Sec+ Objective 1 Test Questions Flashcards

Question 1

Q

What kind of security control is associated with a login banner?

❍ A. Preventive
❍ B. Deterrent
❍ C. Corrective
❍ D. Detective
❍ E. Compensating
❍ F. Directive

Answer

A

B. Deterrent

A deterrent control does not directly stop an attack, but it may discourage an action. (1.1)

Question 2

Q

An organization is installing a UPS for their new data center. Which of the following would BEST describe this control type?

❍ A. Compensating
❍ B. Directive
❍ C. Deterrent
❍ D. Detective

Answer

A

A. Compensating

A compensating security control doesn’t prevent an attack, but it does restore from an attack using other means. In this example, the UPS
(Uninterruptible Power Supply) does not stop a power outage, but it does provide alternative power if an outage occurs. (1.1)

Question 3

Q

A shipping company stores information in small regional warehouses around the country. The company maintains an IPS at each warehouse to watch for suspicious traffic patterns. Which of the following would BEST describe the security control used at the warehouse?

❍ A. Deterrent
❍ B. Compensating
❍ C. Directive
❍ D. Detective

Answer

A

D. Detective

An IPS can detect, alert, and log an intrusion attempt. The IPS could also be categorized as a preventive control, since it has the ability to actively block known attacks. (1.1)

Question 4

Q

A company is concerned their EDR solution will not be able to stop more advanced ransomware variants. Technicians have created a backup and restore utility to get most systems up and running less than an hour after an attack. What type of security control is associated with this restore process?

❍ A. Directive
❍ B. Compensating
❍ C. Preventive
❍ D. Detective

Answer

A

B. Compensating

Instead of preventing an attack, a compensating control is used to restore systems using other means. A streamlined backup and restore process compensates for the limited security features of the EDR (Endpoint Detection and Response) software. (1.1)

Question 5

Q

What is EDR?

Answer

A

Endpoint Detection and Response. A type of software that can detect threats based upon behavioral analysis, machine learning, and process monitoring. It’s a lightweight agent on the endpoint. Analyses the behavior of a threat and is able to detect it again.

Question 6

Q

What type of security control would be associated with corporate security policies?

❍ A. Technical
❍ B. Operational
❍ C. Managerial
❍ D. Physical

Answer

A

C. Managerial

A managerial control type is associated with security design and implementation. Security policies and standard operating procedures are
common examples of a managerial control type. (1.1)

Question 7

Q

A security technician observes that the data center’s server racks are accessible to all employees, posing a risk to critical infrastructure. What is the most appropriate physical control to mitigate this risk?

A) Implement a network intrusion detection system
B) Install locks on the server rack doors
C) Update the antivirus software on the servers
D) Conduct a risk assessment of the data center

Answer

A

B) Install locks on the server rack doors

Physical Controls: Controls that limit physical access to a building, room or device. Locks, fences, and badge readers are examples of this. (1.1)

Question 8

Q

Which of the following answers can be used to describe technical security controls? (Select 3 answers)

A) Focused on protecting material assets
B) Sometimes called logical security controls
C) Executed by computer systems (instead of people)
D) Also known as administrative controls
E) Implemented with technology
F) Primarily implemented and executed by people (as opposed to computer systems)

Answer

A

B) Sometimes called logical security controls
C) Executed by computer systems (instead of people)
E) Implemented with technology

Technical Controls: Controls implemented using some type of technical system, for example, setting up policies and procedures in an OS that would allow or disallow different functions from occurring. Firewalls, anti-virus, and other similar software fall under this category. (1.1)

Question 9

Q

Which of the answers listed below refer to examples of technical security controls? (Select 3 answers)

A) Security Audits
B) Encryption
C) Organizational Security Policy
D) IDSs
E) Configuration Management
F) Firewalls

Answer

A

B) Encryption
D) IDSs
F) Firewalls

Technical Controls: Controls implemented using some type of technical system, for example, setting up policies and procedures in an OS that would allow or disallow different functions from occurring. Firewalls, anti-virus, and other similar software fall under this category. (1.1)

Question 10

Q

Which of the following answers refer to the characteristic features of managerial security controls? (Select 3 answers)

A) Also known as administrative controls
B) Sometimes referred to as logical security controls
C) Focused on reducing the risk of security incidents
D) Executed by computer systems (instead of people)
E) Documented in written policies
F) Focused on protecting material assets

Answer

A

A) Also known as administrative controls
C) Focused on reducing the risk of security incidents
E) Documented in written policies

Managerial Controls: A series of policies that explain to end users the best way to manage their computers, data, or other systems. A security policy document or manual is an example of this. (1.1)

Question 11

Q

Examples of managerial security controls include: (Select 3 answers)

A) Configuration management
B) Data backups
C) Organizational security policy
D) Risk assessments
E) Security awareness training

Answer

A

C) Organizational security policy
D) Risk assessments
E) Security awareness training

Managerial Controls: A series of policies that explain to end users the best way to manage their computers, data, or other systems. A security policy document or manual is an example of this. (1.1)

Question 12

Q

Which of the answers listed below can be used to describe operational security controls (Select 3 answers)

A) Also known as administrative controls
B) Focused on the day-to-day procedures of an organization
C) Executed by computer systems (instead of people)
D) Used to ensure that the equipment continues to work as specified
E) Focused on managing risk
F) Primarily implemented and executed by people (as opposed to computer systems)

Answer

A

B) Focused on the day-to-day procedures of an organization
D) Used to ensure that the equipment continues to work as specified
F) Primarily implemented and executed by people (as opposed to computer systems)

Operational Controls: Controls implemented by people instead of systems or documents. Security guards, awareness programs, and posters are all examples of this. (1.1)

Question 13

Q

Which of the following examples fall into the category of operational security controls? (Select 3 answers)

A) Risk assessments
B) Configuration management
C) System backups
D) Authentication protocols
E) Patch management

Answer

A

B) Configuration management
C) System backups
E) Patch management

Operational Controls: Controls implemented by people instead of systems or documents. Security guards, awareness programs, and posters are all examples of this. (1.1)

Question 14

Q

Which of the answers listed below refers to security controls designed to deter, detect, and prevent unauthorized access, theft, damage, or destruction of material assets?

A) Managerial security controls
B) Physical security controls
C) Technical security controls
D) Operational security controls

Answer

A

B) Physical security controls

Physical Controls: Controls that limit physical access to a building, room or device. Locks, fences, and badge readers are examples of this. (1.1)

Question 15

Q

Which of the following examples do not fall into the category of physical security controls? (Select 3 answers)

A) Lighting
B) Access control vestibules
C) Data backups
D) Fencing/Bollards/Barricades
E) Firewalls
F) Security guards
G) Asset management

Answer

A

C) Data backups
E) Firewalls
G) Asset management

Physical Controls: Controls that limit physical access to a building, room or device. Locks, fences, and badge readers are examples of this. (1.1)

Question 16

Q

What are the examples of preventive security controls? (Select 3 answers)

A) Encryption
B) IDS
C) Sensors
D) Firewalls
E) Warning signs
F) AV software

Answer

A

A) Encryption
D) Firewalls
F) AV software

Preventive Controls: Block access to a resource. (1.1)

Question 17

Q

Examples of deterrent security controls include: (Select 3 answers)

A) Warning signs
B) Sensors
C) Lighting
D) Video surveillance
E) Security audits
F) Fencing/Bollards

Answer

A

A) Warning signs
C) Lighting
F) Fencing/Bollards

Deterrent Controls: Discourages an intrusion, but does not directly prevent access. (1.1)

Question 18

Q

Which of the answers listed below refer(s) to detective security control(s)? (Select all that apply)

A) Lighting
B) Log monitoring
C) Sandboxing
D) Security audits
E) CCTV
F) IDS
G) Vulnerability scanning

Answer

A

B) Log monitoring
E) CCTV
F) IDS
G) Vulnerability scanning

Detective Controls: Identifies and logs an intrusion attempt (1.1)

Question 19

Q

Which of the following answers refer(s) to corrective security control(s)? (Select all that apply)

A) IRPs
B) Log monitoring
C) Backups and system recovery
D) DRPs
E) Forensic analysis

Answer

A

A) IRPs
C) Backups and system recovery
D) DRPs
E) Forensic analysis

Corrective Controls: Applies a control after an event has been detected. (1.1)

Question 20

Q

Which of the answers listed below refer(s) to compensating security control(s)? (Select all that apply)

A) Temporary service disablement
B) Video surveillance
C) MFA
D) Backup power systems
E) Sandboxing
F) Temporary port blocking

Answer

A

A) Temporary service disablement
C) MFA
D) Backup power systems
E) Sandboxing
F) Temporary port blocking

Compensating: A control method using other means instead (Plan B) (1.1)

Question 21

Q

True or False: The term “Directive security controls” refers to the category of security controls that are implemented through policies and procedures.

Answer

A

True.

Directive Controls: Directs a subject towards security compliance. (1.1)

Question 22

Q

Which of the following terms fall into the category of directive security controls? (Select 2 answers)

A) IRP
B) AUP
C) IDS
D) MFA
E) IPS

Answer

A

A) IRP
B) AUP

Directive Controls: Directs a subject towards security compliance. (1.1)

Question 23

Q

Which of the following would explain why a company would automatically add a digital signature to each outgoing email message?

❍ A. Confidentiality
❍ B. Integrity
❍ C. Authentication
❍ D. Availability

Answer

A

B. Integrity

Integrity refers to the trustworthiness of data. A digital signature allows the recipient to confirm that none of the data has been changed since the digital signature was created. (1.2)

Question 24

Q

A company would like to examine the credentials of each individual entering the data center building. Which of the following would BEST facilitate this requirement?

❍ A. Access control vestibule
❍ B. Video surveillance
❍ C. Pressure sensors
❍ D. Bollards

Answer

A

A. Access control vestibule

An access control vestibule is a room designed to restrict the flow of individuals through an area. These are commonly used in high security
areas where each person needs to be evaluated and approved before access can be provided. (1.2)

Question 25

Q

An organization is implementing a security model where all application requests must be validated at a policy enforcement point. Which of the following would BEST describe this model?

❍ A. Public key infrastructure
❍ B. Zero trust
❍ C. Discretionary access control
❍ D. Federation

Answer

A

B. Zero trust

Zero trust describes a model where nothing is inherently trusted and everything must be verified to gain access. A central policy enforcement point is commonly used to implement a zero trust architecture. (1.2)

Question 26

Q

A user has opened a helpdesk ticket complaining of poor system performance, excessive pop up messages, and the cursor moving without anyone touching the mouse. This issue began after they opened a spreadsheet from a vendor containing part numbers and pricing information. Which of the following is MOST likely the cause of this user’s issues?

❍ A. On-path
❍ B. Worm
❍ C. Trojan horse
❍ D. Logic bomb

Answer

A

C. Trojan horse

Since a Trojan horse is usually disguised as legitimate software, the victim often doesn’t realize they’re installing malware. Once the Trojan is installed, the attacker can install additional software to control the infected system. (1.2)

Question 27

Q

A security administrator has configured a virtual machine in a screened subnet with a guest login account and no password. Which of the following would be the MOST likely reason for this configuration?

❍ A. The server is a honeypot for attracting potential attackers
❍ B. The server is a cloud storage service for remote users
❍ C. The server will be used as a VPN concentrator
❍ D. The server is a development sandbox for third-party
programming projects

Answer

A

A. The server is a honeypot for attracting potential attackers.

A screened subnet is a good location to configure services that can be accessed from the Internet, and building a system that can be easily compromised is a common tactic for honeypot systems. (1.2)

Question 28

Q

A company is launching a new internal application that will not start until a username and password is entered and a smart card is plugged into the computer. Which of the following BEST describes this process?

❍ A. Federation
❍ B. Accounting
❍ C. Authentication
❍ D. Authorization

Answer

A

C. Authentication

The process of proving who you say you are is authentication. In this example, the password and smart card are two factors of authentication,
and both reasonably prove that the person with the login credentials is authentic. (1.2)

Question 29

Q

A company is concerned about security issues at their remote sites. Which of the following would provide the IT team with more information of potential shortcomings?

❍ A. Gap analysis
❍ B. Policy administrator
❍ C. Change management
❍ D. Dependency list

Answer

A

A. Gap analysis

A gap analysis is a formal process comparing the current security posture with where the company would like to be. This often examines many different aspects of the overall security environment. (1.2)

Question 30

Q

When a person enters a data center facility, they must check-in before they are allowed to move further into the building. People who are leaving must be formally checked-out before they are able to exit the building. Which of the following would BEST facilitate this process?

❍ A. Access control vestibule
❍ B. Air gap
❍ C. Pressure sensors
❍ D. Bollards

Answer

A

A. Access control vestibule

An access control vestibule is commonly used to control the flow of people through a particular area. Unlocking the one door of the vestibule
commonly restricts the other door from opening, thereby preventing someone from walking through without stopping. It’s common in large
data centers to have a single room as the access control vestibule where users are checked in and out of the facility. (1.2)

Question 31

Q

A company is updating components within the control plane of their zero-trust implementation. Which of the following would be part of this update?

❍ A. Policy engine
❍ B. Subjects
❍ C. Policy enforcement point
❍ D. Zone configurations

Answer

A

A. Policy engine

The policy engine is located in the control plane and evaluates each access decision based on security policy and other information sources. The policy engine determines if access should be granted, denied, or revoked. (1.2)

Question 32

Q

What is the control plane?

Answer

A

Also called the Control Layer. Manages the actions of the data plane. Has all of the routing, session, and NAT tables.

Question 33

Q

What is a policy engine?

Answer

A

Thing that looks at all of the requests that are coming through the network, examines each request, compares it to a set of predefined security policies, and then makes a decision on whether the request is granted, denied, or revoked.

Question 34

Q

A company would like to automatically monitor and report on any movement occurring in an open field at the data center. Which of the following would be the BEST choice for this task?

❍ A. Bollard
❍ B. Microwave sensor
❍ C. Access control vestibule
❍ D. Fencing

Answer

A

B. Microwave sensor

Microwave sensors can detect movement across large areas such as open fields. (1.2)

Question 35

Q

A system administrator would like to prove an email message was sent by a specific person. Which of the following describes the verification of this message source?

❍ A. Non-repudiation
❍ B. Key escrow
❍ C. Asymmetric encryption
❍ D. Steganography

Answer

A

A. Non-repudiation

Non-repudiation is used to verify the source of data or a message. Digital signatures are commonly used for non-repudiation. (1.2)

Question 36

Q

Visitors to a corporate data center must enter through the main doors of the building. Which of the following security controls would be the
BEST choice to successfully guide people to the front door? (Select TWO)

❍ A. Infrared sensors
❍ B. Bollards
❍ C. Biometrics
❍ D. Fencing
❍ E. Access badges
❍ F. Video surveillance

Answer

A

B. Bollards
and
D. Fencing

Both bollards and fencing provide physical security controls to direct people to an area by limiting their access to other areas. (1.2)

Question 37

Q

Which of the following would BEST describe a honeytoken?

A) A publicly accessible password.txt file
B) Intentionally incorrect API credentials
C) A virtual machine with a known vulnerability
D) A workstation without a locking screen saver
E) A random access code used during login

Answer

A

B) Intentionally incorrect API credentials

Honeytokens: A bit of traceable data added to your honeynet. If data is stolen and shared, you will be notified and can trace it to who stole it. (1.2)

Question 38

Q

Which technology would be utilized in this scenario?
Creating a document with invalid authentication information.

A) Honeyfile
B) OCSP
C) Federation
D) False negative

Answer

A

A) Honeyfile

Honeyfile: A fake file with fake information to attract a bad guy. An alert is sent once the file is accessed. (1.2)

Question 39

Q

The company has faced several instances of tailgating, where unauthorized individuals gain access by following employees into restricted areas. Which deterrent control would be most effective in reducing the occurrence of tailgating?

A) Install more surveillance cameras at all entry points
B) Implement stricter password policies
C) Conduct regular security audits of the access control systems
D) Set up a software based IPS

Answer

A

A) Install more surveillance cameras at all entry points

Video surveillance: Or CCTV. Security cameras that watch areas to see if unauthorized people are gaining access. Can have motion or object detection. (1.2)

Question 40

Q

A security professional is reviewing the security measures of a financial firm’s data storage system to ensure it aligns with the C and I of the CIA triad. Which of the following actions would BEST ensure adherence to the C and I?

A) Encrypting stored data
B) Implementing a firewall
C) Regularly updating software
D) Conducting background checks on employees

Answer

A

A) Encrypting stored data

CIA Triad: A combination of principles concerning the fundamentals of security; Confidentiality, Integrity, and Availability. (1.2)

Question 41

Q

A security professional is tasked with identifying the discrepancies between the current security posture and the desired state of security in their organization. Which process should the security professional undertake to identify these discrepancies?

A) Risk assessment
B) Gap analysis
C) Penetration testing
D) Compliance auditing

Answer

A

B) Gap analysis

Gap Analysis: A study of where we are versus where we would like to be. It requires research and consideration of many different IT and security factors in order to close that gap and make sure everything is completed without tripping over itself. (1.2)

Question 42

Q

A security professional is enhancing the physical security measures of a corporate building located in a busy downtown area, with a focus on mitigating vehicle-based threats. Which physical security measure is most suitable for protecting the building against potential vehicle ramming attacks while allowing pedestrian access?

A) Installing video surveillance cameras around the building perimeter
B) Implementing an access control vestibule at the main entrance
C) Erecting bollards along the building’s street facing side
D) Enhancing the lighting around the building’s entrance

Answer

A

C) Erecting bollards along the building’s street facing side

Barricades and bollards: Allow people access by channeling them to a specific point, but prevent vehicles. (1.2)

Question 43

Q

What are the best ways to ensure only authorized personnel can access a secure research facility (select two)?

A) Perimeter fencing
B) CCTV monitoring
C) Badge access system
D) Controlled access vestibule
E) Visitor sign-in log
F) Motion detectors

Answer

A

C) Badge access system
&
D) Controlled access vestibule

Physical Controls: Controls that limit physical access to a building, room or device. Locks, fences, and badge readers are examples of this.
Access Control Vestibule: A place people have to go into first before accessing another part of the building. Opening one door causes another one to lock, or vice versa. (1.2)

Question 44

Q

An organization enforces mobile device encryption policies to ensure that data stored on employees’ smartphones and tablets is protected from unauthorized access in case of device loss or theft. What security measure is the organization primarily implementing by enforcing these mobile device encryption policies?

A) Data integrity
B) Data confidentiality
C) Data availability
D) Data authentication

Answer

A

Confidentiality: Ensures that information being exchanged is confidential or private. The concept includes the prevention of disclosure of information to unauthorized individuals or systems. This is achieved through encryption, two-factor authentication, and access controls. (1.2)

Question 45

Q

Which of the terms listed below can be used to describe the basic principles of information security?

A) PKI
B) AAA
C) GDPR
D) CIA

Answer

A

D) CIA

CIA Triad: A combination of principles concerning the fundamentals of security; Confidentiality, Integrity, and Availability. (1.2)

Question 46

Q

True or False: The term “Non-repudiation” describes the inability to deny responsibility for performing a specific action. In the context of data security, non-repudiation ensures data confidentiality, provides proof of data integrity, and proof of data origin.

Answer

A

False.

Non-repudiation: The ability to verify whether the information received is from the sender that the information says it’s from. A non-technological example would be like you signing a document. Only you have your own signature, so that adds non-repudiation to the document you’re signing. (1.2)

Question 47

Q

Which type of user account violates the concept of non-repudiation?

A) Standard user account
B) Shared account
C) Guest user account
D) Service account

Answer

A

B) Shared account

Non-repudiation: The ability to verify whether the information received is from the sender that the information says it’s from. A non-technological example would be like you signing a document. Only you have your own signature, so that adds non-repudiation to the document you’re signing. (1.2)

Question 48

Q

Which part of the AAA security architecture deals with the verification of the identity of a person or process?

A) Authentication
B) Authorization
C) Accounting

Answer

A

A) Authentication

The AAA Framework: Authentication, Authorization, and Accounting.
Authentication: The check between your username, your password, and any other authentication factors. It proves we are who we say we are. (1.2)

Question 49

Q

In the AAA security architecture, the process of granting or denying access to resources is known as:

A) Authentication
B) Authorization
C) Accounting

Answer

A

B) Authorization

The AAA Framework: Authentication, Authorization, and Accounting.
Authorization: What type of access one has after they’ve proven who they are through identification and authentication. (1.2)

Question 50

Q

In the AAA security architecture, the process of tracking accessed services as well as the amount of consumed resources is called:

A) Authentication
B) Authorization
C) Accounting

Answer

A

C) Accounting

The AAA Framework: Authentication, Authorization, and Accounting.
Accounting: A log of who has logged in, sent and received data, and logged out. (1.2)

Question 51

Q

In the context of the AAA framework, common methods for authenticating people include: (Select 3 answers)

A) IP addresses
B) Usernames and passwords
C) MAC addresses
D) Biometrics
E) MFA

Answer

A

B) Usernames and passwords
D) Biometrics
E) MFA

Authentication: The check between your username, your password, and any other authentication factors. It proves we are who we say we are. (1.2)

Question 52

Q

Which of the answers listed below refer to common methods of device authentication used within the AAA framework? (Select 3 answers)

A) Usernames and passwords
B) Digital certificates
C) IP addresses
D) MFA
E) Biometric authentication
F) MAC addresses

Answer

A

B) Digital certificates
C) IP addresses
F) MAC addresses

Authentication: The check between your username, your password, and any other authentication factors. It proves we are who we say we are. (1.2)

Question 53

Q

Which of the following terms describes the process of identifying differences between an organization’s current security posture and its desired security posture?

A) Tabletop exercise
B) Gap analysis
C) Security awareness training
D) Risk assessment

Answer

A

B) Gap analysis

Gap Analysis: A study of where we are versus where we would like to be. It requires research and consideration of many different IT and security factors in order to close that gap and make sure everything is completed without tripping over itself. (1.2)

Question 54

Q

True or False: The term “Zero Trust security” refers to a cybersecurity model that eliminates implicit trust from networks and requires all users and devices to be continuously verified before being granted access to resources. The implementation of the Zero Trust security involves two distinct components: a Data Plane, responsible for defining and managing security policies, and a Control Plane, responsible for enforcing the security policies established by the Data Plane.

Answer

A

False

Zero Trust: A holistic approach to network security that covers every device, process and person. You have to authenticate every time you want to gain access to a particular resource. (1.2)

Question 55

Q

Which of the answers listed below refers to a Zero Trust Control Plane security approach that takes into account user identity, device security, network conditions, and other contextual information to enable dynamic access decisions?

A) Implicit trust
B) Monitoring and logging
C) Adaptive identity
D) Microsegmentation

Answer

A

Adaptive Identity: Where you examine the identity of an individual and apply security controls based on other factors than just what the end user told you, such as the end user’s physical location, their relationship to the organization, their type of connection, and their IP address. (1.2)

Question 56

Q

What are the key components of the Zero Trust Control Plane’s Policy Decision Point (PDP)? (Select 2 answers)

A) Policy Engine (PE)
B) Monitoring and logging
C) Policy Enforcement Point (PEP)
D) Microsegmentation
E) Policy Administrator (PA)

Answer

A

A) Policy Engine (PE)
E) Policy Administrator (PA)

Policy Engine: Thing that looks at all of the requests that are coming through the network, examines each request, compares it to a set of predefined security policies, and then makes a decision on whether the request is granted, denied, or revoked.
Policy Administrator: Takes the decision made by the policy engine and provides that information to the PEP. (1.2)

Question 57

Q

True or False: In the Zero Trust security architecture, the Policy Enforcement Point (PEP) is a Data Plane component that enforces the security policies defined at the Control Plane by the Policy Decision Point (PDP).

Answer

A

True.

Policy Enforcement Point: (PEP) The gatekeeper that all network traffic goes through. Can be one device or multiple devices working together checking different policies on things. (1.2)

Question 58

Q

True or False: An access control vestibule (a.k.a. mantrap) is a physical security access control system used to prevent unauthorized users from gaining access to restricted areas. An example mantrap could be a two-door entrance point connected to a guard station wherein a person entering from the outside remains locked inside until he/she provides authentication token required to unlock the inner door.

Answer

A

True.

Access Control Vestibule: A place people have to go into first before accessing another part of the building. Opening one door causes another one to lock, or vice versa. (1.2)

Question 59

Q

Which of the following statements about honeypots are true? (Select 2 answers)

A) Honeypots are always part of a honeynet
B) Honeypots mimic real systems to attract cyber attackers
C) Honeypots are a type of anti-malware solution
D) Honeypots contain apparent vulnerabilities that are closely monitored by a security team
E) Honeypots are used to launch attacks on cyber attackers

Answer

A

B) Honeypots mimic real systems to attract cyber attackers
D) Honeypots contain apparent vulnerabilities that are closely monitored by a security team

Honeypot: Setting up a fake system to attract a bad guy, monitoring how they are attempting to override your fake system, and then recording their methods to implement securities on your real system. Tricking evil Winnie the Pooh and trapping him. (1.2)

Question 60

Q

What is a honeynet in the context of cybersecurity?

A) A network of IDSs
B) A network of honeypots
C) A network of infected hosts
D) A network of IPSs

Answer

A

B) A network of honeypots

Honeynet: A bunch of honeypots networked together. Very sticky. (1.2)

Question 61

Q

Which of the answers listed below refers to a honeynet example?

A) A network of fake websites
B) A network of fake servers
C) A network of fake databases
D) A network of fake file shares
E) All of the above

Answer

A

E) All of the above

Honeynet: A bunch of honeypots networked together. Very sticky. (1.2)

Question 62

Q

True or False: A honeyfile can be any type of file (e.g., a document, email message, image, or video file) containing real user data intentionally placed within a network or system to attract potential attackers or unauthorized users.

Answer

A

False.

Honeyfile: A fake file with fake information to attract a bad guy. An alert is sent once the file is accessed. (1.2)

Question 63

Q

A honeyfile can be used for:

A) Attracting cyber attackers
B) Triggering alerts when accessed
C) Monitoring network activity
D) All of the above

Answer

A

D) All of the above

Honeyfile: A fake file with fake information to attract a bad guy. An alert is sent once the file is accessed. (1.2)

Question 64

Q

What is a honeytoken?

A) A decoy file that is designed to attract attackers
B) A unique identifier assigned to a honeyfile
C) A decoy system that is designed to lure potential attackers
D) A unique identifier that is designed to track attackers

Answer

A

D) A unique identifier that is designed to track attackers

Honeytokens: A bit of traceable data added to your honeynet. If data is stolen and shared, you will be notified and can trace it to who stole it. (1.2)

Answer 65

A

A) Active user account credentials
C) Actual URLs to live websites or resources

Honeytokens: A bit of traceable data added to your honeynet. If data is stolen and shared, you will be notified and can trace it to who stole it. (1.2)

Answer 66

A

B) Enforcing security policies at runtime

Policy Enforcement Point: (PEP) The gatekeeper that all network traffic goes through. Can be one device or multiple devices working together checking different policies on things. (1.2)

Answer 67

A

B. Follow the steps listed in the backout plan

The backout plan associated with the change control process provides information on reverting to the previous configuration if an unrecoverable error is found during the change. (1.3)

Answer 68

A

D. Change management

The change management process includes a testing phase that can help identify potential issues relating to an application change or upgrade. (1.3)

Answer 69

A

Have clear policies that include the frequency, duration, installation process, and rollback procedures should they not work, of updates and changes to your systems.

Answer 70

A

C. Change management

Change management is a formal process used to control and manage any changes to hardware, software, or any other part of the IT infrastructure. (1.3)

Answer 71

A

C. Change management procedures

Change management defines a series of best practices for implementing changes in a complex technical environment. The goals of change
management are to implement updates and changes while also maintaining the uptime and availability of critical business systems. (1.3)

Answer 72

A

D. Change management

Change management is the process for making any type of change, such as a software upgrade, a hardware replacement, or any other type
of modification to the existing environment. Having a formal change management process minimizes the risk of a change and makes everyone aware of the changes as they occur. (1.3)

Answer 73

A

C. Dependency

Modifying one part of a system may first require changes to other components. In this example, the application upgrade is dependent on an updated version of a device driver. (1.3)

Answer 74

A

B) Individuals or groups affected by or involved in a change

Stakeholders: Individuals or departments that will be impacted by the change you’re proposing. They’re going to want input on the change management process, and some type of control over when the change occurs. Take into account who all is going to be impacted by the change. Look beyond the immediate impact and look through the whole process. (1.3)

Answer 75

A

B) Obtaining formal approval for the project from senior management

Change Management: Or Change Approval Process. The formal process an IT administrator goes through to ensure that a change to the systems goes through properly and without messing anything up.
Change Control Process:
-1) Fill out an approval process request form.
-2) Explain what the change is and why it’s being implemented.
-3) Identify the scope of the change, or how big this change will be.
-4) Schedule a date and time for the change to take place.
-5) Determine the affected systems and the impact on those systems.
-6) Analyze the risk associated with the change.
-7) Get approval from the change control board to go ahead with the change. (1.3)

Answer 76

A

A. Ledger

The ledger is a shared document with a list of all blockchain transactions. The ledger is shared among everyone in the blockchain, and all transactions are available to view on this central ledger. (1.4)

Answer 77

A

B. Record

Record-level encryption is commonly used with databases to encrypt individual columns within the database. This would store some information in the database as plaintext and other information as encrypted data. (1.4)

Answer 78

A

Data in a database that’s encrypted at the record level while everything else is public. For example, names in the database are decrypted, but SSNs are encrypted.

Answer 79

A

B. Blockchain

The ledger functionality of a blockchain can be used to track or verify components, digital media, votes, and other physical or digital objects. (1.4)

Answer 80

A

A distributed ledger for anyone to be able to see that keeps track of transactions. If you are involved in a blockchain, you are notified of any and all changes. The transaction is then added to a new block of data containing other recently verified transactions. A hash is added to the block of data and the block is completed so that if data is changed, everyone looking at it will know.

Answer 81

A

A. Private

With asymmetric encryption, the private key is used to decrypt information that has been encrypted with the public key. To ensure continued access to the encrypted data, the company must have a copy of each private key. (1.4)

Answer 82

A

A. Salting

Adding random data, or salt, to a password when performing the hashing process will create a unique hash, even if other users have chosen the same password. (1.4)

Answer 83

A

Random data added to a password when hashing that password, making a different hash for the password when stored. For example, the password ‘dragon’ has its own unique hash, but the password ‘dragon +r4$x’ has a different hash, but is still able to be deciphered when the password is looked at in plain text. The +r4$x is known to the user to be the salt.

Answer 84

A

D. Digital signature

A certificate authority will digitally sign a certificate to add trust. If you trust the certificate authority, you can therefore trust the certificate. (1.4)

Answer 85

A

A. Integrate an HSM

An HSM (Hardware Security Module) is a high-end cryptographic hardware appliance that can securely store keys and certificates for all devices. (1.4)

Answer 86

A

Hardware Security Module. A standalone device whose sole purpose is to provide cryptographic keys to many devices in large environments. It securely stores thousands of cryptographic keys.

Answer 87

A

D. Asymmetric encryption

Asymmetric encryption uses a recipient’s public key to encrypt data, and this data can only be decrypted with the recipient’s private key. This encryption method is commonly used with software such as PGP or GPG. (1.4)

Answer 88

A

B. OCSP stapling

The use of OCSP (Online Certificate Status Protocol) requires communication between the client and the issuing CA (Certificate Authority). If the CA is an external organization, then validation checks will communicate across the Internet. The certificate holder can verify their own status and avoid client Internet traffic by storing the status information on an internal server and “stapling” the OCSP status into the SSL/TLS handshake. (1.4)

Answer 89

A

Online Certificate Status Protocol. A protocol that lists the status of its certificate onto the web server itself.

Answer 90

A

E. The client computer does not have the proper
certificate installed

The error message states that the server credentials could not be validated. This indicates that the certificate authority that signed the server’s certificate is either different than the CA certificate installed on the client’s workstation, or the client workstation does not have an installed copy of the CA’s certificate. This validation process ensures that the client is communicating to a trusted server and there are no on-path attacks occurring. (1.4)

Answer 91

A

B. Secure enclave

A secure enclave describes a hardware processor designed for security. The secure enclave monitors the boot process, create true random numbers, store root cryptography keys, and much more. (1.4)

Answer 92

A

A security processor built into the systems we use.

Answer 93

A

C. Symmetric

Symmetric encryption uses the same key for both encryption and decryption. (1.4)

Answer 94

A

B. Steganography

Steganography is the process of hiding information within another document. For example, one common method of steganography embeds data or documents within image files. (1.4)

Answer 95

A

B. Key management system

A key management system is used to manage large security key implementations from a central console. This includes creating keys, associating keys with individuals, rotating keys on regular intervals, and logging all key use. (1.4)

Answer 96

A

A centralized console that keeps track of all of your different keys for all of your different servers, users, and devices. Logs key use and other important events.

Answer 97

A

A. Digitally sign with Sam’s private key

The sender of a message digitally signs with their own private key to ensure integrity, authentication, and non-repudiation of the signed contents. The digital signature is validated with the sender’s public key. (1.4)

Answer 98

A

Bob on his computer has a private and public key. Alice on her computer also has her own private key and public key. Bob shares his public key with Alice, and Alice shares her public key with Bob. Together, combining their own private key with each other’s public key, they’ve created an identical symmetric key that both of them now have.

Answer 99

A

A. OCSP stapling

OCSP (Online Certificate Status Protocol) stapling allows the certificate holder verify their own certificate status. The OCSP status is commonly “stapled” into the SSL/TLS handshake process. Instead of contacting the certificate authority to verify the certificate, the verification is included with the initial network connection to the server. (1.4)

Answer 100

A

D. Create a shared session key

The Diffie-Hellman algorithm can combine public and private keys to derive the same session key. This allows two devices to create and use this shared session key without sending the key across the network. (1.4)

Answer 101

A

B. Full disk encryption

With full disk encryption, everything written to the laptop’s local drive is stored as encrypted data. If the laptop was stolen, the thief would not have the credentials to decrypt the drive data. (1.4)

Answer 102

A

D) Secure enclave

Secure Enclave: A security processor built into the systems we use. (1.4)

Answer 103

A

C) Using an asymmetric algorithm such as Diffie-Hellman

Asymmetric Encryption: Public key cryptography. Two (or more) mathematically related keys. You encrypt data with one key and decrypt data with a different key. Both keys are made at the same time so they mathematically understand one another. One of the keys made is the private key (the one that is not shared) and the other is made to be the public key (the one that is shared to other people). The private key is the only key that can decrypt data encrypted with the public key, making all data encrypted with the public key safe from encryption except from one source. (1.4)

Answer 104

A

B) Blockchain

Blockchain: A distributed ledger for anyone to be able to see that keeps track of transactions. If you are involved in a blockchain, you are notified of any and all changes. The transaction is then added to a new block of data containing other recently verified transactions. A hash is added to the block of data and the block is completed so that if data is changed, everyone looking at it will know. (1.4)

Answer 105

A

E) Key stretching

Key strengthening: Also known as key hashing or key stretching. The process of making your key stronger by hashing the hashes of your password multiple times. The hash of a hash of a hash of a password is difficult to brute-force. (1.4)

Answer 106

A

D) OCSP

OCSP: Online Certificate Status Protocol. A protocol that lists the status of its certificate onto the web server itself. (1.4)

Answer 107

A

C) Salting

Salting: Random data added to a password when hashing that password, making a different hash for the password when stored. For example, the password ‘dragon’ has its own unique hash, but the password ‘dragon +r4$x’ has a different hash, but is still able to be deciphered when the password is looked at in plain text. The +r4$x is known to the user to be the salt. (1.4)

Answer 108

A

E) Recipient’s public key

Asymmetric Encryption: Public key cryptography. Two (or more) mathematically related keys. You encrypt data with one key and decrypt data with a different key. Both keys are made at the same time so they mathematically understand one another. One of the keys made is the private key (the one that is not shared) and the other is made to be the public key (the one that is shared to other people). The private key is the only key that can decrypt data encrypted with the public key, making all data encrypted with the public key safe from encryption except from one source. (1.4)

Answer 109

A

B) Hashing

Hash: A short string of text that can be created based upon data contained within the plain text. Also known as a message digest or a fingerprint.
Hashing: Representing data as a short string of text. Cannot be decrypted. (1.4)

Answer 110

A

C) CRL

Certificate Revocation Lists: (CRLs) A list of digital certificates that have been revoked by the issuing Certificate Authority (CA) before their scheduled expiration date. When a CA issues a digital certificate, it includes an expiration date. However, certain events may lead to the need for revocation before the certificate’s expiration, such as the compromise of the private key associated with the certificate, the compromise of the CA itself, or other security-related concerns. (1.4)

Answer 111

A

A) Disk encryption

Examples of full-disk and partition/volume encryption software include BitLocker (Windows OS) and FileVault (Mac OS). (1.4)

Answer 112

A

A) Digital certificate

Digital Certificate: A file that contains both a public key and a digital signature. Think of it as a digital version of an ID card. It’s a way to provide trust and for them to say that the person is who they actually say they are in authentication, and allow them access to things they previously did not have access to. (1.4)

Answer 113

A

A) PKI

PKI: Public Key Infrastructure. Policies and procedures that are responsible for creating, distributing, managing, storing, revoking, and performing processes associated with digital certificates.
PKI used as a verb means to associate a certificate to people or devices. (1.4)

Answer 114

A

C) A pair of keys where one is used for encryption and the other for decryption

Asymmetric Encryption: Public key cryptography. Two (or more) mathematically related keys. You encrypt data with one key and decrypt data with a different key. Both keys are made at the same time so they mathematically understand one another. One of the keys made is the private key (the one that is not shared) and the other is made to be the public key (the one that is shared to other people). The private key is the only key that can decrypt data encrypted with the public key, making all data encrypted with the public key safe from encryption except from one source. (1.4)

Answer 115

A

A) Data encryption

Symmetric Encryption: A single, shared key. You encrypt data with the key and decrypt data with the key. If the key gets out, you’ll need another key. Also known as a secret key algorithm or a shared secret. It doesn’t really scale very well because it’s only one key shared between a bunch of people. It is very fast, however. (1.4)

Answer 116

A

False.

Key Escrow: Someone else holding onto your decryption keys, either within your organization or with a third party. (1.4)

Answer 117

A

D) SED

SED: Self-Encrypting Devices. Data storage device with built-in cryptographic processing that may be utilized to encrypt and decrypt the stored data, occurring within the device and without dependence on a connected information system. (1.4)

Answer 118

A

B) EFS (Encrypting File System)

You can encrypt individual files on Windows using EFS (Encrypting File System), and other OSs using other third party utilities. (1.4)

Answer 119

A

B) HTTPS

Transport encryption: Protecting data as it crosses the network. This is done by browsers using secure ports such as HTTPS that encrypt data as it crosses the network. VPNs are another example, either site to site VPNs using IPsec, or client based VPNs using SSL/TLS. (1.4)

Answer 120

A

B) TLS

Transport encryption: Protecting data as it crosses the network. This is done by browsers using secure ports such as HTTPS that encrypt data as it crosses the network. VPNs are another example, either site to site VPNs using IPsec, or client based VPNs using SSL/TLS.
Client VPNs use SSL/TLS protocols (TCP 443). (1.4 & 3.2)

Answer 121

A

True. (1.4)

Answer 122

A

C) Hierarchical trust model.

A hierarchical trust model assigns a single hierarchy with one master CA called the root, who signs all digital certificate authorities with a single key. The distributed trust model has multiple CAs that sign digital certificates. With the bridge trust model, no single CA signs digital certificates, and yet the CA acts as a facilitator to interconnect all other CAs. Centralized trust model. (1.4)

Answer 123

A

D) A CP provides recommended baseline security requirements for the use and operation of PKI components.

A CP is a set of rules that provide recommended baseline security requirements for the use and operation of PKI components, while a CPS is a more technical document that describes how the CA uses and manages certificates. (1.4)

Brainscape's Knowledge GenomeTM

Sec+ Objective 1 Test Questions Flashcards

Brainscape's Knowledge Genome^TM