Practice Exam 02 Flashcards

1
Q

Dion Training utilizes a wired network throughout the building to provide network connectivity. Jason is concerned that a visitor might be able to plug their laptop into a CAT 5e wall jack in the lobby and access the corporate network. What technology should be utilized to prevent the user from gaining access to network resources if they are able to plug their laptop into the network?

a. DMZ
b. VPN
c. NAC
d. UTM

A

c.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Dion Training wants to ensure that none of its computers can run a peer-to-peer file sharing program on its office computers. Which of the following practices should be implemented to achieve this?

a. MAC filtering
b. Application whitelisting
c. Enable NAC
d. Application blacklisting

A

d.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

The digital certificate on the Dion Training web server is about to expire. Which of the following should Jason submit to the CA in order to renew the server’s certificate?

a. Key escrow
b. OCSP
c. CRL
d. CSR

A

d

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

You are working for a government contractor who requires all users to use a PIV device when sending digitally signed and encrypted emails. Which of the following physical security measures is being implemented?

a. Smart card
b. Biometric reader
c. Key fob
d. Cable lock

A

c

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

(Sample Simulation – On the real exam for this type of question, you would receive 3-5 pictures and be asked to drag and drop them into place next to the correct term.)

a picture of a key fob

How would you appropriately categorize the authentication method being displayed here? (Note: the hardware token is being by itself used for authentication.)

a. Biometric authentication
b. Multifactor authentication
c. One-time password authentication
d. PAP authentication

A

d

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which of the following type of threats did the Stuxnet attack rely on to cross an airgap between a business and an industrial control system network?

a. Session hijacking
b. Removable media
c. Cross-site scripting
d. Directory tranversal

A

c

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What kind of attack is an example of IP spoofing?

a. Man-in-the-middle
b. SQL injections
c. Cross-site scripting
d. ARP poisoning

A

d

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A cybersecurity analyst is conducting an incident response at a government agency when she discovers that attackers had exfiltrated PII. Which of the following types of breaches has occurred?

a. Financial breach
b. Privacy breach
c. Proprietary breach
d. integrity breach

A

b

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

(Sample Simulation – On the real exam for this type of question, you would have to rearrange the steps into the proper order by dragging and dropping them into place.) What is the correct order of the Incident Response process?

a. Preparation, Identification, Containment, Eradication, Recovery, and Lessons Learned
b. Identification, Containment, Eradication, Preparation, Recovery, and Lessons Learned
c. Containment, Eradication, Identification, Lessons learned, Preparation, and Recovery
d. Lessons Learned, Recovery, Preparation, Identification, Containment, and Eradication

A

a

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Ryan needs to verify the installation of a critical Windows patch on his organization’s workstations. Which method would be the most efficient to validate the current patch status for all of the organization’s Windows 10 workstations?

a. Create an run a PowerShell script to search for the specific patch in question
b. Check the Update History manually
c. Use SCCM to validate patch status for each machine on the domain
d. Conducts a registry scan of each workstation to validate the patch was installed.

A

c

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Barbara received a phone call from a colleague asking why she sent him an email with lewd and unusual content. Barbara doesn’t remember sending the email to the colleague. What is Barbara MOST likely the victim of?

a. Hijacked email
b. Phishing
c. Ransomware
d. Spear phishing

A

a

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which of the following describes the overall accuracy of a biometric authentication system?

a. False positive rate
b. Crossover error rate
c. False acceptance rate
d. False rejection rate

A

b

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A cybersecurity analyst is reviewing the logs of a proxy server and saw the following URLs:

https://test.diontraining.com/profile.php?userid=1546
https://test.diontraining.com/profile.php?userid=5482
https://test.diontraining.com/profile.php?userid=3618
————
END LOG

What type of vulnerability does this website have?

a. Improper error handling
b. Insecure direct object reference
c. Weak or default configurations
d. Race condition

A

b

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Your organization is updating its Acceptable User Policy (AUP) to implement a new password standard that requires a guest’s wireless devices to be sponsored before receiving authentication. Which of the following should be added to the AUP to support this new requirement?

a. All guests must provide valid identification when registering their wireless devices for use on the network
b. Network authentication of all guests users should occur using the 802.1x protocol as authenticated by a RADIUS server
c. Open authentication standards should be implemented on all wireless infrastructure
d. Sponsored guest passwords must be at least 14 alphanumeric characters containing a mixture of uppercase, lowercase, and special characters

A

c

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Aymen is creating a procedure for the remediation of vulnerabilities discovered within his organization. He wants to ensure that any vendor patches are tested prior to deploying them into the production environment. What type of environment should his organization establish?

a. Staging
b. Honeypot
c. Honeynet
d. Development

A

d

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A cybersecurity analyst is working at a college that wants to increase the security of its network by implementing vulnerability scans of centrally managed workstations, student laptops, and faculty laptops. Any proposed solution must be able to scale up and down as new students and faculty use the network. Additionally, the analyst wants to minimize the number of false positives to ensure accuracy in their results. The chosen solution must also be centrally-managed through an enterprise console. Which of the following scanning topologies would be BEST able to meet these requirements?

a. Combination of cloud-based and server-based scanning engines
b. Combination of server-based and agent-based scanning engines
c. Active scanning engine installed on the enterprise console
d. Passive scanning engine located at the core of the network infrastructure

A

a

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

While performing a vulnerability scan, Christina discovered an administrative interface to a storage system is exposed to the internet. She looks through the firewall logs and attempts to determine whether any access attempts have occurred from external sources. Which of the following IP addresses in the firewall logs would indicate a connection attempt from an external source?

a. 192.168.1.100
b. 10.15.1.100
c. 192.186.1.100
c. 172.16.1.100

A

b

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

A user has reported that their workstation is running very slowly. A technician begins to investigate the issue and notices a lot of unknown processes running in the background. The technician determines that the user has recently downloaded a new application from the internet and may have become infected with malware. Which of the following types of infections does the workstation MOST likely have?

a. Ransomware
b. Keylogger
c. Rootkit
d. Trojan

A

d

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Which authentication mechanism does 802.1x usually rely upon?

a. EAP
b. RSA
c. HOTP
d. TOTP

A

b

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

You are working as a network administrator for Dion Training. The company has decided to allow employees to connect their devices to the corporate wireless network under a new BYOD policy. You have been asked to separate the corporate network into an administrative network (for corporate-owned devices) and an untrusted network (for employee-owned devices). Which of the following technologies should you implement to achieve this goal?

a. VLAN
b. YPN
c. MAC filtering
d. WPA2

A

a

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Which of the following access control methods utilizes a set of organizational roles in which users are assigned to gain permissions and access rights?

a. MAC
b. DAC
c. RBAC
d. ABAC

A

c

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Which of the following cryptographic algorithms is classified as asymmetric?

a. RC4
b. ECC
c. Twofish
d. DES

A

d

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Christina is auditing the security procedures related to the use of a cloud-based online payment service. She notices that the access permissions are set so that a single person can not add funds to the account and transfer funds out of the account. What security principle is most closely related to this scenario?

a. Least privilege
b. Separation of duties
c. Dual control authentication
d. Security through obscurity

A

b

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

When you are managing a risk, what is considered an acceptable option?

a. Mitigate it
b. Deny it
c. Reject it
d. Initiate it.

A

a

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Your organization is updating its incident response communications plan. A business analyst in the working group recommends that if the company discovers they are the victims of a data breach, they should only notify the affected parties in order to minimize media attention and bad publicity. Which of the following recommendations do you provide in response to the business analyst’s statement?

a. The first responder should contact law enforcement upon confirmation of a security incident in order for a forensic team to preserve the chain of custody
b. An externally hosted website should be prepared in advance to ensure that when an incident occurs, victims have timely access to notifications from a non-compromised resource
c. A Human resources department should have information security personnel who are involved in the investigation of the incident sign non-disclosure agreements so the company cannot be held liable for customer data that is viewed during an investigation
d. Guidance from laws and regulations should be considered when deciding who must be notified in order to avoid fines and judgments from non-compliance

A

a

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

What containment techniques is the strongest possible response to an incident?

a. Isolating the attacker
b. Segmentation
c. Isolating affected systems
d. Enumeration

A

c

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

David noticed that port 3389 was open on one of the POS terminals in a store during a scheduled PCI compliance scan. Based on the scan results, what service should he expect to find enabled on this terminal?

a. MySQL
b. RDP
c. IMAP
d. LDAP

A

b

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

A company’s NetFlow collection system can handle up to 2 Gbps. Due to excessive load, this has begun to approach full utilization at various times of the day. If the security team does not have additional money in their budget to purchase a more capable collector, which of the following options could they use to collect useful data?

a. Enable full packet capture
b. Enable sampling of data
c. Enable QoS
d. Enable NetFlow compression

A

c

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

You are applying for a job at a cybersecurity firm. The application requests you enter your social security number, your date of birth, and your email address in order to conduct a background check as part of the hiring process. Which of the following types of information has you been asked to provide?

a. IP
b. CUI
c. PII
d. PHI

A

c

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Which of the following elements is LEAST likely to be included in an organization’s data retention policy?

a. Description of information that needs to be retained
b. Classification of information
c. Minimum retention period
d. Maximum retention period

A

a

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Which analysis framework provides the most explicit detail regarding how to mitigate or detect a given threat?

a. MITRE ATT&CK framework
b. Diamond Model of Intrusion Analysis
c. Lockheed Martin cyber kill chain
d. OpenIOC

A

c

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Which of the following cryptographic algorithms is classified as symmetric?

a. ECC
b. Blowfish
c. PGP
d. RSA

A

c

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

A cybersecurity analyst has received an alert that well-known call home messages are continuously observed by sensors at their network boundary, but the organization’s proxy firewall is properly configured to successfully drop the messages prior to them leaving the network. Which of the following is MOST likely the cause of the call home messages being sent?

a. An infected workstation is attempting to reach a command and control server
b. An attacker is performing reconnaissance the organization’s workstation
c. A malicious insider is trying to exfiltrate information to a remote network
d. Malware is running on a company workstation or server.

A

c

34
Q

Which of the following authentication protocols was developed by Cisco to provide authentication, authorization, and accounting services?

a. CHAP
b. RADIUS
c. TACACS+
d. Kerberos

A

c

35
Q

A software assurance laboratory is performing a dynamic assessment on an application by automatically generating random data sets and inputting them in an attempt to cause an error or failure condition. Which of the following is the laboratory performing?

a. User acceptance testing
b. Fuzzing
c. Stress testing
d. Security regression testing

A

b

36
Q

Which of the following policies should contain the requirements for removing a user’s access when an employee is terminated?

a. Data ownership policy
b. Data retention policy
c. Data classification policy
d. Account management policy

A

d

37
Q

An analyst is reviewing the logs from the network and notices that there have been multiple attempts from the open wireless network to access the networked HVAC control system. The open wireless network must remain openly available so that visitors are able to access the internet. How can this type of attack be prevented from occurring in the future?

a. Enable NAC on the open wireless network
b. Install an IDS to protect the HAVC system
c. Implement a VLAN to separate the HVAC control system from the open wireless network
d. Enable WPA2 security on the open wireless network

A

c

38
Q

Your company has decided to move all of its data into the cloud. Your company is small and has decided to purchase some on-demand cloud storage resources from a commercial provider (such as Google Drive) as its primary cloud storage solution. Which of the following types of clouds is your company using?

a. Community
b. Public
c. Private
d. Hybrid

A

a

39
Q

When conducting forensic analysis of a hard drive, what tool would BEST prevent changing the contents of the hard drive during your analysis?

a. Hardware write blocker
b. Forensic drive duplicator
c. Degausser
d. Software write blocker

A

a

40
Q

Which of the following proprietary tools is used to create forensic disk images without making changes to the original evidence?

a. Autopsy
b. Memdump
c. dd
d. FTK Imager

A

d

41
Q

Which of the following vulnerability scans would provide the best results if you want to determine if the target’s configuration settings are correct?

a. Credentialed scan
b. Internal scan
c. External scan
d. Non-credentialed scan

A

a

42
Q

ou have just finished running a vulnerability scan of the network and are reviewing the results. The first result in the report shows the following vulnerability:

Linux: ~ diontraining$ cat results.text

Vulnerability scanning results…

IP: 192.168.2.51
Service: MySQL
version: 3.1.7
Details: Versions 3.0 - 3.2 may be vulnerable to remote code execution.

Recommendation: Update teh MySQL server to version 3.3.x or above

You log into the MySQL server and verify that you are currently running version 3.5.3. Based on the item shown on the image, what best describes how you should categorize this finding?

a. True negative
b. True positive
c. False positive
d. False negative

A

d

43
Q

Your company wants to provide a secure SSO solution for accessing both the corporate wireless network and its network resources. Which of the following technologies should be used?

a. WPS
b. WEP
c. RADIUS
d. WPA2

A

d

44
Q

Jennifer decided that the licensing cost for a piece of video editing software was too expensive. Instead, she decided to download a keygen program to generate her own license key and install a pirated version of the editing software. After she runs the keygen, a license key is created, but her system performance becomes very sluggish, and her antimalware suite begins to display numerous alerts. Which type of malware might her computer be infected with?

a. Logic bomb
b. Worm
c. Adware
d. Trojan

A

d

45
Q

You are trying to select the best device to install in order to proactively stop outside attackers from reaching into your internal network. Which of the following devices would be the BEST for you to select?

a. IPS
b. IDS
c. Proxy server
d. Syslog server

A

a

46
Q

During a penetration test, you find a hash value that is related to malware associated with an APT. What best describes what you have found?

a. Botnet
b. SQL injection
c. Indicator of compromise
d. XSRF

A

c

47
Q

Which of the following cryptographic algorithms is classified as asymmetric?

a. Blowfish
b. RC4
c. Diffie-Hellman
d. AES

A

d

48
Q

What should be done NEXT if the final set of security controls does not eliminate all of the risks in a given system?

a. You should accept the risk if the residual risk is low enough
b. You should continue to apply additional controls until there is zero risk
c. You should ignore any remaining risk
d. You should remove the current controls since there are not completely effective

A

a

49
Q

What is the term for the amount of risk that an organization is willing to accept or tolerate?

a. Risk appetite
b. Risk deterrence
c. Risk transference
d. Risk avoidance

A

a

50
Q

Which of the following terms is used to describe the period of time following a disaster that an individual IT system may remain offline?

a, RTO
b. RPO
c. MTBF
d. MTTR

A

a

51
Q

You are configuring the ACL for the network perimeter firewall. You have just finished adding all the proper allow and deny rules. What should you place at the end of your ACL rules?

a. A SNMP deny string
b. An implicit allow statement
c. A time of day restriction
d. An implicit deny statement

A

d

52
Q

(Sample Simulation – On the real exam for this type of question, you would be required to drag and drop the authentication factor into the spot for the correct category.)

  1. Something you know
  2. Something you have
  3. Something you are
  4. Something you do
  5. Somewhere you are

PIN, GPS Coordinates, Fingerprint, Signature, Smart Card

How would you appropriately categorize the authentication method being displayed here?

a. PIN, Smart Card, Fingerprint, Signature, GPS Coordinates
b. Smart card, Signature, GPS Coordinates, PIN, Fingerprint
c. Fingerprint, PIN, GPS Coordinates, Smart Card, Signature
d. PIN, Signature, Fingerprint, Smart Card, GPS Coordinates

A

a

53
Q

An electronics store was recently the victim of a robbery where an employee was injured and some property was stolen. The store’s IT department hired an external supplier to expand the store’s network to include a physical access control system. The system has video surveillance, intruder alarms, and remotely monitored locks using an appliance-based system. Which of the following procedures should be followed to avoid long-term cybersecurity risks that might occur based on these actions?

a. These devices should be isolated from the rest of the enterprise network
b. These devices are insecure and should be isolated from the internet
c. There are no new risks due to the install and the company has a stronger physical security posture
d. These devices should be scanned for viruses before installation

A

a

54
Q

You are working as a security administrator and need to respond to an ongoing spearphishing campaign against your organization. Which of the following should be used as a checklist of actions to perform in order to detect and respond to this particular incident?

a. DRP
b. Playbook
c. Incident response plan
d. Runbook

A

c

55
Q

You are conducting a review of a VPN device’s logs and found the following URL being accessed:

https://sslvpn.dana-na/../diontraining/html5acc/teach/../../../../../../etc/passwd? /diontraining/html5cc/teach

Based upon this log entry alone, which of the following most likely occurred?

a. The /etc/passwd file was downloaded using a directory traversal attack
b. An SQL injection attack caused the VPN server to return the password file
c. A XML injection attack caused the VPN server to return the password file
d. The /etc/passwd file was downloaded using a directory traversal attack if input validation of the URL was not conducted.

A

d

56
Q

Windows file servers commonly hold sensitive files, databases, passwords, and more. What common vulnerability is usually used against a Windows file server to expose sensitive files, databases, and passwords?

a. CRLF injection
b. Missing patches
c. SQL injection
d. Cross-site scripting

A

b

57
Q

When you purchase an exam voucher at diontraining.com, the system only collects your name, email, and credit card information. Which of the following privacy methods is being used by Dion Training?

a. Data minimization
b. Anonymization
c. Data masking
d. Tokenization

A

a

58
Q

(Sample Simulation – On the real exam for this type of question, you would have access to the log files to determine which server on a network might have been affected, and then choose the appropriate actions.)

A cybersecurity analyst has determined that an attack has occurred against your company’s network. Fortunately, your company uses a good system of logging with a centralized syslog server, so all the logs are available, were collected, and have been stored properly. According to the cybersecurity analyst, the logs indicate that the database server was the only company server on the network that appears to have been attacked. The network is a critical production network for your organization. Therefore, you have been asked to choose the LEAST disruptive actions on the network while performing the appropriate incident response actions. Which actions do you recommend to as part of the response efforts?

a. Conduct a system restore of the data server, image the hard drive, and maintain the chain of custody
b. Capture network traffic using a sniffer, schedule a period of downtime to image and remediate the affected server, and maintain the chain of custody
c. Isolate the affected server from the network immediately, format the database server, reinstall from a known good backup.
d. Immediately remove the database server from the network. Create an image of its hard disk, and maintain the chain of custody

A

b

59
Q

You are attempting to prioritize your vulnerability scans based on the data’s criticality. This will be determined by the asset value of the data contained in each system. Which of the following would be the most appropriate metric to use in this prioritization?

a. Cost of hardware replacement of the system
b. Type of data processed by the system
c. Cost of acquisition of the system
d. Depreciated hardware cost of the system

A

b

60
Q

Which of the following actions should be done FIRST after forensically imaging a hard drive for evidence in an investigation?

a. Encrypt the image file to ensure it maintains data integrity
b. Create a hash digest of the source drive and the image file to ensure they match
c. Encrypt the source drive to ensure an attacker cannot modify its contents
d. Digitally sign the image file to provide non-repudiation of the collection

A

b

61
Q

You were conducting a forensic analysis of an iPad backup and discovered that only some of the information is contained within the backup file. Which of the following best explains why some of the data is missing?

a. The backup is differential backup
b. The backup is encrypted
c. The backup is stored in iCloud
d. The backup was interrupted.

A

a

62
Q

You are analyzing the SIEM for your company’s ecommerce server when you notice the following URL in the logs of your SIEM:

https://www.dionraining.com/add_to_cart.php?itemId=5”+perItemPrice=”0.00”+quantity=”100”+/><item+id=”5&quanitty=0

Based on this line, what type of attack do you expect has been attempted?

a. XML injection
b. Session hijacking
c. Buffer overflow
d. AQL injection

A

a

63
Q

Which type of threat actor can accidentally or inadvertently cause a security incident in your organization?

a. APT
b. Insider threat
c. Organized Crime
d. Hacktivist

A

b

64
Q

Dion Training has just suffered a website defacement of its public-facing webserver. The CEO believes this act of vandalism may have been done by the company’s biggest competitor. The decision has been made to contact law enforcement, so evidence can be collected properly for use in a potential court case. Laura is a digital forensics investigator assigned to collect the evidence. She creates a bit-by-bit disk image of the web server’s hard drive as part of her evidence collection. Which technology should Laura use after creating the disk image to verify the data integrity of the copy matches that of the original web server’s hard disk?

a. 3DES
b. SHA-256
c. AES
d RSA

A

c

65
Q

A cybersecurity analyst is working for a university that is conducting a big data medical research project. The analyst is concerned about the possibility of an inadvertent release of PHI data. Which of the following strategies should be used to prevent this?

a. Conduct tokenization of the PHI data before ingesting it into the big data application
b. Utilize a SaaS model to process the PHI data instead of an on-premise solution
c. Use DevSecOps to build the application that processes the PHI
d. Utilize formal methods of verification against the application processing the PHI

A

a

66
Q

A penetration tester has been hired to conduct an assessment, but the company wants to exclude social engineering from the list of authorized activities. Which of the following documents would include this limitation?

a. Acceptable use policy
b. Service level agreement
c. Rules of engagement
d. Memorandum of understanding

A

d

67
Q

The Pass Certs Fast corporation has recently been embarrassed by a number of high profile data breaches. The CIO proposes improving the cybersecurity posture of the company by migrating images of all the current servers and infrastructure into a cloud-based environment. What, if any, is the flaw in moving forward with this approach?

a. The company has already paid for the physical servers and will not fully realize their ROI on them due to the migration
b. This approach assumes that the cloud will provide better security than is currently done on-site
c. This approach only changes the location of the network and not the attack surface of it
d. This is a reasonable approach that will increase the security of the servers and infrastructure

A

c

68
Q

A corporate workstation was recently infected with malware. The malware was able to access the workstation’s credential store and steal all the usernames and passwords from the machine. Then, the malware began to infect other workstations on the network using the usernames and passwords it stole from the first workstation. The IT Director has directed its IT staff to come up with a plan to prevent this type of issue from occurring again in the future. Which of the following would BEST prevent this from reoccurring?

a. Install a Unified Threat Management system on the network to monitor for suspicious traffic
b. Install an anti-virus or anti-malware solution that uses heuristic analysis
c. Monitor all workstations for failed login attempts and forward them to a centralized SYSLOG server
d. Install a host-based intrusion detection system on all of the corporate workstations.

A

b

69
Q

You have been asked to determine if Dion Training’s webserver is vulnerable to a recently discovered attack on an older version of SSH. Which technique should you use to determine the current version of SSH running on their web server?

a. Banner grabbing
b. Passive scan
c. Protocol analysis
d. Vulnerability scan

A

a

70
Q

Which of the following describes the security method that is used when a user enters their username and password only once and is gained access to multiple applications?

a. Multifactor authentication
b. Inheritance
c. SSO
d. Permission propagation

A

c

71
Q

Jason has installed multiple virtual machines on a single physical server. He needs to ensure that the traffic is logically separated between each virtual machine. How can Jason best implement this requirement?

a. Install a virtual firewall and establish an access control list
b. Create a virtual router and disable the spanning tree protocol
c. Conduct system partitioning on the physical server to ensure the virtual disk images are on different partitions
d. Configure a virtual switch on the physical server and create VLANs

A

d

72
Q

A web developer wants to protect their new web application from a man-in-the-middle attack. Which of the following controls would best prevent an attacker from stealing tokens stored in cookies?

a. Forcing the use of TLS for the web application
b. Hashing the cookie value
c. Forcing the use of SSL for the web application
d. Setting the secure attribute on the cookie

A

d

73
Q

Which of the following is not considered an authentication factor?

a. Something you know
b. Something you are
c. Something you want
d. Something you have

A

c

74
Q

You have just completed identifying, analyzing, and containing an incident. You have verified that the company uses self-encrypting drives as part of its default configuration. As you begin the eradication and recovery phase, you must sanitize the data on the storage devices before restoring the data from known-good backups. Which of the following methods would be the most efficient to use to sanitize the affected hard drives?

a. Perform a cryptographic erase (CE) on the storage devices
b. Incinerate and replace the storage devices
c. Conduct zero-fill on the storage devices
d. Use a secure erase (SE) utility on the storage devices

A

a

75
Q

Which of the following types of data breaches would require that the US Department of Health and Human Services and the media be notified if more than 500 individuals are affected by a data breach?

a. Personally identifiable information
b. Credit card information
c. Trade secret information
d. Protected health information

A

d

76
Q

Dion Training is concerned with the possibility of a data breach causing a financial loss to the company. After performing a risk analysis, the COO decides to purchase data breach insurance to protect the company in the event of an incident. Which of the following best describes the company’s risk response?

a. Avoidance
b. Transference
c. Acceptance
d. Mitigation

A

b

77
Q

(Sample Simulation – On the real exam for this type of question, you might receive a list of attack vectors and targets. Based on these, you would select the type of attack that occurred.)

(1) An attacker has been collecting credit card details by calling victims and using false pretexts to trick them.
(2) An attacker sends out to 100,000 random email addresses. In the email the attacker sent, it claims that “Your Bank of America account is locked out. Please click here to reset your password.” What types of attacks have occurred in (1) and (2)?

a. (1) Hoax and (2) Spearphishing
b. (1) Spearphishing and (2) Pharming
c. (1) Pharming and (2) Phishing
d. (1) Vishing and (2) Phishing

A

d

78
Q

Recently, you discovered an unauthorized device during a search of your corporate network. The device provides nearby wireless hosts to access the corporate network’s resources. What type of attack is being utilized?

a. Bluejacking
b. Rogue access point
c. IV attack
d. Bluesnarfing

A

b

79
Q

Which of the following utilizes a well-written set of carefully developed and tested scripts to orchestrate runbooks and generate consistent server builds across an enterprise?

a. Software Defined Networking (SDN)
b. Infrastructure as Code (IaC)
c. Infrastructure as a Service (IaaS)
d. Software as a Service (SaaS)

A

b

80
Q

A new smartphone supports the ability for users to transfer a photograph by simply placing their phones near each other and “tapping” the two phones together. What type of technology does this most likely rely on?

a. RF
b. BT
c. IR
d. NFC

A

d