Practice Exam 3 Flashcards

(69 cards)

1
Q

Which of the following is normally the job of a senior leader within the incident response team?

-Securing the scene
-Notifying the incident response team
-Determining the initial scope and impact of the incident
-Notifying and coordinating with senior management and law enforcement officials

A

Notifying and coordinating with senior management and law enforcement officials

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

To protect an internal production network, you have decided it should not have a physical wired or wireless connection to any other network. Which of the following could still be used to compromise systems or data on the air-gapped network?
Select two.

-Unpatched network perimeter firewalls
-Social engineering
-Removable media
-Unencrypted data at rest

A

Removable media and Unencrypted data at rest

There have been many cases where air-gapped networks have been compromised using infected removed USB thumb drives employees are tricked into plugging into computers on the network. The physical theft of unencrypted storage media used on the air-gapped network would allow perpetrators full access to that data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which of the following attacks results in mathematical operations that the host or application cannot handle, causing them to fail?

-SQL injection attack
-Directory traversal attack
-Integer overflow attack
-LDAP injection attack

A

Integer overflow attack

An integer overflow attack is similar to a buffer overflow attack and results in mathematical operations that the host or application cannot handle, causing them to fail.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

After reviewing an internal web application vulnerability assessment, you learn that one web form in the app is susceptible to a SQL injection attack. You plan on addressing the issue with the software development team responsible for the web app. What hsoul you instruct the team to focus on when addressing the security issue?
Select two.

-Sanitize the web form fields that accept user query values
-Ensure that the backend database is encrypted to prevent SQL injection attacks
-Validate the web form fields that accept user query values
-Check that user-supplied data in web form fields does not exceed memory variable length

A

Sanitize the web form fields that accept user query values and Validate the web form fields that accept user query values.

Web form field validation can check that text was entered into a web form query field searching for text and not numbers. Sanitizing web form search fields removes special characters that might be supplied by attackers, which can have special meaning to the underlying backend database and return rows that otherwise should not be returned. Both of these techniques

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which of the following terms describes someone who hacks into systems, with permission of the system’s owner, to discover exploitable vulnerabilities and help secure the system?

-white hat hacker
-gray hat hacker
-black hat hacker
-black box tester

A

White hat hacker

White hat hacker uses their skills to assist in securing systems. They are usually penetration testing professionals or ethical hackers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which of the following are usually annoying advertisements that come in the form of pop-up messages in a user’s browser?

-logic bomb
-trojan
-adware
-virus

A

Adware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which of the following secure file copy protocols is used over an SSL or TLS connection?

-SFTP
-FTPS
-SCP
-FTP

A

FTPS

FTPS is a secure version of the non-secure FTP protocol and is used over SSL or TLS connections to ensure security when transferring files to or from an Internet-based host

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Your company allows a number of employees to telecommute, while others travel extensively. You have been tasked with finding a centralized solution that will allow access to shared data over the Internet. What is the best solution?

-cloud services
-subnetting
-virtualization
-NAT

A

Cloud services

Cloud services can enable users to perform their work via a browser, from anywhere they have Internet connectivity. This can be configured either to allow a local copy along with the cloud copy of the data, or the data can be edited directly within the cloud

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

You are preparing an IT network sandbox for an employee security awareness lunch and learn lesson. As part of your presentation, you would like to demonstrate a phishing website that tricks users into entering their banking credentials. What is required to ensure the success of this type of deception?
Select two.

-Clone the real website onto an attack web server
-Utilize user device logon credentials
-Disable user device firewall rules
-Install a trusted root certificate on victim devices

A

Clone the real website onto an attacker web server, and Install a trusted root certificate on victim devices

Modern web browsers notify users of HTTP website connections being unsafe, so the attacker could use a self-certified certificate for their server, but this must be trusted by the victim devices; installing the related trusted root certificate on the user devices accomplishes this. The attacker must have a convincing copy of the real website to trick users; this is easily done using freely available tools. Attackers would need to trick users into clicking a link that installs a trusted root certificate on their device and takes them to the fake website.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which of the following attacks might involve an attacker attempting to enter a facility with arms full of boxes, in an attempt to gain sympathy and have someone open the door for them?

-shoulder surfing
-impersonation
-dumpster diving
-tailgating

A

Tailgating

A tailgating person might use some sort of creative pretext to convince someone to open the door and allow him or her to enter without proper identification

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which type of network intrusion detection system (NIDS) develops a baseline of normal traffic so it can detect deviations in this traffic that might indicate an attack?

-filter-based system
-rule-based system
-signature-based system
-anomaly-based system

A

Anomaly-based system

Anomaly-based systems detect unusual network traffic patterns based upon a baseline of normal network traffic

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which of the following secure protocols protects traffic during transmission and uses TCP port 443?
Select two.

-SSL
-TLS
-SCP
-SSH

A

SSL and TLS

Both Transport Layer Security and Secure Sockets Layer protocols are used to encrypt traffic sent over untrusted networks, such as the Internet. Both use TCP port 443

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Bernice needs to monitor a number of hosts in her network that are trying to run a buggy new application written in house. In particular, she needs to make sure she detects hosts that are BSOD, overflowed, or otherwise locking up, restarting the application or restarting those hosts as needed. What kind of control options listed below will best enable her to accomplish her task?

-NIPS
-SIEM
-EDR
-NGFW

A

EDR

Endpoint detection and response essentially combines and NGFW with a NIPS to provide end-to-end monitoring, analysis, and response to threats

NGFW means next-generation firewall, and NIPS means Network-based intrusion prevention system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

You are implementing a new website that does a financial check in order to process loan applications. People accessing the site will be new users and have no pre-shared information. Why is knowledge-based authentication the best choice for this website?

-wide breadth of knowledge commonly known to both parties is required
-it uses easily guessed answers
-it works on knowledge that is privileged information
-it can only work on users who have an account

A

Wide breadth of knowledge commonly known to both parties is required

Knowledge-based authentication uses information that is not commonly known, but is not privileged or secret information. This is information that is known to both the user and the system. It uses a wide breadth of information spanning many years to authenticate a user for example, authenticating your car insurance company by listing all the cars you have owned over the past ten years

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Specialized and embedded systems have a different set of constraints that they are designed to operate under. Which of the following are considered some of these constraints?
Select all that apply.

-Power drives many design elements, and extra functionality that is not needed, including speed, only uses power and does not add to the functionality of the unit
-The inability to patch an item represents a security risk and a constraint
-The level of computational resources for crypto functions can be substantial, thus becoming a constraint to the overall system
-Without direct connectivity, networking requires a radio transceiver, and this increases power demands

A

All of the answers are correct.

Typical constraints for specialized and embedded systems include limitations on power, compute capacity, network throughput and bandwidth, cryptography, and cost. Additional issues with authentication and trust can also be driving factors.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is the last step in the incident response life cycle?

-containment, eradication, and recovery
-post-incident activity
-detection and analysis
-prepartation

A

Post-incident activity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Which of the following attacks attempts to send unsolicited ARP messages to a client to add false entries to its ARP cache?

-Smurf attack
-SYN flood
-ARP poisoning attack
-Session hijacking attack

A

ARP poisoning attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

With your organization’s adoption of encryption, users are allowed to protect data with their private keys. To prevent data loss if a user loses their private key, what technology should be implemented?

-self-signed certificates
-certificate-chaingin
-hybrid trust model
-key escrow

A

Key escrow

Key escrow allows private keys to be held by both you and a third party so in the event a key is lost or inaccessible the data encrypted with the associated public key can be recovered

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

You are trying to implement a hardware security module (HSM) device on your network. To convince the CIO to provide a budget for the device, what do you cite as a key advantage?

-HSMs have a central repository for all keys
-HSMs have automated key backups
-HSMs have a master key for recovery purposes
-HSMs have tamper-protection mechanisms to protect the keys

A

HSMs have tamper-protection mechanisms to protect the keys

HSMs have tamper protections to prevent access to the keys they protect. This allows the keys to be used but not distributed across the network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Your manager is concerned about mobile devices and wants a report on how people can potentially modify their phones. What topics need to be covered?
Select two.

-Escalation
-Bluejacking
-Rooting
-Jailbreaking

A

Rooting and Jailbreaking

When and iOS device is bypassed, it is called “jailbreaking”. On Android, this process is referred to as “rooting”. Both methods allow extensive modification of the phones and loading unapproved modifications

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Which of the following is a variant of a phishing attack that targets a particular type of user and includes specific information?

-whaling
-vishing
-pharming
-spear phishing

A

Spear phishing

Spear phishing involves sending email to a particular type of user, regardless of rank in the organization, basing the attack on more detailed, in-depth information to convince the target that the phishing email is actually valid.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Which of the following is a non-regulatory agency of the United States Department of Commerce?

-SLA
-SAE
-NIST
-NSA

A

NIST

The National Institute of Standards and Technology is a non-regulatory agency of the United States Department of Commerce

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Which of the following tools will help you track down a potential backdoor program allowing access into a host on your network?

-check the antimalware logs
-monitor traffic from that specific computer with a protocol analyzer
-run a port scan on your firewall
-run a performance baseline test on the system

A

Monitor traffic from that specific computer with a protocol analyzer

A protocol analyzer can intercept, log, and allow analysis to be conducted on network traffic, to include source and destination of the traffic

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

You have set up a private organization PKI system with a Root CA and intermediate CAs using a hierarchal trust model. To get your end-user system to trust the servers, you need to have the end systems trust the Root CA and apply what to the servers?

-the end-entity certificate only
-the self-signed certificate
-the certificate chain of the Root CA, intermediate CA, and leaf CA as well as the end-entity certificate
-the root certificate

A

The certificate chain of the Root CA, intermediate CA, and leaf CA as well as the end-entity certificate

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Which of the following statements best describes an XML injection attack? -An attack that involves sending malicious XML content to a Web application, taking advantage of any lack of input validation and XML parsing -An attack that uses unexpected numerical results from a mathematical operation to overflow a buffer -An attack on a database through vulnerabilities in the Web application, usually in user input fields -An attack that exceeds the memory allocated to an application for a particular function, causing it to crash
An attack that involves sending malicious XML content to a Web application, taking advantage of any lack of input validation and XML parsing
26
After you get the certificate authority (CA) built and configured, your manager asks you why all this effort is needed just to generate keys. What is the difference between a key and a certificate? -Certificates contain metadata about the keys as well as the key itself -Keys only contain public data -Keys contain data about how to program the cipher -Certificates contain the information about the algorithm used to generate the key
Certificates contain metadata about the keys as well as the key itself
27
Which of the following statements about bluesnarfing are true? Select two. -The attacker must be relatively close to the victim (less than 100 feet) -It only targets 802.11a devices -It requires a laptop and specialized software -It is similar to bluejacking, but it copies data from the victim's device instead of sending messages
The attacker must be relatively close to the victim (less than 100 feet), and It is similar to bluejacking, but it copies data from the victim's device instead of sending messages Bluesnarfing is similar to bluejacking in that they both use the Bluetooth protocol, but bluesnarfing copies data from the victim's device such as emails, contacts, media files, etc. Bluetooth has a limited range, and the attacker and victim must be close to each other
28
An attacker manages to break in to your network using the wireless connection because you supported an older version of WEP. Why is updating your wireless to more modern Wi-Fi cryptography so important? -Wi-Fi does not support segmentation -Observing Wi-Fi framing packets can allow an attacker to observe the SSID and password, allowing free access to the network -Almost all devices now support the Wi-Fi standard -No physical barrier from rogue connections
No physical barrier from rogue connections Wi-Fi transmits network packets via radio waves beyond the physical controls placed on the rest of the network. Anyone within range of the radio waves could attempt a connection
29
Your IT manager has rolled out a cybersecurity initiative for the proactive hardening of commercial off-the-shelf vulnerable network service. You need to ensure internal web applications are not susceptible to buffer overflow attacks while maximizing system uptime. Which steps should you take? Select two. -Configure a reverse proxy server to protect internal web applications -Ensure software developers adhere to securing coding practices -Apply updates to web server stacks and related auxiliary components -Deploy and periodically review an intrusion detection system
Apply updates to web server stacks and related auxiliary components, and Deploy and periodically review an intrusion detection system Many buffer overflow vulnerabilities have been identified over the years, and vendors offer patches to address this serious vulnerability, but security technicians must be aware of software in use and their current patch levels. Intrusion detection systems (IDSs) can employ custom configurations to detect any type of suspicious activity at the network or host levels, including buffer overflow attempts
30
What type of evidence in a computer forensics investigation directly supports a particular assertion? -Exculpatory evidence -Documentary evidence -Demonstrative evidence -Inculpatory evidence
Documentary evidence
31
Which type of network intrusion detection system uses defined rule sets to determine when attacks may be occurring? -Rule-based system -Filter-based system -Signature-based system -Anomaly-based system
Rule-based system
32
Which type of cloud service is for use by only one organization and is usually hosted by that organization's infrastructure? -community -external -public -private
Private
33
Which of the following types of injections use standardized database interfaces to attack a Web application? -MySQL injection -Hierarchical injection -Relational injection -SQL injection
SQL injection
34
Which of the following uses geolocation features to ensure that a mobile device does not leave specific areas of corporate property? -geofencing -geotagging -remote management -geolocation
Geofencing
35
Which organization exists to promote and sustain best-practice solutions for cyber defense? -CVE -ISO -CIS -PII
CIS The Center for Internet Security
36
You have a server that is used for Domain Name System (DNS) queries. You find that it has several open ports, and you intend to close all of the unnecessary ports on the server. The server is listening on ports 22, 25, 53, and 80. Which port must be left open to continue DNS functionality? -22 -80 -53 -25
53 DNS uses TCP and UDP port 53.
37
Once you have deployed the certificate authority server, it must be properly documented. What document do you need to create to show why the CA is trusted? -Path of trust chart -Certificate revocation list -CA runbook -Certification Practice Statement
Certification Practice Statement A Certification Practice Statement (CPS) is the documentation produces that shows the steps for generating maintaining and transmitting certificates. It also details why the CA can be trusted.
38
Your company is allowing more employees to work remotely from home. You need to ensure remote workers perform their jobs as securely as possible. What is the most important factor that will ensure remote employees are not affected by phishing campaigns? -User security training and awareness -VPN connectivity linking user devices to the corporate network -Keeping anti-malware tools up to date on user device -Encryption of data at rest on user devices
User security training and awareness While all listed items are very important in securing a remote working environment, security training and awareness should mean users know how phishing campaigns and various types of scams, such as phone call scams, are prevalent and can be thwarted.
39
Which of the following is a rogue wireless access point set up to be nearly identical to a legitimate access point? -Jamming -MAC spoofing -Evil twin -SSID cloaking
Evil twin
40
You are projecting CPU and memory capacity utilization for cloud-based services. Based on past usage, you determine that employee usage of internal web applications will increase by 30% in the next year. What is the most effective method of ensuring the continued use of web applications at expected performance levels? -increase the bandwidth of the network connections from on-premises locations to the cloud -enable web application performance alerts -configure web application autoscaling -configure web application scheduled scaling
Configure web application autoscaling
41
You've discovered that a number of systems within your network have become infected with malware; it's believed that all the affected users visited a common site during the previous week. What type of attack would this likely be? -watering hole attack -spoofing -SQL injection -poisoned DNS server
Watering hole attack A watering hole attack is designed to compromise a site that certain users are likely to use, rewarding them with malware for their visit
42
You are designing automated playbook scripts to be triggered when security incidents are detected from any network or device in the organization. The playbooks with automatically send tickets to the appropriate technicians depending on the severity of the incident. Which tool will be used for this configuration? -IDS -IPS -SOAR -SIEM
SOAR A security orchestration, automation, response (SOAR) solution is server-based and can partially or fully automate responses to detected security threats, which are normally detected by a SIEM solution. Automated responses can include many types of actions, including submitting tickets or running scripts to mitigate threats.
43
What is an ephemeral key? -the key generated and used in quantum cryptography -the key used in securing a blockchain -the key used for a steganographic image -a cryptographic key used only once after generation
a cryptographic key used only once after generation ephemeral keys are used only once. This has the advantage of not allowing attackers to replay a captured key to gain access to a system or data
44
Your manager wants to hide intranet websites from attackers by hosting the site on a high port not associated with HTTP or HTTPS. As part of this, they want to force SSL/TLS for every connection. Does SSL/TLS use/mandate a specific port? -Yes, port 443 -TLS use is deprecated and only SASL is now used -No, TLS does not mandate a specific port -Yes, port 3269
No, TLS does not mandate a specific port TLS is used by multiple services to secure their traffic. When used for HTTPS, TLS traffic uses the TCP/443 port
45
Which of the following requires team members to go through the motions of fulfilling the responsibilities and conducting the activities required during an actual incident or disaster? -walkthrough test -tabletop exercise -full-scale test -documentation review
Walkthrough test
46
You are analyzing the compromise of a Linux host where a user clicked a malicious link in a phishing email message, resulting in the exfiltration of Linux password hashes. You must write a report detailing the attack path using Linux log entries as supporting evidence. Which logged events are the most likely to be associated with this attack? Select two. -DNS TXT query for "agb462.xya.pl" -SCP transfer of /etc/shadow to an unknown external host -DNS PTR query for "agb462.xya.pl" -SCP transfer of /etc/passwd to an unknown
DNS TXT query for "agb462.xya.pl", and SCP transfer of /etc/shadow to an unknown external host Some malware infections will perform DNS TXT queries to locate the identity of a command and control (C2) server to retrieve further instructions. DNS TXT client queries are rarely used in production networks. The secure copy protocol (SCP) of /etc/shadow constitutes the exfiltration of Linux user password hashes
47
What type of evidence is generally in the form of charts, graphs, or drawings to help non-technical people? -demonstrative evidence -documentary evidence -inculpatory evidence -exculpatory evidence
demonstrative evidence
48
Which of the following is a regulation regarding data protection and privacy in the EU? -ISO 31000 -ISO 27001 -PCI DSS -GDPR
GDPR The General Data Protection Regulation addresses data protection in the EU
49
What is a key weakness of password vaults? -passwords are stored in a database that is easily corrupted -with access to the master key, you have access to all the user's passwords -they have weak encryption -a lack of granular user access controls
with access to the master key, you have access to all the user's passwords A password vault contains the user's passwords, and potentially all the historical passwords as well. If an attacker gains access to the master password for the vault, they would have all the passwords the user has created.
50
Which of the following is a variant of a phishing attack, where a phishing email is sent to a high-value target instead of on a mass scale to all employees? -whaling -vishing -pharming -spear phising
whaling
51
After reviewing the results of the latest network vulnerability scan on the corporate network, you identify numerous cloud-based virtual machine servers running operating systems that have reached end-of-life. Because no further patches will be forthcoming for the host OSs, you have decided that the servers must be decommissioned. What term best describes these servers in the context of organization security posture? -technical debt -red team servers -single point of failure -VM sprawl
Technical debt This refers to IT solutions that have not been maintained over time in adherence with standard security baselines, and as a result, they represent a debt, or security liability, to the organization
52
You are tasked with setting up a public key infrastructure in your organization. This system will be used to generate all certificates needed for all systems. What is the first component you need to configure? -client certificates -root certificate authority -web servers -root registration authority
root certificate authority It is the first entity, as it forms the start of the path of trust
53
You are configuring runbook automation scripts that are triggered when specific cloud-based security incidents are detected. Which benefit is realized through this activity? -cloud service hardening -data privacy regulatory compliance -reduced cloud computing costs -reduced incident response time
reduced incident response time Automation of mitigating actions triggered by security incidents can reduce the amount of time needed to contain and eradicate security incidents, compared to manual mitigations
54
Which security control is a policy or procedure used to limit risk? -corrective -technical -administrative -physical
administrative
55
Which of the following statements is true about a non-credentialed vulnerability scan? Select two. -non-credentialed scans are never performed across the network -non-credentialed scans are usually performed against a single system -non-credentialed scans are often done with automated tools -non-credentialed scans are usually quicker to perform than credentialed scans
non-credentialed scans are often done with automated tools, and non-credentialed scans are usually quicker to perform than credentialed scans non-credentialed scans are usually quicker than credentialed scans, as there are fewer steps - you don't have login delays and, because you have no access to the systems, non-credentialed scans tend to run fewer tests
56
Which of the following is the most comprehensive and expensive form of disaster recovery exercise? -walkthrough test -tabletop exercise -full-scale test -documentation review
full-scale test
57
Which technology can be used to send a code number to a pre identified phone number, which then must be entered into a system to verify the user? -Short Message Service (SMS) -Time-based one-time password -Token key -HMAC-based one-time password
SMS A Short Message Service text message
58
During which type of assessment would penetration testers not have any knowledge about the network, while defenders are aware of their presence? Select two. -double-blind test -gray box test -black box test -blind test
black box test and blind test In a black box test, the testers have no knowledge of details about the network configuration, but system defenders are aware of their presence. This type of test is also referred to as a blind test.
59
Which organizational computing environment is an optional environment but is commonly used when an organization has multiple production environments? A system will pass into this environment, where it can be deployed to the different production systems? -Staging -Production -Development -Testing
Staging The primary purpose of staging is to serve as a sandbox after testing, so the test system can test the next set while the current set is deployed across the enterprise.
60
You have started a single sign-on (SSO) project and need to provide access to the intranet site, an internal web application, and two external web application. What does Security Assertions Markup Language (SAML) provide in this scenario? -the shared secret for SSL operations -server locations of the web applications -secure exchange of credentials for logging in to websites -CA-signed encryption keys
secure exchange of credentials for logging in to websites SAML is used to enable single sign-on across multiple web applications by securely sharing user credentials in the form of SML assertions provided by the Identity Provider (IdP)
61
Which of the following secure email protocols is carried over an SSL or TLS connection and uses TCP port 993? -IMAPS -POP3 -IMAP4 -SMTP
IMAPS It is a secure version of the IMAP4 protocol used over SSL or TLS connections to provide for client email security.
62
What is the third step in the incident response life cycle? -post-incident activity -detection and analysis -containment, eradication, and recovery -preparation
containment, eradication, and recovery
63
Which of the following refers to the original bandwidth produced by a signal that is being transmitted and represents a single channel of communication? -baseband radio -5G -narrow-band radio -broadband radio
baseband radio baseband refers to the original bandwidth produced by a signal. For typical radio signals, it is 20-20,000 Hz. Baseband radio, by design, is very simple, as it only carries a single channel to manage communications across
64
Which attack involves sending specially crafted traffic to a wireless client and an access point? -replay attack -initialization vector attack -deauthentication attack -spoofing attack
deauthentication attack The attack involves sending specially crafted traffic to a wireless client and an access point, in the hopes of causing them to deauthenticate with each other and disconnect
65
During which stage of a secure development model would you normally find steps such as requirements gathering, analysis, and diagram development? -secure implementation -security testing -secure design -security requirements
security requirements In the security requirements stage, requirements for different security functions are determined. Iterations of interviews and surveys might be developed and gathered and diagrams developed to show project milestones.
66
You are implementing your CA in a traditional hierarchal trust model. You want your root CA to remain offline for security reasons, so what system will be issuing the certificates to end entities? -Bridge CAs -Leaf CAs -Intermediate or subordinate CAs -The Root CA before it is taken offline
Leaf CAs Leaf CAs are the entities that issue certificates to end entities
67
Which of the following terms best describes someone who hacks into a system for malicious purposes, without permission from the system's owner, and shares the system hacking information with other? -gray hat hacker -black hat hacker -white hat hacker -black box tester
black hat hacker is synonymous to "unauthorized hacker"
68
Which type of assessment is used to determine weaknesses within a system? -penetration test -vulnerability test -risk assessment -threat assessment
vulnerability test
69
You currently have role-based access control (RBAC) to your systems, but a new appliance is designed around attribute-based access control (ABAC). What is the primary difference you will need to adjust to? -RBAC is better in large, complex organizations -ABAC is less granular than RBAC -ABAC can use Boolean logic -RBAC requires an external directory to define the roles
ABAC can use Boolean logic