1. A business impact analysis may include succession planning or determining in advance who will be authorized to take over in the event of the incapacitation or death of key employees. A. Falce
2. A forensic investigator at a crime lab is performing a forensic analysis of a hard drive that was brought in by state troopers. They make a mistake by using the wrong forensic tool during their forensics examination. What should the investigator do? A. Document the mistake and workaround the problem.
3. A list that specifies which subjects are allowed to access an object and what operations they can perform on it is referred to as a(n): A. ACL – Access Control List
4. A secret combination of letters, numbers, and/or characters that only the user should have knowledge of, is known as a: A. password
5. A security posture is a combination of strategies developed to continually monitor data privacy and security. Thus, an example of a security posture would include the following: A. A security posture is a combination of strategies developed to continually monitor data privacy and security. Thus, an example of a security posture would include the following:
6. A system administrator is using a packet sniffer to troubleshoot remote authentication. The sniffer detects a device trying to communicate on UDP ports 1812 and 1813. Which of the following authentication methods is being attempted? A. RADIUS
7. A TOTP (Time-based One-time Password algorithm) changes after a set period. A. True
8. Access control models are created by ___________? A. hardware and software
9. Along with the forensic investigation effort, the man hours and expense should not be tracked since the costs are always justified regardless, of the actual amount involved. A. False
10. An attacker has targeted Corp.com’s employees with voicemails that attempt to acquire sensitive information by masquerading as a trustworthy entity. Which type of attack is this? A. Vishing
11. An incident response plan is a set of written instructions for reacting to a security incident. A. True
12. Attribute-Based Access Control (ABAC) grants permissions by matching object labels with subject labels based on their respective levels A. False
13. Authentication, authorization, and accounting are sometimes called AAA. A. True
14. Authentication, authorization, and accounting are sometimes called AAA. A. True
15. Authorization is granting permission for admittance. A. True
16. By default, how often are group policies updated? A. All of these are correct
17. Continuous security monitoring – provides the current state of preparedness through vulnerability scanning and penetration testing.
18. Describe a notebook computer in relation to a laptop computer. A. A laptop computer is a fully functioning computing device that has a fully functioning operating system like Windows 10. A laptop will also have a more robust GPU and CPU.
19. Describe how Kerberos works? A. Kerberos is used when a user attempts to access a network service and that service requires authentication. The user is provided a ticket that is issued by the Kerberos authentication server. The user presents this ticket to the network for a service. The service then examines the ticket to verify the identity of the user. If the user is verified, they are then accepted. Tickets are difficult to copy (because they are encrypted), they contain specific user information, they restrict what a user can do, and they expire after a few hours or a day. Issuing and submitting tickets in a Kerberos system is handled internally and is transparent to the user.
20. Discuss the purpose and importance of the chain of custody. A. The chain of custody documents that the evidence was under strict control at all times and no unauthorized person was given the opportunity to corrupt the evidence. A chain of custody includes documenting all of the serial numbers of the systems involved, who handled and had custody of the systems and for what length of time, how the computer was shipped, and any other steps in the process. In short, a chain of custody is a detailed document describing where the evidence was at all times. Gaps in this chain of custody can result in severe legal consequences. Courts have dismissed cases
21. Discuss the types of shortcuts that users take to help them recall their passwords. A. Because of the limitations of the human mind (specifically memory), users take shortcuts to help them memorize and recall their passwords. One shortcut is to create and use a weak password. Weak passwords use a common word as a password (king), a short password (desk), a predictable sequence of characters (abc123), or personal information (Jeff123). It has been proven that even when users attempt to create strong passwords, they generally follow predictable patterns (kingdeskabc123Jeff123).
22. DoS attacks are for gaining unauthorized access or control of a system. A. False
23. During a vulnerability assessment, what type of software can be used to search a system for port vulnerabilities? A. port scanner
24. Examine the choices listed. Which choice in NOT a valid port state? A. Half-open
25. Flash cookies are a type of spyware. What are ways to clean Flash cookies? (Choose all that apply.) A. Anti-malware programs
Disable Adobe Flash
Use a browser add-on
26. For what purpose should the network traffic log be analyzed? A. To check for suspicious traffic
27. For what purpose would it be desired to capture the system image? A. So memory analysis can be performed later
28. Gibson Research recommends that first time users preform which two scans types first? A. File Sharing
Common Ports
29. Help from a Recovery Agent is necessary when: A. The private key is lost by a user.
30. How can an administrator keep devices powered when power is interrupted? A. uninterruptible power supply
31. How does a retina scanner work? A. A retina scanner maps the patterns of the retina by using infrared light to scan the unique pattern of blood vessels in the human eye. Thus, granting this user access to a system. However, retina and other biometric forms of authentication can be fooled and should only be used in a multi-factor authentication scheme.
32. How is credentialed scanning better than non-credentialed scanning? (Choose all that apply.) A. Customized auditing
More accurate results
Safer scanning
33. Identifies, collects, examines, and preserves evidence using controlled and documented analytical and investigative techniques. A. Law Enforcement Forensics
34. If a user has more than one type of authentication credential, what type of authentication is being used? A. multifactor authentication
35. If a user uses the operating system’s “delete” command to erase data, what type of data removal procedure was used? A. purging
36. In the physical world when a users credentials are validated they are considered to be__________? A. Authenticated
37. Initial baseline configuration – a baseline outlines the major security considerations for a system and becomes a starting point for solid security.
38. Investigates, analyzes, and responds to cyber incidents within the network A. Cyber Defense Incident Responder
39. involving computer forensics because a secure chain of custody could not be verified.
40. Many botnets were controlled through using what protocol? A. IRC (Internet Relay Chat)
41. Mobile devices with global positioning system (GPS) abilities typically make use of: A. Location services
42. NIDS is an advanced version of NIPS. A. False
43. Nslookup displays detailed information about how a device is communicating with other network devices. A. False
44. Passwords provide strong protection. A. False
45. Performs assessments of systems and networks A. Vulnerability Assessment Analyst
46. Realistically, risks can never be entirely eliminated. A. True
47. Remediation – plan in place to address the vulnerabilities before they are exploited.
48. Responsible for the analysis and development of the integration, testing, operations, and maintenance of systems security A. Systems Security Analyst
49. Select the proprietary wireless network technology that is used primarily by sensors for communicating data. A. ANT
50. The forensic investigator at a crime lab will be performing a forensic analysis of a hard drive that was brought in by state troopers. What should be done before performing the analysis? A. Capture a system image
51. The minimum recommended backup strategy is 3 2 1. Including the original data how many copies will exist when this strategy is completely implemented? A. 4
52. The range of ports 1 to ________ are reserved for the most universal applications. A. 0-1023; reserved for most universal applications
53. The security administrator for a large organization receives numerous alerts from a network-based intrusion detection system (NIDS) of a possible worm infection spreading through the network via network shares. Before taking any drastic action to solve this problem such as blocking file sharing, what should first be done? A. Call an emergency change management meeting to ensure the solution will not have unforeseen negative affects.
54. The security administrator for Corp.com has been directed by the CIO to implement a secure wireless authentication method that uses a remote RADIUS server for authentication. Which of the following authentication methods should be used? A. LEAP – Lightweight Extensible Authentication Protocol (LEAP)
55. The security administrator for Corp.com wants to provide wireless access for employees as well as guests. Multiple wireless access points and separate networks for internal users and guests are required. Which of the following should separate each network? (Choose all that apply.) A. Security protocols
Channels
SSIDs
56. The transmission time needed to repeat a signal from one earth station to another is approximately 250 milliseconds. A. True
57. The use of a single authentication credential that is shared across multiple networks is called: A. identity management
58. The X.500 standard defines a protocol for a client application to access an X.500 directory known as which of the following options? A. DAP – Directory Access Protocol (DAP).
59. The X.500 standard defines a protocol for a client application to access an X.500 directory known as which of the following options? A. DAP – Directory Access Protocol (DAP).
60. To assist with controlling orphaned and dormant accounts, what can be used to indicate when an account is no longer active? A. account expiration
61. Viruses, botnets, social engineering, and drive-by-downloads and other methods used to attack a target are best described as which of the following? A. Threat vectors
62. What are some common symptoms of RAID array failures? (Choose all that apply.) A. Failure to boot
Drive not recognized
OS not found
63. What authentication service commonly used on UNIX devices involves communicating user authentication information to a centralized server? A. TACACS
64. What can be enabled to prevent a mobile device from being used until a user enters the correct passcode, such as a pin or password? A. Enable a lock screen
65. What do Windows computers do if a file being saved is not long enough to fill up the last sector on the disk? A. When a file that is being saved is not long enough to fill up the last sector on a disk (a common occurrence because a file size only rarely matches the sector size), Windows pads the remaining cluster space with data that is currently stored in RAM. This padding creates RAM slack, which can contain any information that has been created, viewed, modified, downloaded, or copied since the computer was last booted. While this is useful for forensic scientists it also provides another vector attack for threat actors.
66. What is another term used for a security weakness? A. vulnerability
67. What is the core principle behind RADIUS? A. Distributed security
68. What is the difference between a feature phone and a smartphone? A. An example of a feature phone would be a Motorola flip phone from the ’90s. These phones were capable of taking pictures or sending text messages (single features). However, they had limited computing power.
A smartphone has a robust CPU, GPU, and networking capability. Thus, it can handle application software as well as complex computing tasks.
69. What is the difference between a key escrow and a recovery agent? (Choose all that apply.) A. The latter is primarily for helping internal users
The former is primarily for third party access to data
70. What is the Internet of Things (IoT)? A. The ITU-T defines the Internet of things as, “A global infrastructure for the information society, enabling advanced services by interconnecting (physical and virtual) things based on existing and evolving interoperable information and communication technologies.” While this definition can include things like laptops, notebooks, and desktops it is used more frequently to describe the networking of smart appliances, cars, HVAC systems, e.t.c.
71. What kind of attack allows for the construction of LDAP statements based on user input statements, which can then be used to access the LDAP database or modify the database’s information? A. LDAP injection
72. What protocol offers the capability to deploy RADIUS in an Ethernet network? A. Extensible Authentication Protocol (EAP)
73. What specific way can disaster recovery plans be tested? A. tabletop exercises
74. What term is used to describe a documentation of control over evidence, which is used to ensure that no unauthorized person was given the opportunity to corrupt the evidence? A. chain of custody
75. What type of assessment can determine if a system contains PII, whether a privacy impact assessment is required, and if any other privacy requirements apply to the IT system? A. privacy threshold
76. What type of attack involves using every possible combination of letters, numbers, and characters to create candidate digests that are then matched against those in a stolen digest file? A. Brute force
77. What type of computer can forward RADIUS messages between RADIUS clients and RADIUS servers? A. RADIUS proxy
78. What type of technology can add geographical identification data to media such as digital photos taken on a mobile device? A. GPS tagging
79. What variation of a dictionary attack involves a dictionary attack combined with a brute force attack, and will slightly alter dictionary words by adding numbers to the end of the password, spelling words backward, slightly misspelling words, or including special characters? A. hybrid
80. What will be the available drive space in a RAID 5 configured system with 3 250GB hard drives? A. 500 GB
81. When data is collected for a forensic investigation, what order should be followed? A. Order of volatility
82. When does a company need to identify mission-critical business functions and quantify the impact a loss of such functions may have on the organization in terms of its operational and financial position, what should be performed? A. business impact analysis
83. When reviewing the local copy of a file that has been backed up, you notice that the archive bit has not reset. What does that indicate? A. Differential backup
84. Which enterprise deployment model requires employees to choose from a selection of company-owned and approved devices? A. COPE
85. Which is the term for a computer typically located in an area with limited security and loaded with software and data files that appear to be authentic, yet they are imitations of real data files? A. honeypot
86. Which method of port scanning is the most popular? A. TCP SYN scanning
87. Which of the following are both an access server and also a system of distributed security that secures remote access against improper attempts? A. RADIUS – Remote Authentication Dial In User Service
89. Which of the following are characteristics of spyware? (Choose all that apply.) A. Secretly collects information about users
Negatively affects confidentiality
Negatively affects availably
Tracking cookies and browser history can be used by spyware
It is greyware
90. Which of the following are zombie armies formed by a number of innocent hosts set up to perform malicious operations? A. Botnets
91. Which of the following can replace using radio frequency (RF) for the communication media? A. infrared
92. Which of the following involves deploying a large number of compromised hosts to flood a target system? A. DDoS
93. Which of the following is a form of delayed-execution virus? A. Logic bomb
94. Which of the following is a is a two-way relationship that is automatically created between parent and child domains in a Microsoft Active Directory forest? A. transitive trust
95. Which of the following is a valid data sensitivity labeling and handling category? (Choose all that apply.) A. confidential
proprietary
96. Which of the following is true concerning vulnerability scanning? (Choose all that apply.) A. Some scanning attempts may be credentialed while some may be non-credentialed.
97. Which of the following is used to replicate attacks during a vulnerability assessment by providing a structure of exploits and monitoring tools? A. exploitation framework
98. Which of the following is usually bundled as a hidden component of a freeware? A. Spyware
99. Which of the following MAINLY applies to email that appears to be sent from a legitimate business? A. Phishing
100. Which of these access control models is the most restrictive? A. Mandatory Access Control (MAC)
101. Which of these access modules gives the user total control over an object? A. Discretionary Access Control (DAC)
102. Which RAID types would use a minimum of four hard drives? (Choose all that apply). A. 6
5.1
10
103. Which tester has an in-depth knowledge of the network and systems being tested, including network diagrams, IP addresses, and even the source code of custom applications? A. white box
104. While evaluating network solutions for mission-essential functions you see a provider claiming a yearly downtime of 31.5 seconds. Which choice would be used to classify uptime? A. 99.9999
105. Why should redundant networks be implemented in many enterprise environments? A. Due to the critical nature of connectivity today, redundant networks also may be necessary. A redundant network waits in the background during normal operations and uses a replication scheme to keep its copy of the live network information current. If a disaster occurs, the redundant network automatically launches so that it is transparent to users. A redundant network ensures that network services are always accessible. Thus, a redundant network is one of the key items that can protect against data and/or time loss.
106. You are reviewing backup solutions. Which choice summarizes the process of creating a series of data reference markers at a specific time? A. CDP – continuous data protection (CDP).
107. You have been asked to implement a backup strategy for your organizatioin. the solution would provide real-time immediate data recovery in the event of system failure. Select the appropriate solution. A. CDP – continuous data protection (CDP).
Other Links:
See other websites for quiz:
Check on QUIZLET