Ucertify Exam Prep

Question 1

The threat intelligence cycle is a five-step process. Here are the five steps of the threat intelligence cycle:

Answer 1

Requirements gathering
Data collection
Data processing and analysis:
Intelligence dissemination: 
Feedback:

Question 2

1-Requirements gathering:

Answer 2

Assess what security breaches or compromises a user faced.

Question 3

2-Data collection:

Answer 3

Collect data from threat intelligence sources to meet intelligence requirements.

Question 4

3-Data processing and analysis:

Answer 4

Process data to allow it to be consumed by whatever tools or processes a user intends to use and then the user must analyze data itself.

Question 5

4-Intelligence dissemination:

Answer 5

Distribute data to leadership and operational personnel who will use data as part of their security operations role.

Question 6

5-Feedback:

Answer 6

Gather feedback about reports and data users have gathered.

Question 7

Which of the following open ports represents the most significant possible security vulnerability?
A 23
B 22
C 443
D 161

Answer 7

Port 23 is used by Telnet, which is an insecure unencrypted communications protocol.

Question 8

A ________ is a specialized tool used to find WPA and WPA2 passphrases specifically on networks that support the WPS feature.

Answer 8

reaver

Question 9

What can be used to write a checklist and report results in a standardized fashion?

Answer 9

Extensible Configuration Checklist Description Format (XCCDF)

Question 10

Data loss prevention (DLP) may be able to intercept and block unencrypted sensitive information, leaving the webserver but it does not

Answer 10

apply cryptography to web communications.

Question 11

Packet sniffing monitors only the headers of packets to determine

Answer 11

what type of traffic is being sent.

Question 12

Flow sends information about

Answer 12

all connections or sends a sampled dataset.

Question 13

SNMP allows network devices to

Answer 13

send information about important events as SNMP traps.

Question 14

During which phase of the software development life cycle (SDLC) model does user acceptance testing (UAT) occur?

Answer 14

testing and integration phase of the software development life cycle (SDLC) model

Question 15

__________ is a form of structured and formal code review intended to find a variety of problems during the development process of the code.

Answer 15

Fagan inspection

Question 16

___________ provides a searchable listing of vulnerable hosts, including details of the system that was scanned.

Answer 16

Shodan search engine

Question 17

A _____________________ is a document that defines a bilateral or multilateral agreement between two parties

Answer 17

memorandum of understanding (MOU)

Question 18

Succession planning is a security control that is designed to provide

Answer 18

continuity for security responsibilities.

Question 19

The ALE value of a specific risk is calculated by multiplying an SLE by its ARO to determine the financial magnitude of this risk on an annual basis. Here’s the formula for calculating ALE:

Answer 19

ALE (annual loss expectancy) = SLE (single loss expectancy) X ARO (annual rate of occurrence)

Question 20

________________ allows a user to deploy, configure, and manage data centers through scripts

Answer 20

Infrastructure as code (IaC)

Question 21

Resource servers handle authenticated requests after the application has

Answer 21

obtained an access token

Question 22

___________ analysis methods run potential malware applications and detect threats based on their behavior. This is good for zero day attacks

Answer 22

Heuristic analysis

Question 23

Which protocol provides an encryption key and a digital signature that verifies that an email message was not forged or altered?

A. LDAP
B. DKIM
C. HTTPS
D. IPSecc

Answer 23

The DomainKeys Identified Mail (DKIM) protocol provides an encryption key and a digital signature that verifies that an email message was not forged or altered.

Question 24

A qualitative risk assessment ranks the potential of a threat and sensitivity of assets

Answer 24

by grade or scale such as low, medium, or high.

Question 25

quantitative risk assessment

Answer 25

measure threat exposure and likelihood with cost-based metrics.

Question 26

Tamper-proof seals are used when it is necessary to prove that devices, systems, or spaces were not

Answer 26

accessed during your absence. They often include holographic logos that help to ensure that tampering is visible and cannot be easily hidden by replacing a logo.

Question 27

Hashcat tool is a password-cracking utility that uses

Answer 27

graphics processing units (GPUs) to crack passwords at a very high rate of speed.

Question 28

Sysinternals is a tool that includes resources and utilities Microsoft Windows environment.

Answer 28

to manage, diagnose, troubleshoot, and monitor a

Question 29

____________ is unauthorized equipment that is attached to a network or assets which create a side channel for an attack. I

Answer 29

Rogue hardware

Question 30

Accidental Threat

Answer 30

…

Question 31

Physical Threat

Answer 31

…

Question 32

Structural Threat

Answer 32

Resource exhaustion is a type of structural threat

Question 33

SIFT SANS Investigative Forensic Tool Kit

Answer 33

…

Question 34

Fagan Inspection

Answer 34

Formal Code review process

Question 35

Mutation Testing

Answer 35

…

Question 36

It allows cloud customers for the serverless application architecture. It is used to execute or trigger functions written by developers. It offers Amazon’s Lambda services. Which Cloud Service is this?

Answer 36

function as a service (FaaS)

Question 37

OWASP

Answer 37

…

Question 38

Which of the following statements are true of proper compensating controls?

Answer 38

They must meet the intent and rigor of the original requirement.

They must provide a similar level of defense as the original requirement.

They must be “above and beyond” other PCI DSS procedures.

Question 39

In a pent test the _______ coordinates the exercise and serves as referees, arbitrating disputes between the team, maintaining the technical environment, and monitoring the results.

Answer 39

white team

Question 40

The ________________ identifies potentially malicious external domains. ACLs can permit and deny traffics for a virtual machine endpoint.

Answer 40

access control list (ACL)

Question 41

Secure Shell (SSH), uses port

Answer 41

22

Question 42

database servers commonly run on ports

Answer 42

1433 (for Microsoft SQL Server),

Question 43

Remote Desktop Protocol (RDP) services run on port.

Answer 43

3389

Question 44

The _______model is a sequential model in which each phase is followed by the next phase. In this model, phases do not overlap and each logically leads to the next.

Answer 44

waterfall

Question 45

The _____ model, which is an extension of the Waterfall model, pairs a testing phase with each development stage. Each phase starts only after the testing for the previous phase is done.

Answer 45

V model

Question 46

The _______________ model doesn’t focus on any planning or a process. It focuses on making resources available and simply starting coding based on requirements as they are revealed.

Answer 46

big bang model

Question 47

The _______________act is a United States law that requires publicly traded companies to have proper internal control structures in place to validate that their financial statements accurately reflect their financial results. SOX

Answer 47

Sarbanes-Oxley (SOX)

Question 48

______ scanner is a commercial network vulnerability scanner that offers a unique deployment model using the software-as-a-service (SaaS) management console to run scans using appliances located both in on-premises datacenters and the cloud.

Answer 48

Qualys’s vulnerability

Question 49

__________ is an agile software development technique that places two developers at one workstation. One developer writes code, while the other developer reviews their code as they write it.

Answer 49

Pair programming

Question 50

Protected ______ ____________ (PHI)

Answer 50

Protected health information

Question 51

____ ______ ________allows administrators to specify which hosts are allowed to send email messages from a given domain by creating a specific SPF record in the Domain Name System (DNS).

Answer 51

Sender Policy Framework (SPF)

Question 52

NIST recommends using the following four categories to describe the functional impact of an incident:

None: No effect on an organization’s ability to provide all services to all users.

Low: Minimal effect an organization can still provide all critical services to all users but has lost efficiency.

Medium: An organization has lost the ability to provide a critical service to a subset of system users.

High: An organization is no longer able to provide some critical services to any users.

Answer 52

None: No effect on an organization’s ability to provide all services to all users.

Low: Minimal effect an organization can still provide all critical services to all users but has lost efficiency.

Medium: An organization has lost the ability to provide a critical service to a subset of system users.

High: An organization is no longer able to provide some critical services to any users.

Question 53

________ for scanning a hard drive to view the deleted communication

Answer 53

Forensic Toolkit (FTK)

Question 54

Tools in the _________ suite can capture packets from wireless networks, conduct packet injection attacks, and crack preshared keys used on wireless networks

Ettercap
Wireshark
Aircrack-ng
Wifiphisher

Answer 54

aircrack-ng

Question 55

____ _______ is a process of extracting data from a computer when that data has no associated file system metadata

Answer 55

File carving

Question 56

_______ can be used to open connections to both the Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP) ports and services running on those ports.

Traceroute
Netstat
Netcat
TCPConn

Answer 56

Netcat

Question 57

Common Configuration Enumeration

Answer 57

…