Test ?'s 5

Question 1

A tech considers installing either a Raspberry Pi or Arduino system inside a small enclosure as a control device for sensitive tasks. The utilization of this technology is an example of which embedded system type?

Answer 1

System on chip (SoC)– is a design where processors, controllers, and devices are provided on a single processor die (or chip). Raspberry Pi and Arduino are examples of SoC boards.

Question 2

An increase in malware detection, due to certain web browsing activity in the workplace, caused the information systems security office (ISSO) to deploy a unified threat manager on the network. How would this network appliance help reduce malware on client workstations?

Answer 2

Block URLS, Block malware, and Scan web traffic

Question 3

How can an attacker exploit the lack of authentication between the internal services (e.g., implicit trust) of a web host to steal service account credentials?

Answer 3

Server-side request forgery (SSRF) – exploits both the lack of authentication between the internal servers and services (implicit trust) and weak input validation, allowing the attacker to submit unsanitized requests or Application Programming Interface (API) parameters.

Question 4

Where might one find operating system files during acquisition?

Answer 4

Pagefile, RAM, and Cache

Question 5

Which of the following represents a non-intrusive scanning type of framework?

Answer 5

Vulnerability Scanning – vulnerability scanners represent a non-intrusive scanning type. The scanner identifies vulnerabilities from its database by analyzing things, such as build and patch levels or system policies.

Question 6

Which of the following is NOT a critical profiling factor when assessing the risk that any one type of threat actor poses to an organization?

Answer 6

Non-Repudiation

Question 7

A cardiovascular patient is sent home with a monitoring device that records and sends data to a healthcare provider when triggered by abnormal cardiac activity. Response time to the data is critical to patient health. Which embedded platform is the medical device using?

Answer 7

A real-time operating system (RTOS) is in an embedded system intended to serve real-time applications that process data as it comes in. It provides a quicker reaction to external events than a typical operating system.

Question 8

A gray hat hacker will perform which of the following when using hacking techniques on an organization or software?

Answer 8

Cleanup evidence and Seek a bug bounty

Question 9

A system administrator implements a process that provides two separate paths from each server node to every disk in a redundant array of inexpensive disks set up to remove a single point of failure. What concept has the administrator implemented?

Answer 9

Multipathing – Multipathing allows users to configure multiple input/output (I/O) paths between server nodes and storage arrays into a single device to remove a single point of failure and increase redundancy.

Question 10

IT discovers a flaw in a web application where it allows queries without encryption. As a result, requests are being spoofed and directories containing private files are viewable. What is happening?

Answer 10

Extensible Markup Language (XML) injection – Extensible Markup Language (XML) can be used for data exchange. Without encryption, it is vulnerable to spoofing, request forgery, and injection of arbitrary code. For example, an XML External Entity (XXE) attack embeds a request for a local resource.

Question 11

A website uses a code generator for access to the site. Once a user enters their username, a one-time 30-second code is generated and provided through a stand-alone app. The user must enter the unique code to gain access. This is an example of which of the following cryptography methods?

Answer 11

Ephemeral

Question 12

A stratum 2 time server obtains routinely updated time to ensure accuracy. Evaluate the Network Time Protocol (NTP) and conclude which device provided the updates.

Answer 12

Stratum 1 – A stratum 2 server would obtain the time from a stratum 1 server. The higher level server must always receive the time.

Question 13

Where should a systems administrator search for more information on how to fix a CPU vulnerability on a Dell rack server?

Answer 13

Vendor support page

Question 14

What are valid security concerns for installing software on a mobile device from a website rather than an app store?

Answer 14

The website may have an outdated version and The .apk file may be a malicious software.

Question 15

What replaced RC4/TKIP to make WPA2 significantly more secure than WPA?

Answer 15

AES (Advanced Encryption Standard) and CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol).

Question 16

Recommend a strategy to establish what witnesses were doing at the scene, whether they observed any suspicious behavior or activity, and to gather information about the computer system.

Answer 16

Interview witnesses

Question 17

Choose the components a threat actor may use to set up a distributed denial of service attack (DDoS) on a local network.

Answer 17

Command and control, Remote Access Trojan, and a Botnet

Question 18

A security administrator notices port scanning from an unknown entity on the company infrastructure. The administrator sets up a router to provide erroneous information to be provided in return to protect the system from breach or attack. What is the router providing in response to the scan?

Answer 18

Fake telemetry – is false, but realistic, data used to trick an attacker into believing it is legitimate information.

Question 19

A company wants to implement a control model that dictates access based on attributes. The company would like to reconfigure the network by making changes from executable files instead of physically reconfiguring. Which of the following should the company implement?

Answer 19

SDN – A software defined network (SDN) separates data and control planes in a network. It uses an attribute-based access control (ABAC) that identifies subjects and objects within a policy.

Question 20

Recommend a strategy for organizing evidence during the e-discovery process of forensic investigation.

Answer 20

Apply Tags – Tags might be used to indicate relevancy to the case or part of the case or to show confidentiality and help organize evidence according to keywords or labels.

Question 21

Using Unified Extensible Firmware Interface (UEFI) to boot a server, the system must also provide secure boot capabilities. Part of the secure boot process requires a secure boot platform key or self-signed certificate. Determine which of the following an engineer can use to generate keys within the server using an available Peripheral Component Interconnect Express (PCIe) slot.

Answer 21

A hardware security module (HSM) is an appliance designed to perform centralized public key infrastructure (PKI) management, key generation, or key escrow for devices. HSM can also be implemented as a plug-in PCIe adapter card to operate within a device.

Question 22

A financial institution uses File Transfer Protocol Secure (FTPS) to transmit personally identifiable information (PII) to a receiving institution. Which encryption method would best be suitable for protecting the confidentiality of the information in transit?

Answer 22

Secure Socket Layer/Transport Layer Security (SSL/TLS)

Question 23

A company shares an external drive that allows members to collaborate documentation and products to work simultaneously. The CIO enforces a rule that some users can download files to their local desktop while others can only view files. This is an example of which type of data protection?

Answer 23

Rights Management

Question 24

Which coding automation concept relates to committing and testing updates often?

Answer 24

Continuous Integration

Question 25

An attacker came within close proximity of a victim and sent the mobile device user spam of an unsolicited text message. Once the user clicked the link in the message, Trojan malware infected the user’s device. What type of attack did the hacker most likely infect the mobile user with?

Answer 25

Bluejacking – A Bluetooth-discoverable device is vulnerable to bluejacking, similar to spam, where someone sends an unsolicited text (or picture/video) message or vCard (contact details). This can also be a vector for Trojan malware.

Question 26

Which of the following is the service that provisions the user account and processes authentication requests?

Answer 26

Identity provider

Question 27

A microfabrication company recently suffered a breach of their R&D servers, from which blueprints and proprietary development documents were downloaded. What is likely the most impactful organizational consequence of this breach?

Answer 27

IP-theft

Question 28

The 802.1x framework establishes several ways for devices and users to be securely authenticated before they are permitted access to LAN (Local Area Network) or WLAN (Wireless LAN). Identify the actual authentication mechanism established.

Answer 28

EAP – 802.1x, which is the Port-based Network Access Control framework, establishes several ways for devices and users to be securely authenticated before they are permitted full network access. EAP or extensible authentication protocol is the actual authentication mechanism.

Question 29

Which type of service account has the most privileges?

Answer 29

System

Question 30

An organization that is planning a move to the cloud checks to see that the chosen CSP uses a standard method for creating and following security competencies. Which method does the CSP likely implement?

Answer 30

Cloud controls matrix – Cloud controls consists of specific controls and assessment guidelines that should be implemented by CSPs. A matrix acts as a starting point for agreements as it provides a baseline level of security competency that the CSP should meet.

Question 31

A small department at a company manages a server, separate from IT, for data access and backup purposes. What role does the department fulfill?

Answer 31

Data Custodian – The data custodian role handles managing the system on which the data assets are stored. This includes responsibility for enforcing access control, encryption, and backup/recovery measures.