Remember This

Question 1

A use case helps:

Answer 1

professionals identify and clarify requirements to achieve a goal

Question 2

Confidentiality ensures:

Answer 2

that data is only viewable by authorized users

Question 3

Encryption is the:

Answer 3

best choice to provide confidentiality

Question 4

Access controls protect:

Answer 4

the confidentiality of data

Question 5

Steganography supports:

Answer 5

obfuscation by making the hidden data harder to see

Question 6

Integrity provides:

Answer 6

assurances that data has not been modified, tampered with, or corrupted through unauthorized or unintended changes

Question 7

Hashing is a common method:

Answer 7

of ensuring integrity

Question 8

Non-repudiation prevents:

Answer 8

entities from denying they took an action

Question 9

Digital signatures provide what 2 things?

Answer 9

non-repudiation

integrity for files and email

Question 10

Audit logs provide:

Answer 10

non-repudiation

Question 11

Availability ensures:

Answer 11

that data and services are available when needed

Question 12

Risk is:

Answer 12

the possibility of a threat exploiting a vulnerability, resulting in a loss

Question 13

A threat is:

Answer 13

any circumstance or event that has the potential to compromise confidentiality, integrity, or availability

Question 14

A vulnerability is:

Answer 14

a weakness in either the hardware, software, configuration, or users operating the system

Question 15

Risk mitigation reduces risk by:

Answer 15

reducing the chances that a threat will exploit a vulnerability

by reducing the impact of the risk

Question 16

Security controls reduce:

Answer 16

risks

Question 17

The three primary security control types are:

Answer 17

technical

administrative

physical

Question 18

A technical control is:

Answer 18

one that uses technology to reduce vulnerabilities

Question 19

Some examples of technical controls are:

Answer 19

Encryption

antivirus software

IDSs

firewalls

the principle of least privilege

Question 20

Administrative controls are:

Answer 20

primarily administrative and include items such as risk and vulnerability assessments

Question 21

Preventive controls attempt to:

Answer 21

prevent security incidents

Question 22

Detective controls attempt to:

Answer 22

detect when a vulnerability has been exploited

Question 23

Corrective controls attempt to:

Answer 23

reverse the impact of an incident or problem after it has occurred

Question 24

Deterrent controls attempt to:

Answer 24

prevent incidents by discouraging threats

Question 25

Compensating controls are:

Answer 25

alternative controls used when it isn’t feasible or possible to use the primary control

Question 26

Virtualization allows:

Answer 26

multiple servers to operate on a single physical host

Question 27

Type I hypervisors run:

Answer 27

directly on the system hardware

Question 28

Type II hypervisors run:

Answer 28

as software within a host operating system

Question 29

Container virtualization is:

Answer 29

a specialized version of a Type II hypervisor. It allows services or applications to run within their own isolated cells or containers.

Question 30

Containers don’t have:

Answer 30

a full operating system but instead use the kernel of the host

Question 31

Snapshots capture:

Answer 31

the state of a VM at a moment in time

Question 32

Administrators often take a snapshot before what?

Answer 32

performing a risky operation

Question 33

VM sprawl can occur:

Answer 33

if personnel within the organization don’t manage the VMs

Question 34

VM escape attacks allow:

Answer 34

an attacker to access the host system from the VM

Question 35

You run command-line tools in the:

Answer 35

Command Prompt window in Windows and the terminal in Linux

Question 36

The ping command can:

Answer 36

be used to check connectivity

check name resolution

verify that routers, firewalls, and intrusion prevention systems block Internet Control Message Protocol (ICMP)

Question 37

The ipconfig command on Windows allows:

Answer 37

you to view the configuration of network interfaces

Question 38

Linux uses ifconfig and/or ip to:

Answer 38

view and manipulate the configuration of network interfaces

Question 39

Netstat allows you to:

Answer 39

view statistics for TCP/IP protocols and view all active network connections. This can be useful if you suspect malware is causing a computer to connect with a remote computer

Question 40

Tracert lists:

Answer 40

the routers (also called hops) between two systems. It can be used to verify a path has not changed

Question 41

The arp command allows you to:

Answer 41

view and manipulate the ARP cache. This can be useful if you suspect a system’s ARP cache has been modified during an attack

Question 42

Authentication allows:

Answer 42

entities to prove their identity by using credentials known to another entity

Question 43

Identification occurs when:

Answer 43

a user claims or professes an identity, such as with a username, an email address, a PIV card, or by using biometrics

Question 44

Authentication occurs when:

Answer 44

an entity provides proof of an identity (such as a password). A second entity is the authenticator and it verifies the authentication

Question 45

Authorization provides:

Answer 45

access to resources based on a proven identity

Question 46

Accounting methods track:

Answer 46

user activity and record the activity in logs

Question 47

Five factors of authentication are:

Answer 47

Something you know, such as a username and password

Something you have, such as a smart card, CAC, PIV, or token

Something you are, using biometrics, such as fingerprints or retina scans

Somewhere you are, using geolocation, a computer name, or a MAC address

Something you do, such as gestures on a touch screen

Question 48

The something you know factor typically refers to:

Answer 48

a shared secret, such as a password or a PIN. This is the least secure form of authentication

Question 49

Passwords should be:

Answer 49

strong and changed often

Question 50

Complex passwords include:

Answer 50

multiple character types

Question 51

Strong passwords are:

Answer 51

complex and at least 14 characters long

Question 52

Administrators should verify a:

Answer 52

user’s identity before resetting the user’s password

Question 53

When resetting passwords manually:

Answer 53

administrators should configure them as temporary passwords that expire after the first use, requiring users to create a new password the first time they log on.

Question 54

Self-service password systems:

Answer 54

automate password recovery

Question 55

Password policies provide:

Answer 55

a technical means to ensure users employ secure password practices

Question 56

Password length specifies:

Answer 56

the minimum number of characters in the pasword

Question 57

Password complexity ensures:

Answer 57

passwords are complex and include at least three of the four character types

Question 58

Password history remembers:

Answer 58

past passwords and prevents users from reusing passwords

Question 59

Minimum password age is:

Answer 59

used with password history to prevent users from changing their password repeatedly to get back to the original password

Question 60

Maximum password age or password expiration forces:

Answer 60

users to change their password periodically

Question 61

When administrators reset user passwords, the password should:

Answer 61

expire upon first use

Question 62

Password policies should:

Answer 62

apply to any entity using a password. This includes user accounts and accounts used by services and applications

Question 63

Applications with internally created passwords should:

Answer 63

still adhere to the organization’s password policy

Question 64

Account lockout policies:

Answer 64

lock out an account after a user enters an incorrect password too many times.

Question 65

Smart cards are:

Answer 65

credit card-sized cards that have embedded certificates used for authentication. They require a PKI to issue certificates

Question 66

Common Access Cards (CACs) and Personal Identity Verification (PIV) cards can:

Answer 66

be used as photo IDs and as smart cards

Question 67

Tokens (or key fobs) display:

Answer 67

numbers in an LCD. These numbers provide rolling, one-time use passwords and are synchronized with a server

Question 68

USB tokens include:

Answer 68

an embedded chip and a USB connection. Generically, these are called hardware tokens

Question 69

HMAC-based one-time passwords (HOTP) and Time-based one-time passwords (TOTP) are:

Answer 69

open source standards used to create one-time-use passwords

Question 70

Hash-based Message Authentication one-time password (HOTP) creates:

Answer 70

a one-time-use password that does not expire

Question 71

TOTP creates:

Answer 71

a one-time password that expires after 30 seconds

Question 72

Biometric methods are:

Answer 72

the most difficult to falsify.

Question 73

Biometric physical methods include:

Answer 73

voice and facial recognition

fingerprints

retina scans

iris scans

palm scans

Question 74

Biometric methods can also be used for:

Answer 74

identification

Question 75

The false acceptance rate (FAR), or false match rate, identifies:

Answer 75

the percentage of times false acceptance occurs

Question 76

The false rejection rate (FRR), or false nonmatch rate, identifies:

Answer 76

the percentage of times false rejections occur

Question 77

The crossover error rate (CER) indicates:

Answer 77

the quality of the biometric system. Lower CERs are better

Question 78

Single-factor authentication includes:

Answer 78

one or more authentication methods in the same factor, such as a PIN and a password

Question 79

Dual-factor (or two-factor) authentication:

Answer 79

used two factors of authentication, such as a USB token and a PIN

Question 80

Multifactor authentication uses:

Answer 80

two or more factors. Is stronger than any form of single-factor authentication

Question 81

Authentication methods using two or more methods in the same factor are:

Answer 81

single-factor authentication

Question 82

Kerberos is a:

Answer 82

network authentication protocol using tickets issued by a Key Distribution Center KDC or Ticket Granting Ticket TGT server.

Question 83

If a ticket-granting ticket expires:

Answer 83

the user might not be able to access resources.

Question 84

Microsoft Active Directory domains and Unix realms use:

Answer 84

Kerberos for authentication

Question 85

Lightweight Directory Access Protocol (LDAP) specifies:

Answer 85

formats and methods to query directories. It provides a single point of management for objects, such as users and computers, in an Active Directory domain or Unix realm

Question 86

Lightweight Directory Application Protocol LDAP Secure (LDAPS):

Answer 86

encrypts transmissions with Secure Sockets Layer (SSL) or Transport Layer Security (TLS)

Question 87

Single sign-on (SSO) allows:

Answer 87

users to authenticate with a single user account and access multiple resources on a network without authenticating again

Question 88

SSO can be used to:

Answer 88

provide central authentication with a federated database and use this authentication in an environment with different operating systems

Question 89

Security Assertion Markup Language SAML is an:

Answer 89

XML-based standard used to exchange authentication and authorization information between different parties.

Question 90

SAML is used with:

Answer 90

web-based applications

Question 91

A federated identity links:

Answer 91

a user’s credentials from different networks or operating systems, but the federation treats it as one identity

Question 92

Shibboleth is:

Answer 92

an open source federated identity solution that includes Open SAML libraries

Question 93

OAuth and OpenID Connect are:

Answer 93

used by many web sites to streamline the authentication process for users

Question 94

OAuth and OpenID allow:

Answer 94

users to log on to many web sites with another account, such as one they’ve created with Google and Facebook

Question 95

The principle of least privilege is:

Answer 95

a technical control that uses access controls

Question 96

The principle of least privilege specifies that:

Answer 96

individuals or processes are granted only the rights and permissions needed to perform assigned tasks or functions, but no more

Question 97

Users should not share:

Answer 97

accounts

Question 98

Most organizations ensure the:

Answer 98

Guest account is disabled

Question 99

Account policies often require:

Answer 99

administrators to have two accounts (an administrator account and a standard user account) to prevent privilege escalation and other attacks

Question 100

An account disablement policy ensures that:

Answer 100

inactive accounts are disabled

Question 101

Accounts for employees who:

Answer 101

either resign or are terminated should be disabled as soon as possible.

Question 102

Configuring expiration dates on temporary accounts ensures:

Answer 102

they are disabled automatically

Question 103

Time restrictions can:

Answer 103

prevent users from logging on or accessing network resources during specific hours.

Question 104

Location-based policies prevent:

Answer 104

users from logging on from certain locations

Question 105

Accounts should be recertified to:

Answer 105

verify they are still required.

Question 106

Administrators routinely perform:

Answer 106

account maintenance.

Question 107

Account maintenance is often done with:

Answer 107

scripts to automate the processes and includes deleting accounts that are no longer needed

Question 108

Credential management systems:

Answer 108

store and simplify the use of credentials for users

Question 109

The role-based access control (role-BAC) model uses:

Answer 109

roles to grant access by placing users into roles based on their assigned jobs, functions, or tasks

Question 110

A matrix matches:

Answer 110

job titles with required privileges

Question 111

Group-based privileges are a form of:

Answer 111

role-BAC

Question 112

In a Group-based privilege company, Administrators:

Answer 112

create groups, add users to the groups, and then assign permissions to the groups.

Question 113

The rule-based access control (rule-BAC) model is:

Answer 113

based on a set of approved instructions, such as ACL rules in a firewall.

Question 114

Some rule-BAC implementations use:

Answer 114

rules that trigger in response to an event, such as modifying ACLs after detecting an attack

Question 115

In the discretionary access control (DAC) model, every object has:

Answer 115

an owner that has explicit access and establishes access for any other user

Question 116

Microsoft NTFL uses:

Answer 116

the DAC model, with every object having a discretionary access control list (DACL)

Question 117

The discretionary access control list (DACL) identifies:

Answer 117

who has access and what access they are granted

Question 118

A major flaw of the DAC model is:

Answer 118

its susceptibility to Trojan horses

Question 119

Mandatory access control (MAC) uses:

Answer 119

security or sensitivity labels to identify objects (what you’ll secure) and subjects( users)

Question 120

MAC is often used when:

Answer 120

access needs to be restricted based on predefined security labels. These labels are often defined with a lattice to specify the upper and lower security boundaries

Question 121

An attribute-based access control (ABAC) evaluates:

Answer 121

attributes and grants access based on the value of these attributes.

Question 122

An ABAC is used in many:

Answer 122

software defined networks (SDNs)

Question 123

Protocol used for voice and video include:

Answer 123

Real-time Transport Protocol (RTP) and Secure Real-time Transport (SRTP)

Question 124

Secure Real-time Transport Protocol (SRTP) provides:

Answer 124

encryption, message authentication, and integrity for RTP

Question 125

File Transfer Protocol (FTP) is commonly used to:

Answer 125

transfer files over networks, but FTP does not encrypt the transmission

Question 126

Several encryption protocols encrypt:

Answer 126

data-in-transmit to protect its confidentiality

Question 127

The encryption protocols that encrypt data-in-transmit to protect its confidentiality are:

Answer 127

File Transfer Protocol Secure (FTPS)

Secure File Transfer Protocol (SFTP)

Secure Shell (SSH)

Secure Sockets Layer (SSL)

Transport Layer Security (TLS)

Question 128

SMTP sends:

Answer 128

email using TCP port 25

Question 129

POP3 receives:

Answer 129

email using TCP port 110

Question 130

IMAP4 uses:

Answer 130

TCP port 143

Question 131

Secure POP uses:

Answer 131

TLS on port 995 (legacy) or with STARTTLS on port

Question 132

HTTP uses:

Answer 132

port 80 for web traffic

Question 133

HTTPS encrypts:

Answer 133

HHTP traffic in transmit and uses port 443

Question 134

Directory services solutions implement:

Answer 134

Kerberos as the authentication protocol

Question 135

Lightweight Directory Access Protocol (LDAP) uses what port?

Answer 135

TCP port 389

Question 136

LDAP Secure (LDAPS) uses what port?

Answer 136

TCP port 636

Question 137

The Network Time Protocol (NTP) provides:

Answer 137

time synchronization services

Question 138

Domain Name System (DNS) provides:

Answer 138

domain name resolution

Question 139

DNS zones include:

Answer 139

A records for IPv4 addresses

AAAA records for IPv6 addresses

Question 140

Zone data is:

Answer 140

updated with zone transfers and secure zone transfers help prevent unauthorized access to zone data

Question 141

DNS uses:

Answer 141

TCP port 53 for zone transfers

UDP port 53 for DNS client queries

Question 142

Domain Name System Security Extensions (DNSSEC) provides:

Answer 142

validation for DNS responses and helps prevent DNS poisoning attacks

Question 143

Two command-line tools used to query DNS are:

Answer 143

nslookup and dig

Question 144

Both nslookup and dig support:

Answer 144

axfr switch, allowing them to download all zone data from a DNS server, unless the DNS server blocks the attempt

Question 145

Switches are used for:

Answer 145

network connectivity and they map media access control (MAC) addresses to physical ports

Question 146

Port security limits:

Answer 146

access to switch ports

Question 147

Port security includes:

Answer 147

limiting the number of MAC addresses per port and disabling unused ports

Question 148

You can manually map:

Answer 148

each port to a specific MAC address or group of addresses

Question 149

An aggregation switch connects:

Answer 149

multiple switches together in a network

Question 150

Routers connect:

Answer 150

networks and direct traffic based on the destination IP address

Question 151

Routers (and firewalls) use:

Answer 151

rules within access control lists (ACLs) to allow or block traffic

Question 152

Implicit deny indicates:

Answer 152

that unless something is explicitly allowed, it is denied.

Question 153

Implicit deny is the last:

Answer 153

rule in an ACL

Question 154

Host-based firewalls filter:

Answer 154

traffic in and out of individual hosts

Question 155

Some Linux systems use:

Answer 155

iptables or xtables for firewall capabilities

Question 156

Network-based firewalls filter:

Answer 156

traffic in and out of a network

Question 157

Network-based firewalls are placed:

Answer 157

on the border of the network, such as between the Internet and an internal network

Question 158

A stateless firewall controls:

Answer 158

traffic between networks using rules within an ACL

Question 159

The ACL can block:

Answer 159

traffic based on ports, IP addresses, subnets, and some protocols

Question 160

Stateful firewalls filter:

Answer 160

traffic based on the state of a packet within a session

Question 161

A web application firewall (WAF) protects:

Answer 161

a web server against web application attacks

Question 162

A web application firewall (WAF) is typically placed:

Answer 162

in the demilitarized zone (DMZ) and will alert administrators of suspicious events

Question 163

A DMZ provides:

Answer 163

a layer of protection for servers that are accessible from the Internet

Question 164

An intranet is:

Answer 164

an internal network

Question 165

People use the intranet to:

Answer 165

communicate and share content with each other

Question 166

An extranet is:

Answer 166

part of a network that can be accessed by authorized entities from outside of the network

Question 167

NAT translates:

Answer 167

public IP addresses to private IP addresses

private back to public, and hides IP addresses on the internal network from users on the Internet

Question 168

Networks use:

Answer 168

various methods to provide networks segregation, segmentation, and isolation

Question 169

An airgap is:

Answer 169

a metaphor for physical isolation, indicating a system or network is completely isolated from another system or network

Question 170

Routers provide:

Answer 170

logical separation and segmentation using ACLs to control traffic

Question 171

Forward proxy servers forward:

Answer 171

requests for services from a client

Question 172

Forward proxy servers can cache:

Answer 172

content and record users’ Internet activity

Question 173

A transparent proxy accepts:

Answer 173

and forwards requests without modifying them

Question 174

A nontransparent proxy can:

Answer 174

modify or filter requests, such as filtering traffic based on destination URLs

Question 175

Reverse proxy servers accept:

Answer 175

traffic from the Internet and forward it one or more internal web servers

Question 176

Reverse proxy server is placed:

Answer 176

in the DMZ and the web servers can be in the internal network

Question 177

A unified threat management (UTM) security appliance includeds:

Answer 177

multiple layers of protection, such as URL filters, content inspection, malware inspection, and a distributed denial-of-service (DDoS) mitigator

Question 178

UTMs typically raise:

Answer 178

alerts and send them to administrators to interpret

Question 179

Mail gateway are logically placed:

Answer 179

between an email server and the Internet

Question 180

Mail gateways examine:

Answer 180

and analyze all traffic and can block unsolicited email with a spam filter

Question 181

Loop protection protects:

Answer 181

against switching loop problems, such as when a user connects two switch ports together with a cable

Question 182

Spanning Tree Protocols protect:

Answer 182

against switching loops

Question 183

Flood guards prevent:

Answer 183

MAC flood attacks on switches

Question 184

VLANS can logically:

Answer 184

separate computers or logically group computers regardless of their physical location

Question 185

You create VLANs with:

Answer 185

Layer 3 switches

Question 186

Routers use:

Answer 186

rules within ACLs as an antispoofing method

Question 187

Border firewalls block:

Answer 187

all traffic coming from private IP addresses

Question 188

Simple Network Management Protocol version 3 SNMPv3 is used to:

Answer 188

monitor and configure network devices and uses notification messages known as traps

Question 189

Simple Network Management Protocol version 3 SNMPv3 uses strong:

Answer 189

authentication mechanisms and is preferred over earlier versions