ITS Examination for Cybersecurity PDF

ITS Examination for Cybersecurity 1. A system on your network is experiencing slower than usual response times. In order to gather information about the status of the system, you issue the netstat -l command to display all of the TCP ports that are in the listing state. What does the Listening state indicate about these ports? A. The state of the connection on the ports is unknown. B. The remote end disconnected and the ports are closing. C. The ports are open on the system and are waiting for connections. D. The ports are actively connected to another system or process. 2. Move each NIST incident Response Lifecycle phase from the list on the left to the correct description on the right. Note: You will receive partial credit for each correct answer. Mitigate the impact of the incident. Preparation Report the cause and cost of the incident Post-incident Activity And the steps to prevent future incident Evaluates incident indicator’s to determine Detection and Analysis Whether they are legitimate attacks and Alerts the organization of the incidents. Establishes an incident response capability to Containment, Eradication and Ensure that organizational assets are Recovery Sufficiently secure. 3. What is the purpose of a hypervisor? A. It creates and runs virtual machines. B. It monitors and logs network traffic for malicious packets C. It provides and monitors firewall services for cloud computing D. It provides and services a gateway between users and the internet 4. What enables the network security team to keep track of the operating system version, security updates, and patches on end user’s devices? A. Business continuity planning B. Asset management C. Incident management D. Security policies and procedures 5. What should you create to prevent spoofing of the internal network? A. A DNS record. B. A NAT rule C. A record in the host file D. An ACL 6. Which two private IPv4 addresses would be blocked on the internet to prevent security and performance issues? (Choose 2) Note: You will receive partial credit for each correct selection. A. 203.0.113.168 B. 192.168.18.189 C. 224.0.2.172 D. 172.18.100.78 7. While conducting a risk evaluation at your company, you identify risks that are related to the web server located in the office. The risks include hardware and software failure as well as web service interruption caused by cyber attacks. You recommend purchasing insurance and hiring another organization to maintain the web server to help mitigate the risks. A. Risk reduction B. Risk avoidance C. Risk acceptance D. Risk transfer 8. Move each definition from the list on the left to the correct CIA Triad term on the right. Note: You will receive partial credit for each correct answer. Confidentiality Data should be accessed and read by Authorized users only. Integrity Data should never be altered or compromised. Availability Legitimate requests should have access to Data at all times 9. The employees in the accounting department of a company receive an email about the latest federal regulations. The email contains a hyperlink to register for a webinar that provides the latest updates on financial security. The webinar is hosted by a government agency. As a security officer, you notice that the hyperlink points to an unknown party. Which type of cybersecurity threat should you investigate? A. Spear phishing B. Smishing C. Ransomware D. Vishing 10. Your home network seems to have slowed down considerably. You look at the home router GUI and notice that an unknown host is attached to the network. What should you do to prevent this specific host from attaching to the network again? A. Implement MAC address filtering. B. Create an IP access control list C. Change the network SSID. D. Block the host IP address. 11. Which classification of security alert is the greatest threat to an organization because it represents undetected exploits? A. False negative B. False positive C. True negative D. True positive 12. You are working with the senior administration team to identify potential risks. Which phase of risk management are you in? A. Choosing risk strategies B. Measuring residual risk C. Mitigating risks D. Determining a risk profile 13. A corporation hires a group of experienced cyber criminals to create a prolonged and in-depth presence on the network of a competitor. This presence will allow the corporation to steal or sabotage. Which type of attack does this scenario describe? A. Ransomware B. Man-in-the-middle C. APT D. DDoS 14. You need to allow employees to access your company’s secure network from their homes. Which type of security should you implement? A. SNMP B. VPN C. BYOD D. IDS 15. Which data type is protected through hard disk encryption? A. Data in process B. Data at rest C. Data in transit D. Data in use 16. You need to transfer configuration files to a router across an unsecured network. Which protocol should you use to encrypt the files in transit? A. TFTP B. HTTP C. SSH D. Telnet 17. You are monitoring the syslog server and observe that the DNS server is sending messages with a Warning severity. What do these messages indicate about the operation of the DNS server? A. The DNS server is unusable due to a severe malfunction and is shutting down B. The server has a hardware error that does not require immediate attention C. A condition exists that will cause errors in the future if the issue is not fixed. D. An error condition is occurring that must be addressed immediately 18. Move each cybersecurity tool from the list on the left to the correct location on the Vulnerability Management Process diagram on the right Note: You will receive partial credit for each correct response. Discover ---------------→ Prioritize ------------→ Remediate Nmap CVSS Window Auto Update Nessus Scanner Patch Management Software 19. You are security technician. You just completed a full scan of a Windows 10 PC. Where should you go to view the scan result? A. Windows Task Manager B. Windows System Logs C. Windows Application Logs D. Windows Security 20. Your organization’s SIEM system alerts you that users are connecting to an unusual URL. You need to determine whether the URL is malicious and what type of threat it represents. What should you do? A. Submit the URL to a threat intelligence portal for analysis B. Ask users why they visited the website. C. Visit the URL to determine whether the websites is legitimate D. Block the URL by placing it on the network block list. 21. Several employees complain that the company intranet site is no longer accepting their login information. You attempt to connect by using the URL and notice some misspellings on the site. When you connect by using IP address the site functions normally. What should you do? A. Verify the accuracy of the entry for the site in the local DNS server. B. Take the company web portal offline immediately C. Update the web server software to the latest version D. Restore a backup copy of the authentication database. 22. Move each worm mitigation step from the list on the left to the correct description on the right. Note: You will receive partial credit for each correct answer. Clean and patch infection system Treatment Remove or block infected system From the network Containment Patch uninfected systems to deprive The worm of more available targets Inoculation Compartmentalize and segment the Network to limit the spread of the Worm to areas already infected Quarantine 23. Several staff members are experiencing unexplained computer crashes and many unwanted pop-up messages. Which two actions should you take immediately to address the problem without impacting data? ( choose 2) Note: You will receive partial credit for each correct selection. A. Reinstall Windows on the affected workstations B. Deploy a policy to install and automatically update antivirus and anti-malware software. C. Scan affected workstations and remove malware. D. Configure the network firewall to block malware from entering the internal network. 24. A cybersecurity analyst is investigating an unknown executable file discovered on a Linux desktop computer. The analyst enters the following command in the terminal ls -l. What is the purpose of this command? A. To display the content of a text file B. To open a text editor C. To display the file permission and ownership of the executable file D. To navigate to the folder that is passed as an argument to the command. 25. Move each cybersecurity term from the list on the left to the correct description on the right. Note: You will receive partial credit for each correct answers. People, property, or data Asset An action that causes a negative impact Threat The potential for loss, damage, or destruction Risk A weakness that potentially exposes Organizations to cyber attacks Vulnerability 26. You need to filter the websites that are available to employees on the company network. Which type of device should you deploy? A. IPS B. Proxy server C. IDS D. Honeypot 27. A security analyst discovers that a hacker was able to gain root access to an enterprise Linux server. The hacker accessed the server as a guest, used a program to bypass the root password and then killed essential processes as the root user. Which type of endpoint attack is this? A. Buffer overflow B. DDoS C. Privilege escalation D. Brute force 28. For each statement, select True if the statement adheres to the cybersecurity code of ethics or False if it does not. Note: You will receive partial credit for each correct selection: A security analyst may use a disgruntled employee network credential to monitor behavior F A security analyst may access employee data On a company server if authorized T A security analyst may share sensitive data With unauthorized users F 29. Which wireless encryption technology required AES to secure home wireless network? A. WEP B. WPA C. WPA2 D. TKIP 30. Which three authentication factors are valid for use in a multifactor authentication scenario? (choose 3) A. Something you are B. Something you see C. Something you know D. Something you earn E. Something you have F. Somethings you do 31. Move the appropriate control measures from the list on the left to the correct descriptions on the right. You may use each control measure once, more than once or not at all. Note. You will receive partial for each correct answer. Discover unwanted event Detective measures Avert the occurrence of an event Preventive measures Restore a system after an event Corrective measures 32. What are two natural disasters that would cause a company to implement a disaster recovery plan? (choose 2). A. Hazardous material spills B. Floods C. Nuclear contamination D. Volcanic eruptions 33. After an administrator installs an operating system update on a laptop, the laptop user can no longer print to their wireless printer. What should solve the issue? A. Check for patches for wireless printers. B. Reinstall the same service pack. C. Install a new device driver for the wireless printer D. Update the firmware on the laptop 34. Which activity is an example of active reconnaissance performed during a penetration test? A. Using a browser to view the HTTP source code of company webpages B. Gathering employee information from available we directories and social media C. Performing an Nmap port scan on the LAN to determine types of connected devices and open ports D. Searching the WHOIS database for the owner and technical contact information for a domain. 35. You are reviewing company remote access procedures and notice that telnet is being used to connect to the corporate database server to check on inventory levels. Which two actions should you take immediately? (choose 2). A. Force users to implement secure telnet passwords. B. Disable telnet access on the server C. Implement SSH access on the server D. Reconfigure the server to only accept HTTPS connection 36. Which activity by an adversary is an example of an exploit that is attempting to gain credentials? A. Installing a backdoor in order to enable two-way communication with the device B. Sending an email with a link to a fictitious web portal login page C. Obtaining a directory listing of files located on the web database server D. Executing a remote port scan of all of the enterprise-registered IP addresses 37. Move each windows host log type from the list on the left to the correct description on the right. Note: You will receive partial credit for each correct answer. Contain events that are received from Programs running on the device Application logs Record information about software Installation and operating system updates System logs List events generated by the operation of Hardware, drivers, and processes Setup logs Record the success or failure of audit Policy events Security logs 38. Which two basic metrics should be taken into consideration when assigning a severity to a vulnerability during an assessment? (Choose 2) Note: You will receive partial credit for each correct selection A. The likelihood that an adversary can and will exploit the vulnerability B. The impacts that an exploit of the vulnerability will have on the organization C. The time involved n choosing replacement software to replace older systems D. The age of the hardware running the software that contains the vulnerability 39. What are two disadvantages of public vulnerability databases? (choose 2) Note: You will receive partial credit for each correct selection. A. Threat actors can access the databases to learn how to vary their threats to avoid detection. B. Publicly available database are incompatible with most security platform C. It can take a long time for reported vulnerabilities to be investigated ang approved for addition to the databases D. It is costly for intelligence analysts to document and submit newly discovered vulnerabilities. 40. Move each framework from the list on the left to the correct purpose on the right Note: You will receive partial credit for each correct answer. Protects the personal information of member of The European Union GDPR Protect the healthcare information of individuals HIPAA Protects the credits card information of individuals PCI-DSS Protects the educational records of individuals FERPA Protects information about individuals that is stored By federal agencies FISMA 41. Which command displays both the configured DNS server information and the IP address resolution for a URL? A. Ping B. Nslookup C. Traceroute D. Nmap 42. Customers of an online shopping store are complaining that they cannot visit the website. As an IT technician, you restart the website. After 30 minutes, the website crashes again. You suspect that the website has experiencing Which type of cybersecurity threat should you investigate? A. Spear phishing B. Ransomware C. Denial of service D. Social engineering 43. You are a security analyst. You are reviewing output from the SIEM. You notice an alert concerning malicious files detected by the IDS. After reviewing the user, device and posture information you determine that it is a valid What should you do next? A. Escalate the situation immediately B. Log the alert and watch for a second occurrence C. Prepare notes to present at the weekly cybersecurity team meeting D. Update the documentation to include the new alert information 44. In order to do online banking, you enter a strong password and then enter the 5- digit code sent to you on your smartphone. Which type of authentication does this situation describe? A. VPN B. Multifactor C. AAA D. RADIUS 45. What does hashing provide for the communication? A. Data integrity B. Data encryption C. Data non-repudiation D. Origin authentication 46. You work for a community health care organization that uses an electronic health record (HER) system. You have implemented the physical and technical safeguards required by HIPAA. You need to prove that the EHR system is compliant with those safeguards. Which two approaches should you use to verify the system is compliant? (choose 2). Note: You will receive partial credit for each correct selection. A. Automatic log-off implementation B. Penetration testing C. Security awareness training D. IT auditing IT auditing

ITS Examination for Cybersecurity PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue