Architecture and Design Flashcards by Fabien Sacco

You are helping to set up a backup plan for your organization. The current plan states that all of the organization’s servers must have a daily backup conducted. These backups are then saved to a local NAS device. You have been asked to recommend a method to ensure the backups will work when needed for restoration. Which of the following should you recommend?

Create an additional copy of the backups in an off-site datacenter

Attempt to restore to a test server from one of the backup files to verify them

Set up scripts to automatically reattempt any failed backup jobs

Frequently restore the server from backup files to test them

Attempt to restore to a test server from one of the backup files to verify them

How well did you know this?

Not at all

Perfectly

When conducting forensic analysis of a hard drive, what tool would BEST prevent changing the hard drive contents during your analysis?

Forensic drive duplicator

Software write blocker

Degausser

Hardware write blocker

How well did you know this?

Not at all

Perfectly

Taylor needs to sanitize hard drives from some leased workstations before returning them to a supplier at the end of the lease period. The workstations’ hard drives contained sensitive corporate data. Which is the most appropriate choice to ensure that data exposure doesn’t occur during this process?

Clear, validate, and document the sanitization of the drives

Purge, validate, and document the sanitization of the drives

Clear the drives

The drives must be destroyed to ensure no data loss

Purge, validate, and document the sanitization of the drives

How well did you know this?

Not at all

Perfectly

You work for Dion Training as a physical security manager. You are concerned that the physical security at the entrance to the company is not sufficient. To increase your security, you are determined to prevent piggybacking. What technique should you implement first?

Require all employees to wear security badges when entering the building

Install a mantrap at the entrance

Install a RFID badge reader at the entrance

Install CCTV to monitor the entrance

Install a mantrap at the entrance

How well did you know this?

Not at all

Perfectly

During a security audit, you discovered that customer service employees have been sending unencrypted confidential information to their personal email accounts via email. What technology could you employ to detect these occurrences in the future and send an automated alert to the security team?

UTM

SSL

MDM

DLP

How well did you know this?

Not at all

Perfectly

Which of the following hashing algorithms results in a 160-bit fixed output?

NTLM

SHA-2

RIPEMD

MD-5

RIPEMD

RIPEMD creates a 160-bit fixed output. SHA-2 creates a 256-bit fixed output. NTLM creates a 128-bit fixed output. MD-5 creates a 128-bit fixed output.

How well did you know this?

Not at all

Perfectly

A financial services company wants to donate some old hard drives from their servers to a local charity. The hard drives used in the servers are self-encrypting drives. Still, they are concerned about the possibility of residual data being left on the drives. Which of the following secure disposal methods would you recommend the company use?

Overwrite

Zero-fill

Secure erase

Cryptographic erase

How well did you know this?

Not at all

Perfectly

Your company has just finished replacing all of its computers with brand new workstations. Colleen, one of your coworkers, has asked the company’s owner if she can have the old computers that are about to be thrown away. Colleen would like to refurbish the old computers by reinstalling a new operating system and donate them to a local community center for disadvantaged children in the neighborhood. The owner thinks this is a great idea but is concerned that the private and sensitive corporate data on the old computer’s hard drives might be placed at risk of exposure. You have been asked to choose the best solution to sanitize or destroy the data while ensuring the computers will still be usable by the community center. What type of data destruction or sanitization method do you recommend?

Shredding

Degaussing

Wiping

Destroying

Wiping

How well did you know this?

Not at all

Perfectly

Which of the following vulnerabilities involves leveraging access from a single virtual machine to other machines on a hypervisor?

VM migration

VM data remnant

VM sprawl

VM escape

How well did you know this?

Not at all

Perfectly

Select four security features that you should use with a workstation or laptop within your organization?

Network Sniffer
Cellular Data
MDM
Location Tracking
Cable Lock
Host Based Firewall
CAT 5e STP
Remote Wipe

Host based firewall, network sniffer, cable lock, CAT5e STP

How well did you know this?

Not at all

Perfectly

What is the lowest layer (bottom layer) of a bare-metal virtualization environment?

Host operating system

Physical hardware

Guest operating system

Hypervisor

Physical hardware

How well did you know this?

Not at all

Perfectly

Which of the following describes the overall accuracy of a biometric authentication system?

Crossover error rate

False positive rate

False rejection rate

False acceptance rate

Crossover error rate

How well did you know this?

Not at all

Perfectly

Which cloud computing concept is BEST described as focusing on replacing the hardware and software required when creating and testing new applications and programs from a customer’s environment with cloud-based resources?

IaaS

PaaS

SECaaS

SaaS

PaaS

Platform as a Service (PaaS) provides the end-user with a development environment without all the hassle of configuring and installing it themselves

How well did you know this?

Not at all

Perfectly

Which of the following is the most important feature to consider when designing a system on a chip?

Ability to interface with industrial control systems

Type of real-time operating system in use

Space and power savings

Ability to be reconfigured after manufacture

Space and power savings

How well did you know this?

Not at all

Perfectly

Your company has just finished replacing all of its computers with brand new workstations. Colleen, one of your coworkers, has asked the owner of the company if she can have the old computers that are about to be thrown away. Colleen would like to refurbish the old computers by reinstalling a new operating system and donate them to a local community center for disadvantaged children in the neighborhood. The owner thinks this is a great idea but is concerned that the private and sensitive corporate data on the old computer’s hard drives might be placed at risk of exposure. You have been asked to choose the best solution to sanitize or destroy the data while ensuring the computers will still be usable by the community center. What type of data destruction or sanitization method do you recommend?

Purging

Degaussing

Wiping

Shredding

Wiping

How well did you know this?

Not at all

Perfectly

Sarah is working at a startup that is focused on making secure banking apps for smartphones. Her company needs to select an asymmetric encryption algorithm to encrypt the data being used by the app. Due to the need for high security of the banking data, the company needs to ensure that whatever encryption they use is considered strong, but also need to minimize the processing power required since it will be running on a mobile device with lower computing power. Which algorithm should Sarah choose in order to provide the same level of high encryption strength with a lower overall key length?

Diffie-Hellman

ECC

RSA

Twofish

ECC

How well did you know this?

Not at all

Perfectly

Which of the following vulnerabilities involves leveraging access from a single virtual machine to other machines on a hypervisor?

VM sprawl

VM data remnant

VM migration

VM escape

How well did you know this?

Not at all

Perfectly

Which of the following hashing algorithms results in a 160-bit fixed output?

NTLM

SHA-2

SHA-1

MD-5

SHA-1

SHA-1 creates a 160-bit fixed output. SHA-2 creates a 256-bit fixed output. NTLM creates a 128-bit fixed output. MD-5 creates a 128-bit fixed output.

How well did you know this?

Not at all

Perfectly

Which of the following cryptographic algorithms is classified as stream cipher?

AES

DES

RC4

Blowfish

RC4

How well did you know this?

Not at all

Perfectly

ECC with a 256-bit key

DES with a 56-bit key

AES with a 256-bit key

Randomized one-time use pad

How well did you know this?

Not at all

Perfectly

Which of the following authentication mechanisms involves receiving a one-time use shared secret password, usually through a token-based key fob or smartphone app, that does not expire?

EAP

HOTP

Smart card

TOTP

HOTP (HMAC-based One-time Password Algorithm)

How well did you know this?

Not at all

Perfectly

Which of the following would a virtual private cloud infrastructure be classified as?

Infrastructure as a Service

Function as a Service

Software as a Service

Platform as a Service

Infrastructure as a Service

How well did you know this?

Not at all

Perfectly

Which of the following is NOT considered part of the Internet of Things?

Laptop

ICS

SCADA

Smart television

Laptop

How well did you know this?

Not at all

Perfectly

You have just completed identifying, analyzing, and containing an incident. You have verified that the company uses older unencrypted SSDs as part of their default configuration and the manufacturer does not provide a SE utility for the devices. The storage devices contained top-secret data that would bankrupt the company if it fell into a competitor’s hands. After safely extracting the data from the device and saving it to a new self-encrypting drive, you have been asked to securely dispose of the SSDs. Which of the following methods should you use?

Use a secure erase (SE) utility on the storage devices

Physically destroy the storage devices

Conduct zero-fill on the storage devices

Perform a cryptographic erase (CE) on the storage devices

Physically destroy the storage devices

How well did you know this?

Not at all

Perfectly

Which protocol is paired with OAuth2 to provide authentication of users in a federated identity management solution? ADFS SAML OpenID Connect Kerberos

OpenID Connect OAuth 2 is explicitly designed to authorize claims and not to authenticate users. The implementation details for fields and attributes within tokens are not defined. Open ID Connect (OIDC) is an authentication protocol that can be implemented as special types of OAuth flows with precisely defined token fields.

Dion Training has set up a lab consisting of 12 laptops for students to use outside of normal classroom hours. The instructor is worried that a student may try to steal one of the laptops. Which of the following physical security measures should be used to ensure the laptop is not stolen or moved out of the lab environment? Cable locks Entry control roster Biometric locks USB locks

Cable locks

Dion Training has contracted a software development firm to create a bulk file upload utility for its website. During a requirements planning meeting, the developers asked what type of encryption is required for the project. After some discussion, Jason decides that the file upload tool should use a cipher that is capable of encrypting 8 bits of data at a time before transmitting the files from the web developer’s workstation to the webserver. What of the following should be selected to meet this security requirement? Hashing algorithm Stream cipher CRC Block cipher

Block cipher A block cipher is used to encrypt multiple bits at a time prior to moving to the next set of data

You just received an email from Bob, your investment banker, stating that he completed the wire transfer of $10,000 to your bank account in Vietnam. The problem is, you do not have a bank account in Vietnam!, so you immediately call Bob to ask happened. Bob explains that he received an email from you requesting the transfer. You insist you never sent that email to Bob initiating this wire transfer. What aspect of PKI could be used to BEST ensure that a sender actually sent a particular email message and avoid this type of situation? CRL Trust models Non-repudiation Recovery agents

Trust models

Using the image provided, select four security features that you should use to best protect your servers in the data center. This can include physical, logical, or administrative protections. Antivirus, Mantrap, Cable lock, GPS tracking Strong passwords, Biometrics, Mantrap, Cable lock GPS tracking, Biometrics, Proximity badges, Remote wipe FM-200, Biometric locks, Mantrap, Antivirus

FM-200, Biometric locks, Mantrap, Antivirus

What type of scan will measure the size or distance of a person's external features with a digital video camera? Signature kinetics scan Facial recognition scan Retinal scan Iris scan

Facial recognition scan

A company has recently experienced a data breach and has lost nearly 1 GB of personally identifiable information about its customers. You have been assigned as part of the incident response team to identify how the data was leaked from the network. Your team has conducted an extensive investigation, and so far, the only evidence of a large amount of data leaving the network is from the email server. There is one user that has sent numerous large attachments out of the network to their personal email address. Upon closer inspection, those emails only contain pictures of that user’s recent trip to Australia. What is the most likely explanation for how the data left the network? Steganography was used to hide the leaked data inside the user's photos The data was encrypted and emailed it to their spouse's email account The files were downloaded from home while connected to the corporate VPN The data was hashed and then emailed to their personal email account

Steganography was used to hide the leaked data inside the user's photos

Fail To Pass Systems has just been the victim of another embarrassing data breach. Their database administrator needed to work from home this weekend, so he downloaded a copy of the corporate database to his work laptop. On his way home, he forgot the laptop in an Uber, and a few days later, the data was posted on the internet. Which of the following mitigations would have provided the greatest protection against this data breach? Require data at rest encryption on all endpoints Require all new employees to sign an NDA Require data masking for any information stored in the database Require a VPN to be utilized for all telework employees

Require data at rest encryption on all endpoints

What sanitization technique uses only logical techniques to remove data, such as overwriting a hard drive with a random series of ones and zeroes? Degauss Purge Clear Destroy

Clear

You are configuring a RAID drive for a Media Streaming Server. Your primary concern is speed of delivery of the data. This server has two hard disks installed. What type of RAID should you install, and what type of data will be stored on Disk 1 and Disk 2? RAID 1 - Disk 1 (Mirror) and Disk 2 (Mirror) RAID 0 - Disk 1 (Mirror) and Disk 2 (Mirror) RAID 0 - Disk 1 (Stripe) and Disk 2 (Stripe) RAID 1 - Disk 1 (Stripe) and Disk 2 (Stripe)

RAID 0 - Disk 1 (Stripe) and Disk 2 (Stripe) Since this is a Media Streaming Server, you should implement a RAID 0 which provides disk stripping across both drives. This will increase the speed of the data delivery, but provides no redundancy.

Which of the following hashing algorithms results in a 160-bit fixed output? SHA-2 NTLM MD-5 RIPEMD

RIPEMD RIPEMD creates a 160-bit fixed output. SHA-2 creates a 256-bit fixed output. NTLM creates a 128-bit fixed output. MD-5 creates a 128-bit fixed output.

What is the lowest layer (bottom layer) of a bare-metal virtualization environment? Host operating system Hypervisor Physical hardware Guest operating system

Physical hardware

You want to play computer-based video games from anywhere in the world using your laptop or tablet. You heard about a new product called a Shadow PC that is a virtualized Windows 10 Home gaming PC in the cloud. Which of the following best describes this type of service? PaaS IaaS DaaS SaaS

DaaS Desktop as a Service (DaaS) provides a full virtualized desktop environment from within a cloud-based service. This is also known as VDI (Virtualized Desktop Infrastructure) and is coming in large enterprise businesses that are focused on increasing their security and minimizing their operational expenses

You are installing Windows 2016 on a rack-mounted server and want to host multiple virtual machines within the physical server. You just finished the installation and now want to begin creating and provisioning the virtual machines. Which of the following should you utilize to allow you to create and provision the virtual machines? Hypervisor Terminal services Device manager Disk management

Hypervisor A hypervisor, also known as a virtual machine monitor, is a process that creates and runs virtual machines (VMs). A hypervisor allows one host computer to support multiple guest VMs by virtually sharing its resources, like memory and processing

Which technique would provide the largest increase in security on a network with ICS, SCADA, or IoT devices? Implement endpoint protection platforms Installation of anti-virus tools User and entity behavior analytics Use of a host-based IDS or IPS

User and entity behavior analytics

Which of the following cryptographic algorithms is classified as symmetric? Diffie-Hellman RSA ECC RC4

RC4 RC4, or Rivest Cipher 4, is a symmetric stream cipher that was used in WEP and TLS. ECC, RSA, and Diffie-Hellman are all asymmetric algorithms.

You have just received some unusual alerts on your SIEM dashboard and want to collect the payload associated with it. Which of the following should you implement to effectively collect these malicious payloads that the attackers are sending towards your systems without impacting your organization's normal business operations? Containerization Honeypot Jumpbox Sandbox

Honeypot

Joseph would like to prevent hosts from connecting to known malware distribution domains. What type of solution should be used without deploying endpoint protection software or an IPS system? Anti-malware router filters DNS blackholing Subdomain whitelisting Route poisoning

DNS blackholing

Nicole's organization does not have the budget or staff to conduct 24/7 security monitoring of their network. To supplement her team, she contracts with a managed SOC service. Which of the following services or providers would be best suited for this role? SaaS MSSP PaaS IaaS

MSSP managed security service provider (MSSP) provides security as a service (SECaaS)

Which type of authentication method is commonly used with physical access control systems and relies upon RFID devices embedded into a token? TOTP HOTP Smart cards Proximity cards

Proximity cards

Which of the following authentication mechanisms involves receiving a one-time use shared secret password, usually through a token-based key fob or smartphone app, that automatically expires after a short period of time (for example, 60 seconds)? Smart card EAP TOTP HOTP

TOTP The Time-based One-time Password Algorithm (TOTP) is a refinement of the HOTP. One issue with HOTP is that tokens can be allowed to persist unexpired, raising the risk that an attacker might be able to obtain one and decrypt data in the future. In TOTP, the HMAC is built from the shared secret plus a value derived from the device's and server's local timestamps. TOTP automatically expires each token after a short window (60 seconds, for instance).

Keith wants to validate the application file that he downloaded from the vendor of the application. Which of the following should he compare against the file to verify the integrity of the downloaded application? Public key of the file File size and file creation date Private key of the file MD5 or SHA1 hash digest of the file

MD5 or SHA1 hash digest of the file

Which party in a federation provides services to members of the federation? SSO IdP RP SAML

RP Relying parties (RPs) provide services to members of a federation.

Which of the following cryptographic algorithms is classified as stream cipher? Blowfish DES AES RC4

RC4 RC4, or Rivest Cipher 4, is a symmetric stream cipher that was used in WEP and TLS. AES, Blowfish, and DES are all block ciphers.

Which of the following hashing algorithms results in a 160-bit fixed output? SHA-1 SHA-2 MD-5 NTLM

MD-5 SHA-1 creates a 160-bit fixed output. SHA-2 creates a 256-bit fixed output. NTLM creates a 128-bit fixed output. MD-5 creates a 128-bit fixed output.

Dave's company utilizes Google's G-Suite environment for file sharing and office productivity, Slack for internal messaging, and AWS for hosting their web servers. Which of the following cloud models type of cloud deployment models is being used? Public Private Multi-cloud Community

Multi-cloud Multiple public clouds

Frank and John have started a secret club together. They want to ensure that when they send messages to each other, they are truly unbreakable. What encryption key would provide the STRONGEST and MOST secure encryption? ECC with a 256-bit key AES with a 256-bit key Randomized one-time use pad DES with a 56-bit key

Randomized one-time use pad

ECC One of the main benefits of ECC over non-ECC cryptography is an application that can achieve the same level of security provided by non-ECC cryptography while using a shorter key length

You have recently been hired as a security analyst at Dion Training. On your first day, your supervisor begins to explain the way their network is configured, showing you the physical and logical placement of each firewall, IDS sensor, host-based IPS installations, the networked spam filter, and the DMZ. What best describes how these various devices are placed into the network for the highest level of security? Load balancer UTM Defense in depth Network segmentation

Defense in depth

You are helping to set up a backup plan for your organization. The current plan states that all of the organization's servers must have a daily backup conducted on them. These backups are then saved to a local NAS device. You have been asked to recommend a method to ensure the backups will work when they are needed for restoration. Which of the following should you recommend? Set up scripts to automatically reattempt any failed backup jobs Attempt to restore a test server from one of the backup files to verify them Frequently restore the server from backup files to test them Create an additional copy of the backups in an off-site datacenter

Attempt to restore a test server from one of the backup files to verify them The only way to fully ensure that a backup will work when needed is to attempt to restore the files from the backups.

Which of the following vulnerabilities involves leveraging access from a single virtual machine to other machines on a hypervisor? VM escape VM data remnant VM sprawl VM migration

VM escape

You just received an email from Bob, your investment banker, stating that he completed the wire transfer of $10,000 to your bank account in Vietnam. The problem is, you don't have a bank account in Vietnam! You immediately call Bob to ask what is happening. Bob explains that he received an email from you requesting the transfer. You insist you never sent that email to Bob initiating the transfer. What aspect of PKI is used to BEST ensure that a sender actually sent a particular email message? Recovery Agents CRL Trust Models Non-Repudiation

Non-Repudiation Non-repudiation occurs when a sender cannot claim they didn’t send an email when they did. A digital signature should be attached to each email sent to achieve non-repudiation. This digital signature is comprised of a digital hash of the email’s contents, and then encrypting that digital hash using the sender’s private key.

What sanitization technique uses only logical techniques to remove data, such as overwriting a hard drive with a random series of ones and zeroes? Destroy Purge Degauss Clear

Clear Clear applies logical techniques to sanitize data in all user-addressable storage locations for protection against simple non-invasive data recovery techniques. Clearing involves overwriting data once (and seldom more than three times) with repetitive data (such as all zeros) or resetting a device to factory settings. Purging data is meant to eliminate information from being feasibly recovered even in a laboratory environment. Destroy requires physical destruction of the media, such as pulverization, melting, incineration, and disintegration. Degaussing is the process of decreasing or eliminating a remnant magnetic field. Degaussing is an effective method of sanitization for magnetic media, such as hard drives and floppy disks

Dion Training has contracted a software development firm to create a bulk file upload utility for its website. During a requirements planning meeting, the developers asked what type of encryption is required for the project. After some discussion, Jason decides that the file upload tool should use a cipher capable of encrypting 8 bits of data at a time before transmitting the files from the web developer's workstation to the webserver. What of the following should be selected to meet this security requirement? Block cipher CRC Hashing Algorithm Stream Cipher

Block cipher A block cipher is used to encrypt multiple bits at a time prior to moving to the next set of data. Block ciphers generally have a fixed-length block (8-bit, 16-bit, 32-bit, 64-bit, etc.). Stream ciphers encrypt a single bit at a time during its encryption process. Hashing algorithms would not meet the requirement because the data would be encrypted using a one-way hash algorithm and be unusable once on the webserver. A cyclic redundancy check (CRC) is an error-detecting code commonly used in digital networks and storage devices to detect accidental changes to raw data.

What type of scan will measure the size or distance of a person's external features with a digital video camera? Signature Kinetics Scan Facial recognition scan Iris Scan Retinal Scan

Facial recognition scan A face recognition system is a computer application capable of identifying or verifying a person from a digital image or a video frame from a video source. A signature kinetics scan measures the action of a user when signing their name and compares it against a known-good example or baseline.

What is used as a measure of biometric performance to rate the system’s ability to correctly authenticate an authorized user by measuring the rate that an unauthorized user is mistakenly permitted access? False rejection rate Failure to capture False acceptance rate Crossover error rate

False acceptance rate

Which cloud computing concept is BEST described as focusing on the replacement of applications and programs on a customer's workstation with cloud-based resources? DBaaS IaaS SaaS PaaS

Software as a Service (SaaS) is used to provide web applications to end-users. This can be a calendar, scheduling, invoicing, word processor, database, or other programs. For example, Google Docs and Officer 365 are both word processing SaaS solutions.

Keith wants to validate the application file that he downloaded from the vendor of the application. Which of the following should he compare against the file to verify the integrity of the downloaded application? File size and file creation date MD5 or SHA1 hash digest of the file Public key of the file Private key of the file

MD5 or SHA1 hash digest of the file This file needs to be a verifiable MD5 hash file in order to validate the file integrity has not been compromised during the download. This is an important step to ensure the file was not modified in transit during the download

Joseph would like to prevent hosts from connecting to known malware distribution domains. What type of solution should be used without deploying endpoint protection software or an IPS system? DNS blackholing Subdomain whitelisting Anti-malware router filters Route poisoning

DNS blackholing DNS blackholing is a process that uses a list of known domains/IP addresses belonging to malicious hosts and uses an internal DNS server to create a fake reply.

Chris just downloaded a new third-party email client for his smartphone. When Chris attempts to log in to his email with his username and password, the email client generates an error messaging stating that "Invalid credentials" were entered. Chris assumes he must have forgotten his password, so he resets his email's username and password and then reenters them into the email client. Again, Chris receives an "Invalid credentials" error. What is MOST likely causing the "Invalid credentials" error in regard to Chris's email client? His email account requires multifactor authentication His email account is locked out His smartphone has full device encryption enabled His email account requires a strong password to be used Overall explanation

His email account requires multifactor authentication

used to encrypt multiple bits at a time prior to moving to the next set of data

Block ciphers generally have a fixed-length block (8-bit, 16-bit, 32-bit, 64-bit, etc.)

Which of the following cryptographic algorithms is classified as asymmetric? RC4 ECC Twofish DES

ECC

Twofish RC4 DES Blowfish

Symmetric algorithms

You were conducting a forensic analysis of an iPad backup and discovered that only some of the information is contained within the backup file. Which of the following best explains why some of the data is missing? The backup is stored in iCloud. The backup is a differential backup The backup was interrupted The backup is encrypted

The backup is a differential backup iPhone/iPad backups can be created as full or differential backups. In this scenario, it is likely that the backup being analyzed is a differential backup that only contains the information that has changed since the last full backup

Your company has decided to move all of its data into the cloud. Your company is small and has decided to purchase some on-demand cloud storage resources from a commercial provider (such as Google Drive) as its primary cloud storage solution. Which of the following types of clouds is your company using? Private Community Public Hybrid

Public the public cloud is defined as computing services offered by third-party providers over the public internet, making them available to anyone who wants to use or purchase them

Which of the following cryptographic algorithms is classified as symmetric? PGP RSA ECC Blowfish

Blowfish

PGP RSA ECC

Asymmetric algorithms

An electronics store was recently the victim of a robbery where an employee was injured and some property was stolen. The store's IT department hired an external supplier to expand the store's network to include a physical access control system. The system has video surveillance, intruder alarms, and remotely monitored locks using an appliance-based system. Which of the following long-term cybersecurity risks might occur based on these actions? These devices should be scanned for viruses before installation These devices should be isolated from the rest of the enterprise network There are no new risks due to the install and the company has a stronger physical security posture These devices are insecure and should be isolated from the internet

These devices should be isolated from the rest of the enterprise network

Dion Training has just suffered a website defacement of its public-facing webserver. The CEO believes this act of vandalism may have been done by the company’s biggest competitor. The decision has been made to contact law enforcement, so evidence can be collected properly for use in a potential court case. Laura is a digital forensics investigator assigned to collect the evidence. She creates a bit-by-bit disk image of the web server’s hard drive as part of her evidence collection. Which technology should Laura use after creating the disk image to verify the data integrity of the copy matches that of the original web server’s hard disk? RSA AES SHA-256 3DES

SHA-256

Your organization requires the use of TLS or IPSec for all communications with an organization's network. Which of the following is this an example of? Data in transit Data in use Data at rest DLP

Data in transit

Chris just downloaded a new third-party email client for his smartphone. When Chris attempts to log in to his email with his username and password, the email client generates an error messaging stating that "Invalid credentials" were entered. Chris assumes he must have forgotten his password, so he resets his email's username and password and then reenters them into the email client. Again, Chris receives an "Invalid credentials" error. What is MOST likely causing the "Invalid credentials" error in regard to Chris's email client? His email account requires multifactor authentication His email account requires a strong password to be used His email account is locked out His smartphone has full device encryption enabled

His email account requires multifactor authentication

You have signed up for a web-based appointment scheduling application to help you manage your new IT technical support business. What type of solution would this be categorized as? IaaS PaaS DaaS SaaS

SaaS Software as a Service (SaaS) is used to provide web applications to end-users.

You have just completed identifying, analyzing, and containing an incident. You have verified that the company uses self-encrypting drives as part of its default configuration. As you begin the eradication and recovery phase, you must sanitize the data on the storage devices before restoring the data from known-good backups. Which of the following methods would be the most efficient to use to sanitize the affected hard drives? Incinerate and replace the storage devices Conduct zero-fill on the storage devices Use a secure erase (SE) utility on the storage devices Perform a cryptographic erase (CE) on the storage devices

Perform a cryptographic erase (CE) on the storage devices

Which of the following cryptographic algorithms is classified as asymmetric? RC4 AES DES DSA

DSA

Multi-cloud

You have recently been hired as a security analyst at Dion Training. On your first day, your supervisor begins to explain the way their network is configured, showing you the physical and logical placement of each firewall, IDS sensor, host-based IPS installations, the networked spam filter, and the DMZ. What best describes how these various devices are placed into the network for the highest level of security? Defense in depth Network segmentation Load balancer UTM

Defense in depth

Frank and John have started a secret club together. They want to ensure that when they send messages to each other, they are truly unbreakable. What encryption key would provide the STRONGEST and MOST secure encryption? AES with a 256-bit key Randomized one-time use pad DES with a 56-bit key ECC with a 256-bit key

Randomized one-time use pad

ECC Elliptic curve cryptography (ECC) is an approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields.

You are working as part of the server team for an online retail store. Due to the upcoming holidays, your boss is worried that the current servers may not be able to handle the increased demand during a big sale. Which of the following cloud computing concepts can quickly allow services to scale upward during busy periods and scale down during slower periods based on the changing user demand? Rapid elasticity Metered services Resource pooling On-demand

Rapid elasticity

Wiping Data wiping or clearing occurs by using a software tool to overwrite the data on a hard drive in an effort to destroy all electronic data on a hard disk or other media. Degaussing a hard drive involves demagnetizing a hard drive to erase its stored data. You cannot reuse a hard drive once it has been degaussed. Therefore, it is a bad solution for this scenario. Purging involves the removal of sensitive data from a hard drive using the device's own electronics or an outside source (like a degausser). A purged device is generally not reusable

Which of the following biometric authentication factors relies on matching patterns on the surface of the eye using near-infrared imaging? Facial recognition Pupil dilation Iris scan Retinal scan

Iris scan Iris scans rely on the matching of patterns on the surface of the eye using near-infrared imaging, and so is less intrusive than retinal scanning (the subject can continue to wear glasses, for instance), and much quicker. Iris scanners offer a similar level of accuracy as retinal scanners but are much less likely to be affected by diseases. Iris scanning is the technology most likely to be rolled out for high-volume applications, such as airport security. There is a chance that an iris scanner could be fooled by a high-resolution photo of someone's eye.

Which term is used in software development to refer to the method in which app and platform updates are committed to a production environment rapidly? Continuous integration Continuous delivery Continuous deployment Continuous monitoring

Continuous deployment

a software development method in which app and platform updates are committed to production rapidly

Continuous Delivery

Continuous delivery is a software development method in which app and platform requirements are frequently tested and validated for immediate availability

Continuous integration

a software development method in which code updates are tested and committed to a development or build server/code repository rapidly

Continuous Monitoring

the technique of constantly evaluating an environment for changes so that new risks may be more quickly detected and business operations improved upon

Which of the following ports should you block at the firewall if you want to prevent a remote login to a server from occurring? 80 22 143 21

22 Port 22 is used for SSH, which is used by administrators to securely connect remotely to a server and issue commands via a command-line interface. Port 21 is used by FTP, Port 80 is used by HTTP, and port 143 is used by IMAP.

Which of the following type of threats did the Stuxnet attack rely on to cross an airgap between a business and an industrial control system network? Session hijacking Directory traversal Cross-site scripting Removable media

Removable media Airgaps are designed to remove connections between two networks in order to create a physical segmentation between them. The only way to cross an airgap is to have a physical device between these systems, such as using a removable media device to transfer files between them. !!!! Obj 2.6