Practice Test Flashcards

Want to see how well you're doing? Check out this assessment test, ripped straight from the text. (Questions 24 and 28 have been omitted.)

1
Q

The org that Chris works for has disabled automatic updates. What is the MOST common reason for disabling automatic updates for org systems?

A

To avoid issues with problematic patches and updates

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the capabilities provided by S/MIME when it is used to protect attachments for email?

A

Message integrity, nonrepudiation, and authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What wireless tech is most frequently used for wireless payment solutions?

A

Near-field Communications

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the least volatile according to the forensic order of volatility?

A

Logs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Ed wants to trick a user into connecting to his evil twin access point. What type of attack should he conduct to increase his chances of the user connecting to it?

A

A Disassociation Attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What term is used to describe wireless site surveys that show the relative power of access points on a diagram of the building or facility?

A

Heat Maps

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What hardware device is used to create the hardware root of trust for modern desktops and laptops?

A

The TPM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Elenora runs the following code in Linux:

 cat example.txt example2.txt

What will happen?

A

The contents of both [example.txt] and [example2.txt] will be displayed on the terminal

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Angela wants to prevent users in her org from changing their passwords repeatedly after they have been changed, so that they can just reuse their current password. What two PW security settings does she need to implement to make this occur?

A

Set a password history and a minimum password age

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Chris wants to run a RAID that is a mirror of two disks. What RAID level does he need to implement?

A

RAID 1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

The power company that Glenn works for builds their distribution nodes into structures that appear to be houses or other buildings appropriate for their neighborhoods. What type of security control is this?

A

Industrial Camouflage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are the common constraints of embedded and specialized systems?

A

Lower computational power, lack of network connectivity, and the inability to patch

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Gary is reviewing his systems SSH logs and see logins for the user named “Gary” with passwords like [password1], [passsw0rd], and [PassworD]. What type of attack has Gary discovered?

A

Dictionary Attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Kathleen wants to set up a system that allows access into a high-security zone from a low-security zone. What type of solution should she configure first?

A

A Jump Box

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Derek’s org securely shreds all documents before they are disposed of, and secures their trash. What info gathering technique are they attempting to prevent?

A

Dumpster Diving

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Jeff is concerned about the effects that a ransomware attack might have on his org, and is designing a backup methodology that would allow the org to quickly restore data after an attack. What type of control is Jeff implementing?

A

Corrective

17
Q

Samantha is investigating a cybersecurity incident where an internal user used his company computer to participate in a DDoS attack against a third party. What type of policy was most likely violated by the user?

A

Acceptable Use Policy (AUP)

18
Q

Jean recently completed the user acceptance testing process and is getting her code ready to deploy. What environment should house her code before it is released for use?

A

Staging Environment

19
Q

Rob is reviewing digital check transactions. He notices that Helen, an accountant, is the person responsible for creating new vendors. Norm, another accountant, is responsible for issuing payments to those vendors. However, Helen and Norm are both cross-trained to perform each other’s duties. What security issue, if any, exists in this situation?

A

Separation of Duties Violation

20
Q

Oren obtained a certificate for his domain, covering
[ * .acmewidgets.net]. Which domain from the following would not be covered by his certificate?
- www.acmewidgets.net
- acmewidgets.net
- test.mail.acmewidgets.net
- mobile.acmewidgets.net

A

test.mail.acmewidgets.net - because it is a second-level subdomain which is not covered by this certificate

21
Q

Richard is sending a message to Grace and would like to apply a digital signature to the message before sending it. What key should he use to create the digital signature? His key, or Grace’s? Private or public?

A

Richard’s Private Key

22
Q

Which function cell below is closely associated with Linux command injection attacks?

  • sudo ( )
  • system ( )
  • mkdir ( )
  • root ( )
A

system ( )

23
Q

What type of cryptographic attack is especially effective against passwords stored in hashed format?

A

Rainbow Table

24
Q

Vince is conducting a penetration test against an org and believes that he is able to gain physical access to the org’s facility. What threat vector does this access allow him to exploit that would otherwise by unavailable?

A

Direct Access

25
Q

Gary’s org is doing a cybersecurity exercise. Gary is responsible for defending his system against attack during the test. What role is Gary playing in this exercise?

A

Blue Team

26
Q

Andrew is working with his financial team to purchase a cybersecurity insurance policy to cover the financial impact of a potential data breach. What type of risk management strategy is he using?

A

Risk Transference

27
Q

Shelly is writing a document that describes steps that incident response teams will follow upon first notice of
a potential incident. What type of document is she creating?

A

Procedures

28
Q

Xavier recently ran a port scan of the network used by his children’s school. He told them he ran the scan and shared the results with the school’s IT department via email to help improve their security. What term would best classify Xavier’s actions?

A

Gray Hat (Hacking)