Sec + Flash Cards Flashcards by Rashiem Briggs

Chapter 1: Social Engineering Techniques

While waiting in the lobby of your building for a guest, you notice a man in a red shirt standing close to a locked door with a large box in his hands. He waits for someone else to come along and open the locked door and then proceeds to follow her inside. What type of social engineering attack have you just witnessed?

A. Impersonation
B. Phishing
C. Boxing
D. Tailgating

D. Tailgating

How well did you know this?

Not at all

Perfectly

Chapter 1: Social Engineering Techniques

A colleague asks you for advice on why he can’t log in to his Gmail account. Looking at his browser, you see has typed www.gmal.com in the address bar. The screen looks very similar to the Gmail login screen. Your colleague has just fallen victim to what type of attack?

A. Jamming
B. Rainbow Table
C. Whale Phishing
D. Typosquatting

D. Typosquatting

How well did you know this?

Not at all

Perfectly

Chapter 1: Social Engineering Techniques

A user in your organization contacts you to see if there’s any update to the “account compromise” that happened last week. When you ask him to explain what he means, and the user tells you he received a phone call earlier in the week from your department and was asked to verify his user ID and password. The user says he gave the caller his user ID and password. This user has fallen victim what specific type of attack?

A. Spear Phishing
B. Vishing
C. Phishing
D. Replication

B. Vishing

Attacker used the social engineering attack that uses voice communication.

How well did you know this?

Not at all

Perfectly

Chapter 1: Social Engineering Techniques

Coming into your office, you overhear a conversation between two security guards. One guard is telling the other she caught several people digging through the trash behind the building early this morning. The security guard says the people claimed to be looking for aluminum cans, but only had a bag of papers - with no cans. What type of attack has this security guard witnessed?

A. Spear Phishing
B. Pharming
C. Dumpster Diving
D. Rolling Refuse

C. Dumpster Diving

How well did you know this?

Not at all

Perfectly

Chapter 1: Social Engineering Techniques

Which of the following are specifically used to spread influence, alter perceptions, and sway people toward a position favored by those spreading it?

A. Identity fraud, invoice scams, credential harvesting
B. Hoaxes, eliciting information, urgency
C. Influence campaigns, social media, hybrid warfare
D. Authority, intimidation, consensus

C. Influence campaigns, social media, hybrid warfare

How well did you know this?

Not at all

Perfectly

Chapter 1: Social Engineering Techniques

Which type of the following is a type of social engineering attack in which an attacker attempt to obtain sensitive information from a user by masquerading as a trusted entity in an email?

A. Phishing
B. Pharming
C. Spam
D. Vishing

A. Phishing

Key element in a phishing attack are the use of emails.

How well did you know this?

Not at all

Perfectly

Chapter 1: Social Engineering Techniques

Which of the following is/are psychological tools used by social engineers to create a false trust with a target?

A. Impersonation
B. Urgency or scarcity
C. Authority
D. All of the above

D. All of the above

How well did you know this?

Not at all

Perfectly

Chapter 1: Social Engineering Techniques

Once an organization’s security policies have been established, what is the single most effective method of countering potential social engineering attacks?

A. An active security awareness program

B. A separate physical access control mechanism for each department in the organization

C. Frequent testing of both the organization’s physical security procedures and employee telephone practices.

D. Implementing access control cards and the wearing of security identification badges.

A. An active security awareness program.

People are the weakest link, to an organization when dealing with a cyber attack.

How well did you know this?

Not at all

Perfectly

Chapter 1: Social Engineering Techniques

You notice a new custodian in the office, working much earlier than normal, emptying trash cans, and moving slowly past people working. You ask him where the normal guy is, and in very broken English he says, “Out sick”, indicating a cough. What is happening?

A. Watering hole attack
B. Impersonation
C. Prepending
D. Identity fraud

B. Impersonation

The new custodian working much earlier, moving slow past workstations, he was being very “suspicious”

How well did you know this?

Not at all

Perfectly

Chapter 1: Social Engineering Techniques

Your boss thanks you for pictures you sent from the recent company picnic. You ask him what he is talking about, and he says he got an e-mail from you with pictures from the picnic. Knowing you have not sent him that e-mail, what type of attack do you suspect is happening?

A. Phishing
B. Spear Phishing
C. Reconnaissance
D. Impersonation

B. Spear Phishing

This was a targeted attack against a specific person.

How well did you know this?

Not at all

Perfectly

Chapter 2: Type of Attack Indicatiors

A disgruntled administrator is fired for the negligence at your organization. Thirty days later, your organization’s internal file server and backup server crash at exactly the same time. Examining the servers, you determine that critical operating system files were deleted from both systems. If the disgruntled administrator was responsible for administering those servers during her employment, this is most likely an example of what kind of malware?

A. Crypto-malware
B. Trojan
C. Worm
D. Logic Bomb

D. Logic Bomb

How well did you know this?

Not at all

Perfectly

Chapter 2: Type of Attack Indicators

A colleague has been urging you to download a new animated screensaver he has been using for several weeks. While he is showing you the program, the cursor on his screen moves on its own and a command prompt window opens and quickly closes. You can’t tell what if anything was displayed in that command prompt window. your colleague says, “it’s been doing that for a while, but it’s no big deal.” Based on what you’ve seen, you suspect the animated screensaver is really what type of malware?

A. A worm
B. A trojan
C. Ransomware
D. Spyware

B. A trojan

How well did you know this?

Not at all

Perfectly

Chapter 2: Type of Attack Indicators

Several desktops in your organization are displaying a red screen with the message “Your files have been encrypted. Pay 1 bitcoin to recover them.” These desktops have most likely been affected by what type of malware?

A. Spyware
B. Spraying
C. Ransomware
D. Crypto-malware

C. Ransomware

How well did you know this?

Not at all

Perfectly

Chapter 2: Type of Attack Indicators

While port-scanning your network for unauthorized systems, you notice one of your file servers has TCP port 31337 open. When you connect to the port with the security tool netcat, you see a prompt that reads, “Enter password for access.” Your server may be infected with what type of malware?

A. PUP
B. Fileless Virus
C. Backdoor
D. Man In The Middle Attack (MITM)

C. Backdoor

How well did you know this?

Not at all

Perfectly

Chapter 2: Type of Attack Indicators

While port scanning your network for unauthorized systems, you noticed one of you file servers has TCP port 61337 open. When you use Wireshark and examine the packets, you see encrypted traffic, in single packets, going back and forth every five minutes. The external connection is a server outside of your organization. What is this connection?

A. Command and control
B. Backdoor
C. External backup location
D. Remote Login

A. Command and control

Periodic traffic that looks looks like a heartbeat on high ports to an unknown server outside the network is suspicious, and this is what many command and control signals look like.

How well did you know this?

Not at all

Perfectly

Chapter 2: Type of Attack Indicators

A user in your organization is having issues with her laptop. Every time she opens a web browser, she see different pop up ads every few minutes. It doesn’t seem to matter which websites are being listed – the pop ups still appear. What type of attack does this sound like?

A. A potentially unwanted program (PUP)
B. Ransomware
C. Worm
D. Virus

A. A potentially unwanted program (PUP)

The web browser was bundle with other applications and is performing tasks that are undesired.

How well did you know this?

Not at all

Perfectly

Chapter 2: Type of Attack Indicators

User at your organization are complaining about slow systems. Examining several of them, you see that CPU utilization is extremely high and a process called “btmine” is running on each of the affected systems. You also notice each of the affected systems is communicating with an IP address outside your country on UDP port 43232. If you disconnect the network connections on the affected systems, the CPU utilization drops significantly. Based on what you’ve observed, you suspect these systems are infected with what type of malware?

A. Rainbow tables
B. Crypto-malware
C. Dictionary
D. Hybrid

B. Crypto-malware

How well did you know this?

Not at all

Perfectly

Chapter 2: Type of Attack Indicators

A piece of malware is infecting the desktops in your organization. Every hour, more systems are infected. The infections are happening in a different departments and in cases where the users don’t share any files, programs, or even emails. What type of malware can cause this type of infection?

A. Virus
B. Trojan
C. RAT
D. Worm

D. Worm

The malware is moving across the network

How well did you know this?

Not at all

Perfectly

Chapter 2: Type of Attack Indicators

Which of the following are characteristics of remote access trojans?

A. They can be deployed through malware such as worms.
B. They allow attacks to connect to the system remotely.
C. They give attackers the ability to modify files and change settings.
D. All of the above

D. All of the above

How well did you know this?

Not at all

Perfectly

Chapter 2: Type of Attack Indicators

To test your systems against weak passwords, you as an admin ( with proper permissions) test all the accounts using Top 100 commonly used passwords. What is this test an example of?

A. Dictionary
B. Password spraying
C. Rainbow tables
D. Online

B. Password spraying

Using preset passwords against all accounts is an example of password spraying

Keyword: systems ( meaning multiple computers, servers)

How well did you know this?

Not at all

Perfectly

Chapter 3: Application Attack Indicators

When an attacker captures network traffic and retransmits it at a later time, what type of attack are they attempting?

A. Denial of service attack
B. Replay attack
C. Bluejacking attack
D. Man in the middle attack

B. Replay attack

How well did you know this?

Not at all

Perfectly

Chapter 3: Application Attack Indicators

What type of attack involves an attacker putting a layer of code between an original device driver and the operating system?

A. Refactoring
B. Trojan horse
C. Shimming
D. Pass the hash

C. Shimming

How well did you know this?

Not at all

Perfectly

Chapter 3: Application Attack Indicators

You’re reviewing a custom web application and accidentally type a number in a text field. The application returns an error message containing variable names, filenames, and the full path of the application. This is an example of which of the following?

A. Resource exhaustion
B. Improper error handling
C. Generic error message
D. Common misconfiguration

B. Improper error handling

How well did you know this?

Not at all

Perfectly

Chapter 3: Application Attack Indicators

You’re working with a group testing a new application. You’ve noticed that when three or more of you click Submit on a specific form at the same time, the application crashes every time. This is most likely an example of which of the following”

A. A race condition
B. A nondeterministic error
C. An undocumented feature
D. A DLL injection

A. A race condition

How well did you know this?

Not at all

Perfectly

# Chapter 3: Application Attack Indicators An externally facing web server in your organization keeps crashing. Looking at the server after a reboot, you notice CPU usage is pegged and memory usage is rapidly climbing. The traffic logs show a massive amount of incoming HTTP and HTTPS requests to the server. Which type of attack is this web server experiencing? A. Input validation B. Distributed error handling C. Resource exhaustion D. Race condition

C. Resource exhaustion

# Chapter 3: Application Attack Indicators Your organization is considering using a new ticket identifier with your current help desk system. The new identifier would be a 16-digit integer created by combining the date, time and operator ID. Unfortunately, when you've tried using the new identifier in the "ticket number" field on your current system, the application crashes every time. The old method of using a five-digit integer works just fine. This is most likely an example of which of the following? A. Common misconfiguration B. Zero-day vulnerability C. Memory leak D. Integer overflow

D. Integer overflow

# Chapter 3: Application Attack Indicators While examining a laptop infected with malware, you notice the malware loads on startup and also loads a file called net utilities.dll each time Microsoft Word is opened. This is an example of which of the following? A. Race condition B. DLL injection C. System infection D. Memory overflow

B. DLL injection

# Chapter 3: Application Attack Indicators A web application you reviewing has an input field for username and indicates the username should be between 6 and 12 characters. You've discovered that if you input a username that's 150 characters or more in length, the application crashes. What is this an example of? A. Memory leak B. Buffer overflow C. Directory traversal D. Integer overflow

B. Buffer overflow

# Chapter 3: Application Attack Indicators Your organization is having issues with a custom web application. The application seems to run fine for a while but starts to lock up or crash after seven to ten days. of continuous use. Examining the server, you notice that memory usage seems to climb every day until the server runs out of memory. The application is most likely suffering from which of the following? A. Memory leak B. Overflow leak C. Zero-day exploit D. Pointer dereference

A. Memory leak

# Chapter 3: Application Attack Indicators Your database server is returning a large dataset to an online user, saturating the network. The normal return of records would be a couple at most. This is an example of what form of attack? A. Memory leak B. LDAP injection C. Man in the middle D. SQL injection

D. SQL injection

# Chapter 4: Network Attack Indicators A user reports "odd certificate warnings on her web browser this morning whenever she visits Google. Looking at her browser, you see these certificate warning. Looking at the network traffic, you notice that all HTTP and HTTPS request from that system are being routed to the same IP regardless of destination. Which of the following attack types are you seeing in this case? A. Evil twin B. Man in the middle C. Disassociation D. MAC cloning

B. Man in the middle

# Chapter 4: Network Attack Indicators User are reporting that the wireless network on one side of the building is broken. They can connect but can't seem to get to the internet. While investigating, you notice all of the affected users connecting to an access point you don't recognize. These users have fallen victim to what type of attack? A. Rogue AP B. WPS C. Bluejacking D. Disassociation

A. Rogue AP

# Chapter 4: Network Attack Indicators You're sitting at the airport when your friend gets a message on her phone. In the text is a picture of a duck with the word "Pwnd" as the caption. Your friend doesn't know who sent the message. Your friend is a victim of what type of attack? A. Snarfing B. Bluejacking C. Quacking D. Collision

B. Bluejacking

# Chapter 4: Network Attack Indicators All of the wireless users on the third floor of your building are reporting issues with the network. Every 15 minutes, their devices disconnect from the network. Within a minute or so they are able to reconnect. What type of attack is most likely underway in this situation? A. Evil twin B. Jamming C. Domain hijacking D. Disassociation

D. Disassociation

# Chapter 4: Network Attack Indicators Your e-commerce site is crashing under an extremely high traffic volume. Looking at the traffic logs, you see tens of thousands of requests for the same URL coming from hundreds of different IP addresses around the world. What type of attack are you facing? A. Domain hijacking B. DDoS C. DNS poisoning D. URL redirection

B. DDoS

# Chapter 4: Network Attack Indicators A user wants to know if the network is down because she is unable to connect to anything. While troubleshooting, you notice the MAC address for her default gateway setting doesn't match the MAC address of your organization's router. What type of attack has been used against this user? A. MAC cloning B. ARP poisoning C. Disassociation D. Rogue access point

B. ARP poisoning

# Chapter 4: Network Attack Indicators You have a help desk ticket for a system that is acting strangely. Looking at the system remotely, you see the following in the browser cache: www.micros0ft.com/office. What type of attack are you seeing? A. Powershell B. Domain hijacking C. URL redirection D. Disassociation

C. URL redirection

# Chapter 4: Network Attack Indicators You are seeing a bunch of PDFs flood people's inboxes with titles such as "New Tax Rates for 2021." What attack vector is most likely in use? A. Python B. Macro C. Man in the middle D. DDoS

B. Macro

# Chapter 4: Network Attack Indicators When you update your browser, you get a warning about a plugin not being compatible with the new version. You do not recognize the plugin, and you aren't sure what it does. Why is it important to understand plugins? What attack vector can be involved in plugins? A. Man in the middle attack B. Domain hijacking attack C. Man in the browser attack D. URL redirection attack

C. Man in the browser attack

# Chapter 4: Network Attack Indicators Your network scan is showing a large number of address changes to the MAC tables and lots of ARP and RARP messages. What is happening? A. MAC flooding attack B. Disassociation attack C. Jamming attack D. DNS poisoning

A. MAC flooring attack an attempt to overflow the MAC tables in the switches

# Chapter 5: Threat Actors, Vectors, and Intelligence Sources Your senior financial people have been attacked with a piece of malware targeting financial records. Based on talking to one of the executives, you now know this is a spear fishing attack. Which of the following is the most likely vector used? A. Cloud B. Wireless C. Direct access D. Removable media

D. Removable media Removeable media commonly linked to social engineering attacks such as spear phishing.

# Chapter 5: Threat Actors, Vectors, and Intelligence Sources You are new to your job, new to the industry, and new to the city. Which of the following sources would be the best to connect with your peers on threat intelligence information? A. Vendors B. Social media C. Local industry groups D. Vulnerability or threat feeds

C. Local industry groups

# Chapter 5: Threat Actors, Vectors, and Intelligence Sources Your company has had bad press concerning its support (or lack of support) for a local social issue. Which type of hacker would be the most likely threat to attack or deface your website with respect to the issue? A. State actor B. Hacktivist C. Black hat D. Competitor

B. Hacktivist

# Chapter 5: Threat Actors, Vectors, and Intelligence Sources Proper use of separation of duties with respect to privileged user on your systems is a defense against which of hacker? A. Nation-state actor B. Insider C. Criminal syndicate D. All of the above

D. All of the above

# Chapter 5: Threat Actors, Vectors, and Intelligence Sources You have read about a new threat against software that is vulnerable to hacking. The vulnerability is in a Python library, and your firm uses Python for the development of many in-house projects. Where is the best source of information with respect to this threat? A. File/code repositories B. Vulnerability C. Open source intelligence D. Indicators of compromise

A. File/code repositories The code you are concerned about was developed in-house. hence it will not show up in commercial databases or other sources

# Chapter 5: Threat Actors, Vectors, and Intelligence Sources You use a "golden disk" to provision new machines from your vendors. As part of the incident response, you have discovered that the source of the malware you are seeing comes from this golden disk. This is an example of what vector? A. Insider B. Removable media C. Direct access D. Supply chain

D. Supply chain

# Chapter 5: Threat Actors, Vectors, and Intelligence Sources Your threat intelligence vendor is sending out urgent messages concerning a new form of memory resident malware. What is the likely item they are sharing with you? A. Vulnerability database B. Indicator of compromise C. Dark web D. Trusted Automated Exchange of Intelligence Information (TAXII)

B. Indicator of compromise

# Chapter 5: Threat Actors, Vectors, and Intelligence Sources Understanding how an attacker operates so that you can develop a defensive posture is done through the use of which of the following? A. Predictive analysis B. TTPs C. Threat maps D. Automated Indicator Sharing

B. TTPs Adversary tactics, techniques, and procedures (TTPs) provide details on how an adversary operates.

# Chapter 5: Threat Actors, Vectors, and Intelligence Sources Which of the following items do you as a defender have control over with respect to using threat intelligence to defend your systems? A. Vectors B. Actors C. Threat intelligence sources D. Attributes of actors

A. Vectors

# Chapter 5: Threat Actors, Vectors, and Intelligence Sources You want to get specific information on a specific threat that you have read about in you online newsfeed on your phone. Which of the following is the best source for detailed information? A. Vulnerability database B. Open source intelligence C. Dark web D. Predictive analysis

B. Open source

# Chapter 6: Vulnerabilities Direct third-party risks include which of the following? (Choose all that apply) A. System integration B. Supply chain C. Financial management D. Vendor management

A. System integration B. Supply chain D. Vendor management Point to look at: C. Financial management is related to impacts, not mainly third part risks.

# Chapter 6: Vulnerabilities Common sources of vulnerability issues for systems include which of the following? (Choose all that apply) A. Weak patch management B. Data loss C. Identity theft D. Weak configurations

A. Weak patch management | D. Weak configurations

# Chapter 6: Vulnerabilities Weak configurations can include which of the following? (Choose all that apply) A. Open ports B. Lack of vendor support C. Firmware D. Use of unsecured protocols

A. Open ports | D. Use of unsecured protocols

# Chapter 6: Vulnerabilities A patch management process should include which of the following? (Choose all that apply) A. Automated management of software assist B. Automated verification of current patch levels C. A specified period by which systems should be patched D. Connection of the patch management process to the change control process

A. Automated management of software assist B. Automated verification of current patch levels C. A specified period by which systems should be patched D. Connection of the patch management process to the change control process

# Chapter 6: Vulnerabilities Financial risk associated with vulnerabilities can include which of the following? (Choose all that apply) A. Regulatory fines and penalties B. Business reputation loss C. Loss of revenue due to downtime D. Loss of data

A. Regulatory fines and penalties | C. Loss of revenue due to downtime

# Chapter 6: Vulnerabilities What type of threat exploits system and application vulnerabilities that are unknown to software developers and even anti malware manufactures? A. An on-premises attack B. A zero-day attack C. A cloud-based attack D. A legacy platform attack

B. A zero-day attack

# Chapter 6: Vulnerabilities As a security professional, what should you do to address weak configurations that pose security risks to your organization? (Choose all that apply) A. Change default usernames and passwords. B. Remove unnecessary apps. C. Disable unnecessary services D. Open all ports so that everything can be scanned

A. Change default usernames and passwords. B. Remove unnecessary apps. C. Disable unnecessary services

# Chapter 6: Vulnerabilities Which statement is false regarding cryptographic practices and weak encryption? A. Developing your own cryptographic algorithm is considered an insecure practice. B. Cryptographic algorithms become trusted only after years of scrutiny and repelling attacks. C. The ability to use ever-faster hardware has enabled attackers to defeat some cryptographic methods. D. Because TLS is deprecated, SSL should be used instead.

D. Because TLS is deprecated, SSL should be used instead. All versions of SSL are now considered deprecated and should not be used. Everyone should switch their systems to TLS-based solutions. All other statements are true.

# Chapter 6: Vulnerabilities Who assumes the risk associated with a system or product after it has entered EOL status? A. The original manufacturer B. The vendor C. The organization D. The supply chain manager

C. The organization

# Chapter 6: Vulnerability Which of the following best describes the exporting of stolen data from an enterprise? A. Data loss B. Data breach C. Data exfiltration D. Identity theft

C. Data exfiltration is the exporting of stolen data from an enterprise.

# Chapter 7: Security Assessment If a system sends an alert that a user account is being hacked because of too many password failures, but analysis shows that the person's device had cached an old password, triggering the failures, what is this example of? A. False negative B. False positive C. Measurement error D. Analysis failure

B. False positive

# Chapter 7: Security Assessment Anti-malware software fails to detect a ransomware attack that is supposed to be within its capabilities of detecting. What's this an example of? A. False negative B. False positive C. Measurement error D. Analysis failure

A. False negative

# Chapter 7: Security Assessment What is the primary limitation of a credentialed scan on a network? A. Speed B. Examining too deeply into individual boxes C. The inability to scale across multiple systems D. Slowing down your network with ancillary traffic

C. The inability to scale across multiple systems

# Chapter 7: Security Assessments You desire to prove a vulnerability can be a problem. The best method would e to us a(n) ___________ scan? A. credential B. non-intrusive C. non-credentialed D. intrusive

D. intrusive

# Chapter 7: Security Assessments Which of the following best describes what CVE is? A. A place to report errors and vulnerabilities B. A measure of the severity of a vulnerability C. A list of known vulnerabilities D. A list of systems that have vulnerability

C. A list of known vulnerabilities

# Chapter 7: Security Assessments Which of the following is not associated typically with SIEM processes? A. Applications B. Syslog C. Log capture D. Log aggregation

A. Application

# Chapter 7: Security Assessments Which of the following is not part of SIEM processes? A. Data collection B. Event correlation C. Alerting/reporting D. Incident investigation

D. Incident investigation

# Chapter 7: Security Assessments Threat hunting involves which of the following? (Choose all that apply) A. Analysis of adversarial actions. B. Interpretation of threats to other companies C. Compliance reporting D. Understanding how data flows in an enterprise

A. Analysis of adversarial actions. B. Interpretation of threats to other companies D. Understanding how data flows in an enterprise

# Chapter 7: Security Assessments Which of the following are not typically scanned during a vulnerability scan? A. End users B. Network C. Applications D. Web applications

A. End users

# Chapter 8: Penetration Testing Which of the following teams is commonly used for active pen testing? A. Red team B. Black team C. White team D. Green team

A. Red team

# Chapter 8: Penetration Testing War flying is a term used to describe which of the following? A. Pen testing networks on commercial planes B. The use of aerial platforms to gain access to wireless networks C. Driving around and sampling open wifi networks D. The use of pen testing techniques against the Defense Department

B. The use of aerial platforms to gain access to wireless networks

# Chapter 8: Penetration Testing When an attacker moves to a new machine and rescans the network to look for machine not previously visible, what is this technique called? A. Lateral movement B. Privilege escalation C. Persistence D. Pivoting

D. Pivoting Pivoting requires rescanning of the network.

# Chapter 8: Penetration Testing What is the most import first step in a penetration test? A. OSINT B. Rules of engagement C. Reconnaissance D. Privilege escalation

B. Rules of engagement

# Chapter 8: Penetration Testing Covering one's tracks to prevent discovery is also known as what? A. Lateral movement B. OSINT C. Cleanup D. Pivoting

C. Cleanup

# Chapter 8: Penetration Testing When a pen tester uses OSINT to gain information on a system, the type of environment can be changed from ______to _______. A. closed, open B. unknown, known C. secure, vulnerable D. unknown, partially unknown

D. unknown, partially unknown

# Chapter 8: Penetration Testing Which team involves members who emulate both attackers and defenders? A. Purple team B. Gold team C. Blue team D. White team

A. Purple team

# Chapter 8: Penetration Testing OSINT involves which of the following? A. Passive reconnaissance B. Active reconnaissance C. Port scanning D. Persistence

A. Passive reconnaissance OSINT is a passive activity

# Chapter 8: Penetration Testing Which of the following is a formal approach to identifying system or network weakness and is open to the public? A. Active reconnaissance B. Passive reconnaissance C. OSINT D. Bug bounty

D. Bug bounty

# Chapter 8: Penetration Testing What is the purpose of a white team? A. To represent senior management B. To provide judges to score or rule on a test C. To represent parties that are targets in a pen test D. To provide a set of team members with offense and defensive skills (all stars)

B. To provide judges to score or rule on a test

# Chapter 9: Enterprise Security Architecture Which of the following is not a state of data in enterprise? A. At rest B. In storage C. In processing D. In transit/motions

B. In storage the correct terms are: Data at rest Data in transit/motion Data in processing

# Chapter 9: Enterprise Security Architecture Creating fake network traffic to deceive attackers in segments of the network designed to deceive them is called what? A. DNS sinkhole B. Honeytraffic C. Fake telemetry D. Masking

C. Fake telemetry

# Chapter 9: Enterprise Security Architecture If end-to-end encryption is used, which of the following technologies facilitates security monitoring of encrypted communication channels? A. Fake telemetry B. Tokenization C. Hashing D. TLS inspections

D. TLS inspections

# Chapter 9: Enterprise Security Architecture Enterprises can employ ___________ to block malicious command-and-control traffic from malware. A. encryption B. honey files C. DNS sinkholes D. honey nets

C. DNS sinkholes

# Chapter 9: Enterprise Security Architecture Which of the following can provide complete traceability to an original transaction without revealing any personal information if disclosed to an outside party? A. Tokenization B. Data sovereignty C. Rights management D. Baseline configuration

A. Tokenization

# Chapter 9: Enterprise Security Architecture A system that is ready for immediate use in the event of an outage is called what? A. Standby system B. Disaster recovery site C. Backup site D. Hot site

D. Hot site

# Chapter 9: Enterprise Security Architecture Which of the following is important to consider when specifically examining configuration management? A. Data loss prevention B. Standard naming conventions C. Rights management D. Hashing

B. Standard naming conventions

# Chapter 9: Enterprise Security Architecture What is masking? A. The use of stand-in data to replace real-time data B. The markings of regions where data is not allowed by policy C. The use of backups to preserve data during disruptive events D. Redacting portions of data using a covering symbols such as * or x

D. Redacting portions of data using a covering symbols such as * or x

# Chapter 9: Enterprise Security Architecture What is the purpose of deception in an enterprise? (Choose all that apply) A. To trick attackers into stealing fake data B. To identify misconfigured systems C. To permit easy identification of unauthorized actors D. To provide a place to test new systems without impacting regular operations

A. To trick attackers into stealing fake data B. To identify misconfigured systems C. To permit easy identification of unauthorized actors

# Chapter 10: Virtualization and Cloud Security How does a hypervisor enable multiple guest operating systems to run concurrently on a host computer? A. Via a specialized driver package B. By abstracting the hardware from the guest operating system C. By providing specific virtual hardware to each OS D. By hiding the underlying Linux operating system

B. By abstracting the hardware from the guest operating system

# Chapter 10: Virtualization and Cloud Security You have deployed a network of Internet-connected sensors across a wide geographic area. These sensors are small, low-power IoT devices, and you need to perform temperature conversions and collect the data into a database. The calculations would be best managed by which architecture? A. Fog computing B. Edge computing C. Thin client D. Decentralized database in the cloud

B. Edge computing

# Chapter 10: Virtualization and Cloud Security Your new application has multiple small processes that provide services to the network. You want to make this application run more efficiently by virtualizing it. What is the best approach for virtualization of this application? A. Type II hypervisor B. Linux KVM C. Containerization D. Type I hypervisor

C. Containerization

# Chapter 10: Virtualization and Cloud Security Why is VM sprawl an issue?? A. VM sprawl uses to many resources on a parallel functions. B. The more virtual machines in use, the harder it is to migrate a VM to a live server. C. Virtual machines are so easy to create, you end up with hundreds of small servers only performing a single functions. D. When servers are no longer physical, it can difficult to locate a specific machine.

D. When servers are no longer physical, it can difficult to locate a specific machine.

# Chapter 10: Virtualization and Cloud Security When doing incident response for you company, you review the forensics of several virtual servers and you see the attacker on the web server injecting code into uninitialized memory blocks. What attack is the attacker likely attempting? A. Denial-of-service attack on the hypervisor B. VM escape C. Containerization attack D. Crashing the CASB

B. VM escape

# Chapter 10: Virtualization and Cloud Security You are planning to move some applications to the cloud, including your organization's accounting applications, which is highly customized and does not scale well. Which cloud deployment model is best for this application? A. SaaS B. PaaS C. IaaS D. None of the Above

C. IaaS

# Chapter 10: Virtualization and Cloud Security You need to move to the cloud a specific customer service module that has a web front end. This application is highly scalable and can be provided on demand. Which cloud deployment model is best for this application? A. SaaS B. PaaS C. IaaS D. None of the above

A. SaaS

# Chapter 10: Virtualization and Cloud Security One of the primary resources in use at your organization is a standard database that many applications tie into. Which cloud deployment model is best for this kind of application? A. SaaS B. PaaS C. IaaS D. None of the above

B. PaaS

# Chapter 10: Virtualization and Cloud Security Which cloud deployment model has the fewest security controls? A. Private B. Public C. Hybrid D. Community

B. Public

# Chapter 10: Virtualization and Cloud Security What is the primary downside of a private cloud model? A. Restrictive access rules B. Cost C. Scalability D. Lack of vendor support

B. Cost

# Chapter 11: Secure Application, Development, Deployment, and Automation Concepts To develop secure software that prevents attackers from directly injecting attacks into computer memory and manipulating the application's process, one should employ which method? A. Elasticity B. Dead code C. Normalization D. Software diversity

D. Software diversity in the form of diverse binaries will prevent direct memory attacks against know software structures.

# Chapter 11: Secure Application, Development, Deployment, and Automation Concepts Problems in which phase will specifically stop continuous deployment but not necessarily continuous delivery? A. Continuous integration B. Continuous monitoring C. Continuous validation D. Continuous development

C. Continuous validation is required to ensure error free software, and errors will stop continuous deployment

# Chapter 11: Secure Application, Development, Deployment, and Automation Concepts Why is memory management important in software development? A. A program can grow and consume other program spaces. B. Memory is expensive C. Memory can be a speed issue. D. None of the above

A. A program can grow and consume other program spaces.

# Chapter 11: Secure Application, Development, Deployment, and Automation Concepts When a program is installed and needs permissions, what is this called? A. Staging B. Provisioning C. Continuous integration D. Version control

B. Provisioning is the assignment of permissions or authorities to objects

# Chapter 11: Secure Application, Development, Deployment, and Automation Concepts Which of the following statements concerning elasticity and scalability are true? A. Scalability requires elasticity B. Elasticity involves enabling software to use more processors to do more work. C. Elasticity means being prepared to take advantages of scalability. D. All of the above.

D. All of the above

# Chapter 11: Secure Application, Development, Deployment, and Automation Concepts To protect software from reverse engineering by attackers, developers can use which of the following? A. Dead code B. Obfuscation C. Binary diversity D. Stored procedures

B. Obfuscation is the technique of hiding properties to prevent examination. Making code hard to decompile and not storing any specific clues in the source code can make reverse engineering a challenge.

# Chapter 11: Secure Application, Development, Deployment, and Automation Concepts To manage various releases of software over time, the organization uses which of the following? A. Staging environment B. Provisioning and deprovisioning steps C. Version control D. Continuous integration

C. Version control

# Chapter 11: Secure Application, Development, Deployment, and Automation Concepts Which of the following environments is used to test compatibility against multiple target environments? A. Production B. Test C. Quality assurance D. Staging

D. Staging environments can be used to manage software releases against different targets to ensure compatibility.

# Chapter 11: Secure Application, Development, Deployment, and Automation Concepts The fact that there are multiple methods of representing an object in a computer system can lead to issues when logical comparisons are needed. What can be used to ensure accuracy of comparison elements? A. Normalization B. Stored procedures C. Third party libraries D. Third party software development kits

A. Normalization is the process of reducing items to a canonical form before comparison to ensure appropriate logical matching.

# Chapter 11: Secure Application, Development, Deployment, and Automation Concepts What is the only sure method of ensuring input is valid before use on a server? A. use of third-party libraries and software development kits B. Server-side validation C. Stored procedures D. Client-side validation

B. Server-side validation is the only sure validation method for inputs to the application

# Chapter 12: Authentication and Authorization During a visit to a hosting center where your organization keeps some offsite servers, you see a door with an odd-looking panel next to it. You see people approaching the panel and placing their eyes into a hooded viewer. A few seconds after they've done this, the door unlocks. What type of biometric scanner might this be? A. Voice recognition scanner B. Retinal scanner C. Finger scanner D. Facial recognition scanner

B. Retinal scanner

# Chapter 12: Authentication and Authorization You've spent the last week tweaking a fingerprint scanning solution for your organization. Despite your best efforts, roughly 1 in 50 attempts will fail, even if the user is using the correct finger and their fingerprint is in the system. Your supervisor says 1 in 50 is "good enough" and tells you to move on to the next project. Your supervisor just defined which of the following for your fingerprint scanning system? A. False rejection B. False acceptance rate C. Critical threshold D. Failure acceptance criteria

A. False rejection rate (FRR) is the level of false negatives, or rejections, that are going to be allowed.

# Chapter 12: Authentication and Authorization Which of the following algorithms uses a secret key with a current timestamp to generate a one-time password? A. Hash based Message Authentication Code B. Date-Hashed Message Authorization Password C. Time based One Time Password D. Single sign on

C. Time based One Time Password

# Chapter 12: Authentication and Authorization With regard to authentication, an access token falls into which factor category? A. Something you are B. Something you have C. Something you know D. Something you see

B. Something you have

# Chapter 12: Authentication and Authorization Which of the following is not a common form of hardware token? A. Proximity card B. Common access card C. Something you know D. Something you see

D. Iris scan

# Chapter 12: Authentication and Authorization While depositing cash from a charity fundraiser at a local bank, you notice bank employees are holding up cards next to a panel near a door. A light on the panel turns green and the employees are able to open the door. The light on the panel is normally red. What type of electronic door control is this bank using? A. Iris scanner B. Hardware token C. Proximity card D. Symmetric key token

C. Proximity card

# Chapter 12: Authentication and Authorization Your colleague is telling you a story she heard about a way to trick fingerprint scanners using gummy bears. She heard that if you press a gummy bear against an authorized user's finger, you can then use that gummy bear as their fingerprint to fool a fingerprint scanner. If this works, the result is an example of which of the following? A. False negative B. False positive C. Crossover positive D. Crossover negative

B. False positive

# Chapter 12: Authentication and Authorization To ensure customers entering credentials in you website are valid and not someone with stolen credentials, your team is tasked with designing multi factor authentication. Which of the following would not be a good choice? A. Static code B. Phone call C. Authentication application D. Short Message Service

A. Static code

# Chapter 12: Authentication and Authorization When you're designing and tweaking biometric systems, the point where both the accept and reject error rates are equal is known as which of the following? A. Crossover acceptance rate B. Accept-reject overlap rate C. Crossover error rate D. Overlap acceptance rate

C. Crossover error rate

# Chapter 12: Authentication and Authorization Which of the following is not a term used in multi factor authentication? A. Someone you know B. Somewhere you are C. Something you have D. Something you see

D. Something you see

# Chapter 13: Cybersecurity Resilience Which backup strategy includes only the files and software that have changed since the last full backup? A. Incremental B. Full C. Snapshot D. Differential

D. Differential

# Chapter 13: Cybersecurity Resilience Which backup strategy focuses on copies of virtual machines? A. Incremental B. Full C. Snapshot D. Differential

C. Snapshot

# Chapter 13: Cybersecurity Resilience When discussing location for storage of backups, which of the following statements are true? (Choose all that apply.) A. The most recent copy should be stored offsite, as it is the one that is most current and is thus the most valuable. B. Offsite storage is generally not necessary, except in cases where the possibility of a break-in at the main facility is high. C. Offsite storage is a good idea so that you don't lose your backup to the same event that caused you to lose your operational data and thus need the backup. D. The most recent copy can be stored locally, as it is the most likely to be needed, while other copies can be kept at other locations.

C. Offsite storage is a good idea so that you don't lose your backup to the same event that caused you to lose your operational data and thus need the backup. D. The most recent copy can be stored locally, as it is the most likely to be needed, while other copies can be kept at other locations.

# Chapter 13: Cybersecurity Resilience To deal with non persistence in a system, which of the following items offer risk mitigation? (Choose all that apply) A. Image backups B. Cloud C. Last known-good configuration D. Revert to a known state

A. Image backups C. Last known-good configuration D. Revert to a known state

# Chapter 13: Cybersecurity Resilience To have easily available quick backup of critical user documents, which of the following is recommended for backing these items up? A. Differential B. Snapshot C. Copy D. Nas

C. Copy User managed copies on external media of critical documents can make it very easy for the end user to manage recovery in a quick manner

# Chapter 13: Cybersecurity Resilience You have offices in six locations across town and wish to utilize a common backup restore methodology. Which would be the most efficient solution for your small offices? A. SAN (Storage Area Network) B. NAS (Network Access Storage) C. Cloud D. Offline

C. Cloud

# Chapter 13: Cybersecurity Resilience Which of the following statements is true about redundancy?

D. It can be done across many systems

# Chapter 13: Cybersecurity Resilience What distinguishes high availability systems? A. The ability to change with respect to usage conditions B. The ability to process, even in times of disruption C. Automated backups and recovery functions D. The use of diversity to mitigate single threats

B. The ability to process, even in times of disruption

# Chapter 13: Cybersecurity Resilience The continual changing of information in a system is referred to as what? A. Nonpersistence B. Snapshots C. Differentials D. Images

A. Nonpersistence

# Chapter 13: Cybersecurity Resilience A PDU provides management of what in an enterprise? A. Redundant backup processing B. Power distribution to servers C. Improved network connection to data storage D. Load balancing

B. Power distribution units provide a centralized means of managing and monitoring the power delivered to servers in a rack

Sec + Flash Cards

(128 cards)