Multiple Choice 2 Flashcards
A commercial cyber-threat intelligence organization observes IoCs across a variety of unrelated
customers. Prior to releasing specific threat intelligence to other paid subscribers, the
organization is MOST likely obligated by contracts to:
Indicators of compromise (IOCs)
Anonymize any PII that is observed within the IoC data.
Indicators of compromise (IOCs) serve as forensic evidence of potential intrusions on a host system or network.
While checking logs, a security engineer notices a number of end users suddenly downloading
files with the .tar.gz extension. Closer examination of the files reveals they are PE32 files. The
end users state they did not initiate any of the downloads. Further investigation reveals the end
users all clicked on an external email containing an infected MHT file with an href link a week
prior. Which of the following is MOST likely occurring?
A RAT was installed and is transferring additional exploit tools.
A TAR. GZ file contains one or more compressed files and is commonly used on Unix operating systems to package files, programs, and installers.
PE32 files is Portable Executable, a member of the EXE family
MHT stands for MHTML Web Archive
An organization is developing a plan in the event of a complete loss of critical systems and data.
Which of the following plans is the organization MOST likely developing?
Disaster recovery
Which of the following is the purpose of a risk register?
To identify the risk, the risk owner, and the risk measures
Risk registers are a widespread utility that allow practitioners to track and measure risks in one place.
A university with remote campuses, which all use different service providers, loses Internet
connectivity across all locations. After a few minutes, Internet and VoIP services are restored,
only to go offline again at random intervals, typically within four minutes of services being
restored. Outages continue throughout the day, impacting all inbound and outbound connections
and services. Services that are limited to the local LAN or WiFi network are not impacted, but all
WAN and VoIP services are affected.
Later that day, the edge-router manufacturer releases a CVE outlining the ability of an attacker to
exploit the SIP protocol handling on devices, leading to resource exhaustion and system reloads.
Which of the following BEST describe this type of attack? (Choose two.)
Session Initiation Protocol (SIP)
DoS & Race conditions
Race condition is an undesirable situation that occurs when a device or system attempts to perform two or more operations at the same time
VoIP: calls are being made within an internal system so external hackers cannot easily intercept the data.
Session Initiation Protocol (SIP) is a signaling protocol used for initiating, maintaining, modifying and terminating real-time communications sessions between Internet Protocol (IP) devices.
A company recently set up an e-commerce portal to sell its product online. The company wants to
start accepting credit cards for payment, which requires compliance with a security standard.
Which of the following standards must the company comply with before accepting credit cards on
its e-commerce platform?
PCI DSS
The Payment Card Industry (PCI) Data Security Standard (DSS) is an information security standard developed to enhance cardholder data security for organizations that store, process or transmit credit card data.
Which of the following BEST describes a security exploit for which a vendor patch is not readily
available?
Zero-day
The Chief Financial Officer (CFO) of an insurance company received an email from Ann, the
company’s Chief Executive Officer (CEO), requesting a transfer of $10,000 to an account. The
email states Ann is on vacation and has lost her purse, containing cash and credit cards. Which
of the following social- engineering techniques is the attacker using?
Whaling
An organization wants to implement a third factor to an existing multifactor authentication. The
organization already uses a smart card and password. Which of the following would meet the
organization’s needs for a third factor?
Fingerprints
An employee has been charged with fraud and is suspected of using corporate assets. As
authorities collect evidence, and to preserve the admissibility of the evidence, which of the
following forensic techniques should be used?
Chain of custody
The chain of custody is a tracking record beginning with detailed scene notes that describe where the evidence was received or collected. Collection techniques, preservation, packaging, transportation, storage and creation of the inventory list are all part of the process used in establishing the chain of custody
A company wants to deploy PKI on its Internet-facing website. The applications that are currently
deployed are:
www.company.com (main website)
contactus.company.com (for locating a nearby location)
quotes.company.com (for requesting a price quote)
The company wants to purchase one SSL certificate that will work for all the existing applications
and any future applications that follow the same naming conventions, such as
store.company.com. Which of the following certificate types would BEST meet the requirements?
Wildcard
A wildcard certificate is a public key certificate used by all subdomains within a larger domain.
A Chief Security Officer (CSO) is concerned about the amount of PII that is stored locally on each
salesperson’s laptop. The sales department has a higher-than-average rate of lost equipment.
Which of the following recommendations would BEST address the CSO’s concern?
Implement managed FDE
Full disk encryption (FDE) is a security safeguard that protects all data stored on a hard drive from unauthorized access using disk-level encryption
A user contacts the help desk to report the following:
- Two days ago, a pop-up browser window prompted the user for a name
and password after connecting to the corporate wireless SSID. This had
never happened before, but the user entered the information as
requested.
- The user was able to access the Internet but had trouble accessing
the department share until the next day.
- The user is now getting notifications from the bank about
unauthorized transactions.
Which of the following attack vectors was MOST likely used in this scenario?
Rogue access point
A rogue access point provides a wireless backdoor channel into the private network for outsiders. It can bypass network firewalls and other security devices and opens a network to attacks.
A host was infected with malware. During the incident response, Joe, a user, reported that he did
not receive any emails with links, but he had been browsing the Internet all day. Which of the
following would MOST likely show where the malware originated?
The DNS logs
The Domain Name System (DNS) log, Attackers are using DNS for data theft, denial-of-service, and other malicious activity. Proactive monitoring of DNS activity can help network administrators quickly detect and respond to these threats.
A recently discovered zero-day exploit utilizes an unknown vulnerability in the SMB network
protocol to rapidly infect computers. Once infected, computers are encrypted and held for
ransom. Which of the following would BEST prevent this attack from reoccurring?
Server Message Block, SMB
Configure the perimeter firewall to deny inbound external connections to SMB ports.
Short for Server Message Block, SMB is an application layer protocol that allows for file, printer, device sharing and inter-process communication (IPC) between applications on a network through a client-server architecture.
