A security specialist is tasked to ensure that files transmitted between the headquarters office and the branch office are not altered during transmission. Which two algorithms can be used to achieve this task? (Choose two.)
3DES
HMAC
AES
SHA-1
MD5
What technology has a function of using trusted third-party protocols to issue credentials that are accepted as an authoritative identity?
hashing algorithms
digital signatures
symmetric keys
PKI certificates
What are the two important components of a public key infrastructure (PKI) used in network security? (Choose two.)
symmetric encryption algorithms
certificate authority
intrusion prevention system
digital certificates
pre-shared key generation
Which statement describes statistical data in network security monitoring processes?
It shows the results of network activities between network hosts.
It contains conversations between network hosts.
It is created through an analysis of other forms of network data.
It lists each alert message along with statistical information.
How does a web proxy device provide data loss prevention (DLP) for an enterprise?
by checking the reputation of external web servers
by functioning as a firewall
by inspecting incoming traffic for potential exploits
by scanning and logging outgoing traffic
Which capability is provided by the aggregation function in SIEM?
reducing the volume of event data by consolidating duplicate event records
searching logs and event records of multiple sources for more complete forensic analysis
presenting correlated and aggregated event data in real-time monitoring
increasing speed of detection and reaction to security threats by examining logs from many systems and applications
Which SIEM function is associated with speeding up detection of security threats by examining logs and events from different systems?
forensic analysis
retention
correlation
aggregation
Which algorithm is used to automatically generate a shared secret for two systems to use in establishing an IPsec VPN?
SSL
DES
AH
DH
ESP
Which statement describes the Software-Optimized Encryption Algorithm (SEAL)?
It uses a 112-bit encryption key.
It requires more CPU resources than software-based AES does.
It is an example of an asymmetric algorithm.
SEAL is a stream cipher
What technology allows users to verify the identity of a website and to trust code that is downloaded from the Internet?
encryption
asymmetric key algorithm
digital signature
hash algorithm
The IT company is recommending the use of PKI applications. In which two instances might the entrepreneur make use of PKIs? (Choose two.)
802 is authentication
HTTPS web service
FTP transfers
Local NTP server
File and directory access permission
What is the term used to describe an email that is targeting a specific person employed at a financial institution?
spam
spyware
vishing
target phishing
spear phishing
What type of malware has the primary objective of spreading across the network?
virus
worm
Trojan horse
botnet
Which type of Trojan horse security breach uses the computer of the victim as the source device to launch other attacks?
DoS
FTP
data-sending
proxy
A company pays a significant sum of money to hackers in order to regain control of an email and data server. Which type of security attack was used by the hackers?
ransomware
What is the term used when a malicious party sends a fraudulent email disguised as being from a legitimate, trusted source?
Trojan
phishing
backdoor
A user is curious about how someone might know a computer has been infected with malware. What are two common malware behaviors? (Choose two.)
The computer emits a hissing sound every time the pencil sharpener is used.
The computer freezes and requires reboots
No sound emits when an audio CD is played
The computer gets increasingly slower to respond
The computer beeps once during the boot process.
Why would a rootkit be used by a hacker?
to gain access to a device without being detected
to do reconnaissance
to reverse engineer binary files
to try to guess a password
Which access attack method involves a software program that attempts to discover a system password by the use of an electronic dictionary?
packet sniffer attack
denial of service attack
buffer overflow attack
brute-force attack
port redirection attack
IP spoofing attack
What are two evasion methods used by hackers? (Choose two.)
scanning
access attack
resource exhaustion
Which type of hacker is motivated to protest against political and social issues?
cybercriminal
script kiddie
vulnerability broker
hacktivist
What is a significant characteristic of virus malware?
Virus malware is only distributed over the Internet.
Once installed on a host system, a virus will automatically propagate itself to other systems.
A virus is triggered by an event on the host system.
A virus can execute independently of the host system.
What are three techniques used in social engineering attacks? (Choose three.)
pretexting
buffer overflow
man-in-the-middle
sending junk email
What are two purposes of launching a reconnaissance attack on a network? (Choose two.)
to retrieve and modify data
to scan for accessibility
to escalate access privileges
to prevent other users from accessing the system
to gather information about the network and devices
What is a main purpose of launching an access attack on network systems?
to scan for accessible networks
to gather information about the network
to retrieve data
What is a characteristic of a Trojan horse as it relates to network security?
Extreme quantities of data are sent to a particular network device interface.
An electronic dictionary is used to obtain a password to be used to infiltrate a key network device.
Too much information is destined for a particular memory block, causing additional memory areas to be affected.
Malware is contained in a seemingly legitimate executable program.
In which TCP attack is the cybercriminal attempting to overwhelm a target host with half-open TCP connections?
reset attack
session hijacking attack
port scan attack
SYN flood attack
Use the following scenario to answer the questions. A company has just had a cybersecurity incident. The threat actor appeared to have a goal of network disruption and appeared to use a common security hack tool that overwhelmed a particular server with a large amount of traffic, which rendered the server inoperable. Which type of attack was achieved?
Access
DDoS
Social engineering
Use the following scenario to answer the questions. A company has just had a cybersecurity incident. The threat actor appeared to have a goal of network disruption and appeared to use a common security hack tool that overwhelmed a particular server with a large amount of traffic, which rendered the server inoperable. What would be the threat attribution in this case?
Evaluating the server alert data
Obtaining the most volatile evidence
Determining who is responsible for the attack
Reporting the incident to the proper authorities
What component of a security policy explicitly defines the type of traffic allowed on a network and what users are allowed and not allowed to do?
password policies
identification and authentication policies
remote access policies
acceptable use policies
Which AAA component can be established using token cards?
authorization
authentication
auditing
accounting
What service determines which resources a user can access along with the operations that a user can perform?
biometric
token
A web server administrator is configuring access settings to require users to authenticate first before accessing certain web pages. Which requirement of information security is addressed through the configuration?
availability
confidentiality
integrity
scalability
A company has a file server that shares a folder named Public. The network security policy specifies that the Public folder is assigned Read-Only rights to anyone who can log into the server while the Edit rights are assigned only to the network admin group. Which component is addressed in the AAA network service framework?
automation
A company is experiencing overwhelming visits to a main web server. The IT department is developing a plan to add a couple more web servers for load balancing and redundancy. Which requirement of information security is addressed by implementing the plan?
In a defense-in-depth approach, which three options must be identified to effectively defend a network against attacks? (Choose three.)
assets that need protection
location of attacker or attackers
total number of devices that attach to the wired and wireless network
threats to assets
vulnerabilities in the system
past security breaches
Which section of a security policy is used to specify that only authorized individuals should have access to enterprise data?
statement of authority
statement of scope
campus access policy
Internet access policy
identification and authentication policy
Which type of access control applies the strictest access control and is commonly used in military or mission critical applications?
mandatory access control (MAC)
discretionary access control (DAC)
attribute-based access control (ABAC)
Non-discretionary access control
In addressing a risk that has low potential impact and relatively high cost of mitigation or reduction, which strategy will accept the risk and its consequences?
risk reduction
risk avoidance
risk retention
risk sharing
Which criterion in the Base Metric Group Exploitability metrics reflects the proximity of the threat actor to the vulnerable component?
user interaction
attack vector
attack complexity
privileges required
Which statement describes the term attack surface?
It is the total sum of vulnerabilities in a system that is accessible to an attacker.
It is the group of hosts that experiences the same attack.
It is the network interface where attacks originate.
It is the total number of attacks toward an organization within a day.
What type of antimalware program is able to detect viruses by recognizing various characteristics of a known malware file?
behavior-based
agent-based
signature-based
heuristic-based
The IT security personnel of an organization notice that the web server deployed in the DMZ is frequently targeted by threat actors. The decision is made to implement a patch management system to manage the server. Which risk management strategy method is being used to respond to the identified risk?
For network systems, which management system addresses the inventory and control of hardware and software configurations?
asset management
vulnerability management
risk management
configuration management
Which type of antimalware software detects and mitigates malware by analyzing suspicious activities?
heuristics-based
packet-based
Which security procedure would be used on a Windows workstation to prevent access to a specific set of websites?
whitelisting
HIDS
blacklisting
baselining
Which two criteria in the Base Metric Group Exploitability metrics are associated with the complexity of attacks?
scope
What is a host-based intrusion detection system (HIDS)?
It identifies potential attacks and sends alerts but does not stop the traffic.
It detects and stops potential direct attacks but does not scan for malware.
It is an agentless system that scans files on a host for potential malware.
It combines the functionalities of antimalware applications with firewall protection.
In addressing an identified risk, which strategy aims to stop performing the activities that create risk?
Use the following scenario to answer the questions. A company has just had a cybersecurity incident. The threat actor or actors appeared to have a goal of network disruption and appeared to use a common security hack tool that overwhelmed a particular server with a large amount of traffic, which rendered the server inoperable.The security team at this company has removed the compromised server and preserved it with the security hack still embedded. What type of evidence is this?
Best
Classified
Corroborating
Indirect
What programs provide a complete audit trail of basic information about every IP flow forwarded on a device?
SPAN
Wireshark
NetFlow
SIEM
Grey Hat Hackers are
Commit crimes and do unethical things but not for personal gain or to cause damage. OR May compromise network and then disclose the problem so the organization can fix the problem.
wws
“Vulnerability Broker” Threat Actors
Discover exploits and report them to vendors, sometimes for prizes or rewards
Definition of the attack " Sniffer "
an application or device that can read, monitor, and capture network data exchanges and read network packets
What is the significant characteristic of worm malware?
Executes arbitrary code and installs itself in the memory of the infected device. Automatically replicates itself and spreads across the network from system to system. Components of a worm attack include an exploiting vulnerability, delivering a malicious payload, and self-propagation. Virus requires a host program to run, worms can run by themselves.
White Hat Hackers are
Ethical hackers who use their programming skills for good, ethical, and legal purposes. Perform penetration tests to discover vulnerabilities and report to developers before exploitation.
Black Hat Hackers are
Unethical criminals who violate security for personal gain, or for malicious reasons, such as attacking networks.
Types of attacks targeting IP:
ICMP attacks DoS attacks DDoS attacks Address spoofing attacks Man-in-the-middle attack (MITM) Session hijacking
