Ramdom Questions 1 - 10 Flashcards
A business has received a small grant to transition its infrastructure to an external solution. Which of the following considerations should be prioritized first?
A. Security of cloud providers
B. Cost of implementation
C. Ability of engineers
D. Security of architecture
D. Security of architecture
The marketing department independently implemented project management software without notifying the relevant departments (IT). What term best describes this action?
A. Shadow IT
B. Insider threat
C. Data exfiltration
D. Service disruption
A. Shadow IT
A user attempts to apply a critical patch, but the patch transfer fails. Which access control is most likely blocking the transfer?
A. Attribute-based
B. Time of day
C. Role-based
D. Least privilege
D. Least privilege
What tool can help detect if an employee has mistakenly sent an email with a file containing a customer’s personally identifiable information(PII)?
A. SCAP
B. Net Flow
C. Antivirus
D. DLP
D. DLP
DLP stands for Data Loss Prevention, which is a tool that can assist with detecting and preventing the unauthorized transmission or leakage of sensitive data, such as a customer’s PII (Personally Identifiable Information). DLP can monitor, filter, and block data in motion (such as emails), data at rest (such as files), and data in use (such as applications). DLP can also alert the sender, the recipient, or the administrator of the data breach, and apply remediation actions, such as encryption, quarantine, or deletion. DLP can help an organization comply with data protection regulations, such as GDPR, HIPAA, or PCI DSS, and protect its reputation and assets.
A security analyst has been informed by the cyber operations team about a new method attackers are using to breach networks. SIEM alerts have not been configured yet. What should the analyst do to detect this activity?
A. Digital forensics
B. E-discovery
C. Incident response
D. Threat hunting
D. Threat hunting
Which of the following threat actors is the most likely to be hired by a foreign government to attack critical systems located in other countries?
A. Hacktivist
B. Whistleblower
C. Organized crime
D. Unskilled attacker
C. Organized crime.
Organized crime groups are often well-funded, highly skilled, and capable of carrying out sophisticated cyberattacks, including those targeting critical infrastructure. Governments might collaborate with or hire these groups for cyber espionage, sabotage, or other malicious activities aimed at destabilizing or compromising another nation’s critical systems.
Which of the following is used to add extra complexity before using a one-way data transformation algorithm?
A. Key stretching
B. Data masking
C. Steganography
D. Salting
D. Salting
Salting involves adding random data to the input of a one-way hash function to ensure that the same input will produce different hash values, thus making it more difficult for attackers to use precomputed hash tables (rainbow tables) to reverse engineer the original input.
An employee clicked a link in an email from a payment website that asked the employee to update contact information. The employee entered the log-in information but received a “page not found” error message. Which of the following types of social engineering attacks occurred?
A. Brand impersonation
B. Pretexting
C. Typosquatting
D. Phishing
D. Phishing.
Phishing is a type of social engineering attack that involves sending fraudulent emails that appear to be from legitimate sources, such as payment websites, banks, or other trusted entities. The goal of phishing is to trick the recipients into clicking on malicious links, opening malicious attachments, or providing sensitive information, such as log- in credentials, personal data, or financial details. In this scenario, the employee received an email from a payment website that asked the employee to update contact information. The email contained a link that directed the employee to a fake website that mimicked the appearance of the real one. The employee entered the log-in information, but received a “page not found” error message. This indicates that the employee fell victim to a phishing attack, and the attacker may have captured the employee’s credentials for the payment website.
An enterprise is trying to limit outbound DNS traffic originating from its internal network. Outbound DNS requests will only be allowed from one device with the IP address 10.50.10.25. Which of the following firewall ACLs will accomplish this goal?
A. Access list outbound permit 0.0.0.0/0 0.0.0.0/0 port 53
Access list outbound deny 10.50.10.25/32 0.0.0.0/0 port 53
B. Access list outbound permit 0.0.0.0/0 10.50.10.25/32 port 53
Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53
C. Access list outbound permit 0.0.0.0/0 0.0.0.0/0 port 53
Access list outbound deny 0.0.0.0/0 10.50.10.25/32 port 53
D. Access list outbound permit 10.50.10.25/32 0.0.0.0/0 port 53
Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53
Selected Answer: D
Permit 10.50.10.25/32 0.0.0.0/0 port 53: This rule allows outbound DNS requests from the device with the IP address 10.50.10.25.
Deny 0.0.0.0/0 0.0.0.0/0 port 53: This rule denies all other outbound DNS requests from any other devices on any IP address.
A data administrator is configuring authentication for a SaaS application and would like to reduce the number of credentials employees need to maintain. The company prefers to use domain credentials to access new SaaS applications. Which of the following methods would allow this functionality?
A. SSO
B. LEAP
C. MFA
D. PEAP
Selected Answer: A. SSO (Single Sign-On)
Single Sign-On (SSO) enables users to authenticate once with their domain credentials and then access multiple applications without needing to re-enter their credentials each time. This aligns with the company’s preference to use domain credentials and reduces the burden of managing multiple sets of credentials for different applications.
Protected Extensible Authentication Protocol (PEAP) is a security protocol that protects wireless and wired networks. It’s used to authenticate clients, such as laptops and mobile devices, to a network server or access point.
Which of the following scenarios describes a possible business email compromise attack?
A. An employee receives a gift card request in an email that has an executive’s name in the display field of the email.
B. Employees who open an email attachment receive messages demanding payment to access files.
C. A service desk employee receives an email from the HR director asking for log-in credentials to a cloud administrator account.
D. An employee receives an email with a link to a phishing site that is designed to look like the company’s email portal.
** Answer: A **
A. This scenario describes a Business Email Compromise (BEC) attack, which is a type of phishing attack that relies on social engineering. In a BEC attack, attackers impersonate a trusted individual (often an executive) and use their name or email address to request sensitive information, payments, or, as in this case, gift cards. These attacks often rely on urgency and authority to trick employees into acting without verifying the request.
C. A service desk employee receives an email from the HR director asking for log-in credentials to a cloud administrator account. –> Credential Harvesting
What is the objective of conducting a network security assessment?
A: To monitor network activity
B: To prevent data breaches
C: To identify vulnerabilities and weaknesses in the network
D: To improve network speed
** Answer:
C: To identify vulnerabilities and weaknesses in the network
**
Bob calculated a unique identifier for three separate log files on his computer. Each file contains entries from distinct days. What function did Bob likely use?
A: Use of a secure hash function
B: Collision
C: Syntax error
D: Decryption
** Answer: A: Use of a secure hash function **
What are the benefits of DomainKeys Identified Mail (DKIM) in improving email security?
A: By storing emails on a gateway
B: By filtering DNS requests
C: By blocking or allowing access to specific websites
D: By providing a digital signature to authenticate email content and its sender
** Answer:
D: By providing a digital signature to authenticate email content and its sender
**
What term describes the new technique recently implemented by Steve’s company to secure remote access for BYOD mobile device users, where users connect to corporate systems through a dedicated application with no corporate data accessible outside of it?
A: Full device encryption
B: Storage segmentation
C: Sideloading
D: Containerization
** Answer: D: Containerization **
Sideloading is the process of installing software from an unapproved source, which can be risky. Sideloaded apps can contain malware, adware, spyware, and other threats.
Containerization security is the practice of protecting containers and their applications from threats and risks. It involves implementing security policies and tools throughout the container’s lifecycle
Bob is investigating an incident and wants the records of attempted connections to a RDP server. Which logs are unlikely to have this information?
A: Database logs
B: System logs
C: Netflow logs
D: Security logs
**
Answer: A: Database logs
**
If a company replaces a user’s Social Security Number with a random string of characters for processing, but retains a secure mapping to the original number, which method are they using?
A: Tokenization
B: Hashing
C: Masking
D: Encryption
**
Answer: A: Tokenization
**
What aspect of security does the Metasploit Framework primarily concentrate on?
A: Network mapping
B: Exploiting discovered vulnerabilities
C: Vulnerability scanning
D: Post-compromise analysis
** Answer:
B: Exploiting discovered vulnerabilities
**
The Metasploit framework is a very powerful tool that can be used by cybercriminals as well as ethical hackers to probe systematic vulnerabilities on networks and servers. Because it’s an open-source framework, it can be easily customized and used with most operating systems.
When an administrator adjusts hashed passwords to include randomization, ensuring that identical inputs lead to varied outputs, what term applies to this modification?
A: Key stretching
B: Salting
C: IPSec
D: Hasing
** Answer:
B: Salting
**
Salting: Adds random data to passwords before hashing, making them harder to crack using methods like rainbow tables. Unique Functions: Encryption secures data, hashing ensures integrity, and salting makes password protection stronger.
Bob has observed irregular spikes in network activity, including an elevated number of outbound DNS query responses with notably larger sizes than the queries. What type of attack should Bob suspect?
A: Pass-the-hash
B: Cross-site scripting
C: Amplification
D: DNS poisoning
** Answer:
C: Amplification
**
Amplification in security refers to a cyberattack where an attacker sends a large request and receives an oversized response. This can be used to launch a Distributed Denial of Service (DDoS) attack.
Which aspect of risk management is highlighted when a company harmonizes its security policies with industry standards, laws, and regulations?
A: Risk Mitigation
B: Security Controls
C: Risk Transference
D: Compliance Enactment
** Answer:
D: Compliance Enactment
**
“Compliance enactment” in security refers to the process of actively implementing and following security measures that adhere to established regulations, industry standards, and internal policies, ensuring an organization takes concrete steps to protect sensitive data and systems by meeting all necessary compliance requirements; essentially, it means putting security rules into practice to avoid violations and maintain a secure environment.
Among the choices provided, which one illustrates a reactive measure in incident response?
A: Implementing intrusion detection systems
B: Regularly patching software and systems
C: Conducting security awareness training for employees
D: Investigating and containing a security incident
** Answer:
D: Investigating and containing a security incident
**
What is the recommended approach for resolving the problem when employees within the network segment encompassed by a new firewall experience connectivity problems attributable to the Firewall lacking configuration?
A: The firewall should be configured with access lists to allow inbound and outbound traffic.
B: The firewall should be configured to include an explicit deny rule.
C: The firewall should be configured with port security to allow traffic.
D: The firewall should be configured to prevent user traffic from matching the implicit deny rule
** Answer:
D: The firewall should be configured to prevent user traffic from matching the implicit deny rule.
**
When an attacker gains access to the victim’s local network, which technique is typically employed to facilitate a man-in-the-middle attack?
A: Buffer overflow
B: ARP spoofing
C: Cross-site scripting
D: Directory traversal
** Answer: B ARP spoofing**
A man-in-the-middle (MITM) attack is a cyberattack where a hacker inserts themselves between two parties to intercept their communications. The attacker can then steal data or manipulate the conversation.
ARP spoofing is a type of attack in which a malicious actor sends falsified ARP (Address Resolution Protocol) messages over a local area network. This results in the linking of an attacker’s MAC address with the IP address of a legitimate computer or server on the network.