A cyberattacker changes the website of a pharmacy so it displays incorrect information about COVID testing. This is an example of what kind of compromise? A. Confidentiality B. Integrity C. Availability D. Nonrepudiation.
The function of a computer system that verifies the identity of a user is called _________. A. Authentication B. Authorization C. Authenticity D. Availability.
3. Jane received an electronic message from Fred that was digitally signed proving it came from him. However, Fred said he never sent it This is an example of what message integrity characteristic? A. Nonreputation B. Nonrefutability C. Nonrepudiation D. Authenticity.
4. Which of the following elements do not apply to privacy? A. Confidentiality B. Integrity C. Availability D. None of the above.
5. Information assurance refers to the ____________ of information security. A. Quality B. Confidentiality C. Ethics D. Measurement.
6. What is the first thing a cyberattacker would want to do to launch an attack against an organization? A. Learn about the organization’s vulnerabilities. B. Learn about the organization’s business, including domain names, corporate information, facilities, names of employees, etc. C. Deploy malware. D. Steal data.
7. An earthquake is an example of a ____________? A. Threat agent B. Threat C. Vulnerability D. Risk.
You are asked to perform a risk assessment of an information system for the purpose of recommending the most appropriate security controls. You have a short amount of time to do this. You have information about how each asset in the system is used and its importance to the business, but you have no financial information about the assets or the information systems. Which is the most appropriate method to use for this assessment? A. Qualitative B. Threat modeling C. Quantitative D. Delphi.
You are asked to implement a risk treatment in which your IT department is removing a server from the environment that it deems is too risky due to having too many vulnerabilities in it. You have just practiced which type of risk treatment? A. Risk transfer B. Risk avoidance C. Risk acceptance D. Risk mitigation.
A security engineer is performing a review of an organization’s datacenter security controls. They document that the datacenter lacks security cameras for monitoring the facilities. What type of control does this represent? A. Administrative B. Technical C. Physical D. Logical.
Which of the following statements is true regarding the types of security controls? A. Physical controls are also referred to as logical controls. B. Logical controls are also referred to as managerial controls. C. Physical controls are also referred to as managerial controls. D. Administrative controls are also referred to as soft controls.
The senior security engineer is creating a document that provides step-by-step instructions on how to launch a vulnerability scan utilizing the organization’s vulnerability scanning tool that all security engineers will be required to follow. Which of the following governance elements is this an example of? A. Policy B. Procedure C. Guideline D. Law.
An information security policy is an example of which of the following types of controls? A. Administrative B. Technical C. Logical D. Physical.
Sarah is a security engineer for a Software as a Service (SaaS) organization. Her friend Kyle is a systems administrator for the organization and helped her get the job by serving as a reference. While reviewing some system logs, Sarah discovered that Kyle is running a crypto-mining program on a company server for his own financial gain. How should Sarah respond to this situation? A. Ask Kyle to stop B. Ask Kyle to share the profits with her C. Mind her own business D. Escalate to senior management.
Jane is a security administrator setting up access for a new employee who works in the manufacturing department. Jane makes sure to enable the employee’s access for the manufacturing area but not for the parts storage area. What best describes the principle Jane is applying? A. Principle of authentication B. Two-person rule C. Need to know D. Least privilege.
Which statement best describes the relationship between subjects, objects, and rules? A. A subject grants access to an object based on rules. B. An object is granted access to a subject based on rules. C. A subject is granted access to an object based on rules. D. An object is granted access to a subject based on credentials.
Credentials are composed of which of the following elements? A. Username and password B. Authorization and accountability C. Something you know and something you have D. Subjects and objects.
Joe has to log in to many systems on a daily basis and has too many passwords to remember. What is the best way for Joe to manage his passwords? A. Write the passwords down on a piece of paper. B. Store the passwords in a text file and store it in a safe place. C. Use the same password for every system so he only has to remember one password. D. Use a password manager or password vault software.
Debby has been an employee of Acme Corp. for over 20 years. During that time, she has been able to access more and more systems. Now she has access to systems she doesn’t even need access to in order to do her job. This is an example of what type of situation? A. Privilege modification B. Access management C. Privileged access management D. Privilege creep.
The identity and access management lifecycle consists of which steps? A. Provisioning, review, revocation B. Setup, review, auditing C. Creation, monitoring, termination D. Identification, authentication, authorization.
Which of the following access control models leverages roles to provision access, where users with similar access needs are assigned to the same role? A. DAC B. MAC C. RBAC D. None of the above.
An organization is concerned about the risk of a car driving from the parking lot through the entrance of the building. Which of the following security measures would best help address this concern? A. Biometrics B. RBAC C. Badge system D. Bollards.
The security team is reviewing the configuration of the door that serves as the only entrance or exit to the datacenter. Organization personnel commonly access the datacenter to perform their work. In the event of a fire that impacts power to the door-locking mechanism, which of the following configurations is best? A. The door should always remain locked. B. The door should fail-secure. C. The door should fail-open. D. The door should automatically lock when there is no power.
The security team of an organization is concerned about the physical security of datacenter access. They want the datacenter entrance built in such a way that there are two doors with locks and the first door must close before the next door can be unlocked. Which of the following is this an example of? A. Bollard B. Mantrap C. Fence D. Biometric lock.
Which of the following access control models allows the creator of a resource the ability to assign permissions to other users? A. DAC B. MAC C. RBAC D. None of the above.
Which of the following is referred to as a physical address in computer networking? A. IPv4 address B. IPv6 address C. MAC address D. Loopback address.
How many layers are there in the OSI model? A. 8 B. 7 C. 6 D. 5.
Which of the following terms best describes a computer that provides content to other computers such as a website or an application? A. Client B. Server C. Endpoint D. Router.
What is the name of the seventh layer of the OSI model? A. Application B. Session C. Presentation D. Network.
Which of the following attacks are most likely to be carried out by a botnet? A. Advanced persistent threat attack B. DDoS attack C. Trojan horse attack D. Backdoor attack.
What is the best description of the difference between a phishing e-mail and a spear phishing e-mail? A. A phishing e-mail is sent to a specific person; a spear phishing e-mail is sent to an entire company. B. A phishing e-mail is sent to random recipients; a spear phishing e-mail is sent to specific recipients. C. A phishing e-mail is sent to an entire company; a spear phishing e-mail is sent to a specific person. D. A spear phishing e-mail is sent to random recipients; a phishing e-mail is sent to specific recipients.
Which of the following is not a true statement about a worm? A. It can replicate itself. B. It is a type of malware. C. It is a type of botnet. D. It does not require a host program to infect and deliver it to the victim system.
A rainbow table attack seeks to mitigate the limitations of dictionary or brute force attacks by precomputing the hash of passwords and storing them for later comparison. A. True B. False.
What is the primary difference between an IDS and an IPS? A. They both do the same thing. B. An IDS detects malicious activity, whereas an IPS prevents the activity from happening in the first place. C. An IDS detects malicious activity, whereas an IPS monitors system performance. D. An IDS detects malicious activity, whereas an IPS detects malicious activity and takes action on it.
Joe is a cyber criminal who has targeted a web server for a potential cyberattack. Joe wants to know if the server has any unpatched vulnerabilities he might be able to exploit. Which of the following actions is Joe most likely to take? A. Launch a smurf attack against the target server. B. Run a vulnerability scan against the target server. C. Send a phishing e-mail to the target server. D. Send a spear phishing e-mail to the target server.
__________________ is a method of attack where a hacker enters SQL commands into fields on a vulnerable web page. The commands are executed without proper authorization. A. Buffer overflow B. SQL injection C. HTTP response splitting D. Backdoor.
Most cyber criminals would agree that _________________ are the weakest link in cybersecurity. A. Passwords B. Backdoors C. Laws D. People.
A hacker uses a phishing attack to obtain a user’s credentials, access their company’s database, and steal proprietary information. This is an example of _______________. A. Denial of service B. Advanced persistent threat C. Extortion D. Data exfiltration.
A sophisticated cyber criminal gains access to a financial institution’s e-mail server, installs malware, and then over a period of weeks, moves to other servers and systems on the company’s network, installing other malware and tools, finding other credentials, stealing data, and scrubbing logs to cover her tracks. Which term best describes this type of activity? A. Denial of service attack B. Advanced persistent threat attack C. Extortion attack D. Website defacement attack.
Mary is a network engineer who wants to install a firewall in front of a database server to hide its IP address. What type of firewall should Mary choose? A. Proxy B. Packet filter C. Stateful/dynamic packet filter D. Database filter.
Antivirus software vendors use ______________ to keep up with the latest information about viruses and threats. A. Google B. National Vulnerability Database C. Threat intelligence D. National Security Agency.
When leveraging a third-party cloud service provider, which of the following is always the responsibility of the provider? A. Data security B. Physical security of the datacenter C. Identity and access management controls D. Endpoint protection.
An organization is utilizing a public cloud from a cloud service whose service offering allows the organization to use a framework to build and deploy custom applications. Which of the following cloud service models is being utilized? A. IaaS B. PaaS C. SaaS D. On-premises.
An organization is using a cloud service provider to host their infrastructure. The cloud service provider manages the underlying infrastructure, and the organization manages the platforms and software (such as the OS, development tools, and applications). Which of the following cloud service models is being utilized? A. IaaS B. PaaS C. SaaS D. On-premises.
An organization has built out a cloud environment in their own datacenter for exclusive use by their employees to allow other teams to provision and manage virtual resources. Which of the following cloud deployment models is this an example of? A. Public B. Private C. Community D. Hybrid.
An organization is hosting applications in a private cloud environment and also making use of Amazon Web Services (AWS) to load-balance the traffic for applications if there is a spike in demand. Which of the following cloud deployment models is this an example of? A. Public B. Private C. Community D. Hybrid.
An organization is utilizing Google Mail (Gmail) as their e-mail service provider. Which of the following types of cloud service models is being utilized? A. SaaS B. PaaS C. IaaS D. On-premises.
Alice sends Bob a message encrypted with a private key. Bob decrypts the message with the same private key. Which of the following types of encryption is this an example of? A. Asymmetric B. Symmetric C. Hashing D. None of the above.
Which of the following is not a secure method of data deletion? A. Emptying the recycle bin on your computer desktop B. Physical destruction of a hard drive C. Zeroization D. Overwriting.
Which of the following can be used to create message digests? A. Symmetric encryption algorithms B. Asymmetric encryption algorithms C. Hash functions D. All of the above.
A security administrator is looking for ways to automate the monitoring of logs throughout the environment. Which of the following solutions would help provide automated monitoring capability? A. Regularly review the logs B. Store the logs on a centralized log server C. Implement a SIEM D. Implement a firewall.
Which of the following types of encryption uses two keys: one for encryption and a separate key for decryption? A. Asymmetric B. Symmetric C. Hashing D. None of the above.
As the new CISO of his organization, Joe decided to initiate a comprehensive set of scans. The scans reported that nearly all of his endpoints have known operating system vulnerabilities. What is the most likely root cause of this situation? A. The organization is the victim of an advanced persistent threat. B. The endpoints do not have up-to-date antimalware software installed. C. The endpoints have not been kept up-to-date with the latest security patches. D. Brute force attack.
A network administrator found that one of the firewalls was no longer configured in accordance with recommended settings from DISA as it once was. What is the most likely reason for this? A. The settings from DISA were incorrect. B. Configuration management procedures for the device were not followed. C. Privilege creep. D. Data integrity.
Mary isn’t sure if she is allowed to use her company-owned laptop to send messages to her friend on Facebook. To find out if she can, which policy should she refer to? A. AUP B. BYOD policy C. Data handling policy D. None of the above.
Of the policies listed, which one is most likely to provide guidance on connecting a home computer to the work network via VPN? A. AUP B. BYOD C. Data handling policy D. None of the above.
An employee notices a poster in the lunchroom reminding her about not writing down her passwords but instead to use the company-provided password vault software. What is this an example of? A. Security awareness B. Security training C. Security policy D. Security testing.
What is the best reason to provide social engineering training to employees? A. To show people how to perform a social engineering attack B. So employees can report security violations to management C. To teach people what to look out for D. None of the above.
During which phase of the incident response process is the incident response plan developed and documented? A. Preparation B. Containment, eradication, and recovery C. Detection and analysis D. Post-incident activity.
During which phase of the incident response process does the lessons-learned assessment take place? A. Detection and analysis B. Containment, eradication, and recovery C. Preparation D. Post-incident activity.
A security analyst is reviewing log files from a system to determine if a security incident has occurred. This is an example of an activity that takes place in which of the following incident response process phases? A. Containment, eradication, and recovery B. Detection and analysis C. Preparation D. Post-incident activity.
In which phase of the incident response process would a security analyst recover a system from a backup? A. Preparation B. Detection and analysis C. Post-incident activity D. Containment, eradication, and recovery.
What phase comes after the detection and analysis phase in the incident response process? A. Containment, eradication, and recovery B. Preparation C. Post-incident activity D. Detection and analysis is the last phase of the process.
Carol is tasked with creating a business continuity plan for her organization. What should she do to determine which of her organization’s business functions should be restored in the event of an incident? A. Conduct a risk assessment. B. Interview key stakeholders throughout the organization. C. Calculate the MTD for each business function. D. Conduct a business impact analysis.
Of the following which is the most likely reason(s) a business continuity program might fail? A. Failure to test the plan and procedures B. Failure to document activation procedures C. Failure to address the threats the organization is most likely to face D. All of the above.
Alice is responsible for designing her organization’s datacenter to provide resiliency in the event of a disaster. If a disaster occurs, she wants to have the new datacenter up and running within a few days, but she does not want to incur the cost of building a full datacenter with all equipment fully installed and configured. Which of the following options is the best choice for her situation? A. Hot site B. Warm site C. Cold site D. Tertiary site.
|
