Test ?'s 6

Question 1

An engineer configures server systems to failover in a way that connections are maintained; however, performance is degraded. Evaluate the options and determine which type the engineer configures.

Answer 1

Active/active

Question 2

A network administrator is installing a device that uses redundant array of inexpensive disks (RAID) technologies for redundancy and provides employees remote access so that files can be accessed anywhere. The device does not require licensing and stores data at the file level. Which device is the employee likely installing in the infrastructure?

Answer 2

NAS – Network-attached storage (NAS) is a file-level data storage server attached to a network that provides data access to a common group of clients. NAS is a single storage device that serves files over Ethernet. NAS can be accessed remotely and uses RAID technologies for hard drive failure.

Question 3

Sometimes data is archived after it is past its usefulness for purposes of security or regulatory compliance. What is this called?

Answer 3

Retention – When policy dictates preserving data in an archive after the date it is still being used, whether for regulatory or security purposes, this is known as a retention policy.

Question 4

What protocol alters public IP addresses to private IP addresses and vice versa, in an attempt to protect internal computers from the Internet?

Answer 4

NAT - Network addressing protocol

Question 5

Which of the following describes a device that only runs administrative protocols such as secure shell (SSH) or remote desktop protocol (RDP) to securely manage application servers in a demilitarized zone (DMZ)?

Answer 5

Jump Server – A jump server only runs the necessary administrative ports and protocols (typically SSH or RDP). Administrators connect to the jump server then use the jump server to connect to the admin interface of application servers in a demilitarized zone (DMZ).

Question 6

Users are only allowed to work in the office. Account policies must provide login security measures. So, users are only working during normal business hours. Identify the policy that establishes the maximum amount of time an account may be logged in for at the workplace?

Answer 6

Time-based login policy – A time-based login policy establishes the maximum amount of time an account may be logged in for. For example, a user with no activity will be logged off after 6 hours.

Question 7

A company provides smartphones to their employees. IT administrators have the ability to deploy, secure, and remove specific applications and data from the employees’ smartphones. Analyze the selections and determine how IT can perform this type of control.

Answer 7

Storage Segmentation – Storage segmentation is personal data segmented from organizational data on a mobile device. It gives IT administrators control over corporate assets on employees’ mobile devices.

Question 8

For security purposes, mobile devices at an organization must include location metadata on all applicable data. Which method does the policy mandate?

Answer 8

Geotagging

Question 9

An IT company purchases a commercial off the shelf (COTS) product that allows for four developers to access and run the product against developed code for vulnerability and threat assessments. An IT audit indicates that five developers have accessed the product. Which of the following best describes what the company is in violation of?

Answer 9

Compliance/Licensing

Question 10

A vendor ensures that each Internet of Things (IoT) device produced uses random, unique cryptographic keys in accordance with the established certificate and key management practices found in The National Institute of Standards and Technology (NIST) publications. Which of the following constraints is the vendor preventing?

Answer 10

Reuse – The practice of reusing a cryptographic key can make a system vulnerable to cyber attacks. The longer a key is in use, the easier it is for an attacker to compromise it. Randomly generated, unique keys provide better security.

Question 11

A network engineer is plugging in new patch cables and wants to prevent inadvertent disruptions to the network while doing so. What will the engineer prevent if a Spanning Tree Protocol (STP) is configured on the switches?

Answer 11

Broadcast Storms – A Spanning Tree Protocol (STP) is a means for bridges to organize themselves into a hierarchy and prevent loops from forming. These loops have the potential for broadcasting multiple times creating a storm.

Question 12

A company uses a DevSecOps approach for developing and maintaining software. In one environment, developers complete penetration and vulnerability scanning to ensure the system is free of bugs and coding errors early on. Which of the following best describes this environment?

Answer 12

Test

Question 13

After software testing activities have been completed, a system administrator moves the .war file to an environment that allows end users to access the application. Which environment is the completed software being deployed to?

Answer 13

Production

Question 14

Teams of security experts are preparing for a penetration exercise using a white box environment. The activities will be monitored in an isolated environment in the company’s local datacenter. What would be the appropriate rules of engagement for this exercise?

Answer 14

Performance reconnaissance activities first and Involve a cloud service provider

Question 15

A test team performs an in-depth review of completed code and analyzes its compatibility with the environment it will be deployed to. Which of the following environments is the test occurring in?

Answer 15

Staging

Question 16

A large business works with a consulting group to develop a business continuity plan. The goal of the plan is to provide a potentially uninterrupted workflow in the event of an incident. Examine the descriptions and determine which one matches this goal.

Answer 16

Ensuring process redundancy supports the workflow

Question 17

Multiple private data sources ingest pictures to a machine learning tool on Google Cloud Platform to find specific species of butterflies. The pictures are tagged by creator names in the company before being loaded onto the various data source locations. What type of security solution can the IT team implement to prevent tainted training data from getting to the machine learning tool?

Answer 17

Keep ML algorithm a secret and Use SOAR to check picture properties

Question 18

A connection cannot be established during a network connection test of a newly deployed WAP (Wireless Access Point) in WPA2 Enterprise (Wi-Fi Protected Access) mode. After checking the wireless controller, the 802.1x option was selected, but another configuration setting did not save. Apply knowledge of the network connection process to determine which of the following did not save.

Answer 18

RADIUS server settings

Question 19

Determine a solution that can combine with a cloud access security broker (CASB) to provide a wholly cloud-hosted platform for client access?

Answer 19

Next-generation secure web gateway – An on-premises next-generation secure web gateway (SWG) is a proxy-based firewall, content filter, and intrusion detection/prevention system that mediates user access to Internet sites and services. Netskope is an example of an SWG product that can include a cloud access security broker (CASB).

Question 20

Consider conditional access to a system and determine which options fit the criteria.

Answer 20

Sudo restrictions and User account control (UAC)

Question 21

In regards to performing forensic investigation in public clouds, what document would contain the right to audit clause, giving the investigator the authority to audit files on the network?

Answer 21

Service-level agreements (SLA)

Question 22

The company’s current network utilizes EAP-TTLS (EAP-Tunneled TLS) for supplicant clients connecting to the network. Newer model devices and systems are deployed on the network and are not compatible with EAP-TTLS. These systems require MS-CHAPv2 for authentication. Which of the following options will support these new systems?

Answer 22

PEAP – PEAP uses MSCHAPv2 in PEAPv0 (also known as EAP-MSCHAPv2). Where required, another iteration called PEAPv2 (also known as EAP-GTC), which is a Cisco implementation, can be used.

Question 23

Companies often update their website links to redirect users to new web pages that may feature a new promotion or to transition to a new web experience. How would an attacker take advantage of these common operations to lead users to fake versions of the website?

Answer 23

Add redirects to .htaccess files and Craft phishing links in email

Question 24

In which environment can multiple developers check out software code and include change management processes?

Answer 24

Development

Question 25

Which of the following is designed to mitigate losses from cyber incidents such as data breaches, outages, and network damage?

Answer 25

Cybersecurity Insurance

Question 26

A zone separated from the local network, provides business partners access to company resources without disclosing internal information. What type of zone does this illustrate?

Answer 26

Extranet

Question 27

Which of the following is an example of a vulnerability database that a security administrator can use with Tenable Nessus to assess the security state of servers on the network?

Answer 27

CVE – Common Vulnerabilities and Exposures (CVE) is a database of information about vulnerabilities that are codified as signatures. A vulnerability scanner like Tenable Nessus uses CVE to scan the network to determine the security state of almost any device.

Question 28

A system administrator moves a file from a server to a client using Secure Shell (SSH) over port 22. Compare the protocols for file transfers to deduce the protocol utilized.

Answer 28

SFTP

Question 29

Experts at a scientific facility suspect that operatives from another government entity have planted malware and are spying on one of their top-secret systems. Based on the attacker’s location and likely goals, which attacker type is likely responsible?

Answer 29

State Actors

Question 30

A lack of which of the following measures of disorder can leave a cryptosystem vulnerable and unable to encrypt data securely?

Answer 30

Entropy – Entropy is a measure of cryptographic unpredictability. Using high entropy sources of data provides more security than using low sources. A lack of good entropy can leave a system vulnerable.

Question 31

An enterprise has recently experienced a severe malware attack. Admin has identified and removed the cause, and they are now checking the systems and bringing them back online. How would one categorize the cause with respect to incident response procedures?

Answer 31

Eradication – is an incident response lifecycle phase requiring the identification of the root cause of an incident. For instance, a user clicking on a suspicious attachment in an email is a root cause of a potentially larger problem.

Question 32

Identify types of metadata that would be associated with CDR (call detail records) of mobile devices.

Answer 32

Call Durations, SMS text timestamps, List of towers connected to

Question 33

A company purchased a few rack servers from a different vendor to try with their internal cluster. After a few months of integration failures, the company opted to remain with their previous vendor and to upgrade their other rack servers. The current commercial software will be migrated to the new rack servers. What may have caused the company to remain with their previous vendor for new rack servers?

Answer 33

Servers are incompatible and Vendor lacks expertise

Question 34

A threat actor logs in to a website as a free user and submits a request for a file. The request references the parent directory of the web server. This injection attack is successful by using a canonicalization attack to disguise the nature of the malicious input. How was the threat actor able to retrieve the file?

Answer 34

Using a directory traversal attack.

Question 35

Which principle of social engineering can a threat actor use to get many people to act as others would?

Answer 35

Consensus – The principle of consensus or social proof refers to techniques that cause many people to act just as others would without force. The attacker can use this instinct to persuade the target that to refuse a request would be odd.

Question 36

Which value is the result of a quantitative or qualitative risk analysis?

Answer 36

Inherent Risk – The result of quantitative or qualitative analysis is a measure of inherent risk. Inherent risk is the level of risk before any type of mitigation has been attempted.

Question 37

Which type of network attack involves asserting the use of an arbitrary hardware address onto a network interface card (NIC)?

Answer 37

MAC Cloning

Question 38

An Information Security Manager working for an ISP has discovered that an attacker has poisoned the DNS server cache by spamming it with recursive queries. Predict what tools the manager might use to discover whether the attacker has inserted any false records.

Answer 38

dnsenum and nslookup/dig

Question 39

Which of the following is NOT an example of improper or weak application patch management.

Answer 39

Application design flaw

Question 40

Verify the terminology that describes the action of isolating a system or file in order to contain a worm or virus.

Answer 40

Quarantine – Data loss prevention software can deny the offending user(s) access to the original file. The software accomplishes this by encrypting the file in place, or by moving the file to an area isolated from access. This is quarantining a file.

Question 41

What are different types of social engineering?

Answer 41

Phishing, Whaling, spear phishing, vishing, baiting, and scareware