Practice Resources

Question 1

What to do first to before changing firewall rules?

Answer 1

Follow change management process.

Question 2

How to prevent buffer overflow, sql injection and integer overflow?

Answer 2

Input validation
Stored procedure - saved code in sql

Question 3

How to push out an update to password policies?

Answer 3

Group policy object

Question 4

How to check a USB device?

Answer 4

Sandbox

Question 5

How to isolate an app from os?

Answer 5

Containers

Question 6

What device joins multiple networks together?

Answer 6

Router

Question 7

What device sitting in the screened subnet authenticates incoming users and decrypts incoming traffic?

Answer 7

Reverse proxy

Question 8

What do digital sigs and hashes have in common?

Answer 8

Prove non repudation.

Question 9

What records are created by dns poisoning and how to prevent?

Answer 9

rrsig records (resourse record signature). Use dnssec (dns security extensions) which validate data.

Question 10

What prevents people from stealing PII and sensitive info?

Answer 10

dlp (data loss prevention)

Question 11

What attack affects weak database configs.

Answer 11

Sql injection

Question 12

What attack is too many characters into a datafield on a web server?

Answer 12

Buffer overflow.

Question 13

What type of control is SIEM?

Answer 13

Detective

Question 14

What type of data does a lan protect?

Answer 14

In transit

Question 15

What type of threat actor might be employed by Nation State or APT?

Answer 15

Organized crime.

Question 16

What threat actor would buy a program from the dark web?

Answer 16

Script kitty. Novice

Question 17

How to remotely protect a device when they are away from the office?

Answer 17

Secure web gateway SWG.
Sits between users and internet.
On premises or cloud
Comprehensive web security

Question 18

How to circumvent a captive portal at an airport?

Answer 18

MAC spoofing

Question 19

How to guage vulnerabilities?

Answer 19

CVSS (common vulnerability scoring system)

Question 20

How to verify the last time a file was updated?

Answer 20

Metadata or version control

Question 21

In an IaaS model, who secures the data?

Answer 21

The client.

Question 22

What are you searching for when you are trying to find out the cause of an incident?

Answer 22

Root cause analysis

Question 23

What can be used in a database to only see the last 3 digits of a credit card?

Answer 23

Masking

Question 24

What involves a meticulous examination of a companies processes, practices, and policies to see if the align with regulatory requirements?

Answer 24

Due diligence

Question 25

What is the easiest way to check a servers settings on a daily basis?

Answer 25

Automation

Question 26

Easiest way to setup a desktop in a cloud environment?

Answer 26

IaC

Question 27

What tool can be used for a pivoting attack?

Answer 27

Nmap

Question 28

What attack changes hash as it replicates?

Answer 28

Polymorphism virus

Question 29

What type of board provides oversite, governance, and an additional layer of assurance that an organization is effective?

Answer 29

Audit committee

Question 30

What type of wireless payment is commonly used on mobile phones?

Answer 30

Near field communications. NFC

Question 31

What virtual environment is managed by the company and accessed by a thin client?

Answer 31

Virtual desktop infrastructure VDI

Question 32

When customer data is being accessed, what role does the customer fulfill?

Answer 32

Data subject

Question 33

When normal training follows advanced training?

Answer 33

Phased rollout