Shyren

Question 1

Ed is working with functional units in his organization to document the maximum amount of time that they could be without a critical IT service during a disaster. What metric should he use to document this requirement?

RTO

The recovery time objective (RTO) is the amount of time that the business can tolerate an outage during a disaster. The recovery point objective (RPO) is the amount of tolerable data loss. The mean time to repair (MTTR) is the amount of time required to repair a damaged system, while the mean time between failures (MTBF) describes the frequency of failures.
Udemy Resource

Question 2

What type of cybersecurity exercise provides team members with a specific objective that they should achieve to win the exercise, such as stealing a file containing sensitive information or compromising a specific server?
Capture the flag exercises have very specific goals that, when achieved, result in the successful completion of the exercise. These may be run as red team, blue team, and/or purple team exercises.
Udemy Resource

Question 3

Chris would like to better manage the root accounts on Linux systems that he administers. He would like to allow administrators to use the privileges of the root account without knowing the password. What solution would best meet his needs?
Privileged access management (PAM) solutions allow the safeguarding of administrative credentials, among other security controls. They are an ideal way to manage root access to systems.
Udemy Resource

Question 1

Harry is investigating a security incident and discovers that the attacker came from outside the network and exploited a zero-day vulnerability that was patched by the vendor two weeks after the incident. What type of threat actor should Harry suspect was behind this incident?
The use of a zero-day vulnerability points to the involvement of an advanced persistent threat (APT) group. Although it is always possible that another threat actor obtained a zero-day exploit, this type of sophisticated attack is normally sponsored by an APT group.
Udemy Resource

Question 1

Visitor control procedures, such as visitor registration, badging, and escorting, are an example of what category of security control?
The three categories of security control are managerial, operational, and technical. Physical is a control type, not a control category. Visitor procedures are carried out by humans to reduce risk to the organization and, therefore, would be classified as an operational control.
Udemy Resource

Question 1

What is the purpose of STIX?
STIX is a collaborative effort to develop a standardized, structured language to represent cyber threat information. The STIX framework intends to convey the full range of potential cyber threat data elements and strives to be as expressive, flexible, extensible, automatable, and human-readable as possible.
Udemy Resource

Question 1

When conducting an incident response exercise, what exercise type comes closest to real-world circumstances?
A simulation exercise has participants take part in a real-world scenario and respond as they would during an actual incident. Walkthroughs and tabletop exercises are more conceptual in nature and do not simulate real-world circumstances
Udemy Resource

Question 1

Nancy's firm is considering the use of a cloud service provider who will provide a fully functional accounting suite to her firm's accounting department. The accountants will access the suite through their web browsers. What type of cloud service is being offered?
The delivery of an entire application through web browsers is a software-as-a-service (SaaS) cloud delivery model.
Udemy Resource

Question 1

What is the currently accepted best practice for the number of passwords to keep in a password history to prevent password reuse?
Current best practice offered by the National Institute for Standards and Technology (NIST) is that users should no longer be forced to change their passwords and, therefore, password history tracking, and password reuse restrictions are no longer necessary.
Udemy Resource

Question 1

The data center is valued at $10 million and seismologists expect that a serious earthquake will damage 75% of the facility once every 50 years. In this scenario, what is the annualized loss expectancy?
In this scenario, the annualized rate of occurrence (ARO) is once every 50 years, or a 0.02 ARO on an annual basis. The asset value (AV) is $10,000,000 and the exposure factor (EF) is 75%, resulting in a single loss expectancy (SLE) of $7,500,000. The annualized loss expectancy (ALE) is computed by multiplying the SLE by the ARO to get $150,000.
Udemy Resource

Question 1

Which one of the following pointer values is most likely to result in a denial of service attack if it is dereferenced?
A denial of service attack may occur when software attempts to dereference a NULL pointer value. The other values listed in this question are all legitimate hexadecimal pointer values and are not indicative of a pointer dereferencing attack.
Udemy Resource

Question 1

Which one of the following communications technologies would most likely be found in a home automation system?
Zigbee is a communication standard designed for home automation and widely used in modern home automation systems. While it is possible to use the other communications technologies listed for home automation applications, you are much more likely to find Zigbee used for this purpose.
Udemy Resource

Question 1

Patrick is investigating a security incident. He believes that the incident is originating from a single system on the Internet and targeting multiple systems on his network. What control could he put in place to stop the incident as quickly as possible?
The attack in question could be most quickly stopped with a network firewall rule blocking all traffic from the origin system. Host firewall rules would also address the issue but would be more time-consuming to create on every system. An operating system update would not stop attack traffic. There is also no indication that a DDoS attack is underway, so a DDoS mitigation service would not be helpful.
Udemy Resource

Question 1

Which one of the following is not a common location to find SCADA systems?
Supervisory control and data acquisition (SCADA) systems are normally found in industrial applications, including manufacturing facilities and power plants. While hospitals do have highly specialized systems, these medical and IoT systems would not normally be classified as SCADA.
Udemy Resource

Question 1

Which one of the following regulations provides strict, detailed procedures for the use of compensating controls?
While compensating controls may be used for any control requirement, PCI DSS includes very detailed procedures for documenting and approving acceptable compensating controls in credit card processing environments.
Udemy Resource

Question 1

Kenyon is auditing the security of a web application hosted by his organization and discovers that cookies are sent without the SECURE attribute set. What type of attack does this expose the organization to?
Cookies are often used for session authentication. If they are sent without encryption (which the SECURE attribute would require), an attacker eavesdropping on the communication could steal the cookie and use it in a session replay attack.
Udemy Resource

Question 1

Dylan and Liam are using symmetric cryptography to communicate with each other. They have a shared secret key that no other person knows. What goal of cryptography is impossible for them to achieve?
Dylan and Liam can easily achieve confidentiality and integrity by using the key to encrypt and decrypt messages. They can also achieve authentication because they know that if a message decrypts with the key, it must have been encrypted by the only other person with knowledge of the key. They cannot, however, achieve nonrepudiation because they have no way to prove to a third party that a message came from the other party and wasn't forged by themselves.
Udemy Resource

Question 1

Marty is the web administrator for the Memphis Belle Casino. He hosts the company's website at memphisbelle.com. He recently discovered that a competitor registered the domain names memphisbell.com, memphisbellecasino.com, and thememphisbelle.com. What type of attack has taken place?
This is an example of a typosquatting attack, where the attacker registers domain names that are common typos of a legitimate domain. The attacker is not altering any of Marty's DNS records, so this is not a DNS hijacking or poisoning attack. They are also not stealing a domain that Marty already registered so it is not a domain hijacking attack.
Udemy Resource

Question 1

Which of the following is NOT one of the elements of the NIST Cybersecurity Framework (CSF)?
The five elements of the NIST CSF are identify, protect, detect, respond, and recover. Deter is not one of the NIST CSF elements.
Udemy Resource

Question 1

Which one of the following firewall types would inspect each packet of a connection individually and evaluate each packet against its ruleset?
Stateless firewalls do not keep track of connection state and, therefore, must evaluate each packet individually. Stateful firewalls (including next generation and application firewalls) track connection state and only evaluate new connections against their rulebase.
Udemy Resource

Question 1

This approach best matches the choose your own device (CYOD) deployment model. In this model, employees select their device and it is owned and managed by the company. This is more flexible than the corporate-owned, business-only (COBO) model. The scenario does not give us enough information to know whether personal use is permitted, so we cannot conclude that this is the corporate-owned personally-enabled (COPE) model. The company, not the employee, purchases and owns the device, so it is not the bring your own device (BYOD) model.
Brian is selecting a mobile device deployment model for his organization. In consultation with leadership, he selected an approach where employees will be able to select the device that they prefer, and the company will purchase it for their use and manage it through their MDM system. What term best describes this deployment model?
Udemy Resource

Question 1

The Attack Complexity (AC) metric describes the conditions beyond the attacker’s control that must exist in order to exploit the vulnerability. The Privileges Required (PR) metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability. The User Interaction (UI) metric captures the requirement for a human user, other than
the attacker, to participate in the successful compromise of the vulnerable component. The Attack Vector (AV) metric describes the context by which vulnerability exploitation is possible.
Udemy Resource

Question 1

Which one of the following processes improves the consistency and longevity of a database structure?
All of the activities listed here are good practices for database administration. Stored procedures, query parameterization, and input validation all protect against injection attacks. Normalization ensures that the database has a consistent structure and reduces the need to redesign the database in the future.
Udemy Resource

Question 1

Eddie is concerned about the security of cryptographic keys that his organization uses with a cloud service provider. What mechanism can he use to best safeguard those keys from access by unauthorized individuals?
Explanation Hardware security modules (HSMs) are specifically designed to safeguard encryption keys, avoiding the need for a human being to directly interact with the key. Some cloud providers offer cloud-based HSM services to their customers as an advanced security offering.
Udemy Resource

Question 1

Josh is reviewing and updating the firewall rules used by his organization to react to changing needs. What type of control primarily describes the network firewall?
While it is possible to make an argument that the network firewall fits into all of these categories, a firewall's primary purpose is to block unwanted traffic from entering the network. Therefore, it is best described as a preventative control.
Udemy Resource

Question 1

What is the correct ordering of data classification levels (from lowest to highest) in the system used by the U.S. military and defense industry?
The four classification levels used by the U.S. military are (from lowest to highest sensitivity): Unclassified, Confidential, Secret, and Top Secret. Above Top Secret is not a classification level in this scheme.
Udemy Resource

Question 1

Brian is configuring a cloud server located on a private subnet to access a block storage service offered by the same cloud provider. What would be the most secure way to enable this access?
The best way to enable this access is to use a VPC endpoint. This allows a connection between the virtual private cloud (VPC) hosting the server to the block storage service. An Internet gateway or NAT device could also enable this access, but it would have Brian's traffic crossing public networks and expose it to unnecessary risk. Brian is not able to make a direct physical connection because the infrastructure is controlled by the cloud provider.
Udemy Resource

Question 1

In what type of penetration test does the attacker have no access to information about the tested environment other than that gathered during the attacker's own reconnaissance efforts?
Black box penetration tests begin by providing the attacker with no information about the target environment. Attackers do receive different levels of information in advance of a white box or grey box test.
Udemy Resource

Question 1

Which one of the following Linux commands can be used to display the last few lines of a file?
The tail command is designed to show the last lines of a file. The head command displays the first lines of a file. The cat command displays an entire file. The grep command searches for strings in a file.
Udemy Resource

Question 1

Chelsea believes that an attacker has compromised the private key for her web server's digital certificate. What action should she take?
The private key for a digital certificate is very sensitive information and must be safeguarded. If a private key is compromised, the digital certificate should be immediately revoked. It is not possible to change the keys for a certificate. The certificate must be revoked and reissued.
Udemy Resource

Question 1

Which one of the following network device features is NOT used to prevent routing loops from occurring in a network or to correct them when they do occur?
Flood guard technology is used to block denial of service attacks on a network. Loop prevention, hold-down timers, and split horizon are all used to prevent and correct routing loops.
Udemy Resource

Question 1

Which one of the following is the earliest version of SNMP to support encryption?
Encryption was not added as an option until version three of the simple network management protocol (SNMP).
Udemy Resource

Question 1

Which one of the following industry standards provides specific guidance on the implementation of security controls in the cloud?
The Cloud Security Alliance's Cloud Controls Matrix (CCM) is specifically designed to cover cloud security control best practices. ISO 27001 and 27002 cover information security management systems more broadly, as does the NIST Cybersecurity Framework (CSF).
Udemy Resource

Question 1

Alan is working with a cloud provider to implement a new service that places IoT sensors at the edge of his network, allows those devices to perform some computation locally, and then connects those devices to the cloud provider. What term best describes this approach?
This approach, which mixes the local computation on edge devices with the use of a remote cloud offering, is known as fog computing. Hybrid cloud uses cloud environments at both the customer site and the cloud provider site to deliver balanced service. There is no indication that the customer site has a cloud environment in this scenario. We also do not have enough information to determine whether the cloud provider is performing computation in a public cloud or private cloud model.
Udemy Resource

Question 1

Which one of the following disaster recovery facility options is generally the most expensive to implement?
Hot sites are the most advanced of the disaster recovery facilities offered as options in this question. They are running 24x7 and ready to assume primary responsibility at a moment's notice. Other sites require more extensive configuration to assume control. Because of their 24x7 readiness, hot sites are the most expensive to build and operate.
Udemy Resource

Question 1

Haley recently started a new job and was issued a multifactor authentication token during her account provisioning. The token has a button that she pushes when she wishes to obtain a new authentication code. What algorithm does this token use?
Tokens that generate passcodes based upon a counter that increments when the user pushes a button are using the HMAC-based one-time password (HOTP) algorithm. Those that increment automatically based upon the current time are using the time-based one-time password (TOTP) algorithm
Udemy Resource

Question 1

Dylan recently completed hardening a Windows server and is concerned about whether the server will be vulnerable to new security issues as they arise. What is the best control that he can put in place to protect against this concern?
While all of these controls may protect against new vulnerabilities, the best defense is to have strong operating system patch management procedures in place. Ensuring that new updates are promptly applied protects against the vulnerabilities they correct.
Udemy Resource

Question 1

Which one of the following industry standards provides specific guidance on the implementation of security controls in the cloud?
The Cloud Security Alliance's Cloud Controls Matrix (CCM) is specifically designed to cover cloud security control best practices. ISO 27001 and 27002 cover information security management systems more broadly, as does the NIST Cybersecurity Framework (CSF).
Udemy Resource

Question 1

Which one of the following industry standards provides specific guidance on the implementation of security controls in the cloud?
The Cloud Security Alliance's Cloud Controls Matrix (CCM) is specifically designed to cover cloud security control best practices. ISO 27001 and 27002 cover information security management systems more broadly, as does the NIST Cybersecurity Framework (CSF).
Udemy Resource

Question 1

Which one of the following industry standards provides specific guidance on the implementation of security controls in the cloud?
The Cloud Security Alliance's Cloud Controls Matrix (CCM) is specifically designed to cover cloud security control best practices. ISO 27001 and 27002 cover information security management systems more broadly, as does the NIST Cybersecurity Framework (CSF).
Udemy Resource

Question 1

Which one of the following industry standards provides specific guidance on the implementation of security controls in the cloud?
The Cloud Security Alliance's Cloud Controls Matrix (CCM) is specifically designed to cover cloud security control best practices. ISO 27001 and 27002 cover information security management systems more broadly, as does the NIST Cybersecurity Framework (CSF).
Udemy Resource