Exam Topics Flashcards by Fabien Sacco

A major political party experienced a server breach. The hacker then publicly posted stolen internal communications concerning campaign strategies to give the opposition party an advantage. Which of the following BEST describes these threat actors?

A. Semi-authorized hackers
B. State actors
C. Script kiddies
D. Advanced persistent threats

B. State actors

How well did you know this?

Not at all

Perfectly

A user wanted to catch up on some work over the weekend but had issues logging in to the corporate network using a VPN. On Monday, the user opened a ticket for this issue but was able to log in successfully. Which of the following BEST describes the policy that is being implemented?

A. Time-based logins
B. Geofencing
C. Network location
D. Password history

A. Time-based logins

How well did you know this?

Not at all

Perfectly

A company is required to continue using legacy software to support a critical service. Which of the following BEST explains a risk of this practice?

A. Default system configuration
B. Unsecure protocols
C. Lack of vendor support
D. Weak encryption

C. Lack of vendor support

How well did you know this?

Not at all

Perfectly

Which of the following can work as an authentication method and as an alerting mechanism for unauthorized access attempts?

A. Smart card
B. Push notifications
C. Attestation service
D. HMAC-based
E. one-time password

B. Push notifications

How well did you know this?

Not at all

Perfectly

Which of the following processes will eliminate data using a method that will allow the storage device to be reused after the process is complete?

A. Pulverizing
B. Overwriting
C. Shredding
D. Degaussing

B. Overwriting

How well did you know this?

Not at all

Perfectly

A commercial cyber-threat intelligence organization observes IoCs across a variety of unrelated customers. Prior to releasing
specific threat intelligence to other paid subscribers, the organization is MOST likely obligated by contracts to:

A. perform attribution to specific APTs and nation-state actors.
B. anonymize any PII that is observed within the IoC data.
C. add metadata to track the utilization of threat intelligence reports.
D. assist companies with impact assessments based on the observed data.

B. anonymize any PII that is observed within the IoC data.

How well did you know this?

Not at all

Perfectly

A company has migrated to two-factor authentication for accessing the corporate network, VPN, and SSO. Several legacy
applications cannot support multifactor authentication and must continue to use usernames and passwords. Which of the
following should be implemented to ensure the legacy applications are as secure as possible while ensuring functionality?

A. Privileged accounts
B. Password reuse restrictions
C. Password complexity requirements
D. Password recovery
E. Account disablement

C. Password complexity requirements
E. Account disablement

How well did you know this?

Not at all

Perfectly

A security engineer wants to implement a site-to-site VPN that will require SSL certificates for mutual authentication. Which
of the following should the engineer implement if the design requires client MAC address to be visible across the tunnel?

A. Tunnel mode IPSec
B. Transport mode VPN IPSec
C. L2TP
D. SSL VPN

D. SSL VPN

How well did you know this?

Not at all

Perfectly

A small business just recovered from a ransomware attack against its file servers by purchasing the decryption keys from the
attackers. The issue was triggered by a phishing email and IT administrator wants to ensure it does not happen again. Which
of the following should the IT administrator do FIRST after recovery?

A. Scan the NAS for residual or dormant malware and take new daily backups that are tested on a frequent basis.
B. Restrict administrative privileges and patch all systems and applications.
C. Rebuild all workstations and install new antivirus software.
D. Implement application whitelisting and perform user application hardening.

A. Scan the NAS for residual or dormant malware and take new daily backups that are tested on a frequent basis.

How well did you know this?

Not at all

Perfectly

A network administrator is brute forcing accounts through a web interface. Which of the following would provide the BEST
defense from an account password being discovered?

A. Password history
B. Account lockout
C. Account expiration
D. Password complexity

B. Account lockout

How well did you know this?

Not at all

Perfectly

A Chief Financial Officer (CFO) has been receiving email messages that have suspicious links embedded from unrecognized senders. The emails ask the recipient for identity verification. The IT department has not received reports of this happening to anyone else. Which of the following is the MOST likely explanation for this behavior?

A. The CFO is the target of a whaling attack.
B. The CFO is the target of identity fraud.
C. The CFO is receiving spam that got past the mail filters.
D. The CFO is experiencing an impersonation attack.

A. The CFO is the target of a whaling attack.

How well did you know this?

Not at all

Perfectly

Joe, an employee, knows he is going to be fired in three days. Which of the following characterizations describes the employee?

A. An insider threat
B. A competitor
C. A hacktivist
D. A state actor

A. An insider threat

How well did you know this?

Not at all

Perfectly

The IT department receives a call one morning about users being unable to access files on the network shared drives. An IT technician investigates and determines the files became encrypted at 12:00 a.m. While the files are being recovered from backups, one of the IT supervisors realizes the day is the birthday of a technician who was fired two months prior. Which of the following describes what MOST likely occurred?

A. The fired technician placed a logic bomb.
B. The fired technician installed a rootkit on all the affected users’ computers.
C. The fired technician installed ransomware on the file server.
D. The fired technician left a network worm on an old work computer.

A. The fired technician placed a logic bomb.

How well did you know this?

Not at all

Perfectly

An organization has a policy in place that states the person who approves firewall controls/changes cannot be the one implementing the changes. Which of the following describes this policy?

A. Change management
B. Job rotation
C. Separation of duties
D. Least privilege

C. Separation of duties

How well did you know this?

Not at all

Perfectly

Which of the following would be the BEST method to prevent the physical theft of staff laptops at an open-plan bank location with a high volume of customers each day?

A. Guards at the door
B. Cable locks
C. Visitor logs
D. Cameras

B. Cable locks

How well did you know this?

Not at all

Perfectly

Which of the following disaster recovery sites would require the MOST time to get operations back online?

A. Colocation
B. Cold
C. Hot
D. Warm

B. Cold

How well did you know this?

Not at all

Perfectly

A security manager needed to protect a high-security datacenter, so the manager installed an access control vestibule that can detect an employee’s heartbeat, weight, and badge. Which of the following did the security manager implement?

A. A physical control
B. A corrective control
C. A compensating control
D. A managerial control

A. A physical control

How well did you know this?

Not at all

Perfectly

Which of the following if used would BEST reduce the number of successful phishing attacks?

A. Two-factor authentication
B. Application layer firewall
C. Mantraps
D. User training

D. User training

How well did you know this?

Not at all

Perfectly

An input field that is accepting more data than has been allocated for it in memory is an attribute of:

A. buffer overflow.
B. memory leak.
C. cross-site request forgery.
D. resource exhaustion.

A. buffer overflow.

How well did you know this?

Not at all

Perfectly

A social engineering technique whereby attackers under disguise of a legitimate request attempt to gain access to confidential information is commonly referred to as:

Phishing
Privilege escalation
Backdoor access
Shoulder surfing

Backdoor access

How well did you know this?

Not at all

Perfectly

Which of the following answers refer to smishing? (Select 2 answers)

Social engineering technique
E-mail communication
Spam over Internet Telephony (SPIT)
Text messaging
Spam over Internet Messaging (SPIM)

Social engineering technique
Text messaging

How well did you know this?

Not at all

Perfectly

The practice of using a telephone system to manipulate user into disclosing confidential information is known as:

Whaling
Spear phishing
Vishing
Pharming

Vishing

How well did you know this?

Not at all

Perfectly

Which of the following terms is commonly used to describe an unsolicited advertising message?

Spyware
Adware
Malware
Spam

Spam

How well did you know this?

Not at all

Perfectly

What type of spam relies on text-based communication?

Vishing
SPIM
Bluesnarfing
SPIT

SPIM

How well did you know this?

Not at all

Perfectly

Which of the following answers refer to the characteristic features of pharming? (Select 3 answers) Domain hijacking Traffic redirection Fraudulent website Password attack Credential harvesting

Traffic redirection Fraudulent website Credential harvesting

Which of the following is used in data URL phishing? Prepending Typosquatting Pretexting Domain hijacking

Prepending Pretexting is a form of social engineering where an attacker impersonates a trusted individual or organization to obtain sensitive information or access. It often involves manipulating the victim into providing information, like passwords or financial data, by pretending to need it for a legitimate reason

An email message containing a warning related to a non-existent computer security threat, asking a user to delete system files falsely identified as malware, and/or prompting them to share the message with others would be an example of: Vishing Impersonation Virus hoax Phishing

Virus hoax

Which social engineering attack relies on identity theft? Impersonation Dumpster diving Watering hole attack Shoulder surfing

Impersonation

Which of the terms listed below refers to a platform used for watering hole attacks? Mail gateways Websites PBX systems Web browsers

Websites

A standalone malicious computer program that typically propagates itself over a computer network to adversely affect system resources and network bandwidth is called: Spyware Worm Trojan Spam

Worm

What is a PUP? (Select 3 answers) A type of computer program not explicitly classified as malware by AV software An application downloaded and installed without the user's consent (illegal app) A type of software that may adversely affect the computer's security and performance, compromise user's privacy, or display unsolicited ads An application downloaded and installed with the user's consent (legal app) A type of computer program explicitly classified as malware by AV applications A type of free, utility software often bundled with a paid app

A type of computer program not explicitly classified as malware by AV software A type of software that may adversely affect the computer's security and performance, compromise user's privacy, or display unsolicited ads An application downloaded and installed with the user's consent (legal app)

Which type of malware resides only in RAM? Rootkit Fileless virus Backdoor Logic bomb

Fileless virus

What is the function of a C2 server? Spam distribution Botnet control Authentication, Authorization, and Accounting (AAA) Penetration testing

Botnet control

Which password attack takes advantage of a predefined list of words? Birthday attack Replay attack Dictionary attack Brute-force attack

Dictionary attack

Which of the following terms is used to describe the theft of personal data from a payment card? Pivoting Skimming Phishing Bluejacking

Skimming Skimming is a fast and interactive way to quickly obtain payment card data and personal information from ATMs and checkout scanners.

Which cryptographic attack relies on the concepts of probability theory? KPA Brute-force ( Your answer) Dictionary Birthday

Birthday

What is the name of a network protocol that enables secure file transfer over SSH? TFTP SFTP Telnet FTPS

SFTP

A type of cryptographic network protocol for secure data communication, remote command-line login, remote command execution, and other secure network services between two networked computers is known as: RDP SSH Telnet SCP

SSH

Which of the answers listed below refers to a suite of protocols and technologies providing encryption, authentication, and data integrity for network traffic? TLS SSH IPsec VPN

IPsec

Which part of IPsec provides authentication, integrity, and confidentiality? SPD PFS AH ESP

ESP Encapsulating Security Payload (ESP) is a member of the Internet Protocol Security (IPsec) set of protocols that encrypt and authenticate the packets of data between computers using a Virtual Private Network (VPN)

Which protocol enables secure, real-time delivery of audio and video over an IP network? S/MIME RTP SIP SRTP

SRTP (Secure Real-Time Transport Protocol)

An encryption protocol primarily used in Wi-Fi networks implementing the WPA2 security standard is called: TKIP CCMP SSL IPsec

CCMP Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) is an encryption protocol based on the U.S. federal government's Advanced Encryption Standard (AES) algorithm

Which cryptographic protocol is designed to provide secure communications over a computer network and is the successor to SSL? IPsec TLS AES CCMP

TLS

Which of the answers listed below refers to a shared secret authentication method used in WPA, WPA2, and EAP? PSK 802.1X SAE TKIP

PSK Pre-shared key (PSK) is a shared secret which was previously shared between the two parties using some secure channel before it needs to be used

Which of the following answers refers to a cryptographic key exchange protocol that leverages ECC for enhanced security and efficiency? S/MIME ECDHE DHE ECDSA

ECDHE Elliptic Curve Diffie Hellman Ephermeral (a variant of the Diffie-Hellman key exchange that uses elliptic curve cryptography to provide stronger security with smaller key sizes)

Which of the following answers refers to a public-key cryptosystem that leverages the mathematical properties of large prime numbers to facilitate secure key exchange, create digital signatures, and encrypt data? ECC RSA PKI DSA

RSA

Which of these threat actors would be MOST likely to attack systems for direct financial gain? ❍ A. Organized crime ❍ B. Hacktivist ❍ C. Nation state ❍ D. Competitor

A. Organized crime

An IPS at your company has found a sharp increase in traffic from all-in-one printers. After researching, your security team has found a vulnerability associated with these devices that allows the device to be remotely controlled by a third-party. Which category would BEST describe these devices? ❍ A. IoT ❍ B. RTOS ❍ C. MFD ❍ D. SoC

C. MFD (Multifunction printing devices)

Elizabeth, a security administrator, is concerned about the potential for data exfiltration using external storage drives. Which of the following would be the BEST way to prevent this method of data exfiltration? ❍ A. Create an operating system security policy to prevent the use of removable media ❍ B. Monitor removable media usage in host-based firewall logs ❍ C. Only allow applications that do not use removable media ❍ D. Define a removable media block rule in the UTM

A. Create an operating system security policy to prevent the use of removable media

A CISO (Chief Information Security Officer) would like to decrease the response time when addressing security incidents. Unfortunately, the company does not have the budget to hire additional security engineers. Which of the following would assist the CISO with this requirement? ❍ A. ISO 27701 ❍ B. PKI ❍ C. IaaS ❍ D. SOAR

D. SOAR

A user connects to a third-party website and receives this message: Your connection is not private. NET::ERR_CERT_INVALID Which of the following attacks would be the MOST likely reason for this message? ❍ A. Brute force ❍ B. DoS ❍ C. On-path ❍ D. Disassociation

C. On-path

Which of the following would be the BEST way to provide a website login using existing credentials from a third-party site? ❍ A. Federation ❍ B. 802.1X ❍ C. PEAP ❍ D. EAP-FAST

A. Federation

A system administrator, Daniel, is working on a contract that will specify a minimum required uptime for a set of Internet-facing firewalls. Daniel needs to know how often the firewall hardware is expected to fail between repairs. Which of the following would BEST describe this information? ❍ A. MTBF ❍ B. RTO ❍ C. MTTR ❍ D. MTTF

A. MTBF

An attacker calls into a company's help desk and pretends to be the director of the company's manufacturing department. The attacker states that they have forgotten their password and they need to have the password reset quickly for an important meeting. What kind of attack would BEST describe this phone call? ❍ A. Social engineering ❍ B. Tailgating ❍ C. Vishing ❍ D. On-path

A. Social engineering

A security administrator has been using EAP-FAST wireless authentication since the migration from WEP to WPA2. The company's network team now needs to support additional authentication protocols inside of an encrypted tunnel. Which of the following would meet the network team's requirements? ❍ A. EAP-TLS ❍ B. PEAP ❍ C. EAP-TTLS ❍ D. EAP-MSCHAPv2

C. EAP-TTLS

The embedded OS in a company's time clock appliance is configured to reset the file system and reboot when a file system error occurs. On one of the time clocks, this file system error occurs during the startup process and causes the system to constantly reboot. Which of the following BEST describes this issue? ❍ A. DLL injection ❍ B. Resource exhaustion ❍ C. Race condition ❍ D. Weak configuration

❍ C. Race condition

A recent audit has found that existing password policies do not include any restrictions on password attempts, and users are not required to periodically change their passwords. Which of the following would correct these policy issues? (Select TWO) ❍ A. Password complexity ❍ B. Password expiration ❍ C. Password history ❍ D. Password lockout ❍ E. Password recovery

B. Password expiration D. Password lockout

What kind of security control is associated with a login banner? ❍ A. Preventive ❍ B. Deterrent ❍ C. Corrective ❍ D. Detective ❍ E. Compensating ❍ F. Physical

❍ B. Deterrent

A security team has been provided with a non- credentialed vulnerability scan report created by a third- party. Which of the following would they expect to see on this report? ❍ A. A summary of all files with invalid group assignments ❍ B. A list of all unpatched operating system files ❍ C. The version of web server software in use ❍ D. A list of local user accounts

C. The version of web server software in use

A business manager is documenting a set of steps for processing orders if the primary Internet connection fails. Which of these would BEST describe these steps? ❍ A. Communication plan ❍ B. Continuity of operations ❍ C. Stakeholder management ❍ D. Tabletop exercise

B. Continuity of operations

A company is creating a security policy that will protect all corporate mobile devices: * All mobile devices must be automatically locked after a predefined time period. * Some mobile devices will be used by the remote sales teams, so the location of each device needs to be traceable. * All of the user's information should be completely separated from company data. Which of the following would be the BEST way to establish these security policy rules? ❍ A. Containerization ❍ B. Biometrics ❍ C. COPE ❍ D. VDI ❍ E. Geofencing ❍ F. MDM

F. MDM (Mobile Device Management) (MDM) is security software that enables IT departments to implement policies that secure, monitor, and manage end-user mobile devices

A network administrator would like each user to authenticate with their personal username and password when connecting to the company's wireless network. Which of the following should the network administrator configure on the wireless access points? ❍ A. WPA2-PSK ❍ B. 802.1X ❍ C. WPS ❍ D. WPA2-AES

B. 802.1X

A user has assigned individual rights and permissions to a file on their network drive. The user adds three additional individuals to have read-only access to the file. Which of the following would describe this access control model? ❍ A. DAC ❍ B. MAC ❍ C. ABAC ❍ D. RBAC

A. DAC

Which of these cloud deployment models would share resources between a private virtualized data center and externally available cloud services? ❍ A. SaaS ❍ B. Community ❍ C. Hybrid ❍ D. Containerization

C. Hybrid

A company hires a large number of seasonal employees, and their system access should normally be disabled when the employee leaves the company. The security administrator would like to verify that their systems cannot be accessed by any of the former employees. Which of the following would be the BEST way to provide this verification? ❍ A. Confirm that no unauthorized accounts have administrator access ❍ B. Validate the account lockout policy ❍ C. Validate the processes and procedures for all outgoing employees ❍ D. Create a report that shows all authentications for a 24-hour period

C. Validate the processes and procedures for all outgoing employees

A network administrator has installed a new access point, but only a portion of the wireless devices are able to connect to the network. Other devices can see the access point, but they are not able to connect even when using the correct wireless settings. Which of the following security features was MOST likely enabled? ❍ A. MAC filtering ❍ B. SSID broadcast suppression ❍ C. 802.1X authentication ❍ D. Anti-spoofin

A. MAC filtering

Exam Topics Flashcards

(67 cards)