Practice Exam 02 Flashcards
Dion Training utilizes a wired network throughout the building to provide network connectivity. Jason is concerned that a visitor might be able to plug their laptop into a CAT 5e wall jack in the lobby and access the corporate network. What technology should be utilized to prevent the user from gaining access to network resources if they are able to plug their laptop into the network?
a. DMZ
b. VPN
c. NAC
d. UTM
c.
Dion Training wants to ensure that none of its computers can run a peer-to-peer file sharing program on its office computers. Which of the following practices should be implemented to achieve this?
a. MAC filtering
b. Application whitelisting
c. Enable NAC
d. Application blacklisting
d.
The digital certificate on the Dion Training web server is about to expire. Which of the following should Jason submit to the CA in order to renew the server’s certificate?
a. Key escrow
b. OCSP
c. CRL
d. CSR
d
You are working for a government contractor who requires all users to use a PIV device when sending digitally signed and encrypted emails. Which of the following physical security measures is being implemented?
a. Smart card
b. Biometric reader
c. Key fob
d. Cable lock
c
(Sample Simulation – On the real exam for this type of question, you would receive 3-5 pictures and be asked to drag and drop them into place next to the correct term.)
a picture of a key fob
How would you appropriately categorize the authentication method being displayed here? (Note: the hardware token is being by itself used for authentication.)
a. Biometric authentication
b. Multifactor authentication
c. One-time password authentication
d. PAP authentication
d
Which of the following type of threats did the Stuxnet attack rely on to cross an airgap between a business and an industrial control system network?
a. Session hijacking
b. Removable media
c. Cross-site scripting
d. Directory tranversal
c
What kind of attack is an example of IP spoofing?
a. Man-in-the-middle
b. SQL injections
c. Cross-site scripting
d. ARP poisoning
d
A cybersecurity analyst is conducting an incident response at a government agency when she discovers that attackers had exfiltrated PII. Which of the following types of breaches has occurred?
a. Financial breach
b. Privacy breach
c. Proprietary breach
d. integrity breach
b
(Sample Simulation – On the real exam for this type of question, you would have to rearrange the steps into the proper order by dragging and dropping them into place.) What is the correct order of the Incident Response process?
a. Preparation, Identification, Containment, Eradication, Recovery, and Lessons Learned
b. Identification, Containment, Eradication, Preparation, Recovery, and Lessons Learned
c. Containment, Eradication, Identification, Lessons learned, Preparation, and Recovery
d. Lessons Learned, Recovery, Preparation, Identification, Containment, and Eradication
a
Ryan needs to verify the installation of a critical Windows patch on his organization’s workstations. Which method would be the most efficient to validate the current patch status for all of the organization’s Windows 10 workstations?
a. Create an run a PowerShell script to search for the specific patch in question
b. Check the Update History manually
c. Use SCCM to validate patch status for each machine on the domain
d. Conducts a registry scan of each workstation to validate the patch was installed.
c
Barbara received a phone call from a colleague asking why she sent him an email with lewd and unusual content. Barbara doesn’t remember sending the email to the colleague. What is Barbara MOST likely the victim of?
a. Hijacked email
b. Phishing
c. Ransomware
d. Spear phishing
a
Which of the following describes the overall accuracy of a biometric authentication system?
a. False positive rate
b. Crossover error rate
c. False acceptance rate
d. False rejection rate
b
A cybersecurity analyst is reviewing the logs of a proxy server and saw the following URLs:
https://test.diontraining.com/profile.php?userid=1546
https://test.diontraining.com/profile.php?userid=5482
https://test.diontraining.com/profile.php?userid=3618
————
END LOG
What type of vulnerability does this website have?
a. Improper error handling
b. Insecure direct object reference
c. Weak or default configurations
d. Race condition
b
Your organization is updating its Acceptable User Policy (AUP) to implement a new password standard that requires a guest’s wireless devices to be sponsored before receiving authentication. Which of the following should be added to the AUP to support this new requirement?
a. All guests must provide valid identification when registering their wireless devices for use on the network
b. Network authentication of all guests users should occur using the 802.1x protocol as authenticated by a RADIUS server
c. Open authentication standards should be implemented on all wireless infrastructure
d. Sponsored guest passwords must be at least 14 alphanumeric characters containing a mixture of uppercase, lowercase, and special characters
c
Aymen is creating a procedure for the remediation of vulnerabilities discovered within his organization. He wants to ensure that any vendor patches are tested prior to deploying them into the production environment. What type of environment should his organization establish?
a. Staging
b. Honeypot
c. Honeynet
d. Development
d
A cybersecurity analyst is working at a college that wants to increase the security of its network by implementing vulnerability scans of centrally managed workstations, student laptops, and faculty laptops. Any proposed solution must be able to scale up and down as new students and faculty use the network. Additionally, the analyst wants to minimize the number of false positives to ensure accuracy in their results. The chosen solution must also be centrally-managed through an enterprise console. Which of the following scanning topologies would be BEST able to meet these requirements?
a. Combination of cloud-based and server-based scanning engines
b. Combination of server-based and agent-based scanning engines
c. Active scanning engine installed on the enterprise console
d. Passive scanning engine located at the core of the network infrastructure
a
While performing a vulnerability scan, Christina discovered an administrative interface to a storage system is exposed to the internet. She looks through the firewall logs and attempts to determine whether any access attempts have occurred from external sources. Which of the following IP addresses in the firewall logs would indicate a connection attempt from an external source?
a. 192.168.1.100
b. 10.15.1.100
c. 192.186.1.100
c. 172.16.1.100
b
A user has reported that their workstation is running very slowly. A technician begins to investigate the issue and notices a lot of unknown processes running in the background. The technician determines that the user has recently downloaded a new application from the internet and may have become infected with malware. Which of the following types of infections does the workstation MOST likely have?
a. Ransomware
b. Keylogger
c. Rootkit
d. Trojan
d
Which authentication mechanism does 802.1x usually rely upon?
a. EAP
b. RSA
c. HOTP
d. TOTP
b
You are working as a network administrator for Dion Training. The company has decided to allow employees to connect their devices to the corporate wireless network under a new BYOD policy. You have been asked to separate the corporate network into an administrative network (for corporate-owned devices) and an untrusted network (for employee-owned devices). Which of the following technologies should you implement to achieve this goal?
a. VLAN
b. YPN
c. MAC filtering
d. WPA2
a
Which of the following access control methods utilizes a set of organizational roles in which users are assigned to gain permissions and access rights?
a. MAC
b. DAC
c. RBAC
d. ABAC
c
Which of the following cryptographic algorithms is classified as asymmetric?
a. RC4
b. ECC
c. Twofish
d. DES
d
Christina is auditing the security procedures related to the use of a cloud-based online payment service. She notices that the access permissions are set so that a single person can not add funds to the account and transfer funds out of the account. What security principle is most closely related to this scenario?
a. Least privilege
b. Separation of duties
c. Dual control authentication
d. Security through obscurity
b
When you are managing a risk, what is considered an acceptable option?
a. Mitigate it
b. Deny it
c. Reject it
d. Initiate it.
a
Your organization is updating its incident response communications plan. A business analyst in the working group recommends that if the company discovers they are the victims of a data breach, they should only notify the affected parties in order to minimize media attention and bad publicity. Which of the following recommendations do you provide in response to the business analyst’s statement?
a. The first responder should contact law enforcement upon confirmation of a security incident in order for a forensic team to preserve the chain of custody
b. An externally hosted website should be prepared in advance to ensure that when an incident occurs, victims have timely access to notifications from a non-compromised resource
c. A Human resources department should have information security personnel who are involved in the investigation of the incident sign non-disclosure agreements so the company cannot be held liable for customer data that is viewed during an investigation
d. Guidance from laws and regulations should be considered when deciding who must be notified in order to avoid fines and judgments from non-compliance
a
What containment techniques is the strongest possible response to an incident?
a. Isolating the attacker
b. Segmentation
c. Isolating affected systems
d. Enumeration
c
David noticed that port 3389 was open on one of the POS terminals in a store during a scheduled PCI compliance scan. Based on the scan results, what service should he expect to find enabled on this terminal?
a. MySQL
b. RDP
c. IMAP
d. LDAP
b
A company’s NetFlow collection system can handle up to 2 Gbps. Due to excessive load, this has begun to approach full utilization at various times of the day. If the security team does not have additional money in their budget to purchase a more capable collector, which of the following options could they use to collect useful data?
a. Enable full packet capture
b. Enable sampling of data
c. Enable QoS
d. Enable NetFlow compression
c
You are applying for a job at a cybersecurity firm. The application requests you enter your social security number, your date of birth, and your email address in order to conduct a background check as part of the hiring process. Which of the following types of information has you been asked to provide?
a. IP
b. CUI
c. PII
d. PHI
c
Which of the following elements is LEAST likely to be included in an organization’s data retention policy?
a. Description of information that needs to be retained
b. Classification of information
c. Minimum retention period
d. Maximum retention period
a
Which analysis framework provides the most explicit detail regarding how to mitigate or detect a given threat?
a. MITRE ATT&CK framework
b. Diamond Model of Intrusion Analysis
c. Lockheed Martin cyber kill chain
d. OpenIOC
c
Which of the following cryptographic algorithms is classified as symmetric?
a. ECC
b. Blowfish
c. PGP
d. RSA
c