Security+ Practice Tests 6-10 Flashcards
Which of the following does NOT refer to an email communication threat vector?
Skimming
Malicious attachment
Social engineering
Malicious URL
Phishing
Skimming
Skimming is collecting PII from a payment card.
Which of the following mitigates the risk of supply chain attacks?
DRP (Disaster Recovery Plan)
Vendor/intermediary checks
BCP (Business Continuity Plan)
IRP (Incident Response Plan)
Vendor/intermediary checks
A comprehensive security screening of a potential third-party vendor before forming a partnership.
VDD (Vendor Due Diligence)
DRP stands for
Disaster Recovery Plan
BCP stands for
Business Continuity Plan
IRP stands for
Incident Response Plan
A detailed strategy and set of systems for ensuring an organization’s ability to prevent or rapidly recover from a significant disruption to its operations.
BCP (Business Continuity Plan)
A written document, formally approved by the senior leadership team, that helps your organization before, during, and after a confirmed or suspected security incident.
IRP (Incident Response Plan)
A formal document created by an organization that contains detailed instructions on how to respond to unplanned incidents such as natural disasters, power outages, cyber attacks and any other disruptive events.
DRP (Disaster Recovery Plan)
Examples of social media threat vectors include:
PII harvesting
social engineering
identity/account theft
malicious URLs
all of the above
All of the above
Threat intelligence gathered from publicly available sources
OSINT
OSINT stands for
Open Source Intelligence
Insight gained from processing and analyzing public data sources such as broadcast TV and radio, social media, and websites. These sources provide data in text, video, image, and audio formats.
OSINT (Open-Source Intelligence)
RFC stands for
Request for Comments
A formal standards-track document developed in working groups within the Internet Engineering Task Force (IETF). Contains specifications and organizational notes about topics related to the internet and computer networking, such as routing, addressing and transport technologies.
RFC (Request for Comments)
The U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. Provides advanced searching features.
NVD (National Vulnerability Database)
NVD stands for
National Vulnerability Database
CVE stands for
Common Vulnerabilities and Exposures
A publicly available catalog of cybersecurity vulnerabilities. Contains a list of records each containing an identification number, a description, and at least one public reference. Feeds NVD.
CVE (Common Vulnerabilities and Exposures)
What is CVE/NVD?
Two different programs that publicly disclose known cybersecurity vulnerabilities. They are both set up for a user to search by OS, platform, etc.
The CVE was launched by the MITRE Corporation as a community effort.
The NVD was launched by the NIST (National Institute of Standards and Technology).
NIST stands for
National Institute of Standards and Technology
Which of the following refer to vulnerability databases? (Select 2)
DBA
CVE
DBaaS
NVD
AIS
CVE (Common Vulnerabilities and Exposures)
NVD (National Vulnerability Database)
DBA stands for
Database Administrator
DBaaS stands for
Database as a Service
AKA managed database service
AIS stands for
Automated Indicator Sharing
A service the CISA provides to enable real-time exchange of machine-readable cyber threat indicators and defensive measures between public, federal, and private-sector organizations.
AIS (Automated Indicator Sharing)
CVSS stands for
Common Vulnerability Scoring System
A public framework for rating the severity of security vulnerabilities in software.
CVSS (Common Vulnerability Scoring System)
TTP stands for
Tactics, Techniques, and Procedures
This acronym describes the behavior of a threat actor in three levels – the “why,” the “what,” and the “how.”
TTP (Tactics, Techniques, and Procedures)
A common language for describing cyber threat information
STIX
STIX stands for
Structured Threat Information eXpression
A standardized XML programming language for conveying data about cybersecurity threats in a common language that can be easily understood by humans and security technologies.
STIX (Structured Threat Information eXpression)
TAXII stands for
Trusted Automated eXchange of Indicator Information
A dedicated transport mechanism for cyber threat information
TAXII (Trusted Automated eXchange of Indicator Information)
A suite of communication protocols used to interconnect network devices on the internet or private networks (intranet or extranet).
TCP/IP
S/MIME stands for
Secure/Multipurpose Internet Mail Extensions
A widely accepted protocol for sending digitally signed and encrypted messages (including email).
S/MIME
A specification extending the format of email to support sending images, audio/video files, archives, etc. Expands upon SMTP.
MIME
GitHub is an example of:
Digital media store
Virtualization software
File/code repository
Social media site
File/code repository
A type of formal document that describes the specifications for a particular technology
RFC (Request for Comments)
PII stands for
Personally Identifiable Information
RFQ stands for
Request for Quote
RFI stands for
Request for Information
RFP stands for
Request for Proposal
A formal process for gathering information from potential suppliers of a good or service.
RFI (Request for information)
A business document that announces a project, describes it, and solicits bids from qualified contractors to complete it. Goals and objectives are defined to give vendors a good idea of the requirements.
RFP (Request for Proposal)
A solicitation for goods or services in which a company invites vendors to submit price quotes and bid on the job.
RFQ (Request for Quote)
IPS stands for
Intrusion Prevention System
SIEM stands for
Security Information and Event Management
A solution that helps organizations detect, analyze, and respond to security threats before they harm business operations.
SIEM (Security Information and Event Management)
IDPS stands for
Intrusion Detection Prevention System
A network security tool that continuously monitors a network for malicious activity and takes action to prevent it, including reporting, blocking, or dropping it, when it does occur.
IPS (Intrusion Prevention System)
A type of attack aimed at exploiting vulnerability that is present in already released software but unknown to the software developer is called:
Zero-day attack
A type of attack in which an attacker crafts a TCP packet with the Urgent, Push, and Fin header flags set, and injects it into the network. This can cause receiving devices to slow down (DoS), reboot, or behave in inconvenient ways.
Xmas tree attack
AKA Christmas tree attack
A word used to describe encryption protocols that contain weak implementations and cannot be considered secure anymore.
Deprecated
Which of the following is a deprecated encryption protocol?
SSH
TLS
S/MIME
SSL
IPsec
PGP
SSL
What do FTP, HTTP, IMAP, POP, and SMTP have in common?
They are all cleartext network protocols.
Vulnerability scanning: (select all that apply)
Identifies lack of security controls
Actively tests security controls
Identifies common misconfigurations
Exploits vulnerabilities
Passively tests security controls
Identifies lack of security controls
Identifies common misconfigurations
Passively tests security controls
A special isolated folder on a machine’s hard disk where the suspicious files detected by Antivirus and Antimalware protection are placed to prevent further spread of threats.
Quarantine
SOAR stands for
Security, Orchestration, Automation, and Response
A stack of compatible software programs that enables an organization to collect data about security threats and respond to security events with little or no human assistance.
SOAR
Difference between SOAR and SIEM?
SIEM aggregates data from multiple security systems to generate alerts.
SIEM uses pattern matching to generate alerts that the IT team can investigate. It does NOT take action itself when it identifies a threat.
SOAR acts as the response engine to those alerts generated by the SIEM.
SOAR can also collect data from external applications.
A server used for collecting diagnostic and monitoring data from networked devices.
Syslog server
A server application that acts as an intermediary between a client requesting a resource and the server providing that resource. It improves privacy, security, and performance in the process.
Proxy server
UC stands for
Unified Communications
An umbrella term for the integration of multiple enterprise communication tools – such as voice calling, video conferencing, instant messaging, presence, content sharing, etc. – into a single, streamlined interface, with the goal of improving user experience and productivity.
UC (Unified Communications)
AV stands for
Audio Visual
ICS stands for
Internet Connection Sharing
A feature that allows a device with internet access to act as a host or access point for other devices to connect to the web.
ICS (Internet Connection Sharing)
A security solution designed to detect anomalies in the log and event data collected from multiple network devices is called:
SIEM (Security Information and Event Management)
Which tool enables automated response to security incidents?
SOAR (Security, Orchestration, Automation, Response)
Penetration testing: (Select all that apply)
Bypass security controls
Only identifies lack of security controls
Actively tests security controls
Exploits vulnerabilities
Passively tests security controls
Bypasses security controls
Actively tests security controls
Exploits vulnerabilities
NIDS stands for
Network Intrusion Detection System
HIDS stands for
Host-based Intrusion Detection System
Cybersecurity solution that monitors IT systems for signs of suspicious activity to detect unusual behaviors or patterns associated either with human users or applications that could be a sign of a security breach or attempted attack.
This solution operates on an individual host system.
HIDS (Host-based Intrusion Detection System)
HIPS stands for
Host Intrusion Prevention System
An installed software package which monitors a single host for suspicious activity by analyzing events occurring within that host.
In case of attempted major changes by a hacker or malware, this software blocks the action and alerts the user so an appropriate decision about what to do can be made.
HIPS (Host Intrusion Prevention System)
An internet standard protocol used to monitor and manage network devices via agents. This protocol collects, organizes, and sends data from various devices for network monitoring assisting with fault identification and isolation.
SNMP (Simple Network Management Protocol)
A penetration test performed by an authorized professional with the full prior knowledge on how the system that is to be tested works is called:
White-box testing
A penetration test of a computer system performed without the prior knowledge on how the system that is to be tested works is called:
Black-box testing
A penetration test in which the person conducting the test has a limited access to information on the internal workings of the targeted system is called:
Gray-box testing
In penetration testing, this type of reconnaissance relies on gathering information on the targeted system with the use of various non-invasive software tools and techniques, such as pinging, port scanning, or OS fingerprinting.
Active reconnaissance
In penetration testing, this type of reconnaissance involves gathering any type of publicly available information that can be used later for exploiting vulnerabilities found in the targeted system.
Passive reconnaissance
An optimal Wireless Access Point (WAP) antenna placement provides a countermeasure against:
War chalking
Spoofing
War driving
Insider threat
War driving
When people draw symbols in areas to indicate the presence of an open Wi-Fi network. The symbols used typically say something about the access point.
War chalking
Attackers searching for wireless networks with vulnerabilities while moving around an area in a moving vehicle.
War driving
Which statement applies to the concept of OSINT?
Gaining advantage over competitors
Passive reconnaissance
Preparation before launching a cyberattack
Active reconnaissance
Passive reconnaissance
In cybersecurity exercises, the attacking team
Red team
In cybersecurity exercises, the defending team
Blue team
In cybersecurity exercises, the event overseer (referee)
White team
In cybersecurity exercises, a collaborative approach that involves the blue and red teams working together to improve an organization’s security
Purple team
T/F: A physical network diagram contains information on hardware devices and physical links between them.
True
T/F: A logical network diagram describes the actual traffic flow on a network and provides information related to IP addressing schemes, subnets, device roles, or protocols that are in use on the network.
True