JasonDion Practice Exam 5

Question 1

Which of the following techniques would allow an attacker to get a full listing of your internal DNS information if your DNS server is not properly secured?

A. DNS poisoning
B. Zone transfers
C. FQDN resolution
D. Split horizon

Answer 1

B. Zone transfers

Question 2

You are applying for a job at a cybersecurity firm. The application requests you enter your social security number, date of birth, and email address to conduct a background check as part of the hiring process. Which of the following types of information has you been asked to provide?

A. CUI
B. PHI
C. PII
D. IP

Answer 2

C. PII

Question 3

An organization cannot immediately remediate a known system vulnerability due to operational constraints. Which strategy can be used to reduce the risk associated with this vulnerability in the meantime?

A. Biometric Authentication
B. Digital Forensics
C. Data Loss Prevention (DLP)
D. Compensating Controls

Answer 3

D. Compensating Controls

Question 4

Which of the following Wireshark filters should be applied to a packet capture to detect applications that send passwords in cleartext to a REST API located at 10.1.2.3?

A. http.request.method==”POST” && ip.dst==10.1.2.3
B. ip.proro==tcp
C. ip.dst==10.1.2.3
D. http.request.method==”POST”

Answer 4

A. http.request.method==”POST” && ip.dst==10.1.2.3

Question 5

You are working as a junior cybersecurity analyst and utilize a SIEM to support investigations into ongoing incidents. The SIEM is configured to collect data from numerous sources across the network, including network sensors, routers, switches, firewalls, hosts, and servers. Unfortunately, due to the number of data sources, you have data about a particular event being detected by different sensors and devices. Which of the following must you ensure to make sense of all the data being collected by your SIEM before analyzing it?

A. Data sanitization
B. Data retention
C. Data correlation
D. Data recovery

Answer 5

C. Data correlation

Question 6

Among the following vulnerabilities, which one was reported as a “Top 10” due to its common occurrence and the potential severity of its impact?

A. SolarWinds SUNBURST Attack
B. Poodle Attack
C. Cross-Site Scripting (XSS)
D. Spectre Attack

Answer 6

C. Cross-Site Scripting (XSS)

Question 7

An analyst reviews a triple-homed firewall configuration that connects to the internet, a private network, and one other network. Which of the following would best describe the third network connected to this firewall?

A. NIDS
B. Subnet
C. GPO
D. DMZ

Answer 7

D. DMZ

Question 8

Which of the following vulnerabilities was the MOST critical due to its high potential impact and exploitability?

A. Shellshock
B. Logjam
C. Stagefright
D. Drupalgeddon

Answer 8

A. Shellshock

Question 9

Which of the following techniques listed below are not appropriate to use during a passive reconnaissance exercise against a specific target company?

A. BGP looking glass usage
B. Registrar checks
C. Banner grabbing
D. WHOIS lookups

Answer 9

C. Banner grabbing

Question 10

Judith is conducting a vulnerability scan of her data center. She notices that a management interface for a virtualization platform is exposed to her vulnerability scanner. Which of the following networks should the hypervisor’s management interface be exposed to ensure the best security of the virtualization platform?

A. DMZ
B. Internal zone
C. External zone
D. Management network

Answer 10

D. Management network

Question 11

You are conducting threat hunting on your organization’s network. Every workstation on the network uses the same configuration baseline and contains a 500 GB HDD, 4 GB of RAM, and the Windows 10 Enterprise operating system. You know from previous experience that most of the workstations only use 40 GB of space on the hard drives since most users save their files on the file server instead of the local workstation. You discovered one workstation that has over 250 GB of data stored on it. Which of the following is a likely hypothesis of what is happening, and how would you verify it?

A. The host might be the victim of a remote access trojan – you should reimage the machine immediately.
B. The host might be used as a command and control node for a botnet – you should immediately disconnect the host from the network.
C. The host might use as a staging area for data exfiltration – you should conduct volume-based trend analysis on the host’s storage device.
D. The host might be offline and conducted backups locally – you should contact a system administrator to have it analyzed.

Answer 11

D. The host might be offline and conducted backups locally – you should contact a system administrator to have it analyzed.

Question 12

Your organization has been experiencing several cybersecurity incidents, including data breaches and compliance violations, that seems to stem from the software your team develops. What approach can you implement to systematically reduce these incidents?

A. Patch Management
B. Secure Software Development Life Cycle (SDLC)
C. Agile Development
D. Waterfall Model

Answer 12

B. Secure Software Development Life Cycle (SDLC)

Question 13

Which of the following type of solutions would you classify an FPGA as?

A. Trusted platform module
B. Root of trust
C. Hardware security module
D. Anti-tamper

Answer 13

D. Anti-tamper

Question 14

You walked up behind a penetration tester in your organization and saw the following output on their Kali Linux terminal:

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
[ATTEMPT] target 192.168.1.142 – login “root” – pass “abcde” 1 of 10
[ATTEMPT] target 192.168.1.142 – login “root” – pass “efghi” 2 of 10
[ATTEMPT] target 192.168.1.142 – login “root” – pass “12345” 3 of 10
[ATTEMPT] target 192.168.1.142 – login “root” – pass “67890” 4 of 10
[ATTEMPT] target 192.168.1.142 – login “root” – pass “a1b2c” 5 of 10
[ATTEMPT] target 192.168.1.142 – login “user” – pass “abcde” 6 of 10
[ATTEMPT] target 192.168.1.142 – login “user” – pass “efghi” 7 of 10
[ATTEMPT] target 192.168.1.142 – login “user” – pass “12345” 8 of 10
[ATTEMPT] target 192.168.1.142 – login “user” – pass “67890” 9 of 10
[ATTEMPT] target 192.168.1.142 – login “user” – pass “a1b2c” 10 of 10
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

What type of test is the penetration tester currently conducting?

A. Conducting a port scan of 192.168.1.142.
B. Conducting a Denial of Service attack on 192.168.1.142.
C. Conducting a brute force login attempt of a remote service on 192.168.1.142.
D. Conducting a ping sweep of 192.168.1.142/24.

Answer 14

C. Conducting a brute force login attempt of a remote service on 192.168.1.142.

Question 15

An analyst suspects that a trojan has victimized a Linux system. Which command should be run to determine where the current bash shell is being executed from on the system?

A. ls -l bash
B. dir bash
C. printenv bash
D. which bash

Answer 15

C. printenv bash

Question 16

Which of the following utilizes a well-written set of carefully developed and tested scripts to orchestrate runbooks and generate consistent server builds across an enterprise?

A. Software Defined Networking (SDN)
B. Infrastructure as Code (IaC)
C. Software as a Service (SaaS)
D. Infrastructure as a Service (IaaS)

Answer 16

B. Infrastructure as Code (IaC)