5 Flashcards
Grace recently completed a risk assessment of her organization’s exposure to data breaches and determined that there is a high level of risk related to the loss of sensitive personal information. She is considering a variety of approaches to managing this risk.
Grace’s first idea is to add a web application firewall to protect her organization against SQL injection attacks. What risk management strategy does this approach adopt?
Risk avoidance
Risk acceptance
Risk mitigation
Risk transference
Risk mitigation
Kevin recently identified a new security vulnerability and computed its CVSS base score as 6.5. Which risk category would this vulnerability fall into?
Low
Medium
High
Critical
Medium
Alaina wants to maintain chain of custody documentation and has created a form. Which of the following is not a common element on a chain of custody form?
Signature of the person transferring the item
Item identifier number
Signature of the person receiving the item
Method of transport
Method of transport
Gary wants to use secure protocols for email access for his end users. Which of the following groups of protocols should he implement to accomplish this task?
POPS, IMAPS, HTTPS
SPF, POPS, IMAPS
DMARC, DKIM, SPF
DKIM, DMARC, HTTPS
POPS, IMAPS, HTTPS
Alaina has implemented WPA2 and uses enterprise authentication for access points in infrastructure mode. What encryption protocol is her network using?
WEP
IV
TKIP
CCMP
CCMP
Glenn recently obtained a wildcard certificate for *. mydomain.com. Which one of the following domains would not be covered by this certificate?
core.mydomain.com
mydomain.com
dev.www.mydomain.com
mail.mydomain.com
dev.www.mydomain.com
Nick wants to display the ARP cache for a Windows system. What command should he run to display the cache?
arpcache -show
arp -d
showarp
arp /a
arp /a
Jim wants to view log entries that describe actions taken by applications on a CentOS Linux system. Which of the following tools can he use on the system to view those logs?
logger
tail
syslog-ng
journalctl
journalctl
Fran’s organization uses a Type I hypervisor to implement an IaaS offering that it sells to customers. Which one of the following security controls is least applicable to this environment?
The provider must maintain security patches on the hypervisor.
Customers must maintain security patches on guest operating systems.
Customers must manage security groups to mediate network access to guest operating systems.
The provider must maintain security patches on the host operating system.
The provider must maintain security patches on the host operating system.
Precompiled SQL statements that only require variables to be input are an example of what type of application security control?
Encoding data
Appropriate access controls
Parameterized queries
Input validation
Parameterized queries
Kevin discovered that his web server was being overwhelmed by traffic, causing a CPU bottleneck. Using the interface offered by his cloud service provider, he added another CPU to the server. What term best describes Kevin’s action?
Vertical scaling
Elasticity
High availability
Horizontal scaling
Vertical scaling
Olivia wants to install a host-based security package that can detect attacks against the system coming from the network, but she does not want to take the risk of blocking the attacks since she fears that she might inadvertently block legitimate traffic. What type of tool could she install that will meet this requirement?
A data loss prevention tool
A host intrusion prevention system
A host firewall
A host intrusion detection system
A host intrusion detection system
Frank is concerned about the admissibility of his forensic data. Which of the following is not an element he should be concerned about?
Whether the forensic source data has remained unaltered
Whether the forensic information includes a timestamp
Whether the evidence is relevant to the case
Whether the practices and procedures would survive review by experts
Whether the forensic information includes a timestamp
Nicole accidentally types www.smazon.com into her browser and discovers that she is directed to a different site loaded with ads and pop-ups. Which of the following is the most accurate description of the attack she has experienced?
Pharming
Typosquatting
Hosts file compromise
DNS hijacking
Typosquatting
Ryan is planning to conduct a vulnerability scan of a business-critical system using dangerous plug-ins. What would be the best approach for the initial scan?
Run the scan during business hours.
Do not run the scan to avoid disrupting the business.
Run the scan against production systems to achieve the most realistic results possible.
Run the scan in a test environment.
Run the scan in a test environment.
Lucca is prototyping an embedded system and wants to use a device that can run a full Linux operating system so that he can install and use a firewall and other security software to protect a web service he will run on it. Which of the following solutions should he use?
An FPGA
An Arduino
None of the above
A Raspberry Pi
A Raspberry Pi
Naomi receives a report of smishing. What type of attack should she be looking for?
Text message–based phishing
Server-based phishing
Compressed files in phishing
Voicemail-based phishing
Text message–based phishing
Skimming attacks are often associated with what next step by attackers?
Vishing
Cloning
Phishing
Dumpster diving
Cloning
Grace recently completed a risk assessment of her organization’s exposure to data breaches and determined that there is a high level of risk related to the loss of sensitive personal information. She is considering a variety of approaches to managing this risk.
Grace’s company decided to install the web application firewall and continue doing business. They are still worried about other risks to the information that were not addressed by the firewall and are considering purchasing an insurance policy to cover those risks. What strategy does this use?
Risk acceptance
Risk mitigation
Risk transference
Risk avoidance
Risk transference
Bart needs to assess whether a three-way TCP handshake is occurring between a Linux server and a Windows workstation. He believes that the workstation is sending a SYN but is not sure what is occurring next. If he wants to monitor the traffic, and he knows that the Linux system does not provide a GUI, what tool should he use to view that traffic?
dd
tcpreplay
Wireshark
tcpdump
tcpdump
Chris has turned on logon auditing for a Windows system. Which log will show them?
The Windows Application log
The Windows Security log
The Windows System log
All of the above
The Windows Security log
Gurvinder has been asked to assist a company that recently fired one of their developers. After the developer was terminated, the critical application that they had written for the organization stopped working and now displays a message reading “You shouldn’t have fired me!” If the developer’s access was terminated and the organization does not believe that they would have had access to any systems or code after they left the organization, what type of malware should Gurvinder look for?
A RAT
A PUP
A logic bomb
A keylogger
A logic bomb
Frank is investigating a security incident where the attacker entered a very long string into an input field, which was followed by a system command. What type of attack likely took place?
Command injection
Cross-site request forgery
Server-side request forgery
Buffer overflow
Buffer overflow
Ken is conducting threat research on Transport Layer Security (TLS) and would like to consult the authoritative reference for the protocol’s technical specification. What resource would best meet his needs?
Academic journal
Internet RFCs
Textbooks
Subject matter expert
Internet RFCs
