Practice Exam 02 Flashcards

Question 1

Q

Dion Training utilizes a wired network throughout the building to provide network connectivity. Jason is concerned that a visitor might be able to plug their laptop into a CAT 5e wall jack in the lobby and access the corporate network. What technology should be utilized to prevent the user from gaining access to network resources if they are able to plug their laptop into the network?

a. DMZ
b. VPN
c. NAC
d. UTM

Question 2

Q

Dion Training wants to ensure that none of its computers can run a peer-to-peer file sharing program on its office computers. Which of the following practices should be implemented to achieve this?

a. MAC filtering
b. Application whitelisting
c. Enable NAC
d. Application blacklisting

Question 3

Q

The digital certificate on the Dion Training web server is about to expire. Which of the following should Jason submit to the CA in order to renew the server’s certificate?

a. Key escrow
b. OCSP
c. CRL
d. CSR

Question 4

Q

You are working for a government contractor who requires all users to use a PIV device when sending digitally signed and encrypted emails. Which of the following physical security measures is being implemented?

a. Smart card
b. Biometric reader
c. Key fob
d. Cable lock

Question 5

Q

(Sample Simulation – On the real exam for this type of question, you would receive 3-5 pictures and be asked to drag and drop them into place next to the correct term.)

a picture of a key fob

How would you appropriately categorize the authentication method being displayed here? (Note: the hardware token is being by itself used for authentication.)

a. Biometric authentication
b. Multifactor authentication
c. One-time password authentication
d. PAP authentication

Question 6

Q

Which of the following type of threats did the Stuxnet attack rely on to cross an airgap between a business and an industrial control system network?

a. Session hijacking
b. Removable media
c. Cross-site scripting
d. Directory tranversal

Question 7

Q

What kind of attack is an example of IP spoofing?

a. Man-in-the-middle
b. SQL injections
c. Cross-site scripting
d. ARP poisoning

Question 8

Q

A cybersecurity analyst is conducting an incident response at a government agency when she discovers that attackers had exfiltrated PII. Which of the following types of breaches has occurred?

a. Financial breach
b. Privacy breach
c. Proprietary breach
d. integrity breach

Question 9

Q

(Sample Simulation – On the real exam for this type of question, you would have to rearrange the steps into the proper order by dragging and dropping them into place.) What is the correct order of the Incident Response process?

a. Preparation, Identification, Containment, Eradication, Recovery, and Lessons Learned
b. Identification, Containment, Eradication, Preparation, Recovery, and Lessons Learned
c. Containment, Eradication, Identification, Lessons learned, Preparation, and Recovery
d. Lessons Learned, Recovery, Preparation, Identification, Containment, and Eradication

Question 10

Q

Ryan needs to verify the installation of a critical Windows patch on his organization’s workstations. Which method would be the most efficient to validate the current patch status for all of the organization’s Windows 10 workstations?

a. Create an run a PowerShell script to search for the specific patch in question
b. Check the Update History manually
c. Use SCCM to validate patch status for each machine on the domain
d. Conducts a registry scan of each workstation to validate the patch was installed.

Question 11

Q

Barbara received a phone call from a colleague asking why she sent him an email with lewd and unusual content. Barbara doesn’t remember sending the email to the colleague. What is Barbara MOST likely the victim of?

a. Hijacked email
b. Phishing
c. Ransomware
d. Spear phishing

Question 12

Q

Which of the following describes the overall accuracy of a biometric authentication system?

a. False positive rate
b. Crossover error rate
c. False acceptance rate
d. False rejection rate

Question 13

Q

A cybersecurity analyst is reviewing the logs of a proxy server and saw the following URLs:

https://test.diontraining.com/profile.php?userid=1546
https://test.diontraining.com/profile.php?userid=5482
https://test.diontraining.com/profile.php?userid=3618
————
END LOG

What type of vulnerability does this website have?

a. Improper error handling
b. Insecure direct object reference
c. Weak or default configurations
d. Race condition

Question 14

Q

Your organization is updating its Acceptable User Policy (AUP) to implement a new password standard that requires a guest’s wireless devices to be sponsored before receiving authentication. Which of the following should be added to the AUP to support this new requirement?

a. All guests must provide valid identification when registering their wireless devices for use on the network
b. Network authentication of all guests users should occur using the 802.1x protocol as authenticated by a RADIUS server
c. Open authentication standards should be implemented on all wireless infrastructure
d. Sponsored guest passwords must be at least 14 alphanumeric characters containing a mixture of uppercase, lowercase, and special characters

Question 15

Q

Aymen is creating a procedure for the remediation of vulnerabilities discovered within his organization. He wants to ensure that any vendor patches are tested prior to deploying them into the production environment. What type of environment should his organization establish?

a. Staging
b. Honeypot
c. Honeynet
d. Development

Question 16

Q

A cybersecurity analyst is working at a college that wants to increase the security of its network by implementing vulnerability scans of centrally managed workstations, student laptops, and faculty laptops. Any proposed solution must be able to scale up and down as new students and faculty use the network. Additionally, the analyst wants to minimize the number of false positives to ensure accuracy in their results. The chosen solution must also be centrally-managed through an enterprise console. Which of the following scanning topologies would be BEST able to meet these requirements?

a. Combination of cloud-based and server-based scanning engines
b. Combination of server-based and agent-based scanning engines
c. Active scanning engine installed on the enterprise console
d. Passive scanning engine located at the core of the network infrastructure

Question 17

Q

While performing a vulnerability scan, Christina discovered an administrative interface to a storage system is exposed to the internet. She looks through the firewall logs and attempts to determine whether any access attempts have occurred from external sources. Which of the following IP addresses in the firewall logs would indicate a connection attempt from an external source?

a. 192.168.1.100
b. 10.15.1.100
c. 192.186.1.100
c. 172.16.1.100

Question 18

Q

A user has reported that their workstation is running very slowly. A technician begins to investigate the issue and notices a lot of unknown processes running in the background. The technician determines that the user has recently downloaded a new application from the internet and may have become infected with malware. Which of the following types of infections does the workstation MOST likely have?

a. Ransomware
b. Keylogger
c. Rootkit
d. Trojan

Question 19

Q

Which authentication mechanism does 802.1x usually rely upon?

a. EAP
b. RSA
c. HOTP
d. TOTP

Question 20

Q

You are working as a network administrator for Dion Training. The company has decided to allow employees to connect their devices to the corporate wireless network under a new BYOD policy. You have been asked to separate the corporate network into an administrative network (for corporate-owned devices) and an untrusted network (for employee-owned devices). Which of the following technologies should you implement to achieve this goal?

a. VLAN
b. YPN
c. MAC filtering
d. WPA2

Question 21

Q

Which of the following access control methods utilizes a set of organizational roles in which users are assigned to gain permissions and access rights?

a. MAC
b. DAC
c. RBAC
d. ABAC

Question 22

Q

Which of the following cryptographic algorithms is classified as asymmetric?

a. RC4
b. ECC
c. Twofish
d. DES

Question 23

Q

Christina is auditing the security procedures related to the use of a cloud-based online payment service. She notices that the access permissions are set so that a single person can not add funds to the account and transfer funds out of the account. What security principle is most closely related to this scenario?

a. Least privilege
b. Separation of duties
c. Dual control authentication
d. Security through obscurity

Question 24

Q

When you are managing a risk, what is considered an acceptable option?

a. Mitigate it
b. Deny it
c. Reject it
d. Initiate it.

Question 25

Q

Your organization is updating its incident response communications plan. A business analyst in the working group recommends that if the company discovers they are the victims of a data breach, they should only notify the affected parties in order to minimize media attention and bad publicity. Which of the following recommendations do you provide in response to the business analyst’s statement?

a. The first responder should contact law enforcement upon confirmation of a security incident in order for a forensic team to preserve the chain of custody
b. An externally hosted website should be prepared in advance to ensure that when an incident occurs, victims have timely access to notifications from a non-compromised resource
c. A Human resources department should have information security personnel who are involved in the investigation of the incident sign non-disclosure agreements so the company cannot be held liable for customer data that is viewed during an investigation
d. Guidance from laws and regulations should be considered when deciding who must be notified in order to avoid fines and judgments from non-compliance

Question 26

Q

What containment techniques is the strongest possible response to an incident?

a. Isolating the attacker
b. Segmentation
c. Isolating affected systems
d. Enumeration

Question 27

Q

David noticed that port 3389 was open on one of the POS terminals in a store during a scheduled PCI compliance scan. Based on the scan results, what service should he expect to find enabled on this terminal?

a. MySQL
b. RDP
c. IMAP
d. LDAP

Question 28

Q

A company’s NetFlow collection system can handle up to 2 Gbps. Due to excessive load, this has begun to approach full utilization at various times of the day. If the security team does not have additional money in their budget to purchase a more capable collector, which of the following options could they use to collect useful data?

a. Enable full packet capture
b. Enable sampling of data
c. Enable QoS
d. Enable NetFlow compression

Question 29

Q

You are applying for a job at a cybersecurity firm. The application requests you enter your social security number, your date of birth, and your email address in order to conduct a background check as part of the hiring process. Which of the following types of information has you been asked to provide?

a. IP
b. CUI
c. PII
d. PHI

Question 30

Q

Which of the following elements is LEAST likely to be included in an organization’s data retention policy?

a. Description of information that needs to be retained
b. Classification of information
c. Minimum retention period
d. Maximum retention period

Question 31

Q

Which analysis framework provides the most explicit detail regarding how to mitigate or detect a given threat?

a. MITRE ATT&CK framework
b. Diamond Model of Intrusion Analysis
c. Lockheed Martin cyber kill chain
d. OpenIOC

Question 32

Q

Which of the following cryptographic algorithms is classified as symmetric?

a. ECC
b. Blowfish
c. PGP
d. RSA

Question 33

Q

A cybersecurity analyst has received an alert that well-known call home messages are continuously observed by sensors at their network boundary, but the organization’s proxy firewall is properly configured to successfully drop the messages prior to them leaving the network. Which of the following is MOST likely the cause of the call home messages being sent?

a. An infected workstation is attempting to reach a command and control server
b. An attacker is performing reconnaissance the organization’s workstation
c. A malicious insider is trying to exfiltrate information to a remote network
d. Malware is running on a company workstation or server.

Question 34

Q

Which of the following authentication protocols was developed by Cisco to provide authentication, authorization, and accounting services?

a. CHAP
b. RADIUS
c. TACACS+
d. Kerberos

Question 35

Q

A software assurance laboratory is performing a dynamic assessment on an application by automatically generating random data sets and inputting them in an attempt to cause an error or failure condition. Which of the following is the laboratory performing?

a. User acceptance testing
b. Fuzzing
c. Stress testing
d. Security regression testing

Question 36

Q

Which of the following policies should contain the requirements for removing a user’s access when an employee is terminated?

a. Data ownership policy
b. Data retention policy
c. Data classification policy
d. Account management policy

Question 37

Q

An analyst is reviewing the logs from the network and notices that there have been multiple attempts from the open wireless network to access the networked HVAC control system. The open wireless network must remain openly available so that visitors are able to access the internet. How can this type of attack be prevented from occurring in the future?

a. Enable NAC on the open wireless network
b. Install an IDS to protect the HAVC system
c. Implement a VLAN to separate the HVAC control system from the open wireless network
d. Enable WPA2 security on the open wireless network

Question 38

Q

Your company has decided to move all of its data into the cloud. Your company is small and has decided to purchase some on-demand cloud storage resources from a commercial provider (such as Google Drive) as its primary cloud storage solution. Which of the following types of clouds is your company using?

a. Community
b. Public
c. Private
d. Hybrid

Question 39

Q

When conducting forensic analysis of a hard drive, what tool would BEST prevent changing the contents of the hard drive during your analysis?

a. Hardware write blocker
b. Forensic drive duplicator
c. Degausser
d. Software write blocker

Question 40

Q

Which of the following proprietary tools is used to create forensic disk images without making changes to the original evidence?

a. Autopsy
b. Memdump
c. dd
d. FTK Imager

Question 41

Q

Which of the following vulnerability scans would provide the best results if you want to determine if the target’s configuration settings are correct?

a. Credentialed scan
b. Internal scan
c. External scan
d. Non-credentialed scan

Question 42

Q

ou have just finished running a vulnerability scan of the network and are reviewing the results. The first result in the report shows the following vulnerability:

Linux: ~ diontraining$ cat results.text

Vulnerability scanning results…

IP: 192.168.2.51
Service: MySQL
version: 3.1.7
Details: Versions 3.0 - 3.2 may be vulnerable to remote code execution.

Recommendation: Update teh MySQL server to version 3.3.x or above

You log into the MySQL server and verify that you are currently running version 3.5.3. Based on the item shown on the image, what best describes how you should categorize this finding?

a. True negative
b. True positive
c. False positive
d. False negative

Question 43

Q

Your company wants to provide a secure SSO solution for accessing both the corporate wireless network and its network resources. Which of the following technologies should be used?

a. WPS
b. WEP
c. RADIUS
d. WPA2

Question 44

Q

Jennifer decided that the licensing cost for a piece of video editing software was too expensive. Instead, she decided to download a keygen program to generate her own license key and install a pirated version of the editing software. After she runs the keygen, a license key is created, but her system performance becomes very sluggish, and her antimalware suite begins to display numerous alerts. Which type of malware might her computer be infected with?

a. Logic bomb
b. Worm
c. Adware
d. Trojan

Question 45

Q

You are trying to select the best device to install in order to proactively stop outside attackers from reaching into your internal network. Which of the following devices would be the BEST for you to select?

a. IPS
b. IDS
c. Proxy server
d. Syslog server

Question 46

Q

During a penetration test, you find a hash value that is related to malware associated with an APT. What best describes what you have found?

a. Botnet
b. SQL injection
c. Indicator of compromise
d. XSRF

Question 47

Q

Which of the following cryptographic algorithms is classified as asymmetric?

a. Blowfish
b. RC4
c. Diffie-Hellman
d. AES

Question 48

Q

What should be done NEXT if the final set of security controls does not eliminate all of the risks in a given system?

a. You should accept the risk if the residual risk is low enough
b. You should continue to apply additional controls until there is zero risk
c. You should ignore any remaining risk
d. You should remove the current controls since there are not completely effective

Question 49

Q

What is the term for the amount of risk that an organization is willing to accept or tolerate?

a. Risk appetite
b. Risk deterrence
c. Risk transference
d. Risk avoidance

Question 50

Q

Which of the following terms is used to describe the period of time following a disaster that an individual IT system may remain offline?

a, RTO
b. RPO
c. MTBF
d. MTTR

Question 51

Q

You are configuring the ACL for the network perimeter firewall. You have just finished adding all the proper allow and deny rules. What should you place at the end of your ACL rules?

a. A SNMP deny string
b. An implicit allow statement
c. A time of day restriction
d. An implicit deny statement

Question 52

Q

(Sample Simulation – On the real exam for this type of question, you would be required to drag and drop the authentication factor into the spot for the correct category.)

Something you know
Something you have
Something you are
Something you do
Somewhere you are

PIN, GPS Coordinates, Fingerprint, Signature, Smart Card

How would you appropriately categorize the authentication method being displayed here?

a. PIN, Smart Card, Fingerprint, Signature, GPS Coordinates
b. Smart card, Signature, GPS Coordinates, PIN, Fingerprint
c. Fingerprint, PIN, GPS Coordinates, Smart Card, Signature
d. PIN, Signature, Fingerprint, Smart Card, GPS Coordinates

Question 53

Q

An electronics store was recently the victim of a robbery where an employee was injured and some property was stolen. The store’s IT department hired an external supplier to expand the store’s network to include a physical access control system. The system has video surveillance, intruder alarms, and remotely monitored locks using an appliance-based system. Which of the following procedures should be followed to avoid long-term cybersecurity risks that might occur based on these actions?

a. These devices should be isolated from the rest of the enterprise network
b. These devices are insecure and should be isolated from the internet
c. There are no new risks due to the install and the company has a stronger physical security posture
d. These devices should be scanned for viruses before installation

Question 54

Q

You are working as a security administrator and need to respond to an ongoing spearphishing campaign against your organization. Which of the following should be used as a checklist of actions to perform in order to detect and respond to this particular incident?

a. DRP
b. Playbook
c. Incident response plan
d. Runbook

Question 55

Q

You are conducting a review of a VPN device’s logs and found the following URL being accessed:

https://sslvpn.dana-na/../diontraining/html5acc/teach/../../../../../../etc/passwd? /diontraining/html5cc/teach

Based upon this log entry alone, which of the following most likely occurred?

a. The /etc/passwd file was downloaded using a directory traversal attack
b. An SQL injection attack caused the VPN server to return the password file
c. A XML injection attack caused the VPN server to return the password file
d. The /etc/passwd file was downloaded using a directory traversal attack if input validation of the URL was not conducted.

Question 56

Q

Windows file servers commonly hold sensitive files, databases, passwords, and more. What common vulnerability is usually used against a Windows file server to expose sensitive files, databases, and passwords?

a. CRLF injection
b. Missing patches
c. SQL injection
d. Cross-site scripting

Question 57

Q

When you purchase an exam voucher at diontraining.com, the system only collects your name, email, and credit card information. Which of the following privacy methods is being used by Dion Training?

a. Data minimization
b. Anonymization
c. Data masking
d. Tokenization

Question 58

Q

(Sample Simulation – On the real exam for this type of question, you would have access to the log files to determine which server on a network might have been affected, and then choose the appropriate actions.)

A cybersecurity analyst has determined that an attack has occurred against your company’s network. Fortunately, your company uses a good system of logging with a centralized syslog server, so all the logs are available, were collected, and have been stored properly. According to the cybersecurity analyst, the logs indicate that the database server was the only company server on the network that appears to have been attacked. The network is a critical production network for your organization. Therefore, you have been asked to choose the LEAST disruptive actions on the network while performing the appropriate incident response actions. Which actions do you recommend to as part of the response efforts?

a. Conduct a system restore of the data server, image the hard drive, and maintain the chain of custody
b. Capture network traffic using a sniffer, schedule a period of downtime to image and remediate the affected server, and maintain the chain of custody
c. Isolate the affected server from the network immediately, format the database server, reinstall from a known good backup.
d. Immediately remove the database server from the network. Create an image of its hard disk, and maintain the chain of custody

Question 59

Q

You are attempting to prioritize your vulnerability scans based on the data’s criticality. This will be determined by the asset value of the data contained in each system. Which of the following would be the most appropriate metric to use in this prioritization?

a. Cost of hardware replacement of the system
b. Type of data processed by the system
c. Cost of acquisition of the system
d. Depreciated hardware cost of the system

Question 60

Q

Which of the following actions should be done FIRST after forensically imaging a hard drive for evidence in an investigation?

a. Encrypt the image file to ensure it maintains data integrity
b. Create a hash digest of the source drive and the image file to ensure they match
c. Encrypt the source drive to ensure an attacker cannot modify its contents
d. Digitally sign the image file to provide non-repudiation of the collection

Question 61

Q

You were conducting a forensic analysis of an iPad backup and discovered that only some of the information is contained within the backup file. Which of the following best explains why some of the data is missing?

a. The backup is differential backup
b. The backup is encrypted
c. The backup is stored in iCloud
d. The backup was interrupted.

Question 62

Q

You are analyzing the SIEM for your company’s ecommerce server when you notice the following URL in the logs of your SIEM:

https://www.dionraining.com/add_to_cart.php?itemId=5”+perItemPrice=”0.00”+quantity=”100”+/><item+id=”5&quanitty=0

Based on this line, what type of attack do you expect has been attempted?

a. XML injection
b. Session hijacking
c. Buffer overflow
d. AQL injection

Question 63

Q

Which type of threat actor can accidentally or inadvertently cause a security incident in your organization?

a. APT
b. Insider threat
c. Organized Crime
d. Hacktivist

Question 64

Q

Dion Training has just suffered a website defacement of its public-facing webserver. The CEO believes this act of vandalism may have been done by the company’s biggest competitor. The decision has been made to contact law enforcement, so evidence can be collected properly for use in a potential court case. Laura is a digital forensics investigator assigned to collect the evidence. She creates a bit-by-bit disk image of the web server’s hard drive as part of her evidence collection. Which technology should Laura use after creating the disk image to verify the data integrity of the copy matches that of the original web server’s hard disk?

a. 3DES
b. SHA-256
c. AES
d RSA

Brainscape's Knowledge GenomeTM

Practice Exam 02 Flashcards

Brainscape's Knowledge Genome^TM