A2 Build your Own Flashcards by Guadalupe Banuelos

An attacker inserts malicious code into a library file that several different applications can access simultaneously. What type of attack are they performing?

DLL injection

LDAP injection

SQL injection

XML injection

DLL injection

How well did you know this?

Not at all

Perfectly

Testing an application for vulnerabilities after each code update falls under which of the following?

Continuous monitoring

Continuous integration

Continuous deployment

Continuous validation

How well did you know this?

Not at all

Perfectly

During the second phase of responding to an incident, after a potential incident has been reported, time should be taken to vet the report before determining whether the incident is valid or not.

What is this step in incident response?

Detection

Containment

Recovery

Eradication

Detection

How well did you know this?

Not at all

Perfectly

An employee in the finance department of a company needs access to a specific folder on a file server in order to retrieve a file to perform their work. The administrator gives the employee read and write access to the folder with the file they need.

What type of security policy is being ignored in this situation?

Job rotation

Mandatory vacation

Least privilege

Separation of duties

Least privilege

How well did you know this?

Not at all

Perfectly

After deploying a new business system application, a security administrator discovered a potentially misconfigured piece of software that may lead to a weakness. They are concerned that there may be more, but they do not want to impact the system’s performance as it is already in use in the organization.

Which of the following should they perform?

Risk assessment

PING sweep

Penetration test

Vulnerability scan

How well did you know this?

Not at all

Perfectly

A contractor inadvertently causing a power outage that takes down a company’s servers is an example of what?

Unskilled attacker

Internal threat

Shadow IT

APT

Internal threat

How well did you know this?

Not at all

Perfectly

A security engineer is consulting for a local hospital. Their IT systems do not use any methods for sustained emergency power, which has the executives concerned. What can the security engineer recommend as an emergency power system in case of a power outage?

Surge protector

UPS

Load balancer

Backup generator

How well did you know this?

Not at all

Perfectly

Which authentication method is a “something you know” factor that can commonly be broken into by using brute-force methods?

USB security key

Password

Retina scan

GPS

Password

How well did you know this?

Not at all

Perfectly

What is an example of an object in a MAC access control system?

Permissions

Access

Users

Files

How well did you know this?

Not at all

Perfectly

Which type of operating system is designed for use in mission-critical embedded devices that need to process data as it comes in rather than using system interrupts?

Android

RTOS

iOS

SELinux

RTOS

How well did you know this?

Not at all

Perfectly

Which solution is responsible for authenticating email by allowing organizations to publish a list of authorized email servers in their DNS records?

DMARC

SMTP

DKIM

SPF

How well did you know this?

Not at all

Perfectly

A law firm needs to communicate securely with other firms that are working with them on a rather large case. They are transferring sensitive information and need authentication, integrity, nonrepudiation, privacy, and data security for their electronic communications.

What is an IETF standard that provides cryptographic security for electronic messages such as email?

POP

S/MIME

SPF

SNMP

S/MIME

How well did you know this?

Not at all

Perfectly

An administrator of a file server wants to ensure that they have a complete backup of the entire storage contents every day so they can restore data from only one backup if needed.

What type of backup should they perform?

Grandfather-father-son

Incremental

Full

Differential

Full

How well did you know this?

Not at all

Perfectly

Which weakness occurs when administrators install new network devices without making any changes?

XSS

Default credentials

Race conditions

SQLi

Default credentials

How well did you know this?

Not at all

Perfectly

Which element of security governance ensures that data is protected from eavesdropping while in transit?

Access control

Encryption

Multifactor authentication

Passwords

Encryption

How well did you know this?

Not at all

Perfectly

At which stage in the incident response process does the first responder first become involved in the incident response process?

Preparation

Containment

Eradication

Identification

How well did you know this?

Not at all

Perfectly

You are a student learning about all of the security standards that must be understood when working as a security analyst. Who is the world’s largest developer and publisher of international standards?

IEEE

ISO

CCPA

GDPR

ISO

How well did you know this?

Not at all

Perfectly

An administrator wants to configure a network share so that users can only see and run the files that exist on it. They don’t want anyone to be able to put files into this folder. Which of the following permissions would they select in a Windows system?

Read

Write

Modify

Read and execute

How well did you know this?

Not at all

Perfectly

By sending a user an email, an attacker successfully got the user to navigate to a website and install malicious software. This software is now sending all the user’s typing activity to the attacker, who is looking for credit card and banking information.

Which of the following did the attacker install?

RAT

Trojan

Keylogger

Ransomware

Keylogger

How well did you know this?

Not at all

Perfectly

An online real estate firm uses an automated tool to scan its network for vulnerabilities. Once they have compiled the list of known vulnerabilities on their network, how should they prioritize addressing them?

Date discovered

CVE

Vendor

CVSS

How well did you know this?

Not at all

Perfectly

Which of the following could be used to prevent sensitive data from being leaked via email?

MDM

DLP

Content filters

Firewall rules

DLP

How well did you know this?

Not at all

Perfectly

Which process is used by both sides of a legal case to search through a company’s emails, documents, and other digital artifacts?

Root cause analysis

Due diligence

Attestation

E-discovery

How well did you know this?

Not at all

Perfectly

A company wants to perform a penetration test of its network. They will give the testers some information about the network but will not give credentials or configuration details.

Which type of test are they performing?

Known environment

Fuzz test

Unknown environment

Partially known environment

How well did you know this?

Not at all

Perfectly

Question 13
/ 247
Which of the following RAID levels requires a minimum of four disk drives, combines mirroring and striping for redundancy and performance, and organizes drives in pairs?

Correct answer: 10

RAID 10 (also known as RAID 1+0) combines mirroring and striping to provide both redundancy and performance. A minimum of four disks is required, with drives added in pairs. Data is mirrored within each pair to ensure redundancy ( fault tolerance), and the pairs are striped to improve read and write performance. If one drive in a pair fails, its mirror provides the backup. RAID 10 is ideal for environments that need both high performance and fault tolerance, but it requires more drives than other RAID levels to implement effectively.

How well did you know this?

Not at all

Perfectly

An administrator has to manage a large set of users grouped by department, and there are sets of permissions that have to be applied to these departments and the sub-departments. Which access control model uses a set of permissions for each group rather than individual permissions? ABAC DAC MAC RBAC

RBAC

Which hardening technique installs agents on target systems to identify and address threats in real time? Host-based firewall Encryption HIPS EDR

EDR

A company sets up a proxy server to filter web content that employees can access. Their filtering solution will look at the history of websites that users request access to and determine their trustworthiness based on that. What method of web filtering are they using? URL scanning Reputation-based Content categorization Block rules

Reputation-based

An attacker uses social engineering to take control of their target's domain through their registrar. What type of attack is being executed? Domain hijacking Domain reputation DNS poisoning URL redirection

Domain hijacking

An administrator needs a security solution for their organization's cloud environment. They want a service that sits between their on-site premises and the cloud provider. It should allow them to define security policies for traffic flowing outside their on-premises site to the cloud. What type of security solution should they implement? Security groups CASB CRL BPDU

CASB

Which type of activity in compliance monitoring gives a balance between evaluating compliance from an employee's point of view and a third party's point of view? Acknowledgment Internal and external auditing Due diligence Attestation

Internal and external auditing

After determining the reliability of the company's various business systems, a SysOps manager is now looking to determine the maintenance requirements. They need to know how long it would take to restore a system in the event of an outage. Which of the following provides that information? RPT RTO MTTR MTBF

MTTR

Which of the following steps ensures that after new code is developed and tested, it is automatically put into production? Continuous monitoring Continuous integration Continuous validation Continuous deployment

Continuous validation Continuous deployment

Which of the following policies should a company create so individuals with an interest in a company are adequately informed during an incident response? Disaster recovery plan Business continuity plan Communication plan Stakeholder management plan

Stakeholder management plan

What standard or regulation is concerned with protecting PHI? ISO/IEC 27002 PCI DSS GDPR HIPAA

HIPAA

A company wants to make it easier for cybersecurity personnel to respond to common types of incidents by making pre-defined procedures that staff can follow. What type of document should they create for this? DRP Playbook BCP Electronic code book

Playbook

Which stage of the incident response process focuses on reducing the risk of future attacks? Lessons learned Containment Recovery Eradication

Lessons learned

One cryptographic method seeks to create an unknown key through mathematical equations that create nonlinear lines for more secure encryption keys. It requires less computational power while being more difficult to crack. What type of cryptography uses the structure of a nonlinear line? AES RSA Elliptic curve Diffie-Hellman

Elliptic curve

A cloud services provider is analyzing vulnerabilities in their infrastructure. They are currently trying to quantify the percentage of loss that would result from a load balancer failing. What type of metric are they calculating? Annualized loss expectancy Business impact analysis Single loss expectancy Exposure factor

Exposure factor

A marketing firm is developing a new front end for potential customers. The site includes a contact form where interested users can submit a message and their contact information. What type of precaution should be implemented when using a form like this? Secure cookies Input validation Code signing Sandboxing

Input validation

Continuity-of-operations planning is an extremely critical element of business impact planning and covers the restoration of mission-critical functions within the organization. Primarily, a recovery site is an alternative location where operations can take place and which serves as a failover in the event of a catastrophe at the main site. Of the following types of redundant sites, which is a nearly complete duplicate of the main site and costs the most to maintain? Gray site Warm site Hot site Cold site

Hot site

What should a contract with a cloud provider include so that the customer may check that the cloud provider is adhering to their stated security requirements? SLA SOW Rig3ht-to-audit clause Clean desk policy

Rig3ht-to-audit clause

Which of the following types of password attacks must be used in hopes of eventually cracking a password that is long, unique, and complex? Dictionary Brute force Rainbow table Password spraying

Brute force

Which of the following backup types occurs directly after each change is made? Replication Incremental Snapshot Full

Replication

An online financial institution wants to monitor an application for potential security issues. Where can they look to find useful information about this? System baseline Memory utilization report Application logs CPU usage report

Application logs

A penetration tester is actively exploiting vulnerabilities in an organization's network and applications. Which category of penetration testing are they engaged in? Physical Offensive Defensive Integrated

Offensive

Which of the following application security best practices is designed to prevent a malicious site from stealing sensitive information stored by another site on a user's computer? HTTP headers Code signing Input validation Secure cookies

Secure cookies

Which of the following situations is an example of making an exception to a risk? A company is about to release a new software application when it discovers a small defect, but management formally approves to allow the project to be released on time and patched at a later date A company that develops software wants to create an educational app for students but realizes that data privacy laws are too strict and complicated, so they decide to create financial software instead A company relies on a supplier for a key component and makes a temporary decision to continue accepting their products despite the supplier having operational issues A company realizes that it needs more security controls on their data in order to comply with GDPR, so they hand off the responsibility of managing the data to a third party

A company relies on a supplier for a key component and makes a temporary decision to continue accepting their products despite the supplier having operational issues

Which of the following types of NIDS requires frequent updates to be effective? Behavior-based Heuristic-based Anomaly-based Signature-based

Signature-based

Which of the following vulnerabilities can cause a segmentation fault if a variable has a value of NULL? Pointer dereference Memory leak Integer overflow Buffer overflow

Pointer dereference

Of the following, which is a web application vulnerability that can be perpetrated when an attacker embeds malicious HTML or JavaScript into a website for it to execute when the victim visits the web page? CSRF XSS SQL injection DLL injection

XSS

A company is considering implementing secure protocols for communications between systems. They are currently deciding if they want to use TCP or UDP. Which aspect of choosing a secure protocol are they choosing? Use case Transport method Encryption method Port selection

Transport method

A security analyst is performing threat hunting. They notice that a user is logged in twice on a system to use an application that is not usually used on two devices at once. What type of indicator of compromise is the security analyst observing? Concurrent session usage Impossible travel Account lockout Resource consumption

Concurrent session usage

A web server running on a user's workstation may be an example of which of the following configuration issues? Error Unsecured protocols Default settings Open ports and services

Open ports and services

A group of threat actors disagrees with some of the actions that a company takes. Subsequently, they use hacking tools to deface the company's website to promote their cause. What type of threat is this group? Script kiddies Organized crime Insider threats Hacktivists

Hacktivists

Which type of testing looks at an application without running it? Fuzzing Stress Dynamic analysis Static analysis

Static analysis

An organization is working to improve the security of their email to prevent spam and phishing attempts. They are currently creating a policy that determines if messages should be accepted, rejected, or quarantined. What type of protocol are they working with? SPF DNS DMARC DKIM

DMARC DKIM

A medical devices company wants to work with a third party to handle data compliance issues. They will select from a few different vendors by making inquiries about specific topics. They hope to get insight from each vendor based on their feedback to these inquiries. What should they implement to accomplish this? Business continuity plan Vulnerability scan Disaster recovery plan Questionnaires

Questionnaires

Which of the following activities is characteristic of physical penetration testing? Exploiting vulnerabilities in a web application Assessing policies related to employee security training Compromising surveillance systems Simulating attacks on the network

Compromising surveillance systems

An attacker uses a packet sniffer to steal credentials when an administrator connects to a server through Telnet. Later, they use those credentials to log into the system. What type of attack is being perpetrated? Buffer overflow Replay Injection Forgery

Replay

The CEO at Acme Inc. is concerned that a new network security system may be failing due to improper installation and maintenance. They want to know how often it fails in a given time period. When performing a risk analysis, what value defines the average time that a system is up before it fails again? MTBF MTU MTTR MPLS

MTBF

An attacker intercepts a user's authentication mechanism to a system and reuses it to gain unauthorized access to the system. What type of attack is being done in this scenario? DDoS Downgrade attack Credential replay CSRF

Credential replay

What is the process of a qualified third party verifying an organization's compliance to standards and regulations called? Attestation Active reconnaissance Self-assessment Due diligence

Attestation

An organization is calculating the loss that would occur if one of their servers failed. They are currently looking at the financial losses that would be felt, and determined it to be around $10,000. What type of assessment have they conducted? Exposure factor ALE Impact ARO

Impact

Which of the following is a method for exchanging secret keys when neither offline sharing nor public key encryption is sufficient? DES Diffie-Hellman AES Elliptic curve

Diffie-Hellman

Virtual desktops or cybersecurity solutions offered as a service are examples of which of the following cloud computing models? PaaS XaaS IaaS SaaS

XaaS

Which of the following refers to breaking a network into smaller subnetworks based on business purposes? Microsegmentation Isolation Segmentation Containment

Segmentation

A user at Acme Inc. received an email purporting to be from UPS. The user was told to open the attachment to receive a lost package. The user opened the attachment and almost immediately a prompt popped up on the screen declaring that the system had been encrypted with a secret password and that a sum of digital currency was to be sent to the listed address. Which of the following is this an example of? Ransomware Spyware Keylogger RAT

Ransomware

application that requires users to sync data between devices over the cloud. To keep devices synced, they need to keep track of every change made so they can recreate the exact state of data on each device. Which type of backup architecture should they use for this? Journaling Failover Snapshots Replication

Journaling

Which of the following memory locations is MOST likely to store recently-used data such as documents or passwords? Optical disks Swap file RAM Hard disk

RAM

Why is attestation important for compliance monitoring? It demonstrates that employees are aware of compliance requirements It automates data tracking and reporting of compliance information It confirms that an organization adheres to compliance requirements It shows that a third party is free from weaknesses or vulnerabilities

It confirms that an organization adheres to compliance requirements

A vulnerability scanner is testing for cross-site scripting (XSS) vulnerabilities. Which of the following is the scanner targeting? Web application Network Operating system Application

Web application

A major retail company wants to outsource its payment processing to a third party but wants to be sure the vendor implements adequate security practices. Before making an agreement, what should they request from the vendor? Mandatory access control Independent assessment Parallel processing Identity proofing

Independent assessment

The owner of a small business is consulting with an IT engineer on how to have their files and data readily available on their network. They would prefer the data to be redundant, without a central server, as they cannot afford the infrastructure at this time. Which of the following would be an ideal solution that would connect storage directly to the network with redundancy such as RAID 1 mirroring? HDD USB NAS SSD

NAS Network attached storage (NAS) is used to connect storage to the network with RAID 1 mirroring. The mirroring ensures that data is secure from outages and corruption. Should the first hard drive fail, the mirrored drive can be used as failover. NAS can be part of a bigger storage area called a SAN (storage area network). Several NAS devices can make up an SAN. USB is used for connecting local devices. SSD and HDD are types of storage drives.

Smith Industries is interested in automating the temperature management system in its data center and being able to anticipate rising temperatures to make adjustments. Which of the following could be used to monitor large data centers for abnormal temperatures? TOTP MDM software SFPs SCADA

SCADA

During the course of risk investigation, an organization discovers that a certain risk is rather unavoidable, and they want to take out insurance in order to pass the risk to a third party in exchange for monthly payments. What is the term used for giving over risk to a third party? Risk acceptance Risk transference Risk mitigation Risk avoidance

Risk transference

Which industry standard is used to assess the severity of security vulnerabilities? CVSS OSINT CVE SCAP

CVSS

A small company has not kept good records of the assets it has on its network. To start creating an asset inventory, they use a vulnerability scanner to help identify their systems. What is this process called? Segmentation Enumeration Sanitization Decommissioning

Enumeration

At Acme Inc., employees are periodically forced to go through periods of learning and performing other employees' functions to ensure that there is no fraud occurring. Which of the following is a method of detecting malicious activity by putting one employee into another's role? Mandatory vacations Onboarding Separation of duties Least privilege

Mandatory vacations

Acme Inc. is using software that is hosted on the vendor's website. The software provides payroll and accounting features, as well as some CRM components. All of the services are maintained by the vendor. Which of the following is Acme using? FaaS PaaS SaaS IaaS

SaaS

Which of the following attacks is OS-based? -An attacker crafts input for a web form that is SQL code designed to change data in the backend database -An attacker impersonates a manager at a company in order to convince an employee to give them sensitive information -An attacker exploits a vulnerability in how a system handles file permission to gain root access to the system An attacker tricks a user on the internet to perform an action on a website where they are already authenticated

Correct answer: An attacker exploits a vulnerability in how a system handles file permission to gain root access to the system Operating systems (OSs) act as intermediaries between hardware and software programs. An exploit concerning weaknesses with file permissions is an OS-based attack. An attacker tricking a user on the internet to perform an action on a website where they are already authenticated is a web-based CSRF attack. An attacker crafting input for a web form that is SQL code designed to change data in the backend database is a web-based SQL injection attack. An attacker impersonating a manager at a company in order to convince an employee to give them sensitive information is an example of social engineering

What is the term used when organizations allow a certain amount of risk? Risk transfer Risk mitigation Risk acceptance Risk avoidance

Risk acceptance

An administrator is concerned that a computer with sensitive information can be tampered with or rendered inoperable. Despite the system's hard drive being secured with encryption along with a username and password combination, they want to ensure that the computer cannot be sabotaged through changes in the system's firmware. What technique can they use to ensure that firmware has not been compromised? Secure enclave Sandbox Secure boot Steganography

Secure boot

An organization wants to configure an access control scheme. They want each user, as well as all data, to be assigned a clearance level. Administrators grant users a clearance level based on a need-to-know basis. What type of access control should the organization use? RBAC DAC MAC RuBAC

MAC

A2 Build your Own Flashcards

(86 cards)