Implementation Flashcards by Fabien Sacco

You are installing a new wireless network in your office building and want to ensure it is secure. Which of the following configurations would create the MOST secure wireless network?

WPA2 and RC4

WEP and TKIP

WPA and MAC filtering

WPA2 and AES

How well did you know this?

Not at all

Perfectly

Your company has an office in Boston and is worried that its employees may not reach the office during periods of heavy snowfall. You have been asked to select a technology that would allow employees to work remotely from their homes during poor weather conditions. Which of the following should you select?

VPN

IDS

VLAN

NAT

VPN

How well did you know this?

Not at all

Perfectly

A firewall administrator has configured a new DMZ to allow public systems to be segmented from the organization’s internal network. The firewall now has three security zones set: Untrusted (Internet) [143.27.43.0/24]; DMZ (DMZ) [161.212.71.0/24]; Trusted (Intranet) [10.10.0.0/24]. The firewall administrator has been asked to enable remote desktop access from a fixed IP on the remote network to a remote desktop server in the DMZ for the Chief Security Officer to work from his home office after hours. The CSO’s home internet uses a static IP of 143.27.43.32. The remote desktop server is assigned a public-facing IP of 161.212.71.14. What rule should the administrator add to the firewall?

Permit 143.27.43.32 161.212.71.14 RDP 3389

Permit 143.27.43.32 161.212.71.0/24 RDP 3389

Permit 143.27.43.0/24 161.212.71.0/24 RDP 3389

Permit 143.27.43.0/24 161.212.71.14 RDP 3389

Permit 143.27.43.32 161.212.71.14 RDP 3389

How well did you know this?

Not at all

Perfectly

You want to provide controlled remote access to the remote administration interfaces of multiple servers hosted on a private cloud. What type of segmentation security solution is the best choice for this scenario?

Bastion hosts

Physical

Jumpbox

Airgap

Jumpbox

How well did you know this?

Not at all

Perfectly

Which of the following ports should you block at the firewall if you want to prevent a remote login to a server from occurring?

110

443

How well did you know this?

Not at all

Perfectly

Which of the following is the LEAST secure wireless security and encryption protocol?

WPA2

WPA

AES

WEP

How well did you know this?

Not at all

Perfectly

Which of the following secure coding best practices ensures special characters like , /, and ‘ are not accepted from the user via a web form?

Session management

Input validation

Output encoding

Error handling

Input validation

How well did you know this?

Not at all

Perfectly

Why would a company want to utilize a wildcard certificate for their servers?

To increase the certificate’s encryption key length

To extend the renewal date of the certificate

To reduce the certificate management burden

To secure the certificate’s private key

To reduce the certificate management burden

How well did you know this?

Not at all

Perfectly

Your company just installed a new webserver within your DMZ. You have been asked to open up the port for secure web browsing on the firewall. Which port should you set as open to allow users to access this new server?

443

143

443 (HTTPS)

How well did you know this?

Not at all

Perfectly

You received an incident response report indicating a piece of malware was introduced into the company’s network through a remote workstation connected to the company’s servers over a VPN connection. Which of the following controls should be applied to prevent this type of incident from occurring again?

SPF

MAC filtering

NAC

ACL

NAC

How well did you know this?

Not at all

Perfectly

You are conducting an incident response and have traced the attack source to some compromised user credentials. After performing log analysis, you discover that the attack was successfully authenticated from an unauthorized foreign country. Your management is now asking for you to implement a solution to help mitigate this type of attack from occurring again. Which of the following should you implement?

Context-based authentication

Single sign-on

Password complexity

Self-service password reset

Context-based authentication

How well did you know this?

Not at all

Perfectly

The Pass Certs Fast corporation has recently been embarrassed by several high profile data breaches. The CIO proposes improving the company’s cybersecurity posture by migrating images of all the current servers and infrastructure into a cloud-based environment. What, if any, is the flaw in moving forward with this approach?

This approach assumes that the cloud will provide better security than is currently done on-site

This approach only changes the location of the network and not the attack surface of it

This is a reasonable approach that will increase the security of the servers and infrastructure

The company has already paid for the physical servers and will not fully realize their ROI on them due to the migration

This approach only changes the location of the network and not the attack surface of it

How well did you know this?

Not at all

Perfectly

The management at Steven’s work is concerned about rogue devices being attached to the network. Which of the following solutions would quickly provide the most accurate information that Steve could use to identify rogue devices on a wired network?

A physical survey

A discovery scan using a port scanner

Reviewing a central administration tool like a SCCM

Router and switch-based MAC address reporting

How well did you know this?

Not at all

Perfectly

You are configuring the ACL for the network perimeter firewall. You have just finished adding all the proper allow and deny rules. What should you place at the end of your ACL rules?

A time of day restriction

A SNMP deny string

An implicit deny statement

An implicit allow statement

An implicit deny statement

How well did you know this?

Not at all

Perfectly

Which authentication mechanism does 802.1x usually rely upon?

HOTP

RSA

EAP

TOTP

EAP

Extensible Authentication Protocol - A framework of protocols that allows for numerous methods of authentication including passwords, digital certificates, and public key
infrastructure

How well did you know this?

Not at all

Perfectly

You are reviewing a rule within your organization’s IDS. You see the following output:-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET anymsg: “BROWSER-IE Microsoft Internet ExplorerCacheSize exploit attempt”;flow: to_client,established; file_data; content:”recordset”; offset:14; depth:9; content:”.CacheSize”; distance:0; within:100; pcre:”/CacheSize\s=\s/”; byte_test:10,>,0x3ffffffe,0,relative,string; max-detect-ips drop, service http; reference:cve,2016-8077; classtype: attempted-user; sid:65535;rev:1; -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Based on this rule, which of the following malicious packets would this IDS alert on?

Any malicious outbound packets

An malicious inbound TCP packet

Any malicious inbound packets

An malicious outbound TCP packet

How well did you know this?

Not at all

Perfectly

In an effort to improve the security of the Dion Training corporate network, a security administrator wants to update the configuration of their wireless network to have IPSec built into the protocol by default. Additionally, the security administrator would like for NAT to no longer be required for extending the number of IP addresses available. What protocol should the administrator implement on the wireless network to achieve their goals?

IPv4

IPv6

WEP

WPA2

IPv6

How well did you know this?

Not at all

Perfectly

Which of the following protocols is commonly used to collect information about CPU utilization and memory usage from network devices?

SNMP

MIB

NetFlow

SMTP

MIB (Management Information Base)

How well did you know this?

Not at all

Perfectly

Which operating system feature is designed to detect malware that is loaded early in the system startup process or before the operating system can load itself?

Advanced anti-malware

Startup Control

Measured boot

Master Boot Record analytics

Measured boot

How well did you know this?

Not at all

Perfectly

A new security appliance was installed on a network as part of a managed service deployment. The vendor is who controls the appliance, and the IT team is not able to log in or configure it. The IT team is concerned about the appliance receiving necessary updates. Which of the following mitigations should be performed to minimize the concern for the appliance and updates?

Vulnerability scanning

Automatic updates

Scan and patch the device

Configuration management

Vulnerability scanning

How well did you know this?

Not at all

Perfectly

Which of the following technologies is NOT a shared authentication protocol?

Facebook Connect

OpenID Connect

LDAP

OAuth

LDAP

How well did you know this?

Not at all

Perfectly

You need to determine the best way to test operating system patches in a lab environment prior to deploying them to your automated patch management system. Unfortunately, your network has several different operating systems in use, but you only have one machine available to test the patches on. What is the best environment to utilize to perform the testing of the patches prior to deployment?

Virtualization

Bypass testing and deploy patches directly into the production environment

Sandboxing

Purchase additional workstations

Virtualization

How well did you know this?

Not at all

Perfectly

You suspect that your server has been the victim of a web-based attack. Which of the following ports would most likely be seen in the logs to indicate the target of the attack?

443

389

3389

443

How well did you know this?

Not at all

Perfectly

Which of the following access control methods provides the most detailed and explicit type of access control over a resource?

DAC

MAC

ABAC

RBAC

ABAC

How well did you know this?

Not at all

Perfectly

Dion Training is using an authentication protocol to connect a network client to a networked file server by providing its authentication credentials. The file server then uses the authentication credentials to issue an authentication request to the server running this protocol. The server then is able to exchange authentication messages with the file server on behalf of the client. Throughout this process, a shared secret is used to protect the communication. Which of the following technologies relies upon the shared secret? RADIUS LDAP PKI Kerberos

RADIUS The RADIUS protocol utilizes an obfuscated password that is created from the shared secret and creates a MD5 hash of the authentication request to protect the communications.The RADIUS protocol utilizes an obfuscated password that is created from the shared secret and creates a MD5 hash of the authentication request to protect the communications.

You are installing a new wireless network in your office building and want to ensure it is secure. Which of the following configurations would create the MOST secure wireless network? WPA2 and AES WEP and TKIP WPA and MAC filtering WPA2 and RC4

WPA2 and AES

A company needs to implement stronger authentication by adding an authentication factor to its wireless system. The wireless system only supports WPA with pre-shared keys, but the backend authentication system supports EAP and TTLS. What should the network administrator implement? WPA2 with a complex shared key MAC address filtering with IP filtering 802.1x using EAP with MSCHAPv2 PKI with user authentication

802.1x using EAP with MSCHAPv2

A user reports that every time they try to access https://www.diontraining.com, they receive an error stating "Invalid or Expired Security Certificate". The technician attempts to connect to the same site from other computers on the network, and no errors or issues are observed. Which of the following settings needs to be changed on the user's workstation to fix the "Invalid or Expired Security Certificate" error? UEFI boot mode Date and time User access control Logon times

Date and time

Your organization has recently suffered a data breach due to a server being exploited. As a part of the remediation efforts, the company wants to ensure that the default administrator password on each of the 1250 workstations on the network is changed. What is the easiest way to perform this password change requirement? Utilize the key escrow process Revoke the digital certificate Deploy a new group policy Create a new security group

Deploy a new group policy

William would like to use full-disk encryption on his laptop. He is worried about slow performance, though, so he has requested that the laptop have an onboard hardware-based cryptographic processor. Based on this requirement, what should William ensure the laptop contains? AES PAM FDE TPM

Trusted Platform Module (TPM) is a hardware-based cryptographic processing component that is a part of the motherboard.

Which of the following functions is not provided by a TPM? User authentication Secure generation of cryptographic keys Binding Sealing Random number generation Remote attestation

User authentication

Which of the following tools could be used to detect unexpected output from an application being managed or monitored? A log analysis tool A signature-based detection tool Manual analysis A behavior-based analysis tool

A behavior-based analysis tool

Your firewall is blocking outbound email traffic that is attempting to be sent. Which port should you verify is set to ALLOW in the firewall to ensure your emails are being sent? 80 143 25 22

25 Email servers rely on port 25 to send emails out of the network. Port 25 must be set to OPEN or ALLOW in the firewall in order for SMTP (sendmail transfer protocol) to function properly. Port 22 is SSH, Port 80 is HTTP, and Port 143 is IMAP.

Users connecting to an SSID appear to be unable to authenticate to the captive portal. Which of the following is the MOST likely cause of the issue? SSL certificates RADIUS CSMA/CA WPA2 security key

RADIUS Captive portals usually rely on 802.1x, and 802.1x uses RADIUS for authentication.

What tool is used to collect wireless packet data? John the Ripper Nessus Aircrack-ng Netcat

Aircrack-ng Aircrack-ng is a complete suite of wireless security assessment and exploitation tools that includes monitoring, attacking, testing, and cracking of wireless networks

A hacker successfully modified the sale price of items purchased through your company's web site. During the investigation that followed, the security analyst has verified the web server, and the Oracle database was not compromised directly. The analyst also found no attacks that could have caused this during their log verification of the Intrusion Detection System (IDS). What is the most likely method that the attacker used to change the sale price of the items purchased? Cross-site scripting Changing hidden form values SQL injection Buffer overflow attack

Changing hidden form values

Tim, a help desk technician, receives a call from a frantic executive who states that their company-issued smartphone was stolen during their lunch meeting with a rival company’s executive. Tim quickly checks the MDM administration tool and identifies that the user’s smartphone is still communicating with the MDM and displays the location of the device on a map. What should Tim do next to ensure the data on the stolen device remains confidential and inaccessible to the thief? Remotely encrypt the device Identify the IP address of the smartphone Reset the device's password Perform a remote wipe of the device

Perform a remote wipe of the device

You conducted a security scan and found that port 389 is being used when connecting to LDAP for user authentication instead of port 636. The security scanning software recommends that you remediate this by changing user authentication to port to 636 wherever technically possible. What should you do? Conduct remediation actions to update encryption keys on each server to match port 636 Change all devices and servers that support it to port 636 since encrypted services run by default on port 636 Change all devices and servers that support it to port 636 since port 389 is a reserved port that requires root access and can expose the server to privilege escalation attacks Mark this as a false positive in your audit report since the services that typically run on ports 389 and 636 are identical

Change all devices and servers that support it to port 636 since encrypted services run by default on port 636

What technology is NOT PKI x.509 compliant and cannot be used in a variety of secure functions? Blowfish SSL/TLS PKCS AES

Blowfish

You have been asked to recommend a capability to monitor all of the traffic entering and leaving the corporate network's default gateway. Additionally, the company's CIO requests the ability to block certain types of content before it leaves the network based on operational priorities. Which of the following solution should you recommend to meet these requirements? Install a NIPS on the internal interface and a firewall on the external interface of the router Install a firewall on the router's internal interface and a NIDS on the router's external interface Installation of a NIPS on both the internal and external interfaces of the router Configure IP filtering on the internal and external interfaces of the router

Install a NIPS on the internal interface and a firewall on the external interface of the router

Which of the following identity and access management controls relies upon using a certificate-based authentication mechanism? HOTP TOTP Smart card Proximity card

Smart card

Jumpbox

Which protocol relies on mutual authentication of the client and the server for its security? RADIUS Two-factor authentication LDAPS CHAP

LDAPS The Lightweight Directory Access Protocol (LDAP) uses a client-server model for mutual authentication. LDAP is used to enable access to a directory of resources (workstations, users, information, etc). TLS provides mutual authentication between clients and servers. Since Secure LDAP (LDAPS) uses TLS, it provides mutual authentication.

Your home network is configured with a long, strong, and complex pre-shared key for its WPA2 encryption. You noticed that your wireless network has been running slow, so you checked the list of "connected clients" and see that "Bob's Laptop" is connected to it. Bob lives downstairs and is the maintenance man for your apartment building. You know that you never gave Bob your password, but somehow he has figured out how to connect to your wireless network. Which of the following actions should you take to prevent anyone from connecting to your wireless network without the WPA2 password? Disable WPA2 Disabled WPS Enable WPA Disable SSID broadcast

Disabled WPS WPS was created to ease the setup and configuration of new wireless devices by allowing the router to automatically configure them after a short eight-digit PIN was entered. Unfortunately, WPS is vulnerable to a brute-force attack and is easily compromised. Therefore, WPS should be disabled on all wireless networks

While working as a security analyst, you have been asked to monitor the SIEM. You observed network traffic going from an external IP to an internal host's IP within your organization's network over port 443. Which of the following protocols would you expect to be in use? TLS TFTP SSH HTTP

TLS Transport Layer Security (TLS) is used to secure web connections over port 443. Since port 443 was in use, you should expect either HTTPS, SSL, or TLS to be used as the protocol. If not, this would be suspicious activity and should be investigated. In fact, since this was a connection from the external IP to an internal host over port 443, this is suspicious and could be indicative of a remote access trojan on your host.

A cybersecurity analyst has deployed a custom DLP signature to alert on any files that contain numbers in the format of a social security number (xxx-xx-xxxx). Which of the following concepts within DLP is being utilized? Document matching Statistical matching Exact data match Classification

Exact data match

Port 22

SCP

Port 110

POP3

Port 161

SNMP

Port 23

Telnet

You have been asked to install a computer in a public workspace. The computer should only be used by an authorized user. Which of the following security requirements should you implement to prevent unauthorized users from accessing the network with this computer? Remove the guest account from the administrator group Disable single sign-on Require authentication on wake-up Issue the same strong and complex password for all users

Require authentication on wake-up

Dion Training allows its visiting business partners from CompTIA to use an available Ethernet port in their conference room to establish a VPN connection back to the CompTIA internal network. The CompTIA employees should be able to obtain internet access from the Ethernet port in the conference room, but nowhere else in the building. Additionally, if a Dion Training employee uses the same Ethernet port in the conference room, they should be able to access Dion Training's secure internal network. Which of the following technologies would allow you to configure this port and support both requirements? MAC filtering Create an ACL to allow access Configure a SIEM Implement NAC

Implement NAC Network Access Control (NAC) uses a set of protocols to define and implement a policy that describes how to secure access to network nodes whenever a device initially attempts to access the network.

Which type of monitoring would utilize a network tap? Router-based SNMP Active Passive

Passive

You are reviewing a rule within your organization's IDS. You see the following output: -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any msg: “BROWSER-IE Microsoft Internet Explorer CacheSize exploit attempt”; flow: to_client,established; file_data; content:"recordset"; offset:14; depth:9; content:".CacheSize"; distance:0; within:100; pcre:"/CacheSize\s*=\s*/"; byte_test:10,>,0x3ffffffe,0,relative,string; max-detect-ips drop, service http; reference:cve,2016-8077; classtype: attempted-user; sid:65535;rev:1; -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Based on this rule, which of the following malicious packets would this IDS alert on? An malicious outbound TCP packet Any malicious outbound packets Any malicious inbound packets An malicious inbound TCP packet

An malicious inbound TCP packet

A financial services company wants to donate some old hard drives from their servers to a local charity, but they are concerned about the possibility of residual data being left on the drives. Which of the following secure disposal methods would you recommend the company use? Zero-fill Cryptographic erase Overwrite Secure erase

Cryptographic erase

Port 1701

L2TP

Port 3389

RDP

Port 389

LDAP

Port 88

Kerberos

Dion Training has an open wireless network called "InstructorDemos" for its instructors to use during class, but they do not want any students connecting to this wireless network. The instructors need the "InstructorDemos" network to remain open since some of their IoT devices used during course demonstrations do not support encryption. Based on the requirements provided, which of the following configuration settings should you use to satisfy the instructor's requirements and prevent students from using the "InstructorDemos" network? NAT MAC filtering QoS Signal strength

MAC filtering

Your company just launched a new invoicing website for use by your five largest vendors. You are the cybersecurity analyst and have been receiving numerous phone calls that the webpage is timing out, and the website overall is performing slowly. You have noticed that the website received three million requests in just 24 hours, and the service has now become unavailable for use. What do you recommend should be implemented to restore and maintain the availability of the new invoicing system? MAC filtering Intrusion Detection System Whitelisting VPN

Whitelisting

Which of the following access control methods provides the most detailed and explicit type of access control over a resource? DAC MAC ABAC RBAC

ABAC Attribute-based access control (ABAC) provides the most detailed and explicit type of access control over a resource because it is capable of making access decisions based on a combination of subject and object attributes, as well as context-sensitive or system-wide attributes. Information such as the group membership, the OS being used by the user, and even the IP address of the machine could be considered when granting or denying access.

RADIUS Remote Authentication Dial-In User Service (RADIUS) is a networking protocol operating on port 1812 that provides centralized Authentication, Authorization, and Accounting (AAA or Triple-A) management for users who connect and use a network service.

WPA2 and AES

802.1x using EAP with MSCHAPv2

Date and time Since the technician can successfully connect to the website from other computers, it shows that the error is on the user's computer. One of the common causes of an Invalid or Expired Security Certificate error is the clock on the user's computer being wrong since the website security certificates are issued to be valid within a given date range.

Deploy a new group policy

TPM Trusted Platform Module (TPM) is a hardware-based cryptographic processing component that is a part of the motherboard. A Pluggable Authentication Module (PAM) is a device that looks like a USB thumb drive and is used as a software key in cryptography. Full Disk Encryption (FDE) can be hardware or software-based. Therefore, it isn’t the right answer. The Advanced Encryption System (AES) is a cryptographic algorithm. Therefore, it isn’t a hardware solution.

Which of the following types of access control provides the strongest level of protection? MAC DAC RBAC ABAC

MAC Mandatory Access Control (MAC) requires all access to be predefined based on system classification, configuration, and authentication. MAC is commonly used in highly centralized environments and usually relies on a series of labels, such as classification levels of the data.

Which of the following functions is not provided by a TPM? User authentication Secure generation of cryptographic keys Binding Sealing Random number generation Remote attestation

User authentication

A behavior-based analysis tool

Your firewall is blocking outbound email traffic that is attempting to be sent. Which port should you verify is set to ALLOW in the firewall to ensure your emails are being sent? 80 143 25 22

You conducted a security scan and found that port 389 is being used when connecting to LDAP for user authentication instead of port 636. The security scanning software recommends that you remediate this by changing user authentication to port to 636 wherever possible. What should you do? Mark this as false positive in your audit report since the services that typically run on ports 389 and 636 are identical Change all devices that support to to port 636 since sport 389 is a reserved port that requires root access and c an expose the server to privilege escalation Conduct remediation actions to update encryption keys on each server to match port 636 Change all devices and servers that support it to port 636 since encrypted services run default on port 636

Change all devices and servers that support it to port 636 since encrypted services run default on port 636

Riaan's company runs critical web applications. During a vulnerability scan, Riaan found a serious SQL injection vulnerability in one of their web applications. The system cannot be taken offline to remediate the vulnerability. Which of the following compensating controls should Riaan recommend using until the system can be remediated? Vulnerability scanning WAF IPS Encryption

WAF WAF (web application firewall) is the best option since it has the ability to serve as a compensating control and can protect against web application vulnerabilities like an SQL injection until the application can be fully remediated

Disabled WPS

You have been asked to provide some training to Dion Training's system administrators about the importance of proper patching of a system prior to deployment. To demonstrate the effects of deploying a new system without patching it first, you ask for the system administrators to provide you with an image of a brand-new server they plan to deploy. How should you deploy the image to demonstrate the vulnerabilities that are being exposed while maintaining the security of the corporate network? Utilize a server with multiple virtual machine snapshots installed o it, restore from a known compromised image, then scan it for vulnerabilities Deploy the system image within a virtual machine, ensure it is in an isolated sandbox environment, then scan it for vulnerabilities Deploy the vulnerable image to a virtual machine on a physical server, create an ACL to restrict all incoming connections to the system, then scan it for vulnerabilities Deploy the image to a brand new physical server, connect it to the corporate network, then conduct a vulnerability scan to demonstrate how many vulnerabilities are now on the network

Deploy the system image within a virtual machine, ensure it is in an isolated sandbox environment, then scan it for vulnerabilities

Which of the following features is supported by Kerberos, but not by RADIUS and Diameter? Single sign-on capability XML for cross-platform interoperability Tickets used to identify authenticated users Services for authentication

Tickets used to identify authenticated users

Which of the following is not normally part of an endpoint security suite? Anti-virus VPN Software firewall IPS

VPN A VPN is not typically considered an endpoint security tool because it is a network security tool.

Marta's organization is concerned with the vulnerability of a user's account being vulnerable for an extended period of time if their password was compromised. Which of the following controls should be configured as part of their password policy to minimize this vulnerability? Minimum password length Password complexity Password expiration Password history

Password expiration

Your company just launched a new invoicing website for use by your five largest vendors. You are the cybersecurity analyst and have been receiving numerous phone calls that the webpage is timing out, and the website overall is performing slowly. You have noticed that the website received three million requests in just 24 hours, and the service has now become unavailable for use. What do you recommend should be implemented to restore and maintain the availability of the new invoicing system? Whitelisting Intrusion Detection System MAC filtering VPN

Whitelisting

You have been investigating how a malicious actor was able to exfiltrate confidential data from a web server to a remote host. After an in-depth forensic review, you determine that the web server’s BIOS had been modified by the installation of a rootkit. After you remove the rootkit and reflash the BIOS to a known good image, what should you do in order to prevent the malicious actor from affecting the BIOS again? Utilize secure boot Install an anti-malware application Utilize file integrity monitoring Install a host-based IDS

Utilize secure boot

MAC filtering

Which type of monitoring would utilize a network tap? Active SNMP Passive Router-based

Passive They conduct passive network monitoring and visibility without interfering with the network traffic itself.

Which of the following policies should contain the requirements for removing a user's access when an employee is terminated? Data ownership policy Data retention policy Data classification policy Account management policy

Account management policy

An analyst is reviewing the logs from the network and notices that there have been multiple attempts from the open wireless network to access the networked HVAC control system. The open wireless network must remain openly available so that visitors are able to access the internet. How can this type of attack be prevented from occurring in the future? Enable NAC on the open wireless network Install an IDS to protect the HVAC system Enable WPA2 security on the open wireless network Implement a VLAN to separate the HVAC control system from the open wireless network

Implement a VLAN to separate the HVAC control system from the open wireless network

A cybersecurity analyst is working for a university that is conducting a big data medical research project. The analyst is concerned about the possibility of an inadvertent release of PHI data. Which of the following strategies should be used to prevent this? Use DevSecOps to build the application that processes the PHI Conduct tokenization of the PHI data before ingesting it into the big data application Utilize a SaaS model to process the PHI data instead of an on-premise solution Utilize formal methods of verification against the application processing the PHI

Conduct tokenization of the PHI data before ingesting it into the big data application

Which of the following access control methods utilizes a set of organizational roles in which users are assigned to gain permissions and access rights? DAC ABAC MAC RBAC

Role-based access control (RBAC)

A web developer wants to protect their new web application from a man-in-the-middle attack. Which of the following controls would best prevent an attacker from stealing tokens stored in cookies? Setting the secure attribute on the cookie Forcing the use of SSL for the web application Forcing the use of TLS for the web application Hashing the cookie value

Setting the secure attribute on the cookie

The digital certificate on the Dion Training web server is about to expire. Which of the following should Jason submit to the CA in order to renew the server's certificate? Key escrow CSR OCSP CRL

certificate signing request

CSR

CSR (certificate signing request) is what is submitted to the CA (certificate authority) to request a digital certificate.

CRL

is a list of revoked certificate

Which of the following proprietary tools is used to create forensic disk images without making changes to the original evidence? Autopsy FTK Imager Memdump dd

FTK Imager FTK Imager can create perfect copies or forensic images of computer data without making changes to the original evidence. The forensic image is identical in every way to the original, including file slack and unallocated space or drive free space. The dd tool can also be used to create forensic images, but it is not a proprietary tool since it is open-source. Memdump is used to collect the content within RAM on a given host. Autopsy is a cross-platform, open-source forensic tool suite.

Which of the following utilizes a well-written set of carefully developed and tested scripts to orchestrate runbooks and generate consistent server builds across an enterprise? Software as a Service (SaaS) Infrastructure as Code (IaC) Infrastructure as a Service (IaaS) Software Defined Networking (SDN)

Infrastructure as Code (IaC) IaC is designed with the idea that a well-coded description of the server/network operating environment will produce consistent results across an enterprise, and significantly reduce IT overhead costs through automation while precluding the existence of security vulnerabilities

IaC

the idea that a well-coded description of the server/network operating environment will produce consistent results across an enterprise, and significantly reduce IT overhead costs through automation while precluding the existence of security vulnerabilities

Which analysis framework provides the most explicit detail regarding how to mitigate or detect a given threat? Lockheed Martin cyber kill chain OpenIOC MITRE ATT&CK framework Diamond Model of Intrusion Analysis

MITRE ATT&CK framework MITRE ATT&CK framework provides explicit pseudo-code examples for how to detect or mitigate a given threat within a network and ties specific behaviors back to individual actors

MITRE ATT&CK framework

MITRE ATT&CK framework provides explicit pseudo-code examples for how to detect or mitigate a given threat within a network and ties specific behaviors back to individual actors

Diamond Model of Intrusion

Diamond Model provides an excellent methodology for communicating cyber events and allowing an analyst to implicitly derive mitigation strategies.

Lockheed Martin cyber kill chain

Lockheed Martin cyber kill chain provides a general life cycle description of how attacks occur but does not deal with the specifics of how to mitigate

OpenIOC

contains a depth of research on APTs but does not integrate the detections and mitigation strategy.

A cybersecurity analyst is conducting an incident response at a government agency when she discovers that attackers had exfiltrated PII. Which of the following types of breaches has occurred? Financial breach Privacy breach Proprietary breach Integrity breach

Privacy breach

Dion Training wants to ensure that none of its computers can run a peer-to-peer file sharing program on its office computers. Which of the following practices should be implemented to achieve this? MAC filtering Application blacklisting Enable NAC Application whitelisting

Application blacklisting

RADIUS The RADIUS protocol utilizes an obfuscated password that is created from the shared secret and creates a MD5 hash of the authentication request to protect the communications.

A company needs to implement stronger authentication by adding an authentication factor to its wireless system. The wireless system only supports WPA with pre-shared keys, but the backend authentication system supports EAP and TTLS. What should the network administrator implement? MAC address filtering with IP filtering WPA2 with a complex shared key 802.1x using EAP with MSCHAPv2 PKI with user authentication

802.1x using EAP with MSCHAPv2

Which of the following functions is not provided by a TPM? User authentication Remote attestation Secure generation of cryptographic keys Binding Random number generation Sealing

User authentication

Which of the following access control methods provides the most detailed and explicit type of access control over a resource? RBAC MAC DAC ABAC

You are conducting an incident response and want to determine if any account-based indicators of compromise (IoC) exist on a compromised server. Which of the following would you NOT search for on the server? Unauthorized sessions Failed logins Malicious processes Off-hours usage

Malicious processes A malicious process is one that is running on a system and is outside the norm.

Your coworker is creating a script to run on a Windows server using PowerShell. Which of the following file formats should the file be in? sh .py .bat .ps1

.ps1

Your company just launched a new invoicing website for use by your five largest vendors. You are the cybersecurity analyst and have been receiving numerous phone calls that the webpage is timing out, and the website overall is performing slowly. You have noticed that the website received three million requests in just 24 hours, and the service has now become unavailable for use. What do you recommend should be implemented to restore and maintain the availability of the new invoicing system? Whitelisting VPN Intrusion Detection System MAC filtering

Whitelisting

MAC filtering

Windows file servers commonly hold sensitive files, databases, passwords, and more. What common vulnerability is usually used against a Windows file server to expose sensitive files, databases, and passwords? Cross-site scripting Missing patches SQL injection CRLF injection

Missing patches

A company's NetFlow collection system can handle up to 2 Gbps. Due to excessive load, this has begun to approach full utilization at various times of the day. If the security team does not have additional money in their budget to purchase a more capable collector, which of the following options could they use to collect useful data? Enable NetFlow compression Enable sampling of the data Enable QoS Enable full packet capture

Enable sampling of the data Sampling can help them to capture network flows that could be useful without collecting everything passing through the sensor

A web developer wants to protect their new web application from a man-in-the-middle attack. Which of the following controls would best prevent an attacker from stealing tokens stored in cookies? Hashing the cookie value Setting the secure attribute on the cookie Forcing the use of SSL for the web application Forcing the use of TLS for the web application

Setting the secure attribute on the cookie

You are working as a network administrator for Dion Training. The company has decided to allow employees to connect their devices to the corporate wireless network under a new BYOD policy. You have been asked to separate the corporate network into an administrative network (for corporate-owned devices) and an untrusted network (for employee-owned devices). Which of the following technologies should you implement to achieve this goal? WPA2 VPN VLAN MAC filtering

VLAN

You are working as a security administrator and need to respond to an ongoing spearphishing campaign against your organization. Which of the following should be used as a checklist of actions to perform in order to detect and resposd to this particular incident? Incident response plan Playbook Runbook DRP

Playbook A playbook is a checklist of actions to perform to detect and respond to a specific type of incident

What containment techniques is the strongest possible response to an incident? Isolating affected systems Enumeration Isolating the attacker Segmentation

Isolating affected systems

Which of the following elements is LEAST likely to be included in an organization's data retention policy? Minimum retention period Maximum retention period Description of information that needs to be retained Classification of information

Classification of information

RADIUS Remote Authentication Dial-In User Service (RADIUS) is a networking protocol, operating on port 1812 that provides centralized Authentication, Authorization, and Accounting (AAA or Triple A) management for users who connect and use a network service. The RADIUS protocol utilizes an obfuscated password that is created from the shared secret and creates a MD5 hash of the authentication request to protect the communications

Which of the following types of access control provides the strongest level of protection? MAC DAC ABAC RBAC

MAC

A corporate workstation was recently infected with malware. The malware was able to access the workstation's credential store and steal all the usernames and passwords from the machine. Then, the malware began to infect other workstations on the network using the usernames and passwords it stole from the first workstation. The IT Director has directed its IT staff to come up with a plan to prevent this type of issue from occurring again in the future. Which of the following would BEST prevent this from reoccurring? Install an anti-virus or anti-malware solution that uses heuristic analysis Monitor all workstations for failed login attempts and forward them to a centralized SYSLOG server Install a host-based intrusion detection system on all of the corporate workstations Install a Unified Threat Management system on the network to monitor for suspicious traffic

Install an anti-virus or anti-malware solution that uses heuristic analysis The only solution provided that could STOP this from reoccurring would be to use an anti-virus or anti-malware solution with heuristic analysis. The other options might be able to monitor and detect the issue, but not stop it from spreading. Heuristic analysis is a method employed by many computer anti-virus programs designed to detect previously unknown computer viruses, as well as new variants of viruses already in the wild 3.6 Obj: Given a scenario, apply cybersec solutions to the cloud

A web developer wants to protect their new web application from a man-in-the-middle attack. Which of the following controls would best prevent an attacker from stealing tokens stored in cookies? Forcing the use of SSL for the web application Setting the secure attribute on the cookie Hashing the cookie value Forcing the use of TLS for the web application

Setting the secure attribute on the cookie When a cookie has the Secure attribute, the user agent includes the cookie in an HTTP request only if the request is transmitted over a secure channel (typically HTTPS) OBJ 3.2: Given a scenario, implement host or application security controls

The digital certificate on the Dion Training web server is about to expire. Which of the following should Jason submit to the CA in order to renew the server's certificate? Key escrow CRL CSR OCSP

CSR A CSR (certificate signing request) is what is submitted to the CA (certificate authority) to request a digital certificate. Key escrow stores keys, CRL is a list of revoked certificate, and the OCSP is a status of certificates that provides validity such as good, revoked, or unknown Obj 3.9: Given a scenario, implement public key infrastructure

Ryan needs to verify the installation of a critical Windows patch on his organization's workstations. Which method would be the most efficient to validate the current patch status for all of the organization's Windows 10 workstations? Use SCCM to validate patch status for each machine on the domain Create and run a PowerShell script to search for the specific patch in question Conduct a registry scan of each workstation to validate the patch was installed Check the Update History manually

Use SCCM to validate patch status for each machine on the domain The Microsoft System Center Configuration Manager (SCCM) provides remote control, patch management, software distribution, operating system deployment, network access protection, and hardware and software inventory. OBJ: 3.2 Given a scenario, implement host or application security controls