Practice Questions

Question 1

Bollard is an example of which type of control?

Answer 1

Physical

Question 2

What is the primary purpose of succession planning?

Answer 2

To define plans for how to handle the sudden loss of an executive or key employee to the organization

Question 3

A data center technician needs to securely dispose of several hard drives for systems that are being decommissioned. Which of the following techniques is not sufficient to ensure the data is not recoverable?

Answer 3

Erasure

Erasure occurs when you press the Delete key on a computer or empty the recycle bin on your desktop. When this occurs, the data is not actually removed from the hard drive and may be recovered.

Question 4

Fortification of facilities, deployment of uninterruptible power supplies or generators, communication link redundancy, and fire detection and suppression systems are all examples of what?

Answer 4

Preventative controls

Controls designed to stop unwanted things from occurring

Question 5

Which of the following techniques is not a method for identifying a security incident?

Answer 5

Disabling system accounts

This may be done as a containment strategy as part of the incident response process, however, this is not a method for identifying a security incident.

Question 6

IDS

Answer 6

Intrusion Detection System

Question 7

SIEM

Answer 7

Security Information and Event Management

Question 8

Which of the following would a hacker not usually learn by conducting scans against a targeted network?

Answer 8

Reveal user accounts on endpoints that have excessive privilege

Scanners cannot tell if user accounts have too many privileges since that is dependent upon the user’s role in the organization and their need to know

Question 9

Which of the following best describes DAC?

Answer 9

Access control model that provides the owner of the resource (typically the creator) complete control to configure which subjects can access an object

Question 10

DAC

Answer 10

Discretionary Access Control

Question 11

MAC

Answer 11

Mandatory Access Control

Question 12

RBAC

Answer 12

Role Based Access Control

Question 13

ABAC

Answer 13

Attribute Based Access Control

Question 14

What technology would an organization use to control which devices could connect to their network?

Answer 14

NAC

Network Access Control allows organizations to control which devices are permitted to connect to their network based on policy

Question 15

IDS

Answer 15

Intrusion Detection System

Question 16

DMZ

Answer 16

Demilitarized Zone

Question 17

Which of the following is not true regarding UDP?

Answer 17

UDP is a connection oriented protocol

User Datagram Protocol is a protocol for for transmitting data between computers. It does not establish a connection (three-way handshake) before transmitting data. This makes it less reliable but also faster than TCP.

Question 18

Which of the following is a logical address assigned to devices connected to a network or the Internet?

Answer 18

Internet Protocol (IP) address

IP addresses are used for identifying devices for the purpose of routing traffic. They are referred to as a logical or software address as it is a virtual address and not hardcoded into the hardware

Question 19

Which of the following is the bestt description of a computer virus?

Answer 19

Malware that infects a legitimate program and causes it to perform a function it was not intended to do

Question 20

A data center administrator installls a biometric authetication system that controls access to the data center. In oder for employees to ender the data center, they must scan their palm to gain access. What type of security control is this an example of?

Answer 20

Physical

Question 21

Which of the following describes a door system that is configured to automatically close and lock during a power outage?

Answer 21

Fail-secure

Question 22

Which access control model is commonly used in military and government environments to protect classified information?

Answer 22

MAC

Question 23

Which part of the access control mechanism provides information used by auditors and investigators?

Answer 23

Accountability

Question 24

Joe fell victim to a social engineering attach by a cybercriminal, then he remembered learning about a similar trick during his company’s security training. What feature of training and awareness programs did his organization likely fail to implement?

Answer 24

Practice testing

Question 25

A system’s administrator is assisting an employee with an issue they are having with their work laptop. When the employee attempts to connect to the company network they are unable to get an IP address assigned and thus cannot access company resources. Which of the following protocols is most relevant for the systems administrator when investigating and troubleshooting this issue?

Answer 25

DHCP

Dynamic Host Configuration Protocol is used to dynamically assign IP addresses to devices. A server checks for available IP addresses from a pool and automatically assigns them to client devices. The administrator should investigate to see whether DHCP is configured and working properly.

Question 26

HTTP

Answer 26

Hypertext Transfer Protocol

Question 27

SMTP

Answer 27

Simple Mail Transfer Protocol

Question 28

FTP

Answer 28

File Transfer Protocol

Question 29

Which of the following is not a category of social engineering?

Answer 29

Mantrap

Refers to a special kind of vestibule used to protect a secure area. It has two doors and requires a visitor to go through the first door and close it before going through the second door to gain entry to the secure area.

Question 30

Which of the following involves a sophisticated attack in which a hacker maintains a stealthy long term presence in a victim’s network?

Answer 30

Advanced persistent threat

Question 31

Which of the following is not an example of protecting data in transit?

Answer 31

Database encryption

Question 32

Which of the following is not commonly used to launch ransomware attacks?

Answer 32

Ping attack

A denial of service attack in which the attacker floods the victim system with pink requests. By itself it does not enable a ransomware attack

Question 33

Mary is conducting a risk analysis for her organization. Her boss, the CISO, feels strongly that the organization’s biggest risk is from hackers trying to steal intellectual property from their engineering database server so that is where their defensive focus should lie. This is an example of what kind of analysis?

Answer 33

Qualitative risk analysis

Question 34

What is the most important governance element for a customer to use to ensure a cloud service provider is delivering on expectations?

Answer 34

SLA

A service level agreement is a contractual agreement between a service provider and a customer that defines the level of service the customer can expect. Provisions around things like performance, availability, security, etc.

Question 35

When an employee is terminated, what is the best course of action regarding the provisioning of their user access accounts?

Answer 35

Disable the employee’s access to all accounts

Question 36

Joe is a network engineer who wants to deploy the most basic and least expensive firewall. All he needs is to set up Access Control Lists to accomplish his goals. Which type of firewall is best for his needs?

Answer 36

Packet filler

A packet filler (gen 1) is the simplest and least expensive type of firewall and uses Access Control Lists to control traffic

Question 37

A server admin wants to ensure that the server’s hard drive is encrypted to protect the sensitive data on the server in case the server is ever stolen. Which of the following would enable the best configuration for disk encryption?

Answer 37

AES

The Advanced Encryption Standard algorithm is the most commonly used symmetric encryption algorithm due to its maturity, security, and international recognition. Symmetric encryption (particularly AES) is most commonly used to encrypt data in bulk and large files, such as hard drive encryption.

Question 38

Which policy would normally include requirements for employees accessing their social media accounts on company owned computers?

Answer 38

AUP

The Acceptable Use Policy defines what employees may and may not do with company resources, usually stating such resources are to be used for official business purposes only.

Question 39

Which method of authentication factor is most likely to falsely reject a valid user?

Answer 39

Type 3

Something you are, uses biometrics which is an improving technology that is not perfect and can falsely reject a valid user or falsely accept an unknown user.

Question 40

Joe ran a vulnerability scan and posted the results on his organization’s unsecured website so it would be easy for his employees to see the results. Was this a good idea?

Answer 40

No, because scan results contain sensitive information which could be used by cybercriminals to launch attacks against the organization

Question 41

Which of the following is considered an “insecure” protocol?

Answer 41

HTTP

Hypertext Transfer Protocol is a communication protocol that serves as the primary way web browsers communicate with web servers to access web pages over the internet. It is considered an insecure protocol since the information is transmitted in plaintext between the client and the server. HTTPS is the secure alternative.

Question 42

Which of the following is considered the best practice regarding patch management?

Answer 42

Test patches before deploying them to production devices.

Question 43

Which of the following is a key benefit of using a SIEM?

Answer 43

Greater availability and monitoring

Security Information and Event Management systems allow greater security visibility and monitoring. The systems collect and analyze security related data from multiple sources, providing security analysts with a comprehensive view of the organization’s security posture.

Question 44

Which of the following best describes RBAC?

Answer 44

Access control model that enforces access based on predefined roles.

Roles are typically developed for similar users with the same access needs.

Question 45

A security engineer is trying to decide on the best course of action to take to block internet traffic from specific IP addresses at the perimeter of the company network. Which of the following controls would allow the security engineer to configure such rules

Answer 45

Network Firewall

A firewall is a network device used to enforce certain security rules that govern how traffic may flow.

Question 46

Which of the following is an example of a technical control?

Answer 46

Antivirus

Question 47

The IT director for a large organization is reviewing options to migrate their servers and infrastructure from their on-prem data center to the cloud. Which cloud service model best fits the organization’s needs?

Answer 47

IaaS

In the Infrastructure as a Service model the cloud provider gives customers self service access to a pool of infrastructure resources that can be virtually provisioned and deprovisioned on demand.

Question 48

SaaS

Answer 48

Software as a Service

A software service or application is hosted by a cloud provider and provided to customers (typically over the Internet). The cloud provider manages the infrastructure and platform, and the customer only needs to manage specific canfugurations within the application.

Question 49

The IT Director for an organization has revamped the organization’s identity management structure so that pre-built permission groups are developed for each department such as IT, Finance, Sales, HR, and so on. Users are then assigned to those corresponding groups depending on what team they are on. Which access control model is most likely being utilized?

Answer 49

RBAC

Role based access control enforces access based on roles that define permissions, and the level of access provided to any subjects assigned to that role.

Question 50

Which cloud deployment model consists of cloud resources that are available for purchase and consumption by the general public?

Answer 50

Public

Public cloud consists of computing resources operated by a third party that are deployed for use by the general public for purchase and consumption

Question 51

A security engineer has designed the organization’s network to have multiple layers of controls in place including antivirus on endpoints, network segmentation through the use of firewalls, and MFA for all administrative access to systems. What is this an example of?

Answer 51

Defense-in-depth

Question 52

A company has purchased a subscription-based customer relationship management service that is accessible over the Internet. The service is developed by a third party that manages the infrastructure and platform while the customer manages specific configurations within the web application. Which type of cloud service model is this an example of?

Answer 52

SaaS

Software as a Service

Question 53

Which of the following focuses on plans and processes to ensure the business can continue to perform essential business functions in the event of a disaster or security incident?

Answer 53

Business continuity

Question 54

Of the choices listed, which quantitative measure indicates how much money an organization is predicted to lose if a given threat occurs one time?

Answer 54

Single Loss Expectancy

Question 55

A security analyst is reviewing system logs and notices that another employee has been copying large amounts of sensitive data from the system. What is the best next step for the security analyst to take?

Answer 55

Notify management

Question 56

What security control provides non-repudiation for messages?

Answer 56

digital signatures

Question 56

Which type of attack uses an email that looks legitimate but is really fake to trick the recipient into revealing information?

Answer 56

Phishing

Question 57

Which one of the following is an example of multifactor authentication?
-password and security questions
-retinal scan and fingerprint
-ID card and PIN
-ID card and key

Answer 57

ID card and PIN

Question 58

What US law regulates the protection of health information?

Answer 58

HIPAA

Question 59

What security tool can be configured to prevent DDoS attacks?

Answer 59

firewall

Question 60

Your organization requires that passwords contain a mixture of uppercase characters, lowercase characters, digits, and symbols. What type of password policy is this?

Answer 60

complexity

Question 61

During what phase of the access control process does a user prove his or her identity?

Answer 61

authentication

Question 62

In what type of attack does the attacker capture and then reuse login information?

Answer 62

replay attack

Question 63

What is the best defense against dumpster diving attacks?

Answer 63

shredding

Question 64

Purchasing an insurance policy is an example of which risk management strategy?

Answer 64

risk transference

Question 65

What two factors are used to evaluate a risk?

Answer 65

likelihood and impact

Question 66

What term best describes making a snapshot of a system or application at a point in time for later comparison?

Answer 66

baselining

Question 67

What type of security control is designed to stop a security issue from occurring in the first place?

Answer 67

preventive

Question 68

What term describes risks that originate inside the organization?

Answer 68

internal

Question 69

Which element of the security policy framework includes suggestions that are not mandatory?

Answer 69

guidelines

Question 70

What law applies to the use of personal information belonging to European Union residents?

Answer 70

GDPR

Question 71

What type of security policy normally describes how users may access business information with their own devices?

Answer 71

BYOD policy

Question 72

What is the minimum number of disk required to perform RAID level 5?

Answer 72

3

Question 73

What goal of security is enhanced by a strong business continuity program?

Answer 73

availability

Question 74

What type of control are we using if we supplement a single firewall with a second standby firewall ready to assume responsibility if the primary firewall fails?

Answer 74

high availability

Question 75

SSO

Answer 75

single sign on
The process of authenticating once to many systems

Question 76

Which of the following methods can be used to ensure message authenticity?

Answer 76

Digital signatures

Question 77

Which of the following is the best definition of configuration management?

Answer 77

The process of establishing consistency in engineering, implementation, and operations by establishing and controlling baselines of all supporting data and documentation

Question 78

Which of the following is a value that is added as an input to a cryptographic algorithm that enables it to perform its cryptographic function?

Answer 78

Cryptographic key

Question 79

Which of the following devices operates at the network layer (Layer 3) of the OSI model?

Answer 79

Router

Question 80

What is cross-site scripting?

Answer 80

An attack that allows an attacker to execute malicious code via a victim’s browser

Question 81

Which of the following access control models allows the owner of the resource to configure which subjects can access the object?

Answer 81

Discretionary access control (DAC)

Question 82

The most common approach to being able to recover data in the event of a disaster or incident is to use a data backup solution. Which type of backup solution backs up all files that have changed since the last backup?

Answer 82

Differential

Question 83

A(n) _____ backup backs up all files that have changed since the last full backup.

Answer 83

Differential backup

Question 84

A(n) _____ backup stores a backup of all of the files on the system each time the backup process is run

Answer 84

Full backup

Question 85

A(n) _____ backup backs up all files that have changed since the last backup of any type

Answer 85

Incremental backup

Question 86

Which of the following steps is not part of risk identification within the risk management process?

Answer 86

Identifying recovery strategies for each asset in the environment.

This is part of business continuity planning.

Question 87

In the context of access controls, what does an access control matrix represent?

Answer 87

A table containing a set of subjects, objects, and permissions

Question 88

What is the potential impact of a botnet attack on an organization?

Answer 88

All of these answers:
-Disruption of business operations and loss of revenue
-Damage to reputation and loss of customer trust
-Theft of sensitive information and intellectual property

Question 89

What is the primary difference between logical access controls and physical access controls?

Answer 89

Logical access controls protect computer and network resources, while physical access controls protect physical resources such as data centers.

Question 90

Sally works on her organization’s business continuity planning team. They have decided that in the event of a disaster it is acceptable for their organization to lose the last two days’ worth of data but no more. This is an example of what measure?

Answer 90

Recovery point objective (RPO)

The amount of data that is acceptable to be lost in the event of a disaster

Question 91

Recovery time objective (RTO)

Answer 91

The time target for restoring a business process or service after a disruption caused by a disaster or security event

Question 92

Work recovery time (WRT)

Answer 92

The amount of time to restore the data and perform testing to ensure the capability is fully operational after a disaster

Question 93

In the context of logical access control, which of the following best describes the capabilities list?

Answer 93

A list that shows all objects a specific subject can access the subject’s corresponding permissions over each object

The access control list (ACL)

Question 94

How would the default subnet mask of a class A range be noted with CIDR notation?

Answer 94

/8

Question 95

Which access control model provides the owner of the resource, typically the creator, full control over configuring which subjects can access the object?

Answer 95

Discretionary access control (DAC)

Question 96

What layer of the OSI model do TCP and UDP operate at?

Answer 96

Layer 4: Transport Layer

This layer handles end-to-end transport services and the establishment of logical connections between two computers

Question 97

The OSI model layer focused on the connection between the connections between the applications on each computer

Answer 97

Session Layer

Question 98

The OSI model layer dealing with how bits are transmitted and received

Answer 98

Layer 1: Physical Layer

Question 99

The OSI model layer responsible for transmitting and delivering frames throughout a LAN based on the unique physical MAC addresses on the devices on the network

Answer 99

Layer 2: Data Link Layer

Question 100

The OSI model layer responsible for the routing and route selection for network packets based on logical IP addresses

Answer 100

Layer 3: Network Layer

Question 101

How can organizations protect against buffer overflow attacks?

Answer 101

All of these answers:
-Use code analysis tools to identify and mitigate vulnerabilities
-Regularly patch and update software
-Use intrusion detection/prevention systems to monitor network traffic

Question 102

Which of the following is a benefit of using CIDR?

Answer 102

It provides more flexibility for splitting IP address space

Question 103

Which of the following is the best description of the purpose of a vulnerability assessment?

Answer 103

Reduce the risk of successful cyberattacks

Question 104

What is the primary purpose of a business impact analysis (BIA)?

Answer 104

To fully understand the organization’s critical business functions and establish recovery priorities for them

Question 105

Which of the following is an example of a technical control?

Answer 105

Access controls

Question 106

Controls that are hardware or software components that protect computing and network resources within a system

Answer 106

Technical controls