The Answer: B. Passive footprinting

Passive footprinting focuses on learning as much information from

open sources such as social media, corporate websites, and business

organizations.

The incorrect answers:

A. Backdoor testing

Some active reconnaissance tests will directly query systems to see if a

backdoor has been installed.

C. OS fingerprinting

To fingerprint an operating system, you must actively query and receive

responses across the network.

D. Partially known environment

A partially known environment penetration test is a focused approach

that usually provides detailed information about specific systems or

applications.

The Answer: A. HTTPS and C. FTPS

TLS (Transport Layer Security) is a cryptographic protocol used to

encrypt network communication. HTTPS is the Hypertext Transfer

Protocol over TLS, and FTPS is the File Transfer Protocol over TLS.

An earlier version of TLS is SSL (Secure Sockets Layer). Although

we don’t commonly see SSL in use any longer, you may see TLS

communication referenced as SSL.

The incorrect answers:

B. SSH

SSH (Secure Shell) can use symmetric or asymmetric encryption, but

those ciphers are not associated with TLS.

D. SNMPv2

SNMPv2 (Simple Network Management Protocol version 2) does not

implement TLS, or any encryption, within the network communication.

E. DNSSEC

DNSSEC (DNS security extensions) do not provide any confidentiality

of data.

F. SRTP

SRTP (Secure Real-time Transport Protocol) is a VoIP (Voice over IP)

protocol used for encrypting conversations. SRTP protocol commonly uses

AES (Advanced Encryption Standard) for confidentiality.

The Answer: A. Organized crime

An organized crime actor is motivated by money, and their hacking

objectives are usually based around objectives that can be easily exchanged

for financial capital.

The incorrect answers:

B. Hacktivist

A hacktivist is focused on a political agenda and not commonly on a

financial gain.

C. Nation state

Nation states are already well funded, and their primary objective is not

usually based on revenue or income.

D. Competitor

A competitor doesn’t have any direct financial gain by disrupting a

website or stealing customer lists, and often their objective is to disable

a competitor’s business or to harm their reputation. If there is a financial

gain, it would often be an indirect result of an attack.

The Answer: A. Partition data and D. Temporary file systems

Both temporary file system data and partition data are part of the file

storage subsystem.

The incorrect answers:

B. Kernel statistics

Kernel statistics are stored in memory.

C. ROM data

ROM data is a type of memory storage.

E. Process table

The process table keeps track of system processes, and it stores this

information in RAM.

The Answer: C. MFD

An all-in-one printer that can print, scan, and fax is often categorized as

an MFD (Multifunction Device).

The incorrect answers:

A. IoT

Wearable technology and home automation devices are commonly called

IoT (Internet of Things) devices.

B. RTOS

RTOS (Real-time Operating Systems) are commonly used in

manufacturing and automobiles.

D. SoC

Multiple components that run on a single chip are categorized as an SoC

(System on a Chip).

The Answer: C. ISO 27701

The ISO (International Organization for Standardization) 27701

standard extends the ISO 27001 and 27002 standards to include detailed

management of PII (Personally Identifiable Information) and data privacy.

The incorrect answers:

A. ISO 31000

The ISO 31000 standard sets international standards for risk management

practices.

B. ISO 27002

Information security controls are the focus of the ISO 27002 standard.

D. ISO 27001

The ISO 27001 standard is the foundational standard for Information

Security Management Systems (ISMS).

The Answer: A. Create an operating system security policy to prevent

the use of removable media

Removable media uses hot-pluggable interfaces such as USB to connect

storage drives. A security policy in the operating system can prevent any

files from being written to a removable drive.

The incorrect answers:

B. Monitor removable media usage in host-based firewall logs

A host-based firewall monitors traffic flows and does not commonly log

hardware or USB drive access.

C. Only allow applications that do not use removable media

File storage access options are not associated with applications, so it’s not

possible to allow based on external storage drive usage.

D. Define a removable media block rule in the UTM

A UTM (Unified Threat Manager) watches traffic flows across the

network and does not commonly manage the storage options on individual

computers.