Test ?'s 4

Question 1

A company is looking into integrating on-premise services and cloud services with a cloud service provider (CSP) using an Infrastructure as a Service (IaaS) plan. As a cloud architect works on architectural design, which of the following statements would NOT apply in this case?

Answer 1

The provider is responsible for the availability of the software.

Question 2

Identify the concepts that function as alternatives to kill chain life cycle analysis in threat intelligence.

Answer 2

MITRE ATT&CK and The Diamond Model of Intrusion Analysis

Question 3

A social engineer used a phishing attack to trick users into visiting a website. Once users visit the site, a vulnerability exploit kit installs, which actively exploits vulnerabilities on the client. What type of attack did the users become a victim of?

Answer 3

A Man-in-the-Browser (MitB) attack – A MitB attack compromises the web browser by installing malicious plug-ins, scripts, or intercepting API calls. Vulnerability exploit kits installed on a website can actively try to exploit vulnerabilities in clients browsing the site.

Question 4

Analyze the methods and determine which a technician uses as a non-persistent recovery method on a server using a system baseline.

Answer 4

Rollback to known configuration – Rollback to known configuration is a mechanism for restoring a baseline system configuration, such as Windows System Restore.

Question 5

Identify the most volatile form of memory.

Answer 5

Cache

Question 6

What type of scanning tool or configuration would result in zero false positives being reported?

Answer 6

Non-credentialed scan and Non-intrusive tool

Question 7

A tablet uses a key-based technique for encrypting data. It focuses on a pair of public and private keys for decryption and encryption of web traffic using less power than other encryption methods. Which encryption method is this?

Answer 7

Elliptic curve cryptography (ECC) is an asymmetric public and private key-based cryptographic technique for encrypting data. ECC generates keys through the properties of the elliptic curve equation providing smaller and more efficient cryptographic key processes.

Question 8

What is AAA?

Answer 8

Authentication, Authorization, and Accounting

Question 9

A security administrator protects systems passwords by hashing their related keys. The administrator discovers that this approach does not make the key any stronger or more difficult to crack. Analyze the different security properties and determine which one the administrator implemented.

Answer 9

Key stretching – Key stretching takes a key that is generated from a user password and repeatedly converts it to a longer and more random key.

Question 10

Analyze the active defense solution statements and determine which best describes the purpose of a honeyfile.

Answer 10

The attempts to reuse can be traced if the threat actor successfully exfiltrates it.

Question 11

A developer uses a prepackaged set of tools that includes documentation, application programming interfaces (APIs), code samples, and libraries to easily integrate an application with the company Linux operating system. Which secure coding process is the developer using?

Answer 11

Software development kit (SDK)

Question 12

A start-up company operates all of its web servers and services on a cloud platform using Platform as a Service (PaaS). The company offices run a local domain controller for directory services. Which type of attacks would the cloud service provider consider as cloud-based attacks as opposed to on-premise?

Answer 12

Backdoor to virtual platforms and RAT on web servers

Question 13

A recent attack on the company involving a threat actor from another country prompted the security team to host regular penetration testing exercises. The recent attack involved the IT team as well as human resources because an employee’s desktop was breached. In the upcoming exercise, what role would the human resource team portray along with the IT team to simulate the recent attack and its experiences?

Answer 13

The blue team is one of two competing teams in a penetration testing exercise. The blue team performs a defensive role by operating, monitoring, and alerting controls.

Question 14

Which boot integrity concepts utilize the trusted platform module (TPM)?

Answer 14

Boot attestation and Measured boot

Question 15

Which classification of data is likely to be immediately escalated in the case of a breach?

Answer 15

Critical data, sometimes top-secret, is too valuable to permit any risk of a breach. Therefore, any detected abnormality should immediately be escalated to senior decision-makers.

Question 16

Auditing SIP (Session Initiation Protocol)-based VoIP logs can reveal evidence of Man-in-the-Middle attacks. When handling requests, what do the call manager and any intermediate servers add to the SIP log file?

Answer 16

Their own IP address

Question 17

The NIST Computer Security Incident Handling Guide describes six stages of the incident response lifecycle. Indicate in which stage of the incident response lifecycle the incident response team would review and analyze their response and possibly integrate changes into the team’s Incident Response Plan.

Answer 17

Lessons learned

Question 18

A cloud service provider informs its consumers that Amazon Linux version 1 products will no longer be supported after 31 December. Consumers using these products must have a plan in place to upgrade to the newest Amazon Linux product, version 2. After the deadline, Amazon Linux 1 products will only receive critical patches. Which of the following best describes the degradation of the product.

Answer 18

The end of life (EOL) for a software product occurs when a product will no longer be produced or sold. These products are most likely to be replaced by a newer version or model.

Question 19

A company runs certain applications within isolated cells according to employee job functions to minimize access to resources on the operating system. This type of virtualization is which of the following?

Answer 19

Container

Question 20

When implementing a native-cloud firewall, which layer of the Open Systems Interconnection (OSI) model will require the most processing capacity to filter traffic based on content?

Answer 20

At layer 7, or the application layer of the OSI model, the firewall can parse application protocol headers and payloads (such as HTTP packets) and make filtering decisions based on their contents. This requires the most processing capacity (or load balancing), or the firewall will become a bottleneck causing network latency.

Question 21

A network tech is installing an intrusion detection system (IDS) on a corporate network. The system is intended to be a long-term monitoring solution and would ideally split or copy network signals on the physical layer to avoid frame loss. Anticipate the type of sensor the tech will install in conjunction with the IDS.

Answer 21

Test Access Point (TAP)

Question 22

A network administrator can conduct a site survey to find potential placement locations of wireless access points (WAP) using which of the following?

Answer 22

Heat map and Wi-Fi analyzer

Question 23

A network administrator is installing a device that uses redundant array of inexpensive disks (RAID) technologies for redundancy and provides employees remote access so that files can be accessed anywhere. The device does not require licensing and stores data at the file level. Which device is the employee likely installing in the infrastructure?

Answer 23

Network-attached storage (NAS) is a file-level data storage server attached to a network that provides data access to a common group of clients. NAS is a single storage device that serves files over Ethernet. NAS can be accessed remotely and uses RAID technologies for hard drive failure.

Question 24

After opening a third branch office in another state, the security team is having difficulty monitoring the network and managing system logs. Using a standard Security Information and Event Management (SIEM) system, what can the team do to better manage these events in a centralized way?

Answer 24

Deploy listeners – A management server can be configured to be a listener or collector to gather logs from multiple sources and parse the data before sending it to the SIEM system. Multiple listeners can better manage collections to reduce the number of systems communicating with the SIEM.

Question 25

A brute-force attack compromises a server in a company’s data center. Security experts investigate the attack type and discover which vulnerability on the server?

Answer 25

Weak Encryption

Question 26

A system administrator has a file on a Linux server that needs transferring to a client. While working on the client, what tool will the system administrator likely use to complete this task?

Answer 26

Secure Shell

Question 27

An engineer configures a security control that oversees and monitors other controls for effectiveness. Which category of control does the engineer utilize?

Answer 27

Managerial

Question 28

An organization remodels an office which results in the need for higher security during construction. Placing a security guard by the data center utilizes which control types?

Answer 28

Preventative and Operational

Question 29

What are the four components of the Diamond Model?

Answer 29

Adversary, capability, infrastructure, and victim