Security Flashcards
What is a zero day vulnerability?
A) A vulnerability that only affects UNIX operating systems
B) A vulnerability that is newly discovered and not yet addressed by a patch
C) A vulnerability that is only effective on new systems
D) A vulnerability that is only for a limited period of time, usually a few days
Answer: B
B is correct. Zero day is a term used to define vulnerabilities that are newly discovered and not yet addressed by a patch
A is not correct. Zero day vulnerabilities exist on UNIX, Windows, and other operating systems. Zero day is a term used to define vulnerabilities that are newly discovered and not yet addressed by a patch
C is not correct. Zero day vulnerabilies are not affected by the age of the system. Zero day is a term to define vulnerabilities that are newly discovered and not yet addressed by a patch
D is not correct. Zero day is a term used to define vulnerabilities that are newly discovered and not yet addressed by a patch. The timeframe for a zero day to be effective is related to how quickly patches are developed and applied to systems. Due to poor maintenance practices, some systems remain vulnerable to zero day exploits for months
Which of the following is NOT an element of a good mobile device management (MDM) policy?
A) Device locking with a strong password
B) Encryption of data on the device
C) The ability to remotely wipe the device if it is lost or stolen
D) The ability to unlock the device if it is lost or stolen
D is correct. The ability to unlock the device if it is lost or stolen is not an element of good MDM policy.
A,B, & C are incorrect. Theses are all elements of a good mobile device management (MDM) policy
What is the term used to describe the ability to maintain both data and services in an operational state, even when a disruption even occurs?
A) Fault tolerance
B) High availability
C) Scalability
D) Scalability
B is correst. High availability refers to the ability to maintain the availability of data and operational processing (services) despite a disruptive event. Generally, this requires redundant systems
A is incorrest. Fault tolerance is similar to high availability, but it’s not exactly the same thing. Being fault tolerant is a design objective to achieve high availability should be a fault occur.
C is incorrect. Scalability is a deign that enables a system to accommodate larger workloads by adding resources.
D is incorrect. A system having restorability (for example, via backups) is important, but this willl interrupt services, meaning data and services will not be available for some period of time.
Which of the following statements about bug bounty programs are true? (Choose all that apply.)
A) Companies pay people to find vulnerabilities in their software
B) They are usually open to the public
C) They are not used by reputable companies
D) Discovered bugs are worth very little
A & B are correct. Bug bounty programs are mechanisms where companies pay hackers for revealing the details of vulnerabilities that they discover in software and/or hardware products, providing the company an opportunity to correct an issue it is exploited for malicious purposes, Also, bug bounty programs are usually open to the public, as companies like to have as many people testing them software as possible
C is incorrect. Bug bounty programs have been used by well-respected companies like Apple, Google, and Microsoft. They have all run bug bounty programs.
D is incorrect. Some bug bounty programs offer significant rewards of over $100,000
Which of the following is the best description of risk?
A) The cost associated with realized risk
B) The possibility of suffering a loss
C) Damage that is the result of unmitigated risk
D) The level of concern one places on the well-being of people
B is correct. Risk is the possibility of suffering a loss
A & C are incorrect. Impact is the cost and damage of a realized risk
D is incorrect. Aspects of life concerns focus on the well-being of people
Which type of malware demands a payment from its victims?
A) Virus
B) Trojan
C) Worm
D) Ransomware
D is correct. Ransomware is a form of malware that performs some action and attempts to extract a ransom from the user. Quite often, Ransomware encrypts data files or even the entire system and demands payment in exchange for the decryption key.
A is incorrect. A virus is a piece of malware that attaches itself to other files or programs. It does not demand a ransom.
B is incorrect. A Trojan is a piece of software that appears to do one thing (and may, in fact, actually do that thing) but hides some other functionality, such as installing a back door or stealing data
C is incorrect. A worm is a self-propagating form of malware that infects systems across networks without additional interactions once released
What wireless attack uses substitute hardware with better signal strength to impersonate a legitimate access point.
A) Rouge Access Point
B) Trojan
C) Evil Twin
D) Bluejacking
C is correct. An evil twin attack happens when a attacker sets up a wireless access point that looks and acts like a legitimate access point, but with a stronger signal to trick users into connecting to it instead of the legitimate access point.
A is incorrect. A rouge access point is an unauthorized access point connected to an organization’s network, but it does not impersonate one of the organization’s legitimate access points
B is incorrect. A Trojan is a piece of software that appears to do one thing while also doing something else in secret (such as installing a backdoor)
D is incorrect. Bluejacking is the sending of unauthorized messages to another bluetooth device
Which of the following statements about EOSL items is true?
A) An EOSL item is only sold to current customers
B) An EOSL item is no longer supported by OEM
C) An EOSL item uses older hardware but current software
D) An EOSL item has no maintenance options
B is correct. An EOSL (end of service life) item is something that is no longer supported by the original equipment manufacturer (OEM),
A is incorrect. EOSL items are no longer marketed, supported or sold by EOM
C is incorrect. EOSL items are no longer marketed, supported or sold by the EOM. They will typically be older hardware, but there are no patches or software updates available for them, as the manufacturer no longer supports them
D is incorrect. Maintenance for EOSL items is something available from 3rd party vendors, even after the manufacturer has discontinued support for the item
Which of the following is the name given to the process of assigning permissions or authorities to objects?
A) Staging
B) Quality assurance
C) Integrity measurement
D) Provisioning
D is correct. This is a description of the provisioning process. Users can be provisioned into groups, and computers or theads can be provisioned to higher levels of authority when executing
A is incorrect. The primary purpose of staging is to serve as a sandbox after testing so that the test system can test the next set while the current set is deployed across the enterprise
B is incorrect. Quality assurance is a common step used to ensure that quality is built in to a product
C is incorrect. Integrity is defined in security as a determination that data has no unauthorized changes. For measurement you need to have control over copies of a code base and a log of the changes made
Which of the following statements is correct regarding acquiring data during an incident?
A) Most people understand and use technology, so it is understood during legal proceedings
B) Auditors prefer digital data, as it always reflects the original data
C) Digital data doesn’t need to be filtered
D) Most forms of computer evidence cannot be sensed with human’s physical senses
D is correct. It is hard to “senes” digital data because bits of data are typically magnetic pluses on a storage technology
A is incorrect. Digital evidence may be hard for people to understand because they don’t have exposure or experience with technology
B is incorrect. While this answer is a distractor, good auditing techniques call for accessing the actual and original data if possible
C is incorrect. Because digital data can’t be detected by human senses, it typically needs some kind of “filter” to see and evaluate it
Which of the following uses GPS and/or RFID to detect when mobile devices cross a barrier?
A) Content management
B) Geofencing
C) Geolocation
D) Screen lock
B is correct. Geofencing uses GPS or RFID to detect when a mobile device crosses an electronic fence.
A is incorrect. Content management is an action used to control content
C is incorrect. Geolocation involves using GPS to track a device’s location
D is incorrect. A screen lock requires a passcode or PIN to unlock a device
Many organizations don’t see the need for maintaining a supply of spare parts. After all, with the price of storage dropping, and the speed of processors, increasing, why replaced broken parts with all their technology? However, a ready supply of spare parts can ease the process of bringing a system back online. Replacing hardware and software with newer versions, and sometimes lead to problems with compatibility. an older version of some piece of critical software may not work with newer hardware, which may be more capable in a variety of ways. Having critical hardware ( or software) spares for critical functions in the organization, is an example of which of the following?
A) Load balancing
B) Geographic dispersal
C) Redundant array of independent disks
D) Redundancy
D is correct. Redundancy is the use of multiple, independent elements to perform a critical function, so that if one fails, there is another that can take over the work.
A is incorrect. Balancing moves loads across a set of resources in an effort not to overload individual servers.
B is incorrect. Geographic disposal is a strategy to keep copies of backups and separate locations.
C is incorrect. Redundant array of independent (RAID) data that is normally stored on a single disk and spread it out amongst several others
What is one major disadvantage external actors have when compared to internal actors?
A) External actors have little to no funding
B) External actors have to establish access to the systems they want to attack
C) External actors, do not have access to zero day attack
D) External actors, never obtain/administrator access
B is correct. External actors have to establish access to the systems they want to attack. Internal actors are often employees, or even administrators of the organization; they already have access into the organizations and systems being attacked.
A Is incorrect. External actors can range from unstructured threats, with little funding, to well funded nonstate, sponsored, structured threats.
C is incorrect. Access is zero day tax is not limited to internal or external actors; these attacks can be used by either type of thread actor.
D is incorrect. The goal of almost every attack is to gain root/administrator access. External threat actors quite often obtain root/administrator access during successful attacks.
What does threat map depict?
A) Operating systems in zero days that affect those operating system
B) Cities with power out
C) Where attack packets are coming from and going to
D) Cities with vulnerable IT systems
C is correct. Threat maps are geographical representations of attacks, showing where packets are coming from and going to.
A is incorrect. A threat map shows where a tag packets are coming from and going to; it does not provide a mapping of zero day exploits, and the operating systems affected by those exploits.
B is incorrect. A threat map shows where tag packets are coming from and going to; it does not depict cities with power outages.
D is incorrect. A threat map shows where attack packets are coming from and going to; it is not created to show cities with vulnerable IT systems
Which of the following has its roots and systems engineering, where it is commonly referred to as configuration management?
A) Change management
B) Configuration control
C) Security control
D) Administrative control
A is correct. Change management has its roots and system engineering concepts.
B is incorrect. Configuration control deals with controlling changes that have been baseline.
C is incorrect. Security controls are mechanisms to minimize exposure to risks.
D is incorrect. And administrative control is a policy or procedure.
Which is a specific element of an incident response plan?
A) Containment
B) Eradication
C) Rules and responsibilities
D) Lessons learned
C is correct. Defining roles and responsibilities is a critical step and in indicating response planning.
A is incorrect. Containment involve the action taken to constrain an incident.
B is incorrect. Eradication involves removing the problem and response to an incident.
D is incorrect. Lessons learned our actions to correct weakness and suggestions for improvement.
Which of the following are true statements about the dark web and the deep web? (Choose all that apply.)
A) The dark web uses obfuscation methods to restrict access
B) The deep web, is not indexed by search engines and is usually restricted using logins
C) The deep web, requires special software, such as Tor, to restrict access
D) The dark web is only used in legal activities to avoid government surveillance
A & B are correct. The dark web uses obfuscation method to restrict access. Dark websites require Tor (free, open source software that enable anonymous communication). Because the dark web is this only in the realm of onion routing, dark websites, end with the extension .onion, as opposed to .com, .net, and so on. The websites are not indexed by traditional surgeon. Required additional measures to access, such as a login.
C is incorrect. The deep web does not use obfuscation or require special to software (like Tor)
D is incorrect. The dark web is home to a large amount of illegal activity, such as money, laundering, and the selling of illegal items.
You are implementing a new website that does a financial check in order to process loan applications. People accessing the site will be new users and have no pre-shared information. Why is knowledge based on authentication the best choice for this website?
A) It works on knowledge that is privileged information
B) It can only work on users who have an account
C) Wide breadth of knowledge, commonly known to both parties required
D) It uses easily answers
C is correct. Knowledge-base authentication using information that is not commonly known, but is not privileged or secret information. This is information that is known to both the user and the system. It uses a wide breadth of information, spanning many years to authenticate a user for example, authenticating to a car insurance company by listing all the cars you have all over the past 10 years.
A is incorrect. Knowledge base authentication does not use secrets.
B is incorrect. There is no need for a user to have used the system previously.
D is incorrect. Easily guest answers would never make an effective authentication system.
If you are trying to collect information about a company in the stealthiest manner possible, without being discovered, you might use which of the following?
A) Penetrating test
B) Port scanning
C) Passive reconnaissance
D) Active reconnaissance
C is correct. Passive reconnaissance is perform using methods to gain information about targeted computers and networks without actively engaging with Target systems, to avoiding detection. It might gain less information than other methods, but it is far quieter, and has a little to no risk of detection.
A is incorrect. Penetration, testing, simulates an attack, quite often generating a great deal of traffic and noise. These tests are performed in cooperation with the organization being examined.
B is incorrect. Scanning is the mapping of open ports and services on network systems. This type of activity is quite nosy and can usually be traced back to the originating system.
D is incorrect. An active reconnaissance you engage directly with the Target systems. (For example, using a port scanner to map on open ports). These types of activities make “noise” on the network, can be observed, and can be tracked back to the origin.
Which of the following roles is responsible for the day-to-day caretaking of data?
A) Data custodian/steward
B) Data privacy officer
C) Data owner
D) CMO
A is correct. The data custodian/steward is responsible for the day-to-day caretaking of data.
B is incorrect. The data privacy officer(DPO) is the executive level role, responsible for establishing policy and compliance issues
C is incorrect. The data owner defines requirements for security, privacy, and retention.
D is incorrect. The chief of marketing officer (CMO) does not have a significant role in protecting data.
What is the purpose of DLP?
A) It describes a protocol design to facilitate the transmission of diagram
B) It helps in the restoration of data loss as a result of a disaster
C) It serves to prevent sensitive data from leaving the network without notice
D) Is the design of network that helps describe linkage between components
C is correct. Got a loss prevention (DLP) solutions are designed to protect data in transit/motion, at rest, or in process from unauthorized use, or exfoliation
A is incorrect. GOP is not related to facilitating diagram transmissions, but rather compressed solutions designed to protect data in transit/motion, at rest, or in process from unauthorized use or extilfiration
B it’s incorrect. DLP is not related to disaster, recovery operations, but rather in compress solutions designed to protect data in the transit/motion, at rest, or in process for unauthorized use, or exfoliation
D is incorrect. The purpose of DLP is not to design networks, but rather to design solutions to protect data in transit/motion, at rest, or in process from unauthorized use, or exfoliation
What is Arduino?
A) It is a single-broad microcontroller, but it is not a full-fledged computer
B) It is an electric circuit that is programmed to perform a specific function
C) It is a highly successful, low cost, single board computer
D) It is a computer that is included as an integral part of a larger system, and is typically hardwired in
A is correct. The Arduino is a single board Michael controller designed to provide computer control to hardware projects without the overhead of a full computer, OS, and so on. While raspberry pie is designed as a computer, the Arduino is designed as a controller, specifically for interfacing with sensors and devices
B is incorrect. This is a description of a field programmable gate array (FPGA)
C is incorrect. This is a description of a raspberry pie.
D is incorrect. This is a description oven embedded system.
Why is time synchronization an important function of a SIEM system to perform?
A) It’s important to compare events in both local time for local events and UTC
B) All systems rely on UTC to record time
C) Most companies are geographically centralized in a global market
D) Rules and implementation of daylight savings times are stable and consistent
A is correct. SIEM systems can simplify the maintenance and correlation of local events to UTC.
B is incorrect. Not all systems record and universal time coordinated (UTC), and still need to be correlated to locally events
C is incorrect. In today’s global economy, most companies are geographically dispersed
D is incorrect. Daylight savings time is not implemented consistently and statically across the world time zones
What attack method typically targets users instead of computers?
A) Port scanning
B) Social engineering
C) Hybrid warfare
D) Typo squatting
B is correct. Social engineering is an attack against a user and typically involve some form of social interaction.
A is incorrect. Poor scanning is an attack that probes a server or host for open port.
C it’s incorrect. Hybrid warfare is used of multiple techniques, such as using social media, to sway public opinion about a particular subject, while conducting attack using other methods.
D is incorrect. Typo squatting is an attack where the attacker registers domain names for popular resources, but with a common typo in them. For example, www.gogle.com. To catch people attempting to reach www.Google.com
You have successfully deployed antivirus to all client workstations, but are still dealing with virus problems. What would be your next target for antivirus filtering?
A) FTP servers
B) Database servers
C) Instant message servers
D) E-mail servers
D is correct. Antivirus programs are almost always deployed as part of a modern email service package. The email system has been a large vector for malware, as it delivers external data directly to internal endpoints.
A is incorrect. While FTP is used as a point-to-point solution in some locations, it is been depreciated in favor of online stories, such as S3 buckets.
B is incorrect. Any structured data storage has specific limits on the size and type of data stored in it, making it hard to store, and transmit viruses through the system; such as, it is not as common to have antivirus deployed as part of the database.
C is incorrect. Many instant messaging platforms are strictly internal to the corporation, as I am is still not as prolific as e-mail, I am antivirus such much less common
In terms of mobile deployment models, choose the option that goes from least restrictive to most restrictive.
A) COD, COBO, BYOD, COPE
B) BYOD, COD, COPE, COBO
C) COBO, BIOD, COPE, CYOD
D) COBO, COPE, CYOD, BYOD
B is correct, the model with the least restrictive is bring your own device (BYOD), then choose your own device (CYOD), followed by corporate-owned personal enabled (COPE), and finally corporate-owned a business-only (COBO)
A, C, & D are incorrect. None of these offers are correct ordering from lease to most restrictive.
You currently have roll-based access control (RBAC) to your systems, but a new appliance is designed around attribute-based access control (ABAC). What is the primary difference you will need to adjust to?
A) RBAC requires an external directory to define the roles
B) ABAC is less granular than RBAC
C) ABAC can use Boolean logic
D) RBAC is better in large, complex organizations
C is correct. ABAC can use bowling logic in the access control decision.
A is incorrect. RBAC can utilize an external directories, but is not relying on it.
B is incorrect. ABAC can be very granular in terms of access control.
D incorrect. RBAC and ABAC are both well suited to large, complex organizations.
You’re organization utilizes two different people to perform tasks that are both necessary for the entry into your building. Person one check IDs, enters, data, log, and can issue a visitors badge. Person who controls the door access, so a failure by either person does not expose your organization. Which of the following is an example of?
A) Two-person integrity/control
B) Guards
C) Required badging
D) Access control vestibule
A is correct. Having two people required to perform a task, provides a meanings of checks and balances.
B is incorrect. While these individual certainly are performing the function of a guard, the more important aspect of the scenario is the fact there are two persons, each performing a separate, but necessary task.
C isn’t correct. While badges are mentioned as necessary in this scenario, the more important aspect is the fact there are two persons, each performing a separate, but necessary task.
D incorrect. While the scenario certainly implies the existence of some sort of access control, site vegetable, the more important aspect is the fact that there are two persons, each performing a separate necessary task.
What is the term for process of identifying critical assets and systems, interdependencies, and ensuring their availability during a disruption?
A) Continuity of operations planning
B) Disaster recovery
C) Incident response planning
D) Restoration of business planning
A is correct. Continuity of operations planning (COOP) involves developing a comprehensive plan to enact during a situation where normal operations are disrupted.
B is incorrect. Disaster recovery is the process used to recover from disruption.
C) is incorrect. Incident response planning involves the steps to be taken and response to a disruption.
D) is incorrect. Restoration of business planning is a contrive response.
Which of the following correctly defines a combination of hardware and software that classify and analyze data from numerous sources?
A) DLP
B) NAC
C) LOG
D) SIEM
D is correct. Security information and event management (SIEM) systems consists of a combination of hardware and software that classify and analyze data from numerous sources.
A is incorrect. Data loss prevention (DLP) is technology used to detect and prevent data transfer
B is incorrect. Network access control (NAC) is used to manage network endpoints.
C is incorrect. LOG is a contrived answer
Your organization has been targeted by attacks, and you are seeing multiple previously unknown pieces of malware infect machines. What can be used to keep clients machines off the network unless they are free from malware?
A) Check to ensure antiviruses loaded on the machine before attaching it to the network
B) Boot integrity can ensure the antivirus programs are running the most recent signature listed through cryptograph means
C) boot attestation has a record of compliance of system components that can be reported before the system is allowed to connect to corporate networks
D) a host-based firewall will prevent malware transmission
C is correct. Part of the Unified Extensible Firmware Interface (UEFI) specification is to allow the reporting of the integrity of components via digital signatures. This can be used to verify that all components are running verified copies
A is incorrect. Antivirus cannot protect against all malware
B is incorrect. Boot integrity does not validate any antivirus settings
D is incorrect. Host-based firewalls cannot prevent malware transmission
What is the primary difference between spam and spim?
A) Spam used web traffic, whereas spim uses instant messaging applications
B) Spam used e-mail, whereas spim uses instant messaging applications
C) Spam uses voicemail, whereas spim uses instant messaging applications
D) Spam uses DNS redirects, whereas spim uses instant messaging applications
B is correct. Spam uses e-mail as its attack vector, whereas spim (spam over instant messaging) uses instant messages as its attack vector
A, C, & D is incorrect. Spam uses e-mail as its attack vector
H
H
H
H
H
H
