Security+

Questions and Answers

What action is permitted for HTTP traffic originating from 10.0.1.1/24 according to the firewall configuration?

Denied

In the firewall configuration, which IP range is allowed to establish SSH connections?

192.168.0.1/24

Which of the following protocols is NOT permitted from ANY IP to 10.0.1.1/24?

HTTP

What is the common permission for HTTPS traffic in both firewall configurations?

Permit

Which IP range is allowed to establish DNS connections according to the firewall configurations?

192.168.0.1/24

What is the action taken for HTTP traffic originating from 192.168.0.1/24 in Firewall 3?

Denied

What is the purpose of the rule 'ANY - 10.0.0.1/24 - SSH - PERMIT' in Firewall 1?

To allow inbound SSH traffic from any source to 10.0.0.1/24 subnet

Why is the rule 'ANY - 10.0.0.1/24 - HTTP - DENY' present in Firewall 1 configuration?

To deny HTTP traffic from any source to the 10.0.0.1/24 subnet

In the context of the given Firewall 1 configuration, what is the purpose of the rule '10.0.0.1/24 - ANY - DNS - PERMIT'?

To allow DNS traffic from any source to the 10.0.0.1/24 subnet

Considering Firewall 1's configuration, what does 'ANY - 10.0.0.1/24 - HTTPS - PERMIT' signify?

Allowing inbound HTTPS traffic from any source to the 10.0.0.1/24 subnet

What is the significance of 'ANY - 10.0.0.1/24 - ANY - HTTPS - PERMIT' in Firewall 1's setup?

Allowing outbound HTTPS traffic from the 10.0.0.1/24 subnet to any destination

What is the primary reason for including 'ANY - 10.0.0.1/24 - HTTPS - PERMIT' rule in Firewall 1 configuration?

To allow inbound HTTPS traffic from any source to the 10.0.0.1/24 subnet

What is the purpose of a firewall in a network?

To filter incoming and outgoing network traffic based on predefined rules

Which type of firewall inspects data at the application layer?

Application-level gateway firewall

What is the primary function of a stateful inspection firewall?

To track and monitor the state of network connections

Which firewall configuration is suitable for highly secure environments that require strict control over network traffic?

Deny by default

What is the purpose of a demilitarized zone (DMZ) in a firewall configuration?

To provide a secure area for hosting public-facing servers

Which firewall technology can inspect and filter traffic based on the application-level content?

Deep packet inspection firewall

What is the primary purpose of the 'ANY - 10.0.0.1/24 - HTTPS - PERMIT' rule in Firewall 1?

Permitting HTTPS traffic to 10.0.0.1/24

What is the purpose of the 'ANY - 10.0.0.1/24 - SSH - PERMIT' rule in Firewall 1?

Permitting SSH traffic to 10.0.0.1/24

Which action does the 'ANY - 10.0.0.1/24 - HTTP - DENY' rule take in Firewall 1?

Block HTTP traffic from any source to 10.0.0.1/24

What is the significance of the 'ANY - 10.0.0.1/24 - DNS - PERMIT' rule in Firewall 1's configuration?

Allowing DNS traffic from any source to 10.0.0.1/24

Which traffic does the rule 'ANY - 10.0.0.1/24 - HTTPS - PERMIT' in Firewall 1 specifically allow?

HTTPS traffic to 10.0.0.1/24

What is the primary responsibility of a data owner?

Determining how the data may be used

In the context of firewall configurations, what does 'ANY - 10.0.0.1/24 - HTTPS - PERMIT' signify?

Allowing any traffic from 10.0.0.1/24 using HTTPS

Which action is a data custodian responsible for?

Implementing protection for data

What does a network engineer need to implement to allow guests at the company's headquarters to access only the Internet via WiFi?

Agreement to acceptable use policy before granting Internet access

How does a firewall protect an internal corporate network from unauthorized access?

Filtering and blocking undesired network traffic

Based on the firewall configurations provided, which IP range is allowed to establish HTTPS connections to 10.0.0.1/24?

Any IP address

Which firewall rule in the provided configurations would prevent unauthorized access to sensitive data stored on a system?

Air gap

If a system needs to be protected from Internet-based attacks, which configuration should be implemented according to the information provided?

Air gap

According to the firewall configurations, which protocol is explicitly denied for connections originating from any IP address to 10.0.0.1/24?

HTTP

Which RAID configuration would ensure no data loss if one hard drive fails, according to the information provided?

RAID 1

What is the purpose of the rule 'ANY - 10.0.1.1/24 - SSH - PERMIT' in Firewall 2?

To allow incoming SSH connections from any IP address to the 10.0.1.1/24 network

What is the significance of the rule 'ANY - 10.0.1.1/24 - HTTP - DENY' in Firewall 2?

It denies incoming HTTP connections from any IP address to the 10.0.1.1/24 network

Based on the firewall configurations, which protocol is permitted for both 10.0.1.1/24 and 192.168.0.1/24 networks?

HTTPS

What is the purpose of the rule '192.168.0.1/24 - ANY - DNS - PERMIT' in Firewall 3?

To allow outgoing DNS requests from the 192.168.0.1/24 network to any IP address

Which type of firewall technology is likely used in the given configurations, based on the rules that specify protocols like HTTP, HTTPS, and SSH?

Application-level gateway firewall

Based on the firewall configurations, which protocol is permitted from any IP address to 10.0.0.1/24?

HTTPS and SSH

Which of the following IP ranges is denied access to HTTP services according to the firewall configurations?

192.168.0.1/24

What is the purpose of the rule 'ANY - 10.0.0.1/24 - DNS - PERMIT' in the firewall configuration?

To permit DNS server access from the 10.0.0.1/24 subnet to any IP address

According to the firewall configurations, which statement is true about SSH connections?

SSH connections are permitted from any IP address to 10.0.0.1/24

Based on the firewall configurations, which IP range is permitted to access HTTP services?

10.0.1.1/24

Based on the information provided, which of the following is the most likely cause of the security alert?

A phishing attempt using a malicious link

What should be the security administrator's next step to mitigate the identified threat?

Implement a web application firewall (WAF) to inspect HTTP traffic

Which firewall configuration would be most effective in preventing similar phishing attempts in the future?

A stateful inspection firewall with application-layer filtering

Which of the following actions would be the least effective in mitigating the identified threat?

Disabling JavaScript execution in web browsers on the internal network

Which of the following firewall configurations would be most suitable for a highly secure environment that requires strict control over network traffic?

A stateful inspection firewall with application-layer filtering and intrusion prevention capabilities

What is the MOST effective way to mitigate the reported vulnerability?

An IP blacklist

What security concerns are associated with hosting a web application and database in the cloud?

The cloud vendor is a new attack vector within the supply chain

What type of attack is MOST likely seen in the provided packet capture at the coffee shop?

Evil twin

Which method is NOT effective for mitigating the reported vulnerability?

Creating an IP whitelist

What is a potential risk of outsourcing code development in a cloud environment?

Loss of internal control

In a coffee shop scenario, what does poor wireless network performance often indicate?

Interference from neighboring devices

What is typically a disadvantage of DNS sinkholing as a security measure?

It blocks legitimate traffic

What is a potential drawback of implementing application whitelisting?

Increased false positive alerts

What is a possible consequence of having an outdated blacklist for IP filtering?

Vulnerability to new threats

Why is it important to regularly review and update DLP rules on terminals?

To ensure protection against evolving data security threats

What is the BEST network type that the administrator can use to gather information?

Honeynet

What best describes the current situation where passwords for one system have been compromised, but unusual login activity has been detected for another system?

Compromised password file brute-force hacked

Which security control is NOT being enforced based on the given scenario?

Single sign-on

What issue arises when users are detected logging in while on vacation?

Lack of multi-factor authentication

Why are some compromised passwords valid on multiple systems according to the incident response team?

Reused passwords by users

What is the potential risk of not centralizing storage of passwords as per the organization's policy?

Higher risk of password database breaches

What is likely happening when unusual login activity is detected for the separate system?

'Credential stuffing' attempt

What action does isolation involve in incident response?

Removing affected components from the environment

How does isolation help in incident response?

It helps contain the incident and prevent its spread

What is the main concern of the Chief Information Officer (CIO) in the scenario provided?

Customer privacy and organizational security

How can the organization address the CIO's concerns about security and customer privacy?

Enhancing security measures for mobile devices

What is a critical consideration when newly hired salespersons rely on mobile devices for business operations?

Data encryption methods

Why might the CIO contemplate scaling down the organization as quickly as it scaled up?

To optimize resource allocation

'Isolation' in incident response involves:

Protecting affected components from further impact

What should the network security manager consult FIRST to determine a priority list for forensic review?

The vulnerability scan output

How can the financial organization BEST allow sharing of important PII with the secure application?

Configure the DLP policies to whitelist this application with the specific PII

What would BEST explain the appliance's vulnerable state during the last two assessments?

Lack of regular patching

What is the primary purpose of consulting IDS logs in a cybersecurity scenario?

Detecting and alerting on suspicious network activity

In the context of security appliances, why is full packet capture data valuable for forensic investigations?

To reconstruct network events for analysis

What action would be MOST effective in preventing sensitive data breaches due to a vulnerable OS?

Conducting regular security assessments

Why is it crucial to configure DLP policies to whitelist specific applications for data sharing?

To prevent sensitive data leakage

What could be a significant impact of not addressing vulnerabilities identified during a security assessment?

Data loss or theft

Which of the following approaches would be most effective in mitigating the CEO's concern about employees accessing the company's network from high-risk countries while on vacation?

Implement geolocation restrictions to block access from certain high-risk countries

The document named 'password.txt' is likely placed on the administrator's desktop as:

A honeyfile intended to lure and detect potential cyber intruders

To ensure appropriate data protection in the DLP solution, which of the following approaches should the company take?

Assign different DLP rules based on the data type (PII, financial information, health information)

In the context of a development team, which process is described as bringing code changes from multiple team members into the same project through automation and utilizing a tool for code validation and version control?

Continuous integration

If the company wants to prevent employees from accessing social media sites during work hours, which of the following would be the most effective approach?

Implement web content filtering to block access to social media sites

Which RAID level should a cybersecurity administrator select to add disk redundancy and fault tolerance for a critical server, capable of withstanding two simultaneous drive failures?

RAID 6

Which of the following is a potential drawback of implementing geolocation restrictions for remote access?

Employees may be unable to access the network while traveling for business purposes

In a development team's practice of continuous integration, which of the following tools is typically utilized to validate code and track source code through version control?

Version control system

Which of the following techniques would be most effective in preventing data exfiltration by malicious insiders?

Implement data loss prevention (DLP) solutions to monitor and control data movement

What is the primary purpose of implementing RAID 6 in a server environment?

Enhance data redundancy and fault tolerance

Which of the following approaches would be most effective in ensuring compliance with data privacy regulations when implementing DLP rules?

Assign different DLP rules based on the data type and applicable regulations

Which of the following statements best describes the purpose of a honeyfile in cybersecurity?

It is a decoy file containing sensitive data to lure and detect potential attackers

Which of the following approaches would be most effective in preventing unauthorized access to sensitive data stored on the file server?

Use role-based access controls to restrict access based on employee roles and responsibilities

In the context of software development, what is the primary benefit of implementing continuous integration practices?

Improved code quality and early detection of issues

Which of the following scenarios best justifies the use of RAID 6 over other RAID levels?

A mission-critical server handling sensitive data, requiring maximum fault tolerance

Which of the following approaches would be most effective in ensuring that employees can access the company's network securely while traveling for business purposes?

Use virtual private network (VPN) connections to securely access the company's network

In Firewall 2's configuration, which traffic would be allowed for connections originating from the IP range 10.0.1.1/24?

HTTPS

What is the primary function of the 'ANY - 192.168.0.1/24 - HTTP - DENY' rule in Firewall 3's configuration?

To deny SSH traffic

Which protocol is explicitly permitted for connections originating from ANY IP address to the IP range 192.168.0.1/24 in Firewall 3's configuration?

DNS

What is the significance of the 'ANY - 192.168.0.1/24 - HTTPS - PERMIT' rule in Firewall 3's setup?

Permits HTTPS traffic

Based on the provided information, which traffic would be DENIED by both Firewall 2 and Firewall 3 configurations?

HTTP traffic

What network security measure physically isolates a secure computer network from unsecured networks, such as the public Internet?

Air gap

In a highly secure environment requiring strict control over network traffic, which RAID configuration would be most appropriate?

RAID 1

Which firewall technology can inspect and filter network traffic based on application-level content?

Proxy firewall

Which rule in a firewall configuration allows connections from any IP to 10.0.0.1/24 using the DNS protocol?

'10.0.0.1/24 - ANY - DNS - PERMIT'

To protect a system from Internet-based attacks, what network security measure should be implemented to physically isolate the system from the Internet?

Air gap

What is the primary purpose of establishing a transitive trust in a network environment?

To automatically establish trust between parent and child domains

In the context of systems administration, what is the main purpose of enforcing key-based authentication over SSH?

To guide users on creating public/private key pairs for server installation

What is the BEST use case scenario for implementing a Web Application Firewall (WAF)?

To protect publicly accessible websites hosted on web servers

What action should a network security manager take to enhance security after detecting compromised passwords and unusual login activities?

Disable username/password authentication and enable TOTP for SSH connections

If a cybersecurity administrator wants to add disk redundancy and fault tolerance to a critical server, which RAID level should be selected?

RAID 10

Based on the firewall configurations, what is the purpose of the rule 'ANY - 10.0.0.1/24 - HTTPS - PERMIT' in Firewall 1?

To allow secure HTTPS connections from any IP address to the 10.0.0.1/24 subnet

According to the firewall configurations, which protocol is permitted from any IP address to 10.0.0.1/24 in Firewall 1?

HTTPS

Which of the following rules in Firewall 1 would prevent unauthorized access to sensitive data stored on a system within the 10.0.0.1/24 subnet?

ANY - 10.0.0.1/24 - HTTP - DENY

Based on the firewall configurations, which IP range is allowed to establish SSH connections to 10.0.0.1/24 in Firewall 1?

Any IP address

Which of the following rules in Firewall 1 would be most effective in preventing unauthorized access to sensitive data stored on a system within the 10.0.0.1/24 subnet?

ANY - 10.0.0.1/24 - HTTP - DENY

What does the rule 'ANY - 10.0.1.1/24 - HTTP - DENY' in Firewall 2 signify?

It blocks HTTP traffic originating from the 10.0.1.1/24 network to any destination

Which IP range is allowed to establish DNS connections according to the firewall configurations?

10.0.0.1/24

What is the action taken for HTTP traffic originating from 192.168.0.1/24 in Firewall 3?

It permits the traffic

Which of the following statements is true about SSH connections based on the firewall configurations?

SSH connections are permitted for both 10.0.1.1/24 and 192.168.0.1/24 networks

What traffic does the rule 'ANY - 10.0.0.1/24 - HTTPS - PERMIT' in Firewall 1 specifically allow?

HTTPS traffic to any destination from the 10.0.0.1/24 network

What is the BEST course of action for the security administrator to take based on the provided information?

Implement a host-based firewall rule to block future events of this type from occurring.

In Firewall 1's setup, what does 'ANY - 10.0.0.1/24 - SSH - PERMIT' signify?

Allowing SSH traffic from any source to the 10.0.0.1/24 network.

What is the significance of 'ANY - 10.0.0.1/24 - ANY - HTTPS - PERMIT' in Firewall 1's setup?

Allowing HTTPS traffic from any source to the 10.0.0.1/24 network.

Which firewall configuration would be most suitable for a highly secure environment that requires strict control over network traffic?

ANY - ANY - ANY - DENY

Which type of firewall inspects data at the application layer?

Proxy firewall

Based on the firewall configurations, which statement is true regarding HTTP traffic originating from the 192.168.0.1/24 network?

It is implicitly denied due to the lack of an explicit permit rule.

Which of the following statements correctly describes the handling of SSH traffic according to the firewall configurations?

SSH traffic is permitted from any IP address to 10.0.0.1/24.

Which of the following statements best explains the purpose of the 'ANY - 10.0.0.1/24 - HTTP - DENY' rule in Firewall 1?

To explicitly deny HTTP traffic from any IP address to the 10.0.0.1/24 network.

Which type of firewall technology is most likely being used, based on the rules specifying protocols like HTTP, HTTPS, and SSH?

Stateful inspection firewall

According to the firewall configurations, which statement is true regarding HTTPS traffic?

HTTPS traffic is permitted from any IP address to 10.0.0.1/24.

Which of the following firewall configurations would be most suitable for a highly secure environment that requires strict control over network traffic?

Implicit deny with explicit permit rules for allowed traffic.

Based on the firewall configurations, which IP range is explicitly denied access to HTTP services?

There is no explicit deny rule for any IP range.

Which of the following statements correctly describes the handling of traffic not explicitly permitted or denied by the firewall configurations?

It is implicitly denied.

Which of the following actions would be the most effective in mitigating the risk of unauthorized access to the 10.0.0.1/24 network?

Adding explicit permit rules for specific IP ranges and protocols to access 10.0.0.1/24.

What is the MOST likely result of improperly configured user accounts?

Privilege escalation

An organization is concerned about video emissions from users' desktops. What is the BEST solution to implement?

Screen filters

What should the security administrator do after finding the PCAP associated with the event described in the logs?

Implement a host-based firewall rule to block future events

What is a critical action to prevent unauthorized access to sensitive data stored on systems within a subnet?

Enforcing strict password policies

Which of the following would typically NOT be a result of improperly configured user accounts?

Malware infection

What could be a consequence of ignoring alerts from perimeter UTM devices like in the scenario provided?

Data breach

Which security standard must a company comply with when accepting credit cards for payment on its e-commerce platform?

PCI DSS

What is a security exploit for which a vendor patch is not readily available?

Zero-day

What social engineering technique is being used in the scenario where an attacker impersonates the CEO requesting a fund transfer?

Pretexting

What type of attack exploits vulnerabilities that are unknown to the software vendor?

Zero-day

Which of the following terms refers to the process of restructuring existing code without changing its external behavior?

Refactoring

What technique involves intercepting network communication and converting secure HTTPS connections into insecure HTTP?

SSL stripping

What is the likely cause for end users downloading PE32 files after clicking on an infected MHT file link?

A RAT was installed and is transferring additional exploit tools.

In an event of complete loss of critical systems and data, which plan is an organization MOST likely developing?

Disaster recovery plan

What is the purpose of a risk register?

To monitor and assess potential risks

What characterizes the distribution of RATs in a computer network?

Sending them as email attachments

Which action is typical after an organization suffers a complete loss of critical systems and data?

Developing a disaster recovery plan

What indicates the successful compromise of a host's system by attackers?

Allowing remote access to unauthorized users

What is the primary purpose of data masking?

To protect sensitive data from unauthorized access

Which of the following is the primary reason for data classification?

To determine the level of access control required for data

What is the purpose of classifying data as 'Public' or 'Unclassified'?

To indicate that there are no restrictions on viewing the data

What is the purpose of classifying data as 'Critical' or 'Top Secret'?

To indicate that the data is highly sensitive and restricted

What is the purpose of assigning an application owner?

To manage and control access to the application and its data

What is the purpose of performing a risk analysis on data?

To identify potential threats and vulnerabilities related to the data

What is the primary purpose of salting and hashing passwords?

To protect passwords even if the database is compromised

What is the purpose of the one-way mathematical function used in hashing?

To generate a fixed-length output known as a hash value

What is the role of a red team in organizational security?

To emulate the techniques of potential attackers

Which job role would sponsor data quality and data entry initiatives to ensure business and regulatory requirements are met?

Data owner

What is the purpose of using a salt in password hashing?

To make the password more secure by adding random data

What is the primary advantage of using a stateful inspection firewall?

It can track the state of network connections and filter traffic based on predefined rules

What is the GREATEST risk to intellectual property when implementing a policy requiring the use of conductive metal lockboxes for personal electronic devices outside of a secure research lab?

Data exfiltration over a mobile hotspot

What is the analyst doing when using a recently released security advisory to review historical logs, looking for specific activity outlined in the advisory?

Threat hunting

In which risk management strategy would cybersecurity insurance typically be utilized?

Transference

What is the primary purpose of implementing a geofencing policy based on login history?

Enforcing access control

Which action would MOST likely support the integrity of a voting machine?

Using tamper-evident seals

What is a notable feature of a policy that requires the use of conductive metal lockboxes for personal electronic devices outside of a secure research lab?

Mitigating physical theft risks

Which security control would NOT be directly enforced by using encrypted credentials in transit?

Access control through role-based permissions

What is a key benefit of implementing a password reuse policy to enhance cybersecurity?

Mitigating the impact of credential stuffing attacks

What social-engineering technique involves targeting a specific group or individual via email?

Spear phishing

Which RAID configuration should be used for high read speeds and fault tolerance, ensuring that multiple drives are unlikely to fail simultaneously?

RAID 5

What type of testing involves providing unexpected or random input to a web application to ensure it does not crash?

Fuzzing

When a network switch is experiencing MAC flooding, what is happening to the switch?

MAC Flooding

To centralize logs and gain visibility into security events, which technology should a company implement?

SIEM

In a RAIS configuration focused on fault tolerance, which RAID configuration is most suitable?

RAID 10

What technique involves flooding instant messaging channels with unwanted messages?

SPIM

Which testing method is used to evaluate how a web application handles unexpected inputs?

Fuzzing

What is a common use case for data masking mentioned in the text?

Conducting test cycles on corporate data

Why is it important for data to remain usable while undergoing test cycles?

To maintain consistency and validity in testing

In the context of the nuclear plant attack mentioned, what was identified as the source of the issue?

A malicious USB introduced by an employee

What entity has the MOST responsibility for protecting privacy and user rights under GDPR?

Data Controller

What was requested in the SMS received by a user on their mobile phone?

Bank delays notification

Why were all networks air-gapped after the nuclear plant attack?

To prevent worm propagation

What type of attack was the nuclear plant victim to based on the investigation findings?

'Worm' attack

What is the most secure approach to storing passwords in a database?

Hash the passwords using a salted hashing algorithm

What is the primary purpose of incremental backups?

To back up only the data that has changed since the last full or incremental backup

Which backup strategy would be most appropriate for an environment with strict recovery point objectives (RPOs) and recovery time objectives (RTOs)?

Frequent full backups, with incremental or differential backups in between

What is the primary advantage of using differential backups over incremental backups?

Differential backups are faster to restore

Which of the following is a potential drawback of using incremental backups?

Restoring from incremental backups can be time-consuming if multiple incremental backups need to be restored

What is the primary purpose of a full backup?

To create a complete backup of all data on a system

What is the primary benefit of implementing a data loss prevention (DLP) solution?

Detecting and preventing the unauthorized transfer of sensitive data

What is the primary purpose of data masking?

To obfuscate or replace sensitive data with fictitious data for testing or development purposes

What is the primary concern that the network security manager should address based on the given information?

Identifying the vulnerable systems and applying necessary patches or mitigations

Which of the following would be the most effective approach to determine the systems potentially affected by the reported vulnerability?

Review the vulnerability scan output to identify systems running the vulnerable software

In the context of the reported vulnerability, what is the primary purpose of consulting the full packet capture data?

To gather forensic evidence and reconstruct the attack timeline

Which of the following actions would be the most effective in preventing sensitive data breaches due to a vulnerable operating system (OS)?

Keep the OS and applications up-to-date with the latest security patches

In the context of the reported vulnerability, what is the primary advantage of consulting the SIEM alerts?

Identifying potential indicators of compromise (IoCs) related to the vulnerability

Which of the following actions would be most effective in ensuring compliance with data privacy regulations when implementing DLP rules?

Consulting with legal and compliance teams to understand regulatory requirements

In the context of the financial organization's secure document-sharing application, what is the primary purpose of configuring the DLP policies to whitelist the application with specific PII?

To allow the secure sharing of sensitive customer data while preventing unauthorized access

Which of the following factors would be most relevant in determining the appropriate RAID level for a critical server?

The desired level of fault tolerance and data redundancy

What action would be MOST appropriate to improve security if an organization with a Security Operations Center (SOC) is considering implementing a SOAR?

Automating an existing Incident Response plan

What is the main function of a Security Operations Center (SOC) within an organization?

Monitoring and responding to security incidents

In the scenario provided, what was the final action that resolved the issue of users being unable to access certain websites?

Changing the DNS server for the impacted machine

What type of attack is MOST likely to have occurred on the original DNS server based on the scenario provided?

DNS cache poisoning

What is the primary focus of a Security Orchestration, Automation, and Response (SOAR) system in the context of incident response?

Automating security incident response processes

What is the main purpose of running 'ipconfig /flushdns' command by security analysts in the scenario provided?

Clearing DNS resolver cache

What is a typical role of a Security Analyst in a Security Operations Center (SOC)?

Monitoring network traffic for anomalies

Why is it important for organizations considering a SOAR implementation to already have a Security Operations Center (SOC)?

To ensure effective incident response capabilities

What is the primary focus of the security engineer in the incident response phase described in the text?

Restricting the spread of the incident

What is the key consideration for isolating affected components during an incident response?

Removing affected components from the network

How does isolation help in incident response?

It prevents unauthorized access to affected components

In the context of a growing sales workforce using mobile devices, what is a primary security concern for the Chief Information Officer (CIO)?

Protecting customer privacy and data security

What would be the BEST measure to address the CIO's concerns regarding security and privacy in a sales-driven organization with mobile-dependent employees?

Enforcing strict device encryption policies

Why is it important for organizations to scale down quickly after rapid growth in their workforce?

To maintain a lean and efficient workforce structure

What is the significance of placing applications in a VM sandbox outside the usual environment during isolation?

To protect unaffected components from potential threats

Why might a development team bring all code changes into the same project through automation?

To streamline collaboration and catch integration bugs early

What is the purpose of utilizing a tool for code validation and version control in the development process?

To track changes and ensure code quality

Why would a cybersecurity administrator aim to have disk redundancy with a two-drive failure tolerance for a critical server?

To improve fault tolerance and prevent data loss

What is the main reason a server administrator might place a document named password.txt on a server's desktop?

To attract cyberintruders' attention with sensitive data

In the context of ensuring system reliability, what could be a potential drawback of using RAID 0 instead of RAID 6 for disk redundancy?

Decreased fault tolerance

How does continuous integration contribute to software development processes?

By automating code integration and testing frequently

What could be a significant risk of storing sensitive data on a server's desktop?

Attracting cyberintruders' attention

Why is it crucial for a cybersecurity administrator to select an appropriate RAID level for disk redundancy in critical servers?

To ensure system availability and data integrity

What type of attack is indicated by the SIEM receiving alerts about SSL inspection proxy feeding events to a compromised system?

Spraying

In the context provided, what type of attack involves an adversary brute-forcing logins based on a list of usernames with default passwords on an application?

Brute-force

What cloud model provides clients with servers, storage, and networks only, without additional services?

IaaS

Which cloud model would offer clients access to applications and services over the internet?

SaaS

What would be the most suitable approach to meet network resiliency and uptime objectives when setting up a new datacenter?

Utilizing redundant hardware and network connections

If focusing on server redundancy and fault tolerance, which RAID level would be most appropriate for critical systems?

RAID 6

What type of attack involves an attacker trying to guess passwords based on a common list of known credentials?

'Man-in-the-Middle'

What is the primary purpose of obfuscation in software development?

To create code that is difficult for humans or computers to understand

In the context of incident response, what is the significance of maintaining the chain of custody?

To ensure the integrity of the evidence and its admissibility in legal proceedings

What is the primary purpose of a Faraday cage in the context of digital forensics?

To prevent external electromagnetic signals from interfering with the evidence

What is the significance of the Recovery Point Objective (RPO) mentioned in the text?

It represents the maximum tolerable period of data loss in the event of a system failure

Which of the following is a common technique used in password hashing to enhance security?

Adding a random string, known as a salt, to the password before hashing

What is the primary purpose of incremental backups in a backup strategy?

To capture only the changes made since the last full backup

What is the MOST likely type of firewall technology used in the provided configurations, based on the rules specifying protocols like HTTP, HTTPS, and SSH?

Application-level gateway (proxy firewall)

In the context of software development, what is the primary benefit of implementing continuous integration practices?

To ensure code changes from multiple team members are integrated frequently

To prevent other devices from directly accessing a laptop, which two technologies would be MOST effective?

Trusted Platform Module and full disk encryption

When implementing MFA for applications storing sensitive data, which technology should be used to ensure non-disruptive and user-friendly access?

Hardware authentication

After a worm incident, what is the BEST recommendation to mitigate similar incidents in the future?

Segment the network with firewalls

For a BYOD policy, what comprehensive solution would BEST protect company information on user devices?

Mobile device management

Which combination of technologies would be LEAST effective in preventing direct access to a laptop from other devices on the network?

DLP solution and VPN

What would be the preferred technology for MFA implementation with minimal user disruption and maximum usability?

Push notifications

In a BYOD environment, which solution would provide the MOST comprehensive protection for company data on user devices?

Mobile device management

For preventing large-scale network infections like the worm incident, what strategy would be the MOST effective to limit proliferation?

Segmenting the network with firewalls

Based on the provided text, what type of attack involves an attacker brute forcing logins based on a list of usernames with default passwords?

Spraying

In the context of the domain controller events described in the text, what attack type involves capturing user credentials by deceptive methods?

Credential harvesting

What cloud model provides clients with servers, storage, and networks but does not include application software or databases?

IaaS

In the scenario provided, what is the best way to achieve resiliency and uptime in a new datacenter?

Employing redundant power supplies and cooling systems

Which attack type aims to gain unauthorized access by trying multiple username and password combinations?

Brute-force

What security concern is associated with insecure credit card processing by payment providers?

Man-in-the-middle attacks

If an adversary establishes a presence on the guest WiFi network, what type of attack could they potentially execute?

Man-in-the-middle (MitM)

What type of attack involves capturing keystrokes on an infected system?

Keylogger

What is the BEST way for the analyst to meet the business requirements regarding backups?

Incremental backups Monday through Friday at 6:00 p.m and differential backups hourly

Which technique is used to protect the security of passwords stored in a database?

Implement salting and hashing

What is the purpose of adding random data, known as a 'salt,' to each password before it is hashed?

To enhance the security of hashed passwords

In the event of another data exfiltration, which action would help mitigate the damage done?

Encrypting sensitive data at rest

What would be a measure to enhance security after a username and password database leak?

Implementing multi-factor authentication for all users

Which action can help prevent unauthorized access to leaked username and password databases?

Integrating CAPTCHA challenges into login screens

What measure could be taken at the application level to mitigate data exfiltration risks?

Implementing secure coding practices during application development

'Salting' passwords before hashing adds what type of element to enhance security?

'Salted' passwords are resistant to rainbow table attacks

What is the primary focus of preventative controls like encryption and firewalls?

Thwarting unauthorized access

In the context of security vulnerabilities, what is a likely outcome of exploiting a buffer-overrun vulnerability in an application?

Arbitrary code execution

Which security threat involves the manipulation of individuals to obtain confidential information, as seen in the scenario involving the company president and a reporter?

Social engineering

What does federated access management involve, as exemplified by using a popular website login to access another website?

Using website login for access delegation

In a situation where a network is under attack and more information is needed, what would be the most appropriate course of action for the security administrator?

Gather more data on the attacks being used

What is the main aim of policies and standards within an organization's security framework?

Ensuring procedural compliance

When considering access control mechanisms, what is a primary role of encryption in securing data?

Preventing unauthorized access to sensitive information

How does passive reconnaissance differ from phishing in terms of security threats?

Passive reconnaissance targets personal history

What is the primary purpose of a smart switch's ability to monitor electrical levels and shut off power in the event of a power surge or fault situation?

To prevent damage to sensitive equipment and potential data loss

Why was the smart switch isolated on a separate VLAN by the security administrator?

To prevent unauthorized access and potential attacks on the switch

What is the purpose of setting up a patch routine for the smart switch?

To regularly update the switch firmware and address security vulnerabilities

Which additional step should be taken to harden the security of the smart switch?

Change the default password for the switch to a strong, unique password

In the context of deploying application patches, what is the best approach to ensure minimal disruption and risk?

Apply patches to a testing environment, then a staging environment, and finally to production systems

What is the primary purpose of enhancing multi-factor authentication (MFA) access to sensitive areas in a building?

To improve physical security by requiring multiple forms of authentication

Why is it important for an organization considering a Security Orchestration, Automation, and Response (SOAR) implementation to already have a Security Operations Center (SOC)?

A SOC is a prerequisite for effectively utilizing a SOAR system's capabilities

What is the primary function of a stateful inspection firewall?

To monitor and control the state of network connections and associated data flows

What security principle focuses on providing users with only the permissions they need to perform their job tasks?

Least privilege

Which of the following is NOT a common method for enhancing cybersecurity within an organization?

Pivoting

In the context of network security, what role involves dividing tasks among multiple individuals to prevent any single person from having too much control?

Mandatory vacation

What technique involves testing internal structures, code, and protocols to identify vulnerabilities within a system?

Footprinting

Which security measure is implemented to ensure that only authorized traffic is allowed to pass through a network device based on specific rules?

Least privilege

What does a network scan revealing open ports, protocols, and services exposed on the target host indicate?

Valid credentials used

What is the primary responsibility of a data custodian in an organization?

Maintaining the chain of custody

For a solution to restrict guest access to the Internet but not the internal network, which security measure should be implemented?

Stateful firewall

What is the main focus of least privilege principle in cybersecurity?

Minimizing user privileges

In the context of cybersecurity, what is the primary purpose of white-box testing?

Identifying system vulnerabilities

According to the firewall configurations, which principle is being followed for HTTP and HTTPS traffic to 10.0.1.1/24 and 192.168.0.1/24?

Least privilege

Which type of testing would be most effective in identifying vulnerabilities within the firewall configurations?

White-box testing

What would be the most effective way to ensure that employees understand the importance of the firewall configurations?

Conducting awareness training

Based on the firewall configurations, which principle is being followed for SSH access to 10.0.1.1/24 and 192.168.0.1/24?

Least privilege

Which type of testing would be most effective in identifying vulnerabilities within the firewall configurations' implementation?

System testing

Which principle ensures that users are granted only the minimum access rights necessary to perform their job functions?

Least privilege

What type of testing involves analyzing the internal structure and workings of an application?

White-box testing

Which of the following firewall rules would allow HTTP traffic from any source IP to the 10.0.1.1/24 subnet?

'ANY - 10.0.1.1/24 - HTTP - PERMIT'

What type of security training aims to increase awareness about potential threats and best practices among employees?

Awareness training

Which principle involves dividing critical tasks and responsibilities among multiple individuals to prevent fraud or errors?

Separation of duties

Which of the following firewall rules would allow only SSH connections from any IP address to the 10.0.0.1/24 network?

ANY - 10.0.0.1/24 - SSH - PERMIT

Which of the following actions is an example of separation of duties in the context of firewall configuration?

Assigning different teams to configure rules for different networks

Which of the following is the BEST approach to raise awareness about potential social engineering attacks, such as impersonation attempts?

Conducting regular awareness training sessions for employees

In the context of software development, what is the primary purpose of white-box testing?

To analyze and test the internal structure and code of the software

Which of the following firewall rules would DENY HTTP connections from any IP address to the 10.0.0.1/24 network?

ANY - 10.0.0.1/24 - HTTP - DENY

Which principle promotes assigning the minimum required permissions to perform a task?

Least privilege

What type of security training aims to educate employees about potential threats and best practices?

Awareness training

Which testing approach involves analyzing the internal structure and code of an application?

White-box testing

According to the firewall configurations, which IP range is allowed to establish SSH connections?

10.0.1.1/24

Which principle aims to distribute critical tasks and responsibilities among multiple individuals or roles?

Separation of duties

What is the MOST effective method to further mitigate the reported vulnerability?

Enforcing an IP whitelist

What is the main security concern when an organization hosts its web application and database in the cloud?

The cloud vendor becomes a new attack vector within the supply chain

What attack is MOST likely happening based on the Wireshark output provided?

Evil twin attack

Which action best aligns with the principle of Least Privilege in security?

Implementing strict role-based access control

How does Separation of Duties enhance security?

By dividing tasks among multiple individuals to prevent abuse of power

What is a key benefit of Employee Awareness Training for cybersecurity?

Enhancing employees' ability to detect and report security incidents

How does White-box Testing contribute to software security?

By comprehensively assessing internal code structures and logic

In firewall configurations, what does 'ANY - 10.0.0.1/24 - HTTPS - PERMIT' rule signify?

'ANY' traffic from 10.0.0.1/24 subnet over HTTPS is permitted

Which architecture configuration is NOT recommended for the organization?

Host the web server and the file servers in a DMZ

What does the ability of code to target a hypervisor from inside a guest OS describe?

VM escape

Which control type is represented when a company posts a sign indicating video surveillance in its server room?

Deterrent

In the scenario described, which type of attack does the situation BEST correspond to?

Denial of Service (DoS)

What is the primary purpose of using steganography?

To obfuscate or conceal information

Which option would most effectively protect against data exfiltration via removable media?

Blocking removable media devices and write capabilities using host-based security tools

After resetting all user credentials due to a data breach, what is the BEST approach for an e-commerce site to ensure users are not compromised again?

Implement strong password policies and multi-factor authentication

Which of the following is a potential drawback of using incremental backups?

Inability to restore data to a specific point in time

What is the primary responsibility of a data owner?

Defining and enforcing data access policies

Which principle aims to distribute critical tasks and responsibilities among multiple individuals or roles?

Separation of duties

In the context of cybersecurity, what is the primary purpose of white-box testing?

To analyze the internal structure and code of an application for vulnerabilities

What type of security training aims to increase awareness about potential threats and best practices among employees?

Security awareness training

What is the primary purpose of implementing a Security Information and Event Management (SIEM) solution?

To detect and respond to security incidents in real-time

Which technology is designed to inspect traffic and block malicious payloads before they reach web applications?

Web application firewall

In the context of incident response, what is the purpose of having well-defined playbooks?

To provide step-by-step guidance for responding to various types of security incidents

Which combination of technologies would be most effective in ensuring high availability and fault tolerance for an organization's point-of-sale systems?

Load balancing and NIC teaming

During a cybersecurity incident, what is the primary objective of removing infected devices from the network and locking down compromised accounts?

To prevent further spread of the malware

What is the purpose of implementing network segmentation and dividing the network into trusted and untrusted zones?

To limit the potential impact of a security breach

Which technology is designed to scan systems and applications for known vulnerabilities?

Vulnerability scanner

What is the primary purpose of implementing a next-generation firewall (NGFW)?

To provide advanced threat detection and prevention capabilities

What is the most likely explanation for the end users downloading suspicious .tar.gz files containing PE32 executables, after clicking on an infected email attachment?

A remote access trojan (RAT) was installed for further exploitation.

An organization is developing a comprehensive plan to recover from a catastrophic event resulting in complete data loss. Which plan is being developed?

Disaster recovery plan

What is the primary purpose of maintaining a risk register?

To track and prioritize identified risks for mitigation.

Which security principle aims to prevent any single individual from having excessive system privileges or control?

Separation of duties

What is the primary benefit of providing cybersecurity awareness training to employees?

Educating users on potential threats and best practices.

In a scenario where a network is under active attack, what would be the most appropriate initial action for the security administrator?

Initiate incident response procedures and gather forensic data.

What is a primary security concern for a CIO when employees use mobile devices to access corporate data while traveling?

Potential loss or theft of the mobile devices.

Which RAID configuration provides fault tolerance by allowing multiple disk failures without data loss?

RAID 6

What is the purpose of the EAP protocol in wireless networks?

To authenticate wireless clients and enforce access control

Which of the following EAP types is supported by the Wi-Fi Alliance for WPA/WPA2/WPA3?

EAP-PEAP

What is the purpose of an NDA (Non-Disclosure Agreement)?

To protect confidential information from being disclosed

Which of the following would be the BEST choice for establishing responsibilities between cooperating organizations without a binding contract?

A Memorandum of Understanding (MOU)

Which of the following is a potential source for checking if stolen personal information is being sold?

Dark web marketplaces

What is the purpose of the EAP-FAST protocol in wireless networks?

To establish a secure tunnel for authentication credentials

Which type of firewall technology is typically used to enforce rules based on protocols like HTTP, HTTPS, and SSH?

Application-level gateway firewall

What is the purpose of implementing RAID 6 in a server environment?

To provide fault tolerance against two simultaneous disk failures

What is the primary purpose of a symmetric encryption algorithm?

Protecting large amounts of data

In a scenario where a company has limited storage space and needs a fast database restore time, what backup methodology should be implemented?

Full backups on Sundays and nightly differential backups

Which authentication method would add an additional factor to the existing key card and fingerprint scan?

Keypad PIN

What would be the ideal use case for a symmetric encryption algorithm?

Protecting large amounts of data

Which backup strategy would allow for the fastest database restore time in case of a failure while considering limited storage space?

Full backups on Sundays with nightly differentials

What is the main reason for keeping a close eye on domains and services in relation to the DNS?

To detect and respond to malicious attacks targeting the DNS

Which of the following best describes the zero-day exploit mentioned in the text?

It utilizes an unknown vulnerability in the SMB protocol

Which action would be most effective in preventing the SMB-based attack from reoccurring?

Configuring the firewall to deny inbound SMB connections

What type of attack is described in the email Joe received?

Phishing

Which of the following is a common technique used by phishing emails?

Impersonating legitimate organizations

What is a potential consequence of falling victim to the phishing email Joe received?

Identity theft

Which of the following is an effective countermeasure against phishing attacks?

Conducting regular security awareness training

What is a common goal of phishing attacks like the one targeting Joe?

Obtaining sensitive information or credentials

What does the acronym ONER stand for in the context of the text?

Obfuscation Normalization Execution Reuse

What is the primary purpose of obfuscation in software development?

To make the code difficult for humans or computers to understand

When collecting a mobile device during an investigation, which action should be taken to maintain the chain of custody?

Document the collection and require a sign-off when possession changes

What is the Recovery Point Objective (RPO) for the critical system mentioned in the text?

2 hours

What is the purpose of a Faraday cage in digital forensics?

To prevent data corruption by blocking electromagnetic interference

Which of the following is NOT a common technique for obfuscating code?

Optimizing the code for better performance

What is the primary purpose of a risk register?

To document and track identified risks in an organization

What is the purpose of using a salt in password hashing?

To increase the complexity of the password hash

Which of the following options would be most effective in addressing the CEO's concern about staff members potentially working from high-risk countries while on holidays?

Implement geolocation restrictions

What is the primary purpose of implementing time-of-day restrictions in this scenario?

To prevent staff from working in different time zones

Which of the following options would be least effective in addressing the CEO's concern?

Implementing role-based access controls

Which of the following is a potential advantage of using geolocation restrictions?

Increased security by preventing access from high-risk locations

In the context of the DLP solution implementation, what is the purpose of assigning different DLP rules based on the type of data hosted on the file server?

To prioritize the protection of certain data types over others

Which of the following data types would likely require the strictest DLP rules in this scenario?

Health information

What is a potential benefit of implementing a DLP solution on the file server?

Enhanced data security and compliance

Which of the following is a potential challenge in implementing a DLP solution?

Difficulty in identifying and classifying sensitive data

What is the primary purpose of salting passwords before hashing them?

To add randomness and uniqueness to each password hash

Which backup strategy would be the best choice to meet the business requirements of performing full backups weekly and minimizing downtime?

Incremental backups Monday through Friday at 6:00 PM and differential backups hourly

What is the primary advantage of using a stateful inspection firewall over a traditional packet-filtering firewall?

It can track and maintain the state of network connections

In the context of firewall configurations, what does the rule 'ANY - 10.0.1.1/24 - HTTP - DENY' signify?

It denies HTTP traffic from any IP address to the 10.0.1.1/24 network

What is the primary responsibility of a data custodian in an organization?

Managing and maintaining the organization's data assets

Which of the following actions is an example of separation of duties in the context of firewall configuration?

Dividing the tasks of creating, modifying, and reviewing firewall rules among different individuals

What is the primary purpose of white-box testing in the context of cybersecurity?

To analyze the internal structure and code of an application to identify vulnerabilities

What type of attack is indicated by the SIEM receiving alerts about SSL inspection proxy feeding events to a compromised system?

Man-in-the-Middle (MitM) attack

What is the analyst testing by sending a link with a different sessionID in the URL to an internal user?

Session fixation attack

What security measure would be achieved by segmenting the network into trusted and untrusted zones?

Preventing lateral movement of threats

What should an organization focus on when enforcing application whitelisting?

Restricting execution to a predefined set of approved applications

What is a critical step in developing an incident response plan?

Identifying potential risks and vulnerabilities

Which type of security training is most likely to educate employees about phishing attempts and social engineering tactics?

Awareness training

Why would implementing Data Loss Prevention (DLP) at the network boundary be beneficial?

To monitor and prevent data leakage

In the context of cybersecurity, what does 'running a simulation exercise' typically involve?

Testing incident response procedures in a controlled environment

What would be a primary goal in creating a new acceptable use policy after a security breach involving banking credentials?

Defining clear guidelines for acceptable technology usage

What is the likely reason why end users are suddenly downloading files with the.tar.gz extension?

A Remote Access Trojan (RAT) was installed and is transferring exploit tools.

In the event of a complete loss of critical systems and data, what type of plan would an organization most likely be developing?

Disaster recovery plan

What is the primary purpose of a risk register?

To document identified risks and proposed responses

Why did the end users' workstations start beaconing to a command-and-control server?

Following the installation of a Remote Access Trojan (RAT)

What could the organization be developing if they are planning for data retention?

Data backup procedures

If an organization is prioritizing communications planning, what are they likely preparing for?

Handling incidents as they occur

What should be the primary focus of an organization's incident response plan?

Restoring service after a disruptive event

If an organization is regularly updating their disaster recovery plan, what is their main goal?

Ensuring quick resumption of critical operations

What is the BEST way to protect a cellular phone that is needed for an investigation to ensure data will not be removed remotely?

Faraday cage

What is the BEST way to prevent the zero-day exploit utilizing the SMB network protocol described in the text?

Configuring computers to install monthly operating system updates automatically

Which of the following is the PRIMARY motivation for a script kiddie threat actor?

Notoriety

Which term refers to the type of email scam described where personal information is requested under false pretenses?

Phishing

What is the type of threat the organization faces when cracks in the walls of the server room have caused extreme humidification and equipment failure?

Foundational

How can an organization prevent ransomware attacks like the one described in the text?

Implementing regular backups of critical data

Which of the following describes the process of moving laterally within a network after gaining initial access for establishing further control?

Pivoting

What action would be MOST effective in mitigating the risk posed by emails similar to the one received by Joe in the text?

Implementing email filtering to block suspicious messages

What should a company use to modify an XSS vulnerability signature to TCP reset on future attempts?

3DES

What security measure is crucial in preventing unauthorized access to shared network folders?

Implementing strong password policies

Which encryption algorithms require only one encryption key?

3DES and DSA

What should an organization focus on to improve its endpoint security against evolving threats?

Regularly updating antivirus definitions

What is the MOST effective solution to implement for protecting against video emissions from users' desktops?

Radio frequency shielding

Which practice would NOT enhance network security according to the text?

Leaving default passwords unchanged on all devices

How can organizations protect themselves from lottery-themed phishing emails similar to the one received by Joe?

Providing regular security awareness training for employees

What is the primary purpose of encrypting data using asymmetric encryption?

To allow secure communication between multiple parties without sharing a secret key

Which of the following standards or frameworks is specifically focused on personal data protection and privacy?

GDPR (General Data Protection Regulation)

What is the primary security concern associated with 'Shadow IT'?

The deployment of unauthorized systems or devices on the network

What is the primary obligation of a cyber-threat intelligence organization before releasing threat intelligence to subscribers?

Anonymize any personally identifiable information (PII) observed in the threat data

Which cryptographic technique is used to protect passwords against unauthorized access?

Salting and hashing

What is the primary purpose of setting up a patch routine for a smart switch?

To address vulnerabilities and security flaws by applying software updates from the vendor

What is the primary responsibility of a data owner in an organization?

Classifying data based on sensitivity and risk

What is the primary purpose of separating duties in the context of firewall configuration?

To ensure that no single individual has complete control over the firewall configuration

What type of attack is characterized by an email urging the CEO to update account credentials by clicking on a link?

Whaling

What type of malware typically encrypts files and demands payment in exchange for decryption?

Ransomware

Which protocol is best suited for authenticating clients securely with mutual authentication, SSO, and smart card logons?

Implement Kerberos

What method do internal security teams commonly use to evaluate the security of internally developed applications?

Penetration testing

In the context of cybersecurity, what is the role of a Chief Executive Officer (CEO) in an organization?

Ensure compliance with security policies

What is a common feature of adware that distinguishes it from other types of malware?

Generates unwanted advertisements

What distinguishes a botnet attack from other types of cyber threats?

Compromises multiple devices for coordinated attacks

Which security measure can help prevent unauthorized access to shared network folders?

Employing role-based access control (RBAC)

What should be the immediate NEXT step the technician takes upon discovering a crypto-virus infection on the workstation?

Determine the source of the virus that has infected the workstation

Which method would BEST reduce the restoration time of physical servers according to Joe, the backup administrator?

Differential

To comply with new requirements mandating AES encryption, which setting would BEST meet the company’s wireless configuration needs?

Configure CCMP

What sets ARP poisoning apart from a MAC spoofing attack?

ARP poisoning uses unsolicited ARP replies

What does the download page allow users to view for the available files when a network administrator is downloading software for the organization’s core switch?

Checksum values

During restoration of physical servers, which backup method stores only changes made since the last full backup?

Incremental

What is the main aim of Joe, the backup administrator, implementing a solution to reduce restoration time for physical servers?

Minimize data loss in case of server failures

What distinguishes ARP poisoning from MAC spoofing attacks in terms of their impact on network devices?

ARP poisoning disrupts network communication by associating incorrect IP-MAC mappings.

Why might an application team take a VM snapshot before applying patches in the production environment?

To quickly restore the application to a previous working condition if the patch fails

What is the most likely outcome when a penetration tester obtains valid basic user credentials from a compromised computer?

Lateral movement

In a cloud deployment model where a company maintains full control over deployment and access, what type of model is being followed?

Private cloud

What is the primary purpose of implementing an active/passive high availability solution?

To quickly switch to a backup server if the primary server fails

If an organization wants to move all services and applications to a cloud provider while maintaining full control, what type of deployment model should they opt for?

Private cloud

What is the MAIN reason behind deploying multiple web servers and implementing a load balancer?

To distribute traffic evenly and enhance reliability

Why is it essential for an application team to increase the capacity of the perimeter router?

To improve network performance and handle increased traffic loads

What is the primary role of implementing a forwarding proxy along with URL filtering for an organization's applications?

To provide an additional layer of security and control over web traffic

What is the most likely method used to gain access to the other host?

Pivoting

Which method should the technician use to ensure confidential data from storage media is sanitized?

Wiping

Which type of malware is most likely present in the environment, given that each malware binary has a different hash?

Polymorphic worm

Which compensating control will best reduce the risk of weak passwords?

Requiring the use of one-time tokens

Which of the following best represents what compromised the machine?

Ransomware

Which of the following methods should be used to securely wipe a storage device before reusing it?

Overwriting the data with random patterns

What is the most likely type of malware present in the environment, given that each sample has a different hash?

Polymorphic virus

Which compensating control would be most effective in reducing the risk of weak passwords?

Requiring the use of one-time tokens

Based on the information provided, what type of service is being requested?

LDAPS (Lightweight Directory Access Protocol over SSL)

What metric is the security consultant gathering information about?

Annualized Loss Expectancy (ALE)

What is the most likely cause of the user's inability to connect to the corporate resources using the web-based VPN?

The certificate used for the VPN connection has expired

Which cloud computing model is the organization considering based on the information provided?

Infrastructure as a Service (IaaS)

Which authentication factor would satisfy the request for three-factor authentication in addition to fingerprints and passwords?

Security token

What is the purpose of salting a password before hashing it?

To ensure that each user's password hash is unique

What is the primary responsibility of a data owner in an organization?

Ensuring the confidentiality, integrity, and availability of data

Which type of firewall technology is most likely being used based on the rules specifying protocols like HTTP, HTTPS, and SSH?

Stateful inspection firewall

What is a key difference between ARP poisoning and IP spoofing attacks?

ARP poisoning allows attackers to intercept traffic by associating a different MAC address with an IP address, while IP spoofing involves forging the source IP address of packets.

How does IGMP snooping enhance network security in the context of broadcast traffic?

It limits the forwarding of multicast traffic to only the intended recipients, preventing unnecessary network congestion.

Which technique is commonly used to protect networks from SYN flooding attacks?

Employing Rate Limiting mechanisms to control the rate of incoming connection requests

In the context of network security, what distinguishes IP spoofing from ARP poisoning?

IP spoofing forges legitimate IP addresses, while ARP poisoning associates incorrect MAC addresses with IP addresses.

What is a distinguishing characteristic of ARP poisoning in comparison to MAC spoofing?

ARP poisoning involves sending unsolicited ARP replies to introduce incorrect MAC-IP associations.

Which attack involves sending large volumes of packets with spoofed source IP addresses to overwhelm the target's resources?

SYN flooding

What type of attack deceives network devices by sending falsified ARP messages?

ARP poisoning

Which attack technique allows an attacker to capture or modify data packets in a switched network?

IGMP snooping

What type of attack involves sending IP packets with a forged source address to conceal the sender's identity?

IP spoofing

In a switched network, which attack technique involves flooding the switch's MAC address table to redirect traffic to the attacker?

IGMP snooping

What type of attack is indicated by the network administrator seeing checksum values for the YB_16.swi file?

IP spoofing

Which action should the network administrator take if the downloaded file has a different hash from AA_15.swi?

Re-download the file and verify its integrity

What can be inferred if the network administrator concludes that the downloaded file was only hashed with MD5?

The file has been corrupted or tampered with

How can SYN flooding be mitigated to prevent network disruptions?

Set up SYN cookies to handle excessive connection requests

What is the primary purpose of IP spoofing in a cyber attack scenario?

To impersonate a trusted IP address for malicious purposes

In the context of the successful ARP cache poisoning attack mentioned, what type of attack was likely employed?

Man-in-the-middle

Which technique could be used to mitigate ARP cache poisoning attacks on a switched network?

Implementing IGMP snooping

What is the primary purpose of a SYN flooding attack?

Exhausting system resources

Which technique can be used to prevent IP spoofing attacks?

Implementing egress filtering

What is the primary goal of an IP spoofing attack?

Bypassing access controls

Which technique is being used when an attacker sends spoofed ARP replies to trick hosts into associating the attacker's MAC address with the IP address of a legitimate host?

ARP spoofing

Which attack vector involves an attacker sending a large number of IGMP join requests to overwhelm network switches, leading to a denial of service?

IGMP snooping attack

What type of attack involves an attacker sending a large number of TCP SYN packets with spoofed IP addresses, overwhelming the target system with partially open connections?

SYN flooding

Which technique involves an attacker sending IP packets with a forged source IP address to masquerade as a trusted host or to conceal the true source of the packets?

IP spoofing

In the context of network security, what is the primary purpose of implementing IGMP snooping on network switches?

To optimize multicast traffic forwarding

Which of the following techniques is used to redirect network traffic by falsely advertising itself as a legitimate gateway?

ARP poisoning

What is the primary purpose of IGMP snooping in a network switch?

To optimize multicast traffic delivery

In a SYN flooding attack, what is the primary goal of the attacker?

To exhaust the target's resources by sending numerous TCP connection requests

Which of the following techniques involves masquerading as a trusted entity by using a falsified source IP address?

IP spoofing

Which of the following countermeasures is effective against both ARP poisoning and IP spoofing attacks?

Implementing egress filtering on network routers

Which technique involves an attacker sending spoofed ARP reply messages to redirect traffic through a malicious system?

ARP poisoning

Which technique is used by network switches to prevent unauthorized systems from becoming members of a multicast group?

IGMP snooping

Which type of attack involves an attacker sending a large number of TCP SYN requests to a target system, overwhelming its ability to handle legitimate connections?

SYN flooding

Which technique involves an attacker modifying the source IP address of packets to make them appear as if they originated from a different system?

IP spoofing

Which protocol is used by network switches to learn which ports are connected to which devices, and to forward traffic accordingly?

ARP

Which type of attack involves an attacker sending a large number of IGMP join messages to overwhelm a network switch and force it to forward multicast traffic to all ports?

IGMP snooping

Which layer of the OSI model does ARP operate at?

Data link layer

Which protocol is used by hosts to join and leave multicast groups on a network?

IGMP

Which technique can be used to mitigate SYN flooding attacks by enforcing a limit on the number of outstanding TCP connection requests?

SYN cookies

Which type of attack can be mitigated by implementing ingress filtering at the network perimeter?

IP spoofing

Study Notes

Vulnerability Scanning

• A network administrator was provided with a vulnerability scan output and needs to prioritize remediation efforts based on overall risk to the enterprise.
• Plugin IDs 10, 11, 12, 13, and 14 were identified, but the administrator needs to prioritize remediation based on risk.

RAID Configuration

• A junior systems administrator removed a hard drive with a red error notification from a server room, unaware that the server was configured in an array.
• To ensure no data is lost, the administrator should configure the server in RAID 1.

Air Gap Security

• An air gap is a network security measure that physically isolates a secure computer network from unsecured networks, such as the public Internet or an unsecured local area network.
• This can be achieved by implementing a VLAN, NAT, or a firewall to isolate the network.

Passwordless Authentication

• A security engineer needs to set up passwordless authentication for the first time.
• The engineer should use the minimum set of commands to set up passwordless authentication: ssh-keygen -t rsa, ssh-copy-id -i ~/.ssh/id_rsa.pub user@server, and ssh -i ~/.ssh/id_rsa user@server.

Web Application Security

• A WAF (Web Application Firewall) is used to protect sites on web servers that are publicly accessible.
• It can be used to block traffic from unauthorized sources or to detect and prevent common web attacks.

Network Architecture

• A transitive trust is automatically established between a parent and a child domain.
• It can be used to update DNS records and allow access to untrusted domains.

SSH Authentication

• A systems administrator wants to disable the use of usernames and passwords for SSH authentication and enforce key-based authentication.
• The administrator should change the default SSH port, enable TCP tunneling, and provide a pre-configured SSH client.

Privilege Escalation

• Improperly configured user accounts can lead to privilege escalation.
• This can be prevented by configuring user accounts correctly and limiting access to sensitive areas of the system.

Network Analysis

• A security administrator receives alerts from the perimeter UTM and finds that an attacker is using a phishing attack to compromise user accounts.
• The administrator should implement a host-based firewall rule to block future events of this type from occurring.

Cloud Security

• An organization has decided to host its web application and database in the cloud.
• This decision raises security concerns, including access to the organization's servers being exposed to other cloud-provider clients and the cloud vendor being a new attack vector within the supply chain.

Wireless Network Security

• A user reports constant lag and performance issues with the wireless network when working at a local coffee shop.
• The user's wireless network is likely being attacked using an Evil Twin attack, which can be mitigated by using Wireshark to analyze the network traffic and identifying the attacking device.

Password Complexity

• An organization requires users to create passwords with an uppercase letter, lowercase letter, number, and symbol.
• The organization's policy also prevents users from reusing passwords and enforces password complexity requirements.

Incident Response

• An organization's incident response team discovers that passwords for one system were compromised, and unusual login activity was detected for a separate system.
• The incident response team should identify the source of the compromise and contain the incident to prevent further damage.

Security Information and Event Management (SIEM)

• A SIEM system is used to monitor and analyze security-related data from various sources.
• It can be used to detect and respond to security incidents in real-time.### Security Measures
• A CEO wants to implement flexible work-from-home arrangements during a pandemic or crisis, but is concerned about staff working from high-risk countries while on holidays.
• The best ways to mitigate this risk are through geolocation and time-of-day restrictions.

Data Loss Prevention (DLP)

• A DLP solution is being implemented on a file server with PII, financial, and health information.
• Different DLP rules will be assigned to different types of data based on its type and sensitivity.

Continuous Integration

• A development team uses continuous integration to bring all code changes into the same project through automation.
• A tool is used to validate the code and track source code through version control.

Disk Redundancy

• A cybersecurity administrator needs to add disk redundancy to a critical server for better fault tolerance.
• RAID 6 is the best option, as it can withstand two disk failures simultaneously.

Deception Techniques

• A server administrator places a "password.txt" file on a server to attract the attention of a cyberintruder.
• This is a honeyfile or deception technique.

Firewalls

• A firewall is used to control incoming and outgoing network traffic based on predetermined security rules.
• A WAF (Web Application Firewall) is the best option to protect publicly accessible websites.

Authentication

• A systems administrator wants to disable username and password authentication for SSH and enforce key-based authentication instead.
• To do this, they should disable username and password authentication and enable key-based authentication in the sshd.conf file.

Network Mapping

• Footprinting is the best method for creating a detailed diagram of wireless access points and hotspots.

Wireless Networking

• A company needs to allow guests to access the Internet via WiFi without allowing access to the internal corporate network.
• A captive portal should be employed to require guests to sign off on the acceptable use policy before accessing the Internet.

Privilege Escalation

• Improperly configured user accounts can lead to privilege escalation.
• This is a common security threat that can be mitigated through proper user account configuration.

Video Emissions

• Screen filters are the best solution to implement to reduce video emissions from users' desktops.

Phishing

• A security administrator receives an alert from a UTM (Unified Threat Management) system and finds a phishing email attempting to trick users into clicking on a malicious link.

Cloud Security

• Hosting a web application and database in the cloud introduces new security concerns, such as exposure to other cloud-provider clients.
• The cloud vendor is a new attack vector within the supply chain.

Wireless Attacks

• An evil twin attack is a type of wireless attack where an attacker sets up a rogue access point to intercept user data.
• This can be detected through Wireshark packet analysis.

Data Classification

• Data classification is a crucial aspect of data security, as it helps to determine the level of protection required for each data asset.
• A data classification schema is used to tag data assets based on their level of confidentiality.

Masking

• Data masking is a technique used to protect sensitive data by hiding it from unauthorized users.
• It is commonly used to protect personally identifiable information (PII) and sensitive personal data.

User Accounts

• Improperly configured user accounts can lead to privilege escalation and other security threats.
• Proper user account configuration is essential to preventing these types of threats.

Social Engineering

• Spear phishing is a type of social engineering attack where an attacker targets a specific group or individual via email.
• This type of attack is often used to trick users into revealing sensitive information.

RAID Configurations

• RAID 5 is a good option for a RAIS configuration that focuses on high read speeds and fault tolerance.
• It is suitable for situations where multiple drives are unlikely to fail simultaneously.

Fuzzing

• Fuzzing is a type of testing that involves providing unexpected or random input to a web application to test its robustness.
• It is used to identify vulnerabilities in a web application.

MAC Flooding

• MAC flooding is a type of attack where an attacker sends a large number of MAC addresses to a network switch to exhaust its memory.
• This can be detected by checking the switch's table.

Log Centralization

• Log centralization is a crucial aspect of security monitoring and incident response.
• It involves collecting logs from various sources and storing them in a central location for analysis and visibility.

Compliance

• PCI DSS is a security standard that organizations must comply with when handling credit card information.
• It includes six control objectives and 12 specific requirements to help prevent fraud.

Zero-Day Exploits

• A zero-day exploit is a type of security vulnerability that is unknown to the vendor and does not have a patch available.
• It is a critical security threat that can be exploited by attackers.

Social Engineering

• Whaling is a type of social engineering attack where an attacker targets a CEO or other high-level executive.
• This type of attack is often used to trick the executive into revealing sensitive information or performing a certain action.### Security Threats and Mitigation
• A security engineer notices multiple users downloading files with a .tar.gz extension, which reveals a RAT (Remote Access Trojan) that was installed through an infected email attachment.
• A RAT allows an attacker to distribute RATs to additional vulnerable computers, establishing a botnet.

Risk Management and Compliance

• An organization develops a Disaster Recovery plan in case of a complete loss of critical systems and data.
• A risk register is used to identify, assess, and prioritize risks.
• Cybersecurity insurance is used in risk transference strategies.

Cryptography and Access Control

• Salting and hashing are techniques used to protect passwords stored in a database, making it impossible to determine the original password from the hash value.
• Implementing salting and hashing ensures that passwords are protected even if the database is compromised.

Incident Response and Digital Forensics

• A security analyst reviews historical logs to identify specific activity outlined in a security advisory, which is an example of threat hunting.
• The analyst uses vulnerability scan output to determine a priority list for forensic review.
• In incident response, the containment phase involves removing affected components from the network to prevent further damage.

Network Security

• A DNS cache poisoning attack is likely to occur when a security team escalates an issue where users can no longer access certain websites.
• A security engineer uses ipconfig /flushdns to resolve the issue.

Cloud Computing and Virtualization

• Continuous Integration (CI) involves automating the code validation and tracking source code through version control.
• RAID 6 provides disk redundancy and allows two-drive failure for better fault tolerance.

Security Operations and Architecture

• Credential harvesting is a type of attack where an attacker uses a list of usernames with default passwords on an application.
• A security analyst implements a host-based firewall and a Trusted Platform Module to prevent other devices on the network from directly accessing a laptop.
• A company implements MFA (Multi-Factor Authentication) for all applications that store sensitive data, using push notifications to make it user-friendly and non-disruptive.

Data Protection and Privacy

• Data masking is used to protect sensitive information, such as financial data, by replacing it with fictional data that looks real.
• GDPR (General Data Protection Regulation) holds the data controller responsible for protecting the privacy and rights of data subjects.

Network and Compliance

• A security team implements a SOAR (Security Orchestration, Automation, and Response) to improve security and automate an existing Incident Response plan.
• DLP (Data Loss Prevention) policies are configured to allow specific PII (Personally Identifiable Information) to be shared with a secure application.