SECURITY+ SY0-601 STUDY SET from Mike Myer's Book

__________________ is defined as using and manipulating human behavior to obtain a required result. It typically involves NON-TECHNICAL methods of attempting to gain unauthorized access to a system or network. Correct answer- Social engineering Through social engineering, an attacker might easily lead a user to reveal her account password or to provide personal information that might reveal her password, a technique known as ____________________. Correct answer- eliciting information ________________________ is when a social engineer calls a helpdesk operator, who claims to be a high-level user, and demands that the operator reset the user's password immediately so that the user can complete an important task. Correct answer- Impersonation _______________ is a technique in which a social engineer creates a story, or pretext, that employs one or more of these principles to motivate victims to act contrary to their better instincts or training. Correct answer- Pretexting A __________________ scam is a social engineering technique that targets a large group of recipients with a generic message that attempts to trick them into either visiting a website and entering confidential personal information, responding to a text or SMS message (known as ___________), or replying to an e-mail with private information, often a username and password, or banking or credit card details. Correct answer- phishing / smishing _____________________ is a targeted type of phishing attack that includes information familiar to the user and appears to be from a trusted source such as a company such as a financial service that the user has used previously, a social media site such as LinkedIn, or even a specific trusted user. Correct answer- Spear phishing _________________ are important tools to protect against phishing attacks. Users must be aware that financial institutions will never ask for bank account numbers and credit card details in an e-mail to a user. Correct answer- User education and awareness training ______________ is a type of phishing attack that is targeted at a specific high-level user, such as an executive. Correct answer- Whaling ________________ is when an unauthorized person casually glances over the shoulder of an employee as she returns to her desk and enters her username and password into the computer. Correct answer- Shoulder surfing _____________________ is one of the simpler forms of social engineering and describes gaining physical access to an access-controlled facility or room by closely following an authorized person through the security checkpoint. Correct answer- Tailgating _____________ is a social engineering technique that misdirects a user to an attacker's website without the user's knowledge, usually by manipulating the Domain Name Service (DNS) on an affected server or the hosts file on a user's system. While much like phishing, where a user may click a link in a seemingly legitimate e mail message that takes him to an attacker's website, pharming differs in that it installs code on the user's computer that sends them to the malicious site, even if the URL is entered correctly or chosen from a web browser bookmark. Correct answer- Pharming __________ is instant messaging spam, and much like the more common e-mail spam, it occurs when a user receives an unsolicited instant message from another user, including users who are known and in the user's contact list. Correct answer- SPIM (spam over instant messaging) _______________ is a type of phishing attack that takes place over phone systems, most commonly over VoIP (Voice over IP) lines. Correct answer- Vishing A _________ is typically some kind of urban legend or sensational false news that users pass on to others via e-mail because they feel it is of interest. While mostly harmless, some are phishing attempts that try to get the user to visit a link in the e-mail message that redirects to a malicious website. The only cure is user education as to avoid spreading these types of messages to other users. Correct answer- hoax As part of corporate espionage, some companies hire private investigators to examine garbage dumpsters of a target company, and these investigators try to discover any proprietary and confidential information. This is called __________________. Correct answer- Dumpster diving You have been contacted by your company's CEO after she received a personalized but suspicious e-mail message from the company's bank asking for detailed personal and financial information. After reviewing the message, you determine that it did not originate from the legitimate bank. Which of the following security issues does this scenario describe? A. Dumpster diving B. Phishing C. Whaling D. Vishing Correct answer- C During your user awareness training, which of the following actions would you advise users to take as the best security practice to help prevent malware installation from phishing messages? A. Forward suspicious messages to other users B. Do not click links in suspicious messages C. Check e-mail headers D. Reply to a message to check its legitimacy Correct answer- B Negative company financial information was carelessly thrown in the trash bin without being shredded, and a malicious insider retrieved it and posted it on the Internet, driving the stock price down. The CEO wants to know what happened—what was the attack? A. Smishing B. Dumpster diving C. Prepending D. Identity fraud Correct answer- B Max, a security administrator, just received a phone call to change the password for a user in the HR department. The user did not provide verification of their identity and insisted that they needed the password changed immediately to complete a critical task. What principle of effective social engineering is being used? A. Trust B. Consensus C. Intimidation D. Urgency Correct answer- D A _______ is a malicious computer program that requires user intervention (such as clicking it or copying it to media or a host) within the affected system, even if the virus program does not harm the system. They self-replicate without the knowledge of the computer user. Correct answer- virus _____________ infect the boot sector or partition table of a disk which is used by the computer to determine which operating systems (OSs) are present on the system to boot. Correct answer- Boot sector viruses A _______________ disguises itself as a legitimate program, using the name of a legitimate program but with a different extension. For example, a virus might be named to emulate a file called . Correct answer- companion virus A ___________ uses the internal workings of Microsoft Word and Excel to perform malicious operations when a file containing the virus is opened, such as deleting files or opening other virus-executable programs. Correct answer- macro virus A _________ hides from antivirus software by encrypting its code. They attempt to cover their trail as they infect their way through a computer. Correct answer- stealth virus ______________ are designed to make detection and reverse engineering difficult and time consuming, either through obfuscation or through substantial amounts of confusing code to hide the actual virus code itself. *While armored viruses are often quite good at what they are designed to do, they are significantly larger than necessary, which makes their presence easier to detect. Correct answer- Armored viruses _______________ changes with each infection. These types of viruses were created to confuse virus-scanning programs. Correct answer- Polymorphic malware __________________ log a user's keystrokes for various purposes, either via hardware or software means. Correct answer- Keyloggers A ____________ hides on your computer system until called upon to perform a certain task. They are usually downloaded through e-mail attachments, websites, and instant messages. They are usually disguised as popular programs such as games, pictures, or music. Correct answer- Trojan horse program A _________________ installs a backdoor that bypasses all authentication controls and allows the attacker continuous access to the client computer. Correct answer- remote access Trojan (RAT) A ____________ does not activate until a specific event, such as reaching a specific date or starting a program a specific number of times, is triggered. Correct answer- logic bomb program A ___________ is a self-contained program (or set of programs) that can self-replicate and spread full copies or smaller segments of itself to other computer systems via network connections, e-mail attachments, and instant messages. *Compare this to viruses, which cannot self-replicate, but instead depend on the sharing of their host file to spread. Correct answer- computer worm ____________________ and spyware are a subset of software known as ____________________, potential threats that are not always considered security risks but are still generally considered unwelcome. Correct answer- Adware (advertising software) / potentially unwanted programs (PUPs) ________________, such as a crypto-locking virus, is designed to lock users out of their system until a ransom is paid. Ex: CryptoLocker and WannaCry Correct answer- Ransomware A ____________ is a type of backdoor program that is inserted into application software and allows a remote user root access (administrator access) to the system on which the software is installed, without the permission or knowledge of the user. Correct answer- rootkit A ________ is typically any type of computer system that is attached to a network whose security has been compromised and that runs malicious software completely unknown to the system users. Botnets and their bots (often called "zombie" computers) are typically used for distributed denial-of service (DDoS) attacks. Correct answer- bot _______________ are named as such as a loose analogy to the birthday paradox, stating that if you have 23 people in a room, the probability that two or more of them share the same birthdate (without the year) is 50 percent. Correct answer- Birthday attacks A ______________ is the most basic type of password attack. In this attack's simplest form, an attacker might repeatedly attempt to guess the user's password. Correct answer- brute-force attack More effective and efficient than a brute-force attack, a _______________ uses dictionaries, or lists of common words across various types of organizations, languages, and other words that might be used for passwords, as well as common substitutions, such as using the @ symbol in lieu of the letter a. Correct answer- dictionary attack ___________ are a variation on a dictionary attack that, instead of trying to guess the password, use precomputed hashes (called rainbow tables) developed by software that can process huge lists of words and spit out their hash, which is then added to the rainbow table's file. Correct answer- Rainbow attacks You suspect that your server has been compromised because it has been running slowly and is unresponsive. Using a network analyzer, you also notice that large amounts of network data are being sent out from the server. Which of the following is the most likely cause? A. The server has a rootkit installed. B. The server requires an operating system update. C. The server is infected with spyware. D. The server is part of a botnet. Correct answer- D Antivirus software may NOT be able to identify which of the following? A. Trojans B. Logic bombs C. Polymorphic viruses D. Adware Correct answer- B In a ____________, the extra characters are malicious code that causes the program or even the entire system to crash. Correct answer- buffer overflow attack _____________ essentially creates a denial-of-service condition, because the resources that are needed to execute actions associated with an application are entirely exhausted (hence the name), leading to either an error, performance slowdown, or a denial of service. Correct answer- Resource exhaustion In a _______________ scenario, an attacker exploits a bug within an application to bypass the application and gain elevated privileges that enable the attacker to execute system commands. *Protection against it requires that programmers use input validation and test their code for bugs and exploits Correct answer- privilege escalation ______________ can occur when a user's cookie for a website, which can contain session authentication credentials for a remote server, is hijacked by another user, who then uses that cookie to gain unauthorized access. *To protect it, web applications should regenerate session keys and IDs after each successful login, as to deny access to any non-legitimate user. Correct answer- Session hijacking High-security applications such as web banking use _______________ over the now-deprecated Secure Sockets Layer (SSL) to encrypt sessions, including the transfer of information in user cookies. Correct answer- Transport Layer Security (TLS) ____________ is similar to another attack, URL redirection, in that both often redirect to a malicious site that attempts to gain credentials, but URL redirection often comes in the form of a phishing email that redirects from a legitimate site to a malicious site, while clickjacking incorporates hidden, invisible, or false elements. Correct answer- Clickjacking ______________ is a type of website application vulnerability that allows malicious users to inject malicious code into dynamic websites that rely on user input. Ex: A search engine website or user message forum that utilizes user input. Correct answer- Cross-site scripting (XSS) ______________ is a type of attack that relies on the ability to use a user's current web browsing state, including session cookie data and login identity credentials, and trick that user into navigating to a website that contains malicious code. Correct answer- Cross-site request forgery (CSRF) In _________________, the attacker sends SQL input (normally in the form of SQL database manipulation commands) to the database via an input form. Correct answer- Structured Query Language (SQL) injection ________________ is a type of access vulnerability that enables a hacker to actually navigate the website directory tree through the URL, via ../ on a Unix system or .. on a Windows system, to go to the parent directory. Correct answer- Directory traversal ___________________ are very difficult to defend against, but in most cases, OS and software application vendors are very responsive in patching their software in the event a new vulnerability is discovered. You must always make sure your software is running the latest version with all security patches available installed. Correct answer- Zero-day attacks A ______________ happens when an application is dependent on the steps to be performed in an appropriate order, and the steps are subsequently then executed out of order, creating a crash or other negative situation that can be exploited by an attacker. Correct answer- race condition A __________________ occurs when an unauthorized user captures network traffic and then sends the communication to its original destination, acting as the original sender Correct answer- replay attack While testing exception handling with a web application, you encounter an error that displays a full URL path to critical data files for the application. Which one of the following types of vulnerabilities would this application be susceptible to? A. Buffer overflow B. Session hijacking C. Cross-site scripting D. Directory traversal Correct answer- D Your web application currently checks authentication credentials from a user's web browser cookies before allowing a transaction to take place. However, you have had several complaints of identity theft and unauthorized purchases from users of your site. Which of the following is the mostly likely cause? A. Cross-site scripting B. Session hijacking C. Header manipulation D. Lack of encryption Correct answer- B During testing of a web application, you discover that due to poor input validation, you can easily crash the server by entering values in the input forms much greater than the system can handle. What type of vulnerability is this? A. Session hijacking B. Buffer overflow C. Privilege escalation D. XML injection Correct answer- B In __________, an unauthorized user sends unwanted messages to another Bluetooth device in range of the originating device. Correct answer- bluejacking A more serious Bluetooth vulnerability is called ____________, where an unauthorized user connects to an unprotected Bluetooth device and access any data stored on it. Correct answer- bluesnarfing __________ are rogue access points set up to mimic a legitimate WiFi network. An unsuspecting user could connect and make an online purchase using her banking or credit card details, which are then stolen by the hacker for the purposes of identity theft and fraud. Correct answer- Evil twins In a DoS attack, a malicious user can send a continuous stream of rapid ping attempts, called a _______________ The host is then overloaded by having to reply to every ping, rendering it unable to process legitimate requests. Correct answer- "ping of death." A ________________ uses publicly accessible Domain Name System servers to conduct a DDoS on a victim server by flooding the system with the DNS response traffic. Correct answer- DNS amplification attack ____________ is a type of network attack in which the ARP cache of systems on the network is modified to associate an IP address with the MAC address of the attacker's system. Correct answer- Address Resolution Protocol (ARP) poisoning A __________ uses a spoof attack combined with a DDoS attack to exploit the use of IP broadcast addressing and ICMP (ping). Correct answer- smurf attack An ___________ is one of the "noisiest" scans performed simply because it uses so many nonstandard flags in combination set to "on." All the enabled flags in the TCP segment are like the lights of a Christmas tree to the scanned device It can also identify operating systems based on their response to these nonstandard options. Correct answer- Xmas scan The __________ technique takes advantage of a DNS server's tables of IP addresses and hostnames by replacing the IP address of a host with another IP address that resolves to an attacker's system. Correct answer- DNS poisoning _______________ are designed to infiltrate a system or network through the exploitation of a secondary system or network. Often, the attacker inserts malware into a website that he believes the target will visit and waits for the target to be exploited via the secondary site. Correct answer- Watering hole attacks Your web server is being flooded by a denial-of-service attack. Using a network analyzer, you see that IP broadcast replies are being sent back to the address of your server from multiple addresses. Which type of network attack is this? A. On-path B. Back door C. Smurf D. DNS poisoning Correct answer- C During a denial-of-service attack, a network administrator blocks the source IP address with the firewall, but the attack continues. What is the most likely cause of the problem? A. The denial-of-service worm has already infected the firewall locally. B. The attack is coming from multiple distributed hosts. C. A firewall can't block denial-of-service attacks. D. Antivirus software needs to be installed. Correct answer- B A few systems have been infected with malware; log analysis indicates the users all visited the same legitimate website to order office supplies. What is the most likely attack the users have fallen victim to? A. Replay B. Watering hole C. ARP poisoning D. Domain kiting Correct answer- B Which of the following types of wireless attacks utilizes a weakness in WEP key generation and encryption to decrypt WEP encrypted data? A. IV attack B. War driving C. PSK attack D. Eavesdropping Correct answer- A ___________ are the lowest-common-denominator threat actor; these are delinquent teenagers sitting in their parents' basement, as the ugly stereotype goes. Often their tools are "point and click" or simple scripts and have little sophistication. Correct answer- Script kiddies _______________ utilize cyber means for social or political reasons. Anonymous is probably the most famous of these. Correct answer- Hacktivists An __________ is an adversary that possesses sophisticated levels of expertise and significant resources which allow it to create opportunities to achieve its objectives by using multiple attack vectors. Correct answer- Advanced persistent threat (APT) _________ may be the most dangerous type of threat actor of them all due to being employees, contractors, or other privileged parties having the access inherent to their position. Correct answer- Insiders A company insider decides to steal data and sell it to a competitor that is offering a large amount of cash. Which of the following terms describes the insider? A. Threat B. Threat actor C. Vulnerability D. Risk actor Correct answer- B Threat hunting can be partially automated through the use of which tool? A. Security information and event manager (SIEM) B. Anti-malware scanner C. Vulnerability scanner D. Security orchestration, automation, and response (SOAR) Correct answer- D A _____________ is a security weakness, such as the lack of a security control, that could be exploited or exposed by a threat Correct answer- vulnerability _________________ involves disabling or removing services that are not required by the system. Correct answer- Hardening Before you install any update or patch onto networked systems, install and test it on a test host in a lab environment. A True B False Correct answer- A __________ refers to networks and systems that are managed outside of the IT organization, often without the IT organization's permission or even awareness. Correct answer- Shadow IT Which of the following terms describes the level of harm that results from a threat exploiting a vulnerability? A. Attack B. Likelihood C. Impact D. Risk Correct answer- C Kevin, a college professor researching viruses, sets up a server within his campus lab without notifying the college's IT department. He doesn't want to lock the system down with security controls that could possibly slow his analysis. What is the best term to describe Kevin's new computer? A. Attack surface B. Shadow IT C. Noncompliance D. Impact Correct answer- B Port number for HTTP Correct answer- TCP 80 Port number for FTP Correct answer- TCP 21 Port number for DNS Correct answer- UDP 53 Port number for DHCP Correct answer- UDP 67 Port number for SMTP Correct answer- TCP 25 Port number for Telnet Correct answer- TCP 23 Port number for POP3 Correct answer- TCP 110 Port number for IMAP Correct answer- TCP 143 Port number for SSH Correct answer- TCP 22 Port number for LDAP (Active Directory) Correct answer- 389 A _____________ occurs when a vulnerability scan reports a vulnerability that does not actually exist. Correct answer- false positive Even more dangerous than a false positive, a _____________ occurs when a vulnerability indeed exists but it is not detected by the scanner. Correct answer- false negative Lauren is performing a vulnerability assessment for a web server. Which of the following tools should she use to determine what active ports, protocols, and services are running? A. Wireshark B. Nmap C. Honeypot D. Banner Grabber Correct answer- B Which of the following is the most dangerous type of finding because it can actually mean that a potential vulnerability goes undetected? A. False positive B. False negative C. False flag D. False scan Correct answer- B Tom is looking for a single tool that aggregates all the different data points from the network, including network alerts, packet capture, user behavior and sentiment analyses, data inputs, log files, and physical security logs, from every host on the network. What is the best option? A. Anti-malware scanner B. Vulnerability scanner C. Port scanner D. SIEM solution Correct answer- D New management has decided to test the security of the existing network infrastructure implemented by the current network administrators. Which of the following should be performed to provide the most objective and useful test of your security controls? A. Hire a real hacker to attack the network. B. Perform third-party penetration testing. C. Perform penetration testing by the network administrators. D. Initiate an external denial-of-service attack. Correct answer- B _________________ are the high-level risk management, assessment, and mitigation plans that define your overall organization security. Ex: Common managerial controls include administrative policies, procedures, and plans and management programs. Correct answer- Managerial risk controls The category of ______________________ encompasses the actual technical measures used to reduce security risks in your organization, which include deep-level network and system security (firewalls, antivirus scanning, content filters, and other network security devices) Correct answer- technical risk controls Controls in the ________________ category address how the organization conducts its daily business and are designed to minimize the security risk to those business activities. This category could include, for example, companywide policies Correct answer- operational risk ___________________ compensate for weaknesses or inherent flaws within other controls or a lack of controls, such as regularly scheduled third-party review of logs based on an inability to enable proper separation of duties across system administrators. Correct answer- Compensating controls _____________________ correct back to a trusted or "known-good" state; an example is regularly tested backups limiting the time a critical database is offline. Correct answer- Corrective controls _____________ detect and characterize events or irregularities as or after they occur, such as internal or external audits conducted on a non-notice basis. Correct answer- Detective controls _______________________ deter and discourage an event from taking place (for example, roaming security guards and cameras placed around the facilities that are continuously monitored by personnel). Correct answer- Deterrent controls ________________ include physical access controls (perimeter fencing, security passes, and surveillance) and environmental controls (fire suppression and temperature controls). Correct answer- Physical controls Which of the following is not a control function? A. Deter B. Detect C. Destroy D. Compensate Correct answer- C Which of the following are control categories? (Choose all that apply.) A. Mitigation B. Recovery C. Operational D. Managerial Correct answer- CD The _____________ grants users only the access rights they need to perform their job functions. This requires giving users the least amount of access possible to prevent them from abusing more powerful access rights. Correct answer- least privilege principle The ______________ ensures that one single individual isn't tasked with high-security and high-risk responsibilities. Certain critical responsibilities are separated between several users to prevent corruption. Correct answer- separation of duties ________________ provides improved security because no employee retains the same amount of access control for a position indefinitely. This prevents internal corruption by employees who might otherwise take advantage of their long-term position and security access. Correct answer- Job rotation A _______________ policy requires employees to use their vacation days at specific times of the year or to use all their vacation days allotted for a single year. This policy helps detect security issues with employees, such as fraud or other internal hacking activities, because the anomalies might surface while the user is away Correct answer- mandatory vacation An __________________ is a set of established guidelines for the appropriate use of computer networks within an organization. The AUP is a written agreement, read and signed by employees, that outlines the organization's terms, conditions, and rules for Internet and internal network use. Correct answer- acceptable use policy (AUP) A company practices ____________________ by ensuring that all activities that take place in the corporate facilities are conducted in a reasonably safe manner. Correct answer- due care A company practices ________________ by implementing and maintaining these security procedures consistently to protect the company's facilities, assets, and employees. Correct answer- due diligence _____________ guarantees that in the event of a security issue by an employee, the employee receives an impartial and fair inquiry into the incident to ensure the employee's rights are not being violated. Correct answer- Due process _________________ are often utilized when an employee, or even a third-party vendor or supplier, requires access to sensitive or proprietary information, information that could provide an advantage to a competitor, or, in the case of federal agencies or contractors, harm national security. Correct answer- Nondisclosure agreements (NDAs) To prevent legal liabilities, companies have implemented _______________ to help reduce the possibility of legal problems arising from past messaging communications and data. Correct answer- data retention policies System architecture diagrams should never be displayed or stored in a public area, especially if they contain system IP addresses and other information hackers can use to compromise a network. A True B False Correct answer- A A __________________ maintains that any confidential papers, sticky notes with sensitive information, cell phones, portable devices, and removable media should be always kept in locked drawers. Correct answer- clean desk space policy Users must ensure that they lock and password-protect their workstation sessions whenever they are away from their desk. A True B False Correct answer- A A _____________________ is an understanding among a supplier of services and the users of those services that the service in question will be available for a certain percentage of time. Correct answer- service level agreement (SLA) _________________ are common within the government sector and relate terms of cooperation between two organizations seeking a common goal, such as a joint continuity of operations site. Correct answer- Memorandums of agreement and understanding (MOA/MOU) After a few incidents where customer data was transmitted to a third party, your organization is required to create and adhere to a policy that describes the distribution, protection, and confidentiality of customer data. Which of the following policies should your organization create? A. Privacy B. Due care C. Acceptable use D. Service level agreement Correct answer- A As a managed service provider responsible for Internet-based application services across several external clients, which of the following policies does your organization provide to clients as an agreement for service uptime? A. Code of ethics B. Privacy C. SLA D. Due care Correct answer- C There is a suspicion that Tom, a systems administrator, is performing illegal activities on your company's networks. To gather evidence about his activities, which of the following principles and techniques could you employ? A. Password rotation B. Mandatory vacation C. Need-to-know D. Separation of duties Correct answer- B You need to create an overall policy for your organization that describes how your users can properly make use of company communications services, such as web browsing, e-mail, and File Transfer Protocol (FTP) services. Which of the following policies should you implement? A. Acceptable use policy B. Due care C. Privacy policy D. Service level agreement Correct answer- A __________________ is a numerical calculation of the exact cost of the loss of a specific company asset because of a disaster. ___________________ considers tangible and intangible factors in determining costs. Correct answer- Quantitative risk analysis / Qualitative risk analysis The ___________ is the amount of risk that's acceptable to an organization. Correct answer- risk tolerance ______________ is the level of risk that an organization is willing to take before actions are taken to reduce risk. Understanding an organization's risk appetite will help guide solutions and countermeasure recommendations. Correct answer- Risk appetite The _______________ is the level of risk that remains after controls are put into place to mitigate or reduce risk. Correct answer- residual risk ____________ prevents sensitive and private data from being intercepted or read by unauthorized users. Ex: Using encryption Correct answer- Confidentiality ______________ ensures that your data is consistent and never modified by unauthorized persons or manipulated in any intentional or accidental manner. Ex: Common methods of ensuring integrity are hashing, digital signatures, and certificates. Correct answer- Integrity ________________ ensures that your systems and networks are always operational and providing service to users, minimizing downtime when patching or scanning. Ex: Implementation of a cold, warm, or hot site, and RAID. Correct answer- Availability A ___________ is a living document used to track different types of data elements, most commonly risk factors and risk scenarios. Correct answer- risk register A ______________ outlines your organization's most critical functions and how they'll be affected during a disaster. Correct answer- business impact analysis (BIA) _________________ is the average length of time from the moment a component fails until it is repaired. Correct answer- Mean time to repair (MTTR) _____________ is the length of time that a component is expected to last in regular service. Correct answer- Mean time to failure (MTTF) _______________ is the average length of time a specific component is expected to work until it fails. Correct answer- Mean time between failures (MTBF) ______________ is the maximum amount of time that is considered tolerable for a service or certain business function to be unavailable. Correct answer- Recovery time objective (RTO) _______________ is the maximum acceptable amount of lost data due to an outage or disaster. Correct answer- Recovery point objective (RPO) As part of a risk analysis of a very large and extensive back-end database, you need to calculate the probability and impact of data corruption. Which of the following impact factors allows you to calculate your annualized losses due to data corruption? A. SLE B. SLA C. ARO D. ALE Correct answer- D AJ's management tasks him with determining the right reliability factor to track for the company's new engines. The management wants to know how long they can expect the engine to last before failure, with the expectation that it will then be replaced. What is the best reliability factor? A. Recovery point objective (RPO) B. Mean time to repair (MTTR) C. Mean time between failures (MTBT) D. Mean time to failure (MTTF) Correct answer- D A(n) __________ tracks different types of data elements, most commonly risk factors and risk scenarios. It might also include data that describes different technical or management findings contributing to the risk, as well as threats, vulnerabilities, assets, likelihood, and impact data. A. Acceptable use policy B. Business continuity plan C. Risk register D. Risk matrix Correct answer- C Which of the following is not a standard classification for private or sensitive data? A. Public B. Confidential C. Proprietary D. Consensual Correct answer- D The __________ determines what data will be collected and how it will be used within an organization. A. Data steward B. Data controller C. Data processor D. Data protection officer Correct answer- B _____________________ is the concept of using security and content control features to prevent confidential, private data from leaving your organization's networks. Correct answer- Data loss prevention (DLP) _____________ obfuscates sensitive data by substituting it with a different value ("dummy" value.) Correct answer- Data masking A __________ is a facility that's ready to be operational immediately when the primary site becomes unavailable. It is the most costly. Correct answer- hot site A __________ is like a hot site but without most of the duplicate servers and computers that would be needed to facilitate an immediate switch-over. Correct answer- warm site A __________ merely offers an empty facility with some basic features, such as wiring and some environmental protection, but no equipment. This is the least expensive option. Correct answer- cold site A ____________ is a device or server used to attract and lure attackers into trying to access it, thereby removing attention from actual critical systems. Correct answer- honeypot Bobby's management has asked him to explore an alternate site solution that can be operational somewhat quickly when needed but does not require duplication of the primary network. What is the best solution? A. Hot site B. Cold site C. Mobile site D. Warm site Correct answer- D SAN storage security often implements the concept of __________, which allows segmentation of data by classifications and restriction of that data by device. A. masking B. encryption C. zones D. tokenization Correct answer- C Barbara needs to destroy a set of sensitive printed documents. Her management tasks her to find the most secure solution, as shredding is not up to standard. Which of the following is the best option? A. Degaussing B. Pulverizing C. Washing D. Wiping Correct answer- B _____________ provides the ability to quickly stand up virtual machines (VMs), storage devices, and other infrastructure that would otherwise require the purchase of physical devices. Correct answer- Infrastructure as a Service (IaaS) ____________ provides the framework of an operating system and associated software required to perform a function Correct answer- Platform as a Service (PaaS) _________________ allows a customer to essentially lease software, such as applications and databases, thus enabling rapid rollout to the greater user community. Correct answer- Software as a Service (SaaS) A _____________ is available only to one organization and can be managed either internally by the organization or externally by a third party. Correct answer- private cloud A ______________ is available to the greater public, with security segmentation between users. Correct answer- public cloud A ______________ is created when two or more organizations create a mutual cloud. Correct answer- community cloud A _________________ combines two or more different cloud deployment models (such as private and community) to perform specific tasks not easily completed through one standard solution. Correct answer- hybrid cloud A ____________ is an application that runs on top of a more conventional operating system. Correct answer- Type 2 hypervisor A ________________ is essentially a bare-bones operating system that runs the host machine and serves to provide the single functionality of managing the VMs installed on it. Correct answer- Type 1 hypervisor Sam's manager is fed up with managing the dozens of service providers across the corporate portfolio and tasks Sam with finding the best way to provide a seamless view to the corporation's users. What is the best option? A. Security information and event management (SIEM) B. Services integration and management (SIAM) C. Microservices D. Managed service provider (MSP) Correct answer- B The _________________ of SDLC is based on a more traditional project management model in which software development proceeds through the phases of conception, initiation, analysis, design, construction, testing, production and implementation, and maintenance. Correct answer- Waterfall method The ______________ methodology of SDLC is iterative in nature and utilizes teams to deliver earlier and continuously improve more rapidly than the Waterfall development method. Correct answer- Agile software development _________________ refers to the process of coding applications to accept only certain valid input for user-entered fields. Correct answer- Input validation ________________ entails using a certificate to digitally sign executables and scripts to confirm that the software was developed by the appropriate author and has not been manipulated in any way, thus providing integrity and a measure of authenticity. Correct answer- code signing As part of your application-hardening process, which of the following activities helps to prevent existing vulnerabilities in applications from being exploited? A. Exception handling B. Fuzzing C. Updating to the latest software version or patch D. Escaping Correct answer- C __________ is the design of a database to remove redundancies and improve integrity through simplification of the design. A. Normalization B. Anonymization C. Masking D. Obfuscation Correct answer- A ___________________, also referred to as identify proofing, is the process of presenting valid credentials to the system for identification and further access. Correct answer- Identification ________________ is the process of validating the user's identification. Correct answer- Authentication _________________ is the act of granting permission to an object, such as a network share. Correct answer- Authorization _____________ is the process of logging users' activities and behaviors, the amount of data they use, and the resources they consume. Correct answer- Accounting ________________ typically combines two single-factor authentication types, such as something the user knows and something the user possesses. Correct answer- Two-factor authentication _______________ is the strongest form of user authentication and involves a combination of a physical item, such as a smart card, token, or biometric factor, and a nonphysical item, such as a password, passphrase, or PIN. Correct answer- Multifactor authentication (MFA) 1) Something you know 2) Something you have 3) Something you are Correct answer- The three Multi-Factor Authentication schemes You are tasked with setting up a single sign-on authentication system for a large enterprise network of 5000 users. Which of the following is the best option? A. Local login and password database B. Login and password with a security token C. Authenticated access to an LDAP database D. Smart card with PIN number Correct answer- C Bobby is tasked with creating a high-security authentication system for physical access control to a military installation. Which of the following authentication systems would be most appropriate? A. Smart card and PIN B. Security badge and guard C. Biometric eye scanner D. Username and password Correct answer- A A web services provider wants to improve its security through the implementation of two-factor authentication. What would be the most likely authentication method? A. TOTP B. SIEM C. TACACS D. LDAP Correct answer- A After a user is identified and authenticated to the system, what else must be performed to enable the user to use a resource? A. Authorization B. Authentication by token C. Encryption of network access D. Biometric scan Correct answer- A With an _______________, only those files that have been modified since the previous full or incremental backup are stored. The archive bit is cleared on those files that are backed up. Correct answer- incremental backup A _______________ saves only files that have been changed since the last full backup. In this method, the archive bit isn't cleared, so with each differential backup, the list of files to save grows larger each day until the next full backup. Correct answer- differential backup Bobby must ensure that power is always available, 24/7, for a critical web and database server that accepts customer orders and processes transactions. Which of the following devices should Bobby install? A. Power conditioner B. UPS C. Power generator D. Redundant power supply Correct answer- C AJ's company is in the middle of budgeting for disaster recovery. He has been asked to justify the cost for offsite backup media storage. Which of the following reasons should he offer as the primary security purpose for storing backup media at an offsite storage facility? A. So that the facility can copy the data to a RAID system B. So that if the primary site is down, the offsite storage facility can reload the systems from backup C. For proper archive labeling and storage D. To prevent a disaster onsite from destroying the only copies of the backup media Correct answer- D A __________ system is often used to control utilities, automated systems, and machinery of all sorts. A. sensor B. wearable C. SCADA D. smart meter Correct answer- C Tom wants to replace his company's "plain old telephone service" (POTS) with an integrated, network-enabled phone system. What is this type of system called? A. VoIP B. Narrowband C. Smartphone D. BYOD Correct answer- A An ______________ is a two-tier, physical access control method with two physical barriers, such as doors, between the person and the resource that the person is trying to access, such as a secure building, i.e. mantrap. Correct answer- access control vestibule ___________ are also important for highly sensitive areas of an organization, such as the main server and telecommunications room that houses the primary system and networking equipment. Correct answer- Visitor logs Air-gapped systems and devices have no network connectivity with anything. A True B False Correct answer- A ______________, commonly referred to as demilitarized zones (DMZs), act as a buffer between the public Internet, and an internal, private network. Correct answer- Screened subnets How should lighting installed along a perimeter fence be programmed? A. To activate when someone approaches the fence B. To activate only when alarms detect an intruder C. To activate between dusk and dawn D. To be turned on 24 hours a day Correct answer- C Which of the following are advantages to employing security guards in a facility? (Choose two.) A. CCTVs can be in places where guards cannot always be. B. Guards can make split-second decisions during security incidents. C. The vast majority of facility security issues can be handled by well-trained guards. D. Guards are not susceptible to social engineering. Correct answer- BC Which of the following is not a benefit of using an access control vestibule? A. It can serve as a single controlled entry point into a facility. B. It can assist with positive identification and authentication of individuals entering the facility. C. It can prevent unauthorized individuals from entering a secure facility. D. It can protect individual information systems from unauthorized access. Correct answer- D _______________ is a method of protecting information and information systems by providing confidentiality, integrity, authentication, nonrepudiation, and obfuscation. Correct answer- Information assurance _______________ is the term used to describe the inability of a person to deny or repudiate an action they performed, the origin of a signature or document, or the receipt of a message or document. Correct answer- Nonrepudiation __________________ provides security through obscurity, meaning that data is modified to make it unreadable to a human or a program trying to use it. Ex: Using your credit card and they "X" out all the numbers except for the last four numbers. Correct answer- Obfuscation In a ______________ scheme, both parties use the same key for encryption and decryption purposes. Correct answer- symmetric encryption In an ________________ scheme, everyone uses TWO different but mathematically related keys for encryption and decryption purposes. The main disadvantage of asymmetric encryption is that it can be much slower than symmetric schemes. Correct answer- asymmetric encryption A _______________ is used in encryption systems to create a "fingerprint" for a message. This prevents the message from being improperly modified on its way to its destination and is used to protect the integrity of a message and is most often used with digital signatures. Correct answer- hashing value The ______________ isn't an actual encryption algorithm: It's a key agreement protocol that enables users to exchange encryption keys over an insecure medium. Correct answer- Diffie-Hellman Exchange (DHE) You have encrypted an e-mail message because you want to ensure that it is read only by the recipient. A hacker has intercepted the message. When the hacker views the message, what does he see? A. The plaintext of the e-mail B. The one-way hash of the message C. The recipient's certificate information D. Ciphertext Correct answer- D You have sent your friend a secret, encrypted message. The key you used to encrypt the message is the same key with which your friend will decrypt the message. What type of encryption scheme is used? A. Asymmetric B. Symmetric C. RSA D. Diffie-Hellman Correct answer- B Which of the following encryption schemes would you use if your company wants to create an invisible watermark hidden within the images on its website to identify the images in case they are used by another company? A. One-time pad B. Elliptical-curve C. One-way hash D. Steganography Correct answer- D Your organization wants you to implement an encryption system that ensures that the sender and receiver of the encrypted message use different keys for encryption and decryption. Which type of encryption scheme would you use? A. Elliptical-curve B. Quantum C. Asymmetric D. Symmetric Correct answer- C Which of the following IPSec protocols is used to provide authentication and integrity for an entire IP packet? A. Encapsulating Security Payload (ESP) B. Authentication Header (AH) C. Internet Key Exchange (IKE) D. Internet Security Association and Key Management Protocol (ISAKMP) Correct answer- B ________________ combine the traditional capabilities of a firewall to block traffic at the perimeter with more active NIDS/NIPS technologies, as well as being application aware, meaning that they catalog applications approved for use within the network and examine traffic passing to and from them and can "learn" new applications as they are added to the network. Correct answer- Next-generation firewalls (NGFWs) __________ is a dynamic technique that can help test input validation and error/exception handling by entering random, unexpected data into application fields to see how the software program reacts. Correct answer- Fuzzing ___________________ refers to keeping the OS and applications current through regular updates and critical software patches and removing unnecessary software services from the system. Correct answer- Operating system hardening With ___________, the underlying machine layer theoretically is unharmed in the event of a malware outbreak or other security breach and is a common function of virtual machines. Correct answer- sandboxing An executive is traveling with his laptop computer to a conference. The contents of his laptop contain very confidential product information, including development specifications and product road maps. Which of the following techniques can be implemented to protect the confidentiality of the data on the laptop? A. Make sure all software is up to date. B. Password-protect the laptop BIOS. C. Move the confidential documents to a USB key. D. Encrypt the hard drive using a TPM. Correct answer- D A security patch for your OS was released about a week after you applied the latest OS service pack. What should you do? A. Wait until the release of the next full service pack. B. Download the patch only if you experience problems with the OS. C. Do nothing—the security patch was probably included with the service pack. D. Download and install the security patch. Correct answer- D As part of your security baselining and OS hardening, you want to make sure that you protect your organization from vulnerabilities in its operating system software. Which one of the following tasks should you perform? A. Update antivirus signature files. B. Install any patches or OS updates. C. Use an encrypted file system. D. Use a host-based intrusion detection system. Correct answer- B The __________ process in Windows 10 uses the UEFI and a trusted platform module to provide a more secure boot process, also allowing for boot attestation. A. Boot management B. Secure boot C. Measured boot D. Safe mode Correct answer- C Which of the following is not commonly used to secure a database? A. Salting B. Synchronization C. Tokenization D. Hashing Correct answer- B A __________________ is a special, encrypted communications tunnel between one system and another. Correct answer- virtual private network (VPN) The _____________ provides a way to translate Internet domain names into IP addresses. Correct answer- Domain Name System (DNS) One key security control that can be used is a port-based authentication system, such as the IEEE standard __________. This standard provides for port-based authentication and can be used on both wired and wireless networks. Correct answer- 802.1X The __________________ is a unique "calling card" identifying a specific network card. Correct answer- Media Access Control (MAC) address ______________________ continuously trains on network behavior. Correct answer- Heuristic-based security monitoring _________________ takes more work to match the efficiency and effectiveness of other types of monitoring methods such as signature- and behavior-based systems. Correct answer- Rule-based security monitoring The _______________________ can filter and monitor HTTP traffic between web applications and the Internet, helping to mitigate many common web attacks such as cross-site scripting (XSS), SQL injection, and cross-site request forgery (CSRF). Correct answer- web application firewall (WAF) __________________ is the evolution of the traditional firewall concept into an all-in-one device designed to act as a firewall, IDS, load balancer, DLP device, and filter for spam and malware. Correct answer- Unified threat management (UTM) Lauren must install and secure her organization's Internet services, including web, FTP, and e-mail servers, within the current network topology, which uses a network firewall to protect the organization's internal networks. In which security zone of the network should Lauren install these servers to isolate them from the Internet and the organization's internal networks? A. Screened subnet B. VLAN C. Internal network D. Intranet Correct answer- A Max's organization is growing fast, and the number of clients and devices on the organization's network has doubled in size over the last year. Max has been tasked with partitioning the network. Which of the following would best help partition and secure the network? A. MAC B. NAC C. VPN D. VLAN Correct answer- D Bobby is the network administrator for a company whose users are streaming too much video and using up the company's valuable bandwidth resources. Which technology would be best for Bobby to implement to help save resources? A. Content/URL filter B. Anti-spam filter C. Protocol analyzer D. IDS Correct answer- A _________________ are designed to halt a user before accessing a wireless network by trapping packets until a web browser is opened, where the portal opens for entering credentials or payment information. Correct answer- Captive portals ________________ describes how an electronic signal becomes weaker over greater distances. This applies to both cable and wireless signals. Correct answer- Attenuation After creating a heat map of a specific floor of his building, Rich realizes that two of the farthest offices on his floor have very poor signal strength. Which of the following actions can Rich perform to provide the best solution to increase signal strength to that part of the building? A. Disable encryption to speed up the network B. Add another wireless access point C. Change from channel 1 to channel 6 D. Disable authentication Correct answer- B Tim has set up a wireless network for his small office of 50 users. Which of the following encryption protocols should he implement to ensure the highest level of encryption security? A. WAP B. WPA C. WEP 128 bit D. WPA3 Correct answer- D Tara is installing a wireless network in a manufacturing facility. Which of the following aspects of the wireless network should she concentrate on to prevent security issues with EMI? A. Use of WPA3 encryption B. Use of 802.11g or 802.11n C. Network name D. WAP and antenna placement Correct answer- D ___________________, often referred to as mobile sandboxing, creates containers within a mobile device that separate different types of data from each another, such as corporate and personal data. This is often used in BYOD. Correct answer- Data containerization On a mobile device, __________ allow(s) more performance-intensive applications to execute within their own segment to improve performance. A. Storage segmentation B. VDI C. Remote access controls D. MDM Correct answer- A You are creating a standard security baseline for all users who use company mobile phones. Which of the following is the most effective security measure to protect against unauthorized access to the mobile device? A. Enforce the use of a screen lock password. B. Enable the GPS chip. C. Install personal firewall software. D. Automatically perform a daily remote wipe. Correct answer- A __________ is a term that is similar to jailbreaking but is Android specific. A. Segmentation B. Virtualization C. Rooting D. Wiping Correct answer- C Apple's Face ID is an example of using what? A. VDI B. Biometrics C. Containerization D. Segmentation Correct answer- B To enforce _____________, the password should be at least 8 characters, with 10 to 12 being preferable for a standard user account (15 for an administrator/root account), and contain a mix of uppercase and lowercase letters, numbers, and special characters. Historically best practices have required changing passwords roughly every 90 days at a minimum Correct answer- password complexity ____________ refers to the security principle of starting a user out with no access rights and granting permissions to resources as required. Correct answer- Implicit deny When an employee leaves the company, his/her account should be immediately disabled. A True B False Correct answer- A Rowan works for a company that has had a string of incidents where weak employee passwords have been hacked through brute-force methods and then used by unauthorized users to gain access to the network. Which of the following security policies would be best for Rowan to implement to prevent brute-force hacking attempts on employee passwords? A. Password rotation B. Password length and complexity restrictions C. Password expiration D. Password lockout Correct answer- D Alex has already implemented a password expiration and rotation policy that forces his organization's users to change their password every 60 days. However, he is finding that many users are simply using their same password again. Which of the following can Alex implement to improve security? A. Password history B. Password complexity C. Password lockout D. Password expiry Correct answer- A An __________ creates, maintains, and manages identity information for an organization. A. Identity manager B. Identity provider C. Identity validator D. Identity authority Correct answer- B ___________ is a network authentication protocol, prominently used in Microsoft Windows Active Directory (AD) implementations. It uses Ticket Granting Tickets to authenticate. Correct answer- Kerberos ________________ is a centrally controlled model that allows access based on the role the user holds within the organization, and access control is granted to groups of users who perform a common function. Correct answer- Role-based access control (RBAC) ___________________ provides enhanced granularity when specifying access control policies and indicates specifically what can and cannot happen between a user and the resource. This type of access control policy is typically defined by an access control list (ACL), such as TCP Wrappers, which specifies a set of rules that must be followed before access is granted. Correct answer- Rule-based access control In a ______________ model, the operating system is in control of access to data. Military classification levels such as Confidential, Secret, and Top Secret are examples of MAC in which specific security access is restricted, depending on the classification of the data, the user's security clearance (or access) level, and the user's need to know. Correct answer- mandatory access control (MAC) ________________ enables data creators and owners to specify which users can access certain data. Correct answer- Discretionary access control (DAC) _________________ applies attributes to subjects and objects and allows or disallows access to objects based on their attributes. Correct answer- Attribute-based access control (ABAC) SAML implementations have three basic roles: the identity, the identity provider, and the __________. A. Internet provider B. service provider C. authentication provider D. authorization provider Correct answer- B Your organization has several home users with Internet access who require remote access to your organization's network. Which of the following remote access and authentication technologies would be the most secure? A. Dial-up access to a Kerberos server B. A VPN authenticated to a RADIUS server C. Telnet access to a local password database D. Wireless access to an LDAPS server Correct answer- B You are creating an access control model that will allow you to assign specific access policies depending on which network a user is on and not necessarily on the actual identity of the specific user. Which privilege management access control model would you use? A. Rule-based access control B. Discretionary access control C. Attribute-based access control D. Mandatory access control Correct answer- A A ______________________ is an organization or entity that issues and manages digital certificates and is responsible for authenticating and identifying users who participate in the PKI. Correct answer- certificate authority (CA) Some of the actual authentication and identification services for certificates are managed by other organizations called ______________. Correct answer- registration authorities (RAs) When a certificate is revoked, it's placed on a CA's _________, which includes certificates that have been revoked before their expiration date by the CA. Correct answer- certificate revocation list (CRL) The ___________________ was developed as a more resource-efficient alternative to CRLs. Correct answer- Online Certificate Status Protocol (OCSP) The ________________ defines some of the infrastructure involved in requesting, processing, and issuing a certificate. Correct answer- X.509 standard To improve the integrity and authentication of your encryption systems, you have contacted a CA to generate which of the following items for you? A. Digital certificate and public/private key pair B. Public key and a private hash C. Private key and a certificate D. Secret key for the local encryption server Correct answer- A You have been tasked with contacting your CA and revoking your company's current web server certificate. Whic