Practice Exam 3 Flashcards
(69 cards)
Which of the following is normally the job of a senior leader within the incident response team?
-Securing the scene
-Notifying the incident response team
-Determining the initial scope and impact of the incident
-Notifying and coordinating with senior management and law enforcement officials
Notifying and coordinating with senior management and law enforcement officials
To protect an internal production network, you have decided it should not have a physical wired or wireless connection to any other network. Which of the following could still be used to compromise systems or data on the air-gapped network?
Select two.
-Unpatched network perimeter firewalls
-Social engineering
-Removable media
-Unencrypted data at rest
Removable media and Unencrypted data at rest
There have been many cases where air-gapped networks have been compromised using infected removed USB thumb drives employees are tricked into plugging into computers on the network. The physical theft of unencrypted storage media used on the air-gapped network would allow perpetrators full access to that data
Which of the following attacks results in mathematical operations that the host or application cannot handle, causing them to fail?
-SQL injection attack
-Directory traversal attack
-Integer overflow attack
-LDAP injection attack
Integer overflow attack
An integer overflow attack is similar to a buffer overflow attack and results in mathematical operations that the host or application cannot handle, causing them to fail.
After reviewing an internal web application vulnerability assessment, you learn that one web form in the app is susceptible to a SQL injection attack. You plan on addressing the issue with the software development team responsible for the web app. What hsoul you instruct the team to focus on when addressing the security issue?
Select two.
-Sanitize the web form fields that accept user query values
-Ensure that the backend database is encrypted to prevent SQL injection attacks
-Validate the web form fields that accept user query values
-Check that user-supplied data in web form fields does not exceed memory variable length
Sanitize the web form fields that accept user query values and Validate the web form fields that accept user query values.
Web form field validation can check that text was entered into a web form query field searching for text and not numbers. Sanitizing web form search fields removes special characters that might be supplied by attackers, which can have special meaning to the underlying backend database and return rows that otherwise should not be returned. Both of these techniques
Which of the following terms describes someone who hacks into systems, with permission of the system’s owner, to discover exploitable vulnerabilities and help secure the system?
-white hat hacker
-gray hat hacker
-black hat hacker
-black box tester
White hat hacker
White hat hacker uses their skills to assist in securing systems. They are usually penetration testing professionals or ethical hackers.
Which of the following are usually annoying advertisements that come in the form of pop-up messages in a user’s browser?
-logic bomb
-trojan
-adware
-virus
Adware
Which of the following secure file copy protocols is used over an SSL or TLS connection?
-SFTP
-FTPS
-SCP
-FTP
FTPS
FTPS is a secure version of the non-secure FTP protocol and is used over SSL or TLS connections to ensure security when transferring files to or from an Internet-based host
Your company allows a number of employees to telecommute, while others travel extensively. You have been tasked with finding a centralized solution that will allow access to shared data over the Internet. What is the best solution?
-cloud services
-subnetting
-virtualization
-NAT
Cloud services
Cloud services can enable users to perform their work via a browser, from anywhere they have Internet connectivity. This can be configured either to allow a local copy along with the cloud copy of the data, or the data can be edited directly within the cloud
You are preparing an IT network sandbox for an employee security awareness lunch and learn lesson. As part of your presentation, you would like to demonstrate a phishing website that tricks users into entering their banking credentials. What is required to ensure the success of this type of deception?
Select two.
-Clone the real website onto an attack web server
-Utilize user device logon credentials
-Disable user device firewall rules
-Install a trusted root certificate on victim devices
Clone the real website onto an attacker web server, and Install a trusted root certificate on victim devices
Modern web browsers notify users of HTTP website connections being unsafe, so the attacker could use a self-certified certificate for their server, but this must be trusted by the victim devices; installing the related trusted root certificate on the user devices accomplishes this. The attacker must have a convincing copy of the real website to trick users; this is easily done using freely available tools. Attackers would need to trick users into clicking a link that installs a trusted root certificate on their device and takes them to the fake website.
Which of the following attacks might involve an attacker attempting to enter a facility with arms full of boxes, in an attempt to gain sympathy and have someone open the door for them?
-shoulder surfing
-impersonation
-dumpster diving
-tailgating
Tailgating
A tailgating person might use some sort of creative pretext to convince someone to open the door and allow him or her to enter without proper identification
Which type of network intrusion detection system (NIDS) develops a baseline of normal traffic so it can detect deviations in this traffic that might indicate an attack?
-filter-based system
-rule-based system
-signature-based system
-anomaly-based system
Anomaly-based system
Anomaly-based systems detect unusual network traffic patterns based upon a baseline of normal network traffic
Which of the following secure protocols protects traffic during transmission and uses TCP port 443?
Select two.
-SSL
-TLS
-SCP
-SSH
SSL and TLS
Both Transport Layer Security and Secure Sockets Layer protocols are used to encrypt traffic sent over untrusted networks, such as the Internet. Both use TCP port 443
Bernice needs to monitor a number of hosts in her network that are trying to run a buggy new application written in house. In particular, she needs to make sure she detects hosts that are BSOD, overflowed, or otherwise locking up, restarting the application or restarting those hosts as needed. What kind of control options listed below will best enable her to accomplish her task?
-NIPS
-SIEM
-EDR
-NGFW
EDR
Endpoint detection and response essentially combines and NGFW with a NIPS to provide end-to-end monitoring, analysis, and response to threats
NGFW means next-generation firewall, and NIPS means Network-based intrusion prevention system
You are implementing a new website that does a financial check in order to process loan applications. People accessing the site will be new users and have no pre-shared information. Why is knowledge-based authentication the best choice for this website?
-wide breadth of knowledge commonly known to both parties is required
-it uses easily guessed answers
-it works on knowledge that is privileged information
-it can only work on users who have an account
Wide breadth of knowledge commonly known to both parties is required
Knowledge-based authentication uses information that is not commonly known, but is not privileged or secret information. This is information that is known to both the user and the system. It uses a wide breadth of information spanning many years to authenticate a user for example, authenticating your car insurance company by listing all the cars you have owned over the past ten years
Specialized and embedded systems have a different set of constraints that they are designed to operate under. Which of the following are considered some of these constraints?
Select all that apply.
-Power drives many design elements, and extra functionality that is not needed, including speed, only uses power and does not add to the functionality of the unit
-The inability to patch an item represents a security risk and a constraint
-The level of computational resources for crypto functions can be substantial, thus becoming a constraint to the overall system
-Without direct connectivity, networking requires a radio transceiver, and this increases power demands
All of the answers are correct.
Typical constraints for specialized and embedded systems include limitations on power, compute capacity, network throughput and bandwidth, cryptography, and cost. Additional issues with authentication and trust can also be driving factors.
What is the last step in the incident response life cycle?
-containment, eradication, and recovery
-post-incident activity
-detection and analysis
-prepartation
Post-incident activity
Which of the following attacks attempts to send unsolicited ARP messages to a client to add false entries to its ARP cache?
-Smurf attack
-SYN flood
-ARP poisoning attack
-Session hijacking attack
ARP poisoning attack
With your organization’s adoption of encryption, users are allowed to protect data with their private keys. To prevent data loss if a user loses their private key, what technology should be implemented?
-self-signed certificates
-certificate-chaingin
-hybrid trust model
-key escrow
Key escrow
Key escrow allows private keys to be held by both you and a third party so in the event a key is lost or inaccessible the data encrypted with the associated public key can be recovered
You are trying to implement a hardware security module (HSM) device on your network. To convince the CIO to provide a budget for the device, what do you cite as a key advantage?
-HSMs have a central repository for all keys
-HSMs have automated key backups
-HSMs have a master key for recovery purposes
-HSMs have tamper-protection mechanisms to protect the keys
HSMs have tamper-protection mechanisms to protect the keys
HSMs have tamper protections to prevent access to the keys they protect. This allows the keys to be used but not distributed across the network.
Your manager is concerned about mobile devices and wants a report on how people can potentially modify their phones. What topics need to be covered?
Select two.
-Escalation
-Bluejacking
-Rooting
-Jailbreaking
Rooting and Jailbreaking
When and iOS device is bypassed, it is called “jailbreaking”. On Android, this process is referred to as “rooting”. Both methods allow extensive modification of the phones and loading unapproved modifications
Which of the following is a variant of a phishing attack that targets a particular type of user and includes specific information?
-whaling
-vishing
-pharming
-spear phishing
Spear phishing
Spear phishing involves sending email to a particular type of user, regardless of rank in the organization, basing the attack on more detailed, in-depth information to convince the target that the phishing email is actually valid.
Which of the following is a non-regulatory agency of the United States Department of Commerce?
-SLA
-SAE
-NIST
-NSA
NIST
The National Institute of Standards and Technology is a non-regulatory agency of the United States Department of Commerce
Which of the following tools will help you track down a potential backdoor program allowing access into a host on your network?
-check the antimalware logs
-monitor traffic from that specific computer with a protocol analyzer
-run a port scan on your firewall
-run a performance baseline test on the system
Monitor traffic from that specific computer with a protocol analyzer
A protocol analyzer can intercept, log, and allow analysis to be conducted on network traffic, to include source and destination of the traffic
You have set up a private organization PKI system with a Root CA and intermediate CAs using a hierarchal trust model. To get your end-user system to trust the servers, you need to have the end systems trust the Root CA and apply what to the servers?
-the end-entity certificate only
-the self-signed certificate
-the certificate chain of the Root CA, intermediate CA, and leaf CA as well as the end-entity certificate
-the root certificate
The certificate chain of the Root CA, intermediate CA, and leaf CA as well as the end-entity certificate