CERTIPORT SOFTWARE DEVELOPMENT
COMPLETE EXAM QUESTIONS AND
DETAILED ANSWERS COMPREHENSIVE
REVIEW RESOURCE
●● Adversary
Answer: Cybercriminals
●● Capabilites
Answer: -Brute-force attacks and exploits in servers
-Spreading infected links through ads
-Evasive techniques
-Spam campaign in multiple languages
●● Infrastructure
Answer: -Pastebin(to distribute Powershell scripts)
-Malware distribution network
-Remote Services(VPN's and RDP's)
●● Victims
Answer: Targeted Sectors include:
,-Aviation
-Finance
-Government
-Healthcare
-Manufacturing
●● WEP (Wired Equivalent Privacy)
Answer: A key encryption technique for wireless networks that uses
keys both to authenticate network clients and to encrypt data in transit.
●● WPS (Wi-Fi Protected Setup)
Answer: A user-friendly—but not very secure—security setting available
on some consumer-grade APs. Part of the security involves requiring a
PIN in order to access the AP's settings or to associate a new device with
the network. The PIN can be easily cracked through a brute force attack,
so this PIN feature should be disabled if possible.
●● WPA(Wireless Protected Access)
Answer: is a security standard for computing devices equipped with
wireless internet connections.
●● WPA2(Wireless Protected Access 2)
Answer: Wireless network encryption system.
,●● AES(Advanced Encryption Standard) is a symmetric block cipher
chosen by the U.S. government to protect classified information.
Answer: -is a symmetric block cipher chosen by the U.S. government to
protect classified information.
-used in WPA2 encryption
●● BYOD (bring your own device)
Answer: The practice of allowing users to use their own personal
devices to connect to an organizational network.
●● COPE(Corporate Owned, Personally Enabled)
Answer: Employees chose from a selection of company approved
devices
●● CYOD (Choose Your Own Device)
Answer: A mobile device deployment model. Employees can connect
their personally owned device to the network as long as the device is on
a preapproved list.
●● VDI (Virtual Desktop Infrastructure)
Answer: A virtualization implementation that separates the personal
computing environment from a user's physical computer.
●● CVE(Common Vulnerabilities and Exposures)
, Answer: a tool that determines vulnerabilities in an operating systems
and application software
●● SIEM (Security Information and Event Management)
Answer: Software that collects and analyzes security alerts, logs and
other real time and historical data from security devices on the network
●● SOAR(Security Orchestration, Automation and Response)
Answer: a tool designed to help security teams manage and respond to
the very high number of security warnings and alarms by combining
comprehensive data gathering and analytics in order to automate
incident responses.
●● NIST (National Institute of Standards and Technology)
Answer: The NIST Cybersecurity Framework helps businesses of all
sizes better understand, manage, and reduce their cybersecurity risk and
protect their networks and data.
●● threat actor
Answer: A person or element that has the power to carry out a threat.
●● black hat attackers
Answer: persons or organizations that take advantage of any
vulnerability for illegal personal, financial, or political gain
COMPLETE EXAM QUESTIONS AND
DETAILED ANSWERS COMPREHENSIVE
REVIEW RESOURCE
●● Adversary
Answer: Cybercriminals
●● Capabilites
Answer: -Brute-force attacks and exploits in servers
-Spreading infected links through ads
-Evasive techniques
-Spam campaign in multiple languages
●● Infrastructure
Answer: -Pastebin(to distribute Powershell scripts)
-Malware distribution network
-Remote Services(VPN's and RDP's)
●● Victims
Answer: Targeted Sectors include:
,-Aviation
-Finance
-Government
-Healthcare
-Manufacturing
●● WEP (Wired Equivalent Privacy)
Answer: A key encryption technique for wireless networks that uses
keys both to authenticate network clients and to encrypt data in transit.
●● WPS (Wi-Fi Protected Setup)
Answer: A user-friendly—but not very secure—security setting available
on some consumer-grade APs. Part of the security involves requiring a
PIN in order to access the AP's settings or to associate a new device with
the network. The PIN can be easily cracked through a brute force attack,
so this PIN feature should be disabled if possible.
●● WPA(Wireless Protected Access)
Answer: is a security standard for computing devices equipped with
wireless internet connections.
●● WPA2(Wireless Protected Access 2)
Answer: Wireless network encryption system.
,●● AES(Advanced Encryption Standard) is a symmetric block cipher
chosen by the U.S. government to protect classified information.
Answer: -is a symmetric block cipher chosen by the U.S. government to
protect classified information.
-used in WPA2 encryption
●● BYOD (bring your own device)
Answer: The practice of allowing users to use their own personal
devices to connect to an organizational network.
●● COPE(Corporate Owned, Personally Enabled)
Answer: Employees chose from a selection of company approved
devices
●● CYOD (Choose Your Own Device)
Answer: A mobile device deployment model. Employees can connect
their personally owned device to the network as long as the device is on
a preapproved list.
●● VDI (Virtual Desktop Infrastructure)
Answer: A virtualization implementation that separates the personal
computing environment from a user's physical computer.
●● CVE(Common Vulnerabilities and Exposures)
, Answer: a tool that determines vulnerabilities in an operating systems
and application software
●● SIEM (Security Information and Event Management)
Answer: Software that collects and analyzes security alerts, logs and
other real time and historical data from security devices on the network
●● SOAR(Security Orchestration, Automation and Response)
Answer: a tool designed to help security teams manage and respond to
the very high number of security warnings and alarms by combining
comprehensive data gathering and analytics in order to automate
incident responses.
●● NIST (National Institute of Standards and Technology)
Answer: The NIST Cybersecurity Framework helps businesses of all
sizes better understand, manage, and reduce their cybersecurity risk and
protect their networks and data.
●● threat actor
Answer: A person or element that has the power to carry out a threat.
●● black hat attackers
Answer: persons or organizations that take advantage of any
vulnerability for illegal personal, financial, or political gain