During a denial-of-service attack, a network administrator blocks the source IP address with the firewall, but the attack continues. What is the most likely cause of the problem?

B. The attack is coming from multiple distributed hosts.

A. The denial-of-service worm has already infected the firewall locally.

C. A firewall can't block denial-of-service attacks.

D. Antivirus software needs to be installed.

Threat hunting can be partially automated through the use of which tool?

D. Security orchestration, automation, and response (SOAR)

A. Security information and event manager (SIEM)

Bobby is performing a vulnerability assessment for a web server. Which of the following vulnerability assessment findings should he be concerned with?

A. Operating system not updated to latest patch level

B. HTTPS server listening on port 443

C. Network packets being sent in clear text

D. HTTP server listening on port 80

After a security audit and vulnerability assessment, several servers required software patches and unused open network ports needed to be disabled. Which of the following should be performed after these vulnerabilities are fixed to ensure that the countermeasures are secure against a real attack?

D. Perform penetration testing.

A. Advertise the system's IP address publicly.

B. Put systems back into live production.

C. Perform additional port scanning.

New management has decided to test the security of the existing network infrastructure implemented by the current network administrators. Which of the following should be performed to provide the most objective and useful test of your security controls?

B. Perform third-party penetration testing.

A. Hire a real hacker to attack the network.

C. Perform penetration testing by the network administrators.

D. Initiate an external denial-of-service attack.

A client, an American department store chain, has called for support identifying and complying with their required guidance documents. Which of the following is the most likely guidance document the client needs to consider?

A. Payment Card Industry Data Security Standard (PCI DSS)

B. National Institute of Standards and Technology (NIST) Risk Management Framework (RMF)

C. International Organization for Standardization (ISO) 27001

D. Center for Internet Security (CIS) Top 20

Which of the following is widely used for cloud or managed services providers to provide a report to their current or prospective customers that provides assurance of their cybersecurity?

C. Service and Organization Controls (SOC) 2 report

A. Payment Card Industry Data Security Standard (PCI DSS) certification

B. General Data Protection Regulation (GDPR) report

D. Center for Internet Security (CIS) Top 20 Maturity report

As part of business continuity planning, it is discovered that the organization is processing PII unknowingly. Which of the following should be conducted?

A. Privacy implication assessment

B. Privacy processing assessment

D. Privacy identification assessment

AJ's management tasks him with determining the right reliability factor to track for the company's new engines. The management wants to know how long they can expect the engine to last before failure, with the expectation that it will then be replaced. What is the best reliability factor?

A. Recovery point objective (RPO)

C. Mean time between failures (MTBT)

As part of your application-hardening process, which of the following activities helps to prevent existing vulnerabilities in applications from being exploited?

C. Updating to the latest software version or patch

Which of the following is not part of the secure deployment process?

C. Quality control/quality assurance (QC/QA)

You are tasked with setting up a single sign-on authentication system for a large enterprise network of 5000 users. Which of the following is the best option?

C. Authenticated access to an LDAP database

A. Local login and password database

B. Login and password with a security token

Security+ Quiz 1 Quiz

1.

MULTIPLE CHOICE QUESTION

45 sec • 2 pts

You have been contacted by your company's CEO after she received a personalized but suspicious e-mail message from the company's bank asking for detailed personal and financial information. After reviewing the message, you determine that it did not originate from the legitimate bank. Which of the following security issues does this scenario describe?

A. Dumpster diving

B. Phishing

C. Whaling

D. Vishing

Answer explanation

Whaling is a type of phishing attack that is targeted at a specific highlevel
user. The victim is usually a high-profile member of the organization
who has much more critical information to lose than the average user. The
messages used in the attack are usually crafted and personalized toward
the specific victim user.

2.

MULTIPLE CHOICE QUESTION

45 sec • 2 pts

During your user awareness training, which of the following actions would you advise users to take as the best security practice to help prevent malware installation from phishing messages?

A. Forward suspicious messages to other users

B. Do not click links in suspicious messages

C. Check e-mail headers

D. Reply to a message to check its legitimacy

Answer explanation

To help prevent malware from being installed, make your users aware
that a best security practice is to never click links in a suspicious message.
The link can take the user to a malicious website that could automatically
install malware on their computer through their web browser.

3.

MULTIPLE CHOICE QUESTION

45 sec • 2 pts

Negative company financial information was carelessly thrown in the trash bin without being shredded, and a malicious insider retrieved it and posted it on the Internet, driving the stock price down. The CEO wants to know what happened-what was the attack?

A. Smishing

B. Dumpster diving

C. Prepending

D. Identity fraud

Answer explanation

Dumpster diving occurs when discarded documents (not necessarily
confidential) that were improperly destroyed (or not destroyed at all) are
reconstructed and read (or simply read as is).

4.

MULTIPLE CHOICE QUESTION

45 sec • 2 pts

Max, a security administrator, just received a phone call to change the password for a user in the HR department. The user did not provide verification of their identity and insisted that they needed the password changed immediately to complete a critical task. What principle of effective social engineering is being used?

A. Trust

B. Consensus

C. Intimidation

D. Urgency

Answer explanation

Max is being subjected to a social engineering attack that relies on the
principle of urgency—he is being rushed, with the attacker hoping that the
“criticality” of the task forces Max to bypass best security practices.

5.

MULTIPLE SELECT QUESTION

45 sec • 2 pts

Which of the following best describes a birthday attack? (Choose two.)

A. A password attack that uses precomputed hashes in its word list

B. Two unique pieces of plaintext can have the same hash value under certain circumstances

C. In a room with 23 people, the odds of any two having the same birthdate is 50 percent

D. A password attack that attempts every single possible combination of characters and password lengths to discover a password

Answer explanation

The birthday attack looks for an input that provides the same
hashed value, regardless of what the original input was. Remembering a
birthday attack is easy if you understand the underlying principle that in a
room with 23 people, the odds of any two having the same birthdate is 50
percent, and the odds increase commensurate with the number of people in
a room.

6.

MULTIPLE CHOICE QUESTION

45 sec • 2 pts

You suspect that your server has been compromised because it has been running slowly and is unresponsive. Using a network analyzer, you also notice that large amounts of network data are being sent out from the server. Which of the following is the most likely cause?

A. The server has a rootkit installed.

B. The server requires an operating system update.

C. The server is infected with spyware.

D. The server is part of a botnet.

Answer explanation

If your system has been infected with a worm or virus and has
become part of a botnet, at certain times, it may take part in distributed
denial-of-service attacks on another system on the Internet and may
exhibit slow responsiveness and a large amount of network data being sent
out of the system.

7.

MULTIPLE CHOICE QUESTION

45 sec • 2 pts

Antivirus software may not be able to identify which of the following?

A. Trojans

B. Logic bombs

C. Polymorphic viruses

D. Adware

Answer explanation

Logic bombs are simply scripts that are designed to automatically
execute at a particular time or under particular circumstances. While logic
bombs typically perform malicious actions, they are not malicious code
outright, and often are not detected by antivirus programs, especially if
they reside within a trusted application.

8.

MULTIPLE CHOICE QUESTION

45 sec • 2 pts

While testing exception handling with a web application, you encounter an error that displays a full URL path to critical data files for the application. Which one of the following types of vulnerabilities would this application be susceptible to?

A. Buffer overflow

B. Session hijacking

C. Cross-site scripting

D. Directory traversal

Answer explanation

Directory traversal is a vulnerability that allows an attacker who
knows the details of an application server’s directory tree to manually
traverse the directory using input commands in the URL location bar or
input forms in the application. Error messages should never display the
full paths of files to prevent hackers from discovering the directory
structure.

9.

MULTIPLE CHOICE QUESTION

45 sec • 2 pts

Your web application currently checks authentication credentials from a user's web browser cookies before allowing a transaction to take place. However, you have had several complaints of identity theft and unauthorized purchases from users of your site. Which of the following is the mostly likely cause?

A. Cross-site scripting

B. Session hijacking

C. Header manipulation

D. Lack of encryption

Answer explanation

Session hijacking occurs when a malicious hacker is able to access a
user’s session cookie and then use the session information to make
unauthorized requests as the user.

10.

MULTIPLE CHOICE QUESTION

45 sec • 2 pts

During testing of a web application, you discover that due to poor input validation, you can easily crash the server by entering values in the input forms much greater than the system can handle. What type of vulnerability is this?

A. Session hijacking

B. Buffer overflow

C. Privilege escalation

D. XML injection

Answer explanation

Buffer overflows are caused primarily by poor input validation that
allows illegal data to be entered into the application, causing processing
limits to be exceeded.

Security+ Quiz 1

54 questions

During your user awareness training, which of the following actions would you advise users to take as the best security practice to help prevent malware installation from phishing messages?

To help prevent malware from being installed, make your users aware
that a best security practice is to never click links in a suspicious message.
The link can take the user to a malicious website that could automatically
install malware on their computer through their web browser.

Negative company financial information was carelessly thrown in the trash bin without being shredded, and a malicious insider retrieved it and posted it on the Internet, driving the stock price down. The CEO wants to know what happened-what was the attack?

Dumpster diving occurs when discarded documents (not necessarily
confidential) that were improperly destroyed (or not destroyed at all) are
reconstructed and read (or simply read as is).

Max is being subjected to a social engineering attack that relies on the
principle of urgency—he is being rushed, with the attacker hoping that the
“criticality” of the task forces Max to bypass best security practices.

Which of the following best describes a birthday attack? (Choose two.)

You suspect that your server has been compromised because it has been running slowly and is unresponsive. Using a network analyzer, you also notice that large amounts of network data are being sent out from the server. Which of the following is the most likely cause?

If your system has been infected with a worm or virus and has
become part of a botnet, at certain times, it may take part in distributed
denial-of-service attacks on another system on the Internet and may
exhibit slow responsiveness and a large amount of network data being sent
out of the system.

Antivirus software may not be able to identify which of the following?

While testing exception handling with a web application, you encounter an error that displays a full URL path to critical data files for the application. Which one of the following types of vulnerabilities would this application be susceptible to?

Session hijacking occurs when a malicious hacker is able to access a
user’s session cookie and then use the session information to make
unauthorized requests as the user.

During testing of a web application, you discover that due to poor input validation, you can easily crash the server by entering values in the input forms much greater than the system can handle. What type of vulnerability is this?

Buffer overflows are caused primarily by poor input validation that
allows illegal data to be entered into the application, causing processing
limits to be exceeded.

Create a free account and access millions of resources

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Computers

Security+ Quiz 1

54 questions

During your user awareness training, which of the following actions would you advise users to take as the best security practice to help prevent malware installation from phishing messages?

To help prevent malware from being installed, make your users awarethat a best security practice is to never click links in a suspicious message.The link can take the user to a malicious website that could automaticallyinstall malware on their computer through their web browser.

Negative company financial information was carelessly thrown in the trash bin without being shredded, and a malicious insider retrieved it and posted it on the Internet, driving the stock price down. The CEO wants to know what happened-what was the attack?

Dumpster diving occurs when discarded documents (not necessarilyconfidential) that were improperly destroyed (or not destroyed at all) arereconstructed and read (or simply read as is).

Max is being subjected to a social engineering attack that relies on theprinciple of urgency—he is being rushed, with the attacker hoping that the“criticality” of the task forces Max to bypass best security practices.

Which of the following best describes a birthday attack? (Choose two.)

You suspect that your server has been compromised because it has been running slowly and is unresponsive. Using a network analyzer, you also notice that large amounts of network data are being sent out from the server. Which of the following is the most likely cause?

If your system has been infected with a worm or virus and hasbecome part of a botnet, at certain times, it may take part in distributeddenial-of-service attacks on another system on the Internet and mayexhibit slow responsiveness and a large amount of network data being sentout of the system.

Antivirus software may not be able to identify which of the following?

While testing exception handling with a web application, you encounter an error that displays a full URL path to critical data files for the application. Which one of the following types of vulnerabilities would this application be susceptible to?

Session hijacking occurs when a malicious hacker is able to access auser’s session cookie and then use the session information to makeunauthorized requests as the user.

During testing of a web application, you discover that due to poor input validation, you can easily crash the server by entering values in the input forms much greater than the system can handle. What type of vulnerability is this?

Buffer overflows are caused primarily by poor input validation thatallows illegal data to be entered into the application, causing processinglimits to be exceeded.

Create a free account and access millions of resources

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Computers

To help prevent malware from being installed, make your users aware
that a best security practice is to never click links in a suspicious message.
The link can take the user to a malicious website that could automatically
install malware on their computer through their web browser.

Dumpster diving occurs when discarded documents (not necessarily
confidential) that were improperly destroyed (or not destroyed at all) are
reconstructed and read (or simply read as is).

Max is being subjected to a social engineering attack that relies on the
principle of urgency—he is being rushed, with the attacker hoping that the
“criticality” of the task forces Max to bypass best security practices.

If your system has been infected with a worm or virus and has
become part of a botnet, at certain times, it may take part in distributed
denial-of-service attacks on another system on the Internet and may
exhibit slow responsiveness and a large amount of network data being sent
out of the system.

Session hijacking occurs when a malicious hacker is able to access a
user’s session cookie and then use the session information to make
unauthorized requests as the user.

Buffer overflows are caused primarily by poor input validation that
allows illegal data to be entered into the application, causing processing
limits to be exceeded.