IS5403 Week 8 Post Assessment

An unskilled person who downloads automated attack software (i.e. open-source intelligence) and uses it to carry out attacks would be considered to be what type of threat actor?

• cracker
• organized criminal
• hactivist
• script kiddie

CORRECT 

An Advanced Persistent Threat is most commonly associated with what type of threat actor?

• insiders
• hactivists
• script kiddie
• nation state actors

CORRECT

How is confidentiality ensured using the IPsec VPN protocol?

• By using IPsec's Tunnel Mode.
• By using the Authentication Header (AH) protocol.
• By using the Encapsulating Security Payload (ESP) protocol.
• By using IPsec's Transport Mode.

INCORRECT

What encryption protocol is used for the WPA2 wireless standard?

• Galois/Counter with Cipher Block Chaining Message Authentication Code Protocol (GCMP)
• Counter Mode with Ecliptic Curve Block Message Authentication Code Protocol (ECBMP)
• Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP)
• Temporal Key Integrity Protocol (TKIP)

CORRECT

What are two items that are specifically part of the Secure DevOps methodology? (Choose two.)

•  user training
•  continuous integration
•  security automation
•  funding management

INCORRECT

How does a distributed denial of service attack differ from a regular denial of service attack?

• DDoS attacks generate fewer bogus requests by distributing the workload amongst clustered machines.
• DDoS attacks utilize authorized user access to infiltrate a network.
• DDoS attacks utilize many computers for making bogus requests, instead of just one.
• DDoS attacks have multiple targets that are all attacked simultaneously by a single source.

CORRECT

What statement accurately defines what a race condition is and how it might affect a computer?

• A race condition is when two programs attempt to access the hardware resources of a system at the same time, causing a bottleneck and slowing the system.
• A race condition results from the use of incorrect input data that causes a program to enter an unexpected loop.
• A race condition is the result of multiple exploits being used or attempted to gain access to a system, resulting in the faster and more effective method winning.
• A race condition occurs when concurrent threads of execution access a shared resource simultaneously, producing unintended consequences.

CORRECT

An attacker is attempting to generate data that has the same hash as a captured hash of a password. What type of attack is this?

• known-ciphertext attack
• birthday attack
• collision attack
• downgrade attack

CORRECT

Recently, a managed Cisco network switch in a publicly accessible closet experienced a crash, dropping all those that were connected to it. Based on logs recovered from a central logging system, you determine that the switch may have been flooded with spoofed MAC addresses, causing the memory available on the switch to be consumed. What feature could you implement to help prevent this from happening in the future?

• spanning-tree algorithm
• Access Control Lists (ACLs)
• port security
• port mirroring

CORRECT

What Linux/UNIX-based command interface and protocol can be used for securely accessing a remote computer?

• rlogin
• scp
• ssh
• rsh

CORRECT

What statement properly describes the propagation or circulation techniques utilized by a worm-type malware?

• A worm is spread through the sharing of an application that appears to have one function, but also has a malicious function.
• A worm spreads by the activation of an infected software product, and commonly uses macros.
• A worm utilizes application or operating system vulnerabilities to spread through a network.
• A worm is spread by tricking the user into interacting with their computer in such a way that the worm can propagate.

CORRECT

What type of fingerprint scanner requires that a user place their entire thumb or finger over a small oval window, which then takes an optical picture of the fingerprint?

• dynamic fingerprint scanner
• static fingerprint scanner
• digital fingerprint scanner
• automatic fingerprint scanner

CORRECT

What DNS vulnerability can be specifically addressed by utilizing Domain Name System Security Extensions (DNSSEC)?

• DNS looping
• DNS spoofing
• DNS hijacking
• DNS poisoning

CORRECT

What are two valid weaknesses of utilizing MAC filtering for controlling wireless network access?

•  MAC addresses are initially exchanged between wireless devices and the AP in unencrypted format.
•  Filtering by MAC address requires significant administrative overhead to maintain the list of allowed MACs.
•  The 48-bit MAC address does not have enough complexity to be secure.
•  MAC address filtering requires knowing all the MAC addresses that will be prevented from access.

CORRECT

The basic ROT13 cipher is an example of what kind of cipher algorithm?

• substitution cipher
• XOR cipher
• Beale cipher
• diffusion cipher

CORRECT

Of the two encryption modes supported by IPsec, what mode is more secure, and why?

• Tunnel mode, because the header and data portion of the packet are encrypted.
• Transport mode, because the data portion of each packet is encrypted.
• Tunnel mode, because the data portion of each packet is encrypted.
• Transport mode, because the header and data portion of the packet are encrypted.

CORRECT

Once a tester has penetrated a network and gained access, what is the tester's next step?

• Attempt to pivot or move around inside the network to other resources.
• Close the vulnerability for the target company.
• End the test and present the findings to the contracted company.
• Disconnect from the network and attempt to regain entry using a different method.

CORRECT

What statement regarding the use of load balancers on a network is NOT accurate?

• Servers behind load balancers often utilize a virtual IP address.
• Load balancers can only be used in an active-pass configuration.
• Load balancers can be used to hide HTTP error pages from users.
• Load balancers can be used to remove server identification headers from HTTP responses.

CORRECT

In multifactor authentication, a password is considered to be what element of authentication?

• Something you do.
• Something you know.
• Something you have.
• Something you are.

CORRECT

The Advanced Encryption Standard (AES) symmetric cipher uses how many rounds of substitution and re-arranging when utilizing a 256-bit key size?

• 9 rounds
• 18 rounds
• 24 rounds
• 13 rounds

CORRECT

When performing a vulnerability scan, what is NOT one of the things the scan looks for?

• A lack of proper security controls to establish a secure framework.
• The likelihood of zero-day malware attacks on the system.
• Any common misconfigurations that could compromise the system.
• The presence of vulnerabilities or security weaknesses.

CORRECT

What statement describes the Privacy Enhancement Mail (PEM) X.509 format?

• It is the standard file format for exporting certificates, and includes the public and private keys.
• It is one of a numbered set of 15 standards defined by RSA, and uses RSA public key algorithm and contains both public and private keys.
• It is designed to provide confidentiality and integrity to emails utilizing DER encoding.
• It is the preferred file format for creating certificates to authenticate mail applications, and contains public and private keys.

CORRECT

What does a component's mean time between failures (MTBF) value determine?

• It determines the exact time at which a component will fall out of warranty coverage.
• It refers to the average amount of times a component will fail before it is no longer usable.
• It determines the maximum amount of time an item should be left in service before it is replaced.
• It refers to the average amount of time until a component fails and cannot be repaired.

CORRECT

You are speaking to your CIO, and she has instructed you to ensure that the network is "five nines" in percentage of availability. What is the total yearly downtime that this allows?

• 8.76 hours
• 5.26 minutes
• 3.65 days
• 31.5 seconds

CORRECT

Consider the following network: PC1->Switch1->Switch2->PC2. When Switch1 receives a frame from PC1 intended for PC2, but does not have an entry in the MAC table for PC2, what happens?

• Switch1 attempts to locate PC2 by asking for MAC addresses on all connected ports, using targeted unicast traffic. This in turn triggers Switch2 to do the same if it does not know where the MAC is. Once the proper port is found, the frame is delivered.
• Switch1 broadcasts the frame out all connected ports. Switch2 will do the same if it too does not contain an entry for PC2, else the frame will be delivered to the port PC2 resides on.
• Switch1 attempts to locate the PC2 port, and creates a temporary switching loop in the process. Once the ensuing broadcast storm ends, the switch will have populated its MAC address table, and the frame will be forwarded on through Switch2 to PC2.
• Switch1 returns the frame to PC1 with a "frame undeliverable" message due to the MAC not being in the forwarding table. PC1 then initiates a MAC address discovery using ARP, and forwards the MAC information to the switch once it is found. The frame is then retransmitted.

CORRECT

What type of digital certificate is primarily used for Microsoft Exchange servers or unified communications?

• email digital certificate
• code signing digital certificate
• Subject Alternative Name (SAN) certificate
• wildcard digital certificate

CORRECT

You are an administrator for the site example.com, and would like to secure all the subdomains under example.com with a single SSL certificate. What type of certificate should you use?

• wildcard certificate
• SAN certificate
• self-signed certificate
• code signing certificate

CORRECT

What are two valid methods that could be used to prevent a replay attack? (Choose two.)

•  Timestamps can be utilized for all communication.
•  The MAC entries of computers requiring secure communications can be entered statically into the ARP table.
•  Both sides of communication could utilize random keys that are valid for limited periods of time.
•  An administrator can employ the use of a network hub, instead of a network switch.

CORRECT

What is not an item that a host based intrusion detection system (HIDS) is capable of monitoring?

• An attempt to access files on the local machine.
• A system call being made by running processes.
• All input and output communications on the host.
• An attempt to access remote network-shared files.

CORRECT

Once a system has been infected, what is the method of operation of a logic bomb malware program?

• The logic bomb silently captures and stores keystroke information, then passes the information on to an attacker.
• The logic bomb code lies dormant until a specific logical event triggers it, upon which data is deleted and/or the system is sabotaged.
• The logic bomb software passively tracks and monitors a user's activities until an attacker decides to "detonate" the bomb.
• The logic bomb opens or creates vulnerabilities on the running system, allowing an attacker to access the system remotely.

CORRECT

See Ch. 2: Malw

On Windows, how does the Mandatory Integrity Control (MIC) MAC implementation ensure data integrity?

• It controls access to securable objects through the use of security identifiers.
• It mediates access to files and records file access in an audit log.
• It repudiates changes made to a file without the proper access.
• It controls access to securable objects through the use of timestamps.

CORRECT

You are currently engaged in troubleshooting an active connection that is being cut off in mid-transmission each time an attempt is made to communicate. What type of program should you use to diagnose the problem with this transmission?

• port scanner
• data sanitizer
• honeypot software
• protocol analyzer

CORRECT

What block cipher mode of operation involves each ciphertext block being fed back into the encryption process to encrypt the next plaintext block?

• Galois/Counter (GCM)
• Cipher Block Chaining (CBC)
• Electronic Code Book (ECB)
• Counter (CTR)

CORRECT

What type of agreement serves as a contract between a vendor and a client that specifies what services will be provided, the responsibilities of each party, and any guarantees of service?

• Service Level Agreement (SLA)
• Blanket Purchase Agreement (BPA)
• Interconnection Security Agreement (ISA)
• Memorandum of Understanding (MOU)

CORRECT

What are the two different types of one-time password that can be created? (Choose two.)

•  HMAC based one-time password (HOTP)
•  source-based one time password (SOTP)
•  pad-based one time password (POTP)
•  time-based one time password (TOTP)

CORRECT

By creating a starting point for comparison purposes in order to apply targets and goals to measure success, what are you doing?

• Provisioning a marker.
• Establishing a baseline.
• Creating a measurement.
• Solidifying a goal.

INCORRECT

If a wireless attacker sends a Request to Send (RTS) frame with a duration field containing a very high value, what happens on the wireless network?

• Other wireless clients disassociate from the wireless network.
• The wireless clients will transmit a collision detection frame, causing all traffic to halt.
• All other wireless client devices on the network will be unable to transmit until their NAV value is 0.
• The access point will crash due to manipulation of the duration field.

CORRECT

In dealing with facial recognition technology, what term describes the rate at which imposters are recognized as legitimate users?

• true acceptance rate (TAR)
• crossover error rate (CER)
• false rejection rate (FRR)
• false acceptance rate (FAR)

CORRECT

A client PC on your company's network is attempting to browse to a vendor's web page on the Internet, but the computer goes to a malicious web page instead. What two utilities can you use to verify that the DNS records are correct for the web page? (Choose two.)

•  nslookup
•  dig
•  tracert
•  netstat

CORRECT

When discussing protections provided by cryptography, what does non-repudiation mean?

• Encrypted information can only be viewed by those who have been provided the key.
• Individuals are prevented from fraudulently denying that they were involved in a transaction.
• It means there is proof that the sender was legitimate and not an imposter.
• It means the encrypted information cannot be changed except by authorized users who have the key.

CORRECT

In the management of virtual machines, what are the risks associated with virtual machine sprawl?

• A guest operating system will consume the resources of the host, even when offline.
• A guest operating system may be vulnerable because it has not been maintained.
• A guest operating system will cease to function without management.
• A guest operating system may malfunction and damage the host computer.

CORRECT

In what type of security policy might you define the required minimal security configuration for servers on the network?

• server security policy
• network sensitivity policy
• antivirus policy
• acceptable use policy

CORRECT

When considering the proper storage of private keys, what statement is not accurate?

• Expired keys should be destroyed.
• Keys can be stored in hardware or software.
• Keys should be stored in files or folders that are password protected or encrypted.
• Copies of keys should be made for safe keeping.

CORRECT

When you are configuring password policy settings in Group Policy, what is the recommended setting for password reuse?

• 6 new passwords must be used before a reused password.
• 48 new passwords must be used before a reused password.
• 24 new passwords must be used before a reused password.
• 12 new passwords must be used before a reused password.

CORRECT

What two cryptographic transport protocols should not be used or are considered obsolete? (Choose two.)

•  SSL v2.0
•  TLS v1.1
•  TLS v1.2
•  SSL v3.0

CORRECT

Elliot's computer has a TPM chip, which was used to encrypt the contents of his hard drive. Due to a component failure on the motherboard, Elliot had to move the hard drive to a new computer, also with a TPM chip. What happens to the drive upon starting the computer?

• The drive's contents will be automatically available due to the presence of a TPM chip.
• Nothing; without the original TPM chip, the drive is essentially rendered useless.
• The drive will be unavailable until the recovery password is entered.
• The drive's contents will be wiped due to the new TPM chip not matching the old chip.

CORRECT

What EAP protocol supported by WPA2-Enterprise securely tunnels any credential form for authentication using TLS?

• EAP-TTLS
• EAP-FAST
• EAP-TLS
• PEAP

CORRECT

What statement correctly defines what a rainbow table is in relation to password attacks?

• A rainbow table is a compressed representation of cleartext passwords that are related and organized in a sequence.
• A rainbow table is a collection of rules designed to match potential password patterns that may be in use by a particular organization.
• A rainbow table contains a table of potential hash collisions that can be used to try and brute force a password.
• A rainbow table contains password masks that are used to guess passwords using a predetermined sequence.

CORRECT

What statement regarding the use of Software Defined Networking (SDN) is NOT accurate?

• In order to move through the network, traffic must first receive permission from the SDN controller.
• SDNs can be used to help capture data for NIDS and NIPS.
• Communication between the SDN controller and the SDN switches uses a standard protocol and application programing interface (API).
• SDN controllers and switches are limited to Layer 2 and Layer 3 of the OSI model.

CORRECT

The Secure Boot security standard is used in conjunction with what type of booting process firmware?

• Coreboot
• Basic Input/Output System (BIOS)
• Unified Extensible Firmware Interface (UEFI)
• OpenFirmware

CORRECT

What type of a social engineering attack attempts to trick a user via email or web page into surrendering private information, such as login information to financial websites?

• spam attack
• impersonation attack
• phishing attack
• watering hole attack

CORRECT

Your organization is planning to deploy wireless access points across their campus network, and you have been tasked with securing the installation. Currently, the design calls for a wireless network with many APs that are controlled by a single device, to allow centralized management. What type of APs will you be securing?

• standalone APs
• fat APs
• thin APs
• controller APs

CORRECT

What type of backup is considered to be an evidence-grade backup, because its accuracy meets evidence standards?

• bit-stream backup
• full backup
• differential backup
• incremental backup

CORRECT

If a company that employs a SCADA system comes under attack, and the SCADA system itself is affected, what are the risks?

• Minimal, as a SCADA system does not provide access to any other equipment in the network.
• The control systems managed by SCADA could malfunction, possibly causing damage to equipment.
• None, as SCADA is designed to be a supervisory system only, allowing control systems to be managed separately if affected.
• The organization may lose access to reports on control systems.

CORRECT

When dealing with the preservation of evidence, who should be responsible for processing the evidence?

• Only users with some level of computer experience.
• A designated supervisor in the affected company.
• Properly trained computer evidence specialists.
• Only law enforcement personnel.

CORRECT

What type of security control implements security in a defined structure and location?

• deterrent control
• preventative control
• security control
• physical control

CORRECT

What is not one of the more common security issues that should be planned for?

• weak security configurations
• data exfiltration
• inventory management
• unauthorized software

CORRECT

What feature of a mobile device management system could be used to restrict the use of an application containing confidential data to only a specific geographical area?

• location tracking
• geofencing
• digital locking
• Wi-Fi fencing

CORRECT

When deploying sensors, collectors, and filters, where should they be placed in the network?

• They should be placed where the stream of data is largest.
• At random locations throughout the network to gather a complete picture.
• They should only be placed in the low-traffic areas of the network.
• They should be placed at each server on the network.

CORRECT

What is a valid disadvantage of the use of a software firewall versus using a hardware firewall?

• A malware infection on the machine could compromise the software firewall processes.
• Software firewalls are harder to configure and maintain than a hardware firewall.
• Software firewalls cannot use stateless firewall settings.
• Software firewalls are often more expensive than deploying a hardware firewall.

CORRECT

Providing the minimum amount of privileges necessary to perform a job or function is known as what security principle?

• minimal privilege
• least privilege
• necessary privilege
• required privilege

CORRECT

Although change management involves all types of changes to information systems, what two major types of changes regarding security need to be properly documented? (Choose two.)

•  Any new employee or contractor hires that will be given access to the network.
•  The classification status of files or documents, such as a file being changed to confidential or top secret.
•  The renewal status of support contracts for used equipment and software.
•  Any change in system architecture, such as new servers, routers, or other equipment.

CORRECT

In a white box penetration test of a network, how much information is known to the tester, if any?

• The tester will have limited information of the network and systems tested.
• The tester will only be provided with the location of systems to be tested.
• The tester will have no prior knowledge of the network.
• The tester will have in-depth knowledge of the network and systems tested.

CORRECT

How does the use of the perfect forward secrecy key exchange method differ from other key exchange methods?

• Perfect forward secrecy utilizes elliptic curve cryptography instead of prime numbers in computation.
• Perfect forward secrecy involves the use of public key systems that generate random public keys that differ for each session.
• Perfect forward secrecy utilizes large prime numbers and a related integer agreed upon by two parties, and the key never changes.
• Perfect forward secrecy uses temporal keys that are used for a period of time and then discarded.

CORRECT

What statement is accurate in regards to adjusting frequency spectrum settings?

• On a dual band radio, both bands should be enabled even if one band is unused.
• Larger channels are less affected by wireless interference.
• Channel width determines how much spectrum is available to transfer data.
• APs should be configured to use the same channel as other nearby APs to ensure AP familiarity.

CORRECT

What is NOT an advantage of using job rotation in a complex business environment?

• It helps expose any potential avenues for fraud by having multiple individuals with different perspectives learn about a job.
• It limits the amount of time that individuals are in a position to manipulate security configurations.
• It reduces job training costs by ensuring everyone knows how to do everyone else's job.
• It reduces burnout in employees and increases employee satisfaction, motivation, and improves employee skills.

CORRECT

Identification of any single points of failure should be a key component in what important business tool?

• Probability of Failure Report (PFR)
• Mission Objectives Statement (MOS)
• Business Impact Analysis (BIA)
• Potential Risk Report (PRR)

CORRECT

What type of redundant site provides office space, but equipment necessary for continuing operations must be provided by the customer?

• cold site
• hybrid site
• hot site
• warm site

CORRECT

When using OAuth, how are a user's username and password received by a third party server.

• The username and password are used to create a certificate, which then is used to authenticate to the third party server.
• The username and password are replaced by a an authentication token, which is then used to gain access to the third party server.
• The username and password are forwarded directly to the third party server, which then verifies with an OAuth server.
• The username and password must be transmitted in clear text to the web application, which must then verify the credentials before giving access.

CORRECT

A Bluetooth piconet is an example of what type of network topology?

• ad hoc topology
• dynamic topology
• small network topology
• bus topology

CORRECT

You are involved in the creation of your company's employee offboarding policy. What statement reflects a good policy measure?

• Offboarded employee accounts remain active, but must have password changed after 7 days of employee's leave date.
• Offboarded employee accounts are immediately deleted.
• Offboarded employee accounts are immediately disabled.
• Offboarded employee accounts are handed over to supervisory employees within 7 days.

CORRECT

The Google Android OS Smart Lock feature is an example of what kind of authentication?

• application-aware authentication
• user state-aware authentication
• context-aware authentication
• open system authentication

CORRECT

What can be used to help ensure against employee perpetrated fraud against an employer?

• An employee geolocation tracking system.
• A non-disclosure agreement.
• A mandatory vacation policy.
• A clean desk policy.

CORRECT

What type of information security policy is often considered to be the most important policy?

• information sensitivity policy
• personal email policy
• acceptable use policy
• antivirus policy

CORRECT

You have been placed in charge of a large number of corporate firewalls and NIPs. Due to the volume of traffic, you would like to recommend the procurement of a product capable of real-time monitoring and management of security information with analysis and reporting of security events. What type of product is this?

• A Network Security Message Consolidator product.
• A Security and Information Event Management product.
• A Host-Based Security Log Aggregator product.
• A Centralized Security Monitoring System product.

CORRECT

What two statements describe methods that can be employed by armored viruses in order to avoid detection? (Choose two.)

•  Armored viruses will delete necessary system files to effectively disable the operating system before detection.
•  Armored viruses often masquerade as a legitimate program that performs a benign activity to avoid detection.
•  Armored viruses may mutate or change their code on the fly to avoid detection.
•  Armored viruses can use encrypted code pieces to assemble itself with the help of an infected program.

CORRECT

What type of malware specializes in avoiding detection by accessing lower layers of the operating system or by using undocumented functions to make alterations?

• rootkit
• Trojan
• ransomware
• adware

CORRECT

When might an industry-specific security framework or architecture be required for a company?

• The company operates nationally.
• The company's industry is regulated.
• The company operates internationally.
• The company's industry is non-regulated.

CORRECT

What is the most secure form of IEEE 802.1x authentication?

• certificate based
• MAC authentication
• pre-shared key
• token based

CORRECT

What statement best describes how an HMAC-based one-time password (HOTP) works?

• HOTPs are randomly generated at various intervals as the user accesses resources.
• HOTPs are created when the user consciously decides to create the HOTP.
• HOTPs are event-driven and change when specific events occur, such as when a user enters a personal identification number.
• HOTPs are time-driven and change when a timestamp expires, usually after an hour or so.

CORRECT

What type of cryptography provides security comparable to asymmetric encryption with significantly reduced computational power and with smaller key sizes?

• asymptotic cryptography
• elliptic curve cryptography
• symmetric encryption
• quadratic cryptography

CORRECT

Due to the sensitivity of the computer equipment your company has in its core network, you would like to shield these devices from electromagnetic pulses. What can you do to accomplish this?

• You can place the sensitive equipment underground.
• You can use electromagnetic dispersing devices to counter any EMPs.
• You can use a metallic enclosure known as a Faraday cage.
• You can add additional insulation to the walls in the server room.

CORRECT

What is NOT a component in the "AAA" framework used to control access to computer resources?

• Accounting
• Authorization
• Affiliation
• Authentication

CORRECT

Per your company's data destruction policy, you have been tasked with the destruction of data on a magnetic hard drive. The policy employed by your company specifies that you must destroy the drive by reducing or eliminating the magnetic fields present in the drive. What method should you use?

• You should utilize the purging data method built in to the operating system being used.
• You should perform a degaussing procedure on the drive.
• You should utilize a wiping utility, such as DBAN.
• You should perform a random write of 0s and 1s to the drive.

CORRECT

In mandatory access control, what are the two key elements used to grant permissions? (Choose two.)

•  levels
•  tags
•  markers
•  labels

CORRECT

You have been tasked with responding to a security incident involving the compromise of a manager's documents. You and your team have determined that the attacker involved copied files via a Bluetooth connection with the manager's unprotected cell phone. What kind of attack was this?

• bluesnarfing attack
• near field communication (NFC) attack
• bluesnatching attack
• bluejacking attack

CORRECT

When performing an audit, what is the process that looks at the applications that the user is provided, how frequently they are used, and how they are being used known as?

• time analysis and review
• recertification
• permission auditing and review
• usage auditing and review

CORRECT

What federation system technology uses federation standards to provide SSO and exchanging attributes?

• SSOnly
• OAuth
• Open ID Connect
• Shibboleth

CORRECT

When using application-based firewalls, what is NOT capable of being used to identify an application being used?

• payload analysis
• IP addresses
• header inspection
• pre-defined application signatures

CORRECT

An attack in which the attacker substitutes the return address in a program with a pointer to malicious code is an example of what kind of attack?

• buffer overflow attack
• memory leap attack
• integer overflow attack
• refactoring attack

CORRECT