Practice Test

Question 1

The org that Chris works for has disabled automatic updates. What is the MOST common reason for disabling automatic updates for org systems?

Answer 1

To avoid issues with problematic patches and updates

Question 2

What are the capabilities provided by S/MIME when it is used to protect attachments for email?

Answer 2

Message integrity, nonrepudiation, and authentication

Question 3

What wireless tech is most frequently used for wireless payment solutions?

Answer 3

Near-field Communications

Question 4

What is the least volatile according to the forensic order of volatility?

Answer 4

Logs

Question 5

Ed wants to trick a user into connecting to his evil twin access point. What type of attack should he conduct to increase his chances of the user connecting to it?

Answer 5

A Disassociation Attack

Question 6

What term is used to describe wireless site surveys that show the relative power of access points on a diagram of the building or facility?

Answer 6

Heat Maps

Question 7

What hardware device is used to create the hardware root of trust for modern desktops and laptops?

Answer 7

The TPM

Question 8

Elenora runs the following code in Linux:

 cat example.txt example2.txt

What will happen?

Answer 8

The contents of both [example.txt] and [example2.txt] will be displayed on the terminal

Question 9

Angela wants to prevent users in her org from changing their passwords repeatedly after they have been changed, so that they can just reuse their current password. What two PW security settings does she need to implement to make this occur?

Answer 9

Set a password history and a minimum password age

Question 10

Chris wants to run a RAID that is a mirror of two disks. What RAID level does he need to implement?

Answer 10

RAID 1

Question 11

The power company that Glenn works for builds their distribution nodes into structures that appear to be houses or other buildings appropriate for their neighborhoods. What type of security control is this?

Answer 11

Industrial Camouflage

Question 12

What are the common constraints of embedded and specialized systems?

Answer 12

Lower computational power, lack of network connectivity, and the inability to patch

Question 13

Gary is reviewing his systems SSH logs and see logins for the user named “Gary” with passwords like [password1], [passsw0rd], and [PassworD]. What type of attack has Gary discovered?

Answer 13

Dictionary Attack

Question 14

Kathleen wants to set up a system that allows access into a high-security zone from a low-security zone. What type of solution should she configure first?

Answer 14

A Jump Box

Question 15

Derek’s org securely shreds all documents before they are disposed of, and secures their trash. What info gathering technique are they attempting to prevent?

Answer 15

Dumpster Diving

Question 16

Jeff is concerned about the effects that a ransomware attack might have on his org, and is designing a backup methodology that would allow the org to quickly restore data after an attack. What type of control is Jeff implementing?

Answer 16

Corrective

Question 17

Samantha is investigating a cybersecurity incident where an internal user used his company computer to participate in a DDoS attack against a third party. What type of policy was most likely violated by the user?

Answer 17

Acceptable Use Policy (AUP)

Question 18

Jean recently completed the user acceptance testing process and is getting her code ready to deploy. What environment should house her code before it is released for use?

Answer 18

Staging Environment

Question 19

Rob is reviewing digital check transactions. He notices that Helen, an accountant, is the person responsible for creating new vendors. Norm, another accountant, is responsible for issuing payments to those vendors. However, Helen and Norm are both cross-trained to perform each other’s duties. What security issue, if any, exists in this situation?

Answer 19

Separation of Duties Violation

Question 20

Oren obtained a certificate for his domain, covering
[ * .acmewidgets.net]. Which domain from the following would not be covered by his certificate?
- www.acmewidgets.net
- acmewidgets.net
- test.mail.acmewidgets.net
- mobile.acmewidgets.net

Answer 20

test.mail.acmewidgets.net - because it is a second-level subdomain which is not covered by this certificate

Question 21

Richard is sending a message to Grace and would like to apply a digital signature to the message before sending it. What key should he use to create the digital signature? His key, or Grace’s? Private or public?

Answer 21

Richard’s Private Key

Question 22

Which function cell below is closely associated with Linux command injection attacks?

• sudo ( )
• system ( )
• mkdir ( )
• root ( )

Answer 22

system ( )

Question 23

What type of cryptographic attack is especially effective against passwords stored in hashed format?

Answer 23

Rainbow Table

Question 24

Vince is conducting a penetration test against an org and believes that he is able to gain physical access to the org’s facility. What threat vector does this access allow him to exploit that would otherwise by unavailable?

Answer 24

Direct Access

Question 25

Gary’s org is doing a cybersecurity exercise. Gary is responsible for defending his system against attack during the test. What role is Gary playing in this exercise?

Answer 25

Blue Team

Question 26

Andrew is working with his financial team to purchase a cybersecurity insurance policy to cover the financial impact of a potential data breach. What type of risk management strategy is he using?

Answer 26

Risk Transference

Question 27

Shelly is writing a document that describes steps that incident response teams will follow upon first notice of
a potential incident. What type of document is she creating?

Answer 27

Procedures

Question 28

Xavier recently ran a port scan of the network used by his children’s school. He told them he ran the scan and shared the results with the school’s IT department via email to help improve their security. What term would best classify Xavier’s actions?

Answer 28

Gray Hat (Hacking)