Multiple Choice Identify the choice that best completes the statement or
answers the question.
|
|
|
1.
|
A threat actor has gained administrative access to a
system and achieved the goal of controlling the system for a future DDoS attack by establishing a
communication channel with a CnC owned by the threat actor. Which phase in the Cyber Kill Chain model
describes the situation?
a. | exploitation | c. | delivery | b. | command and control | d. | action on objectives |
|
|
|
2.
|
Which term is used for
describing automated queries that are useful for adding efficiency to the cyberoperations workflow?
a. | rootkit
| c. | chain of custody
| b. | cyber kill chain
| d. | playbook |
|
|
|
3.
|
When a user visits an online
store website that uses HTTPS, the user browser queries the CA for a CRL. What is the purpose of this
query?
a. | to negotiate the best encryption to
use
| c. | to check the
length of key used for the digital certificate
| b. | to request the CA self-signed digital
certificate
| d. | to verify the validity of the
digital certificate |
|
|
|
4.
|
Which statement describes the
state of the administrator and guest accounts after a user installs Windows desktop version to a new
computer?
a. | By default, both the administrator
and guest accounts are enabled. | c. | By default, the administrator account is enabled but the guest account is
disabled. | b. | By default, the guest account is enabled but the administrator account is
disabled. | d. | By default, both the administrator
and guest accounts are disabled. |
|
|
|
5.
|
According to NIST, which step
in the digital forensics process involves preparing and presenting information that resulted from scrutinizing
data?
a. | reporting | c. | analysis | b. | collection | d. | examination |
|
|
|
6.
|
What is indicated by a true
negative security alert classification?
a. | Normal traffic is correctly ignored
and erroneous alerts are not being issued | c. | An alert is incorrectly issued and does not indicate an actual security
incident. | b. | An alert is verified to be an actual security
incident.
| d. | Exploits are not being detected by
the security systems that are in place. |
|
|
|
7.
|
The exhibit consists of a rectangular box containing the command
tcpdump, which has been issued with options. The output of that command is also
shown. Refer to the exhibit. A
network security specialist issues the command tcpdump to capture events. What does the number 6337
indicate?
a. | the port that tcpdump is listening
to | c. | the process id of the tcpdump
command | b. | the Snort signature id that tcpdump will watch and
capture | d. | the number of transactions currently
captured |
|
|
|
8.
|
What is the result of using
security devices that include HTTPS
decryption and inspection services?
a. | The devices introduce processing
delays and privacy issues. | c. | The devices require continuous monitoring and fine
tuning. | b. | The devices must have preconfigured usernames and passwords for all
users. | d. | Monthly service contracts with reputable web filtering
sites can be costly. |
|
|
|
9.
|
Which technology might
increase the security challenge to
the implementation of IoT in an enterprise environment?
a. | CPU processing
speed | c. | cloud
computing | b. | data storage | d. | network bandwidth |
|
|
|
10.
|
In which situation is an
asymmetric key algorithm
used?
a. | User data is transmitted across the
network after a VPN is established. | c. | A network administrator connects to a Cisco router with
SSH. | b. | Two Cisco routers authenticate each other with
CHAP. | d. | An office manager encrypts confidential files before
saving them to a removable device. |
|
|
|
11.
|
Because of implemented
security controls, a user can only
access a server with FTP. Which AAA component accomplishes this?
a. | authorization | d. | auditing | b. | accessibility | e. | authentication | c. | accounting |
|
|
|
12.
|
Refer to the exhibit. A cybersecurity analyst is viewing captured packets
forwarded on switch S1. Which
device has the MAC address d8:cb:8a:5c:d5:8a?
a. | router
ISP | d. | web
server | b. | router DG | e. | PC-A | c. | DNS server |
|
|
|
13.
|
Based on the command output
shown, which file permission or permissions have been assigned to the other user group for the
data.txt file? ls –l data.txt -rwxrw-r-- sales staff 1028 May 28 15:50 data.txt
a. | full
access | c. | read, write,
execute | b. | read, write | d. | read |
|
|
|
14.
|
Why would a network
administrator choose Linux as an operating system in the Security Operations Center
(SOC)?
a. | The administrator has control over
specific security functions, but not standard applications. | c. | More network applications are created for this
environment. | b. | It is easier to use than other server operating
systems. | d. | It can be acquired at no
charge. |
|
Multiple Response Identify one or more choices that best complete the
statement or answer the question.
|
|
|
15.
|
What are two advantages of
using the community VERIS database?
(Choose two.)
|
|
|
16.
|
When dealing with security
threats and using the Cyber Kill Chain model, which two approaches can an organization use to block a
potential back door creation? (Choose two.)
|
|
|
17.
|
What are three functions
provided by the syslog service? (Choose three.)
|
|
|
18.
|
A company implements a security
policy that ensures that a file
sent from the headquarters office to the branch office can only be opened with a predetermined
code. This code is changed every day. Which two algorithms can be used to achieve this task?
(Choose two.)
|
|
|
19.
|
Which two statements describe
access attacks? (Choose
two.)
|
|
|
20.
|
Which two statements are
characteristics of a virus?
(Choose two.)
|
|
|
21.
|
What are three
responsibilities of the
transport layer? (Choose three.)
|
|
|
22.
|
Which two net commands are
associated with network resource
sharing? (Choose two.)
|
|
|
23.
|
Which three are major
categories of elements in a security operations center? (Choose three.)
|