Practice Questions Flashcards
unofficial miscellaneous source, linkedin exams, etc.
Bollard is an example of which type of control?
Physical
What is the primary purpose of succession planning?
To define plans for how to handle the sudden loss of an executive or key employee to the organization
A data center technician needs to securely dispose of several hard drives for systems that are being decommissioned. Which of the following techniques is not sufficient to ensure the data is not recoverable?
Erasure
Erasure occurs when you press the Delete key on a computer or empty the recycle bin on your desktop. When this occurs, the data is not actually removed from the hard drive and may be recovered.
Fortification of facilities, deployment of uninterruptible power supplies or generators, communication link redundancy, and fire detection and suppression systems are all examples of what?
Preventative controls
Controls designed to stop unwanted things from occurring
Which of the following techniques is not a method for identifying a security incident?
Disabling system accounts
This may be done as a containment strategy as part of the incident response process, however, this is not a method for identifying a security incident.
IDS
Intrusion Detection System
SIEM
Security Information and Event Management
Which of the following would a hacker not usually learn by conducting scans against a targeted network?
Reveal user accounts on endpoints that have excessive privilege
Scanners cannot tell if user accounts have too many privileges since that is dependent upon the user’s role in the organization and their need to know
Which of the following best describes DAC?
Access control model that provides the owner of the resource (typically the creator) complete control to configure which subjects can access an object
DAC
Discretionary Access Control
MAC
Mandatory Access Control
RBAC
Role Based Access Control
ABAC
Attribute Based Access Control
What technology would an organization use to control which devices could connect to their network?
NAC
Network Access Control allows organizations to control which devices are permitted to connect to their network based on policy
IDS
Intrusion Detection System
DMZ
Demilitarized Zone
Which of the following is not true regarding UDP?
UDP is a connection oriented protocol
User Datagram Protocol is a protocol for for transmitting data between computers. It does not establish a connection (three-way handshake) before transmitting data. This makes it less reliable but also faster than TCP.
Which of the following is a logical address assigned to devices connected to a network or the Internet?
Internet Protocol (IP) address
IP addresses are used for identifying devices for the purpose of routing traffic. They are referred to as a logical or software address as it is a virtual address and not hardcoded into the hardware
Which of the following is the bestt description of a computer virus?
Malware that infects a legitimate program and causes it to perform a function it was not intended to do
A data center administrator installls a biometric authetication system that controls access to the data center. In oder for employees to ender the data center, they must scan their palm to gain access. What type of security control is this an example of?
Physical
Which of the following describes a door system that is configured to automatically close and lock during a power outage?
Fail-secure
Which access control model is commonly used in military and government environments to protect classified information?
MAC
Which part of the access control mechanism provides information used by auditors and investigators?
Accountability
Joe fell victim to a social engineering attach by a cybercriminal, then he remembered learning about a similar trick during his company’s security training. What feature of training and awareness programs did his organization likely fail to implement?
Practice testing
A system’s administrator is assisting an employee with an issue they are having with their work laptop. When the employee attempts to connect to the company network they are unable to get an IP address assigned and thus cannot access company resources. Which of the following protocols is most relevant for the systems administrator when investigating and troubleshooting this issue?
DHCP
Dynamic Host Configuration Protocol is used to dynamically assign IP addresses to devices. A server checks for available IP addresses from a pool and automatically assigns them to client devices. The administrator should investigate to see whether DHCP is configured and working properly.
HTTP
Hypertext Transfer Protocol
SMTP
Simple Mail Transfer Protocol
FTP
File Transfer Protocol
Which of the following is not a category of social engineering?
Mantrap
Refers to a special kind of vestibule used to protect a secure area. It has two doors and requires a visitor to go through the first door and close it before going through the second door to gain entry to the secure area.
Which of the following involves a sophisticated attack in which a hacker maintains a stealthy long term presence in a victim’s network?
Advanced persistent threat
Which of the following is not an example of protecting data in transit?
Database encryption
Which of the following is not commonly used to launch ransomware attacks?
Ping attack
A denial of service attack in which the attacker floods the victim system with pink requests. By itself it does not enable a ransomware attack
Mary is conducting a risk analysis for her organization. Her boss, the CISO, feels strongly that the organization’s biggest risk is from hackers trying to steal intellectual property from their engineering database server so that is where their defensive focus should lie. This is an example of what kind of analysis?
Qualitative risk analysis
What is the most important governance element for a customer to use to ensure a cloud service provider is delivering on expectations?
SLA
A service level agreement is a contractual agreement between a service provider and a customer that defines the level of service the customer can expect. Provisions around things like performance, availability, security, etc.
When an employee is terminated, what is the best course of action regarding the provisioning of their user access accounts?
Disable the employee’s access to all accounts
Joe is a network engineer who wants to deploy the most basic and least expensive firewall. All he needs is to set up Access Control Lists to accomplish his goals. Which type of firewall is best for his needs?
Packet filler
A packet filler (gen 1) is the simplest and least expensive type of firewall and uses Access Control Lists to control traffic
A server admin wants to ensure that the server’s hard drive is encrypted to protect the sensitive data on the server in case the server is ever stolen. Which of the following would enable the best configuration for disk encryption?
AES
The Advanced Encryption Standard algorithm is the most commonly used symmetric encryption algorithm due to its maturity, security, and international recognition. Symmetric encryption (particularly AES) is most commonly used to encrypt data in bulk and large files, such as hard drive encryption.
Which policy would normally include requirements for employees accessing their social media accounts on company owned computers?
AUP
The Acceptable Use Policy defines what employees may and may not do with company resources, usually stating such resources are to be used for official business purposes only.
Which method of authentication factor is most likely to falsely reject a valid user?
Type 3
Something you are, uses biometrics which is an improving technology that is not perfect and can falsely reject a valid user or falsely accept an unknown user.
Joe ran a vulnerability scan and posted the results on his organization’s unsecured website so it would be easy for his employees to see the results. Was this a good idea?
No, because scan results contain sensitive information which could be used by cybercriminals to launch attacks against the organization
Which of the following is considered an “insecure” protocol?
HTTP
Hypertext Transfer Protocol is a communication protocol that serves as the primary way web browsers communicate with web servers to access web pages over the internet. It is considered an insecure protocol since the information is transmitted in plaintext between the client and the server. HTTPS is the secure alternative.
Which of the following is considered the best practice regarding patch management?
Test patches before deploying them to production devices.
Which of the following is a key benefit of using a SIEM?
Greater availability and monitoring
Security Information and Event Management systems allow greater security visibility and monitoring. The systems collect and analyze security related data from multiple sources, providing security analysts with a comprehensive view of the organization’s security posture.
Which of the following best describes RBAC?
Access control model that enforces access based on predefined roles.
Roles are typically developed for similar users with the same access needs.
A security engineer is trying to decide on the best course of action to take to block internet traffic from specific IP addresses at the perimeter of the company network. Which of the following controls would allow the security engineer to configure such rules
Network Firewall
A firewall is a network device used to enforce certain security rules that govern how traffic may flow.
Which of the following is an example of a technical control?
Antivirus
The IT director for a large organization is reviewing options to migrate their servers and infrastructure from their on-prem data center to the cloud. Which cloud service model best fits the organization’s needs?
IaaS
In the Infrastructure as a Service model the cloud provider gives customers self service access to a pool of infrastructure resources that can be virtually provisioned and deprovisioned on demand.
SaaS
Software as a Service
A software service or application is hosted by a cloud provider and provided to customers (typically over the Internet). The cloud provider manages the infrastructure and platform, and the customer only needs to manage specific canfugurations within the application.
The IT Director for an organization has revamped the organization’s identity management structure so that pre-built permission groups are developed for each department such as IT, Finance, Sales, HR, and so on. Users are then assigned to those corresponding groups depending on what team they are on. Which access control model is most likely being utilized?
RBAC
Role based access control enforces access based on roles that define permissions, and the level of access provided to any subjects assigned to that role.
Which cloud deployment model consists of cloud resources that are available for purchase and consumption by the general public?
Public
Public cloud consists of computing resources operated by a third party that are deployed for use by the general public for purchase and consumption
A security engineer has designed the organization’s network to have multiple layers of controls in place including antivirus on endpoints, network segmentation through the use of firewalls, and MFA for all administrative access to systems. What is this an example of?
Defense-in-depth
A company has purchased a subscription-based customer relationship management service that is accessible over the Internet. The service is developed by a third party that manages the infrastructure and platform while the customer manages specific configurations within the web application. Which type of cloud service model is this an example of?
SaaS
Software as a Service
Which of the following focuses on plans and processes to ensure the business can continue to perform essential business functions in the event of a disaster or security incident?
Business continuity
Of the choices listed, which quantitative measure indicates how much money an organization is predicted to lose if a given threat occurs one time?
Single Loss Expectancy
A security analyst is reviewing system logs and notices that another employee has been copying large amounts of sensitive data from the system. What is the best next step for the security analyst to take?
Notify management
What security control provides non-repudiation for messages?
digital signatures
Which type of attack uses an email that looks legitimate but is really fake to trick the recipient into revealing information?
Phishing
Which one of the following is an example of multifactor authentication?
-password and security questions
-retinal scan and fingerprint
-ID card and PIN
-ID card and key
ID card and PIN
What US law regulates the protection of health information?
HIPAA
What security tool can be configured to prevent DDoS attacks?
firewall
Your organization requires that passwords contain a mixture of uppercase characters, lowercase characters, digits, and symbols. What type of password policy is this?
complexity
During what phase of the access control process does a user prove his or her identity?
authentication
In what type of attack does the attacker capture and then reuse login information?
replay attack
What is the best defense against dumpster diving attacks?
shredding
Purchasing an insurance policy is an example of which risk management strategy?
risk transference
What two factors are used to evaluate a risk?
likelihood and impact
What term best describes making a snapshot of a system or application at a point in time for later comparison?
baselining
What type of security control is designed to stop a security issue from occurring in the first place?
preventive
What term describes risks that originate inside the organization?
internal
Which element of the security policy framework includes suggestions that are not mandatory?
guidelines
What law applies to the use of personal information belonging to European Union residents?
GDPR
What type of security policy normally describes how users may access business information with their own devices?
BYOD policy
What is the minimum number of disk required to perform RAID level 5?
3
What goal of security is enhanced by a strong business continuity program?
availability
What type of control are we using if we supplement a single firewall with a second standby firewall ready to assume responsibility if the primary firewall fails?
high availability
SSO
single sign on
The process of authenticating once to many systems
Which of the following methods can be used to ensure message authenticity?
Digital signatures
Which of the following is the best definition of configuration management?
The process of establishing consistency in engineering, implementation, and operations by establishing and controlling baselines of all supporting data and documentation
Which of the following is a value that is added as an input to a cryptographic algorithm that enables it to perform its cryptographic function?
Cryptographic key
Which of the following devices operates at the network layer (Layer 3) of the OSI model?
Router
What is cross-site scripting?
An attack that allows an attacker to execute malicious code via a victim’s browser
Which of the following access control models allows the owner of the resource to configure which subjects can access the object?
Discretionary access control (DAC)
The most common approach to being able to recover data in the event of a disaster or incident is to use a data backup solution. Which type of backup solution backs up all files that have changed since the last backup?
Differential
A(n) _____ backup backs up all files that have changed since the last full backup.
Differential backup
A(n) _____ backup stores a backup of all of the files on the system each time the backup process is run
Full backup
A(n) _____ backup backs up all files that have changed since the last backup of any type
Incremental backup
Which of the following steps is not part of risk identification within the risk management process?
Identifying recovery strategies for each asset in the environment.
This is part of business continuity planning.
In the context of access controls, what does an access control matrix represent?
A table containing a set of subjects, objects, and permissions
What is the potential impact of a botnet attack on an organization?
All of these answers:
-Disruption of business operations and loss of revenue
-Damage to reputation and loss of customer trust
-Theft of sensitive information and intellectual property
What is the primary difference between logical access controls and physical access controls?
Logical access controls protect computer and network resources, while physical access controls protect physical resources such as data centers.
Sally works on her organization’s business continuity planning team. They have decided that in the event of a disaster it is acceptable for their organization to lose the last two days’ worth of data but no more. This is an example of what measure?
Recovery point objective (RPO)
The amount of data that is acceptable to be lost in the event of a disaster
Recovery time objective (RTO)
The time target for restoring a business process or service after a disruption caused by a disaster or security event
Work recovery time (WRT)
The amount of time to restore the data and perform testing to ensure the capability is fully operational after a disaster
In the context of logical access control, which of the following best describes the capabilities list?
A list that shows all objects a specific subject can access the subject’s corresponding permissions over each object
The access control list (ACL)
How would the default subnet mask of a class A range be noted with CIDR notation?
/8
Which access control model provides the owner of the resource, typically the creator, full control over configuring which subjects can access the object?
Discretionary access control (DAC)
What layer of the OSI model do TCP and UDP operate at?
Layer 4: Transport Layer
This layer handles end-to-end transport services and the establishment of logical connections between two computers
The OSI model layer focused on the connection between the connections between the applications on each computer
Session Layer
The OSI model layer dealing with how bits are transmitted and received
Layer 1: Physical Layer
The OSI model layer responsible for transmitting and delivering frames throughout a LAN based on the unique physical MAC addresses on the devices on the network
Layer 2: Data Link Layer
The OSI model layer responsible for the routing and route selection for network packets based on logical IP addresses
Layer 3: Network Layer
How can organizations protect against buffer overflow attacks?
All of these answers:
-Use code analysis tools to identify and mitigate vulnerabilities
-Regularly patch and update software
-Use intrusion detection/prevention systems to monitor network traffic
Which of the following is a benefit of using CIDR?
It provides more flexibility for splitting IP address space
Which of the following is the best description of the purpose of a vulnerability assessment?
Reduce the risk of successful cyberattacks
What is the primary purpose of a business impact analysis (BIA)?
To fully understand the organization’s critical business functions and establish recovery priorities for them
Which of the following is an example of a technical control?
Access controls
Controls that are hardware or software components that protect computing and network resources within a system
Technical controls
