Chapter 14: Mock Exam 2
- You are a security administrator and you wish to implement an encrypted method of authentication for your wireless network. Which of the following protocols is the most secure for your wireless network?
a. WPA2-PSK
b. EAP-TLS
c. PEAP
d. PAP
- You work on the cybersecurity team of a large multinational corporation, and you have been alerted to an attack on the web server inside your screened subnet that is used for selling your products on the internet. You can see by running netstat that you have an unknown active connection. What should be the first step you take when investigating this incident?
a. Isolate the web server by disconnecting it from the network to prevent further damage.
b. Disconnect all external active connections to ensure that any attack is stopped.
c. Run a packet sniffer to capture the network traffic to identify the attacker.
d. Take a screenshot of the damage done to the website and report the incident to the police.
- I need to purchase a certificate that I can install on five internet-facing mail servers. Which of the following is the most cost-effective solution?
a. PEM certificate
b. Wildcard certificate
c. Subject Alternative Name (SAN) certificate
d. Root certificate
- You are the operational manager for a financial company that has just suffered a disaster. Which of the following sites will you choose to be fully operational in the smallest amount of time?
a. Cold site
b. Warm site
c. Hot site
d. Off site
- The serious crimes agency has just taken control of a laptop belonging to a well-known criminal that they have been trying to track down for the last 20 years. They want to ensure that everything is done by the book and that no errors are made. What is the first step in their forensic investigation, prior to starting the chain of custody?
a. Make a system image of the laptop.
b. Place it in a polythene bag and seal it.
c. Hash the data so that data integrity is assured.
d. Ask for proof of ownership of the laptop.
- If an attacker is looking for information about the software versions that you use on your network, which of the following tools could they use? Select all that apply:
a. Netstat
b. Port scanning
c. Nmap
d. The harvester
- Footage of people relaxing in their homes started appearing on the internet without the knowledge of the people being filmed. The people being filmed were warned by relatives and co-workers, resulting in an enquiry being launched by the police. Initial evidence reported a similarity in that they had all recently purchased IoT devices, such as health monitors, baby monitors, smart TVs, and refrigerators. Which of the following best describes why the attacks were successful?
a. The devices' default configurations had not been changed.
b. Their houses had been broken into and hidden cameras were installed.
c. The victims' wireless networks were broadcasting beyond the boundaries of their homes.
d. The manufacturers of the devices installed hidden devices, allowing them to film.
- You are the network administrator for an IT training company that has over 20 training rooms that are all networked together in their Miami office. Last week they suffered an attack from the internet. What solution should be deployed to prevent this in the future?
a. Create a VLAN on the switch and put the corporate admin team in the VLAN.
b. Install a router in the LAN and place the corporate admin team in the new subnet.
c. Create a NAT from the firewall and put the corporate machines in that network.
d. Install a proxy server.
- A security administrator looked at the top five entries from a report received from a SIEM server that showed the following output:
What type of attack did the SIEM system discover:
a. Password history
b. Password spraying
c. RAT
d. Dictionary attack
- Your organization has many different ways of connecting to your network, ranging from VPN and RAS to 802.1x authentication switches. You need to implement a centrally managed authentication system that will record periods of access. Select the two most suitable methods of authentication:
a. PAP
b. TACACS+
c. NTLM
d. RADIUS
- From a security perspective, what is the major benefit of using imaging technology, such as Microsoft WDS server or Symantec Ghost, on image desktop computers and laptops that are being rolled out?
a. It provides a consistent baseline for all new machines.
b. It ensures that all machines are patched.
c. It reduces the number of vulnerabilities.
d. It allows a non-technical person to roll out the images.
- A company that is allowing people to access their internet application wants the people who log in to the application to use an account managed by someone else. An example of this is using their Facebook account with a technology called OpenID Connect. Which of the following protocols is this based on? Select the best choice:
a. Kerberos
b. SAML
c. OAuth 2.0
d. Federation Services
- A security administrator has discovered that members of the sales team are connecting their own laptops to the company network without permission. What type of threat to the network have they discovered?
a. Malicious insider
b. BYOD
c. Shadow IT
d. Competitor
- You are the security administrator for a medium-sized company that needs to enforce a much stricter password policy via group policy. The aims of this policy are to do the following:
- Prevent using the same password within 12 password changes.
- Ensure that users cannot change the password more than once a day.
- Prevent weak passwords or simple passwords, such as 123456 or password, from being used.
Select the options that you will need to fulfill all of these goals:
a. Enforce password history
b. Minimum password length
c. Passwords must meet complexity requirements
d. Minimum password age
e. Maximum password length
- You provide a service for people who have recently fulfilled their contract with their mobile phone provider to unlock their phone and then install third-party applications on it. They will then no longer be tied to using the mobile phone vendor's app store. Which of the following techniques will you use to achieve this? Select all that apply:
a. Tethering
b. Sideloading
c. Slipstreaming
d. Jailbreaking or rooting
e. Degaussing
- Which of the following is a standard for data privacy and handling?
a. SSAE
b. NIST
c. PCI DSS
d. GDPR
e. ISO 31000
- You are the security administrator of a multinational company that has recently prevented brute-force attacks by using account lockout settings with a low value using group policy. The CEO of the company has now dictated that the company will no longer use account lockout settings as he read an article about it and got the wrong impression. Facing this dilemma, how can you ensure that you can make it more difficult for brute force to be successful?
a. Obfuscation
b. Salting
c. XOR
d. ROT 13
- You want to protect the admin password for a wireless router. Which of the following wireless features would be most appropriate to achieve this objective?
a. WPA2-Enterprise
b. TKIP
c. WPS
d. PSK
e. CCMP
- Why would a network administrator install a Network Intrusion Detection System (NIDS)? Select the two best options.
a. It identifies vulnerabilities.
b. It identifies new network hosts.
c. It identifies viruses.
d. It identifies new traffic patterns.
e. It identifies new web servers.
- A web server was the victim of an integer overflow attack. How could this be prevented in the future?
a. Install a proxy server.
b. Install a SQL injection.
c. Input validation on forms.
d. Install a web application firewall.
- An attacker managed to access a guest machine and then attacked the database server and managed to exfiltrate the credit card details of 20,000 users. What type of attack did they carry out?
a. VM escape
b. VM sprawl
c. System sprawl
d. VM containerization
- Which of the following attacks cannot be detected by any monitoring systems?
a. Pass-the-hash
b. Man-in-the-middle
c. Zero-day virus
d. Smurf attacks
- You are the system administrator for a multinational company that wants to implement two-factor authentication. At present, you are using facial recognition as the method of access. Which of the following would allow you to obtain two-factor authentication? Select all that apply:
a. Palm reader
b. Signature verification
c. Thumb scanner
d. Gait
e. Iris scanner
- The security auditor has just visited your company and is recommending change management to reduce the risks from the unknown vulnerabilities of any new software introduced into the company. What will the auditor recommend for reducing the risk when you first evaluate the software? Select the best two practices to adopt from the following list:
a. Jailbreaking
b. Sandboxing
c. Bluesnarfing
d. Chroot jail
e. Fuzzing
- You are the owner of a small business that has just installed a terminal for allowing payment by credit/debit card. Which of the following regulations must you adhere to?
a. SSAE
b. NIST
c. PCI DSS
d. GDPR
e. ISO 31000
- You are the security administrator for a multinational corporation and you recently carried out a security audit. Following the audit, you told the server administrators to disable NTLM and enable Kerberos on all servers. Which of the following types of attack best describes why you took this action?
a. It will improve the server's performance.
b. To prevent a man-in-the-middle attack.
c. To prevent a pass-the-hash attack.
d. To prevent a poodle attack.
- The political adviser to the Prime Minister of the United Kingdom has returned from the two months of summer break that all staff are entitled to. He has applied for an immediate transfer to another department, stating that his health is bad, and the job was far too intense. When his replacement arrives, he finds that, during the summer recess, the political adviser has shredded all documents relating to a political inquiry that has involved his cousin. The police are immediately called in and say that they cannot prosecute the political adviser due to a lack of evidence. What precautions could the Houses of Parliament security team take to prevent further events such as this from happening in the future?
a. Create a change management document to ensure that the receptionists are more vigilant to people coming in out of hours.
b. Enforce time-based access restrictions so that nobody can access the IT systems during summer breaks.
c. Enforce separation of duties to ensure that any document that is destroyed has been witnessed by a second person.
d. Enforce mandatory vacations to prevent him coming in during the recess.
- You are the administrator for a large multinational organization. You wish to purchase a new biometric system. Which of the following is a critical factor when making the purchase?
a. High FAR
b. Low FRR
c. Low FAR
d. Low CER
e. High CER
f. High FRR
- You work in the forensics team of a very large multinational corporation, where an attack has happened across three different sites in two different countries. You are now going to install a SIEM server to collect the following log files from all of the locations.
- Security logs
- DNS logs
- Firewall logs
- NIPS logs
- NIDS logs
What is the first action that you need to take before collating these logs?
a. Apply time normalization to these logs.
b. Copy them into a worm drive so that they cannot be tampered with.
c. Sort out the sequence of events by site.
- You are working for the serious crimes unit of the United Nations and have been given a laptop to investigate. You need to ensure that the evidence you are investigating has not been tampered with during your investigation. How are you going to prove this to the court when it is time to present your findings? Which of the following techniques will you adopt to best prove this? Select all that apply:
a. MD5
b. 3DES
c. SHA1
d. Blowfish
- Fifteen developers are working on producing a new piece of software. After 4 weeks, they all submit the code that they have produced, and it has just been moved into the development phase of the software development. All of this code will be automated. What has just been carried out?
a. Continuous validation
b. Continuous monitoring
c. Continuous integration
d. Continuous development
e. Automated courses of action
- You are the security administrator for a multinational corporation that has an Active Directory domain. What type of attack uses HTML tags with JavaScript inserted between the <script> and </script> tags?
a. Cross-site scripting
b. Man-in-the-middle
c. Cross-site forgery attack
d. SQL injection
- You are the system administrator for an Active Directory domain and deal with authentication on a daily basis. Which of the following would you use as multifactor authentication?
a. Smart card
b. Kerberos
c. WPS
d. TOTP
- A company has just installed a new wireless network and has found that some devices are interfering with other wireless devices. Which of the following have the administrators failed to carry out? Choose the best two.
a. Heat map
b. Checking wireless channels
c. Site survey
d. Low-power directional antennas
- You are the security administrator for a multinational company, and you know that one of your X509 certificates, used in at least 300 desktop machines, has been compromised. What action are you going to take to protect the company, using the least amount of administrative effort?
a. Email the people involved and ask them to delete the X509 from their desktop immediately.
b. Carry out certificate pinning to prevent the CA from being compromised.
c. Revoke the root CA X509 so it is added to the CRL.
d. Revoke the X509 so it is added to the CRL.
- A biometric system has been letting in unauthorized users ever since it had a patch upgrade. Which of the following is being measured?
a. CER
b. FAR
c. FRR
d. CVE
- Which of the following is footprinting?
a. Creating a list of approved applications
b. Listing network connections
c. Creating a diagram about network connections and hosts
d. A list of approved applications
- You need to install a new wireless access point that should be as secure as possible, while also being backward compatible with legacy wireless systems. Which of the following do you choose to implement?
a. WPA2 PSK
b. WPA
c. WPA2 CCMP
d. WPA2 TKIP
- You are the security administrator for a multinational corporation based in Miami, and your company has recently suffered a replay attack. Following lessons learned, you have decided to use a protocol that uses timestamps and USN to prevent replay attacks. Which of the following protocols is being implemented here? Select the best answer:
a. Federation Services
b. EAP-TLS
c. Kerberos
d. RADIUS Federation
- A company recently suffered a break-in, where the company's research and development data was stolen, and the assembly line was damaged. Which of the following threat actors is most likely to have carried this out?
a. A criminal syndicate
b. A competitor
c. A script kiddie
d. A nation state
- You are the new IT director of a small, family-owned business that is rapidly expanding. You have submitted your annual budget for the IT team and the owners of the company want to know why you have asked for funds for vendor diversity. They have asked you to provide two good reasons as to why they should grant you the funds. Which of the following are the most suitable reasons why you wish to implement vendor diversity?
a. Reliability.
b. Regulatory compliance.
c. It is a best practice in your industry.
d. Resilience.
- You are the network administrator for a large multinational corporation, and you have captured packets that show that the administrators' credentials between their desktop and the network devices are in clear text. Which of the following protocols could be used to secure the authentication? Select the best choice.
a. SNMP V 3
c. SCP
d. SFTP
- You are the auditor of a large multinational corporation and the SIEM server has been finding vulnerabilities on a server. Manual inspection proves that it has been fully hardened and has no vulnerabilities. What are the two main reasons why the SIEM server is producing this output?
a. There was a zero-day virus.
b. False negatives.
c. False positives.
d. The wrong filter was used to audit.
- You are the purchasing manager for a very large multinational company, and you are looking at the company's policy of dealing with the insurance of laptops. Last year, the company lost a record number of laptops. Your company is losing 10 laptops per month and the monthly insurance cost is $10,000. Which of the following laptop purchases would prevent you from purchasing insurance?
a. A budget laptop at $1,300 each
b. A budget laptop at $1,200 each
c. A budget laptop at $1,000 each
d. A budget laptop at $1,001 each
- Which of the following is a measure of reliability?
a. MTTR
b. MTBF
c. MTTF
d. RPO
- A research and development computer that holds trade secrets needs to be isolated from other machines on the network. Which of the following is the best solution?
a. VLAN
b. PVC
c. Air gap
d. Containment
- Which of the following constitutes risk transference? Choose two:
a. Outsourcing your IT support
b. Purchasing anti-virus software
c. Identifying and classifying the asset
d. Purchasing cybersecurity insurance
- Which of the following are the characteristics of a third-party to third-party authentication protocol that uses XML-based authentication?
a. Single sign-on (SSO)
b. Kerberos
c. SAML
d. Secure Shell
- A cybersecurity administrator is looking at a customer database and has noticed the following against the credit card of a customer:
**** **** **** 3456
What has the administrator come across?
a. Tokenization
b. Obfuscation
c. Data masking
d. XOR
- A security administrator found that a domain controller was infected by a virus. They isolated it from the network and then removed the virus and turned off the telnet service? Which of the following has the administrator just carried out?
a. Containment
b. Eradication
c. Recovery
d. Lessons learned