Test 1

Question 1

Which of these protocols use TLS to provide secure communication? (Select TWO)

❍ A. HTTPS
❍ B. SSH
❍ C. FTPS
❍ D. SNMPv2
❍ E. DNSSEC
❍ F. SRTP

Answer 1

A. HTTPS and C. FTPS

TLS (Transport Layer Security) is a cryptographic protocol used to
encrypt network communication. HTTPS is the Hypertext Transfer
Protocol over TLS, and FTPS is the File Transfer Protocol over TLS.

An earlier version of TLS is SSL (Secure Sockets Layer). Although
we don’t commonly see SSL in use any longer, you may see TLS
communication referenced as SSL.

Question 2

A security incident has occurred on a file server. Which of the following
data sources should be gathered to address file storage volatility?
(Select TWO)

❍ A. Partition data
❍ B. Kernel statistics
❍ C. ROM data
❍ D. Temporary file systems
❍ E. Process table

Answer 2

A. Partition data and D. Temporary file systems

Both temporary file system data and partition data are part of the file
storage subsystem.

The incorrect answers:

B. Kernel statistics
Kernel statistics are stored in memory.

C. ROM data
ROM data is a type of memory storage.

E. Process table
The process table keeps track of system processes, and it stores this information in RAM.

Question 3

An IPS at your company has found a sharp increase in traffic from
all-in-one printers. After researching, your security team has found a
vulnerability associated with these devices that allows the device to be
remotely controlled by a third-party. Which category would BEST
describe these devices?

❍ A. IoT
❍ B. RTOS
❍ C. MFD
❍ D. SoC

Answer 3

C. MFD
An all-in-one printer that can print, scan, and fax is often categorized as
an MFD (Multifunction Device).

The incorrect answers:

A. IoT
Wearable technology and home automation devices are commonly called IoT (Internet of Things) devices.

B. RTOS
RTOS (Real-time Operating Systems) are commonly used in
manufacturing and automobiles.

D. SoC
Multiple components that run on a single chip are categorized as an SoC
(System on a Chip).

Question 4

Which of the following standards provides information on privacy and
managing PII?

❍ A. ISO 31000
❍ B. ISO 27002
❍ C. ISO 27701
❍ D. ISO 27001

Answer 4

C. ISO 27701

The ISO (International Organization for Standardization) 27701
standard extends the ISO 27001 and 27002 standards to include detailed
management of PII (Personally Identifiable Information) and data privacy.

The incorrect answers:

A. ISO 31000
The ISO 31000 standard sets international standards for risk management practices.

B. ISO 27002
Information security controls are the focus of the ISO 27002 standard.

D. ISO 27001
The ISO 27001 standard is the foundational standard for Information Security Management Systems (ISMS).

Question 5

Elizabeth, a security administrator, is concerned about the potential for
data exfiltration using external storage drives. Which of the following
would be the BEST way to prevent this method of data exfiltration?

❍ A. Create an operating system security policy to prevent
the use of removable media
❍ B. Monitor removable media usage in host-based firewall logs
❍ C. Only allow applications that do not use removable media
❍ D. Define a removable media block rule in the UTM

Answer 5

A. Create an operating system security policy to prevent
the use of removable media

Removable media uses hot-pluggable interfaces such as USB to connect storage drives. A security policy in the operating system can prevent any files from being written to a removable drive.

The incorrect answers:

B. Monitor removable media usage in host-based firewall logs
A host-based firewall monitors traffic flows and does not commonly log hardware or USB drive access.

C. Only allow applications that do not use removable media
File storage access options are not associated with applications, so it’s not possible to allow based on external storage drive usage.

D. Define a removable media block rule in the UTM
A UTM (Unified Threat Manager) watches traffic flows across the
network and does not commonly manage the storage options on individual
computers.

Question 6

A CISO (Chief Information Security Officer) would like to decrease
the response time when addressing security incidents. Unfortunately, the
company does not have the budget to hire additional security engineers.
Which of the following would assist the CISO with this requirement?

❍ A. ISO 27701
❍ B. PKI
❍ C. IaaS
❍ D. SOAR

Answer 6

D. SOAR

SOAR (Security Orchestration, Automation, and Response) is designed to make security teams more effective by automating processes and integrating third-party security tools.

The incorrect answers:

A. ISO 27701
The ISO (International Organization for Standardization) 27701 standard
focuses on privacy and securing PII.

B. PKI
A PKI (Public Key Infrastructure) describes the processes and procedures
associated with maintaining digital certificates.

C. IaaS
IaaS (Infrastructure as a Service) describes a cloud service that provides
the hardware required for deploying application instances and other cloud-
based applications.

Question 7

Rodney, a security engineer, is viewing this record from the firewall logs:
UTC 04/05/2018 03:09:15809 AV Gateway Alert
136.127.92.171 80 -> 10.16.10.14 60818
Gateway Anti-Virus Alert:
XPACK.A_7854 (Trojan) blocked.
Which of the following can be observed from this log information?

❍ A. The victim’s IP address is 136.127.92.171
❍ B. A download was blocked from a web server
❍ C. A botnet DDoS attack was blocked
❍ D. The Trojan was blocked, but the file was not

Answer 7

B. A download was blocked from a web server
A traffic flow from a web server port number (80) to a device port (60818)
indicates that this traffic flow originated on port 80 of the web server. A
file download is one of the most common ways to deliver a Trojan, and
this log entry shows that the file containing the XPACK.A_7854 Trojan
was blocked.

The incorrect answers:

A. The victim’s IP address is 136.127.92.171
The format for this log entry uses an arrow to differentiate between the
attacker and the victim. The attacker IP address is 136.127.92.171, and the
victim’s IP address is 10.16.10.14.

C. A botnet DDoS attack was blocked
A botnet attack would not commonly include a Trojan horse as part of a
distributed denial of service (DDoS) attack.

D. The Trojan was blocked, but the file was not
A Trojan horse attack involves malware that is disguised as legitimate
software. The Trojan malware and the file are the same entity, so there isn’t
a way to decouple the malware from the file.

Question 8

A user connects to a third-party website and receives this message:
Your connection is not private.
NET::ERR_CERT_INVALID
Which of the following attacks would be the MOST likely reason
for this message?

❍ A. Brute force
❍ B. DoS
❍ C. On-path
❍ D. Disassociation

Answer 8

C. On-path
An on-path attack is often associated with a third-party who is actively
intercepting network traffic. This entity in the middle would not be able
to provide a valid SSL certificate for a third-party website, and this error
would appear in the browser as a warning.

The incorrect answers:

A. Brute force
A brute force attack is commonly associated with password hacks. Brute
force attacks would not cause the certificate on a website to be invalid.

B. DoS
A DoS (Denial of Service) attack would prevent communication to a
server and most likely provide a timeout error. This error is not related to a
service availability issue.

D. Disassociation
Disassociation attacks are commonly associated with wireless networks,
and they usually cause disconnects and lack of connectivity. The error
message in this example does not appear to be associated with a network
outage or disconnection.