SecurityX Practice Exam #2 (Dion) Flashcards

Question

Which of the following secure coding best practices ensures special characters like , /, and ‘ are not accepted from the user via a web form? Output encoding Session management Input validation Error handling

Answer 1

Input validation Explanation: OBJ 4.2: Input validation is performed to ensure only properly formed data is entering the workflow in an information system, preventing malformed data from persisting in the database and triggering a malfunction of various downstream components. Input validation should happen as early as possible in the data flow, preferably as soon as the data is received from the user. Improper error handling can introduce various security problems where detailed internal error messages such as stack traces, database dumps, and error codes are displayed to an attacker. The session management implementation defines the exchange mechanism that will be used between the user and the web application to share and continuously exchange the session ID. Output encoding involves translating special characters into some different but equivalent form that is no longer dangerous in the target interpreter, for example, translating the < character into the < string when writing to an HTML page. For support or reporting issues, include Question ID: 63fe07063b7322449ddbc8b5 in your ticket. Thank you.

Answer 2

MTBF Explanation: OBJ 1.2: The mean time between failures (MTBF) measures the average time between when failures occur on a device. The mean time to repair (MTTR) measures the average time it takes to repair a network device when it breaks. The recovery time objective (RTO) is the duration of time and a service level within which a business process must be restored after a disaster to avoid unacceptable consequences associated with a break in continuity. The recovery point objective (RPO) is the interval of time that might pass during a disruption before the quantity of data lost during that period exceeds the Business Continuity Plan’s maximum allowable threshold or tolerance. For support or reporting issues, include Question ID: 63fe07ec3b7322449ddbd400 in your ticket. Thank you.

Answer 3

Mismatched key error Explanation: OBJ 3.3: The reason Jonathan can no longer read those encrypted emails is that his previous public/private key pair has expired and is no longer valid for use. His email client is trying to decrypt those emails using his new public/private key pair causing a mismatched key error. A mismatched key error occurs is the wrong public/private key pair is used to decrypt data. The most common forms of this error are displayed as “key mismatch” or “X509_check_private_key”. Rekeying is the process of changing an individual key during a communication session. Most communication protocols use session key rekeying to protect the data being transmitted. A rekeying is normally triggered based on the volume of data communicated or the amount of time since the last rekeying. A compromised or exposed key occurs when unauthorized access to a symmetric or private key is gained. When a key is compromised or exposed, it must be revoked and replaced. An incorrect name error is generated when the certificate’s CN name does not match the FQDN of the system that is using the certificate. For example, if the certificate is issued to diontraining.com but is being presented for www.diontraining.com or yourcyberpath.com, it will generate an incorrect name error. For support or reporting issues, include Question ID: 63fe07d23b7322449ddbd2b4 in your ticket. Thank you.

Answer 4

Passive information gathering Explanation: OBJ 4.3: Passive information gathering consists of numerous activities where the penetration tester gathers open-source or publicly available information without the organization under investigation being aware that the information has been accessed. Instead, active information gathering starts to probe the organization using DNS Enumeration, Port Scanning, and OS Fingerprinting techniques. Vulnerability assessments are another form of active information gathering. Information reporting occurs after the penetration test is complete, and it involves writing a final report with the results, vulnerabilities, and lessons learned during the assessment. For support or reporting issues, include Question ID: 63fe07873b7322449ddbcf02 in your ticket. Thank you.

Answer 5

An infected workstation is attempting to reach a command and control server Explanation: OBJ 4.1: A call home message is an indicator of compromise known as beaconing. Beaconing usually occurs after a stage 1 malware program has been implanted on an organization's workstation or server, but that isn't the most correct answer to this question. Instead, beaconing indicates that a workstation or server is infected and tries to communicate with the attacker's command and control server. This beaconing will continue until the infected system (workstation or server) is found and cleared of the malware or until the botnet gives the infected host further instructions to perform (such as to attack). "Malware is running on a company workstation or server" is incorrect because we do not have positive verification of that based on this scenario. A beacon does not have to be malware. For example, it can simply be a single ping packet or DNS request being sent out every day at a certain time using the Windows task scheduler. Be careful on the exam to answer the question being asked and choose the "most" accurate answer. Since the call home signal is coming from the internal network and attempting to connect to an external server, it cannot be evidence of an attacker performing reconnaissance on your workstations. Also, nothing in the question is indicative of an insider threat trying to exfiltrate information since a call home message is generally minimal in size and not large enough to exfiltrate data. For support or reporting issues, include Question ID: 63fe07383b7322449ddbcb29 in your ticket. Thank you.

Answer 6

Load testing Explanation: OBJ 2.2: Load testing or stress testing puts an application, network, or system under full load conditions to document any performance lapses. User Acceptance Testing is the process of verifying that a created solution/software works for a user. Regression testing is defined as software testing to confirm that a recent program or code change has not adversely affected existing features. Fuzz testing, or fuzzing, is a quality assurance technique used to discover coding errors and security loopholes in software, operating systems, or networks. It involves inputting massive amounts of random data to the test subject to make it crash. User acceptance testing, regression testing, and fuzz testing are not designed to test a system under heavy load conditions. Therefore, they will not be suitable for Annah's needs in this scenario. For support or reporting issues, include Question ID: 63fe06cf3b7322449ddbc616 in your ticket. Thank you.

Answer 7

Continuous deployment Explanation: OBJ 2.2: Continuous deployment is a software development method in which app and platform updates are committed to production rapidly. Continuous delivery is a software development method in which app and platform requirements are frequently tested and validated for immediate availability. Continuous integration is a software development method in which code updates are tested and committed to development or build server/code repositories rapidly. Continuous monitoring is the technique of constantly evaluating an environment for changes so that new risks may be more quickly detected and business operations improved upon. While continuous deployment and continuous delivery sound very similar, there is one key difference. In continuous delivery, a human is still required to approve the release into the production environment. In continuous deployment, the test and release process into the production environment is automated, making the changes available for immediate release once the code is committed. For support or reporting issues, include Question ID: 63fe06ef3b7322449ddbc79d in your ticket. Thank you.

Answer 8

They dynamically adapt access controls to protect data in transit and at rest Explanation: OBJ 2.6 - Data perimeters provide dynamic, adaptive access controls based on the sensitivity and location of data, ensuring its protection regardless of whether it is in transit or at rest. Centralizing data is not a feature of data perimeters, and encryption remains essential even within secure perimeters. Improving network performance is not the primary focus of data perimeters. For support or reporting issues, include Question ID: 674f7117be598e99e87d61fb in your ticket. Thank you.

Answer 9

XML injection SQL injection Directory traversal Cross-site scripting Explanation: OBJ 4.2: Proper input validation can prevent cross-site scripting, SQL injection, directory traversal, and XML injections from occurring. When an application accepts string input, the input should be subjected to normalization or sanitization procedures before being accepted. Normalization means that a string is stripped of illegal characters or substrings and converted to the accepted character set. This can prevent SQL and XML injections from occurring. Input validation is also good at preventing cross-site scripting (XSS) in any forms that accept user input. Directory traversals can be prevented by conducting input validation in file paths or URLs accepted from the user. This prevents a canonicalization attack from disguising the nature of the malicious input that could cause a directory traversal. For support or reporting issues, include Question ID: 63fe07133b7322449ddbc955 in your ticket. Thank you.

Answer 10

Permit 143.27.43.32 161.212.71.14 RDP 3389 Explanation: OBJ 2.3: Due to the requirement to allow a single remote IP to enter the firewall, the permit statement must start with a single IP in the Untrusted (Internet) zone. Based on the options provided, only 143.27.43.32 could be correct. Next, the destination is a single server in the DMZ (screened subnet), so only 161.212.71.14 could be correct. The destination port should be 3389, which is the port for the Remote Desktop Protocol. Combining these three facts, only "permit 143.27.43.32 161.212.71.14 RDP 3389" could be correct. For support or reporting issues, include Question ID: 63fe06d63b7322449ddbc66c in your ticket. Thank you.

Answer 11

The wrong certificate type was presented Explanation: OBJ 3.1: The most likely cause of this error is that Jason selected the email certificate instead of his identity certificate from his smart card during the login process. A wrong certificate type error is generated when a certificate designed for a specific use case is used for a different reason. For example, if a user attempts to log in to a website using an email certificate instead of an identification certificate, a wrong certificate type error will be generated. A validity date error occurs when a certificate is presented for use on a date that is already past the expiration date. An incorrect name error is generated when the certificate’s CN name does not match the FQDN of the system that is using the certificate. For example, if the certificate is issued to diontraining.com but is being presented for www.diontraining.com or yourcyberpath.com, it will generate an incorrect name error. Chain issues occur when the root, subordinate, or leaf certificate fails to pass a validity check. Since the certificate authorities must all pass the validity checks for the certification issued to be considered valid, if any of these are invalid then the entire chain is considered invalid, too. For support or reporting issues, include Question ID: 63fe07bb3b7322449ddbd197 in your ticket. Thank you.

Answer 12

shadow Explanation: OBJ 3.3: The shadow file stores the actual password in an encrypted format (more like the hash of the password) for the user’s account with additional properties related to the user password. Basically, it stores secure user account information. All fields are separated by a colon (:) symbol. It contains one entry per line for each user listed in passwd file. For support or reporting issues, include Question ID: 63fe06e13b7322449ddbc6f3 in your ticket. Thank you.

Answer 13

Wait for a malicious email attachment to be opened Wait for a user to click on a malicious link Take advantage of a software, hardware, or human vulnerability Explanation: OBJ 1.4: During this phase, activities taken during the exploitation phase are conducted against the target's system. Taking advantage of or exploiting an accessible vulnerability, waiting for a malicious email attached to be opened, or waiting for a user to click on a malicious link is all part of the exploitation phase. The installation of a web shell, backdoor, or implant is all performed during the installation phase. Selecting a backdoor implant and appropriate command and control infrastructure occurs during the weaponization phase. For support or reporting issues, include Question ID: 63fe07953b7322449ddbcfba in your ticket. Thank you.

Answer 14

Only an approved scanning vendor Explanation: OBJ 1.3: The Payment Card Industry Data Security Standard (PCI-DSS) is a prescriptive framework. It is not a law but a formal policy created by the credit card industry that organizations must follow to accept credit and bank cards for payment. Quarterly required external vulnerability scans must be run by a PCI-DSS approved scanning vendor (ASV). This question may seem beyond the scope of the exam. Still, the objectives allow for "other examples of technologies, processes, or tasks about each objective may also be included on the exam although not listed or covered" in the objectives' bulletized lists. The content examples listed in the objectives are meant to clarify the test objectives and should not be construed as a comprehensive listing of this examination's content. Therefore, questions like this are fair game on test day. That said, your goal isn’t to score 100% on the exam; it is to pass it. Don't let questions like this throw you off on test day. If you aren't sure, take your best guess and move on! For support or reporting issues, include Question ID: 63fe080f3b7322449ddbd5b8 in your ticket. Thank you.

Answer 15

Infrastructure as a Service Explanation: OBJ 2.5: Infrastructure as a Service (IaaS) is a computing method that uses the cloud to provide any or all infrastructure needs. In a VPC environment, an organization may provision virtual servers in a cloud-hosted network. The service consumer is still responsible for maintaining the IP address space and routing internally to the cloud. Platform as a Service (PaaS) is a computing method that uses the cloud to provide any platform-type services. Software as a Service (SaaS) is a computing method that uses the cloud to provide users with application services. Function as a Service (FaaS) is a cloud service model that supports serverless software architecture by provisioning runtime containers to execute code in a particular programming language. For support or reporting issues, include Question ID: 63fe06c13b7322449ddbc569 in your ticket. Thank you.

Answer 16

Physically destroy the storage devices Explanation: OBJ 3.4: Physical destruction is the only option that will meet the requirements of this scenario. Sanitizing a hard drive can be done using cryptographic erase (CE), secure erase (SE), zero-fill, or physical destruction. In this scenario, the SSDs were not self-encrypting drives (SED) and did not have a SE utility available, so the CE or SE methods cannot be used. The cryptographic erase (CE) method sanitizes a self-encrypting drive by erasing the media encryption key and then reimaging the drive. A secure erase (SE) is used to perform the sanitization of flash-based devices (such as SSDs or USB devices) when cryptographic erase is not available. The zero-fill method relies on overwriting a storage device by setting all bits to the value of zero (0), but this is not effective on SSDs or hybrid drives. The best option is to conduct physical destruction since the scenario states that the storage device was already replaced with a new self-encrypting drive (SED). The old SSD contained top-secret data crucial to maintaining a corporate advantage over the company's competitors. Physical destruction occurs by mechanical shredding, incineration, or degaussing magnetic hard drives. For support or reporting issues, include Question ID: 63fe07e93b7322449ddbd3dc in your ticket. Thank you.

Answer 17

Business continuity plan Explanation: OBJ 1.1: A business continuity plan is a document that outlines how a business will continue operating during an unplanned service disruption. A business continuity plan is more comprehensive than a disaster recovery plan and contains contingencies for business processes, assets, human capital and business partners, and essentially every other aspect of the business that might be affected. A disaster recovery plan is a documented, structured approach that documents how an organization can quickly resume work after an unplanned incident. These unplanned incidents include things like natural disasters, power outages, cyber attacks, and other disruptive events. An incident response plan contains a set of instructions to help our network and system administrators detect, respond to, and recover from network security incidents. These types of plans address issues like cybercrime, data loss, and service outages that threaten daily work. System life cycle plans, also known as life cycle planning, describe the approach to maintaining an asset from creation to disposal. In the information technology world, we normally have a 5-phase lifecycle that is used for all of our systems and networks: Planning, Design, Transition, Operations, and Retirement. For support or reporting issues, include Question ID: 63fe07eb3b7322449ddbd3f6 in your ticket. Thank you.

Answer 18

They offer greater insight into decision-making processes Explanation: OBJ 1.5: Explainable AI models are preferred in regulated industries (e.g., healthcare, finance) because they allow stakeholders to understand and justify the decision-making processes. This transparency is essential for meeting regulatory requirements and addressing compliance concerns. Less computational power is not inherently linked to explainable AI models. Minimizing human oversight is inaccurate, as explainable models often require human review to validate decisions. Cost considerations vary and are not directly tied to whether a model is explainable. For support or reporting issues, include Question ID: 674fec4adb3fddf57c662c33 in your ticket. Thank you.

Answer 19

LACP Explanation: OBJ 3.3: The Link Aggregation Control Protocol (LACP) provides a method to control the bonding of several physical ports to form a single logical channel. The LACP is defined in the 802.3ad standard. The Link Layer Discovery Protocol (LLDP) is a vendor-neutral link layer protocol used by network devices for advertising their identity, capabilities, and neighbors on an IEEE 802 local area network, principally wired Ethernet. The Layer 2 Tunneling Protocol (L2TP) is a tunneling protocol used to support virtual private networks (VPNs) or as part of the delivery of services by ISPs. The Lightweight Directory Access Protocol (LDAP) is an open, vendor-neutral, industry-standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol network. For support or reporting issues, include Question ID: 63fe06c93b7322449ddbc5ca in your ticket. Thank you.

Answer 20

An SQL injection could occur because input validation is not being used on the id parameter Explanation: OBJ 4.2: This code takes the input of “id” directly from a user or other program without conducting any input validation. This could be exploited and used as an attack vector for an SQL injection. If a malicious user can alter the ID source, it might get replaced with something like’ or ‘1’ ='1. This will cause the SQL statement to become: "SELECT * FROM CUSTOMER WHERE CUST_ID='' or '1'='1'". Because ‘1’ always equals ‘1’, the where clause will always return ‘true,’ meaning that EVERY record in the database could now become available to the attacker. When creating SQL statements, there are reasons for and against the use of the * operator. Its presence alone does not necessarily indicate a weakness. With only one line of code being reviewed, you cannot make any statement about whether it is vulnerable to a buffer overflow attack. You do not see the declaration values for the initialization of the id variable. This code is not using parameterized queries, but if it did, then it would eliminate this vulnerability. A parameterized query is a type of output encoding that relies on prepared statements to reduce the risk of an SQL injection. For support or reporting issues, include Question ID: 63fe07653b7322449ddbcd59 in your ticket. Thank you.

Answer 21

Implement query throttling to limit the number of resource-intensive queries per user Explanation: OBJ 3.3 - Query throttling effectively prevents resource exhaustion by limiting the number of complex queries a single user or script can execute within a given timeframe. While restricting access or using a WAF may block some malicious traffic, they do not address the root issue of legitimate users overloading the system. Database optimization improves performance but cannot fully mitigate resource-intensive query abuse. For support or reporting issues, include Question ID: 675073b53af44d9e9e56c80b in your ticket. Thank you.

Answer 22

Scalability Explanation: OBJ 1.2: Scalability metrics measure the ability of a system to handle an increase in workload while maintaining a consistent level of performance. Reliability metrics measure the ability of a system to perform without error or to avoid, detect, and/or repair component or integrity failures. Availability metrics measure the probability that a system will be operating as expected at any given point in time. The most common availability metric used is known as uptime. Usability metrics measure the effectiveness, efficiency, and satisfaction of users working with a given system. For support or reporting issues, include Question ID: 63fe07f03b7322449ddbd42d in your ticket. Thank you.

Answer 23

Control layer Explanation: OBJ 2.3: The control layer is used in software-defined networking (SDN), not the three-tiered data center network architecture. The Core Layer is considered the backbone of our network and is used to merge geographically separated networks back into one logical and cohesive unit. In general, you will have at least two routers at the core level, operating in a redundant configuration. The distribution or aggregation layer is located under the core layer and it provides boundary definition by implementing access lists and filters to define the policies for the network at large. The access or edge layer is located beneath the distribution or aggregation layer and is used to connect all the endpoint devices like computers, laptops, servers, printers, wireless access points, and others. For support or reporting issues, include Question ID: 63fe06fd3b7322449ddbc84c in your ticket. Thank you.

Answer 24

Integration testing Explanation: OBJ 4.3: Integration testing is used to test individual components of a system together to ensure that they interact as expected. Unit testing is used to test a particular block of code performs the exact action intended and provides the exact output expected. Normally, unit testing is coded into the software using simply pass/no pass tests for each block of code. Regression testing is the process of testing an application after changes are made to see if these changes have triggered problems in older areas of code. Continuous integration/continuous delivery (CI/CD) is a software development methodology in which code updates are tested and committed to a development or build server/code repository rapidly. For support or reporting issues, include Question ID: 63fe06cd3b7322449ddbc5fd in your ticket. Thank you.

Answer 25

Release of malicious email Deliberate social media interactions with the target's personnel Direct action against public-facing servers Explanation: OBJ 1.4: During the delivery phase, the adversary is firing whatever exploits they have prepared during the weaponization phase. At this stage, they still do not have access to their target, though. Therefore, taking direct action against a public-facing web server, sending a spear phishing email, placing a USB drive with malware, or starting a conversation on social media all fit within this phase. internet-facing servers were enumerated during reconnaissance. Selecting a decoy document to present to the victim occurs during weaponization. Collecting press releases, contract awards, and conference attendee lists occur during the reconnaissance phase. For support or reporting issues, include Question ID: 63fe07973b7322449ddbcfc8 in your ticket. Thank you.

Answer 26

Facial recognition scan Explanation: OBJ 3.3: A face recognition system is a computer application capable of identifying or verifying a person from a digital image or a video frame from a video source. One way to do this is by comparing selected facial features from the image and a face database. By measuring the external facial features, such as the distance between your eyes and nose, you can uniquely identify the user. A retinal scan is a biometric technique that uses unique patterns on a person's retina blood vessels. Iris recognition or iris scanning is the process of using visible and near-infrared light to take a high-contrast photograph of a person's iris. A signature kinetics scan measures a user’s action when signing their name and compares it against a known-good example or baseline. For support or reporting issues, include Question ID: 63fe06f23b7322449ddbc7ca in your ticket. Thank you.

Answer 27

Switch to an anomaly-based IDS to identify deviations from normal traffic patterns Explanation: OBJ 2.1: Anomaly-based IDS solutions are better suited for detecting unknown or zero-day threats because they identify unusual behavior rather than relying on predefined signatures. Adding more signatures only addresses known threats and does not solve the issue of detecting zero-day attacks. Deploying additional IDS devices may increase coverage but does not enhance detection capabilities for zero-day vulnerabilities. Increasing the sampling interval reduces detection accuracy and may allow threats to go unnoticed. For support or reporting issues, include Question ID: 6750f18cec280b7d2c7fa1df in your ticket. Thank you.

Answer 28

Design the application with fault-tolerant architecture and data-at-rest encryption Explanation: OBJ 2.2: Non-functional security requirements focus on system qualities like availability, reliability, and resilience. A fault-tolerant architecture ensures high availability by minimizing downtime during failures. Data-at-rest encryption protects sensitive information even if the system is compromised during a failure. Role-based Access Control (RBAC) and encryption are functional security requirements addressing access control and data security. Database query validation and secure session management focus on operational security but do not address high availability or downtime limits. Vulnerability scans and penetration tests are security practices, not design elements ensuring availability or resilience. For support or reporting issues, include Question ID: 6750fb2223df37e1b5ec5f72 in your ticket. Thank you.

Answer 29

SNMP exploit Explanation: OBJ 4.2: SNMP provides a lot of information about different target devices on the network. Based on the output shown, you should identify that this is an SNMP scan based on the "community string" keyword. From your Network+ and Security+ studies, you should remember that SNMP uses community strings as a basic authentication mechanism before allowing you to access a network device's statistics. In this scan, two devices are found on this network with default public and private community strings. This makes these devices vulnerable to an SNMP attack for further exploitation. For support or reporting issues, include Question ID: 63fe072d3b7322449ddbcaa2 in your ticket. Thank you.

Answer 30

Use an SCA tool to identify and mitigate third-party vulnerabilities Explanation: OBJ 2.2 - Using a software composition analysis (SCA) tool ensures that vulnerabilities in third-party libraries are identified and addressed early, supporting compliance and reducing supply chain risks. Replacing the library with custom code is inefficient and costly. Scanning only the final application delays vulnerability detection. Trusting the vendor without additional verification does not address the risks of unresolved vulnerabilities. For support or reporting issues, include Question ID: 674f6dfb7a4b195c66838b41 in your ticket. Thank you.

Answer 31

Increase individual accountability Explanation: OBJ 3.1: To adequately provide accountability, the use of shared or group accounts should be disabled. This allows you to log and track individual user actions based on individual user accounts. This enables the organization to hold users accountable for their actions, too. For support or reporting issues, include Question ID: 63fe06f53b7322449ddbc7e8 in your ticket. Thank you.

Answer 32

SDWAN Explanation: OBJ 2.5: A software-defined wide area network (SDWAN) is a network that is abstracted from its hardware which creates a virtualized network overlay. Multipoint GRE (mGRE) is a protocol that can be used to enable one node to communicate with many nodes by encapsulating layer 3 protocols to create tunnels over another network. The mGRE protocol is often used in Dynamic Multipoint VPN (DMVPN) connections. Multiprotocol Label Switching (MPLS) is a routing technique in telecommunications networks that directs data from one node to the next based on short path labels rather than long network addresses, thus avoiding complex lookups in a routing table and speeding traffic flows. A wireless local area network (WLAN) is a wireless computer network that links two or more devices using wireless communication to form a local area network within a limited area such as a home, school, computer laboratory, campus, or office building. For support or reporting issues, include Question ID: 63fe06e33b7322449ddbc711 in your ticket. Thank you.

Answer 33

Formal methods of verification Explanation: OBJ 1.2: Formal verification methods use a mathematical model of the inputs and outputs of a system to prove that the system works as specified in all cases. Given the level of certainty achieved through formal verification methods, this approach provides the single greatest mitigation against this threat. Formal methods are designed for use in critical software in which corner cases must be eliminated. For example, what should the car do if a child jumps out in front of it, and the only way to avoid the child is to swear off the road (which might kill the driver)? This is a classic corner case that needs to be considered for a self-driving car. User acceptance testing (UAT) is a beta phase of software testing. When the developers have tested the software, it is installed to a limited set of users who follow test schemes and report findings. DevSecOps is a combination of software development, security operations, and systems operations and integrates each discipline with the others. Peer review of source code allows for the review of uncompiled source code by other developers. While DevSecOps, peer review, and user acceptance testing help bring down the system's risk, only a formal method of verification could limit the liability involved with such a critical application as a self-driving car. For support or reporting issues, include Question ID: 63fe06d43b7322449ddbc653 in your ticket. Thank you.

Answer 34

Hashing Explanation: OBJ 3.8: Hashing generates unique values (hashes) for data, enabling users to verify file integrity. Symmetric encryption secures data but does not verify integrity alone. Public key infrastructure (PKI) facilitates key and certificate management but is not suitable for generating unique file values. Forward secrecy ensures confidentiality for past communications but is unrelated to file verification. For support or reporting issues, include Question ID: 6751b6a89192dec49e1159ba in your ticket. Thank you.

Answer 35

Adversarial attack Explanation: OBJ 1.5: Adversarial attacks involve subtly altering input data, such as adding noise or modifying images, to cause an AI model to produce incorrect outputs. These attacks exploit weaknesses in the model's interpretation of input data without directly tampering with the model. Supply chain vulnerability pertains to risks in acquiring or integrating AI components, not direct manipulation of inputs. Model inversion focuses on extracting sensitive data, not altering inputs. Prompt injection manipulates AI outputs via malicious prompts but is distinct from adversarial attacks. For support or reporting issues, include Question ID: 674fefefdb3fddf57c662ca8 in your ticket. Thank you.

Answer 36

NAC Explanation: OBJ 2.4: Network Access Control (NAC) is an approach to computer security that attempts to unify endpoint security technology, the user or system authentication, and network security enforcement. NAC restricts the data that each particular user can access and implements anti-threat applications such as firewalls, anti-virus software, and spyware detection programs. NAC also regulates and restricts the things individual subscribers or users can do once they are connected. If a user is unknown, the NAC can quarantine the device from the network upon connection. A DMZ (demilitarized zone), a type of screened subnet, is a physical or logical subnetwork that contains and exposes an organization's external-facing services to an untrusted network such as the Internet. A virtual private network (VPN) extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. Unified threat management (UTM) provides multiple security features (anti-virus, anti-spam, content filtering, and web filtering) in a single device or network appliance. For support or reporting issues, include Question ID: 63fe06d83b7322449ddbc685 in your ticket. Thank you.

Answer 37

Spoof the MAC address of the room's VOIP phone to your laptop Explanation: OBJ 4.2: Network access control (NAC) is used to prevent unhealthy devices from accessing an organization's internal network. To break into a network that uses NAC, you must perform a NAC bypass attack. One popular NAC bypass method is to spoof the MAC or IP address of a printer or VOIP device since they cannot natively participate in NAC and are often allow listed by administrators. Another method is to configure your attacking device to use IPv6 instead of IPv4. Most routers and switches support IPv4 and IPv6, but many system administrators only configure NAC for their IPv4 devices out of habit. The final method would be to set up a rogue wireless access point to create an on-path condition. This would allow an authorized device to connect to your wireless access point and then use its authorized status to connect to the network. For support or reporting issues, include Question ID: 63fe07513b7322449ddbcc5f in your ticket. Thank you.

Answer 38

Smartcard and PIN Explanation: OBJ 2.4: Multi-factor authentication (MFA) creates multiple security layers to help increase the confidence that the user requesting access is who they claim to be by requiring two distinct factors for authentication. These factors can be something you know (knowledge factor), something you have (possession factor), something you are (inheritance factor), something you do (action factor), or somewhere you are (location factor). By selecting a smartcard (something you have) and a PIN (something you know), you have implemented multi-factor authentication. Choosing a fingerprint and retinal scan would instead use only one factor (inheritance). Choosing a username, password, and security question would also be only using one factor (knowledge). For something to be considered multi-factor, you need items from at least two different authentication factor categories: knowledge, possession, inheritance, location, or action. For support or reporting issues, include Question ID: 63fe06ee3b7322449ddbc793 in your ticket. Thank you.

Answer 39

Returns all web pages containing an email address affiliated with diontraining.com Explanation: OBJ 4.1: Google interprets this statement as @diontraining.com and understands that the user is searching for email addresses since %40 is the hex code for the @ symbol. The * is a wild card character meaning that any text could be substituted for the * in the query. This type of search would provide an attacker with a list of email addresses associated with diontraining.com, which could be used as part of a spear phishing campaign. To return all web pages hosted at diontraining.com, you should use the "site:" modifier in the query. To return all web pages with the text diontraining.com, enter "diontraining.com" into the Google search bar with no modifiers to return those results. For support or reporting issues, include Question ID: 63fe07663b7322449ddbcd68 in your ticket. Thank you.

Answer 40

SMB exploit Explanation: OBJ 4.2: Server Message Block (SMB) allows clients to read from and write to a server service, providing core authentication and communications for Windows file and print servers. The EternalBlue exploit was released in early 2017, and it can be used against Windows (Vista SP2 through Server 2016, both 32-bit and 64-bit versions). For support or reporting issues, include Question ID: 63fe07783b7322449ddbce49 in your ticket. Thank you.

Answer 41

SOX Explanation: OBJ 1.3: The Sarbanes-Oxley Act (SOX) is a U.S. federal law that establishes requirements for accurate financial reporting and internal controls in publicly traded companies. It was enacted to prevent corporate fraud and enhance financial disclosures. HIPAA is related to healthcare information security and privacy, not financial reporting. PCI DSS governs payment card security, not corporate financial reporting. NIST CSF is a cybersecurity framework for managing and reducing cybersecurity risks, not financial accountability. For support or reporting issues, include Question ID: 674feadfec1a5f7ce5d83872 in your ticket. Thank you.

Answer 42

Incorrect certificate configuration Explanation: OBJ 3.3: Incorrect certificate chain configuration prevents proper validation by client browsers, leading to security warnings despite the certificate being active. Cipher suite mismatch and TLS version incompatibility typically cause connection failures without triggering certificate-related warnings. An expired root certificate would affect certificates across multiple systems, which is not indicated here. For support or reporting issues, include Question ID: 6751ab4897eb9dce4020fc04 in your ticket. Thank you.

Answer 43

Regression testing Explanation: OBJ 2.2: Regression testing is re-running functional and non-functional tests to ensure that previously developed and tested software still performs after a change. After installing any patch, it is important to conduct regression testing to confirm that a recent program or code change has not adversely affected existing features or functionality. Fuzzing is an automated software testing technique that involves providing invalid, unexpected, or random data as inputs to a computer program. The program is then monitored for exceptions such as crashes, failing built-in code assertions, or potential memory leaks. User acceptance testing is a test conducted to determine if the specifications or contract requirements have been met. A penetration test is an authorized simulated cyberattack on a computer system, performed to evaluate the system's security. For support or reporting issues, include Question ID: 63fe06e93b7322449ddbc752 in your ticket. Thank you.

Answer 44

SQL injection Explanation: OBJ 4.2: This is an example of a Boolean-based SQL injection. This occurs when data input by a user is interpreted as a SQL command rather than as normal data by the backend database. In this example, notice that the statement being parsed as part of the URL after the equal sign is equivalent to 1 or 17-7=10. This means the portion of the statement that is 17-7=10 would return a value of 1 (since it is true). Then, we are left to compute if 1 = 1, and since it does, the SQL database will treat this as a positive authentication. This is simply an obfuscation technique of a 1=1 SQL injection technique. A buffer overflow is an exploit that attempts to write data to a buffer and exceed that buffer's boundary to overwrite an adjacent memory location. A session hijacking attack consists of exploiting the web session control mechanism, normally managed for a session token. XML Injection is an attack technique used to manipulate or compromise an XML application or service's logic. For support or reporting issues, include Question ID: 63fe07373b7322449ddbcb1a in your ticket. Thank you.

Answer 45

CPU security extensions Explanation: OBJ 3.4: Central processing unit (CPU) security extensions provide hardware-based features such as memory encryption and enhanced isolation for virtual machines, ensuring secure operation in virtualized environments. Trusted Platform Modules (TPMs) are used for secure key storage and cryptographic operations but are not directly involved in memory encryption. Secure enclaves isolate sensitive computations but do not offer comprehensive virtualization security. Hardware-assisted virtualization enhances performance but requires CPU security extensions to provide strong security guarantees. For support or reporting issues, include Question ID: 6751ad7697eb9dce4020fc18 in your ticket. Thank you.

Answer 46

Returns all web pages containing an email address affiliated with diontraining.com Explanation: OBJ 1.4: Google interprets this statement as @diontraining.com and understands that the user is searching for email addresses since %40 is the hex code for the @ symbol. The * is a wild card character meaning that any text could be substituted for the * in the query. This type of search would provide an attacker with a list of email addresses associated with diontraining.com, which could be used as part of a spear phishing campaign. To return all web pages hosted at diontraining.com, you should use the "site:" modifier in the query. To return all web pages with the text diontraining.com, enter "diontraining.com" into the Google search bar with no modifiers to return those results. For support or reporting issues, include Question ID: 63fe07783b7322449ddbce44 in your ticket. Thank you.

Answer 47

Implementing JIT access features Explanation; OBJ 3.2: Just-in-time (JIT) privilege escalation enables users to temporarily elevate their privileges for specific, approved tasks, reducing the risk of misuse or persistent vulnerabilities associated with permanent administrative rights. Static role assignments and session logging do not dynamically address privilege needs, and while role-based access control (RBAC) is beneficial, it does not offer time-based elevation functionality. For support or reporting issues, include Question ID: 67514370b702e8776b8d551f in your ticket. Thank you.

Answer 48

A buffer overflow that is known to allow remote code execution Explanation: OBJ 3.6: The most serious vulnerability discovered is one that could allow remote code execution to occur. Since this buffer overflow vulnerability is known to allow remote code execution, it must be mitigated first to prevent a security breach most effectively. While the other issues should be addressed eventually, you need to prioritize the most critical one (remote code execution) on a public-facing IP address. A public-facing IP address means the device is accessible from the internet. For support or reporting issues, include Question ID: 63fe075d3b7322449ddbccf5 in your ticket. Thank you.

Answer 49

Attack surface Explanation: OBJ 1.4: The collection of all points from which an adversary may attack is considered the attack surface. The attack vector represents the specific points an adversary has chosen for a particular attack. The threat model defines the behavior of the adversary. An adversary capability set is the list of items an adversary can use to conduct its attack. For support or reporting issues, include Question ID: 63fe07243b7322449ddbca2a in your ticket. Thank you.

Answer 50

Transitive trust Explanation: OBJ 2.4: Transitive trust occurs when X trusts Y, and Y trusts Z; therefore, X trusts Z. This is because the trust flows from the first part (Dion Training) through the second party (Thor Teaches) to the third party (Udemy). For support or reporting issues, include Question ID: 63fe070a3b7322449ddbc8e7 in your ticket. Thank you.

Answer 51

Purge, validate, and document the sanitization of the drives Explanation OBJ 4.2: Purging the drives, validating that the purge was effective, and documenting the sanitization is the best response. Purging includes methods that eliminate information from being feasibly recovered even in a lab environment. For example, performing a cryptographic erasure (CE) would sanitize and purge the drives' data without harming the drives themselves. Clearing them leaves the possibility that some tools would allow data recovery. Since the scenario indicates that these were leased drives that must be returned at the end of a lease, they cannot be destroyed. For support or reporting issues, include Question ID: 63fe08013b7322449ddbd504 in your ticket. Thank you.

Answer 52

AEAD Explanation: OBJ 3.7: Authenticated encryption with associated data (AEAD) is a form of encryption that provides confidentiality of the plaintext, a way to check its integrity, and a method of verifying its authenticity. Forward secrecy (FS), also known as perfect forward secrecy (PFS), is a feature of specific key agreement protocols that gives assurances that session keys will not be compromised even if long-term secrets used in the session key exchange are compromised. Key stretching is a technique that strengthens potentially weak input for cryptographic key generation, such as passwords or passphrases created by people, against brute force attacks. Cipher block chaining (CBC) is a simple mode of enabling symmetric block ciphers to work with large sets of data. CBC is an older method that is vulnerable to the padding-oracle attack and should therefore not be used. For support or reporting issues, include Question ID: 63fe07a73b7322449ddbd09c in your ticket. Thank you.

Answer 53

Homomorphic encryption Explanation: OBJ 3.8: Homomorphic encryption allows computations to be performed directly on encrypted data, enabling analytics while maintaining confidentiality. Symmetric encryption provides data protection but does not support encrypted computations. Public key infrastructure (PKI) is a framework for managing digital certificates and keys but does not allow encrypted operations. Tokenization obscures sensitive data but cannot support computational use cases on the obfuscated data. For support or reporting issues, include Question ID: 6751b4b6fd8b34c81216adce in your ticket. Thank you.

Answer 54

Configuration drift Explanation: OBJ 3.3: Configuration drift occurs when changes are applied inconsistently across network devices, leading to performance issues. Insecure routing protocols compromise security, not performance. VLAN segmentation errors and ACL misalignment are unrelated to inconsistent updates as they primarily affect security and data segmentation. For support or reporting issues, include Question ID: 675148d0ee759eace74d72e6 in your ticket. Thank you.

Answer 55

Evaluate if the web interface must remain open for the system to function; if it isn’t needed, block the web interface Explanation: OBJ 3.5: The most immediate protection against this emergent threat would be to block the web interface from being accessible over the network. Before doing this, you must evaluate whether the interface needs to remain open for the system to function properly. If it is not needed, you should block it to minimize the SCADA/ICS component's attack surface. Ideally, your SCADA/ICS components should already be logically or physically isolated from the enterprise network. Since the question doesn’t mention the networks as an area of concern, we can assume they are already following the industry best practice of logical or physical segmentation between the SCADA/ICS network and the enterprise network. On the exam, make sure you focus on the question being asked. In this case, the question focuses on the web interface. Developing a patch can be a time-consuming process, therefore waiting for the manufacturer to provide a patch will not provide immediate protection to your components. The same is true for replacing the affected components. Even if you could get the company to authorize the funding for such a purchase, it would take time to order, ship, receive, and install the new components. Additionally, you would cause unwanted downtime in the factory during the installation of the components, making it an ineffective option when simply blocking the web interface is free, quick, and effective. For support or reporting issues, include Question ID: 63fe07c43b7322449ddbd205 in your ticket. Thank you.

Answer 56

Credit card data Explanation: OBJ 1.3: The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organizations that handle branded credit cards from the major card schemes. The PCI Standard is mandated by the card brands but administered by the Payment Card Industry Security Standards Council. As part of PCI DSS compliance, organizations must conduct internal and external scans at prescribed intervals on any devices or systems that process credit card data. HIPAA protects medical and insurance records, but this law doesn't define a frequency for vulnerability scanning requirements. Driver's license numbers are considered PII, but again, there is no defined frequency scanning requirement regarding protecting PII under law, regulation, or rule. For support or reporting issues, include Question ID: 63fe08033b7322449ddbd51d in your ticket. Thank you.

Answer 57

Enforce mandatory encryption policies using endpoint management tools Explanation: OBJ 3.4 - Enforcing mandatory encryption policies ensures that SED functionality is consistently applied across devices and cannot be disabled by users. Transitioning to software-based encryption reduces performance benefits and the security of SEDs. Restricting administrative access helps but does not guarantee compliance. Periodic re-encryption is unnecessary for SEDs, which operate in real-time encryption. For support or reporting issues, include Question ID: 6750749a3af44d9e9e56c815 in your ticket. Thank you.

Answer 58

User authentication Explanation: OBJ 3.4: User authentication is performed at a much higher level in the operating system. Trusted Platform Module (TPM) technology is designed to provide hardware-based, security-related functions. A TPM chip is a secure crypto-processor that is designed to carry out cryptographic operations. The chip includes multiple physical security mechanisms to make it tamper-resistant, and malicious software cannot tamper with the security functions of the TPM. The TPM provides random number generation, secure generation of cryptographic keys, remote attestation, binding, and sealing functions securely. For support or reporting issues, include Question ID: 63fe07e33b7322449ddbd386 in your ticket. Thank you.

Answer 59

ECC Explanation OBJ 3.7: To ensure confidentiality, you should always use an encrypting function. ECC and AES are both encrypting functions, but ECC requires a smaller key size to provide equivalent levels of protection. Elliptic curve cryptography is a public-key cryptographic algorithm based on the algebraic structure of elliptic curves over finite fields. ECC allows smaller key sizes compared to non-elliptic curve cryptography methods while still providing the equivalent level of security. ECC is heavily used in mobile devices and low-powered device encryption. The advanced encryption standard (AES) is a cryptographic algorithm used to perform symmetric data encryption using a 128-bit, 192-bit, or 256-bit key. Message Digest Algorithm (MD5) is a one-way cryptographic function that accepts a message of any length as input and returns as output a fixed-length 128-bit hash digest value to be used for authenticating the original message. MD5 can be easily brute-forced and has a high chance of collision. Secure Hashing Algorithm (SHA-256) is a one-way cryptographic function that accepts a message of any length as input and returns as output a fixed-length 256-bit hash digest value to be used for authenticating the original message. For support or reporting issues, include Question ID: 63fe07df3b7322449ddbd359 in your ticket. Thank you.

Answer 60

Horizontal scaling Explanation: OBJ 2.1: Horizontal scaling allows additional capacity to be achieved by adding servers to help process the same workload, such as adding nodes to a distributed system or adding web servers to an existing server farm. Vertical scaling allows additional resources to be added to an individual system, such as adding processors, memory, and storage to an existing server. Autoscaling is the ability to expand and contract the performance of workloads based on policies with specific maximum and minimum capacity specifications. Autoscaling can be used with either horizontal or vertical scaling depending on your cloud service provider. A content delivery network (CDN) distributes and replicates the components of any service (such as web apps, media, and storage) across all the key service areas needing access to the content. For support or reporting issues, include Question ID: 63fe07123b7322449ddbc94b in your ticket. Thank you.

Answer 61

Single quote Explanation: OBJ 4.2: The single quote character (') is the character limiter in SQL. With a single quote,' you delimit strings, and therefore you can test whether the programmer has properly escaped the strings in the targeted application. If not escaped directly, you can end any string supplied to the application and add other SQL code after it. This is a common technique for SQL injections. A semicolon is a commonly used character at the end of a line of code or command in many programming languages. An exclamation mark comments a line of code in several languages. Double quotes contain a string that is passed to a variable. For support or reporting issues, include Question ID: 63fe06d63b7322449ddbc667 in your ticket. Thank you.

Answer 62

Intrusion prevention system Explanation: OBJ 3.5: Since this question is focused on the ICS/SCADA network, the best solution would be implementing an Intrusion Prevention System. ICS/SCADA machines utilize very specific commands to control the equipment and to prevent malicious activity. You could set up strict IPS rules to prevent unknown types of actions from being allowed to occur. Log consolidation is a good idea, but it won't prevent an issue and therefore isn't the most critical thing to add first. Automated patch management should not be conducted, as ICS/SCADA systems must be tested before conducting any patches. Often, patches will break ICS/SCADA functionality. Antivirus software may or may not be able to run on the equipment, as well, since some ICS/SCADA systems often do not rely on standard operating systems like Windows. For support or reporting issues, include Question ID: 63fe079f3b7322449ddbd03b in your ticket. Thank you.

Answer 63

Volatile storage analysis Explanation: OBJ 4.4: Volatile storage analysis focuses on the contents of a system's memory (RAM) to gather evidence such as running processes, network connections, and encryption keys, which are lost when the system powers down. Non-volatile storage analysis examines persistent data like hard drives; forensic disk imaging creates exact copies of storage devices; and metadata analysis focuses on file properties like timestamps. For support or reporting issues, include Question ID: 6751ba0272f8a45d44021765 in your ticket. Thank you.

Answer 64

Lockheed Martin cyber kill chain Explanation: OBJ 1.4: The Lockheed Martin cyber kill chain implicitly assumes a unidirectional workflow. Therefore, it fails to consider that an adversary may retreat during an attack. MITRE and Diamond's models are more dynamic systems that allow for a broader range of adversary behaviors. AlienVault was specifically designed to avoid the rigidity of the Lockheed Martin cyber kill chain. For support or reporting issues, include Question ID: 63fe07663b7322449ddbcd63 in your ticket. Thank you.

Answer 65

CVE Explanation: OBJ 3.6: The Common Vulnerabilities and Exposures (CVE) system provides a reference method for publicly known information-security vulnerabilities and exposures. XCCDF (extensible configuration checklist description format) is a language that is used in creating checklists for reporting results. The Common Configuration Enumeration (CCE) provides unique identifiers to system configuration issues to facilitate fast and accurate correlation of configuration data across multiple information sources and tools. Common Platform Enumeration (CPE) is a standardized method of describing and identifying classes of applications, operating systems, and hardware devices present among an enterprise's computing assets. For support or reporting issues, include Question ID: 63fe07813b7322449ddbcebc in your ticket. Thank you.

SecurityX Practice Exam #2 (Dion) Flashcards

(91 cards)