Practice Exam 2

Question 1

Which of the following statements about highly structured threats is not true?

Question 2

Which of the following statements is false regarding BYOD?

Question 3

Your organization utilizes two different people to perform tasks that are both necessary for the entry into your building. Person 1 checks IDs, enters data in a log, and can issue a visitor badge. Visitor 2 controls the door access, so a failure by either person does not expose your organization. Which of the following is this an example of?

Answer 3

Two-person integrity/control

Question 4

Which of the following mitigation techniques are the most effective in preventing and minimizing the impact of ransomware data encryption incidents?
Select two.
-Do periodic updates of user training and awareness materials
-Identify network hosts that are not compliant with security baselines
-Do a periodic review of layer 4 network perimeter firewall rules
-Store frequent backups offline

Answer 4

-

Question 5

What is the term used to describe the characteristic of a software system to process higher workloads on its current resources or on additional resources without interuption?

Question 6

Continuous monitoring is the term used to describe which of the following?

Question 7

A recent security audit had a finding of your VPN allowing split tunneling. The auditors preferred to require full tunneling on the VPN. What security risk are the auditors attempting to mitigate?

Question 8

All of the following are supporting elements of authorization except:
-rights, permissions, and privileges
-principle of least privilege
-separation of duties
-credential validation

Question 9

Which of the following is guidance for configuring and operating computer systems at a secure level that is documented and understood?

Question 10

All of the following are characteristics of the RADIUS authentication protocol except:
-RADIUS uses TCP port 1812
-RADIUS uses UDP port 1812
-RADIUS accepts earlier forms of authentication protocols, such as PAP
-RADIUS encrypts user passwords during the authentication process

Question 11

Data that if disclosed to an unauthorized party would potentially cause harm or disruption to the organization should be labeled as which of the following?

Question 12

Which of the following terms indicates the amount of time it takes for a hardware component to recover from failure?

Question 13

What is a script kiddie?

Question 14

Your office does not deal in classified or even sensitive data. You are concerned, however, with the loss of equipment, as you have had a few external drive and tablets stolen in the last 12 months. Which of the following would be most appropriate for your environment, keeping in mind that you want a low-cost solution?

Question 15

What network attack method involves the attacker sending messages to corrupt the ARP table and cause packets to be misrouted?

Question 16

Which tool would you use to discover hosts and services on a network?

Question 17

You are browsing a social media platform and notice question-game posts asking which car you drove to pass a driver’s test. Which term best describes these types of posts?

Question 18

Which tool would you use to manipulate network interfaces on a workstation?

Question 19

After recent phishing attacks through email, you decide to implement a solution internally where employees can be assured of the authenticity of messages from other employees. Which email feature should you implement?

Question 20

Which of the following is the best description of impact?

Question 21

In discussions of threat hunting, what does the acronym IOA mean?

Question 22

Which of the following protocols would you use to encrypt VPN traffic?

Question 23

Which of the following is not an element of mobile device management?

Question 24

What is the primary difference between authorized and semi-authorized hackers?

Question 25

What is the main difference between a DoS and a DDoS attack?

Question 26

The corporate IT manager wants you to implement a process that separates corporate apps from personal apps on mobile devices. Which of the following techniques will enable you to do this?

Question 27

Which of the following details the specific access levels that individuals or entities may have when interacting with objects?

Question 28

What is the initialization vector (IV) used for in a wireless communications protocol?

Question 29

Which of the following is a legal document describing a bilateral agreement between parties?

Question 30

Your company hosts public web servers that allow connections directly to TCP port 80 over HTTP and are configured with public IPv4 addresses. You need to enable connections to company HTTP servers using HTTPS while hiding the true identities of the servers. Which security solutions should you implement? Select two. -Source network address translation -VPN -PKI certificate -Reverse proxy server

Question 31

Which of the following is the name given to the connection of infrastructure and software elements to provide specific services to a business entity?

Question 32

Your organization wants to prevent anyone who has physical access to a computer from inserting a USB device to execute code from the device. At the same time, the organization wants to allow employees to utilize USB ports to charge devices such as their smartphones. Which of the following provides a way to accomplish this goal?

Question 33

Which tool would you use to check the path packets take over a network?

Question 34

If you condensed the penetration process down into four phases, what might those phases be?

Question 35

Which of the following is the name for the cloud deployment model where cloud-based systems are delivered as a virtual solution for computing, allowing organizations to contract for utility computing as needed?

Question 36

What is RFID an acronym for?

Question 37

Which of the following access control models enables a person who creates or owns objects to define permissions to access those objects?

Question 38

Why are insider threats considered more dangerous than external threats? Select all that apply. -Insiders are easier to detect and stop than outsiders -Insiders may already have the access they need to commit fraud or steal data -Insiders have the access and knowledge to cause immediate damage -Most security measures are designed to protect against outsiders

Question 39

What is the name given to parts of an organization that perform their own IT functions?

Question 40

You require the ability to query host and network device statistics and configurations in order to determine if suspicious activity is present. Which TCP/IP protocol should you use?

Question 41

Which of the following is a negotiated agreement between parties detailing expectations for both the customer and the service provider

Answer 41

SLA

Question 42

What is the specific name given to sturdy posts, often made of concrete, galvanized steel, or stainless steel? They are used to protect entryways and prevent unauthorized entry and vehicle ramming attacks.

Answer 42

Bollard

Question 43

What is the purpose of DLP?

Question 44

Which tool would you use to list a file's contents to a pipe?

Question 45

What type of file, often sent with an email message, can contain malicious code that can be downloaded and executed on a client's computer?

Question 46

Which tool would you use to identify TCP connections?

Question 47

Marisol sees a tremendous amount of traffic on TCP port 389 from the Internet. Which TCP/IP service should she inspect first?

Question 48

Which of the following statements about open permissions are true? Select two. -Only files can have open permissions -The risk associated with open permissions is context dependent -Files with open permissions are always of little value -A file with open permissions might be accessible to anyone, including guest accounts

Question 49

Which tool would you use to output the first part of a file?

Question 50

Which approach to site resiliency consists of partially configured systems, usually having the peripherals and software but perhaps not the more expensive main processing computer?

Answer 50

Warm site

Question 51

What is the term for the process of identifying critical assets and systems, interdependencies, and ensuring their availability during a disruption?

Question 52

If your organization is highly sensitive to sharing resources, you might consider using which of the following cloud models?

Question 53

What type of attack places a layer of code between a driver and the operating system?

Question 54

The X.509 standard outlines which of the following? Select two. -necessary fields of certificate -usage types -possible values of certificate fields -location of the CRL

Question 55

Which of the following is not a recognized attack vector?

Question 56

You are compiling a list of cybersecurity incidents that occurred in the organization over the last year. The list will be published on an internal company website as a company newsletter for all employees to read. Under which category should you provide details related to phishing scam incidents?

Question 57

What is the biggest difference between EAP-TLS and EAP-TLS?

Question 58

In which phase of the incident response process is the incident response team first notified?

Question 59

What is a zero day vulnerability?

Question 60

You are conducting user security awareness training. An attendee asks how they can identify phishing email messages. What should you tell them to look for? Select two. -Bad grammar -Messages that are not digitally signed -Messages that are not encrypted -Email address inconsistencies

Question 61

The process of verifying an identity previously established in a computer system is known as which of the following?

Question 62

Which of the following is the name given to the process of assigning permissions or authorities to objects?

Question 63

Which of the following are two characteristics of strong passwords? Select two. -Use of additional character space -Encryption strength -Authentication methods -Password length

Question 64

Your organization has had problems with unauthorized individuals following behind authorized employees into restricted areas. What is one of the best ways to avoid this issue, commonly known as tailgating?

Question 65

Which phase of the incident response process involves restoring normal business operations?

Question 66

Which of the following is not one of the Trust Service identified by the SOC 2?

Question 67

You have fallen victim to a social media phishing scam. After receiving an email notification of a video of you from the past, you clicked the link, which played a generic stock video, and you realized it was a scam. What is the first thing you should do?

Question 68

Which of the following policy settings prevent a user from rapidly changing passwords and cycling through their password history to reuse a password?

Question 69

What process is used to review and validate continuity of operations planning?

Question 70

Which security control is not offered by virtual LAN?

Question 71

Which phase of the incident response process involves assigning actions to correct weaknesses and ways to improve?

Question 72

Custom built software running on an internal Windows server communicates over TCP port 4489. You need to configure a firewall solution to allow traffic destined for port 4489 from the IP address range assigned to the sales team subnet. Which type of firewall should you configure while minimizing administrative effort and cost?

Question 73

Executives in the organization complain that an abnormally high number of scam email messages have been flooding their inboxes. other users in the organization have not received any of the same messages. All user devices are configured with the same security software and settings. When reporting to your manager, which term best describes the situation?