Sec+ Objective 1 Test Questions Flashcards
1
Q
What kind of security control is associated with a login banner?
❍ A. Preventive
❍ B. Deterrent
❍ C. Corrective
❍ D. Detective
❍ E. Compensating
❍ F. Directive
A
B. Deterrent
A deterrent control does not directly stop an attack, but it may discourage an action. (1.1)
2
Q
An organization is installing a UPS for their new data center. Which of the following would BEST describe this control type?
❍ A. Compensating
❍ B. Directive
❍ C. Deterrent
❍ D. Detective
A
A. Compensating
A compensating security control doesn’t prevent an attack, but it does restore from an attack using other means. In this example, the UPS
(Uninterruptible Power Supply) does not stop a power outage, but it does provide alternative power if an outage occurs. (1.1)
3
Q
A shipping company stores information in small regional warehouses around the country. The company maintains an IPS at each warehouse to watch for suspicious traffic patterns. Which of the following would BEST describe the security control used at the warehouse?
❍ A. Deterrent
❍ B. Compensating
❍ C. Directive
❍ D. Detective
A
D. Detective
An IPS can detect, alert, and log an intrusion attempt. The IPS could also be categorized as a preventive control, since it has the ability to actively block known attacks. (1.1)
4
Q
A company is concerned their EDR solution will not be able to stop more advanced ransomware variants. Technicians have created a backup and restore utility to get most systems up and running less than an hour after an attack. What type of security control is associated with this restore process?
❍ A. Directive
❍ B. Compensating
❍ C. Preventive
❍ D. Detective
A
B. Compensating
Instead of preventing an attack, a compensating control is used to restore systems using other means. A streamlined backup and restore process compensates for the limited security features of the EDR (Endpoint Detection and Response) software. (1.1)
5
Q
What is EDR?
A
Endpoint Detection and Response. A type of software that can detect threats based upon behavioral analysis, machine learning, and process monitoring. It’s a lightweight agent on the endpoint. Analyses the behavior of a threat and is able to detect it again.
6
Q
What type of security control would be associated with corporate security policies?
❍ A. Technical
❍ B. Operational
❍ C. Managerial
❍ D. Physical
A
C. Managerial
A managerial control type is associated with security design and implementation. Security policies and standard operating procedures are
common examples of a managerial control type. (1.1)
7
Q
A security technician observes that the data center’s server racks are accessible to all employees, posing a risk to critical infrastructure. What is the most appropriate physical control to mitigate this risk?
A) Implement a network intrusion detection system
B) Install locks on the server rack doors
C) Update the antivirus software on the servers
D) Conduct a risk assessment of the data center
A
B) Install locks on the server rack doors
Physical Controls: Controls that limit physical access to a building, room or device. Locks, fences, and badge readers are examples of this. (1.1)
8
Q
Which of the following answers can be used to describe technical security controls? (Select 3 answers)
A) Focused on protecting material assets
B) Sometimes called logical security controls
C) Executed by computer systems (instead of people)
D) Also known as administrative controls
E) Implemented with technology
F) Primarily implemented and executed by people (as opposed to computer systems)
A
B) Sometimes called logical security controls
C) Executed by computer systems (instead of people)
E) Implemented with technology
Technical Controls: Controls implemented using some type of technical system, for example, setting up policies and procedures in an OS that would allow or disallow different functions from occurring. Firewalls, anti-virus, and other similar software fall under this category. (1.1)
9
Q
Which of the answers listed below refer to examples of technical security controls? (Select 3 answers)
A) Security Audits
B) Encryption
C) Organizational Security Policy
D) IDSs
E) Configuration Management
F) Firewalls
A
B) Encryption
D) IDSs
F) Firewalls
Technical Controls: Controls implemented using some type of technical system, for example, setting up policies and procedures in an OS that would allow or disallow different functions from occurring. Firewalls, anti-virus, and other similar software fall under this category. (1.1)
10
Q
Which of the following answers refer to the characteristic features of managerial security controls? (Select 3 answers)
A) Also known as administrative controls
B) Sometimes referred to as logical security controls
C) Focused on reducing the risk of security incidents
D) Executed by computer systems (instead of people)
E) Documented in written policies
F) Focused on protecting material assets
A
A) Also known as administrative controls
C) Focused on reducing the risk of security incidents
E) Documented in written policies
Managerial Controls: A series of policies that explain to end users the best way to manage their computers, data, or other systems. A security policy document or manual is an example of this. (1.1)
11
Q
Examples of managerial security controls include: (Select 3 answers)
A) Configuration management
B) Data backups
C) Organizational security policy
D) Risk assessments
E) Security awareness training
A
C) Organizational security policy
D) Risk assessments
E) Security awareness training
Managerial Controls: A series of policies that explain to end users the best way to manage their computers, data, or other systems. A security policy document or manual is an example of this. (1.1)
12
Q
Which of the answers listed below can be used to describe operational security controls (Select 3 answers)
A) Also known as administrative controls
B) Focused on the day-to-day procedures of an organization
C) Executed by computer systems (instead of people)
D) Used to ensure that the equipment continues to work as specified
E) Focused on managing risk
F) Primarily implemented and executed by people (as opposed to computer systems)
A
B) Focused on the day-to-day procedures of an organization
D) Used to ensure that the equipment continues to work as specified
F) Primarily implemented and executed by people (as opposed to computer systems)
Operational Controls: Controls implemented by people instead of systems or documents. Security guards, awareness programs, and posters are all examples of this. (1.1)
13
Q
Which of the following examples fall into the category of operational security controls? (Select 3 answers)
A) Risk assessments
B) Configuration management
C) System backups
D) Authentication protocols
E) Patch management
A
B) Configuration management
C) System backups
E) Patch management
Operational Controls: Controls implemented by people instead of systems or documents. Security guards, awareness programs, and posters are all examples of this. (1.1)
14
Q
Which of the answers listed below refers to security controls designed to deter, detect, and prevent unauthorized access, theft, damage, or destruction of material assets?
A) Managerial security controls
B) Physical security controls
C) Technical security controls
D) Operational security controls
A
B) Physical security controls
Physical Controls: Controls that limit physical access to a building, room or device. Locks, fences, and badge readers are examples of this. (1.1)
15
Q
Which of the following examples do not fall into the category of physical security controls? (Select 3 answers)
A) Lighting
B) Access control vestibules
C) Data backups
D) Fencing/Bollards/Barricades
E) Firewalls
F) Security guards
G) Asset management
A
C) Data backups
E) Firewalls
G) Asset management
Physical Controls: Controls that limit physical access to a building, room or device. Locks, fences, and badge readers are examples of this. (1.1)
16
Q
What are the examples of preventive security controls? (Select 3 answers)
A) Encryption
B) IDS
C) Sensors
D) Firewalls
E) Warning signs
F) AV software
A
A) Encryption
D) Firewalls
F) AV software
Preventive Controls: Block access to a resource. (1.1)
17
Q
Examples of deterrent security controls include: (Select 3 answers)
A) Warning signs
B) Sensors
C) Lighting
D) Video surveillance
E) Security audits
F) Fencing/Bollards
A
A) Warning signs
C) Lighting
F) Fencing/Bollards
Deterrent Controls: Discourages an intrusion, but does not directly prevent access. (1.1)
18
Q
Which of the answers listed below refer(s) to detective security control(s)? (Select all that apply)
A) Lighting
B) Log monitoring
C) Sandboxing
D) Security audits
E) CCTV
F) IDS
G) Vulnerability scanning
A
B) Log monitoring
E) CCTV
F) IDS
G) Vulnerability scanning
Detective Controls: Identifies and logs an intrusion attempt (1.1)
19
Q
Which of the following answers refer(s) to corrective security control(s)? (Select all that apply)
A) IRPs
B) Log monitoring
C) Backups and system recovery
D) DRPs
E) Forensic analysis
A
A) IRPs
C) Backups and system recovery
D) DRPs
E) Forensic analysis
Corrective Controls: Applies a control after an event has been detected. (1.1)
20
Q
Which of the answers listed below refer(s) to compensating security control(s)? (Select all that apply)
A) Temporary service disablement
B) Video surveillance
C) MFA
D) Backup power systems
E) Sandboxing
F) Temporary port blocking
A
A) Temporary service disablement
C) MFA
D) Backup power systems
E) Sandboxing
F) Temporary port blocking
Compensating: A control method using other means instead (Plan B) (1.1)
21
Q
True or False: The term “Directive security controls” refers to the category of security controls that are implemented through policies and procedures.
A
True.
Directive Controls: Directs a subject towards security compliance. (1.1)
22
Q
Which of the following terms fall into the category of directive security controls? (Select 2 answers)
A) IRP
B) AUP
C) IDS
D) MFA
E) IPS
A
A) IRP
B) AUP
Directive Controls: Directs a subject towards security compliance. (1.1)
23
Q
Which of the following would explain why a company would automatically add a digital signature to each outgoing email message?
❍ A. Confidentiality
❍ B. Integrity
❍ C. Authentication
❍ D. Availability
A
B. Integrity
Integrity refers to the trustworthiness of data. A digital signature allows the recipient to confirm that none of the data has been changed since the digital signature was created. (1.2)
24
Q
A company would like to examine the credentials of each individual entering the data center building. Which of the following would BEST facilitate this requirement?
❍ A. Access control vestibule
❍ B. Video surveillance
❍ C. Pressure sensors
❍ D. Bollards
A
A. Access control vestibule
An access control vestibule is a room designed to restrict the flow of individuals through an area. These are commonly used in high security
areas where each person needs to be evaluated and approved before access can be provided. (1.2)
25
An organization is implementing a security model where all application requests must be validated at a policy enforcement point. Which of the following would BEST describe this model?
❍ A. Public key infrastructure
❍ B. Zero trust
❍ C. Discretionary access control
❍ D. Federation
B. Zero trust
Zero trust describes a model where nothing is inherently trusted and everything must be verified to gain access. A central policy enforcement point is commonly used to implement a zero trust architecture. (1.2)
26
A user has opened a helpdesk ticket complaining of poor system performance, excessive pop up messages, and the cursor moving without anyone touching the mouse. This issue began after they opened a spreadsheet from a vendor containing part numbers and pricing information. Which of the following is MOST likely the cause of this user's issues?
❍ A. On-path
❍ B. Worm
❍ C. Trojan horse
❍ D. Logic bomb
C. Trojan horse
Since a Trojan horse is usually disguised as legitimate software, the victim often doesn’t realize they’re installing malware. Once the Trojan is installed, the attacker can install additional software to control the infected system. (1.2)
27
A security administrator has configured a virtual machine in a screened subnet with a guest login account and no password. Which of the following would be the MOST likely reason for this configuration?
❍ A. The server is a honeypot for attracting potential attackers
❍ B. The server is a cloud storage service for remote users
❍ C. The server will be used as a VPN concentrator
❍ D. The server is a development sandbox for third-party
programming projects
A. The server is a honeypot for attracting potential attackers.
A screened subnet is a good location to configure services that can be accessed from the Internet, and building a system that can be easily compromised is a common tactic for honeypot systems. (1.2)
28
A company is launching a new internal application that will not start until a username and password is entered and a smart card is plugged into the computer. Which of the following BEST describes this process?
❍ A. Federation
❍ B. Accounting
❍ C. Authentication
❍ D. Authorization
C. Authentication
The process of proving who you say you are is authentication. In this example, the password and smart card are two factors of authentication,
and both reasonably prove that the person with the login credentials is authentic. (1.2)
29
A company is concerned about security issues at their remote sites. Which of the following would provide the IT team with more information of potential shortcomings?
❍ A. Gap analysis
❍ B. Policy administrator
❍ C. Change management
❍ D. Dependency list
A. Gap analysis
A gap analysis is a formal process comparing the current security posture with where the company would like to be. This often examines many different aspects of the overall security environment. (1.2)
30
When a person enters a data center facility, they must check-in before they are allowed to move further into the building. People who are leaving must be formally checked-out before they are able to exit the building. Which of the following would BEST facilitate this process?
❍ A. Access control vestibule
❍ B. Air gap
❍ C. Pressure sensors
❍ D. Bollards
A. Access control vestibule
An access control vestibule is commonly used to control the flow of people through a particular area. Unlocking the one door of the vestibule
commonly restricts the other door from opening, thereby preventing someone from walking through without stopping. It’s common in large
data centers to have a single room as the access control vestibule where users are checked in and out of the facility. (1.2)
31
A company is updating components within the control plane of their zero-trust implementation. Which of the following would be part of this update?
❍ A. Policy engine
❍ B. Subjects
❍ C. Policy enforcement point
❍ D. Zone configurations
A. Policy engine
The policy engine is located in the control plane and evaluates each access decision based on security policy and other information sources. The policy engine determines if access should be granted, denied, or revoked. (1.2)
32
What is the control plane?
Also called the Control Layer. Manages the actions of the data plane. Has all of the routing, session, and NAT tables.
33
What is a policy engine?
Thing that looks at all of the requests that are coming through the network, examines each request, compares it to a set of predefined security policies, and then makes a decision on whether the request is granted, denied, or revoked.
34
A company would like to automatically monitor and report on any movement occurring in an open field at the data center. Which of the following would be the BEST choice for this task?
❍ A. Bollard
❍ B. Microwave sensor
❍ C. Access control vestibule
❍ D. Fencing
B. Microwave sensor
Microwave sensors can detect movement across large areas such as open fields. (1.2)
35
A system administrator would like to prove an email message was sent by a specific person. Which of the following describes the verification of this message source?
❍ A. Non-repudiation
❍ B. Key escrow
❍ C. Asymmetric encryption
❍ D. Steganography
A. Non-repudiation
Non-repudiation is used to verify the source of data or a message. Digital signatures are commonly used for non-repudiation. (1.2)
36
Visitors to a corporate data center must enter through the main doors of the building. Which of the following security controls would be the
BEST choice to successfully guide people to the front door? (Select TWO)
❍ A. Infrared sensors
❍ B. Bollards
❍ C. Biometrics
❍ D. Fencing
❍ E. Access badges
❍ F. Video surveillance
B. Bollards
and
D. Fencing
Both bollards and fencing provide physical security controls to direct people to an area by limiting their access to other areas. (1.2)
37
Which of the following would BEST describe a honeytoken?
A) A publicly accessible password.txt file
B) Intentionally incorrect API credentials
C) A virtual machine with a known vulnerability
D) A workstation without a locking screen saver
E) A random access code used during login
B) Intentionally incorrect API credentials
Honeytokens: A bit of traceable data added to your honeynet. If data is stolen and shared, you will be notified and can trace it to who stole it. (1.2)
38
Which technology would be utilized in this scenario?
Creating a document with invalid authentication information.
A) Honeyfile
B) OCSP
C) Federation
D) False negative
A) Honeyfile
Honeyfile: A fake file with fake information to attract a bad guy. An alert is sent once the file is accessed. (1.2)
39
The company has faced several instances of tailgating, where unauthorized individuals gain access by following employees into restricted areas. Which deterrent control would be most effective in reducing the occurrence of tailgating?
A) Install more surveillance cameras at all entry points
B) Implement stricter password policies
C) Conduct regular security audits of the access control systems
D) Set up a software based IPS
A) Install more surveillance cameras at all entry points
Video surveillance: Or CCTV. Security cameras that watch areas to see if unauthorized people are gaining access. Can have motion or object detection. (1.2)
40
A security professional is reviewing the security measures of a financial firm's data storage system to ensure it aligns with the C and I of the CIA triad. Which of the following actions would BEST ensure adherence to the C and I?
A) Encrypting stored data
B) Implementing a firewall
C) Regularly updating software
D) Conducting background checks on employees
A) Encrypting stored data
CIA Triad: A combination of principles concerning the fundamentals of security; Confidentiality, Integrity, and Availability. (1.2)
41
A security professional is tasked with identifying the discrepancies between the current security posture and the desired state of security in their organization. Which process should the security professional undertake to identify these discrepancies?
A) Risk assessment
B) Gap analysis
C) Penetration testing
D) Compliance auditing
B) Gap analysis
Gap Analysis: A study of where we are versus where we would like to be. It requires research and consideration of many different IT and security factors in order to close that gap and make sure everything is completed without tripping over itself. (1.2)
42
A security professional is enhancing the physical security measures of a corporate building located in a busy downtown area, with a focus on mitigating vehicle-based threats. Which physical security measure is most suitable for protecting the building against potential vehicle ramming attacks while allowing pedestrian access?
A) Installing video surveillance cameras around the building perimeter
B) Implementing an access control vestibule at the main entrance
C) Erecting bollards along the building's street facing side
D) Enhancing the lighting around the building's entrance
C) Erecting bollards along the building's street facing side
Barricades and bollards: Allow people access by channeling them to a specific point, but prevent vehicles. (1.2)
43
What are the best ways to ensure only authorized personnel can access a secure research facility (select two)?
A) Perimeter fencing
B) CCTV monitoring
C) Badge access system
D) Controlled access vestibule
E) Visitor sign-in log
F) Motion detectors
C) Badge access system
&
D) Controlled access vestibule
Physical Controls: Controls that limit physical access to a building, room or device. Locks, fences, and badge readers are examples of this.
Access Control Vestibule: A place people have to go into first before accessing another part of the building. Opening one door causes another one to lock, or vice versa. (1.2)
44
An organization enforces mobile device encryption policies to ensure that data stored on employees' smartphones and tablets is protected from unauthorized access in case of device loss or theft. What security measure is the organization primarily implementing by enforcing these mobile device encryption policies?
A) Data integrity
B) Data confidentiality
C) Data availability
D) Data authentication
Confidentiality: Ensures that information being exchanged is confidential or private. The concept includes the prevention of disclosure of information to unauthorized individuals or systems. This is achieved through encryption, two-factor authentication, and access controls. (1.2)
45
Which of the terms listed below can be used to describe the basic principles of information security?
A) PKI
B) AAA
C) GDPR
D) CIA
D) CIA
CIA Triad: A combination of principles concerning the fundamentals of security; Confidentiality, Integrity, and Availability. (1.2)
46
True or False: The term "Non-repudiation" describes the inability to deny responsibility for performing a specific action. In the context of data security, non-repudiation ensures data confidentiality, provides proof of data integrity, and proof of data origin.
False.
Non-repudiation: The ability to verify whether the information received is from the sender that the information says it’s from. A non-technological example would be like you signing a document. Only you have your own signature, so that adds non-repudiation to the document you’re signing. (1.2)
47
Which type of user account violates the concept of non-repudiation?
A) Standard user account
B) Shared account
C) Guest user account
D) Service account
B) Shared account
Non-repudiation: The ability to verify whether the information received is from the sender that the information says it’s from. A non-technological example would be like you signing a document. Only you have your own signature, so that adds non-repudiation to the document you’re signing. (1.2)
48
Which part of the AAA security architecture deals with the verification of the identity of a person or process?
A) Authentication
B) Authorization
C) Accounting
A) Authentication
The AAA Framework: Authentication, Authorization, and Accounting.
Authentication: The check between your username, your password, and any other authentication factors. It proves we are who we say we are. (1.2)
49
In the AAA security architecture, the process of granting or denying access to resources is known as:
A) Authentication
B) Authorization
C) Accounting
B) Authorization
The AAA Framework: Authentication, Authorization, and Accounting.
Authorization: What type of access one has after they’ve proven who they are through identification and authentication. (1.2)
50
In the AAA security architecture, the process of tracking accessed services as well as the amount of consumed resources is called:
A) Authentication
B) Authorization
C) Accounting
C) Accounting
The AAA Framework: Authentication, Authorization, and Accounting.
Accounting: A log of who has logged in, sent and received data, and logged out. (1.2)
51
In the context of the AAA framework, common methods for authenticating people include: (Select 3 answers)
A) IP addresses
B) Usernames and passwords
C) MAC addresses
D) Biometrics
E) MFA
B) Usernames and passwords
D) Biometrics
E) MFA
Authentication: The check between your username, your password, and any other authentication factors. It proves we are who we say we are. (1.2)
52
Which of the answers listed below refer to common methods of device authentication used within the AAA framework? (Select 3 answers)
A) Usernames and passwords
B) Digital certificates
C) IP addresses
D) MFA
E) Biometric authentication
F) MAC addresses
B) Digital certificates
C) IP addresses
F) MAC addresses
Authentication: The check between your username, your password, and any other authentication factors. It proves we are who we say we are. (1.2)
53
Which of the following terms describes the process of identifying differences between an organization's current security posture and its desired security posture?
A) Tabletop exercise
B) Gap analysis
C) Security awareness training
D) Risk assessment
B) Gap analysis
Gap Analysis: A study of where we are versus where we would like to be. It requires research and consideration of many different IT and security factors in order to close that gap and make sure everything is completed without tripping over itself. (1.2)
54
True or False: The term "Zero Trust security" refers to a cybersecurity model that eliminates implicit trust from networks and requires all users and devices to be continuously verified before being granted access to resources. The implementation of the Zero Trust security involves two distinct components: a Data Plane, responsible for defining and managing security policies, and a Control Plane, responsible for enforcing the security policies established by the Data Plane.
False
Zero Trust: A holistic approach to network security that covers every device, process and person. You have to authenticate every time you want to gain access to a particular resource. (1.2)
55
Which of the answers listed below refers to a Zero Trust Control Plane security approach that takes into account user identity, device security, network conditions, and other contextual information to enable dynamic access decisions?
A) Implicit trust
B) Monitoring and logging
C) Adaptive identity
D) Microsegmentation
Adaptive Identity: Where you examine the identity of an individual and apply security controls based on other factors than just what the end user told you, such as the end user’s physical location, their relationship to the organization, their type of connection, and their IP address. (1.2)
56
What are the key components of the Zero Trust Control Plane's Policy Decision Point (PDP)? (Select 2 answers)
A) Policy Engine (PE)
B) Monitoring and logging
C) Policy Enforcement Point (PEP)
D) Microsegmentation
E) Policy Administrator (PA)
A) Policy Engine (PE)
E) Policy Administrator (PA)
Policy Engine: Thing that looks at all of the requests that are coming through the network, examines each request, compares it to a set of predefined security policies, and then makes a decision on whether the request is granted, denied, or revoked.
Policy Administrator: Takes the decision made by the policy engine and provides that information to the PEP. (1.2)
57
True or False: In the Zero Trust security architecture, the Policy Enforcement Point (PEP) is a Data Plane component that enforces the security policies defined at the Control Plane by the Policy Decision Point (PDP).
True.
Policy Enforcement Point: (PEP) The gatekeeper that all network traffic goes through. Can be one device or multiple devices working together checking different policies on things. (1.2)
58
True or False: An access control vestibule (a.k.a. mantrap) is a physical security access control system used to prevent unauthorized users from gaining access to restricted areas. An example mantrap could be a two-door entrance point connected to a guard station wherein a person entering from the outside remains locked inside until he/she provides authentication token required to unlock the inner door.
True.
Access Control Vestibule: A place people have to go into first before accessing another part of the building. Opening one door causes another one to lock, or vice versa. (1.2)
59
Which of the following statements about honeypots are true? (Select 2 answers)
A) Honeypots are always part of a honeynet
B) Honeypots mimic real systems to attract cyber attackers
C) Honeypots are a type of anti-malware solution
D) Honeypots contain apparent vulnerabilities that are closely monitored by a security team
E) Honeypots are used to launch attacks on cyber attackers
B) Honeypots mimic real systems to attract cyber attackers
D) Honeypots contain apparent vulnerabilities that are closely monitored by a security team
Honeypot: Setting up a fake system to attract a bad guy, monitoring how they are attempting to override your fake system, and then recording their methods to implement securities on your real system. Tricking evil Winnie the Pooh and trapping him. (1.2)
60
What is a honeynet in the context of cybersecurity?
A) A network of IDSs
B) A network of honeypots
C) A network of infected hosts
D) A network of IPSs
B) A network of honeypots
Honeynet: A bunch of honeypots networked together. Very sticky. (1.2)
61
Which of the answers listed below refers to a honeynet example?
A) A network of fake websites
B) A network of fake servers
C) A network of fake databases
D) A network of fake file shares
E) All of the above
E) All of the above
Honeynet: A bunch of honeypots networked together. Very sticky. (1.2)
62
True or False: A honeyfile can be any type of file (e.g., a document, email message, image, or video file) containing real user data intentionally placed within a network or system to attract potential attackers or unauthorized users.
False.
Honeyfile: A fake file with fake information to attract a bad guy. An alert is sent once the file is accessed. (1.2)
63
A honeyfile can be used for:
A) Attracting cyber attackers
B) Triggering alerts when accessed
C) Monitoring network activity
D) All of the above
D) All of the above
Honeyfile: A fake file with fake information to attract a bad guy. An alert is sent once the file is accessed. (1.2)
64
What is a honeytoken?
A) A decoy file that is designed to attract attackers
B) A unique identifier assigned to a honeyfile
C) A decoy system that is designed to lure potential attackers
D) A unique identifier that is designed to track attackers
D) A unique identifier that is designed to track attackers
Honeytokens: A bit of traceable data added to your honeynet. If data is stolen and shared, you will be notified and can trace it to who stole it. (1.2)
65
Which of the following should not be used as honeytokens? (Select all that apply)
A) Active user account credentials
B) Database entries mimicking real data
C) Actual URLs to live websites or resources
D) Dummy server logs with enticing information
E) Fake identifiers, including usernames, passwords, email addresses, and IP addresses
A) Active user account credentials
C) Actual URLs to live websites or resources
Honeytokens: A bit of traceable data added to your honeynet. If data is stolen and shared, you will be notified and can trace it to who stole it. (1.2)
66
What is the role of a Policy Enforcement Point (PEP) in policy-driven access control?
A) Creating security policies
B) Enforcing security policies at runtime
C) Analyzing threat scope reduction
D) Allowing unrestricted access to all users
B) Enforcing security policies at runtime
Policy Enforcement Point: (PEP) The gatekeeper that all network traffic goes through. Can be one device or multiple devices working together checking different policies on things. (1.2)
67
A technician is applying a series of patches to fifty web servers during a scheduled maintenance window. After patching and rebooting the first server, the web service fails with a critical error. Which of the following
should the technician do NEXT?
❍ A. Contact the stakeholders regarding the outage
❍ B. Follow the steps listed in the backout plan
❍ C. Test the upgrade process in the lab
❍ D. Evaluate the impact analysis associated with the change
B. Follow the steps listed in the backout plan
The backout plan associated with the change control process provides information on reverting to the previous configuration if an unrecoverable error is found during the change. (1.3)
68
A recent report shows the return of a vulnerability that was previously patched four months ago. After researching this issue, the security team has found a recent patch has reintroduced this vulnerability on the servers. Which of the following should the security administrator implement to prevent this issue from occurring in the future?
❍ A. Containerization
❍ B. Data masking
❍ C. 802.1X
❍ D. Change management
D. Change management
The change management process includes a testing phase that can help identify potential issues relating to an application change or upgrade. (1.3)
69
What are the basic best practices of change management?
Have clear policies that include the frequency, duration, installation process, and rollback procedures should they not work, of updates and changes to your systems.
70
Which of the following would a company follow to deploy a weekly operating system patch?
❍ A. Tabletop exercise
❍ B. Penetration testing
❍ C. Change management
❍ D. Internal audit
C. Change management
Change management is a formal process used to control and manage any changes to hardware, software, or any other part of the IT infrastructure. (1.3)
71
A company is experiencing downtime and outages when application patches and updates are deployed during the week. Which of the
following would help to resolve these issues?
❍ A. Onboarding considerations
❍ B. Incident response policies
❍ C. Change management procedures
❍ D. Decentralized governance
C. Change management procedures
Change management defines a series of best practices for implementing changes in a complex technical environment. The goals of change
management are to implement updates and changes while also maintaining the uptime and availability of critical business systems. (1.3)
72
To upgrade an internal application, the development team provides the operations team with instructions for backing up, patching the application, and reverting the patch if needed. The operations team schedules a date for the upgrade, informs the business divisions, and tests the upgrade process after completion. Which of the following describes this process?
❍ A. Code signing
❍ B. Continuity planning
❍ C. Usage auditing
❍ D. Change management
D. Change management
Change management is the process for making any type of change, such as a software upgrade, a hardware replacement, or any other type
of modification to the existing environment. Having a formal change management process minimizes the risk of a change and makes everyone aware of the changes as they occur. (1.3)
73
A system administrator has been tasked with performing an application upgrade, but the upgrade has been delayed due to a different scheduled installation of an outdated device driver. Which of the following issues would best describe this change management delay?
❍ A. Deny list
❍ B. Legacy application
❍ C. Dependency
❍ D. Restricted activity
C. Dependency
Modifying one part of a system may first require changes to other components. In this example, the application upgrade is dependent on an updated version of a device driver. (1.3)
74
Who are stakeholders in the context of change management?
A) Only technical staff
B) Individuals or groups affected by or involved in a change
C) Only security personnel
D) Only upper management
B) Individuals or groups affected by or involved in a change
Stakeholders: Individuals or departments that will be impacted by the change you’re proposing. They’re going to want input on the change management process, and some type of control over when the change occurs. Take into account who all is going to be impacted by the change. Look beyond the immediate impact and look through the whole process. (1.3)
75
A security technician is proposing the implementation of a new firewall system in their organization. The proposal includes significant changes to the current network infrastructure. Before implementing the new firewall system, what is the first step the security technician should do before installing the new system?
A) Conducting an impact analysis of the new system on current operations
B) Obtaining formal approval for the project from senior management
C) Scheduling a maintenance window for the implementation
D) Preparing a back out plan in case the implementation fails
B) Obtaining formal approval for the project from senior management
Change Management: Or Change Approval Process. The formal process an IT administrator goes through to ensure that a change to the systems goes through properly and without messing anything up.
Change Control Process:
-1) Fill out an approval process request form.
-2) Explain what the change is and why it’s being implemented.
-3) Identify the scope of the change, or how big this change will be.
-4) Schedule a date and time for the change to take place.
-5) Determine the affected systems and the impact on those systems.
-6) Analyze the risk associated with the change.
-7) Get approval from the change control board to go ahead with the change. (1.3)
76
A group of business partners is using blockchain technology to monitor and track raw materials and parts as they are transferred between companies. Where would a partner find these tracking details?
❍ A. Ledger
❍ B. HSM
❍ C. SIEM
❍ D. HIPS
A. Ledger
The ledger is a shared document with a list of all blockchain transactions. The ledger is shared among everyone in the blockchain, and all transactions are available to view on this central ledger. (1.4)
77
A company stores some employee information in encrypted form, but other public details are stored as plaintext. Which of the following would BEST describe this encryption strategy?
❍ A. Full-disk
❍ B. Record
❍ C. Asymmetric
❍ D. Key escrow
B. Record
Record-level encryption is commonly used with databases to encrypt individual columns within the database. This would store some information in the database as plaintext and other information as encrypted data. (1.4)
78
What is record-level encryption?
Data in a database that’s encrypted at the record level while everything else is public. For example, names in the database are decrypted, but SSNs are encrypted.
79
A manufacturing company would like to track the progress of parts used on an assembly line. Which of the following technologies would be the BEST choice for this task?
❍ A. Secure enclave
❍ B. Blockchain
❍ C. Hashing
❍ D. Asymmetric encryption
B. Blockchain
The ledger functionality of a blockchain can be used to track or verify components, digital media, votes, and other physical or digital objects. (1.4)
80
What is a blockchain?
A distributed ledger for anyone to be able to see that keeps track of transactions. If you are involved in a blockchain, you are notified of any and all changes. The transaction is then added to a new block of data containing other recently verified transactions. A hash is added to the block of data and the block is completed so that if data is changed, everyone looking at it will know.
81
A company encourages users to encrypt all of their confidential materials on a central server. The organization would like to enable key escrow as a backup option. Which of these keys should the organization place into escrow?
❍ A. Private
❍ B. CA
❍ C. Session
❍ D. Public
A. Private
With asymmetric encryption, the private key is used to decrypt information that has been encrypted with the public key. To ensure continued access to the encrypted data, the company must have a copy of each private key. (1.4)
82
A security manager would like to ensure that unique hashes are used with an application login process. Which of the following would be the BEST way to add random data when generating a set of stored password hashes?
❍ A. Salting
❍ B. Obfuscation
❍ C. Key stretching
❍ D. Digital signature
A. Salting
Adding random data, or salt, to a password when performing the hashing process will create a unique hash, even if other users have chosen the same password. (1.4)
83
What is salting?
Random data added to a password when hashing that password, making a different hash for the password when stored. For example, the password ‘dragon’ has its own unique hash, but the password ‘dragon +r4$x’ has a different hash, but is still able to be deciphered when the password is looked at in plain text. The +r4$x is known to the user to be the salt.
84
Which cryptographic method is used to add trust to a digital certificate?
❍ A. Steganography
❍ B. Hash
❍ C. Symmetric encryption
❍ D. Digital signature
D. Digital signature
A certificate authority will digitally sign a certificate to add trust. If you trust the certificate authority, you can therefore trust the certificate. (1.4)
85
A corporate security team would like to consolidate and protect the private keys across all of their web servers. Which of these would be the BEST way to securely store these keys?
❍ A. Integrate an HSM
❍ B. Implement full disk encryption on the web servers
❍ C. Use a TPM
❍ D. Upgrade the web servers to use a UEFI BIOS
A. Integrate an HSM
An HSM (Hardware Security Module) is a high-end cryptographic hardware appliance that can securely store keys and certificates for all devices. (1.4)
86
What is HSM?
Hardware Security Module. A standalone device whose sole purpose is to provide cryptographic keys to many devices in large environments. It securely stores thousands of cryptographic keys.
87
A user in the accounting department would like to email a spreadsheet with sensitive information to a list of third-party vendors. Which of the following would be the BEST way to protect the data in this email?
❍ A. Full disk encryption
❍ B. Key exchange algorithm
❍ C. Salted hash
❍ D. Asymmetric encryption
D. Asymmetric encryption
Asymmetric encryption uses a recipient's public key to encrypt data, and this data can only be decrypted with the recipient's private key. This encryption method is commonly used with software such as PGP or GPG. (1.4)
88
An organization has developed an in-house mobile device app for order processing. The developers would like the app to identify revoked server certificates without sending any traffic over the corporate Internet connection. Which of the following must be configured to allow this functionality?
❍ A. CSR generation
❍ B. OCSP stapling
❍ C. Key escrow
❍ D. Wildcard
B. OCSP stapling
The use of OCSP (Online Certificate Status Protocol) requires communication between the client and the issuing CA (Certificate Authority). If the CA is an external organization, then validation checks will communicate across the Internet. The certificate holder can verify their own status and avoid client Internet traffic by storing the status information on an internal server and “stapling” the OCSP status into the SSL/TLS handshake. (1.4)
89
What is OCSP?
Online Certificate Status Protocol. A protocol that lists the status of its certificate onto the web server itself.
90
A user in the marketing department is unable to connect to the wireless network. After authenticating with a username and password, the user receives this message:
-- -- --
The connection attempt could not be completed.
The Credentials provided by the server could not be validated.
Radius Server: radius.example.com
Root CA: Example.com Internal CA Root Certificate
-- -- --
The access point is configured with WPA3 encryption and 802.1X authentication. Which of the following is the MOST likely reason for this login issue?
❍ A. The user’s computer is in the incorrect VLAN
❍ B. The RADIUS server is not responding
❍ C. The user’s computer does not support WPA3 encryption
❍ D. The user is in a location with an insufficient wireless signal
❍ E. The client computer does not have the proper certificate installed
E. The client computer does not have the proper
certificate installed
The error message states that the server credentials could not be validated. This indicates that the certificate authority that signed the server’s certificate is either different than the CA certificate installed on the client’s workstation, or the client workstation does not have an installed copy of the CA’s certificate. This validation process ensures that the client is communicating to a trusted server and there are no on-path attacks occurring. (1.4)
91
An application developer is creating a mobile device app that will require a true random number generator real-time memory encryption. Which of the following technologies would be the BEST choice for this app?
❍ A. HSM
❍ B. Secure enclave
❍ C. NGFW
❍ D. Self-signed certificates
B. Secure enclave
A secure enclave describes a hardware processor designed for security. The secure enclave monitors the boot process, create true random numbers, store root cryptography keys, and much more. (1.4)
92
What is a secure enclave?
A security processor built into the systems we use.
93
A system administrator has protected a set of system backups with an encryption key. The system administrator used the same key when restoring files from this backup. Which of the following would BEST describe this encryption type?
❍ A. Asymmetric
❍ B. Key escrow
❍ C. Symmetric
❍ D. Out-of-band key exchange
C. Symmetric
Symmetric encryption uses the same key for both encryption and decryption. (1.4)
94
A security administrator has discovered an employee exfiltrating confidential company information by embedding data within image files and emailing the images to a third-party. Which of the following would best describe this activity?
❍ A. Digital signatures
❍ B. Steganography
❍ C. Salting
❍ D. Data masking
B. Steganography
Steganography is the process of hiding information within another document. For example, one common method of steganography embeds data or documents within image files. (1.4)
95
A system administrator is designing a data center for an insurance company’s new public cloud and would like to automatically rotate
encryption keys on a regular basis. Which of the following would provide this functionality?
❍ A. TPM
❍ B. Key management system
❍ C. Secure enclave
❍ D. XDR
B. Key management system
A key management system is used to manage large security key implementations from a central console. This includes creating keys, associating keys with individuals, rotating keys on regular intervals, and logging all key use. (1.4)
96
What is a key management system?
A centralized console that keeps track of all of your different keys for all of your different servers, users, and devices. Logs key use and other important events.
97
Sam would like to send an email to Jack and have Jack verify that Sam was the sender of the email. Which of these should Sam use to provide this verification?
❍ A. Digitally sign with Sam’s private key
❍ B. Digitally sign with Sam’s public key
❍ C. Digitally sign with Jack’s private key
❍ D. Digitally sign with Jack’s public key
A. Digitally sign with Sam’s private key
The sender of a message digitally signs with their own private key to ensure integrity, authentication, and non-repudiation of the signed contents. The digital signature is validated with the sender’s public key. (1.4)
98
Briefly explain how to create a symmetric key using public key cryptography.
Bob on his computer has a private and public key. Alice on her computer also has her own private key and public key. Bob shares his public key with Alice, and Alice shares her public key with Bob. Together, combining their own private key with each other’s public key, they’ve created an identical symmetric key that both of them now have.
99
A security administrator would like to minimize the number of certificate status checks made by web site clients to the certificate authority. Which of the following would be the BEST option for this requirement?
❍ A. OCSP stapling
❍ B. Self-signed certificates
❍ C. CRL
❍ D. Wildcards
A. OCSP stapling
OCSP (Online Certificate Status Protocol) stapling allows the certificate holder verify their own certificate status. The OCSP status is commonly “stapled” into the SSL/TLS handshake process. Instead of contacting the certificate authority to verify the certificate, the verification is included with the initial network connection to the server. (1.4)
100
Which of the following would be the MOST effective use of asymmetric encryption?
❍ A. Real-time video encryption
❍ B. Securely store passwords
❍ C. Protect data on mobile devices
❍ D. Create a shared session key
D. Create a shared session key
The Diffie-Hellman algorithm can combine public and private keys to derive the same session key. This allows two devices to create and use this shared session key without sending the key across the network. (1.4)
101
Each salesperson in a company receives a laptop with applications and data to support their sales efforts. The IT manager would like to prevent third-parties from gaining access to this information if the laptop is stolen. Which of the following would be the BEST way to protect this data?
❍ A. Remote wipe
❍ B. Full disk encryption
❍ C. Biometrics
❍ D. VPN
B. Full disk encryption
With full disk encryption, everything written to the laptop’s local drive is stored as encrypted data. If the laptop was stolen, the thief would not have the credentials to decrypt the drive data. (1.4)
102
All data on a mobile device being encrypted is an example of what?
A) Obfuscation
B) Federation
C) Blockchain
D) Secure enclave
D) Secure enclave
Secure Enclave: A security processor built into the systems we use. (1.4)
103
Two security professionals are setting up a secure communication channel between their organizations. They need a secure way to establish a shared secret key for symmetric encryption. Which method should they use to securely exchange the symmetric key?
A) Public key infrastructure (PKI) for key exchange
B) Directly sending the symmetric key over email
C) Using an asymmetric algorithm such as Diffie-Hellman
D) Encrypting the key using symmetric encryption and then sending it
C) Using an asymmetric algorithm such as Diffie-Hellman
Asymmetric Encryption: Public key cryptography. Two (or more) mathematically related keys. You encrypt data with one key and decrypt data with a different key. Both keys are made at the same time so they mathematically understand one another. One of the keys made is the private key (the one that is not shared) and the other is made to be the public key (the one that is shared to other people). The private key is the only key that can decrypt data encrypted with the public key, making all data encrypted with the public key safe from encryption except from one source. (1.4)
104
Application transactions that are logged in a public ledger is an example of what?
A) Federation
B) Blockchain
C) False negative
D) Hashing
B) Blockchain
Blockchain: A distributed ledger for anyone to be able to see that keeps track of transactions. If you are involved in a blockchain, you are notified of any and all changes. The transaction is then added to a new block of data containing other recently verified transactions. A hash is added to the block of data and the block is completed so that if data is changed, everyone looking at it will know. (1.4)
105
A company is protecting user passwords by hashing the password values multiple times. Which of the following would describe this process?
A) Salting
B) Steganography
C) Symmetric encryption
D) Digital signature
E) Key stretching
E) Key stretching
Key strengthening: Also known as key hashing or key stretching. The process of making your key stronger by hashing the hashes of your password multiple times. The hash of a hash of a hash of a password is difficult to brute-force. (1.4)
106
Which technology would be utilized in this scenario?
Verifying the status of a web server certificate.
A) Tokenization
B) Federation
C) Blockchain
D) OCSP
D) OCSP
OCSP: Online Certificate Status Protocol. A protocol that lists the status of its certificate onto the web server itself. (1.4)
107
Which technology would be utilized in this scenario?
Randomization has been added to a hash.
A) Honeyfile
B) Tokenization
C) Salting
D) Blockchain
C) Salting
Salting: Random data added to a password when hashing that password, making a different hash for the password when stored. For example, the password ‘dragon’ has its own unique hash, but the password ‘dragon +r4$x’ has a different hash, but is still able to be deciphered when the password is looked at in plain text. The +r4$x is known to the user to be the salt. (1.4)
108
A user is asymmetrically encrypting an outgoing email message. Which of the following is used to encrypt this information?
A) Sender's public key
B) Recipient's private key
C) Sender's private key
D) Recipient's public key and sender's private key
E) Recipient's public key
E) Recipient's public key
Asymmetric Encryption: Public key cryptography. Two (or more) mathematically related keys. You encrypt data with one key and decrypt data with a different key. Both keys are made at the same time so they mathematically understand one another. One of the keys made is the private key (the one that is not shared) and the other is made to be the public key (the one that is shared to other people). The private key is the only key that can decrypt data encrypted with the public key, making all data encrypted with the public key safe from encryption except from one source. (1.4)
109
A security professional is responsible for securely storing user passwords in a database. They need a method to protect the passwords from being exposed in case of a breach. What technique should the security professional use to safeguard user passwords in the database?
A) Digital signatures
B) Hashing
C) File permission
D) Blockchain
B) Hashing
Hash: A short string of text that can be created based upon data contained within the plain text. Also known as a message digest or a fingerprint.
Hashing: Representing data as a short string of text. Cannot be decrypted. (1.4)
110
A security professional is managing a network with multiple SSL/TLS-secured devices. They need a mechanism to promptly revoke the trust of a compromised certificate across all devices. What technology should the professional use to maintain a list of revoked certificates that can be checked by clients?
A) Self-signed certificate
B) CSR
C) CRL
D) Third-party certificate
C) CRL
Certificate Revocation Lists: (CRLs) A list of digital certificates that have been revoked by the issuing Certificate Authority (CA) before their scheduled expiration date. When a CA issues a digital certificate, it includes an expiration date. However, certain events may lead to the need for revocation before the certificate's expiration, such as the compromise of the private key associated with the certificate, the compromise of the CA itself, or other security-related concerns. (1.4)
111
A bank requires all of its vendors to implement measures to prevent data loss on stolen laptops. Which strategy is the bank demanding?
A) Disk encryption
B) Data permission
C) Information categorization
D) Access right limitations
A) Disk encryption
Examples of full-disk and partition/volume encryption software include BitLocker (Windows OS) and FileVault (Mac OS). (1.4)
112
Which of the following best applies to the concept of non-repudiation?
A) Digital certificate
B) MFA
C) Hashing
D) Encryption
A) Digital certificate
Digital Certificate: A file that contains both a public key and a digital signature. Think of it as a digital version of an ID card. It’s a way to provide trust and for them to say that the person is who they actually say they are in authentication, and allow them access to things they previously did not have access to. (1.4)
113
A hierarchical system for the creation, management, storage, distribution, and revocation of digital certificates is known as:
A) PKI
B) RA
C) PKCS
D) CA
A) PKI
PKI: Public Key Infrastructure. Policies and procedures that are responsible for creating, distributing, managing, storing, revoking, and performing processes associated with digital certificates.
PKI used as a verb means to associate a certificate to people or devices. (1.4)
114
Which of the answers listed below best describes the characteristics of a public-private key pair?
A) Both keys are examples of a symmetrical key
B) Two keys that are identical
C) A pair of keys where one is used for encryption and the other for decryption
D) Both keys are examples of a shared key
C) A pair of keys where one is used for encryption and the other for decryption
Asymmetric Encryption: Public key cryptography. Two (or more) mathematically related keys. You encrypt data with one key and decrypt data with a different key. Both keys are made at the same time so they mathematically understand one another. One of the keys made is the private key (the one that is not shared) and the other is made to be the public key (the one that is shared to other people). The private key is the only key that can decrypt data encrypted with the public key, making all data encrypted with the public key safe from encryption except from one source. (1.4)
115
What is the typical use of a public key?
A) Data encryption
B) Data decryption
C) User/device authentication
D) All of the above
A) Data encryption
Symmetric Encryption: A single, shared key. You encrypt data with the key and decrypt data with the key. If the key gets out, you’ll need another key. Also known as a secret key algorithm or a shared secret. It doesn’t really scale very well because it’s only one key shared between a bunch of people. It is very fast, however. (1.4)
116
True or False: Key escrow is a cryptographic technique that enables storing copies of encryption keys with a trusted third party. A Recovery Agent (RA) is a trusted third party (an individual, entity, or system) who is authorized to assist in the retrieval of encryption keys and data on behalf of the data owner. Key escrow and RA are both used to ensure that encrypted data can be decrypted even if the data owner loses access to their encryption key. Since key escrow and RAs are both components of a single security solution, the only way to implement key escrow systems is with the use of RAs.
False.
Key Escrow: Someone else holding onto your decryption keys, either within your organization or with a third party. (1.4)
117
Which of the following answers refers to a data storage device equipped with hardware-level encryption functionality?
A) HSM
B) TPM
C) EFS
D) SED
D) SED
SED: Self-Encrypting Devices. Data storage device with built-in cryptographic processing that may be utilized to encrypt and decrypt the stored data, occurring within the device and without dependence on a connected information system. (1.4)
118
An MS Windows component that enables encryption of individual files is called:
A) SED
B) EFS
C) BitLocker
D) FDE
B) EFS (Encrypting File System)
You can encrypt individual files on Windows using EFS (Encrypting File System), and other OSs using other third party utilities. (1.4)
119
What is the name of a network protocol that secures web traffic via SSL/TLS encryption?
A) SFTP
B) HTTPS
C) FTPS
D) SNMP
B) HTTPS
Transport encryption: Protecting data as it crosses the network. This is done by browsers using secure ports such as HTTPS that encrypt data as it crosses the network. VPNs are another example, either site to site VPNs using IPsec, or client based VPNs using SSL/TLS. (1.4)
120
Which cryptographic protocol is designed to provide secure communications over a computer network and is the successor to SSL?
A) IPsec
B) TLS
C) AES
D) CCMP
B) TLS
Transport encryption: Protecting data as it crosses the network. This is done by browsers using secure ports such as HTTPS that encrypt data as it crosses the network. VPNs are another example, either site to site VPNs using IPsec, or client based VPNs using SSL/TLS.
Client VPNs use SSL/TLS protocols (TCP 443). (1.4 & 3.2)
121
True or False: In asymmetric encryption, any message encrypted with the use of a public key can only be decrypted by applying the same algorithm and a matching private key (and vice versa).
True. (1.4)
122
Which PKI trust model assigns a single hierarchy with one master CA called the root, who signs all digital certificate authorities with a single key?
A) Distributed trust model.
B) Bridge trust model.
C) Hierarchical trust model.
D) Centralized trust model.
C) Hierarchical trust model.
A hierarchical trust model assigns a single hierarchy with one master CA called the root, who signs all digital certificate authorities with a single key. The distributed trust model has multiple CAs that sign digital certificates. With the bridge trust model, no single CA signs digital certificates, and yet the CA acts as a facilitator to interconnect all other CAs. Centralized trust model. (1.4)
123
What is the primary distinction between a Certificate Policy (CP) and a Certificate Practice Statement (CPS)?
A) A CP describes how end-users register for a digital certificate.
B) A CPS is a published set of rules that govern the operation of a PKI.
C) A CPS governs the operation of intermediate CA.
D) A CP provides recommended baseline security requirements for the use and operation of PKI components.
D) A CP provides recommended baseline security requirements for the use and operation of PKI components.
A CP is a set of rules that provide recommended baseline security requirements for the use and operation of PKI components, while a CPS is a more technical document that describes how the CA uses and manages certificates. (1.4)
