in to her company’s webmail and is asked to enter her username and password. Which type of authentication method is Maria using?
a. RADIUS
b. Multifactor
c. TACACS+
d. Single-factor
d. Single-factor
OBJ-2.4: Single-factor authentication (SFA) is a process for securing access to a given system, such as a network or website, that identifies the party requesting access through only one category of credentials (something you know, something you have, something you are, or something you do). The most common example of single-factor authentication occurs when a user is prompted to enter their username and password in order to authenticate.
You work for a bank that is interested in moving some of its operations to the cloud, but it is worried about security. You recently discovered an organization called CloudBank that was formed by 15 local banks as a way for them to build a secure cloud-based environment that can be accessed by the 15 member banks. Which cloud model BEST describes the cloud created by CloudBank?
a. Public cloud
b. Hybrid cloud
c. Private cloud
d. Community cloud
d. Community cloud
OBJ-2.2: Community Cloud is another type of cloud computing in which the setup of the cloud is shared manually among different organizations that belong to the same community or area. A multi-tenant setup is developed using cloud among different organizations that belong to a particular community or group having similar computing concerns. For joint business organizations, ventures, research organizations, and tenders, a community cloud is an appropriate solution. Based on the description of 15 member banks coming together to create the CloudBank organization and its cloud computing environment, a community cloud model is most likely being described.
What role does the red team perform during a tabletop exercise (TTX)?
a. Network defender
b. Cybersecurity analyst
c. System administrator
d. Adversary
d. Adversary
OBJ-4.2: The red team acts as the adversary, attempting to penetrate the network or exploit the network as a rogue internal attacker. The red team might be selected members of in-house security staff or might be a third-party company or consultant contracted to perform the role. The blue team operates the security system with a focus on detecting and repelling the red team. The blue team usually consists of system administrators, cybersecurity analysts, and network defenders.
Chris just downloaded a new third-party email client for his smartphone. When Chris attempts to log in to his email with his username and password, the email client generates an error messaging stating that “Invalid credentials” were entered. Chris assumes he must have forgotten his password, so he resets his email’s username and password and then reenters them into the email client. Again, Chris receives an “Invalid credentials” error. What is MOST likely causing the “Invalid credentials” error in regard to Chris’s email client?
a. His smartphone has full device encryption enabled
b. His email account requires a strong password to be used
c. His email account requires multifactor authentication
d. His email account is locked out
c. His email account requires multifactor authentication
OBJ-2.4: If a user or system has configured their email accounts to require two-factor authentication (2FA) or multifactor authentication, then even if they enter their username and password correctly in the third-party email client, they will receive the “Invalid credentials” error message. Some email servers will allow the user to create an Application Specific Password to bypass the multifactor authentication requirement to overcome this, or the user will have to use an email client that supports multifactor authentication.
Which of the following is not normally part of an endpoint security suite?
a. VPN
b. Software firewall
c. Anti-virus
d. IPS
a. VPN
OBJ-3.2: Endpoint security includes software host-based firewalls, host-based intrusion protection systems (HIPS), and anti-virus software. A VPN is not typically considered an endpoint security tool because it is a network security tool.
Which of the following items represents a document that includes detailed information on when an incident was detected, how impactful the incident was, how it was remediated, the effectiveness of the incident response, and any identified gaps that might require improvement?
a. Chain of custody report
b. Forensic analysis report
c. Lessons learned report
d. Trends analysis report
c. Lessons learned report
OBJ-4.2: The lessons learned report provides you with the details of the incident, its severity, the remediation method, and, most importantly, how effective your response was. Additionally, it provides recommendations for improvements in the future. A forensic analysis report would not provide recommendations for future improvements, even though it provides many of the other details. A trend analysis report describes whether behaviors have increased, decreased, or stayed the same over time. Chain of custody report is the chronological documentation or paper trail that records the sequence of custody, control, transfer, analysis, and disposition of physical or electronic evidence.
Your company explicitly obtains permission from its customers to use their email address as an account identifier in its CRM. Max, who works at the marketing department in the company’s German headquarters, just emailed all of the customers to let them know about a new sales promotion this weekend. Which of the following privacy violations has occurred, if any?
a. There was a privacy violation since data minimization policies were not followed properly
b. There was a privacy violation since the customer’s explicitly gave permissions to use the email address as an identifier and did not consent to receiving marketing emails.
c. There was no privacy violation since the customer’s were emailed securely through the customer relationship management tool
d. There was no privacy violation because only corporate employees had access to their email addresses.
b. There was a privacy violation since the customer’s explicitly gave permissions to use the email address as an identifier and did not consent to receiving marketing emails.
OBJ-5.2: According to the European Union’s General Data Protection Regulation (GDPR), personal data collected can only be used for the exact purpose in which explicit consent was obtained. In order to use email addresses for marketing purposes, a separate explicit consent should have been obtained. Since the company operates in Germany, it must follow the GDPR privacy standard. Even if a company doesn’t operate within the European Union, its customers might be European Union citizens, and therefore the company should still optional follow the GDPR guidelines. While data minimization is a good internal policy to utilize, not following it doesn’t equate to a privacy violation or breach. Data minimization is the principle that data should only be processed and stored if that is necessary to perform the purpose for which it is collected. The option concerning the customer relationship management (CRM) tool is a distractor since the issue is the use of the data in ways that were not consented to by the customer, not which system the email was actually sent through. A privacy violation can occur when data is viewed by corporate employees if those employees do not have a need to know, a valid business requirement to use the data, or consent from the customer to use the data for the specific purpose (as was the case in this scenario).
Which of the following cryptographic algorithms is classified as asymmetric?
a. 3DES
b. AES
c. RC4
d. PGP
d. PGP
OBJ-2.8: Pretty Good Privacy (PGP) is an encryption program that provides cryptographic privacy and authentication for data communication. PGP is used for signing, encrypting, and decrypting texts, emails, files, directories, and whole disk partitions and to increase the security of email communications. PGP is a public-key cryptosystem and relies on an asymmetric algorithm. AES, RC4, and 3DES are all symmetric algorithms.
You are reviewing a rule within your organization’s IDS. You see the following output:
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any msg: “BROWSER-IE Microsoft Internet Explorer CacheSize exploit attempt”;
flow: to_client, established;
file_data;
content: “recordset”; offset:14; depth:9;
content:”.CcheSize”; distnace:0; within:100;
pcre:”/CacheSize\s=\s/”;
byte_test:10,>,0xffffffe,0,relative,string;
max-detect-ips drop, service http;
reference:cve,2016-8077;
classtype: attempted-user;
sid:65535;rev:1;
Based on this rule, which of the following malicious packets would this IDS alert on?
a. Any malicious inbound packets
b. An malicious inbound TCP packet
c. Any malicious outbound packets
d. An malicious outbound TCP packet
b. An malicious inbound TCP packet
OBJ-3.3: The rule header is set to alert only on TCP packets based on the first line of this IDS rule. The flow condition is set as “to_client, established”, which means that only inbound traffic will be analyzed against this rule and only inbound traffic for connections that are already established. Therefore, this rule will alert on an inbound malicious TCP packet only when the packet matches all the conditions listed in this rule. This rule is an example of a Snort IDS rule. For the exam, you do not need to be able to create your own IDS rules, but you should be able to read them and pick out generic content like the type of protocol covered by the signature, the port be analyzed, and the direction of flow.
What is a reverse proxy commonly used for?
a. Allowing access to a virtual private cloud
b. Directing traffic to internal services if the contents of the traffic comply with the policy
c. To prevent the unauthorized use of cloud services from the local network
d. To obfuscate the origin of a user within a network
b. Directing traffic to internal services if the contents of the traffic comply with the policy
OBJ-2.1: A reverse proxy is positioned at the cloud network edge and directs traffic to cloud services if the contents of that traffic comply with the policy. This does not require the configuration of the users’ devices. This approach is only possible if the cloud application has proxy support. You can deploy a reverse proxy and configure it to listen for client requests from a public network, like the internet. The proxy then creates the appropriate request to the internal server on the corporate network and passes the response from the server back to the external client. They are not generally intended to obfuscate the source of communication, nor are they necessarily specific to the cloud. A cloud access security broker (CASB) can be used to prevent unauthorized use of cloud services from the local network.
You have signed up for a web-based appointment scheduling application to help you manage your new IT technical support business. What type of solution would this be categorized as?
a. PaaS
b. DaaS
c. IaaS
d. SaaS
d. SaaS
OBJ-2.2: Software as a Service (SaaS) is used to provide web applications to end-users. This can be a calendar, scheduling, invoicing, word processor, database, or other programs. For example, Google Docs and Officer 365 are both word processing SaaS solutions. QuickBooks Online is one example of a SaaS solution for accounting.
(Sample Simulation – On the real exam for this type of question, you would receive 3-5 pictures and be asked to drag and drop them into place next to the correct term.)
A picture of someone hold a mobile phone with finger print authentication
How would you appropriately categorize the authentication method being displayed here?
a. Multifactor authentication
b. PAP authentication
c. One-time password authentication
d. Biometric authentication
d. Biometric authentication
OBJ-2.4: For the exam, you need to know the different categories of authentication and what type of authentication methods belong to each category. A fingerprint scan would be categorized as biometric authentication. Biometric authentications include any authentication system that relies on one or more physical characteristics of a person for authentication.
Which of the following authentication mechanisms involves receiving a one-time use shared secret password, usually through a token-based key fob or smartphone app, that automatically expires after a short period of time (for example, 60 seconds)?
a. Smart card
b. TOTP
c. EAP
d. HOTP
b. TOTP
OBJ-2.4: The Time-based One-time Password Algorithm (TOTP) is a refinement of the HOTP. One issue with HOTP is that tokens can be allowed to persist unexpired, raising the risk that an attacker might be able to obtain one and decrypt data in the future. In TOTP, the HMAC is built from the shared secret plus a value derived from the device’s and server’s local timestamps. TOTP automatically expires each token after a short window (60 seconds, for instance).