Pre-Assessment Exam Flashcards
Which prevention and mitigation measures best protect against the impact of a ransomware attack? (Choose two.)
ICMP blocking rules
Alert e-mail notifications
System imaging
Data backups
System imaging
Data backups
In the event of a ransomware infection, systems can be quickly returned to an operational state by applying a system image. Frequent data backups enable the restoration of data prior to the ransomware outbreak
A company executive complains that her online banking credentials no longer work. After further investigation, you determine that the user clicked a link in a fraudulent e-mail meant to deceive bank customers. Which type of attack occurred?
Tailgating
Hoax
Phishing
Phishing
Phishing scams attempt to convince victims to divulge sensitive information such as online banking credentials
Which type of attack involves an attacker injecting malicious executable code into a web site page that will be viewed by others?
Buffer overflow
Cross-site request forgery
Cross-site scripting
Cross-site scripting
Cross-site scripting attacks result from victims using a web site that a malicious user has injected with malicious code. The victim’s web browser then executes that code. This can result from ineffective web form field input validation
A malicious user enters a coffee shop and configures a Wi-Fi hotspot that uses the same name used by the legitimate public Wi-Fi available in the coffee shop. What has the malicious user configured?
MAC spoofing
IP spoofing
Evil twin
Evil twin
An evil twin is an additional Wi-Fi network configured by an attacker to appear as an existing legitimate Wi-Fi network, in hopes that unsuspecting users will connect to it
What will detect network or host intrusions and take actions to prevent an intrusion from continuing?
IPS
IDS
IPSec
IPS
An intrusion prevention system (IPS) actively monitors network or system activity for abnormal activity and can be configured to take steps to stop or contain it. Abnormal activity can be detected by checking for known attack patterns (signature-based) or variations beyond normal activity (anomaly-based)
A router must be configured to allow traffic from certain hosts only. How can this be accomplished?
ACL
Subnet
Proxy server
ACL
Access control lists (ACLs) are router settings that allow or deny various types of network traffic from or to specific hosts
Your company issues smart phones to employees for business use. Corporate policy dictates that all data stored on smart phones must be encrypted. To which fundamental security concept does this apply?
Confidentiality
Integrity
Availability
Confidentiality
Confidentiality ensures that data is accessible only to those parties who should be authorized to access the data. Encrypting data stored on smart phones protects that data if the phone is lost or stolen
To give a contractor network access quickly, a network administrator adds the contractor account to the Windows Administrators group. Which security principle does this violate?
Separation of duties
Least privilege
Job rotation
Least privilege
The least privilege principle states that users should be given only the rights needed to perform their duties and nothing more. Adding a contractor to the Administrators group violates this principle by granting the contractor too much privilege
Complex passwords are considered which type of security control?
Management
Technical
Physical
Technical
Technical security controls such as complex passwords are used to protect computing resources such as files, web sites, databases, and so on. Complex passwords can help prevent malicious access to IT systems and data
n insurance company charges an additional $200 monthly premium for natural disaster coverage for your business site. What figure must you compare this against to determine whether to accept this additional coverage?
ALE
ROI
Total cost of ownership
ALE
The annual loss expectancy (ALE) value refers to the yearly cost related to the loss of the use of a service or business process. ALE is used with quantitative risk analysis approaches to prioritize and justify expenditures that protect from potential risks. For example, an ALE value of $1000 might justify a $200 annual expense to protect against that risk
Which of the following physical access control methods do not normally identify who has entered a secure area? (Choose two.)
Access control vestibule
Hardware locks
Fingerprint scan
Smartcard
Access control vestibule
Hardware locks
Access control vestibules are designed to trap trespassers in a restricted area. Some access control vestibule variations use two sets of doors, one of which must close before the second one opens. Traditional access control vestibules do not require access cards. Hardware locks simply require possession of a key. Neither verifies the person’s identity
Juanita uses the Firefox web browser on her Linux workstation. She reports that her browser home page keeps changing to web sites offering savings on consumer electronic products. Her virus scanner is running and is up-to-date. What is the most likely cause of the problem?
Juanita is experiencing a denial-of-service attack.
Juanita’s user account has been compromised.
Juanita’s browser configuration is being changed by adware.
Juanita’s browser configuration is being changed by adware.
Adware attempts to expose users to advertisements in various ways, including through pop-ups or changing the web browser home page. Spyware often analyzes user habits so that adware displays relevant advertisements. Some antivirus software also scans for spyware, but not in this case
Which of the following refers to unauthorized data access of a Bluetooth device over a Bluetooth wireless network?
Bluejacking
Bluesnarfing
Packet sniffing
Bluesnarfing
Bluesnarfing is the act of connecting to and accessing data from a device over a Bluetooth wireless connection. It is considered much more invasive than packet sniffing or port scanning
The process of disabling unneeded network services on a computer is referred to as what?
Patching
Fuzzing
Hardening
Hardening
Hardening includes actions such as disabling unneeded services to make a system more secure
How can you best prevent rogue machines from connecting to your network?
Deploy an IEEE 802.1x configuration.
Use strong passwords for user accounts.
Use IPv6.
Deploy an IEEE 802.1x configuration.
The IEEE 802.1x standard requires that devices be authenticated before being given network access. For example, it might be configured for VPN appliances, network switches, and wireless access points that adhere to the standard
You want to focus and track malicious activity to a particular host in your screened subnet. What should you configure?
Honeynet
Honeypot
Screened subnet tracker
Honeypot
A honeypot is an intentionally vulnerable host used to attract and track malicious activity
A security auditor must determine which types of servers are running on a network. Which tool or technique is best suited for this task?
OS fingerprinting
Protocol analyzer
Port scanner
OS fingerprinting
Network mapping and vulnerability scanning utilities can map a network’s layout and identify operating systems running on hosts using OS fingerprinting. This technique analyzes network packets to and from the host to identify the operating system in use
Which type of security testing provides network configuration information to testers?
Known environment
Unknown environment
Partially known environment
Known environment
A known environment test provides testers with detailed configuration information regarding the software or network they are testing
The web developers at your company are testing their latest web site code before going live to ensure that it is robust and secure. During their testing, they provide malformed URLs with additional abnormal parameters as well as an abundance of random data. Which term describes their actions?
Cross-site scripting
Fuzzing
Patching
Fuzzing
Fuzzing is a means of injecting data into an application that it does not expect to ensure that no weaknesses are present in the application
Which solution can centrally authenticate users between different organizations?
RADIUS
RADIUS federation
EAP-FAST
RADIUS federation
RADIUS federation required a trusted identify provider in one organization. Edge devices forward authentication requests only to a RADIUS server located on a protected network
What can be done to protect data after a handheld device is lost or stolen?
Enable encryption.
Execute a remote wipe.
Enable screen lock.
Execute a remote wipe.
Mobile device administrators can configure devices such that sensitive apps and data can be removed remotely, or wiped, if the device is lost or stolen
Which firmware solution can store keys used for storage media encryption?
TPM
DLP
EFS
TPM
Trusted Platform Module (TPM) chips can store cryptographic keys or certificates used to encrypt and decrypt drive contents. If the drive were moved to another computer (even one with TPM), the drive would remain encrypted and inaccessible
Your company has issued Android-based smart phones to select employees. Your manager asks you to harden the phones and ensure that data confidentiality is achieved. How should you address your manager’s concerns while minimizing administrative effort?
Implement SCADA, screen locking, device encryption, and antimalware, and disable unnecessary software on the phones.
Implement PKI VPN authentication certificates, screen locking, and antimalware, and disable unnecessary software on the phones.
Implement screen locking, device encryption, patching, and antimalware, and disable unnecessary software on the phones.
Implement screen locking, device encryption, patching, and antimalware, and disable unnecessary software on the phones.
Hardening a smart phone includes configuring automatic screen locking, encrypting data on the device, patching the OS and required apps, installing and updating antimalware, and disabling unnecessary features and software
Stored data is referred to as:
Data-in-process
Data-in-transit
Data-at-rest
Data-at-rest
Data-at-rest is data stored on media
Which term best describes sensitive medical information?
PHI
TLS
PII
PHI
Protected health information (PHI) refers to sensitive medical information stored and accessed in a secured manner
Which of the following is considered multifactor authentication?
Username/password
Fingerprint scan/retinal scan
Smartcard/PIN
Smartcard/PIN
A smartcard constitutes “something you have,” while knowledge of the smartcard PIN constitutes “something you know.” When used together, they are considered multifactor authentication
You are evaluating public cloud storage solutions. Users will be authenticated to a local server on your network that will allow them access to cloud storage. Which identity federation standard could be configured to achieve this?
LDAP
PKI
SAML
SAML
Security Assertion Markup Language (SAML) is an XML standard that defines how authentication and authorization data can be transmitted in a federated identity environment
Which data forensic term encompasses documenting all aspects of evidence to ensure its integrity?
Legal hold
Encryption
Chain of custody
Chain of custody
The chain of custody ensures that the whereabouts of evidence can be accounted for at all times, along with who accessed the evidence
The Human Resources department in your company has a policy for conducting thorough background checks before hiring new employees. What type of control is this?
Administrative
Least privilege
Technical
Administrative
Hiring practices are administrative controls
Smartcard
CAC
Hardware token
CAC
Common access cards (CAC) grant access to multiple items such as computers and buildings
Which cryptographic approach uses points on a curve to define public and private key pairs?
RSA
DES
ECC
ECC
Elliptic Curve Cryptography (ECC) is public key cryptography based on points on an elliptic curve
Your colleagues report that there is a short time frame in which a revoked certificate can still be used. Why is this?
The CRL is published periodically.
The CRL is published immediately but must replicate to all hosts.
The CRL is dependent on network bandwidth.
The CRL is published periodically.
The certificate revocation list (CRL) is not published immediately; it is published either manually or on a schedule, so there may be a small time frame in which revoked certificates can still be used
Which type of VPN configuration can use the Internet connection of a VPN client device to access Internet resources as opposed to the VPN-connected network’s Internet connection?
Split tunnel
Full tunnel
IPSec
Split tunnel
VPNs with a split tunnel configuration direct traffic for resources available on the other side of the VPN through the VPN tunnel. VPN clients accessing Internet resources will use the VPN client’s Internet connection, hence split tunnel
Which standard specifies the syntax used to represent cybersecurity information?
TAXII
XML
STIX
STIX
The Structured Threat Information eXpression (STIX) standard defines the syntax used to represent cybersecurity information
Which tool enables web page viewing on the dark web?
Tor web browser
VPN client
Google Chrome web browser
Tor web browser
The Tor web browser is designed to provide anonymous access to the Internet and the dark web
Which type of security tool can reduce incident response time by automating security incident response tasks?
Botnet
IPS
SOAR
SOAR
Security Orchestration, Automation, and Response (SOAR) is a software solution designed to make incident response more efficient by reducing response time through automation
You are deploying cloud storage for your organization through a public cloud provider. Which type of cloud service model does this apply to?
IaaS
PaaS
XaaS
IaaS
Infrastructure as a Service (IaaS) refers to compute, network, and storage services offered in the cloud
Which Linux command is used to view log data captured by the systemd daemon?
dd
tcpdump
journalctl
journalctl
The Linux journalctl command is used to view systemd logs and includes filtering capabilities such as journalctl –b to view only those log entries related to the most recent system boot (this will show you journal entries that have been collected since the most recent reboot)
