Certmaster exam questions week 2

Created by

Fernando Villareal

Cards (114)

A user at an organization reports that their mobile payment method may have been hacked. A security engineer determines that a compromise must have occurred through card skimming. Which technology was used for mobile payments?
Near field communications (NFC) is based on a particular type of radio frequency ID (RFID). NFC sensors and functionality are now commonly incorporated into smartphones. NFC is susceptible to skimming.
Which of the following will reduce the risk of data exposure between containers on a cloud platform?
In a container engine such as Docker, each container is isolated from others through separate namespaces. Namespaces prevent one container from reading or writing processes in another.

Control groups ensure that one container cannot overwhelm others in a DoS-type attack. Namespaces and control groups reduce the risk of data exposure between containers.
Which of the following is TRUE about a certificate authority (CA) in a hierarchical model as opposed to a single CA model?
offline CA is best practice: Powering off the root certificate authority (CA) in a hierarchical public key infrastructure (PKI) model is a security best practice. The root CA is a high-security risk and has the potential to compromise all subordinate certificates if not powered off.

The intermediate CA is a hierarchical PKI that creates and issues certificates to users. Intermediate CAs can balance their work based on areas of responsibility.
Tactic, technique, or procedure (TTP) is a generalized statement of adversary behavior. Which of the following would prove TTP is found on an organization's network?
An indicator of compromise (IoC) is a residual sign that an asset or network has been attacked or is being attacked. Rogue hardware can prove the intent to penetrate the network.

Logs showing the unauthorized usage of an account is an indicator of compromise. It may prove that an account has been stolen and associated services are compromised.
A developer uses a prepackaged set of tools that includes documentation, application programming interfaces (APIs), code samples, and libraries to easily integrate an application with the company Linux operating system. Which secure coding process is the developer using?
A software development kit (SDK) provides developers a prepackaged set of tools, libraries, documentation, and code samples to create software applications on a specific platform.
Secure company Intranet. Portal must force secure browsing connection, mitigate script injection, prevent caching on shared client devices.
HTTP Strict Transport Security (HSTS) header option forces browser connect using HTTPS only, mitigating downgrade attacks, like SSL stripping. Content Security Policy (CSP) header option mitigates clickjacking, script injection, other client-side attacks
Cache-Control header option sets whether browser can cache responses. Preventing data caching protects confidential, personal information where client device shared by multiple users
New users of an application created for telework purposes must enroll using their work email, cell phone number, and office symbol. Upon completion, a text message is sent to the registered number in order to provide a two-factor authentication. Which authentication method is this?
A Short Message Service (SMS) is a two-factor authentication (2FA) method that uses basic text messaging to send a code to a mobile device.
Which of the following is a computer that uses remote desktop protocol to run resources stored on a central server instead of a localized hard drive and provides minimal operating system services?
A thin client is a computer that runs from resources stored on a central server instead of a localized hard drive. Thin clients work by connecting remotely to a central server-based computing environment where all resources and data are stored.
A cloud service provider (CSP) dashboard provides a view of all applicable logs for cloud resources and services. When examining the application programming interface (API) logs, the cloud engineer sees some odd metrics. Examples that would concern the engineer. 
Unexplained spike in Application Programming Interface (API) calls could indicate DDoS attack. Metric is captured in requests per second or per minute. Error rates measure number of errors as percentage of total calls, usually classifying error types under category headings. Errors (78%+) may rep overloaded system or security issue.
Analyze the methods and determine which a technician uses as a non-persistent recovery method on a server using a system baseline.
Rollback to known configuration is a mechanism for restoring a baseline system configuration, such as Windows System Restore.
Which of the following is NOT a critical profiling factor when assessing the risk that any one type of threat actor poses to an organization?
Non-repudiation is a term that describes a property of a secure network where a sender cannot deny having sent a message.
Which control types does a systems engineer implement when an initial locking mechanism does not perform as expected?
A compensating control serves as a substitute for a principal control, as recommended by a security standard, and affords the same (or better) level of protection.

A preventive control acts to eliminate or reduce the likelihood that an attack can succeed. It operates before an attack can take place. An example of this control type is a lock.
Describe what distinguishes tabletop training from walkthrough training.
In tabletop instruction, the facilitator poses a situation and the respondents describe what steps they might take to identify, contain, and eradicate the potential threat. Scenario data are mostly implemented as flashcards and do not require computing equipment.
A cloud service provider informs its consumers that Amazon Linux version 1 products will no longer be supported after 31 December. Consumers using these products must have a plan in place to upgrade to the newest Amazon Linux product, version 2. After the deadline, Amazon Linux 1 products will only receive critical patches. Which of the following best describes the degradation of the product.
The end of life (EOL) for a software product occurs when a product will no longer be produced or sold. These products are most likely to be replaced by a newer version or model.
In which environment can multiple developers check out software code and include change management processes?
A development environment is where developers create a product. Developers check out code for editing or updating. Version control and change management occur in the development environment to track development.
A file system audit shows a malicious account was able to obtain a password database. The malicious account will be able to use the information without interacting with an authentication system. What type of attack will the malicious account be able to perform on systems?
An offline password attack means that the attacker has managed to obtain a database of password hashes from an Active Directory credential store, for example. A password cracker tool does not need to interact with the authentication system in this case.
Network administrator sets up stateless firewall using an open-source application running on Linux virtual machine. The immediate benefit of setup is that easy to set up quickly with basic rules. What other reasons may have influenced the administrator's decision to deploy a stateless rather than a stateful firewall?
Packet filtering firewall configured by specifying access control list (ACL). ACL may define port filtering or security rules to block, for example, TCP port 3389

Packet filtering firewall may also set rules for protocol ID or type. For example, it may allow HTTPS traffic.
What purpose does the Linux command chmod serve? 
The chmod command views or changes file and directory permissions in Linux. It can also change special mode flags.
An engineer configures a security control that oversees and monitors other controls for effectiveness. Which category of control does the engineer utilize?
A managerial control gives oversight of an information system. Examples could include risk identification or a tool allowing the evaluation and selection of other security controls.
What protocol alters public IP addresses to private IP addresses and vice versa, in an attempt to protect internal computers from the Internet?
Network addressing protocol (NAT) translates public IP addresses to private and vice versa. By using the NAT protocol on the firewall, a company can hide assets from the public internet.
A company provides smartphones to their employees. IT administrators have the ability to deploy, secure, and remove specific applications and data from the employees' smartphones. Analyze the selections and determine how IT can perform this type of control.
Storage segmentation is personal data segmented from organizational data on a mobile device. It gives IT administrators control over corporate assets on employees' mobile devices.
Evaluate the properties and determine which describes the role of a gateway in an edge computing environment.
Edge gateways perform some pre-processing of data to and from edge devices to enable prioritization. They also perform the wired or wireless connectivity to transfer data to and from the storage and processing networks.
Which value is the result of a quantitative or qualitative risk analysis?
The result of quantitative or qualitative analysis is a measure of inherent risk. Inherent risk is the level of risk before any type of mitigation has been attempted.
A security firm and an organization meet and agree to begin a business relationship. While a contract is not in place yet, what do the parties use to maintain confidentiality and as an intent to work together?
A memorandum of understanding (MOU) is a preliminary or exploratory agreement to express an intent to work together. MOUs are usually intended to be relatively informal and not to act as binding contracts.
An increase in malware detection, due to certain web browsing activity in the workplace, caused the information systems security office (ISSO) to deploy a unified threat manager on the network. How would this network appliance help reduce malware on client workstations?
Scan web traffic
Block malware
Block URLs
Flow analysis tools, such as IPFIX or Netflow, collect metadata about network traffic without capturing each frame. Evaluate the type of analysis that uses these tools.
Trend analysis: Since flow analyzers gather metadata and statistics about network traffic, they are commonly used to visualize traffic statistics in order to assist in identifying trends.
A software developer created a new application, and the software company pressured the developer to release it to the public. Which of the following helps ensure the application is secure before the release?
Error handling
Proper authentication and authorization
Input validation
After software testing activities have been completed, a system administrator moves the .war file to an environment that allows end users to access the application. Which environment is the completed software being deployed to?
A production environment is where the final product is placed. All testing and development are complete at this point.
In a software as a service (SaaS) model, where the organization is responsible for the security and patching of the application and its components, which entity would be responsible for providing security services for the infrastructure?
The cloud service provider (CSP) would be responsible for the security of the infrastructure. A shared responsibility model includes both the CSP and the customer sharing security aspects of a cloud service model.
Devices deployed in a network and that send data to the local area network (LAN) level and process it with an Internet of things (IoT) sensor are which of the following?
Fog computing provides decentralized local access by deploying fog nodes throughout the network. Fog computing analyzes data on the network edge to avoid the need to transfer unnecessary data back to the LAN.
Multiple private data sources ingest pictures to a machine learning tool on Google Cloud Platform to find specific species of butterflies. The pictures are tagged by creator names in the company before being loaded onto the various data source locations. What type of security solution can the IT team implement to prevent tainted training data from getting to the machine learning tool?
Keep Machine Learning ML algorithm a secret.
SOAR to check picture properties: Security orchestration, automation, and response
What is the best solution that Enterprise Mobility Management EMM seeks for enterprise workspaces?
Enterprise Mobility Management is moving more toward containerization as the best solution for enterprise workspaces. These solutions can use cryptography to protect the workspace in a way that is much harder to compromise, even from a rooted/jailbroken device.
A network port does not seem to be working properly. Which of the following tools can be used to test if the the port is sending out data?
A loopback plug or adapter is a specially wired RJ-45 plug with a 6" stub of cable used to test for faulty ports and network cards
A small business wants to make its website public. Two physical servers that host the website have load balancing configured. Each server has its own Internet Protocol (IP) address. Having only one public IP address from the Internet Service Provider (ISP), what may a network administrator set up so the company's website can interface with public users?
Port Address Translation (PAT) is beneficial in cases where multiple private IP addresses are being mapped onto a single public address.
Mobile users in an organization complain about limited functionality in a company's headquarters. The IT staff decide to extend mobile access capabilities by widening the current wireless network. When evaluating the expansion configuration, a wireless access point media access control (MAC) address relates to which option?
The media access control (MAC) address of a wireless access point (AP) is used as the Basic Service Set Identifier (BSSID).
A network technician suspects a short in the network cable and wants to test it. Identify which of the following tools will provide this capability.
A multimeter is for testing electrical circuits, but they can test for the continuity of any sort of copper wire, the existence of a short, and the integrity of a terminator.
Upon reviewing the protocols designed for real-time services, a network specialist reviews the system to ensure voice and video communications are free from problems, dropped packets, delays, and jitter. What is the specialist reviewing?
Quality of Service (QoS) provides information about the connection to a QoS system, which in turn ensures that voice or video communications are free from problems, such as dropped packets, delay, or jitter.
An administrator normally working on a remote server using Remote Desktop Protocol (RDP), loses the session abruptly. The administrator pings the server and does not receive a reply. An RDP session is attempted again, and the administrator can log in. Why was the administrator unable to ping the server?
Internet Control Message Protocol (ICMP) is used for status messaging and connectivity testing. An inbound rule blocking ICMP traffic using a firewall will prevent a reply if a ping command is used externally on the server.
A network engineer is developing a system for prioritizing events from immediate response to long-term response. The elements are numbers from most emergent to routine. When creating these levels, what is the engineering building?
The logging level configured on each host determines the maximum level at which events are recorded or forwarded.
Which of the following relates to a private cloud delivery model?
Greater control: A private cloud infrastructure is completely private to, and owned by, an organization. With private cloud computing, organizations can exercise greater control over the privacy and security of their services.