Final Amrita's copy

Which of the following is a motherboard chip that provides cryptographic services?

Trusted platform module

Which of the following is an authentication system that uses UDP over TCP?

RADIUS.

In an interview, you are asked to compare the following statements regarding different authentication concepts and identify the correct statement. Which of the following statements is correct?

A person's vein can be used to uniquely authenticate an individual.

Which of the following authentication methods belongs in the "something you have" category?

Security key

Which of the following is an authentication system that issues a ticket after verifying the credentials by which you can authenticate other services?

Kerberos

Your enterprise recently approved using fingerprint scanners to authenticate employees who access restricted areas. You are assigned to conduct a study on how secure fingerprint authentication is. Which of the following should you report?

Fingerprint scanners can be used for trickery in rare cases.

The following data is being used for a password attack: "?u ?l ?l ?l ?l ?d ?d ?d ?d."
Which of the following types of attack is this?

Rule attack

Which of the following best describes skimming?

Capturing information from the magnetic stripe of a smartcard

You are a cyber forensic specialist, and you are asked to retrieve the password of an employee account suspected of being an imposter. As you are provided with the enterprise's strong password policy, which of the following methods will be the easiest for you to use when retrieving the password?

Rule attack

In an interview, you were asked to explain the steps involved in a successful authentication by a RADIUS server. How should you answer?

The supplicant sends a request to the access point (AP). The AP prompts the user for credentials. Once credentials are entered, the AP sends an authentication request to the RADIUS server. If verified, the server sends the authentication acknowledgment to the AP. The user is then authorized to join the network.

In a multifactor authentication-enabled facility, you are asked the following question: "What type of food was served on your child's first birthday?" Which of the following is the authentication method used here?

Cognitive biometrics

An attacker collected many usernames from a website and tried to login into the accounts using the password "passw0rd". What type of attack was this?

Password spraying

Which of the following is an example of evidence collected from metadata?

Time stamp

You are a cybersecurity forensic analyst. When conducting an investigation, which of the following actions should you perform first to ensure the highest chance of success in the investigation?

Secure the evidence

In an interview, you are asked to explain why software forensic tools are used more than forensic hardware workstations. How should you reply?

Forensic hardware workstations are more expensive than forensic software tools.

Which of the following attack frameworks illustrate that attacks are an integrated end-to-end process, and disrupting any one of the steps will interrupt the entire attack process?

Cyber Kill Chain

The devices in your enterprise are configured with mandatory access control in which salaries.xlsx is labeled "secret," transactions.xlsx is labeled "top secret," and employees.xlsx is labeled "confidential." You were asked to configure the user clearance so that User A can access all three files, while User B can only access employees.xlsx.

How should you configure the user clearance?

User A: top secret; User B: confidential

Which of the following access control schemes is most secure?

Mandatory access control

Primary investigation after an enterprise security breach revealed that the breach was caused by an unauthorized device physically connected to the enterprise network. Which of the following logs should you examine first while conducting a detailed investigation?

DHCP server logs

Containment is most effective when the network is properly designed. Which of the following contributes to effective network design?

Network segmentation

Which of the following is a legal complication related to forensics that should be considered when creating a cloud platform?

Jurisdictional applicability

You are working as a security admin in an enterprise and have been asked to choose an access control method so that all users can access multiple systems without crossing their limit of access. Which of the following access control methods is the best fit?

Rule-based access control

You are a cybersecurity investigator and you're asked to query log files for faster analysis. Which of the following log management tools should you use?

journalctl

You are a senior security admin in your enterprise. You have been asked to perform an incident response exercise so that you and your colleagues can analyze every possible scenario in case of an attack in the most realistic manner.

Which of the following actions should you take?

You should run a plausible simulated attack on the network.

Who ensures the enterprise complies with data privacy laws and its own privacy policies?

Data privacy officer

Which of the following is a hardware-based solution for password security?

Password key

In an interview, you were asked to crack a password and told that the password is a commonly used word. Which of the following methods should you apply?

You should perform a dictionary attack.

Which of the following best describes a preimage attack?

Comparing a known digest with an unknown digest

In an interview, you were asked to choose the least vulnerable password from the following list. Which of the following should you choose?

earthwaterforesttreemanworldkid

You are working as a security admin in an enterprise. While you were analyzing different password attacks, you found that whenever an individual user's password gets cracked, another user with the same password residing in the same password digest file also has their account compromised. How should you prevent this from happening in the future?

You should add salt to the passwords before hashing.

The following statements regarding centralized administration concepts are presented to you in an interview in which only one of them is correct. Which of these is correct?

Extensible authentication protocol is a framework to transport authentication protocols.

Windows picture password belongs to which of the following?

Cognitive biometrics

You want to manage your passwords for different accounts to optimally secure passwords from compromise. Which of the following password management methods should you use?

Password key

You are asked to choose a secure authentication method other than a username and password for the employees to access your enterprise's database. Which of the following should you choose?

Security key authentication

While talking to a new client, the client asked you why access control is mostly used in enterprise networks rather than home networks.

How should you reply?

An enterprise network will have more sensitive and confidential information.

Which of the following is performed during the incident response phase?

Making configuration changes

In a security meeting, you were asked about which response method would require less manual intervention per response. Which of the following should you choose?

Runbook

Which of the following helps achieve data privacy in an enterprise network?

Access control schemes

Why are mobile devices critical to a digital forensics investigation?

Mobile devices are almost continually in a user's possession.

You are performing digital forensics in an enterprise that recently experienced a security breach. You successfully retrieved all volatile data, and your next focus is hard drives. How should you collect evidence from the hard drives without tainting any evidence?

Use mirror image backups

In a security meeting, you are asked to suggest access control schemes in which you have high flexibility when configuring access to the enterprise resources.

Which of the following should you suggest?

Attribute-based access control

Which of the following log management tools has content filtering?

syslog-ng

You are a data steward. You have been asked to restrict User A, who has an access clearance of "top secret" in a MAC-enabled network, from accessing files with the access label "secret." This, in turn, does not affect any other user.

What action should you take?

Change the access clearance of User A to "confidential"

Sam is working as a cybersecurity expert. An enterprise that manages nuclear powerplants approached Sam's company to install an authentication facility for its employees when they access the nuclear plant. The enterprise is demanding multifactor authentication with high security, lowest false acceptance rate, and lowest false rejection rates.

Which of the following authentication methods should Sam apply?

PIN and gait recognition

Which of the following human characteristic is used for authentication?

Veins

Which of the following can protect a password digest from attackers?

Argon2

You want to implement an authentication method so that different password attacks, like dictionary attacks, brute force attacks, etc., will not result in unauthorized access to the web application hosted by your enterprise. You want to do this by not using any specialized hardware or making any changes to the user's activity during the authentication process. Which of the following methods should you apply?

You should implement keystroke dynamics.

How does the single sign-on enhance secure authentication?

Implementing a single sign-on will reduce the number of passwords needing to be remembered.

Which of the following network-based device logs are the least important when performing an incident investigation?

Routers and Switches

Your enterprise devices are configured with mandatory access control. How should you control user access so that files with a "top secret" label cannot be accessed by any users while "secret" files remain accessible?

You should set the clearance of all users to "secret."

Windows switches to Secure Desktop Mode when the UAC prompt appears. What is the objective of Secure Desktop Mode?

To prevent malware from tricking users by spoofing what appears on the screen

In a security review meeting, you are asked to make sure that the cybersecurity team is constantly updated on the tactics used by threat actors when they interact with systems during an attack. To which of the following attack frameworks will you refer to meet the goal?

MITRE ATT&CK

Who implements access control based on the security level determined by the data owner?

Data custodian

While analyzing a security breach, you found the attacker followed these attack patterns:

The attacker initially tried the commonly used password "passw0rd" on all enterprise user accounts and then started trying various intelligible words like "passive," "partner," etc.

Which of the following attacks was performed by the attacker?

Initially, a password spraying attack and then a dictionary attack.

In a security review meeting, you proposed using a windowed token with a time-based one-time password (TOTP) to authenticate enterprise employees, and you were asked to explain the working of TOTP.

Which of the following should be your reply?

With a windowed token with TOTP, a one-time code is generated by the windowed token using a specific algorithm. The server generates the code using the same algorithm. The user enters the code generated by the windowed token. The user is authenticated if the codes match.

Ram's enterprise is hosting a web app that requires authentication. Recently, the password digest files of other enterprises were stolen, and the attackers cracked the passwords with ease. As such, Ram was asked to implement additional security measures for the web app's passwords. Which of the following methods should Ram apply?

He should use Key stretching.

You are working as a security expert in an e-commerce enterprise. Your company recently decided on a short-term collaboration with a small business named BuyMe, and the following issue arose. Whenever your customers purchase any product from BuyMe, the e-commerce website redirects them to the BuyMe website, asking for additional authentication. This results in customers abandoning their purchases. To solve this issue, both enterprises agree to use a single authentication process wherein the users, once logged in to your website, can purchase from BuyMe without additional steps.

How should you implement this without storing the customers' credentials on the BuyMe server?

Use SAML

In an interview, Tom was asked to give a brief on how containers perform virtualization. How should Tom reply?

Containers use OS components for virtualization

Marnus is working as a cloud administrator, and he has been asked to perform segmentation on specific cloud networks. Which of the following should be done by Marnus?

Create network rules for the services permitted between accessible zones to make sure endpoints belonging to other approved zones can reach them.

What is a Type I hypervisor?

A hypervisor that runs directly on computer hardware

David is asked to test a new configuration on a virtual machine; if it does not work, it should roll back to the older state. What should David do before testing the new configuration so he can roll it back to the previous state if needed?

Take a snapshot of the virtual machine before loading the configuration

In a practical test, Steve was asked to securely connect different on-premises computing devices with a database deployed in the cloud. What action is Steve taking?

Creating a virtual network

You are a cloud administrator, and you are asked to configure a VPC such that backend servers are not publicly accessible. What should you do to achieve this goal?

Use private subnets for backend servers

Which of the following is a feature of secrets management?

Default encryption

Which of the following protects SNMP-managed devices from unauthorized access?

Community string

In an interview, you are asked about the role played by virtual machines in load balancing. Which of the following should be your reply?

If the virtual machine's load increases, the virtual machine can be migrated to another physical machine with more capabilities.

In an interview, you were asked to briefly describe how emails containing malware or other contents are prevented from being delivered. Which of the following should be your reply?

Mail gateways prevent unwanted mails from being delivered.

Kane was transferring files from a file transfer protocol (FTP) server to his local machine simultaneously. He sniffed the traffic to find that only the control port commands are encrypted, and the data port is not encrypted. What protocol did Kane use to transfer the files?

FTPS

Which of the following tools can be used for virtual machine sprawl avoidance?

Virtual machine manager

What type of APs can be managed by wireless LAN controllers (WLCs)?

Controller AP

Sam is asked to help his company design a wireless network for their new location.

Which of the following protocols has the strongest wireless security, supports a longer bit of encryption, and improved interaction capabilities with the internet of things (IoT) devices?

WPA3

Which probe is designed exclusively to monitor the RF for transmissions and can only monitor the airwaves?

Dedicated probe

In which type of RFID attack can unauthorized users listen to communications between RFID tags and readers?

Eavesdropping

Sherlin is the owner of a cosmetics store. She wanted to introduce a wireless network in the store, but her IT department was against it. Sherlin ended up purchasing an inexpensive wireless router and secretly connected it to the wired network. Unfortunately, this unknowingly provided open access to the wireless signal.

What type of attack has Sherlin made her store's network vulnerable to?

Rogue access point

Which of the following statements correctly defines jamming?

An attacker intentionally floods the RF spectrum with extraneous RF signal "noise" that creates interference and prevents communications.

John is instructed by his CEO to introduce an employee attendance system that replaces the current manual-sign register. The organization doesn't allow personal electronic devices into the premises.

What method should John use for this system?

RFID

Which type of attack can give an attacker access to a device and allow them to copy personal information using an unauthorized radio frequency connection?

Bluesnarfing

Which of the following attacks is considered easy, allowing threat actors to access user data and read through passwords and PINs, and why is it considered so?

A WLAN consumer attack, because many users fail to properly configure security on their home WLANs.

Bob has been asked to do research into increasing the accuracy in identifying rogue APs in his enterprise. Which rogue AP system detection probe will allow his company's IT department to monitor the airwaves for traffic, scan and record wireless signals within its range (even when the device is idle or not receiving any transmission), and then report this information to a centralized database?

Wireless device probe

Which technology under wireless communication is an integrated circuit that securely stores information used to identify and authenticate an IoT device?

Subscriber identity module

Which wireless technology will John use to provide wide-range cellular service that focuses on indoor coverage, low cost, long battery life, high connection density, and has a low-power wide-area network?

Narrowband IoT

Which type of wireless attack is designed to capture wireless transmissions coming from legitimate users?

Evil twin

You decided to test a potential malware application by sandboxing. However, you want to ensure that if the application is infected, it will not affect the host operating system. What should you do to ensure that the host OS is protected?

Implement virtual machine escape protection

Which of the following protocols can make accessing data using man-in-the-middle attacks difficult while web browsing?

IPv6

Pat is asked to automate critical security functions like responding to detected threat patterns in an enterprise network. Which of the following should be done by Pat?

Use software-defined visibility

Which of the following is the most versatile cloud model?

IaaS

Which of the following protocols can be used for secure video and voice calling?

SRTP

Which of the following protocol can be used for secure routing and switching?

IPsec

Which of the following tools can be used to secure multiple VMs?

Firewall virtual appliance

Which of the following can be achieved using availability zones in cloud computing?

Fault tolerance

Which of the following packets contains the field that indicates the function of the packet and an identifier field used to match requests and responses and the type of data being transported along with the data itself?

EAP packet

Which of the following differentiates an access point probe and a dedicated probe?

A dedicated probe only monitors RF transmissions, while an access point probe can serve as both a probe and an access point that can provide roaming to wireless users.

Why are jamming attacks generally rare?

They require expensive, sophisticated equipment

Which security protocol encrypts transmissions by using a shared secret key combined with an initialization vector (IV) that changes each time a packet is encrypted?

WEP

Melvin is moving his small business from his basement to an office building now that he has five full-time employees. What type of enterprise AP should he choose when setting up the new office's WLAN?

FAT AP

Your enterprise recently decided to hire new employees as work-from-home interns. For the new employees to work from home, you need to create a network that will allow them to securely access enterprise data from remote locations.

Which technology should you use?

VPN

Which of the following tools can be used to protect containers from attack?

Security-Enhanced Linux

Zain, a telecom engineer, plans to relocate a particular AP antenna to a new location. Which of the following configuration options will he use to adjust frequency bands, optimum channels, and available spectrum for data transfer?

Spectrum selection

John is instructed by his CEO to introduce an employee attendance system that replaces the current manual-sign register. The organization doesn't allow personal electronic devices into the premises.

What method should John use for this system?

RFID

Justin works for an automobile manufacturer. The company is designing a new car that enables the users to use the car as a mobile office. To achieve this, the car must have a hands-free system where drivers can use voice controls to browse their phone's contact list, make and receive hands-free phone calls, mirror a smartphone screen on the LED dash display, and use navigation and entertainment apps.

Which technology should he use and why?

Bluetooth, because it can be used to pair devices, allowing for hands-free and screen mirroring features.