Udemy practice quizzes

Question 1

You are at the doctor’s office and waiting for the physician to enter the room to examine you. You look across the room and see a pile of patient records on the physician’s desk. There is no one in the room and your curiosity has gotten the better of you, so you walk across the room and start reading through the other patient records on the desk. Which tenent of security have you just violated?

Authentication
Confidentiality
Integrity
Availability

Answer 1

Confidentiality

Question 2

You have just walked up to the bank teller and requested to withdraw $100 from checking account #7654123 (your account). The teller asks for your name and driver’s license before conducting this transaction. After she looks at your driver’s license, she thanks you for your business, pulls out $100 from the cash drawer, and hands you back the license and the $100 bill. What category best describes what the bank teller just did?

Accounting
Authorization
Authentication
Availability

Answer 2

Authentication

Question 3

You are in the kitchen cooking dinner while your spouse is in the other room watching the news on the television. The top story is about how hackers have been able to gain access to one of the state’s election systems and tamper with the results. Unfortunately, you only heard a fraction of the story, but your spouse knows that you have been learning about hackers in your Security+ course and asks you, “Which type of hacker do you think would be able to do this?”

Hacktivists
Organized crime groups
APTs
Script kiddies

Answer 3

APTs

Hacktivists are usually political, but they are disorganized and don’t have the level of sophistication needed to hack into a well-defended government computer network like the election system.

While organized crime groups may have the sophistication to conduct the hack, they are usually more interested in conducting criminal actions to make money instead of getting involved in politics.

Question 4

A user has reported that their workstation is running very slowly. A technician begins to investigate the issue and notices a lot of unknown processes running in the background. The technician determines that the user has recently downloaded a new application from the internet and may have become infected with malware. Which of the following types of infections does the workstation MOST likely have?

Rootkit
Trojan
Keylogger
Ransomware

Answer 4

Trojan

A Trojan is designed to damage, disrupt, steal, or in general, inflict some other harmful action on your data or network. The most common form of a trojan is a Remote Access Trojan (RAT), which is used to allow an attacker to remotely control a workstation or steal information from it. To operate, a trojan will create numerous processes that run in the background of the system.

Question 5

On your lunch break, you walked down to the coffee shop on the corner. You open your laptop and connect to their wireless network. After a few minutes of surfing the Internet, a pop-up is displayed on your screen. You close the pop-up, finish your lunch break, shut down the laptop, and put it back into your backpack. When you get back to the office, you take out the laptop and turn it on, but instead of your normal desktop background, you are greeted by a full screen image with a padlock and a message stating you have to pay 1 BTC to regain access to your personal files. What type of malware has infected your laptop?

Trojan
Spyware
Ransomware
Rootkit

Answer 5

Ransomware

Question 6

A computer is infected with a piece of malware that has infected the Windows kernel in an effort to hide. Which type of malware MOST likely infected this computer?

Ransomware
Trojan
Rootkit
Botnet

Answer 6

Rootkit

A rootkit is a clandestine computer program designed to provide continued privileged access to a computer while actively hiding its presence. A rootkit is generally a collection of tools that enabled administrator-level access to a computer or network. They can often disguise themselves from detection by the operating system and anti-malware solutions. If a rootkit is suspected on a machine, it is best to reformat and reimage the system.

Question 7

Your company’s Security Operations Center (SOC) is currently detecting an ongoing DDoS attack against your network’s file server. One of the cybersecurity analysts has identified forty internal workstations on the network that are conducting the attack against your network’s file server. The cybersecurity analyst believes these internal workstations are infected with malware and places them into a quarantined area of the network. The analyst then submits a service desk ticket to have the workstations scanned and cleaned of the infection. What type of malware was the workstation likely a victim of based on the scenario provided?

Spyware
Botnet
Rootkit
Ransomware

Answer 7

Botnet

Question 8

The Security Operations Center Director for Dion Training received a pop-up message on his workstation that said, “You will regret firing me; just wait until Christmas!” He suspects the message came from a disgruntled former employee that may have set up a piece of software to create this pop-up on his machine. The director is now concerned that other code might be lurking within the network that could create a negative effect on Christmas. He directs his team of cybersecurity analysts to begin searching the network for this suspicious code. What type of malware should they be searching for?

Worm
Trojan
Adware
Logic bomb

Answer 8

Logic bomb

Question 9

In which type of attack does the attacker begin with a normal user account and then seeks to gain additional access rights?

Privilege escalation
Cross-site scripting
Spear phishing
Remote code execution

Answer 9

Privilege escalation

Question 10

You have been investigating how a malicious actor was able to exfiltrate confidential data from a web server to a remote host. After an in-depth forensic review, you determine that the web server’s BIOS had been modified by the installation of a rootkit. After you remove the rootkit and reflash the BIOS to a known good image, what should you do in order to prevent the malicious actor from affecting the BIOS again?

Install an anti-malware app
Install a HIDS
Utilize secure boot
Utilize file integrity monitoring

Answer 10

Utilize secure boot

Secure boot is a security system offered by UEFI. It is designed to prevent a computer from being hijacked by a malicious OS. Under secure boot, UEFI is configured with digital certificates from valid OS vendors. The system firmware checks the operating system boot loader using the stored certificate to ensure that it has been digitally signed by the OS vendor. This prevents a boot loader that has been changed by malware (or an OS installed without authorization) from being used.

Question 11

Your company recently suffered a small data breach that was caused by an employee emailing themselves a copy of the current customer’s names, account numbers, and credit card limits. You are determined that something like this shall never happen again. Which of the following logical security concepts should you implement to prevent a trusted insider from stealing your corporate data?

Firewall
MDM
DLP
Strong passwords

Answer 11

DLP

Data loss prevention software detects potential data breaches/data exfiltration transmissions and prevents them by monitoring, detecting, and blocking sensitive data while in use (endpoint actions), in transit (network traffic), and at rest (data storage). Since the user was an authorized user (employee), changing your password policy, reconfiguring the firewall, or setting up a MDM solution would not solve this problem. Instead, a DLP solution must be implemented.

Question 12

You are trying to select the best device to install in order to detect an outside attacker who is trying to reach into your internal network. The device should log the event, but it should not take any action to stop it. Which of the following devices would be the BEST for you to select?

Proxy server
Authentication server
IPS
IDS

Answer 12

An intrusion detection system is a device or software application that monitors a network or system for malicious activity or policy violations. Any malicious activity or violation is typically reported either to an administrator or collected centrally using a security information and event management system. Unlike an IPS, which can take action to stop malicious activity or policy violations, an IDS can only log these issues and not stop them.

Question 13

Which mobile device strategy is most likely to result in the introduction of vulnerable devices to a corporate network?

COPE
CYOD
BYOD
MDM

Answer 13

BYOD

Question 14

Your smartphone begins to receive unsolicited messages while you are eating lunch at the restaurant across the street from your office. What might cause this to occur?

Packet sniffing
Bluesnarfing
Bluejacking
Geotagging

Answer 14

Bluejacking

Bluejacking is the sending of unsolicited messages over Bluetooth to Bluetooth-enabled devices such as smartphones and tablets. Bluesnarfing, on the other hand, involves taking data from a smartphone or tablet over Bluetooth without permission. Bluetooth has a very limited range, so the attacker is likely within 10 meters of the victimized device.

Question 15

Tim, a help desk technician, receives a call from a frantic executive who states that their company-issued smartphone was stolen during their lunch meeting with a rival company’s executive. Tim quickly checks the MDM administration tool and identifies that the user’s smartphone is still communicating with the MDM and displays the location of the device on a map. What should Tim do next to ensure the data on the stolen device remains confidential and inaccessible to the thief?

Reset the device’s password
Perform a remote wipe of the device
Remotely encrypt the device
Identify the IP address of the smartphone

Answer 15

Perform a remote wipe of the device

This will ensure any and all corporate data is erased prior to anyone accessing it. Additionally, Tim could reset the device’s password, but if the thief is able to guess or crack the password, then they would have access to the data. Additionally, devices should be encrypted BEFORE they are lost or stolen, not after.

Question 16

Which type of threat will patches NOT effectively combat as a security control?

Zero-day attacks
Known vulnerabilities
Discovered software bugs
Malware with defined IoCs

Answer 16

Zero-day attacks

Zero-day attacks have no known fix, so patches will not correct them.

Question 17

What should administrators perform to reduce the attack surface of a system and to remove unnecessary software, services, and insecure configuration settings?

Harvesting
Windowing
Hardening
Stealthing

Answer 17

Hardening

Question 18

Which of the following security controls provides Windows system administrators with an efficient way to deploy system configuration settings across a large number of devices?

Patch management
GPO
HIPS
Anti-malware

Answer 18

GPO (Group Policy Object)

Microsoft’s Group Policy Object (GPO) is a collection of Group Policy settings that defines what a system will look like and how it will behave for a defined group of users. It allows an administrator to create a policy and deploy it across a large number of devices in the domain or network.

Question 19

Which of the following BEST describes when a third-party takes components produced by a legitimate manufacturer and assembles an unauthorized replica that is sold in the general marketplace?

Recycling
Capitalism
Counterfeiting
Entrepreneurship

Answer 19

Counterfeiting

Question 20

Which of the following programs was designed to secure the manufacturing infrastructure for information technology vendors providing hardware to the military?

Trusted Foundry (TF)
Supplies Assured (SA)
Supply Secure (SS)
Trusted Access Program (TAP)

Answer 20

Trusted Foundry (TF)
AKA trusted suppliers program

The Trusted Foundry program is a United States Department of Defense program designed to secure the manufacturing infrastructure for information technology vendors providing hardware to the military. Trusted Foundry was created to provide a chain of custody for classified/unclassified integrated circuits, ensure there is no reasonable threat related to supply disruption, prevent intentional/unintentional modification of integrated circuits, and protect integrated circuits from reverse engineering and vulnerability testing.

Question 21

Following a root cause analysis of the unexpected failure of an edge router, a cybersecurity analyst discovered that the system administrator had purchased the device from an unauthorized reseller. The analyst suspects that the router may be a counterfeit device. Which of the following controls would have been most effective in preventing this issue?

Increase network vulnerability scan frequency

Ensure all anti-virus signatures are up to date

Conduct secure supply chain management training

Verify that all routers are patched to the latest release

Answer 21

Conduct secure supply chain management training

Anti-counterfeit training is part of the NIST 800-53r4 control set (SA-19(1)) and should be a mandatory part of your supply chain management training within your organization. Training on detection methodologies (i.e., simple visual inspections) and training for acquisition personnel will better prevent recurrences.

Question 22

What is the lowest layer (bottom layer) of a bare-metal virtualization environment?

Hypervisor
Host OS
Guest OS
Physical hardware

Answer 22

Physical hardware

The bottom layer is physical hardware in this environment. It is what sits beneath the hypervisor and controls access to guest operating systems. The bare-metal approach doesn’t have a host operating system.

Question 23

You need to determine the best way to test operating system patches in a lab environment prior to deploying them to your automated patch management system. Unfortunately, your network has several different operating systems in use, but you only have one machine available to test the patches on. What is the best environment to utilize to perform the testing of the patches prior to deployment?

Sandboxing
Virtualization
Purchase additional workstations
Bypass testing and deploy patches directly into the production environment

Answer 23

Virtualization

When you have a limited amount of hardware resources to utilized but have a required to test multiple operating systems, you should set up a virtualized environment to test the patch across each operating system prior to deployment. You should never deploy patches directly into production without testing them first in the lab.

Question 24

Which of the following vulnerabilities involves leveraging access from a single virtual machine to other machines on a hypervisor?

VM escape
VM migration
VM sprawl
VM data remnant

Answer 24

VM escape

Question 25

A web developer wants to protect their new web application from a man-in-the-middle attack. Which of the following controls would best prevent an attacker from stealing tokens stored in cookies?

Forcing the use of TLS for the web application

Forcing the use of SSL for the web application

Setting the secure attribute on the cookie

Hashing the cookie value

Answer 25

Setting the secure attribute on the cookie

When a cookie has the Secure attribute, the user agent includes the cookie in an HTTP request only if the request is transmitted over a secure channel (typically HTTPS). Although seemingly useful for protecting cookies from active network attackers, the Secure attribute protects only the cookie’s confidentiality.

Forcing the web application to use TLS or SSL does not force the cookie to be sent over TLS/SSL, so you still would need to set the Secure attribute on the cookie.

Hashing the cookie provides integrity of the cookie, not confidentiality.

Question 26

A user reports that every time they try to access https://www.diontraining.com, they receive an error stating “Invalid or Expired Security Certificate”. The technician attempts to connect to the same site from other computers on the network, and no errors or issues are observed. Which of the following settings needs to be changed on the user’s workstation to fix the “Invalid or Expired Security Certificate” error?

Logon times
Date and time
UAC
UEFI boot mode

Answer 26

Date and time

There are two causes of the “Invalid or Expired Security Certificate”. The first is a problem with your computer, and the second occurs when the certificate itself has an issue.

Since the technician can successfully connect to the website from other computers, it shows that the error is on the user’s computer. One of the common causes of an Invalid or Expired Security Certificate error is the clock on the user’s computer being wrong since the website security certificates are issued to be valid within a given date range.

Question 27

Your company has created a baseline image for all of its workstations using Windows 10. Unfortunately, the image included a copy of Solitaire, and the CIO has created a policy to prevent anyone from playing the game on the company’s computers. You have been asked to create a technical control to enforce the policy (administrative control) that was recently published. What should you implement?

Application whitelist
Disable removeable media
Application blacklist
Application hardening

Answer 27

Application blacklist

You should create and implement an application blacklist that includes the Solitaire game on it. This will prevent the application from being able to be run on any corporate workstation.

Question 28

You are reviewing the IDS logs and notice the following log entry:

(where email=support@diontraining.com and password=‘ or 7==7’)

What type of attack is being performed?

XML injection
SQL injection
Header manipulation
XSS

Answer 28

SQL injection

A common technique in SQL injection is to insert a statement that is always true, such as 1 == 1, or in this example, 7 == 7.

Question 29

While conducting a penetration test of an organization’s web applications, you attempt to insert the following script into the search form on the company’s web site:

<script>
alert("This site is vulnerable to an attack!")
</script>

Then, you clicked the search button, and a pop-up box appears on your screen showing the following text, “This site is vulnerable to an attack!” Based on this response, what vulnerability have you uncovered in the web application?

Buffer overflow
XSRF
DDoS
XSS

Answer 29

XSS

XSS enables attackers to inject client-side scripts into web pages viewed by other users.

A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy.

Question 30

You are analyzing the SIEM for your company’s ecommerce server when you notice the following URL in the logs of your SIEM:

https://www.diontraining.com/add_to_cart.php?itemId=5”+perItemPrice=”0.00”+quantity=”100”+/><item+id=”5&quantity=0

Based on this line, what type of attack do you expect has been attempted?

SQL injection
Buffer overflow
XML injection
Session hijacking

Answer 30

XML injection

XML injection manipulates or compromises the logic of an XML application or service. The injection of unintended XML content and/or structures into an XML message can alter the intended logic of an application, and XML Injection can cause the insertion of malicious content into resulting messages/documents.

In this case, the URL is attempting to modify the server’s XML structure. The real key to answering this question is identifying the XML structured code being entered as part of the URL, which is shown by the bracketed data.

Question 31

A supplier needs to connect several laptops to an organization’s network as part of their service agreement. These laptops will be operated and maintained by the supplier. Victor, a cybersecurity analyst for the organization, is concerned that these laptops could potentially contain some vulnerabilities that could weaken the security posture of the network. What can Victor do to mitigate the risk to other devices on the network without having direct administrative access to the supplier’s laptops?

Scan the laptops for vulnerabilities and patch them

Increase the encryption level of VPN used by the laptops

Implement a jumpbox system

Require 2FA on the laptops

Answer 31

Implement a jumpbox system

A jumpbox is a system on a network used to access and manage devices in a separate security zone. This would create network segmentation between the supplier’s laptops and the rest of the network to minimize the risk. A jump-box system is a hardened and monitored device that spans two dissimilar security zones and provides a controlled means of access between them.

The jumpbox in this case would only be used to connect the vulnerable laptops to the company network, NOT to perform configuration.

While the other options listed are all good security practices, they do not fully mitigate the risk that insecure systems pose since Victor cannot enforce these configurations on a supplier provided laptop.

Question 32

An analyst is reviewing the configuration of a triple-homed firewall that connects to the internet, a private network, and one other network. Which of the following would best describe the third network connected to this firewall?

DMZ
Subnet
NIDS
GPO

Answer 32

DMZ

A triple-homed firewall connects to three networks internal (private), external (internet/public), and the demilitarized zone (DMZ). The demilitarized zone (DMZ) network hosts systems that require access from external hosts.

Question 33

Dion Training allows its visiting business partners from CompTIA to use an available Ethernet port in their conference room to establish a VPN connection back to the CompTIA internal network. The CompTIA employees should be able to obtain internet access from the Ethernet port in the conference room, but nowhere else in the building. Additionally, if a Dion Training employee uses the same Ethernet port in the conference room, they should be able to access Dion Training’s secure internal network. Which of the following technologies would allow you to configure this port and support both requirements?

Create an ACL to allow access
Configure a SIEM
MAC filtering
Implement NAC

Answer 33

Implement NAC

Network Access Control (NAC) uses a set of protocols to define and implement a policy that describes how to secure access to network nodes whenever a device initially attempts to access the network. NAC can utilize an automatic remediation process by fixing non-compliant hosts before allowing network access. Network Access Control can control access to a network with policies, including pre-admission endpoint security policy checks and post-admission controls over where users and devices can go on a network and what they can do.

Question 34

You have just received some unusual alerts on your SIEM dashboard and want to collect the payload associated with it. Which of the following should you implement to effectively collect these malicious payloads that the attackers are sending towards your systems without impacting your organization’s normal business operations?

Honeypot
Jumpbox
Sandbox
Containerization

Answer 34

Honeypot

A honeypot is a host set up with the purpose of luring attackers away from the actual network components and/or discovering attack strategies and weaknesses in the security configuration.

A jumpbox is a hardened server that provides access to other hosts.

A sandbox is a computing environment that is isolated from a host system to guarantee that the environment runs in a controlled, secure fashion.

Containerization is a type of virtualization applied by a host operating system to provision an isolated execution environment for an application.

Question 35

You are trying to select the best device to install in order to detect an outside attacker who is trying to reach into your internal network. The device should log the event, but it should not take any action to stop it. Which of the following devices would be the BEST for you to select?

Proxy server
Authentication server
IPS
IDS

Answer 35

IDS

An intrusion detection system is a device or software application that monitors a network or system for malicious activity or policy violations. Any malicious activity or violation is typically reported either to an administrator or collected centrally using a security information and event management system.

Unlike an IPS, which can take action to stop malicious activity or policy violations, an IDS can only log these issues and not stop them.

Question 36

During a security audit, you discovered that customer service employees have been sending unencrypted confidential information to their personal email accounts via email. What technology could you employ to detect these occurrences in the future and send an automated alert to the security team?

SSL
UTM
DLP
MDM

Answer 36

DLP

Data loss prevention (DLP) software detects potential data breaches/data exfiltration transmissions and prevents them by monitoring, detecting, and blocking sensitive data while in-use, in-motion, and at-rest. This can be configured to detect and alert on future occurrences of this issue.

Question 37

The Pass Certs Fast corporation has recently been embarrassed by a number of high profile data breaches. The CIO proposes improving the cybersecurity posture of the company by migrating images of all the current servers and infrastructure into a cloud-based environment. What, if any, is the flaw in moving forward with this approach?

This approach assumes that the cloud will provide better security than is currently done on-site

This approach only changes the location of the network and not the attack surface of it

The company has already paid for the physical servers and will not fully realize their ROI on them due to the migration

This is a reasonable approach that will increase the security of the servers and infrastructure

Answer 37

This approach only changes the location of the network and not the attack surface of it

A poorly implemented security model at a physical location will still be a poorly implemented security model in a virtual location. Unless the fundamental causes of the security issues that caused the previous data breaches have been understood, mitigated, and remediated, then migrating the current images into the cloud will simply change the location of where the processing occurs without improving the security of the network.

While the statement concerning unrealized ROI may be accurate, it simply demonstrates the fallacy of the sunk cost argument.

Question 38

Which of the following would a virtual private cloud infrastructure be classified as?

IaaS
PaaS
SaaS
FaaS

Answer 38

IaaS

Infrastructure as a Service (IaaS) is a computing method that uses the cloud to provide any or all infrastructure needs.

In a VPC environment, an organization may provision virtual servers in a cloud-hosted network. The service consumer is still responsible for maintaining the IP address space and routing internally to the cloud.

Question 39

Dave’s company utilizes Google’s G-Suite environment for file sharing and office productivity, Slack for internal messaging, and AWS for hosting their web servers. Which of the following type of cloud deployment models is being used?

Multi-cloud
Community
Private
Public

Answer 39

Multi-cloud

Multi-cloud is a cloud deployment model where the cloud consumer uses multiple public cloud services.

In this example, Dave is using the Google Cloud, Amazon’s AWS, and Slack’s cloud-based SaaS product simultaneously.

A private cloud is a cloud that is deployed for use by a single entity.

A public cloud is a cloud that is deployed for shared use by multiple independent tenants.

A community cloud is a cloud that is deployed for shared use by cooperating tenants.

Question 40

Which term is used in software development to refer to the method in which app and platform updates are committed to a production environment rapidly?

Continuous delivery
Continuous integration
Continuous deployment
Continuous monitoring

Answer 40

Continuous delivery

The key word here is PRODUCTION environment. This is the environment in which products are actively used.

Continuous deployment is a software development method in which app and platform updates are committed to production rapidly.

Continuous delivery is a software development method in which app and platform requirements are frequently tested and validated for immediate availability.

Continuous integration is a software development method in which code updates are tested and committed to a development or build server/code repository rapidly.

Continuous monitoring is the technique of constantly evaluating an environment for changes so that new risks may be more quickly detected.

Question 41

Which of the following utilizes a well-written set of carefully developed and tested scripts to orchestrate runbooks and generate consistent server builds across an enterprise?

SaaS
IaaS
IaC
SDN

Answer 41

IaC (Infrastructure as Code)

IaC is designed with the idea that a well-coded description of the server/network operating environment will produce consistent results across an enterprise, and significantly reduce IT overhead costs through automation while precluding the existence of security vulnerabilities.

SDN uses software to define networking boundaries, but does not necessarily handle server architecture in the same way that IaC can.

Infrastructure as a Service (IaaS) is a computing method that uses the cloud to provide any or all infrastructure needs.

Question 42

Which type of system would classify traffic as malicious or benign based on explicitly defined examples of malicious and benign traffic?

AI
ML
Deep learning
Generative adversarial network

Answer 42

ML

A machine learning (ML) system uses a computer to accomplish a task without ever being explicitly programmed to do it. In the context of cybersecurity, ML generally works by analyzing example data sets to create its own ability to classify future items presented. If the system was presented with large datasets of malicious and benign traffic, it will learn which is malicious and use that to categorize future traffic presented to it.

Deep learning is similar, except the datasets involved in deep learning ARE NOT EXPLICITLY DEFINED.