Practice Exam 2

Question 1

Which of the following statements about highly structured threats is not true?

-they are sometimes supported by nation states and target other countries
-they usually have significant financial backing
-they only target intelligence information and military data
-some countries have regulations to prevent government workers from attacking companies for reasons of economic warfare

Answer 1

They only target intelligence information and military data

Highly structured threats may target companies, conduct corporate espionage, and steal intellectual property. They are not solely focused on government and military targets.

Question 2

Which of the following statements is false regarding BYOD?

-employees are willing to limit the use of their personal devices as determined by corporate policies
-users prefer a single device over multiple devices
-the learning curve is shorter on devices they own or prefer
-it works well for temporary workers

Answer 2

Employees are willing to limit the use of their personal devices as determined by corporate policies

Employees might not be eager to limit the use of their personal devices based on corporate policy

Question 3

Your organization utilizes two different people to perform tasks that are both necessary for the entry into your building. Person 1 checks IDs, enters data in a log, and can issue a visitor badge. Visitor 2 controls the door access, so a failure by either person does not expose your organization. Which of the following is this an example of?

Answer 3

Two-person integrity/control

Having two people required to perform a task provides a means of checks and balances

Question 4

Which of the following mitigation techniques are the most effective in preventing and minimizing the impact of ransomware data encryption incidents?
Select two.
-Do periodic updates of user training and awareness materials
-Identify network hosts that are not compliant with security baselines
-Do a periodic review of layer 4 network perimeter firewall rules
-Store frequent backups offline

Answer 4

-Do periodic updates of user training and awareness materials
-Store frequent backups offline

Storing backups offline prevents ransomware from encrypting backed-up data. User awareness of scams and how malware works can prevent ransomware attacks from occurring.

Question 5

What is the term used to describe the characteristic of a software system to process higher workloads on its current resources or on additional resources without interruption?

Answer 5

Scalability

Question 6

Continuous monitoring is the term used to describe which of the following?

-the practice where every change passing all stages of the production pipeline is released to production
-the extension of testing to support the continuous process of software development in DevOps
-the DevOps manner of continually updating and improving the production code base
-technologies/processes used to enable rapid detection of compliance issues and security risks

Answer 6

Technologies/processes used to enable rapid detection of compliance issues and security risks

Continuous monitoring is one of the most important tools available for risk management

Question 7

A recent security audit had a finding of your VPN allowing split tunneling. The auditors preferred to require full tunneling on the VPN. What security risk are the auditors attempting to mitigate?

Answer 7

Attacks that come from the public network could be routed through the endpoint and potentially bypass network perimeter controls of the organization.

A split-tunnel VPN can potentially allow an attack to come from the untrusted Internet to attack the endpoint and then potentially allow that compromise into the organization from an unexpected network location.

Question 8

All of the following are supporting elements of authorization except:
-rights, permissions, and privileges
-principle of least privilege
-separation of duties
-credential validation

Question 9

Which of the following is guidance for configuring and operating computer systems at a secure level that is documented and understood?

Question 10

All of the following are characteristics of the RADIUS authentication protocol except:
-RADIUS uses TCP port 1812
-RADIUS uses UDP port 1812
-RADIUS accepts earlier forms of authentication protocols, such as PAP
-RADIUS encrypts user passwords during the authentication process

Question 11

Data that if disclosed to an unauthorized party would potentially cause harm or disruption to the organization should be labeled as which of the following?

Question 12

Which of the following terms indicates the amount of time it takes for a hardware component to recover from failure?

Question 13

What is a script kiddie?

Question 14

Your office does not deal in classified or even sensitive data. You are concerned, however, with the loss of equipment, as you have had a few external drive and tablets stolen in the last 12 months. Which of the following would be most appropriate for your environment, keeping in mind that you want a low-cost solution?

Question 15

What network attack method involves the attacker sending messages to corrupt the ARP table and cause packets to be misrouted?

Question 16

Which tool would you use to discover hosts and services on a network?

Question 17

You are browsing a social media platform and notice question-game posts asking which car you drove to pass a driver’s test. Which term best describes these types of posts?

Question 18

Which tool would you use to manipulate network interfaces on a workstation?

Question 19

After recent phishing attacks through email, you decide to implement a solution internally where employees can be assured of the authenticity of messages from other employees. Which email feature should you implement?

Question 20

Which of the following is the best description of impact?

Question 21

In discussions of threat hunting, what does the acronym IOA mean?

Question 22

Which of the following protocols would you use to encrypt VPN traffic?

Question 23

Which of the following is not an element of mobile device management?

Question 24

What is the primary difference between authorized and semi-authorized hackers?

Question 25

What is the main difference between a DoS and a DDoS attack?

Question 26

The corporate IT manager wants you to implement a process that separates corporate apps from personal apps on mobile devices. Which of the following techniques will enable you to do this?

Question 27

Which of the following details the specific access levels that individuals or entities may have when interacting with objects?

Question 28

What is the initialization vector (IV) used for in a wireless communications protocol?

Question 29

Which of the following is a legal document describing a bilateral agreement between parties?

Question 30

Your company hosts public web servers that allow connections directly to TCP port 80 over HTTP and are configured with public IPv4 addresses. You need to enable connections to company HTTP servers using HTTPS while hiding the true identities of the servers. Which security solutions should you implement? Select two. -Source network address translation -VPN -PKI certificate -Reverse proxy server

Question 31

Which of the following is the name given to the connection of infrastructure and software elements to provide specific services to a business entity?

Question 32

Your organization wants to prevent anyone who has physical access to a computer from inserting a USB device to execute code from the device. At the same time, the organization wants to allow employees to utilize USB ports to charge devices such as their smartphones. Which of the following provides a way to accomplish this goal?

Question 33

Which tool would you use to check the path packets take over a network?

Question 34

If you condensed the penetration process down into four phases, what might those phases be?

Question 35

Which of the following is the name for the cloud deployment model where cloud-based systems are delivered as a virtual solution for computing, allowing organizations to contract for utility computing as needed?

Question 36

What is RFID an acronym for?

Question 37

Which of the following access control models enables a person who creates or owns objects to define permissions to access those objects?

Question 38

Why are insider threats considered more dangerous than external threats? Select all that apply. -Insiders are easier to detect and stop than outsiders -Insiders may already have the access they need to commit fraud or steal data -Insiders have the access and knowledge to cause immediate damage -Most security measures are designed to protect against outsiders

Question 39

What is the name given to parts of an organization that perform their own IT functions?

Question 40

You require the ability to query host and network device statistics and configurations in order to determine if suspicious activity is present. Which TCP/IP protocol should you use?

Question 41

Which of the following is a negotiated agreement between parties detailing expectations for both the customer and the service provider

Answer 41

SLA

Question 42

What is the specific name given to sturdy posts, often made of concrete, galvanized steel, or stainless steel? They are used to protect entryways and prevent unauthorized entry and vehicle ramming attacks.

Answer 42

Bollard

Question 43

What is the purpose of DLP?

Question 44

Which tool would you use to list a file's contents to a pipe?

Question 45

What type of file, often sent with an email message, can contain malicious code that can be downloaded and executed on a client's computer?

Question 46

Which tool would you use to identify TCP connections?

Question 47

Marisol sees a tremendous amount of traffic on TCP port 389 from the Internet. Which TCP/IP service should she inspect first?

Question 48

Which of the following statements about open permissions are true? Select two. -Only files can have open permissions -The risk associated with open permissions is context dependent -Files with open permissions are always of little value -A file with open permissions might be accessible to anyone, including guest accounts

Question 49

Which tool would you use to output the first part of a file?

Question 50

Which approach to site resiliency consists of partially configured systems, usually having the peripherals and software but perhaps not the more expensive main processing computer?

Answer 50

Warm site

Question 51

What is the term for the process of identifying critical assets and systems, interdependencies, and ensuring their availability during a disruption?

Question 52

If your organization is highly sensitive to sharing resources, you might consider using which of the following cloud models?

Question 53

What type of attack places a layer of code between a driver and the operating system?

Question 54

The X.509 standard outlines which of the following? Select two. -necessary fields of certificate -usage types -possible values of certificate fields -location of the CRL

Question 55

Which of the following is not a recognized attack vector?

Question 56

You are compiling a list of cybersecurity incidents that occurred in the organization over the last year. The list will be published on an internal company website as a company newsletter for all employees to read. Under which category should you provide details related to phishing scam incidents?

Question 57

What is the biggest difference between EAP-TLS and EAP-TLS?

Question 58

In which phase of the incident response process is the incident response team first notified?

Question 59

What is a zero day vulnerability?

Question 60

You are conducting user security awareness training. An attendee asks how they can identify phishing email messages. What should you tell them to look for? Select two. -Bad grammar -Messages that are not digitally signed -Messages that are not encrypted -Email address inconsistencies

Question 61

The process of verifying an identity previously established in a computer system is known as which of the following?

Question 62

Which of the following is the name given to the process of assigning permissions or authorities to objects?

Question 63

Which of the following are two characteristics of strong passwords? Select two. -Use of additional character space -Encryption strength -Authentication methods -Password length

Question 64

Your organization has had problems with unauthorized individuals following behind authorized employees into restricted areas. What is one of the best ways to avoid this issue, commonly known as tailgating?

Question 65

Which phase of the incident response process involves restoring normal business operations?

Question 66

Which of the following is not one of the Trust Service identified by the SOC 2?

Question 67

You have fallen victim to a social media phishing scam. After receiving an email notification of a video of you from the past, you clicked the link, which played a generic stock video, and you realized it was a scam. What is the first thing you should do?

Question 68

Which of the following policy settings prevent a user from rapidly changing passwords and cycling through their password history to reuse a password?

Question 69

What process is used to review and validate continuity of operations planning?

Question 70

Which security control is not offered by virtual LAN?

Question 71

Which phase of the incident response process involves assigning actions to correct weaknesses and ways to improve?

Question 72

Custom built software running on an internal Windows server communicates over TCP port 4489. You need to configure a firewall solution to allow traffic destined for port 4489 from the IP address range assigned to the sales team subnet. Which type of firewall should you configure while minimizing administrative effort and cost?

Question 73

Executives in the organization complain that an abnormally high number of scam email messages have been flooding their inboxes. other users in the organization have not received any of the same messages. All user devices are configured with the same security software and settings. When reporting to your manager, which term best describes the situation?

Question 74

What is the name of an enclosure of conductive material that is grounded with no significant gap in the enclosure material, the purpose of which is to help shield EMI, especially in high radio frequency environments?

Question 75

Data sovereignty is a relatively new type of legislation several countries have recently enacted. What do these laws generally require?

Question 76

Which of the following enables a user to provide one set of credentials to the system and use those credentials throughout other interconnected systems?

Question 77

Which tool would you use to read and write TCP/UDP network connections?

Question 78

Which of the following scenarios define a fail-close situation? Select two. -Electric hospital doors are not left open during a power outage in case of fire -Failed user authentication to a server prevents user resource access -Firewall loges reaching maximum configured capacity prevent firewall functionality -Firewall rules block disallowed traffic to an internal network

Question 79

Which of the following is information that can lead to specifically identifying a person?

Question 80

Which of the following is a recognized way of restricting access to applications?

Question 81

Which of the following can cause a successful attack on a system when a user enters malicious code or characters into a form field on a Web application?

Question 82

Which of the following roles is responsible for the day-to-day caretaking of data?

Question 83

Which of the following types of attacks can be prevented by using TSL 1.3?

Question 84

The value of a loss expected from a single event is the definition of what?

Question 85

Fabian's new load balancer has a number of scheduling options and he's trying to decide the one to use. He wants to schedule load balancing such that the load balancer assigns to each server in order, then returns to the first server. What is this form of scheduling?

Question 86

Your company's t-shirt printer went down, again! The tech whose job it is to keep the printer running tells you that it's going to taker her about 30 minutes to repair the printer. This 30 minute period is best represented by ___

Question 87

Which of the following types of governence are developed externally? Select three. -Statutory governance -Organizational governance -Vendor governance -Industry governance

Question 88

Which term is defined as a weakness that can be exploited by a threat?

Question 89

The technique of creating a mirror version of a database on which data modification techniques such as character shuffling, encryption, and word or character substitution are applied to change the data is known as which of the following?

Question 90

Which of the following are true statements about the dark web and deep web? Select all that apply. -The dark web uses obfuscation methods to restrict access -The deep web is not indexed by search engines and is usually restricted using logins -The dark web is only used in legal activities to avoid government surveillance -The deep web requires special software, such as Tor, to restrict access