ALL FedVTE Exam (21 Sets) Questions with Verified Answers... - $33.45 Add To Cart
19 Items
FedVTE Cyber Risk Management for Technicians Questions with Answers In order to automate host characteristic monitoring you can compare baselines and ... [Show More] snapshots with syslog. - CORRECT ANSWER False The following should be taken into account when accepting the residual risk inherent in the project. - CORRECT ANSWER All of the above What is the high water mark for an information system? - CORRECT ANSWER Highest Potential Impact value assigned to each Security Objective (AIC) for all Security Categories resident on the system and the overall classification of the system. Which of the following describes NetScan Tools Pro? - CORRECT ANSWER B. A powerful command line packet analyzer C. A tool that provides advanced network trace routing D. A collection of Internet information gathering and network troubleshooting utilities FIPS 200 is: - CORRECT ANSWER A short document that describes the minimum security requirements for information and information systems Which risk comes from a failure of the controls to properly mitigate risk? - CORRECT ANSWER A. Inherent risk C. Control Risk D. All of the above Open Source Security (OSSEC) is what? - CORRECT ANSWER A host based security system that monitors for changes What tool would be best to automatically detect your network and construct a complete and easy to view network map? - CORRECT ANSWER LANsurveyor Which NIST special publication is a guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach? - CORRECT ANSWER NIST SP 800 37 Which of the following is a part of the Examine Method? - CORRECT ANSWER Inspecting the physical security measures If the cost of controls exceeds the benefit the organization may choose to accept the risk instead. - CORRECT ANSWER True Which of the following families of controls belongs to the technical class of controls? - CORRECT ANSWER Identification and Authentication Which tier of Risk Management is associated with Enterprise Architecture? - CORRECT ANSWER Tier 2 Mission (Business Process) In NIST SP 800 53 the security control structure consists of all the following components except for: - CORRECT ANSWER All of these are in the security control structure: - Priority and baseline allocation - Supplemental guidance - Control enhancements Kismet is different from a normal network sniffer such as Wireshark or tcpdump because it separates and identifies different wireless networks in the area. - CORRECT ANSWER True What is the order of the Change Control Process? - CORRECT ANSWER A. Request : Approval : Build : Impact Assessment : If successful Implement B. Request : Impact Assessment : Approval : Build and or Test : Implement D. Request : Impact Assessment : Build and or Test : Approval : Implement The threat source is highly motivated and sufficiently capable and controls to prevent the vulnerability from being exercised are ineffective. Which likelihood rating does this describe? - CORRECT ANSWER High Which of the following is not part of the process for assessing security controls according to NIST SP 800 53A 1? - CORRECT ANSWER A. Study C. Conduct D. Analyze Which step of a risk assessment uses the history of system attacks? - CORRECT ANSWER Step 2: Threat Identification In risk management people and information and technology are examples of? - CORRECT ANSWER Assets What type of analysis involves using scales to suit circumstances and allows for quick identification of potential risks as well as vulnerable assets and resources? - CORRECT ANSWER B. Audit Analysis C. Qualitative Analysis D. Cost/benefit analysis NIST SP 800 30 defines risk as a function of the likelihood of a given threat source exercising a particular potential vulnerability and the resulting impact of that adverse event on the organization. - CORRECT ANSWER True One strategy for determining the proper level of acceptable risk is to: - CORRECT ANSWER Determine a point where cost of mitigation is less than cost of loss Which OCTAVE process involves collecting information about important assets and security requirements and threats and current organizational strengths and vulnerabilities from managers of selected operational areas? - CORRECT ANSWER Identify Operational Area Knowledge Which of the following is a step in detecting and analysing host changes? - CORRECT ANSWER All of the above : - Create a current snapshot of your host - Create a baseline of your host - Compare your snapshot to your baseline [Show Less]
Cyber security Analyst Quiz FedVTE 40 Questions with Verified Answers Which of the following is a common environmental reconnaissance task that is per... [Show More] formed to help gain insight on how an organization's networked systems are connected, or mapping the network? - CORRECT ANSWER Topology Discovery If an unexpected issue occurred during an application installation on a Windows system, which of the following event log categories would be best to reference for troubleshooting? - CORRECT ANSWER Not System or Security. Maybe Setup The federal version of certification and accreditation guidance that applies to departments and agencies within the Department of Defense is: - CORRECT ANSWER DIACAP Which security mechanism can social engineering help bypass? - CORRECT ANSWER A. Intrusion Detection Systems B. Firewalls C. Domain Security Policies (No) D. All of the Above E. None of the Above Which type of intrusion detection may terminate processes or redirect traffic upon detection of a possible intrusion? - CORRECT ANSWER Active Which of the following is a potential consequence of not limiting or protecting communications during an incident? - CORRECT ANSWER All of the Above (Customer confidence may be negatively impacted, Competitors may recognize weakness or advantage, Media may include information not intended for release) Which one of the following can be managed through group policies (GPO)? - CORRECT ANSWER All the Above (Authentication settings, Software installation and update, IPsec connections) What is used to record the order in which evidence was handled, by whom, and the nature of the evidence handling? - CORRECT ANSWER Chain of custody The procedure of developing controls as vulnerabilities are discovered to keep them from being exploited is known as: - CORRECT ANSWER A. Change Control Management B. Compensating Control Development C. Vulnerability Control Patch D. Remediation Control Development (No) Which of the following are Windows event severity levels: - CORRECT ANSWER error, warning, information Which of the following intrusion detection systems uses statistical analysis to detect intrusions? - CORRECT ANSWER Anomaly Which one of the following is a use for Network Flow Data? - CORRECT ANSWER All of the Above (Attack identification and attribution such as DoS detection, Traffic engineering such as a host analysis, Accounting to cross verify other sources) Which of the following is an attacker most likely to use to attempt to view packets containing data in clear text? - CORRECT ANSWER Wireshark Packets from a computer outside the network are being dropped on the way to a computer inside the network. Which of the following would be MOST useful to determine the cause of this? - CORRECT ANSWER Firewall log Using the Common Vulnerability Scoring System, CVSS, which of the following indicators would be the most critical or severe finding? - CORRECT ANSWER 10 Which of the following is used for moving traffic within individual VLANs? - CORRECT ANSWER VLAN Access Maps The IP address and MAC address of a rogue device within the local network might best be revealed by which of the following logs? - CORRECT ANSWER DHCP logs Which type of analysis method combines machine learning algorithms and statistical analyses to identify deviations from normal baseline user, system, or network activities? - CORRECT ANSWER User and Entity Behavior Analytics A high tolerance for risk requires higher, more frequent, vulnerability scanning. - CORRECT ANSWER False At what layer of the TCP/IP model do devices such as ATM, switches, and bridges operate, as well as protocols PPP and ARP? - CORRECT ANSWER Data-link Which of the following describes when the claimed identity of a user is validated? - CORRECT ANSWER Authentication Which of the following is an example of the security mitigation technique of changing roles every couple of months? - CORRECT ANSWER Job rotation Which layer of the TCP/IP model is equivalent to the Session, Presentation, and Application layers of the OSI model? - CORRECT ANSWER Application Which of the following are the six steps of an incident response plan? A. Detect, Respond, Report, Recover, Remediate, Review B. Discover, Review, Respond, Recover, Rectify, Report C. Detect, Respond, Remediate, Recover, Review, Report D. Detect, Respond, Report, Recover, Remediate, Review - CORRECT ANSWER Not A or C The Open Web Application Security Project publishes the OWASP Top 10, which summarizes feedback from the community in order to compile the Top 10 application vulnerabilities, including the associated risks, impacts, and mitigations for each. What is the main reason a developer wouldn't solely rely on this guidance? - CORRECT ANSWER An organization's prioritized threat may not be withing the top 10 When the number of virtual machines on a network reaches a point where it's too much for an administrator to effectively manage, is known as: A. VM Sprawl B. VM Escape C. VM Gorge D. VM Discourse - CORRECT ANSWER VM Sprawl Which of the following define requirements to support a policy? A. Procedures B. Standards C. Guidance D. Practices - CORRECT ANSWER Standards Ideally, a forensics workstation: A. is isolated to prevent contaminating B. has support for removable storage devices C. is not used for day-to-day operations D. All of the above E. None of the above - CORRECT ANSWER All of the Above Network flows are difficult to track large amounts of traffic with and cannot view a consolidated picture of what is happening on your network. A. True B. False - CORRECT ANSWER False Which of the following is NOT a best practice for securing wireless environments? A. Broadcasting the access point SSID using proper network name only B. Using protocols such as WPA2 or WPA3 to authenticate users C. Implementing 802.1x port security D. Managing access by device MAC address - CORRECT ANSWER Broadcasting the access point SSID using proper network name only Which of the following scan types allows executable operations on a host, and generally takes longer to run? A. Agent scan B. Non-credentialed scan C. Credentialed scan D. Domain host scan - CORRECT ANSWER Credentialed scan The amount of risk that an organization can accept and still achieve business objectives is its: A. Risk appetite B. Risk deterrence C. Risk avoidance D. Risk indicator - CORRECT ANSWER Risk appetite Which of the activity would NOT be considered passive footprinting? A. Scan the range of IP addresses found in the target's DNS database B. Look through the trash to find out any information that might have been discarded C. Perform multiple searches through a search engine D. Search on a financial site such as Yahoo Financial - CORRECT ANSWER Not A When implementing a vulnerability management process, which of the following is the logical order of activities? A. Establish scan frequency, configure scan tools, remediation, requirements identification B. Requirements identification, configure scan tools, establish scan frequency, remediation C. Establish scan frequency, requirements identification, configure scan tools, remediation D. Requirements identification, establish scan frequency, configure scan tools, remediation - CORRECT ANSWER Requirements identification, establish scan frequency, configure scan tools, remediation The requirements identified for a vulnerability management process many times drive the vulnerability scanning frequency. A. True B. False - CORRECT ANSWER True Which of the following vulnerability scan methods uses push technology and is dependent on network connectivity? A. Credential B. Server-based C. Agent-based D. Discover - CORRECT ANSWER Server-based To test and confirm security settings and configurations in a networked environment, and find any further vulnerabilities and details on how they may be leveraged in an attack, which of the following cyber tool types would be most useful? A. Discovery B. Exploit C. Forensic D. Recovery - CORRECT ANSWER Exploit Tools like Encase and FTK can be used for imaging, mounting, and analyzing hard drives. What category of cyber tools would they be considered? A. Exploit B. Forensic C. Backup D. Recovery - CORRECT ANSWER Forensic Which of the following would NOT typically be part of an incident response plan? A. Outline restoration of normal operations B. Determine party at fault for the adverse event C. Describe fast and efficient responses D. Strategies to limit damage to an acceptable level - CORRECT ANSWER Not D [Show Less]
FedVTE Windows Operating System Security 50 Questions with Verified Answers Which type of attacker has actions that are considered noble by the attacker... [Show More] but could cause more harm than good? A. White Hat B. Black Hat C. Red Hat D. Gray Hat - CORRECT ANSWER D. Gray Hat During which step of Microsofts recommended Update Management Process would an update be tested? A. Assess B. Identify C. Evaluate and Plan D. Deploy - CORRECT ANSWER C. Evaluate and Plan Which execution mode has unrestricted access to the underlying hardware? A. Kernel B. Operating System C. User D. Guest - CORRECT ANSWER A. Kernel Which one of the following can be managed through group policies (GPO)? A. Authentication settings B. Software installation and update C. IPsec connections D. All of the above - CORRECT ANSWER D. All of the above The Windows Security Configuration Wizard can be used to configure the Windows Firewall with advanced security support. A. True B. False - CORRECT ANSWER A. True Which one of the following is a Windows Firewall advantage? A. Can be configured with the Group Policy B. Provides a very granular customization of applications C. Can be configured with Netsh or PowerShell D. All of the above - CORRECT ANSWER B. Provides a very granular customization of applications Many current network security tools such as Firewalls and Intrusion Detection Systems and Intrusion Prevention Systems are not 100% compatible with IPv6. A. True B. False - CORRECT ANSWER A. True Which one of the following default rights can be performed by a member of the Windows User Group? A. Increase a process working set B. Allow logons through the Remote Desktop Services C. Create global objects D. Load and unload device drivers - CORRECT ANSWER A. Increase a process working set Security Templates provide a standardized way to organize and express and measure security related information. A. True B. False - CORRECT ANSWER B. False Which one of the following is a cmdlet that is used to gather computer information? A. Get-WmiObject B. Get-ChildItems C. Get-Service D. None of the above - CORRECT ANSWER A. Get-WmiObject Network Access Protection (NAP) is a Windows feature that provides which one of the following? A. Automatic Remediation B. Non-current Compliance C. Health State Invalidation D. None of the above - CORRECT ANSWER A. Automatic Remediation What are the four service startup types? A. Manual; Automatic; Disabled; Prompt B. Manual; Automatic; Enabled; Disabled C. Manual; Automatic; Scheduled; Disabled D. Manual; Automatic; Automatic (Delayed); Disabled - CORRECT ANSWER D. Manual; Automatic; Automatic (Delayed); Disabled PowerShell is built on top of the .Net CRL and .Net Framework. A. True B. False - CORRECT ANSWER A. True Which solution is best to avoid downloading an untrusted patch? A. Disable automatic updates B. Check for updates on a trusted network C. Verify the source of the update D. All of the above - CORRECT ANSWER D. All of the above In a Kerberos Authentication process which one of the following sends a Ticket Granting Ticket secret key and a session key as a function? A. TGS_RESPONSE B. AS_RESPONSE C. TGS_REQ D. AP_RESPONSE - CORRECT ANSWER B. AS_RESPONSE An API is a set of functions that an application can call to allow the application to operate within Windows. A. True B. False - CORRECT ANSWER A. True Which Active Directory Certificate Service (AD CS) server role allows routers and other network devices that do not have a domain account to obtain certificates? A. Certificate Enrolment Web Service B. Online Responder C. Certificate Enrolment Policy Web Service D. Network Device Enrollment Service - CORRECT ANSWER D. Network Device Enrollment Service Which value in the PowerShell "execution policy" allows loading of all configuration files and scripts? A. AllSigned B. Unrestricted C. Undefined D. RemoteSigned - CORRECT ANSWER B. Unrestricted In which multi tasking mode can an operating system take control of the processor without consent from the task? A. Non-preemptive multi-tasking B. Preemptive multi-tasking C. Multi-threading D. Multi-programming - CORRECT ANSWER B. Preemptive multi-tasking Which Dynamic Access Control capability allows for "safety net" policies? A. Centralize Access Policies B. Data Classification C. Centralized Auditing D. Rights Management Service - CORRECT ANSWER A. Centralize Access Policies Which one of the following is a benefit of Dynamic Access Control? A. Improves productivity B. Data is protected at the appropriate level C. Content owners have control over their data D. All of the above - CORRECT ANSWER D. All of the above Which one of the following can be audited using the Windows Security Auditing feature? A. Audit IPSec Extended Mode B. Audit Logoff C. Audit Network Policy Server D. All of the above - CORRECT ANSWER D. All of the above Which one of the following creates and manages and exports (for deployment) security policies across multiple Windows operating systems roles and Microsoft applications? A. Microsoft Security Configuration Wizard B. Microsoft Security Compliance Manager C. Security Templates D. Group Policy - CORRECT ANSWER B. Microsoft Security Compliance Manager In a PowerShell environment the WhatIf parameter allows PowerShell users to test the command before actually executing. A. True B. False - CORRECT ANSWER A. True Microsoft Security Configuration Wizard is a management tool that is based upon machine roles such as a file server a print server a domain controller etc. A. True B. False - CORRECT ANSWER A. True Which one of the following is required for Windows BitLocker configuration? A. Trusted Platform Module (TPM) B. Hardware Security Module C. UEFI (Unified Extensible Firmware Interface) D. None of the above - CORRECT ANSWER A. Trusted Platform Module (TPM) CVE is short for Critical Vulnerabilities and Exploits. A. True B. False - CORRECT ANSWER B. False Of the following methods which one is a tool that centrally manages and configures Windows operating systems and applications and user settings? A. Microsoft Security Configuration Wizard B. Security Content Automation Protocol (SCAP) C. Group Policy D. None of the above - CORRECT ANSWER C. Group Policy In which one of the Social Engineering stages would you establish credibility? A. Information Gathering B. Select Target C. Relationship Development D. Relationship Exploitation - CORRECT ANSWER C. Relationship Development In a Hardening Process which method uses plaintext files containing software and driver installation configuration settings? A. Security Templates B. Microsoft Baseline Security Analyzer C. Security Compliance Manager Toolkit (SCM) D. Group Policy - CORRECT ANSWER A. Security Templates Which method scans systems to identify common security misconfigurations and missing security updates? A. Microsoft Security Configuration Wizard B. Microsoft Security Compliance Manager C. Microsoft Baseline Security Analyzer D. Group Policy - CORRECT ANSWER C. Microsoft Baseline Security Analyzer Which two of the following categories of monitoring are in the Action Center formerly known as the Windows Security Center? A. Windows API and Applications B. Windows Services and Processes C. Security and Maintenance D. Memory Management and CPU usage - CORRECT ANSWER C. Security and Maintenance Which Internet Protocol Security (IPsec) protocol provides confidentiality by encrypting data? A. Internet Key Exchange (IKE) B. Authentication Header (AH) C. Encapsulating Security Payload (ESP) D. All of the above - CORRECT ANSWER C. Encapsulating Security Payload (ESP) Which one of the following could be categorized as a misconfiguration? A. Failure to set quotas for the group members and then the members overload the file server in an accidental DoS attack B. Mistakenly adding an account to a wrong group C. Accidentally setting the Everyone group to full control on a share drive D. All of the above - CORRECT ANSWER D. All of the above Which vulnerability allows remote attackers to execute arbitrary code via a crafted TrueType Font (TTF) file? A. Print Spooler - CVE-2013-0011 B. Kernel Mode Driver - CVE-2012-4786 C. Microsoft XML - CVE-2013-0007 D. Use After Free - CVE-2012-4969 - CORRECT ANSWER B. Kernel Mode Driver - CVE-2012-4786 Which description best defines a Hotfix? A. Incremental update between service packs or versions to fix outstanding issues B. Publicly released update to fix a known flaw for a software application or operating system C. An update to fix a very specific issue D. A collection of patches Hotfixes and maintenance releases - CORRECT ANSWER C. An update to fix a very specific issue Which Network Access Protection (NAP) client collects and maintains a system health status? A. System Health Agent B. NAP Agent C. NAP Enforcement Client D. None of the above - CORRECT ANSWER B. NAP Agent Which option is best for a server to connect to a network? A. Wired B. Wireless C. Virtual Private Network D. None of the above - CORRECT ANSWER A. Wired Which one of the following steps is not part of securing the Microsoft patch process? A. Always validate patches B. Apply patches while on the road C. Harden the WSUS server D. Ensure ALL software is patched not just Microsoft - CORRECT ANSWER B. Apply patches while on the road User Account Control (UAC) was introduced in Windows XP and Server 2003. A. True B. False - CORRECT ANSWER B. False A logical Patch Management process is a one-time process that businesses should establish to ensure success. A. True B. False - CORRECT ANSWER B. False In the Windows Registry what is a collection of discrete files called? A. Programs B. Hives C. Keys D. Trees - CORRECT ANSWER B. Hives Windows Defender was formerly known as Microsoft Anti-Spyware. A. True B. False - CORRECT ANSWER A. True Which method can start PowerShell in Windows 8? A. > All Programs > Accessories > Windows PowerShell Folder > Windows PowerShell B. Charm > Search > type PowerShell > click Windows PowerShell C. In Server Manager: Tools menu > Windows PowerShell D. All of the above - CORRECT ANSWER B. Charm > Search > type PowerShell > click Windows PowerShell A Virtual Private Network allows two systems to connect over a public network and have the assurance of which of the following? A. Confidentiality B. Authentication C. Integrity D. All of the above - CORRECT ANSWER D. All of the above Which key command in PowerShell shows an objects methods and properties? A. Get-Help B. Get-Command C. Get-Member D. All of the above - CORRECT ANSWER C. Get-Member Which built-in Windows security feature prevents users from loading unauthorized and unapproved applications? A. Windows Firewall B. Windows Defender C. Windows AppLocker D. Windows Group Policy - CORRECT ANSWER C. Windows AppLocker Authenticode is a means of code signing that allows users to verify the source and author of the signed software. A. True B. False - CORRECT ANSWER B. False Which one of the following DLL file handles the memory management? A. User32.dll B. Kernel32.dll C. Gdi32.dll D. None of the above - CORRECT ANSWER B. Kernel32.dll Which type of permissions are created by default on non child objects or based by user assignment? A. Inherited B. Standard C. Effective D. Explicit - CORRECT ANSWER D. Explicit [Show Less]
FedVTE Enterprise Cyber security Operations 33 Questions with Verified Answers The acronym VPN stands for: - CORRECT ANSWER Virtual Private Network ... [Show More] Executives are responsible for managing and overseeing enterprise risk management. - CORRECT ANSWER True The internal audit department is investigating a possible accounting breach. One of the auditors is sent to interview the following employees: Employee A works in the accounts receivable office and is in charge of entering data into the finance system; Employee B works in the accounts payable office and is in charge of approving purchase orders; Employee C is the manager of the finance department, supervises Employee A and Employee B, and can perform the functions of both Employee A and Employee B. Which of the following should the auditor suggest be done to avoid future security breaches? - CORRECT ANSWER The manager should only be able to review the data and approve purchase orders. An electrical utility has employed a consultant to perform a controls assessment of the personnel system, backend business operations, and the SCADA system used in their facility. Which of the following correctly states the risk management options that the consultant should use during the assessment? - CORRECT ANSWER Avoid, transfer, mitigate, and accept. The acronym SOA stands for: - CORRECT ANSWER Statement of Applicability Which of the following are steps in the risk management process? - CORRECT ANSWER All of the Above Cybersecurity should be involved throughout the entire system development life cycle. - CORRECT ANSWER True A Physical Security Manager is ready to replace 30 analog surveillance cameras with IP cameras with built in web management. There are several security guard desks on different networks that must be able to view the cameras without unauthorized people viewing the video as well. The selected IP camera vendor does not have the ability to authenticate users at the camera level. Which of the following should be used to BEST secure this environment? - CORRECT ANSWER Create an IP camera network and deploy a proxy to authenticate users prior to accessing the cameras. What is an advantage of cloud computing? - CORRECT ANSWER Improved performance Cybersecurity is primarily about implementing a checklist of requirements. - CORRECT ANSWER False A retail merchant has had a number of issues in regards to the integrity of sensitive information across all of its customer databases. This has resulted in the merchants share price decreasing in value by more than one third and the merchant has been threatened with losing their ability to process credit card transactions. The new Chief Information Security Officer (CISO) as a result has initiated a program of work to solve the issues. The business has specified that the solution needs to be enterprise grade and meet the following requirements: Work across all major platforms, applications and infrastructure; Tracks activity of all users, including administrators; Operates without negatively impacting the performance of production platforms, applications, and infrastructures; Provides real-time incident reporting; Displays incidents in a dashboard view for easy recognition; Includes a report generator where business units are able to query against companys system assets. In order to solve this problem, which of the following security solutions will BEST meet the above requirements? - CORRECT ANSWER Implement an enterprise-based SIEM solution to process the logs of the major platforms, applications, and infrastructure. Open source material is a good resource for gathering substantial information on a desired target. - CORRECT ANSWER True The agile process emphasizes which of the following over processes and tools? - CORRECT ANSWER Individuals and Interactions Jurisdiction and Breach Notification are examples of what type of potential risk? - CORRECT ANSWER Legal Which of the following is considered the necessary research done before launching a scan? - CORRECT ANSWER Network Reconnaissance Cloud computing does NOT require a constant Internet connection. - CORRECT ANSWER False Which of the following should be developed during the SDLC? - CORRECT ANSWER All of the Above HTML5 is the latest version of the markup language. - CORRECT ANSWER True Chain of Custody shows who controlled, secured and obtained a piece of evidence. - CORRECT ANSWER True There should never be different levels of regulations within a single business unit. - CORRECT ANSWER False New zero day attacks are being discovered on a regular basis against a broad range of IT systems. Which of the following best practices should a security manager do to manage the risks being faced through these attack vectors? - CORRECT ANSWER Maintain a list of critical systems. Which of the following BEST explains SAML? - CORRECT ANSWER A security attestation model built on XML and SOAP based services, which allows for the exchange of AandA data between systems and supports Federated Identity Management. An intrusion detection system logged an attack attempt from a remote IP address. One week later, the attacker successfully compromised the network. Which of the following MOST likely occurred? - CORRECT ANSWER No one was reviewing the IDS event logs. A government agency has a major new initiative to virtualize as many servers as possible, due to power and rack space capacity at its two data centers. The agency has prioritized virtualizing older servers first as the hardware is nearing end of life. The two initial migrations include Windows 2000 hosts (domain controllers and front-facing web servers) and open source Linux hosts (front facing web servers). Which of the following should occur based on best practices? - CORRECT ANSWER Each data center should contain separate virtual environments for the web servers and for the domain controllers. Which of the following is an agreement between two or more organizations to work together to allow information exchange? - CORRECT ANSWER Interoperability The DoD has specific mandatory requirements for data encryption. - CORRECT ANSWER True A new IDS appliance is generating a very large number of events, most of which are not security-related. Select the approach which best resolves this issue. - CORRECT ANSWER Adjust IDS filters that are creating false positives. Good metrics are SMART. The M in the acronym SMART stands for: - CORRECT ANSWER Measurable Which of the following can be useful in information gathering? - CORRECT ANSWER All of the Above File Transfer Protocol (FTP) is secure. - CORRECT ANSWER False Impact measures are inherently organization specific. - CORRECT ANSWER True A Security Manager is selecting web conferencing systems for internal use. The system will only be used for internal employee collaboration. All of the following should be priority issues for the security manager EXCEPT: - CORRECT ANSWER PBX integration of the service The firm's CISO has been working with the Purchasing and the Project Management Office on soliciting bids for a series of HIDS and NIDS products for a major installation in the firm's new Hong Kong office. After reviewing RFQs received from three vendors, the company has not gained any real data regarding the specifications about any of the solutions and want that data before the procurement continues. Which of the following will the CISO do at this point to get back on track in this procurement process? - CORRECT ANSWER Contact the three submitting vendor firms and have them submit supporting RFIs to provide more detailed information about their product solutions. [Show Less]
FedVTE CAP Exam 50 Questions with Verified Answers Which of the following groups represents the most likely source of an asset loss through the inapprop... [Show More] riate use of computers? A. Employees B. Hackers C. Visitors D. Customers - CORRECT ANSWER A. Employees FISMA charges which one of the following agencies with the responsibility of overseeing the security policies and practices of all agencies of the executive branch of the Federal government? A. Office of Management and Budget (OMB) B. National Institute of Standards and Technology (NIST) C. National Security Agency (NSA) D. Department of Justice - CORRECT ANSWER A. Office of Management and Budget (OMB) Which one of the following publications provides details of the monitoring security control? A. NIST SP 800 53 B. NIST SP 800 42 C. NIST SP 800 37 D. NIST SP 800 41 - CORRECT ANSWER C. NIST SP 800 37 Which of the following statements about Discretionary Access Control List (DACL) is true? A. It is a list containing user accounts, groups, and computers that are allowed (or denied) access to the object. B. It specifies whether an audit activity should be performed when an object attempts to access a resource. C. It is a unique number that identifies a user, group, and computer account. D. It is a rule list containing access control entries. - CORRECT ANSWER A. It is a list containing user accounts, groups, and computers that are allowed (or denied) access to the object. FIPS Publication 199 defines three levels of potential impact to the compromise of confidentiality, integrity, and availability. These levels are: A. Minimum, Normal, Maximum B. Low, Moderate, High C. Unclassified, Confidential, Secret D. Confidential, Secret, Top Secret - CORRECT ANSWER B. Low, Moderate, High Which of the following individuals is responsible for monitoring the information system environment that can negatively impact the security of the system and its accreditation? A. Chief Information Security Officer B. Chief Information Officer C. Chief Risk Officer D. Information System Owner - CORRECT ANSWER D. Information System Owner Which of the following professionals plays the role of a monitor and takes part in the organizations configuration management process? A. Senior Agency Information Security Officer B. Authorizing Official C. Common Control Provider D. Chief Information Officer - CORRECT ANSWER C. Common Control Provider Which of the following is not a standard phase in the System Authorization Process? A. Pre certification B. Post authorization C. Post certification D. Certification - CORRECT ANSWER C. Post certification What is the potential impact if the loss of confidentiality, integrity, or availability could be expected to have a limited adverse effect on organizational operations, organizational assets, individuals, other organizations, or the national security interests of the United States? A. Low B. Moderate C. High D. Limited - CORRECT ANSWER A. Low An assessment procedure consists of a set of which things, each with an associated set of potential assessment methods and assessment objects? A. Assessment objectives B. Security controls C. Operational requirements D. Assessment objects - CORRECT ANSWER A. Assessment objectives This process is used to determine if the security controls in the information system continue to be effective over time in light of the inevitable changes that occur in the system as well as the environment in which the system operates between authorization decisions. A. Continuous monitoring B. Configuration management C. Vulnerability assessment D. Certification and accreditation - CORRECT ANSWER A. Continuous monitoring Who does an organization require that is capable of conducting an impartial assessment of security controls employed within or inherited by an information system? A. Vendor assessor B. Technical expert C. Authorization assessor D. Independent assessor - CORRECT ANSWER D. Independent assessor Which of the following NIST documents provides a guideline for identifying an information system as a National Security System? A. NIST SP 800 59 B. NIST SP 800 53 C. NIST SP 800 60 D. NIST SP 800 37 - CORRECT ANSWER A. NIST SP 800 59 Subsequent to a security breach, which of the following techniques are used with the intention to limit the extent of damage caused by the incident? A. Corrective controls B. Preventive controls C. Change controls D. Incident controls - CORRECT ANSWER A. Corrective controls What process should be initiated when changes to the information system negatively impact the security of the system or when a period of time has elapsed as specified by agency or federal policy? A. IS audit B. Systems acquisition C. Reauthorization D. Reclassification of data - CORRECT ANSWER C. Reauthorization Which of the following documents can be best aid in selecting controls to be monitored? A. NIST SP 800 37 B. FISMA C. FIPS 199 D. NIST SP 800 18 - CORRECT ANSWER C. FIPS 199 Applying the first three steps in the RMF to legacy systems can be viewed in what way to determine if the necessary and sufficient security controls have been appropriately selected and allocated? A. Sequential B. Level of effort C. Gap analysis D. Common control - CORRECT ANSWER C. Gap analysis In which type of access control do user ID and password system come under? A. Physical B. Administrative C. Power D. Technical - CORRECT ANSWER D. Technical Which role in the security authorization process is responsible for organizational information systems? A. IS program manager B. Designated authorizing official C. Certification agent D. User representative - CORRECT ANSWER B. Designated authorizing official What assessment procedure is designed to work with and complement the assessment procedures to contribute to the grounds for confidence in the effectiveness of the security controls employed in the information system? A. Extended B. Subordinate C. Based D. Cross control - CORRECT ANSWER A. Extended Why would the authorization decision issue a determination of Not Authorized? A. If the system is not authorized (NA) to process classified information. B. If it is deemed that the agency level risk is unacceptably high. C. If the system is mission critical and requires an interim authority to operate. D. The information system is always accredited without any restrictions or limitations on its operation. - CORRECT ANSWER B. If it is deemed that the agency level risk is unacceptably high. Which of the following persons is responsible for testing and verifying whether the security policy is properly implemented and the derived security solutions are adequate or not? A. Data owner B. Data custodian C. User D. Auditor - CORRECT ANSWER D. Auditor FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems. Which of the following FITSAF levels shows that the procedures and controls have been implemented? A. Level 2 B. Level 1 C. Level 5 D. Level 3 - CORRECT ANSWER D. Level 3 When does monitoring security controls take place? A. Before the initial system certification B. After the initial system security authorization C. Before and after the initial system security accreditation D. During the system design phase - CORRECT ANSWER B. After the initial system security authorization NIST SP 800 53A defines three types of interview depending on the level of assessment conducted. Which of the following NIST SP 800 53A interviews consists of informal and ad hoc interviews? A. Substantial B. Abbreviated C. Comprehensive D. Significant - CORRECT ANSWER B. Abbreviated The British Standard BS7799 was the basis for which of the following standards? A. ISO/IEC 154508 B. ISO/IEC 17799 C. ICO/ICE 17799 D. Executive Order (E.O.) 13231 - CORRECT ANSWER B. ISO/IEC 17799 If an organization shares financial and personal details of a client to other companies without prior consent of the individuals that organization is violating what following Internet law? A. Security law B. Copyright law C. Privacy law D. Trademark law - CORRECT ANSWER C. Privacy law Which of the following NIST Special Publication documents provides a guideline on network security testing? A. NIST SP 800 53A B. NIST SP 800 53 C. NIST SP 800 42 D. NIST SP 800 37 - CORRECT ANSWER C. NIST SP 800 42 How many steps are defined in the RMF process? A. Three B. Four C. Six D. Five - CORRECT ANSWER C. Six Which of the following statements about the authentication concept of information security management is true? A. It ensures that modifications are not made to data by unauthorized personnel or processes. B. It determines the actions and behaviors of a single individual within a system and identifies that particular individual. C. It ensures the reliable and timely access to resources. D. It establishes the identity of users and ensures that the users are who they say they are. - CORRECT ANSWER D. It establishes the identity of users and ensures that the users are who they say they are. Which of the following classification levels defines the information that, if disclosed to the unauthorized parties, could be reasonably expected to cause exceptionally grave damage to the national security? A. Top Secret information B. Secret information C. Confidential information D. Unclassified information - CORRECT ANSWER A. Top Secret information Which of the following statements best describes the difference between the role of a data owner and the role of a data custodian? A. The data owner implements the information classification scheme after the initial assignment by the custodian. B. The custodian implements the information classification scheme after the initial assignment by the operations manager. C. The data custodian implements the information classification scheme after the initial assignment by the data owner. D. The custodian makes the initial information classification assignments and the operations manager implements the scheme. - CORRECT ANSWER C. The data custodian implements the information classification scheme after the initial assignment by the data owner. FIPS 200 provides how many minimum security requirements for federal information and information systems? The requirements represent a broad based, balanced information security program that addresses the management, operational, and technical aspects of protecting the CIA of federal information and information systems. A. 5 B. 17 C. 21 D. 10 - CORRECT ANSWER B. 17 This stakeholders involvement is required to determine acceptable residual risk and also advises the development team if the risks associated with eventual operation of the system appear to be unacceptable. A. Authorization Official B. Acceptance Official C. Accreditation Officer D. Assessment Officer - CORRECT ANSWER C. Accreditation Officer Security categorization of an National Security System must consider the security categories of all information types resident on it. A. True B. False - CORRECT ANSWER A. True During the security impact analysis vulnerabilities were uncovered in the information system. Which of the following documents should address the outstanding items? A. Plan of action and milestones B. System security plan C. System discrepancy plan D. System deficiency plan - CORRECT ANSWER A. Plan of action and milestones Which of the following governance bodies directs and coordinates implementations of the information security program? A. Chief Information Security Officer B. Information Security Steering Committee C. Senior Management D. Business Unit Manager - CORRECT ANSWER A. Chief Information Security Officer The authorization decision document conveys the final security authorization decision from the authorizing official to the information system owner. The authorization decision document contains all of the following information except? A. Authorization decision B. Terms and conditions for the authorization C. Approving revisions to the SSAA D. Authorization termination date - CORRECT ANSWER C. Approving revisions to the SSAA Which of the following acts is used to recognize the importance of information security to the economic and national security interests of the United States? A. FISMA B. Computer Fraud and Abuse Act C. Lanham Act D. Computer Misuse Act - CORRECT ANSWER A. FISMA The security authorization package contains multiple key documents enabling the authorization officials to make risk based authorization decisions. Which of the following documents is not part of the package? A. The security plan B. The security assessment report C. The plan of action and milestones D. The security service level agreements - CORRECT ANSWER D. The security service level agreements Which of the following would be an accurate description of the role of the ISSO in the RMF process? A. The ISSO determines whether a system is ready for certification and conducts the certification process. B. The operational interests of system users are vested in the ISSO. C. The ISSO coordinates all aspects of the system from initial concept through development to implementation and system maintenance. D. The ISSO is responsible to the DAA for maintaining the appropriate operational security posture for an information system or program. - CORRECT ANSWER D. The ISSO is responsible to the DAA for maintaining the appropriate operational security posture for an information system or program. Which of the following activities is not a element of monitoring security controls? A. Operation and maintenance B. Security control monitoring and impact analyses C. Status reporting and documentation D. Configuration management and control - CORRECT ANSWER A. Operation and maintenance The guidelines in this publication apply to the security controls defined in NIST Special Publication 800 53 in an effort to enable more consistent, comparable, and repeatable assessments of security controls. A. SP 800 53 B. SP 800 53A C. SP 800 37 D. FIPS 200 - CORRECT ANSWER B. SP 800 53A Change management is initiated under which phase? A. Select security controls B. Categorize information system C. Authorize information system D. Monitor security controls - CORRECT ANSWER D. Monitor security controls Who is primarily responsible for categorizing the Information System? A. IS program manager B. CIO C. Information system owner D. System architect - CORRECT ANSWER C. Information system owner What is the potential impact if the loss of confidentiality, integrity, or availability could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, individuals, other organizations, or the national security interests of the United States? A. Low B. Moderate C. Severe D. High - CORRECT ANSWER D. High Concerning residual risk which of the following statements is true? A. It is a weakness or lack of control that can be exploited by a risk. B. It is an indicator of threats coupled with vulnerability. C. It is the possible risk after implementing all security measures. D. It is the possible risk prior to implementing all security measures. - CORRECT ANSWER C. It is the possible risk after implementing all security measures. FISMA assigned the responsibility for developing standards to be used by all Federal agencies to categorize all information and information systems to which one of the following organizations? A. OMB B. NIST C. NSA D. DoD - CORRECT ANSWER B. NIST This is a standard that sets essential requirements for assessing the effectiveness of computer security controls built into a computer system? A. FITSAF B. TCSEC C. FIPS D. SSAA - CORRECT ANSWER B. TCSEC The first item listed in the system security plan is the system name and identifier. As required in OMB Circular A 11, each system should be assigned a name and unique identifier. The assignment of a unique identifier supports the agency's ability to do what? A. Collect agency information and security metrics specific to the system. B. Establish budget auditability. C. Identify risks associated to location. D. Create an RTM. - CORRECT ANSWER A. Collect agency information and security metrics specific to the system. [Show Less]
FedVTE Cyber Security Investigations 30 Questions with Verified Answers Which of the following can be determined by capturing and analyzing network ... [Show More] traffic? A. Intent of Insider Threat actors and logs of their activity B. Communication and connections between hosts C. Open files and Registry handles on individual hosts D. Firewall and Intrusion Detection rules for the gateway - CORRECT ANSWER B. Communication and connections between hosts Which of the following is a method to detect an incident? A. IDS alarm B. Log analysis C. 3rd Party Information D. Public or attacker announcement E. All of the above F. None of the above - CORRECT ANSWER E. All of the above Which of the following describes hash analysis? A. Validating file integrity by matching before and after hash values B. Organizing data sets into key and hash value pairs C. Matching file hash values against a set of known hash values D. Identifying file types by analyzing individual hash values - CORRECT ANSWER C. Matching file hash values against a set of known hash values Which of the following is NOT a goal of triage? A. Quickly identify indicators of compromise B. Identify vectors used to compromise the systems C. Determine normal and abnormal network behavior D. Determine which systems require in-depth analysis - CORRECT ANSWER C. Determine normal and abnormal network behavior What is the order of the stages of attacker methodology? A. Footprinting, Vulnerability Exploitation, Foothold, Damage B. Footprinting, Foothold, Vulnerability Exploitation, Damage C. Footprinting, Vulnerability Exploitation, Damage, Foothold D. Vulnerability exploitation, Footprinting, Foothold, Damage - CORRECT ANSWER A. Footprinting, Vulnerability Exploitation, Foothold, Damage Why are analysis of file signatures and file extensions helpful to investigators? A. They can identify what the file type is and what the OS will try to open it with B. They can determine if the file was corrupted during transfer C. They can indicate obfuscation by showing when signatures and extensions do not match D. They can show if the file was executed by a user or if it was a drive-by download - CORRECT ANSWER C. They can indicate obfuscation by showing when signatures and extensions do not match Subjective data has no purpose in Incident Response considerations. A. True B. False - CORRECT ANSWER B. False What is the purpose of a write-block device? A. To deny a system from communicating on a network B. To prevent changes to a piece of digital evidence C. To prevent malware from being written to a hard drive D. To queue system writes to prevent congestion when writing to the drive - CORRECT ANSWER B. To prevent changes to a piece of digital evidence Why is it important to check At/Scheduled Tasks, Startup folders, Registry HKCU/HKLM, DLL replacements and Web browser extensions? A. These are areas where insider threat actors typically hide evidence of their activity B. These are areas to check for malware persistence C. These areas can be overwritten by newer records especially on new systems with high level of events generated D. These areas are often compressed and encrypted to bypass security sensors - CORRECT ANSWER B. These are areas to check for malware persistence A forensic image is: A. A picture taken of the physical components of a compromised system B. The documentation surrounding a piece of evidence C. A zipped container of all forensic evidence regarding a specific incident D. An identical copy of a piece of digital evidence - CORRECT ANSWER D. An identical copy of a piece of digital evidence RAM is volatile data and collected while the system is still running, as it will be lost when power is removed. A. True B. False - CORRECT ANSWER A. True Installing patches, disabling services, removing accounts, and re-imaging systems are example methods of: A. Collection B. Containment C. Detection D. Eradication E. All of the above F. None of the above - CORRECT ANSWER D. Eradication Which of the following best describes the difference between physical and logical images? A. Physical images are obtained using a physical imaging devices and logical images use software to create an image B. Physical images are bit for bit duplicates of an entire device and logical images only collect information readable by the filesystem C. Physical images can only be collected on site and logical images can only be collected using remote imaging techniques D. Physical and logical images both collect all information on the media device but only logical images can collect files in memory - CORRECT ANSWER B. Physical images are bit for bit duplicates of an entire device and logical images only collect information readable by the filesystem Once an intruder has identified targets to attack and the vulnerabilities to exploit, they will begin their attack. Which phase of the attacker methodology does this fall under? A. Breach B. Enumeration C. Exploitation D. Extortion E. Footprinting - CORRECT ANSWER C. Exploitation What stage of the Digital Forensics Life Cycle does the following describe?: Training of personnel, enabling monitoring capabilities, and configuring tools to meet needs. A. Acquisition/Development B. Operations/Maintenance C. Disposal/Transition D. Implementation/Assessment - CORRECT ANSWER D. Implementation/Assessment What are MAC timestamps? A. The dates and times a MAC address was configured on a NIC B. Times that determine when packets passed through a router or switch C. Metadata timestamps on files that are valuable but should be carefully evaluated D. A Macintosh file system method of recording activity - CORRECT ANSWER C. Metadata timestamps on files that are valuable but should be carefully evaluated An on-site forensics team is always more cost effective for organizations than hiring an off-site team. A. True B. False - CORRECT ANSWER B. False What is Netflow? A. It is a protocol used to map a computer network address to a hardware address B. It is a program that locally collects information about Windows computers C. It is a protocol that allows the user to view all traffic on a SPAN port D. It is a protocol developed by Cisco to track and examine traffic volume - CORRECT ANSWER D. It is a protocol developed by Cisco to track and examine traffic volume The primary reason for forensically preparing media is: A. To ensure there is adequate space to run tools and equipment B. To ensure that there is no residual data from previous use C. To ensure media is able to copy and share data D. To ensure that media is compatible with the system - CORRECT ANSWER B. To ensure that there is no residual data from previous use Which of the following would return subjective data? A. Was the team adequately prepared and trained? B. How many systems were affected? C. What indicators were identified or missed? D. What was the timeline of the incident response and forensic analysis? - CORRECT ANSWER A. Was the team adequately prepared and trained? Which of the following can cause a compromise in evidentiary value? A. Breaks in chain of custody B. Evidence that has been changed C. Evidence collected without proper techniques D. Failure to comply with the law during evidence collection E. All of the above F. None of the above - CORRECT ANSWER E. All of the above What makes the Eradication phase of Incident Response difficult? A. All compromised systems must be cleaned because a single missed system can re-allow access B. Stopping an intrusion in progress introduces new risks and potential vulnerabilities to the network C. Eradicating the intrusion must wait until all legal action is completed D. During eradication every system must be removed from the network and re-built from scratch - CORRECT ANSWER A. All compromised systems must be cleaned because a single missed system can re-allow access Locard's Principle speculates that: A. Every piece of evidence must pass the verifiability, repeatability, and traceability test B. Every system connected to another must be identifiable C. Every 'contact' between two people or systems will leave a trace D. Every 'contact' between two people or systems will be logged - CORRECT ANSWER C. Every 'contact' between two people or systems will leave a trace RAM may contain which of the following types of information? A. Open File B. Network Connections C. Running processes D. Logged on users E. All of the above F. None of the above - CORRECT ANSWER E. All of the above What is a "Hive"? A. An area the Macintosh file system uses to maintain the relationships between files and directories on a volume B. A key part of the Linux file system that contains UIDs, GIDs, modification, access, creation times, and file locations C. A collection of discrete files that contains a registry tree and root key D. A subnet that contains honeypots - CORRECT ANSWER C. A collection of discrete files that contains a registry tree and root key With incident response, the activity of assigning levels of urgency to individual devices under examination, and followed by processing the devices in the identified order, is known as: A. Favoring B. Scaling C. Triage D. Vetting - CORRECT ANSWER C. Triage When responding to an incident, which type of data should be collected first? A. Archived logs B. Flash media C. Interviews D. Volatile data - CORRECT ANSWER D. Volatile data Which of the following refers to the documentation of and actions on evidence that is going to be used as part of an investigation? A. Evidentiary consideration B. Chain of custody C. Traceability of custody D. Evidentiary verifiability - CORRECT ANSWER B. Chain of custody Hash values can be calculated for any file or data set, including full hard drives. A. True B. False - CORRECT ANSWER A. True Which of the following best describes data carving? A. Data carving is the process of segmenting data by device in order to prevent evidence corruption B. Data carving is the process of searching through a drive for file signatures to identify remnants of files C. Data carving is the process of rendering a file unreadable to unauthorized persons or devices D. Data carving is the process of copying a file while ensuring that the original file is unchanged during the copy process for submission in a court of law - CORRECT ANSWER B. Data carving is the process of searching through a drive for file signatures to identify remnants of files [Show Less]
FedVTE Cyber Fundamentals for Law Enforcement Investigations 50 Questions with Answers What are passive footprints? - CORRECT ANSWER Data unintentio... [Show More] nally left behind during typical internet activities If an investigator in New York state wants to document 2:15 PM on May 31, 2017, how would that moment in time be notated according the ISO 8601 directive? (New York is in the Eastern Time Zone which is -5 UTC, and observes daylight savings) - CORRECT ANSWER 2017-05-31T18:15:00Z What is considered a common best practice for an analysis environment in terms of Internet connectivity? - CORRECT ANSWER Only be connected to the internet when it is absolutely necessary Which of the following is the order of email packet encapsulation? - CORRECT ANSWER A. IP Header, Ethernet Header, TCP Header, Email MessageB. Email Message, Ethernet Header, IP Header, TCP HeaderC. Email Message, TCP Header, IP Header, Ethernet HeaderD. Ethernet Header, Email Header, TCP Header, IP Header; Not A Which of the following best describes a domain name? - CORRECT ANSWER An identifier used for network and application addressing purposes What website can be used to look up detailed archive data about a domain name? - CORRECT ANSWER domaintools.com Information that a web browser reveals about a system or user during typical internet browsing activities is known as: - CORRECT ANSWER Browser leak An investigator will get better results if s/he uses their own Facebook account to 'friend' the individual they're investigating. - CORRECT ANSWER False When a data packet is being created and prepared for transport, whether the target computer?s IP address is on the same network or on a remote network, is not a consideration. - CORRECT ANSWER False Which of the following is an indicator that encryption is in use on a system? - CORRECT ANSWER None of the above Peer-to-Peer networks aren't popular because they're expensive and difficult to deploy. - CORRECT ANSWER False What is a common tactic used by organizations to defend against domain name typo-squatting? - CORRECT ANSWER Domain Parking Remote access software must be used between two identical device types. - CORRECT ANSWER False Encrypted or zipped files by their very nature, contain unknown or untrusted files. - CORRECT ANSWER True Which of the following is NOT a piece in the encryption process? - CORRECT ANSWER The passphrase Which of the following is not necessary for peer-to-peer network communications? - CORRECT ANSWER Central Server Domain Name Servers (DNS) translate IP addresses into Uniform Record Locators (URLs). - CORRECT ANSWER True What type of malware executes when a specific condition is met? - CORRECT ANSWER Logic bomb The Electronic Communications Privacy Act (ECPA) enacted in 1986 by the U.S. Congress is designed to do which of the following? - CORRECT ANSWER Expand telephone wiretap restrictions to include computer transmissions and data storage Because of lessons learned and advancements in defense techniques, malware attacks still occur but the number of victims and monetary losses, have steadily declined over the years. - CORRECT ANSWER False Which of the following options is the best tool for collecting memory data and making disk images? - CORRECT ANSWER Forensic Toolkit Why would an examiner request images be returned as thumbnails? - CORRECT ANSWER Thumbnail galleries are more efficient to scroll through than filenames Digital evidence can be either highly perishable or it can exist, essentially forever, depending on - CORRECT ANSWER Where and how it is stored Once somebody buys a domain name from the registrar, they own it until they decide to sell it. - CORRECT ANSWER False Wireshark, a special program, can: - CORRECT ANSWER A. Be used by computer technicians to examine a data packet capture B. Segment the packet into its different headers and data C. Be used as a packet capture and analysis tool D. All of the above Purchasing a domain name is limited to organizations or individuals who demonstrate their ability to maintain a website. - CORRECT ANSWER False How does the ISO 8601 Directive apply to dates and times? - CORRECT ANSWER A. Establishes a standard for documenting dates and times B. Details how time is globally synchronized C. Serves as official source for global UTC offset information D. All of the above Which of the following is NOT an example of malware? - CORRECT ANSWER Shareware Which one of the following is an example of an IPv4 Address? - CORRECT ANSWER 101.202.050.111 What are the two types of peering commonly used in peer-to-peer networks? - CORRECT ANSWER Anonymous and Direct The Protect American Act was amended to remove the requirement of a warrant for surveillance of: - CORRECT ANSWER A. U.S. citizensB. U.S. citizens with dual citizenshipsC. foreign targetsD. All of the aboveE. None of the above NOT D! What is the best defense against malware infection? - CORRECT ANSWER Operator diligence following computing best practices What are common signs of a virus infection? - CORRECT ANSWER A. New files or folders appear the user didn?t create B. Unusual or unrecognized file extensions C. Unexpected changes to software configuration files D. All of the above Performing analysis on digital artifacts is best done on an investigator's personal system as they're most familiar with its setup and configuration. - CORRECT ANSWER False Which of the following is a self-replicating program that doesn't require user intervention to spread, and exploits vulnerabilities in operating systems and applications? - CORRECT ANSWER Worm Which of the following is a free tool for checking metadata of an image? - CORRECT ANSWER EXIFtool Which of the following is NOT a form of digital evidence? - CORRECT ANSWER DNA When a person changes their name on their Facebook account, their Facebook ID number changes in turn. - CORRECT ANSWER False Sales or solicitations that are illegal to do face-to-face are also illegal to do online. - CORRECT ANSWER True For consistency, and to elimination confusion, the UTC uses the AM/PM identifiers in 12 hour intervals. - CORRECT ANSWER False What appears as a normal file, but provides unauthorized access or a 'back door' into a user's system? - CORRECT ANSWER Trojan Convincing people to divulge confidential information or break good computing practices, describes: - CORRECT ANSWER Social engineering Remote access is used to monitor or survey a remote device, but actions such as installing a program or launching an executable can only be performed by the local device. - CORRECT ANSWER False Collecting all network data is a realistic and necessary goal during the investigation of a cyber incident. - CORRECT ANSWER False Which of the following must an investigator have prior to going onsite of an incident with a cyber component to collect evidence? - CORRECT ANSWER A. Authority to collect digital evidence B. Equipment capable of collecting digital evidence C. Properly trained staff members D. All of the above The process of documenting the collection, protection, custody, control, transfer and analysis of evidence is: - CORRECT ANSWER Chain of Custody When looking at time written in UTC format, 12:00 is: - CORRECT ANSWER Noon Which of the following should make one suspicious of illegal activity, when utilizing an online auction site? - CORRECT ANSWER Seller requesting payment via wire transfer Which of the following on a Windows device contains important details, settings, options and other values for programs and hardware installed? - CORRECT ANSWER Registry A hashtag is used to get messages out faster, and prioritized on trending lists. - CORRECT ANSWER False [Show Less]
FEDVTE Cyber Dark Arts 38 Questions with Verified Answers Which of the following alternative operating systems is focused mostly on greater security... [Show More] in the event of a compromise by preventing propagation? - CORRECT ANSWER Qubes Which of the following might a malicious actor attempt to exploit in a social engineering attack? - CORRECT ANSWER All of the above Which of the following alternative operating systems requires some type of virtualization software and more than one system? - CORRECT ANSWER Whonix The sole purpose of alternative operating systems is for cyber criminals to hide their nefarious activities. - CORRECT ANSWER False In an advanced persistent threat, once access is gained, which of the following are likely to occur? - CORRECT ANSWER All of the Above Successfully opposing disinformation efforts spread via social media is difficult because: - CORRECT ANSWER All of the Above Password cracking tools use wordlist dictionaries containing commonly used passwords in an attempt to gain access using a brute force attack. These wordlists must be downloaded separately from the tool due to the frequency the list is updated. - CORRECT ANSWER False Only law enforcement and intelligence organizations can legally use anonymous browsers like ToR. - CORRECT ANSWER False The amount of fake accounts on social media sites like Facebook is: - CORRECT ANSWER Close to equal the number of active users Qubes achieves greater security by allowing the user to run applications and store files in: - CORRECT ANSWER Isolated containers Using software and malware components to take control over a device's resources is known as: - CORRECT ANSWER Cryptojacking Which of the following is the most common and successful method of fraudulently obtaining credentials to gain a foothold in an APT attack? - CORRECT ANSWER Spear Phishing Because of ProtonMail's "zero access architecture" where the message sender encrypts using the recipient's public key, and the recipient decrypts with their private key, this encrypted messaging service can only be exchanged between ProtonMail users. - CORRECT ANSWER False The sole purpose of using offshore web-hosting services is to engage in fraudulent activities such as evading local laws and disguising identity. - CORRECT ANSWER False Which of the following is an example of an anonymous browser? - CORRECT ANSWER ToR Browser Social media sites have enacted strict policies to prevent the posting or spreading misinformation, with penalties that include deactivating a user's account. - CORRECT ANSWER False Why would one use the RSMangler command on a password wordlist used for password cracking? - CORRECT ANSWER To manipulate the original word list adding permutations Whonix comes preloaded with anonymous browsing and email encryption tools. - CORRECT ANSWER True Tails requires the ability to boot from media on the local device. - CORRECT ANSWER True The terms white-hat hacker, script kiddie, and hacktivist, are all hacker types and cybercriminals. - CORRECT ANSWER False Tails is an example of a Live Operating System, which can rely on all of the following EXCEPT: - CORRECT ANSWER A local installation of Windows Sites on the dark web can't be reached using traditional web browsers because access is blocked via black lists that are constantly updated. - CORRECT ANSWER False Which of the following best describes a cyber mercenary? - CORRECT ANSWER Hack for hire actors Which of the following best describes an Advanced Persistent Threat attack? - CORRECT ANSWER Targeting specific assets of an organization with sophisticated malware that operates covertly to avoid detection Social engineering, specifically Phishing, has become a much less effective attack type due to increased awareness in the cyber community, and advancements in detection tools. - CORRECT ANSWER False Which of the following is the act of intentionally publishing and forwarding false information in order to shape beliefs and purposely deceive? - CORRECT ANSWER Weaponized disinformation A legitimate use for anonymous web search engines is to receive unbiased search results. - CORRECT ANSWER True Which of the following is a reconnaissance tool that can scan a network or domains and collect information and identify vulnerabilities? - CORRECT ANSWER Sn1per Which of the following could you expect to learn about a wireless router when scanning with a WiFi Stumbler? - CORRECT ANSWER All of the above Which of the following is an extortion technique used with ransomeware to pressure the user into complying with the actors demands? - CORRECT ANSWER All of the Above Which of the following is software designed to detect wireless routers, and returns information about the router and network that can be equally useful to administrators and malicious actors? - CORRECT ANSWER WiFi Stumbler The main purpose of a blockchain is to maintain a fluid public record of transactions, where users have repudiation options with cryptographically authenticated transactions so that they can control anonimity and retract or deny authorship of a transactio - CORRECT ANSWER False Which of the following is a method malicious users use in an attempt to obtain credentials and gain unauthorized access to a system or service? - CORRECT ANSWER All of the Above Which of the following is a weakness in a software application that is known to the vendor, but the vendor doesn't have a patch or update available to mitigate the weakness? - CORRECT ANSWER Zero-day vulnerability Communication exchanges with a Command and Control, or C2 server, to register and receive further instructions is generally going to appear as network traffic using which protocol? - CORRECT ANSWER HTTP Malicious users leverage E2E encryption services to evade security controls and successfully hide deceptive or illegal data from detection and surveillance. This problem is known as: - CORRECT ANSWER Going Dark Incognito mode or private browsing hides web activities from which of the following? - CORRECT ANSWER The local system Which alternative OS would be most likely to assist a researcher who wants to download potentially infected email attachments for testing? - CORRECT ANSWER Qubes [Show Less]
FedVTE Mobile and Device Security 25 Questions with Verified Answers Mobile OS vulnerabilities are typically used to perform jailbreaking of devices. - ... [Show More] CORRECT ANSWER True Windows Phone encrypts both apps and user content (e.g. pictures) on the SD card. - CORRECT ANSWER False Which of the following are attacks against Near Field Communications (NFC)? - CORRECT ANSWER All of the above What two components of a Windows Phone ensure integrity of the boot process? - CORRECT ANSWER UEFI & TPM Depending on the class, Bluetooth devices are capable of transmitting up to 1000 feet. - CORRECT ANSWER False Which of the following is not used to transmit data? - CORRECT ANSWER AMPS - Advanced Mobile Phone System Social Media can be of no useful service for businesses. - CORRECT ANSWER False All four of the latest versions of the major mobile operating systems have a remote wipe capability. - CORRECT ANSWER True Which of the following is not a Bluetooth threat? - CORRECT ANSWER Bluejamming Which of the following is not a type of Phishing? - CORRECT ANSWER Blishing - Bluetooth Phishing When analyzing a device image, only a copy of the original should be used. - CORRECT ANSWER True Website usernames and passwords are always encrypted. - CORRECT ANSWER False Ad Hoc networks contain access points and infrastructure networks are peer to peer. - CORRECT ANSWER False Which of the following does not support S/MIME by default? - CORRECT ANSWER Android Security Set Identifiers (SSID)s can be turned off so that all devices will be unable to detect them. - CORRECT ANSWER False What document should provide guidance to employees on use of social media? - CORRECT ANSWER Code of Conduct Windows SmartScreen Filter increases the resolution on Windows Phones. - CORRECT ANSWER False When investigating a mobile device, after determining the device is safe to handle, network connectivity should be disabled to avoid: - CORRECT ANSWER The owner performing a remote wipe What are the design objectives for 4G LTE? - CORRECT ANSWER All of the above Wiped iPhones can still receive iMessages. - CORRECT ANSWER True Which of the following is an encryption standard for 802.11 networks using IEEE 802.1X authentication? - CORRECT ANSWER 802.11i OMB mandates which of the following? - CORRECT ANSWER Encryption of sensitive date on mobile devices Forensic tools typically access device data by taking advantage of a mobile OS vulnerability. - CORRECT ANSWER False Which US carrier primarily used the IDen standard? - CORRECT ANSWER Sprint/Nextel What is "Catfishing"? - CORRECT ANSWER Creating a false or exagerated social media site [Show Less]
FEDVTE Foundations of Incident Management 51 Questions with Verified Answers Political motivations and financial interests are the two most common motiv... [Show More] ations behind current cyber threats. A. True B. False - CORRECT ANSWER A. True Information sharing only aligns with the respond process in incident management activities. A. True B. False - CORRECT ANSWER B. False Sensors are defined only as technical or information systems. A. True B. False - CORRECT ANSWER B. False Eradication consists of short-term, tactical actions. A. True B. False - CORRECT ANSWER B. False Containment strategies may include: A. Rebuilding systems from original media B. Remediating vulnerabilities C. Leaving systems online D. Shutting down a service - CORRECT ANSWER D. Shutting down a service Which of the following is a decision that might need to be made ahead of time as part of the Prepare process? A. When and if forensics evidence will be collected B. When, if, and how law enforcement will be involved C. What systems can be isolated or shutdown D. Who to notify when handling certain incidents E. All of the above F. None of the above - CORRECT ANSWER E. All of the above What are the three impact attributes described in the course material? A. Function, Availability, Impact B. Availability, Information, Confidentiality C. Function, Information, Recoverability D. Recoverability, Externality, Impact - CORRECT ANSWER C. Function, Information, Recoverability Which of the following is NOT a method of conducting operational exercises? A. Table top scenarios B. Virtual simulations C. Vulnerability scanning D. Capture the flag competition - CORRECT ANSWER C. Vulnerability scanning Information sharing protocols include: A. STIX / CAB B. IDGEMF C. OpenSOC D. CRITS - CORRECT ANSWER D. CRITS Which of the following is NOT an approach for institutionalizing an incident management capability? A. National CSIRT B. Network and security operations center (NSOC) C. Red team D. Crisis management team E. Security incident response team - CORRECT ANSWER C. Red team Elements of situational awareness are only technical in nature. A. True B. False - CORRECT ANSWER B. False Which of the following are NOT considered indicators of compromise (IOCs)? A. Domain names B. Virus signatures C. Timestamps D. Registry keys - CORRECT ANSWER C. Timestamps Postmortems can be done after an incident to identify: A. What went right B. What went wrong C. Training needs D. Tools needed E. A and B only F. C and D only G. B and C only H. None of the above I. All of the above - CORRECT ANSWER I. All of the above Incident response only starts once you receive an incident report. A. True B. False - CORRECT ANSWER B. False Recovery strategies may include: A. Isolating the system from the network B. Improving network and host security C. Modifying access controls D. Deleting malware - CORRECT ANSWER B. Improving network and host security Fusion is the correlation and analysis of information collected from an incident report. A. True B. False - CORRECT ANSWER B. False Which of the following resources will facilitate incident management activities? A. A communication plan B. Data classification schema C. Network topologies and baselines D. Points of Contact (POC) lists E. All of the above F. None of the above - CORRECT ANSWER E. All of the above Which of the following is NOT considered a type of analysis? A. Triage B. Situational analysis C. Media analysis D. Mitigation analysis - CORRECT ANSWER B. Situational analysis Which of the following is NOT a response sub-process? A. Planning the response strategy B. Performing malware analysis C. Coordinating response D. Communicating with stakeholders - CORRECT ANSWER B. Performing malware analysis Which of the following staff would NOT be involved in performing incident management functions? A. Human resources (HR) staff B. Public relations (PR) staff C. Internet service providers D. Law enforcement E. Managed service providers F. None of the above G. All of the above - CORRECT ANSWER G. All of the above Three key activities that should be performed throughout all the phases of the incident handling lifecycle are: A. Analysis, detection, and eradication B. Collaboration, containment, and analysis C. Documentation, coordination, and notification D. Communication, collaboration, and containment - CORRECT ANSWER C. Documentation, coordination, and notification Which of the following is true regarding impact analysis and its role in incident management? A. Impact is the sole attribute for assessing risk to an organization B. Impact should always be assessed as a monetary value C. Determining impact and likelihood of an incident assesses the risk a particular situation presents to an organization D. Impact analysis is not important in the context of incident management - CORRECT ANSWER C. Determining impact and likelihood of an incident assesses the risk a particular situation presents to an organization What is a botnet? A. A server controlled by a malicious actor B. A network of computers vulnerable due to poor access controls C. Malicious code infecting an industrial control system D. A collection of compromised computers controlled remotely - CORRECT ANSWER D. A collection of compromised computers controlled remotely Situational awareness should be viewed as a real-time, short-term function. A. True B. False - CORRECT ANSWER A. True If an organization follows key practices for computer network defense it can guarantee that intrusions and other malicious acts will not happen. A. True B. False - CORRECT ANSWER B. False Which of the following are a well-known type of malware? A. Heartbleed B. Shellshock C. Conficker D. Ubuntu - CORRECT ANSWER C. Conficker All of the following are steps organizations should take to respond to incidents with impacts to external actors EXCEPT? A. Organizations should have supply chain plans-of-action ready for when and if an incident impacts their supply chain B. Organizations should create contact information databases in order to contact external actors identified with a potential impact scenario C. Organizations should provide supply chain partners with detailed data on their past and current incident impacts D. Organizations should put in place agreements detailing requirements for supply chain partner notification and responsivity - CORRECT ANSWER C. Organizations should provide supply chain partners with detailed data on their past and current incident impacts Which of the following is NOT considered a sensor? A. A blog B. A motion detector C. An employee resume D. An employee reporting a problem - CORRECT ANSWER C. An employee resume Situational awareness applies to which disciplines? A. Aviation B. Information security C. Self defense D. Emergency response E. All of the above F. None of the above - CORRECT ANSWER E. All of the above Information sharing in the incident management context refers to sharing: A. Threat and mitigation information B. Threat and risk information C. Risk and disaster recovery information D. Business continuity information - CORRECT ANSWER A. Threat and mitigation information Methods for disseminating information may include: A. A. Mailing lists B. B. Blogs C. C. Paper signs D. D. Facebook E. E. A and C only F. F. B and D only G. G. A and B only H. H. None of the above I. I. All of the above - CORRECT ANSWER I. I. All of the above Which statement is true? A. Tactical triage involves determining the business impact B. Strategic triage involves doing a higher level assessment C. Tactical triage requires a good understanding of business drivers D. Strategic triage involves categorizing and assigning reports - CORRECT ANSWER B. Strategic triage involves doing a higher level assessment Response steps do NOT include: A. Containment B. Eradication C. Correlation D. Recovery - CORRECT ANSWER C. Correlation Having a better response process in place enables a higher level of operational resilience. A. True B. False - CORRECT ANSWER A. True Which organization attributes do you NOT need to document in order to properly prepare for an impact assessment? A. Services B. Service criticality C. Legal obligations attributed to services D. Current service availability statistics - CORRECT ANSWER D. Current service availability statistics A data model is an agreed upon form that must be filled out to report an incident: A. True B. False - CORRECT ANSWER B. False Establishing trust is the first step towards creating serious sharing partnerships: A. True B. False - CORRECT ANSWER A. True Which statement is true? A. Incident analysis and media (or forensic) analysis often use the same tools B. Incident analysis and media (or forensic) analysis are equivalent activities C. Incident analysis and media (or forensic) analysis have the same goals D. All incident analysis includes performing media (or forensic) analysis - CORRECT ANSWER A. Incident analysis and media (or forensic) analysis often use the same tools How does amplification modify a denial of service attack? A. Increases the number of network appliances (like firewalls) associated with an attack B. Decreases the frequency of denial of service traffic while increasing the variance C. Modifies target machines in order to more effectively attack the target D. Takes advantage of existing internet infrastructure to greatly increase denial of service traffic - CORRECT ANSWER D. Takes advantage of existing internet infrastructure to greatly increase denial of service traffic The activities within the Triage process include: A. Categorize, coordinate, prioritize, assign B. Identify, categorize, prioritize, assign C. Categorize, correlate, prioritize, assign D. Identify, correlate, categorize, prioritize - CORRECT ANSWER C. Categorize, correlate, prioritize, assign Information to be documented during incident analysis includes: A. Type and results of analysis performed B. Mitigations researched C. Analyst notes related to confidence of information reported D. Who was interviewed concerning the incident E. None of the above F. All of the above - CORRECT ANSWER F. All of the above Threat feeds can come from: A. Vendors B. National CSIRTs C. Sharing communities D. Security organizations E. None of the above F. All of the above - CORRECT ANSWER F. All of the above Incident analysis activities include: A. Diagraming a timeline of activity B. Verifying the integrity of restored data C. Receiving IDS alerts D. Reverse engineering - CORRECT ANSWER A. Diagraming a timeline of activity Which of the following are NOT host-based solutions for detecting or preventing malicious code operations? A. Anti-virus software B. Network boundary firewalls C. Memory management utilities D. Host-based monitoring tools - CORRECT ANSWER B. Network boundary firewalls Fusion analysis is most effective when information is unstructured. A. True B. False - CORRECT ANSWER B. False Others who may be involved in recovery may include: A. Information technology staff B. Database administrators C. Business continuity staff D. System owners E. None of the above F. All of the above - CORRECT ANSWER F. All of the above Swimlanes can be used for the following: A. A. Defining interfaces between organizational components performing incident management B. B. Defining roles and responsibilities for performing incident management C. C. Identifying handoffs of information during incident management D. D. Outlining a workflow for incident management activities E. E. A and B only F. F. A and C only G. G. B and D only H. H. None of the above I. I. All of the above - CORRECT ANSWER I. I. All of the above Which of the following statements are true? A. Incident management and information security are the same activity B. Incident management is part of the information assurance ecosystem C. Incident management is not included in the NICE framework D. Incident management and computer network defense are the same activity - CORRECT ANSWER B. Incident management is part of the information assurance ecosystem Data sources to be collected and reviewed during incident analysis might include: A. A. DNS and whois records B. B. Threat feeds C. C. Application and system logs D. D. Symptoms reported by users E. E. A and C only F. F. B and D only G. G. None of the above H. H. All of the above - CORRECT ANSWER H. H. All of the above Which of these statements is NOT true in relation to the STIX data model? A. Observables describe what has been or might be seen B. Indicators describe instances of specific adversary actions C. Reports describe response actions to be taken D. Courses of actions describe sets of incidents and/or TTPs - CORRECT ANSWER A. Observables describe what has been or might be seen Which of the following are NOT an element of situational awareness? A. Knowledge of potential storms or severe weather B. Knowledge of your competitor?s new products C. Knowledge of the training curriculum for staff D. Knowledge of current security threats and vulnerabilities - CORRECT ANSWER C. Knowledge of the training curriculum for staff [Show Less]
FedVTE CASP Exam 41 Questions with Verified Answers A flaw in an online sporting goods website allows customers to purchase multiple quantities of goods... [Show More] and only be charged the single quantity price. To improve the site, management is demanding that the ecommerce application be tested to insure this flaw is corrected. Which of the following is the BEST combination of tools and or methods to use? - CORRECT ANSWER A. Blackbox testing using outside consultants C. Fuzzer and HTTP interceptor All adverse impacts of a security event can be measured quantitatively? - CORRECT ANSWER False An active\passive cluster of redundant routers and firewalls has been installed in the network edge by your enterprise LAN/WAN engineer. The firewalls are using stateful firewall inspection. Even with the redundant equipment, there are still multiple reports of dropped connections with external clients. Which of the following is MOST likely the cause of this problem? - CORRECT ANSWER TCP sessions are being rejected because they are being handled by asynchronous route paths through the firewalls. Which of the following describes a single sign on implementation? - CORRECT ANSWER A web access load balancer passes the same authentication attributes in a HTTP header to multiple applications. What does the access control term AAA stand for? - CORRECT ANSWER Authentication, Authorization, Accounting A government agency has a major new initiative to virtualize as many servers as possible, due to power and rack space capacity at its two data centers. The agency has prioritized virtualizing older servers first as the hardware is nearing end of life. The two initial migrations include Windows 2000 hosts (domain controllers and front-facing web servers) and open source Linux hosts (front facing web servers). Which of the following should occur based on best practices? - CORRECT ANSWER Each data center should contain separate virtual environments for the web servers and for the domain controllers. Shifting the responsibility for a risk to a third party is which strategy for managing risks? - CORRECT ANSWER Transfer Audit logs can be used to prevent users from performing unauthorized operations. - CORRECT ANSWER False The CISO at a software development company is concerned about weaknesses in the review processes his company has for their major product. Testing was performed in house by a small review team, and the previous projects have been found to have that only limited test cases were used and many of the code paths remained untested. The CISO raised concerns that this product cannot fail in an upcoming large scale deployment. Which of the following will provide the MOST thorough additional testing? - CORRECT ANSWER Run a small pilot test at the customers site before rolling out the complete deployment. Which of the following is the process of determining whether someone or something is who or what it declares itself to be? - CORRECT ANSWER Authentication Which of the following is an incremental update between service packs or versions to fix outstanding issues? - CORRECT ANSWER Maintenance release A new IDS appliance is generating a very large number of events, most of which are not security-related. Select the approach which best resolves this issue. - CORRECT ANSWER Adjust IDS filters that are creating false positives. Which recovery site is fully equipped and is capable of restoring data and configurations within hours? - CORRECT ANSWER B. Hot Site C. Mirrored Site Which of the following is the best choice for ensuring continuous availability? - CORRECT ANSWER Redundancy A retail merchant has had a number of issues in regards to the integrity of sensitive information across all of its customer databases. This has resulted in the merchants share price decreasing in value by more than one third and the merchant has been threatened with losing their ability to process credit card transactions. The new Chief Information Security Officer (CISO) as a result has initiated a program of work to solve the issues. The business has specified that the solution needs to be enterprise grade and meet the following requirements: Work across all major platforms, applications and infrastructure; Tracks activity of all users, including administrators; Operates without negatively impacting the performance of production platforms, applications, and infrastructures; Provides real-time incident reporting; Displays incidents in a dashboard view for easy recognition; Includes a report generator where business units are able to query against companys system assets. In order to solve this problem, which of the following security solutions will BEST meet the above requirements? (Select TWO). - CORRECT ANSWER A. Implement a security operations center to provide in depth analysis and incident response with periodic reporting capability. B. Implement an enterprise-based SIEM solution to process the logs of the major platforms, applications, and infrastructure. C. Implement a security operations center for real time monitoring and incident response and an event correlation dashboard with self service reporting capability. D. Ensure the NOC provides real time monitoring and incident response and an event correlation dashboard with self service reporting capabilities. E. Implement an agent only based SIEM solution to be deployed on all major platforms, applications, and infrastructures. F. Manually pull the logs from the major platforms, applications, and infrastructures to a central analysis center. C & E is wrong A medical group is converting to cloud computing to improve delivery times for IT solution adoption. The accounting department has made a case for replacing the existing banking platform for credit card processing with a newer offering. It is the security departments responsibility to evaluate whether the new credit card processing platform can be hosted within a cloud environment. Which of the following BEST balances the security risk and IT drivers for cloud computing? - CORRECT ANSWER There may be regulatory restrictions with credit cards being processed out of country or processed by shared hosting providers. A private cloud within the company should be considered. An decision paper should be written to outline the risks, advantages and disadvantages of the options. A contractor is hired to assist in the development of a new application. Which of the following would you use to ensure the contractor does not share information about the project they worked on outside of the company? - CORRECT ANSWER Non-Disclosure Agreement, NDA A companys security policy states that its internally developed proprietary Internet facing software must be resistant to web application attacks. Which of the following methods provides the MOST protection against unauthorized access to stored database information? - CORRECT ANSWER Require all developers to follow secure coding practices. A Security Manager is selecting web conferencing systems for internal use. The system will only be used for internal employee collaboration. Which of the following should be the priority issues for the security manager? (Select THREE). - CORRECT ANSWER Security of data storage System availability User authentication strategy The CISO regularly receives reports of a department repeatedly violating the corporate security policy. The head of the department informs the CISO that the offending behaviors are a result of necessary business activities. The CISO assigns a security administrator to find a solution for the issue. Which of the following is the BEST course of action for the security administrator to take? - CORRECT ANSWER Draft an MOU for the department head and CISO to approve, documenting the limits of the necessary behaviour, and actions to be taken by both teams. An electrical utility has employed a consultant to perform a controls assessment of the personnel system, backend business operations, and the SCADA system used in their facility. Which of the following correctly states the risk management options that the consultant should use during the assessment? - CORRECT ANSWER B. Avoid, transfer, mitigate, and accept. D. Calculate risk by determining technical likelihood and potential business impact. A company has implemented data retention policies and storage quotas in response to their legal departments requests and the SAN administrators recommendation. The retention policy states all email data older than 120 days should be eliminated. As there are no technical controls in place, users have been instructed to stick to a storage quota of 750Mb of network storage and 500Mb of email storage. After being presented with an ediscovery request from an opposing legal council, the security administrator discovers that the user in the suit has 1Tb of files and 800Mb of email spanning over two years. Which of the following should the security administrator provide to opposing council? - CORRECT ANSWER Provide all available data regardless of age. The internal audit department is investigating a possible accounting breach. One of the auditors is sent to interview the following employees: Employee A works in the accounts receivable office and is in charge of entering data into the finance system; Employee B works in the accounts payable office and is in charge of approving purchase orders; Employee C is the manager of the finance department, supervises Employee A and Employee B, and can perform the functions of both Employee A and Employee B. Which of the following should the auditor suggest be done to avoid future security breaches? - CORRECT ANSWER The manager should only be able to review the data and approve purchase orders. An intrusion detection system logged an attack attempt from a remote IP address. One week later, the attacker successfully compromised the network. Which of the following MOST likely occurred? - CORRECT ANSWER No one was reviewing the IDS event logs. A large enterprise introduced a new firewall into the Internet facing POP. All Internet traffic passes through this appliance. Four hours after implementation the network engineering team discovered that traffic through the POP now has unacceptable latency, and is recommending that the new firewall be taken offline. At what point in the implementation process should this problem have been discovered? - CORRECT ANSWER When testing the appliance New zero day attacks are being discovered on a regular basis against a broad range of IT systems. Which of the following best practices should a security manager do to manage the risks being faced through these attack vectors? (Select TWO). - CORRECT ANSWER A. Establish an emergency response call tree. B. Create an inventory of applications. C. Backup the router and firewall configurations. D. Maintain a list of critical systems. E. Update all network diagrams. C & D is wrong B & C is wrong The firms CISO has been working with the Purchasing and the Project Management Office on soliciting bids for a series of HIDS and NIDS products for a major installation in the firms new Hong Kong office. After reviewing RFQs received from three vendors, the company has not gained any real data regarding the specifications about any of the solutions and want that data before the procurement continues. Which of the following will the CISO do at this point to get back on track in this procurement process? - CORRECT ANSWER Contact the three submitting vendor firms and have them submit supporting RFIs to provide more detailed information about their product solutions. Which of the following network filtering devices will rely on signature updates to be effective? - CORRECT ANSWER NIDS The lead systems architect on a software development project developed a design which is optimized for a distributed computing environment. The security architect assigned to the project has concerns about the integrity of the system if it is deployed in a commercial cloud. The security architects concerns have not been addressed by the systems architect. A network engineer on the project has a security background and is also concerned about the overall success of the project. Which of the following is the BEST course of action for the network engineer to take? - CORRECT ANSWER Document mitigations to the security issues and arrange a meeting between the architects and the project manager. Which of the following is a true statement concerning NIDS? - CORRECT ANSWER A NIDS monitors and analyses network traffic for possible intrusions. Which of the following protocols is used to ensure secure transmissions on port 443? - CORRECT ANSWER HTTPS A Physical Security Manager is ready to replace 30 analog surveillance cameras with IP cameras with built in web management. There are several security guard desks on different networks that must be able to view the cameras without unauthorized people viewing the video as well. The selected IP camera vendor does not have the ability to authenticate users at the camera level. Which of the following should be used to BEST secure this environment? - CORRECT ANSWER Create an IP camera network and deploy a proxy to authenticate users prior to accessing the cameras. A device is being selected by an administrator to secure an internal network segment from external traffic. Which of the following devices could be selected to provide security to the network segment? - CORRECT ANSWER NIPS Administrators should always investigate or refer to which of the following to block the use of previously issued PKI credentials that have expired or otherwise become invalid? - CORRECT ANSWER CRL Which of the following BEST explains SAML? - CORRECT ANSWER A security attestation model built on XML and SOAP based services, which allows for the exchange of AandA data between systems and supports Federated Identity Management. Which of the following must be used when setting up a DMZ? - CORRECT ANSWER B. NIDS D. Honeypot Which of the following is an example of the security mitigation technique of changing roles every couple of months? - CORRECT ANSWER Job rotation A new company requirement mandates the implementation of multi factor authentication to access network resources. The security administrator was asked to research and implement the most cost effective solution that would allow for the authentication of both hardware and users. The company wants to leverage the PKI infrastructure which is already well established. Which of the following solutions should the security administrator implement? - CORRECT ANSWER Issue individual private and public key pairs to each user, install the public key on the central authentication system, and require each user to install the private key on their computer and protect it with a password. Virtualized applications such as virtualized browsers are capable of protecting the underlying operating system from which of the following? - CORRECT ANSWER Malware installation from the Internet site of a suspect A design flaw in a new application was discovered by a software manufacturer. Company management decided to continue manufacturing the product with the flaw rather than recalling the software. Which of the following risk management strategies was adopted? - CORRECT ANSWER Risk acceptance About twice a year a switch fails in a company's network centre. Under the maintenance contract, the switch would be replaced in two hours losing the business 60K per hour. The cost of a spare switch is 180K with a 12 hour delivery time and would eliminate downtime costs if purchased ahead of time. The maintenance contract is 90K per year. Which of the following is true in this scenario? - CORRECT ANSWER A. It is more cost effective to eliminate the maintenance contract and purchase a replacement upon failure. D. It is more cost effective to purchase a spare switch prior to an outage and keep the maintenance contract. [Show Less]
Comp TIA Security+ | FedVTE 64 Questions with Verified Answers Which of the following should risk assessments be based upon as a best practice? A q... [Show More] uantitative measurement of risk and impact and asset value An absolute measurement of threats A qualitative measurement of risk and impact A survey of annual loss and potential threats and asset value - CORRECT ANSWER A quantitative measurement of risk and impact and asset value Which of the following will not reduce EMI? Humidity control Physical shielding Overhauling worn motors Physical location - CORRECT ANSWER Humidity control Which of the following mobile deployment models is the most security minded, where the organization purchases the device and personal use is prohibited? Corporate owned, personally enabled Choose your own device Corporate owned Bring your own, corporate managed - CORRECT ANSWER Corporate owned Which of the following is an example of restricting access to files based on the identity of the user or group? Mandatory Access Control Discretionary Access Control Certificate Revocation List Public Key Infrastructure - CORRECT ANSWER Discretionary Access Control The primary purpose of a load balancer is to: Perform packet filtering Block blacklisted content or web pages for a firewall Expand servers and resources when needed Capture packets for monitoring and analyzing - CORRECT ANSWER Expand servers and resources when needed A conceptual framework that describes the functions of a networking or telecommunication system - CORRECT ANSWER Open Systems Interconnection (OSI) model At which OSI model layer does the encryption and decryption of data for secure transmission occur? - CORRECT ANSWER Layer 6 - Presentation Layer Which layer of the TCP/IP model is equivalent to the Session, Presentation, and Application layers of the OSI model? Physical Network Transport Application - CORRECT ANSWER D. Application The MOST secured hashing algorithm is which of the following? CHAP MD5 SHA 1 LANMAN - CORRECT ANSWER MD5 Which of the following is NOT a Bluetooth threat? Bluejacking Smurf attack Discovery mode Bluesnarfing - CORRECT ANSWER Smurf attack The company policy for availability requires full backups on Sunday and incremental backups each week night at 10 p.m. The file server crashes on Thursday afternoon. How many tapes will the technician need to restore the data on the file server for Friday morning? Four Three Two One - CORRECT ANSWER Four Which of the following creates separate logical networks? Subnetting NAC NAT DMZ - CORRECT ANSWER Subnetting Which of the following describes a tool used by organizations to verify whether or not a staff member has been participating in malicious activity? Implicit deny Time of day restrictions Mandatory vacations Implicit allow - CORRECT ANSWER Mandatory vacations A new wireless network is being implemented by a technician for an organization. All of the following wireless vulnerabilities should be considered by the technician EXCEPT: Weak encryption Rogue access points SSID broadcasts 802.11 mode - CORRECT ANSWER 802.11 mode Which of the following roles is responsible for implementing security controls for access, storage, and transmission of data? Data owner Data steward Data custodian Data technician - CORRECT ANSWER Data custodian A technique utilized by hackers to identify unsecured wireless network locations to other hackers is which of the following? War chalking Bluesnarfing War driving War dialing - CORRECT ANSWER War chalking With Virtual Desktop Infrastructure, VDI, application deployment model, user applications and data are stored: On a VM installed on the physical device On a remote server In the user's iCloud account On the user's desktop workstation - CORRECT ANSWER On a remote server Which type of intrusion detection may terminate processes or redirect traffic upon detection of a possible intrusion? Active Passive Adaptive Redirective - CORRECT ANSWER Active Which of the following is responsible for the amount of residual risk? The security officer of an organization The DRP coordinator Senior management The security technician - CORRECT ANSWER Senior management Someone that is dumpster diving would be MOST interested in which of the following? List of expired usernames Receipts from the supply store User education manual Business card of computer contractor - CORRECT ANSWER Business card of computer contractor Which of the following is described as a practice where a variety of tools and applications are used to automatically detect, and alert, to suspected security concerns? Continuous monitoring Automated monitoring Continuous validation Secure automation - CORRECT ANSWER Continuous monitoring A design flaw in a new application was discovered by a software manufacturer. Company management decided to continue manufacturing the product with the flaw rather than recalling the software. Which of the following risk management strategies was adopted? Risk acceptance Risk mitigation Risk transfer Risk avoidance - CORRECT ANSWER Risk acceptance Which of the following is a reason to use a Faraday cage? To mitigate data emanation To find rogue access points To allow wireless usage To minimize weak encryption - CORRECT ANSWER To mitigate data emanation A possible security risk associated with mobile devices is which of the following? Bluesnarfing Domain kiting Cross site scripting Input validation - CORRECT ANSWER Bluesnarfing New weapon research and development programs would MOST likely be classified as: Top Secret Confidential For Official Use Only Internal - CORRECT ANSWER Top Secret An area of the network infrastructure that allows a technician to place public facing systems into it without compromising the entire infrastructure is which of the following? DMZ NAT VPN VLAN - CORRECT ANSWER DMZ When would it be appropriate to use time of day restrictions on an account? As an added security measure when employees work set schedules To eliminate attack attempts of the network during peak hours In order to ensure false positives are not received during baseline testing To ensure the DMZ is not overloaded during server maintenance - CORRECT ANSWER As an added security measure when employees work set schedules Which of the following is a true statement concerning NIDS? A NIDS prevents certain types of traffic from entering a network. A NIDS is installed on the proxy server. A NIDS monitors and analyzes network traffic for possible intrusions. A NIDS is normally installed on the email server. - CORRECT ANSWER A NIDS monitors and analyzes network traffic for possible intrusions. Which of the following mobile device deployment models permits users to choose the device that the organization will purchase for them? VDI BYOD CYOD COPE - CORRECT ANSWER CYOD The IP address and MAC address of a rogue device within the local network might best be revealed by which of the following logs? Antivirus Security DHCP DNS - CORRECT ANSWER C. DHCP Which of the following provides the MOST comprehensive redundancy with the least amount of downtime for an entire site? Mobile site Hot site Cold site Warm site - CORRECT ANSWER Hot site Implementing screen filters would reduce which of the following risks? Phishing Man in the middle attacks Shoulder surfing Replay attacks - CORRECT ANSWER Shoulder surfing Which of the following encryption algorithms relies on the inability to factor large prime numbers? SHA 1 Elliptic curve AES256 RSA - CORRECT ANSWER RSA Which of the following is a vulnerability scanner? L0phtCrack SolarWinds AirSnort Microsoft Baseline Security Analyzer - CORRECT ANSWER Microsoft Baseline Security Analyzer Which of the following lists the software development phases in the correct order? Development, Staging, Testing, Production Production, Testing, Deployment, Staging Development, Testing, Production, Staging Development, Testing, Staging, Production - CORRECT ANSWER Development, Testing, Staging, Production Which of the following ID a detailed collection of technical controls and requirements to accomplish the security objectives of an organization? Network Flowchart Reference Guides Reference Architecture Network Architecture - CORRECT ANSWER Reference Architecture If an organization wants to ensure the demand for services is accommodated, and builds in the ability to provision or de-provision resources as needed to support those services, it has employed the concept of: Scalability Continuous monitoring Fault tolerance On-demand assets - CORRECT ANSWER Scalability Which of the following contains hardware systems similar to the affected organization but does not host live data? Uninterruptible Power Supply Warm site Cold site Hot site - CORRECT ANSWER Warm site An attacker can implant a rootkit into a picture by which of the following? Virus Steganography Worm Trojan Horse - CORRECT ANSWER Steganography Which of the following would explain the difference between a public key and a private key? The private key is commonly used in symmetric key decryption while the public key is used in asymmetric key decryption. The private key is only used by the client and kept secret while the public key is available to all. The private key only decrypts the data while the public key only encrypts the data. Both keys are mathematically related. The public key is only used by the client while the private key is available to all. Both keys are mathematically related. - CORRECT ANSWER The private key is only used by the client and kept secret while the public key is available to all. A risk management concept where operations resume at some capacity, despite the presence of a failure, is known as: Capacity building Risk adverse Risk redundancy Fault tolerance - CORRECT ANSWER Fault tolerance Which of the following attacks is MOST likely the cause when a user attempts to go to a website and notices the URL has changed? DNS poisoning DLL injection ARP poisoning DDoS attack - CORRECT ANSWER DNS poisoning Which of the following is an example of the security mitigation technique of changing roles every couple of months? Least privilege Separation of duties Job rotation Mandatory vacations - CORRECT ANSWER Job rotation Which of the following could adversely impact an entire network if it were unavailable when using single sign-on? Web server Authentication server Biometrics Workstation - CORRECT ANSWER Authentication server The antivirus software on a server repeatedly flags an approved application that the HR department has installed on their local computers as a threat. This is an example of: True positive False negative True negative False positive - CORRECT ANSWER False positive Administrators should always investigate or refer to which of the following to block the use of previously issued PKI credentials that have expired or otherwise become invalid? CA PKI Escrow CRL - CORRECT ANSWER CRL The cloud computing delivery model that is owned, managed and operated by the organization is: Community Organizational Private Public - CORRECT ANSWER Private A technique utilized by hackers to identify unsecured wireless network locations to other hackers is which of the following? War chalking Bluesnarfing War driving War dialing - CORRECT ANSWER War chalking Which of the following is described as a high-level blueprint outlining accepted practices to help build sound policies and procedures for an organization? Reference Architecture Reference Topology Standards Architecture Standards Framework - CORRECT ANSWER Standards Framework Which of the following encryption algorithms relies on the inability to factor large prime numbers? SHA 1 Elliptic curve AES256 RSA - CORRECT ANSWER RSA Which of the following tools can be used to confirm that multiple PCs are infected with a zombie? Recovery agent Antivirus Port scan Spyware - CORRECT ANSWER Antivirus Which procedure should be done first if a remote attack on a system is detected by a technician? Follow the incident management procedure in place Disconnect the system from the network Contain the attack Respond to the attacker - CORRECT ANSWER Follow the incident management procedure in place The marketing staff wants to supply pens with attached USB drives to clients. In the past this client has been victimized by social engineering attacks that led to a loss of sensitive data. The security administrator instructs the marketing staff not to supply the USB pens due to which of the following? The cost associated with distributing a large volume of the USB pens The security costs associated with securing the USB drives over time The security risks associated with combining USB drives and cell phones on a network The risks associated with the large capacity of USB drives and their concealable nature - CORRECT ANSWER The risks associated with the large capacity of USB drives and their concealable nature Which of the following describes when the claimed identity of a user is validated? Verification Validation Authentication Identification - CORRECT ANSWER Authentication Which of the following would you use to provide partners access to services without granting access to an organizations entire network? Internet Intranet Extranet Externalnet - CORRECT ANSWER Extranet As a DMZ is a publicly accessible network containing servers with public information, strong security and monitoring are not required. True False - CORRECT ANSWER False Which of the following labels describes information that does not have access restrictions? Public Nonclassified Unclassified All of the above None of the above - CORRECT ANSWER D. All of the above Which of the following attacks would allow an attacker to capture HTTP requests and send back a spoofed page? TCPIP hijacking Replay Phishing Teardrop - CORRECT ANSWER TCPIP hijacking Which of the following is the MOST proficient for encrypting large amounts of data? ECC algorithms Hashing algorithms Symmetric key algorithms Asymmetric key algorithms - CORRECT ANSWER Symmetric key algorithms Which of the following is a common correlation engine that aggregates logs and events from multiple devices on a network into one system? SIM Firewall IDS SIEM - CORRECT ANSWER SIEM (Security Information and Event Management) Which of the following intrusion detection systems uses statistical analysis to detect intrusions? Knowledge Signature Honeynet Anomaly - CORRECT ANSWER Anomaly Which of the following must be used when setting up a DMZ? Router NIDS Proxy Honeypot - CORRECT ANSWER Router Which of the following would be a best practice to prevent users from being vulnerable to social engineering? Provide thorough and frequent user awareness training Provide a service level agreement that addresses social engineering issues Have a solid acceptable use policy in place with a click through banner Have users sign both the acceptable use policy and security based HR policy - CORRECT ANSWER Provide thorough and frequent user awareness training The MOST difficult security concern to detect when contractors enter a secured facility is which of the following? Removing network attached storage Rogue access points being installed Removing mass storage iSCSI drives Copying sensitive information with cellular phones - CORRECT ANSWER Copying sensitive information with cellular phones [Show Less]
FedVTE Cisco CCNA Security Self-Study Prep 33 Questions with Verified Answers Ensuring that several individuals are able to perform a specific function ... [Show More] in order to have oversight and eliminate single points of failure, is which of the following Operations Security principles? - CORRECT ANSWER C. Rotation of duties A standard ACL: - CORRECT ANSWER C. Identifies the source network to be blocked Which form of risk analysis uses a mathematical model that assigns a monetary figure? - CORRECT ANSWER B. Quantitative Enabling SSH on a router requires all of the following except: - CORRECT ANSWER D. Installing a PuTTY client The RADIUS protocol hides passwords during transmission but the rest of the packet is sent in plaintext. - CORRECT ANSWER TRUE Signatures attributes have all the following attributes EXCEPT: - CORRECT ANSWER D. Exceptions A stateful firewall: - CORRECT ANSWER C. Monitors outbound traffic and permits only reply traffic that properly matches the outbound traffic Ensuring that several individuals are able to perform a specific function in order to have oversight and eliminate single points of failure, is which of the following Operations Security principles? - CORRECT ANSWER C. Rotation of duties ACLs have a policy of which of the following? - CORRECT ANSWER A. first match IOS 12.3 and later, passwords can be: - CORRECT ANSWER C. 0 to 16 characters in length Which VPN listed below DOES NOT encrypt traffic: - CORRECT ANSWER D. All of the following are best practices when configuring router login banner messages EXCEPT: - CORRECT ANSWER C. Use the word "welcome" Enabling SSH on a router requires all of the following except - CORRECT ANSWER D. Installing a PuTTY client Granting a user access to a requested service only if the information in the user profile allows it, is an example of what? - CORRECT ANSWER B. Authorization Enabling PortFast on a switchport: - CORRECT ANSWER B. Disables Spanning Tree on the switchport Symmetric encryption has all the following advantages EXCEPT: - CORRECT ANSWER A. Simplified key distribution Cisco Port Security action options include all the following EXCEPT: - CORRECT ANSWER A. A packet-filtering firewall typically can filter up to which layer, while a stateful firewall can filter up to: - CORRECT ANSWER B. transport, session PKI is a framework that supports: - CORRECT ANSWER A. Symmetric key distribution A Virtual Private Network provides the same network connectivity for remote users over a public infrastructure as they would have over a private network. - CORRECT ANSWER A. True Cisco ACS is a single solution that offers AAA services using: - CORRECT ANSWER C. TACACS+ or RADIUS IPSec VPNs are the preferred method for: - CORRECT ANSWER B. Site-to-Site VPN connections In comparing RADIUS servers and TACACS+ servers, - CORRECT ANSWER C. TACACS+ servers can list authorized router commands per user or per group When using Cisco IOS global command to enforce minimum password length, it applies to all new and existing router passwords. - CORRECT ANSWER B. False Which of the following Cisco IOS commands would be utilized to enforce minimum password length? - CORRECT ANSWER C. security passwords min-length The Cisco autosecure feature is used to: - CORRECT ANSWER B. Lock down routers It is a best practice to place general ACL statements higher in the ACL and more specific statements near the end. - CORRECT ANSWER B. False All Cisco ACLs end with which implicit statement? - CORRECT ANSWER "B. deny all " Once a user has authenticated, authorization services: - CORRECT ANSWER A. determine which resources the user can access The ACL is processed top-down based on the sequence numbers of the statements - CORRECT ANSWER A. lowest to highest Which VPN listed below DOES NOT encrypt traffic: - CORRECT ANSWER D. MPLS VPNs Cisco AAA is: - CORRECT ANSWER B. Able to connect to many RADIUS servers, but not always on Cisco UDP ports 1812 and 1813 Modular Policy Framework (MPF), defines a set of rules for applying firewall features and allows granular classification of traffic flows. - CORRECT ANSWER A. True [Show Less]
FedVTE Windows Operating System Security 50 Questions with Verified Answers Which value in the PowerShell "execution policy" allows loading of all confi... [Show More] guration files and scripts? - CORRECT ANSWER Unrestricted Which Active Directory Certificate Service (AD CS) server role allows routers and other network devices that do not have a domain account to obtain certificates? - CORRECT ANSWER B. Online Responder D. Network Device Enrollment Service Which key command in PowerShell shows an objects methods and properties? - CORRECT ANSWER All of the above Which one of the following steps is not part of securing the Microsoft patch process? - CORRECT ANSWER Apply patches while on the road Of the following methods which one is a tool that centrally manages and configures Windows operating systems and applications and user settings? - CORRECT ANSWER Group Policy In which one of the Social Engineering stages would you establish credibility? - CORRECT ANSWER Relationship Development Microsoft Security Configuration Wizard is a management tool that is based upon machine roles such as a file server a print server a domain controller etc. - CORRECT ANSWER True Which option is best for a server to connect to a network? - CORRECT ANSWER Wired Authenticode is a means of code signing that allows users to verify the source and author of the signed software. - CORRECT ANSWER False Which type of permissions are created by default on non child objects or based by user assignment? - CORRECT ANSWER Explicit Which one of the following could be categorized as a misconfiguration? - CORRECT ANSWER All of the above Which one of the following is a Windows Firewall advantage? - CORRECT ANSWER B. Provides a very granular customization of applications C. Can be configured with Netsh or PowerShell What are the four service startup types? - CORRECT ANSWER Manual; Automatic; Automatic (Delayed); Disabled Which method can start PowerShell in Windows 8? - CORRECT ANSWER Charm > Search > type PowerShell > click Windows PowerShell The Windows Security Configuration Wizard can be used to configure the Windows Firewall with advanced security support. - CORRECT ANSWER True Many current network security tools such as Firewalls and Intrusion Detection Systems and Intrusion Prevention Systems are not 100% compatible with IPv6. - CORRECT ANSWER True Which one of the following creates and manages and exports (for deployment) security policies across multiple Windows operating systems roles and Microsoft applications? - CORRECT ANSWER Microsoft Security Compliance Manager In a Hardening Process which method uses plaintext files containing software and driver installation configuration settings? - CORRECT ANSWER A. Security Templates D. Group Policy Security Templates provide a standardized way to organize and express and measure security related information. - CORRECT ANSWER False Network Access Protection (NAP) is a Windows feature that provides which one of the following? - CORRECT ANSWER Automatic Remediation Which two of the following categories of monitoring are in the Action Center formerly known as the Windows Security Center? - CORRECT ANSWER Security and Maintenance In a Kerberos Authentication process which one of the following sends a Ticket Granting Ticket secret key and a session key as a function? - CORRECT ANSWER AS_RESPONSE User Account Control (UAC) was introduced in Windows XP and Server 2003. - CORRECT ANSWER False Which Internet Protocol Security (IPsec) protocol provides confidentiality by encrypting data? - CORRECT ANSWER Encapsulating Security Payload (ESP) CVE is short for Critical Vulnerabilities and Exploits. - CORRECT ANSWER False During which step of Microsofts recommended Update Management Process would an update be tested? - CORRECT ANSWER Evaluate and Plan Which description best defines a Hotfix? - CORRECT ANSWER An update to fix a very specific issue In which multi tasking mode can an operating system take control of the processor without consent from the task? - CORRECT ANSWER Preemptive multi-tasking A Virtual Private Network allows two systems to connect over a public network and have the assurance of which of the following? - CORRECT ANSWER All of the above Which one of the following default rights can be performed by a member of the Windows User Group? - CORRECT ANSWER Increase a process working set Which vulnerability allows remote attackers to execute arbitrary code via a crafted TrueType Font (TTF) file? - CORRECT ANSWER Kernel Mode Driver - CVE-2012-4786 An API is a set of functions that an application can call to allow the application to operate within Windows. - CORRECT ANSWER True Which one of the following is a benefit of Dynamic Access Control? - CORRECT ANSWER All of the above Which built-in Windows security feature prevents users from loading unauthorized and unapproved applications? - CORRECT ANSWER Windows AppLocker Which Dynamic Access Control capability allows for "safety net" policies? - CORRECT ANSWER Centralize Access Policies PowerShell is built on top of the .Net CRL and .Net Framework. - CORRECT ANSWER True Which method scans systems to identify common security misconfigurations and missing security updates? - CORRECT ANSWER Microsoft Baseline Security Analyzer In the Windows Registry what is a collection of discrete files called? - CORRECT ANSWER Hives A logical Patch Management process is a one-time process that businesses should establish to ensure success. - CORRECT ANSWER False Which Network Access Protection (NAP) client collects and maintains a system health status? - CORRECT ANSWER NAP Agent Which solution is best to avoid downloading an untrusted patch? - CORRECT ANSWER All of the above Which one of the following can be audited using the Windows Security Auditing feature? - CORRECT ANSWER All of the above Which one of the following can be managed through group policies (GPO)? - CORRECT ANSWER All of the above Which one of the following DLL file handles the memory management? - CORRECT ANSWER Kernel32.dll Which one of the following is required for Windows BitLocker configuration? - CORRECT ANSWER Trusted Platform Module (TPM) Which type of attacker has actions that are considered noble by the attacker but could cause more harm than good? - CORRECT ANSWER Gray Hat In a PowerShell environment the WhatIf parameter allows PowerShell users to test the command before actually executing. - CORRECT ANSWER True Which one of the following is a cmdlet that is used to gather computer information? - CORRECT ANSWER Get-WmiObject Which execution mode has unrestricted access to the underlying hardware? - CORRECT ANSWER Kernel Windows Defender was formerly known as Microsoft Anti-Spyware. - CORRECT ANSWER True [Show Less]
FedVTE Cyber Risk Management for Technicians 25 Questions with Verified Answers In order to automate host characteristic monitoring you can compare base... [Show More] lines and snapshots with syslog. - CORRECT ANSWER False The following should be taken into account when accepting the residual risk inherent in the project. - CORRECT ANSWER All of the above What is the high water mark for an information system? - CORRECT ANSWER Highest Potential Impact value assigned to each Security Objective (AIC) for all Security Categories resident on the system and the overall classification of the system. Which of the following describes NetScan Tools Pro? - CORRECT ANSWER D. A collection of Internet information gathering and network troubleshooting utilities FIPS 200 is: - CORRECT ANSWER A short document that describes the minimum security requirements for information and information systems Which risk comes from a failure of the controls to properly mitigate risk? - CORRECT ANSWER C. Control Risk Open Source Security (OSSEC) is what? - CORRECT ANSWER A host based security system that monitors for changes What tool would be best to automatically detect your network and construct a complete and easy to view network map? - CORRECT ANSWER LANsurveyor Which NIST special publication is a guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach? - CORRECT ANSWER NIST SP 800 37 Which of the following is a part of the Examine Method? - CORRECT ANSWER Inspecting the physical security measures If the cost of controls exceeds the benefit the organization may choose to accept the risk instead. - CORRECT ANSWER True Which of the following families of controls belongs to the technical class of controls? - CORRECT ANSWER Identification and Authentication Which tier of Risk Management is associated with Enterprise Architecture? - CORRECT ANSWER Tier 2 Mission (Business Process) In NIST SP 800 53 the security control structure consists of all the following components except for: - CORRECT ANSWER All of these are in the security control structure: - Priority and baseline allocation - Supplemental guidance - Control enhancements Kismet is different from a normal network sniffer such as Wireshark or tcpdump because it separates and identifies different wireless networks in the area. - CORRECT ANSWER True What is the order of the Change Control Process? - CORRECT ANSWER B. Request : Impact Assessment : Approval : Build and or Test : Implement The threat source is highly motivated and sufficiently capable and controls to prevent the vulnerability from being exercised are ineffective. Which likelihood rating does this describe? - CORRECT ANSWER High Which of the following is not part of the process for assessing security controls according to NIST SP 800 53A 1? - CORRECT ANSWER A. Study Which step of a risk assessment uses the history of system attacks? - CORRECT ANSWER Step 2: Threat Identification In risk management people and information and technology are examples of? - CORRECT ANSWER Assets What type of analysis involves using scales to suit circumstances and allows for quick identification of potential risks as well as vulnerable assets and resources? - CORRECT ANSWER C. Qualitative Analysis NIST SP 800 30 defines risk as a function of the likelihood of a given threat source exercising a particular potential vulnerability and the resulting impact of that adverse event on the organization. - CORRECT ANSWER True One strategy for determining the proper level of acceptable risk is to: - CORRECT ANSWER Determine a point where cost of mitigation is less than cost of loss Which OCTAVE process involves collecting information about important assets and security requirements and threats and current organizational strengths and vulnerabilities from managers of selected operational areas? - CORRECT ANSWER Identify Operational Area Knowledge Which of the following is a step in detecting and analysing host changes? - CORRECT ANSWER All of the above : - Create a current snapshot of your host - Create a baseline of your host - Compare your snapshot to your baseline [Show Less]
FedVTE Cyber Security Overview for Managers 25 Questions with Verified Answers An insurance plan is what type of mitigation strategy? - CORRECT ANSWER T... [Show More] ransfer Risk Which of the following is not a reason why a backdoor may exist? - CORRECT ANSWER Attempts to interfere with the ability of a provider to keep services available What is the act of hiding messages in existing data called? - CORRECT ANSWER Steganography Which of the following addresses risk from a mission and business process perspective? - CORRECT ANSWER Tier 2 Which of the following provides procedures and guidance to sustain an organization's essential functions at an alternate site for up to 30 days? - CORRECT ANSWER Continuity of Operations Plan Which of the following is the correct order of the security life cycle? - CORRECT ANSWER Categorize Select Implement Assess Authorize Monitor Which of the following serves as an effective communications channel and provides an ongoing basis for ensuring the alignment of the security program with business objectives? - CORRECT ANSWER Steering committee Which of the following includes personnel and systems to perform health monitoring and management? - CORRECT ANSWER NOC Which of the following detects attacks but does not take action against the attack? - CORRECT ANSWER IDS Which of the following backup concepts includes everything since the last full backup and does NOT reset the archive attribute? - CORRECT ANSWER Differential When a compromised system is identified, it is a best practice to turn off the system immediately. - CORRECT ANSWER False Which one of the following is a type of malware that collects personal information about users without their knowledge? - CORRECT ANSWER Spyware Which major mobile device platform is open source software? - CORRECT ANSWER Google Android Which of the following characteristics applies to Information Technology Security? - CORRECT ANSWER Focuses on the security of information within the boundaries of the technological domain. The requirement that officers and others executives with fiduciary responsibilities meet certain requirements to protect the company's assets is known as Due Diligence. - CORRECT ANSWER False Which of the following sites is immediately available because systems and software and data are current copies? - CORRECT ANSWER Mirrored site Which of the following is not a mitigation strategy? - CORRECT ANSWER None of the above Which characteristic best describes the malware category "Downloaders"? - CORRECT ANSWER Targets web application vulnerabilities. Which of the following software licenses is free for use, retains copyrights, and usually includes an end-user license agreement? - CORRECT ANSWER Freeware Which of the following describes Aggregate Risk? - CORRECT ANSWER Exists when a particular threat affects a large number of minor vulnerabilities that combined have a significant impact. Attack scripts are used to install Trojans adware and other malware. - CORRECT ANSWER False RTO is the average length of time required to perform repairs on a device. - CORRECT ANSWER False Which of the following IS Governance Goals describes using information security knowledge and infrastructure efficiently and effectively to ensure captured knowledge is available? - CORRECT ANSWER Resource Management Which of the following is included in disaster recovery plans? - CORRECT ANSWER All of the above DoS attacks usually target chokepoints or single points of failure within the network. - CORRECT ANSWER True [Show Less]
Critical Infrastructure Protection - Final Test FedVTE Course 2022 Critical Infrastructure 10: Infrastructure refers to the underlying structure that a... [Show More] llow a society to function. - CORRECT ANSWER A. True Critical Infrastructure 20: Which of the following are examples of critical infrastructure? - CORRECT ANSWER C. Power plants, dams, water supply, bridges, etc. Critical Infrastructure 30: Which of the following is the lead agency for coordinating cyber incident protection, prevention, mitigation, and recovery? - CORRECT ANSWER A. Department of Homeland Security Cybersecurity 10: To various degrees, all critical infrastructure sectors depend on information technology. - CORRECT ANSWER A. True Cybersecurity 20: Which of the following is an example of cybersecurity measures? - CORRECT ANSWER D. All of the above Cybersecurity 30: The computers controlling major U.S. industry operations were threatened over ____ times during the course of a recent year. - CORRECT ANSWER D. 200 Security and Resilience 10: Which document "advances a national unity of effort to strengthen and maintain secure, functioning, and resilient critical infrastructure"? - CORRECT ANSWER B. Presidential Policy Directive 21 Security and Resilience 20: The 2013 National Infrastructure Protection Plan has a greater focus on critical infrastructure owners and operators take responsibility for their own cybersecurity. - CORRECT ANSWER B. False Security and Resilience 30: Under PPD 21, which agency was charged with working with private sector, research, academic, and government organizations to improve technology and tools related to cybersecurity systems? - CORRECT ANSWER Wrong Answer: Department of Homeland Security Improving Cybersecurity 10: Which document is intended to "enhance the security and resilience of the Nation's critical infrastructure and to maintain a cyber environment that encourages efficiency, innovation, and economic prosperity while promoting safety, security, business confidentiality, privacy, and civil liberties"? - CORRECT ANSWER A. Executive Order 13636 Improving Cybersecurity 20: Which of the following is NOT an area the C3 Voluntary Program focuses on? - CORRECT ANSWER Wrong Answer A. Use Improving Cybersecurity 30: The Department of Homeland Security's Enhanced Cybersecurity Services (ECS) program is an intrusion prevention capability that helps U.S.-based companies protect their computer systems against which of the following? - CORRECT ANSWER B. Exploitation NCCIC 10: Which of the following is NOT an organization that the NCCIC regularly coordinates synchronized response, mitigation, and recovery effort with when there is an event of significant cyber or communications incidents? - CORRECT ANSWER Wrong answer C. International computer emergency readiness teams NCCIC 20: One critical component of the NCCIC is the Automated Indicator Sharing (AIS) capability, which is available for free and allows the Federal government and private sector to share information on cyber threat indicators. - CORRECT ANSWER A. True NCCIC 30: The NCCIC provides a secure, collaborative system to share sensitive cybersecurity prevention, protection, mitigation, response, and recovery information with validated private sector, government, and international partners. This system is: - CORRECT ANSWER B. Web-based [Show Less]
SSCP quiz FEDVTE Questions with Verified Answers Which attribute constitutes the ability to identify and/or audit a user and his/her actions? - CORRECT ... [Show More] ANSWER Accountability Which security standards commonly supplements the use of an Internet Key Exchange (IKE)? - CORRECT ANSWER IPSEC Which detail concerning risk analysis would you present to leadership regarding quantitative analysis ? - CORRECT ANSWER Quantitative analysis uses the ALE formula, and uses numeric values. Which logical topology usually has a physical star topology - CORRECT ANSWER Bus The three main control categories within the risk management framework are which of the following? - CORRECT ANSWER Prevent, Detect, Limit If your organization wants the most efficient restore from backup, which type of backup would you choose? - CORRECT ANSWER Full What type of encrypted string is the output of a one way hash function on a string of random length? - CORRECT ANSWER Fixed length Which technology includes the X.500 protocol? - CORRECT ANSWER LDAP Accountability for the timely distribution of information security intelligence data is assumed by which organization(s)? - CORRECT ANSWER All of the organizations listed Working as a network administrator for your organization, which of the following choices should have the BIND application disabled? - CORRECT ANSWER All non DNS servers Which form of cryptography includes AES, Blowfish, DES, and 3DES? - CORRECT ANSWER Secret Key When a user enters a URL in the address bar and presses RETURN, what Internet service converts the text to the IP address, 216.230.195.151? - CORRECT ANSWER DNS Which category of tools or initiatives is implemented for the goal of neutralizing threats and vulnerabilities? - CORRECT ANSWER Countermeasures Protection levels and certain integrity levels are maintained by which standard listed below? - CORRECT ANSWER Due Care Which term describes an information systems ability to identify, track, and monitor individuals and their behavior? - CORRECT ANSWER Accountability Which of the following choices are part of the risk mitigation process? - CORRECT ANSWER Conduct a cost-benefit analysis [Show Less]
FedVTE Root Cause Analysis |Coding 101FedVTE Questions with Verified Answers Who typically performs root cause analysis? - CORRECT ANSWER CSIRT inciden... [Show More] t analysts When during the incident response process is root cause analysis most commonly performed? - CORRECT ANSWER During detailed incident analysis What preparations best enable root cause analysis? - CORRECT ANSWER Having defined threat vectors and access to data sources that confirm or refute those threat vectors The cyber kill chain model would be least useful for an incident involving which of the following threat vectors? - CORRECT ANSWER Insider attack Which of the following might be an example of an incident with no attacker? - CORRECT ANSWER Lost equipment What is a cyber kill chain? - CORRECT ANSWER A systematic process to target and engage an adversary to create desired effects What is root cause analysis? - CORRECT ANSWER A method for understanding the problems that allowed an attack to occur The results of root cause analysis are typically used for which of the following? - CORRECT ANSWER Developing an appropriate course of action for incident mitigation Which of the following are among the seven steps in the Lockheed Martin cyber kill chain model? - CORRECT ANSWER Reconnaissance, exploitation, and installation Using a cyber kill chain model for root cause analysis can provide which of the following benefits? - CORRECT ANSWER Intrusion reconstruction to help analysts understand what information is available for defensive courses of action Which of the following is an example of a cause-and-effect diagram? - CORRECT ANSWER Ishikawa or "fish bone" diagram Which of the following statements is true? - CORRECT ANSWER Depending on the incident circumstances, you may need more than one root cause analysis method. Using a root cause analysis model based on the Microsoft Broad Street Taxonomy would follow a flow or decision tree that includes which of the following? - CORRECT ANSWER Classifying malware attacks according to the propagation methods At its root, programming is giving a machine a set of instructions to produce a desired behavior. - CORRECT ANSWER True Procedural programming follows a "first do this, next do that" process. What is another term for procedural programming? - CORRECT ANSWER Imperative programming A variable that is defined inside of a function is called a ______.` - CORRECT ANSWER Local variable What happens when you give a computer a command? - CORRECT ANSWER The computer will execute the command, regardless of whether the command is logistically possible. While procedural programming focuses on the verbs, object-oriented programming (frequently abbreviated as OOP), focuses on the ______. - CORRECT ANSWER Nouns In order for the program to store and recall information, each variable must be ______ - CORRECT ANSWER Defined All computer hardware uses the same machine language. - CORRECT ANSWER False Low-level programming languages are closer to ___________, and high-level languages are closer to __________. - CORRECT ANSWER Machine language; familiar human language In what situation would you use assembly language? - CORRECT ANSWER Flight navigation systems Scripting languages can run without being compiled first. - CORRECT ANSWER True Why have scripting languages become so popular for use on the Internet? - CORRECT ANSWER They are fast on modern computers and easier to write. Operators are built-in functions that allow you to _________. - CORRECT ANSWER All of the above (Assign values, Compare values, Change values) Which data type is the quickest and easiest way to write a list? - CORRECT ANSWER Array [Show Less]
$33.45
121
0
$33.45
DocMerit is a great platform to get and share study resources, especially the resource contributed by past students.
Northwestern University
I find DocMerit to be authentic, easy to use and a community with quality notes and study tips. Now is my chance to help others.
University Of Arizona
One of the most useful resource available is 24/7 access to study guides and notes. It helped me a lot to clear my final semester exams.
Devry University
DocMerit is super useful, because you study and make money at the same time! You even benefit from summaries made a couple of years ago.
Liberty University