Question 1

Craig has been asked to implement the ISO standards for cybersecurity in his organization. Which of the following families of standards should he become familiar with?&#10;A) 9000&#10;B) 27000&#10;C) 20000&#10;D) 22000

Accepted Answer

The ISO/IEC 27000 family of standards, also known as the "Information Security Management Systems (ISMS) Family of Standards," is specifically designed to keep information assets secure, making it the correct choice for implementing cybersecurity standards in an organization.

Question 2

Hattie has just been promoted to the cybersecurity team within her organization. Her new manager recommends reading up on cybersecurity guidelines that have been published by theU.S.government. Which of the following should she become familiar with?

A) NIST
B) TOGAF
C) COBIT
D) ITIL

NIST

Accepted Answer

NIST (National Institute of Standards and Technology) is a U.S. government agency that publishes cybersecurity guidelines and frameworks widely recognized and used within the United States.

Question 3

Penelope has just been hired as a cybersecurity manager for an organization. She has done an initial analysis of the organization's policies and sees there is no document outlining the duties and responsibilities of data custodians. Which of the following policies might she consider creating?

A) Data retention policy
B) Data classification policy
C) Data ownership policy
D) Data protection policy

Data ownership policy

Accepted Answer

A data ownership policy outlines the duties and responsibilities of data custodians, making it the appropriate choice for Penelope to consider creating to address the lack of documentation on these roles within the organization.

Question 4

Abdul has just discovered a successful brute force attack against one of the systems in his company's network that lasted for almost five months undetected. Which of the following might have prevented this attack from being successful?

A) Acceptable use policy
B) Data classification policy
C) Data ownership policy
D) Password policy

Accepted Answer

A strong password policy can prevent brute force attacks by requiring complex passwords that are difficult for attackers to guess. This includes guidelines for password length, complexity, and change frequency, making it significantly harder for brute force methods to succeed.

Question 5

Araya has been tasked with implementing a new set of procedures for the onboarding and offboarding of employees. Which of the following types of controls does this new task fall into?&#10;A) Administrative controls&#10;B) Supervisory controls&#10;C) Logical controls&#10;D) Physical controls

Accepted Answer

Administrative controls refer to policies, procedures, and guidelines that define an organization's framework for managing and controlling operations, including the management of employee lifecycle processes such as onboarding and offboarding.

Question 6

Dharma has just been hired to create the new cybersecurity team in a growing organization. Which of the following might be one of the first things she does?&#10;A) Implement new physical controls.&#10;B) Implement compensating controls.&#10;C) Perform an audit.&#10;D) Create a new data ownership policy.

Accepted Answer

Performing an audit is a critical first step in understanding the current cybersecurity posture of the organization. It helps identify vulnerabilities, assess risks, and determine what controls or policies need to be implemented or updated.

Question 7

Tabitha has just contracted with a large company to perform a penetration test against it. Which of the following might help her with part of the reconnaissance process?&#10;A) Impersonation&#10;B) Evaluation&#10;C) Assessment&#10;D) Audit

Accepted Answer

Impersonation can be a part of the reconnaissance process in penetration testing, where the tester may pretend to be someone else to gather information without raising suspicion.

Question 8

Gabe, a penetration tester, has gained physical access to a company's facilities and planted devices behind several printers that will send him copies of all documents sent to those printers. Which of the following has Gabe executed?

A) MITM attack
B) Replay attack
C) XSS
D) XSRF

Accepted Answer

Gabe has executed a Man-In-The-Middle (MITM) attack by intercepting and copying all documents sent to the printers, positioning himself between the users and the printers without their knowledge.

Question 9

Lakia has been hired as a penetration tester for a large organization. She finds that one of the branch offices is still running WEP and quickly cracks the key to gain access to the network. As she is capturing network packets while sitting in the company's parking lot, she sees a couple of tokens that users send to an HTTP-based website to log in. Which of the following types of attacks might she be able to perform with this information?

A) XSS
B) Session hijacking
C) XSRF
D) Rootkit attack

Accepted Answer

Lakia can perform session hijacking with the information she has obtained. By capturing tokens that users send to an HTTP-based website to log in, she can use these tokens to impersonate the users on the network, effectively hijacking their sessions. This type of attack exploits the session token management vulnerability, allowing the attacker to gain unauthorized access to the user's account and associated privileges on the web application.

Question 10

Raja wants to require network administrators to log into the company's Cisco routers and switches. Which of the following is the most likely choice to implement for this configuration?&#10;A) Diameter&#10;B) RADIUS&#10;C) XTACACS&#10;D) TACACS+

Accepted Answer

TACACS+ is specifically designed for network devices like routers and switches, providing centralized authentication, authorization, and accounting, making it the most suitable choice for Cisco devices.

Question 11

Toria's manager has asked her to implement a new system that uses X.500. She knows the information that is looked up needs to be stored somewhere. What is the name of the part of the setup that stores the information?

A) MIB
B) UDP
C) TID
D) DIB

Accepted Answer

The answer of Toria's manager has asked her to implement...

Question 12

Monica wants to implement more security around the login function that her company's website uses to allow customers to interact with the organization. One of the tasks on her to-do list is to prevent brute force attacks. Which of the following might help Monica achieve this goal?

A) Analyze the geolocation where the user is logging in.
B) Analyze the frequency of attempted logins.
C) Analyze the source IP address of the user attempting to log in and ensure that it matches the normal IP address the user logs in from.
D) Analyze the type of device the user is attempting to log in from.

Accepted Answer

The answer of Monica wants to implement more security around...

Question 13

Tara has just discovered the John the Ripper tool on a workstation on her company's network, which is a direct violation of an existing policy that defines what users are allowed and not allowed to do on the network. She believes that if other instances of this tool are installed, the current policy protecting against attacks from such tools needs to be strengthened properly. Which of the following policies might she choose to update as a result?

A) AUP
B) Password policy
C) Account management policy
D) Data retention policy

Accepted Answer

The answer of Tara has just discovered the John the...

Question 14

Jan has just finished upgrading the physical and administrative controls in his organization and is about to start planning the upgrade of logical controls. Which of the following is not a manufacturer to consider when looking at options for new firewalls?

A) Palo Alto
B) Cisco
C) Checkpoint
D) Seagate

Accepted Answer

The answer of Jan has just finished upgrading the physical...

Question 15

Ilya is having an audit performed by a third-party consultant to find vulnerabilities in his organization. As part of the audit, several tools have been brought in to detect weaknesses in the organization's infrastructure. Which of the following vulnerability scanners might be used to perform this task?

A) Nessus
B) nmap
C) Burp Suite
D) Cellebrite

Accepted Answer

The answer of Ilya is having an audit performed by...

Question 16

Maya has just been hired as the first cybersecurity engineer at a growing company in an effort to focus more resources on hardening the company's infrastructure. Which of the following might she use to identify applications that users log into with unencrypted passwords?

A) Cain & Abel
B) John the Ripper
C) Wireshark
D) dd

Accepted Answer

The answer of Maya has just been hired as the...

Question 17

Janos works for a large regional hospital system. The system has data retention policies that have necessitated the backup of certain types of information. As such, he decides that in addition to the standard daily and weekly backups, he would like to create a byte-by-byte copy of data on a particular server's drive to be stored off-site. Which of the following tools might help him perform this action?

A) tcpdump
B) dd
C) dig
D) Zap

Accepted Answer

The answer of Janos works for a large regional hospital...

Deck 10: Security Structures and Identity and Access Management