Advanced Cybersecurity Midterm Practice

Confidentiality, Integrity, Availability (CIA)

What are often indented as the 3 main goals of security?

Implementing a dedicated Computer Incident Response Team (CIRT)

A large multination corporation has recently experience a significant data breach. The breach was ducted by an external cybersecurity firm, and the corporation's IT department was unable to prevent or detect the breach in its early stages. The CEO wants to ensure that such a breach does not happen again and is considering several option to enhance the company's security posture. What options would be the MOST effective in preventing and detecting future data breeches?

Confidentiality

A user copies files from her desktop computer to a USB flash device and puts the device into her pocket. What security risk is MOST pressing?

Adopting a Development and Operations (DevOps) approach

You are the Chief Information Security Officer (CISO) at a tech company. Your company if facing issues with silos between the development and operations teams, leading to inefficiencies and security vulnerabilities. What approach should you adopt to encourage and integrate security considerations at every stage of software development and deployment?

Integrity

Your computer system is a participant in an asymmetric cryptographic system. You've create a message to send to another user. Before transmission, you hash the message and encrypt the hash using your private key. You then attach this encrypted has to your message as a digital signature before sending it to the other user?

Managerial controls

What is method of implementation security controls?

Attack scale and velocity

What security challenges refers to the rapid and broad spread of an attack, often affecting a large number of computers in relatively short amount of time?

Establishing a Security Operations Officer (SOC)

You are Chief Information Security Officer (CISO) at a larger corporation. Your company is expanding rapidly and the complexity of managing security across different business function is increasing. You need a dedicated team to monitor and protect critical information assets across the organization. What would be the MOST effect solution?

Sophisticated attack

You are the head of the cybersecurity team at a large corporation. You notice an increase in network traffic that appears to be legitimate but is causing a slowdown in hour systems. Upon further inspection, you find that the traffic patterns very each time, making it difficult to distinguish form normal traffic. What security challenge are you MOST likely facing?

Technical control

You are the Chief Information Officer (CISO) at a large corporation. You have been tasked with implementing a new security control to protect sensitive customer data. The control must be able to automatically detect and prevent unauthorized access to the data. What control should you implement?

Partial control solution that is implemented when a control cannot fully meet a requirement

What BEST describes compensating controls?

Corrective

A company moved its office supplies to another room and instituted a new security system for entry. The company implemented this after a recent server outage. What category of security control BEST describes the function of this recent implementation?

Installation of surveillance camera

The chief security office (CSO) at a financial organization wants to implement additional detective security controls?

Deterrent

What type of control is used to discourage malicious actors from attempting to breach a network?

User awareness and training programs

The security operations manager of a multinational corporation focuses on enhancing directive operational controls. What should the manager implement?

Managerial

What type of control makes use of policies, DPRs, and BCPs?

Operational

An acceptable use policy requires the system to encrypt confidential information while in transit. All employees must use secure email when exchanging proprietary information with external venders. What describes this type of acceptable use policy?

Physical

After a recent server outage, the company discovered that an employee accidentally unplugged the power cable form the server while grabbing some office supplies from the nearby shelf?

An advanced network appliance

What is an example of preventative control type?

Hacktivist

A prominent multinational corporation has experience an unexpected spike in unauthorized network traffic aimed at its web servers. Upon investigation, the corporation discovers that the goal of this traffic was to disrupt its online services rather than gain unauthorized access or steal data. The attack started shortly after the corporation made a controversial policy decision that sparked a public backlash. What type of threat actor is MOST likely responsible?

Insider

The IT manager in your organization proposes taking steps to deflect a potential threat actor. The proposal including the following: Create and follow onboarding and off-boarding procedures, Employ the principal of least privilege, Have appropriate physical security controls in place. What type of threat actor do these steps guard against?

Nation-state

What threat actor is MOST likely to engage in cyber espionage with strategic or political motivations?

Political

A multinational corporation recently fell victim to a series of cyberattacks, disrupting services and leading to significant financial losses. After an investigation, the corporation found that these attacks were part of a systematic campaign to undermine the corporation's market position. The highly sophisticated attacks suggest the involvement of a well-resourced entity with specific strategic objectives. What motivation BEST describes this scenario?

Shadow IT

The IT department at a large corporation noticed an unfamiliar software application running on its network. Upon investigation, they discovered that a team in the marketing department started using a new cloud-based project management tool to improve their workflow efficiency. The team did consult with the IT department before implementing this tool. In the context of cybersecurity threats, what does this situation BEST exemplify?

1) Exploitation,
2) Staging,
3) Exploitation,
4) Reconnaissance,
5) Breaching,
6) Escalating privileges

Match the general attack strategy with the appropriate descriptions:
1. Stealing information.
2. Preparing a computer to perform additional tasks in the attack.
3. Crashing systems.
4. Gathering system hardware information.
5. Penetrating system defenses to gain unauthorized access.
6. Configuring additional rights to do more than breach the system.

Reconnaissance

In which phase of an attack does the attacker gather information about the target?

Isolating the unsupported apps from other systems to reduce the attack surface

CloudSecure is facing a cybersecurity challenge where some of its critical software applications are no longer supported by vendors, making them vulnerable to potential exploits. The IT team is exploring various strategies to mitigate the risk posed by these unsupported apps. What is the MOST effect approach to enhance the security posture?

Supply chain and Removable media

A group of hackers has been monitoring recent orders from a company involving new laptops and Universal Serial Bus (USB) thumb drives. The group infiltrated the shipping company and added malicious USB thumb drives to the order. The target company received the order without any concerns. What 2 vectors made this attack successful?

Vendor management

As a cybersecurity analyst, you are tasked with reducing the supply chain attack surface in you organization. What area should you focus on to MOST effectively mitigate this risk?

Development phase

Ron, a hacker, wants to get access to a prestigious law firm he has been watching for a while. June, an administrative assistant at the law firm, is having lunch at the food court around the corner from her office. What phase of social engineering process is Ron in?

Exploration phase (Isolate the employee's system and conduct a through security scan)

You are a cybersecurity analyst at a large corporation. You notice that a particular employee has been receiving emails from an unknown sender who claims to be a new colleague from a different department. The sender has been engaging in a friendly conversation, asking about the employees role, and subtly inquiring about certain company processes. Recently, the sender asked the employee to open an attachment that supposedly contains a funny meme. What phase of the social engineering process does this scenario represent and what should be your immediate action?

A call from a threat actor posing as a remote sales representative to obtain the login credentials to a remote access server from the help desk

What is an example of a social engineering attack?

Phishing

An employee receives an email from an unknown sender claiming to be from the IT department. The email states that there is a login issue on the network and that the user needs to run the file to resolve the problem. The executable file prompts the user to input a network password, which the threat actor records. What social engineering technique is the threat actor using in this scenario?

Pretexting

The cybersecurity manager of a large organization is investigating a recent security branch that occurred during office hours. Investigory research shows that the suspect convinced the janitor to let them inside the building because they had forgotten their badge at home. Once inside, the suspect pulled the fire alarm and accessed the building's network room amongst the chaos. The intruder then attached a monitoring device to a network port before escaping unnoticed. What is the social engineering technique the threat actor employees in this scenario?

Typosquatting

Employees at CloudCom receive a suspicious email claiming to be from "CloudCom Support," informing employees that their passwords need to be reset urgently due to a security breach. THise mail include a link to login page that looks identical to CloudCom's official site. What type of social engineering attack does this scenario exemplify?

Vishing

What is the term for a phishing attack conducted through a voice channel, such as a phone call?

Vishing

A representative at a company reports receiving numerous unsolicited phone calls seeking banking information for a credit report. What social engineering variant is the finance director experiencing
?

Watering hole

What is a passive computer attack technique in which an attacker anticipates or observes the websites an organization uses often and infects them with malware?

Whaling

An attack that targets senior executives and high-profile victims is referred to as what?

Bloatware

What type of malware is software installed alongside a package selected by the user or bundled with a new computer system?

To encrypt files on the infected system and demand a ransom for the decryption key

What is the primary function of crypto-ransomware?

Fileless malware

Which virus operates only in memory and usually exploits a trusted application like PowerShell to circumvent traditional endpoint security solutions?

A program that performs a malicious activity at a specific time or after a triggering event

What describes a logic bomb?

Ransomware

What is a type of malware that prevents the system from being used until the victim pays the attacker money?

Remote Access Trojan (RAT)

What kind of malware provides an attacker with administrative control over a target computer though a backdoor?

1) Requires administrator-level privileges for installation,
2) Resides below regular antivirus software detection

What are 2 characters of a rookit?

It monitors the actions you take on your machine and sends the information back to its originated source

What BEST describes spyware?

1) Educate users about malware,
2) Schedule regular full-system scans

You have installed antivirus software on the computers on your network. You update the definition and engine files and configure the software to update those files every day. What else should you do to protect your systems from malware (2 things)?

Web filters

To prevent malware infection in your network system, you decide that it's critical to prevent malware attacks, such as ransomware and phishing, by restricting access to sties that might be malicious. What BEST represents this type of prevention technique?

Policy-driven access control

A corporation's IT department is integrating a new framework that permits, ascertains, and applies various resources in accordance with established company policies?

Gap analysis

After implementing the National Institute of Standards and Technology (NIST) Cybersecurity Framework, the chief information security officer (CISO) is processing the company's security posture to identify deficiencies from the framework's recommendations?

Balance your focus between the control and data planes, ensuring both are optimized for security and efficiency.

You are a cybersecurity expert implementing a zero trust model in a large organization. You are tasked with designing the control and data planes. Which of the follow strategies should you prioritize and why?

Explicit allow, implicit deny

You want to implement an access control list in which only the users you specifically authorize have access to the resource. Anyone not on the list should be prevented from having access?

Need to know

Which of the following principles is implemented in a mandatory access control model to determine object access by classification level?

Prevent conflicts of interest

What is the primary purpose of separation of duties?

Attribute-based access control (ABAC)

Which access control model is based on assigning attributes to objects and using Boolean logic to grant access based on the attributes of the object?

Discretionary access control (DAC)

You have a system that allows the owner of a file to identify users and their permissions to the file. Which type of access control model is implemented?

Role-based access control (RBAC)

You have implanted an access control method that only allows users who are managers to access specific data?

Router access control lists that allow or deny traffic based on the characteristics of an IP packet

Which of the following is an example of rule-based access control?

Photo ID and Smart Card

Which of the following are examples of something you have authentication controls? (Pick 2)

Username

Which of the following identification and authentication factors are often well known or easily discovered by others on the same network or system?

Password

Which of the following is the MOST common form of authentication?

Password-less authentication

A leading online retail company wants to improve user experience and security for its customers. The security team aims to eliminate the need for users to remember or input complex passwords, reducing the risk of password breaches. Instead, they propose a solution where users can access their accounts.... through verified email or via a push notification on a trusted device. Which authentication method is the team planning to implement? (not involve traditional passwords, fingerprint scans, or multiple validation steps)

Security keys

The IT security team at a large tech company is strengthening its authentication methods to protect sensitive company data and systems. The team considered implemenetiaing various security measure and understood that each authentication method has distinct features and benefits. However, they must choose the MOST suitable option that aligns with the organization's security requirements and user convenience. Which authentication method utilizes a physical device or software to generate secure, unique codes and offers convenience and strong security?

Somewhere you are

After finding a corporate phone unattended in a local mall, an organization decides to enhance its multi-factor authentication procedures (MFA). What MFA philosophy applies a location-based factor for authentication?

Federation

Your financial planning company if forming a partnership with a real estate property management company. One of the requirements is that your company open up its directory services to the property management company to create and access user accounts. Which of the following authentication methods will you be implementing?

Lightweight Directory Access Protocol (LDAP)

You are a network administrator for large multinational corporation. The corporation has offices in multiple countries and uses various software products from different vendors. The CEO wants implement a system that stores information about users, computers, security groups/roles, and services, and allow for interoperability between different venders' products. Which directory service would you recommend?

The point where the number of false positives matches the number of false negatives in a biometric system

Which of the following defines the crossover error rate for evaluation biometric systems?

Fingerprint recognition

You are a security consultant tasked with implementing a biometric authentication system for a small business. The business owner wants a system that is cost-effective, non-intrusive, and relatively simple for employees to use. Which biometric authentication method would you recommend?

User ACL

Which security mechanism uses a unique list that meets the following specifications:
*The list is embedded directly in the object itself
*The list defines which subjects have access to certain objects
*The list specifies the level or type of access allowed to certain objects

Authorization

What is the process of controlling access to resources such as computers, files, or printers called?

Group

Which of the following objects identifies a set of users with similar access needs?

Permissions

Which of the following identifies the type of access that is allowed or denied for an object?

SACL

Which of the following is used by Microsoft for auditing in order to identify past actions performed by users on an object?

Security

Which type of group can be used for controlling access to objects?

Have Marcus log off and log back in

Marcus White has just been promoted to a manager. To give him access to the files that he needs, you make his user account a member of the Managers Group, which has access to a special shared folder. Later that afternoon, Marcus tells you that he is still unable to access the files reserved for the Managers group. What should you do?

Access token

Which of the following terms describes the component that is generated following authentication and is used to gain access to resources following login?

She is still a member of the Project management group, which has been denied permission to this system. Deny permissions always override Allow permissions

Lori, who has been a member of the Project Management group, was recently promoted to manager of the team. She has been added as a member of the Managers group. Several days after being promoted, Lori needs to have performance reviews with the team she manages. However, she cannot access the performance management system. As a member of the Managers group, she should have the Allow permission to access this system. What is MOST likely preventing her from accessing this system?

User rights

Which of the following is a privilege or action that can be taken on a system?

Active Directory

What is the name of the service included with the Windows Server operating system that manages a centralized database containing user account and security information? (SA)

1) Organizational unit,
2) Domain,
3) Forest,
4) Object
5) Tree

Match each Active Directory term on the left with its corresponding definition on the right:
1) Logical organization of resources,
2) Collection of network resources,
3) Collection of related domain trees,
4) Network resource in the directory,
5) Group of related domains

A domain controller is a server that holds a copy of the Active Directory database that can be written to and is responsible for copying changes to Active Directory between the domain controllers

Which of the following BEST describes the domain controller component of Active Directory?

Domains with the same contiguous DNS namespaces should be grouped into a tree, and all trees should be grouped into a forest

A large multinational corporation has multiple domains that share the same contiguous DNS namespaces, as well as domains with different DNS namespaces. The IT department is tasked with organizing these domains. Which of the following options best describes how the domains should be grouped?

1) Generic containers are used go organize Active Directory objects,
2) Generic contains are created by default

Which of the following statements correctly describe the characteristics of generic containers in Active Directory? (pick 2)

Create a GPO computer policy for the computers in the Development OU

You want to ensure that all users in the Development OU have a common set of network communication security settings applied. Which action should you take?

The GPO linked to the user's organizational unit is applied last, so this setting takes precedence

The Hide Programs and Features page setting is configured for a specific user as follows:
After logging in, the user is able to see the Programs and Features page. Why does this happen?

LSDOU

Which of the following is the correct acronym to remember the order in which Group Policy Objects (GPOs) are applied?

Local Group Policy, GPO linked to site, GPO linked to domain, GPO linked to organizational unit (highest to lowest)

Group Policy Objects (GPOs) are applied in which of the following orders?

Create a GPO user policy for the Administrators ou

You manage an Active Directory domain. All users in the domain have a standard set of internet options configured by a GPO linked to the domain, but you want users in the Administrators OU to have a different set of internet options. What should you do?

1) Minimum password length
2) Account lockout threshold

You are configuring the Local Security Policy of a Windows system. You want to require users to create passwords that are at least 10 characters in length. You also want to prevent login after 3 unsuccessful login attempts? (pick 2)

1) Minimum password age,
2) Enforce password history

You are configuring the Local Security Policy of a Windows system. You want to prevent users from reusing old passwords. You also want to force them to use a new password for at least 5 days before changing it again. Which policies should you configure? (pick 2)

Implementing multi factor authentication (MFA) for all systems

You are the IT security manager for a rapidly growing tech company. The company has been using simple password authentication for all systems. However, with the increasing number of employees and the sensitivity of the data being handled, you decide it's time to harden the authentication methods. Which of the following steps would be the MOST effect in achieving this goa.?

Password expiration

The IT department at a small company is revamping its password policies to bolster security. The company wants to ensure employees follow best practices for creating and managing passwords. The department aims to promote a secure environment by implementing password expiration policies. Which method for password management is BEST to promote a secure environment by requiring users to change their passwords after a certain period?

Users cannot change the password for 10 days

You have just configured the password policy and set the minimum password age to 10. What is the effect of this configuration?

1) Shared accounts can lead to accountability issues,
2) Shared accounts can compromise the principle of least privilege

You are the IT security manger for a large corporation. The company has been using shared accounts for certain systems due to ease of access and convenience. However, you are considering implementing a policy to prohibit the use of shared accounts. Which of the following are valid reasons for thsi decision? (pick 2)

Configure day/time restrictions in user accounts

You have hired ten new temporary employees to be with the company for 3 months. How can you make sure that these users can only log on during regular business hours?

1) Exploits vulnerabilities in a card's protocol or encryption methods,
2) Captures transmission data produced by a card as it is used,
3) Deliberately induces malfunctions in a card,
4) Access the chip's surface directly to observe, manipulate, and interfere with a circuit

Match each smart card attack on the left with the appropriate description on the right.
1) Software attacks,
2) Eavesdropping,
3) Default generation,
4) Microprobing,

Both a contact and contactless smart card, because he used the card both by inserting it into a reader and by waving it near a reader

John, a security analyst, is using a smart card to gain access to a secure server room. He simply waves his card near the card reader and the door unlocks. Later, he uses the same card to log into his computer by inserting it into a card reader. Based on this information, is John using a contact or contactless smart card?

Public Key Infrastructure (PKI)

Which technology is primarily used by smart cards to store digital signatures, cryptographic keys, and identification codes?

user mod -L joer

You have performed an audit and found an active account for an employee with the username joer. This user no longer works for the company. Which command canyon use to disable this account?